./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor809224204 <...> Starting sshd: OK syzkaller syzkaller login: [ 12.344671][ T22] kauditd_printk_skb: 60 callbacks suppressed [ 12.344676][ T22] audit: type=1400 audit(1663310122.900:71): avc: denied { transition } for pid=264 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.350817][ T22] audit: type=1400 audit(1663310122.900:72): avc: denied { write } for pid=264 comm="sh" path="pipe:[9906]" dev="pipefs" ino=9906 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 13.179544][ T268] scp (268) used greatest stack depth: 26544 bytes left [ 13.183990][ T265] sshd (265) used greatest stack depth: 26160 bytes left Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. execve("./syz-executor809224204", ["./syz-executor809224204"], 0x7ffdc2b29570 /* 10 vars */) = 0 brk(NULL) = 0x555556456000 brk(0x555556456c40) = 0x555556456c40 arch_prctl(ARCH_SET_FS, 0x555556456300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555564565d0) = 304 set_robust_list(0x5555564565e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f0fa8b45e50, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f0fa8b46520}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f0fa8b45ef0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0fa8b46520}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor809224204", 4096) = 27 brk(0x555556477c40) = 0x555556477c40 brk(0x555556478000) = 0x555556478000 mprotect(0x7f0fa8c08000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 304 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) fstat(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "304", 3) = 3 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 305 attached , child_tidptr=0x5555564565d0) = 305 [pid 305] set_robust_list(0x5555564565e0, 24) = 0 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 307 attached [pid 304] <... clone resumed>, child_tidptr=0x5555564565d0) = 306 [pid 305] <... clone resumed>, child_tidptr=0x5555564565d0) = 307 ./strace-static-x86_64: Process 306 attached [pid 307] set_robust_list(0x5555564565e0, 24 [pid 306] set_robust_list(0x5555564565e0, 24 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] <... set_robust_list resumed>) = 0 [pid 306] <... set_robust_list resumed>) = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 306] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 304] <... clone resumed>, child_tidptr=0x5555564565d0) = 308 [pid 307] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 306] <... clone resumed>, child_tidptr=0x5555564565d0) = 309 ./strace-static-x86_64: Process 309 attached ./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x5555564565e0, 24 [pid 307] <... mmap resumed>) = 0x7f0fa8b15000 [pid 304] <... clone resumed>, child_tidptr=0x5555564565d0) = 310 [pid 307] mprotect(0x7f0fa8b16000, 131072, PROT_READ|PROT_WRITE [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] <... mprotect resumed>) = 0 [pid 309] set_robust_list(0x5555564565e0, 24 [pid 308] <... set_robust_list resumed>) = 0 [pid 308] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] clone(child_stack=0x7f0fa8b353f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[311], tls=0x7f0fa8b35700, child_tidptr=0x7f0fa8b359d0) = 311 [pid 307] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... set_robust_list resumed>) = 0 [pid 308] <... clone resumed>, child_tidptr=0x5555564565d0) = 312 [pid 304] <... clone resumed>, child_tidptr=0x5555564565d0) = 313 ./strace-static-x86_64: Process 310 attached [pid 304] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 310] set_robust_list(0x5555564565e0, 24) = 0 [pid 310] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] <... clone resumed>, child_tidptr=0x5555564565d0) = 314 ./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x7f0fa8b359e0, 24) = 0 [pid 311] openat(AT_FDCWD, "/dev/usbmon0", O_RDWR|O_TRUNC|O_NONBLOCK|O_DSYNC [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 312 attached ) = 0 [pid 309] setpgid(0, 0) = 0 [pid 312] set_robust_list(0x5555564565e0, 24 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 315 attached [pid 312] <... set_robust_list resumed>) = 0 [pid 309] <... openat resumed>) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0fa8b15000 [pid 309] mprotect(0x7f0fa8b16000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 309] clone(child_stack=0x7f0fa8b353f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[316], tls=0x7f0fa8b35700, child_tidptr=0x7f0fa8b359d0) = 316 [pid 309] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 312] setpgid(0, 0) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3) = 0 [pid 312] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0fa8b15000 [pid 312] mprotect(0x7f0fa8b16000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 