[ 39.641688][ T30] audit: type=1400 audit(39.590:68): avc: denied { read write } for pid=2987 comm="sftp-server" name="null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 39.642571][ T30] audit: type=1400 audit(39.590:69): avc: denied { open } for pid=2987 comm="sftp-server" path="/dev/null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 Warning: Permanently added '[localhost]:15920' (ED25519) to the list of known hosts. [ 62.087924][ T30] audit: type=1400 audit(62.020:70): avc: denied { name_bind } for pid=2991 comm="sshd" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 64.116304][ T30] audit: type=1400 audit(64.060:71): avc: denied { execute } for pid=2993 comm="sh" name="syz-fuzzer" dev="vda" ino=680 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 64.117177][ T30] audit: type=1400 audit(64.060:72): avc: denied { execute_no_trans } for pid=2993 comm="sh" path="/syz-fuzzer" dev="vda" ino=680 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 1970/01/01 00:01:06 fuzzer started [ 69.268270][ T30] audit: type=1400 audit(69.210:73): avc: denied { node_bind } for pid=2993 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 1970/01/01 00:01:09 dialing manager at localhost:30000 [ 69.351763][ T30] audit: type=1400 audit(69.290:74): avc: denied { name_bind } for pid=2993 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 70.622487][ T30] audit: type=1400 audit(70.570:75): avc: denied { mounton } for pid=3001 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 70.631310][ T30] audit: type=1400 audit(70.570:76): avc: denied { mount } for pid=3001 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 70.644578][ T3001] cgroup: Unknown subsys name 'net' [ 70.672280][ T30] audit: type=1400 audit(70.610:77): avc: denied { unmount } for pid=3001 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 70.932095][ T3001] cgroup: Unknown subsys name 'hugetlb' [ 70.934683][ T3001] cgroup: Unknown subsys name 'rlimit' [ 71.180244][ T30] audit: type=1400 audit(71.120:78): avc: denied { mounton } for pid=3001 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 71.182232][ T30] audit: type=1400 audit(71.120:79): avc: denied { mount } for pid=3001 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 71.185572][ T30] audit: type=1400 audit(71.130:80): avc: denied { setattr } for pid=3001 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 71.334953][ T3002] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 71.336349][ T30] audit: type=1400 audit(71.280:81): avc: denied { relabelto } for pid=3002 comm="mkswap" name="swap-file" dev="vda" ino=685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 71.345723][ T30] audit: type=1400 audit(71.290:82): avc: denied { write } for pid=3002 comm="mkswap" path="/swap-file" dev="vda" ino=685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 77.131498][ T3001] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 1970/01/01 00:01:17 syscalls: 3016 1970/01/01 00:01:17 code coverage: CONFIG_KCOV is not enabled 1970/01/01 00:01:17 comparison tracing: CONFIG_KCOV is not enabled 1970/01/01 00:01:17 extra coverage: CONFIG_KCOV is not enabled 1970/01/01 00:01:17 delay kcov mmap: CONFIG_KCOV is not enabled 1970/01/01 00:01:17 setuid sandbox: enabled 1970/01/01 00:01:17 namespace sandbox: enabled 1970/01/01 00:01:17 Android sandbox: enabled 1970/01/01 00:01:17 fault injection: enabled 1970/01/01 00:01:17 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:01:17 net packet injection: enabled 1970/01/01 00:01:17 net device setup: enabled 1970/01/01 00:01:17 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:01:17 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:01:17 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:01:17 USB emulation: enabled 1970/01/01 00:01:17 hci packet injection: /dev/vhci does not exist 1970/01/01 00:01:17 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:01:17 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:01:17 swap file: enabled 1970/01/01 00:01:17 starting 2 executor processes [ 77.892948][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 77.893057][ T30] audit: type=1400 audit(77.840:85): avc: denied { execmem } for pid=3003 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 