./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2003654886 <...> Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts. execve("./syz-executor2003654886", ["./syz-executor2003654886"], 0x7fff9a34bbe0 /* 10 vars */) = 0 brk(NULL) = 0x555556b48000 brk(0x555556b48c40) = 0x555556b48c40 arch_prctl(ARCH_SET_FS, 0x555556b48300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2003654886", 4096) = 28 brk(0x555556b69c40) = 0x555556b69c40 brk(0x555556b6a000) = 0x555556b6a000 mprotect(0x7fc4ff824000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3604 attached , child_tidptr=0x555556b485d0) = 3604 [pid 3604] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3603] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3605 attached [pid 3604] <... clone resumed>, child_tidptr=0x555556b485d0) = 3605 ./strace-static-x86_64: Process 3606 attached [pid 3603] <... clone resumed>, child_tidptr=0x555556b485d0) = 3606 [pid 3605] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3603] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3605] <... prctl resumed>) = 0 [pid 3605] setpgid(0, 0) = 0 [pid 3605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3606] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3607 attached [pid 3603] <... clone resumed>, child_tidptr=0x555556b485d0) = 3607 [pid 3606] <... clone resumed>, child_tidptr=0x555556b485d0) = 3608 [pid 3603] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b485d0) = 3609 ./strace-static-x86_64: Process 3608 attached [pid 3603] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3607] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3609 attached ./strace-static-x86_64: Process 3611 attached ./strace-static-x86_64: Process 3610 attached [pid 3603] <... clone resumed>, child_tidptr=0x555556b485d0) = 3610 [pid 3609] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3608] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3605] <... openat resumed>) = 3 [pid 3607] <... clone resumed>, child_tidptr=0x555556b485d0) = 3611 [pid 3603] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3608] <... prctl resumed>) = 0 [pid 3605] write(3, "1000", 4 [pid 3608] setpgid(0, 0 [pid 3605] <... write resumed>) = 4 [pid 3609] <... clone resumed>, child_tidptr=0x555556b485d0) = 3613 [pid 3608] <... setpgid resumed>) = 0 [pid 3605] close(3 [pid 3603] <... clone resumed>, child_tidptr=0x555556b485d0) = 3612 [pid 3605] <... close resumed>) = 0 [pid 3605] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3611] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3605] <... openat resumed>) = 3 [pid 3608] <... openat resumed>) = 3 [pid 3608] write(3, "1000", 4) = 4 [pid 3608] close(3) = 0 [pid 3605] ioctl(3, USB_RAW_IOCTL_INIT./strace-static-x86_64: Process 3612 attached ./strace-static-x86_64: Process 3613 attached [pid 3611] <... prctl resumed>) = 0 [pid 3610] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3608] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3605] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3612] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3614 attached ./strace-static-x86_64: Process 3615 attached [pid 3613] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3611] setpgid(0, 0 [pid 3608] <... openat resumed>) = 3 [pid 3605] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3612] <... clone resumed>, child_tidptr=0x555556b485d0) = 3615 [pid 3610] <... clone resumed>, child_tidptr=0x555556b485d0) = 3614 [pid 3608] ioctl(3, USB_RAW_IOCTL_INIT [pid 3614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3615] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3614] setpgid(0, 0 [pid 3613] <... prctl resumed>) = 0 [pid 3611] <... setpgid resumed>) = 0 [pid 3608] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3605] <... ioctl resumed>, 0) = 0 [pid 3615] <... prctl resumed>) = 0 [pid 3614] <... setpgid resumed>) = 0 [pid 3613] setpgid(0, 0 [pid 3611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3608] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3615] setpgid(0, 0 [pid 3614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3613] <... setpgid resumed>) = 0 [pid 3611] <... openat resumed>) = 3 [pid 3608] <... ioctl resumed>, 0) = 0 [pid 3605] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3615] <... setpgid resumed>) = 0 [pid 3614] <... openat resumed>) = 3 [pid 3613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3611] write(3, "1000", 4 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3608] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3613] <... openat resumed>) = 3 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3614] write(3, "1000", 4 [pid 3613] write(3, "1000", 4 [pid 3611] <... write resumed>) = 4 [pid 3615] <... openat resumed>) = 3 [pid 3614] <... write resumed>) = 4 [pid 3613] <... write resumed>) = 4 [pid 3611] close(3 [pid 3614] close(3 [pid 3613] close(3 [pid 3611] <... close resumed>) = 