./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2050909814 <...> Warning: Permanently added '10.128.1.89' (ED25519) to the list of known hosts. execve("./syz-executor2050909814", ["./syz-executor2050909814"], 0x7ffc5432c6c0 /* 10 vars */) = 0 brk(NULL) = 0x555557a32000 brk(0x555557a32e00) = 0x555557a32e00 arch_prctl(ARCH_SET_FS, 0x555557a32480) = 0 set_tid_address(0x555557a32750) = 5093 set_robust_list(0x555557a32760, 24) = 0 rseq(0x555557a32da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2050909814", 4096) = 28 getrandom("\xbc\xeb\x57\xe0\x28\x69\x3c\xbe", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557a32e00 brk(0x555557a53e00) = 0x555557a53e00 brk(0x555557a54000) = 0x555557a54000 mprotect(0x7f5dbbf76000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f5dbbecc880, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5dbbed4f50}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f5dbbecc880, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5dbbed4f50}, NULL, 8) = 0 mkdir("./syzkaller.niQFlV", 0700) = 0 chmod("./syzkaller.niQFlV", 0777) = 0 chdir("./syzkaller.niQFlV") = 0 mkdir("./0", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5094 ./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x555557a32760, 24) = 0 [pid 5094] chdir("./0") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5094] write(1, "executing program\n", 18) = 18 [pid 5094] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5094] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5094] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5094] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5094] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5094] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5094] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5094] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5094] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5094] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5094] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5094] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5094] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5094] close(5) = 0 [pid 5094] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5094] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5094] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5094] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 77.419193][ T783] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 5094] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5094] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5094] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5094] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5094] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5094] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 77.635162][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 77.644171][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 77.654438][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 77.663559][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5094] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5094] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 77.681036][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 77.690817][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 77.698927][ T783] usb 1-1: Product: syz [ 77.703126][ T783] usb 1-1: Manufacturer: syz [ 77.730703][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 77.736003][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 77.744760][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 77.750811][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5094] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5094] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5094] exit_group(0) = ? [ 77.931928][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 77.937673][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 77.943410][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 77.949356][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 77.955304][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 77.960986][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 77.966749][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 77.972593][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 [ 77.978479][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 77.984289][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 77.994283][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 77.998452][ T9] usb 1-1: USB disconnect, device number 2 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached , child_tidptr=0x555557a32750) = 5099 [pid 5099] set_robust_list(0x555557a32760, 24) = 0 [pid 5099] chdir("./1") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5099] write(1, "executing program\n", 18) = 18 [pid 5099] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5099] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5099] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5099] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5099] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5099] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5099] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5099] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5099] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5099] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5099] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5099] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5099] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5099] close(5) = 0 [pid 5099] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5099] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5099] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5099] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 78.618985][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [pid 5099] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5099] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5099] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5099] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5099] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5099] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 78.833708][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 78.842596][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 78.852736][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 78.861777][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5099] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5099] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 78.887358][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 78.896494][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 78.904548][ T9] usb 1-1: Product: syz [ 78.908762][ T9] usb 1-1: Manufacturer: syz [ 78.941480][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 78.946771][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 78.953706][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 78.959699][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5099] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5099] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5099] exit_group(0) = ? [ 79.153978][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 79.159707][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 79.165825][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 79.171697][ C0] hrtimer: interrupt took 17743885 ns [ 79.177151][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 79.183020][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 79.188719][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 79.194658][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x555557a32760, 24) = 0 [pid 5100] chdir("./2") = 0 [ 79.200384][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 79.205975][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 79.218092][ T783] usb 1-1: USB disconnect, device number 3 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] write(1, "executing program\n", 18executing program ) = 18 [pid 5100] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5100] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5100] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5100] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5100] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5100] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5100] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5100] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5100] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5100] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5100] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5100] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5100] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5100] close(5) = 0 [pid 5100] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5100] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5100] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5100] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 79.828976][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [pid 5100] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5100] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5100] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5100] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5100] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5100] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 80.034018][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 80.042821][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 80.052989][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 80.062151][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5100] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5100] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 80.098292][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 80.107435][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 80.115495][ T9] usb 1-1: Product: syz [ 80.119779][ T9] usb 1-1: Manufacturer: syz [ 80.154118][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 80.159505][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 80.165973][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 80.171987][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5100] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5100] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 80.355194][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 80.361021][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 80.366775][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 80.372626][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 80.378324][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 80.384101][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 80.389980][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 80.395815][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5100] exit_group(0) = ? [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 80.401647][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 80.407596][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 80.413267][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 80.419111][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 80.424804][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 80.430430][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 80.444236][ T9] usb 1-1: USB disconnect, device number 4 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5101 ./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x555557a32760, 24) = 0 [pid 5101] chdir("./3") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5101] write(1, "executing program\n", 18) = 18 [pid 5101] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5101] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5101] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5101] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5101] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5101] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5101] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5101] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5101] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5101] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5101] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5101] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5101] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5101] close(5) = 0 [pid 5101] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5101] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5101] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5101] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 81.068929][ T783] usb 1-1: new high-speed USB device number 5 using dummy_hcd [pid 5101] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5101] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5101] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5101] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5101] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5101] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 81.265078][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 81.274277][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 81.284515][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 81.293584][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5101] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5101] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 81.310657][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 81.320039][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 81.328254][ T783] usb 1-1: Product: syz [ 81.332605][ T783] usb 1-1: Manufacturer: syz [ 81.367742][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 81.373112][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 81.380185][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 81.386113][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5101] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5101] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5101] exit_group(0) = ? [ 81.568004][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 81.573741][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 81.579547][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 81.585474][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 81.591387][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 81.597278][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 81.603153][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 81.609020][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached , child_tidptr=0x555557a32750) = 5102 [pid 5102] set_robust_list(0x555557a32760, 24) = 0 [pid 5102] chdir("./4") = 0 [ 81.614741][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 81.623645][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 81.625559][ T9] usb 1-1: USB disconnect, device number 5 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5102] write(1, "executing program\n", 18) = 18 [pid 5102] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5102] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5102] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5102] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5102] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5102] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5102] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5102] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5102] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5102] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5102] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5102] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5102] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5102] close(5) = 0 [pid 5102] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5102] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5102] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5102] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 82.248919][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [pid 5102] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5102] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5102] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5102] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5102] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5102] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 82.473333][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 82.482063][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 82.492211][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 82.501354][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5102] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5102] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 82.517786][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 82.527065][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 82.535178][ T9] usb 1-1: Product: syz [ 82.539400][ T9] usb 1-1: Manufacturer: syz [ 82.571146][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 82.576921][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 82.583929][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 82.589939][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5102] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5102] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5102] exit_group(0) = ? [ 82.771906][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 82.777658][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 82.783400][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 82.789104][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 82.794851][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 82.800541][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 82.806264][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 82.811965][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached , child_tidptr=0x555557a32750) = 5104 [pid 5104] set_robust_list(0x555557a32760, 24) = 0 [pid 5104] chdir("./5") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5104] write(1, "executing program\n", 18) = 18 [ 82.817575][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 82.830082][ T783] usb 1-1: USB disconnect, device number 6 [pid 5104] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5104] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5104] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5104] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5104] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5104] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5104] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5104] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5104] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5104] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5104] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5104] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5104] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5104] close(5) = 0 [pid 5104] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5104] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5104] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5104] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 83.429001][ T783] usb 1-1: new high-speed USB device number 7 using dummy_hcd [pid 5104] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5104] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5104] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5104] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5104] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5104] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 83.623825][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 83.632988][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 83.643563][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 83.652644][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5104] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5104] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 83.679639][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 83.689050][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 83.697239][ T783] usb 1-1: Product: syz [ 83.701507][ T783] usb 1-1: Manufacturer: syz [ 83.727492][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 83.732809][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 83.739763][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 83.745695][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5104] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5104] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5104] exit_group(0) = ? [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5105 attached , child_tidptr=0x555557a32750) = 5105 [pid 5105] set_robust_list(0x555557a32760, 24) = 0 [pid 5105] chdir("./6") = 0 [ 83.937338][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 83.943090][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 83.948824][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 83.954505][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 83.960265][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 83.965983][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 83.975097][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [ 83.975519][ T783] usb 1-1: USB disconnect, device number 7 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5105] write(1, "executing program\n", 18) = 18 [pid 5105] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5105] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5105] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5105] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5105] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5105] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5105] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5105] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5105] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5105] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5105] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5105] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5105] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5105] close(5) = 0 [pid 5105] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5105] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5105] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5105] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 84.568934][ T783] usb 1-1: new high-speed USB device number 8 using dummy_hcd [pid 5105] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5105] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5105] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5105] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5105] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5105] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 84.763678][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 84.772821][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 84.783236][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 84.792419][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5105] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5105] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5105] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 84.808075][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 84.817625][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 84.825756][ T783] usb 1-1: Product: syz [ 84.830310][ T783] usb 1-1: Manufacturer: syz [ 84.873327][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 84.878623][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 84.885342][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 84.891373][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5105] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5105] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5105] exit_group(0) = ? [ 85.073144][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 85.078920][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 85.084753][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 85.090601][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 85.096471][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 85.102340][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 85.108227][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 85.113940][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5106 attached , child_tidptr=0x555557a32750) = 5106 [pid 5106] set_robust_list(0x555557a32760, 24) = 0 [pid 5106] chdir("./7") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [ 85.123165][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 85.125334][ T9] usb 1-1: USB disconnect, device number 8 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5106] write(1, "executing program\n", 18executing program ) = 18 [pid 5106] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5106] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5106] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5106] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5106] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5106] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5106] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5106] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5106] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5106] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5106] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5106] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5106] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5106] close(5) = 0 [pid 5106] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5106] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5106] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5106] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 85.738975][ T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd [pid 5106] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5106] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5106] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5106] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5106] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5106] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 85.943601][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 85.952317][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 85.962508][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 85.971558][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5106] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5106] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5106] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 86.010502][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 86.019707][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 86.027717][ T9] usb 1-1: Product: syz [ 86.031963][ T9] usb 1-1: Manufacturer: syz [ 86.066554][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 86.071908][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 86.078442][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 86.084433][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5106] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5106] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5106] exit_group(0) = ? [ 86.278744][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 86.284521][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 86.290366][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 86.296200][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 86.301891][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 86.307665][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 86.313443][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 86.319188][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5107 attached , child_tidptr=0x555557a32750) = 5107 [pid 5107] set_robust_list(0x555557a32760, 24) = 0 [pid 5107] chdir("./8") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 86.324878][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 86.330464][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 86.344340][ T783] usb 1-1: USB disconnect, device number 9 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] write(1, "executing program\n", 18executing program ) = 18 [pid 5107] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5107] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5107] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5107] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5107] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5107] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5107] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5107] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5107] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5107] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5107] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5107] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5107] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5107] close(5) = 0 [pid 5107] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5107] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5107] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5107] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 86.958951][ T783] usb 1-1: new high-speed USB device number 10 using dummy_hcd [pid 5107] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5107] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5107] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [ 87.161117][ T784] cfg80211: failed to load regulatory.db [ 87.179183][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 87.188361][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 87.198621][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [pid 5107] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5107] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5107] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5107] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5107] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 87.207919][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 87.224507][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 87.234252][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 87.242478][ T783] usb 1-1: Product: syz [ 87.246663][ T783] usb 1-1: Manufacturer: syz [ 87.271568][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 87.276818][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 87.283443][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 87.289448][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5107] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5107] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5107] exit_group(0) = ? [ 87.482468][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 87.488191][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 87.493954][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 87.499842][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 87.505688][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 87.511369][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 87.517145][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 87.522863][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5108 attached , child_tidptr=0x555557a32750) = 5108 [pid 5108] set_robust_list(0x555557a32760, 24) = 0 [pid 5108] chdir("./9") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5108] write(1, "executing program\n", 18) = 18 [pid 5108] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5108] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5108] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 87.533840][ T784] usb 1-1: USB disconnect, device number 10 [pid 5108] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5108] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5108] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5108] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5108] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5108] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5108] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5108] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5108] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5108] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5108] close(5) = 0 [pid 5108] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5108] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5108] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5108] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 88.138930][ T784] usb 1-1: new high-speed USB device number 11 using dummy_hcd [pid 5108] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5108] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5108] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5108] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5108] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5108] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 88.333039][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 88.341771][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 88.352018][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 88.361108][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5108] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5108] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 88.396676][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 88.405867][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 88.413955][ T784] usb 1-1: Product: syz [ 88.418141][ T784] usb 1-1: Manufacturer: syz [ 88.462866][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 88.468155][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 88.474776][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 88.480753][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5108] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5108] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5108] exit_group(0) = ? [ 88.663873][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 88.669608][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 88.675350][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 88.681037][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 88.686801][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 88.692754][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 88.698597][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 88.704477][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5109 attached , child_tidptr=0x555557a32750) = 5109 [pid 5109] set_robust_list(0x555557a32760, 24) = 0 [pid 5109] chdir("./10") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 88.710177][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 88.723909][ T783] usb 1-1: USB disconnect, device number 11 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5109] write(1, "executing program\n", 18) = 18 [pid 5109] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5109] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5109] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5109] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5109] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5109] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5109] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5109] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5109] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5109] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5109] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5109] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5109] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5109] close(5) = 0 [pid 5109] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5109] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5109] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5109] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 89.338948][ T783] usb 1-1: new high-speed USB device number 12 using dummy_hcd [pid 5109] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5109] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5109] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5109] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5109] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5109] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 89.534367][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 89.543216][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 89.553449][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 89.562518][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5109] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5109] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5109] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 89.589167][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 89.598452][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 89.607166][ T783] usb 1-1: Product: syz [ 89.611419][ T783] usb 1-1: Manufacturer: syz [ 89.655313][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 89.660961][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 89.668332][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 89.674429][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5109] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5109] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5109] exit_group(0) = ? [ 89.856315][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.862126][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.867920][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.873802][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.879492][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 89.885260][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 89.891022][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 89.900963][ T784] usb 1-1: USB disconnect, device number 12 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached , child_tidptr=0x555557a32750) = 5110 [pid 5110] set_robust_list(0x555557a32760, 24) = 0 [pid 5110] chdir("./11") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5110] write(1, "executing program\n", 18) = 18 [pid 5110] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5110] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5110] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5110] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5110] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5110] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5110] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5110] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5110] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5110] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5110] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5110] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5110] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5110] close(5) = 0 [pid 5110] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5110] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5110] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5110] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 90.528911][ T784] usb 1-1: new high-speed USB device number 13 using dummy_hcd [pid 5110] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5110] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5110] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5110] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5110] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5110] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 90.713524][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 90.722428][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 90.732580][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 90.741623][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5110] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5110] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5110] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 90.779471][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 90.788631][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 90.796717][ T784] usb 1-1: Product: syz [ 90.800929][ T784] usb 1-1: Manufacturer: syz [ 90.826821][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 90.832228][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 90.839092][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 90.845064][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5110] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 91.037581][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.043312][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 91.049038][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.054892][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.060814][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.066671][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.072329][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 91.078074][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5110] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 91.083758][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 91.089510][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.095363][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.101044][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 91.106856][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.112743][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.118579][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.124400][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.130258][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.136121][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.141835][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 91.147556][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.153230][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 91.159038][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.164724][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 91.170547][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.176268][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 91.182006][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5110] exit_group(0) = ? [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5111 ./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x555557a32760, 24) = 0 [pid 5111] chdir("./12") = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5111] write(1, "executing program\n", 18) = 18 [pid 5111] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5111] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5111] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 91.187851][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.193544][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 91.199275][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 91.204966][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 91.214630][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 91.216629][ T784] usb 1-1: USB disconnect, device number 13 [pid 5111] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5111] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5111] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5111] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5111] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5111] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5111] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5111] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5111] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5111] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5111] close(5) = 0 [pid 5111] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5111] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5111] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5111] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 91.808999][ T784] usb 1-1: new high-speed USB device number 14 using dummy_hcd [pid 5111] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5111] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5111] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5111] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5111] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5111] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 92.023093][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 92.031820][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 92.041971][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 92.051003][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5111] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5111] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 92.077782][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 92.086930][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 92.095409][ T784] usb 1-1: Product: syz [ 92.099718][ T784] usb 1-1: Manufacturer: syz [ 92.121870][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 92.127117][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 92.133978][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 92.140077][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5111] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5111] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5111] exit_group(0) = ? [ 92.322933][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 92.328648][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 92.334466][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 92.340150][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 92.345905][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 92.351775][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 92.357519][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 92.366988][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5112 ./strace-static-x86_64: Process 5112 attached [pid 5112] set_robust_list(0x555557a32760, 24) = 0 [pid 5112] chdir("./13") = 0 [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5112] setpgid(0, 0) = 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [ 92.367368][ T784] usb 1-1: USB disconnect, device number 14 [pid 5112] close(3) = 0 [pid 5112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5112] write(1, "executing program\n", 18executing program ) = 18 [pid 5112] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5112] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5112] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5112] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5112] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5112] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5112] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5112] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5112] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5112] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5112] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5112] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5112] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5112] close(5) = 0 [pid 5112] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5112] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5112] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5112] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 92.998968][ T783] usb 1-1: new high-speed USB device number 15 using dummy_hcd [pid 5112] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5112] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5112] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5112] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5112] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5112] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 93.194379][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 93.203436][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 93.213595][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 93.222651][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5112] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5112] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5112] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 93.259128][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 93.268277][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 93.276811][ T783] usb 1-1: Product: syz [ 93.281113][ T783] usb 1-1: Manufacturer: syz [ 93.320102][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 93.325346][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 93.332262][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 93.338211][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5112] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5112] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5112] exit_group(0) = ? [pid 5112] +++ exited with 0 +++ [ 93.521077][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 93.526806][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 93.532529][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 93.538205][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 93.543933][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 93.549799][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 93.555506][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 93.565587][ T783] usb 1-1: USB disconnect, device number 15 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5114 attached , child_tidptr=0x555557a32750) = 5114 [pid 5114] set_robust_list(0x555557a32760, 24) = 0 [pid 5114] chdir("./14") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] write(1, "executing program\n", 18executing program ) = 18 [pid 5114] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5114] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5114] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5114] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5114] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5114] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5114] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5114] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5114] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5114] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5114] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5114] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5114] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5114] close(5) = 0 [pid 5114] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5114] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5114] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5114] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 94.168949][ T784] usb 1-1: new high-speed USB device number 16 using dummy_hcd [pid 5114] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5114] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5114] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5114] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5114] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5114] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 94.373528][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 94.382298][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 94.392493][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 94.401523][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5114] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5114] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 94.418449][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 94.427561][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 94.435670][ T784] usb 1-1: Product: syz [ 94.439901][ T784] usb 1-1: Manufacturer: syz [pid 5114] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 94.480610][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 94.485945][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 94.492641][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 94.498577][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5114] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5114] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5114] exit_group(0) = ? [pid 5114] +++ exited with 0 +++ [ 94.691216][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 94.696981][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 94.702733][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 94.708447][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 94.714181][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 94.719870][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 94.725459][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 94.736991][ T783] usb 1-1: USB disconnect, device number 16 rmdir("./14") = 0 mkdir("./15", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached , child_tidptr=0x555557a32750) = 5115 [pid 5115] set_robust_list(0x555557a32760, 24) = 0 [pid 5115] chdir("./15") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] write(1, "executing program\n", 18executing program ) = 18 [pid 5115] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5115] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5115] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5115] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5115] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5115] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5115] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5115] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5115] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5115] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5115] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5115] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5115] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5115] close(5) = 0 [pid 5115] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5115] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5115] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5115] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 95.348950][ T784] usb 1-1: new high-speed USB device number 17 using dummy_hcd [pid 5115] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5115] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5115] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5115] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5115] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5115] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 95.563244][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 95.572142][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 95.582323][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 95.591436][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5115] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5115] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 95.617062][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 95.626213][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 95.634284][ T784] usb 1-1: Product: syz [ 95.638475][ T784] usb 1-1: Manufacturer: syz [ 95.660053][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 95.665595][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 95.672209][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 95.678134][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5115] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5115] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5115] exit_group(0) = ? [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 [ 95.860957][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 95.866772][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 95.872522][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 95.878418][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 95.884109][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 95.889729][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 95.900069][ T783] usb 1-1: USB disconnect, device number 17 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached , child_tidptr=0x555557a32750) = 5116 [pid 5116] set_robust_list(0x555557a32760, 24) = 0 [pid 5116] chdir("./16") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5116] write(1, "executing program\n", 18) = 18 [pid 5116] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5116] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5116] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5116] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5116] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5116] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5116] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5116] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5116] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5116] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5116] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5116] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5116] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5116] close(5) = 0 [pid 5116] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5116] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5116] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5116] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 96.508979][ T783] usb 1-1: new high-speed USB device number 18 using dummy_hcd [pid 5116] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5116] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5116] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5116] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5116] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5116] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 96.703727][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 96.712828][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 96.723371][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 96.732462][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5116] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5116] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 96.749108][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 96.758178][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 96.766344][ T783] usb 1-1: Product: syz [ 96.770603][ T783] usb 1-1: Manufacturer: syz [pid 5116] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 96.795894][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 96.801228][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 96.807815][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 96.813871][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5116] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5116] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5116] exit_group(0) = ? [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5117 ./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x555557a32760, 24) = 0 [pid 5117] chdir("./17") = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [ 97.006889][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 97.012602][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 97.018342][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 97.024301][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 97.030195][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 97.035938][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 97.045403][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 97.048567][ T784] usb 1-1: USB disconnect, device number 18 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5117] write(1, "executing program\n", 18) = 18 [pid 5117] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5117] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5117] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5117] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5117] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5117] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5117] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5117] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5117] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5117] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5117] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5117] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5117] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5117] close(5) = 0 [pid 5117] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5117] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5117] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5117] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 97.658955][ T784] usb 1-1: new high-speed USB device number 19 using dummy_hcd [pid 5117] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5117] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5117] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5117] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5117] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5117] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 97.863467][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 97.872306][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 97.882884][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 97.891974][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5117] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5117] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5117] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 97.936793][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 97.945926][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 97.953965][ T784] usb 1-1: Product: syz [ 97.958147][ T784] usb 1-1: Manufacturer: syz [pid 5117] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 97.990050][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 97.995284][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 98.002353][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 98.008282][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5117] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5117] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5117] exit_group(0) = ? [ 98.201040][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 98.206745][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 98.212482][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 98.218329][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 98.224194][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 98.229875][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 98.235613][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 98.241366][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5118 attached , child_tidptr=0x555557a32750) = 5118 [pid 5118] set_robust_list(0x555557a32760, 24) = 0 [pid 5118] chdir("./18") = 0 [pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5118] setpgid(0, 0) = 0 [pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5118] write(3, "1000", 4) = 4 [ 98.252974][ T784] usb 1-1: USB disconnect, device number 19 [pid 5118] close(3) = 0 [pid 5118] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5118] write(1, "executing program\n", 18) = 18 [pid 5118] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5118] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5118] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5118] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5118] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5118] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5118] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5118] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5118] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5118] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5118] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5118] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5118] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5118] close(5) = 0 [pid 5118] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5118] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5118] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5118] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 98.868976][ T784] usb 1-1: new high-speed USB device number 20 using dummy_hcd [pid 5118] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5118] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5118] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5118] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5118] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5118] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 99.123188][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 99.131908][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 99.142059][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 99.151289][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5118] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5118] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 99.200760][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 99.209894][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 99.217887][ T784] usb 1-1: Product: syz [ 99.222105][ T784] usb 1-1: Manufacturer: syz [ 99.244483][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 99.249768][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 99.256064][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 99.262098][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5118] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5118] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5118] exit_group(0) = ? [ 99.454697][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 99.460521][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 99.466259][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 99.472018][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 99.477777][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 99.483470][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 99.489222][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 99.495091][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 [ 99.500934][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 99.507001][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 99.517967][ T783] usb 1-1: USB disconnect, device number 20 mkdir("./19", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5119 attached , child_tidptr=0x555557a32750) = 5119 [pid 5119] set_robust_list(0x555557a32760, 24) = 0 [pid 5119] chdir("./19") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] write(1, "executing program\n", 18executing program ) = 18 [pid 5119] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5119] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5119] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5119] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5119] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5119] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5119] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5119] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5119] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5119] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5119] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5119] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5119] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5119] close(5) = 0 [pid 5119] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5119] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5119] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5119] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 100.118941][ T784] usb 1-1: new high-speed USB device number 21 using dummy_hcd [pid 5119] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5119] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5119] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5119] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5119] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5119] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 100.323767][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 100.332517][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 100.342663][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 100.351699][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5119] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5119] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5119] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 100.377134][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 100.386555][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 100.394664][ T784] usb 1-1: Product: syz [ 100.398943][ T784] usb 1-1: Manufacturer: syz [ 100.431152][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 100.436491][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 100.443483][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 100.449460][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5119] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5119] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5119] exit_group(0) = ? [ 100.632120][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 100.637929][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 100.643827][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 100.649671][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 100.655360][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 100.661135][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 100.666819][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 100.672402][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5120 attached , child_tidptr=0x555557a32750) = 5120 [pid 5120] set_robust_list(0x555557a32760, 24) = 0 [pid 5120] chdir("./20") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 100.684699][ T783] usb 1-1: USB disconnect, device number 21 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5120] write(1, "executing program\n", 18) = 18 [pid 5120] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5120] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5120] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5120] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5120] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5120] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5120] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5120] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5120] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5120] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5120] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5120] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5120] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5120] close(5) = 