syzkaller
syzkaller login: [ 11.160508][ T24] kauditd_printk_skb: 60 callbacks suppressed
[ 11.160518][ T24] audit: type=1400 audit(1663309855.490:71): avc: denied { transition } for pid=289 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 11.166913][ T24] audit: type=1400 audit(1663309855.490:72): avc: denied { write } for pid=289 comm="sh" path="pipe:[269]" dev="pipefs" ino=269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
[ 11.171724][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[ 11.178510][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[ 11.419029][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!!
[ 11.422524][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!!
[ 11.425921][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!!
Warning: Permanently added '10.128.1.93' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
[ 56.522079][ T24] audit: type=1400 audit(1663309900.850:73): avc: denied { execmem } for pid=365 comm="syz-executor653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 56.530030][ T24] audit: type=1400 audit(1663309900.860:74): avc: denied { read write } for pid=368 comm="syz-executor653" name="usbmon0" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 56.535082][ T24] audit: type=1400 audit(1663309900.860:75): avc: denied { open } for pid=368 comm="syz-executor653" path="/dev/usbmon0" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 56.543103][ T24] audit: type=1400 audit(1663309900.860:76): avc: denied { map } for pid=368 comm="syz-executor653" path="/dev/usbmon0" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 56.567059][ T24] audit: type=1400 audit(1663309900.860:77): avc: denied { read write } for pid=368 comm="syz-executor653" name="raw-gadget" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 56.591114][ T24] audit: type=1400 audit(1663309900.860:78): avc: denied { open } for pid=368 comm="syz-executor653" path="/dev/raw-gadget" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 56.614733][ T24] audit: type=1400 audit(1663309900.860:79): avc: denied { ioctl } for pid=368 comm="syz-executor653" path="/dev/raw-gadget" dev="devtmpfs" ino=165 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 56.798151][ T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 56.805755][ T379] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 56.808184][ T109] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 56.820662][ T104] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 56.828138][ T5] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 56.838163][ T20] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 57.078141][ T379] usb 6-1: device descriptor read/64, error 18
[ 57.078148][ T109] usb 3-1: Using ep0 maxpacket: 16
[ 57.089444][ T25] usb 1-1: device descriptor read/64, error 18
[ 57.108145][ T20] usb 4-1: device descriptor read/64, error 18
[ 57.118132][ T104] usb 5-1: device descriptor read/64, error 18
[ 57.124331][ T5] usb 2-1: device descriptor read/64, error 18
[ 57.208199][ T109] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 57.219102][ T109] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 57.231888][ T109] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 57.240949][ T109] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 57.251062][ T109] usb 3-1: config 0 descriptor??
[ 57.488666][ T386] ==================================================================
[ 57.489526][ T24] audit: type=1400 audit(1663309901.820:80): avc: denied { ioctl } for pid=376 comm="syz-executor653" path="/dev/usbmon0" dev="devtmpfs" ino=138 ioctlcmd=0x9208 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 57.496735][ T386] BUG: KASAN: use-after-free in mon_bin_flush+0x121/0x260
