syzkaller login: [ 29.722213][ T31] kauditd_printk_skb: 6 callbacks suppressed [ 29.722468][ T31] audit: type=1400 audit(29.660:58): avc: denied { read write } for pid=3086 comm="sftp-server" name="null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 29.736744][ T31] audit: type=1400 audit(29.670:59): avc: denied { open } for pid=3086 comm="sftp-server" path="/dev/null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 Warning: Permanently added '[localhost]:63703' (ED25519) to the list of known hosts. [ 62.448138][ T31] audit: type=1400 audit(62.380:60): avc: denied { execute } for pid=3103 comm="sh" name="syz-executor3172316260" dev="vda" ino=807 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 62.467317][ T31] audit: type=1400 audit(62.390:61): avc: denied { execute_no_trans } for pid=3103 comm="sh" path="/syz-executor3172316260" dev="vda" ino=807 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 62.641040][ T31] audit: type=1400 audit(62.580:62): avc: denied { execmem } for pid=3103 comm="syz-executor317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 62.653746][ T31] audit: type=1400 audit(62.590:63): avc: denied { allowed } for pid=3104 comm="syz-executor317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 executing program [ 62.664418][ T31] audit: type=1400 audit(62.600:64): avc: denied { create } for pid=3104 comm="syz-executor317" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 62.669793][ T31] audit: type=1400 audit(62.610:65): avc: denied { map } for pid=3104 comm="syz-executor317" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=373 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 62.670030][ T31] audit: type=1400 audit(62.610:66): avc: denied { read write } for pid=3104 comm="syz-executor317" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=373 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 62.685614][ T31] audit: type=1400 audit(62.620:67): avc: denied { create } for pid=3104 comm="syz-executor317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 62.691453][ T3104] 8<--- cut here --- [ 62.692222][ T3104] Unable to handle kernel NULL pointer dereference at virtual address 0000000e when read [ 62.693640][ T3104] [0000000e] *pgd=84774003, *pmd=df791003 [ 62.696249][ T3104] Internal error: Oops: 205 [#1] SMP ARM [ 62.697293][ T31] audit: type=1400 audit(62.630:68): avc: denied { read } for pid=2909 comm="syslogd" name="log" dev="vda" ino=795 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 62.697414][ T3104] Modules linked in: [ 62.697973][ T31] audit: type=1400 audit(62.630:69): avc: denied { search } for pid=2909 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 62.699647][ T3104] [ 62.700484][ T3104] CPU: 0 UID: 0 PID: 3104 Comm: syz-executor317 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 62.701235][ T3104] Hardware name: ARM-Versatile Express [ 62.701780][ T3104] PC is at io_buffer_select+0x50/0x18c [ 62.703088][ T3104] LR is at xa_load+0x68/0xa4 [ 62.703470][ T3104] pc : [<80889a10>] lr : [<81a4be54>] psr: 20000013 [ 62.703895][ T3104] sp : df971e18 ip : df971dd8 fp : df971e34 [ 62.704211][ T3104] r10: 837d6500 r9 : 00000000 r8 : 80000001 [ 62.704528][ T3104] r7 : df971e50 r6 : 00000000 r5 : 8423e100 r4 : 849fc000 [ 62.704928][ T3104] r3 : 00000001 r2 : 00000000 r1 : 843623c0 r0 : 