0 [pid 5120] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5120] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5120] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5120] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 101.318943][ T784] usb 1-1: new high-speed USB device number 22 using dummy_hcd [pid 5120] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5120] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5120] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5120] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5120] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5120] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 101.532963][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 101.541677][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 101.551837][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 101.560866][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5120] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5120] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 101.576577][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 101.585822][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 101.593916][ T784] usb 1-1: Product: syz [ 101.598102][ T784] usb 1-1: Manufacturer: syz [ 101.631705][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 101.637150][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 101.644244][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 101.650227][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5120] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5120] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5120] exit_group(0) = ? [ 101.842043][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 101.847952][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 101.853703][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 101.859366][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 101.865095][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 101.870788][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 101.876559][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 101.882250][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 101.887871][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 101.897654][ T784] usb 1-1: USB disconnect, device number 22 unlink("./20/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5121 attached , child_tidptr=0x555557a32750) = 5121 [pid 5121] set_robust_list(0x555557a32760, 24) = 0 [pid 5121] chdir("./21") = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5121] setpgid(0, 0) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5121] write(3, "1000", 4) = 4 [pid 5121] close(3) = 0 [pid 5121] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5121] write(1, "executing program\n", 18) = 18 [pid 5121] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5121] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5121] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5121] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5121] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5121] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5121] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5121] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5121] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5121] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5121] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5121] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5121] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5121] close(5) = 0 [pid 5121] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5121] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5121] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5121] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 102.519040][ T783] usb 1-1: new high-speed USB device number 23 using dummy_hcd [pid 5121] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5121] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5121] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5121] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5121] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5121] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 102.725599][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 102.734372][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 102.744934][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 102.754104][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5121] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5121] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 102.780052][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 102.789353][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 102.797396][ T783] usb 1-1: Product: syz [ 102.801677][ T783] usb 1-1: Manufacturer: syz [pid 5121] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 102.826284][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 102.831733][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 102.838343][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 102.844379][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5121] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5121] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5121] exit_group(0) = ? [ 103.036701][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 103.042450][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 103.048219][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 103.054149][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 103.060033][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 103.065733][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 103.071520][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 103.077246][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached , child_tidptr=0x555557a32750) = 5122 [pid 5122] set_robust_list(0x555557a32760, 24) = 0 [pid 5122] chdir("./22") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5122] write(1, "executing program\n", 18) = 18 [pid 5122] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5122] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5122] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5122] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5122] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [ 103.088577][ T784] usb 1-1: USB disconnect, device number 23 [pid 5122] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5122] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5122] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5122] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5122] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5122] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5122] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5122] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5122] close(5) = 0 [pid 5122] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5122] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5122] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5122] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 103.649773][ T784] usb 1-1: new high-speed USB device number 24 using dummy_hcd [pid 5122] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5122] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5122] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5122] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5122] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5122] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 103.863011][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 103.871823][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 103.882002][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 103.891027][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5122] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5122] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5122] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 103.920502][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 103.929917][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 103.937998][ T784] usb 1-1: Product: syz [ 103.942540][ T784] usb 1-1: Manufacturer: syz [ 103.967815][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 103.973193][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 103.979961][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 103.985898][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5122] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5122] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5122] exit_group(0) = ? [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5123 attached , child_tidptr=0x555557a32750) = 5123 [pid 5123] set_robust_list(0x555557a32760, 24) = 0 [ 104.168458][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 104.174202][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 104.179973][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 104.185680][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 104.191432][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 104.197160][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 104.208724][ T783] usb 1-1: USB disconnect, device number 24 [pid 5123] chdir("./23") = 0 [pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5123] setpgid(0, 0) = 0 [pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5123] write(3, "1000", 4) = 4 [pid 5123] close(3) = 0 [pid 5123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5123] write(1, "executing program\n", 18executing program ) = 18 [pid 5123] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5123] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5123] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5123] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5123] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5123] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5123] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5123] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5123] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5123] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5123] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5123] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5123] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5123] close(5) = 0 [pid 5123] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5123] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5123] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5123] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 104.798964][ T784] usb 1-1: new high-speed USB device number 25 using dummy_hcd [pid 5123] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5123] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5123] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5123] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5123] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5123] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 104.993214][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 105.001971][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 105.012123][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 105.021179][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5123] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5123] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 105.037994][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 105.047306][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 105.055372][ T784] usb 1-1: Product: syz [ 105.059583][ T784] usb 1-1: Manufacturer: syz [ 105.080654][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 105.085974][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 105.092775][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 105.098707][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5123] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5123] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 105.291095][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 105.296827][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 105.302575][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 105.308270][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 105.313990][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 105.319686][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 105.325440][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 105.331351][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5123] exit_group(0) = ? [pid 5123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 105.337311][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 105.343128][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 105.348971][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 105.354673][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 105.363942][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [ 105.369040][ T783] usb 1-1: USB disconnect, device number 25 newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5124 attached , child_tidptr=0x555557a32750) = 5124 [pid 5124] set_robust_list(0x555557a32760, 24) = 0 [pid 5124] chdir("./24") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5124] write(1, "executing program\n", 18) = 18 [pid 5124] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5124] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5124] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5124] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5124] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5124] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5124] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5124] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5124] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5124] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5124] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5124] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5124] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5124] close(5) = 0 [pid 5124] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5124] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5124] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5124] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 106.008965][ T783] usb 1-1: new high-speed USB device number 26 using dummy_hcd [pid 5124] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5124] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5124] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5124] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5124] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5124] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 106.224219][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 106.233197][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 106.243493][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 106.252536][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5124] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5124] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 106.297121][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 106.306711][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 106.314772][ T783] usb 1-1: Product: syz [ 106.319011][ T783] usb 1-1: Manufacturer: syz [ 106.342641][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 106.347890][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 106.354785][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 106.360791][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5124] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5124] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5124] exit_group(0) = ? [pid 5124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 106.544817][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 106.550563][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 106.556283][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 106.561973][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 106.567727][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 106.573646][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 106.579368][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 106.589778][ T783] usb 1-1: USB disconnect, device number 26 unlink("./24/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5125 attached , child_tidptr=0x555557a32750) = 5125 [pid 5125] set_robust_list(0x555557a32760, 24) = 0 [pid 5125] chdir("./25") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5125] write(1, "executing program\n", 18) = 18 [pid 5125] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5125] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5125] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5125] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5125] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5125] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5125] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5125] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5125] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5125] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5125] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5125] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5125] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5125] close(5) = 0 [pid 5125] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5125] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5125] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5125] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 107.208969][ T783] usb 1-1: new high-speed USB device number 27 using dummy_hcd [pid 5125] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5125] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5125] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5125] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5125] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5125] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 107.394111][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 107.403247][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 107.413454][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 107.422523][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5125] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5125] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 107.439829][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 107.449509][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 107.457513][ T783] usb 1-1: Product: syz [ 107.461767][ T783] usb 1-1: Manufacturer: syz [ 107.484440][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 107.489736][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 107.496209][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 107.502219][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5125] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5125] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5125] exit_group(0) = ? [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5126 attached , child_tidptr=0x555557a32750) = 5126 [pid 5126] set_robust_list(0x555557a32760, 24) = 0 [pid 5126] chdir("./26") = 0 [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5126] setpgid(0, 0) = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5126] write(3, "1000", 4) = 4 [pid 5126] close(3) = 0 [ 107.684783][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 107.690507][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 107.696340][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 107.702059][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 107.711031][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [ 107.716526][ T783] usb 1-1: USB disconnect, device number 27 [pid 5126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5126] write(1, "executing program\n", 18executing program ) = 18 [pid 5126] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5126] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5126] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5126] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5126] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5126] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5126] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5126] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5126] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5126] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5126] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5126] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5126] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5126] close(5) = 0 [pid 5126] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5126] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5126] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5126] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 108.308976][ T783] usb 1-1: new high-speed USB device number 28 using dummy_hcd [pid 5126] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5126] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5126] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5126] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5126] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5126] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 108.523559][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 108.532706][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 108.543095][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 108.552267][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5126] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5126] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 108.570027][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 108.579498][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 108.587491][ T783] usb 1-1: Product: syz [ 108.591733][ T783] usb 1-1: Manufacturer: syz [ 108.624178][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 108.629621][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 108.636089][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 108.642113][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5126] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 108.825356][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 108.831118][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 108.836894][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 108.842773][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 108.848625][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 108.854500][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 108.860416][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 108.866300][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5126] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5126] exit_group(0) = ? [ 108.872180][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 108.878056][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 108.883898][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 108.889586][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 108.895415][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 108.901300][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 108.907155][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 108.912847][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 108.918599][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5127 attached , child_tidptr=0x555557a32750) = 5127 [pid 5127] set_robust_list(0x555557a32760, 24) = 0 [pid 5127] chdir("./27") = 0 [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5127] setpgid(0, 0) = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5127] write(3, "1000", 4) = 4 [pid 5127] close(3) = 0 [pid 5127] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5127] write(1, "executing program\n", 18) = 18 [pid 5127] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5127] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5127] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5127] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [ 108.924284][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 108.929907][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 108.939455][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 108.945036][ T784] usb 1-1: USB disconnect, device number 28 [pid 5127] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5127] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5127] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5127] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5127] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5127] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5127] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5127] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5127] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5127] close(5) = 0 [pid 5127] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5127] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5127] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5127] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 109.508984][ T784] usb 1-1: new high-speed USB device number 29 using dummy_hcd [pid 5127] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5127] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5127] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5127] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5127] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5127] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 109.703509][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 109.712248][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 109.722704][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 109.731795][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5127] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5127] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 109.756941][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 109.766066][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 109.774228][ T784] usb 1-1: Product: syz [ 109.778416][ T784] usb 1-1: Manufacturer: syz [ 109.812685][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 109.817940][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 109.824798][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 109.830772][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5127] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5127] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5127] exit_group(0) = ? [pid 5127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5128 attached , child_tidptr=0x555557a32750) = 5128 [ 110.014005][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 110.019727][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 110.025444][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 110.031134][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 110.036875][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 110.042591][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 110.052101][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 110.053639][ T784] usb 1-1: USB disconnect, device number 29 [pid 5128] set_robust_list(0x555557a32760, 24) = 0 [pid 5128] chdir("./28") = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] write(1, "executing program\n", 18executing program ) = 18 [pid 5128] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5128] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5128] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5128] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5128] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5128] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5128] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5128] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5128] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5128] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5128] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5128] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5128] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5128] close(5) = 0 [pid 5128] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5128] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5128] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5128] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 110.668966][ T784] usb 1-1: new high-speed USB device number 30 using dummy_hcd [pid 5128] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5128] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5128] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5128] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5128] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5128] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 110.873995][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 110.882726][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 110.892865][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 110.901949][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5128] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5128] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5128] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 110.957548][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 110.966731][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 110.974791][ T784] usb 1-1: Product: syz [ 110.979019][ T784] usb 1-1: Manufacturer: syz [ 111.012472][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 111.017709][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 111.024219][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 111.030204][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5128] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 111.213828][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 111.219578][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 111.225353][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 111.231339][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 111.237294][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 111.243150][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 111.248989][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 111.254835][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5128] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5128] exit_group(0) = ? [ 111.260684][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 111.266516][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 111.272410][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 111.278075][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 111.283821][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 111.289791][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 111.295666][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 111.301646][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 111.311694][ T784] usb 1-1: USB disconnect, device number 30 [ 111.312262][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5131 attached , child_tidptr=0x555557a32750) = 5131 [pid 5131] set_robust_list(0x555557a32760, 24) = 0 [pid 5131] chdir("./29") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] write(1, "executing program\n", 18executing program ) = 18 [pid 5131] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5131] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5131] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5131] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5131] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5131] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5131] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5131] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5131] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5131] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5131] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5131] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5131] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5131] close(5) = 0 [pid 5131] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5131] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5131] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5131] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 111.958996][ T783] usb 1-1: new high-speed USB device number 31 using dummy_hcd [pid 5131] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5131] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5131] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5131] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5131] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5131] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 112.164447][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 112.173512][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 112.183662][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 112.192714][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5131] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5131] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 112.239384][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 112.248771][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 112.257100][ T783] usb 1-1: Product: syz [ 112.261337][ T783] usb 1-1: Manufacturer: syz [ 112.275025][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 112.280408][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 112.286934][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 112.293007][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5131] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5131] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 112.474999][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 112.480775][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 112.486517][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 112.492404][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 112.498290][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 112.504039][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 112.513592][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [pid 5131] exit_group(0) = ? [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5135 ./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x555557a32760, 24) = 0 [pid 5135] chdir("./30") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [ 112.520958][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE [ 112.523971][ T784] usb 1-1: USB disconnect, device number 31 [pid 5135] write(1, "executing program\n", 18executing program ) = 18 [pid 5135] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5135] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5135] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5135] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5135] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5135] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5135] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5135] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5135] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5135] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5135] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5135] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5135] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5135] close(5) = 0 [pid 5135] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5135] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5135] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5135] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 113.138987][ T784] usb 1-1: new high-speed USB device number 32 using dummy_hcd [pid 5135] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5135] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5135] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5135] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5135] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5135] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 113.343535][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 113.352260][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 113.362401][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 113.371466][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5135] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5135] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 113.397517][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 113.406709][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 113.414750][ T784] usb 1-1: Product: syz [ 113.419000][ T784] usb 1-1: Manufacturer: syz [ 113.452585][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 113.457843][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 113.464487][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 113.470462][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5135] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 113.661443][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 113.667192][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 113.672921][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 113.678776][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 113.684463][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 113.690203][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 113.695885][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 113.701608][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5135] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5135] exit_group(0) = ? [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 113.707442][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 113.713259][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 113.719106][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 113.724812][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 113.730577][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 113.736293][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 113.746044][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [ 113.746138][ T783] usb 1-1: USB disconnect, device number 32 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached , child_tidptr=0x555557a32750) = 5137 [pid 5137] set_robust_list(0x555557a32760, 24) = 0 [pid 5137] chdir("./31") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5137] write(1, "executing program\n", 18) = 18 [pid 5137] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5137] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5137] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5137] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5137] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5137] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5137] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5137] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5137] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5137] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5137] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5137] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5137] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5137] close(5) = 0 [pid 5137] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5137] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5137] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5137] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 114.368962][ T784] usb 1-1: new high-speed USB device number 33 using dummy_hcd [pid 5137] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5137] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5137] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5137] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5137] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5137] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 114.594221][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 114.602989][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 114.613131][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 114.622205][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5137] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5137] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 114.647585][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 114.656809][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 114.664841][ T784] usb 1-1: Product: syz [ 114.669087][ T784] usb 1-1: Manufacturer: syz [ 114.711125][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 114.716384][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 114.723165][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 114.729158][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5137] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5137] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 114.910713][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 114.916441][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 114.922172][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 114.927860][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 114.933604][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 114.939290][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 114.945009][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 114.950694][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5137] exit_group(0) = ? [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5138 ./strace-static-x86_64: Process 5138 attached [pid 5138] set_robust_list(0x555557a32760, 24) = 0 [pid 5138] chdir("./32") = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5138] setpgid(0, 0) = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5138] write(3, "1000", 4) = 4 [pid 5138] close(3) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] write(1, "executing program\n", 18executing program ) = 18 [pid 5138] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5138] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5138] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 114.956422][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 114.962337][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 114.968123][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 114.973736][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 114.990050][ T783] usb 1-1: USB disconnect, device number 33 [pid 5138] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5138] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5138] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5138] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5138] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5138] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5138] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5138] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5138] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5138] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5138] close(5) = 0 [pid 5138] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5138] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5138] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5138] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 115.548987][ T784] usb 1-1: new high-speed USB device number 34 using dummy_hcd [pid 5138] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5138] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5138] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5138] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5138] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5138] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 115.765023][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 115.773784][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 115.783946][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 115.792988][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5138] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5138] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 115.819797][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 115.828977][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 115.836985][ T784] usb 1-1: Product: syz [ 115.841235][ T784] usb 1-1: Manufacturer: syz [pid 5138] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 115.871876][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 115.877107][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 115.884630][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 115.890632][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5138] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5138] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5138] exit_group(0) = ? [ 116.082277][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 116.088021][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 116.093781][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 116.099619][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 116.105311][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 116.111146][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 116.116840][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 116.122593][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 116.128263][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 116.133865][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 116.143501][ T784] usb 1-1: USB disconnect, device number 34 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5139 attached , child_tidptr=0x555557a32750) = 5139 [pid 5139] set_robust_list(0x555557a32760, 24) = 0 [pid 5139] chdir("./33") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5139] write(1, "executing program\n", 18) = 18 [pid 5139] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5139] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5139] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5139] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5139] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5139] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5139] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5139] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5139] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5139] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5139] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5139] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5139] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5139] close(5) = 0 [pid 5139] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5139] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5139] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5139] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 116.818951][ T784] usb 1-1: new high-speed USB device number 35 using dummy_hcd [pid 5139] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5139] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5139] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5139] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5139] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5139] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 117.043395][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 117.052211][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 117.062369][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 117.071402][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5139] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5139] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 117.096946][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 117.106065][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 117.114127][ T784] usb 1-1: Product: syz [ 117.118397][ T784] usb 1-1: Manufacturer: syz [ 117.152069][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 117.157341][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 117.164039][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 117.170038][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5139] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5139] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 117.353979][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 117.359725][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 117.365481][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 117.371148][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 117.377148][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 117.382843][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 117.388600][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 117.394294][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5139] exit_group(0) = ? [pid 5139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 117.400043][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 117.405883][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 117.411749][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 117.418214][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 117.423917][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 117.433741][ T784] usb 1-1: USB disconnect, device number 35 newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5140 attached , child_tidptr=0x555557a32750) = 5140 [pid 5140] set_robust_list(0x555557a32760, 24) = 0 [pid 5140] chdir("./34") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5140] write(1, "executing program\n", 18) = 18 [pid 5140] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5140] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5140] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5140] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5140] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5140] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5140] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5140] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5140] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5140] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5140] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5140] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5140] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5140] close(5) = 0 [pid 5140] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5140] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5140] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5140] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 118.088968][ T784] usb 1-1: new high-speed USB device number 36 using dummy_hcd [pid 5140] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5140] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5140] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5140] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5140] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5140] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 118.303262][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 118.311974][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 118.322228][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 118.331372][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5140] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5140] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5140] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 118.366543][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 118.375689][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 118.383765][ T784] usb 1-1: Product: syz [ 118.387941][ T784] usb 1-1: Manufacturer: syz [pid 5140] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 118.422339][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 118.427568][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 118.434577][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 118.440555][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5140] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5140] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5140] exit_group(0) = ? [ 118.632762][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 118.638503][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 118.644271][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 118.650120][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 118.655812][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 118.661581][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 118.667433][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 118.673104][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5141 ./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x555557a32760, 24) = 0 [pid 5141] chdir("./35") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [ 118.678696][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 118.689870][ T783] usb 1-1: USB disconnect, device number 36 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5141] write(1, "executing program\n", 18) = 18 [pid 5141] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5141] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5141] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5141] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5141] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5141] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5141] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5141] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5141] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5141] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5141] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5141] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5141] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5141] close(5) = 0 [pid 5141] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5141] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5141] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5141] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 119.288957][ T784] usb 1-1: new high-speed USB device number 37 using dummy_hcd [pid 5141] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5141] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5141] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5141] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5141] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5141] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 119.503573][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 119.512359][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 119.522500][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 119.531535][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5141] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5141] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 119.549729][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 119.558881][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 119.566884][ T784] usb 1-1: Product: syz [ 119.571114][ T784] usb 1-1: Manufacturer: syz [ 119.601837][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 119.607169][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 119.613961][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 119.619962][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5141] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5141] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5141] exit_group(0) = ? [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 119.812540][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 119.818292][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 119.824038][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 119.829717][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 119.835430][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 119.841112][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 119.846690][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 [ 119.858039][ T784] usb 1-1: USB disconnect, device number 37 mkdir("./36", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5142 attached , child_tidptr=0x555557a32750) = 5142 [pid 5142] set_robust_list(0x555557a32760, 24) = 0 [pid 5142] chdir("./36") = 0 [pid 5142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5142] setpgid(0, 0) = 0 [pid 5142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5142] write(3, "1000", 4) = 4 [pid 5142] close(3) = 0 [pid 5142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5142] write(1, "executing program\n", 18executing program ) = 18 [pid 5142] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5142] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5142] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5142] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5142] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5142] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5142] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5142] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5142] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5142] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5142] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5142] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5142] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5142] close(5) = 0 [pid 5142] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5142] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5142] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5142] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 120.488908][ T784] usb 1-1: new high-speed USB device number 38 using dummy_hcd [pid 5142] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5142] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5142] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5142] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5142] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5142] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 120.703346][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 120.712136][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 120.722314][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 120.731330][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5142] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5142] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 120.757256][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 120.766392][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 120.774463][ T784] usb 1-1: Product: syz [ 120.778666][ T784] usb 1-1: Manufacturer: syz [ 120.821349][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 120.826577][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 120.833167][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 120.839122][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5142] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5142] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5142] exit_group(0) = ? [ 121.022389][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 121.028117][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 121.033897][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 121.039780][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 121.045464][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 121.051200][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 121.056857][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 121.062615][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5142] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5142, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached , child_tidptr=0x555557a32750) = 5143 [pid 5143] set_robust_list(0x555557a32760, 24) = 0 [pid 5143] chdir("./37") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] write(1, "executing program\n", 18executing program ) = 18 [pid 5143] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5143] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5143] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 121.068330][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 121.077821][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 121.079433][ T784] usb 1-1: USB disconnect, device number 38 [pid 5143] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5143] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5143] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5143] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5143] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5143] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5143] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5143] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5143] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5143] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5143] close(5) = 0 [pid 5143] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5143] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5143] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5143] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 121.658950][ T784] usb 1-1: new high-speed USB device number 39 using dummy_hcd [pid 5143] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5143] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5143] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5143] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5143] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5143] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 121.863405][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 121.872123][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 121.882320][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 121.891344][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5143] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5143] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 121.917885][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 121.927109][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 121.935263][ T784] usb 1-1: Product: syz [ 121.939574][ T784] usb 1-1: Manufacturer: syz [pid 5143] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 121.968090][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 121.973439][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 121.980084][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 121.986008][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5143] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5143] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 122.178889][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 122.184636][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 122.190422][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 122.196300][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 122.202069][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 122.207831][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 122.213522][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 122.219301][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5143] exit_group(0) = ? [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5144 attached , child_tidptr=0x555557a32750) = 5144 [ 122.225001][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 122.230746][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 122.236441][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 122.242026][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 122.256685][ T784] usb 1-1: USB disconnect, device number 39 [pid 5144] set_robust_list(0x555557a32760, 24) = 0 [pid 5144] chdir("./38") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] write(1, "executing program\n", 18executing program ) = 18 [pid 5144] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5144] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5144] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5144] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5144] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5144] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5144] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5144] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5144] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5144] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5144] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5144] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5144] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5144] close(5) = 0 [pid 5144] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5144] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5144] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5144] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 122.868952][ T784] usb 1-1: new high-speed USB device number 40 using dummy_hcd [pid 5144] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5144] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5144] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5144] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5144] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5144] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 123.064523][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 123.073262][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 123.083473][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 123.092610][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5144] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5144] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5144] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 123.127911][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 123.137140][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 123.145240][ T784] usb 1-1: Product: syz [ 123.149562][ T784] usb 1-1: Manufacturer: syz [ 123.165376][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 123.170722][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 123.177153][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 123.183277][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5144] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5144] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5144] exit_group(0) = ? [ 123.365380][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 123.371119][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 123.376980][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 123.382674][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 123.388429][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 123.394169][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 123.399939][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 123.405622][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 [ 123.411295][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 123.420979][ T784] usb 1-1: USB disconnect, device number 40 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5145 ./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x555557a32760, 24) = 0 [pid 5145] chdir("./39") = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5145] write(1, "executing program\n", 18executing program ) = 18 [pid 5145] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5145] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5145] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5145] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5145] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5145] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5145] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5145] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5145] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5145] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5145] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5145] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5145] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5145] close(5) = 0 [pid 5145] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5145] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5145] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5145] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 124.068907][ T784] usb 1-1: new high-speed USB device number 41 using dummy_hcd [pid 5145] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5145] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5145] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5145] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5145] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5145] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 124.263211][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 124.271944][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 124.282399][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 124.291488][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5145] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5145] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 124.316593][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 124.325757][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 124.333842][ T784] usb 1-1: Product: syz [ 124.338023][ T784] usb 1-1: Manufacturer: syz [ 124.369404][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 124.374653][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 124.381179][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 124.387190][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5145] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5145] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 124.569876][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 124.575615][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 124.581354][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 124.587045][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 124.592765][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 124.598441][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 124.604314][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 124.609994][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5145] exit_group(0) = ? [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 124.615717][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 124.621602][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 124.627300][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 124.633016][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 