syzkaller syzkaller login: [ 6.522816][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 12.739291][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 12.739298][ T23] audit: type=1400 audit(1635239910.039:71): avc: denied { transition } for pid=290 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.745872][ T23] audit: type=1400 audit(1635239910.059:72): avc: denied { write } for pid=290 comm="sh" path="pipe:[11462]" dev="pipefs" ino=11462 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 12.903557][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 13.082672][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #88!!! [ 15.702651][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts. 2021/10/26 09:18:37 parsed 1 programs [ 19.825734][ T23] audit: type=1400 audit(1635239917.129:73): avc: denied { getattr } for pid=365 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 19.846241][ T371] cgroup: Unknown subsys name 'net' [ 19.849533][ T23] audit: type=1400 audit(1635239917.129:74): avc: denied { read } for pid=365 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 19.876087][ T23] audit: type=1400 audit(1635239917.129:75): avc: denied { open } for pid=365 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 19.876247][ T371] cgroup: Unknown subsys name 'devices' [ 19.899415][ T23] audit: type=1400 audit(1635239917.129:76): avc: denied { read } for pid=365 comm="syz-execprog" name="raw-gadget" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.927775][ T23] audit: type=1400 audit(1635239917.129:77): avc: denied { open } for pid=365 comm="syz-execprog" path="/dev/raw-gadget" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.951521][ T23] audit: type=1400 audit(1635239917.149:78): avc: denied { mounton } for pid=371 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1137 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.974326][ T23] audit: type=1400 audit(1635239917.149:79): avc: denied { mount } for pid=371 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.996607][ T23] audit: type=1400 audit(1635239917.169:80): avc: denied { unmount } for pid=371 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.084114][ T371] cgroup: Unknown subsys name 'hugetlb' [ 20.089959][ T371] cgroup: Unknown subsys name 'rlimit' 2021/10/26 09:18:37 executed programs: 0 [ 20.243671][ T23] audit: type=1400 audit(1635239917.549:81): avc: denied { mounton } for pid=371 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.268622][ T23] audit: type=1400 audit(1635239917.549:82): avc: denied { mount } for pid=371 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 20.294444][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.301813][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.309669][ T374] device bridge_slave_0 entered promiscuous mode [ 20.316432][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.323658][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.330884][ T374] device bridge_slave_1 entered promiscuous mode [ 20.355014][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.362038][ T374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.369310][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.376422][ T374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.391780][ T375] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.398997][ T375] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.406613][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 20.414753][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.433254][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.441498][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 20.449714][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.458031][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.465147][ T375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.473089][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.481456][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.488489][ T375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.495915][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.503786][ T375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.513642][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 20.525509][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.534318][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.547583][ T374] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 20.565978][ T382] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 20.802726][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 21.095346][ T491] cgroup: fork rejected by pids controller in /syz0 [ 21.442660][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 21.492645][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! 