syzkaller syzkaller login: [ 8.015087][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 13.009299][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 13.009305][ T23] audit: type=1400 audit(1638920029.460:71): avc: denied { transition } for pid=290 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.015904][ T23] audit: type=1400 audit(1638920029.470:72): avc: denied { write } for pid=290 comm="sh" path="pipe:[10803]" dev="pipefs" ino=10803 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 13.035524][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 14.164767][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts. [ 20.628598][ T23] audit: type=1400 audit(1638920037.080:73): avc: denied { execmem } for pid=365 comm="syz-executor000" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.648428][ T23] audit: type=1400 audit(1638920037.100:74): avc: denied { mounton } for pid=366 comm="syz-executor000" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 20.672526][ T23] audit: type=1400 audit(1638920037.120:75): avc: denied { mount } for pid=366 comm="syz-executor000" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 20.695028][ T23] audit: type=1400 audit(1638920037.120:76): avc: denied { read } for pid=366 comm="syz-executor000" dev="nsfs" ino=4026531999 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 20.698098][ T366] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.716577][ T23] audit: type=1400 audit(1638920037.120:77): avc: denied { open } for pid=366 comm="syz-executor000" path="net:[4026531999]" dev="nsfs" ino=4026531999 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 20.723661][ T366] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.747182][ T23] audit: type=1400 audit(1638920037.120:78): avc: denied { mounton } for pid=366 comm="syz-executor000" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 20.754426][ T366] device bridge_slave_0 entered promiscuous mode [ 20.775622][ T23] audit: type=1400 audit(1638920037.120:79): avc: denied { module_request } for pid=366 comm="syz-executor000" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 20.782871][ T366] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.810789][ T366] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.818157][ T366] device bridge_slave_1 entered promiscuous mode [ 20.840446][ T23] audit: type=1400 audit(1638920037.290:80): avc: denied { create } for pid=366 comm="syz-executor000" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 20.844878][ T366] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.861354][ T23] audit: type=1400 audit(1638920037.290:81): avc: denied { write } for pid=366 comm="syz-executor000" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 20.868331][ T366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.868403][ T366] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.889170][ T23] audit: type=1400 audit(1638920037.290:82): avc: denied { read } for pid=366 comm="syz-executor000" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 20.896012][ T366] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.930677][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.938380][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.945671][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 