00000000 [ 62.705347][ T3104] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 62.705802][ T3104] Control: 30c5387d Table: 849287c0 DAC: fffffffd [ 62.706210][ T3104] Register r0 information: NULL pointer [ 62.707089][ T3104] Register r1 information: slab kmalloc-64 start 843623c0 pointer offset 0 size 64 [ 62.708323][ T3104] Register r2 information: NULL pointer [ 62.708713][ T3104] Register r3 information: non-paged memory [ 62.709127][ T3104] Register r4 information: slab io_kiocb start 849fc000 pointer offset 0 size 192 [ 62.710007][ T3104] Register r5 information: slab kmalloc-2k start 8423e000 pointer offset 256 size 2048 [ 62.710637][ T3104] Register r6 information: NULL pointer [ 62.711020][ T3104] Register r7 information: 2-page vmalloc region starting at 0xdf970000 allocated at kernel_clone+0xac/0x3e4 [ 62.711787][ T3104] Register r8 information: non-slab/vmalloc memory [ 62.712202][ T3104] Register r9 information: NULL pointer [ 62.712573][ T3104] Register r10 information: slab sock_inode_cache start 837d6500 pointer offset 0 size 576 [ 62.713239][ T3104] Register r11 information: 2-page vmalloc region starting at 0xdf970000 allocated at kernel_clone+0xac/0x3e4 [ 62.713931][ T3104] Register r12 information: 2-page vmalloc region starting at 0xdf970000 allocated at kernel_clone+0xac/0x3e4 [ 62.714572][ T3104] Process syz-executor317 (pid: 3104, stack limit = 0xdf970000) [ 62.715251][ T3104] Stack: (0xdf971e18 to 0xdf972000) [ 62.715776][ T3104] 1e00: 849fc000 8474b800 [ 62.716467][ T3104] 1e20: 00000000 00000040 df971e84 df971e38 80892d3c 808899cc 8057abbc 8030cb0c [ 62.717210][ T3104] 1e40: 849fc000 00000001 019fc000 00000000 00000000 cce83187 80886a40 849fc000 [ 62.717645][ T3104] 1e60: 81cf0bd4 00000000 80000001 81cf0b5c 0000000a 8452d400 df971ebc df971e88 [ 62.718122][ T3104] 1e80: 80886df4 80892b18 00000000 00000000 00000000 8423e000 849fc06c 849fc000 [ 62.718582][ T3104] 1ea0: 84b80000 00000000 00000000 8452d400 df971f14 df971ec0 808877a8 80886b7c [ 62.719148][ T3104] 1ec0: 8088e164 81a4bdf8 84584db8 849287c8 00000001 00000001 81cf0b5c 00000001 [ 62.719659][ T3104] 1ee0: 8423e000 cce83187 845a1000 00000000 8423e000 000027e2 845a1000 00000000 [ 62.720105][ T3104] 1f00: 8452d400 00000000 df971fa4 df971f18 80888250 808875a8 df971f74 8423e040 [ 62.720664][ T3104] 1f20: 00000000 00000000 df971fac df971f38 8022b8b8 8046ec28 df971f64 df971f48 [ 62.721311][ T3104] 1f40: 8057a6bc 841f1b00 00000000 8281d1f0 00000a0f 76f54000 df971fb0 80234108 [ 62.721810][ T3104] 1f60: 00000000 000f4240 df971fac df971f78 8023478c cce83187 000000c0 00000000 [ 62.722307][ T3104] 1f80: 00000000 0008e068 000001aa 8020029c 8452d400 000001aa 00000000 df971fa8 [ 62.722865][ T3104] 1fa0: 80200060 80888124 00000000 00000000 00000003 000027e2 00000000 00000000 [ 62.723285][ T3104] 1fc0: 00000000 00000000 0008e068 000001aa 00000001 00000000 000f4240 00000000 [ 62.723994][ T3104] 1fe0: 7ecbdc70 7ecbdc60 0001088c 0002f900 40000010 00000003 00000000 00000000 [ 62.724530][ T3104] Call trace: [ 62.725228][ T3104] [<808899c0>] (io_buffer_select) from [<80892d3c>] (io_recvmsg+0x230/0x420) [ 62.726016][ T3104] r7:00000040 r6:00000000 r5:8474b800 r4:849fc000 [ 62.726658][ T3104] [<80892b0c>] (io_recvmsg) from [<80886df4>] (io_issue_sqe+0x284/0x658) [ 62.727294][ T3104] r10:8452d400 r9:0000000a