./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3468485169 <...> [ 23.405759][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.420272][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 32.412791][ T27] kauditd_printk_skb: 37 callbacks suppressed [ 32.412808][ T27] audit: type=1400 audit(1666104703.010:73): avc: denied { transition } for pid=3401 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 32.441613][ T27] audit: type=1400 audit(1666104703.020:74): avc: denied { write } for pid=3401 comm="sh" path="pipe:[28215]" dev="pipefs" ino=28215 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.143' (ECDSA) to the list of known hosts. execve("./syz-executor3468485169", ["./syz-executor3468485169"], 0x7ffe5b591fe0 /* 10 vars */) = 0 brk(NULL) = 0x555556ee6000 brk(0x555556ee6c40) = 0x555556ee6c40 arch_prctl(ARCH_SET_FS, 0x555556ee6300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3468485169", 4096) = 28 brk(0x555556f07c40) = 0x555556f07c40 brk(0x555556f08000) = 0x555556f08000 mprotect(0x7fbab9832000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ee65d0) = 3615 ./strace-static-x86_64: Process 3615 attached [pid 3615] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3615] <... clone resumed>, child_tidptr=0x555556ee65d0) = 3616 ./strace-static-x86_64: Process 3616 attached [pid 3614] <... clone resumed>, child_tidptr=0x555556ee65d0) = 3617 [pid 3616] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 3617 attached [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3616] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 3618 attached [pid 3614] <... clone resumed>, child_tidptr=0x555556ee65d0) = 3618 [pid 3616] setpgid(0, 0 [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3616] <... setpgid resumed>) = 0 [pid 3617] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3619 attached [pid 3614] <... clone resumed>, child_tidptr=0x555556ee65d0) = 3619 [pid 3618] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3616] <... openat resumed>) = 3 [pid 3616] write(3, "1000", 4 [pid 3614] <... clone resumed>, child_tidptr=0x555556ee65d0) = 3621 [pid 3616] <... write resumed>) = 4 [pid 3617] <... clone resumed>, child_tidptr=0x555556ee65d0) = 3620 [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3616] close(3./strace-static-x86_64: Process 3621 attached ) = 0 [pid 3621] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3614] <... clone resumed>, child_tidptr=0x555556ee65d0) = 3622 [pid 3616] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR./strace-static-x86_64: Process 3624 attached ./strace-static-x86_64: Process 3623 attached ./strace-static-x86_64: Process 3622 attached ./strace-static-x86_64: Process 3620 attached [pid 3619] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3616] <... openat resumed>) = 3 [pid 3623] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3622] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3620] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3621] <... clone resumed>, child_tidptr=0x555556ee65d0) = 3624 [pid 3618] <... clone resumed>, child_tidptr=0x555556ee65d0) = 3623 [pid 3616] ioctl(3, USB_RAW_IOCTL_INIT [pid 3623] <... prctl resumed>) = 0 [pid 3620] <... prctl resumed>) = 0 [pid 3619] <... clone resumed>, child_tidptr=0x555556ee65d0) = 3625 [pid 3616] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3623] setpgid(0, 0 [pid 3622] <... clone resumed>, child_tidptr=0x555556ee65d0) = 3626 [pid 3620] setpgid(0, 0 [pid 3616] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3623] <... setpgid resumed>) = 0 [pid 3620] <... setpgid resumed>) = 0 [pid 3616] <... ioctl resumed>, 0) = 0 [pid 3623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3623] <... openat resumed>) = 3 [pid 3620] <... openat resumed>) = 3 [pid 3616] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3623] write(3, "1000", 4 [pid 3620] write(3, "1000", 4 [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3623] <... write resumed>) = 4 [pid 3620] <... write resumed>) = 4 [pid 3623] close(3 [pid 3620] close(3 [pid 3623] <... close resumed>) = 0 [pid 3620] <... close resumed>) = 0 [pid 3623] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3620] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3623] <... openat resumed>) = 3 [pid 3620] <... openat resumed>) = 3 [pid 3623] ioctl(3, USB_RAW_IOCTL_INIT [pid 3620] ioctl(3, USB_RAW_IOCTL_INIT [pid 3623] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3620] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3623] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3620] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3623] <... ioctl resumed>, 0) = 0 [pid 3620] <... ioctl resumed>, 0) = 0 [pid 3623] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3620] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3623] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3620] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3623] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3620] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3624] setpgid(0, 0) = 0 [pid 