77.916941][ T30] audit: type=1400 audit(77.860:86): avc: denied { mounton } for pid=3006 comm="syz-executor.0" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 77.918406][ T30] audit: type=1400 audit(77.860:87): avc: denied { mount } for pid=3006 comm="syz-executor.0" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 77.920886][ T30] audit: type=1400 audit(77.860:88): avc: denied { read } for pid=3006 comm="syz-executor.0" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 77.931075][ T30] audit: type=1400 audit(77.870:89): avc: denied { open } for pid=3006 comm="syz-executor.0" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 77.932803][ T30] audit: type=1400 audit(77.870:90): avc: denied { mounton } for pid=3006 comm="syz-executor.0" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 77.991025][ T30] audit: type=1400 audit(77.920:91): avc: denied { module_request } for pid=3006 comm="syz-executor.0" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 78.079286][ T30] audit: type=1400 audit(78.020:92): avc: denied { sys_module } for pid=3006 comm="syz-executor.0" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 78.469839][ T30] audit: type=1400 audit(78.410:93): avc: denied { ioctl } for pid=3006 comm="syz-executor.0" path="/dev/net/tun" dev="devtmpfs" ino=691 ioctlcmd=0x54ca scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 79.277335][ T3006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.287978][ T3006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.399566][ T3008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.407031][ T3008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.035562][ T3006] hsr_slave_0: entered promiscuous mode [ 80.039871][ T3006] hsr_slave_1: entered promiscuous mode [ 80.137774][ T3008] hsr_slave_0: entered promiscuous mode [ 80.142108][ T3008] hsr_slave_1: entered promiscuous mode [ 80.146939][ T3008] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.147506][ T3008] Cannot create hsr debugfs directory [ 80.442843][ T30] audit: type=1400 audit(80.390:94): avc: denied { create } for pid=3006 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 80.446371][ T3006] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.455767][ T3006] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.459435][ T3006] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.464776][ T3006] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.528723][ T3008] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.537701][ T3008] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.548875][ T3008] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.562960][ T3008] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 81.110398][ T3006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.117631][ T3008] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.805407][ T3008] veth0_vlan: entered promiscuous mode [ 82.814683][ T3008] veth1_vlan: entered promiscuous mode [ 82.839667][ T3008] veth0_macvtap: entered promiscuous mode [ 82.847364][ T3008] veth1_macvtap: entered promiscuous mode [ 82.872119][ T3008] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.872563][ T3008] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.872766][ T3008] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.872981][ T3008] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.957019][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 82.957063][ T30] audit: type=1400 audit(82.900:97): avc: denied { mounton } for pid=3008 comm="syz-executor.1" path="/dev/binderfs" dev="devtmpfs" ino=779 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 82.959741][ T30] audit: type=1400 audit(82.900:98): avc: denied { mount } for pid=3008 comm="syz-executor.1" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 83.048215][ T30] audit: type=1400 audit(82.990:99): avc: denied { read write } for pid=3008 comm="syz-executor.1" name="loop1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 83.071673][ T30] audit: type=1400 audit(83.010:100): avc: denied { open } for pid=3008 comm="syz-executor.1" path="/dev/loop1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 83.072340][ T30] audit: type=1400 audit(83.010:101): avc: denied { ioctl } for pid=3008 