./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1926580544 <...> [ 35.239733][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.250109][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 43.228884][ T26] kauditd_printk_skb: 37 callbacks suppressed [ 43.228895][ T26] audit: type=1400 audit(1668647848.983:73): avc: denied { transition } for pid=3418 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.258877][ T26] audit: type=1400 audit(1668647849.023:74): avc: denied { write } for pid=3418 comm="sh" path="pipe:[28179]" dev="pipefs" ino=28179 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.1.106' (ECDSA) to the list of known hosts. execve("./syz-executor1926580544", ["./syz-executor1926580544"], 0x7fff08e71590 /* 10 vars */) = 0 brk(NULL) = 0x5555559fc000 brk(0x5555559fcc40) = 0x5555559fcc40 arch_prctl(ARCH_SET_FS, 0x5555559fc300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1926580544", 4096) = 28 brk(0x555555a1dc40) = 0x555555a1dc40 brk(0x555555a1e000) = 0x555555a1e000 mprotect(0x7f4ebf616000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [ 54.947469][ T26] audit: type=1400 audit(1668647860.703:75): avc: denied { execmem } for pid=3635 comm="syz-executor192" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 54.953293][ T3635] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 54.967182][ T26] audit: type=1400 audit(1668647860.703:76): avc: denied { read } for pid=3635 comm="syz-executor192" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 55.006705][ T26] audit: type=1400 audit(1668647860.703:77): avc: denied { open } for pid=3635 comm="syz-executor192" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 ioctl(3, KVM_CREATE_VM, 0) = 4 openat(AT_FDCWD, "/dev/bus/usb/007/001", O_RDONLY) = 5 mmap(0x2000d000, 8192, PROT_GROWSDOWN, MAP_PRIVATE|MAP_FIXED|MAP_EXECUTABLE, 5, 0) = 0x2000d000 ioctl(4, KVM_SET_USER_MEMORY_REGION, {slot=0, flags=0, guest_phys_addr=0, memory_size=536879104, userspace_addr=0x20000000}) = 0 ioctl(4, KVM_CREATE_VCPU, 0) = 6 ioctl(6, KVM_RUN, 0) = 0 ioctl(6, KVM_RUN, 0) = -1 EFAULT (Bad address) exit_group(0) = ? [ 55.030648][ T26] audit: type=1400 audit(1668647860.703:78): avc: denied { ioctl } for pid=3635 comm="syz-executor192" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 55.063837][ T26] audit: type=1400 audit(1668647860.823:79): avc: denied { map } for pid=3635 comm="syz-executor192" path="/dev/bus/usb/007/001" dev="devtmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 55.098146][ T3635] page:ffffea00005f9e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17e78 [ 55.108536][ T3635] head:ffffea00005f9e00 order:2 compound_mapcount:0 compound_pincount:0 [ 55.116894][ T3635] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 55.124996][ T3635] raw: 00fff00000010200 ffffea0000851c08 ffffea0001ea6508 ffff888012040a00 [ 55.133655][ T3635] raw: 0000000000000000 ffff888017e78000 0000000100000001 0000000000000000 [ 55.142267][ T3635] page dumped because: VM_BUG_ON_FOLIO(folio_test_slab(folio)) [ 55.149792][ T3635] page_owner tracks the page as allocated [ 55.155627][ T3635] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x2d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_THISNODE), pid 3210, tgid 3210 (dhcpcd), ts 36123525148, free_ts 33443347851 [ 55.178056][ T3635] get_page_from_freelist+0x10b5/0x2d50 [ 55.183722][ T3635] __alloc_pages+0x1cb/0x5b0 [ 55.188357][ T3635] cache_grow_begin+0x75/0x360 [ 55.193206][ T3635] cache_alloc_refill+0x27f/0x380 [ 55.198256][ T3635] __kmem_cache_alloc_node+0x44a/0x510 [ 55.204326][ T3635] __kmalloc_node_track_caller+0x4b/0xc0 [ 55.209979][ T3635] __alloc_skb+0xdd/0x300 [ 55.214364][ T3635] netlink_dump+0x2c0/0xc20 [ 55.218893][ T3635] netlink_recvmsg+0xbe1/0xe50 [ 55.223708][ T3635] ____sys_recvmsg+0x2c7/0x610 [ 55.228498][ T3635] ___sys_recvmsg+0xf2/0x180 [ 55.233141][ T3635] __sys_recvmsg+0xf4/0x1c0 [ 55.237662][ T3635] do_syscall_64+0x39/0xb0 [ 55.242146][ T3635] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.248071][ T3635] page last free stack trace: [ 55.252795][ T3635] free_pcp_prepare+0x65c/0xd90 [ 55.257664][ T3635] free_unref_page+0x1d/0x4d0 [ 55.262394][ T3635] slabs_destroy+0x85/0xc0 [ 55.266835][ T3635] ___cache_free+0x2ac/0x3d0 [ 55.271474][ T3635] qlist_free_all+0x4f/0x1a0 [ 55.276082][ T3635] kasan_quarantine_reduce+0x184/0x210 [ 55.281590][ T3635] __kasan_slab_alloc+0x63/0x90 [ 55.286461][ T3635] kmem_cache_alloc+0x220/0x460 [ 55.291362][ T3635] mas_alloc_nodes+0x429/0x810 [ 55.296150][ T3635] mas_preallocate+0x1bb/0x360 [ 55.300909][ T3635] do_mas_align_munmap+0x129/0x1260 [ 55.306194][ T3635] do_mas_munmap+0x26e/0x2c0 [ 55.310810][ T3635] mmap_region+0x21d/0x1dd0 [ 55.315407][ T3635] do_mmap+0x831/0xf60 [ 55.319504][ T3635] vm_mmap_pgoff+0x1af/0x280 [ 55.324164][ T3635] ksys_mmap_pgoff+0x41f/0x5a0 [ 55.329026][ T3635] ------------[ cut here ]------------ [ 55.334527][ T3635] kernel BUG at include/linux/memcontrol.h:455! [ 55.340780][ T3635] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 55.346830][ T3635] CPU: 1 PID: 3635 Comm: syz-executor192 Not tainted 6.1.0-rc5-syzkaller-00018-g59d0d52c30d4 #0 [ 55.357223][ T3635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 55.367259][ T3635] RIP: 0010:workingset_activation+0x4cc/0x580 [ 55.373315][ T3635] Code: 48 89 ef e8 d6 00 00 00 c6 05 8e df 87 0c 01 0f 0b e9 0e fd ff ff e8 13 b4 c9 ff 48 c7 c6 c0 82 57 8a 48 89 ef e8 b4 00 00 00 <0f> 0b e8 fd b3 c9 ff 0f 0b e9 10 fc ff ff e8 f1 b3 c9 ff 48 c7 c6 [ 55.392922][ T3635] RSP: 0018:ffffc900033474a0 EFLAGS: 00010293 [ 55.398974][ T3635] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 55.407104][ T3635] RDX: ffff88807505c280 RSI: ffffffff81b5881c RDI: 0000000000000000 [ 55.415057][ T3635] RBP: ffffea00005f9e00 R08: 0000000000000000 R09: 0000000000000000 [ 55.423010][ T3635] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 55.430963][ T3635] R13: ffff8880b9b35d48 R14: 000000000000000d R15: 0000000000000003 [ 55.438918][ T3635] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 55.447839][ T3635] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.454437][ T3635] CR2: 00007f4ebf5ec3e8 CR3: 000000007d4d4000 CR4: 00000000003526e0 [ 55.462412][ T3635] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.470388][ T3635] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.478358][ T3635] Call Trace: [ 55.481638][ T3635] [ 55.484570][ T3635] folio_mark_accessed+0x599/0x830 [ 55.489707][ T3635] kvm_set_pfn_accessed+0x23f/0x2b0 [ 55.494924][ T3635] handle_changed_spte_acc_track+0x1bc/0x290 [ 55.500920][ T3635] __handle_changed_spte+0xdb3/0x1a40 [ 55.506305][ T3635] ? tdp_mmu_init_child_sp+0x620/0x620 [ 55.511867][ T3635] ? mark_held_locks+0x9f/0xe0 [ 55.516651][ T3635] __handle_changed_spte+0xda4/0x1a40 [ 55.522040][ T3635] ? tdp_mmu_init_child_sp+0x620/0x620 [ 55.528130][ T3635] __tdp_mmu_set_spte+0x229/0x9d0 [ 55.533171][ T3635] ? zap_collapsible_spte_range+0xa30/0xa30 [ 55.539077][ T3635] ? spte_to_child_pt+0xa0/0xa0 [ 55.543942][ T3635] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 55.549941][ T3635] __tdp_mmu_zap_root+0x7e7/0x860 [ 55.554982][ T3635] ? clear_dirty_pt_masked+0x510/0x510 [ 55.560454][ T3635] ? lock_release+0x810/0x810 [ 55.565149][ T3635] ? tdp_mmu_zap_root_work+0x70/0x70 [ 55.570450][ T3635] tdp_mmu_zap_root+0x12e/0x330 [ 55.575315][ T3635] kvm_tdp_mmu_zap_all+0x158/0x1b0 [ 55.580463][ T3635] ? kvm_mmu_notifier_invalidate_range+0xe0/0xe0 [ 55.586827][ T3635] kvm_mmu_zap_all+0x280/0x2d0 [ 55.591613][ T3635] ? kvm_mmu_slot_leaf_clear_dirty+0x3e0/0x3e0 [ 55.597791][ T3635] ? lock_release+0x810/0x810 [ 55.602496][ T3635] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 55.608507][ T3635] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 55.614505][ T3635] ? kvm_mmu_notifier_invalidate_range+0xe0/0xe0 [ 55.620899][ T3635] kvm_mmu_notifier_release+0x60/0xb0 [ 55.626290][ T3635] ? kvm_mmu_notifier_release+0x4/0xb0 [ 55.631768][ T3635] __mmu_notifier_release+0x1ad/0x610 [ 55.637150][ T3635] ? mmu_interval_notifier_insert+0x170/0x170 [ 55.643230][ T3635] ? find_held_lock+0x2d/0x110 [ 55.648009][ T3635] ? uprobe_clear_state+0xfc/0x420 [ 55.653141][ T3635] exit_mmap+0x66d/0x7b0 [ 55.657393][ T3635] ? __mutex_lock+0x231/0x1360 [ 55.662165][ T3635] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 55.668156][ T3635] ? ioctx_alloc+0x2180/0x2180 [ 55.672925][ T3635] ? find_held_lock+0x2d/0x110 [ 55.677707][ T3635] __mmput+0x128/0x4c0 [ 55.681778][ T3635] mmput+0x60/0x70 [ 55.685505][ T3635] do_exit+0xa41/0x2a30 [ 55.689674][ T3635] ? lock_downgrade+0x6e0/0x6e0 [ 55.694539][ T3635] ? do_raw_spin_lock+0x124/0x2b0 [ 55.699582][ T3635] ? mm_update_next_owner+0x7b0/0x7b0 [ 55.704976][ T3635] ? rwlock_bug.part.0+0x90/0x90 [ 55.709933][ T3635] ? _raw_spin_unlock_irq+0x23/0x50 [ 55.715152][ T3635] do_group_exit+0xd4/0x2a0 [ 55.719673][ T3635] __x64_sys_exit_group+0x3e/0x50 [ 55.724714][ T3635] do_syscall_64+0x39/0xb0 [ 55.729139][ T3635] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.735052][ T3635] RIP: 0033:0x7f4ebf5a8359 [ 55.739554][ T3635] Code: Unable to access opcode bytes at 0x7f4ebf5a832f. [ 55.746569][ T3635] RSP: 002b:00007fff9f076cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 55.754990][ T3635] RAX: ffffffffffffffda RBX: 00007f4ebf61c290 RCX: 00007f4ebf5a8359 [ 55.762962][ T3635] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 55.770944][ T3635] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 [ 55.778933][ T3635] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4ebf61c290 [ 55.786928][ T3635] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 55.794927][ T3635] [ 55.797956][ T3635] Modules linked in: [ 55.801985][ T3635] ---[ end trace 0000000000000000 ]--- [ 55.807454][ T3635] RIP: 0010:workingset_activation+0x4cc/0x580 [ 55.813607][ T3635] Code: 48 89 ef e8 d6 00 00 00 c6 05 8e df 87 0c 01 0f 0b e9 0e fd ff ff e8 13 b4 c9 ff 48 c7 c6 c0 82 57 8a 48 89 ef e8 b4 00 00 00 <0f> 0b e8 fd b3 c9 ff 0f 0b e9 10 fc ff ff e8 f1 b3 c9 ff 48 c7 c6 [ 55.833292][ T3635] RSP: 0018:ffffc900033474a0 EFLAGS: 00010293 [ 55.839379][ T3635] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 55.847385][ T3635] RDX: ffff88807505c280 RSI: ffffffff81b5881c RDI: 0000000000000000 [ 55.855379][ T3635] RBP: ffffea00005f9e00 R08: 0000000000000000 R09: 0000000000000000 [ 55.863375][ T3635] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 55.871372][ T3635] R13: ffff8880b9b35d48 R14: 000000000000000d R15: 0000000000000003 [ 55.879370][ T3635] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 55.888330][ T3635] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.894949][ T3635] CR2: 00007f4ebf5ec3e8 CR3: 000000007d4d4000 CR4: 00000000003526e0 [ 55.902947][ T3635] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.910932][ T3635] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.918948][ T3635] Kernel panic - not syncing: Fatal exception [ 55.925269][ T3635] Kernel Offset: disabled [ 55.929588][ T3635] Rebooting in 86400 seconds..