20.953087][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.976205][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.984424][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.993932][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.002260][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.010115][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.018167][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.026276][ T108] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.033277][ T108] bridge0: port 1(bridge_slave_0) entered forwarding state executing program [ 21.040754][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.049031][ T108] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.056070][ T108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.063360][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.071313][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.083841][ T366] FAULT_INJECTION: forcing a failure. [ 21.083841][ T366] name failslab, interval 1, probability 0, space 0, times 1 [ 21.096654][ T366] CPU: 0 PID: 366 Comm: syz-executor000 Not tainted 5.10.83-syzkaller-00311-g6e6898e23cab #0 [ 21.106792][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.116824][ T366] Call Trace: [ 21.120102][ T366] dump_stack_lvl+0x1e2/0x24b [ 21.124754][ T366] ? show_regs_print_info+0x18/0x18 [ 21.129926][ T366] dump_stack+0x15/0x1d [ 21.134054][ T366] should_fail+0x3c0/0x510 [ 21.138443][ T366] ? nfc_genl_dump_devices+0xbb/0x690 [ 21.143786][ T366] __should_failslab+0x9f/0xe0 [ 21.148549][ T366] should_failslab+0x9/0x20 [ 21.153037][ T366] kmem_cache_alloc_trace+0x42/0x3a0 [ 21.158321][ T366] ? netlink_dump+0x2d1/0xc30 [ 21.162971][ T366] nfc_genl_dump_devices+0xbb/0x690 [ 21.168140][ T366] ? mutex_trylock+0xb0/0xb0 [ 21.172703][ T366] ? __alloc_skb+0x3b0/0x580 [ 21.177281][ T366] genl_lock_dumpit+0x6b/0x90 [ 21.181931][ T366] netlink_dump+0x5b5/0xc30 [ 21.186406][ T366] ? netlink_lookup+0xd0/0xd0 [ 21.191054][ T366] ? genl_start+0x2e2/0x470 [ 21.195530][ T366] __netlink_dump_start+0x5ba/0x7d0 [ 21.200703][ T366] genl_rcv_msg+0xbe1/0x1480 [ 21.205264][ T366] ? genl_rcv+0x40/0x40 [ 21.209403][ T366] ? genl_rcv_msg+0x1480/0x1480 [ 21.214309][ T366] ? genl_start+0x470/0x470 [ 21.218784][ T366] ? genl_lock_dumpit+0x90/0x90 [ 21.223618][ T366] ? rhashtable_jhash2+0x1f1/0x330 [ 21.229152][ T366] ? jhash+0x750/0x750 [ 21.233193][ T366] ? rht_key_hashfn+0x112/0x1e0 [ 21.238015][ T366] ? rht_lock+0x110/0x110 [ 21.242316][ T366] ? rht_key_hashfn+0x1e0/0x1e0 [ 21.247138][ T366] ? nfc_genl_exit+0x30/0x30 [ 21.251712][ T366] ? nfc_genl_get_device+0x3e0/0x3e0 [ 21.256971][ T366] ? nfc_genl_dump_devices+0x690/0x690 [ 21.262401][ T366] netlink_rcv_skb+0x200/0x470 [ 21.267141][ T366] ? genl_rcv+0x40/0x40 [ 21.271272][ T366] ? netlink_ack+0xb90/0xb90 [ 21.275831][ T366] ? down_read+0xf1/0x210 [ 21.280147][ T366] ? __down_common+0x5a0/0x5a0 [ 21.285058][ T366] genl_rcv+0x28/0x40 [ 21.289009][ T366] netlink_unicast+0x814/0x9f0 [ 21.293742][ T366] ? netlink_detachskb+0xa0/0xa0 [ 21.298654][ T366] ? security_netlink_send+0x9d/0xb0 [ 21.303911][ T366] netlink_sendmsg+0xa20/0xe00 [ 21.308646][ T366] ? selinux_socket_accept+0x5b0/0x5b0 [ 21.314086][ T366] ? netlink_getsockopt+0x960/0x960 [ 21.319258][ T366] ? security_socket_sendmsg+0xb0/0xd0 [ 21.324685][ T366] ? netlink_getsockopt+0x960/0x960 [ 21.329868][ T366] ____sys_sendmsg+0x5b9/0x910 [ 21.334603][ T366] ? __sys_sendmsg_sock+0xc0/0xc0 [ 21.339601][ T366] ? import_iovec+0xe5/0x120 [ 21.344351][ T366] __sys_sendmsg+0x384/0x470 [ 21.348913][ T366] ? rw_verify_area+0x1d1/0x370 [ 21.353733][ T366] ? ____sys_sendmsg+0x910/0x910 [ 21.358643][ T366] ? vfs_write+0x89c/0xf20 [ 21.363032][ T366] ? do_sys_openat2+0x397/0x470 [ 21.367856][ T366] ? ksys_write+0x246/0x2b0 [ 21.372332][ T366] ? debug_smp_processor_id+0x1c/0x20 [ 21.377675][ T366] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 21.383714][ T366] __x64_sys_sendmsg+0x7f/0x90 [ 21.388461][ T366] do_syscall_64+0x31/0x70 [ 21.392852][ T366] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 21.398715][ T366] RIP: 0033:0x7f35603a9ad9 [ 21.403102][ T366] Code: 47 01 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 21.422677][ T366] RSP: 002b:00007ffe8f7e4098 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 21.431060][ T366] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f35603a9ad9 [ 21.439020][ T366] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004 [ 21.446964][ T366] RBP: 00007ffe8f7e40b0 R08: 0000000000000001 R09: 00007ffe8f7e4140 [ 21.454907][ T366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 21.462861][ T366] R13: 0000000000000000 R14: 00007ffe8f7e40b0 R15: 0000000000000000 [ 21.474584][ T366] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN [ 21.486312][ T366] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 21.494704][ T366] CPU: 1 PID: 366 Comm: syz-executor000 Not tainted 5.10.83-syzkaller-00311-g6e6898e23cab #0 [ 21.504827][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.515011][ T366] RIP: 0010:klist_iter_exit+0x2b/0x100 [ 21.520446][ T366] Code: 48 89 e5 41 57 41 56 41 55 41 54 53 50 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 d0 7b fa fe 49 83 c7 08 4d 89 fd 49 c1 ed 03 <43> 80 7c 25 00 00 74 08 4c 89 ff e8 45 50 34 ff 4d 8b 37 4d 85 f6 [ 21.540029][ T366] RSP: 0018:ffffc90000ba71f8 EFLAGS: 00010202 [ 21.546079][ T366] RAX: ffffffff82726000 RBX: 0000000000000000 RCX: ffff8881071dcf00 [ 21.554115][ T366] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 21.562068][ T366] RBP: ffffc90000ba7228 R08: dffffc0000000000 R09: fffff52000174e3d [ 21.570014][ T366] R10: fffff52000174e3d R11: 0000000000000000 R12: dffffc0000000000 [ 21.577961][ T366] R13: 0000000000000001 R14: ffff8881049f1398 R15: 0000000000000008 [ 21.585929][ T366] FS: 0000555556e2a300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 21.594845][ T366] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.601417][ T366] CR2: 0000000020000100 CR3: 000000011cde1000 CR4: 00000000003506a0 [ 21.609379][ T366] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.617334][ T366] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.625282][ T366] Call Trace: [ 21.628552][ T366] ? class_dev_iter_exit+0xd/0x20 [ 21.633555][ T366] class_dev_iter_exit+0x15/0x20 [ 21.638470][ T366] nfc_genl_dump_devices_done+0x3b/0x50 [ 21.644012][ T366] genl_lock_done+0x84/0xd0 [ 21.648505][ T366] ? genl_lock_dumpit+0x90/0x90 [ 21.653339][ T366] netlink_dump+0x90a/0xc30 [ 21.657820][ T366] ? netlink_lookup+0xd0/0xd0 [ 21.662472][ T366] ? genl_start+0x2e2/0x470 [ 21.667153][ T366] __netlink_dump_start+0x5ba/0x7d0 [ 21.672780][ T366] genl_rcv_msg+0xbe1/0x1480 [ 21.677358][ T366] ? genl_rcv+0x40/0x40 [ 21.681502][ T366] ? genl_rcv_msg+0x1480/0x1480 [ 21.686324][ T366] ? genl_start+0x470/0x470 [ 21.690804][ T366] ? genl_lock_dumpit+0x90/0x90 [ 21.695631][ T366] ? rhashtable_jhash2+0x1f1/0x330 [ 21.700716][ T366] ? jhash+0x750/0x750 [ 21.704764][ T366] ? rht_key_hashfn+0x112/0x1e0 [ 21.709602][ T366] ? rht_lock+0x110/0x110 [ 21.713906][ T366] ? rht_key_hashfn+0x1e0/0x1e0 [ 21.718746][ T366] ? nfc_genl_exit+0x30/0x30 [ 21.723333][ T366] ? nfc_genl_get_device+0x3e0/0x3e0 [ 21.728607][ T366] ? nfc_genl_dump_devices+0x690/0x690 [ 21.734044][ T366] netlink_rcv_skb+0x200/0x470 [ 21.738785][ T366] ? genl_rcv+0x40/0x40 [ 21.742919][ T366] ? netlink_ack+0xb90/0xb90 [ 21.747493][ T366] ? down_read+0xf1/0x210 [ 21.751812][ T366] ? __down_common+0x5a0/0x5a0 [ 21.756552][ T366] genl_rcv+0x28/0x40 [ 21.760508][ T366] netlink_unicast+0x814/0x9f0 [ 21.765246][ T366] ? netlink_detachskb+0xa0/0xa0 [ 21.770154][ T366] ? security_netlink_send+0x9d/0xb0 [ 21.775415][ T366] netlink_sendmsg+0xa20/0xe00 [ 21.780153][ T366] ? selinux_socket_accept+0x5b0/0x5b0 [ 21.785691][ T366] ? netlink_getsockopt+0x960/0x960 [ 21.790863][ T366] ? security_socket_sendmsg+0xb0/0xd0 [ 21.796295][ T366] ? netlink_getsockopt+0x960/0x960 [ 21.801465][ T366] ____sys_sendmsg+0x5b9/0x910 [ 21.806202][ T366] ? __sys_sendmsg_sock+0xc0/0xc0 [ 21.811202][ T366] ? import_iovec+0xe5/0x120 [ 21.815766][ T366] __sys_sendmsg+0x384/0x470 [ 21.820327][ T366] ? rw_verify_area+0x1d1/0x370 [ 21.825162][ T366] ? ____sys_sendmsg+0x910/0x910 [ 21.830079][ T366] ? vfs_write+0x89c/0xf20 [ 21.834471][ T366] ? do_sys_openat2+0x397/0x470 [ 21.839297][ T366] ? ksys_write+0x246/0x2b0 [ 21.843776][ T366] ? debug_smp_processor_id+0x1c/0x20 [ 21.849121][ T366] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 21.855161][ T366] __x64_sys_sendmsg+0x7f/0x90 [ 21.859988][ T366] do_syscall_64+0x31/0x70 [ 21.864391][ T366] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 21.870253][ T366] RIP: 0033:0x7f35603a9ad9 [ 21.874643][ T366] Code: 47 01 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 21.894223][ T366] RSP: 002b:00007ffe8f7e4098 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 21.902612][ T366] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f35603a9ad9 [ 21.910556][ T366] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004 [ 21.918501][ T366] RBP: 00007ffe8f7e40b0 R08: 0000000000000001 R09: 00007ffe8f7e4140 [ 21.926462][ T366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 21.934409][ T366] R13: 0000000000000000 R14: 00007ffe8f7e40b0 R15: 0000000000000000 [ 21.942352][ T366] Modules linked in: [ 21.948468][ T366] ---[ end trace ab1a67f7f7a6f4cf ]--- [ 21.953932][ T366] RIP: 0010:klist_iter_exit+0x2b/0x100 [ 21.959694][ T366] Code: 48 89 e5 41 57 41 56 41 55 41 54 53 50 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 d0 7b fa fe 49 83 c7 08 4d 89 fd 49 c1 ed 03 <43> 80 7c 25 00 00 74 08 4c 89 ff e8 45 50 34 ff 4d 8b 37 4d 85 f6 [ 21.979465][ T366] RSP: 0018:ffffc90000ba71f8 EFLAGS: 00010202 [ 21.985558][ T366] RAX: ffffffff82726000 RBX: 0000000000000000 RCX: ffff8881071dcf00 [ 21.993513][ T366] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 22.001493][ T366] RBP: ffffc90000ba7228 R08: dffffc0000000000 R09: fffff52000174e3d [ 22.009595][ T366] R10: fffff52000174e3d R11: 0000000000000000 R12: dffffc0000000000 [ 22.017698][ T366] R13: 0000000000000001 R14: ffff8881049f1398 R15: 0000000000000008 [ 22.025745][ T366] FS: 0000555556e2a300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 22.034658][ T366] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.041481][ T366] CR2: 00007f35603be4e0 CR3: 000000011cde1000 CR4: 00000000003506b0 [ 22.049460][ T366] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.057439][ T366] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.065462][ T366] Kernel panic - not syncing: Fatal exception [ 22.071758][ T366] Kernel Offset: disabled [ 22.076113][ T366] Rebooting in 86400 seconds..