124.643908][ T784] usb 1-1: USB disconnect, device number 41 rmdir("./39") = 0 mkdir("./40", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5146 attached , child_tidptr=0x555557a32750) = 5146 [pid 5146] set_robust_list(0x555557a32760, 24) = 0 [pid 5146] chdir("./40") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5146] write(1, "executing program\n", 18) = 18 [pid 5146] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5146] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5146] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5146] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5146] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5146] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5146] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5146] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5146] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5146] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5146] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5146] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5146] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5146] close(5) = 0 [pid 5146] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5146] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5146] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5146] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 125.288921][ T783] usb 1-1: new high-speed USB device number 42 using dummy_hcd [pid 5146] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5146] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5146] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5146] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5146] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5146] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 125.483835][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 125.492920][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 125.503050][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 125.512082][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5146] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5146] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 125.536312][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 125.545719][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 125.553794][ T783] usb 1-1: Product: syz [ 125.557984][ T783] usb 1-1: Manufacturer: syz [pid 5146] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 125.587157][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 125.592504][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 125.599434][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 125.605401][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5146] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5146] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5146] exit_group(0) = ? [pid 5146] +++ exited with 0 +++ [ 125.797435][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 125.803170][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 125.808934][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 125.814787][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 125.820492][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 125.826281][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 125.832018][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 [ 125.844170][ T784] usb 1-1: USB disconnect, device number 42 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5147 attached , child_tidptr=0x555557a32750) = 5147 [pid 5147] set_robust_list(0x555557a32760, 24) = 0 [pid 5147] chdir("./41") = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3) = 0 [pid 5147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5147] write(1, "executing program\n", 18executing program ) = 18 [pid 5147] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5147] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5147] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5147] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5147] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5147] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5147] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5147] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5147] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5147] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5147] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5147] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5147] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5147] close(5) = 0 [pid 5147] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5147] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5147] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5147] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 126.499033][ T783] usb 1-1: new high-speed USB device number 43 using dummy_hcd [pid 5147] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5147] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5147] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5147] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5147] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5147] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 126.694170][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 126.703192][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 126.713341][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 126.722384][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5147] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5147] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 126.738717][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 126.748469][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 126.756560][ T783] usb 1-1: Product: syz [ 126.760782][ T783] usb 1-1: Manufacturer: syz [ 126.796451][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 126.801748][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 126.808260][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 126.814278][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5147] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5147] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5147] exit_group(0) = ? [pid 5147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5148 attached , child_tidptr=0x555557a32750) = 5148 [pid 5148] set_robust_list(0x555557a32760, 24) = 0 [pid 5148] chdir("./42") = 0 [pid 5148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 126.997043][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 127.002839][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 127.008570][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 127.014404][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 127.020252][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 127.025955][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 127.035211][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 127.040465][ T784] usb 1-1: USB disconnect, device number 43 [pid 5148] setpgid(0, 0) = 0 [pid 5148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5148] write(3, "1000", 4) = 4 [pid 5148] close(3) = 0 [pid 5148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5148] write(1, "executing program\n", 18executing program ) = 18 [pid 5148] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5148] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5148] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5148] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5148] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5148] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5148] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5148] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5148] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5148] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5148] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5148] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5148] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5148] close(5) = 0 [pid 5148] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5148] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5148] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5148] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 127.698933][ T784] usb 1-1: new high-speed USB device number 44 using dummy_hcd [pid 5148] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5148] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5148] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5148] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5148] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5148] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 127.903711][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 127.912507][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 127.922962][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 127.932018][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5148] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5148] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 127.956912][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 127.966074][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 127.974123][ T784] usb 1-1: Product: syz [ 127.978299][ T784] usb 1-1: Manufacturer: syz [ 128.013140][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 128.018389][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 128.025081][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 128.031053][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5148] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5148] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5148] exit_group(0) = ? [pid 5148] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5148, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 128.223687][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 128.229391][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 128.235135][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 128.240992][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 128.246663][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 128.252498][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 128.258204][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 128.267666][ T784] usb 1-1: USB disconnect, device number 44 rmdir("./42") = 0 mkdir("./43", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached , child_tidptr=0x555557a32750) = 5149 [pid 5149] set_robust_list(0x555557a32760, 24) = 0 [pid 5149] chdir("./43") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] write(1, "executing program\n", 18executing program ) = 18 [pid 5149] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5149] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5149] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5149] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5149] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5149] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5149] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5149] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5149] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5149] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5149] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5149] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5149] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5149] close(5) = 0 [pid 5149] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5149] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5149] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5149] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 128.908926][ T784] usb 1-1: new high-speed USB device number 45 using dummy_hcd [pid 5149] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5149] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5149] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5149] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5149] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5149] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 129.113909][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 129.122868][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 129.133063][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 129.142111][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5149] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5149] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5149] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 129.167344][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 129.176466][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 129.184532][ T784] usb 1-1: Product: syz [ 129.188717][ T784] usb 1-1: Manufacturer: syz [ 129.220268][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 129.225620][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 129.232241][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 129.238169][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5149] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5149] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5149] exit_group(0) = ? [ 129.420701][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 129.426450][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 129.432206][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 129.437884][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 129.443677][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 129.449351][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 129.455117][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 129.460981][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 129.466808][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 129.472502][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 129.486525][ T784] usb 1-1: USB disconnect, device number 45 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5150 ./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x555557a32760, 24) = 0 [pid 5150] chdir("./44") = 0 [pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5150] setpgid(0, 0) = 0 [pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5150] write(3, "1000", 4) = 4 [pid 5150] close(3) = 0 [pid 5150] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5150] write(1, "executing program\n", 18) = 18 [pid 5150] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5150] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5150] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5150] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5150] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5150] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5150] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5150] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5150] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5150] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5150] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5150] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5150] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5150] close(5) = 0 [pid 5150] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5150] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5150] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5150] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 130.128959][ T784] usb 1-1: new high-speed USB device number 46 using dummy_hcd [pid 5150] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5150] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5150] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5150] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5150] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5150] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 130.342867][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 130.351592][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 130.362085][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 130.371139][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5150] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5150] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 130.386350][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 130.395506][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 130.403549][ T784] usb 1-1: Product: syz [ 130.407710][ T784] usb 1-1: Manufacturer: syz [ 130.449212][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 130.454465][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 130.461124][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 130.467052][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5150] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5150] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5150] exit_group(0) = ? [pid 5150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5150, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 130.660354][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 130.666074][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 130.671787][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 130.677462][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 130.683216][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 130.688923][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 130.694532][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 130.704356][ T784] usb 1-1: USB disconnect, device number 46 unlink("./44/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5151 attached , child_tidptr=0x555557a32750) = 5151 [pid 5151] set_robust_list(0x555557a32760, 24) = 0 [pid 5151] chdir("./45") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5151] write(1, "executing program\n", 18) = 18 [pid 5151] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5151] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5151] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5151] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5151] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5151] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5151] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5151] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5151] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5151] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5151] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5151] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5151] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5151] close(5) = 0 [pid 5151] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5151] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5151] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5151] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 131.338905][ T784] usb 1-1: new high-speed USB device number 47 using dummy_hcd [pid 5151] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5151] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5151] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5151] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5151] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5151] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 131.533121][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 131.541862][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 131.552410][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 131.561461][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5151] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5151] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 131.588157][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 131.597703][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 131.605775][ T784] usb 1-1: Product: syz [ 131.610020][ T784] usb 1-1: Manufacturer: syz [ 131.645719][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 131.651177][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 131.657530][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 131.663505][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5151] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5151] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5151] exit_group(0) = ? [ 131.846697][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 131.852510][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 131.858241][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 131.864087][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 131.869938][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 131.875781][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 131.881480][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 131.891136][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5152 attached , child_tidptr=0x555557a32750) = 5152 [pid 5152] set_robust_list(0x555557a32760, 24) = 0 [pid 5152] chdir("./46") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] write(1, "executing program\n", 18executing program ) = 18 [pid 5152] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [ 131.894313][ T784] usb 1-1: USB disconnect, device number 47 [pid 5152] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5152] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5152] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5152] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5152] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5152] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5152] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5152] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5152] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5152] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5152] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5152] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5152] close(5) = 0 [pid 5152] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5152] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5152] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5152] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 132.498910][ T784] usb 1-1: new high-speed USB device number 48 using dummy_hcd [pid 5152] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5152] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5152] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5152] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5152] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5152] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 132.682847][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 132.691644][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 132.701807][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 132.710864][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5152] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5152] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 132.746301][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 132.755443][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 132.763576][ T784] usb 1-1: Product: syz [ 132.767750][ T784] usb 1-1: Manufacturer: syz [ 132.809426][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 132.814682][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 132.821242][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 132.827192][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5152] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5152] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5152] exit_group(0) = ? [ 133.020974][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 133.026695][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 133.032438][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 133.038116][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 133.043897][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 133.049601][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 133.055348][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 133.061035][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 133.066812][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 133.072503][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 133.078081][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 133.087857][ T784] usb 1-1: USB disconnect, device number 48 rmdir("./46") = 0 mkdir("./47", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5153 attached , child_tidptr=0x555557a32750) = 5153 [pid 5153] set_robust_list(0x555557a32760, 24) = 0 [pid 5153] chdir("./47") = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5153] setpgid(0, 0) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5153] write(1, "executing program\n", 18) = 18 [pid 5153] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5153] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5153] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5153] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5153] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5153] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5153] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5153] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5153] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5153] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5153] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5153] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5153] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5153] close(5) = 0 [pid 5153] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5153] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5153] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5153] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 133.688929][ T784] usb 1-1: new high-speed USB device number 49 using dummy_hcd [pid 5153] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5153] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5153] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5153] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5153] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5153] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 133.913070][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 133.921778][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 133.931992][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 133.941090][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5153] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5153] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 133.956995][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 133.966239][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 133.974321][ T784] usb 1-1: Product: syz [ 133.978509][ T784] usb 1-1: Manufacturer: syz [ 134.019663][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 134.024901][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 134.031419][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 134.037349][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5153] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5153] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 134.220436][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 134.226228][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 134.231970][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 134.237648][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 134.243407][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 134.249098][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 134.254821][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 134.260524][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5153] exit_group(0) = ? [ 134.266262][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 134.271939][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 134.277679][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 134.283382][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 134.289118][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 134.294783][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 134.300397][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 134.309376][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [pid 5153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5154 ./strace-static-x86_64: Process 5154 attached [pid 5154] set_robust_list(0x555557a32760, 24) = 0 [pid 5154] chdir("./48") = 0 [pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5154] setpgid(0, 0) = 0 [pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5154] write(3, "1000", 4) = 4 [pid 5154] close(3) = 0 [pid 5154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5154] write(1, "executing program\n", 18executing program ) = 18 [pid 5154] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5154] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5154] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5154] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5154] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [ 134.316454][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE [ 134.318420][ T783] usb 1-1: USB disconnect, device number 49 [pid 5154] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5154] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5154] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5154] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5154] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5154] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5154] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5154] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5154] close(5) = 0 [pid 5154] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5154] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5154] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5154] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 134.898917][ T783] usb 1-1: new high-speed USB device number 50 using dummy_hcd [pid 5154] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5154] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5154] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5154] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5154] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5154] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 135.113644][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 135.122722][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 135.132891][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 135.141926][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5154] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5154] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5154] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 135.167370][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 135.176557][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 135.184927][ T783] usb 1-1: Product: syz [ 135.189208][ T783] usb 1-1: Manufacturer: syz [ 135.221300][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 135.226607][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 135.233356][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 135.239487][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5154] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5154] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5154] exit_group(0) = ? [pid 5154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5154, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 [ 135.422384][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 135.428103][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 135.433869][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 135.439630][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 135.448944][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 135.450457][ T784] usb 1-1: USB disconnect, device number 50 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5155 attached , child_tidptr=0x555557a32750) = 5155 [pid 5155] set_robust_list(0x555557a32760, 24) = 0 [pid 5155] chdir("./49") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5155] write(1, "executing program\n", 18) = 18 [pid 5155] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5155] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5155] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5155] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5155] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5155] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5155] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5155] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5155] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5155] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5155] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5155] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5155] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5155] close(5) = 0 [pid 5155] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5155] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5155] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5155] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 136.118978][ T783] usb 1-1: new high-speed USB device number 51 using dummy_hcd [pid 5155] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5155] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5155] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5155] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5155] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5155] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 136.333736][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 136.342820][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 136.352972][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 136.362110][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5155] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5155] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 136.398350][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 136.407816][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 136.416193][ T783] usb 1-1: Product: syz [ 136.420426][ T783] usb 1-1: Manufacturer: syz [pid 5155] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 136.460244][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 136.465508][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 136.472345][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 136.478282][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5155] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5155] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 136.670902][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 136.676644][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 136.682418][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 136.688267][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 136.694131][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 136.700000][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 136.705686][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 136.711489][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5155] exit_group(0) = ? [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5156 attached , child_tidptr=0x555557a32750) = 5156 [pid 5156] set_robust_list(0x555557a32760, 24) = 0 [pid 5156] chdir("./50") = 0 [pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 136.717324][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 136.723160][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 136.728911][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 136.738483][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 136.742766][ T784] usb 1-1: USB disconnect, device number 51 [pid 5156] setpgid(0, 0) = 0 [pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5156] write(3, "1000", 4) = 4 [pid 5156] close(3) = 0 [pid 5156] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5156] write(1, "executing program\n", 18) = 18 [pid 5156] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5156] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5156] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5156] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5156] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5156] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5156] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5156] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5156] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5156] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5156] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5156] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5156] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5156] close(5) = 0 [pid 5156] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5156] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5156] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5156] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 137.368935][ T784] usb 1-1: new high-speed USB device number 52 using dummy_hcd [pid 5156] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5156] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5156] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5156] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5156] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5156] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 137.563374][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 137.572137][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 137.582296][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 137.591382][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5156] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5156] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5156] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 137.650889][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 137.660035][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 137.668030][ T784] usb 1-1: Product: syz [ 137.672341][ T784] usb 1-1: Manufacturer: syz [ 137.695398][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 137.700756][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 137.707305][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 137.713310][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5156] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 137.908467][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 137.914317][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 137.920107][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 137.925972][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 137.931814][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 137.937692][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 137.943365][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 137.949122][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5156] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5156] exit_group(0) = ? [pid 5156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5156, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 [ 137.954838][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 137.960463][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 137.970273][ T783] usb 1-1: USB disconnect, device number 52 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5157 attached , child_tidptr=0x555557a32750) = 5157 [pid 5157] set_robust_list(0x555557a32760, 24) = 0 [pid 5157] chdir("./51") = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5157] write(1, "executing program\n", 18executing program ) = 18 [pid 5157] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5157] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5157] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5157] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5157] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5157] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5157] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5157] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5157] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5157] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5157] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5157] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5157] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5157] close(5) = 0 [pid 5157] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5157] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5157] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5157] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 138.658954][ T783] usb 1-1: new high-speed USB device number 53 using dummy_hcd [pid 5157] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5157] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5157] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5157] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5157] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5157] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 138.854641][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 138.864096][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 138.874522][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 138.883636][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5157] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5157] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 138.910787][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 138.920088][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 138.928105][ T783] usb 1-1: Product: syz [ 138.932330][ T783] usb 1-1: Manufacturer: syz [ 138.965766][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 138.971500][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 138.978265][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 138.984282][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5157] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5157] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5157] exit_group(0) = ? [ 139.166601][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 139.172356][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 139.178108][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 139.183979][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 139.189864][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 139.195756][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 139.201573][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5158 ./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x555557a32760, 24) = 0 [pid 5158] chdir("./52") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 139.210835][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [ 139.217936][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE [ 139.229567][ T784] usb 1-1: USB disconnect, device number 53 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] write(1, "executing program\n", 18executing program ) = 18 [pid 5158] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5158] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5158] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5158] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5158] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5158] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5158] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5158] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5158] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5158] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5158] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5158] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5158] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5158] close(5) = 0 [pid 5158] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5158] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5158] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5158] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 139.838959][ T784] usb 1-1: new high-speed USB device number 54 using dummy_hcd [pid 5158] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5158] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5158] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5158] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5158] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5158] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 140.054112][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 140.062851][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 140.073066][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 140.082181][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5158] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5158] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 140.117189][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 140.126429][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 140.134508][ T784] usb 1-1: Product: syz [ 140.138705][ T784] usb 1-1: Manufacturer: syz [ 140.171853][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 140.177137][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 140.183869][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 140.189849][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5158] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5158] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 140.371476][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 140.377271][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 140.383031][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 140.388718][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 140.394453][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 140.400146][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 140.405896][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 140.411668][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5158] exit_group(0) = ? [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 140.417424][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 140.423205][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 140.429008][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 140.439869][ T784] usb 1-1: USB disconnect, device number 54 newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5159 attached , child_tidptr=0x555557a32750) = 5159 [pid 5159] set_robust_list(0x555557a32760, 24) = 0 [pid 5159] chdir("./53") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5159] write(1, "executing program\n", 18) = 18 [pid 5159] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5159] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5159] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5159] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5159] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5159] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5159] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5159] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5159] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5159] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5159] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5159] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5159] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5159] close(5) = 0 [pid 5159] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5159] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5159] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5159] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 141.098930][ T784] usb 1-1: new high-speed USB device number 55 using dummy_hcd [pid 5159] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5159] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5159] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5159] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5159] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5159] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 141.314113][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 141.323018][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 141.333173][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 141.342322][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5159] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5159] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 141.367627][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 141.376862][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 141.384974][ T784] usb 1-1: Product: syz [ 141.389215][ T784] usb 1-1: Manufacturer: syz [ 141.431681][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 141.436922][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 141.443521][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 141.449493][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5159] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5159] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5159] exit_group(0) = ? [ 141.633844][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 141.639561][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 141.645289][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 141.651159][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 141.656846][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 141.662598][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 141.668354][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 141.674031][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 141.688187][ T783] usb 1-1: USB disconnect, device number 55 rmdir("./53") = 0 mkdir("./54", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5160 attached , child_tidptr=0x555557a32750) = 5160 [pid 5160] set_robust_list(0x555557a32760, 24) = 0 [pid 5160] chdir("./54") = 0 [pid 5160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5160] setpgid(0, 0) = 0 [pid 5160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5160] write(3, "1000", 4) = 4 [pid 5160] close(3) = 0 [pid 5160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5160] write(1, "executing program\n", 18executing program ) = 18 [pid 5160] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5160] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5160] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5160] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5160] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5160] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5160] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5160] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5160] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5160] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5160] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5160] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5160] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5160] close(5) = 0 [pid 5160] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5160] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5160] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5160] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 142.328935][ T784] usb 1-1: new high-speed USB device number 56 using dummy_hcd [pid 5160] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5160] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5160] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5160] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5160] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5160] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 142.542964][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 142.551716][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 142.561901][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 142.570927][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5160] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5160] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 142.586464][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 142.595704][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 142.603837][ T784] usb 1-1: Product: syz [ 142.608022][ T784] usb 1-1: Manufacturer: syz [ 142.630977][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 142.636218][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 142.642980][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 142.648985][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5160] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5160] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5160] exit_group(0) = ? [ 142.830993][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 142.836754][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 142.842494][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 142.848255][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 142.853980][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 142.859674][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 142.865416][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 142.871088][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5160] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5160, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 142.876669][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 142.889169][ T784] usb 1-1: USB disconnect, device number 56 rmdir("./54") = 0 mkdir("./55", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5161 attached , child_tidptr=0x555557a32750) = 5161 [pid 5161] set_robust_list(0x555557a32760, 24) = 0 [pid 5161] chdir("./55") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] write(1, "executing program\n", 18executing program ) = 18 [pid 5161] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5161] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5161] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5161] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5161] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5161] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5161] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5161] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5161] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5161] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5161] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5161] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5161] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5161] close(5) = 0 [pid 5161] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5161] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5161] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5161] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 143.518941][ T784] usb 1-1: new high-speed USB device number 57 using dummy_hcd [pid 5161] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5161] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5161] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [ 143.769433][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 143.778072][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 143.808857][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [pid 5161] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5161] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5161] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 143.817875][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5161] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5161] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5161] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 143.866000][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 143.875243][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 143.883454][ T784] usb 1-1: Product: syz [ 143.887639][ T784] usb 1-1: Manufacturer: syz [pid 5161] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 143.912843][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 143.918077][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 143.924580][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 143.930655][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5161] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5161] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5161] exit_group(0) = ? [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 144.123457][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 144.129264][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 144.135077][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 144.140766][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 144.146511][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 144.152207][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 144.157819][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5162 attached , child_tidptr=0x555557a32750) = 5162 [pid 5162] set_robust_list(0x555557a32760, 24) = 0 [pid 5162] chdir("./56") = 0 [pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5162] setpgid(0, 0) = 0 [pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5162] write(3, "1000", 4) = 4 [pid 5162] close(3) = 0 [pid 5162] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5162] write(1, "executing program\n", 18) = 18 [pid 5162] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5162] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5162] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5162] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5162] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5162] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5162] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5162] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5162] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5162] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [ 144.171768][ T783] usb 1-1: USB disconnect, device number 57 [pid 5162] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5162] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5162] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5162] close(5) = 0 [pid 5162] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5162] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5162] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5162] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 144.708958][ T784] usb 1-1: new high-speed USB device number 58 using dummy_hcd [pid 5162] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5162] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5162] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5162] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5162] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5162] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 144.942877][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 144.951717][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 144.961873][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 144.970926][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5162] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5162] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 145.016127][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 145.025429][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 145.033481][ T784] usb 1-1: Product: syz [ 145.037675][ T784] usb 1-1: Manufacturer: syz [ 145.072107][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 145.077348][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 145.083901][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 145.089910][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5162] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5162] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5162] exit_group(0) = ? [ 145.272777][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 145.278491][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 145.284227][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 145.289915][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 145.295667][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 145.301373][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 145.306990][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 145.316340][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5162, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 145.317921][ T783] usb 1-1: USB disconnect, device number 58 newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5163 attached , child_tidptr=0x555557a32750) = 5163 [pid 5163] set_robust_list(0x555557a32760, 24) = 0 [pid 5163] chdir("./57") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] write(1, "executing program\n", 18executing program ) = 18 [pid 5163] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5163] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5163] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5163] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5163] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5163] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5163] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5163] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5163] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5163] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5163] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5163] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5163] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5163] close(5) = 0 [pid 5163] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5163] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5163] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5163] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 145.958952][ T784] usb 1-1: new high-speed USB device number 59 using dummy_hcd [pid 5163] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5163] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5163] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5163] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5163] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5163] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 146.193097][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 146.201797][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 146.211932][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 146.221034][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5163] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5163] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 146.239948][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 146.249332][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 146.257336][ T784] usb 1-1: Product: syz [ 146.261578][ T784] usb 1-1: Manufacturer: syz [ 146.274536][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 146.280201][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 146.287194][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 146.293164][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5163] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5163] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5163] exit_group(0) = ? [ 146.485237][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 146.490934][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 146.496706][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 146.502560][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 146.508387][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 146.514046][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 146.519753][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 146.525421][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5164 attached , child_tidptr=0x555557a32750) = 5164 [ 146.531170][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 146.536883][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 146.546476][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 146.546705][ T784] usb 1-1: USB disconnect, device number 59 [pid 5164] set_robust_list(0x555557a32760, 24) = 0 [pid 5164] chdir("./58") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] write(1, "executing program\n", 18executing program ) = 18 [pid 5164] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5164] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5164] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5164] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5164] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5164] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5164] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5164] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5164] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5164] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5164] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5164] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5164] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5164] close(5) = 0 [pid 5164] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5164] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5164] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5164] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 147.108953][ T784] usb 1-1: new high-speed USB device number 60 using dummy_hcd [pid 5164] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5164] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5164] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5164] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5164] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5164] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 147.333304][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 147.342062][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 147.352200][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 147.361234][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5164] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5164] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 147.390356][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 147.400020][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 147.408052][ T784] usb 1-1: Product: syz [ 147.412292][ T784] usb 1-1: Manufacturer: syz [ 147.435764][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 147.441103][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 147.447594][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 147.453659][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5164] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5164] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 147.636614][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 147.642379][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 147.648155][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 147.654040][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 147.659896][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 147.665768][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 147.671481][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 147.677256][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5164] exit_group(0) = ? [pid 5164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5165 attached , child_tidptr=0x555557a32750) = 5165 [pid 5165] set_robust_list(0x555557a32760, 24) = 0 [pid 5165] chdir("./59") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [ 147.682967][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 147.688717][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 147.694455][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 147.703910][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 147.707979][ T784] usb 1-1: USB disconnect, device number 60 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] write(1, "executing program\n", 18executing program ) = 18 [pid 5165] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5165] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5165] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5165] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5165] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5165] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5165] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5165] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5165] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5165] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5165] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5165] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5165] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5165] close(5) = 0 [pid 5165] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5165] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5165] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5165] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 148.318948][ T784] usb 1-1: new high-speed USB device number 61 using dummy_hcd [pid 5165] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5165] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5165] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5165] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5165] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5165] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 148.543066][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 148.551789][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 148.561945][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 148.570962][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5165] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5165] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 148.606038][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 148.615161][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 148.623201][ T784] usb 1-1: Product: syz [ 148.627389][ T784] usb 1-1: Manufacturer: syz [ 148.661988][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 148.667356][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 148.673966][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 148.679945][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5165] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5165] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5165] exit_group(0) = ? [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5166 attached , child_tidptr=0x555557a32750) = 5166 [pid 5166] set_robust_list(0x555557a32760, 24) = 0 [pid 5166] chdir("./60") = 0 [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 148.863269][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 148.868999][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 148.874840][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 148.880560][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 148.886147][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 