syzkaller syzkaller login: [ 18.477723][ T36] kauditd_printk_skb: 31 callbacks suppressed [ 18.477744][ T36] audit: type=1400 audit(1757634233.670:59): avc: denied { transition } for pid=246 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 18.482159][ T36] audit: type=1400 audit(1757634233.670:60): avc: denied { noatsecure } for pid=246 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 18.485088][ T36] audit: type=1400 audit(1757634233.670:61): avc: denied { write } for pid=246 comm="sh" path="pipe:[1949]" dev="pipefs" ino=1949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 18.488908][ T36] audit: type=1400 audit(1757634233.670:62): avc: denied { rlimitinh } for pid=246 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 18.491619][ T36] audit: type=1400 audit(1757634233.670:63): avc: denied { siginh } for pid=246 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.250' (ED25519) to the list of known hosts. 2025/09/11 23:44:03 parsed 1 programs [ 28.258781][ T36] audit: type=1400 audit(1757634243.450:64): avc: denied { node_bind } for pid=290 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 29.721649][ T36] audit: type=1400 audit(1757634244.910:65): avc: denied { mounton } for pid=299 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 29.722987][ T299] cgroup: Unknown subsys name 'net' [ 29.744350][ T36] audit: type=1400 audit(1757634244.910:66): avc: denied { mount } for pid=299 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 29.771886][ T36] audit: type=1400 audit(1757634244.950:67): avc: denied { unmount } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 29.772103][ T299] cgroup: Unknown subsys name 'devices' [ 29.918344][ T299] cgroup: Unknown subsys name 'hugetlb' [ 29.924101][ T299] cgroup: Unknown subsys name 'rlimit' [ 30.088193][ T36] audit: type=1400 audit(1757634245.280:68): avc: denied { setattr } for pid=299 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 30.111428][ T36] audit: type=1400 audit(1757634245.280:69): avc: denied { create } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 30.132065][ T36] audit: type=1400 audit(1757634245.280:70): avc: denied { write } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 30.152467][ T36] audit: type=1400 audit(1757634245.280:71): avc: denied { read } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 30.172708][ T36] audit: type=1400 audit(1757634245.280:72): avc: denied { sys_module } for pid=299 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 30.193954][ T36] audit: type=1400 audit(1757634245.280:73): avc: denied { mounton } for pid=299 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 30.205246][ T301] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 30.255066][ T299] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 31.133330][ T303] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 31.813565][ T340] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.820816][ T340] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.828093][ T340] bridge_slave_0: entered allmulticast mode [ 31.834449][ T340] bridge_slave_0: entered promiscuous mode [ 31.841005][ T340] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.848217][ T340] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.855318][ T340] bridge_slave_1: entered allmulticast mode [ 31.861734][ T340] bridge_slave_1: entered promiscuous mode [ 31.917435][ T340] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.924493][ T340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.931838][ T340] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.938913][ T340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.959571][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.967036][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.976649][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.983717][ T316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.993093][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.000199][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.025063][ T340] veth0_vlan: entered promiscuous mode [ 32.037144][ T340] veth1_macvtap: entered promiscuous mode [ 32.250357][ T316] bridge_slave_1: left allmulticast mode [ 32.257834][ T316] bridge_slave_1: left promiscuous mode [ 32.264627][ T316] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.272840][ T316] bridge_slave_0: left allmulticast mode [ 32.278638][ T316] bridge_slave_0: left promiscuous mode [ 32.284296][ T316] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.461433][ T316] veth1_macvtap: left promiscuous mode [ 32.467158][ T316] veth0_vlan: left promiscuous mode 2025/09/11 23:44:07 executed programs: 0 [ 32.637474][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.644532][ T372] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.651660][ T372] bridge_slave_0: entered allmulticast mode [ 32.658070][ T372] bridge_slave_0: entered promiscuous mode [ 32.664582][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.671689][ T372] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.678975][ T372] bridge_slave_1: entered allmulticast mode [ 32.685357][ T372] bridge_slave_1: entered promiscuous mode [ 32.757784][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.764836][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.772154][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.779238][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.801442][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.808824][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.821449][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.828525][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.837572][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.844640][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.871451][ T372] veth0_vlan: entered promiscuous mode [ 32.881962][ T372] veth1_macvtap: entered promiscuous mode [ 32.910151][ T382] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 32.948335][ T382] ------------[ cut here ]------------ [ 32.953843][ T382] WARNING: CPU: 1 PID: 382 at arch/x86/kvm/x86.c:11569 kvm_arch_vcpu_ioctl_run+0x12af/0x1aa0 [ 32.964316][ T382] Modules linked in: [ 32.968324][ T382] CPU: 1 UID: 0 PID: 382 Comm: syz.2.17 Not tainted syzkaller #0 ec563bcf54b47660c97d897774a4672b2d944f96 [ 32.979681][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 32.989940][ T382] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x12af/0x1aa0 [ 32.996444][ T382] Code: 7e 3b e8 04 0c 6a 00 49 bd 00 00 00 00 00 fc ff df 4c 8b 7c 24 20 4c 8b 64 24 40 48 8b 5c 24 28 e9 26 fd ff ff e8 e1 0b 6a 00 <0f> 0b e9 e4 fc ff ff e8 d5 0b 6a 00 0f 0b e9 0e fd ff ff e8 c9 0b [ 33.016135][ T382] RSP: 0018:ffffc90000fdf9c0 EFLAGS: 00010293 [ 33.022232][ T382] RAX: ffffffff811bd82f RBX: ffff888117478000 RCX: ffff8881151ccc00 [ 33.030305][ T382] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 33.038342][ T382] RBP: ffffc90000fdfc70 R08: ffff8881151ccc07 R09: 1ffff11022a39980 [ 33.046380][ T382] R10: dffffc0000000000 R11: ffffed1022a39981 R12: ffff88810b7d4000 [ 33.054378][ T382] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff888117478078 [ 33.062439][ T382] FS: 0000555555f72500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 33.071539][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.078200][ T382] CR2: 000000005200000c CR3: 0000000116b46000 CR4: 00000000003526b0 [ 33.086222][ T382] Call Trace: [ 33.089514][ T382] [ 33.092443][ T382] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 33.098573][ T382] ? should_fail+0xf/0x20 [ 33.102949][ T382] ? get_futex_key+0x181/0x930 [ 33.107759][ T382] ? ioctl_has_perm+0x1aa/0x4d0 [ 33.112636][ T382] ? __asan_memcpy+0x5a/0x80 [ 33.117293][ T382] ? ioctl_has_perm+0x3e0/0x4d0 [ 33.122172][ T382] ? has_cap_mac_admin+0xd0/0xd0 [ 33.127152][ T382] ? __kasan_check_write+0x18/0x20 [ 33.132311][ T382] ? mutex_lock_killable+0x92/0x1c0 [ 33.137577][ T382] ? __cfi_mutex_lock_killable+0x10/0x10 [ 33.143232][ T382] ? file_mmap_ok+0x147/0x1a0 [ 33.147966][ T382] ? __cfi_futex_wake+0x10/0x10 [ 33.152842][ T382] ? userfaultfd_unmap_complete+0x279/0x2d0 [ 33.158772][ T382] kvm_vcpu_ioctl+0x96f/0xee0 [ 33.163476][ T382] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 33.168737][ T382] ? down_write_killable+0xe9/0x2d0 [ 33.173969][ T382] ? do_futex+0x356/0x500 [ 33.178367][ T382] ? __cfi_do_futex+0x10/0x10 [ 33.183101][ T382] ? __kasan_check_write+0x18/0x20 [ 33.188310][ T382] ? user_return_notifier_unregister+0x14d/0x170 [ 33.194678][ T382] ? kvm_on_user_return+0x33c/0x3d0 [ 33.199941][ T382] ? bpf_lsm_file_ioctl+0xd/0x20 [ 33.204921][ T382] ? security_file_ioctl+0x34/0xd0 [ 33.210133][ T382] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 33.215379][ T382] __se_sys_ioctl+0x132/0x1b0 [ 33.220165][ T382] __x64_sys_ioctl+0x7f/0xa0 [ 33.224770][ T382] x64_sys_call+0x1878/0x2ee0 [ 33.229500][ T382] do_syscall_64+0x58/0xf0 [ 33.234001][ T382] ? clear_bhb_loop+0x50/0xa0 [ 33.238888][ T382] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 33.244814][ T382] RIP: 0033:0x7f3250f8eba9 [ 33.249310][ T382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 33.269043][ T382] RSP: 002b:00007fff912303b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 33.277617][ T382] RAX: ffffffffffffffda RBX: 00007f32511d5fa0 RCX: 00007f3250f8eba9 [ 33.285672][ T382] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 33.293673][ T382] RBP: 00007f3251011e19 R08: 0000000000000000 R09: 0000000000000000 [ 33.301713][ T382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 33.309745][ T382] R13: 00007f32511d5fa0 R14: 00007f32511d5fa0 R15: 0000000000000003 [ 33.317772][ T382] [ 33.320889][ T382] ---[ end trace 0000000000000000 ]--- [ 33.412679][ T13] bridge_slave_1: left allmulticast mode [ 33.418464][ T13] bridge_slave_1: left promiscuous mode [ 33.424141][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.432190][ T13] bridge_slave_0: left allmulticast mode [ 33.437982][ T13] bridge_slave_0: left promiscuous mode [ 33.443631][ T13] bridge0: port 1(bridge_slave_0) entered disabled state