[ 36.944311][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 36.944362][ T29] audit: type=1400 audit(36.900:68): avc: denied { read write } for pid=2969 comm="sftp-server" name="null" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 36.945011][ T29] audit: type=1400 audit(36.900:69): avc: denied { open } for pid=2969 comm="sftp-server" path="/dev/null" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 Warning: Permanently added '[localhost]:23448' (ED25519) to the list of known hosts. [ 83.940229][ T29] audit: type=1400 audit(83.880:70): avc: denied { execute } for pid=2978 comm="sh" name="syz-executor1901752604" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 83.940970][ T29] audit: type=1400 audit(83.890:71): avc: denied { execute_no_trans } for pid=2978 comm="sh" path="/syz-executor1901752604" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 84.651857][ T29] audit: type=1400 audit(84.610:72): avc: denied { execmem } for pid=2978 comm="syz-executor190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 85.342674][ T3083] usercopy: Kernel memory overwrite attempt detected to SLUB object 'task_struct' (offset 80, size 116)! [ 85.344029][ T3083] ------------[ cut here ]------------ [ 85.344304][ T3083] kernel BUG at mm/usercopy.c:102! [ 85.344558][ T3083] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM [ 85.345057][ T3083] Modules linked in: [ 85.345553][ T3083] CPU: 0 PID: 3083 Comm: syz-executor190 Not tainted 6.6.0-rc6-syzkaller #0 [ 85.345937][ T3083] Hardware name: ARM-Versatile Express [ 85.346507][ T3083] PC is at usercopy_abort+0x98/0x9c [ 85.348261][ T3083] LR is at __wake_up_klogd.part.0+0x7c/0xac [ 85.348504][ T3083] pc : [<818257cc>] lr : [<802b69ac>] psr: 60000013 [ 85.348741][ T3083] sp : dfa59e48 ip : dfa59d90 fp : dfa59e6c [ 85.348949][ T3083] r10: 0000001a r9 : 84531780 r8 : 84532390 [ 85.349161][ T3083] r7 : dde94ac0 r6 : 00000000 r5 : 00000074 r4 : 00000050 [ 85.349503][ T3083] r3 : 84531780 r2 : 00000000 r1 : 00000000 r0 : 00000066 [ 85.351166][ T3083] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 85.351432][ T3083] Control: 30c5387d Table: 8442c2c0 DAC: fffffffd [ 85.351737][ T3083] Register r0 information: non-paged memory [ 85.352279][ T3083] Register r1 information: NULL pointer [ 85.352500][ T3083] Register r2 information: NULL pointer [ 85.352695][ T3083] Register r3 information: slab task_struct start 84531780 pointer offset 0 size 3008 [ 85.353769][ T3083] Register r4 information: non-paged memory [ 85.353987][ T3083] Register r5 information: non-paged memory [ 85.354196][ T3083] Register r6 information: NULL pointer [ 85.354394][ T3083] Register r7 information: non-slab/vmalloc memory [ 85.354702][ T3083] Register r8 information: slab task_struct start 84532340 pointer offset 80 size 3008 [ 85.355075][ T3083] Register r9 information: slab task_struct start 84531780 pointer offset 0 size 3008 [ 85.355431][ T3083] Register r10 information: non-paged memory [ 85.355646][ T3083] Register r11 information: 2-page vmalloc region starting at 0xdfa58000 allocated at kernel_clone+0xac/0x424 [ 85.356068][ T3083] Register r12 information: 2-page vmalloc region starting at 0xdfa58000 allocated at kernel_clone+0xac/0x424 [ 85.356457][ T3083] Process syz-executor190 (pid: 3083, stack limit = 0xdfa58000) [ 85.356953][ T3083] Stack: (0xdfa59e48 to 0xdfa5a000) [ 85.357261][ T3083] 9e40: 81fd069c 81fa5b28 81fba240 00000050 00000074 84531780 [ 85.357530][ T3083] 9e60: dfa59e9c dfa59e70 804b2fd8 81825740 00000074 dfa59e80 802162b4 84532390 [ 85.357779][ T3083] 9e80: 00000074 00000000 84532404 dde94ac0 dfa59ed4 dfa59ea0 804d1e68 804b2f0c [ 85.358002][ T3083] 9ea0: 00000074 00000000 dfa59ec4 84532390 00000074 00000000 00000000 00000000 [ 85.358227][ T3083] 9ec0: 84531780 0000001a dfa59efc dfa59ed8 80209f08 804d1c88 84532340 ddde5640 [ 85.358482][ T3083] 9ee0: dfa59f04 dfa59ef0 00000000 0000000c dfa59f74 dfa59f00 8020a544 80209e84 [ 85.358731][ T3083] 9f00: 00000000 00000000 84532340 00008008 dfa59f2c dfa59f20 81849880 80278ea8 [ 85.358979][ T3083] 9f20: dfa59f74 dfa59f30 8027ea10 8184985c 8027a84c 60000013 817f951c 8180ecb4 [ 85.359197][ T3083] 9f40: dfa59f5c 4f4e6812 0000000f 84532340 0000000f 4f4e6812 84532340 0000000f [ 85.359543][ T3083] 9f60: 00000000 00000000 dfa59fa4 dfa59f78 802528c0 8020a25c 00000000 4f4e6812 [ 85.359972][ T3083] 9f80: 00000000 00000000 0008e050 0000001a 80200288 84531780 00000000 dfa59fa8 [ 85.360251][ T3083] 9fa0: 80200060 80252690 00000000 00000000 0000000f 00000c0c 00000000 00000000 [ 85.360510][ T3083] 9fc0: 00000000 00000000 0008e050 0000001a 000f4240 00000000 7ef9bc84 00003a97 [ 85.360757][ T3083] 9fe0: 7ef9bc70 7ef9bc60 00010638 0002e780 00000010 0000000f 00000000 00000000 [ 85.361084][ T3083] Backtrace: [ 85.361414][ T3083] [<81825734>] (usercopy_abort) from [<804b2fd8>] (__check_heap_object+0xd8/0xf4) [ 85.361979][ T3083] [<804b2f00>] (__check_heap_object) from [<804d1e68>] (__check_object_size+0x1ec/0x30c) [ 85.362338][ T3083] r8:dde94ac0 r7:84532404 r6:00000000 r5:00000074 r4:84532390 [ 85.362565][ T3083] [<804d1c7c>] (__check_object_size) from [<80209f08>] (fpa_set+0x90/0xfc) [ 85.362874][ T3083] r10:0000001a r9:84531780 r8:00000000 r7:00000000 r6:00000000 r5:00000074 [ 85.363112][ T3083] r4:84532390 [ 85.363247][ T3083] [<80209e78>] (fpa_set) from [<8020a544>] (arch_ptrace+0x2f4/0x3e4) [ 85.363525][ T3083] r5:0000000c r4:00000000 [ 85.363683][ T3083] [<8020a250>] (arch_ptrace) from [<802528c0>] (sys_ptrace+0x23c/0x4c0) [ 85.363994][ T3083] r7:00000000 r6:00000000 r5:0000000f r4:84532340 [ 85.364198][ T3083] [<80252684>] (sys_ptrace) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 85.364498][ T3083] Exception stack(0xdfa59fa8 to 0xdfa59ff0) [ 85.364700][ T3083] 9fa0: 00000000 00000000 0000000f 00000c0c 00000000 00000000 [ 85.364966][ T3083] 9fc0: 00000000 00000000 0008e050 0000001a 000f4240 00000000 7ef9bc84 00003a97 [ 85.365215][ T3083] 9fe0: 7ef9bc70 7ef9bc60 00010638 0002e780 [ 85.365417][ T3083] r9:84531780 r8:80200288 r7:0000001a r6:0008e050 r5:00000000 r4:00000000 [ 85.365990][ T3083] Code: e30006a0 e34801fd e58dc000 ebfff341 (e7f001f2) [ 85.366910][ T3083] ---[ end trace 0000000000000000 ]--- [ 85.367380][ T3083] Kernel panic - not syncing: Fatal exception [ 85.367895][ C1] CPU1: stopping [ 85.368225][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D 6.6.0-rc6-syzkaller #0 [ 85.368303][ C1] Hardware name: ARM-Versatile Express [ 85.368348][ C1] Backtrace: frame pointer underflow [ 85.368423][ C1] [<8181f400>] (dump_backtrace) from [<8181f4fc>] (show_stack+0x18/0x1c) [ 85.368522][ C1] r7:00000014 r6:81b10738 r5:600001d3 r4:81fb57a0 [ 85.368535][ C1] [<8181f4e4>] (show_stack) from [<8183c824>] (dump_stack_lvl+0x48/0x54) [ 85.368586][ C1] [<8183c7dc>] (dump_stack_lvl) from [<8183c848>] (dump_stack+0x18/0x1c) [ 85.368638][ C1] r5:00000001 r4:00000004 [ 85.368649][ C1] [<8183c830>] (dump_stack) from [<8020fab8>] (do_handle_IPI+0x2ac/0x2d8) [ 85.368697][ C1] [<8020f80c>] (do_handle_IPI) from [<8020fb04>] (ipi_handler+0x20/0x28) [ 85.368754][ C1] r9:82df5240 r8:df805f78 