[ 443.284423][ T3144] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:36226' (ED25519) to the list of known hosts. [ 941.991648][ T25] audit: type=1400 audit(941.170:61): avc: denied { execute } for pid=3319 comm="sh" name="syz-execprog" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 942.020013][ T25] audit: type=1400 audit(941.190:62): avc: denied { execute_no_trans } for pid=3319 comm="sh" path="/syz-execprog" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 1970/01/01 00:16:34 parsed 1 programs [ 995.816903][ T25] audit: type=1400 audit(994.990:63): avc: denied { node_bind } for pid=3319 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 1022.769496][ T25] audit: type=1400 audit(1021.940:64): avc: denied { mounton } for pid=3327 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1870 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 1022.803153][ T25] audit: type=1400 audit(1021.970:65): avc: denied { mount } for pid=3327 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 1022.888548][ T3327] cgroup: Unknown subsys name 'net' [ 1022.941615][ T25] audit: type=1400 audit(1022.120:66): avc: denied { unmount } for pid=3327 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 1023.342511][ T3327] cgroup: Unknown subsys name 'cpuset' [ 1023.452931][ T3327] cgroup: Unknown subsys name 'rlimit' [ 1024.855163][ T25] audit: type=1400 audit(1024.030:67): avc: denied { setattr } for pid=3327 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 1024.899631][ T25] audit: type=1400 audit(1024.060:68): avc: denied { create } for pid=3327 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1024.900827][ T25] audit: type=1400 audit(1024.070:69): avc: denied { write } for pid=3327 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1024.931777][ T25] audit: type=1400 audit(1024.100:70): avc: denied { module_request } for pid=3327 comm="syz-executor" kmod="net-pf-16-proto-16-family-nl802154" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 1025.482365][ T25] audit: type=1400 audit(1024.650:71): avc: denied { read } for pid=3327 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1025.561267][ T25] audit: type=1400 audit(1024.730:72): avc: denied { mounton } for pid=3327 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 1025.609669][ T25] audit: type=1400 audit(1024.770:73): avc: denied { mount } for pid=3327 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 1026.880194][ T3331] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 1027.111470][ T3327] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 1051.423875][ T25] kauditd_printk_skb: 4 callbacks suppressed [ 1051.436414][ T25] audit: type=1400 audit(1050.580:78): avc: denied { execmem } for pid=3332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 1051.764076][ T25] audit: type=1400 audit(1050.920:79): avc: denied { read } for pid=3333 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1051.810211][ T25] audit: type=1400 audit(1050.960:80): avc: denied { open } for pid=3333 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1051.885803][ T25] audit: type=1400 audit(1051.060:81): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 1053.571887][ T25] audit: type=1400 audit(1052.740:82): avc: denied { mount } for pid=3333 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 1053.616375][ T25] audit: type=1400 audit(1052.790:83): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/syzkaller.tQADY0/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 1053.672105][ T25] audit: type=1400 audit(1052.840:84): avc: denied { mount } for pid=3333 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 1053.746586][ T25] audit: type=1400 audit(1052.920:85): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/syzkaller.tQADY0/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 1053.790860][ T25] audit: type=1400 audit(1052.960:86): avc: denied { mounton } for pid=3333 comm="syz-executor" path="/syzkaller.tQADY0/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=2957 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 