syzkaller syzkaller login: [ 15.247448][ T25] kauditd_printk_skb: 64 callbacks suppressed [ 15.247458][ T25] audit: type=1400 audit(1684744942.785:76): avc: denied { transition } for pid=2918 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.251392][ T25] audit: type=1400 audit(1684744942.785:77): avc: denied { noatsecure } for pid=2918 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.255705][ T25] audit: type=1400 audit(1684744942.785:78): avc: denied { write } for pid=2918 comm="sh" path="pipe:[15551]" dev="pipefs" ino=15551 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 15.258969][ T25] audit: type=1400 audit(1684744942.785:79): avc: denied { rlimitinh } for pid=2918 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.261559][ T25] audit: type=1400 audit(1684744942.785:80): avc: denied { siginh } for pid=2918 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.420359][ T2920] sshd (2920) used greatest stack depth: 11648 bytes left Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. 2023/05/22 08:42:29 fuzzer started 2023/05/22 08:42:29 dialing manager at 10.128.0.163:30015 2023/05/22 08:42:29 checking machine... 2023/05/22 08:42:29 checking revisions... 2023/05/22 08:42:29 testing simple program... [ 22.286206][ T25] audit: type=1400 audit(1684744949.825:81): avc: denied { getattr } for pid=3033 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 22.306161][ T3041] cgroup: Unknown subsys name 'net' [ 22.309826][ T25] audit: type=1400 audit(1684744949.825:82): avc: denied { read } for pid=3033 comm="syz-fuzzer" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 22.335831][ T25] audit: type=1400 audit(1684744949.825:83): avc: denied { open } for pid=3033 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 22.358946][ T25] audit: type=1400 audit(1684744949.825:84): avc: denied { mounton } for pid=3041 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.381632][ T25] audit: type=1400 audit(1684744949.825:85): avc: denied { mount } for pid=3041 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.403786][ T25] audit: type=1400 audit(1684744949.845:86): avc: denied { unmount } for pid=3041 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.507299][ T3041] cgroup: Unknown subsys name 'rlimit' [ 22.515949][ T25] audit: type=1400 audit(1684744950.055:87): avc: denied { read } for pid=2726 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 22.656737][ T25] audit: type=1400 audit(1684744950.195:88): avc: denied { mounton } for pid=3041 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.672865][ T3035] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=3035 'syz-fuzzer' [ 22.681858][ T25] audit: type=1400 audit(1684744950.195:89): avc: denied { mount } for pid=3041 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.713635][ T25] audit: type=1400 audit(1684744950.195:90): avc: denied { create } for pid=3041 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.866623][ T3048] chnl_net:caif_netlink_parms(): no params data found [ 22.898673][ T3048] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.905777][ T3048] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.912920][ T3048] bridge_slave_0: entered allmulticast mode [ 22.919290][ T3048] bridge_slave_0: entered promiscuous mode [ 22.925980][ T3048] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.933027][ T3048] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.940170][ T3048] bridge_slave_1: entered allmulticast mode [ 22.946469][ T3048] bridge_slave_1: entered promiscuous mode [ 22.961930][ T3048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 22.971917][ T3048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 22.990831][ T3048] team0: Port device team_slave_0 added [ 22.997156][ T3048] team0: Port device team_slave_1 added [ 23.011980][ T3048] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 23.018952][ T3048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 23.044881][ T3048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 23.055998][ T3048] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 23.062987][ T3048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 23.088996][ T3048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 23.113402][ T3048] hsr_slave_0: entered promiscuous mode [ 23.119353][ T3048] hsr_slave_1: entered promiscuous mode [ 23.180412][ T3048] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 23.188909][ T3048] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 23.197530][ T3048] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 23.206178][ T3048] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 23.219714][ T3048] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.226881][ T3048] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.234147][ T3048] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.241244][ T3048] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.270554][ T3048] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.280125][ T3043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.289043][ T3043] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.296997][ T3043] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.305726][ T3043] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 23.316647][ T3048] 8021q: adding VLAN 0 to HW filter on device team0 [ 23.327937][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.336407][ T3063] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.343476][ T3063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.351310][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.359584][ T3063] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.366708][ T3063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.385314][ T3048] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 23.395834][ T3048] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 23.409224][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 23.417997][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 23.426887][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.435288][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.443828][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 23.451544][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 23.495353][ T3048] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 23.503139][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 23.510746][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 23.523874][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.577136][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.585958][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.593747][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.602145][ T3048] veth0_vlan: entered promiscuous mode [ 23.610063][ T3048] veth1_vlan: entered promiscuous mode [ 