[ 44.787529][ T30] audit: type=1400 audit(44.710:68): avc: denied { read write } for pid=2971 comm="sftp-server" name="null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 44.788690][ T30] audit: type=1400 audit(44.720:69): avc: denied { open } for pid=2971 comm="sftp-server" path="/dev/null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 Warning: Permanently added '[localhost]:37830' (ED25519) to the list of known hosts. [ 89.614383][ T30] audit: type=1400 audit(89.530:70): avc: denied { execute } for pid=2980 comm="sh" name="syz-executor723449691" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 89.645417][ T30] audit: type=1400 audit(89.570:71): avc: denied { execute_no_trans } for pid=2980 comm="sh" path="/syz-executor723449691" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 90.603223][ T30] audit: type=1400 audit(90.530:72): avc: denied { execmem } for pid=2980 comm="syz-executor723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 91.218939][ T3047] usercopy: Kernel memory overwrite attempt detected to SLUB object 'task_struct' (offset 80, size 116)! [ 91.220459][ T3047] ------------[ cut here ]------------ [ 91.220754][ T3047] kernel BUG at mm/usercopy.c:102! [ 91.221035][ T3047] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM [ 91.221595][ T3047] Modules linked in: [ 91.222168][ T3047] CPU: 1 PID: 3047 Comm: syz-executor723 Not tainted 6.8.0-rc1-syzkaller #0 [ 91.222501][ T3047] Hardware name: ARM-Versatile Express [ 91.223158][ T3047] PC is at usercopy_abort+0x98/0x9c [ 91.225236][ T3047] LR is at __wake_up_klogd.part.0+0x7c/0xac [ 91.225496][ T3047] pc : [<8183ba00>] lr : [<802b7f6c>] psr: 60000013 [ 91.225759][ T3047] sp : dfa0de40 ip : dfa0dd88 fp : dfa0de64 [ 91.225998][ T3047] r10: 0000001a r9 : 83e52400 r8 : 83e51850 [ 91.226229][ T3047] r7 : dde85340 r6 : 00000000 r5 : 00000074 r4 : 00000050 [ 91.226486][ T3047] r3 : 83e52400 r2 : 00000000 r1 : 00000000 r0 : 00000066 [ 91.226829][ T3047] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 91.227111][ T3047] Control: 30c5387d Table: 84580200 DAC: 00000000 [ 91.227383][ T3047] Register r0 information: non-paged memory [ 91.228025][ T3047] Register r1 information: NULL pointer [ 91.228244][ T3047] Register r2 information: NULL pointer [ 91.228416][ T3047] Register r3 information: slab task_struct start 83e52400 pointer offset 0 size 3072 [ 91.229369][ T3047] Register r4 information: non-paged memory [ 91.229602][ T3047] Register r5 information: non-paged memory [ 91.229807][ T3047] Register r6 information: NULL pointer [ 91.230027][ T3047] Register r7 information: non-slab/vmalloc memory [ 91.230348][ T3047] Register r8 information: slab task_struct start 83e51800 pointer offset 80 size 3072 [ 91.230738][ T3047] Register r9 information: slab task_struct start 83e52400 pointer offset 0 size 3072 [ 91.231103][ T3047] Register r10 information: non-paged memory [ 91.231325][ T3047] Register r11 information: 2-page vmalloc region starting at 0xdfa0c000 allocated at kernel_clone+0xac/0x3c8 [ 91.231830][ T3047] Register r12 information: 2-page vmalloc region starting at 0xdfa0c000 allocated at kernel_clone+0xac/0x3c8 [ 91.232224][ T3047] Process syz-executor723 (pid: 3047, stack limit = 0xdfa0c000) [ 91.232755][ T3047] Stack: (0xdfa0de40 to 0xdfa0e000) [ 91.233128][ T3047] de40: 81fd9e74 81fad508 81fc1c84 00000050 00000074 83e52400 dfa0de94 dfa0de68 [ 91.233417][ T3047] de60: 804a8f40 8183b974 00000074 dfa0de78 802162d4 83e51850 00000074 00000000 [ 91.233800][ T3047] de80: 83e518c4 dde85340 dfa0decc dfa0de98 804e1690 804a8e74 00000074 00000001 [ 91.234271][ T3047] dea0: dfa0debc 83e51850 00000074 00000001 00000000 00000000 83e52400 0000001a [ 91.234672][ T3047] dec0: dfa0def4 dfa0ded0 8020a0a0 804e14b0 dfa0def4 dfa0dee0 818600a0 8027b1bc [ 91.235004][ T3047] dee0: 00000000 0000000c dfa0df6c dfa0def8 8020a6dc 8020a01c 00000000 00000000 [ 91.235357][ T3047] df00: dfa0df1c dfa0df10 8185ff6c 80279930 dfa0df6c dfa0df20 8027f5a4 8185ff48 [ 91.235596][ T3047] df20: dfa0df54 00000000 8027b2dc 60000013 8180e410 81825248 dfa0df54 79ab5e58 [ 91.235818][ T3047] df40: 0000000f 83e51800 0000000f 79ab5e58 83e51800 0000000f 00000001 00000000 [ 91.236026][ T3047] df60: dfa0dfa4 dfa0df70 80253510 8020a3f4 802161a8 79ab5e58 00000000 00000000 [ 91.236252][ T3047] df80: 00000000 0008e050 0000001a 80200288 83e52400 0000001a 00000000 dfa0dfa8 [ 91.236479][ T3047] dfa0: 80200060 802532e4 00000000 00000000 0000000f 00000be8 00000001 00000000 [ 91.236682][ T3047] dfc0: 00000000 00000000 0008e050 0000001a 000f4240 00000000 7ea4ec84 00003a97 [ 91.236904][ T3047] dfe0: 7ea4ec70 7ea4ec60 00010638 0002e780 00000010 0000000f 00000000 00000000 [ 91.237258][ T3047] Backtrace: [ 91.237632][ T3047] [<8183b968>] (usercopy_abort) from [<804a8f40>] (__check_heap_object+0xd8/0xf4) [ 91.238173][ T3047] [<804a8e68>] (__check_heap_object) from [<804e1690>] (__check_object_size+0x1ec/0x30c) [ 91.238516][ T3047] r8:dde85340 r7:83e518c4 r6:00000000 r5:00000074 r4:83e51850 [ 91.238748][ T3047] [<804e14a4>] (__check_object_size) from [<8020a0a0>] (fpa_set+0x90/0xfc) [ 91.239023][ T3047] r10:0000001a r9:83e52400 r8:00000000 r7:00000000 r6:00000001 r5:00000074 [ 91.239288][ T3047] r4:83e51850 [ 91.239438][ T3047] [<8020a010>] (fpa_set) from [<8020a6dc>] (arch_ptrace+0x2f4/0x3e4) [ 91.239702][ T3047] r5:0000000c r4:00000000 [ 91.239835][ T3047] [<8020a3e8>] (arch_ptrace) from [<80253510>] (sys_ptrace+0x238/0x4dc) [ 91.240110][ T3047] r7:00000000 r6:00000001 r5:0000000f r4:83e51800 [ 91.240284][ T3047] [<802532d8>] (sys_ptrace) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 91.240554][ T3047] Exception stack(0xdfa0dfa8 to 