1053.905574][ T25] audit: type=1400 audit(1053.080:87): avc: denied { unmount } for pid=3333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 1054.361382][ T3333] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1084.263789][ T25] kauditd_printk_skb: 8 callbacks suppressed [ 1084.282007][ T25] audit: type=1401 audit(1083.440:96): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 1095.206507][ T25] audit: type=1400 audit(1094.380:97): avc: denied { create } for pid=3358 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 1095.434365][ T25] audit: type=1400 audit(1094.610:98): avc: denied { sys_admin } for pid=3358 comm="syz-executor" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 1099.841268][ T25] audit: type=1400 audit(1099.010:99): avc: denied { sys_chroot } for pid=3359 comm="syz-executor" capability=18 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 1105.200907][ T25] audit: type=1400 audit(1104.370:100): avc: denied { sys_module } for pid=3364 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 1117.394397][ T3364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1117.475629][ T3364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1123.865921][ T3364] hsr_slave_0: entered promiscuous mode [ 1123.894107][ T3364] hsr_slave_1: entered promiscuous mode [ 1127.794063][ T3364] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1127.922376][ T3364] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1128.014545][ T3364] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1128.100043][ T3364] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1138.646496][ T3364] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1166.818366][ T3364] veth0_vlan: entered promiscuous mode [ 1167.053471][ T3364] veth1_vlan: entered promiscuous mode [ 1167.945042][ T3364] veth0_macvtap: entered promiscuous mode [ 1168.201178][ T3364] veth1_macvtap: entered promiscuous mode [ 1169.374006][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1169.413900][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1169.436685][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1169.459146][ T3352] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1175.393549][ T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1176.304590][ T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1177.135787][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1177.823120][ T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1187.683334][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1187.771212][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1187.825025][ T49] bond0 (unregistering): Released all slaves [ 1188.973048][ T49] hsr_slave_0: left promiscuous mode [ 1189.120584][ T49] hsr_slave_1: left promiscuous mode [ 1189.581200][ T49] veth1_macvtap: left promiscuous mode [ 1189.586713][ T49] veth0_macvtap: left promiscuous mode [ 1189.602098][ T49] veth1_vlan: left promiscuous mode [ 1189.620028][ T49] veth0_vlan: left promiscuous mode [ 1212.180243][ T25] audit: type=1400 audit(1211.320:101): avc: denied { mounton } for pid=3445 comm="syz-executor" path="/syzkaller.tiCH6G/syz-tmp" dev="vda" ino=1883 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 1254.118624][ T25] audit: type=1400 audit(1253.280:102): avc: denied { create } for pid=3488 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 1970/01/01 00:21:59 executed programs: 0 [ 1348.859924][ T3544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1348.988464][ T3544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1356.132239][ T3544] hsr_slave_0: entered promiscuous mode [ 1356.168546][ T3544] hsr_slave_1: entered promiscuous mode [ 1360.390338][ T3544] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1360.532286][ T3544] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1360.631436][ T3544] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1360.725616][ T3544] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1368.356182][ T3544] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1402.542444][ T3544] veth0_vlan: entered promiscuous mode [ 1403.264884][ T3544] veth1_vlan: entered promiscuous mode [ 1405.491446][ T3544] veth0_macvtap: entered promiscuous mode [ 1405.712852][ T3544] veth1_macvtap: entered promiscuous mode [ 1406.856226][ T21] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1406.878796][ T21] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1406.963823][ T21] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1406.976227][ T21] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:23:28 executed programs: 2 [ 1410.275098][ T25] audit: type=1400 audit(1409.410:103): avc: denied { read } for pid=3625 comm="syz.2.17" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1410.283935][ T25] audit: type=1400 audit(1409.450:104): avc: denied { open } for pid=3625 comm="syz.2.17" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1410.319669][ T25] audit: type=1400 audit(1409.490:105): avc: denied { ioctl } for pid=3625 comm="syz.2.17" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1411.552055][ T3625] ================================================================== [ 1411.552636][ T3625] BUG: KASAN: invalid-access in __kvm_pgtable_walk+0x8e4/0xa68 [ 1411.554379][ T3625] Read of size 8 at addr acf0000014184000 by task syz.2.17/3625 [ 1411.554614][ T3625] Pointer tag: [ac], memory tag: [fe] [ 1411.554751][ T3625] [ 1411.555722][ T3625] CPU: 0 UID: 0 PID: 3625 Comm: syz.2.17 Not tainted syzkaller #0 PREEMPT [ 1411.556299][ T3625] Hardware name: linux,dummy-virt (DT) [ 1411.556774][ T3625] Call trace: [ 1411.557156][ T3625] show_stack+0x2c/0x3c (C) [ 1411.557785][ T3625] __dump_stack+0x30/0x40 [ 1411.558072][ T3625] dump_stack_lvl+0xd8/0x12c [ 1411.558286][ T3625] print_address_description+0xac/0x288 [ 1411.558578][ T3625] print_report+0x84/0xa0 [ 1411.558875][ T3625] kasan_report+0xb0/0x110 [ 1411.559109][ T3625] kasan_tag_mismatch+0x28/0x3c [ 1411.559363][ T3625] __hwasan_tag_mismatch+0x30/0x60 [ 1411.559688][ T3625] __kvm_pgtable_walk+0x8e4/0xa68 [ 1411.560018][ T3625] kvm_pgtable_walk+0x294/0x468 [ 1411.560328][ T3625] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 1411.560653][ T3625] kvm_free_stage2_pgd+0x198/0x28c [ 1411.560988][ T3625] kvm_uninit_stage2_mmu+0x20/0x38 [ 1411.561286][ T3625] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 1411.561595][ T3625] kvm_mmu_notifier_release+0x48/0xa8 [ 1411.561917][ T3625] mmu_notifier_unregister+0x128/0x42c [ 1411.562202][ T3625] kvm_put_kvm+0x6a0/0xfa8 [ 1411.562419][ T3625] kvm_vm_release+0x58/0x78 [ 1411.562685][ T3625] __fput+0x4ac/0x980 [ 1411.562918][ T3625] ____fput+0x20/0x58 [ 1411.563125][ T3625] task_work_run+0x1bc/0x254 [ 1411.563354][ T3625] do_notify_resume+0x1bc/0x270 [ 1411.563610][ T3625] el0_svc+0xb8/0x164 [ 1411.563899][ T3625] el0t_64_sync_handler+0x84/0x12c [ 1411.564172][ T3625] el0t_64_sync+0x198/0x19c [ 1411.564709][ T3625] [ 1411.564894][ T3625] The buggy address belongs to the physical page: [ 1411.565988][ T3625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8af0000014185b80 pfn:0x54184 [ 1411.566360][ T3625] flags: 0x1ffd4c000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x53) [ 1411.567511][ T3625] raw: 01ffd4c000000000 ffffc1ffc086ae88 ffffc1ffc0869ec8 0000000000000000 [ 1411.567772][ T3625] raw: 8af0000014185b80 0000000000000000 00000000ffffffff 0000000000000000 [ 1411.567989][ T3625] page dumped because: kasan: bad access detected [ 1411.568122][ T3625] [ 1411.568215][ T3625] Memory state around the buggy address: [ 1411.568588][ T3625] fff0000014183e00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1411.568811][ T3625] fff0000014183f00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1411.569017][ T3625] >fff0000014184000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1411.569162][ T3625] ^ [ 1411.569398][ T3625] fff0000014184100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1411.569579][ T3625] fff0000014184200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1411.569800][ T3625] ================================================================== [ 