0 [pid 3615] write(3, "1000", 4 [pid 3614] <... close resumed>) = 0 [pid 3613] <... close resumed>) = 0 [pid 3611] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3614] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3613] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3615] <... write resumed>) = 4 [pid 3611] <... openat resumed>) = 3 [pid 3613] <... openat resumed>) = 3 [pid 3615] close(3 [pid 3614] <... openat resumed>) = 3 [pid 3615] <... close resumed>) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_INIT [pid 3613] ioctl(3, USB_RAW_IOCTL_INIT [pid 3611] ioctl(3, USB_RAW_IOCTL_INIT [pid 3615] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3614] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3613] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3611] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3615] <... openat resumed>) = 3 [pid 3614] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3615] ioctl(3, USB_RAW_IOCTL_INIT [pid 3613] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3611] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3615] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3614] <... ioctl resumed>, 0) = 0 [pid 3613] <... ioctl resumed>, 0) = 0 [pid 3615] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3611] <... ioctl resumed>, 0) = 0 [pid 3615] <... ioctl resumed>, 0) = 0 [pid 3614] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3613] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3615] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3611] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3605] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3608] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3605] <... ioctl resumed>, 0x7ffe1f386480) = 18 syzkaller login: [ 44.141570][ T144] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 44.161533][ T27] usb 2-1: new high-speed USB device number 2 using dummy_hcd [pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3615] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3614] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3613] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3611] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3608] <... ioctl resumed>, 0x7ffe1f386480) = 18 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3615] <... ioctl resumed>, 0x7ffe1f386480) = 18 [pid 3614] <... ioctl resumed>, 0x7ffe1f386480) = 18 [pid 3611] <... ioctl resumed>, 0x7ffe1f386480) = 18 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3613] <... ioctl resumed>, 0x7ffe1f386480) = 18 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 44.192591][ T2934] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 44.192755][ T3621] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 44.192840][ T3620] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 44.192919][ T3618] usb 4-1: new high-speed USB device number 2 using dummy_hcd [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3605] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3608] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3605] <... ioctl resumed>, 0x7ffe1f386480) = 18 [pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3615] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3614] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3613] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3611] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3608] <... ioctl resumed>, 0x7ffe1f386480) = 18 [pid 3605] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3615] <... ioctl resumed>, 0x7ffe1f386480) = 18 [pid 3614] <... ioctl resumed>, 0x7ffe1f386480) = 18 [pid 3613] <... ioctl resumed>, 0x7ffe1f386480) = 18 [pid 3611] <... ioctl resumed>, 0x7ffe1f386480) = 18 [pid 3608] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3605] <... ioctl resumed>, 0x7ffe1f386480) = 9 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3614] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3615] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3613] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3611] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3608] <... ioctl resumed>, 0x7ffe1f386480) = 9 [pid 3605] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3608] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3605] <... ioctl resumed>, 0x7ffe1f386480) = 27 [pid 3615] <... ioctl resumed>, 0x7ffe1f386480) = 9 [pid 3614] <... ioctl resumed>, 0x7ffe1f386480) = 9 [pid 3613] <... ioctl resumed>, 0x7ffe1f386480) = 9 [pid 3611] <... ioctl resumed>, 0x7ffe1f386480) = 9 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3608] <... ioctl resumed>, 0x7ffe1f386480) = 27 [pid 