0xdfa0dff0) [ 91.240744][ T3047] dfa0: 00000000 00000000 0000000f 00000be8 00000001 00000000 [ 91.240975][ T3047] dfc0: 00000000 00000000 0008e050 0000001a 000f4240 00000000 7ea4ec84 00003a97 [ 91.241194][ T3047] dfe0: 7ea4ec70 7ea4ec60 00010638 0002e780 [ 91.241450][ T3047] r10:0000001a r9:83e52400 r8:80200288 r7:0000001a r6:0008e050 r5:00000000 [ 91.241657][ T3047] r4:00000000 [ 91.242084][ T3047] Code: e3090e78 e34801fd e58dc000 ebfff35b (e7f001f2) [ 91.243107][ T3047] ---[ end trace 0000000000000000 ]--- [ 91.243603][ T3047] Kernel panic - not syncing: Fatal exception [ 91.244592][ C0] CPU0: stopping [ 91.244959][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G D 6.8.0-rc1-syzkaller #0 [ 91.245005][ C0] Hardware name: ARM-Versatile Express [ 91.245048][ C0] Backtrace: [ 91.245113][ C0] [<8183590c>] (dump_backtrace) from [<81835a08>] (show_stack+0x18/0x1c) [ 91.245253][ C0] r7:00000014 r6:81b0f95c r5:600001d3 r4:81fbd1b8 [ 91.245269][ C0] [<818359f0>] (show_stack) from [<81852efc>] (dump_stack_lvl+0x48/0x54) [ 91.245324][ C0] [<81852eb4>] (dump_stack_lvl) from [<81852f20>] (dump_stack+0x18/0x1c) [ 91.245373][ C0] r5:00000000 r4:00000004 [ 91.245384][ C0] [<81852f08>] (dump_stack) from [<8020fb78>] (do_handle_IPI+0x2ac/0x2d8) [ 91.245434][ C0] [<8020f8cc>] (do_handle_IPI) from [<8020fbc4>] (ipi_handler+0x20/0x28) [ 91.245491][ C0] r9:8261adc0 r8:82601e50 r7:00000014 r6:81b0f95c r5:82c0cc80 r4:82c96d00 [ 91.245504][ C0] [<8020fba4>] (ipi_handler) from [<802c5004>] (handle_percpu_devid_irq+0x9c/0x2cc) [ 91.245564][ C0] [<802c4f68>] (handle_percpu_devid_irq) from [<802be790>] (generic_handle_domain_irq+0x30/0x40) [ 91.245626][ C0] r10:00000000 r9:8261adc0 r8:00000000 r7:df80a00c r6:824b0bc0 r5:df80a000 [ 91.245643][ C0] r4:8260cd28 r3:00010001 [ 91.245652][ C0] [<802be760>] (generic_handle_domain_irq) from [<802011c4>] (gic_handle_irq+0x68/0x7c) [ 91.245693][ C0] [<8020115c>] (gic_handle_irq) from [<818537c0>] (generic_handle_arch_irq+0x60/0x80) [ 91.245751][ C0] r7:82601ed8 r6:8213c57c r5:82178100 r4:824b2224 [ 91.245761][ C0] [<81853760>] (generic_handle_arch_irq) from [<80200b74>] (__irq_svc+0x74/0xac) [ 91.245805][ C0] Exception stack(0x82601ed8 to 0x82601f20) [ 91.245836][ C0] 1ec0: 00000000 81fbd1b8 [ 91.245865][ C0] 1ee0: 00022534 00000001 8261adc0 8260c494 00000000 8260c4b8 00000000 00000000 [ 91.245894][ C0] 1f00: 00000000 82601f44 82601f18 82601f28 81854418 81854f24 20000013 ffffffff [ 91.245925][ C0] r9:8261adc0 r8:00000000 r7:82601f0c r6:ffffffff r5:20000013 r4:81854f24 [ 91.245937][ C0] [<81854ed8>] (default_idle_call) from [<8029858c>] (do_idle+0x268/0x2d0) [ 91.245990][ C0] r7:8260c4b8 r6:8261adc0 r5:8260c494 r4:00000000 [ 91.246001][ C0] [<80298324>] (do_idle) from [<80298928>] (cpu_startup_entry+0x30/0x34) [ 91.246053][ C0] r10:8284f000 r9:8261a8b0 r8:820cdb2c r7:00000000 