312] clone(child_stack=0x7f0fa8b353f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[317], tls=0x7f0fa8b35700, child_tidptr=0x7f0fa8b359d0) = 317 [pid 312] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] set_robust_list(0x5555564565e0, 24) = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0fa8b15000 [pid 315] mprotect(0x7f0fa8b16000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 315] clone(child_stack=0x7f0fa8b353f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[318], tls=0x7f0fa8b35700, child_tidptr=0x7f0fa8b359d0) = 318 [pid 315] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x5555564565e0, 24) = 0 [pid 313] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564565d0) = 319 ./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x5555564565e0, 24) = 0 [pid 314] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564565d0) = 320 ./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x7f0fa8b359e0, 24) = 0 [pid 318] openat(AT_FDCWD, "/dev/usbmon0", O_RDWR|O_TRUNC|O_NONBLOCK|O_DSYNC) = 3 [pid 318] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] mmap(0x20000000, 8388608, PROT_READ|PROT_WRITE|PROT_GROWSDOWN|0x800000, MAP_SHARED|MAP_FIXED, 3, 0) = 0x20000000 [pid 318] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x5555564565e0, 24 [pid 318] <... openat resumed>) = 4 [pid 319] <... set_robust_list resumed>) = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] <... clone resumed>, child_tidptr=0x5555564565d0) = 315 [pid 311] <... openat resumed>) = 3 ./strace-static-x86_64: Process 317 attached ./strace-static-x86_64: Process 316 attached [pid 311] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] ioctl(4, USB_RAW_IOCTL_INIT [pid 319] write(3, "1000", 4 [pid 318] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 319] <... write resumed>) = 4 [pid 319] close(3) = 0 [pid 319] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0fa8b15000 [pid 319] mprotect(0x7f0fa8b16000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 319] clone(child_stack=0x7f0fa8b353f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 318] ioctl(4, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 319] <... clone resumed>, parent_tid=[322], tls=0x7f0fa8b35700, child_tidptr=0x7f0fa8b359d0) = 322 [ 19.438352][ T22] audit: type=1400 audit(1663310129.990:73): avc: denied { execmem } for pid=304 comm="syz-executor809" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.458029][ T22] audit: type=1400 audit(1663310130.010:74): avc: denied { read write } for pid=307 comm="syz-executor809" name="usbmon0" dev="devtmpfs" ino=886 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [pid 319] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... ioctl resumed>, 0) = 0 [pid 318] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0fa8b342b0) = 0 [pid 318] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x5555564565e0, 24) = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0fa8b15000 [pid 320] mprotect(0x7f0fa8b16000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 320] clone(child_stack=0x7f0fa8b353f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[323], tls=0x7f0fa8b35700, child_tidptr=0x7f0fa8b359d0) = 323 [pid 320] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x7f0fa8b359e0, 24) = 0 [pid 322] openat(AT_FDCWD, "/dev/usbmon0", O_RDWR|O_TRUNC|O_NONBLOCK|O_DSYNC) = 3 [pid 322] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... futex resumed>) = 1 [pid 322] mmap(0x20000000, 8388608, PROT_READ|PROT_WRITE|PROT_GROWSDOWN|0x800000, MAP_SHARED|MAP_FIXED, 3, 0) = 0x20000000 [pid 322] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} [pid 322] <... futex resumed>) = 1 [pid 322] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 4 [pid 322] ioctl(4, USB_RAW_IOCTL_INIT, 0x7f0fa8b342b0) = 0 [pid 322] ioctl(4, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 322] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0fa8b342b0) = 0 [pid 322] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x7f0fa8b359e0, 24) = 0 [pid 323] openat(AT_FDCWD, "/dev/usbmon0", O_RDWR|O_TRUNC|O_NONBLOCK|O_DSYNC) = 3 [pid 323] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] mmap(0x20000000, 8388608, PROT_READ|PROT_WRITE|PROT_GROWSDOWN|0x800000, MAP_SHARED|MAP_FIXED, 3, 0) = 0x20000000 [pid 323] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 307] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] set_robust_list(0x7f0fa8b359e0, 24 [pid 316] set_robust_list(0x7f0fa8b359e0, 24 [pid 311] <... futex resumed>) = 1 [pid 317] <... set_robust_list resumed>) = 0 [pid 316] <... set_robust_list resumed>) = 0 [pid 311] mmap(0x20000000, 8388608, PROT_READ|PROT_WRITE|PROT_GROWSDOWN|0x800000, MAP_SHARED|MAP_FIXED, 3, 0 [pid 307] <... futex resumed>) = 0 [pid 317] openat(AT_FDCWD, "/dev/usbmon0", O_RDWR|O_TRUNC|O_NONBLOCK|O_DSYNC [pid 316] openat(AT_FDCWD, "/dev/usbmon0", O_RDWR|O_TRUNC|O_NONBLOCK|O_DSYNC [pid 311] <... mmap resumed>) = 0x20000000 [pid 307] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 323] <... openat resumed>) = 4 [pid 323] ioctl(4, USB_RAW_IOCTL_INIT [pid 317] <... openat resumed>) = 3 [pid 311] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000 [pid 323] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 323] ioctl(4, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 316] <... openat resumed>) = 3 [pid 317] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 1 [pid 307] <... futex resumed>) = 0 [pid 317] <... futex resumed>) = 1 [pid 316] <... futex resumed>) = 1 [pid 312] <... futex resumed>) = 0 [pid 311] futex(0x7f0fa8c0e488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... futex resumed>) = 0 [pid 307] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] futex(0x7f0fa8c0e488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] futex(0x7f0fa8c0e488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 312] <... futex resumed>) = 0 [pid 309] <... futex resumed>) = 0 [pid 317] mmap(0x20000000, 8388608, PROT_READ|PROT_WRITE|PROT_GROWSDOWN|0x800000, MAP_SHARED|MAP_FIXED, 3, 0 [pid 316] mmap(0x20000000, 8388608, PROT_READ|PROT_WRITE|PROT_GROWSDOWN|0x800000, MAP_SHARED|MAP_FIXED, 3, 0 [pid 312] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 309] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} [pid 317] <... mmap resumed>) = 0x20000000 [pid 316] <... mmap resumed>) = 0x20000000 [pid 311] <... openat resumed>) = 4 [pid 317] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... futex resumed>) = 1 [pid 316] <... futex resumed>) = 1 [pid 312] <... futex resumed>) = 0 [pid 311] ioctl(4, USB_RAW_IOCTL_INIT [pid 309] <... futex resumed>) = 0 [pid 317] futex(0x7f0fa8c0e488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] futex(0x7f0fa8c0e488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 312] <... futex resumed>) = 0 [pid 311] ioctl(4, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 309] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} [pid 317] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 316] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 309] <... futex resumed>) = 0 [pid 317] <... openat resumed>) = 4 [pid 316] <... openat resumed>) = 4 [pid 317] ioctl(4, USB_RAW_IOCTL_INIT [pid 309] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} [pid 323] <... ioctl resumed>, 0) = 0 [pid 323] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0fa8b342b0) = 0 [pid 323] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 316] ioctl(4, USB_RAW_IOCTL_INIT, 0x7f0fa8b342b0) = 0 [pid 316] ioctl(4, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 316] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0fa8b342b0) = 0 [pid 316] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 317] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 317] ioctl(4, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 317] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0fa8b342b0) = 0 [pid 317] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 311] <... ioctl resumed>, 0) = 0 [pid 311] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0fa8b342b0) = 0 [ 19.482420][ T22] audit: type=1400 audit(1663310130.010:75): avc: denied { open } for pid=315 comm="syz-executor809" path="/dev/usbmon0" dev="devtmpfs" ino=886 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 19.513761][ T22] audit: type=1400 audit(1663310130.010:76): avc: denied { map } for pid=315 comm="syz-executor809" path="/dev/usbmon0" dev="devtmpfs" ino=886 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 19.538060][ T22] audit: type=1400 audit(1663310130.010:77): avc: denied { read write } for pid=315 comm="syz-executor809" name="raw-gadget" dev="devtmpfs" ino=913 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.561820][ T22] audit: type=1400 audit(1663310130.010:78): avc: denied { open } for pid=315 comm="syz-executor809" path="/dev/raw-gadget" dev="devtmpfs" ino=913 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.585440][ T22] audit: type=1400 audit(1663310130.040:79): avc: denied { ioctl } for pid=315 comm="syz-executor809" path="/dev/raw-gadget" dev="devtmpfs" ino=913 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [pid 311] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 322] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 322] ioctl(4, USB_RAW_IOCTL_EP0_WRITE, 0x7f0fa8b332a0) = 18 [pid 322] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 316] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 316] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 322] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 323] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 322] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 318] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 317] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 311] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 323] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 318] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 317] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 311] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 316] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 316] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 322] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 317] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 311] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 323] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 322] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 318] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 323] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 318] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [ 19.764233][ T101] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 19.771774][ T67] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 19.779359][ T327] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 19.786855][ T17] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 19.794321][ T325] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 19.801823][ T326] usb 3-1: new high-speed USB device number 2 using dummy_hcd [pid 317] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 311] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 316] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 316] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 322] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 323] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 322] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 318] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 317] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 323] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 318] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 317] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 316] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 316] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 323] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 322] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 322] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 318] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 317] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 323] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 318] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 317] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 316] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 316] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 323] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 318] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 317] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 323] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 318] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 317] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 316] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 316] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 323] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 318] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 317] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 323] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 318] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 317] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 311] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [ 20.034211][ T101] usb 5-1: device descriptor read/64, error 18 [ 20.044343][ T327] usb 1-1: Using ep0 maxpacket: 16 [ 20.064267][ T325] usb 2-1: device descriptor read/64, error 18 [ 20.074210][ T17] usb 6-1: device descriptor read/64, error 18 [pid 311] ioctl(4, USB_RAW_IOCTL_EP0_WRITE, 0x7f0fa8b332a0) = 18 [pid 311] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0fa8b342b0) = 0 [pid 311] ioctl(4, USB_RAW_IOCTL_EP0_WRITE, 0x7f0fa8b332a0) = 9 [pid 311] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0fa8b342b0) = 0 [ 20.080385][ T326] usb 3-1: device descriptor read/64, error 18 [ 20.086592][ T67] usb 4-1: device descriptor read/64, error 18 [pid 311] ioctl(4, USB_RAW_IOCTL_EP0_WRITE, 0x7f0fa8b332a0) = 36 [pid 322] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 311] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 322] ioctl(4, USB_RAW_IOCTL_EP0_WRITE, 0x7f0fa8b332a0) = 18 [pid 322] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 316] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 316] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 322] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 322] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 323] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 318] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 317] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 316] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 323] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 318] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 317] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 316] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 311] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 322] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 311] ioctl(4, USB_RAW_IOCTL_VBUS_DRAW [pid 322] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 311] <... ioctl resumed>, 0) = 0 [pid 311] ioctl(4, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 311] ioctl(4, USB_RAW_IOCTL_EP_ENABLE, 0x7f0fa8c0e5cc) = 0 [pid 311] ioctl(4, USB_RAW_IOCTL_EP0_READ [pid 316] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 323] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 318] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 317] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [ 20.164298][ T327] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 20.175285][ T327] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 20.188292][ T327] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 20.197497][ T327] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 20.209345][ T327] usb 1-1: config 0 descriptor?? [pid 316] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 323] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 318] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 317] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 322] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 311] <... ioctl resumed>, 0x7f0fa8b332a0) = 0 [pid 322] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 323] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 318] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 317] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 316] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 323] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 318] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 316] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 317] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 322] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 322] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 316] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 316] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 317] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 317] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 323] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 323] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 318] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 318] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 323] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 317] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 316] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 323] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 318] <... ioctl resumed>, 0x7f0fa8b342b0) = 0 [pid 317] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 316] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 318] ioctl(4, USB_RAW_IOCTL_EP0_WRITE [pid 317] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 317] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 323] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 318] <... ioctl resumed>, 0x7f0fa8b332a0) = 18 [pid 323] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 318] ioctl(4, USB_RAW_IOCTL_EVENT_FETCH [pid 311] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 311] futex(0x7f0fa8c0e488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] <... futex resumed>) = 0 [pid 311] ioctl(-1, BTRFS_IOC_SNAP_CREATE_V2, {fd=3, flags=BTRFS_SUBVOL_RDONLY, name="\x48\xc4\x3a\xea\x3a\x62\xa4\xc6\x0c\x02\x7a\x91\xbf\x05\x09\xe4\xc1\xaa\xe5\xb0\xa6\x06\xd3\x57\xc3\x42\xc3\x24\x56\x5d\xba\x3b\x40\x89\xd7\xda\xf2\x7f\x27\x53\xa5\x06\xf4\x3d\x74\x4c\x24\xdc\x0f\xf8\x8c\x74\xa0\xdb\x47\x4b\x9f\xce\x5e\xc7\xe4\x56\x43\xcf\x25\x07\x71\x7f\xb2\x3e\x2d\x73\xf7\xc8\x2d\x72\x40\x59\x2f\x67\xcc\xd5\x5c\xfd\xd7\x2a\x69\x78\xf5\x2f\xc3\x94\x09\x46\xe2\xfa\x7c\x22\x48\xb9\x41\xa5\xa0\x1f\xc7\x22\x7a\x9c\x43\x81\xe7\xc9\x2c\xcf\x69\x06\x2e\xf9\x9b\x18\x47\xab\xdb\xe3\x6c\x25\x39\x3a\xb3\xfc\xc3\x7f\x23\x4f\x63\x3a\xa3\x96\xba\xe3\x23\x8b\x4a\xe2\xd0\xfa\xe0\x20\x47\x36\xec\xde\x52\x24\x77\xf7\xbf\xb6\x37\x58\x72\xf1\x05\x4d\x4d\x74\x53\x6f\x38\x8d\x04\x5f\x85\x05\x62\x75\xe4\x51\xb5\x91\xff\xc4\x2c\x4e\x25\xc9\xeb\xa7\xc8\xc7\x6a\x41"} [pid 307] futex(0x7f0fa8c0e48c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 311] futex(0x7f0fa8c0e48c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 