3615] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3614] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3613] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3611] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3605] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3605] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3605] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3605] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fc4ff82a46c) = 12 [pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe1f386480) = 0 [pid 3608] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3615] <... ioctl resumed>, 0x7ffe1f386480) = 27 [pid 3614] <... ioctl resumed>, 0x7ffe1f386480) = 27 [pid 3611] <... ioctl resumed>, 0x7ffe1f386480) = 27 [ 44.581919][ T144] usb 1-1: config index 0 descriptor too short (expected 12164, got 27) [ 44.581962][ T144] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 44.582007][ T144] usb 1-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=44.11 [ 44.582031][ T144] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3613] <... ioctl resumed>, 0x7ffe1f386480) = 27 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3608] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3615] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3614] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3611] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3608] <... ioctl resumed>, 0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3614] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3613] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3608] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3615] <... ioctl resumed>, 0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fc4ff82a46c) = 12 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3614] <... ioctl resumed>, 0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3611] <... ioctl resumed>, 0) = 0 [pid 3608] <... ioctl resumed>, 0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fc4ff82a46c) = 12 [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3613] <... ioctl resumed>, 0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [ 44.591924][ T144] usb 1-1: config 0 descriptor?? [ 44.611869][ T27] usb 2-1: config index 0 descriptor too short (expected 12164, got 27) [ 44.611916][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 44.611958][ T27] usb 2-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=44.11 [pid 3613] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fc4ff82a46c) = 12 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3615] <... ioctl resumed>, 0x7ffe1f386480) = 0 [pid 3614] <... ioctl resumed>, 0x7ffe1f386480) = 0 [pid 3613] <... ioctl resumed>, 0x7ffe1f386480) = 0 [pid 3611] <... ioctl resumed>, 0) = 0 [pid 3608] <... ioctl resumed>, 0x7fc4ff82a46c) = 12 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fc4ff82a46c) = 12 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe1f386480) = 0 [pid 3608] <... ioctl resumed>, 0x7ffe1f386480) = 0 [ 44.611984][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.614154][ T27] usb 2-1: config 0 descriptor?? [ 44.640553][ T3620] usb 3-1: config index 0 descriptor too short (expected 12164, got 27) [ 44.640594][ T3620] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 44.640631][ T3620] usb 3-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=44.11 [ 44.640655][ T3620] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.641386][ T2934] usb 5-1: config index 0 descriptor too short (expected 12164, got 27) [ 44.641423][ T2934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 44.641531][ T2934] usb 5-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=44.11 [ 44.641558][ T2934] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.642277][ T3621] usb 6-1: config index 0 descriptor too short (expected 12164, got 27) [pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe1f3874b0) = 0 [pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe1f3864a0) = 0 [ 44.642313][ T3621] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 44.642353][ T3621] usb 6-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=44.11 [ 44.642380][ T3621] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.643113][ T3618] usb 4-1: config index 0 descriptor too short (expected 12164, got 27) [ 44.643147][ T3618] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 44.643183][ T3618] usb 4-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=44.11 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3615] <... ioctl resumed>, 0x7ffe1f3874b0) = 0 [pid 3614] <... ioctl resumed>, 0x7ffe1f3874b0) = 0 [pid 3613] <... ioctl resumed>, 0x7ffe1f3874b0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3615] <... ioctl resumed>, 0x7ffe1f3864a0) = 0 [ 44.643209][ T3618] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.645603][ T3618] usb 4-1: config 0 descriptor?? [ 44.646548][ T2934] usb 5-1: config 0 descriptor?? [ 44.647445][ T3620] usb 3-1: config 0 descriptor?? [ 44.648326][ T3621] usb 6-1: config 0 descriptor?? [ 44.854031][ T144] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 44.854056][ T144] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe1f3874b0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3608] <... ioctl resumed>, 0x7ffe1f3874b0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3614] <... ioctl resumed>, 0x7ffe1f3864a0) = 0 [pid 3613] <... ioctl resumed>, 0x7ffe1f3864a0) = 0 [pid 3611] <... ioctl resumed>, 0x7ffe1f3864a0) = 0 [pid 3608] <... ioctl resumed>, 0x7ffe1f3864a0) = 0 [ 44.911707][ T3621] radio-si470x 6-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 44.911733][ T3621] radio-si470x 6-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 44.951785][ T3618] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 44.951811][ T3618] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 44.952225][ T2934] radio-si470x 5-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 44.952245][ T2934] radio-si470x 5-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 44.952394][ T3620] radio-si470x 3-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 44.952412][ T3620] radio-si470x 3-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 44.952547][ T27] radio-si470x 2-1:0.0: DeviceID=0x0000 ChipID=0x0000 [pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe1f3874b0) = 0 [pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe1f3864a0) = 0 [ 44.952566][ T27] radio-si470x 2-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 45.061677][ T144] radio-si470x 1-1:0.0: software version 0, hardware version 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe1f3874b0) = 0 [ 45.061707][ T144] radio-si470x 1-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 45.061726][ T144] radio-si470x 1-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe1f3864a0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3608] <... ioctl resumed>, 0x7ffe1f3874b0) = 0 [pid 3614] <... ioctl resumed>, 0x7ffe1f3874b0) = 0 [pid 3613] <... ioctl resumed>, 0x7ffe1f3874b0) = 0 [pid 3611] <... ioctl resumed>, 0x7ffe1f3874b0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3614] <... ioctl resumed>, 0x7ffe1f3864a0) = 0 [pid 3613] <... ioctl resumed>, 0x7ffe1f3864a0) = 0 [pid 3611] <... ioctl resumed>, 0x7ffe1f3864a0) = 0 [pid 3608] <... ioctl resumed>, 0x7ffe1f3864a0) = 0 [ 45.141663][ T3621] radio-si470x 6-1:0.0: software version 0, hardware version 0 [ 45.141690][ T3621] radio-si470x 6-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 45.141711][ T3621] radio-si470x 6-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 45.190018][ T3618] radio-si470x 4-1:0.0: software version 0, hardware version 0 [ 45.190044][ T3618] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 45.190066][ T3618] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 45.190311][ T2934] radio-si470x 5-1:0.0: software version 0, hardware version 0 [ 45.190332][ T2934] radio-si470x 5-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [pid 3605] exit_group(0) = ? [pid 3605] +++ exited with 0 +++ [pid 3604] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3605, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [ 45.190353][ T2934] radio-si470x 5-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 45.190499][ T3620] radio-si470x 3-1:0.0: software version 0, hardware version 0 [ 45.190520][ T3620] radio-si470x 3-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 45.190541][ T3620] radio-si470x 3-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 45.190683][ T27] radio-si470x 2-1:0.0: software version 0, hardware version 0 [pid 3604] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b485d0) = 3627 ./strace-static-x86_64: Process 3627 attached [pid 3627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3627] setpgid(0, 0) = 0 [pid 3627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3627] write(3, "1000", 4) = 4 [pid 3627] close(3) = 0 [pid 3627] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3627] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe1f387490) = 0 [pid 3627] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3627] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe1f387490) = 0 [pid 3627] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3615] exit_group(0) = ? [ 45.190702][ T27] radio-si470x 2-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 45.190723][ T27] radio-si470x 2-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 45.301764][ T144] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71 [pid 3615] +++ exited with 0 +++ [pid 3612] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3615, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3612] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3612] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b485d0) = 3629 ./strace-static-x86_64: Process 3629 attached [pid 3629] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3614] exit_group(0 [pid 3613] exit_group(0 [pid 3614] <... exit_group resumed>) = ? [pid 