last executing test programs: 5.273002619s ago: executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) write$P9_RMKDIR(r0, &(0x7f0000001e80)={0x14}, 0x14) 5.152833909s ago: executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/custom1\x00', 0x1, 0x0) write$P9_RWALK(r0, 0x0, 0x0) 5.070562447s ago: executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, 0x0, 0x0) 4.982704254s ago: executing program 0: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000002c0)='ns/net\x00') ioctl$KDSKBLED(r0, 0x5450, 0x0) 4.896749043s ago: executing program 0: r0 = openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010000000000340200000200000008000100", @ANYRES32=r1], 0x1c}}, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan3\x00'}) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) read$nci(r0, 0x0, 0x0) read$nci(r0, 0x0, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000", @ANYRES16=r3, @ANYBLOB="01"], 0x14}}, 0x0) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000780), 0xffffffffffffffff) 3.708195308s ago: executing program 1: mknod(&(0x7f0000000040)='./bus\x00', 0x100000000805f, 0x2801) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) 3.46393936s ago: executing program 1: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000002c0)='ns/net\x00') ioctl$KDSKBLED(r0, 0x5450, 0x0) 3.147365889s ago: executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000240)="ea02000000010002", 0x8) 2.861558264s ago: executing program 1: r0 = socket$inet_icmp(0x2, 0x2, 0x1) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x8903, &(0x7f0000000000)={'sit0\x00', 0x0}) 2.580731229s ago: executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc12404cf378042f26c43f91f68d8a90767c0bc71f60877974475de3d78ef670efff3f7311209fb8cc158fa18f18591bb90dd1e0464d31ff30a7e5b227e08a2ee0643e735c3cd21b6e743176c8eefd41693bc94e6a2"], 0xfc}}, 0x0) 2.146086418s ago: executing program 1: write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0x44, 0x9, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000000240), 0x288, r0}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240), 0x0, 0x2, r0}, 0x38) 0s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)={@map=r2, r1, 0x5}, 0x10) r3 = socket(0x1, 0x3, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r2, &(0x7f0000000680), &(0x7f0000000080)=@udp6=r3}, 0x20) bind$unix(r3, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000380)) recvfrom(r3, &(0x7f0000000240)=""/3, 0x3, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000003c0), 0x4) r4 = socket(0x1, 0x3, 0x0) sendmmsg$unix(r4, &(0x7f0000000c80)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) kernel console output (not intermixed with test programs): [ 52.900888][ T31] audit: type=1400 audit(52.840:68): avc: denied { read write } for pid=2995 comm="sftp-server" name="null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 52.902398][ T31] audit: type=1400 audit(52.840:69): avc: denied { open } for pid=2995 comm="sftp-server" path="/dev/null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 Warning: Permanently added '[localhost]:8430' (ED25519) to the list of known hosts. [ 82.306550][ T31] audit: type=1400 audit(82.240:70): avc: denied { name_bind } for pid=2999 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 84.669174][ T31] audit: type=1400 audit(84.600:71): avc: denied { execute } for pid=3001 comm="sh" name="syz-fuzzer" dev="vda" ino=680 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 84.681015][ T31] audit: type=1400 audit(84.620:72): avc: denied { execute_no_trans } for pid=3001 comm="sh" path="/syz-fuzzer" dev="vda" ino=680 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 1970/01/01 00:01:32 fuzzer started [ 94.789156][ T31] audit: type=1400 audit(94.720:73): avc: denied { node_bind } for pid=3001 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 94.848856][ T31] audit: type=1400 audit(94.770:74): avc: denied { name_bind } for pid=3001 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 1970/01/01 00:01:34 dialing manager at localhost:30000 [ 95.981416][ T31] audit: type=1400 audit(95.920:75): avc: denied { mounton } for pid=3011 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 95.989037][ T31] audit: type=1400 audit(95.920:76): avc: denied { mount } for pid=3011 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 96.087946][ T31] audit: type=1400 audit(96.020:77): avc: denied { mounton } for pid=3012 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=683 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 96.099227][ T31] audit: type=1400 audit(96.030:78): avc: denied { mount } for pid=3012 