[ 57.496744][ T386] Read of size 8 at addr ffff88811d8f5ab8 by task syz-executor653/386
[ 57.496755][ T386]
[ 57.522153][ T5] usb 2-1: device descriptor read/64, error 18
[ 57.529144][ T386] CPU: 1 PID: 386 Comm: syz-executor653 Not tainted 5.10.140-syzkaller-00825-g59390358870a #0
[ 57.529149][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 57.529153][ T386] Call Trace:
[ 57.529178][ T386] dump_stack_lvl+0x1e2/0x24b
[ 57.537309][ T104] usb 5-1: device descriptor read/64, error 18
[ 57.539589][ T386] ? bfq_pos_tree_add_move+0x43e/0x43e
[ 57.539599][ T386] ? panic+0x7d7/0x7d7
[ 57.539610][ T386] print_address_description+0x81/0x3c0
[ 57.539625][ T386] ? __kasan_check_write+0x14/0x20
[ 57.600058][ T386] kasan_report+0x1a4/0x1f0
[ 57.604562][ T386] ? mon_bin_flush+0x121/0x260
[ 57.609326][ T386] ? mon_bin_flush+0x121/0x260
[ 57.614063][ T386] __asan_report_load8_noabort+0x14/0x20
[ 57.619665][ T386] mon_bin_flush+0x121/0x260
[ 57.624230][ T386] mon_bin_ioctl+0x2fb/0xed0
[ 57.628792][ T386] ? selinux_file_alloc_security+0x120/0x120
[ 57.634756][ T386] ? mon_bin_poll+0x150/0x150
[ 57.639421][ T386] ? __fget_files+0x310/0x370
[ 57.644072][ T386] ? security_file_ioctl+0xb1/0xd0
[ 57.649155][ T386] ? mon_bin_poll+0x150/0x150
[ 57.653809][ T386] __se_sys_ioctl+0x115/0x190
[ 57.658480][ T386] __x64_sys_ioctl+0x7b/0x90
[ 57.663070][ T386] do_syscall_64+0x34/0x70
[ 57.667458][ T386] entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 57.673318][ T386] RIP: 0033:0x7f8570d8b819
[ 57.677709][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 57.697283][ T386] RSP: 002b:00007f8570d302f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 57.705753][ T386] RAX: ffffffffffffffda RBX: 00007f8570e09480 RCX: 00007f8570d8b819
[ 57.713694][ T386] RDX: 0000000000000006 RSI: 0000000000009208 RDI: 0000000000000003
[ 57.721635][ T386] RBP: 00007f8570dd62bc R08: 0000000000000000 R09: 0000000000000000
[ 57.729575][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8570dd52f0
[ 57.737533][ T386] R13: 0000000020001978 R14: 6273752f7665642f R15: 00007f8570e09488
[ 57.745490][ T386]
[ 57.747787][ T386] The buggy address belongs to the page:
[ 57.753389][ T386] page:ffffea0004763d40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d8f5
[ 57.763602][ T386] flags: 0x8000000000000000()
[ 57.768336][ T386] raw: 8000000000000000 ffffea0004763d48 ffffea0004763d48 0000000000000000
[ 57.776975][ T386] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 57.785529][ T386] page dumped because: kasan: bad access detected
[ 57.791909][ T386] page_owner info is not present (never set?)
[ 57.797941][ T386]
[ 57.800325][ T386] Memory state around the buggy address:
[ 57.805925][ T386] ffff88811d8f5980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 57.813955][ T386] ffff88811d8f5a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 57.821991][ T386] >ffff88811d8f5a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 57.830019][ T386] ^
[ 57.835879][ T386] ffff88811d8f5b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 57.843922][ T386] ffff88811d8f5b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 57.852043][ T386] ==================================================================
[ 57.860082][ T386] Disabling lock debugging due to kernel taint
[ 57.866685][ T386] general protection fault, probably for non-canonical address 0xdffffc000000013c: 0000 [#1] PREEMPT SMP KASAN
[ 57.878468][ T386] KASAN: null-ptr-deref in range [0x00000000000009e0-0x00000000000009e7]
[ 57.886849][ T386] CPU: 1 PID: 386 Comm: syz-executor653 Tainted: G B 5.10.140-syzkaller-00825-g59390358870a #0
[ 57.898437][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 57.908468][ T386] RIP: 0010:mon_bin_flush+0x141/0x260
