Warning: Permanently added '[localhost]:18543' (ECDSA) to the list of known hosts. [ 225.842291][ T26] audit: type=1400 audit(225.560:58): avc: denied { execute } for pid=3078 comm="sh" name="syz-fuzzer" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 225.844716][ T26] audit: type=1400 audit(225.560:59): avc: denied { execute_no_trans } for pid=3078 comm="sh" path="/syz-fuzzer" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 1970/01/01 00:03:46 fuzzer started 1970/01/01 00:03:49 connecting to host at localhost:37219 1970/01/01 00:03:49 checking machine... 1970/01/01 00:03:49 checking revisions... [ 231.101603][ T26] audit: type=1400 audit(230.820:60): avc: denied { getattr } for pid=3078 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 231.106861][ T26] audit: type=1400 audit(230.830:61): avc: denied { read } for pid=3078 comm="syz-fuzzer" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 231.108985][ T26] audit: type=1400 audit(230.830:62): avc: denied { open } for pid=3078 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 231.207483][ T26] audit: type=1400 audit(230.930:63): avc: denied { read } for pid=3078 comm="syz-fuzzer" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 231.209907][ T26] audit: type=1400 audit(230.930:64): avc: denied { open } for pid=3078 comm="syz-fuzzer" path="/dev/raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 1970/01/01 00:03:50 testing simple program... [ 231.373733][ T26] audit: type=1400 audit(231.090:65): avc: denied { mounton } for pid=3087 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1737 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 231.380533][ T26] audit: type=1400 audit(231.100:66): avc: denied { mount } for pid=3087 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 231.409205][ T3087] cgroup: Unknown subsys name 'net' [ 231.430021][ T26] audit: type=1400 audit(231.150:67): avc: denied { unmount } for pid=3087 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 231.821556][ T3087] cgroup: Unknown subsys name 'rlimit' [ 232.193506][ T26] audit: type=1400 audit(231.910:68): avc: denied { setattr } for pid=3087 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 232.738040][ T3090] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 232.741816][ T26] audit: type=1400 audit(232.460:69): avc: denied { relabelto } for pid=3090 comm="mkswap" name="swap-file" dev="vda" ino=1740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 232.838453][ T3087] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 232.870515][ T3086] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=3086 'syz-fuzzer' [ 233.070741][ T3091] ================================================================================ [ 233.071150][ T3091] UBSAN: array-index-out-of-bounds in kernel/pid.c:244:15 [ 233.071456][ T3091] index 1 is out of range for type 'upid [1]' [ 233.071961][ T3091] CPU: 1 PID: 3091 Comm: syz-executor.0 Not tainted 6.4.0-syzkaller-02492-g6a8cbd9253ab #0 [ 233.072323][ T3091] Hardware name: linux,dummy-virt (DT) [ 233.073010][ T3091] Call trace: [ 233.073502][ T3091] dump_backtrace+0x9c/0x11c [ 233.074117][ T3091] show_stack+0x18/0x24 [ 233.074567][ T3091] dump_stack_lvl+0xac/0xd4 [ 233.075222][ T3091] dump_stack+0x1c/0x28 [ 233.075384][ T3091] __ubsan_handle_out_of_bounds+0xb0/0xe8 [ 233.075603][ T3091] alloc_pid+0x918/0xaf0 [ 233.075770][ T3091] copy_process+0x2fd4/0x57c0 [ 233.075969][ T3091] kernel_clone+0x12c/0x754 [ 233.076125][ T3091] __do_sys_clone+0xa4/0xe0 [ 233.076279][ T3091] __arm64_sys_clone+0xa4/0xfc [ 233.076431][ T3091] invoke_syscall+0x6c/0x260 [ 233.076642][ T3091] el0_svc_common.constprop.0+0xc4/0x244 [ 233.076809][ T3091] do_el0_svc_compat+0x40/0x70 [ 233.076981][ T3091] el0_svc_compat+0x4c/0x134 [ 233.077154][ T3091] el0t_32_sync_handler+0x90/0x140 [ 233.077308][ T3091] el0t_32_sync+0x194/0x198 [ 233.078824][ T3091] ================================================================================ [ 233.079181][ T3091] ================================================================================ [ 233.079416][ T3091] UBSAN: array-index-out-of-bounds in kernel/pid.c:245:15 [ 233.079623][ T3091] index 1 is out of range for type 'upid [1]' [ 233.079820][ T3091] CPU: 1 PID: 3091 Comm: syz-executor.0 Not tainted 6.4.0-syzkaller-02492-g6a8cbd9253ab #0 [ 233.080022][ T3091] Hardware name: linux,dummy-virt (DT) [ 233.080171][ T3091] Call trace: [ 233.080301][ T3091] dump_backtrace+0x9c/0x11c [ 233.080470][ T3091] show_stack+0x18/0x24 [ 233.080677][ T3091] dump_stack_lvl+0xac/0xd4 [ 233.080892][ T3091] dump_stack+0x1c/0x28 [ 233.081115][ T3091] __ubsan_handle_out_of_bounds+0xb0/0xe8 [ 233.081296][ T3091] alloc_pid+0x93c/0xaf0 [ 233.081444][ T3091] copy_process+0x2fd4/0x57c0 [ 233.081594][ T3091] kernel_clone+0x12c/0x754 [ 233.081809][ T3091] __do_sys_clone+0xa4/0xe0 [ 233.082000][ T3091] __arm64_sys_clone+0xa4/0xfc [ 233.082167][ T3091] invoke_syscall+0x6c/0x260 [ 233.082318][ T3091] el0_svc_common.constprop.0+0xc4/0x244 [ 233.082587][ T3091] do_el0_svc_compat+0x40/0x70 [ 233.082833][ T3091] el0_svc_compat+0x4c/0x134 [ 233.083005][ T3091] el0t_32_sync_handler+0x90/0x140 [ 233.083161][ T3091] el0t_32_sync+0x194/0x198 [ 233.083935][ T3091] ================================================================================ [ 233.084520][ T3091] ================================================================================ [ 233.085142][ T3091] UBSAN: array-index-out-of-bounds in ./include/linux/pid.h:156:20 [ 233.085357][ T3091] index 1 is out of range for type 'upid [1]' [ 233.085546][ T3091] CPU: 1 PID: 3091 Comm: syz-executor.0 Not tainted 6.4.0-syzkaller-02492-g6a8cbd9253ab #0 [ 233.085812][ T3091] Hardware name: linux,dummy-virt (DT) [ 233.085979][ T3091] Call trace: [ 233.086159][ T3091] dump_backtrace+0x9c/0x11c [ 233.086324][ T3091] show_stack+0x18/0x24 [ 233.086472][ T3091] dump_stack_lvl+0x74/0xd4 [ 233.086653][ T3091] dump_stack+0x1c/0x28 [ 233.086800][ T3091] __ubsan_handle_out_of_bounds+0xb0/0xe8 [ 233.087013][ T3091] copy_process+0x4d24/0x57c0 [ 233.087169][ T3091] kernel_clone+0x12c/0x754 [ 233.087318][ T3091] __do_sys_clone+0xa4/0xe0 [ 233.087465][ T3091] __arm64_sys_clone+0xa4/0xfc [ 233.087686][ T3091] invoke_syscall+0x6c/0x260 [ 233.087838][ T3091] el0_svc_common.constprop.0+0xc4/0x244 [ 233.088005][ T3091] do_el0_svc_compat+0x40/0x70 [ 233.088159][ T3091] el0_svc_compat+0x4c/0x134 [ 233.088309][ T3091] el0t_32_sync_handler+0x90/0x140 [ 233.088520][ T3091] el0t_32_sync+0x194/0x198 [ 233.088848][ T3091] ================================================================================ [ 233.089183][ T3091] ================================================================================ [ 233.089465][ T3091] UBSAN: array-index-out-of-bounds in ./include/linux/pid.h:168:21 [ 233.089737][ T3091] index 1 is out of range for type 'upid [1]' [ 233.089991][ T3091] CPU: 1 PID: 3091 Comm: syz-executor.0 Not tainted 6.4.0-syzkaller-02492-g6a8cbd9253ab #0 [ 233.090308][ T3091] Hardware name: linux,dummy-virt (DT) [ 233.090537][ T3091] Call trace: [ 233.090799][ T3091] dump_backtrace+0x9c/0x11c [ 233.091088][ T3091] show_stack+0x18/0x24 [ 233.091352][ T3091] dump_stack_lvl+0x74/0xd4 [ 233.091698][ T3091] dump_stack+0x1c/0x28 [ 233.092020][ T3091] __ubsan_handle_out_of_bounds+0xb0/0xe8 [ 233.092294][ T3091] copy_process+0x49d8/0x57c0 [ 233.092650][ T3091] kernel_clone+0x12c/0x754 [ 233.092867][ T3091] __do_sys_clone+0xa4/0xe0 [ 233.093135][ T3091] __arm64_sys_clone+0xa4/0xfc [ 233.093566][ T3091] invoke_syscall+0x6c/0x260 [ 233.093776][ T3091] el0_svc_common.constprop.0+0xc4/0x244 [ 233.094083][ T3091] do_el0_svc_compat+0x40/0x70 [ 233.094340][ T3091] el0_svc_compat+0x4c/0x134 [ 233.094605][ T3091] el0t_32_sync_handler+0x90/0x140 [ 233.094942][ T3091] el0t_32_sync+0x194/0x198 [ 233.095251][ T3091] ================================================================================ [ 233.095603][ T3091] ================================================================================ [ 233.095852][ T3091] UBSAN: array-index-out-of-bounds in ./include/linux/pid.h:156:20 [ 233.096116][ T3091] index 1 is out of range for type 'upid [1]' [ 233.096376][ T3091] CPU: 1 PID: 3091 Comm: syz-executor.0 Not tainted 6.4.0-syzkaller-02492-g6a8cbd9253ab #0 [ 233.096718][ T3091] Hardware name: linux,dummy-virt (DT) [ 233.096992][ T3091] Call trace: [ 233.097227][ T3091] dump_backtrace+0x9c/0x11c [ 233.097527][ T3091] show_stack+0x18/0x24 [ 233.097768][ T3091] dump_stack_lvl+0x74/0xd4 [ 233.098046][ T3091] dump_stack+0x1c/0x28 [ 233.098317][ T3091] __ubsan_handle_out_of_bounds+0xb0/0xe8 [ 233.098643][ T3091] copy_process+0x49f8/0x57c0 [ 233.098931][ T3091] kernel_clone+0x12c/0x754 [ 233.099172][ T3091] __do_sys_clone+0xa4/0xe0 [ 233.099447][ T3091] __arm64_sys_clone+0xa4/0xfc [ 233.099714][ T3091] invoke_syscall+0x6c/0x260 [ 233.100000][ T3091] el0_svc_common.constprop.0+0xc4/0x244 [ 233.100277][ T3091] do_el0_svc_compat+0x40/0x70 [ 233.100564][ T3091] el0_svc_compat+0x4c/0x134 [ 233.100834][ T3091] el0t_32_sync_handler+0x90/0x140 [ 233.101130][ T3091] el0t_32_sync+0x194/0x198 [ 233.101465][ T3091] ================================================================================ [ 233.103817][ T3091] ================================================================================ [ 233.104193][ T3091] UBSAN: array-index-out-of-bounds in kernel/pid.c:112:19 [ 233.104357][ T3092] ================================================================================ [ 233.104824][ T3091] index 1 is out of range for type 'upid [1]' [ 233.105006][ T3091] CPU: 1 PID: 3091 Comm: syz-executor.0 Not tainted 6.4.0-syzkaller-02492-g6a8cbd9253ab #0 [ 233.105314][ T3092] UBSAN: array-index-out-of-bounds in ./include/linux/pid.h:156:20 [ 233.105442][ T3092] index 1 is out of range for type 'upid [1]' [ 233.105659][ T3091] Hardware name: linux,dummy-virt (DT) [ 233.105728][ T3091] Call trace: [ 233.106848][ T3091] dump_backtrace+0x9c/0x11c [ 233.107091][ T3091] show_stack+0x18/0x24 [ 233.107325][ T3091] dump_stack_lvl+0xac/0xd4 [ 233.107596][ T3091] dump_stack+0x1c/0x28 [ 233.107849][ T3091] __ubsan_handle_out_of_bounds+0xb0/0xe8 [ 233.108143][ T3091] put_pid.part.0+0x140/0x14c [ 233.108392][ T3091] put_pid+0x14/0x24 [ 233.108685][ T3091] kernel_clone+0x200/0x754 [ 233.108948][ T3091] __do_sys_clone+0xa4/0xe0 [ 233.109209][ T3091] __arm64_sys_clone+0xa4/0xfc [ 233.109474][ T3091] invoke_syscall+0x6c/0x260 [ 233.109778][ T3091] el0_svc_common.constprop.0+0xc4/0x244 [ 233.110041][ T3091] do_el0_svc_compat+0x40/0x70 [ 233.110297][ T3091] el0_svc_compat+0x4c/0x134 [ 233.110559][ T3091] el0t_32_sync_handler+0x90/0x140 [ 233.110819][ T3091] el0t_32_sync+0x194/0x198 [ 233.111138][ T3091] ================================================================================ [ 233.111201][ T3092] CPU: 0 PID: 3092 Comm: syz-executor.0 Not tainted 6.4.0-syzkaller-02492-g6a8cbd9253ab #0 [ 233.111400][ T3092] Hardware name: linux,dummy-virt (DT) [ 233.111468][ T3092] Call trace: [ 233.112406][ T3092] dump_backtrace+0x9c/0x11c [ 233.113025][ T3092] show_stack+0x18/0x24 [ 233.113554][ T3092] dump_stack_lvl+0xac/0xd4 [ 233.113963][ T3092] dump_stack+0x1c/0x28 [ 233.114333][ T3092] __ubsan_handle_out_of_bounds+0xb0/0xe8 [ 233.114868][ T3092] __task_pid_nr_ns+0x3a0/0x3ac [ 233.115340][ T3092] schedule_tail+0xf4/0x170 [ 233.115726][ T3092] ret_from_fork+0x4/0x20 [ 233.117054][ T3092] ================================================================================ [ 233.159392][ T3092] ================================================================================ [ 233.160161][ T3092] UBSAN: array-index-out-of-bounds in ./include/linux/pid.h:156:20 [ 233.160774][ T3092] index 1 is out of range for type 'upid [1]' [ 233.161259][ T3092] CPU: 0 PID: 3092 Comm: syz-executor.0 Not tainted 6.4.0-syzkaller-02492-g6a8cbd9253ab #0 [ 233.161830][ T3092] Hardware name: linux,dummy-virt (DT) [ 233.162226][ T3092] Call trace: [ 233.162702][ T3092] dump_backtrace+0x9c/0x11c [ 233.163213][ T3092] show_stack+0x18/0x24 [ 233.163665][ T3092] dump_stack_lvl+0xac/0xd4 [ 233.164105][ T3092] dump_stack+0x1c/0x28 [ 233.164498][ T3092] __ubsan_handle_out_of_bounds+0xb0/0xe8 [ 233.165043][ T3092] pid_vnr+0x1c0/0x1f4 [ 233.165445][ T3092] ksys_setsid+0x6c/0x280 [ 233.165796][ T3092] __arm64_sys_setsid+0x10/0x20 [ 233.166167][ T3092] invoke_syscall+0x6c/0x260 [ 233.166509][ T3092] el0_svc_common.constprop.0+0xc4/0x244 [ 233.166878][ T3092] do_el0_svc_compat+0x40/0x70 [ 233.167278][ T3092] el0_svc_compat+0x4c/0x134 [ 233.167707][ T3092] el0t_32_sync_handler+0x90/0x140 [ 233.168108][ T3092] el0t_32_sync+0x194/0x198 [ 233.169583][ T3092] ================================================================================ executing program executing program [ 237.784728][ T3092] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.801676][ T3092] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link executing program [ 240.286178][ T3092] hsr_slave_0: entered promiscuous mode [ 240.328751][ T3092] hsr_slave_1: entered promiscuous mode [ 241.416680][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 241.416751][ T26] audit: type=1400 audit(241.140:79): avc: denied { create } for pid=3092 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 241.422043][ T26] audit: type=1400 audit(241.140:80): avc: denied { write } for pid=3092 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 241.428530][ T26] audit: type=1400 audit(241.150:81): avc: denied { read } for pid=3092 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 241.431492][ T3092] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 241.524069][ T3092] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 241.626884][ T3092] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 241.705334][ T3092] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program [ 244.300870][ T3092] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.396845][ T3088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.418605][ T3088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready executing program [ 245.821018][ T894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.829190][ T894] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.862515][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 245.870887][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.913556][ T3088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 245.947343][ T3088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 246.041297][ T3088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 246.045260][ T3088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 246.074449][ T3088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 246.078495][ T3088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 246.116737][ T3092] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 246.906577][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 246.907549][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program [ 249.525726][ T3088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 249.546729][ T3088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 251.027775][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 251.031847][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 251.045050][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 251.049586][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 251.107930][ T3092] veth0_vlan: entered promiscuous mode [ 251.154994][ T3092] veth1_vlan: entered promiscuous mode executing program [ 251.350114][ T894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 251.358385][ T894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 251.390938][ T3092] veth0_macvtap: entered promiscuous mode [ 251.439875][ T3092] veth1_macvtap: entered promiscuous mode [ 251.549011][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 251.556628][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 251.570613][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 251.599966][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 251.658999][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 251.670572][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 251.705955][ T3092] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.707385][ T3092] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.707909][ T3092] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.708396][ T3092] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.881342][ T26] audit: type=1400 audit(251.600:82): avc: denied { mounton } for pid=3092 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=1517 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 251.921851][ T26] audit: type=1400 audit(251.640:83): avc: denied { mount } for pid=3092 comm="syz-executor.0" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 252.003888][ T3092] ================================================================================ [ 252.004742][ T3092] UBSAN: array-index-out-of-bounds in ./include/linux/pid.h:156:20 [ 252.005035][ T3092] index 1 is out of range for type 'upid [1]' [ 252.005327][ T3092] CPU: 0 PID: 3092 Comm: syz-executor.0 Not tainted 6.4.0-syzkaller-02492-g6a8cbd9253ab #0 [ 252.005737][ T3092] Hardware name: linux,dummy-virt (DT) [ 252.005970][ T3092] Call trace: [ 252.006221][ T3092] dump_backtrace+0x9c/0x11c [ 252.006538][ T3092] show_stack+0x18/0x24 [ 252.006846][ T3092] dump_stack_lvl+0xac/0xd4 [ 252.007130][ T3092] dump_stack+0x1c/0x28 [ 252.007419][ T3092] __ubsan_handle_out_of_bounds+0xb0/0xe8 [ 252.007713][ T3092] find_task_by_vpid+0xdc/0xe8 [ 252.007965][ T3092] cgroup_procs_write_start+0x27c/0x450 [ 252.008326][ T3092] __cgroup_procs_write+0xd4/0x57c [ 252.008619][ T3092] cgroup_procs_write+0x1c/0x34 [ 252.008888][ T3092] cgroup_file_write+0x218/0x5ac [ 252.009125][ T3092] kernfs_fop_write_iter+0x264/0x3c4 [ 252.009361][ T3092] vfs_write+0x4d0/0x758 [ 252.009601][ T3092] ksys_write+0xe8/0x1cc [ 252.009893][ T3092] __arm64_sys_write+0x6c/0x9c [ 252.010183][ T3092] invoke_syscall+0x6c/0x260 [ 252.010436][ T3092] el0_svc_common.constprop.0+0xc4/0x244 [ 252.010682][ T3092] do_el0_svc_compat+0x40/0x70 [ 252.010891][ T3092] el0_svc_compat+0x4c/0x134 [ 252.011189][ T3092] el0t_32_sync_handler+0x90/0x140 [ 252.011507][ T3092] el0t_32_sync+0x194/0x198 [ 252.011803][ T3092] ================================================================================ [ 252.250230][ T26] audit: type=1400 audit(251.970:84): avc: denied { read write } for pid=3092 comm="syz-executor.0" name="loop0" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 252.266692][ T26] audit: type=1400 audit(251.970:85): avc: denied { open } for pid=3092 comm="syz-executor.0" path="/dev/loop0" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 252.267863][ T26] audit: type=1400 audit(251.970:86): avc: denied { ioctl } for pid=3092 comm="syz-executor.0" path="/dev/loop0" dev="devtmpfs" ino=640 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 252.574541][ T3160] ================================================================================ [ 252.575996][ T3160] UBSAN: array-index-out-of-bounds in ./include/linux/pid.h:156:20 [ 252.576382][ T3160] index 1 is out of range for type 'upid [1]' [ 252.576826][ T3160] CPU: 1 PID: 3160 Comm: syz-executor.0 Not tainted 6.4.0-syzkaller-02492-g6a8cbd9253ab #0 [ 252.577267][ T3160] Hardware name: linux,dummy-virt (DT) [ 252.577625][ T3160] Call trace: [ 252.577930][ T3160] dump_backtrace+0x9c/0x11c [ 252.578313][ T3160] show_stack+0x18/0x24 [ 252.578664][ T3160] dump_stack_lvl+0xac/0xd4 [ 252.579031][ T3160] dump_stack+0x1c/0x28 [ 252.579948][ T3160] __ubsan_handle_out_of_bounds+0xb0/0xe8 [ 252.580250][ T3160] task_active_pid_ns+0xc0/0xcc [ 252.580535][ T3160] copy_process+0x180/0x57c0 [ 252.580883][ T3160] kernel_clone+0x12c/0x754 [ 252.581150][ T3160] __do_sys_clone+0xa4/0xe0 [ 252.581416][ T3160] __arm64_sys_clone+0xa4/0xfc [ 252.581711][ T3160] invoke_syscall+0x6c/0x260 [ 252.581980][ T3160] el0_svc_common.constprop.0+0xc4/0x244 [ 252.582287][ T3160] do_el0_svc_compat+0x40/0x70 [ 252.582643][ T3160] el0_svc_compat+0x4c/0x134 [ 252.582896][ T3160] el0t_32_sync_handler+0x90/0x140 [ 252.583194][ T3160] el0t_32_sync+0x194/0x198 [ 252.605122][ T3160] ================================================================================ 1970/01/01 00:04:12 building call list... [ 253.521345][ T1088] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.794280][ T1088] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.072190][ T1088] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 254.235949][ T1088] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.919746][ T26] audit: type=1400 audit(254.640:87): avc: denied { read } for pid=2931 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 256.944535][ T1088] hsr_slave_0: left promiscuous mode [ 256.995864][ T1088] hsr_slave_1: left promiscuous mode executing program [ 257.226844][ T1088] veth1_macvtap: left promiscuous mode [ 257.228371][ T1088] veth0_macvtap: left promiscuous mode [ 257.229332][ T1088] veth1_vlan: left promiscuous mode [ 257.230190][ T1088] veth0_vlan: left promiscuous mode [ 259.572260][ T1088] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 259.664331][ T1088] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 260.047315][ T1088] bond0 (unregistering): Released all slaves executing program [ 261.602432][ T26] audit: type=1400 audit(261.320:88): avc: denied { read } for pid=3078 comm="syz-fuzzer" name="fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 261.618724][ T26] audit: type=1400 audit(261.340:89): avc: denied { open } for pid=3078 comm="syz-fuzzer" path="/dev/fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 261.904421][ T26] audit: type=1400 audit(261.630:90): avc: denied { read } for pid=3078 comm="syz-fuzzer" name="autofs" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 261.906412][ T26] audit: type=1400 audit(261.630:91): avc: denied { open } for pid=3078 comm="syz-fuzzer" path="/dev/autofs" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 261.928510][ T26] audit: type=1400 audit(261.650:92): avc: denied { read } for pid=3078 comm="syz-fuzzer" name="cachefiles" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 261.931438][ T26] audit: type=1400 audit(261.650:93): avc: denied { open } for pid=3078 comm="syz-fuzzer" path="/dev/cachefiles" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 261.960712][ T3086] damon-dbgfs: DAMON debugfs interface is deprecated, so users should move to DAMON_SYSFS. If you cannot, please report your usecase to damon@lists.linux.dev and linux-mm@kvack.org. [ 261.980927][ T26] audit: type=1400 audit(261.700:94): avc: denied { read } for pid=3078 comm="syz-fuzzer" name="renderD128" dev="devtmpfs" ino=619 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 261.986252][ T26] audit: type=1400 audit(261.700:95): avc: denied { open } for pid=3078 comm="syz-fuzzer" path="/dev/dri/renderD128" dev="devtmpfs" ino=619 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 262.100534][ T26] audit: type=1400 audit(261.820:96): avc: denied { read } for pid=3078 comm="syz-fuzzer" name="fb0" dev="devtmpfs" ino=622 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 262.110941][ T26] audit: type=1400 audit(261.830:97): avc: denied { open } for pid=3078 comm="syz-fuzzer" path="/dev/fb0" dev="devtmpfs" ino=622 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 VM DIAGNOSIS: 23:41:05 Registers: info registers vcpu 0 PC=ffff800084b596d4 X00=ffff800084b596d0 X01=ffff800083653fd0 X02=0000000000000000 X03=1fffe0000d5209d9 X04=00000000f204f1f1 X05=ffff700010000f98 X06=dfff800000000000 X07=00000000f1f1f1f1 X08=ffff8000862cdc00 X09=0000000000000000 X10=0000000000000007 X11=1ffff00010c59b78 X12=0000000000000000 X13=00000000f3f3f300 X14=0000000000000001 X15=1ffff00010000f74 X16=ffff800080000000 X17=ffff7fffe46bb000 X18=0000000000000002 X19=ffff8000864be240 X20=000000000000b2fa X21=000000000000b2fa X22=ffff8000864be248 X23=ffff8000803a14e8 X24=dfff800000000000 X25=0000003604471000 X26=0000000000000001 X27=00000000000000c0 X28=dfff800000000000 X29=ffff800080007d30 X30=ffff800083653fe8 SP=ffff800080007d30 PSTATE=600000c5 -ZC- EL1h FPCR=00000000 FPSR=00000010 Q00=0000000000000000:0000000000000000 Q01=0000000000000000:414e6d1800000000 Q02=ae366ac3565118aa:00e0631803f0ce1d Q03=0000000040000000:0000000000000000 Q04=4010040140100401:4000000000000000 Q05=4010040140100401:4010040140100401 Q06=5555400000400000:5555400000400000 Q07=0000000000000000:0000000000000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000010:000000348d576230 Q31=0000000000000000:0000000000000000 info registers vcpu 1 PC=ffff8000803c1e80 X00=0000000000000007 X01=0000000000000000 X02=0000000000000000 X03=1ffff00010b80d1d X04=0000000000000000 X05=0000000000000000 X06=0000000000000007 X07=dfff800000000000 X08=1ffff000112fadf7 X09=0000000041b58ab3 X10=1ffff00010bae966 X11=00000000f2f2f200 X12=ffff7000112fae97 X13=00000000f3f3f300 X14=0000000000000000 X15=1ffff000112fae40 X16=0000000000000000 X17=0000000000000000 X18=000000000000145c X19=ffff800085acc327 X20=0000000000000000 X21=00000000000000a4 X22=dfff800000000000 X23=ffff8000897d6c90 X24=ffff80008598b148 X25=ffff8000897d6cb0 X26=00000000ffffffff X27=ffff8000897d74b1 X28=ffff8000897d76d0 X29=ffff8000897d6b80 X30=ffff8000803c3160 SP=ffff8000897d6b80 PSTATE=100000c5 ---V EL1h FPCR=00000000 FPSR=00000000 Q00=0000000000000000:0000000000000000 Q01=0000000000000000:0000000000000000 Q02=0000000000000000:0000000000000000 Q03=0000000000000000:0000000000000000 Q04=0000000000000000:0000000000000000 Q05=0000000000000000:0000000000000000 Q06=0000000000000000:0000000000000000 Q07=0000000000000000:0000000000000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000