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 96.108966][ T31] audit: type=1400 audit(96.040:79): avc: denied { setattr } for pid=3016 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 96.132895][ T3012] cgroup: Unknown subsys name 'net' [ 96.153036][ T31] audit: type=1400 audit(96.090:80): avc: denied { unmount } for pid=3012 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 96.313570][ T3012] cgroup: Unknown subsys name 'hugetlb' [ 96.316374][ T3012] cgroup: Unknown subsys name 'rlimit' [ 96.394188][ T3014] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 96.399497][ T31] audit: type=1400 audit(96.330:81): avc: denied { relabelto } for pid=3014 comm="mkswap" name="swap-file" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 96.401034][ T31] audit: type=1400 audit(96.330:82): avc: denied { write } for pid=3014 comm="mkswap" path="/swap-file" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 103.031262][ T3010] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 1970/01/01 00:01:42 starting 2 executor processes [ 103.175185][ T31] kauditd_printk_skb: 2 callbacks suppressed [ 103.175262][ T31] audit: type=1400 audit(103.110:85): avc: denied { execmem } for pid=3019 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 103.198795][ T31] audit: type=1400 audit(103.130:86): avc: denied { mounton } for pid=3021 comm="syz-executor.0" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 103.200320][ T31] audit: type=1400 audit(103.130:87): avc: denied { mount } for pid=3021 comm="syz-executor.0" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 103.200910][ T31] audit: type=1400 audit(103.130:88): avc: denied { read } for pid=3021 comm="syz-executor.0" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 103.201581][ T31] audit: type=1400 audit(103.130:89): avc: denied { open } for pid=3021 comm="syz-executor.0" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 103.202121][ T31] audit: type=1400 audit(103.130:90): avc: denied { mounton } for pid=3021 comm="syz-executor.0" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 103.213617][ T31] audit: type=1400 audit(103.150:91): avc: denied { module_request } for pid=3021 comm="syz-executor.0" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 103.289202][ T31] audit: type=1400 audit(103.230:92): avc: denied { sys_module } for pid=3021 comm="syz-executor.0" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 104.089735][ T31] audit: type=1400 audit(104.030:93): avc: denied { ioctl } for pid=3021 comm="syz-executor.0" path="/dev/net/tun" dev="devtmpfs" ino=691 ioctlcmd=0x54ca scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 105.318073][ T3022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.327921][ T3022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.348908][ T3021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.376253][ T3021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.469361][ T3021] hsr_slave_0: entered promiscuous mode [ 106.475326][ T3021] hsr_slave_1: entered promiscuous mode [ 106.579490][ T3022] hsr_slave_0: entered promiscuous mode [ 106.582858][ T3022] hsr_slave_1: entered promiscuous mode [ 106.584914][ T3022] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.585315][ T3022] Cannot create hsr debugfs directory [ 107.082473][ T31] audit: type=1400 audit(107.020:94): avc: denied { create } for pid=3022 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 107.094817][ T3022] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 107.107710][ T3022] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 107.116444][ T3022] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 107.134427][ T3022] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 107.218289][ T3021] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.230043][ T3021] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.241136][ T3021] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.253664][ T3021] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.985796][ T3022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.082226][ T3021] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.557776][ T3021] veth0_vlan: entered promiscuous mode [ 111.593737][ T3021] veth1_vlan: entered promiscuous mode [ 111.628807][ T3022] veth0_vlan: entered promiscuous mode [ 111.648369][ T3022] veth1_vlan: entered promiscuous mode [ 111.695138][ T3021] veth0_macvtap: entered promiscuous mode [ 111.714217][ T3021] veth1_macvtap: entered promiscuous mode [ 111.774227][ T3022] veth0_macvtap: entered promiscuous mode [ 111.802196][ T3021] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.803014][ T3021] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.803344][ T3021] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.805201][ T3021] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.819675][ T3022] veth1_macvtap: entered promiscuous mode [ 111.992009][ T3022] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.992512][ T3022] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.992826][ T3022] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.993117][ T3022] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.999471][ T31] kauditd_printk_skb: 2 callbacks suppressed [ 111.999600][ T31] audit: type=1400 audit(111.920:97): avc: denied { mounton } for pid=3021 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=779 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 112.024023][ T31] audit: type=1400 audit(111.960:98): avc: denied { mount } for pid=3021 comm="syz-executor.0" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 112.254864][ T31] audit: type=1400 audit(112.190:99): avc: denied { read write } for pid=3022 comm="syz-executor.1" name="loop1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 112.259534][ T31] audit: type=1400 audit(112.190:100): avc: denied { open } for pid=3022 comm="syz-executor.1" path="/dev/loop1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 112.264718][ T31] audit: type=1400 audit(112.190:101): avc: denied { ioctl } for pid=3022 comm="syz-executor.1" path="/dev/loop1" dev="devtmpfs" ino=636 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 112.395932][ T3704] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 114.325821][ T3712] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 118.426811][ T31] audit: type=1400 audit(118.360:102): avc: denied { prog_load } for pid=3713 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 118.427650][ T31] audit: type=1400 audit(118.360:103): avc: denied { bpf } for pid=3713 comm="syz-executor.0" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 118.429576][ T31] audit: type=1400 audit(118.360:104): avc: denied { create } for pid=3713 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 118.450388][ T31] audit: type=1400 audit(118.390:105): avc: denied { setopt } for pid=3713 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 118.462145][ T31] audit: type=1400 audit(118.400:106): avc: denied { map } for pid=3713 comm="syz-executor.0" path="socket:[2518]" dev="sockfs" ino=2518 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 118.463668][ T31] audit: type=1400 audit(118.400:107): avc: denied { read write } for pid=3713 comm="syz-executor.0" path="socket:[2518]" dev="sockfs" ino=2518 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 118.487227][ T31] audit: type=1400 audit(118.420:108): avc: denied { map_create } for pid=3713 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 118.613174][ T31] audit: type=1400 audit(118.550:109): avc: denied { map_read map_write } for pid=3715 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 118.632592][ T31] audit: type=1400 audit(118.570:110): avc: denied { perfmon } for pid=3715 comm="syz-executor.1" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 118.681511][ T31] audit: type=1400 audit(118.620:111): avc: denied { prog_run } for pid=3715 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 128.962748][ T31] kauditd_printk_skb: 2 callbacks suppressed [ 128.962798][ T31] audit: type=1400 audit(128.900:114): avc: denied { create } for pid=3725 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 129.000322][ T31] audit: type=1400 audit(128.940:115): avc: denied { create } for pid=3725 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 129.046157][ T31] audit: type=1400 audit(128.980:116): avc: denied { ioctl } for pid=3728 comm="syz-executor.0" path="socket:[1881]" dev="sockfs" ino=1881 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 129.291641][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x7 [ 129.292356][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.292835][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.293377][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.293827][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.294172][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.294509][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.294876][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.295273][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.295610][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.296080][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.296425][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.296833][