syzkaller syzkaller login: [ 12.130280][ T36] kauditd_printk_skb: 48 callbacks suppressed [ 12.130295][ T36] audit: type=1400 audit(1756757760.570:59): avc: denied { transition } for pid=230 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.134458][ T36] audit: type=1400 audit(1756757760.570:60): avc: denied { noatsecure } for pid=230 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.137119][ T36] audit: type=1400 audit(1756757760.570:61): avc: denied { write } for pid=230 comm="sh" path="pipe:[1578]" dev="pipefs" ino=1578 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.140037][ T36] audit: type=1400 audit(1756757760.570:62): avc: denied { rlimitinh } for pid=230 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.142834][ T36] audit: type=1400 audit(1756757760.570:63): avc: denied { siginh } for pid=230 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.174' (ED25519) to the list of known hosts. 2025/09/01 20:16:09 parsed 1 programs [ 21.004171][ T36] audit: type=1400 audit(1756757769.450:64): avc: denied { node_bind } for pid=289 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 21.942827][ T36] audit: type=1400 audit(1756757770.390:65): avc: denied { mounton } for pid=297 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.943844][ T297] cgroup: Unknown subsys name 'net' [ 21.965469][ T36] audit: type=1400 audit(1756757770.390:66): avc: denied { mount } for pid=297 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.992844][ T36] audit: type=1400 audit(1756757770.410:67): avc: denied { unmount } for pid=297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.993076][ T297] cgroup: Unknown subsys name 'devices' [ 22.173847][ T297] cgroup: Unknown subsys name 'hugetlb' [ 22.179456][ T297] cgroup: Unknown subsys name 'rlimit' [ 22.317240][ T36] audit: type=1400 audit(1756757770.760:68): avc: denied { setattr } for pid=297 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.340474][ T36] audit: type=1400 audit(1756757770.760:69): avc: denied { create } for pid=297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.348480][ T300] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.361030][ T36] audit: type=1400 audit(1756757770.760:70): avc: denied { write } for pid=297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.389640][ T36] audit: type=1400 audit(1756757770.760:71): avc: denied { read } for pid=297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.410032][ T36] audit: type=1400 audit(1756757770.760:72): avc: denied { sys_module } for pid=297 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 22.431279][ T36] audit: type=1400 audit(1756757770.760:73): avc: denied { mounton } for pid=297 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.459531][ T297] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.273206][ T302] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 23.433505][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.440542][ T312] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.447860][ T312] bridge_slave_0: entered allmulticast mode [ 23.454322][ T312] bridge_slave_0: entered promiscuous mode [ 23.460699][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.467941][ T312] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.475058][ T312] bridge_slave_1: entered allmulticast mode [ 23.481197][ T312] bridge_slave_1: entered promiscuous mode [ 23.531467][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.538525][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.545807][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.552845][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.570430][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.578068][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.588399][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.595459][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.604372][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.611441][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.634885][ T312] veth0_vlan: entered promiscuous mode [ 23.644800][ T312] veth1_macvtap: entered promiscuous mode [ 23.714719][ T13] bridge_slave_1: left allmulticast mode [ 23.720382][ T13] bridge_slave_1: left promiscuous mode [ 23.726064][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.733885][ T13] bridge_slave_0: left allmulticast mode [ 23.739535][ T13] bridge_slave_0: left promiscuous mode [ 23.745238][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.855578][ T13] veth1_macvtap: left promiscuous mode [ 23.861123][ T13] veth0_vlan: left promiscuous mode 2025/09/01 20:16:12 executed programs: 0 [ 24.534174][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.541214][ T372] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.548294][ T372] bridge_slave_0: entered allmulticast mode [ 24.554475][ T372] bridge_slave_0: entered promiscuous mode [ 24.560633][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.567726][ T372] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.574781][ T372] bridge_slave_1: entered allmulticast mode [ 24.580894][ T372] bridge_slave_1: entered promiscuous mode [ 24.624325][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.631377][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.638679][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.645734][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.664404][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.671718][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.680878][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.687942][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.698519][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.705594][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.727693][ T372] veth0_vlan: entered promiscuous mode [ 24.737902][ T372] veth1_macvtap: entered promiscuous mode [ 24.763314][ T382] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 24.847145][ T382] ------------[ cut here ]------------ [ 24.852670][ T382] WARNING: CPU: 0 PID: 382 at arch/x86/kvm/x86.c:11569 kvm_arch_vcpu_ioctl_run+0x12af/0x1aa0 [ 24.862898][ T382] Modules linked in: [ 24.866809][ T382] CPU: 0 UID: 0 PID: 382 Comm: syz.2.17 Not tainted syzkaller #0 0dd0103ec329b4c3ce546fdd10bdf8515cdb9785 [ 24.878161][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 24.888275][ T382] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x12af/0x1aa0 [ 24.894764][ T382] Code: 7e 3b e8 c4 0a 6a 00 49 bd 00 00 00 00 00 fc ff df 4c 8b 7c 24 20 4c 8b 64 24 40 48 8b 5c 24 28 e9 26 fd ff ff e8 a1 0a 6a 00 <0f> 0b e9 e4 fc ff ff e8 95 0a 6a 00 0f 0b e9 0e fd ff ff e8 89 0a [ 24.914428][ T382] RSP: 0018:ffffc9000103f9c0 EFLAGS: 00010293 [ 24.920485][ T382] RAX: ffffffff811bd81f RBX: ffff8881156b0000 RCX: ffff888114c32600 [ 24.928474][ T382] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 24.936463][ T382] RBP: ffffc9000103fc70 R08: ffff888114c32607 R09: 1ffff110229864c0 [ 24.944456][ T382] R10: dffffc0000000000 R11: ffffed10229864c1 R12: ffff88812301b000 [ 24.952449][ T382] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8881156b0078 [ 24.960417][ T382] FS: 0000555585d88500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 24.969399][ T382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.975999][ T382] CR2: 000000005200000c CR3: 00000001153e2000 CR4: 00000000003526b0 [ 24.984000][ T382] Call Trace: [ 24.987275][ T382] [ 24.990186][ T382] ? kvm_vcpu_ioctl+0x7bb/0xee0 [ 24.995066][ T382] ? __se_sys_ioctl+0x132/0x1b0 [ 24.999912][ T382] ? __x64_sys_ioctl+0x7f/0xa0 [ 25.004703][ T382] ? x64_sys_call+0x1878/0x2ee0 [ 25.009559][ T382] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 25.015560][ T382] ? should_fail+0xf/0x20 [ 25.019893][ T382] ? get_futex_key+0x181/0x930 [ 25.024667][ T382] ? ioctl_has_perm+0x1aa/0x4d0 [ 25.029515][ T382] ? __asan_memcpy+0x5a/0x80 [ 25.034116][ T382] ? ioctl_has_perm+0x3e0/0x4d0 [ 25.038963][ T382] ? has_cap_mac_admin+0xd0/0xd0 [ 25.043939][ T382] ? __kasan_check_write+0x18/0x20 [ 25.049049][ T382] ? mutex_lock_killable+0x92/0x1c0 [ 25.054272][ T382] ? __cfi_mutex_lock_killable+0x10/0x10 [ 25.059900][ T382] ? __cfi_futex_wake+0x10/0x10 [ 25.064770][ T382] ? kvm_vcpu_ioctl+0x7bb/0xee0 [ 25.069631][ T382] kvm_vcpu_ioctl+0x96f/0xee0 [ 25.074341][ T382] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 25.079539][ T382] ? do_futex+0x356/0x500 [ 25.083908][ T382] ? __cfi_do_futex+0x10/0x10 [ 25.088578][ T382] ? __se_sys_futex+0x28f/0x300 [ 25.093452][ T382] ? bpf_lsm_file_ioctl+0xd/0x20 [ 25.098395][ T382] ? security_file_ioctl+0x34/0xd0 [ 25.103552][ T382] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 25.108758][ T382] __se_sys_ioctl+0x132/0x1b0 [ 25.113460][ T382] __x64_sys_ioctl+0x7f/0xa0 [ 25.118048][ T382] x64_sys_call+0x1878/0x2ee0 [ 25.122744][ T382] do_syscall_64+0x58/0xf0 [ 25.127176][ T382] ? clear_bhb_loop+0x50/0xa0 [ 25.131893][ T382] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 25.137780][ T382] RIP: 0033:0x7f0f6038ebe9 [ 25.142226][ T382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 25.161890][ T382] RSP: 002b:00007ffc93d04868 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 25.170304][ T382] RAX: ffffffffffffffda RBX: 00007f0f605c5fa0 RCX: 00007f0f6038ebe9 [ 25.178307][ T382] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 25.186365][ T382] RBP: 00007f0f60411e19 R08: 0000000000000000 R09: 0000000000000000 [ 25.194389][ T382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 25.202386][ T382] R13: 00007f0f605c5fa0 R14: 00007f0f605c5fa0 R15: 0000000000000003 [ 25.210353][ T382] [ 25.213378][ T382] ---[ end trace 0000000000000000 ]---