[ 57.913805][ T386] Code: 74 08 48 89 df e8 8f 3a 94 fe 48 8b 03 41 81 e7 ff 0f 00 00 4d 8d 7c 07 24 4c 89 f8 48 c1 e8 03 48 bb 00 00 00 00 00 fc ff df <0f> b6 04 18 84 c0 75 6b 41 8b 37 83 c6 40 4c 89 f7 e8 a9 fd ff ff
[ 57.933393][ T386] RSP: 0018:ffffc90000c97d08 EFLAGS: 00010007
[ 57.939427][ T386] RAX: 000000000000013c RBX: dffffc0000000000 RCX: 0000000000000002
[ 57.947380][ T386] RDX: 0000000000000000 RSI: 0000000000000082 RDI: 0000000000000001
[ 57.955320][ T386] RBP: ffffc90000c97d70 R08: ffffffff813efe13 R09: fffffbfff0d864f9
[ 57.963259][ T386] R10: fffffbfff0d864f9 R11: 1ffffffff0d864f8 R12: 00000000fffffffd
[ 57.971200][ T386] R13: ffff88811cd19618 R14: ffff88811cd19600 R15: 00000000000009e4
[ 57.979157][ T386] FS: 00007f8570d30700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 57.988051][ T386] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 57.994620][ T386] CR2: 0000000020002000 CR3: 000000011785e000 CR4: 00000000003506a0
[ 58.002565][ T386] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 58.010682][ T386] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 58.018634][ T386] Call Trace:
[ 58.021897][ T386] mon_bin_ioctl+0x2fb/0xed0
[ 58.026457][ T386] ? selinux_file_alloc_security+0x120/0x120
[ 58.032404][ T386] ? mon_bin_poll+0x150/0x150
[ 58.037048][ T386] ? __fget_files+0x310/0x370
[ 58.041694][ T386] ? security_file_ioctl+0xb1/0xd0
[ 58.046772][ T386] ? mon_bin_poll+0x150/0x150
[ 58.051421][ T386] __se_sys_ioctl+0x115/0x190
[ 58.056169][ T386] __x64_sys_ioctl+0x7b/0x90
[ 58.060729][ T386] do_syscall_64+0x34/0x70
[ 58.065216][ T386] entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 58.071074][ T386] RIP: 0033:0x7f8570d8b819
[ 58.075458][ T386] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 58.095054][ T386] RSP: 002b:00007f8570d302f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 58.103438][ T386] RAX: ffffffffffffffda RBX: 00007f8570e09480 RCX: 00007f8570d8b819
[ 58.111465][ T386] RDX: 0000000000000006 RSI: 0000000000009208 RDI: 0000000000000003
[ 58.119403][ T386] RBP: 00007f8570dd62bc R08: 0000000000000000 R09: 0000000000000000
[ 58.127340][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8570dd52f0
[ 58.135280][ T386] R13: 0000000020001978 R14: 6273752f7665642f R15: 00007f8570e09488
[ 58.143218][ T386] Modules linked in:
[ 58.147088][ T386] ---[ end trace a8255d76b47e1058 ]---
[ 58.152518][ T386] RIP: 0010:mon_bin_flush+0x141/0x260
[ 58.157857][ T386] Code: 74 08 48 89 df e8 8f 3a 94 fe 48 8b 03 41 81 e7 ff 0f 00 00 4d 8d 7c 07 24 4c 89 f8 48 c1 e8 03 48 bb 00 00 00 00 00 fc ff df <0f> b6 04 18 84 c0 75 6b 41 8b 37 83 c6 40 4c 89 f7 e8 a9 fd ff ff
[ 58.177435][ T386] RSP: 0018:ffffc90000c97d08 EFLAGS: 00010007
[ 58.183907][ T386] RAX: 000000000000013c RBX: dffffc0000000000 RCX: 0000000000000002
[ 58.191851][ T386] RDX: 0000000000000000 RSI: 0000000000000082 RDI: 0000000000000001
[ 58.199796][ T386] RBP: ffffc90000c97d70 R08: ffffffff813efe13 R09: fffffbfff0d864f9
[ 58.207743][ T386] R10: fffffbfff0d864f9 R11: 1ffffffff0d864f8 R12: 00000000fffffffd
[ 58.215688][ T386] R13: ffff88811cd19618 R14: ffff88811cd19600 R15: 00000000000009e4
[ 58.223645][ T386] FS: 00007f8570d30700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 58.232981][ T386] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 58.239535][ T386] CR2: 0000000020002000 CR3: 000000011785e000 CR4: 00000000003506a0
[ 58.247483][ T386] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 58.255511][ T386] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 58.263453][ T386] Kernel panic - not syncing: Fatal exception
[ 59.369325][ T386] Shutting down cpus with NMI
[ 59.374117][ T386] Kernel Offset: disabled
[ 59.378442][ T386] Rebooting in 86400 seconds..