./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor121947711 <...> Warning: Permanently added '10.128.1.53' (ECDSA) to the list of known hosts. execve("./syz-executor121947711", ["./syz-executor121947711"], 0x7ffc7ad57980 /* 10 vars */) = 0 brk(NULL) = 0x555556bd3000 brk(0x555556bd3c40) = 0x555556bd3c40 arch_prctl(ARCH_SET_FS, 0x555556bd3300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556bd35d0) = 3634 set_robust_list(0x555556bd35e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f2d72729940, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f2d7272a010}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f2d727299e0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2d7272a010}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor121947711", 4096) = 27 brk(0x555556bf4c40) = 0x555556bf4c40 brk(0x555556bf5000) = 0x555556bf5000 mprotect(0x7f2d727ea000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f2d727f04cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2d726f9000 mprotect(0x7f2d726fa000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7f2d727193f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3635], tls=0x7f2d72719700, child_tidptr=0x7f2d727199d0) = 3635 futex(0x7f2d727f04c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7f2d727f04cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000}./strace-static-x86_64: Process 3635 attached [pid 3635] set_robust_list(0x7f2d727199e0, 24) = 0 [pid 3635] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3635] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f2d727182d0) = 0 [pid 3635] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3635] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2d727182d0) = 0 [ 61.359122][ T26] audit: type=1400 audit(1670181436.728:75): avc: denied { execmem } for pid=3634 comm="syz-executor121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 61.389433][ T26] audit: type=1400 audit(1670181436.728:76): avc: denied { read write } for pid=3634 comm="syz-executor121" name="raw-gadget" dev="devtmpfs" ino=733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 61.413389][ T26] audit: type=1400 audit(1670181436.728:77): avc: denied { open } for pid=3634 comm="syz-executor121" path="/dev/raw-gadget" dev="devtmpfs" ino=733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 61.437368][ T26] audit: type=1400 audit(1670181436.728:78): avc: denied { ioctl } for pid=3634 comm="syz-executor121" path="/dev/raw-gadget" dev="devtmpfs" ino=733 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [pid 3635] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2d727182d0) = 0 [pid 3635] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2d727172c0) = 18 [ 61.637930][ T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3635] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2d727182d0) = 0 [pid 3635] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2d727172c0) = 18 [ 61.877818][ T25] usb 1-1: Using ep0 maxpacket: 16 [pid 3635] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2d727182d0) = 0 [pid 3635] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2d727172c0) = 9 [pid 3635] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2d727182d0) = 0 [pid 3635] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2d727172c0) = 27 [pid 3635] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2d727182d0) = 0 [pid 3635] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2d727172c0) = 4 [ 61.998474][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [pid 3635] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2d727182d0) = 0 [pid 3635] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2d727172c0) = 8 [pid 3635] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2d727182d0) = 0 [pid 3635] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2d727172c0) = 8 [pid 3635] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2d727182d0) = 0 [pid 3635] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2d727172c0) = 8 [pid 3635] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2d727182d0) = 0 [pid 3635] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3635] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3635] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2d727f060c) = 6 [pid 3635] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2d727172c0) = 0 [ 62.168678][ T25] usb 1-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice=80.f3 [ 62.177998][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.185977][ T25] usb 1-1: Product: syz [ 62.190534][ T25] usb 1-1: Manufacturer: syz [ 62.195139][ T25] usb 1-1: SerialNumber: syz [ 62.202987][ T25] usb 1-1: config 0 descriptor?? [ 62.252267][ T25] input: iMON Panel, Knob and Mouse(15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [pid 3635] futex(0x7f2d727f04cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3634] <... futex resumed>) = 0 [pid 3635] futex(0x7f2d727f04c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3634] futex(0x7f2d727f04c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3634] futex(0x7f2d727f04cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3635] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2d727182f0) = 0 [pid 3635] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2d727172e0) = 8 [ 62.547822][ T25] rc_core: IR keymap rc-imon-pad not found [ 62.553659][ T25] Registered IR keymap rc-empty [ 62.558631][ T25] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 62.568939][ T25] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [pid 3635] futex(0x7f2d727f04cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3634] <... futex resumed>) = 0 [pid 3635] <... futex resumed>) = 1 [pid 3634] futex(0x7f2d727f04c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3634] <... futex resumed>) = 0 [pid 3635] <... ioctl resumed>, 0x7f2d727182f0) = 0 [pid 3634] futex(0x7f2d727f04cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3635] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2d727172e0) = 8 [ 62.689427][ T25] rc rc0: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 62.700598][ T25] input: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 62.716865][ T25] imon 1-1:0.0: iMON device (15c2:0040, intf0) on usb<1:2> initialized [pid 3635] futex(0x7f2d727f04cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3634] <... futex resumed>) = 0 [pid 3635] <... futex resumed>) = 1 [pid 3634] futex(0x7f2d727f04c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR [pid 3634] <... futex resumed>) = 0 [pid 3634] futex(0x7f2d727f04cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3635] <... openat resumed>) = 4 [pid 3635] futex(0x7f2d727f04cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3635] futex(0x7f2d727f04c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3634] <... futex resumed>) = 0 [pid 3634] futex(0x7f2d727f04c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3634] futex(0x7f2d727f04cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3635] <... futex resumed>) = 0 [pid 3635] write(4, "\x12", 1 [pid 3634] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3634] futex(0x7f2d727f04dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2d726d8000 [pid 3634] mprotect(0x7f2d726d9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3634] clone(child_stack=0x7f2d726f83f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3640 attached , parent_tid=[3640], tls=0x7f2d726f8700, child_tidptr=0x7f2d726f89d0) = 3640 [pid 3634] futex(0x7f2d727f04d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3634] futex(0x7f2d727f04dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3640] set_robust_list(0x7f2d726f89e0, 24) = 0 [ 62.928292][ T3640] ------------[ cut here ]------------ [ 62.934094][ T3640] URB ffff888017a42600 submitted while active [ 62.941162][ T3640] WARNING: CPU: 0 PID: 3640 at drivers/usb/core/urb.c:379 usb_submit_urb+0x14ec/0x1880 [ 62.950951][ T3640] Modules linked in: [ 62.954837][ T3640] CPU: 0 PID: 3640 Comm: syz-executor121 Not tainted 6.1.0-rc7-syzkaller-00190-g97ee9d1c1696 #0 [ 62.965361][ T3640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [pid 3640] write(4, "\x12", 1 [pid 3634] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 62.975527][ T3640] RIP: 0010:usb_submit_urb+0x14ec/0x1880 [ 62.981590][ T3640] Code: 89 de e8 47 f5 93 fb 84 db 0f 85 a3 f3 ff ff e8 ca f8 93 fb 4c 89 fe 48 c7 c7 80 c6 f8 8a c6 05 9e 7f 50 08 01 e8 d1 6b bb 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 a3 f8 93 fb 48 8b 7c 24 40 [ 63.001572][ T3640] RSP: 0018:ffffc90003487c50 EFLAGS: 00010286 [ 63.007678][ T3640] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 63.015768][ T3640] RDX: ffff888072fc4200 RSI: ffffffff8164964c RDI: fffff52000690f7c [ 63.023796][ T3640] RBP: ffff888017a46340 R08: 0000000000000005 R09: 0000000000000000 [ 63.031881][ T3640] R10: 0000000080000000 R11: 0000000000000000 R12: ffff888017a42600 [ 63.039925][ T3640] R13: ffff88807a159128 R14: 00000000fffffff0 R15: ffff888017a42600 [ 63.047971][ T3640] FS: 00007f2d726f8700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 63.056932][ T3640] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.063584][ T3640] CR2: 000055ac5d11f240 CR3: 0000000079f61000 CR4: 00000000003506f0 [ 63.071652][ T3640] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.079679][ T3640] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.087677][ T3640] Call Trace: [ 63.091007][ T3640] [ 63.093941][ T3640] ? kasan_set_track+0x25/0x30 [ 63.098773][ T3640] send_packet+0x422/0xbc0 [ 63.103315][ T3640] vfd_write+0x2dd/0x550 [ 63.107582][ T3640] vfs_write+0x2db/0xdd0 [ 63.111871][ T3640] ? send_packet+0xbc0/0xbc0 [ 63.116486][ T3640] ? kernel_write+0x630/0x630 [ 63.121254][ T3640] ? __fget_files+0x26a/0x440 [pid 3634] exit_group(0) = ? [ 63.125970][ T3640] ? __fget_light+0xe5/0x270 [ 63.130626][ T3640] ksys_write+0x12b/0x250 [ 63.134976][ T3640] ? __ia32_sys_read+0xb0/0xb0 [ 63.139829][ T3640] ? lockdep_hardirqs_on+0x7d/0x100 [ 63.145058][ T3640] ? _raw_spin_unlock_irq+0x2e/0x50 [ 63.150314][ T3640] ? ptrace_notify+0xfe/0x140 [ 63.155032][ T3640] do_syscall_64+0x39/0xb0 [ 63.159899][ T3640] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.165821][ T3640] RIP: 0033:0x7f2d7276c0a9 [ 63.170313][ T3640] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.190008][ T3640] RSP: 002b:00007f2d726f8318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 63.190067][ T3635] imon:send_packet: task interrupted [ 63.198471][ T3640] RAX: ffffffffffffffda RBX: 00007f2d727f04d8 RCX: 00007f2d7276c0a9 [ 63.198511][ T3640] RDX: 0000000000000001 RSI: 0000000020001000 RDI: 0000000000000004 [ 63.219887][ T3640] RBP: 00007f2d727f04d0 R08: 00007f2d726f8700 R09: 0000000000000000 [ 63.227915][ T3640] R10: 00007f2d726f8700 R11: 0000000000000246 R12: 0b8b0509005505e1 [ 63.235898][ T3640] R13: 00007ffccb10ce7f R14: 00007f2d726f8400 R15: 0000000000022000 [ 63.243920][ T3640] [ 63.246945][ T3640] Kernel panic - not syncing: panic_on_warn set ... [ 63.253517][ T3640] CPU: 0 PID: 3640 Comm: syz-executor121 Not tainted 6.1.0-rc7-syzkaller-00190-g97ee9d1c1696 #0 [ 63.263913][ T3640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 63.273966][ T3640] Call Trace: [ 63.277242][ T3640] [ 63.280162][ T3640] dump_stack_lvl+0xd1/0x138 [ 63.284798][ T3640] panic+0x2cc/0x626 [ 63.288685][ T3640] ? panic_print_sys_info.part.0+0x110/0x110 [ 63.294665][ T3640] ? __warn.cold+0x24b/0x350 [ 63.299274][ T3640] ? usb_submit_urb+0x14ec/0x1880 [ 63.304307][ T3640] __warn.cold+0x25c/0x350 [ 63.308748][ T3640] ? usb_submit_urb+0x14ec/0x1880 [ 63.313782][ T3640] report_bug+0x1c0/0x210 [ 63.318125][ T3640] handle_bug+0x3c/0x70 [ 63.322296][ T3640] exc_invalid_op+0x18/0x50 [ 63.326808][ T3640] asm_exc_invalid_op+0x1a/0x20 [ 63.331706][ T3640] RIP: 0010:usb_submit_urb+0x14ec/0x1880 [ 63.337362][ T3640] Code: 89 de e8 47 f5 93 fb 84 db 0f 85 a3 f3 ff ff e8 ca f8 93 fb 4c 89 fe 48 c7 c7 80 c6 f8 8a c6 05 9e 7f 50 08 01 e8 d1 6b bb 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 a3 f8 93 fb 48 8b 7c 24 40 [ 63.356986][ T3640] RSP: 0018:ffffc90003487c50 EFLAGS: 00010286 [ 63.363067][ T3640] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 63.371045][ T3640] RDX: ffff888072fc4200 RSI: ffffffff8164964c RDI: fffff52000690f7c [ 63.379023][ T3640] RBP: ffff888017a46340 R08: 0000000000000005 R09: 0000000000000000 [ 63.387001][ T3640] R10: 0000000080000000 R11: 0000000000000000 R12: ffff888017a42600 [ 63.394981][ T3640] R13: ffff88807a159128 R14: 00000000fffffff0 R15: ffff888017a42600 [ 63.402961][ T3640] ? vprintk+0x8c/0xa0 [ 63.407060][ T3640] ? kasan_set_track+0x25/0x30 [ 63.411850][ T3640] send_packet+0x422/0xbc0 [ 63.416281][ T3640] vfd_write+0x2dd/0x550 [ 63.420535][ T3640] vfs_write+0x2db/0xdd0 [ 63.424801][ T3640] ? send_packet+0xbc0/0xbc0 [ 63.429404][ T3640] ? kernel_write+0x630/0x630 [ 63.434104][ T3640] ? __fget_files+0x26a/0x440 [ 63.438806][ T3640] ? __fget_light+0xe5/0x270 [ 63.443419][ T3640] ksys_write+0x12b/0x250 [ 63.447754][ T3640] ? __ia32_sys_read+0xb0/0xb0 [ 63.452522][ T3640] ? lockdep_hardirqs_on+0x7d/0x100 [ 63.457736][ T3640] ? _raw_spin_unlock_irq+0x2e/0x50 [ 63.463039][ T3640] ? ptrace_notify+0xfe/0x140 [ 63.467826][ T3640] do_syscall_64+0x39/0xb0 [ 63.472250][ T3640] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.478166][ T3640] RIP: 0033:0x7f2d7276c0a9 [ 63.482585][ T3640] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.502203][ T3640] RSP: 002b:00007f2d726f8318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 63.510626][ T3640] RAX: ffffffffffffffda RBX: 00007f2d727f04d8 RCX: 00007f2d7276c0a9 [ 63.518604][ T3640] RDX: 0000000000000001 RSI: 0000000020001000 RDI: 0000000000000004 [ 63.526584][ T3640] RBP: 00007f2d727f04d0 R08: 00007f2d726f8700 R09: 0000000000000000 [ 63.534560][ T3640] R10: 00007f2d726f8700 R11: 0000000000000246 R12: 0b8b0509005505e1 [ 63.542537][ T3640] R13: 00007ffccb10ce7f R14: 00007f2d726f8400 R15: 0000000000022000 [ 63.550521][ T3640] [ 63.553712][ T3640] Kernel Offset: disabled [ 63.558107][ T3640] Rebooting in 86400 seconds..