comm="syz-executor.1" path="/dev/loop1" dev="devtmpfs" ino=636 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 00:01:23 executing program 1: r0 = mq_open(&(0x7f0000000000)=')\x91^\\+\x00', 0x40, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000015c0)=[{0x0}, {&(0x7f0000001140)=""/76, 0x4c}, {&(0x7f00000011c0)=""/33, 0x21}, {&(0x7f0000001240)=""/115, 0x73}, {&(0x7f00000012c0)=""/225, 0xe1}, {&(0x7f0000001400)=""/16, 0x10}, {&(0x7f0000001440)=""/221, 0xdd}, {&(0x7f0000001540)=""/107, 0x6b}], 0x8, &(0x7f0000001680)=""/100, 0x64}, 0x2023) mq_open(0x0, 0x80, 0x0, &(0x7f0000001780)={0xffffffff, 0xfffffffffffffff7, 0x80}) eventfd(0x3) getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000001800)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000001880)={'batadv_slave_0\x00'}) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000001900)={0xffffffffffffffff, 0x1, 0x62, 0xfffffffffffffffe}) pwritev2(r0, &(0x7f00000038c0)=[{&(0x7f0000003580)="b3b19dee2999d454fb1779442731c17b09ce38ae1db648184ded6e51250880047d7ecb1401e23a2abfe636a6c18d7394fbeae4fa18e63ce23f268b61f3df75d8173009e28824c45b6acd56b96a0b5adfc9eb33b44a06e50afe01efb80fc2ae575214fb9a3e9ba840930f9a90", 0x6c}, {&(0x7f0000003600)}, {&(0x7f0000003680)="5c8610360a31c305518cfdabbe74ee34e4e6e494f6f80e6e6b0f498f80f1e35652de636ea577d66172fe5cda80d7dbd8b9f42874aed83fa8ca4988cc904266211fdf2ccbcd30b8541a7b", 0x4a}, {0x0}, {&(0x7f0000003840)="6b0c9240b6d3febe42f66ee9e64aa988a2b4fc351b7d474d6cc26a6f", 0x1c}, {&(0x7f0000003880)="d066609a60ae77dfef63a99bcf17b167", 0x10}], 0x6, 0x4, 0x0, 0x0) 00:01:23 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r0, 0x0) r1 = accept4$inet6(r0, 0x0, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r2, &(0x7f00000001c0)={0x2, 0x2, @local}, 0x10) write$char_usb(r1, 0x0, 0x0) [ 83.226097][ T3006] veth0_vlan: entered promiscuous mode [ 83.255239][ T3006] veth1_vlan: entered promiscuous mode [ 83.277273][ T30] audit: type=1400 audit(83.220:102): avc: denied { name_bind } for pid=3689 comm="syz-executor.1" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 83.286633][ T3006] veth0_macvtap: entered promiscuous mode [ 83.293896][ T3006] veth1_macvtap: entered promiscuous mode [ 83.345700][ T3006] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.346536][ T3006] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.346864][ T3006] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.347173][ T3006] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:01:23 executing program 0: sendmsg$NL80211_CMD_GET_MPP(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000280), 0xc, 0x0}, 0x0) r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_script(r0, &(0x7f0000000540)=ANY=[], 0x4) close(r0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) [ 83.536887][ T3692] process 'syz-executor.0' launched './file0' with NULL argv: empty string added 00:01:23 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) accept(r0, &(0x7f00000003c0)=@un=@abs, &(0x7f0000000400)=0x8) 00:01:23 executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) [ 83.727189][ T30] audit: type=1400 audit(83.670:103): avc: denied { create } for pid=3695 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 83.745518][ T30] audit: type=1400 audit(83.690:104): avc: denied { bind } for pid=3695 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 83.746927][ T30] audit: type=1400 audit(83.690:105): avc: denied { node_bind } for pid=3695 comm="syz-executor.0" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 00:01:23 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000840)=0x100) dup2(r0, r1) [ 83.818308][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. 