23.621980][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 23.629912][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 23.638222][ T3063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.648011][ T3048] veth0_macvtap: entered promiscuous mode [ 23.655136][ T3048] veth1_macvtap: entered promiscuous mode [ 23.666375][ T3048] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 23.673611][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.682837][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 23.693325][ T3048] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 23.701277][ T3066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.710695][ T3048] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 23.719430][ T3048] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 23.728225][ T3048] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 23.736977][ T3048] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2023/05/22 08:42:31 building call list... executing program [ 26.390123][ T3035] can: request_module (can-proto-0) failed. [ 26.403914][ T3035] can: request_module (can-proto-0) failed. [ 26.416846][ T3035] can: request_module (can-proto-0) failed. [ 26.906025][ T3048] syz-executor.0 (3048) used greatest stack depth: 10896 bytes left [ 26.917211][ T233] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 29.118716][ T233] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 29.168813][ T233] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 29.228948][ T233] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 29.303426][ T25] kauditd_printk_skb: 67 callbacks suppressed [ 29.303440][ T25] audit: type=1400 audit(1684744956.835:158): avc: denied { search } for pid=2782 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 29.331496][ T25] audit: type=1400 audit(1684744956.835:159): avc: denied { read } for pid=2782 comm="dhcpcd" name="n25" dev="tmpfs" ino=399 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 29.352989][ T25] audit: type=1400 audit(1684744956.835:160): avc: denied { open } for pid=2782 comm="dhcpcd" path="/run/udev/data/n25" dev="tmpfs" ino=399 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 29.375838][ T25] audit: type=1400 audit(1684744956.835:161): avc: denied { getattr } for pid=2782 comm="dhcpcd" path="/run/udev/data/n25" dev="tmpfs" ino=399 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 29.399059][ T25] audit: type=1400 audit(1684744956.875:162): avc: denied { read } for pid=3143 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=343 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 29.421957][ T25] audit: type=1400 audit(1684744956.875:163): avc: denied { open } for pid=3143 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=343 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 29.446849][ T25] audit: type=1400 audit(1684744956.875:164): avc: denied { getattr } for pid=3143 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=343 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 29.472074][ T25] audit: type=1400 audit(1684744956.925:165): avc: denied { write } for pid=3142 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=342 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 29.494985][ T25] audit: type=1400 audit(1684744956.925:166): avc: denied { add_name } for pid=3142 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 29.517399][ T25] audit: type=1400 audit(1684744956.925:167): avc: denied { create } for pid=3142 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 30.007223][ T233] hsr_slave_0: left promiscuous mode [ 30.012766][ T233] hsr_slave_1: left promiscuous mode [ 30.018931][ T233] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 30.026341][ T233] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 30.034102][ T233] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 30.041540][ T233] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 30.049525][ T233] bridge_slave_1: left allmulticast mode [ 30.055334][ T233] bridge_slave_1: left promiscuous mode [ 30.061018][ T233] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.068836][ T233] bridge_slave_0: left allmulticast mode [ 30.074559][ T233] bridge_slave_0: left promiscuous mode [ 30.080291][ T233] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.089394][ T233] veth1_macvtap: left promiscuous mode [ 30.094854][ T233] veth0_macvtap: left promiscuous mode [ 30.100372][ T233] veth1_vlan: left promiscuous mode [ 30.105606][ T233] veth0_vlan: left promiscuous mode [ 30.182138][ T233] team0 (unregistering): Port device team_slave_1 removed [ 30.191684][ T233] team0 (unregistering): Port device team_slave_0 removed [ 30.200826][ T233] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 30.211550][ T233] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 30.237889][ T233] bond0 (unregistering): Released all slaves [ 30.895808][ T0] ================================================================== [ 30.903930][ T0] BUG: KCSAN: data-race in tick_nohz_idle_stop_tick / tick_nohz_idle_stop_tick [ 30.912889][ T0] [ 30.915205][ T0] write to 0xffffffff85f06c30 of 4 bytes by task 0 on cpu 1: [ 30.922564][ T0] tick_nohz_idle_stop_tick+0x1d9/0x6c0 [ 30.928115][ T0] do_idle+0x177/0x230 [ 30.932176][ T0] cpu_startup_entry+0x18/0x20 [ 30.936929][ T0] start_secondary+0x7c/0x80 [ 30.941512][ T0] secondary_startup_64_no_verify+0xf5/0xfb [ 30.947399][ T0] [ 30.949704][ T0] read to 0xffffffff85f06c30 of 4 bytes by task 0 on cpu 0: [ 30.956969][ T0] tick_nohz_idle_stop_tick+0x1b1/0x6c0 [ 30.962517][ T0] do_idle+0x177/0x230 [ 30.966582][ T0] cpu_startup_entry+0x18/0x20 [ 30.971332][ T0] rest_init+0xf3/0x100 [ 30.975476][ T0] arch_call_rest_init+0x9/0x10 [ 30.980329][ T0] start_kernel+0x582/0x5e0 [ 30.984842][ T0] x86_64_start_reservations+0x2a/0x30 [ 30.990292][ T0] x86_64_start_kernel+0x94/0xa0 [ 30.995320][ T0] secondary_startup_64_no_verify+0xf5/0xfb [ 31.001219][ T0] [ 31.003531][ T0] value changed: 0x00000001 -> 0xffffffff [ 31.009232][ T0] [ 31.011541][ T0] Reported by Kernel Concurrency Sanitizer on: [ 31.017671][ T0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.4.0-rc3-syzkaller #0 [ 31.025553][ T0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 31.035604][ T0] ================================================================== [ 35.291734][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 35.291748][ T25] audit: type=1400 audit(1684744962.825:172): avc: denied { remove_name } for pid=2726 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 35.320273][ T25] audit: type=1400 audit(1684744962.825:173): avc: denied { rename } for pid=2726 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 35.342633][ T25] audit: type=1400 audit(1684744962.825:174): avc: denied { create } for pid=2726 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1