syzkaller login: [ 39.043176][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 39.043271][ T29] audit: type=1400 audit(38.990:68): avc: denied { read write } for pid=2973 comm="sftp-server" name="null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 39.043978][ T29] audit: type=1400 audit(38.990:69): avc: denied { open } for pid=2973 comm="sftp-server" path="/dev/null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 Warning: Permanently added '[localhost]:1329' (ED25519) to the list of known hosts. [ 86.259330][ T29] audit: type=1400 audit(86.190:70): avc: denied { execute } for pid=2982 comm="sh" name="syz-executor3605273777" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 86.267569][ T29] audit: type=1400 audit(86.200:71): avc: denied { execute_no_trans } for pid=2982 comm="sh" path="/syz-executor3605273777" dev="vda" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 86.694202][ T29] audit: type=1400 audit(86.640:72): avc: denied { execmem } for pid=2982 comm="syz-executor360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 86.831210][ T29] audit: type=1400 audit(86.760:73): avc: denied { map_create } for pid=2983 comm="syz-executor360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 executing program [ 86.860474][ T29] audit: type=1400 audit(86.800:74): avc: denied { map_read map_write } for pid=2983 comm="syz-executor360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 86.873240][ T2983] 8<--- cut here --- [ 86.873764][ T2983] Unable to handle kernel NULL pointer dereference at virtual address 00000010 when read [ 86.875766][ T2983] [00000010] *pgd=8423f003, *pmd=fe0d5003 [ 86.880923][ T2983] Internal error: Oops: 207 [#1] PREEMPT SMP ARM [ 86.882622][ T2983] Modules linked in: [ 86.885301][ T2983] CPU: 0 PID: 2983 Comm: syz-executor360 Not tainted 6.8.0-rc5-syzkaller #0 [ 86.887399][ T2983] Hardware name: ARM-Versatile Express [ 86.888846][ T2983] PC is at dev_map_hash_update_elem+0x90/0x210 [ 86.892216][ T2983] LR is at preempt_count_add+0x12c/0x150 [ 86.893661][ T2983] pc : [<803e5f34>] lr : [<8027b29c>] psr: 60000093 [ 86.895262][ T2983] sp : df96dda8 ip : df96dd68 fp : df96dde4 [ 86.896562][ T2983] r10: 00000000 r9 : 828f71c0 r8 : 8417bb10 [ 86.897814][ T2983] r7 : 00000000 r6 : 20000013 r5 : 8417ba00 r4 : ffffffff [ 86.898304][ T2983] r3 : 00000000 r2 : 00000010 r1 : 00000000 r0 : 20000013 [ 86.899398][ T2983] Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user [ 86.899798][ T2983] Control: 30c5387d Table: 84656480 DAC: fffffffd [ 86.900029][ T2983] Register r0 information: non-paged memory [ 86.903174][ T2983] Register r1 information: NULL pointer [ 86.904459][ T2983] Register r2 information: zero-size pointer [ 86.906012][ T2983] Register r3 information: NULL pointer [ 86.907374][ T2983] Register r4 information: non-paged memory [ 86.909220][ T2983] Register r5 information: slab kmalloc-512 start 8417ba00 pointer offset 0 size 512 [ 86.913368][ T2983] Register r6 information: non-paged memory [ 86.914687][ T2983] Register r7 information: NULL pointer [ 86.916026][ T2983] Register r8 information: slab kmalloc-512 start 8417ba00 pointer offset 272 size 512 [ 86.919457][ T2983] Register r9 information: non-slab/vmalloc memory [ 86.921047][ T2983] Register r10 information: NULL pointer [ 86.922358][ T2983] Register r11 information: 2-page vmalloc region starting at 0xdf96c000 allocated at kernel_clone+0xac/0x3c8 [ 86.924140][ T2983] Register r12 information: 2-page vmalloc region starting at 0xdf96c000 allocated at kernel_clone+0xac/0x3c8 [ 86.926863][ T2983] Process syz-executor360 (pid: 2983, stack limit = 0xdf96c000) [ 86.928997][ T2983] Stack: (0xdf96dda8 to 0xdf96e000) [ 86.930993][ T2983] dda0: df96ddc4 00000004 00000000 1b98af0a df96dde4 8417ba00 [ 86.932601][ T2983] ddc0: 824aeaf0 843ef140 8442a040 8365a9c0 00000004 8417ba00 df96de14 df96dde8 [ 86.934134][ T2983] dde0: 8038c0b8 803e5eb0 00000000 00000000 80884220 8417bab8 8365a9c0 8365a9c0 [ 86.935516][ T2983] de00: df96dec8 843ef140 df96de6c df96de18 8038d040 8038bec8 00000000 00000000 [ 86.939541][ T2983] de20: 8027b44c 00000004 20000140 00000004 00000000 8442a040 20000200 00000000 [ 86.939888][ T2983] de40: df96de6c 00000000 00000020 df96dea0 00000002 20000200 00000020 00000000 [ 86.940235][ T2983] de60: df96df8c df96de70 80392aa0 8038cdf8 8088300c 81856650 00000000 841ee000 [ 86.940488][ T2983] de80: df96dee0 df96dfb0 df96dea4 df96de98 80884220 df96dee0 df96dfb0 80200288 [ 86.942165][ T2983] dea0: 20000200 00000000 00000008 00000000 00000008 8041ad98 841ee000 ffffffff [ 86.942913][ T2983] dec0: df96df2c 80200b9c 00000003 00000000 200000c0 00000000 20000140 00000000 [ 86.944211][ T2983] dee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 86.945652][ T2983] df00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 86.946028][ T2983] df20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 86.947200][ T2983] df40: 00000000 00000000 00000000 00000000 00000000 00000000 df96df94 1b98af0a [ 86.947602][ T2983] df60: 8134e0a0 ffffffff 00000000 0008e058 00000182 80200288 841ee000 00000182 [ 86.948838][ T2983] df80: df96dfa4 df96df90 80394ea4 80392830 20000200 00000000 00000000 df96dfa8 [ 86.949175][ T2983] dfa0: 80200060 80394e84 ffffffff 00000000 00000002 20000200 00000020 00000000 [ 86.950514][ T2983] dfc0: ffffffff 00000000 0008e058 00000182 000f4240 00000000 00000001 00003a97 [ 86.951114][ T2983] dfe0: 7e973c70 7e973c60 000106cc 0002e810 00000010 00000002 00000000 00000000 [ 86.952427][ T2983] Backtrace: [ 86.953837][ T2983] [<803e5ea4>] (dev_map_hash_update_elem) from [<8038c0b8>] (bpf_map_update_value+0x1fc/0x2d4) [ 86.955368][ T2983] r10:8417ba00 r9:00000004 r8:8365a9c0 r7:8442a040 r6:843ef140 r5:824aeaf0 [ 86.955601][ T2983] r4:8417ba00 [ 86.956836][ T2983] [<8038bebc>] (bpf_map_update_value) from [<8038d040>] (map_update_elem+0x254/0x460) [ 86.957717][ T2983] r8:843ef140 r7:df96dec8 r6:8365a9c0 r5:8365a9c0 r4:8417bab8 [ 86.958927][ T2983] [<8038cdec>] (map_update_elem) from [<80392aa0>] (__sys_bpf+0x27c/0x2104) [ 86.959365][ T2983] r10:00000000 r9:00000020 r8:20000200 r7:00000002 r6:df96dea0 r5:00000020 [ 86.959583][ T2983] r4:00000000 [ 86.959706][ T2983] [<80392824>] (__sys_bpf) from [<80394ea4>] (sys_bpf+0x2c/0x48) [ 86.960961][ T2983] r10:00000182 r9:841ee000 r8:80200288 r7:00000182 r6:0008e058 r5:00000000 [ 86.961198][ T2983] r4:ffffffff [ 86.961366][ T2983] [<80394e78>] (sys_bpf) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 86.961704][ T2983] Exception stack(0xdf96dfa8 to 0xdf96dff0) [ 86.963074][ T2983] dfa0: ffffffff 00000000 00000002 20000200 00000020 00000000 [ 86.963697][ T2983] dfc0: ffffffff 00000000 0008e058 00000182 000f4240 00000000 00000001 00003a97 [ 86.965229][ T2983] dfe0: 7e973c70 7e973c60 000106cc 0002e810 [ 86.966768][ T2983] Code: e595210c e1a06000 e2433001 e003300a (e7924103) [ 86.968929][ T2983] ---[ end trace 0000000000000000 ]--- [ 86.970462][ T2983] Kernel panic - not syncing: Fatal exception [ 86.978866][ C1] CPU1: stopping [ 86.979177][ C1] CPU: 1 PID: 93 Comm: kworker/1:3 Tainted: G D 6.8.0-rc5-syzkaller #0 [ 86.979223][ C1] Hardware name: ARM-Versatile Express [ 86.979368][ C1] Workqueue: events bpf_prog_free_deferred [ 86.979510][ C1] Backtrace: frame pointer underflow [ 86.979574][ C1] [<81837b0c>] (dump_backtrace) from [<81837c08>] (show_stack+0x18/0x1c) [ 86.979656][ C1] r7:00000014 r6:81b0f9f0 r5:600001d3 r4:81fbd4bc [ 86.979670][ C1] [<81837bf0>] (show_stack) from [<81855124>] (dump_stack_lvl+0x48/0x54) [ 86.979721][ C1] [<818550dc>] (dump_stack_lvl) from [<81855148>] (dump_stack+0x18/0x1c) [ 86.979772][ C1] r5:00000001 r4:00000004 [ 86.979782][ C1] [<81855130>] (dump_stack) from [<8020fb78>] (do_handle_IPI+0x2ac/0x2d8) [ 86.979830][ C1] [<8020f8cc>] (do_handle_IPI) from [<8020fbc4>] (ipi_handler+0x20/0x28) [ 86.979887][ C1] r9:82f09800 r8:df805f78 r7:00000014 r6:81b0f9f0 r5:82c0cc80 r4:82c96d00 [ 86.979899][ C1] [<8020fba4>] (ipi_handler) from [<802c500c>] (handle_percpu_devid_irq+0x9c/0x2cc) [ 86.979948][ C1] [<802c4f70>] (handle_percpu_devid_irq) from [<802be798>] (generic_handle_domain_irq+0x30/0x40) [ 86.980006][ C1] r10:00000000 r9:82f09800 r8:00000000 r7:df80a00c r6:824b0bc0 r5:df80a000 [ 86.980022][ C1] r4:8260cd28 r3:00010000 [ 86.980033][ C1] [<802be768>] (generic_handle_domain_irq) from [<802011c4>] (gic_handle_irq+0x68/0x7c) [ 86.980075][ C1] [<8020115c>] (gic_handle_irq) from [<818559e8>] (generic_handle_arch_irq+0x60/0x80) [ 86.980129][ C1] r7:df9bdd08 r6:8213cb28 r5:82178740 r4:824b2224 [ 86.980140][ C1] [<81855988>] (generic_handle_arch_irq) from [<81807b88>] (call_with_stack+0x1c/0x20) [ 86.980199][ C1] r9:82f09800 r8:828a0c68 r7:df9bdd3c r6:ffffffff r5:80000113 r4:8021b36c [ 86.980212][ C1] [<81807b6c>] (call_with_stack) from [<80200b84>] (__irq_svc+0x84/0xac) [ 86.980250][ C1] Exception stack(0xdf9bdd08 to 0xdf9bdd50) [ 86.980281][ C1] dd00: ce71b000 df969000 00000001 8021b354 7f00b000 82f09800 [ 86.980309][ C1] dd20: 7f00b000 00000000 828a0c68 8270dd5c 00000000 df9bdd84 df9bdd88 df9bdd58 [ 86.980330][ C1] dd40: 80210b30 8021b36c 80000113 ffffffff [ 86.980343][ C1] [<80210acc>] (flush_tlb_kernel_range) from [<8048d8f8>] (__purge_vmap_area_lazy+0xc4/0x850) [ 86.980392][ C1] r4:df969000 [ 86.980401][ C1] [<8048d834>] (__purge_vmap_area_lazy) from [<8048e30c>] (_vm_unmap_aliases+0x288/0x2e4) [ 86.980466][ C1] r10:00000000 r9:df9bde38 r8:00000000 r7:df9bddf0 r6:00000008 r5:ddde2340 [ 86.980481][ C1] r4:df9bddf0 [ 86.980491][ C1] [<8048e084>] (_vm_unmap_aliases) from [<80491c84>] (vfree+0x170/0x1e0) [ 86.980546][ C1] r10:82c16205 r9:00000001 r8:00000000 r7:ffffffff