syzkaller syzkaller login: [ 19.082135][ T26] kauditd_printk_skb: 64 callbacks suppressed [ 19.082151][ T26] audit: type=1400 audit(1689017713.254:76): avc: denied { transition } for pid=2945 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.086085][ T26] audit: type=1400 audit(1689017713.254:77): avc: denied { noatsecure } for pid=2945 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.088825][ T26] audit: type=1400 audit(1689017713.254:78): avc: denied { write } for pid=2945 comm="sh" path="pipe:[864]" dev="pipefs" ino=864 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 19.092032][ T26] audit: type=1400 audit(1689017713.254:79): avc: denied { rlimitinh } for pid=2945 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.094674][ T26] audit: type=1400 audit(1689017713.254:80): avc: denied { siginh } for pid=2945 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.659899][ T2960] sshd (2960) used greatest stack depth: 11664 bytes left Warning: Permanently added '10.128.1.39' (ECDSA) to the list of known hosts. 2023/07/10 19:35:20 fuzzer started 2023/07/10 19:35:20 dialing manager at 10.128.0.163:30015 2023/07/10 19:35:20 checking machine... 2023/07/10 19:35:20 checking revisions... 2023/07/10 19:35:20 testing simple program... [ 26.729800][ T26] audit: type=1400 audit(1689017720.904:81): avc: denied { getattr } for pid=3058 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 26.750410][ T3067] cgroup: Unknown subsys name 'net' [ 26.753321][ T26] audit: type=1400 audit(1689017720.904:82): avc: denied { read } for pid=3058 comm="syz-fuzzer" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 26.779409][ T26] audit: type=1400 audit(1689017720.904:83): avc: denied { open } for pid=3058 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 26.802536][ T26] audit: type=1400 audit(1689017720.904:84): avc: denied { mounton } for pid=3067 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.825231][ T26] audit: type=1400 audit(1689017720.904:85): avc: denied { mount } for pid=3067 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.847509][ T26] audit: type=1400 audit(1689017720.934:86): avc: denied { unmount } for pid=3067 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.867380][ T26] audit: type=1400 audit(1689017721.024:87): avc: denied { read } for pid=2748 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 26.974194][ T3067] cgroup: Unknown subsys name 'rlimit' [ 27.094013][ T26] audit: type=1400 audit(1689017721.274:88): avc: denied { mounton } for pid=3067 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.119647][ T26] audit: type=1400 audit(1689017721.274:89): avc: denied { mount } for pid=3067 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 27.128454][ T3068] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 27.142992][ T26] audit: type=1400 audit(1689017721.274:90): avc: denied { create } for pid=3067 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.194375][ T3067] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.205591][ T3066] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=3066 'syz-fuzzer' [ 27.391943][ T3071] chnl_net:caif_netlink_parms(): no params data found [ 27.427081][ T3071] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.434213][ T3071] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.441755][ T3071] bridge_slave_0: entered allmulticast mode [ 27.448572][ T3071] bridge_slave_0: entered promiscuous mode [ 27.455375][ T3071] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.462488][ T3071] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.469773][ T3071] bridge_slave_1: entered allmulticast mode [ 27.476381][ T3071] bridge_slave_1: entered promiscuous mode [ 27.492514][ T3071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.502816][ T3071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.521138][ T3071] team0: Port device team_slave_0 added [ 27.527727][ T3071] team0: Port device team_slave_1 added [ 27.542836][ T3071] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.549797][ T3071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.576006][ T3071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.587406][ T3071] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.594452][ T3071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.620406][ T3071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.655163][ T3071] hsr_slave_0: entered promiscuous mode [ 27.661180][ T3071] hsr_slave_1: entered promiscuous mode [ 27.724553][ T3071] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 27.733661][ T3071] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 27.742240][ T3071] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 27.750977][ T3071] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 27.765253][ T3071] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.772332][ T3071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.779665][ T3071] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.786918][ T3071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.817831][ T3071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.829246][ T3071] 8021q: adding VLAN 0 to HW filter on device team0 [ 27.837562][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.845600][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.860265][ T32] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.867413][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.883256][ T3087] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.890390][ T3087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.955328][ T3071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.020016][ T3071] veth0_vlan: entered promiscuous mode [ 28.030771][ T3071] veth1_vlan: entered promiscuous mode [ 28.046807][ T3071] veth0_macvtap: entered promiscuous mode [ 28.054491][ T3071] veth1_macvtap: entered promiscuous mode [ 28.066765][ T3071] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.078424][ T3071] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.087710][ T3071] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.096569][ T3071] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.105342][ T3071] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.114061][ T3071] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2023/07/10 19:35:22 building call list... executing program [ 30.818665][ T3060] can: request_module (can-proto-0) failed. [ 30.832145][ T3060] can: request_module (can-proto-0) failed. [ 30.845766][ T3060] can: request_module (can-proto-0) failed. [ 31.039649][ T3060] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 31.169849][ T3060] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 31.712592][ T3071] syz-executor.0 (3071) used greatest stack depth: 10536 bytes left [ 31.724074][ T10] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.185301][ T10] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.245784][ T10] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.306064][ T10] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.385189][ T26] kauditd_printk_skb: 72 callbacks suppressed [ 34.385203][ T26] audit: type=1400 audit(1689017728.564:163): avc: denied { search } for pid=2804 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 34.412953][ T26] audit: type=1400 audit(1689017728.564:164): avc: denied { read } for pid=2804 comm="dhcpcd" name="n25" dev="tmpfs" ino=397 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 34.434548][ T26] audit: type=1400 audit(1689017728.564:165): avc: denied { open } for pid=2804 comm="dhcpcd" path="/run/udev/data/n25" dev="tmpfs" ino=397 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 34.457674][ T26] audit: type=1400 audit(1689017728.564:166): avc: denied { getattr } for pid=2804 comm="dhcpcd" path="/run/udev/data/n25" dev="tmpfs" ino=397 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 34.481322][ T26] audit: type=1400 audit(1689017728.594:167): avc: denied { read } for pid=3168 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=341 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 34.504291][ T26] audit: type=1400 audit(1689017728.594:168): avc: denied { open } for pid=3168 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=341 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 34.529219][ T26] audit: type=1400 audit(1689017728.594:169): avc: denied { getattr } for pid=3168 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=341 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 34.554343][ T26] audit: type=1400 audit(1689017728.634:170): avc: denied { write } for pid=3167 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=340 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 34.577275][ T26] audit: type=1400 audit(1689017728.634:171): avc: denied { add_name } for pid=3167 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 34.599625][ T26] audit: type=1400 audit(1689017728.634:172): avc: denied { create } for pid=3167 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 35.054312][ T10] hsr_slave_0: left promiscuous mode [ 35.060033][ T10] hsr_slave_1: left promiscuous mode [ 35.066150][ T10] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 35.073574][ T10] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 35.081152][ T10] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 35.088656][ T10] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 35.096415][ T10] bridge_slave_1: left allmulticast mode [ 35.102054][ T10] bridge_slave_1: left promiscuous mode [ 35.107772][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.115439][ T10] bridge_slave_0: left allmulticast mode [ 35.121153][ T10] bridge_slave_0: left promiscuous mode [ 35.126887][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.136374][ T10] veth1_macvtap: left promiscuous mode [ 35.141846][ T10] veth0_macvtap: left promiscuous mode [ 35.147373][ T10] veth1_vlan: left promiscuous mode [ 35.152640][ T10] veth0_vlan: left promiscuous mode [ 35.229040][ T10] team0 (unregistering): Port device team_slave_1 removed [ 35.238432][ T10] team0 (unregistering): Port device team_slave_0 removed [ 35.248040][ T10] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 35.258772][ T10] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 35.286485][ T10] bond0 (unregistering): Released all slaves [ 40.052300][ T0] ================================================================== [ 40.060439][ T0] BUG: KCSAN: data-race in tick_nohz_idle_stop_tick / tick_nohz_idle_stop_tick [ 40.069424][ T0] [ 40.071742][ T0] write to 0xffffffff85f11070 of 4 bytes by task 0 on cpu 0: [ 40.079108][ T0] tick_nohz_idle_stop_tick+0x1d9/0x6c0 [ 40.084659][ T0] do_idle+0x177/0x230 [ 40.088731][ T0] cpu_startup_entry+0x18/0x20 [ 40.093500][ T0] rest_init+0xf3/0x100 [ 40.097660][ T0] arch_call_rest_init+0x9/0x10 [ 40.102504][ T0] start_kernel+0x57d/0x5d0 [ 40.106999][ T0] x86_64_start_reservations+0x2a/0x30 [ 40.112463][ T0] x86_64_start_kernel+0x94/0xa0 [ 40.117423][ T0] secondary_startup_64_no_verify+0x168/0x16b [ 40.123491][ T0] [ 40.125805][ T0] read to 0xffffffff85f11070 of 4 bytes by task 0 on cpu 1: [ 40.133170][ T0] tick_nohz_idle_stop_tick+0x1b1/0x6c0 [ 40.138719][ T0] do_idle+0x177/0x230 [ 40.142906][ T0] cpu_startup_entry+0x18/0x20 [ 40.147674][ T0] start_secondary+0x82/0x90 [ 40.152271][ T0] secondary_startup_64_no_verify+0x168/0x16b [ 40.158375][ T0] [ 40.160721][ T0] value changed: 0x00000000 -> 0xffffffff [ 40.166445][ T0] [ 40.168768][ T0] Reported by Kernel Concurrency Sanitizer on: [ 40.174914][ T0] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.5.0-rc1-syzkaller-00006-g3f01e9fed845 #0 [ 40.184645][ T0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 40.194722][ T0] ================================================================== [ 41.549386][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 41.549399][ T26] audit: type=1400 audit(1689017735.724:177): avc: denied { remove_name } for pid=2748 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 41.577961][ T26] audit: type=1400 audit(1689017735.724:178): avc: denied { rename } for pid=2748 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 41.600182][ T26] audit: type=1400 audit(1689017735.724:179): avc: denied { create } for pid=2748 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1