2021/10/26 09:18:42 executed programs: 101 2021/10/26 09:18:47 executed programs: 204 [ 32.706340][T25854] ------------[ cut here ]------------ [ 32.711849][T25854] kernel BUG at arch/x86/kvm/../../../virt/kvm/kvm_main.c:516! [ 32.719733][T25854] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 32.725796][T25854] CPU: 1 PID: 25854 Comm: syz-executor.0 Not tainted 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 32.736103][T25854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.746156][T25854] RIP: 0010:kvm_mmu_notifier_invalidate_range_end+0xb2/0xc0 [ 32.753408][T25854] Code: 49 8b 1e 48 c7 c7 ff ff ff ff 48 89 de e8 46 96 64 00 48 85 db 78 0e e8 7c 91 64 00 5b 41 5c 41 5e 41 5f 5d c3 e8 6e 91 64 00 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 55 48 89 e5 41 57 41 56 [ 32.772994][T25854] RSP: 0000:ffffc90004ee77d0 EFLAGS: 00010293 [ 32.779065][T25854] RAX: ffffffff81086782 RBX: ffffffffffffffff RCX: ffff88810d8c3b40 [ 32.787079][T25854] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 32.795050][T25854] RBP: ffffc90004ee77f0 R08: ffffffff8108676a R09: 0000000000000003 [ 32.803001][T25854] R10: fffff520009dcee9 R11: 0000000000000004 R12: dffffc0000000000 [ 32.810969][T25854] R13: dffffc0000000000 R14: ffffc90004f5e160 R15: ffffc90004f55000 [ 32.818915][T25854] FS: 0000555556ed7400(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 32.827830][T25854] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.834386][T25854] CR2: 0000555556ed8c18 CR3: 000000011a8ec000 CR4: 00000000003526a0 [ 32.842375][T25854] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.850333][T25854] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.858283][T25854] Call Trace: [ 32.861551][T25854] ? kvm_mmu_notifier_invalidate_range_start+0x300/0x300 [ 32.868548][T25854] __mmu_notifier_invalidate_range_end+0x246/0x300 [ 32.875024][T25854] wp_page_copy+0xe51/0x1750 [ 32.879585][T25854] ? copy_user_highpage+0x1b0/0x1b0 [ 32.884846][T25854] ? __kasan_check_write+0x14/0x20 [ 32.889926][T25854] ? _raw_spin_trylock+0xcb/0x1a0 [ 32.894926][T25854] do_wp_page+0x73b/0xc80 [ 32.899227][T25854] handle_pte_fault+0x575/0xac0 [ 32.904046][T25854] ___handle_speculative_fault+0xd97/0x17d0 [ 32.909921][T25854] ? __handle_speculative_fault+0x2a0/0x2a0 [ 32.915784][T25854] ? __kasan_check_write+0x14/0x20 [ 32.920866][T25854] ? __up_read+0x7b/0x2b0 [ 32.925164][T25854] ? _raw_read_unlock+0x25/0x40 [ 32.929982][T25854] ? get_vma+0x14e/0x160 [ 32.934198][T25854] __handle_speculative_fault+0xc3/0x2a0 [ 32.939887][T25854] do_user_addr_fault+0x8c9/0xd70 [ 32.944886][T25854] ? trace_raw_output_x86_exceptions+0x100/0x100 [ 32.951188][T25854] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 32.957232][T25854] ? exit_to_user_mode_prepare+0x3b/0xe0 [ 32.962841][T25854] exc_page_fault+0x98/0x2d0 [ 32.967408][T25854] ? asm_exc_page_fault+0x8/0x30 [ 32.972318][T25854] asm_exc_page_fault+0x1e/0x30 [ 32.977141][T25854] RIP: 0033:0x7fd22262aa01 [ 32.981548][T25854] Code: 11 00 4c 29 e8 4b 8d 0c 2f 48 8b 6c 24 18 48 39 d3 48 89 4b 60 0f 95 c2 48 83 c8 01 0f b6 d2 48 c1 e2 02 4c 09 ea 48 83 ca 01 <49> 89 57 08 48 89 41 08 49 83 c7 10 eb b3 48 8d 3d ba dc 09 00 e8 [ 33.001138][T25854] RSP: 002b:00007ffdecc937b0 EFLAGS: 00010206 [ 33.007180][T25854] RAX: 00000000000202d1 RBX: 00007fd2227405e0 RCX: 0000555556ed8d30 [ 33.015129][T25854] RDX: 0000000000000121 RSI: 0000000000000000 RDI: 0000000000000004 [ 33.023090][T25854] RBP: 0000000000000110 R08: 0000000000000003 R09: 00007fd222740640 [ 33.031038][T25854] R10: 0000000000020022 R11: 0000000000000120 R12: 0000000000000010 [ 33.038990][T25854] R13: 0000000000000120 R14: 0000000000000012 R15: 0000555556ed8c10 [ 33.046938][T25854] Modules linked in: [ 33.051206][T25854] ---[ end trace 0343d1f98e0c4ccd ]--- [ 33.057876][T25854] RIP: 0010:kvm_mmu_notifier_invalidate_range_end+0xb2/0xc0 [ 33.065373][T25854] Code: 49 8b 1e 48 c7 c7 ff ff ff ff 48 89 de e8 46 96 64 00 48 85 db 78 0e e8 7c 91 64 00 5b 41 5c 41 5e 41 5f 5d c3 e8 6e 91 64 00 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 55 48 89 e5 41 57 41 56 [ 33.085109][T25854] RSP: 0000:ffffc90004ee77d0 EFLAGS: 00010293 [ 33.091176][T25854] RAX: ffffffff81086782 RBX: ffffffffffffffff RCX: ffff88810d8c3b40 [ 33.099451][T25854] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 33.107450][T25854] RBP: ffffc90004ee77f0 R08: ffffffff8108676a R09: 0000000000000003 [ 33.115430][T25854] R10: fffff520009dcee9 R11: 0000000000000004 R12: dffffc0000000000 [ 33.123414][T25854] R13: dffffc0000000000 R14: ffffc90004f5e160 R15: ffffc90004f55000 [ 33.131552][T25854] FS: 0000555556ed7400(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 33.140731][T25854] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.147563][T25854] CR2: 00007fd22275b0a0 CR3: 000000011a8ec000 CR4: 00000000003526b0 [ 33.155600][T25854] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.163590][T25854] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.171554][T25854] Kernel panic - not syncing: Fatal exception [ 33.177949][T25854] Kernel Offset: disabled [ 33.182258][T25854] Rebooting in 86400 seconds..