148.899682][ T783] usb 1-1: USB disconnect, device number 61 [pid 5166] setpgid(0, 0) = 0 [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5166] write(3, "1000", 4) = 4 [pid 5166] close(3) = 0 [pid 5166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5166] write(1, "executing program\n", 18executing program ) = 18 [pid 5166] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5166] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5166] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5166] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5166] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5166] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5166] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5166] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5166] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5166] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5166] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5166] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5166] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5166] close(5) = 0 [pid 5166] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5166] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5166] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5166] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 149.498894][ T783] usb 1-1: new high-speed USB device number 62 using dummy_hcd [pid 5166] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5166] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5166] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5166] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5166] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5166] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 149.684565][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 149.693283][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 149.703724][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 149.713112][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5166] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5166] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 149.740186][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 149.749784][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 149.757786][ T783] usb 1-1: Product: syz [ 149.762023][ T783] usb 1-1: Manufacturer: syz [ 149.786488][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 149.792123][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 149.799000][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 149.804940][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5166] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5166] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5166] exit_group(0) = ? [ 149.986825][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 149.992633][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 149.998366][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 150.004218][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 150.010041][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 150.015927][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 150.021664][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 150.031007][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5166] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5166, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5167 attached , child_tidptr=0x555557a32750) = 5167 [pid 5167] set_robust_list(0x555557a32760, 24) = 0 [pid 5167] chdir("./61") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5167] write(1, "executing program\n", 18) = 18 [pid 5167] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5167] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5167] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 150.032363][ T784] usb 1-1: USB disconnect, device number 62 [pid 5167] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5167] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5167] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5167] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5167] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5167] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5167] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5167] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5167] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5167] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5167] close(5) = 0 [pid 5167] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5167] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5167] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5167] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 150.638921][ T783] usb 1-1: new high-speed USB device number 63 using dummy_hcd [pid 5167] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5167] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5167] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5167] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5167] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5167] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 150.844356][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 150.853320][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 150.863488][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 150.872613][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5167] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5167] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 150.890955][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 150.900146][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 150.908142][ T783] usb 1-1: Product: syz [ 150.912376][ T783] usb 1-1: Manufacturer: syz [ 150.944552][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 150.949880][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 150.956319][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 150.962431][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5167] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5167] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5167] exit_group(0) = ? [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5168 attached , child_tidptr=0x555557a32750) = 5168 [pid 5168] set_robust_list(0x555557a32760, 24) = 0 [pid 5168] chdir("./62") = 0 [ 151.145281][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 151.150996][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 151.156729][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 151.162441][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 151.168208][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 151.173938][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 151.185033][ T784] usb 1-1: USB disconnect, device number 63 [pid 5168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5168] setpgid(0, 0) = 0 [pid 5168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5168] write(3, "1000", 4) = 4 [pid 5168] close(3) = 0 [pid 5168] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5168] write(1, "executing program\n", 18) = 18 [pid 5168] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5168] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5168] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5168] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5168] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5168] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5168] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5168] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5168] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5168] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5168] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5168] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5168] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5168] close(5) = 0 [pid 5168] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5168] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5168] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5168] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 151.798911][ T783] usb 1-1: new high-speed USB device number 64 using dummy_hcd [pid 5168] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5168] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5168] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5168] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5168] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5168] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 152.004640][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 152.013674][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 152.023810][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 152.032883][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5168] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5168] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 152.049622][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 152.059179][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 152.067178][ T783] usb 1-1: Product: syz [ 152.071434][ T783] usb 1-1: Manufacturer: syz [ 152.094440][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 152.099837][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 152.106296][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 152.112336][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5168] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 152.294458][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 152.300236][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 152.306008][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 152.311866][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 152.317711][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 152.323590][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 152.329438][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 152.335247][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5168] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5168] exit_group(0) = ? [ 152.341052][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 152.346726][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 152.352496][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 152.358191][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 152.363930][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 152.369648][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 152.378830][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [ 152.385908][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE [pid 5168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5168, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5169 ./strace-static-x86_64: Process 5169 attached [pid 5169] set_robust_list(0x555557a32760, 24) = 0 [pid 5169] chdir("./63") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] write(1, "executing program\n", 18executing program ) = 18 [pid 5169] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5169] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5169] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5169] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5169] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5169] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [ 152.386827][ T784] usb 1-1: USB disconnect, device number 64 [pid 5169] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5169] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5169] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5169] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5169] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5169] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5169] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5169] close(5) = 0 [pid 5169] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5169] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5169] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5169] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 152.948918][ T784] usb 1-1: new high-speed USB device number 65 using dummy_hcd [pid 5169] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5169] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5169] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5169] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5169] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5169] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 153.153839][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 153.162662][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 153.172839][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 153.181919][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5169] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5169] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 153.197742][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 153.206899][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 153.215015][ T784] usb 1-1: Product: syz [ 153.219240][ T784] usb 1-1: Manufacturer: syz [pid 5169] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 153.262874][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 153.268105][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 153.274667][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 153.280671][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5169] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 153.483488][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 153.489230][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 153.494975][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 153.500665][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 153.506396][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 153.512072][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 153.517803][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 153.523508][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5169] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5169] exit_group(0) = ? [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 153.529242][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 153.534921][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 153.540646][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 153.546372][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 153.552102][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 153.557776][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 153.563529][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 153.569231][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 153.574819][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x555557a32760, 24) = 0 [pid 5170] chdir("./64" [pid 5093] <... clone resumed>, child_tidptr=0x555557a32750) = 5170 [pid 5170] <... chdir resumed>) = 0 [pid 5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5170] setpgid(0, 0) = 0 [pid 5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5170] write(3, "1000", 4) = 4 [pid 5170] close(3) = 0 [pid 5170] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5170] write(1, "executing program\n", 18) = 18 [pid 5170] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5170] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5170] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 153.588611][ T783] usb 1-1: USB disconnect, device number 65 [pid 5170] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5170] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5170] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5170] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5170] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5170] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5170] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5170] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5170] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5170] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5170] close(5) = 0 [pid 5170] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5170] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5170] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5170] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 154.158978][ T783] usb 1-1: new high-speed USB device number 66 using dummy_hcd [pid 5170] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5170] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5170] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5170] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5170] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5170] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 154.365000][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 154.373741][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 154.384164][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 154.393270][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5170] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5170] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5170] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 154.419927][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 154.429191][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 154.437364][ T783] usb 1-1: Product: syz [ 154.441599][ T783] usb 1-1: Manufacturer: syz [ 154.464666][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 154.470041][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 154.476481][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 154.482476][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5170] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5170] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5170] exit_group(0) = ? [ 154.664991][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 154.670776][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 154.676564][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 154.682442][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 154.688339][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 154.694190][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 154.699877][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 154.705643][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5171 ./strace-static-x86_64: Process 5171 attached [pid 5171] set_robust_list(0x555557a32760, 24) = 0 [pid 5171] chdir("./65") = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [ 154.711509][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 154.717378][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 154.723230][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 154.728896][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 154.738374][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 154.745504][ T784] usb 1-1: USB disconnect, device number 66 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5171] write(1, "executing program\n", 18executing program ) = 18 [pid 5171] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5171] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5171] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5171] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5171] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5171] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5171] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5171] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5171] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5171] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5171] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5171] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5171] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5171] close(5) = 0 [pid 5171] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5171] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5171] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5171] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 155.368913][ T784] usb 1-1: new high-speed USB device number 67 using dummy_hcd [pid 5171] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5171] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5171] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5171] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5171] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5171] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 155.563517][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 155.572257][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 155.582413][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 155.591464][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5171] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5171] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 155.618331][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 155.627495][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 155.635533][ T784] usb 1-1: Product: syz [ 155.639804][ T784] usb 1-1: Manufacturer: syz [ 155.664988][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 155.670401][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 155.676837][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 155.682819][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5171] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5171] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5171] exit_group(0) = ? [ 155.864724][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 155.870448][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 155.876183][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 155.881849][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 155.887580][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 155.893268][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 155.899024][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 155.904873][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 155.910533][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 155.916132][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 155.928692][ T784] usb 1-1: USB disconnect, device number 67 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5172 attached , child_tidptr=0x555557a32750) = 5172 [pid 5172] set_robust_list(0x555557a32760, 24) = 0 [pid 5172] chdir("./66") = 0 [pid 5172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5172] setpgid(0, 0) = 0 [pid 5172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5172] write(3, "1000", 4) = 4 [pid 5172] close(3) = 0 [pid 5172] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5172] write(1, "executing program\n", 18) = 18 [pid 5172] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5172] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5172] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5172] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5172] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5172] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5172] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5172] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5172] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5172] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5172] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5172] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5172] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5172] close(5) = 0 [pid 5172] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5172] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5172] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5172] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 156.578943][ T784] usb 1-1: new high-speed USB device number 68 using dummy_hcd [pid 5172] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5172] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5172] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5172] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5172] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5172] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 156.773311][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 156.782061][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 156.792470][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 156.801566][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5172] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5172] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 156.826286][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 156.835444][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 156.843574][ T784] usb 1-1: Product: syz [ 156.847764][ T784] usb 1-1: Manufacturer: syz [ 156.871008][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 156.876340][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 156.882979][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 156.888990][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5172] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5172] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5172] exit_group(0) = ? [ 157.081633][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 157.087347][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 157.093084][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 157.098938][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 157.104760][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 157.110420][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 157.116158][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 157.121850][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5172] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5172, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5173 ./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x555557a32760, 24) = 0 [pid 5173] chdir("./67") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [ 157.127579][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 157.133279][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 157.138896][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 157.148157][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 157.151933][ T784] usb 1-1: USB disconnect, device number 68 [pid 5173] write(1, "executing program\n", 18executing program ) = 18 [pid 5173] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5173] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5173] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5173] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5173] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5173] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5173] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5173] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5173] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5173] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5173] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5173] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5173] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5173] close(5) = 0 [pid 5173] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5173] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5173] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5173] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 157.768949][ T784] usb 1-1: new high-speed USB device number 69 using dummy_hcd [pid 5173] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5173] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5173] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5173] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5173] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5173] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 157.963517][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 157.972370][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 157.982904][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 157.992012][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5173] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5173] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5173] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 158.017001][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 158.026148][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 158.034211][ T784] usb 1-1: Product: syz [ 158.038411][ T784] usb 1-1: Manufacturer: syz [ 158.062685][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 158.067975][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 158.074551][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 158.080637][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5173] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5173] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5173] exit_group(0) = ? [pid 5173] +++ exited with 0 +++ [ 158.263926][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 158.269646][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 158.275417][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 158.281310][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 158.287009][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 158.292784][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 158.298507][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 158.310200][ T784] usb 1-1: USB disconnect, device number 69 rmdir("./67") = 0 mkdir("./68", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5174 attached , child_tidptr=0x555557a32750) = 5174 [pid 5174] set_robust_list(0x555557a32760, 24) = 0 [pid 5174] chdir("./68") = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5174] write(1, "executing program\n", 18) = 18 [pid 5174] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5174] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5174] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5174] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5174] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5174] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5174] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5174] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5174] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5174] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5174] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5174] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5174] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5174] close(5) = 0 [pid 5174] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5174] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5174] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5174] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 158.938940][ T784] usb 1-1: new high-speed USB device number 70 using dummy_hcd [pid 5174] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5174] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5174] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5174] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5174] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5174] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 159.143425][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 159.152164][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 159.162307][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 159.171376][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5174] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5174] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 159.201151][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 159.210348][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 159.218444][ T784] usb 1-1: Product: syz [ 159.222711][ T784] usb 1-1: Manufacturer: syz [ 159.252612][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 159.257853][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 159.264567][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 159.270557][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5174] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5174] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5174] exit_group(0) = ? [ 159.453580][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 159.459332][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 159.465107][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 159.470971][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 159.476637][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 159.482391][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 159.488113][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 159.498166][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5174, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5175 attached , child_tidptr=0x555557a32750) = 5175 [pid 5175] set_robust_list(0x555557a32760, 24) = 0 [pid 5175] chdir("./69") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [ 159.504687][ T784] usb 1-1: USB disconnect, device number 70 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5175] write(1, "executing program\n", 18) = 18 [pid 5175] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5175] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5175] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5175] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5175] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5175] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5175] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5175] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5175] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5175] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5175] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5175] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5175] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5175] close(5) = 0 [pid 5175] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5175] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5175] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5175] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 160.098957][ T784] usb 1-1: new high-speed USB device number 71 using dummy_hcd [pid 5175] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5175] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5175] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5175] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5175] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5175] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 160.312803][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 160.321546][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 160.332161][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 160.341285][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5175] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5175] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 160.387005][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 160.396175][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 160.404241][ T784] usb 1-1: Product: syz [ 160.408422][ T784] usb 1-1: Manufacturer: syz [ 160.433426][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 160.438663][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 160.446087][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 160.452077][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5175] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5175] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5175] exit_group(0) = ? [ 160.634489][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 160.640202][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 160.645931][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 160.651627][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 160.657350][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 160.663222][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 160.668940][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 160.678494][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 160.679919][ T784] usb 1-1: USB disconnect, device number 71 rmdir("./69") = 0 mkdir("./70", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5176 attached , child_tidptr=0x555557a32750) = 5176 [pid 5176] set_robust_list(0x555557a32760, 24) = 0 [pid 5176] chdir("./70") = 0 [pid 5176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5176] setpgid(0, 0) = 0 [pid 5176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5176] write(3, "1000", 4) = 4 [pid 5176] close(3) = 0 [pid 5176] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5176] write(1, "executing program\n", 18) = 18 [pid 5176] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5176] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5176] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5176] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5176] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5176] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5176] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5176] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5176] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5176] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5176] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5176] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5176] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5176] close(5) = 0 [pid 5176] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5176] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5176] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5176] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 161.278927][ T783] usb 1-1: new high-speed USB device number 72 using dummy_hcd [pid 5176] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5176] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5176] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5176] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5176] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5176] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 161.464245][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 161.472916][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 161.483084][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 161.492378][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5176] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5176] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 161.509770][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 161.519177][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 161.527168][ T783] usb 1-1: Product: syz [ 161.531376][ T783] usb 1-1: Manufacturer: syz [pid 5176] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 161.554823][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 161.560170][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 161.566839][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 161.572864][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5176] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5176] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5176] exit_group(0) = ? [ 161.765037][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 161.770782][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 161.776533][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 161.782363][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 161.788198][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 161.793868][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 161.799613][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 161.805294][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5176, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5177 attached , child_tidptr=0x555557a32750) = 5177 [pid 5177] set_robust_list(0x555557a32760, 24) = 0 [pid 5177] chdir("./71") = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5177] write(1, "executing program\n", 18) = 18 [pid 5177] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5177] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5177] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 161.814798][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 161.817047][ T784] usb 1-1: USB disconnect, device number 72 [pid 5177] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5177] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5177] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5177] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5177] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5177] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5177] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5177] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5177] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5177] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5177] close(5) = 0 [pid 5177] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5177] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5177] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5177] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 162.398942][ T784] usb 1-1: new high-speed USB device number 73 using dummy_hcd [pid 5177] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5177] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5177] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5177] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5177] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5177] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 162.623052][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 162.631776][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 162.641938][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 162.650966][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5177] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5177] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5177] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 162.695705][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 162.704884][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 162.712942][ T784] usb 1-1: Product: syz [ 162.717143][ T784] usb 1-1: Manufacturer: syz [pid 5177] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 162.742651][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 162.747995][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 162.754662][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 162.760708][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5177] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5177] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5177] exit_group(0) = ? [ 162.953302][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 162.959120][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 162.964854][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 162.970515][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 162.976251][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 162.981942][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 162.987745][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 162.993652][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5177, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 162.999354][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 163.004926][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 163.017164][ T784] usb 1-1: USB disconnect, device number 73 unlink("./71/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5178 attached , child_tidptr=0x555557a32750) = 5178 [pid 5178] set_robust_list(0x555557a32760, 24) = 0 [pid 5178] chdir("./72") = 0 [pid 5178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5178] setpgid(0, 0) = 0 [pid 5178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5178] write(3, "1000", 4) = 4 [pid 5178] close(3) = 0 [pid 5178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5178] write(1, "executing program\n", 18executing program ) = 18 [pid 5178] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5178] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5178] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5178] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5178] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5178] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5178] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5178] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5178] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5178] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5178] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5178] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5178] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5178] close(5) = 0 [pid 5178] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5178] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5178] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5178] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 163.668968][ T784] usb 1-1: new high-speed USB device number 74 using dummy_hcd [pid 5178] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5178] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5178] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5178] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5178] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5178] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 163.883275][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 163.892019][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 163.902181][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 163.911253][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5178] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5178] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 163.937211][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 163.946457][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 163.954568][ T784] usb 1-1: Product: syz [ 163.958748][ T784] usb 1-1: Manufacturer: syz [ 163.991730][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 163.996982][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 164.003600][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 164.009587][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5178] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5178] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5178] exit_group(0) = ? [ 164.202558][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 164.208411][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 164.214189][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 164.219892][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 164.225790][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 164.231501][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 164.237250][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 164.242951][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5178, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 164.248548][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 164.259234][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [ 164.266499][ T784] usb 1-1: USB disconnect, device number 74 unlink("./72/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5179 attached , child_tidptr=0x555557a32750) = 5179 [pid 5179] set_robust_list(0x555557a32760, 24) = 0 [pid 5179] chdir("./73") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5179] write(1, "executing program\n", 18) = 18 [pid 5179] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5179] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5179] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5179] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5179] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5179] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5179] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5179] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5179] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5179] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5179] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5179] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5179] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5179] close(5) = 0 [pid 5179] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5179] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5179] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5179] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 164.888913][ T784] usb 1-1: new high-speed USB device number 75 using dummy_hcd [pid 5179] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5179] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5179] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5179] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5179] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5179] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 165.112722][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 165.121461][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 165.131693][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 165.140921][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5179] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5179] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 165.170215][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 165.179357][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 165.187527][ T784] usb 1-1: Product: syz [ 165.191765][ T784] usb 1-1: Manufacturer: syz [ 165.225438][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 165.230789][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 165.237081][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 165.243152][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5179] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5179] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5179] exit_group(0) = ? [ 165.426533][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 165.432270][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 165.438008][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 165.443668][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 165.449478][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 165.455165][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 165.460954][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 165.466671][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 165.472462][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 165.478355][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 165.484096][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 165.489699][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 165.499726][ T784] usb 1-1: USB disconnect, device number 75 rmdir("./73") = 0 mkdir("./74", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5180 attached , child_tidptr=0x555557a32750) = 5180 [pid 5180] set_robust_list(0x555557a32760, 24) = 0 [pid 5180] chdir("./74") = 0 [pid 5180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5180] setpgid(0, 0) = 0 [pid 5180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5180] write(3, "1000", 4) = 4 [pid 5180] close(3) = 0 [pid 5180] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5180] write(1, "executing program\n", 18) = 18 [pid 5180] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5180] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5180] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5180] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5180] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5180] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5180] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5180] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5180] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5180] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5180] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5180] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5180] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5180] close(5) = 0 [pid 5180] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5180] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5180] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5180] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 166.139018][ T784] usb 1-1: new high-speed USB device number 76 using dummy_hcd [pid 5180] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5180] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5180] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5180] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5180] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5180] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 166.352788][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 166.361540][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 166.372219][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 166.381291][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5180] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5180] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 166.416823][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 166.426064][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 166.434145][ T784] usb 1-1: Product: syz [ 166.438336][ T784] usb 1-1: Manufacturer: syz [ 166.461791][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 166.467231][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 166.473779][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 166.479771][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5180] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5180] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5180] exit_group(0) = ? [pid 5180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5180, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 166.662259][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 166.667990][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 166.673750][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 166.679439][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 166.685056][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 166.695571][ T784] usb 1-1: USB disconnect, device number 76 newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5181 ./strace-static-x86_64: Process 5181 attached [pid 5181] set_robust_list(0x555557a32760, 24) = 0 [pid 5181] chdir("./75") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] write(1, "executing program\n", 18executing program ) = 18 [pid 5181] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5181] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5181] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5181] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5181] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5181] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5181] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5181] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5181] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5181] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5181] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5181] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5181] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5181] close(5) = 0 [pid 5181] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5181] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5181] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5181] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 167.328988][ T784] usb 1-1: new high-speed USB device number 77 using dummy_hcd [pid 5181] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5181] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5181] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5181] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5181] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5181] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 167.523191][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 167.531910][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 167.542090][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 167.551147][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5181] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5181] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5181] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 167.567179][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 167.576355][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 167.584423][ T784] usb 1-1: Product: syz [ 167.588701][ T784] usb 1-1: Manufacturer: syz [pid 5181] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 167.618713][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 167.624052][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 167.630752][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 167.636878][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5181] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5181] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 167.829868][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 167.835792][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 167.841625][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 167.847381][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 167.853095][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 167.858774][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 167.864557][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 167.870399][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5181] exit_group(0) = ? [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 167.876133][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 167.881994][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 167.887696][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 167.893319][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 167.902986][ T784] usb 1-1: USB disconnect, device number 77 newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5182 attached , child_tidptr=0x555557a32750) = 5182 [pid 5182] set_robust_list(0x555557a32760, 24) = 0 [pid 5182] chdir("./76") = 0 [pid 5182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5182] setpgid(0, 0) = 0 [pid 5182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5182] write(3, "1000", 4) = 4 [pid 5182] close(3) = 0 [pid 5182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5182] write(1, "executing program\n", 18executing program ) = 18 [pid 5182] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5182] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5182] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5182] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5182] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5182] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5182] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5182] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5182] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5182] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5182] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5182] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5182] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5182] close(5) = 0 [pid 5182] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5182] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5182] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5182] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 168.578980][ T783] usb 1-1: new high-speed USB device number 78 using dummy_hcd [pid 5182] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5182] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5182] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5182] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5182] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5182] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 168.793960][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 168.802937][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 168.813091][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 168.822124][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5182] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5182] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 168.839925][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 168.849431][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 168.857439][ T783] usb 1-1: Product: syz [ 168.861706][ T783] usb 1-1: Manufacturer: syz [ 168.893842][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 168.899150][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 168.905589][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 168.911595][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5182] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5182] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5182] exit_group(0) = ? [ 169.104076][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 169.109842][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 169.115581][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 169.121454][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 169.127443][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 169.133121][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 169.138875][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 169.144585][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5182, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 [ 169.156929][ T784] usb 1-1: USB disconnect, device number 78 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5183 attached , child_tidptr=0x555557a32750) = 5183 [pid 5183] set_robust_list(0x555557a32760, 24) = 0 [pid 5183] chdir("./77") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] write(1, "executing program\n", 18executing program ) = 18 [pid 5183] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5183] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5183] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5183] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5183] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5183] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5183] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5183] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5183] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5183] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5183] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5183] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5183] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5183] close(5) = 0 [pid 5183] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5183] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5183] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5183] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 169.808903][ T784] usb 1-1: new high-speed USB device number 79 using dummy_hcd [pid 5183] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5183] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5183] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5183] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5183] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5183] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 170.013259][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 170.022028][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 170.032258][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 170.041326][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5183] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5183] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 170.087190][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 170.096480][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 170.104616][ T784] usb 1-1: Product: syz [ 170.108888][ T784] usb 1-1: Manufacturer: syz [ 170.131449][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 170.136711][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 170.143326][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 170.149308][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5183] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5183] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5183] exit_group(0) = ? [ 170.342476][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 170.348325][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 170.354109][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 170.359969][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 170.365815][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 170.371537][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 170.377300][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 170.383153][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 170.389033][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 170.394876][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 170.400553][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 170.406316][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 170.412040][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 170.421174][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 170.425609][ T784] usb 1-1: USB disconnect, device number 79 unlink("./77/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5184 attached , child_tidptr=0x555557a32750) = 5184 [pid 5184] set_robust_list(0x555557a32760, 24) = 0 [pid 5184] chdir("./78") = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5184] write(1, "executing program\n", 18) = 18 [pid 5184] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5184] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5184] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5184] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5184] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5184] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5184] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5184] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5184] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5184] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5184] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5184] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5184] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5184] close(5) = 0 [pid 5184] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5184] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5184] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5184] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 171.088955][ T783] usb 1-1: new high-speed USB device number 80 using dummy_hcd [pid 5184] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5184] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5184] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5184] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5184] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5184] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 171.284091][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 171.292798][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 171.303237][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 171.312744][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5184] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5184] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 171.328421][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 171.337901][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 171.345981][ T783] usb 1-1: Product: syz [ 171.350191][ T783] usb 1-1: Manufacturer: syz [ 171.383410][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 171.388669][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 171.395478][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 171.401451][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5184] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 171.583940][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 171.589693][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 171.595463][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 171.601336][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 171.607198][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 171.613054][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 171.618921][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 171.624826][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5184] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5184] exit_group(0) = ? [ 171.630497][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 171.636269][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 171.642051][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 171.647813][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 171.653666][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 171.659610][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 171.665330][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 171.674779][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5185 ./strace-static-x86_64: Process 5185 attached [pid 5185] set_robust_list(0x555557a32760, 24) = 0 [pid 5185] chdir("./79") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [ 171.675079][ T784] usb 1-1: USB disconnect, device number 80 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5185] write(1, "executing program\n", 18executing program ) = 18 [pid 5185] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5185] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5185] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5185] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5185] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5185] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5185] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5185] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5185] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5185] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5185] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5185] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5185] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5185] close(5) = 0 [pid 5185] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5185] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5185] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5185] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 172.248974][ T783] usb 1-1: new high-speed USB device number 81 using dummy_hcd [pid 5185] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5185] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5185] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5185] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5185] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5185] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 