./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2213144703 <...> [ 25.186260][ T3182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.197546][ T3182] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 32.240052][ T26] kauditd_printk_skb: 37 callbacks suppressed [ 32.240067][ T26] audit: type=1400 audit(1666658636.837:73): avc: denied { transition } for pid=3386 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 32.269350][ T26] audit: type=1400 audit(1666658636.837:74): avc: denied { write } for pid=3386 comm="sh" path="pipe:[27430]" dev="pipefs" ino=27430 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.1.77' (ECDSA) to the list of known hosts. execve("./syz-executor2213144703", ["./syz-executor2213144703"], 0x7ffed3c6e0b0 /* 10 vars */) = 0 brk(NULL) = 0x55555693a000 brk(0x55555693ac40) = 0x55555693ac40 arch_prctl(ARCH_SET_FS, 0x55555693a300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2213144703", 4096) = 28 brk(0x55555695bc40) = 0x55555695bc40 brk(0x55555695c000) = 0x55555695c000 mprotect(0x7f02c8c0a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffeac0b78b0) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 [ 42.475138][ T26] audit: type=1400 audit(1666658647.067:75): avc: denied { execmem } for pid=3603 comm="syz-executor221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 42.496321][ T26] audit: type=1400 audit(1666658647.067:76): avc: denied { read write } for pid=3603 comm="syz-executor221" name="raw-gadget" dev="devtmpfs" ino=731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 42.520444][ T26] audit: type=1400 audit(1666658647.067:77): avc: denied { open } for pid=3603 comm="syz-executor221" path="/dev/raw-gadget" dev="devtmpfs" ino=731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 42.544286][ T26] audit: type=1400 audit(1666658647.067:78): avc: denied { ioctl } for pid=3603 comm="syz-executor221" path="/dev/raw-gadget" dev="devtmpfs" ino=731 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeac0b68a0) = 18 [ 42.746933][ T142] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeac0b68a0) = 18 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeac0b68a0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeac0b68a0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeac0b68a0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeac0b68a0) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 [ 43.147207][ T142] usb 1-1: unable to get BOS descriptor or descriptor too short ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeac0b68a0) = 128 [ 43.226951][ T142] usb 1-1: config 0 has an invalid interface number: 39 but max is 2 [ 43.235075][ T142] usb 1-1: config 0 has an invalid interface number: 182 but max is 2 [ 43.243279][ T142] usb 1-1: config 0 has an invalid interface number: 182 but max is 2 [ 43.251462][ T142] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 3 [ 43.260534][ T142] usb 1-1: config 0 has no interface number 0 [ 43.266607][ T142] usb 1-1: config 0 has no interface number 1 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeac0b68a0) = 0 [ 43.272730][ T142] usb 1-1: config 0 interface 39 altsetting 9 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 43.283693][ T142] usb 1-1: config 0 interface 39 altsetting 9 has an invalid endpoint with address 0x0, skipping [ 43.294212][ T142] usb 1-1: Duplicate descriptor for config 0 interface 182 altsetting 0, skipping [ 43.303426][ T142] usb 1-1: config 0 interface 39 has no altsetting 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeac0b68a0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeac0b68a0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeac0b68a0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeac0b68a0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeac0b68a0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeac0b78b0) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x92) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f02c8c103ac) = 1 ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffeac0b68a0) = 0 [ 43.556985][ T142] usb 1-1: string descriptor 0 read error: -22 [ 43.563317][ T142] usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=9c.90 [ 43.572804][ T142] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.582295][ T142] usb 1-1: config 0 descriptor?? [ 43.628546][ T142] ------------[ cut here ]------------ [ 43.634023][ T142] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 43.640347][ T142] WARNING: CPU: 1 PID: 142 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed2/0x1880 [ 43.649859][ T142] Modules linked in: [ 43.653747][ T142] CPU: 1 PID: 142 Comm: kworker/1:2 Not tainted 6.1.0-rc2-syzkaller #0 [ 43.662005][ T142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 43.672105][ T142] Workqueue: usb_hub_wq hub_event [ 43.677243][ T142] RIP: 0010:usb_submit_urb+0xed2/0x1880 [ 43.682822][ T142] Code: 7c 24 18 e8 d0 76 ea fb 48 8b 7c 24 18 e8 16 22 02 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 00 ab 90 8a e8 5a 1b b8 03 <0f> 0b e9 58 f8 ff ff e8 a2 76 ea fb 48 81 c5 c0 05 00 00 e9 84 f7 [ 43.702513][ T142] RSP: 0018:ffffc90002d1ee68 EFLAGS: 00010286 [ 43.708635][ T142] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 43.716608][ T142] RDX: ffff88801c01a000 RSI: ffffffff816141f8 RDI: fffff520005a3dbf [ 43.724624][ T142] RBP: ffff88807a4ada00 R08: 0000000000000005 R09: 0000000000000000 [ 43.732630][ T142] R10: 0000000080000000 R11: 3a312d3120627375 R12: 0000000000000001 [ 43.740645][ T142] R13: ffff88807c554780 R14: 0000000000000002 R15: ffff888016cfbc00 [ 43.748661][ T142] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 43.757700][ T142] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.764288][ T142] CR2: 000055886fae4bf8 CR3: 0000000073a87000 CR4: 00000000003506e0 [ 43.772283][ T142] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.780289][ T142] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.788314][ T142] Call Trace: [ 43.791597][ T142] [ 43.794613][ T142] ? __init_swait_queue_head+0xc6/0x150 [ 43.800232][ T142] usb_start_wait_urb+0x101/0x4b0 [ 43.805269][ T142] ? usb_api_blocking_completion+0xa0/0xa0 [ 43.811113][ T142] ? __kasan_kmalloc+0x9f/0xb0 [ 43.815890][ T142] ? memset+0x20/0x40 [ 43.819903][ T142] usb_bulk_msg+0x226/0x550 [ 43.824418][ T142] amradio_send_cmd+0x2d6/0x8e0 exit_group(0) = ? +++ exited with 0 +++ [