3613] <... exit_group resumed>) = ? [pid 3629] <... prctl resumed>) = 0 [pid 3614] +++ exited with 0 +++ [pid 3613] +++ exited with 0 +++ [pid 3610] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3614, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3609] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3613, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3610] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3609] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3629] setpgid(0, 0 [pid 3611] exit_group(0 [pid 3610] <... clone resumed>, child_tidptr=0x555556b485d0) = 3630 [pid 3609] <... clone resumed>, child_tidptr=0x555556b485d0) = 3631 [pid 3611] <... exit_group resumed>) = ? [pid 3608] exit_group(0) = ? [pid 3629] <... setpgid resumed>) = 0 [pid 3611] +++ exited with 0 +++ [pid 3608] +++ exited with 0 +++ [pid 3607] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3611, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3606] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3608, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [ 45.327496][ C1] radio-si470x 1-1:0.0: non-zero urb status (-71) [ 45.328101][ T144] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 45.328311][ T144] radio-si470x: probe of 1-1:0.0 failed with error -22 [pid 3629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3607] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3606] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3629] <... openat resumed>) = 3 [pid 3629] write(3, "1000", 4 [pid 3607] <... clone resumed>, child_tidptr=0x555556b485d0) = 3632 [pid 3606] <... clone resumed>, child_tidptr=0x555556b485d0) = 3633 [pid 3629] <... write resumed>) = 4 [pid 3629] close(3./strace-static-x86_64: Process 3630 attached ./strace-static-x86_64: Process 3633 attached ./strace-static-x86_64: Process 3631 attached [pid 3630] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3633] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3631] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3630] <... prctl resumed>) = 0 [pid 3629] <... close resumed>) = 0 [pid 3633] <... prctl resumed>) = 0 [pid 3631] <... prctl resumed>) = 0 [pid 3630] setpgid(0, 0 [pid 3629] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3633] setpgid(0, 0 [pid 3631] setpgid(0, 0 [pid 3630] <... setpgid resumed>) = 0 [pid 3629] <... openat resumed>) = 3 [pid 3633] <... setpgid resumed>) = 0 [pid 3631] <... setpgid resumed>) = 0 [pid 3630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3629] ioctl(3, USB_RAW_IOCTL_INIT [pid 3633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3630] <... openat resumed>) = 3 [pid 3629] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3633] <... openat resumed>) = 3 [pid 3631] <... openat resumed>) = 3 [pid 3630] write(3, "1000", 4 [pid 3629] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN./strace-static-x86_64: Process 3632 attached [pid 3633] write(3, "1000", 4 [pid 3631] write(3, "1000", 4 [pid 3629] <... ioctl resumed>, 0) = 0 [pid 3632] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3632] <... prctl resumed>) = 0 [pid 3629] <... ioctl resumed>, 0x7ffe1f387490) = 0 [pid 3632] setpgid(0, 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3632] <... setpgid resumed>) = 0 [pid 3632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3633] <... write resumed>) = 4 [pid 3632] <... openat resumed>) = 3 [pid 3631] <... write resumed>) = 4 [pid 3630] <... write resumed>) = 4 [pid 3632] write(3, "1000", 4) = 4 [pid 3632] close(3) = 0 [pid 3632] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3632] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe1f387490) = 0 [pid 3632] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3633] close(3 [pid 3632] <... ioctl resumed>, 0) = 0 [pid 3631] close(3 [pid 3630] close(3 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe1f387490) = 0 [ 45.339327][ T144] usb 1-1: USB disconnect, device number 2 [ 45.355530][ T3621] radio-si470x 6-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 45.374253][ C1] radio-si470x 6-1:0.0: non-zero urb status (-71) [ 45.374873][ T3621] radio-si470x 6-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 45.374873][ T3621] radio-si470x 6-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 45.375082][ T3621] radio-si470x: probe of 6-1:0.0 failed with error -22 [ 45.382656][ T3621] usb 6-1: USB disconnect, device number 2 [ 45.421953][ T3618] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 45.422114][ T2934] radio-si470x 5-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 45.422255][ T3620] radio-si470x 3-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 45.422381][ T27] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 45.451501][ C1] radio-si470x 2-1:0.0: non-zero urb status (-71) [ 45.451585][ C1] radio-si470x 3-1:0.0: non-zero urb status (-71) [ 45.451655][ C1] radio-si470x 5-1:0.0: non-zero urb