[ 373.008019][ T3156] 8021q: adding VLAN 0 to HW filter on device bond0 [ 392.247710][ T3156] eql: remember to turn off Van-Jacobson compression on your slave devices Warning: Permanently added '[localhost]:20915' (ED25519) to the list of known hosts. [ 868.110583][ T25] audit: type=1400 audit(867.340:61): avc: denied { execute } for pid=3327 comm="sh" name="syz-execprog" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 868.137287][ T25] audit: type=1400 audit(867.370:62): avc: denied { execute_no_trans } for pid=3327 comm="sh" path="/syz-execprog" dev="vda" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 1970/01/01 00:15:18 parsed 1 programs [ 918.956203][ T25] audit: type=1400 audit(918.190:63): avc: denied { node_bind } for pid=3327 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 939.330845][ T25] audit: type=1400 audit(938.560:64): avc: denied { mounton } for pid=3336 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1870 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 939.365905][ T25] audit: type=1400 audit(938.590:65): avc: denied { mount } for pid=3336 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 939.447227][ T3336] cgroup: Unknown subsys name 'net' [ 939.495881][ T25] audit: type=1400 audit(938.730:66): avc: denied { unmount } for pid=3336 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 939.875813][ T3336] cgroup: Unknown subsys name 'cpuset' [ 939.978862][ T3336] cgroup: Unknown subsys name 'rlimit' [ 941.840549][ T25] audit: type=1400 audit(941.070:67): avc: denied { setattr } for pid=3336 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 941.893884][ T25] audit: type=1400 audit(941.120:68): avc: denied { create } for pid=3336 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 941.908549][ T25] audit: type=1400 audit(941.140:69): avc: denied { write } for pid=3336 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 941.944581][ T25] audit: type=1400 audit(941.170:70): avc: denied { module_request } for pid=3336 comm="syz-executor" kmod="net-pf-16-proto-16-family-nl802154" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 942.948398][ T25] audit: type=1400 audit(942.180:71): avc: denied { read } for pid=3336 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 943.021258][ T25] audit: type=1400 audit(942.250:72): avc: denied { mounton } for pid=3336 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 943.084101][ T25] audit: type=1400 audit(942.280:73): avc: denied { mount } for pid=3336 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 945.454536][ T3340] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 945.470504][ T25] audit: type=1400 audit(944.700:74): avc: denied { relabelto } for pid=3340 comm="mkswap" name="swap-file" dev="vda" ino=1873 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 945.504519][ T25] audit: type=1400 audit(944.730:75): avc: denied { write } for pid=3340 comm="mkswap" path="/swap-file" dev="vda" ino=1873 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 945.758778][ T25] audit: type=1400 audit(944.990:76): avc: denied { read } for pid=3336 comm="syz-executor" name="swap-file" dev="vda" ino=1873 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 945.781671][ T25] audit: type=1400 audit(945.010:77): avc: denied { open } for pid=3336 comm="syz-executor" path="/swap-file" dev="vda" ino=1873 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 945.873325][ T3336] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 970.747254][ T25] audit: type=1400 audit(969.980:78): avc: denied { execmem } for pid=3341 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 971.073337][ T25] audit: type=1400 audit(970.300:79): avc: denied { read } for pid=3342 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 971.101172][ T25] audit: type=1400 