syzkaller login: [ 39.981456][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 39.982528][ T29] audit: type=1400 audit(39.900:68): avc: denied { read write } for pid=2969 comm="sftp-server" name="null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 40.003446][ T29] audit: type=1400 audit(39.920:69): avc: denied { open } for pid=2969 comm="sftp-server" path="/dev/null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 Warning: Permanently added '[localhost]:47325' (ED25519) to the list of known hosts. [ 85.520105][ T29] audit: type=1400 audit(85.450:70): avc: denied { execute } for pid=2978 comm="sh" name="syz-executor1640753585" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 85.520958][ T29] audit: type=1400 audit(85.450:71): avc: denied { execute_no_trans } for pid=2978 comm="sh" path="/syz-executor1640753585" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 85.935550][ T29] audit: type=1400 audit(85.860:72): avc: denied { execmem } for pid=2978 comm="syz-executor164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 86.138239][ T2979] 8<--- cut here --- [ 86.140881][ T2979] Unable to handle kernel NULL pointer dereference at virtual address 00000018 when write executing program [ 86.142693][ T2979] [00000018] *pgd=84363003, *pmd=fe701003 [ 86.162548][ T2979] Internal error: Oops: a07 [#1] PREEMPT SMP ARM [ 86.163901][ T2979] Modules linked in: [ 86.165041][ T2979] CPU: 1 PID: 2979 Comm: syz-executor164 Not tainted 6.8.0-rc5-syzkaller #0 [ 86.166616][ T2979] Hardware name: ARM-Versatile Express [ 86.167479][ T2979] PC is at do_pagemap_scan+0x29c/0x6c0 [ 86.170925][ T2979] LR is at do_pagemap_scan+0x268/0x6c0 [ 86.171532][ T2979] pc : [<8058c580>] lr : [<8058c54c>] psr: 20000013 [ 86.172546][ T2979] sp : df969dc8 ip : 00000000 fp : df969eb4 [ 86.173757][ T2979] r10: df969e00 r9 : 841c3000 r8 : 00000000 [ 86.173983][ T2979] r7 : 00000000 r6 : 00000000 r5 : 20ffb000 r4 : 840cb600 [ 86.174477][ T2979] r3 : 20ffc000 r2 : 00000000 r1 : 00000000 r0 : 00000010 [ 86.175553][ T2979] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 86.176775][ T2979] Control: 30c5387d Table: 84389ac0 DAC: 00000000 [ 86.178039][ T2979] Register r0 information: zero-size pointer [ 86.179990][ T2979] Register r1 information: NULL pointer [ 86.181143][ T2979] Register r2 information: NULL pointer [ 86.181667][ T2979] Register r3 information: non-paged memory [ 86.182785][ T2979] Register r4 information: slab mm_struct start 840cb600 pointer offset 0 size 712 [ 86.185642][ T2979] Register r5 information: non-paged memory [ 86.187035][ T2979] Register r6 information: NULL pointer [ 86.187362][ T2979] Register r7 information: NULL pointer [ 86.188776][ T2979] Register r8 information: NULL pointer [ 86.191234][ T2979] Register r9 information: slab task_struct start 841c3000 pointer offset 0 size 3072 [ 86.192908][ T2979] Register r10 information: 2-page vmalloc region starting at 0xdf968000 allocated at kernel_clone+0xac/0x3c8 [ 86.194673][ T2979] Register r11 information: 2-page vmalloc region starting at 0xdf968000 allocated at kernel_clone+0xac/0x3c8 [ 86.195290][ T2979] Register r12 information: NULL pointer [ 86.195682][ T2979] Process syz-executor164 (pid: 2979, stack limit = 0xdf968000) [ 86.196111][ T2979] Stack: (0xdf969dc8 to 0xdf96a000) [ 86.196420][ T2979] 9dc0: 00000000 00000000 10000000 20000200 00000001 00000000 [ 86.196703][ T2979] 9de0: 00000000 20ffb000 00000000 00000000 00000000 00000000 00000000 00000000 [ 86.197143][ T2979] 9e00: 00000060 00000000 00000000 00000000 20ffb000 00000000 20ffc000 00000000 [ 86.197499][ T2979] 9e20: 00000000 00000000 20000140 00000000 00000000 10000000 ffffffff 00000000 [ 86.197857][ T2979] 9e40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 86.198275][ T2979] 9e60: 00000000 00000000 00000010 00000000 00000000 00000000 20000140 00000000 [ 86.198595][ T2979] 9e80: c0606610 2da1a712 df969ea4 c0606610 00000000 842923c0 20000200 842923c0 [ 86.198887][ T2979] 9ea0: 00000003 841c3000 df969ec4 df969eb8 8058c9cc 8058c2f0 df969fa4 df969ec8 [ 86.199089][ T2979] 9ec0: 80501d88 8058c9b0 df969efc 804f74f8 82ed8000 2da1a712 00000000 82ed8000 [ 86.199278][ T2979] 9ee0: df969f58 00000003 ffffff9c 80200288 841c3000 00000142 df969f1c df969f08 [ 86.199535][ T2979] 9f00: 804f74f8 804a54a4 82ed8000 df969f58 df969f54 df969f20 804e6370 804f7480 [ 86.200943][ T2979] 9f20: 00000002 00000000 00000006 00000100 00000001 2da1a712 ffffff9c 7ec98c18 [ 86.201461][ T2979] 9f40: 00000000 00000142 df969fa4 df969f58 804e678c 804e62d4 00000002 00000000 [ 86.201791][ T2979] 9f60: 00000000 00000000 00000000 00000000 00000002 2da1a712 00000000 ffffffff [ 86.202880][ T2979] 9f80: 00000000 00000000 00000036 80200288 841c3000 00000036 00000000 df969fa8 [ 86.204328][ T2979] 9fa0: 80200060 80501c7c ffffffff 00000000 00000003 c0606610 20000200 00000000 [ 86.204942][ T2979] 9fc0: ffffffff 00000000 00000000 00000036 000f4240 00000000 00000001 00003a97 [ 86.205783][ T2979] 9fe0: 7ec98bf8 7ec98be8 000106ac 0002e810 00000010 00000003 00000000 00000000 [ 86.207731][ T2979] Backtrace: [ 86.209348][ T2979] [<8058c2e4>] (do_pagemap_scan) from [<8058c9cc>] (do_pagemap_cmd+0x28/0x34) [ 86.214560][ T2979] r10:841c3000 r9:00000003 r8:842923c0 r7:20000200 r6:842923c0 r5:00000000 [ 86.215413][ T2979] r4:c0606610 [ 86.215619][ T2979] [<8058c9a4>] (do_pagemap_cmd) from [<80501d88>] (sys_ioctl+0x118/0xb58) [ 86.217623][ T2979] [<80501c70>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 86.219115][ T2979] Exception stack(0xdf969fa8 to 0xdf969ff0) [ 86.219504][ T2979] 9fa0: ffffffff 00000000 00000003 c0606610 20000200 00000000 [ 86.221015][ T2979] 9fc0: ffffffff 00000000 00000000 00000036 000f4240 00000000 00000001 00003a97 [ 86.221614][ T2979] 9fe0: 7ec98bf8 7ec98be8 000106ac 0002e810 [ 86.222897][ T2979] r10:00000036 r9:841c3000 r8:80200288 r7:00000036 r6:00000000 r5:00000000 [ 86.224286][ T2979] r4:ffffffff [ 86.224864][ T2979] Code: e51b309c e51b208c e50b203c e3a02000 (e1c060f8) [ 86.234548][ T2979] ---[ end trace 0000000000000000 ]--- [ 86.261407][ T2979] Kernel panic - not syncing: Fatal exception [ 86.264974][ C0] CPU0: stopping [ 86.265300][ C0] CPU: 0 PID: 10 Comm: kworker/0:1 Tainted: G D 6.8.0-rc5-syzkaller #0 [ 86.265346][ C0] Hardware name: ARM-Versatile Express [ 86.265501][ C0] Workqueue: events bpf_prog_free_deferred [ 86.265633][ C0] Backtrace: frame pointer underflow [ 86.265706][ C0] [<8183648c>] (dump_backtrace) from [<81836588>] (show_stack+0x18/0x1c) [ 86.265788][ C0] r7:00000014 r6:81b0f9f0 r5:600001d3 r4:81fbd338 [ 86.265805][ C0] [<81836570>] (show_stack) from [<81853aa4>] (dump_stack_lvl+0x48/0x54) [ 86.265853][ C0] [<81853a5c>] (dump_stack_lvl) from [<81853ac8>] (dump_stack+0x18/0x1c) [ 86.265899][ C0] r5:00000000 r4:00000004 [ 86.265909][ C0] [<81853ab0>] (dump_stack) from [<8020fb78>] (do_handle_IPI+0x2ac/0x2d8) [ 86.265953][ C0] [<8020f8cc>] (do_handle_IPI) from [<8020fbc4>] (ipi_handler+0x20/0x28) [ 86.266004][ C0] r9:82e36c00 r8:df801f78 r7:00000014 r6:81b0f9f0 r5:82c0cc80 r4:82c96d00 [ 86.266016][ C0] [<8020fba4>] (ipi_handler) from [<802c4fc4>] (handle_percpu_devid_irq+0x9c/0x2cc) [ 86.266066][ C0] [<802c4f28>] (handle_percpu_devid_irq) from [<802be750>] (generic_handle_domain_irq+0x30/0x40) [ 86.266133][ C0] r10:00000000 r9:82e36c00 r8:00000000 r7:df80a00c r6:824b0bc0 r5:df80a000 [ 86.266152][ C0] r4:8260cd28 r3:00010000 [ 86.266163][ C0] [<802be720>] (generic_handle_domain_irq) from [<802011c4>] (gic_handle_irq+0x68/0x7c) [ 86.266204][ C0] [<8020115c>] (gic_handle_irq) from [<81854368>] (generic_handle_arch_irq+0x60/0x80) [ 86.266283][ C0] r7:df841d08 r6:8213c91c r5:82178534 r4:824b2224 [ 86.266294][ C0] [<81854308>] (generic_handle_arch_irq) from [<81806508>] (call_with_stack+0x1c/0x20) [ 86.266355][ C0] r9:82e36c00 r8:828a0c68 r7:df841d3c r6:ffffffff r5:80000113 r4:8021b36c [ 86.266368][ C0] [<818064ec>] (call_with_stack) from [<80200b84>] (__irq_svc+0x84/0xac) [ 86.266408][ C0] Exception stack(0xdf841d08 to 0xdf841d50) [ 86.266440][ C0] 1d00: a059f000 df959000 00000001 8021b354 7f00f000 82e36c00 [ 86.266472][ C0] 1d20: 7f00f000 00000000 828a0c68 8270dd5c 00000000 df841d84 df841d88 df841d58 [ 86.266495][ C0] 1d40: 80210b30 8021b36c 80000113 ffffffff [ 86.266514][ C0] [<80210acc>] (flush_tlb_kernel_range) from [<8048d7d0>] (__purge_vmap_area_lazy+0xc4/0x850) [ 86.266565][ C0] r4:df959000 [ 86.266577][ C0] [<8048d70c>] (__purge_vmap_area_lazy) from [<8048e1e4>] (_vm_unmap_aliases+0x288/0x2e4) [ 86.266629][ C0] r10:00000000 r9:df841e38 r8:00000000 r7:df841df0 r6:00000008 r5:ddde2340 [ 86.266643][ C0] r4:df841df0 [ 86.266654][ C0] [<8048df5c>] (_vm_unmap_aliases) from [<80491b5c>] (vfree+0x170/0x1e0) [ 86.266709][ C0] r10:82c16005 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:843bf0c0 [ 86.266724][ C0] r4:00000000 [ 86.266735][ C0] [<804919ec>] (vfree) from [<802ea424>] (module_memfree+0x30/0x50) [ 86.266793][ C0] r9:82e36c00 r8:00000000 r7:00000000 r6:82c16000 r5:00001000 r4:7f00f000 [ 86.266806][ C0] [<802ea3f4>] (module_memfree) from [<80388b64>] (bpf_jit_free_exec+0x10/0x14) [ 86.266853][ C0] r5:00001000 r4:df949000 [ 86.266864][ C0] [<80388b54>] (bpf_jit_free_exec) from [<80388d24>] (bpf_jit_free+0x68/0xe4) [ 86.266903][ C0] [<80388cbc>] (bpf_jit_free) from [<80389e04>] (bpf_prog_free_deferred+0x14c/0x164) [ 86.266945][ C0] r5:840db750 r4:840db400 [ 86.266956][ C0] [<80389cb8>] (bpf_prog_free_deferred) from [<80267028>] (process_one_work+0x19c/0x4a4) [ 86.267012][ C0] r7:dddd1280 r6:82c16000 r5:840db750 r4:82c0bc80 [ 86.267025][ C0] [<80266e8c>] (process_one_work) from [<80267570>] (worker_thread+0x240/0x48c) [ 