syzkaller syzkaller login: [ 11.693215][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 11.693222][ T23] audit: type=1400 audit(1635109964.179:71): avc: denied { transition } for pid=290 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.698735][ T23] audit: type=1400 audit(1635109964.179:72): avc: denied { write } for pid=290 comm="sh" path="pipe:[10807]" dev="pipefs" ino=10807 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 12.952948][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 12.955530][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 12.957927][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts. 2021/10/24 21:12:53 parsed 1 programs [ 20.614409][ T23] audit: type=1400 audit(1635109973.099:73): avc: denied { getattr } for pid=365 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 20.617995][ T23] audit: type=1400 audit(1635109973.099:74): avc: denied { read } for pid=365 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 20.621035][ T23] audit: type=1400 audit(1635109973.099:75): avc: denied { open } for pid=365 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 20.624862][ T23] audit: type=1400 audit(1635109973.099:76): avc: denied { read } for pid=365 comm="syz-execprog" name="raw-gadget" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.627194][ T370] cgroup: Unknown subsys name 'net' [ 20.628524][ T23] audit: type=1400 audit(1635109973.099:77): avc: denied { open } for pid=365 comm="syz-execprog" path="/dev/raw-gadget" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.628540][ T23] audit: type=1400 audit(1635109973.109:78): avc: denied { mounton } for pid=370 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1137 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.640789][ T23] audit: type=1400 audit(1635109973.109:79): avc: denied { mount } for pid=370 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.640916][ T370] cgroup: Unknown subsys name 'devices' [ 20.662964][ T23] audit: type=1400 audit(1635109973.109:80): avc: denied { unmount } for pid=370 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.833554][ T370] cgroup: Unknown subsys name 'hugetlb' [ 20.839234][ T370] cgroup: Unknown subsys name 'rlimit' 2021/10/24 21:12:53 executed programs: 0 [ 20.993278][ T23] audit: type=1400 audit(1635109973.479:81): avc: denied { mounton } for pid=370 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.018033][ T23] audit: type=1400 audit(1635109973.499:82): avc: denied { mount } for pid=370 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 21.041378][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 21.060288][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.067351][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.075106][ T374] device bridge_slave_0 entered promiscuous mode [ 21.081738][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.088796][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.096081][ T374] device bridge_slave_1 entered promiscuous mode [ 21.119956][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.126978][ T374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.134287][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.141292][ T374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.156814][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.164021][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.171193][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.178842][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.187898][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.195981][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.203005][ T375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.223035][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.231251][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.239177][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.247931][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.256135][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.263144][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.270423][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.278380][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.288573][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.297813][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.312580][ T374] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 21.322349][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 21.333943][ T383] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 21.442313][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 21.592303][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 21.712290][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 22.732878][ T545] ------------[ cut here ]------------ [ 22.738441][ T545] kernel BUG at arch/x86/kvm/../../../virt/kvm/kvm_main.c:516! [ 