audit(970.330:80): avc: denied { open } for pid=3342 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 971.186187][ T25] audit: type=1400 audit(970.420:81): avc: denied { mounton } for pid=3342 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 972.616247][ T25] audit: type=1400 audit(971.850:82): avc: denied { mounton } for pid=3342 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=1543 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 972.664357][ T25] audit: type=1400 audit(971.890:83): avc: denied { mount } for pid=3342 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 972.694063][ T25] audit: type=1400 audit(971.920:84): avc: denied { mounton } for pid=3342 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 972.718593][ T25] audit: type=1400 audit(971.940:85): avc: denied { mount } for pid=3342 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 978.041026][ T25] audit: type=1400 audit(977.270:86): avc: denied { mount } for pid=3346 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 978.089234][ T25] audit: type=1400 audit(977.320:87): avc: denied { mounton } for pid=3346 comm="syz-executor" path="/syzkaller.kDovcr/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 978.138209][ T25] audit: type=1400 audit(977.370:88): avc: denied { mount } for pid=3346 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 978.217710][ T25] audit: type=1400 audit(977.440:89): avc: denied { mounton } for pid=3346 comm="syz-executor" path="/syzkaller.kDovcr/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 978.255624][ T25] audit: type=1400 audit(977.480:90): avc: denied { mounton } for pid=3346 comm="syz-executor" path="/syzkaller.kDovcr/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=2963 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 978.361727][ T25] audit: type=1400 audit(977.590:91): avc: denied { unmount } for pid=3346 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 978.435976][ T25] audit: type=1400 audit(977.660:92): avc: denied { mount } for pid=3346 comm="syz-executor" name="/" dev="gadgetfs" ino=2964 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 978.485604][ T25] audit: type=1400 audit(977.720:93): avc: denied { mount } for pid=3346 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 978.793614][ T3346] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 979.153773][ T25] audit: type=1400 audit(978.380:94): avc: denied { read write } for pid=3346 comm="syz-executor" name="loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 979.176520][ T25] audit: type=1400 audit(978.400:95): avc: denied { open } for pid=3346 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1004.494066][ T25] kauditd_printk_skb: 2 callbacks suppressed [ 1004.499074][ T25] audit: type=1401 audit(1003.720:98): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 1020.299888][ T25] audit: type=1400 audit(1019.530:99): avc: denied { create } for pid=3376 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 1020.429676][ T25] audit: type=1400 audit(1019.660:100): avc: denied { sys_admin } for pid=3376 comm="syz-executor" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 1022.020532][ T25] audit: type=1400 audit(1021.250:101): avc: denied { sys_chroot } for pid=3377 comm="syz-executor" capability=18 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 1026.630148][ T25] audit: type=1400 audit(1025.850:102): avc: denied { sys_module } for pid=3381 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 1037.743755][ T3381] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1037.808481][ T3381] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1043.616845][ T3381] hsr_slave_0: entered promiscuous mode [ 1043.645550][ T3381] hsr_slave_1: entered promiscuous mode [ 1047.287227][ T3381] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1047.415042][ T3381] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1047.497233][ T3381] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1047.579189][ T3381] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1054.040897][ T3381] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1081.697942][ T3381] veth0_vlan: entered promiscuous mode [ 1082.056129][ T3381] veth1_vlan: entered promiscuous mode [ 1082.931074][ T3381] veth0_macvtap: entered promiscuous mode [ 1083.075830][ T3381] veth1_macvtap: entered promiscuous mode [ 1084.197227][ T3372] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1084.241741][ T3372] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1084.265907][ T3372] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1084.266986][ T3372] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1089.387109][ T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1090.007566][ T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1090.731381][ T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1091.300590][ T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1099.397367][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1099.481094][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1099.544380][ T35] bond0 (unregistering): Released all slaves [ 1100.435464][ T35] hsr_slave_0: left promiscuous mode [ 1100.465765][ T35] hsr_slave_1: left promiscuous mode [ 1100.590795][ T35] veth1_macvtap: left promiscuous mode [ 1100.599929][ T35] veth0_macvtap: left promiscuous mode [ 1100.614289][ T35] veth1_vlan: left promiscuous mode [ 1100.618580][ T35] veth0_vlan: left promiscuous mode 1970/01/01 00:19:40 executed programs: 0 [ 1217.434936][ T3525] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1217.908431][ T3525] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1230.267159][ T3525] hsr_slave_0: entered promiscuous mode [ 1230.288919][ T3525] hsr_slave_1: entered promiscuous mode [ 1237.647642][ T3525] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1237.900097][ T3525] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1238.135864][ T3525] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1238.308242][ T3525] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1246.096028][ T3525] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1276.481192][ T3525] veth0_vlan: entered promiscuous mode [ 1276.717724][ T3525] veth1_vlan: entered promiscuous mode [ 1277.657412][ T3525] veth0_macvtap: entered promiscuous mode [ 1277.945503][ T3525] veth1_macvtap: entered promiscuous mode [ 1279.061408][ T3426] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1279.066615][ T3426] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1279.104383][ T3426] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1279.135232][ T3306] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1280.404858][ T25] audit: type=1400 audit(1279.620:103): avc: denied { mounton } for pid=3525 comm="syz-executor" path="/syzkaller.rFfba7/syz-tmp" dev="vda" ino=1889 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 1280.491427][ T25] audit: type=1400 audit(1279.720:104): avc: denied { mount } for pid=3525 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 1970/01/01 00:21:20 executed programs: 2 [ 1282.084992][ T25] audit: type=1400 audit(1281.310:105): avc: denied { read } for pid=3632 comm="syz.2.17" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1282.120214][ T25] audit: type=1400 audit(1281.310:106): avc: denied { open } for pid=3632 comm="syz.2.17" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1282.143559][ T25] audit: type=1400 audit(1281.370:107): avc: denied { ioctl } for pid=3632 comm="syz.2.17" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1283.529696][ T3632] ================================================================== [ 