status (-71) [ 45.451722][ C1] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 45.451967][ T27] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 45.452116][ T27] radio-si470x: probe of 2-1:0.0 failed with error -22 [ 45.453680][ T3620] radio-si470x 3-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 45.453815][ T3620] radio-si470x: probe of 3-1:0.0 failed with error -22 [ 45.455475][ T2934] radio-si470x 5-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 45.455607][ T2934] radio-si470x: probe of 5-1:0.0 failed with error -22 [ 45.456915][ T3618] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 45.457047][ T3618] radio-si470x: probe of 4-1:0.0 failed with error -22 [ 45.461524][ C1] ================================================================== [ 45.461532][ C1] BUG: KASAN: use-after-free in si470x_int_in_callback.cold+0x96/0xbf [ 45.461583][ C1] Read of size 8 at addr ffff88807a06aab8 by task udevd/3619 [ 45.461601][ C1] [ 45.461606][ C1] CPU: 1 PID: 3619 Comm: udevd Not tainted 5.18.0-syzkaller-12234-g50fd82b3a9a9 #0 [ 45.461627][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.461640][ C1] Call Trace: [ 45.461645][ C1] [ 45.461653][ C1] dump_stack_lvl+0xcd/0x134 [ 45.461677][ C1] print_address_description.constprop.0.cold+0xeb/0x495 [ 45.461707][ C1] ? si470x_int_in_callback.cold+0x96/0xbf [ 45.461736][ C1] kasan_report.cold+0xf4/0x1c6 [ 45.461760][ C1] ? si470x_int_in_callback.cold+0x96/0xbf [ 45.461788][ C1] si470x_int_in_callback.cold+0x96/0xbf [ 45.461815][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 45.461839][ C1] ? si470x_fops_read+0x790/0x790 [ 45.461865][ C1] ? usb_hcd_unmap_urb_for_dma+0x105/0x6d0 [ 45.461889][ C1] ? dummy_timer+0x11e7/0x32b0 [ 45.461916][ C1] __usb_hcd_giveback_urb+0x2b0/0x5c0 [ 45.461940][ C1] usb_hcd_giveback_urb+0x367/0x410 [ 45.461965][ C1] dummy_timer+0x11f9/0x32b0 [ 45.461992][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 45.462036][ C1] ? dummy_dequeue+0x500/0x500 [ 45.462064][ C1] ? dummy_dequeue+0x500/0x500 [ 45.462089][ C1] call_timer_fn+0x1a5/0x6b0 [ 45.462112][ C1] ? timer_fixup_activate+0x350/0x350 [ 45.462135][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 45.462162][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 45.462184][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 45.462209][ C1] ? dummy_dequeue+0x500/0x500 [ 45.462237][ C1] __run_timers.part.0+0x679/0xa80 [ 45.462265][ C1] ? call_timer_fn+0x6b0/0x6b0 [ 45.462288][ C1] ? __wake_up_locked_sync_key+0x20/0x20 [ 45.462312][ C1] ? kvm_sched_clock_read+0x14/0x40 [ 45.462335][ C1] ? sched_clock_cpu+0x69/0x2b0 [ 45.462359][ C1] run_timer_softirq+0xb3/0x1d0 [ 45.462382][ C1] __do_softirq+0x29b/0x9c2 [ 45.462410][ C1] __irq_exit_rcu+0x123/0x180 [ 45.462439][ C1] irq_exit_rcu+0x5/0x20 [ 45.462459][ C1] sysvec_apic_timer_interrupt+0x93/0xc0 [ 45.462490][ C1] [ 45.462497][ C1] [ 45.462504][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 45.462532][ C1] RIP: 0010:syscall_enter_from_user_mode+0x2b/0x70 [ 45.462558][ C1] Code: 54 49 89 f4 55 48 89 fd 48 8b 7c 24 10 e8 ed f5 ff ff eb 27 eb 2b e8 54 57 0a f8 e8 0f 55 0a f8 fb 65 48 8b 04 25 80 6f 02 00 <48> 8b 70 08 40 f6 c6 3f 75 19 4c 89 e0 5d 41 5c c3 eb 1b 0f 0b eb [ 45.462581][ C1] RSP: 0018:ffffc900030cff28 EFLAGS: 00000206 [ 45.462601][ C1] RAX: ffff888018228000 RBX: 0000000000000000 RCX: 1ffffffff1b774b1 [ 45.462618][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 45.462632][ C1] RBP: ffffc900030cff58 R08: 0000000000000001 R09: 0000000000000001 [ 45.462647][ C1] R10: fffffbfff1b77a8a R11: 0000000000000001 R12: 0000000000000106 [ 45.462662][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 45.462684][ C1] ? syscall_enter_from_user_mode+0x21/0x70 [ 45.462709][ C1] do_syscall_64+0x16/0xb0 [ 45.462734][ C1] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 45.462765][ C1] RIP: 0033:0x7f1124d251da [ 45.462786][ C1] Code: 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 0b 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 90 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 07 31 c0 c3 0f 1f 40 00 48 8b 15 69 fc 0c 00 f7 [ 45.462808][ C1] RSP: 002b:00007ffd0a7c41e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000106 [ 45.462830][ C1] RAX: ffffffffffffffda RBX: 00007ffd0a7c4298 RCX: 00007f1124d251da [ 45.462845][ C1] RDX: 00007ffd0a7c4208 RSI: 00007ffd0a7c4bb8 RDI: 00000000ffffff9c [ 45.462859][ C1] RBP: 00007ffd0a7c4bb8 R08: 0000000000000000 R09: 00007ffd0a7c49a0 [ 45.462873][ C1] R10: 0000000000000100 R11: 0000000000000206 R12: 0000000000000005 [ 45.462887][ C1] R13: 0000561f2d7512e0 R14: 0000561f2d732190 R15: 00007ffd0a7c4bc9 [ 45.462910][ C1] [ 45.462918][ C1] [ 45.462921][ C1] Allocated by task 3618: [ 45.462931][ C1] kasan_save_stack+0x1e/0x40 [ 45.462958][ C1] __kasan_kmalloc+0xa9/0xd0 [ 45.462983][ C1] si470x_usb_driver_probe+0x51/0xf90 [ 45.463006][ C1] usb_probe_interface+0x315/0x7f0 [ 45.463031][ C1] really_probe+0x23e/0xb90 [ 45.463054][ C1] __driver_probe_device+0x338/0x4d0 [ 45.463078][ C1] driver_probe_device+0x4c/0x1a0 [ 45.463101][ C1] __device_attach_driver+0x20b/0x2f0 [ 45.463125][ C1] bus_for_each_drv+0x15f/0x1e0 [ 45.463148][ C1] __device_attach+0x228/0x4a0 [ 45.463170][ C1] bus_probe_device+0x1e4/0x290 [ 45.463192][ C1] device_add+0xb83/0x1e20 [ 45.463212][ C1] usb_set_configuration+0x101e/0x1900 [ 45.463235][ C1] usb_generic_driver_probe+0xba/0x100 [ 45.463258][ C1] usb_probe_device+0xd9/0x2c0 [ 45.463280][ C1] really_probe+0x23e/0xb90 [ 45.463300][ C1] __driver_probe_device+0x338/0x4d0 [ 45.463324][ C1] driver_probe_device+0x4c/0x1a0 [ 45.463347][ C1] __device_attach_driver+0x20b/0x2f0 [ 45.463372][ C1] bus_for_each_drv+0x15f/0x1e0 [ 45.463392][ C1] __device_attach+0x228/0x4a0 [ 45.463415][ C1] bus_probe_device+0x1e4/0x290 [ 45.463444][ C1] device_add+0xb83/0x1e20 [ 45.463463][ C1] usb_new_device.cold+0x641/0x1091 [ 45.463483][ C1] hub_event+0x25c6/0x4680 [ 45.463500][ C1] process_one_work+0x996/0x1610 [ 45.463523][ C1] worker_thread+0x665/0x1080 [ 45.463544][ C1] kthread+0x2e9/0x3a0 [ 45.463562][ C1] ret_from_fork+0x1f/0x30 [ 45.463586][ C1] [ 45.463589][ C1] Freed by task 3618: [ 45.463598][ C1] kasan_save_stack+0x1e/0x40 [ 45.463624][ C1] kasan_set_track+0x21/0x30 [ 45.463649][ C1] kasan_set_free_info+0x20/0x30 [ 45.463669][ C1] ____kasan_slab_free+0x166/0x1a0 [ 45.463695][ C1] slab_free_freelist_hook+0x8b/0x1c0 [ 45.463720][ C1] kfree+0xd6/0x4d0 [ 45.463742][ C1] si470x_usb_driver_probe+0xb3d/0xf90 [ 45.463765][ C1] usb_probe_interface+0x315/0x7f0 [ 45.463788][ C1] really_probe+0x23e/0xb90 [ 45.463810][ C1] __driver_probe_device+0x338/0x4d0 [ 45.463835][ C1] driver_probe_device+0x4c/0x1a0 [ 45.463858][ C1] __device_attach_driver+0x20b/0x2f0 [ 45.463883][ C1] bus_for_each_drv+0x15f/0x1e0 [ 45.463904][ C1] __device_attach+0x228/0x4a0 [ 45.463926][ C1] bus_probe_device+0x1e4/0x290 [ 45.463948][ C1] device_add+0xb83/0x1e20 [ 45.463967][ C1] usb_set_configuration+0x101e/0x1900 [ 45.463991][ C1] usb_generic_driver_probe+0xba/0x100 [ 45.464013][ C1] usb_probe_device+0xd9/0x2c0 [ 45.464036][ C1] really_probe+0x23e/0xb90 [ 45.464057][ C1] __driver_probe_device+0x338/0x4d0 [ 45.464082][ C1] driver_probe_device+0x4c/0x1a0 [ 45.464105][ C1] __device_attach_driver+0x20b/0x2f0 [ 45.464129][ C1] bus_for_each_drv+0x15f/0x1e0 [ 45.464150][ C1] __device_attach+0x228/0x4a0 [ 45.464167][ C1] bus_probe_device+0x1e4/0x290 [ 45.464196][ C1] device_add+0xb83/0x1e20 [ 45.464216][ C1] usb_new_device.cold+0x641/0x1091 [ 45.464234][ C1] hub_event+0x25c6/0x4680 [ 45.464251][ C1] process_one_work+0x996/0x1610 [ 45.464273][ C1] worker_thread+0x665/0x1080 [ 45.464294][ C1] kthread+0x2e9/0x3a0 [ 45.464312][ C1] ret_from_fork+0x1f/0x30 [ 45.464335][ C1] [ 45.464338][ C1] The buggy address belongs to the object at ffff88807a06a000 [ 45.464338][ C1] which belongs to the cache kmalloc-4k of size 4096 [ 45.464355][ C1] The buggy address is located 2744 bytes inside of [ 45.464355][ C1] 4096-byte region [ffff88807a06a000, ffff88807a06b000) [ 45.464377][ C1] [ 45.464380][ C1] The buggy address belongs to the physical page: [ 45.464388][ C1] page:ffffea0001e81a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a068 [ 45.464411][ C1] head:ffffea0001e81a00 order:3 compound_mapcount:0 compound_pincount:0 [ 45.464495][ C1] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 45.464529][ C1] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888011842140 [ 45.464549][ C1] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 45.464560][ C1] page dumped because: kasan: bad access detected [ 45.464569][ C1] page_owner tracks the page as allocated [ 45.464574][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2981, tgid 2981 (udevd), ts 20846548382, free_ts 16235536753 [ 45.464613][ C1] get_page_from_freelist+0x1290/0x3b70 [ 45.464636][ C1] __alloc_pages+0x1c7/0x510 [ 45.464655][ C1] alloc_pages+0x1aa/0x310 [ 45.464672][ C1] allocate_slab+0x26c/0x3c0 [ 45.464695][ C1] ___slab_alloc+0x985/0xd90 [ 45.464718][ C1] __slab_alloc.constprop.0+0x4d/0xa0 [ 45.464743][ C1] __kmalloc+0x318/0x350 [ 45.464767][ C1] tomoyo_realpath_from_path+0xc3/0x620 [ 45.464794][ C1] tomoyo_path_perm+0x21b/0x400 [ 45.464817][ C1] security_inode_getattr+0xcf/0x140 [ 45.464841][ C1] vfs_statx+0x16a/0x390 [ 45.464862][ C1] vfs_fstatat+0x8c/0xb0 [ 45.464884][ C1] __do_sys_newfstatat+0x91/0x110 [ 45.464908][ C1] do_syscall_64+0x35/0xb0 [ 45.464928][ C1] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 45.464951][ C1] page last free stack trace: [ 45.464955][ C1] free_pcp_prepare+0x549/0xd20 [ 45.464975][ C1] free_unref_page+0x19/0x6a0 [ 45.464993][ C1] __unfreeze_partials+0x17c/0x1a0 [ 45.465016][ C1] qlist_free_all+0x6a/0x170 [ 45.465037][ C1] kasan_quarantine_reduce+0x180/0x200 [ 45.465061][ C1] __kasan_slab_alloc+0xa2/0xc0 [ 45.465079][ C1] kmem_cache_alloc+0x204/0x3b0 [ 45.465103][ C1] security_file_alloc+0x34/0x170 [ 45.465127][ C1] __alloc_file+0xd9/0x270 [ 45.465144][ C1] alloc_empty_file+0x6d/0x170 [ 45.465164][ C1] path_openat+0xe4/0x2910 [ 45.465184][ C1] do_filp_open+0x1aa/0x400 [ 45.465203][ C1] do_sys_openat2+0x16d/0x4c0 [ 45.465225][ C1] __x64_sys_openat+0x13f/0x1f0 [ 45.465247][ C1] do_syscall_64+0x35/0xb0 [ 45.465269][ C1] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 45.465294][ C1] [ 45.465297][ C1] Memory state around the buggy address: [ 45.465308][ C1] ffff88807a06a980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.465322][ C1] ffff88807a06aa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.465337][ C1] >ffff88807a06aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.465347][ C1] ^ [ 45.465357][ C1] ffff88807a06ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.465372][ C1] ffff88807a06ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.465383][ C1] ================================================================== [ 45.465392][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 45.465404][ C1] CPU: 1 PID: 3619 Comm: udevd Not tainted 5.18.0-syzkaller-12234-g50fd82b3a9a9 #0 [ 45.465434][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.465446][ C1] Call Trace: [ 45.465451][ C1] [ 45.465458][ C1] dump_stack_lvl+0xcd/0x134 [ 45.465482][ C1] panic+0x2d7/0x636 [ 45.465504][ C1] ? panic_print_sys_info.part.0+0x10b/0x10b [ 45.465533][ C1] ? si470x_int_in_callback.cold+0x96/0xbf [ 45.465563][ C1] end_report.part.0+0x3f/0x7c [ 45.465586][ C1] kasan_report.cold+0x93/0x1c6 [ 45.465610][ C1] ? si470x_int_in_callback.cold+0x96/0xbf [ 45.465639][ C1] si470x_int_in_callback.cold+0x96/0xbf [ 45.465668][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 45.465694][ C1] ? si470x_fops_read+0x790/0x790 [ 45.465720][ C1] ? usb_hcd_unmap_urb_for_dma+0x105/0x6d0 [ 45.465743][ C1] ? dummy_timer+0x11e7/0x32b0 [ 45.465771][ C1] __usb_hcd_giveback_urb+0x2b0/0x5c0 [ 45.465795][ C1] usb_hcd_giveback_urb+0x367/0x410 [ 45.465818][ C1] dummy_timer+0x11f9/0x32b0 [ 45.465843][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 45.465886][ C1] ? dummy_dequeue+0x500/0x500 [ 45.465913][ C1] ? dummy_dequeue+0x500/0x500 [ 45.465936][ C1] call_timer_fn+0x1a5/0x6b0 [ 45.465956][ C1] ? timer_fixup_activate+0x350/0x350 [ 45.465978][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 45.466007][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 45.466030][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 45.466053][ C1] ? dummy_dequeue+0x500/0x500 [ 45.466078][ C1] __run_timers.part.0+0x679/0xa80 [ 45.466106][ C1] ? call_timer_fn+0x6b0/0x6b0 [ 45.466128][ C1] ? __wake_up_locked_sync_key+0x20/0x20 [ 45.466151][ C1] ? kvm_sched_clock_read+0x14/0x40 [ 45.466174][ C1] ? sched_clock_cpu+0x69/0x2b0 [ 45.466200][ C1] run_timer_softirq+0xb3/0x1d0 [ 45.466224][ C1] __do_softirq+0x29b/0x9c2 [ 45.466253][ C1] __irq_exit_rcu+0x123/0x180 [ 45.466276][ C1] irq_exit_rcu+0x5/0x20 [ 45.466297][ C1] sysvec_apic_timer_interrupt+0x93/0xc0 [ 45.466329][ C1] [ 45.466336][ C1] [ 45.466343][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 45.466370][ C1] RIP: 0010:syscall_enter_from_user_mode+0x2b/0x70 [ 45.466397][ C1] Code: 54 49 89 f4 55 48 89 fd 48 8b 7c 24 10 e8 ed f5 ff ff eb 27 eb 2b e8 54 57 0a f8 e8 0f 55 0a f8 fb 65 48 8b 04 25 80 6f 02 00 <48> 8b 70 08 40 f6 c6 3f 75 19 4c 89 e0 5d 41 5c c3 eb 1b 0f 0b eb [ 45.466424][ C1] RSP: 0018:ffffc900030cff28 EFLAGS: 00000206 [ 45.466445][ C1] RAX: ffff888018228000 RBX: 0000000000000000 RCX: 1ffffffff1b774b1 [ 45.466462][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 45.466477][ C1] RBP: ffffc900030cff58 R08: 0000000000000001 R09: 0000000000000001 [ 45.466491][ C1] R10: fffffbfff1b77a8a R11: 0000000000000001 R12: 0000000000000106 [ 45.466506][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 45.466528][ C1] ? syscall_enter_from_user_mode+0x21/0x70 [ 45.466554][ C1] do_syscall_64+0x16/0xb0 [ 45.466580][ C1] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 45.466606][ C1] RIP: 0033:0x7f1124d251da [ 45.466626][ C1] Code: 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 0b 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 90 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 07 31 c0 c3 0f 1f 40 00 48 8b 15 69 fc 0c 00 f7 [ 45.466648][ C1] RSP: 002b:00007ffd0a7c41e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000106 [ 45.466669][ C1] RAX: ffffffffffffffda RBX: 00007ffd0a7c4298 RCX: 00007f1124d251da [ 45.466685][ C1] RDX: 00007ffd0a7c4208 RSI: 00007ffd0a7c4bb8 RDI: 00000000ffffff9c [ 45.466701][ C1] RBP: 00007ffd0a7c4bb8 R08: 0000000000000000 R09: 00007ffd0a7c49a0 [ 45.466717][ C1] R10: 0000000000000100 R11: 0000000000000206 R12: 0000000000000005 [ 45.466731][ C1] R13: 0000561f2d7512e0 R14: 0000561f2d732190 R15: 00007ffd0a7c4bc9 [ 45.466754][ C1] [ 45.466923][ C1] Kernel Offset: disabled