[ 42.494273][ T29] audit: type=1400 audit(42.430:68): avc: denied { read write } for pid=2975 comm="sftp-server" name="null" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 42.494984][ T29] audit: type=1400 audit(42.430:69): avc: denied { open } for pid=2975 comm="sftp-server" path="/dev/null" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 Warning: Permanently added '[localhost]:46958' (ED25519) to the list of known hosts. [ 85.544566][ T29] audit: type=1400 audit(85.480:70): avc: denied { execute } for pid=2984 comm="sh" name="syz-executor305473162" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 85.545546][ T29] audit: type=1400 audit(85.490:71): avc: denied { execute_no_trans } for pid=2984 comm="sh" path="/syz-executor305473162" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 86.288089][ T29] audit: type=1400 audit(86.230:72): avc: denied { execmem } for pid=2984 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 executing program [ 86.437993][ T29] audit: type=1400 audit(86.380:73): avc: denied { prog_load } for pid=2985 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 86.438643][ T29] audit: type=1400 audit(86.380:74): avc: denied { bpf } for pid=2985 comm="syz-executor305" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 86.439341][ T29] audit: type=1400 audit(86.380:75): avc: denied { perfmon } for pid=2985 comm="syz-executor305" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 86.476713][ T29] audit: type=1400 audit(86.420:76): avc: denied { prog_run } for pid=2985 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 86.477641][ T29] audit: type=1400 audit(86.420:77): avc: denied { map_create } for pid=2985 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 86.478705][ T29] audit: type=1400 audit(86.420:78): avc: denied { map_read map_write } for pid=2985 comm="syz-executor305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 86.500860][ T2985] 8<--- cut here --- [ 86.501714][ T2985] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read [ 86.501979][ T2985] [00000000] *pgd=843b7003, *pmd=fe1bc003 [ 86.503034][ T2985] Internal error: Oops: 207 [#1] PREEMPT SMP ARM [ 86.503612][ T2985] Modules linked in: [ 86.504718][ T2985] CPU: 0 PID: 2985 Comm: syz-executor305 Not tainted 6.7.0-rc8-syzkaller #0 [ 86.506085][ T2985] Hardware name: ARM-Versatile Express [ 86.506523][ T2985] PC is at __kmap_local_page_prot+0xc/0x74 [ 86.507729][ T2985] LR is at copy_page_to_iter+0xf8/0x184 [ 86.508003][ T2985] pc : [<8046aab0>] lr : [<807e0b68>] psr: 60000013 [ 86.508438][ T2985] sp : df959c20 ip : df959c30 fp : df959c2c [ 86.508921][ T2985] r10: 00000018 r9 : 828574e8 r8 : 00000000 [ 86.509193][ T2985] r7 : 00000000 r6 : 00000000 r5 : 00000000 r4 : 8455ec00 [ 86.509433][ T2985] r3 : 00c00000 r2 : 0000071f r1 : 00000000 r0 : 00000000 [ 86.509703][ T2985] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 86.509985][ T2985] Control: 30c5387d Table: 8433f6c0 DAC: fffffffd [ 86.510374][ T2985] Register r0 information: NULL pointer [ 86.510983][ T2985] Register r1 information: NULL pointer [ 86.511201][ T2985] Register r2 information: non-paged memory [ 86.511415][ T2985] Register r3 information: non-paged memory [ 86.511797][ T2985] Register r4 information: slab kmalloc-1k start 8455ec00 pointer