172.463180][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 172.472182][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 172.482417][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 172.491534][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5185] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5185] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 172.527857][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 172.537409][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 172.545506][ T783] usb 1-1: Product: syz [ 172.549727][ T783] usb 1-1: Manufacturer: syz [ 172.591467][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 172.596765][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 172.603925][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 172.610054][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5185] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5185] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5185] exit_group(0) = ? [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 172.793868][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 172.799700][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 172.805525][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 172.811414][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 172.817290][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 172.823113][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 172.834125][ T784] usb 1-1: USB disconnect, device number 81 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5186 attached , child_tidptr=0x555557a32750) = 5186 [pid 5186] set_robust_list(0x555557a32760, 24) = 0 [pid 5186] chdir("./80") = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5186] write(1, "executing program\n", 18) = 18 [pid 5186] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5186] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5186] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5186] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5186] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5186] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5186] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5186] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5186] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5186] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5186] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5186] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5186] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5186] close(5) = 0 [pid 5186] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5186] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5186] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5186] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 173.439058][ T784] usb 1-1: new high-speed USB device number 82 using dummy_hcd [pid 5186] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5186] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5186] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5186] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5186] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5186] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 173.653535][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 173.662337][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 173.672504][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 173.681594][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5186] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5186] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5186] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 173.726373][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 173.735519][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 173.743647][ T784] usb 1-1: Product: syz [ 173.747845][ T784] usb 1-1: Manufacturer: syz [ 173.779314][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 173.784631][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 173.791172][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 173.797111][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5186] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5186] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 173.980763][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 173.986604][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 173.992392][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 173.998253][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 174.004111][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 174.009835][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 174.015606][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 174.021567][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5186] exit_group(0) = ? [pid 5186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5187 attached , child_tidptr=0x555557a32750) = 5187 [pid 5187] set_robust_list(0x555557a32760, 24) = 0 [ 174.027447][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 174.033207][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 174.045968][ T784] usb 1-1: USB disconnect, device number 82 [pid 5187] chdir("./81") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5187] write(1, "executing program\n", 18) = 18 [pid 5187] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5187] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5187] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5187] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5187] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5187] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5187] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5187] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5187] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5187] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5187] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5187] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5187] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5187] close(5) = 0 [pid 5187] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5187] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5187] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5187] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 174.648967][ T784] usb 1-1: new high-speed USB device number 83 using dummy_hcd [pid 5187] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5187] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5187] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5187] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5187] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5187] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 174.864389][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 174.873174][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 174.883398][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 174.892461][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5187] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5187] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5187] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 174.919000][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 174.929316][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 174.937372][ T784] usb 1-1: Product: syz [ 174.941619][ T784] usb 1-1: Manufacturer: syz [ 174.984717][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 174.990044][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 174.996519][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 175.002530][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5187] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5187] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5187] exit_group(0) = ? [ 175.185153][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 175.190894][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 175.196625][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 175.202315][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 175.208239][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 175.213965][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 175.219556][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 175.229382][ T783] usb 1-1: USB disconnect, device number 83 [pid 5187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5188 ./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x555557a32760, 24) = 0 [pid 5188] chdir("./82") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5188] write(1, "executing program\n", 18) = 18 [pid 5188] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5188] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5188] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5188] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5188] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5188] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5188] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5188] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5188] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5188] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5188] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5188] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5188] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5188] close(5) = 0 [ 175.229401][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5188] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5188] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5188] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5188] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 175.748989][ T784] usb 1-1: new high-speed USB device number 84 using dummy_hcd [pid 5188] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5188] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5188] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5188] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5188] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5188] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 175.953947][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 175.962732][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 175.972885][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 175.981961][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5188] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5188] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5188] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 175.997744][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 176.006953][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 176.015008][ T784] usb 1-1: Product: syz [ 176.019216][ T784] usb 1-1: Manufacturer: syz [ 176.052080][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 176.057337][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 176.063958][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 176.069933][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5188] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5188] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 176.252631][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 176.258468][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 176.264214][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 176.270124][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 176.275840][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 176.281773][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 176.287624][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 176.293317][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5188] exit_group(0) = ? [pid 5188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5189 ./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x555557a32760, 24) = 0 [pid 5189] chdir("./83") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 176.299060][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 176.304925][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 176.310620][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 176.316367][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 176.322064][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 176.331593][ T783] usb 1-1: USB disconnect, device number 84 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] write(1, "executing program\n", 18executing program ) = 18 [pid 5189] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5189] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5189] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5189] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5189] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5189] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5189] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5189] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5189] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5189] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5189] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5189] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5189] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5189] close(5) = 0 [pid 5189] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5189] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5189] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5189] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 176.938967][ T783] usb 1-1: new high-speed USB device number 85 using dummy_hcd [pid 5189] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5189] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5189] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5189] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5189] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5189] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 177.153537][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 177.162917][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 177.173068][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 177.182118][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5189] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5189] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5189] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 177.197561][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 177.206830][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 177.215157][ T783] usb 1-1: Product: syz [ 177.219450][ T783] usb 1-1: Manufacturer: syz [ 177.241545][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 177.246868][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 177.253402][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 177.259383][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5189] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5189] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5189] exit_group(0) = ? [ 177.452000][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 177.457736][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 177.463471][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 177.469333][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 177.475182][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 177.481034][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 177.486884][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 177.492606][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5190 attached , child_tidptr=0x555557a32750) = 5190 [pid 5190] set_robust_list(0x555557a32760, 24) = 0 [ 177.501545][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 177.506126][ T784] usb 1-1: USB disconnect, device number 85 [pid 5190] chdir("./84") = 0 [pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5190] setpgid(0, 0) = 0 [pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5190] write(3, "1000", 4) = 4 [pid 5190] close(3) = 0 [pid 5190] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5190] write(1, "executing program\n", 18) = 18 [pid 5190] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5190] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5190] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5190] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5190] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5190] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5190] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5190] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5190] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5190] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5190] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5190] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5190] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5190] close(5) = 0 [pid 5190] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5190] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5190] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5190] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 178.119099][ T783] usb 1-1: new high-speed USB device number 86 using dummy_hcd [pid 5190] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5190] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5190] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5190] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5190] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5190] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 178.314571][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 178.323705][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 178.333974][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 178.343061][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5190] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5190] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 178.388443][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 178.398162][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 178.406308][ T783] usb 1-1: Product: syz [ 178.410539][ T783] usb 1-1: Manufacturer: syz [pid 5190] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 178.443231][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 178.448486][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 178.455403][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 178.461460][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5190] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5190] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 178.653916][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 178.659641][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 178.665376][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 178.671327][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 178.677185][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 178.683018][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 178.688864][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 178.694729][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5190] exit_group(0) = ? [pid 5190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5190, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x555557a32760, 24) = 0 [pid 5191] chdir("./85") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] write(1, "executing program\n", 18executing program ) = 18 [pid 5191] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [ 178.700443][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 178.709318][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [ 178.716395][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE [ 178.726963][ T784] usb 1-1: USB disconnect, device number 86 [pid 5191] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5191] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5191] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5191] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5191] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5191] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5191] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5191] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5191] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5191] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5191] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5191] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5191] close(5) = 0 [pid 5191] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5191] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5191] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5191] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 179.318923][ T783] usb 1-1: new high-speed USB device number 87 using dummy_hcd [pid 5191] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5191] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5191] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5191] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5191] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5191] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 179.535038][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 179.544218][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 179.554363][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 179.563389][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5191] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5191] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 179.589447][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 179.598877][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 179.606897][ T783] usb 1-1: Product: syz [ 179.611469][ T783] usb 1-1: Manufacturer: syz [ 179.644038][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 179.649332][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 179.655700][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 179.661716][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5191] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5191] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5191] exit_group(0) = ? [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 179.854546][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 179.860328][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 179.866077][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 179.871953][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 179.877624][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 179.883223][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 179.892956][ T784] usb 1-1: USB disconnect, device number 87 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5192 attached , child_tidptr=0x555557a32750) = 5192 [pid 5192] set_robust_list(0x555557a32760, 24) = 0 [pid 5192] chdir("./86") = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] write(1, "executing program\n", 18executing program ) = 18 [pid 5192] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5192] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5192] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5192] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5192] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5192] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5192] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5192] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5192] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5192] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5192] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5192] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5192] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5192] close(5) = 0 [pid 5192] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5192] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5192] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5192] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 180.568974][ T783] usb 1-1: new high-speed USB device number 88 using dummy_hcd [pid 5192] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5192] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5192] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5192] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5192] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5192] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 180.784382][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 180.793097][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 180.803333][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 180.812368][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5192] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5192] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 180.829317][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 180.838721][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 180.846824][ T783] usb 1-1: Product: syz [ 180.851083][ T783] usb 1-1: Manufacturer: syz [ 180.876322][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 180.881650][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 180.888033][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 180.894058][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5192] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5192] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5192] exit_group(0) = ? [pid 5192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 [ 181.077355][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 181.083082][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 181.088811][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 181.094679][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 181.100447][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 181.110028][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 181.110969][ T784] usb 1-1: USB disconnect, device number 88 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5193 attached , child_tidptr=0x555557a32750) = 5193 [pid 5193] set_robust_list(0x555557a32760, 24) = 0 [pid 5193] chdir("./87") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5193] write(1, "executing program\n", 18) = 18 [pid 5193] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5193] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5193] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5193] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5193] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5193] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5193] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5193] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5193] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5193] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5193] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5193] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5193] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5193] close(5) = 0 [pid 5193] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5193] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5193] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5193] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 181.738917][ T784] usb 1-1: new high-speed USB device number 89 using dummy_hcd [pid 5193] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5193] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5193] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5193] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5193] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 181.943154][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 181.951911][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 181.962158][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 181.971232][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5193] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5193] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5193] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 182.026697][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 182.035845][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 182.043895][ T784] usb 1-1: Product: syz [ 182.048076][ T784] usb 1-1: Manufacturer: syz [pid 5193] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 182.081276][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 182.086530][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 182.093715][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 182.099729][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5193] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5193] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5193] exit_group(0) = ? [ 182.317952][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 182.323709][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 182.329460][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 182.335308][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 182.341106][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 182.346875][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 182.352742][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 182.358438][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 [ 182.364064][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 182.373672][ T784] usb 1-1: USB disconnect, device number 89 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5194 ./strace-static-x86_64: Process 5194 attached [pid 5194] set_robust_list(0x555557a32760, 24) = 0 [pid 5194] chdir("./88") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5194] write(1, "executing program\n", 18) = 18 [pid 5194] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5194] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5194] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5194] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5194] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5194] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5194] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5194] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5194] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5194] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5194] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5194] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5194] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5194] close(5) = 0 [pid 5194] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5194] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5194] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5194] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 183.008905][ T783] usb 1-1: new high-speed USB device number 90 using dummy_hcd [pid 5194] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5194] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5194] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5194] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5194] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5194] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 183.203692][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 183.212533][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 183.222841][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 183.232067][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5194] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5194] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5194] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 183.248810][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 183.257892][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 183.266353][ T783] usb 1-1: Product: syz [ 183.270587][ T783] usb 1-1: Manufacturer: syz [ 183.295157][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 183.300510][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 183.307022][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 183.313025][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5194] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5194] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5194] exit_group(0) = ? [ 183.496542][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 183.502259][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 183.507999][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 183.513839][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 183.519640][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 183.525534][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 183.531257][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5195 ./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x555557a32760, 24) = 0 [pid 5195] chdir("./89") = 0 [ 183.542389][ T784] usb 1-1: USB disconnect, device number 90 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5195] setpgid(0, 0) = 0 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3) = 0 executing program [pid 5195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5195] write(1, "executing program\n", 18) = 18 [pid 5195] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5195] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5195] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5195] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5195] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5195] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5195] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5195] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5195] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5195] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5195] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5195] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5195] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5195] close(5) = 0 [pid 5195] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5195] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5195] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5195] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 184.138946][ T784] usb 1-1: new high-speed USB device number 91 using dummy_hcd [pid 5195] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5195] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5195] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5195] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5195] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5195] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 184.343676][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 184.352580][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 184.362768][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 184.371832][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5195] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5195] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 184.397959][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 184.407204][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 184.415276][ T784] usb 1-1: Product: syz [ 184.419534][ T784] usb 1-1: Manufacturer: syz [ 184.442279][ T784] cdc_wdm 1-1:1.0: skipping garbage [pid 5195] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 184.447535][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 184.454817][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 184.460975][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5195] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5195] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5195] exit_group(0) = ? [pid 5195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5195, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 184.656232][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 184.662061][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 184.667794][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 184.673486][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 184.679262][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 184.684950][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 184.690549][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 184.700286][ T784] usb 1-1: USB disconnect, device number 91 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5196 attached , child_tidptr=0x555557a32750) = 5196 [pid 5196] set_robust_list(0x555557a32760, 24) = 0 [pid 5196] chdir("./90") = 0 [pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5196] setpgid(0, 0) = 0 [pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5196] write(3, "1000", 4) = 4 [pid 5196] close(3) = 0 [pid 5196] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5196] write(1, "executing program\n", 18) = 18 [pid 5196] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5196] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5196] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5196] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5196] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5196] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5196] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5196] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5196] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5196] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5196] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5196] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5196] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5196] close(5) = 0 [pid 5196] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5196] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5196] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5196] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 185.348932][ T784] usb 1-1: new high-speed USB device number 92 using dummy_hcd [pid 5196] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5196] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5196] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5196] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5196] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5196] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 185.554045][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 185.562926][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 185.573085][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 185.582135][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5196] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5196] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5196] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 185.628018][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 185.637285][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 185.645351][ T784] usb 1-1: Product: syz [ 185.649604][ T784] usb 1-1: Manufacturer: syz [ 185.674560][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 185.680372][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 185.686727][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 185.692747][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5196] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5196] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5196] exit_group(0) = ? [ 185.875984][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 185.881733][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 185.887518][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 185.893447][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 185.899440][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 185.905295][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 185.911032][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 185.916813][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 185.922662][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 185.928351][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 185.934100][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 185.939815][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 185.949498][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 185.950907][ T784] usb 1-1: USB disconnect, device number 92 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5197 attached , child_tidptr=0x555557a32750) = 5197 [pid 5197] set_robust_list(0x555557a32760, 24) = 0 [pid 5197] chdir("./91") = 0 [pid 5197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5197] setpgid(0, 0) = 0 [pid 5197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5197] write(3, "1000", 4) = 4 [pid 5197] close(3) = 0 [pid 5197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5197] write(1, "executing program\n", 18executing program ) = 18 [pid 5197] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5197] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5197] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5197] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5197] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5197] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5197] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5197] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5197] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5197] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5197] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5197] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5197] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5197] close(5) = 0 [pid 5197] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5197] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5197] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5197] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 186.678907][ T784] usb 1-1: new high-speed USB device number 93 using dummy_hcd [pid 5197] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5197] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5197] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5197] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5197] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5197] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 186.913290][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 186.922031][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 186.932258][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 186.941305][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5197] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5197] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 186.961193][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 186.970372][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 186.978393][ T784] usb 1-1: Product: syz [ 186.982607][ T784] usb 1-1: Manufacturer: syz [ 187.004922][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 187.010288][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 187.016809][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 187.022808][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5197] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5197] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5197] exit_group(0) = ? [ 187.206627][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 187.212462][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 187.218232][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 187.224091][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 187.229946][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 187.235799][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 187.241506][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5198 ./strace-static-x86_64: Process 5198 attached [pid 5198] set_robust_list(0x555557a32760, 24) = 0 [pid 5198] chdir("./92") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5198] write(1, "executing program\n", 18) = 18 [pid 5198] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [ 187.250344][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 187.257418][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE [ 187.260504][ T783] usb 1-1: USB disconnect, device number 93 [pid 5198] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5198] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5198] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5198] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5198] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5198] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5198] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5198] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5198] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5198] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5198] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5198] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5198] close(5) = 0 [pid 5198] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5198] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5198] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5198] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 187.838932][ T784] usb 1-1: new high-speed USB device number 94 using dummy_hcd [pid 5198] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5198] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5198] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5198] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5198] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5198] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 188.044030][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 188.052768][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 188.062929][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 188.071974][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5198] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5198] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 188.101110][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 188.110386][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 188.118385][ T784] usb 1-1: Product: syz [ 188.122643][ T784] usb 1-1: Manufacturer: syz [ 188.164720][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 188.170452][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 188.177254][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 188.183248][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5198] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5198] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5198] exit_group(0) = ? [pid 5198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5198, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5199 ./strace-static-x86_64: Process 5199 attached [pid 5199] set_robust_list(0x555557a32760, 24) = 0 [pid 5199] chdir("./93") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 188.365797][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 188.371621][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 188.377347][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 188.383182][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 188.388870][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 188.394478][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 188.403677][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [ 188.404240][ T783] usb 1-1: USB disconnect, device number 94 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5199] write(1, "executing program\n", 18) = 18 [pid 5199] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5199] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5199] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5199] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5199] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5199] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5199] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5199] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5199] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5199] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5199] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5199] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5199] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5199] close(5) = 0 [pid 5199] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5199] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5199] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5199] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 188.999005][ T784] usb 1-1: new high-speed USB device number 95 using dummy_hcd [pid 5199] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5199] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5199] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5199] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5199] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5199] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 189.223387][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 189.232246][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 189.242422][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 189.251448][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5199] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5199] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 189.267087][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 189.276259][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 189.284347][ T784] usb 1-1: Product: syz [ 189.288531][ T784] usb 1-1: Manufacturer: syz [ 189.329860][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 189.335103][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 189.341966][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 189.347940][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5199] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5199] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5199] exit_group(0) = ? [ 189.530601][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 189.536430][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 189.542200][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 189.548059][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 189.553933][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 189.559806][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 189.565516][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 189.571283][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x555557a32760, 24 [pid 5093] <... clone resumed>, child_tidptr=0x555557a32750) = 5200 [pid 5200] <... set_robust_list resumed>) = 0 [pid 5200] chdir("./94") = 0 [pid 5200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5200] setpgid(0, 0) = 0 [pid 5200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5200] write(3, "1000", 4) = 4 [pid 5200] close(3) = 0 [pid 5200] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5200] write(1, "executing program\n", 18) = 18 [pid 5200] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5200] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5200] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5200] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5200] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5200] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [ 189.577090][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 189.588572][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 189.595758][ T783] usb 1-1: USB disconnect, device number 95 [pid 5200] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5200] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5200] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5200] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5200] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5200] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5200] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5200] close(5) = 0 [pid 5200] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5200] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5200] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5200] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 190.168993][ T783] usb 1-1: new high-speed USB device number 96 using dummy_hcd [pid 5200] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5200] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5200] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5200] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5200] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5200] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 190.363562][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 190.372754][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 190.382941][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 190.392654][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5200] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5200] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 190.420229][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 190.429925][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 190.437927][ T783] usb 1-1: Product: syz [ 190.442244][ T783] usb 1-1: Manufacturer: syz [ 190.464251][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 190.469614][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 190.475927][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 190.481985][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5200] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5200] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5200] exit_group(0) = ? [ 190.664906][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 190.670646][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 190.676443][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 190.682290][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 190.688135][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 190.694004][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 190.699910][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 190.705747][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5200, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 190.711465][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 190.720529][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 190.721012][ T784] usb 1-1: USB disconnect, device number 96 newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached , child_tidptr=0x555557a32750) = 5201 [pid 5201] set_robust_list(0x555557a32760, 24) = 0 [pid 5201] chdir("./95") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5201] write(1, "executing program\n", 18) = 18 [pid 5201] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5201] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5201] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5201] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5201] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5201] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5201] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5201] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5201] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5201] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5201] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5201] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5201] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5201] close(5) = 0 [pid 5201] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5201] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5201] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5201] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 191.408965][ T783] usb 1-1: new high-speed USB device number 97 using dummy_hcd [pid 5201] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5201] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5201] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5201] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5201] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5201] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 191.604080][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 191.613234][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 191.623464][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 191.632520][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5201] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5201] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 191.650187][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 191.660033][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 191.668027][ T783] usb 1-1: Product: syz [ 191.672246][ T783] usb 1-1: Manufacturer: syz [ 191.694700][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 191.700232][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 191.706644][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 191.712669][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5201] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5201] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5201] exit_group(0) = ? [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 191.905550][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 191.911317][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 191.917066][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 191.922798][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 191.932324][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [ 191.932942][ T783] usb 1-1: USB disconnect, device number 97 rmdir("./95") = 0 mkdir("./96", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5202 attached , child_tidptr=0x555557a32750) = 5202 [pid 5202] set_robust_list(0x555557a32760, 24) = 0 [pid 5202] chdir("./96") = 0 [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5202] setpgid(0, 0) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5202] write(3, "1000", 4) = 4 [pid 5202] close(3) = 0 [pid 5202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5202] write(1, "executing program\n", 18executing program ) = 18 [pid 5202] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5202] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5202] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5202] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5202] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5202] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5202] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5202] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5202] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5202] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5202] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5202] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5202] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5202] close(5) = 0 [pid 5202] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5202] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5202] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5202] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 192.559066][ T784] usb 1-1: new high-speed USB device number 98 using dummy_hcd [pid 5202] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5202] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5202] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5202] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5202] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5202] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 192.763233][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 192.772072][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 192.782511][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 192.791601][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5202] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5202] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 192.808412][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 192.817619][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 192.825673][ T784] usb 1-1: Product: syz [ 192.829896][ T784] usb 1-1: Manufacturer: syz [ 192.859183][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 192.864435][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 192.871020][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 192.876948][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5202] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5202] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 193.059511][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 193.065260][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 193.071012][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 193.076680][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 193.082401][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 193.088079][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 193.093830][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 193.099547][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5202] exit_group(0) = ? [pid 5202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5202, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 193.105305][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 193.110988][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 193.116710][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 193.122557][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 193.128229][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 193.133955][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 193.139650][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 193.149464][ T783] usb 1-1: USB disconnect, device number 98 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5203 attached , child_tidptr=0x555557a32750) = 5203 [pid 5203] set_robust_list(0x555557a32760, 24) = 0 [pid 5203] chdir("./97") = 0 [pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5203] setpgid(0, 0) = 0 [pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5203] write(3, "1000", 4) = 4 [pid 5203] close(3) = 0 [pid 5203] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5203] write(1, "executing program\n", 18) = 18 [pid 5203] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5203] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5203] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5203] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5203] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5203] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5203] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5203] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5203] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5203] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5203] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5203] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5203] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5203] close(5) = 0 [pid 5203] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5203] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5203] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5203] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 193.808961][ T784] usb 1-1: new high-speed USB device number 99 using dummy_hcd [pid 5203] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5203] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5203] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5203] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5203] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5203] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 194.013357][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 194.022165][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 194.032328][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 194.041368][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5203] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5203] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 194.069301][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 194.078390][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 194.086531][ T784] usb 1-1: Product: syz [ 194.090766][ T784] usb 1-1: Manufacturer: syz [ 194.114552][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 194.120165][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 194.126847][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 194.132897][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5203] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5203] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 194.315510][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 194.321277][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 194.327048][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 194.332917][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 194.338772][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 194.344636][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 194.350398][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 194.356265][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5203] exit_group(0) = ? [pid 5203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5203, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5204 attached , child_tidptr=0x555557a32750) = 5204 [pid 5204] set_robust_list(0x555557a32760, 24) = 0 [pid 5204] chdir("./98") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5204] write(1, "executing program\n", 18) = 18 [pid 5204] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5204] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5204] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5204] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5204] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5204] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [ 194.362151][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 194.368020][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 194.373731][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 194.379435][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 194.388972][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 194.392117][ T784] usb 1-1: USB disconnect, device number 99 [pid 5204] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5204] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5204] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5204] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5204] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5204] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5204] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5204] close(5) = 0 [pid 5204] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5204] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5204] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5204] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 194.968914][ T784] usb 1-1: new high-speed USB device number 100 using dummy_hcd [pid 5204] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5204] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5204] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5204] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5204] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5204] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 195.183211][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 195.192003][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 195.202181][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 195.211313][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5204] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5204] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 195.240647][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 195.249770][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 195.257763][ T784] usb 1-1: Product: syz [ 195.262001][ T784] usb 1-1: Manufacturer: syz [ 195.284203][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 195.289600][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 195.296295][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 195.302389][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5204] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5204] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5204] exit_group(0) = ? [ 195.485306][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 195.491064][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 195.496827][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 195.502712][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 195.508609][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 195.514466][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 195.520324][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 195.526072][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 [ 195.536429][ T783] usb 1-1: USB disconnect, device number 100 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5205 attached , child_tidptr=0x555557a32750) = 5205 [pid 5205] set_robust_list(0x555557a32760, 24) = 0 [pid 5205] chdir("./99") = 0 [pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5205] setpgid(0, 0) = 0 [pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5205] write(3, "1000", 4) = 4 [pid 5205] close(3) = 0 [pid 5205] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5205] write(1, "executing program\n", 18) = 18 [pid 5205] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5205] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5205] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5205] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5205] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5205] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5205] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5205] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5205] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5205] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5205] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5205] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5205] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5205] close(5) = 0 [pid 5205] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5205] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5205] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5205] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 196.198940][ T783] usb 1-1: new high-speed USB device number 101 using dummy_hcd [pid 5205] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5205] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5205] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5205] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5205] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5205] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 196.394771][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 196.403879][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 196.414417][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 