1411.811327][ T3625] Disabling lock debugging due to kernel taint [ 1414.215642][ T3625] BUG: Bad page state in process syz.2.17 pfn:630ea [ 1414.220969][ T3625] page: refcount:0 mapcount:1 mapping:0000000000000000 index:0xffffffff2 pfn:0x630ea [ 1414.249399][ T25] audit: type=1400 audit(1413.420:106): avc: denied { read } for pid=3103 comm="syslogd" name="log" dev="vda" ino=1857 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 1414.265984][ T25] audit: type=1400 audit(1413.420:107): avc: denied { search } for pid=3103 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1414.309305][ T25] audit: type=1400 audit(1413.480:108): avc: denied { search } for pid=3103 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1414.334266][ T3625] flags: 0x1ffeb8000020808(uptodate|owner_2|swapbacked|node=0|zone=0|lastcpupid=0x7ff|kasantag=0xae) [ 1414.368634][ T25] audit: type=1400 audit(1413.510:109): avc: denied { add_name } for pid=3103 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1414.369716][ T25] audit: type=1400 audit(1413.540:110): avc: denied { create } for pid=3103 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1414.374154][ T3625] raw: 01ffeb8000020808 dead000000000100 dead000000000122 0000000000000000 [ 1414.391576][ T3625] raw: 0000000ffffffff2 0000000000000000 0000000000000000 0000000000000000 [ 1414.398541][ T3625] page dumped because: nonzero mapcount [ 1414.401453][ T3625] Modules linked in: [ 1414.421825][ T3625] CPU: 0 UID: 0 PID: 3625 Comm: syz.2.17 Tainted: G B syzkaller #0 PREEMPT [ 1414.422293][ T3625] Tainted: [B]=BAD_PAGE [ 1414.422395][ T3625] Hardware name: linux,dummy-virt (DT) [ 1414.422504][ T3625] Call trace: [ 1414.422652][ T3625] show_stack+0x2c/0x3c (C) [ 1414.423070][ T3625] __dump_stack+0x30/0x40 [ 1414.423285][ T3625] dump_stack_lvl+0xd8/0x12c [ 1414.423490][ T3625] dump_stack+0x1c/0x28 [ 1414.423685][ T3625] bad_page+0x17c/0x19c [ 1414.423983][ T3625] __free_frozen_pages+0xecc/0xf24 [ 1414.424222][ T3625] free_frozen_pages+0x14/0x20 [ 1414.424490][ T3625] __folio_put+0x314/0x434 [ 1414.424738][ T3625] kvm_s2_put_page+0x2cc/0x3a0 [ 1414.425055][ T3625] stage2_free_walker+0x1b0/0x264 [ 1414.425360][ T3625] __kvm_pgtable_walk+0x7d8/0xa68 [ 1414.425654][ T3625] kvm_pgtable_walk+0x294/0x468 [ 1414.425959][ T3625] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 1414.426276][ T3625] kvm_free_stage2_pgd+0x198/0x28c [ 1414.426567][ T3625] kvm_uninit_stage2_mmu+0x20/0x38 [ 1414.426890][ T3625] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 1414.427206][ T3625] kvm_mmu_notifier_release+0x48/0xa8 [ 1414.427504][ T3625] mmu_notifier_unregister+0x128/0x42c [ 1414.427815][ T3625] kvm_put_kvm+0x6a0/0xfa8 [ 1414.428030][ T3625] kvm_vm_release+0x58/0x78 [ 1414.428331][ T3625] __fput+0x4ac/0x980 [ 1414.428540][ T3625] ____fput+0x20/0x58 [ 1414.428757][ T3625] task_work_run+0x1bc/0x254 [ 1414.429010][ T3625] do_notify_resume+0x1bc/0x270 [ 1414.429260][ T3625] el0_svc+0xb8/0x164 [ 1414.429526][ T3625] el0t_64_sync_handler+0x84/0x12c [ 1414.429917][ T3625] el0t_64_sync+0x198/0x19c [ 1414.506390][ T25] audit: type=1400 audit(1413.540:111): avc: denied { append open } for pid=3103 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1414.519412][ T25] audit: type=1400 audit(1413.680:112): avc: denied { getattr } for pid=3103 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1414.534204][ T3625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8af0000014185b80 pfn:0x54184 [ 1414.538394][ T3625] flags: 0x1fff00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xc0) [ 1414.541567][ T3625] raw: 01fff00000000000 ffffc1ffc0869cc8 fff0000072d85420 0000000000000000 [ 1414.549071][ T3625] raw: 8af0000014185b80 7af00000127c9980 00000000ffffffff 0000000000000000 [ 1414.559420][ T3625] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 1414.567499][ T3625] ------------[ cut here ]------------ [ 1414.567747][ T3625] kernel BUG at ./include/linux/mm.h:1036! [ 1414.568659][ T3625] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 1414.573537][ T3625] Modules linked in: [ 1414.574717][ T3625] CPU: 0 UID: 0 PID: 3625 Comm: syz.2.17 Tainted: G B syzkaller #0 PREEMPT [ 1414.576277][ T3625] Tainted: [B]=BAD_PAGE [ 1414.576994][ T3625] Hardware name: linux,dummy-virt (DT) [ 1414.578121][ T3625] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1414.579517][ T3625] pc : kvm_s2_put_page+0x374/0x3a0 [ 1414.580630][ T3625] lr : kvm_s2_put_page+0x374/0x3a0 [ 1414.581706][ T3625] sp : ffff80008e677830 [ 1414.582489][ T3625] x29: ffff80008e677830 x28: acf0000014184b78 x27: acf0000014184b78 [ 1414.584175][ T3625] x26: 00000000000000ff x25: ffff80008734e000 x24: ffffc1ffc0000000 [ 1414.585679][ T3625] x23: ffffc1ffc0506108 x22: 0000000000000000 x21: ffffc1ffc0506134 [ 1414.587136][ T3625] x20: 0000000000000000 x19: ffffc1ffc0506100 x18: 0000000033a13eee [ 1414.588566][ T3625] x17: 0000000004ccf0a7 x16: 00000000339c4af6 x15: 00000000a5627dbd [ 1414.590041][ T3625] x14: 00000000000000ef x13: fff000001ef91d88 x12: 0000000000000001 [ 1414.591541][ T3625] x11: 0000000000000000 x10: 0000000000ff0100 x9 : 771fd69e9c7dcc00 [ 1414.593071][ T3625] x8 : 771fd69e9c7dcc00 x7 : 0000000000000400 x6 : ffff8000803a03c8 [ 1414.594509][ T3625] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000803915d0 [ 1414.595947][ T3625] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e [ 1414.597473][ T3625] Call trace: [ 1414.598192][ T3625] kvm_s2_put_page+0x374/0x3a0 (P) [ 1414.599242][ T3625] stage2_free_walker+0xdc/0x264 [ 1414.600268][ T3625] __kvm_pgtable_walk+0x7d8/0xa68 [ 1414.601319][ T3625] kvm_pgtable_walk+0x294/0x468 [ 1414.602307][ T3625] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 1414.603440][ T3625] kvm_free_stage2_pgd+0x198/0x28c [ 1414.604493][ T3625] kvm_uninit_stage2_mmu+0x20/0x38 [ 1414.605509][ T3625] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 1414.606679][ T3625] kvm_mmu_notifier_release+0x48/0xa8 [ 1414.607778][ T3625] mmu_notifier_unregister+0x128/0x42c [ 1414.608835][ T3625] kvm_put_kvm+0x6a0/0xfa8 [ 1414.609692][ T3625] kvm_vm_release+0x58/0x78 [ 1414.610631][ T3625] __fput+0x4ac/0x980 [ 1414.611482][ T3625] ____fput+0x20/0x58 [ 1414.612336][ T3625] task_work_run+0x1bc/0x254 [ 1414.613252][ T3625] do_notify_resume+0x1bc/0x270 [ 1414.614207][ T3625] el0_svc+0xb8/0x164 [ 1414.615097][ T3625] el0t_64_sync_handler+0x84/0x12c [ 1414.616097][ T3625] el0t_64_sync+0x198/0x19c [ 1414.617534][ T3625] Code: d0037581 9126fc21 aa1303e0 97f9c9f2 (d4210000) [ 1414.619394][ T3625] ---[ end trace 0000000000000000 ]--- [ 1414.621065][ T3625] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 1414.624922][ T3625] Kernel Offset: disabled [ 1414.625720][ T3625] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 1414.626889][ T3625] Memory Limit: none [ 1414.628577][ T3625] Rebooting in 86400 seconds.. VM DIAGNOSIS: 18:41:38 Registers: info registers vcpu 0 CPU#0 PC=ffff800082136720 X00=0000000000000003 X01=0000000000000002 X02=0000000000000001 X03=ffff80008213661c X04=0000000000000001 X05=0000000000000001 X06=0000000000000000 X07=ffff800081f26774 X08=aaf000000d9b9d80 X09=0000000000000000 X10=0000000000ff0100 X11=00000000000000fe X12=0000000000000002 X13=0000000000000002 X14=0000000000000000 X15=00000000c25614d4 X16=00000000f0a3c562 X17=0000000000000000 X18=00000000f0b55e8a X19=efff800000000000 X20=79f000000dcb4880 X21=d0ff80008c44b018 X22=0000000000000002 X23=79f000000dcb497c X24=0000000000000079 X25=79f000000dcb4ac8 X26=79f000000dcb48c8 X27=0000000000000079 X28=0000000000000079 X29=ffff80008c487b40 X30=ffff800082136720 SP=ffff80008c487b30 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=000000f803000000:000000f803000000 Z01=0000000000000000:00000000000000f8 Z02=0000000000000000:0000000000000000 Z03=0000000000000028:00000000000000f8 Z04=0000000000000000:0000000000000000 Z05=0000000000000000:0000000000000000 Z06=6edc4d3a2914b135:d8e9c869e2695c88 Z07=b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000fffff7bc23b0:0000fffff7bc23b0 Z17=ffffff80ffffffd0:0000fffff7bc2380 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000