3624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3624] write(3, "1000", 4) = 4 [pid 3624] close(3) = 0 [pid 3624] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3624] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fffda68f420) = 0 [pid 3624] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3624] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffda68f420) = 0 [ 40.547978][ T27] audit: type=1400 audit(1666104711.150:75): avc: denied { execmem } for pid=3614 comm="syz-executor346" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 3624] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH./strace-static-x86_64: Process 3626 attached ./strace-static-x86_64: Process 3625 attached [pid 3626] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3625] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3626] <... prctl resumed>) = 0 [pid 3625] <... prctl resumed>) = 0 [pid 3626] setpgid(0, 0 [pid 3625] setpgid(0, 0 [pid 3626] <... setpgid resumed>) = 0 [pid 3625] <... setpgid resumed>) = 0 [pid 3626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3626] <... openat resumed>) = 3 [pid 3626] write(3, "1000", 4 [pid 3625] <... openat resumed>) = 3 [pid 3626] <... write resumed>) = 4 [pid 3625] write(3, "1000", 4 [pid 3626] close(3 [pid 3625] <... write resumed>) = 4 [pid 3626] <... close resumed>) = 0 [pid 3625] close(3 [pid 3626] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3625] <... close resumed>) = 0 [pid 3626] <... openat resumed>) = 3 [pid 3626] ioctl(3, USB_RAW_IOCTL_INIT [pid 3625] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3626] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3626] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3625] <... openat resumed>) = 3 [pid 3626] <... ioctl resumed>, 0) = 0 [pid 3625] ioctl(3, USB_RAW_IOCTL_INIT [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffda68f420) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3625] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3625] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3625] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffda68f420) = 0 [ 40.576234][ T27] audit: type=1400 audit(1666104711.180:76): avc: denied { read write } for pid=3616 comm="syz-executor346" name="raw-gadget" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 40.601786][ T27] audit: type=1400 audit(1666104711.180:77): avc: denied { open } for pid=3616 comm="syz-executor346" path="/dev/raw-gadget" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 40.632654][ T27] audit: type=1400 audit(1666104711.180:78): avc: denied { ioctl } for pid=3616 comm="syz-executor346" path="/dev/raw-gadget" dev="devtmpfs" ino=730 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [pid 3625] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3623] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3616] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3623] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3616] <... ioctl resumed>, 0x7fffda68e410) = 18 [pid 3623] <... ioctl resumed>, 0x7fffda68e410) = 18 [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3623] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3626] <... ioctl resumed>, 0x7fffda68f420) = 0 [ 40.864141][ T26] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 40.871731][ T2481] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffda68e410) = 18 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3624] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3620] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3625] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3624] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3620] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3625] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffda68e410) = 18 [pid 3624] <... ioctl resumed>, 0x7fffda68e410) = 18 [pid 3620] <... ioctl resumed>, 0x7fffda68e410) = 18 [pid 3624] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3620] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 40.934134][ T2936] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 40.954123][ T3627] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 40.961672][ T22] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 40.969212][ T3632] usb 4-1: new high-speed USB device number 2 using dummy_hcd [pid 3625] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3623] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3616] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3623] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3626] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3623] <... ioctl resumed>, 0x7fffda68e410) = 18 [pid 3616] <... ioctl resumed>, 0x7fffda68e410) = 18 [pid 3623] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3626] <... ioctl resumed>, 0x7fffda68e410) = 18 [pid 3616] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3623] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3623] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3623] <... ioctl resumed>, 0x7fffda68e410) = 9 [pid 3616] <... ioctl resumed>, 