196.423498][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5205] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5205] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 196.450472][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 196.459601][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 196.467595][ T783] usb 1-1: Product: syz [ 196.471875][ T783] usb 1-1: Manufacturer: syz [ 196.513946][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 196.519340][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 196.525776][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 196.531864][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5205] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5205] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5205] exit_group(0) = ? [ 196.714740][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 196.720469][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 196.726222][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 196.731939][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 196.737701][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 196.743599][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 196.749331][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 196.758761][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5205, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 [ 196.760093][ T784] usb 1-1: USB disconnect, device number 101 mkdir("./100", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5206 attached , child_tidptr=0x555557a32750) = 5206 [pid 5206] set_robust_list(0x555557a32760, 24) = 0 [pid 5206] chdir("./100") = 0 [pid 5206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5206] setpgid(0, 0) = 0 [pid 5206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5206] write(3, "1000", 4) = 4 [pid 5206] close(3) = 0 [pid 5206] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5206] write(1, "executing program\n", 18) = 18 [pid 5206] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5206] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5206] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5206] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5206] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5206] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5206] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5206] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5206] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5206] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5206] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5206] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5206] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5206] close(5) = 0 [pid 5206] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5206] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5206] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5206] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 197.418896][ T783] usb 1-1: new high-speed USB device number 102 using dummy_hcd [pid 5206] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5206] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5206] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5206] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5206] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5206] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 197.653685][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 197.662581][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 197.672747][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 197.681788][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5206] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5206] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 197.718957][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 197.728139][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 197.736211][ T783] usb 1-1: Product: syz [ 197.740420][ T783] usb 1-1: Manufacturer: syz [ 197.763782][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 197.770316][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 197.776763][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 197.782762][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5206] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5206] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5206] exit_group(0) = ? [ 197.963756][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 197.969510][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 197.975280][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 197.981133][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 197.987002][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 197.992679][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 197.998421][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 198.004112][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5206, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 198.017591][ T784] usb 1-1: USB disconnect, device number 102 newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5207 attached , child_tidptr=0x555557a32750) = 5207 [pid 5207] set_robust_list(0x555557a32760, 24) = 0 [pid 5207] chdir("./101") = 0 [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5207] setpgid(0, 0) = 0 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [pid 5207] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5207] write(1, "executing program\n", 18) = 18 [pid 5207] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5207] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5207] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5207] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5207] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5207] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5207] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5207] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5207] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5207] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5207] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5207] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5207] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5207] close(5) = 0 [pid 5207] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5207] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5207] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5207] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 198.638926][ T784] usb 1-1: new high-speed USB device number 103 using dummy_hcd [pid 5207] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5207] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5207] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5207] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5207] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5207] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 198.843081][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 198.851804][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 198.861954][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 198.870994][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5207] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5207] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 198.887046][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 198.896243][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 198.904502][ T784] usb 1-1: Product: syz [ 198.908680][ T784] usb 1-1: Manufacturer: syz [ 198.931446][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 198.936701][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 198.943529][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 198.949487][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5207] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5207] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5207] exit_group(0) = ? [ 199.132127][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 199.137850][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 199.143677][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 199.149541][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 199.155395][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 199.161256][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 199.166974][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 199.176370][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5208 attached , child_tidptr=0x555557a32750) = 5208 [pid 5208] set_robust_list(0x555557a32760, 24) = 0 [pid 5208] chdir("./102") = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [ 199.181447][ T784] usb 1-1: USB disconnect, device number 103 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5208] write(1, "executing program\n", 18) = 18 [pid 5208] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5208] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5208] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5208] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5208] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5208] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5208] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5208] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5208] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5208] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5208] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5208] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5208] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5208] close(5) = 0 [pid 5208] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5208] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5208] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5208] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 199.758923][ T784] usb 1-1: new high-speed USB device number 104 using dummy_hcd [pid 5208] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5208] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5208] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5208] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5208] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5208] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 199.973247][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 199.981991][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 199.992137][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 200.001187][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5208] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5208] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5208] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 200.036656][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 200.045941][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 200.054029][ T784] usb 1-1: Product: syz [ 200.058305][ T784] usb 1-1: Manufacturer: syz [ 200.090749][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 200.095984][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 200.102495][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 200.108428][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5208] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5208] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5208] exit_group(0) = ? [ 200.291149][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 200.296900][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 200.302663][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 200.308340][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 200.314068][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 200.319778][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 200.325543][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 200.331377][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5209 ./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x555557a32760, 24) = 0 [pid 5209] chdir("./103") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 200.337237][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 200.342936][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 200.354085][ T783] usb 1-1: USB disconnect, device number 104 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] write(1, "executing program\n", 18executing program ) = 18 [pid 5209] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5209] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5209] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5209] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5209] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5209] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5209] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5209] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5209] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5209] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5209] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5209] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5209] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5209] close(5) = 0 [pid 5209] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5209] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5209] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5209] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 200.948924][ T784] usb 1-1: new high-speed USB device number 105 using dummy_hcd [pid 5209] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5209] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5209] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5209] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5209] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5209] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 201.143619][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 201.152338][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 201.162499][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 201.171780][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5209] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5209] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 201.207349][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 201.216637][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 201.224911][ T784] usb 1-1: Product: syz [ 201.229147][ T784] usb 1-1: Manufacturer: syz [ 201.262092][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 201.267448][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 201.274135][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 201.280132][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5209] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5209] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5209] exit_group(0) = ? [ 201.462620][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 201.468459][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 201.474210][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 201.479980][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 201.485831][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 201.491758][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 201.497616][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 201.503304][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 [ 201.508903][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 201.519933][ T784] usb 1-1: USB disconnect, device number 105 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5210 attached , child_tidptr=0x555557a32750) = 5210 [pid 5210] set_robust_list(0x555557a32760, 24) = 0 [pid 5210] chdir("./104") = 0 [pid 5210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5210] setpgid(0, 0) = 0 [pid 5210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5210] write(3, "1000", 4) = 4 [pid 5210] close(3) = 0 [pid 5210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5210] write(1, "executing program\n", 18executing program ) = 18 [pid 5210] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5210] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5210] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5210] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5210] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5210] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5210] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5210] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5210] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5210] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5210] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5210] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5210] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5210] close(5) = 0 [pid 5210] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5210] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5210] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5210] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 202.148913][ T784] usb 1-1: new high-speed USB device number 106 using dummy_hcd [pid 5210] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5210] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5210] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5210] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5210] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5210] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 202.363007][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 202.371757][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 202.381942][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 202.391066][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5210] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5210] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5210] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 202.407452][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 202.416626][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 202.424737][ T784] usb 1-1: Product: syz [ 202.429005][ T784] usb 1-1: Manufacturer: syz [ 202.470130][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 202.475374][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 202.482278][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 202.488220][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5210] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5210] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5210] exit_group(0) = ? [ 202.671345][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 202.677068][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 202.682801][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 202.688653][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 202.694499][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 202.700375][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 202.706233][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 202.711955][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5210] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5210, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5211 ./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x555557a32760, 24) = 0 [pid 5211] chdir("./105") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 202.720919][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 202.722781][ T784] usb 1-1: USB disconnect, device number 106 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] write(1, "executing program\n", 18executing program ) = 18 [pid 5211] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5211] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5211] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5211] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5211] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5211] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5211] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5211] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5211] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5211] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5211] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5211] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5211] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5211] close(5) = 0 [pid 5211] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5211] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5211] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5211] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 203.328909][ T784] usb 1-1: new high-speed USB device number 107 using dummy_hcd [pid 5211] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5211] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5211] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5211] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5211] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5211] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 203.573580][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 203.582299][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 203.592464][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 203.601489][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5211] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5211] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 203.631269][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 203.640462][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 203.648456][ T784] usb 1-1: Product: syz [ 203.652669][ T784] usb 1-1: Manufacturer: syz [ 203.696876][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 203.702190][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 203.708733][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 203.714750][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5211] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5211] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5211] exit_group(0) = ? [ 203.898488][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 203.904294][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 203.910027][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 203.915850][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 203.921567][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 203.927326][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 203.933030][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 203.938867][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5212 attached , child_tidptr=0x555557a32750) = 5212 [pid 5212] set_robust_list(0x555557a32760, 24) = 0 [pid 5212] chdir("./106") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [ 203.944581][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 203.950174][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 203.962886][ T783] usb 1-1: USB disconnect, device number 107 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5212] write(1, "executing program\n", 18) = 18 [pid 5212] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5212] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5212] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5212] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5212] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5212] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5212] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5212] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5212] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5212] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5212] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5212] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5212] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5212] close(5) = 0 [pid 5212] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5212] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5212] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5212] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 204.538949][ T784] usb 1-1: new high-speed USB device number 108 using dummy_hcd [pid 5212] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5212] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5212] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5212] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5212] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5212] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 204.733924][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 204.742649][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 204.752774][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 204.761820][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5212] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5212] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5212] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 204.797233][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 204.806457][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 204.814568][ T784] usb 1-1: Product: syz [ 204.818796][ T784] usb 1-1: Manufacturer: syz [pid 5212] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 204.849425][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 204.854687][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 204.861425][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 204.867357][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5212] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 205.069372][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.075127][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 205.080891][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.086740][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.092434][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 205.098216][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.103913][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 205.109670][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.115505][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.121339][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.127185][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.133067][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.138947][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.144799][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.150506][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 205.156258][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.162087][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5212] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5212] exit_group(0) = ? [ 205.167927][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.173612][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 205.179368][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.185216][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.191057][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.196926][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.202794][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.208618][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.214437][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.220322][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.226194][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.232067][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.237951][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.243843][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.249705][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.255569][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.261423][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.267265][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.273105][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.278971][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.284804][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.290659][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.296526][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.302377][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.308234][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.314075][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.319939][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.325803][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.331649][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.337520][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.343366][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.349249][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.355080][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.360904][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5213 attached , child_tidptr=0x555557a32750) = 5213 [pid 5213] set_robust_list(0x555557a32760, 24) = 0 [pid 5213] chdir("./107") = 0 [pid 5213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 205.366765][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.372616][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.378448][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.384267][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 205.389977][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 205.403163][ T784] usb 1-1: USB disconnect, device number 108 [pid 5213] setpgid(0, 0) = 0 [pid 5213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5213] write(3, "1000", 4) = 4 [pid 5213] close(3) = 0 [pid 5213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5213] write(1, "executing program\n", 18executing program ) = 18 [pid 5213] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5213] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5213] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5213] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5213] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5213] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5213] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5213] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5213] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5213] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5213] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5213] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5213] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5213] close(5) = 0 [pid 5213] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5213] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5213] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5213] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 206.028969][ T784] usb 1-1: new high-speed USB device number 109 using dummy_hcd [pid 5213] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5213] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5213] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5213] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5213] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5213] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 206.233382][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 206.242211][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 206.252408][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 206.261452][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5213] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5213] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 206.279514][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 206.288610][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 206.296712][ T784] usb 1-1: Product: syz [ 206.300929][ T784] usb 1-1: Manufacturer: syz [ 206.322066][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 206.327304][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 206.334185][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 206.340239][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5213] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5213] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5213] exit_group(0) = ? [ 206.522831][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 206.528569][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 206.534297][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 206.539984][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 206.545756][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 206.551657][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 206.557376][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5213, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 [ 206.568231][ T784] usb 1-1: USB disconnect, device number 109 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached , child_tidptr=0x555557a32750) = 5214 [pid 5214] set_robust_list(0x555557a32760, 24) = 0 [pid 5214] chdir("./108") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] write(1, "executing program\n", 18executing program ) = 18 [pid 5214] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5214] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5214] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5214] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5214] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5214] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5214] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5214] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5214] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5214] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5214] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5214] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5214] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5214] close(5) = 0 [pid 5214] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5214] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5214] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5214] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 207.229041][ T783] usb 1-1: new high-speed USB device number 110 using dummy_hcd [pid 5214] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5214] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5214] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5214] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5214] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5214] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 207.424010][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 207.433261][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 207.443499][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 207.452548][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5214] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5214] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 207.488593][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 207.497962][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 207.506327][ T783] usb 1-1: Product: syz [ 207.510581][ T783] usb 1-1: Manufacturer: syz [ 207.532323][ T783] cdc_wdm 1-1:1.0: skipping garbage [pid 5214] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 207.537567][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 207.544502][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 207.550520][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5214] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5214] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5214] exit_group(0) = ? [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5215 ./strace-static-x86_64: Process 5215 attached [pid 5215] set_robust_list(0x555557a32760, 24) = 0 [pid 5215] chdir("./109") = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3) = 0 executing program [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5215] write(1, "executing program\n", 18) = 18 [pid 5215] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5215] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5215] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5215] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5215] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5215] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5215] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5215] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5215] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5215] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5215] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [ 207.753118][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 207.758866][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 207.764471][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 207.773458][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 207.773987][ T784] usb 1-1: USB disconnect, device number 110 [pid 5215] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5215] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5215] close(5) = 0 [pid 5215] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5215] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5215] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5215] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 208.318918][ T784] usb 1-1: new high-speed USB device number 111 using dummy_hcd [pid 5215] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5215] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5215] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5215] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5215] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5215] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 208.543418][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 208.552160][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 208.562703][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 208.571800][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5215] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5215] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 208.618525][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 208.627728][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 208.635788][ T784] usb 1-1: Product: syz [ 208.640000][ T784] usb 1-1: Manufacturer: syz [ 208.671630][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 208.676902][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 208.683818][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 208.689859][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5215] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5215] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5215] exit_group(0) = ? [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 [ 208.872301][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 208.878025][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 208.883765][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 208.889610][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 208.895624][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 208.901429][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 208.910897][ T784] usb 1-1: USB disconnect, device number 111 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5216 attached , child_tidptr=0x555557a32750) = 5216 [pid 5216] set_robust_list(0x555557a32760, 24) = 0 [pid 5216] chdir("./110") = 0 [pid 5216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5216] setpgid(0, 0) = 0 [pid 5216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5216] write(3, "1000", 4) = 4 [pid 5216] close(3) = 0 [pid 5216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5216] write(1, "executing program\n", 18executing program ) = 18 [pid 5216] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5216] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5216] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5216] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5216] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5216] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5216] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5216] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5216] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5216] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5216] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5216] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5216] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5216] close(5) = 0 [pid 5216] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5216] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5216] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5216] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 209.528952][ T784] usb 1-1: new high-speed USB device number 112 using dummy_hcd [pid 5216] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5216] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5216] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5216] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5216] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5216] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 209.743107][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 209.751879][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 209.762029][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 209.771060][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5216] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5216] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 209.801763][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 209.810975][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 209.819071][ T784] usb 1-1: Product: syz [ 209.823258][ T784] usb 1-1: Manufacturer: syz [ 209.865959][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 209.871400][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 209.877753][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 209.883744][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5216] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5216] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5216] exit_group(0) = ? [ 210.067138][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 210.072903][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 210.078642][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 210.084341][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 210.090079][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 210.095784][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 210.102613][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 210.108312][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5216, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5217 attached , child_tidptr=0x555557a32750) = 5217 [pid 5217] set_robust_list(0x555557a32760, 24) = 0 [pid 5217] chdir("./111") = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [ 210.113911][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 210.125845][ T783] usb 1-1: USB disconnect, device number 112 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] write(1, "executing program\n", 18executing program ) = 18 [pid 5217] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5217] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5217] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5217] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5217] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5217] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5217] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5217] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5217] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5217] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5217] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5217] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5217] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5217] close(5) = 0 [pid 5217] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5217] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5217] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5217] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 210.708889][ T784] usb 1-1: new high-speed USB device number 113 using dummy_hcd [pid 5217] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5217] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5217] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5217] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5217] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5217] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 210.893632][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 210.902376][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 210.912535][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 210.921578][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5217] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5217] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 210.946897][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 210.956167][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 210.964323][ T784] usb 1-1: Product: syz [ 210.968500][ T784] usb 1-1: Manufacturer: syz [ 210.991441][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 210.996767][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 211.003847][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 211.009856][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5217] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 211.192281][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 211.198123][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 211.203892][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 211.209753][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 211.215615][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 211.221328][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 211.227118][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 211.232818][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5217] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5217] exit_group(0) = ? [pid 5217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5217, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 211.238445][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 211.252915][ T783] usb 1-1: USB disconnect, device number 113 newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5218 attached , child_tidptr=0x555557a32750) = 5218 [pid 5218] set_robust_list(0x555557a32760, 24) = 0 [pid 5218] chdir("./112") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5218] write(1, "executing program\n", 18) = 18 [pid 5218] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5218] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5218] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5218] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5218] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5218] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5218] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5218] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5218] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5218] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5218] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5218] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5218] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5218] close(5) = 0 [pid 5218] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5218] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5218] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5218] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 211.918930][ T783] usb 1-1: new high-speed USB device number 114 using dummy_hcd [pid 5218] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5218] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5218] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5218] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5218] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5218] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 212.144440][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 212.153688][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 212.164054][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 212.173100][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5218] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5218] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 212.200590][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 212.209758][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 212.217797][ T783] usb 1-1: Product: syz [ 212.222028][ T783] usb 1-1: Manufacturer: syz [ 212.256057][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 212.261869][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 212.268230][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 212.274231][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5218] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5218] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5218] exit_group(0) = ? [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 212.456224][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 212.462138][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 212.467870][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 212.473551][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 212.479178][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 212.489584][ T784] usb 1-1: USB disconnect, device number 114 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached , child_tidptr=0x555557a32750) = 5219 [pid 5219] set_robust_list(0x555557a32760, 24) = 0 [pid 5219] chdir("./113") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5219] write(1, "executing program\n", 18) = 18 [pid 5219] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5219] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5219] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5219] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5219] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5219] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5219] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5219] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5219] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5219] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5219] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5219] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5219] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5219] close(5) = 0 [pid 5219] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5219] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5219] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5219] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 213.168922][ T783] usb 1-1: new high-speed USB device number 115 using dummy_hcd [pid 5219] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5219] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5219] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5219] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5219] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5219] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 213.374241][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 213.383327][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 213.393595][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 213.402645][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5219] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5219] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 213.428969][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 213.438365][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 213.446489][ T783] usb 1-1: Product: syz [ 213.450736][ T783] usb 1-1: Manufacturer: syz [ 213.471561][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 213.476815][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 213.483582][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 213.489715][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5219] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5219] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5219] exit_group(0) = ? [ 213.671492][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 213.677224][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 213.683071][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 213.688916][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 213.694769][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 213.700625][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 213.706474][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 213.712349][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5220 attached , child_tidptr=0x555557a32750) = 5220 [ 213.721866][ T784] usb 1-1: USB disconnect, device number 115 [ 213.721995][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5220] set_robust_list(0x555557a32760, 24) = 0 [pid 5220] chdir("./114") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5220] write(1, "executing program\n", 18) = 18 [pid 5220] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5220] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5220] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5220] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5220] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5220] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5220] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5220] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5220] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5220] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5220] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5220] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5220] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5220] close(5) = 0 [pid 5220] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5220] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5220] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5220] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 214.358906][ T784] usb 1-1: new high-speed USB device number 116 using dummy_hcd [pid 5220] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5220] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5220] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5220] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5220] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5220] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 214.573222][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 214.581953][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 214.592560][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 214.601605][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5220] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5220] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 214.630012][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 214.639493][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 214.647524][ T784] usb 1-1: Product: syz [ 214.651849][ T784] usb 1-1: Manufacturer: syz [ 214.684744][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 214.690124][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 214.696753][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 214.702748][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5220] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5220] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5220] exit_group(0) = ? [ 214.886430][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 214.892175][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 214.897941][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 214.903827][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 214.909776][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 214.915725][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 214.921458][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 214.931187][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 [ 214.932898][ T784] usb 1-1: USB disconnect, device number 116 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5221 attached , child_tidptr=0x555557a32750) = 5221 [pid 5221] set_robust_list(0x555557a32760, 24) = 0 [pid 5221] chdir("./115") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5221] write(1, "executing program\n", 18) = 18 [pid 5221] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5221] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5221] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5221] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5221] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5221] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5221] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5221] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5221] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5221] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5221] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5221] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5221] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5221] close(5) = 0 [pid 5221] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5221] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5221] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5221] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 215.568869][ T784] usb 1-1: new high-speed USB device number 117 using dummy_hcd [pid 5221] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5221] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5221] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5221] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5221] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5221] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 215.783808][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 215.792572][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 215.802885][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 215.812206][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5221] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5221] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 215.848073][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 215.857353][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 215.865398][ T784] usb 1-1: Product: syz [ 215.869622][ T784] usb 1-1: Manufacturer: syz [ 215.904613][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 215.909972][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 215.916610][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 215.922608][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5221] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5221] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 216.105097][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 216.110922][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 216.116676][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 216.122351][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 216.128098][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 216.133797][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 216.139967][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 216.145678][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5221] exit_group(0) = ? [ 216.151464][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 216.157162][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 216.162891][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 216.168585][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 216.174351][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 216.180042][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 216.185829][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 216.191538][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 216.197275][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 216.202974][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 216.208581][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 216.218250][ T784] usb 1-1: USB disconnect, device number 117 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5222 ./strace-static-x86_64: Process 5222 attached [pid 5222] set_robust_list(0x555557a32760, 24) = 0 [pid 5222] chdir("./116") = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setpgid(0, 0) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1000", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5222] write(1, "executing program\n", 18executing program ) = 18 [pid 5222] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5222] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5222] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5222] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5222] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5222] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5222] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5222] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5222] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5222] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5222] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5222] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5222] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5222] close(5) = 0 [pid 5222] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5222] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5222] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5222] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 216.868897][ T784] usb 1-1: new high-speed USB device number 118 using dummy_hcd [pid 5222] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5222] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5222] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5222] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5222] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5222] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 217.083133][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 217.091871][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 217.102108][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 217.111124][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5222] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5222] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 217.146532][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 217.155771][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 217.163936][ T784] usb 1-1: Product: syz [ 217.168138][ T784] usb 1-1: Manufacturer: syz [ 217.200575][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 217.205899][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 217.212548][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 217.218506][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5222] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5222] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 217.400972][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 217.406717][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 217.412485][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 217.418261][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 217.424001][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 217.429718][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 217.435473][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 217.441177][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5222] exit_group(0) = ? [pid 5222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5222, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 217.446927][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 217.452628][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 217.458392][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 217.464119][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 217.469859][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 217.475547][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 217.486337][ T783] usb 1-1: USB disconnect, device number 118 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5223 attached , child_tidptr=0x555557a32750) = 5223 [pid 5223] set_robust_list(0x555557a32760, 24) = 0 [pid 5223] chdir("./117") = 0 [pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5223] setpgid(0, 0) = 0 [pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5223] write(3, "1000", 4) = 4 [pid 5223] close(3) = 0 [pid 5223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5223] write(1, "executing program\n", 18executing program ) = 18 [pid 5223] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5223] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5223] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5223] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5223] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5223] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5223] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5223] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5223] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5223] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5223] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5223] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5223] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5223] close(5) = 0 [pid 5223] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5223] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5223] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5223] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 218.118998][ T784] usb 1-1: new high-speed USB device number 119 using dummy_hcd [pid 5223] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5223] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5223] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5223] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5223] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5223] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 218.333353][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 218.342098][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 218.352247][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 218.361291][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5223] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5223] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 218.406786][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 218.415938][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 218.424003][ T784] usb 1-1: Product: syz [ 218.428186][ T784] usb 1-1: Manufacturer: syz [ 218.450116][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 218.455370][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 218.461993][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 218.467928][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5223] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5223] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5223] exit_group(0) = ? [ 218.650515][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 218.656245][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 218.661984][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 218.667816][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 218.673671][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 218.679352][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 218.685098][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 218.690829][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5223, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5224 attached , child_tidptr=0x555557a32750) = 5224 [pid 5224] set_robust_list(0x555557a32760, 24) = 0 [pid 5224] chdir("./118") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [ 218.702236][ T784] usb 1-1: USB disconnect, device number 119 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] write(1, "executing program\n", 18executing program ) = 18 [pid 5224] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5224] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5224] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5224] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5224] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5224] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5224] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5224] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5224] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5224] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5224] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5224] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5224] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5224] close(5) = 0 [pid 5224] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5224] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5224] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5224] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 219.298930][ T784] usb 1-1: new high-speed USB device number 120 using dummy_hcd [pid 5224] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5224] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5224] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5224] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5224] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5224] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 219.503304][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 219.512090][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 219.522238][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 219.531299][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5224] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5224] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5224] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 219.546098][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 219.555256][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 219.563356][ T784] usb 1-1: Product: syz [ 219.567560][ T784] usb 1-1: Manufacturer: syz [ 219.592425][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 219.597774][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 219.604538][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 219.610538][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5224] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5224] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5224] exit_group(0) = ? [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5225 attached , child_tidptr=0x555557a32750) = 5225 [pid 5225] set_robust_list(0x555557a32760, 24) = 0 [pid 5225] chdir("./119") = 0 [pid 5225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5225] setpgid(0, 0) = 0 [ 219.792927][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 