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.297181][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.297512][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.297869][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.316799][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.317361][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.317762][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.318109][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.319317][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.319746][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.320245][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.320589][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.320967][ T49] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 129.325781][ T49] hid-generic 0000:0000:0000.0001: hidraw0: HID v200.02 Device [syz0] on syz0 [ 129.439540][ T31] audit: type=1400 audit(129.370:117): avc: denied { ioctl } for pid=3743 comm="syz-executor.0" path="net:[4026532661]" dev="nsfs" ino=4026532661 ioctlcmd=0x5450 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 129.481168][ T31] audit: type=1400 audit(129.410:118): avc: denied { create } for pid=3745 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 129.482892][ T31] audit: type=1400 audit(129.420:119): avc: denied { ioctl } for pid=3745 comm="syz-executor.1" path="socket:[1899]" dev="sockfs" ino=1899 ioctlcmd=0x8903 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 129.628921][ T31] audit: type=1400 audit(129.560:120): avc: denied { create } for pid=3756 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 129.633754][ T31] audit: type=1400 audit(129.570:121): avc: denied { write } for pid=3756 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 134.189962][ T3748] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 135.224894][ T3796] 8<--- cut here --- [ 135.225272][ T3796] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read [ 135.225593][ T3796] [00000000] *pgd=85083003, *pmd=fe75d003 [ 135.226617][ T3796] Internal error: Oops: 205 [#1] PREEMPT SMP ARM [ 135.227107][ T3796] Modules linked in: [ 135.227538][ T3796] CPU: 1 PID: 3796 Comm: syz-executor.0 Not tainted 6.10.0-rc5-syzkaller #0 [ 135.229956][ T3796] Hardware name: ARM-Versatile Express [ 135.230350][ T3796] PC is at __kmap_local_page_prot+0xc/0x74 [ 135.231286][ T3796] LR is at copy_page_to_iter+0xf8/0x184 [ 135.231533][ T3796] pc : [<80480f08>] lr : [<8080681c>] psr: 60000013 [ 135.231787][ T3796] sp : dfc85d40 ip : dfc85d50 fp : dfc85d4c [ 135.232007][ T3796] r10: 00000018 r9 : 8285f4e8 r8 : 00000000 [ 135.232233][ T3796] r7 : 00000000 r6 : 00000000 r5 : 00000000 r4 : 84fa0400 [ 135.232503][ T3796] r3 : 00c00000 r2 : 0000071f r1 : 00000000 r0 : 00000000 [ 135.232830][ T3796] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 135.233132][ T3796] Control: 30c5387d Table: 84d52980 DAC: 00000000 [ 135.233433][ T3796] Register r0 information: NULL pointer [ 135.234040][ T3796] Register r1 information: NULL pointer [ 135.234275][ T3796] Register r2 information: non-paged memory [ 135.234534][ T3796] Register r3 information: non-paged memory [ 135.234809][ T3796] Register r4 information: slab kmalloc-1k start 84fa0400 pointer offset 0 size 1024 [ 135.235634][ T3796] Register r5 information: NULL pointer [ 135.235866][ T3796] Register r6 information: NULL pointer [ 135.236085][ T3796] Register r7 information: NULL pointer [ 135.236303][ T3796] Register r8 information: NULL pointer [ 135.236539][ T3796] Register r9 information: non-slab/vmalloc memory [ 135.236874][ T3796] Register r10 information: non-paged memory [ 135.237100][ T3796] Register r11 information: 2-page vmalloc region starting at 0xdfc84000 allocated at kernel_clone+0xac/0x3e4 [ 135.237562][ T3796] Register r12 information: 2-page vmalloc region starting at 0xdfc84000 allocated at kernel_clone+0xac/0x3e4 [ 135.237963][ T3796] Process syz-executor.0 (pid: 3796, stack limit = 0xdfc84000) [ 135.269362][ T3796] Stack: (0xdfc85d40 to 0xdfc86000) [ 135.269862][ T3796] 5d40: dfc85d84 dfc85d50 8080681c 80480f08 dfc85d74 dfc85ea0 8024d2c4 84fa0400 [ 135.270260][ T3796] 5d60: 84fa0400 00000000 00000000 00000000 00000003 00000018 dfc85dd4 dfc85d88 [ 135.270668][ T3796] 5d80: 81461d18 80806730 40000013 84810f40 84e9a800 84e9a8e0 82fae100 84e9a8e8 [ 135.271026][ T3796] 5da0: dfc85ea0 00000000 dfc85dd4 82fae100 00000003 84e9a800 844b6c00 00000001 [ 135.277899][ T3796] 5dc0: 00000000 00000000 dfc85e44 dfc85dd8 81689714 81461c34 00000000 00000000 [ 135.279238][ T3796] 5de0: 00000000 84e9a8e0 84e9a8d0 7fffffff 82fae188 84e9a8fc 82fae334 dfc85e90 [ 135.286947][ T3796] 