r7:00000014 r6:81b10738 r5:82c0cc80 r4:82c96d00 [ 85.368765][ C1] [<8020fae4>] (ipi_handler) from [<802c36f4>] (handle_percpu_devid_irq+0x9c/0x2cc) [ 85.368812][ C1] [<802c3658>] (handle_percpu_devid_irq) from [<802bcd20>] (generic_handle_domain_irq+0x30/0x40) [ 85.368874][ C1] r10:00000000 r9:82df5240 r8:00000000 r7:df80a00c r6:824b0c00 r5:df80a000 [ 85.368892][ C1] r4:8260cdf0 r3:00010001 [ 85.368902][ C1] [<802bccf0>] (generic_handle_domain_irq) from [<80894794>] (gic_handle_irq+0x68/0x7c) [ 85.368947][ C1] [<8089472c>] (gic_handle_irq) from [<8183cfe8>] (generic_handle_arch_irq+0x60/0x80) [ 85.369004][ C1] r7:df861f18 r6:82137308 r5:821724e8 r4:824b2264 [ 85.369016][ C1] [<8183cf88>] (generic_handle_arch_irq) from [<817f0a7c>] (call_with_stack+0x1c/0x20) [ 85.369077][ C1] r9:82df5240 r8:00000001 r7:df861f4c r6:ffffffff r5:20000113 r4:8183e74c [ 85.369088][ C1] [<817f0a60>] (call_with_stack) from [<80200b64>] (__irq_svc+0x84/0xac) [ 85.369126][ C1] Exception stack(0xdf861f18 to 0xdf861f60) [ 85.369149][ C1] 1f00: 00000001 81fb57a0 [ 85.369176][ C1] 1f20: 00038d1c 00000001 82df5240 8260c494 00000001 8260c4dc 00000001 00000000 [ 85.369204][ C1] 1f40: 00000000 df861f84 df861f58 df861f68 8183dc44 8183e74c 20000113 ffffffff [ 85.369218][ C1] [<8183e700>] (default_idle_call) from [<8029706c>] (do_idle+0x268/0x2d0) [ 85.369273][ C1] r7:8260c4dc r6:82df5240 r5:8260c494 r4:00000001 [ 85.369284][ C1] [<80296e04>] (do_idle) from [<80297408>] (cpu_startup_entry+0x30/0x34) [ 85.369343][ C1] r10:00000000 r9:411fd070 r8:80003010 r7:82854464 r6:82df5240 r5:00000001 [ 85.369357][ C1] r4:00000097 [ 85.369367][ C1] [<802973d8>] (cpu_startup_entry) from [<8021003c>] (secondary_start_kernel+0x128/0x180) [ 85.369413][ C1] [<8020ff14>] (secondary_start_kernel) from [<802015b4>] (__enable_mmu+0x0/0xc) [ 85.369470][ C1] r7:82854464 r6:30c0387d r5:00000000 r4:82cb5c80 [ 85.376280][ T3083] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:32:23 Registers: info registers vcpu 0 CPU#0 R00=00000000 R01=dfa59868 R02=dfa59864 R03=80200000 R04=818257cc R05=dfa5985c R06=dfa598b2 R07=dfa59868 R08=dfa59864 R09=dfa59bc4 R10=dfa59860 R11=dfa5984c R12=dfa59850 R13=dfa59818 R14=8031590c R15=803157d8 PSR=20000093 --C- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=00000003 s17=7ebbfaf0 d08=7ebbfaf000000003 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000 info registers vcpu 1 CPU#1 R00=00000001 R01=81fb57a0 R02=00038d09 R03=8021b3e0 R04=82df5240 R05=8260c494 R06=00000001 R07=8260c4dc R08=00000001 R09=00000000 R10=00000000 R11=df861f64 R12=df861f68 R13=df861f58 R14=80208b78 R15=8021b3e8 PSR=60000193 -ZC- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=005827e9 s17=00000000 d08=00000000005827e9 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=0511d59a s33=667e81e8 d16=667e81e80511d59a s34=0ee16639 s35=e47d6d63 d17=e47d6d630ee16639 s36=f66a1b60 s37=9c0f3979 d18=9c0f3979f66a1b60 s38=e714b32f s39=c72c57ed d19=c72c57ede714b32f s40=2d1d9938 s41=b0e94f02 d20=b0e94f022d1d9938 s42=1503151d s43=a43ec554 d21=a43ec5541503151d s44=754c4696 s45=07951fad d22=07951fad754c4696 s46=534d284c s47=6c1ac315 d23=6c1ac315534d284c s48=00000001 s49=00000000 d24=0000000000000001 s50=00000000 s51=00000000 d25=0000000000000000 s52=5e43d1bb s53=b716fd61 d26=b716fd615e43d1bb s54=0b9270b8 s55=99f61d1f d27=99f61d1f0b9270b8 s56=0a0d51e3 s57=c8e64fe2 d28=c8e64fe20a0d51e3 s58=0ef66732 s59=0c98f770 d29=0c98f7700ef66732 s60=ac7d73fe s61=479d34fd d30=479d34fdac7d73fe s62=00000069 s63=00000068 d31=0000006800000069 FPSCR: 00000000