r6:8260c440 r5:82625e94 [ 91.246066][ C0] r4:000000e9 [ 91.246077][ C0] [<802988f8>] (cpu_startup_entry) from [<8185522c>] (rest_init+0xdc/0xe0) [ 91.246118][ C0] [<81855150>] (rest_init) from [<82400bc4>] (arch_post_acpi_subsys_init+0x0/0x20) [ 91.246172][ C0] [<82400bb4>] (arch_call_rest_init) from [<8240129c>] (start_kernel+0x688/0x6ac) [ 91.246209][ C0] [<82400c14>] (start_kernel) from [<00000000>] (0x0) [ 91.253507][ T3047] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:18:11 Registers: info registers vcpu 0 CPU#0 R00=00000000 R01=81fbd1b8 R02=00022521 R03=8021b420 R04=8261adc0 R05=8260c494 R06=00000000 R07=8260c4b8 R08=00000000 R09=00000000 R10=00000000 R11=82601f24 R12=82601f28 R13=82601f18 R14=80208ce8 R15=8021b428 PSR=60000093 -ZC- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=004d27e9 s17=00000000 d08=00000000004d27e9 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=7ab90c5e s33=8e38f2c3 d16=8e38f2c37ab90c5e s34=0640addc s35=ebf00e06 d17=ebf00e060640addc s36=11f9cf88 s37=3300b065 d18=3300b06511f9cf88 s38=98cfb1b5 s39=5f7512c4 d19=5f7512c498cfb1b5 s40=3c075dbc s41=dc23384a d20=dc23384a3c075dbc s42=9658f12c s43=4948139b d21=4948139b9658f12c s44=e3fc14ce s45=714e8336 d22=714e8336e3fc14ce s46=49ecbfc4 s47=388895f5 d23=388895f549ecbfc4 s48=00000001 s49=00000000 d24=0000000000000001 s50=00000000 s51=00000000 d25=0000000000000000 s52=5e43d1bb s53=b716fd61 d26=b716fd615e43d1bb s54=0b9270b8 s55=99f61d1f d27=99f61d1f0b9270b8 s56=0a0d51e3 s57=c8e64fe2 d28=c8e64fe20a0d51e3 s58=0ef66732 s59=0c98f770 d29=0c98f7700ef66732 s60=ac7d73fe s61=479d34fd d30=479d34fdac7d73fe s62=00000069 s63=00000068 d31=0000006800000069 FPSCR: 00000000 info registers vcpu 1 CPU#1 R00=00000018 R01=00000000 R02=00000000 R03=83e52400 R04=dfa0dc4d R05=dfa0dc4c R06=81fa7543 R07=8183ba00 R08=81fa7543 R09=dfa0dbbc R10=dfa0dc4c R11=dfa0db54 R12=fffffff9 R13=dfa0d898 R14=dfa0d786 R15=8182caa0 PSR=60000093 -ZC- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=004d27e9 s17=00000000 d08=00000000004d27e9 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=7ab90c5e s33=8e38f2c3 d16=8e38f2c37ab90c5e s34=0640addc s35=ebf00e06 d17=ebf00e060640addc s36=11f9cf88 s37=3300b065 d18=3300b06511f9cf88 s38=98cfb1b5 s39=5f7512c4 d19=5f7512c498cfb1b5 s40=3c075dbc s41=dc23384a d20=dc23384a3c075dbc s42=9658f12c s43=4948139b d21=4948139b9658f12c s44=e3fc14ce s45=714e8336 d22=714e8336e3fc14ce s46=49ecbfc4 s47=388895f5 d23=388895f549ecbfc4 s48=00000001 s49=00000000 d24=0000000000000001 s50=00000000 s51=00000000 d25=0000000000000000 s52=5e43d1bb s53=b716fd61 d26=b716fd615e43d1bb s54=0b9270b8 s55=99f61d1f d27=99f61d1f0b9270b8 s56=0a0d51e3 s57=c8e64fe2 d28=c8e64fe20a0d51e3 s58=0ef66732 s59=0c98f770 d29=0c98f7700ef66732 s60=ac7d73fe s61=479d34fd d30=479d34fdac7d73fe s62=00000069 s63=00000068 d31=0000006800000069 FPSCR: 00000000