r6:00000000 r5:843ff680 [ 86.980559][ C1] r4:00000000 [ 86.980570][ C1] [<80491b14>] (vfree) from [<802ea46c>] (module_memfree+0x30/0x50) [ 86.980628][ C1] r9:82f09800 r8:00000080 r7:00000000 r6:82c16200 r5:00001000 r4:7f00b000 [ 86.980640][ C1] [<802ea43c>] (module_memfree) from [<80388bc4>] (bpf_jit_free_exec+0x10/0x14) [ 86.980686][ C1] r5:00001000 r4:df95d000 [ 86.980696][ C1] [<80388bb4>] (bpf_jit_free_exec) from [<80388d84>] (bpf_jit_free+0x68/0xe4) [ 86.980736][ C1] [<80388d1c>] (bpf_jit_free) from [<80389e64>] (bpf_prog_free_deferred+0x14c/0x164) [ 86.980779][ C1] r5:84271f50 r4:84271c00 [ 86.980790][ C1] [<80389d18>] (bpf_prog_free_deferred) from [<80267028>] (process_one_work+0x19c/0x4a4) [ 86.980846][ C1] r7:ddde4280 r6:82c16200 r5:84271f50 r4:82ea0b80 [ 86.980857][ C1] [<80266e8c>] (process_one_work) from [<80267570>] (worker_thread+0x240/0x48c) [ 86.980917][ C1] r10:61c88647 r9:82f09800 r8:ddde42a0 r7:82604d40 r6:ddde4280 r5:82ea0bac [ 86.980930][ C1] r4:82ea0b80 [ 86.980939][ C1] [<80267330>] (worker_thread) from [<8026e84c>] (kthread+0x104/0x134) [ 86.981027][ C1] r10:00000000 r9:df94de90 r8:834d2f00 r7:82ea0b80 r6:80267330 r5:82f09800 [ 86.981043][ C1] r4:834d2c40 [ 86.981052][ C1] [<8026e748>] (kthread) from [<80200104>] (ret_from_fork+0x14/0x30) [ 86.981091][ C1] Exception stack(0xdf9bdfb0 to 0xdf9bdff8) [ 86.981116][ C1] dfa0: 00000000 00000000 00000000 00000000 [ 86.981144][ C1] dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 86.981168][ C1] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 86.981201][ C1] r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026e748 r4:834d2c40 [ 87.019865][ T2983] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:47:38 Registers: info registers vcpu 0 CPU#0 R00=00000001 R01=5b91f000 R02=00000001 R03=82853048 R04=00000000 R05=ffffffff R06=00000000 R07=00000000 R08=00000000 R09=81fa858c R10=00000000 R11=df96dc2c R12=df96dbd8 R13=df96dbf0 R14=802b8d44 R15=802bb21c PSR=60000193 -ZC- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=005727e9 s17=00000000 d08=00000000005727e9 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=d1156120 s33=e72a9a3a d16=e72a9a3ad1156120 s34=c2b6ec35 s35=57dd7f21 d17=57dd7f21c2b6ec35 s36=42abc6b9 s37=4dac5563 d18=4dac556342abc6b9 s38=c0f2da3e s39=0dfb9168 d19=0dfb9168c0f2da3e s40=c5ca848b s41=f9565d3d d20=f9565d3dc5ca848b s42=0b701d4c s43=d06a71fa d21=d06a71fa0b701d4c s44=4834f69c s45=3fa5fef4 d22=3fa5fef44834f69c s46=0793387a s47=28d789a8 d23=28d789a80793387a s48=00000001 s49=00000000 d24=0000000000000001 s50=00000000 s51=00000000 d25=0000000000000000 s52=5e43d1bb s53=b716fd61 d26=b716fd615e43d1bb s54=0b9270b8 s55=99f61d1f d27=99f61d1f0b9270b8 s56=0a0d51e3 s57=c8e64fe2 d28=c8e64fe20a0d51e3 s58=0ef66732 s59=0c98f770 d29=0c98f7700ef66732 s60=ac7d73fe s61=479d34fd d30=479d34fdac7d73fe s62=00000069 s63=00000068 d31=0000006800000069 FPSCR: 00000000 info registers vcpu 1 CPU#1 R00=cc192000 R01=df969000 R02=00000001 R03=8021b354 R04=7f00b000 R05=82f09800 R06=7f00b000 R07=00000000 R08=828a0c68 R09=8270dd5c R10=00000000 R11=df9bdd84 R12=df9bdd88 R13=df9bdd58 R14=80210b30 R15=8021b36c PSR=80000113 N--- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000