00:01:23 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000780)={{0x2, 0x0, @rand_addr=0x64010101}, {0x0, @dev}, 0x0, {0x2, 0x0, @local}}) 00:01:23 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$FBIOGET_FSCREENINFO(r0, 0x10, 0x0) 00:01:23 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) lseek(r0, 0x0, 0x0) 00:01:24 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x2, 0x0, &(0x7f0000000000)) 00:01:24 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r0, &(0x7f0000002940)={0x0, 0x0, 0x0}, 0x0) [ 84.177161][ T30] audit: type=1400 audit(84.120:106): avc: denied { create } for pid=3707 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 00:01:24 executing program 0: bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000540)=0xffffffffffffffff, 0x4) 00:01:24 executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x5}, 0x8) 00:01:24 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0x44, 0x9, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000000240), 0x288, r0}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240), 0x0, 0x2, r0}, 0x38) 00:01:24 executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x2c}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r0, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, &(0x7f0000001380)}}, 0x10) 00:01:27 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f00000001c0)={0x0, 0x1400, &(0x7f0000000180)=[{&(0x7f0000000280)=""/212, 0xd4}], 0x1}, 0x0) [ 88.627993][ T3722] 8<--- cut here --- [ 88.630198][ T3722] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read [ 88.633121][ T3722] [00000000] *pgd=8508b003, *pmd=fe51b003 [ 88.642646][ T3722] Internal error: Oops: 207 [#1] PREEMPT SMP ARM [ 88.643336][ T3722] Modules linked in: [ 88.643907][ T3722] CPU: 1 PID: 3722 Comm: syz-executor.0 Not tainted 6.9.0-rc1-syzkaller #0 [ 88.644400][ T3722] Hardware name: ARM-Versatile Express [ 88.644949][ T3722] PC is at __kmap_local_page_prot+0xc/0x74 [ 88.646194][ T3722] LR is at copy_page_to_iter+0xf8/0x184 [ 88.646615][ T3722] pc : [<80479d2c>] lr : [<807eb0fc>] psr: 60000013 [ 88.647392][ T3722] sp : e0025ca0 ip : e0025cb0 fp : e0025cac [ 88.647892][ T3722] r10: 00000018 r9 : 828584e8 r8 : 00000000 [ 88.648293][ T3722] r7 : 00000000 r6 : 00000000 r5 : 00000000 r4 : 84f8b800 [ 88.649533][ T3722] r3 : 00c00000 r2 : 0000071f r1 : 00000000 r0 : 00000000 [ 88.650229][ T3722] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 88.652193][ T3722] Control: 30c5387d Table: 85082e40 DAC: 00000000 [ 88.652725][ T3722] Register r0 information: NULL pointer [ 88.653558][ T3722] Register r1 information: NULL pointer [ 88.654356][ T3722] Register r2 information: non-paged memory [ 88.655013][ T3722] Register r3 information: non-paged memory [ 88.656519][ T3722] Register r4 information: slab kmalloc-1k start 84f8b800 pointer offset 0 size 1024 [ 88.660981][ T3722] Register r5 information: NULL pointer [ 88.662330][ T3722] Register r6 information: NULL pointer [ 88.664326][ T3722] Register r7 information: NULL pointer [ 88.666175][ T3722] Register r8 information: NULL pointer [ 88.669200][ T3722] Register r9 information: non-slab/vmalloc memory [ 88.671219][ T3722] Register r10 information: non-paged memory [ 88.674301][ T3722] Register r11 information: 2-page vmalloc region starting at 0xe0024000 allocated at kernel_clone+0xac/0x3cc [ 88.676479][ T3722] Register r12 information: 2-page vmalloc region starting at 0xe0024000 allocated at kernel_clone+0xac/0x3cc [ 88.679231][ T3722] Process syz-executor.0 (pid: 3722, stack limit = 0xe0024000) [ 88.681535][ T3722] Stack: (0xe0025ca0 to 0xe0026000) [ 88.683565][ T3722] 5ca0: e0025ce4 e0025cb0 807eb0fc 80479d2c 84e54e00 e0025f48 00000000 84f8b800 [ 88.685219][ T3722] 5cc0: 84f8b800 00000000 00000000 00000000 000000d4 00000018 e0025d34 e0025ce8 [ 88.687916][ T3722] 5ce0: 8140afac 807eb010 84173000 00000000 84e54e00 84e54ed0 844ffc00 84e54ed8 [ 88.690618][ T3722] 5d00: e0025f48 00000000 00000000 844ffc00 000000d4 84e54e00 84173000 00000000 [ 88.691223][ T3722] 5d20: 00000000 00000000 e0025da4 e0025d38 8162d6a0 8140aec8 00000000 00000000 [ 88.691723][ T3722] 5d40: 00000000 00000000 00000000 00000000 844ffc88 84e54eec 844ffe34 e0025f38 [ 88.692243][ T3722] 5d60: 00000000 3d193984 8260ca3c 8219a848 00000000 3d193984 e0025f38 8162d550 [ 88.693003][ T3722] 5d80: e0025f38 84817900 00000000 00000000 00000000 e0025df4 e0025dc4 e0025da8 [ 88.695415][ T3722] 5da0: 8162c73c 8162d55c 00000000 00000000 00000000 8162c704 e0025de4 e0025dc8 [ 88.696718][ T3722] 5dc0: 8137a598 8162c710 e0025f38 84817900 200001c0 00000000 e0025ea4 e0025de8 [ 88.698953][ T3722] 5de0: 8137a798 8137a554 00000000 00000000 00000001 00000000 00000000 00000000 [ 88.700979][ T3722] 5e00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 88.701790][ T3722] 