5e00: 00000000 844b6c00 802a4894 00000100 00000122 a67c91ba dfc85e90 816895c4 [ 135.288988][ T3796] 5e20: dfc85e90 84810f00 00000000 00000000 00000000 00000003 dfc85e64 dfc85e48 [ 135.294523][ T3796] 5e40: 8168845c 816895d0 00000000 00000000 00000000 81688424 dfc85e84 dfc85e68 [ 135.298544][ T3796] 5e60: 813d0ddc 81688430 00000000 00000000 84810f00 dfc85edc dfc85f8c dfc85e88 [ 135.301682][ T3796] 5e80: 813d384c 813d0d98 fffffff7 00000001 00000000 00000000 00000000 00000000 [ 135.308542][ T3796] 5ea0: 00000000 00000000 20000240 00000003 00000001 00000000 00000000 00000000 [ 135.309329][ T3796] 5ec0: 00000000 00000000 00000000 00000000 00000000 00000000 dfc85f04 00000000 [ 135.315563][ T3796] 5ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 135.319371][ T3796] 5f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 135.323650][ T3796] 5f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 135.328440][ T3796] 5f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 a67c91ba [ 135.332560][ T3796] 5f60: 8261c90c 00000000 00000000 001542d4 00000124 8020029c 844b6c00 00000124 [ 135.338521][ T3796] 5f80: dfc85fa4 dfc85f90 813d38e8 813d3790 00000000 00000000 00000000 dfc85fa8 [ 135.339617][ T3796] 5fa0: 80200060 813d38d8 00000000 00000000 00000005 20000240 00000003 00000000 [ 135.346011][ T3796] 5fc0: 00000000 00000000 001542d4 00000124 7ec3f336 7ec3f337 003d0f00 76b9a0fc [ 135.349575][ T3796] 5fe0: 76b99f08 76b99ef8 00016f30 000516d0 60000010 00000005 00000000 00000000 [ 135.353819][ T3796] Call trace: [ 135.358660][ T3796] [<80480efc>] (__kmap_local_page_prot) from [<8080681c>] (copy_page_to_iter+0xf8/0x184) [ 135.365180][ T3796] [<80806724>] (copy_page_to_iter) from [<81461d18>] (sk_msg_recvmsg+0xf0/0x3cc) [ 135.368956][ T3796] r10:00000018 r9:00000003 r8:00000000 r7:00000000 r6:00000000 r5:84fa0400 [ 135.372094][ T3796] r4:84fa0400 [ 135.376352][ T3796] [<81461c28>] (sk_msg_recvmsg) from [<81689714>] (unix_bpf_recvmsg+0x150/0x444) [ 135.378844][ T3796] r10:00000000 r9:00000000 r8:00000001 r7:844b6c00 r6:84e9a800 r5:00000003 [ 135.379194][ T3796] r4:82fae100 [ 135.379383][ T3796] [<816895c4>] (unix_bpf_recvmsg) from [<8168845c>] (unix_dgram_recvmsg+0x38/0x4c) [ 135.379801][ T3796] r10:00000003 r9:00000000 r8:00000000 r7:00000000 r6:84810f00 r5:dfc85e90 [ 135.380141][ T3796] r4:816895c4 [ 135.380314][ T3796] [<81688424>] (unix_dgram_recvmsg) from [<813d0ddc>] (sock_recvmsg+0x50/0x78) [ 135.381038][ T3796] r4:81688424 [ 135.385053][ T3796] [<813d0d8c>] (sock_recvmsg) from [<813d384c>] (__sys_recvfrom+0xc8/0x148) [ 135.388679][ T3796] r7:dfc85edc r6:84810f00 r5:00000000 r4:00000000 [ 135.390362][ T3796] [<813d3784>] (__sys_recvfrom) from [<813d38e8>] (sys_recvfrom+0x1c/0x24) [ 135.397093][ T3796] r10:00000124 r9:844b6c00 r8:8020029c r7:00000124 r6:001542d4 r5:00000000 [ 135.399228][ T3796] r4:00000000 [ 135.399508][ T3796] [<813d38cc>] (sys_recvfrom) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 135.404634][ T3796] Exception stack(0xdfc85fa8 to 0xdfc85ff0) [ 135.408359][ T3796] 5fa0: 00000000 00000000 00000005 20000240 00000003 00000000 [ 135.410317][ T3796] 5fc0: 00000000 00000000 001542d4 00000124 7ec3f336 7ec3f337 003d0f00 76b9a0fc [ 135.416773][ T3796] 5fe0: 76b99f08 76b99ef8 00016f30 000516d0 [ 135.419493][ T3796] Code: eaffffe8 e1a0c00d e92dd800 e24cb004 (e5901000) [ 135.494217][ T3796] ---[ end trace 0000000000000000 ]--- [ 135.495016][ T3796] Kernel panic - not syncing: Fatal exception [ 135.498954][ T3796] Rebooting in 86400 seconds.. VM DIAGNOSIS: 08:04:20 Registers: info registers vcpu 0 CPU#0 R00=00000000 R01=81fe14ac R02=00000001 R03=818f3f14 R04=826f5908 R05=826f5900 R06=00000028 R07=00000006 R08=826f5908 R09=00000000 R10=0000000a R11=df801e9c R12=df801ea0 R13=df801e90 R14=818f2ba8 R15=818f3f24 PSR=20000193 --C- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000 info registers vcpu 1 CPU#1 R00=00000001 R01=04aa04a9 R02=00000f01 R03=eb245030 R04=84259840 R05=00000001 R06=20000193 R07=00000f01 R08=82862298 R09=00000061 R10=60000193 R11=dfc859d4 R12=dfc85998 R13=dfc859b0 R14=818ff12c R15=809b1948 PSR=80000193 N--- A S svc32 s00=05ec76f0 s01=00000001 d00=0000000105ec76f0 s02=dea713f1 s03=00000000 d01=00000000dea713f1 s04=680558a1 s05=de683321 d02=de683321680558a1 s06=00000000 s07=00000000 d03=0000000000000000 s08=da0d50f0 s09=69ecbb21 d04=69ecbb21da0d50f0 s10=00000000 s11=00000000 d05=0000000000000000 s12=ffffffff s13=00000000 d06=00000000ffffffff s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=ae20c676 s21=94508ed4 d10=94508ed4ae20c676 s22=7229627e s23=00000000 d11=000000007229627e s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000