./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3128541717 <...> Warning: Permanently added '10.128.1.23' (ECDSA) to the list of known hosts. execve("./syz-executor3128541717", ["./syz-executor3128541717"], 0x7ffefab86cc0 /* 10 vars */) = 0 brk(NULL) = 0x55555678b000 brk(0x55555678bc40) = 0x55555678bc40 arch_prctl(ARCH_SET_FS, 0x55555678b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3128541717", 4096) = 28 brk(0x5555567acc40) = 0x5555567acc40 brk(0x5555567ad000) = 0x5555567ad000 mprotect(0x7fd41fb38000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe7730ae40) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe7730ae40) = 0 [ 50.479681][ T27] audit: type=1400 audit(1653377100.718:75): avc: denied { execmem } for pid=3605 comm="syz-executor312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 50.500111][ T27] audit: type=1400 audit(1653377100.718:76): avc: denied { read write } for pid=3605 comm="syz-executor312" name="raw-gadget" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 50.524165][ T27] audit: type=1400 audit(1653377100.718:77): avc: denied { open } for pid=3605 comm="syz-executor312" path="/dev/raw-gadget" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 50.548030][ T27] audit: type=1400 audit(1653377100.718:78): avc: denied { ioctl } for pid=3605 comm="syz-executor312" path="/dev/raw-gadget" dev="devtmpfs" ino=730 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe7730ae40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe77309e30) = 18 [ 50.748966][ T921] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe7730ae40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe77309e30) = 18 [ 50.989035][ T921] usb 1-1: Using ep0 maxpacket: 16 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe7730ae40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe77309e30) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe7730ae40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe77309e30) = 45 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe7730ae40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe77309e30) = 4 [ 51.108948][ T921] usb 1-1: config 0 has an invalid interface number: 138 but max is 1 [ 51.117825][ T921] usb 1-1: config 0 has no interface number 1 [ 51.124211][ T921] usb 1-1: config 0 interface 138 altsetting 9 has an invalid endpoint with address 0x0, skipping [ 51.134985][ T921] usb 1-1: config 0 interface 138 has no altsetting 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe7730ae40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe77309e30) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe7730ae40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe77309e30) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe7730ae40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe77309e30) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe7730ae40) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fd41fb3e3ac) = 9 ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fd41fb3e3bc) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe77309e30) = 0 [ 51.299551][ T921] usb 1-1: New USB device found, idVendor=11ba, idProduct=1003, bcdDevice=3b.05 [ 51.308621][ T921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.316961][ T921] usb 1-1: Product: syz [ 51.321311][ T921] usb 1-1: Manufacturer: syz [ 51.325889][ T921] usb 1-1: SerialNumber: syz [ 51.340017][ T921] usb 1-1: config 0 descriptor?? [ 51.382876][ T921] pvrusb2: Hardware description: OnAir Creator Hybrid USB tuner [ 51.390993][ T921] usb 1-1: selecting invalid altsetting 0 [ 51.401784][ T921] pvrusb2: Hardware description: OnAir Creator Hybrid USB tuner ioctl(3, USB_RAW_IOCTL_EP_READ, 0x7ffe7730ae80) = 1 [ 51.625649][ T1961] pvrusb2: Invalid read control endpoint [ 51.631736][ T1961] ------------[ cut here ]------------ [ 51.637196][ T1961] URB ffff888016443b00 submitted while active [ 51.643929][ T1961] WARNING: CPU: 0 PID: 1961 at drivers/usb/core/urb.c:378 usb_submit_urb+0x14e2/0x18a0 [ 51.653809][ T1961] Modules linked in: [ 51.658035][ T1961] CPU: 0 PID: 1961 Comm: pvrusb2-context Not tainted 5.18.0-syzkaller-00161-g1e57930e9f40 #0 [ 51.668673][ T1961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.678934][ T1961] RIP: 0010:usb_submit_urb+0x14e2/0x18a0 [ 51.684591][ T1961] Code: 89 de e8 d1 f5 f3 fb 84 db 0f 85 a9 f3 ff ff e8 e4 f1 f3 fb 4c 89 fe 48 c7 c7 80 ab 6c 8a c6 05 c3 a1 1f 08 01 e8 ae ad a3 03 <0f> 0b e9 87 f3 ff ff 41 be ed ff ff ff e9 7c f3 ff ff e8 b7 f1 f3 [ 51.704404][ T1961] RSP: 0018:ffffc90005c8ef78 EFLAGS: 00010282 [ 51.710515][ T1961] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 51.718479][ T1961] RDX: ffff888020ca4080 RSI: ffffffff815f4a78 RDI: fffff52000b91de1 [ 51.726529][ T1961] RBP: 00000000c0008200 R08: 0000000000000000 R09: 0000000000000000 [ 51.734522][ T1961] R10: ffffffff815ef44e R11: 0000000000000000 R12: ffff888016a2a000 [ 51.742555][ T1961] R13: 0000000000000005 R14: 00000000fffffff0 R15: ffff888016443b00 [ 51.750553][ T1961] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 51.759749][ T1961] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.766332][ T1961] CR2: 0000564f1c30c520 CR3: 000000007d0be000 CR4: 00000000003506f0 exit_group(0) = ? +++ exited with 0 +++ [ 51.774360][ T1961] D