86.267087][ C0] r10:61c88647 r9:82e36c00 r8:dddd12a0 r7:82604d40 r6:dddd1280 r5:82c0bcac [ 86.267102][ C0] r4:82c0bc80 [ 86.267112][ C0] [<80267330>] (worker_thread) from [<8026e84c>] (kthread+0x104/0x134) [ 86.267183][ C0] r10:00000000 r9:df839e90 r8:82cb67c0 r7:82c0bc80 r6:80267330 r5:82e36c00 [ 86.267198][ C0] r4:82cb65c0 [ 86.267210][ C0] [<8026e748>] (kthread) from [<80200104>] (ret_from_fork+0x14/0x30) [ 86.267249][ C0] Exception stack(0xdf841fb0 to 0xdf841ff8) [ 86.267274][ C0] 1fa0: 00000000 00000000 00000000 00000000 [ 86.267308][ C0] 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 86.267334][ C0] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 86.267361][ C0] r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026e748 r4:82cb65c0 [ 86.276196][ T2979] Rebooting in 86400 seconds.. VM DIAGNOSIS: 18:39:02 Registers: info registers vcpu 0 CPU#0 R00=9dc88000 R01=df959000 R02=00000001 R03=8021b354 R04=7f00f000 R05=82e36c00 R06=7f00f000 R07=00000000 R08=828a0c68 R09=8270dd5c R10=00000000 R11=df841d84 R12=df841d88 R13=df841d58 R14=80210b30 R15=8021b36c PSR=80000113 N--- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=76c1e507 s17=00000000 d08=0000000076c1e507 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=646aeb60 s33=c47ebff0 d16=c47ebff0646aeb60 s34=9bae3b6b s35=699b5978 d17=699b59789bae3b6b s36=e37983d7 s37=28d5243e d18=28d5243ee37983d7 s38=fc17e1b7 s39=5dd2fd42 d19=5dd2fd42fc17e1b7 s40=abe1dcbb s41=b7e991cd d20=b7e991cdabe1dcbb s42=49018306 s43=ba4e5aee d21=ba4e5aee49018306 s44=d8e9ef40 s45=e7d0350b d22=e7d0350bd8e9ef40 s46=f423e3b9 s47=ba19adf9 d23=ba19adf9f423e3b9 s48=00000001 s49=00000000 d24=0000000000000001 s50=00000000 s51=00000000 d25=0000000000000000 s52=5e43d1bb s53=b716fd61 d26=b716fd615e43d1bb s54=0b9270b8 s55=99f61d1f d27=99f61d1f0b9270b8 s56=0a0d51e3 s57=c8e64fe2 d28=c8e64fe20a0d51e3 s58=0ef66732 s59=0c98f770 d29=0c98f7700ef66732 s60=ac7d73fe s61=479d34fd d30=479d34fdac7d73fe s62=00000069 s63=00000068 d31=0000006800000069 FPSCR: 00000000 info registers vcpu 1 CPU#1 R00=827a5cc0 R01=841c2400 R02=00000056 R03=8185581c R04=82894380 R05=df965f68 R06=00003740 R07=00000000 R08=00003740 R09=841c2400 R10=0000019e R11=df965e9c R12=df965ea0 R13=df965e90 R14=8115a16c R15=8185582c PSR=60000013 -ZC- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=005227e9 s17=00000000 d08=00000000005227e9 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=646aeb60 s33=c47ebff0 d16=c47ebff0646aeb60 s34=9bae3b6b s35=699b5978 d17=699b59789bae3b6b s36=e37983d7 s37=28d5243e d18=28d5243ee37983d7 s38=fc17e1b7 s39=5dd2fd42 d19=5dd2fd42fc17e1b7 s40=abe1dcbb s41=b7e991cd d20=b7e991cdabe1dcbb s42=49018306 s43=ba4e5aee d21=ba4e5aee49018306 s44=d8e9ef40 s45=e7d0350b d22=e7d0350bd8e9ef40 s46=f423e3b9 s47=ba19adf9 d23=ba19adf9f423e3b9 s48=00000001 s49=00000000 d24=0000000000000001 s50=00000000 s51=00000000 d25=0000000000000000 s52=5e43d1bb s53=b716fd61 d26=b716fd615e43d1bb s54=0b9270b8 s55=99f61d1f d27=99f61d1f0b9270b8 s56=0a0d51e3 s57=c8e64fe2 d28=c8e64fe20a0d51e3 s58=0ef66732 s59=0c98f770 d29=0c98f7700ef66732 s60=ac7d73fe s61=479d34fd d30=479d34fdac7d73fe s62=00000069 s63=00000068 d31=0000006800000069 FPSCR: 00000000