5e20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 88.704439][ T3722] 5e40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 88.706713][ T3722] 5e60: 00000000 00000000 00000000 00000000 00000000 3d193984 00000000 00000000 [ 88.708893][ T3722] 5e80: e0025f38 200001c0 00000000 84817900 84173000 00000129 e0025f24 e0025ea8 [ 88.710964][ T3722] 5ea0: 8137d6dc 8137a714 00000000 00000000 00000008 00000000 00000000 20000280 [ 88.714479][ T3722] 5ec0: 000000d4 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 88.716573][ T3722] 5ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 3d193984 [ 88.720616][ T3722] 5f00: e0025f24 84817900 00000000 200001c0 00000000 80200288 e0025fa4 e0025f28 [ 88.721622][ T3722] 5f20: 8137de58 8137d660 00000000 e0025f38 00000001 fffffff7 e0025df4 00000000 [ 88.722242][ T3722] 5f40: 00000000 00000000 00000000 00000000 20000280 000000d4 00000001 00000000 [ 88.724748][ T3722] 5f60: 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 [ 88.726989][ T3722] 5f80: 8020ca6c 3d193984 00000000 00000000 0014c2c8 00000129 00000000 e0025fa8 [ 88.729001][ T3722] 5fa0: 80200060 8137ddf0 00000000 00000000 00000003 200001c0 00000000 00000000 [ 88.730795][ T3722] 5fc0: 00000000 00000000 0014c2c8 00000129 7ecd732e 7ecd732f 003d0f00 76b460fc [ 88.732725][ T3722] 5fe0: 76b45f08 76b45ef8 000167f8 00050bc0 60000010 00000003 00000000 00000000 [ 88.735111][ T3722] Call trace: [ 88.737476][ T3722] [<80479d20>] (__kmap_local_page_prot) from [<807eb0fc>] (copy_page_to_iter+0xf8/0x184) [ 88.741624][ T3722] [<807eb004>] (copy_page_to_iter) from [<8140afac>] (sk_msg_recvmsg+0xf0/0x3cc) [ 88.744474][ T3722] r10:00000018 r9:000000d4 r8:00000000 r7:00000000 r6:00000000 r5:84f8b800 [ 88.748024][ T3722] r4:84f8b800 [ 88.749637][ T3722] [<8140aebc>] (sk_msg_recvmsg) from [<8162d6a0>] (unix_bpf_recvmsg+0x150/0x444) [ 88.752770][ T3722] r10:00000000 r9:00000000 r8:00000000 r7:84173000 r6:84e54e00 r5:000000d4 [ 88.754973][ T3722] r4:844ffc00 [ 88.760840][ T3722] [<8162d550>] (unix_bpf_recvmsg) from [<8162c73c>] (unix_dgram_recvmsg+0x38/0x4c) [ 88.763714][ T3722] r10:e0025df4 r9:00000000 r8:00000000 r7:00000000 r6:84817900 r5:e0025f38 [ 88.767271][ T3722] r4:8162d550 [ 88.769087][ T3722] [<8162c704>] (unix_dgram_recvmsg) from [<8137a598>] (sock_recvmsg+0x50/0x78) [ 88.771062][ T3722] r4:8162c704 [ 88.771404][ T3722] [<8137a548>] (sock_recvmsg) from [<8137a798>] (____sys_recvmsg+0x90/0x158) [ 88.772485][ T3722] r7:00000000 r6:200001c0 r5:84817900 r4:e0025f38 [ 88.774508][ T3722] [<8137a708>] (____sys_recvmsg) from [<8137d6dc>] (___sys_recvmsg+0x88/0xbc) [ 88.777895][ T3722] r10:00000129 r9:84173000 r8:84817900 r7:00000000 r6:200001c0 r5:e0025f38 [ 88.780437][ T3722] r4:00000000 [ 88.781120][ T3722] [<8137d654>] (___sys_recvmsg) from [<8137de58>] (sys_recvmsg+0x74/0xb8) [ 88.784494][ T3722] r8:80200288 r7:00000000 r6:200001c0 r5:00000000 r4:84817900 [ 88.787792][ T3722] [<8137dde4>] (sys_recvmsg) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 88.790014][ T3722] Exception stack(0xe0025fa8 to 0xe0025ff0) [ 88.791291][ T3722] 5fa0: 00000000 00000000 00000003 200001c0 00000000 00000000 [ 88.793775][ T3722] 5fc0: 00000000 00000000 0014c2c8 00000129 7ecd732e 7ecd732f 003d0f00 76b460fc [ 88.796728][ T3722] 5fe0: 76b45f08 76b45ef8 000167f8 00050bc0 [ 88.799913][ T3722] r7:00000129 r6:0014c2c8 r5:00000000 r4:00000000 [ 88.801854][ T3722] Code: eaffffe8 e1a0c00d e92dd800 e24cb004 (e5901000) [ 88.811667][ T3722] ---[ end trace 0000000000000000 ]--- [ 88.841762][ T3722] Kernel panic - not syncing: Fatal exception [ 88.845694][ T3722] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:59:45 Registers: info registers vcpu 0 CPU#0 R00=bbb4f000 R01=e0041000 R02=00000000 R03=8021b3b4 R04=7f00f000 R05=00000001 R06=828a8de8 R07=7f00f000 R08=e0041000 R09=8260ca94 R10=828a9a0c R11=df835dac R12=df835db0 R13=df835d80 R14=80210b70 R15=8021b3cc PSR=80000113 N--- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000 info registers vcpu 1 CPU#1 R00=84173288 R01=84ddee40 R02=80287940 R03=84173280 R04=84173280 R05=00000001 R06=00000001 R07=84173000 R08=000003fb R09=6fa56a5a R10=84173000 R11=e002595c R12=00000000 R13=e0025960 R14=8028caec R15=818699ac PSR=60000193 -ZC- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000