311] futex(0x7f0fa8c0e488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] futex(0x7f0fa8c0e488, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] <... futex resumed>) = 0 [pid 311] ioctl(3, _IOC(_IOC_NONE, 0x92, 0x8, 0) [ 20.424207][ T101] usb 5-1: device descriptor read/64, error 18 [ 20.454206][ T325] usb 2-1: device descriptor read/64, error 18 [ 20.455245][ T311] kasan: CONFIG_KASAN_INLINE enabled [ 20.465071][ T22] audit: type=1400 audit(1663310131.010:80): avc: denied { ioctl } for pid=307 comm="syz-executor809" path="/dev/usbmon0" dev="devtmpfs" ino=886 ioctlcmd=0x9208 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 20.465624][ T311] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 20.491057][ T67] usb 4-1: device descriptor read/64, error 18 [ 20.498980][ T311] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 20.498989][ T311] CPU: 0 PID: 311 Comm: syz-executor809 Not tainted 5.4.197-syzkaller-00010-gccdf6bdf62a8 #0 [ 20.498998][ T311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 20.505161][ T17] usb 6-1: device descriptor read/64, error 18 [ 20.512066][ T311] RIP: 0010:mon_bin_flush+0x140/0x260 [ 20.522183][ T326] usb 3-1: device descriptor read/64, error 18 [ 20.532212][ T311] Code: e8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 ef e8 36 14 d0 fe 48 8b 45 00 81 e3 ff 0f 00 00 4c 8d 74 03 24 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 28 84 c0 75 78 41 8b 36 83 c6 40 4c 89 e7 e8 b9 fd ff [ 20.532217][ T311] RSP: 0018:ffff8881ddd27d10 EFLAGS: 00010007 [ 20.532223][ T311] RAX: 000000000000013c RBX: 00000000000009c0 RCX: 0000000000f0bab0 [ 20.532228][ T311] RDX: ffff8881ddd1af40 RSI: 000000000f40e900 RDI: 0000000000000000 [ 20.532232][ T311] RBP: ffff8881df229ab8 R08: ffffffff82bca912 R09: ffffed103bba4f9b [ 20.532236][ T311] R10: ffffed103bba4f9b R11: 1ffff1103bba4f9a R12: ffff8881e376a800 [ 20.532247][ T311] R13: dffffc0000000000 R14: 00000000000009e4 R15: ffff8881e376a818 [ 20.615130][ T311] FS: 00007f0fa8b35700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 20.624026][ T311] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.630579][ T311] CR2: 0000000020002000 CR3: 00000001de25f000 CR4: 00000000003406f0 [ 20.638551][ T311] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.646492][ T311] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.654433][ T311] Call Trace: [ 20.657698][ T311] mon_bin_ioctl+0x259/0xd00 [ 20.662257][ T311] ? mon_bin_poll+0x140/0x140 [ 20.666910][ T311] do_vfs_ioctl+0x6d1/0x15b0 [ 20.671472][ T311] __x64_sys_ioctl+0xd4/0x110 [ 20.676121][ T311] do_syscall_64+0xcb/0x1c0 [ 20.680605][ T311] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.686465][ T311] RIP: 0033:0x7f0fa8b908b9 [ 20.690848][ T311] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 20.710417][ T311] RSP: 002b:00007f0fa8b352f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 20.718808][ T311] RAX: ffffffffffffffda RBX: 00007f0fa8c0e480 RCX: 00007f0fa8b908b9 [ 20.726756][ T311] RDX: 0000000000000006 RSI: 0000000000009208 RDI: 0000000000000003 [ 20.734708][ T311] RBP: 00007f0fa8bdb2a4 R08: 0000000000000000 R09: 0000000000000000 [ 20.742655][ T311] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0fa8bda2d8 [ 20.750596][ T311] R13: 6273752f7665642f R14: 0000000100000000 R15: 00007f0fa8c0e488 [ 20.758539][ T311] Modules linked in: [ 20.762409][ T311] ---[ end trace eff845207a4ffd48 ]--- [ 20.767839][ T311] RIP: 0010:mon_bin_flush+0x140/0x260 [ 20.773184][ T311] Code: e8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 ef e8 36 14 d0 fe 48 8b 45 00 81 e3 ff 0f 00 00 4c 8d 74 03 24 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 28 84 c0 75 78 41 8b 36 83 c6 40 4c 89 e7 e8 b9 fd ff [ 20.792755][ T311] RSP: 0018:ffff8881ddd27d10 EFLAGS: 00010007 [ 20.798788][ T311] RAX: 000000000000013c RBX: 00000000000009c0 RCX: 0000000000f0bab0 [ 20.806743][ T311] RDX: ffff8881ddd1af40 RSI: 000000000f40e900 RDI: 0000000000000000 [ 20.814682][ T311] RBP: ffff8881df229ab8 R08: ffffffff82bca912 R09: ffffed103bba4f9b [ 20.822621][ T311] R10: ffffed103bba4f9b R11: 1ffff1103bba4f9a R12: ffff8881e376a800 [ 20.830559][ T311] R13: dffffc0000000000 R14: 00000000000009e4 R15: ffff8881e376a818 [ 20.838501][ T311] FS: 00007f0fa8b35700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 20.847395][ T311] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.853946][ T311] CR2: 0000000020002000 CR3: 00000001de25f000 CR4: 00000000003406f0 [ 20.861890][ T311] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.869828][ T311] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.877765][ T311] Kernel panic - not syncing: Fatal exception [ 21.956342][ T311] Shutting down cpus with NMI [ 21.961204][ T311] Kernel Offset: disabled [ 21.965507][ T311] Rebooting in 86400 seconds..