0x7fffda68e410) = 9 [pid 3626] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3623] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffda68e410) = 9 [pid 3625] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3624] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3623] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3620] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3616] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3625] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3624] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3623] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3620] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3626] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3625] <... ioctl resumed>, 0x7fffda68e410) = 18 [pid 3624] <... ioctl resumed>, 0x7fffda68e410) = 18 [pid 3623] <... ioctl resumed>, 0x7fffda68e410) = 27 [pid 3620] <... ioctl resumed>, 0x7fffda68e410) = 18 [pid 3616] <... ioctl resumed>, 0x7fffda68e410) = 27 [pid 3625] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3624] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3623] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3620] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3626] <... ioctl resumed>, 0x7fffda68e410) = 27 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3625] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3624] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3620] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3625] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3624] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3620] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3624] <... ioctl resumed>, 0x7fffda68e410) = 9 [pid 3620] <... ioctl resumed>, 0x7fffda68e410) = 9 [pid 3625] <... ioctl resumed>, 0x7fffda68e410) = 9 [pid 3624] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3620] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3625] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3626] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fbab983846c) = 10 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3623] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3616] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3625] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3624] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3623] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3620] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3625] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3616] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3624] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3623] <... ioctl resumed>, 0) = 0 [pid 3620] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3616] <... ioctl resumed>, 0) = 0 [pid 3623] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3616] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3623] <... ioctl resumed>, 0) = 0 [pid 3616] <... ioctl resumed>, 0) = 0 [pid 3623] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3616] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3623] <... ioctl resumed>, 0x7fbab983846c) = 10 [ 41.284281][ T26] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 41.293447][ T2481] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 41.294228][ T2936] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 41.302727][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.313546][ T2936] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [pid 3616] <... ioctl resumed>, 0x7fbab983846c) = 10 [pid 3623] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3626] <... ioctl resumed>, 0x7fffda68e410) = 0 [pid 3623] <... ioctl resumed>, 0x7fffda68e410) = 0 [pid 3616] <... ioctl resumed>, 0x7fffda68e410) = 0 [pid 3624] <... ioctl resumed>, 0x7fffda68e410) = 27 [pid 3620] <... ioctl resumed>, 0x7fffda68e410) = 27 [pid 3620] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3625] <... ioctl resumed>, 0x7fffda68e410) = 27 [pid 3625] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 41.319809][ T2481] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.330089][ T2936] usb 6-1: config 0 descriptor?? [ 41.341549][ T26] usb 3-1: config 0 descriptor?? [ 41.347399][ T2481] usb 1-1: config 0 descriptor?? [ 41.394298][ T3627] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 41.403464][ T22] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 41.412595][ T3632] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 41.427155][ T3627] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.435376][ T22] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [pid 3624] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3625] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3625] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3625] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3625] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fbab983846c) = 10 [pid 