22.746237][ T545] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 22.752333][ T545] CPU: 0 PID: 545 Comm: syz-executor.0 Not tainted 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 22.762360][ T545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.772405][ T545] RIP: 0010:kvm_mmu_notifier_invalidate_range_end+0xb2/0xc0 [ 22.779654][ T545] Code: 49 8b 1e 48 c7 c7 ff ff ff ff 48 89 de e8 46 96 64 00 48 85 db 78 0e e8 7c 91 64 00 5b 41 5c 41 5e 41 5f 5d c3 e8 6e 91 64 00 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 55 48 89 e5 41 57 41 56 [ 22.799227][ T545] RSP: 0000:ffffc9000142f7d0 EFLAGS: 00010293 [ 22.805265][ T545] RAX: ffffffff81086782 RBX: ffffffffffffffff RCX: ffff88810f2c0000 [ 22.813207][ T545] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 22.821150][ T545] RBP: ffffc9000142f7f0 R08: ffffffff8108676a R09: 0000000000000003 [ 22.829094][ T545] R10: fffff52000285ee9 R11: 0000000000000004 R12: dffffc0000000000 [ 22.837037][ T545] R13: dffffc0000000000 R14: ffffc9000146a160 R15: ffffc90001461000 [ 22.844981][ T545] FS: 0000555556dee400(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 22.853877][ T545] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.860428][ T545] CR2: 00007f6d441db7d0 CR3: 000000010e58e000 CR4: 00000000003526b0 [ 22.868375][ T545] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.876317][ T545] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.884257][ T545] Call Trace: [ 22.887524][ T545] ? kvm_mmu_notifier_invalidate_range_start+0x300/0x300 [ 22.894525][ T545] __mmu_notifier_invalidate_range_end+0x246/0x300 [ 22.900995][ T545] wp_page_copy+0xe51/0x1750 [ 22.905554][ T545] ? copy_user_highpage+0x1b0/0x1b0 [ 22.910722][ T545] ? __kasan_check_write+0x14/0x20 [ 22.915808][ T545] ? _raw_spin_trylock+0xcb/0x1a0 [ 22.920804][ T545] do_wp_page+0x73b/0xc80 [ 22.925105][ T545] handle_pte_fault+0x575/0xac0 [ 22.929926][ T545] ___handle_speculative_fault+0xd97/0x17d0 [ 22.935802][ T545] ? __handle_speculative_fault+0x2a0/0x2a0 [ 22.941666][ T545] ? __kasan_check_write+0x14/0x20 [ 22.946753][ T545] ? __up_read+0x7b/0x2b0 [ 22.951055][ T545] ? _raw_read_unlock+0x25/0x40 [ 22.955885][ T545] ? get_vma+0x14e/0x160 [ 22.960103][ T545] __handle_speculative_fault+0xc3/0x2a0 [ 22.965711][ T545] do_user_addr_fault+0x8c9/0xd70 [ 22.970710][ T545] ? trace_raw_output_x86_exceptions+0x100/0x100 [ 22.977016][ T545] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 22.983059][ T545] ? exit_to_user_mode_prepare+0x3b/0xe0 [ 22.988671][ T545] exc_page_fault+0x98/0x2d0 [ 22.993238][ T545] ? asm_exc_page_fault+0x8/0x30 [ 22.998154][ T545] asm_exc_page_fault+0x1e/0x30 [ 23.002980][ T545] RIP: 0033:0x7f6d4420da01 [ 23.007373][ T545] Code: 11 00 4c 29 e8 4b 8d 0c 2f 48 8b 6c 24 18 48 39 d3 48 89 4b 60 0f 95 c2 48 83 c8 01 0f b6 d2 48 c1 e2 02 4c 09 ea 48 83 ca 01 <49> 89 57 08 48 89 41 08 49 83 c7 10 eb b3 48 8d 3d ba dc 09 00 e8 [ 23.026952][ T545] RSP: 002b:00007ffcb14ca8d0 EFLAGS: 00010206 [ 23.032995][ T545] RAX: 00000000000202d1 RBX: 00007f6d443235e0 RCX: 0000555556defd30 [ 23.040939][ T545] RDX: 0000000000000121 RSI: 0000000000000000 RDI: 0000000000000004 [ 23.048885][ T545] RBP: 0000000000000110 R08: 0000000000000003 R09: 00007f6d44323640 [ 23.056829][ T545] R10: 0000000000020022 R11: 0000000000000120 R12: 0000000000000010 [ 23.064774][ T545] R13: 0000000000000120 R14: 0000000000000012 R15: 0000555556defc10 [ 23.072718][ T545] Modules linked in: [ 23.077380][ T545] ---[ end trace 8c27139658898306 ]--- [ 23.082942][ T545] RIP: 0010:kvm_mmu_notifier_invalidate_range_end+0xb2/0xc0 [ 23.090220][ T545] Code: 49 8b 1e 48 c7 c7 ff ff ff ff 48 89 de e8 46 96 64 00 48 85 db 78 0e e8 7c 91 64 00 5b 41 5c 41 5e 41 5f 5d c3 e8 6e 91 64 00 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 55 48 89 e5 41 57 41 56 [ 23.109916][ T545] RSP: 0000:ffffc9000142f7d0 EFLAGS: 00010293 [ 23.116027][ T545] RAX: ffffffff81086782 RBX: ffffffffffffffff RCX: ffff88810f2c0000 [ 23.124049][ T545] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 23.132049][ T545] RBP: ffffc9000142f7f0 R08: ffffffff8108676a R09: 0000000000000003 [ 23.140087][ T545] R10: fffff52000285ee9 R11: 0000000000000004 R12: dffffc0000000000 [ 23.148132][ T545] R13: dffffc0000000000 R14: ffffc9000146a160 R15: ffffc90001461000 [ 23.157079][ T545] FS: 0000555556dee400(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 23.166064][ T545] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.172704][ T545] CR2: 0000555556defc18 CR3: 000000010e58e000 CR4: 00000000003526a0 [ 23.180728][ T545] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.188772][ T545] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.196780][ T545] Kernel panic - not syncing: Fatal exception [ 23.203073][ T545] Kernel Offset: disabled [ 23.207375][ T545] Rebooting in 86400 seconds..