offset 0 size 1024 [ 86.512631][ T2985] Register r5 information: NULL pointer [ 86.512835][ T2985] Register r6 information: NULL pointer [ 86.512990][ T2985] Register r7 information: NULL pointer [ 86.513228][ T2985] Register r8 information: NULL pointer [ 86.513474][ T2985] Register r9 information: non-slab/vmalloc memory [ 86.513863][ T2985] Register r10 information: non-paged memory [ 86.514052][ T2985] Register r11 information: 2-page vmalloc region starting at 0xdf958000 allocated at kernel_clone+0xac/0x41c [ 86.517248][ T2985] Register r12 information: 2-page vmalloc region starting at 0xdf958000 allocated at kernel_clone+0xac/0x41c [ 86.517614][ T2985] Process syz-executor305 (pid: 2985, stack limit = 0xdf958000) [ 86.518047][ T2985] Stack: (0xdf959c20 to 0xdf95a000) [ 86.518432][ T2985] 9c20: df959c64 df959c30 807e0b68 8046aab0 df959c54 df959ef0 8024c5d8 8455ec00 [ 86.518694][ T2985] 9c40: 8455ec00 00000000 00000000 00000000 00000041 00000018 df959cb4 df959c68 [ 86.518905][ T2985] 9c60: 813da83c 807e0a7c 00000000 8423cd40 83a75600 83a756d0 83eaf300 83a756d8 [ 86.519120][ T2985] 9c80: df959ef0 00000000 806d5054 83eaf300 00000041 83a75600 82e96000 00000000 [ 86.519334][ T2985] 9ca0: 00000000 00000000 df959d24 df959cb8 815f77dc 813da758 00000000 df959ee0 [ 86.519540][ T2985] 9cc0: 00000000 00000000 00000000 00000000 83eaf3a8 83a756ec 83eaf53c df959ee0 [ 86.519761][ T2985] 9ce0: df959ee0 830a6780 00000000 00000000 00000000 97d26d6f df959d24 815f768c [ 86.520226][ T2985] 9d00: 830a6780 20000d60 815f6ae4 00000000 00000000 df959d54 df959d44 df959d28 [ 86.520744][ T2985] 9d20: 815f6b1c 815f7698 00000000 830a6780 20000d40 df959ee0 df959e04 df959d48 [ 86.521218][ T2985] 9d40: 8134fd4c 815f6af0 00000000 00000000 00000001 00000000 00000000 00000000 [ 86.521691][ T2985] 9d60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 86.522092][ T2985] 9d80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 86.522286][ T2985] 9da0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 86.522492][ T2985] 9dc0: 00000000 00000000 00000000 00000000 00000000 97d26d6f 00000000 00000000 [ 86.522713][ T2985] 9de0: df959ee0 20000d60 00000000 830a6780 82e96000 00000002 df959e84 df959e08 [ 86.523295][ T2985] 9e00: 81352bdc 8134fc24 00000000 00000001 00000000 00000000 00000000 20000500 [ 86.523688][ T2985] 9e20: 00000041 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 86.524043][ T2985] 9e40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 97d26d6f [ 86.524567][ T2985] 9e60: df959e84 df959ec0 20000d60 00000001 00000000 00000000 df959f5c df959e88 [ 86.524896][ T2985] 9e80: 81352d04 81352b60 00000001 df959e98 8089202c 830a6780 00000000 00000000 [ 86.525118][ T2985] 9ea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 86.525351][ T2985] 9ec0: 00000000 00000000 0002eb00 00000000 00000000 00000000 2f2e0001 656c6966 [ 86.525715][ T2985] 9ee0: df959d54 00000000 00000000 00000000 00000000 00000000 20000500 00000041 [ 86.526147][ T2985] 9f00: 00000001 00000000 00000000 00000001 00000000 00000000 00000000 00000000 [ 86.526805][ T2985] 9f20: 00000000 00000000 00000176 97d26d6f 82e96000 00000003 20000d40 00000000 [ 86.527045][ T2985] 9f40: 00000000 00000002 82e96000 0000016d df959fa4 df959f60 813536d4 81352c1c [ 86.527255][ T2985] 9f60: 00000000 ffffffff 