[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 18.191072] audit: type=1400 audit(1518117395.085:6): avc: denied { map } for pid=4149 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.222' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 24.478919] audit: type=1400 audit(1518117401.373:7): avc: denied { map } for pid=4163 comm="syzkaller419547" path="/root/syzkaller419547489" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 24.541164] pte_list_remove: 0000000053791c29 0->BUG [ 24.546358] ------------[ cut here ]------------ [ 24.551086] kernel BUG at arch/x86/kvm/mmu.c:1208! [ 24.556124] invalid opcode: 0000 [#1] SMP KASAN [ 24.560774] Dumping ftrace buffer: [ 24.564288] (ftrace buffer empty) [ 24.567967] Modules linked in: [ 24.571130] CPU: 1 PID: 4169 Comm: syzkaller419547 Not tainted 4.15.0+ #302 [ 24.578196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.587523] RIP: 0010:pte_list_remove+0x3ae/0x3c0 [ 24.592332] RSP: 0018:ffff8801b1e86988 EFLAGS: 00010282 [ 24.597665] RAX: 0000000000000028 RBX: ffff8801b1c29840 RCX: 0000000000000000 [ 24.604905] RDX: 0000000000000028 RSI: 1ffff100363d0ce6 RDI: ffffed00363d0d25 [ 24.612144] RBP: ffff8801b1e869c8 R08: 1ffff100363d0c7d R09: 0000000000000000 [ 24.619382] R10: ffff8801b1e86d70 R11: 0000000000000000 R12: ffff8801b1bb5078 [ 24.626621] R13: 0000000000000000 R14: ffff8801ae4a9e80 R15: ffff8801ae4a9ea8 [ 24.633861] FS: 0000000000000000(0000) GS:ffff8801db500000(0000) knlGS:0000000000000000 [ 24.642054] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.647903] CR2: 0000000020f07008 CR3: 0000000006a22005 CR4: 00000000001626e0 [ 24.655142] Call Trace: [ 24.657708] drop_spte+0x15a/0x250 [ 24.661221] mmu_page_zap_pte+0x224/0x340 [ 24.665350] ? kvm_mmu_zap_collapsible_spte+0x3f0/0x3f0 [ 24.670692] ? __lock_is_held+0xb6/0x140 [ 24.674730] kvm_mmu_prepare_zap_page+0x1c5/0x1310 [ 24.679633] ? mmio_info_in_cache+0x6b0/0x6b0 [ 24.684096] ? __lock_acquire+0x664/0x3e00 [ 24.688306] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.693467] ? __is_insn_slot_addr+0x1fc/0x330 [ 24.698028] ? check_noncircular+0x20/0x20 [ 24.702230] ? find_held_lock+0x35/0x1d0 [ 24.706265] ? kvm_make_all_cpus_request+0x44a/0x580 [ 24.711340] ? gfn_to_pfn_atomic+0x650/0x650 [ 24.715717] ? find_held_lock+0x35/0x1d0 [ 24.719748] ? lock_release+0xa40/0xa40 [ 24.723691] ? __lock_is_held+0xb6/0x140 [ 24.727726] ? kvm_dying_cpu+0x40/0x40 [ 24.731584] kvm_mmu_invalidate_zap_all_pages+0x4a0/0x680 [ 24.737097] ? kvm_mmu_zap_collapsible_sptes+0xb0/0xb0 [ 24.742348] ? _raw_spin_unlock_irqrestore+0xa6/0xba [ 24.747421] ? lock_acquire+0x1d5/0x580 [ 24.751365] ? lock_release+0xa40/0xa40 [ 24.755308] ? lock_release+0xa40/0xa40 [ 24.759253] ? kmem_cache_free+0x83/0x2a0 [ 24.763368] ? mmput+0x54a/0x6c0 [ 24.766708] ? kvm_dying_cpu+0x40/0x40 [ 24.770563] kvm_arch_flush_shadow_all+0x15/0x20 [ 24.775287] kvm_mmu_notifier_release+0x59/0x90 [ 24.779924] ? kvm_dying_cpu+0x40/0x40 [ 24.783783] __mmu_notifier_release+0x1da/0x6a0 [ 24.788427] ? mmu_notifier_unregister+0x5c0/0x5c0 [ 24.793325] ? __khugepaged_exit+0x3f7/0x640 [ 24.797703] ? lock_downgrade+0x980/0x980 [ 24.801825] ? rcu_pm_notify+0xc0/0xc0 [ 24.805684] ? __khugepaged_exit+0x40f/0x640 [ 24.810069] exit_mmap+0x3ff/0x500 [ 24.813581] ? SyS_munmap+0x30/0x30 [ 24.817177] ? __khugepaged_exit+0x42f/0x640 [ 24.821558] ? hugepage_madvise+0xf0/0xf0 [ 24.825675] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 24.831532] ? check_noncircular+0x20/0x20 [ 24.835736] ? rcu_note_context_switch+0x710/0x710 [ 24.840638] ? __might_sleep+0x95/0x190 [ 24.844581] mmput+0x223/0x6c0 [ 24.847742] ? get_task_exe_file+0xc0/0xc0 [ 24.851948] ? is_current_pgrp_orphaned+0xa0/0xa0 [ 24.856759] ? do_exit+0x8fa/0x1ad0 [ 24.860357] ? lock_downgrade+0x980/0x980 [ 24.864487] ? mark_held_locks+0xaf/0x100 [ 24.868608] ? do_raw_spin_trylock+0x190/0x190 [ 24.873159] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.878147] ? trace_hardirqs_on+0xd/0x10 [ 24.882265] do_exit+0x90a/0x1ad0 [ 24.885695] ? find_held_lock+0x35/0x1d0 [ 24.889727] ? mm_update_next_owner+0x930/0x930 [ 24.894365] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.899524] ? lock_downgrade+0x980/0x980 [ 24.903642] ? __unqueue_futex+0x1c0/0x290 [ 24.907843] ? lock_release+0xa40/0xa40 [ 24.911789] ? fault_in_user_writeable+0x90/0x90 [ 24.916518] ? do_raw_spin_trylock+0x190/0x190 [ 24.921070] ? futex_wake+0x680/0x680 [ 24.924842] ? mmdrop+0x18/0x30 [ 24.928091] ? drop_futex_key_refs.isra.13+0x63/0xa0 [ 24.933161] ? futex_wait+0x6a9/0x9a0 [ 24.936934] ? debug_check_no_obj_freed+0x3da/0xf1f [ 24.941921] ? check_noncircular+0x20/0x20 [ 24.946124] ? drop_futex_key_refs.isra.13+0x63/0xa0 [ 24.951195] ? futex_wake+0x2ca/0x680 [ 24.954970] ? memset+0x31/0x40 [ 24.958221] ? find_held_lock+0x35/0x1d0 [ 24.962259] ? get_signal+0x7a9/0x16d0 [ 24.966118] ? lock_downgrade+0x980/0x980 [ 24.970254] do_group_exit+0x149/0x400 [ 24.974121] ? do_raw_spin_trylock+0x190/0x190 [ 24.978679] ? SyS_exit+0x30/0x30 [ 24.982106] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.986578] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.991569] get_signal+0x73a/0x16d0 [ 24.995268] ? ptrace_notify+0x130/0x130 [ 24.999311] ? lock_downgrade+0x980/0x980 [ 25.003446] ? lock_release+0xa40/0xa40 [ 25.007405] ? __lock_is_held+0xb6/0x140 [ 25.011464] do_signal+0x90/0x1e90 [ 25.014987] ? iterate_fd+0x3f0/0x3f0 [ 25.018765] ? setup_sigcontext+0x7d0/0x7d0 [ 25.023056] ? __do_page_fault+0x5f7/0xc90 [ 25.027259] ? lock_downgrade+0x980/0x980 [ 25.031379] ? trace_event_raw_event_kvm_age_page+0x340/0x340 [ 25.037242] ? do_vfs_ioctl+0x486/0x1520 [ 25.041272] ? handle_mm_fault+0x43b/0x970 [ 25.045486] ? exit_to_usermode_loop+0x8c/0x2f0 [ 25.050126] exit_to_usermode_loop+0x258/0x2f0 [ 25.054684] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 25.060189] ? do_syscall_64+0xb7/0x940 [ 25.064134] do_syscall_64+0x6ed/0x940 [ 25.067991] ? __do_page_fault+0xc90/0xc90 [ 25.072197] ? mmdrop+0x18/0x30 [ 25.075444] ? finish_task_switch+0x29b/0x890 [ 25.079909] ? syscall_return_slowpath+0x550/0x550 [ 25.084810] ? syscall_return_slowpath+0x2ac/0x550 [ 25.089710] ? prepare_exit_to_usermode+0x350/0x350 [ 25.094700] ? entry_SYSCALL_64_after_hwframe+0x36/0x9b [ 25.100035] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.104849] entry_SYSCALL_64_after_hwframe+0x26/0x9b [ 25.110006] RIP: 0033:0x448fc9 [ 25.113170] RSP: 002b:00007fc0d0adbda8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 25.120848] RAX: fffffffffffffe00 RBX: 00000000006e1bfc RCX: 0000000000448fc9 [ 25.128086] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000006e1bfc [ 25.135328] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 25.142568] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e1bf8 [ 25.149809] R13: 6d766b2f7665642f R14: 00007fc0d0adc9c0 R15: 000000000000000b [ 25.157055] Code: 09 8a 61 00 48 8b 75 d0 48 c7 c7 e0 69 e2 85 e8 e1 2d 4b 00 0f 0b e8 f2 89 61 00 48 8b 75 d0 48 c7 c7 a0 69 e2 85 e8 ca 2d 4b 00 <0f> 0b 4c 89 ef e8 d8 d9 99 00 e9 01 fe ff ff 0f 1f 00 55 48 89 [ 25.176125] RIP: pte_list_remove+0x3ae/0x3c0 RSP: ffff8801b1e86988 [ 25.182480] ---[ end trace 2daf3fcb714d6694 ]--- [ 25.187245] Kernel panic - not syncing: Fatal exception [ 25.193494] Dumping ftrace buffer: [ 25.197003] (ftrace buffer empty) [ 25.200682] Kernel Offset: disabled [ 25.204282] Rebooting in 86400 seconds..