219.798734][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 219.804494][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 219.810355][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 219.816057][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 219.825466][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 219.827374][ T784] usb 1-1: USB disconnect, device number 120 [pid 5225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5225] write(3, "1000", 4) = 4 [pid 5225] close(3) = 0 [pid 5225] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5225] write(1, "executing program\n", 18) = 18 [pid 5225] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5225] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5225] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5225] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5225] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5225] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5225] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5225] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5225] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5225] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5225] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5225] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5225] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5225] close(5) = 0 [pid 5225] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5225] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5225] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5225] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 220.418937][ T783] usb 1-1: new high-speed USB device number 121 using dummy_hcd [pid 5225] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5225] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5225] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5225] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5225] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5225] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 220.623676][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 220.632769][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 220.642943][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 220.652039][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5225] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5225] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 220.669629][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 220.679073][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 220.687268][ T783] usb 1-1: Product: syz [ 220.691502][ T783] usb 1-1: Manufacturer: syz [ 220.732693][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 220.737952][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 220.744890][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 220.750874][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5225] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5225] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5225] exit_group(0) = ? [pid 5225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5225, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5226 attached , child_tidptr=0x555557a32750) = 5226 [pid 5226] set_robust_list(0x555557a32760, 24) = 0 [pid 5226] chdir("./120") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 220.933378][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 220.939092][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 220.944816][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 220.950644][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 220.956499][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 220.962378][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 220.971979][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 220.973285][ T784] usb 1-1: USB disconnect, device number 121 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5226] write(1, "executing program\n", 18) = 18 [pid 5226] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5226] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5226] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5226] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5226] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5226] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5226] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5226] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5226] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5226] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5226] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5226] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5226] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5226] close(5) = 0 [pid 5226] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5226] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5226] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5226] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 221.588866][ T784] usb 1-1: new high-speed USB device number 122 using dummy_hcd [pid 5226] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5226] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5226] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5226] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5226] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5226] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 221.773238][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 221.782000][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 221.792424][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 221.801523][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5226] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5226] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 221.826876][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 221.836079][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 221.844147][ T784] usb 1-1: Product: syz [ 221.848322][ T784] usb 1-1: Manufacturer: syz [ 221.890526][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 221.895802][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 221.902733][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 221.908694][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5226] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5226] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5226] exit_group(0) = ? [ 222.091338][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 222.097060][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 222.102802][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 222.108650][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 222.114355][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 222.120156][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 222.125880][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 222.134989][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 [ 222.140551][ T784] usb 1-1: USB disconnect, device number 122 umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5227 attached , child_tidptr=0x555557a32750) = 5227 [pid 5227] set_robust_list(0x555557a32760, 24) = 0 [pid 5227] chdir("./121") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] write(1, "executing program\n", 18executing program ) = 18 [pid 5227] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5227] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5227] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5227] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5227] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5227] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5227] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5227] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5227] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5227] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5227] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5227] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5227] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5227] close(5) = 0 [pid 5227] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5227] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5227] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5227] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 222.778924][ T784] usb 1-1: new high-speed USB device number 123 using dummy_hcd [pid 5227] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5227] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5227] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5227] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5227] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5227] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 223.003104][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 223.011826][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 223.022016][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 223.031058][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5227] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5227] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5227] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 223.067697][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 223.077309][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 223.085396][ T784] usb 1-1: Product: syz [ 223.089737][ T784] usb 1-1: Manufacturer: syz [ 223.130965][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 223.136282][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 223.142779][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 223.148714][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5227] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5227] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5227] exit_group(0) = ? [ 223.331192][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 223.336949][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 223.342702][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 223.348375][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 223.354101][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 223.359806][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 223.365538][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 223.371207][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 [ 223.376797][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 223.386623][ T784] usb 1-1: USB disconnect, device number 123 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5228 attached , child_tidptr=0x555557a32750) = 5228 [pid 5228] set_robust_list(0x555557a32760, 24) = 0 [pid 5228] chdir("./122") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5228] write(1, "executing program\n", 18executing program ) = 18 [pid 5228] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5228] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5228] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5228] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5228] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5228] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5228] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5228] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5228] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5228] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5228] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5228] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5228] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5228] close(5) = 0 [pid 5228] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5228] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5228] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5228] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 224.038893][ T783] usb 1-1: new high-speed USB device number 124 using dummy_hcd [pid 5228] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5228] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5228] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5228] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5228] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5228] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 224.253539][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 224.262349][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 224.272512][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 224.282674][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5228] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5228] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 224.306672][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 224.316143][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 224.324181][ T783] usb 1-1: Product: syz [ 224.328356][ T783] usb 1-1: Manufacturer: syz [ 224.350960][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 224.356183][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 224.362886][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 224.368918][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5228] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5228] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5228] exit_group(0) = ? [pid 5228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5228, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5229 attached , child_tidptr=0x555557a32750) = 5229 [pid 5229] set_robust_list(0x555557a32760, 24) = 0 [pid 5229] chdir("./123") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 224.552289][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 224.557991][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 224.563715][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 224.569388][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 224.575125][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 224.580839][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 224.590247][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 224.590595][ T784] usb 1-1: USB disconnect, device number 124 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] write(1, "executing program\n", 18executing program ) = 18 [pid 5229] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5229] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5229] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5229] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5229] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5229] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5229] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5229] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5229] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5229] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5229] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5229] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5229] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5229] close(5) = 0 [pid 5229] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5229] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5229] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5229] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 225.208936][ T784] usb 1-1: new high-speed USB device number 125 using dummy_hcd [pid 5229] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5229] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5229] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5229] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5229] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5229] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 225.424385][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 225.433156][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 225.443290][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 225.452351][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5229] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5229] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 225.476181][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 225.485332][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 225.493412][ T784] usb 1-1: Product: syz [ 225.497627][ T784] usb 1-1: Manufacturer: syz [ 225.520025][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 225.525264][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 225.532180][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 225.538121][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5229] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5229] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5229] exit_group(0) = ? [ 225.721008][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 225.726722][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 225.732497][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 225.738374][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 225.744078][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 225.749873][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 225.755590][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 225.765112][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x555557a32760, 24) = 0 [pid 5230] chdir("./124") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5093] <... clone resumed>, child_tidptr=0x555557a32750) = 5230 [pid 5230] <... prctl resumed>) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] write(1, "executing program\n", 18executing program ) = 18 [ 225.765276][ T784] usb 1-1: USB disconnect, device number 125 [pid 5230] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5230] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5230] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5230] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5230] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5230] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5230] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5230] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5230] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5230] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5230] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5230] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5230] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5230] close(5) = 0 [pid 5230] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5230] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5230] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5230] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 226.368917][ T784] usb 1-1: new high-speed USB device number 126 using dummy_hcd [pid 5230] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5230] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5230] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5230] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5230] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5230] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 226.582818][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 226.591593][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 226.601767][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 226.610825][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5230] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5230] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 226.626761][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 226.636025][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 226.644092][ T784] usb 1-1: Product: syz [ 226.648263][ T784] usb 1-1: Manufacturer: syz [ 226.671829][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 226.677056][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 226.683616][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 226.689578][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5230] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5230] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5230] exit_group(0) = ? [ 226.882756][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 226.888724][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 226.894581][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 226.900438][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 226.906245][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 226.912044][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 226.917719][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 226.923448][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5231 attached , child_tidptr=0x555557a32750) = 5231 [pid 5231] set_robust_list(0x555557a32760, 24) = 0 [pid 5231] chdir("./125") = 0 [pid 5231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5231] setpgid(0, 0) = 0 [pid 5231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5231] write(3, "1000", 4) = 4 [pid 5231] close(3) = 0 [pid 5231] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5231] write(1, "executing program\n", 18) = 18 [pid 5231] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5231] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5231] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 226.929164][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 226.938352][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 226.938595][ T784] usb 1-1: USB disconnect, device number 126 [pid 5231] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5231] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5231] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5231] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5231] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5231] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5231] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5231] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5231] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5231] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5231] close(5) = 0 [pid 5231] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5231] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5231] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5231] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 227.538915][ T783] usb 1-1: new high-speed USB device number 127 using dummy_hcd [pid 5231] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5231] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5231] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5231] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5231] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5231] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 227.743608][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 227.752464][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 227.762640][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 227.771689][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5231] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5231] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 227.789492][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 227.799058][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 227.807060][ T783] usb 1-1: Product: syz [ 227.811305][ T783] usb 1-1: Manufacturer: syz [ 227.852453][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 227.857759][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 227.864452][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 227.870520][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5231] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5231] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5231] exit_group(0) = ? [ 228.054055][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 228.059797][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 228.065516][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 228.071198][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 228.076791][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 228.085798][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 228.092869][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE [pid 5231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5231, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 228.098597][ T783] usb 1-1: USB disconnect, device number 127 rmdir("./125") = 0 mkdir("./126", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5232 attached , child_tidptr=0x555557a32750) = 5232 [pid 5232] set_robust_list(0x555557a32760, 24) = 0 [pid 5232] chdir("./126") = 0 [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5232] setpgid(0, 0) = 0 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5232] write(3, "1000", 4) = 4 [pid 5232] close(3) = 0 [pid 5232] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5232] write(1, "executing program\n", 18) = 18 [pid 5232] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5232] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5232] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5232] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5232] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5232] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5232] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5232] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5232] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5232] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5232] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5232] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5232] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5232] close(5) = 0 [pid 5232] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5232] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5232] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5232] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 228.718908][ T783] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 5232] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5232] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5232] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5232] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5232] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5232] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 228.914000][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 228.923052][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 228.933422][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 228.942531][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5232] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5232] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 228.958665][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 228.968224][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 228.976313][ T783] usb 1-1: Product: syz [ 228.980534][ T783] usb 1-1: Manufacturer: syz [ 229.005321][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 229.010994][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 229.017625][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 229.023627][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5232] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5232] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 229.206238][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 229.212077][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 229.217851][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 229.223550][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 229.229394][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 229.235250][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 229.240930][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 229.246699][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5232] exit_group(0) = ? [pid 5232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5232, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5233 attached , child_tidptr=0x555557a32750) = 5233 [pid 5233] set_robust_list(0x555557a32760, 24) = 0 [pid 5233] chdir("./127") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5233] setpgid(0, 0) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5233] write(3, "1000", 4) = 4 [ 229.252575][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 229.258437][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 229.264305][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 229.270167][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 229.275847][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 229.281422][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 229.290615][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 229.291184][ T784] usb 1-1: USB disconnect, device number 2 [pid 5233] close(3) = 0 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5233] write(1, "executing program\n", 18executing program ) = 18 [pid 5233] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5233] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5233] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5233] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5233] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5233] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5233] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5233] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5233] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5233] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5233] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5233] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5233] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5233] close(5) = 0 [pid 5233] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5233] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5233] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5233] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 229.908861][ T784] usb 1-1: new high-speed USB device number 3 using dummy_hcd [pid 5233] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5233] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5233] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5233] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5233] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5233] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 230.092919][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 230.101621][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 230.112064][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 230.121171][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5233] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5233] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 230.147393][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 230.156517][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 230.164559][ T784] usb 1-1: Product: syz [ 230.168785][ T784] usb 1-1: Manufacturer: syz [ 230.201387][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 230.206712][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 230.213271][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 230.219265][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5233] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5233] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 230.401315][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 230.407062][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 230.412805][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 230.418468][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 230.424182][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 230.429863][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 230.435594][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 230.441275][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5233] exit_group(0) = ? [ 230.447006][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 230.452694][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 230.458418][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 230.464117][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 230.469838][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 230.475711][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 230.481644][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 230.487504][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 230.493340][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 [ 230.499026][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 230.511619][ T783] usb 1-1: USB disconnect, device number 3 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5234 ./strace-static-x86_64: Process 5234 attached [pid 5234] set_robust_list(0x555557a32760, 24) = 0 [pid 5234] chdir("./128") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5234] write(1, "executing program\n", 18) = 18 [pid 5234] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5234] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5234] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5234] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5234] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5234] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5234] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5234] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5234] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5234] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5234] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5234] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5234] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5234] close(5) = 0 [pid 5234] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5234] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5234] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5234] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 231.148951][ T783] usb 1-1: new high-speed USB device number 4 using dummy_hcd [pid 5234] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5234] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5234] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5234] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5234] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5234] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 231.344266][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 231.353367][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 231.363760][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 231.372857][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5234] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5234] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5234] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 231.389104][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 231.398605][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 231.406671][ T783] usb 1-1: Product: syz [ 231.410899][ T783] usb 1-1: Manufacturer: syz [pid 5234] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 231.441163][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 231.446418][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 231.453317][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 231.459332][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5234] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 231.651585][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 231.657325][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 231.663071][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 231.668905][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 231.674761][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 231.680586][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 231.686463][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 231.692307][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5234] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5234] exit_group(0) = ? [ 231.698151][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 231.703818][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 231.709574][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 231.715257][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 231.720999][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 231.726678][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 231.732427][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 231.738126][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5234, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5235 attached , child_tidptr=0x555557a32750) = 5235 [pid 5235] set_robust_list(0x555557a32760, 24) = 0 [pid 5235] chdir("./129") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [ 231.747593][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 231.747893][ T784] usb 1-1: USB disconnect, device number 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5235] write(1, "executing program\n", 18) = 18 [pid 5235] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5235] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5235] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5235] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5235] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5235] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5235] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5235] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5235] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5235] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5235] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5235] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5235] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5235] close(5) = 0 [pid 5235] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5235] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5235] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5235] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 232.348916][ T784] usb 1-1: new high-speed USB device number 5 using dummy_hcd [pid 5235] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5235] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5235] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5235] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5235] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5235] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 232.553285][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 232.562062][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 232.572519][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 232.581616][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5235] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5235] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 232.616689][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 232.625833][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 232.633912][ T784] usb 1-1: Product: syz [ 232.638099][ T784] usb 1-1: Manufacturer: syz [ 232.689582][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 232.694926][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 232.701478][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 232.707413][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5235] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5235] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 232.900512][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 232.906356][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 232.912117][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 232.917777][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 232.923512][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 232.929205][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 232.934941][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 232.940621][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5235] exit_group(0) = ? [pid 5235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 [ 232.946355][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 232.952227][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 232.957894][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 232.963525][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 232.973143][ T783] usb 1-1: USB disconnect, device number 5 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5236 attached , child_tidptr=0x555557a32750) = 5236 [pid 5236] set_robust_list(0x555557a32760, 24) = 0 [pid 5236] chdir("./130") = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5236] write(1, "executing program\n", 18) = 18 [pid 5236] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5236] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5236] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5236] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5236] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5236] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5236] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5236] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5236] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5236] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5236] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5236] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5236] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5236] close(5) = 0 [pid 5236] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5236] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5236] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5236] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 233.609014][ T783] usb 1-1: new high-speed USB device number 6 using dummy_hcd [pid 5236] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5236] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5236] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5236] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5236] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5236] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 233.804329][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 233.813614][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 233.823793][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 233.832847][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5236] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5236] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 233.858022][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 233.867407][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 233.875461][ T783] usb 1-1: Product: syz [ 233.879695][ T783] usb 1-1: Manufacturer: syz [ 233.895181][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 233.900500][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 233.906879][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 233.912886][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5236] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5236] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5236] exit_group(0) = ? [ 234.105593][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 234.111335][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 234.117053][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 234.122914][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 234.128568][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 234.134295][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 234.140153][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 234.145986][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5236, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5237 attached , child_tidptr=0x555557a32750) = 5237 [pid 5237] set_robust_list(0x555557a32760, 24) = 0 [pid 5237] chdir("./131") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5237] write(1, "executing program\n", 18) = 18 [pid 5237] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5237] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5237] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5237] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5237] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5237] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5237] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [ 234.151727][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 234.165866][ T784] usb 1-1: USB disconnect, device number 6 [ 234.165924][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5237] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5237] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5237] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5237] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5237] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5237] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5237] close(5) = 0 [pid 5237] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5237] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5237] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5237] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 234.698936][ T783] usb 1-1: new high-speed USB device number 7 using dummy_hcd [pid 5237] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5237] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5237] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5237] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5237] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5237] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 234.895742][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 234.904523][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 234.914680][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 234.923743][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5237] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5237] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 234.939590][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 234.948864][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 234.956868][ T783] usb 1-1: Product: syz [ 234.961560][ T783] usb 1-1: Manufacturer: syz [ 235.003132][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 235.008372][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 235.015967][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 235.022045][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5237] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5237] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5237] exit_group(0) = ? [ 235.203341][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 235.209118][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 235.214964][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 235.220835][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 235.226689][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 235.232552][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 235.238278][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 235.247369][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 235.247824][ T783] usb 1-1: USB disconnect, device number 7 rmdir("./131") = 0 mkdir("./132", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5238 attached , child_tidptr=0x555557a32750) = 5238 [pid 5238] set_robust_list(0x555557a32760, 24) = 0 [pid 5238] chdir("./132") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5238] write(1, "executing program\n", 18executing program ) = 18 [pid 5238] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5238] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5238] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5238] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5238] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5238] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5238] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5238] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5238] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5238] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5238] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5238] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5238] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5238] close(5) = 0 [pid 5238] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5238] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5238] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5238] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 235.879577][ T783] usb 1-1: new high-speed USB device number 8 using dummy_hcd [pid 5238] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5238] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5238] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5238] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5238] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5238] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 236.113735][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 236.122560][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 236.133147][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 236.142206][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5238] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5238] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 236.177578][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 236.187233][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 236.195307][ T783] usb 1-1: Product: syz [ 236.199519][ T783] usb 1-1: Manufacturer: syz [pid 5238] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 236.224161][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 236.229715][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 236.236475][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 236.242494][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5238] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5238] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5238] exit_group(0) = ? [ 236.434945][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 236.440686][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 236.446454][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 236.452308][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 236.458166][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 236.464039][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 236.469753][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 236.479091][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5238, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5239 attached , child_tidptr=0x555557a32750) = 5239 [ 236.484812][ T784] usb 1-1: USB disconnect, device number 8 [pid 5239] set_robust_list(0x555557a32760, 24) = 0 [pid 5239] chdir("./133") = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5239] write(1, "executing program\n", 18) = 18 [pid 5239] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5239] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5239] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5239] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5239] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5239] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5239] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5239] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5239] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5239] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5239] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5239] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5239] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5239] close(5) = 0 [pid 5239] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5239] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5239] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5239] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 237.108923][ T784] usb 1-1: new high-speed USB device number 9 using dummy_hcd [pid 5239] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5239] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5239] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5239] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5239] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5239] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 237.323334][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 237.332138][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 237.342320][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 237.351400][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5239] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5239] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 237.386888][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 237.396085][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 237.404170][ T784] usb 1-1: Product: syz [ 237.408351][ T784] usb 1-1: Manufacturer: syz [ 237.441342][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 237.446614][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 237.453165][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 237.459148][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5239] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5239] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5239] exit_group(0) = ? [ 237.642021][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 237.647791][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 237.653528][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 237.659220][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 237.664996][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 237.670715][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 237.676599][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 237.682302][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5240 attached , child_tidptr=0x555557a32750) = 5240 [pid 5240] set_robust_list(0x555557a32760, 24) = 0 [pid 5240] chdir("./134") = 0 [pid 5240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 237.687907][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 237.697636][ T783] usb 1-1: USB disconnect, device number 9 [pid 5240] setpgid(0, 0) = 0 [pid 5240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5240] write(3, "1000", 4) = 4 [pid 5240] close(3) = 0 [pid 5240] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5240] write(1, "executing program\n", 18) = 18 [pid 5240] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5240] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5240] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5240] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5240] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5240] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5240] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5240] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5240] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5240] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5240] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5240] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5240] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5240] close(5) = 0 [pid 5240] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5240] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5240] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5240] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 238.308977][ T784] usb 1-1: new high-speed USB device number 10 using dummy_hcd [pid 5240] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5240] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5240] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5240] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5240] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5240] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 238.536699][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 238.545412][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 238.555960][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 238.565083][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5240] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5240] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5240] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 238.595888][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 238.605770][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 238.613937][ T784] usb 1-1: Product: syz [ 238.618162][ T784] usb 1-1: Manufacturer: syz [ 238.653479][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 238.659272][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 238.666142][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 238.672129][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5240] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5240] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5240] exit_group(0) = ? [ 238.854781][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 238.860529][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 238.866299][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 238.872151][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 238.877986][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 238.883671][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 238.889439][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 238.895297][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5240, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 238.901167][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 238.906913][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 238.916904][ T784] usb 1-1: USB disconnect, device number 10 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached , child_tidptr=0x555557a32750) = 5244 [pid 5244] set_robust_list(0x555557a32760, 24) = 0 [pid 5244] chdir("./135") = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] write(1, "executing program\n", 18executing program ) = 18 [pid 5244] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5244] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5244] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5244] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5244] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5244] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5244] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5244] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5244] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5244] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5244] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5244] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5244] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5244] close(5) = 0 [pid 5244] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5244] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5244] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5244] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 239.598915][ T784] usb 1-1: new high-speed USB device number 11 using dummy_hcd [pid 5244] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5244] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5244] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5244] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5244] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5244] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 239.812939][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 239.821713][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 239.831989][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 239.841033][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5244] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5244] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5244] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 239.870619][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 239.880455][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 239.888504][ T784] usb 1-1: Product: syz [ 239.892739][ T784] usb 1-1: Manufacturer: syz [ 239.924580][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 239.930019][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 239.936369][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 239.942359][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5244] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5244] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 240.125412][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 240.131275][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 240.137036][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 240.142869][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 240.148749][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 240.154562][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 240.160355][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 240.166305][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5244] exit_group(0) = ? [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 240.172021][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 240.177826][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 240.188005][ T783] usb 1-1: USB disconnect, device number 11 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5246 attached , child_tidptr=0x555557a32750) = 5246 [pid 5246] set_robust_list(0x555557a32760, 24) = 0 [pid 5246] chdir("./136") = 0 [pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5246] setpgid(0, 0) = 0 [pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5246] write(3, "1000", 4) = 4 [pid 5246] close(3) = 0 [pid 5246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5246] write(1, "executing program\n", 18executing program ) = 18 [pid 5246] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5246] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5246] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5246] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5246] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5246] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5246] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5246] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5246] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5246] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5246] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5246] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5246] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5246] close(5) = 0 [pid 5246] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5246] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5246] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5246] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 240.828871][ T784] usb 1-1: new high-speed USB device number 12 using dummy_hcd [pid 5246] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5246] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5246] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5246] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5246] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5246] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 241.043315][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 241.052200][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 241.062379][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 241.071398][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5246] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5246] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 241.100107][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 241.109293][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 241.117388][ T784] usb 1-1: Product: syz [ 241.121612][ T784] usb 1-1: Manufacturer: syz [ 241.153621][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 241.159512][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 241.167697][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 241.173785][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5246] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5246] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5246] exit_group(0) = ? [ 241.353520][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 241.359282][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 241.365043][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 241.370897][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 241.376579][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 241.382320][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 241.388002][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 241.393593][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5246, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 [ 241.404002][ T784] usb 1-1: USB disconnect, device number 12 mkdir("./137", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5249 attached , child_tidptr=0x555557a32750) = 5249 [pid 5249] set_robust_list(0x555557a32760, 24) = 0 [pid 5249] chdir("./137") = 0 [pid 5249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5249] setpgid(0, 0) = 0 [pid 5249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5249] write(3, "1000", 4) = 4 [pid 5249] close(3) = 0 [pid 5249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5249] write(1, "executing program\n", 18executing program ) = 18 [pid 5249] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5249] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5249] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5249] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5249] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5249] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5249] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5249] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5249] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5249] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5249] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5249] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5249] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5249] close(5) = 0 [pid 5249] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5249] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5249] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5249] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 242.088910][ T784] usb 1-1: new high-speed USB device number 13 using dummy_hcd [pid 5249] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5249] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5249] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5249] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5249] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5249] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 242.293987][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 242.302855][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 242.313026][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 242.322061][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5249] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5249] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 242.347825][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 242.356992][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 242.365084][ T784] usb 1-1: Product: syz [ 242.369350][ T784] usb 1-1: Manufacturer: syz [pid 5249] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 242.393945][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 242.399287][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 242.406143][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 242.412177][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5249] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5249] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5249] exit_group(0) = ? [ 242.607258][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 242.613049][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 242.618812][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 242.624675][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 242.630511][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 242.636278][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 242.642133][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 242.647824][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5249, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 242.653662][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 242.659350][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 242.664934][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 242.674691][ T784] usb 1-1: USB disconnect, device number 13 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5250 attached , child_tidptr=0x555557a32750) = 5250 [pid 5250] set_robust_list(0x555557a32760, 24) = 0 [pid 5250] chdir("./138") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5250] write(1, "executing program\n", 18) = 18 [pid 5250] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5250] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5250] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5250] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5250] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5250] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5250] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5250] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5250] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5250] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5250] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5250] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5250] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5250] close(5) = 0 [pid 5250] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5250] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5250] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5250] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 243.338907][ T784] usb 1-1: new high-speed USB device number 14 using dummy_hcd [pid 5250] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5250] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5250] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5250] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5250] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5250] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 243.553325][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 243.562223][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 243.572376][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 243.581424][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5250] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5250] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 243.607745][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 243.616968][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 243.625025][ T784] usb 1-1: Product: syz [ 