3625] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3624] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3620] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3624] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3620] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3624] <... ioctl resumed>, 0) = 0 [pid 3620] <... ioctl resumed>, 0) = 0 [pid 3624] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3620] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3624] <... ioctl resumed>, 0) = 0 [pid 3620] <... ioctl resumed>, 0) = 0 [pid 3624] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3620] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3624] <... ioctl resumed>, 0x7fbab983846c) = 10 [pid 3624] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3620] <... ioctl resumed>, 0x7fbab983846c) = 10 [pid 3620] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3625] <... ioctl resumed>, 0x7fffda68e410) = 0 [pid 3624] <... ioctl resumed>, 0x7fffda68e410) = 0 [pid 3620] <... ioctl resumed>, 0x7fffda68e410) = 0 [ 41.443991][ T3632] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.453717][ T3627] usb 5-1: config 0 descriptor?? [ 41.459246][ T22] usb 2-1: config 0 descriptor?? [ 41.464756][ T3632] usb 4-1: config 0 descriptor?? [pid 3626] ioctl(3, USB_RAW_IOCTL_EP_WRITE, 0x7fffda68f450) = 4 [pid 3623] ioctl(3, USB_RAW_IOCTL_EP_WRITE [pid 3616] ioctl(3, USB_RAW_IOCTL_EP_WRITE [pid 3623] <... ioctl resumed>, 0x7fffda68f450) = 4 [pid 3616] <... ioctl resumed>, 0x7fffda68f450) = 4 [ 41.594601][ T143] ------------[ cut here ]------------ [ 41.600111][ T143] WARNING: CPU: 0 PID: 143 at drivers/net/wireless/ath/ath6kl/htc_pipe.c:963 ath6kl_htc_pipe_rx_complete+0xdbd/0x1130 [ 41.612635][ T143] Modules linked in: [ 41.617487][ T143] CPU: 0 PID: 143 Comm: kworker/0:2 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 [ 41.624922][ T3634] ath6kl: Target not yet initialized [ 41.627606][ T143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [pid 3620] ioctl(3, USB_RAW_IOCTL_EP_WRITE, 0x7fffda68f450) = 4 [ 41.633005][ T3634] ath6kl: Target not yet initialized [ 41.642738][ T143] Workqueue: ath6kl_wq ath6kl_usb_io_comp_work [ 41.654348][ T143] RIP: 0010:ath6kl_htc_pipe_rx_complete+0xdbd/0x1130 [ 41.661040][ T143] Code: e4 e8 c7 56 40 04 48 c7 44 24 38 00 00 00 00 e9 66 fa ff ff e8 44 f2 34 fc 8b 9c 24 8c 00 00 00 e9 4b f8 ff ff e8 33 f2 34 fc <0f> 0b 48 c7 c7 c0 36 84 8a 41 bc ea ff ff ff e8 8e a0 17 04 e9 37 [ 41.680927][ T143] RSP: 0018:ffffc90002d9fba8 EFLAGS: 00010293 [ 41.687115][ T143] RAX: 0000000000000000 RBX: ffff888074ae0de0 RCX: 0000000000000000 [pid 3625] ioctl(3, USB_RAW_IOCTL_EP_WRITE, 0x7fffda68f450) = 4 [pid 3624] ioctl(3, USB_RAW_IOCTL_EP_WRITE, 0x7fffda68f450) = 4 [ 41.695211][ T143] RDX: ffff88801c1d6100 RSI: ffffffff8545847d RDI: ffff888074ae0e50 [ 41.703190][ T143] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 [ 41.711355][ T143] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88807dc16000 [ 41.719756][ T143] R13: ffff888074ae0de0 R14: 0000000000000000 R15: ffff88807dc16920 [ 41.724876][ T3634] ath6kl: Target not yet initialized [ 41.728182][ T143] FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [pid 3626] exit_group(0) = ? [pid 3626] +++ exited with 0 +++ [pid 3622] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3626, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3622] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ee65d0) = 3645 ./strace-static-x86_64: Process 3645 attached [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3645] setpgid(0, 0) = 0 [ 41.742178][ T143] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.744971][ T3634] ath6kl: Target not yet initialized [ 41.754133][ T143] CR2: 00000000200011c0 CR3: 000000007da20000 CR4: 00000000003506f0 [ 41.756112][ T3634] ath6kl: Target not yet initialized [ 41.762282][ T143] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.775531][ T143] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.783559][ T143] Call Trace: [ 41.786996][ T143] [ 41.790173][ T143] ? rcu_read_lock_sched_held+0xd/0x70 [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3645] write(3, "1000", 4) = 4 [pid 3645] close(3 [pid 3623] exit_group(0 [pid 3616] exit_group(0 [pid 3623] <... exit_group resumed>) = ? [pid 3616] <... exit_group resumed>) = ? [pid 3645] <... close resumed>) = 0 [pid 3623] +++ exited with 0 +++ [pid 3616] +++ exited with 0 +++ [pid 3618] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3623, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3615] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3616, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3618] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3615] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3645] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3618] <... clone resumed>, child_tidptr=0x555556ee65d0) = 3647 [pid 3615] <... clone resumed>, child_tidptr=0x555556ee65d0) = 3648 ./strace-static-x86_64: Process 3647 attached [pid 3647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 41.797223][ T143] ? lock_release+0x560/0x780 [ 41.801926][ T143] ? finish_task_switch.isra.0+0x2b0/0xc70 [ 41.812541][ T143] ? skb_dequeue+0x125/0x180 [ 41.819577][ T2936] ath6kl: Failed to submit usb control message: -71 [ 41.826433][ T2936] ath6kl: unable to send the bmi data to the device: -71 [ 41.833639][ T2936] ath6kl: Unable to send get target info: -71 [ 41.840245][ T143] ? rwlock_bug.part.0+0x90/0x90 [pid 3647] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 3648 attached [pid 3645] <... openat resumed>) = 3 [pid 3647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3647] write(3, "1000", 4) = 4 [pid 3647] close(3) = 0 [pid 3647] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3647] ioctl(3, USB_RAW_IOCTL_INIT [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3645] ioctl(3, USB_RAW_IOCTL_INIT [pid 3647] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3647] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3620] exit_group(0) = ? [pid 3648] <... prctl resumed>) = 0 [pid 3645] <... ioctl resumed>, 0x7fffda68f420) = 0 [pid 3620] +++ exited with 0 +++ [pid 3617] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3620, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3617] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ee65d0) = 3649 ./strace-static-x86_64: Process 3649 attached [pid 3648] setpgid(0, 0 [ 41.845781][ T143] ? lock_acquire+0x480/0x570 [ 41.850665][ T143] ? htc_try_send.isra.0+0x2460/0x2460 [ 41.856397][ T143] ? trace_hardirqs_on+0x2d/0x120 [ 41.861753][ T143] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 41.868696][ T143] ath6kl_usb_io_comp_work+0x11e/0x160 [ 41.874346][ T143] process_one_work+0x991/0x1610 [ 41.879875][ T143] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 41.885974][ T143] ? rwlock_bug.part.0+0x90/0x90 [ 41.886149][ T26] ath6kl: Failed to submit usb control message: -71 [pid 3645] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [ 41.890921][ T143] worker_thread+0x665/0x1080 [ 41.899213][ T2481] ath6kl: Failed to submit usb control message: -71 [ 41.902213][ T143] ? process_one_work+0x1610/0x1610 [ 41.915436][ T143] kthread+0x2e4/0x3a0 [ 41.920023][ T143] ? kthread_complete_and_exit+0x40/0x40 [ 41.926762][ T143] ret_from_fork+0x1f/0x30 [ 41.931587][ T143] [ 41.935114][ T22] ath6kl: Failed to submit usb control message: -71 [ 41.939815][ T143] Kernel panic - not syncing: panic_on_warn set ... [ 41.939827][ T143] CPU: 0 PID: 143 Comm: kworker/0:2 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 [ 41.939852][ T143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 41.939865][ T143] Workqueue: ath6kl_wq ath6kl_usb_io_comp_work [ 41.939894][ T143] Call Trace: [ 41.939900][ T143] [ 41.939907][ T143] dump_stack_lvl+0xcd/0x134 [ 41.939935][ T143] panic+0x2c8/0x622 [ 41.939967][ T143] ? panic_print_sys_info.part.0+0x10b/0x10b [ 41.940004][ T143] ? __warn.cold+0x248/0x2c4 [ 41.940037][ T143] ? ath6kl_htc_pipe_rx_complete+0xdbd/0x1130 [ 41.940062][ T143] __warn.cold+0x259/0x2c4 [ 41.940095][ T143] ? ath6kl_htc_pipe_rx_complete+0xdbd/0x1130 [ 41.940120][ T143] report_bug+0x1bc/0x210 [ 41.940160][ T143] handle_bug+0x3c/0x70 [ 41.940193][ T143] exc_invalid_op+0x14/0x40 [ 41.940223][ T143] asm_exc_invalid_op+0x16/0x20 [ 41.940253][ T143] RIP: 0010:ath6kl_htc_pipe_rx_complete+0xdbd/0x1130 [ 41.940281][ T143] Code: e4 e8 c7 56 40 04 48 c7 44 24 38 00 00 00 00 e9 66 fa ff ff e8 44 f2 34 fc 8b 9c 24 8c 00 00 00 e9 4b f8 ff ff e8 33 f2 34 fc <0f> 0b 48 c7 c7 c0 36 84 8a 41 bc ea ff ff ff e8 8e a0 17 04 e9 37 [ 41.940302][ T143] RSP: 0018:ffffc90002d9fba8 EFLAGS: 00010293 [ 41.940320][ T143] RAX: 0000000000000000 RBX: ffff888074ae0de0 RCX: 0000000000000000 [ 41.940335][ T143] RDX: ffff88801c1d6100 RSI: ffffffff8545847d RDI: ffff888074ae0e50 [ 41.940351][ T143] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 [ 41.940365][ T143] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88807dc16000 [ 41.940380][ T143] R13: ffff888074ae0de0 R14: 0000000000000000 R15: ffff88807dc16920 [ 41.940397][ T143] ? ath6kl_htc_pipe_rx_complete+0xdbd/0x1130 [ 41.940423][ T143] ? ath6kl_htc_pipe_rx_complete+0xdbd/0x1130 [ 41.940448][ T143] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.940481][ T143] ? lock_release+0x560/0x780 [ 41.940502][ T143] ? finish_task_switch.isra.0+0x2b0/0xc70 [ 41.940537][ T143] ? skb_dequeue+0x125/0x180 [ 41.940559][ T143] ? rwlock_bug.part.0+0x90/0x90 [ 41.940582][ T143] ? lock_acquire+0x480/0x570 [ 41.940603][ T143] ? htc_try_send.isra.0+0x2460/0x2460 [ 41.940626][ T143] ? trace_hardirqs_on+0x2d/0x120 [ 41.940662][ T143] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 41.940691][ T143] ath6kl_usb_io_comp_work+0x11e/0x160 [ 41.940717][ T143] process_one_work+0x991/0x1610 [ 41.940745][ T143] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 41.940774][ T143] ? rwlock_bug.part.0+0x90/0x90 [ 41.940798][ T143] worker_thread+0x665/0x1080 [ 41.940827][ T143] ? process_one_work+0x1610/0x1610 [ 41.940853][ T143] kthread+0x2e4/0x3a0 [ 41.940875][ T143] ? kthread_complete_and_exit+0x40/0x40 [ 41.940901][ T143] ret_from_fork+0x1f/0x30 [ 41.940933][ T143] [ 41.941865][ T143] Kernel Offset: disabled [ 42.215697][ T143] Rebooting in 86400 seconds..