00000000 00000000 00000000 00000000 82e96000 97d26d6f [ 86.527451][ T2985] 9f80: df959fa4 00000000 00000000 0008e060 0000016d 80200288 00000000 df959fa8 [ 86.527664][ T2985] 9fa0: 80200060 8135361c 00000000 00000000 00000003 20000d40 00000002 00000000 [ 86.528116][ T2985] 9fc0: 00000000 00000000 0008e060 0000016d 0007107c 00000000 00000001 20000100 [ 86.528829][ T2985] 9fe0: 7ebf3c70 7ebf3c60 0001094c 0002eb00 00000010 00000003 00000000 00000000 [ 86.529326][ T2985] Backtrace: [ 86.529709][ T2985] [<8046aaa4>] (__kmap_local_page_prot) from [<807e0b68>] (copy_page_to_iter+0xf8/0x184) [ 86.530391][ T2985] [<807e0a70>] (copy_page_to_iter) from [<813da83c>] (sk_msg_recvmsg+0xf0/0x3cc) [ 86.530887][ T2985] r10:00000018 r9:00000041 r8:00000000 r7:00000000 r6:00000000 r5:8455ec00 [ 86.531150][ T2985] r4:8455ec00 [ 86.531295][ T2985] [<813da74c>] (sk_msg_recvmsg) from [<815f77dc>] (unix_bpf_recvmsg+0x150/0x444) [ 86.531650][ T2985] r10:00000000 r9:00000000 r8:00000000 r7:82e96000 r6:83a75600 r5:00000041 [ 86.532283][ T2985] r4:83eaf300 [ 86.532492][ T2985] [<815f768c>] (unix_bpf_recvmsg) from [<815f6b1c>] (unix_dgram_recvmsg+0x38/0x4c) [ 86.533125][ T2985] r10:df959d54 r9:00000000 r8:00000000 r7:815f6ae4 r6:20000d60 r5:830a6780 [ 86.533346][ T2985] r4:815f768c [ 86.533459][ T2985] [<815f6ae4>] (unix_dgram_recvmsg) from [<8134fd4c>] (____sys_recvmsg+0x134/0x158) [ 86.533771][ T2985] r4:df959ee0 [ 86.534101][ T2985] [<8134fc18>] (____sys_recvmsg) from [<81352bdc>] (___sys_recvmsg+0x88/0xbc) [ 86.534710][ T2985] r10:00000002 r9:82e96000 r8:830a6780 r7:00000000 r6:20000d60 r5:df959ee0 [ 86.535212][ T2985] r4:00000000 [ 86.535374][ T2985] [<81352b54>] (___sys_recvmsg) from [<81352d04>] (do_recvmmsg+0xf4/0x298) [ 86.535624][ T2985] r8:00000000 r7:00000000 r6:00000001 r5:20000d60 r4:df959ec0 [ 86.535796][ T2985] [<81352c10>] (do_recvmmsg) from [<813536d4>] (sys_recvmmsg_time32+0xc4/0xd8) [ 86.536158][ T2985] r10:0000016d r9:82e96000 r8:00000002 r7:00000000 r6:00000000 r5:20000d40 [ 86.536375][ T2985] r4:00000003 [ 86.536477][ T2985] [<81353610>] (sys_recvmmsg_time32) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 86.536786][ T2985] Exception stack(0xdf959fa8 to 0xdf959ff0) [ 86.537159][ T2985] 9fa0: 00000000 00000000 00000003 20000d40 00000002 00000000 [ 86.537401][ T2985] 9fc0: 00000000 00000000 0008e060 0000016d 0007107c 00000000 00000001 20000100 [ 86.537820][ T2985] 9fe0: 7ebf3c70 7ebf3c60 0001094c 0002eb00 [ 86.538193][ T2985] r8:80200288 r7:0000016d r6:0008e060 r5:00000000 r4:00000000 [ 86.538673][ T2985] Code: eaffffe8 e1a0c00d e92dd800 e24cb004 (e5901000) [ 86.584189][ T2985] ---[ end trace 0000000000000000 ]--- [ 86.584861][ T2985] Kernel panic - not syncing: Fatal exception [ 86.585375][ C1] CPU1: stopping [ 86.585951][ C1] CPU: 1 PID: 2802 Comm: klogd Tainted: G D 6.7.0-rc8-syzkaller #0 [ 86.586182][ C1] Hardware name: ARM-Versatile Express [ 86.586372][ C1] Backtrace: frame pointer underflow [ 86.587229][ C1] [<8183402c>] (dump_backtrace) from [<81834128>] (show_stack+0x18/0x1c) [ 86.588455][ C1] r7:00000014 r6:81b1055c r5:600001d3 r4:81fc0e84 [ 86.588525][ C1] [<81834110>] (show_stack) from [<818516ac>] (dump_stack_lvl+0x48/0x54) [ 86.588578][ C1] [<81851664>] (dump_stack_lvl) from [<818516d0>] (dump_stack+0x18/0x1c) [ 86.588619][ C1] r5:00000001 r4:00000004 [ 86.588628][ C1] [<818516b8>] (dump_stack) from [<8020fad8>] (do_handle_IPI+0x2ac/0x2d8) [ 86.588695][ C1] [<8020f82c>] (do_handle_IPI) from [<8020fb24>] (ipi_handler+0x20/0x28) [ 86.588806][ C1] r9:83ca9800 r8:df805f78 r7:00000014 r6:81b1055c r5:82c0cc80 r4:82c98d00 [ 86.588828][ C1] [<8020fb04>] (ipi_handler) from [<802c4734>] (handle_percpu_devid_irq+0x9c/0x2cc) [ 86.588882][ C1] [<802c4698>] (handle_percpu_devid_irq) from [<802bdec0>] (generic_handle_domain_irq+0x30/0x40) [ 86.588944][ C1] r10:00000000 r9:83ca9800 r8:00000000 r7:df80a00c r6:824b0c00 r5:df80a000 [ 86.588962][ C1] r4:8260cd28 r3:00010001 [ 86.588975][ C1] [<802bde90>] (generic_handle_domain_irq) from [<802011a4>] (gic_handle_irq+0x68/0x7c) [ 86.589022][ C1] [<8020113c>] (gic_handle_irq) from [<81851e70>] (generic_handle_arch_irq+0x60/0x80) [ 86.589091][ C1] r7:eb8f5d78 r6:821441fc r5:8217fa08 r4:824b2264 [ 86.589104][ C1] [<81851e10>] (generic_handle_arch_irq) from [<8180503c>] (call_with_stack+0x1c/0x20) [ 86.589165][ C1] r9:83ca9800 r8:83cdd200 r7:eb8f5dac r6:ffffffff r5:60000013 r4:8185e108 [ 86.589182][ C1] [<81805020>] (call_with_stack) from [<80200b64>] (__irq_svc+0x84/0xac) [ 86.589297][ C1] Exception stack(0xeb8f5d78 to 0xeb8f5dc0) [ 86.589443][ C1] 5d60: 83cdf9b4 837cdc00 [ 86.589487][ C1] 5d80: 00000000 00000000 83cdf9a8 837cdc00 83cdf9b4 83cdf900 83cdd200 eb8f5e98 [ 86.589511][ C1] 5da0: 00000000 eb8f5de4 eb8f5de8 eb8f5dc8 8135b658 8185e108 60000013 ffffffff [ 86.589555][ C1] [<8135b638>] (skb_queue_tail) from [<815f60b8>] (unix_dgram_sendmsg+0x518/0x9e8) [ 86.589624][ C1] r7:83cdf900 r6:00000044 r5:83055180 r4:83cdf900 [ 86.589637][ C1] [<815f5ba0>] (unix_dgram_sendmsg) from [<8134fefc>] (__sock_sendmsg+0x44/0x78) [ 86.589704][ C1] r10:00000121 r9:83ca9800 r8:00000003 r7:00000000 r6:83055180 r5:eb8f5e98 [ 86.589731][ C1] r4:00000000 [ 86.589743][ C1] [<8134feb8>] (__sock_sendmsg) from [<81352218>] (__sys_sendto+0x118/0x15c) [ 86.589799][ C1] r7:00000000 r6:83055180 r5:00004000 r4:00000000 [ 86.589814][ C1] [<81352100>] (__sys_sendto) from [<813522a0>] (sys_send+0x20/0x28) [ 86.589898][ C1] r8:80200288 r7:00000121 r6:76fd75a0 r5:76fd75a0 r4:00e781a8 [ 86.589908][ C1] [<81352280>] (sys_send) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 86.589952][ C1] Exception stack(0xeb8f5fa8 to 0xeb8f5ff0) [ 86.589981][ C1] 5fa0: 00e781a8 76fd75a0 00000003 00e7fd78 00000044 00004000 [ 86.590010][ C1] 5fc0: 00e781a8 76fd75a0 76fd75a0 00000121 00000000 00000013 76ea0e60 00e7fd7b [ 86.590030][ C1] 5fe0: 00000000 7ede1bc8 76e28460 76e2d918 [ 86.596156][ T2985] Rebooting in 86400 seconds.. VM DIAGNOSIS: 11:07:02 Registers: info registers vcpu 0 CPU#0 R00=df9598c4 R01=00000002 R02=82193275 R03=00000002 R04=00000002 R05=df9598c4 R06=00000003 R07=df959a3c R08=82193275 R09=df9598c4 R10=df959954 R11=df9598ac R12=df9598b0 R13=df959890 R14=8182f070 R15=81829950 PSR=60000193 -ZC- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000 info registers vcpu 1 CPU#1 R00=00000001 R01=81fc0e84 R02=0004a3a9 R03=8021b400 R04=82df5400 R05=8260c494 R06=00000001 R07=8260c4b8 R08=00000001 R09=00000000 R10=00000000 R11=df861f64 R12=df861f68 R13=df861f58 R14=80208c98 R15=8021b408 PSR=60000093 -ZC- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000