r8:81cf0b5c r7:80000001 r6:00000000 r5:81cf0bd4 [ 62.727772][ T3104] r4:849fc000 [ 62.727989][ T3104] [<80886b70>] (io_issue_sqe) from [<808877a8>] (io_submit_sqes+0x20c/0x938) [ 62.728509][ T3104] r10:8452d400 r9:00000000 r8:00000000 r7:84b80000 r6:849fc000 r5:849fc06c [ 62.729051][ T3104] r4:8423e000 [ 62.729287][ T3104] [<8088759c>] (io_submit_sqes) from [<80888250>] (sys_io_uring_enter+0x138/0x780) [ 62.729849][ T3104] r10:00000000 r9:8452d400 r8:00000000 r7:845a1000 r6:000027e2 r5:8423e000 [ 62.730282][ T3104] r4:00000000 [ 62.730489][ T3104] [<80888118>] (sys_io_uring_enter) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 62.731071][ T3104] Exception stack(0xdf971fa8 to 0xdf971ff0) [ 62.731452][ T3104] 1fa0: 00000000 00000000 00000003 000027e2 00000000 00000000 [ 62.732065][ T3104] 1fc0: 00000000 00000000 0008e068 000001aa 00000001 00000000 000f4240 00000000 [ 62.732759][ T3104] 1fe0: 7ecbdc70 7ecbdc60 0001088c 0002f900 [ 62.733145][ T3104] r10:000001aa r9:8452d400 r8:8020029c r7:000001aa r6:0008e068 r5:00000000 [ 62.733649][ T3104] r4:00000000 [ 62.734114][ T3104] Code: e3130001 0a00002f e5910000 e1d120be (e1d030be) [ 62.735538][ T3104] ---[ end trace 0000000000000000 ]--- [ 62.737168][ T3104] Kernel panic - not syncing: Fatal exception [ 62.740970][ T3104] Rebooting in 86400 seconds.. VM DIAGNOSIS: 13:21:19 Registers: info registers vcpu 0 CPU#0 R00=00000000 R01=00000000 R02=00000000 R03=00000001 R04=df971dc8 R05=82242a04 R06=00000205 R07=60000113 R08=82a7045c R09=8281d058 R10=00000007 R11=df971cfc R12=df971c40 R13=df971cc8 R14=8047f6b4 R15=8022c2d8 PSR=60000193 -ZC- A S svc32 s00=20303031 s01=72617473 d00=7261747320303031 s02=00000000 s03=00000000 d01=0000000000000000 s04=ff008808 s05=ff008808 d02=ff008808ff008808 s06=08000000 s07=80000000 d03=8000000008000000 s08=00000000 s09=c0300c03 d04=c0300c0300000000 s10=08040201 s11=80402010 d05=8040201008040201 s12=08040201 s13=80402010 d06=8040201008040201 s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000001 d17=0000000100000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000002 d19=0000000200000000 s40=8c8a5902 s41=7a6f1a02 d20=7a6f1a028c8a5902 s42=afbb01d0 s43=9e88fd8b d21=9e88fd8bafbb01d0 s44=00ad96f3 s45=28400000 d22=2840000000ad96f3 s46=05e1d3f1 s47=0854d554 d23=0854d55405e1d3f1 s48=9653fe68 s49=050af1f4 d24=050af1f49653fe68 s50=d2bc4ec2 s51=62b3df82 d25=62b3df82d2bc4ec2 s52=1472d0d8 s53=490d6610 d26=490d66101472d0d8 s54=17cefb2e s55=63fa29d5 d27=63fa29d517cefb2e s56=569d0d52 s57=8c8a5902 d28=8c8a5902569d0d52 s58=7a6f1a02 s59=afbb01d0 d29=afbb01d07a6f1a02 s60=9e88fd8b s61=01ad96f3 d30=01ad96f39e88fd8b s62=05040302 s63=09080706 d31=0908070605040302 FPSCR: 00000000 info registers vcpu 1 CPU#1 R00=00000001 R01=00000000 R02=00000004 R03=81a50408 R04=00000006 R05=828fac48 R06=00000000 R07=828fac40 R08=8451e000 R09=00000028 R10=828fac48 R11=ec70db0c R12=ec70db10 R13=ec70db00 R14=803481f4 R15=81a50418 PSR=600f0193 -ZC- A S svc32 s00=6d702a20 s01=66643d64 d00=66643d646d702a20 s02=54205b5d s03=34303133 d01=3430313354205b5d s04=6e55205d s05=656c6261 d02=656c62616e55205d s06=206f7420 s07=646e6168 d03=646e6168206f7420 s08=6b20656c s09=656e7265 d04=656e72656b20656c s10=554e206c s11=70204c4c d05=70204c4c554e206c s12=746e696f s13=64207265 d06=64207265746e696f s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000