1283.530275][ T3632] BUG: KASAN: invalid-access in __kvm_pgtable_walk+0x8e4/0xa68 [ 1283.531998][ T3632] Read of size 8 at addr 63f00000141c4000 by task syz.2.17/3632 [ 1283.532234][ T3632] Pointer tag: [63], memory tag: [fe] [ 1283.532377][ T3632] [ 1283.533326][ T3632] CPU: 0 UID: 0 PID: 3632 Comm: syz.2.17 Not tainted syzkaller #0 PREEMPT [ 1283.533849][ T3632] Hardware name: linux,dummy-virt (DT) [ 1283.534280][ T3632] Call trace: [ 1283.534674][ T3632] show_stack+0x2c/0x3c (C) [ 1283.535262][ T3632] __dump_stack+0x30/0x40 [ 1283.535543][ T3632] dump_stack_lvl+0xd8/0x12c [ 1283.535743][ T3632] print_address_description+0xac/0x288 [ 1283.536036][ T3632] print_report+0x84/0xa0 [ 1283.536281][ T3632] kasan_report+0xb0/0x110 [ 1283.536520][ T3632] kasan_tag_mismatch+0x28/0x3c [ 1283.536748][ T3632] __hwasan_tag_mismatch+0x30/0x60 [ 1283.537032][ T3632] __kvm_pgtable_walk+0x8e4/0xa68 [ 1283.537304][ T3632] kvm_pgtable_walk+0x294/0x468 [ 1283.537581][ T3632] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 1283.537861][ T3632] kvm_free_stage2_pgd+0x198/0x28c [ 1283.538124][ T3632] kvm_uninit_stage2_mmu+0x20/0x38 [ 1283.538396][ T3632] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 1283.538676][ T3632] kvm_mmu_notifier_release+0x48/0xa8 [ 1283.538935][ T3632] mmu_notifier_unregister+0x128/0x42c [ 1283.539182][ T3632] kvm_put_kvm+0x6a0/0xfa8 [ 1283.539392][ T3632] kvm_vm_release+0x58/0x78 [ 1283.539632][ T3632] __fput+0x4ac/0x980 [ 1283.539822][ T3632] ____fput+0x20/0x58 [ 1283.540039][ T3632] task_work_run+0x1bc/0x254 [ 1283.540254][ T3632] do_notify_resume+0x1bc/0x270 [ 1283.540533][ T3632] el0_svc+0xb8/0x164 [ 1283.540792][ T3632] el0t_64_sync_handler+0x84/0x12c [ 1283.541020][ T3632] el0t_64_sync+0x198/0x19c [ 1283.541525][ T3632] [ 1283.541697][ T3632] The buggy address belongs to the physical page: [ 1283.542829][ T3632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x34f00000141c5b80 pfn:0x541c4 [ 1283.543198][ T3632] flags: 0x1ffe70000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x9c) [ 1283.544362][ T3632] raw: 01ffe70000000000 ffffc1ffc08f2648 ffffc1ffc08f1688 0000000000000000 [ 1283.544604][ T3632] raw: 34f00000141c5b80 0000000000000000 00000000ffffffff 0000000000000000 [ 1283.544808][ T3632] page dumped because: kasan: bad access detected [ 1283.544941][ T3632] [ 1283.545032][ T3632] Memory state around the buggy address: [ 1283.545381][ T3632] fff00000141c3e00: 72 72 72 72 72 72 72 72 72 72 72 72 fe fe fe fe [ 1283.545576][ T3632] fff00000141c3f00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1283.545752][ T3632] >fff00000141c4000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1283.545897][ T3632] ^ [ 1283.546126][ T3632] fff00000141c4100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1283.546292][ T3632] fff00000141c4200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 1283.546506][ T3632] ================================================================== [ 1283.729200][ T3632] Disabling lock debugging due to kernel taint [ 1285.332675][ T3632] BUG: Bad page state in process syz.2.17 pfn:b15e3 [ 1285.336932][ T3632] page: refcount:0 mapcount:2 mapping:000000001b05f025 index:0x0 pfn:0xb15e3 [ 1285.361649][ T25] audit: type=1400 audit(1284.590:108): avc: denied { read } for pid=3115 comm="syslogd" name="log" dev="vda" ino=1857 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 1285.378990][ T3632] aops:ext4_da_aops ino:a4 dentry name(?):"file_contexts.bin" [ 1285.390452][ T25] audit: type=1400 audit(1284.620:109): avc: denied { search } for pid=3115 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1285.401278][ T3632] flags: 0x1ffc8c600000a0c(referenced|uptodate|workingset|owner_2|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x23) [ 1285.413588][ T25] audit: type=1400 audit(1284.640:110): avc: denied { search } for pid=3115 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1285.447708][ T3632] raw: 01ffc8c600000a0c dead000000000100 dead000000000122 10f0000012bedff8 [ 1285.454075][ T3632] raw: 0000000000000000 0000000000000000 0000000000000001 0000000000000000 [ 1285.463533][ T3632] page dumped because: non-NULL mapping [ 1285.481089][ T3632] Modules linked in: [ 1285.492983][ T25] audit: type=1400 audit(1284.690:111): avc: denied { add_name } for pid=3115 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1285.493957][ T25] audit: type=1400 audit(1284.720:112): avc: denied { create } for pid=3115 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1285.518118][ T3632] CPU: 0 UID: 0 PID: 3632 Comm: syz.2.17 Tainted: G B syzkaller #0 PREEMPT [ 1285.518638][ T3632] Tainted: [B]=BAD_PAGE [ 1285.518733][ T3632] Hardware name: linux,dummy-virt (DT) [ 1285.518826][ T3632] Call trace: [ 1285.518964][ T3632] show_stack+0x2c/0x3c (C) [ 1285.519307][ T3632] __dump_stack+0x30/0x40 [ 1285.519527][ T3632] dump_stack_lvl+0xd8/0x12c [ 1285.519718][ T3632] dump_stack+0x1c/0x28 [ 1285.519896][ T3632] bad_page+0x17c/0x19c [ 1285.520163][ T3632] __free_frozen_pages+0xecc/0xf24 [ 1285.520395][ T3632] free_frozen_pages+0x14/0x20 [ 1285.520622][ T3632] __folio_put+0x314/0x434 [ 1285.520819][ T3632] kvm_s2_put_page+0x2cc/0x3a0 [ 1285.521081][ T3632] stage2_free_walker+0xdc/0x264 [ 1285.521351][ T3632] __kvm_pgtable_walk+0x4a8/0xa68 [ 1285.521623][ T3632] __kvm_pgtable_walk+0x600/0xa68 [ 1285.521897][ T3632] kvm_pgtable_walk+0x294/0x468 [ 1285.522140][ T3632] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 1285.522424][ T3632] kvm_free_stage2_pgd+0x198/0x28c [ 1285.522703][ T3632] kvm_uninit_stage2_mmu+0x20/0x38 [ 1285.522958][ T3632] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 1285.523228][ T3632] kvm_mmu_notifier_release+0x48/0xa8 [ 1285.523504][ T3632] mmu_notifier_unregister+0x128/0x42c [ 1285.523756][ T3632] kvm_put_kvm+0x6a0/0xfa8 [ 1285.523964][ T3632] kvm_vm_release+0x58/0x78 [ 1285.524203][ T3632] __fput+0x4ac/0x980 [ 1285.524396][ T3632] ____fput+0x20/0x58 [ 1285.524585][ T3632] task_work_run+0x1bc/0x254 [ 1285.524782][ T3632] do_notify_resume+0x1bc/0x270 [ 1285.525007][ T3632] el0_svc+0xb8/0x164 [ 1285.525216][ T3632] el0t_64_sync_handler+0x84/0x12c [ 1285.525439][ T3632] el0t_64_sync+0x198/0x19c [ 1285.603057][ T25] audit: type=1400 audit(1284.830:113): avc: denied { append open } for pid=3115 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1285.604012][ T25] audit: type=1400 audit(1284.830:114): avc: denied { getattr } for pid=3115 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1285.624476][ T3632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x34f00000141c5b80 pfn:0x541c4 [ 1285.629617][ T3632] flags: 0x1ffed8000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xb6) [ 1285.634220][ T3632] raw: 01ffed8000000000 ffffc1ffc08f1488 fff0000072d7e420 0000000000000000 [ 1285.637034][ T3632] raw: 34f00000141c5b80 b2f0000015f479c0 00000000ffffffff 0000000000000000 [ 1285.644038][ T3632] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 1285.650753][ T3632] ------------[ cut here ]------------ [ 1285.650973][ T3632] kernel BUG at ./include/linux/mm.h:1036! [ 1285.651847][ T3632] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 1285.656140][ T3632] Modules linked in: [ 1285.657161][ T3632] CPU: 0 UID: 0 PID: 3632 Comm: syz.2.17 Tainted: G B syzkaller #0 PREEMPT [ 1285.658494][ T3632] Tainted: [B]=BAD_PAGE [ 1285.659072][ T3632] Hardware name: linux,dummy-virt (DT) [ 1285.660011][ T3632] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1285.661215][ T3632] pc : kvm_s2_put_page+0x374/0x3a0 [ 1285.662138][ T3632] lr : kvm_s2_put_page+0x374/0x3a0 [ 1285.662966][ T3632] sp : ffff80008e777830 [ 1285.663590][ T3632] x29: ffff80008e777830 x28: 63f00000141c4728 x27: 63f00000141c4728 [ 1285.664986][ T3632] x26: 00000000000000ff x25: ffff800087396000 x24: ffffc1ffc0000000 [ 1285.666190][ T3632] x23: ffffc1ffc0507108 x22: 0000000000000000 x21: ffffc1ffc0507134 [ 1285.667393][ T3632] x20: 0000000000000000 x19: ffffc1ffc0507100 x18: 000000002c6c01e8 [ 1285.668590][ T3632] x17: 00000000053f8ca2 x16: 000000002c49cbc8 x15: 0000000065ca7ed1 [ 1285.669730][ T3632] x14: 0000000040000000 x13: fff0000020139d88 x12: 0000000000000001 [ 1285.670748][ T3632] x11: 0000000000000000 x10: 0000000000ff0100 x9 : d626810f30b05500 [ 1285.672041][ T3632] x8 : d626810f30b05500 x7 : 0000000000000400 x6 : ffff80008039fbc8 [ 1285.673252][ T3632] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000010 [ 1285.674424][ T3632] x2 : 0000000000000002 x1 : 0000000100000000 x0 : 000000000000003e [ 1285.675663][ T3632] Call trace: [ 1285.676288][ T3632] kvm_s2_put_page+0x374/0x3a0 (P) [ 1285.677207][ T3632] stage2_free_walker+0xdc/0x264 [ 1285.678052][ T3632] __kvm_pgtable_walk+0x7d8/0xa68 [ 1285.678906][ T3632] kvm_pgtable_walk+0x294/0x468 [ 1285.679666][ T3632] kvm_pgtable_stage2_destroy_range+0x60/0xb4 [ 1285.680613][ T3632] kvm_free_stage2_pgd+0x198/0x28c [ 1285.681396][ T3632] kvm_uninit_stage2_mmu+0x20/0x38 [ 1285.682273][ T3632] kvm_arch_flush_shadow_all+0x1a8/0x1e0 [ 1285.683154][ T3632] kvm_mmu_notifier_release+0x48/0xa8 [ 1285.684046][ T3632] mmu_notifier_unregister+0x128/0x42c [ 1285.684986][ T3632] kvm_put_kvm+0x6a0/0xfa8 [ 1285.685727][ T3632] kvm_vm_release+0x58/0x78 [ 1285.686463][ T3632] __fput+0x4ac/0x980 [ 1285.687163][ T3632] ____fput+0x20/0x58 [ 1285.687886][ T3632] task_work_run+0x1bc/0x254 [ 1285.688665][ T3632] do_notify_resume+0x1bc/0x270 [ 1285.689473][ T3632] el0_svc+0xb8/0x164 [ 1285.690242][ T3632] el0t_64_sync_handler+0x84/0x12c [ 1285.691067][ T3632] el0t_64_sync+0x198/0x19c [ 1285.694192][ T3632] Code: 900377c1 910e9421 aa1303e0 97f9c9f2 (d4210000) [ 1285.695856][ T3632] ---[ end trace 0000000000000000 ]--- [ 1285.697324][ T3632] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 1285.699318][ T3632] Kernel Offset: disabled [ 1285.700022][ T3632] CPU features: 0x000000,0001a300,5f7c67c1,057ffe1f [ 1285.701133][ T3632] Memory Limit: none [ 1285.702698][ T3632] Rebooting in 86400 seconds.. VM DIAGNOSIS: 17:33:21 Registers: info registers vcpu 0 CPU#0 PC=ffff800082159154 X00=0000000000000003 X01=0000000000000002 X02=0000000000000001 X03=ffff800082159050 X04=0000000000000001 X05=0000000000000001 X06=0000000000000000 X07=ffff800081f1ef70 X08=32f000000d9b9d80 X09=0000000000000000 X10=0000000000ff0100 X11=00000000000000fe X12=0000000000000002 X13=0000000000000002 X14=0000000000000000 X15=0000000000000294 X16=0000000000000032 X17=0000000000000000 X18=0000000000f7e400 X19=efff800000000000 X20=33f000000dcb4880 X21=e6ff80008c4bb018 X22=0000000000000002 X23=33f000000dcb497c X24=0000000000000033 X25=33f000000dcb4ac8 X26=33f000000dcb48c8 X27=0000000000000033 X28=0000000000000033 X29=ffff80008c4f7b40 X30=ffff800082159154 SP=ffff80008c4f7b30 PSTATE=814020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000 P01=0000 P02=0000 P03=0000 P04=0000 P05=0000 P06=0000 P07=0000 P08=0000 P09=0000 P10=0000 P11=0000 P12=0000 P13=0000 P14=0000 P15=0000 FFR=0000 Z00=2525252525252525:2525252525252525 Z01=00000075253a7525:2f73252f7665642f Z02=0000000000000000:fffff000fff00000 Z03=ffffff00ff0000ff:0000ff0000000000 Z04=0000000000000000:fff0f00f00f00000 Z05=0000000000000000:00000c0000000000 Z06=0000000000000073:0000aaaaca8c73c0 Z07=0000000000000074:0000aaaaca8c4600 Z08=0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000 Z16=0000ffffccf6eba0:0000ffffccf6eba0 Z17=ffffff80ffffffd8:0000ffffccf6eb70 Z18=0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000