243.629282][ T784] usb 1-1: Manufacturer: syz [ 243.660417][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 243.665739][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 243.672269][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 243.678196][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5250] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5250] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5250] exit_group(0) = ? [ 243.870751][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 243.876679][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 243.882432][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 243.888121][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 243.893857][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 243.899598][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 243.905417][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 243.911301][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 [ 243.916977][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 243.922583][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 243.932452][ T784] usb 1-1: USB disconnect, device number 14 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5251 attached , child_tidptr=0x555557a32750) = 5251 [pid 5251] set_robust_list(0x555557a32760, 24) = 0 [pid 5251] chdir("./139") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] write(1, "executing program\n", 18executing program ) = 18 [pid 5251] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5251] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5251] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5251] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5251] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5251] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5251] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5251] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5251] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5251] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5251] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5251] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5251] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5251] close(5) = 0 [pid 5251] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5251] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5251] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5251] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 244.578897][ T784] usb 1-1: new high-speed USB device number 15 using dummy_hcd [pid 5251] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5251] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5251] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5251] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5251] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5251] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 244.784285][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 244.793179][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 244.803362][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 244.812443][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5251] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5251] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5251] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 244.847491][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 244.856763][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 244.864831][ T784] usb 1-1: Product: syz [ 244.869099][ T784] usb 1-1: Manufacturer: syz [ 244.910642][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 244.915878][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 244.922442][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 244.928410][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5251] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5251] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5251] exit_group(0) = ? [ 245.111493][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 245.117237][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 245.122985][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 245.128648][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 245.134372][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 245.140151][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 245.145903][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 245.151590][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 245.157350][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 245.163057][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 245.168838][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 245.174544][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 245.186901][ T783] usb 1-1: USB disconnect, device number 15 rmdir("./139") = 0 mkdir("./140", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached , child_tidptr=0x555557a32750) = 5252 [pid 5252] set_robust_list(0x555557a32760, 24) = 0 [pid 5252] chdir("./140") = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5252] write(1, "executing program\n", 18) = 18 [pid 5252] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5252] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5252] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5252] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5252] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5252] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5252] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5252] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5252] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5252] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5252] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5252] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5252] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5252] close(5) = 0 [pid 5252] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5252] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5252] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5252] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 245.828909][ T784] usb 1-1: new high-speed USB device number 16 using dummy_hcd [pid 5252] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5252] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5252] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5252] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5252] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5252] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 246.043163][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 246.052067][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 246.062307][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 246.071358][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5252] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5252] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 246.087115][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 246.096270][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 246.104359][ T784] usb 1-1: Product: syz [ 246.108541][ T784] usb 1-1: Manufacturer: syz [pid 5252] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 246.162332][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 246.167604][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 246.174320][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 246.180365][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5252] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5252] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5252] exit_group(0) = ? [ 246.363705][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 246.369474][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 246.375244][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 246.381093][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 246.387021][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 246.392897][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 246.398796][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 246.404724][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5253 attached , child_tidptr=0x555557a32750) = 5253 [pid 5253] set_robust_list(0x555557a32760, 24) = 0 [pid 5253] chdir("./141") = 0 [ 246.410557][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 246.416438][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 246.422174][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 246.431682][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 246.435568][ T784] usb 1-1: USB disconnect, device number 16 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5253] write(1, "executing program\n", 18) = 18 [pid 5253] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5253] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5253] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5253] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5253] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5253] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5253] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5253] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5253] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5253] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5253] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5253] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5253] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5253] close(5) = 0 [pid 5253] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5253] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5253] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5253] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 247.018914][ T784] usb 1-1: new high-speed USB device number 17 using dummy_hcd [pid 5253] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5253] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5253] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5253] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5253] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5253] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 247.223150][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 247.232326][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 247.242500][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 247.251564][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5253] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5253] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 247.289162][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 247.298290][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 247.306370][ T784] usb 1-1: Product: syz [ 247.310616][ T784] usb 1-1: Manufacturer: syz [ 247.362123][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 247.367488][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 247.374126][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 247.380118][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5253] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5253] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5253] exit_group(0) = ? [pid 5253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5253, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 247.562849][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 247.568600][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 247.574332][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 247.580033][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 247.585772][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 247.591474][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 247.597099][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./141/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5254 attached , child_tidptr=0x555557a32750) = 5254 [pid 5254] set_robust_list(0x555557a32760, 24) = 0 [pid 5254] chdir("./142") = 0 [pid 5254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 247.609178][ T783] usb 1-1: USB disconnect, device number 17 [pid 5254] setpgid(0, 0) = 0 [pid 5254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5254] write(3, "1000", 4) = 4 [pid 5254] close(3) = 0 [pid 5254] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5254] write(1, "executing program\n", 18) = 18 [pid 5254] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5254] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5254] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5254] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5254] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5254] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5254] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5254] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5254] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5254] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5254] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5254] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5254] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5254] close(5) = 0 [pid 5254] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5254] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5254] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5254] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 248.218915][ T783] usb 1-1: new high-speed USB device number 18 using dummy_hcd [pid 5254] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5254] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5254] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5254] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5254] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5254] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 248.434481][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 248.443519][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 248.453675][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 248.462736][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5254] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5254] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 248.497902][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 248.507043][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 248.515090][ T783] usb 1-1: Product: syz [ 248.519374][ T783] usb 1-1: Manufacturer: syz [ 248.541726][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 248.547170][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 248.554027][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 248.560172][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5254] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5254] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5254] exit_group(0) = ? [ 248.742184][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 248.747941][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 248.753709][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 248.759605][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 248.765444][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 248.771312][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 248.777153][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 248.782865][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5254, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./142", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./142/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5255 attached , child_tidptr=0x555557a32750) = 5255 [pid 5255] set_robust_list(0x555557a32760, 24) = 0 [pid 5255] chdir("./143") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [ 248.791814][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 248.795632][ T784] usb 1-1: USB disconnect, device number 18 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5255] write(1, "executing program\n", 18) = 18 [pid 5255] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5255] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5255] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5255] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5255] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5255] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5255] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5255] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5255] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5255] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5255] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5255] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5255] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5255] close(5) = 0 [pid 5255] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5255] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5255] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5255] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 249.388884][ T784] usb 1-1: new high-speed USB device number 19 using dummy_hcd [pid 5255] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5255] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5255] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5255] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5255] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5255] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 249.582505][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 249.591483][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 249.601617][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 249.610777][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5255] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5255] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 249.638679][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 249.647883][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 249.655944][ T784] usb 1-1: Product: syz [ 249.660155][ T784] usb 1-1: Manufacturer: syz [ 249.703350][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 249.708617][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 249.715608][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 249.721632][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5255] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5255] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5255] exit_group(0) = ? [ 249.904301][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 249.910119][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 249.915937][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 249.921861][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 249.927695][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 249.933560][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 249.939441][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 249.945270][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./143/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 [ 249.955155][ T783] usb 1-1: USB disconnect, device number 19 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5256 attached , child_tidptr=0x555557a32750) = 5256 [pid 5256] set_robust_list(0x555557a32760, 24) = 0 [pid 5256] chdir("./144") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5256] write(1, "executing program\n", 18) = 18 [pid 5256] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5256] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5256] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5256] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5256] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5256] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5256] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5256] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5256] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5256] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5256] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5256] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5256] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5256] close(5) = 0 [pid 5256] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5256] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5256] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5256] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 250.568870][ T783] usb 1-1: new high-speed USB device number 20 using dummy_hcd [pid 5256] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5256] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5256] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5256] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5256] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5256] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 250.783692][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 250.792465][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 250.803386][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 250.812464][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5256] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5256] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5256] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 250.828174][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 250.837298][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 250.845380][ T783] usb 1-1: Product: syz [ 250.849885][ T783] usb 1-1: Manufacturer: syz [ 250.891559][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 250.896821][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 250.903467][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 250.909452][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5256] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5256] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5256] exit_group(0) = ? [pid 5256] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5256, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 251.102100][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 251.107823][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 251.113589][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 251.119466][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 251.125316][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 251.131076][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 251.140989][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 251.142664][ T784] usb 1-1: USB disconnect, device number 20 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./144", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./144/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5257 ./strace-static-x86_64: Process 5257 attached [pid 5257] set_robust_list(0x555557a32760, 24) = 0 [pid 5257] chdir("./145") = 0 [pid 5257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5257] setpgid(0, 0) = 0 [pid 5257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5257] write(3, "1000", 4) = 4 [pid 5257] close(3) = 0 [pid 5257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5257] write(1, "executing program\n", 18executing program ) = 18 [pid 5257] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5257] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5257] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5257] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5257] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5257] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5257] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5257] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5257] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5257] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5257] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5257] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5257] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5257] close(5) = 0 [pid 5257] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5257] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5257] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5257] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 251.768898][ T784] usb 1-1: new high-speed USB device number 21 using dummy_hcd [pid 5257] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5257] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5257] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5257] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5257] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5257] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 251.974022][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 251.982860][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 251.993047][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 252.002084][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5257] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5257] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 252.027836][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 252.037012][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 252.045077][ T784] usb 1-1: Product: syz [ 252.049303][ T784] usb 1-1: Manufacturer: syz [ 252.081618][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 252.086878][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 252.093600][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 252.099565][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5257] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5257] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5257] exit_group(0) = ? [ 252.281551][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 252.287290][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 252.293039][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 252.298883][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 252.304547][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 252.310296][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 252.315996][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 252.321778][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5257, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./145", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./145/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5258 ./strace-static-x86_64: Process 5258 attached [pid 5258] set_robust_list(0x555557a32760, 24) = 0 [pid 5258] chdir("./146") = 0 [pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5258] setpgid(0, 0) = 0 [ 252.327472][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 252.333164][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 252.342474][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [ 252.344355][ T783] usb 1-1: USB disconnect, device number 21 [pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5258] write(3, "1000", 4) = 4 [pid 5258] close(3) = 0 [pid 5258] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5258] write(1, "executing program\n", 18) = 18 [pid 5258] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5258] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5258] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5258] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5258] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5258] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5258] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5258] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5258] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5258] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5258] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5258] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5258] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5258] close(5) = 0 [pid 5258] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5258] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5258] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5258] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 252.938897][ T783] usb 1-1: new high-speed USB device number 22 using dummy_hcd [pid 5258] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5258] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5258] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5258] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5258] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5258] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 253.143834][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 253.152566][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 253.162784][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 253.172144][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5258] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5258] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 253.189476][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 253.198707][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 253.206989][ T783] usb 1-1: Product: syz [ 253.211222][ T783] usb 1-1: Manufacturer: syz [ 253.252850][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 253.258103][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 253.264680][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 253.270644][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5258] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5258] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5258] exit_group(0) = ? [pid 5258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5258, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./146/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 [ 253.453025][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 253.458775][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 253.464547][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 253.470491][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 253.476213][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 253.489234][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 253.489855][ T784] usb 1-1: USB disconnect, device number 22 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5259 attached , child_tidptr=0x555557a32750) = 5259 [pid 5259] set_robust_list(0x555557a32760, 24) = 0 [pid 5259] chdir("./147") = 0 [pid 5259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5259] setpgid(0, 0) = 0 [pid 5259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5259] write(3, "1000", 4) = 4 [pid 5259] close(3) = 0 [pid 5259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5259] write(1, "executing program\n", 18executing program ) = 18 [pid 5259] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5259] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5259] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5259] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5259] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5259] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5259] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5259] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5259] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5259] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5259] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5259] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5259] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5259] close(5) = 0 [pid 5259] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5259] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5259] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5259] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 254.158995][ T783] usb 1-1: new high-speed USB device number 23 using dummy_hcd [pid 5259] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5259] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5259] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5259] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5259] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5259] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 254.353532][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 254.362767][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 254.372986][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 254.382090][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5259] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5259] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 254.398106][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 254.407535][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 254.415605][ T783] usb 1-1: Product: syz [ 254.419811][ T783] usb 1-1: Manufacturer: syz [ 254.441914][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 254.447148][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 254.453879][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 254.459849][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5259] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5259] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5259] exit_group(0) = ? [pid 5259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5259, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./147", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./147/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5260 ./strace-static-x86_64: Process 5260 attached [pid 5260] set_robust_list(0x555557a32760, 24) = 0 [pid 5260] chdir("./148") = 0 [pid 5260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 254.652883][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 254.658611][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 254.664337][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 254.670082][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 254.678997][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 254.686082][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE [ 254.687466][ T783] usb 1-1: USB disconnect, device number 23 [pid 5260] setpgid(0, 0) = 0 [pid 5260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5260] write(3, "1000", 4) = 4 [pid 5260] close(3) = 0 [pid 5260] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5260] write(1, "executing program\n", 18) = 18 [pid 5260] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5260] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5260] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5260] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5260] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5260] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5260] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5260] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5260] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5260] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5260] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5260] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5260] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5260] close(5) = 0 [pid 5260] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5260] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5260] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5260] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 255.288903][ T784] usb 1-1: new high-speed USB device number 24 using dummy_hcd [pid 5260] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5260] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5260] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5260] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5260] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5260] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 255.494353][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 255.503125][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 255.513272][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 255.522339][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5260] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5260] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5260] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 255.547677][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 255.556924][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 255.565001][ T784] usb 1-1: Product: syz [ 255.569253][ T784] usb 1-1: Manufacturer: syz [ 255.604267][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 255.609717][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 255.616132][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 255.622127][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5260] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 255.815673][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 255.821402][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 255.827145][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 255.832989][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 255.838832][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 255.844659][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 255.850327][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 255.856045][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5260] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5260] exit_group(0) = ? [ 255.861717][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 255.867424][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 255.873110][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 255.878838][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 255.884691][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 255.890546][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 255.896279][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 255.905438][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5260, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./148", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./148/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5261 attached , child_tidptr=0x555557a32750) = 5261 [pid 5261] set_robust_list(0x555557a32760, 24) = 0 [pid 5261] chdir("./149") = 0 [pid 5261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5261] setpgid(0, 0) = 0 [pid 5261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5261] write(3, "1000", 4) = 4 [pid 5261] close(3) = 0 [pid 5261] symlink("/dev/binderfs", "./binderfs") = 0 [ 255.905973][ T784] usb 1-1: USB disconnect, device number 24 [pid 5261] write(1, "executing program\n", 18executing program ) = 18 [pid 5261] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5261] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5261] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5261] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5261] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5261] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5261] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5261] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5261] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5261] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5261] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5261] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5261] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5261] close(5) = 0 [pid 5261] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5261] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5261] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5261] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 256.498892][ T784] usb 1-1: new high-speed USB device number 25 using dummy_hcd [pid 5261] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5261] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5261] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5261] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5261] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5261] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 256.693241][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 256.702557][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 256.712875][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 256.721944][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5261] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5261] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 256.738025][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 256.747204][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 256.755306][ T784] usb 1-1: Product: syz [ 256.759635][ T784] usb 1-1: Manufacturer: syz [ 256.801219][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 256.806481][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 256.813731][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 256.819735][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5261] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5261] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5261] exit_group(0) = ? [ 257.002239][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 257.007986][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 257.013818][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 257.019504][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 257.025225][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 257.030915][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 257.036702][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 257.042394][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5261, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./149", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./149/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 257.048166][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 257.053939][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 257.059526][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 257.068794][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 257.075876][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE [ 257.078976][ T783] usb 1-1: USB disconnect, device number 25 newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5262 attached , child_tidptr=0x555557a32750) = 5262 [pid 5262] set_robust_list(0x555557a32760, 24) = 0 [pid 5262] chdir("./150") = 0 [pid 5262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5262] setpgid(0, 0) = 0 [pid 5262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5262] write(3, "1000", 4) = 4 [pid 5262] close(3) = 0 [pid 5262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5262] write(1, "executing program\n", 18executing program ) = 18 [pid 5262] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5262] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5262] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5262] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5262] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5262] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5262] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5262] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5262] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5262] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5262] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5262] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5262] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5262] close(5) = 0 [pid 5262] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5262] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5262] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5262] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 257.719707][ T784] usb 1-1: new high-speed USB device number 26 using dummy_hcd [pid 5262] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5262] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5262] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5262] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5262] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5262] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 257.922931][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 257.931624][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 257.941773][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 257.950826][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5262] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5262] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 257.985530][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 257.994695][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 258.003071][ T784] usb 1-1: Product: syz [ 258.007259][ T784] usb 1-1: Manufacturer: syz [ 258.028658][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 258.034019][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 258.040798][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 258.046744][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5262] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5262] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5262] exit_group(0) = ? [ 258.230591][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 258.236333][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 258.242081][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 258.247774][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 258.253534][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 258.259240][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 258.264977][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 258.270680][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5262] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5262, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./150/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 258.276399][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 258.282088][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 258.287711][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 258.298647][ T784] usb 1-1: USB disconnect, device number 26 newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5263 attached , child_tidptr=0x555557a32750) = 5263 [pid 5263] set_robust_list(0x555557a32760, 24) = 0 [pid 5263] chdir("./151") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5263] write(1, "executing program\n", 18) = 18 [pid 5263] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5263] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5263] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5263] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5263] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5263] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5263] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5263] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5263] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5263] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5263] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5263] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5263] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5263] close(5) = 0 [pid 5263] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5263] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5263] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5263] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 258.948889][ T784] usb 1-1: new high-speed USB device number 27 using dummy_hcd [pid 5263] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5263] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5263] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5263] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5263] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5263] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 259.153577][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 259.162334][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 259.172561][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 259.181587][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5263] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5263] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 259.207028][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 259.216160][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 259.224311][ T784] usb 1-1: Product: syz [ 259.228570][ T784] usb 1-1: Manufacturer: syz [ 259.270667][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 259.276010][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 259.282731][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 259.288658][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5263] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5263] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 259.471371][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 259.477177][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 259.482914][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 259.488587][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 259.494320][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 259.500013][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 259.505761][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 259.511468][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5263] exit_group(0) = ? [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./151/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5264 attached , child_tidptr=0x555557a32750) = 5264 [pid 5264] set_robust_list(0x555557a32760, 24) = 0 [pid 5264] chdir("./152") = 0 [ 259.517178][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 259.522851][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 259.528581][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 259.534269][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 259.540018][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 259.545720][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 259.555050][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [ 259.557629][ T783] usb 1-1: USB disconnect, device number 27 [pid 5264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5264] setpgid(0, 0) = 0 [pid 5264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5264] write(3, "1000", 4) = 4 [pid 5264] close(3) = 0 [pid 5264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5264] write(1, "executing program\n", 18executing program ) = 18 [pid 5264] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5264] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5264] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5264] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5264] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5264] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5264] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5264] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5264] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5264] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5264] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5264] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5264] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5264] close(5) = 0 [pid 5264] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5264] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5264] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5264] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 260.168931][ T784] usb 1-1: new high-speed USB device number 28 using dummy_hcd [pid 5264] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5264] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5264] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5264] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5264] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5264] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 260.393353][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 260.402098][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 260.412290][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 260.421359][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5264] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5264] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 260.456803][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 260.465989][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 260.474038][ T784] usb 1-1: Product: syz [ 260.478256][ T784] usb 1-1: Manufacturer: syz [ 260.513655][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 260.519094][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 260.525584][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 260.531593][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5264] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5264] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5264] exit_group(0) = ? [pid 5264] +++ exited with 0 +++ [ 260.714848][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 260.720592][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 260.726363][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 260.732226][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 260.737921][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 260.743710][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 260.749411][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 260.755018][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5264, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./152", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./152/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5265 attached , child_tidptr=0x555557a32750) = 5265 [pid 5265] set_robust_list(0x555557a32760, 24) = 0 [pid 5265] chdir("./153") = 0 [pid 5265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 260.768717][ T783] usb 1-1: USB disconnect, device number 28 [pid 5265] setpgid(0, 0) = 0 [pid 5265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5265] write(3, "1000", 4) = 4 [pid 5265] close(3) = 0 [pid 5265] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5265] write(1, "executing program\n", 18) = 18 [pid 5265] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5265] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5265] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5265] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5265] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5265] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5265] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5265] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5265] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5265] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5265] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5265] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5265] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5265] close(5) = 0 [pid 5265] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5265] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5265] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5265] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 261.378888][ T784] usb 1-1: new high-speed USB device number 29 using dummy_hcd [pid 5265] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5265] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5265] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5265] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5265] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5265] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 261.603200][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 261.611956][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 261.622117][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 261.631136][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5265] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5265] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 261.666663][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 261.675825][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 261.683870][ T784] usb 1-1: Product: syz [ 261.688069][ T784] usb 1-1: Manufacturer: syz [ 261.714336][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 261.719664][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 261.726243][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 261.732318][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5265] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5265] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5265] exit_group(0) = ? [ 261.915066][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 261.920808][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 261.926571][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 261.932418][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 261.938276][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 261.944158][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 261.949859][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 261.955655][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5265] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5265, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./153", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./153/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5266 attached , child_tidptr=0x555557a32750) = 5266 [pid 5266] set_robust_list(0x555557a32760, 24) = 0 [pid 5266] chdir("./154") = 0 [ 261.961524][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 261.967215][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 261.972973][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 261.978708][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 261.988115][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 261.993475][ T784] usb 1-1: USB disconnect, device number 29 [pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5266] setpgid(0, 0) = 0 [pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5266] write(3, "1000", 4) = 4 [pid 5266] close(3) = 0 [pid 5266] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5266] write(1, "executing program\n", 18) = 18 [pid 5266] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5266] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5266] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5266] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5266] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5266] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5266] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5266] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5266] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5266] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5266] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5266] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5266] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5266] close(5) = 0 [pid 5266] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5266] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5266] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5266] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 262.568870][ T784] usb 1-1: new high-speed USB device number 30 using dummy_hcd [pid 5266] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5266] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5266] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5266] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5266] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5266] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 262.783373][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 262.792220][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 262.802368][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 262.811404][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5266] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5266] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5266] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 262.846796][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 262.855958][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 262.864024][ T784] usb 1-1: Product: syz [ 262.868223][ T784] usb 1-1: Manufacturer: syz [ 262.909536][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 262.914801][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 262.921410][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 262.927365][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5266] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5266] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5266] exit_group(0) = ? [ 263.110664][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 263.116486][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 263.122243][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 263.128169][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 263.133835][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 263.139617][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 263.145462][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 263.151146][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./154", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./154/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5267 attached , child_tidptr=0x555557a32750) = 5267 [ 263.156894][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 263.162605][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 263.175522][ T784] usb 1-1: USB disconnect, device number 30 [pid 5267] set_robust_list(0x555557a32760, 24) = 0 [pid 5267] chdir("./155") = 0 [pid 5267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5267] setpgid(0, 0) = 0 [pid 5267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5267] write(3, "1000", 4) = 4 [pid 5267] close(3) = 0 [pid 5267] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5267] write(1, "executing program\n", 18) = 18 [pid 5267] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5267] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5267] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5267] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5267] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5267] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5267] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5267] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5267] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5267] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5267] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5267] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5267] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5267] close(5) = 0 [pid 5267] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5267] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5267] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5267] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 263.758868][ T784] usb 1-1: new high-speed USB device number 31 using dummy_hcd [pid 5267] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5267] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5267] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5267] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5267] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5267] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 263.963622][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 263.972372][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 263.982552][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 263.991648][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5267] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5267] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 264.017812][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 264.026971][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 264.035126][ T784] usb 1-1: Product: syz [ 264.039497][ T784] usb 1-1: Manufacturer: syz [ 264.071194][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 264.076493][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 264.083077][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 264.089053][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5267] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 264.271746][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 264.277475][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 264.283236][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 264.289069][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 264.294749][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 264.300489][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 264.306206][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 264.311951][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5267] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5267] exit_group(0) = ? [pid 5267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5267, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./155", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./155/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 [ 264.317627][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 264.323348][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 264.329186][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 264.334857][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 264.340468][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 264.353219][ T784] usb 1-1: USB disconnect, device number 31 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5268 attached , child_tidptr=0x555557a32750) = 5268 [pid 5268] set_robust_list(0x555557a32760, 24) = 0 [pid 5268] chdir("./156") = 0 [pid 5268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5268] setpgid(0, 0) = 0 [pid 5268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5268] write(3, "1000", 4) = 4 [pid 5268] close(3) = 0 [pid 5268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5268] write(1, "executing program\n", 18executing program ) = 18 [pid 5268] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5268] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5268] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5268] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5268] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5268] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5268] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5268] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5268] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5268] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5268] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5268] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5268] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5268] close(5) = 0 [pid 5268] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5268] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5268] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5268] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 264.998886][ T784] usb 1-1: new high-speed USB device number 32 using dummy_hcd [pid 5268] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5268] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5268] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5268] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5268] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5268] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 265.213857][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 265.223038][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 265.233243][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 265.242326][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5268] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5268] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5268] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 265.259597][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 265.268845][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 265.276909][ T784] usb 1-1: Product: syz [ 265.281166][ T784] usb 1-1: Manufacturer: syz [pid 5268] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 265.322276][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 265.327549][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 265.334157][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 265.340128][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5268] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5268] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5268] exit_group(0) = ? [ 265.533021][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 265.538759][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 265.544588][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 265.550259][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 265.555995][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 265.561679][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 265.567403][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 265.573096][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5268] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5268, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./156", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./156/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 265.578677][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 265.589605][ T784] usb 1-1: USB disconnect, device number 32 unlink("./156/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5269 attached , child_tidptr=0x555557a32750) = 5269 [pid 5269] set_robust_list(0x555557a32760, 24) = 0 [pid 5269] chdir("./157") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] write(1, "executing program\n", 18executing program ) = 18 [pid 5269] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5269] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5269] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5269] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5269] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5269] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5269] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5269] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5269] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5269] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5269] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5269] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5269] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5269] close(5) = 0 [pid 5269] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5269] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5269] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5269] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 266.228884][ T784] usb 1-1: new high-speed USB device number 33 using dummy_hcd [pid 5269] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5269] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5269] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5269] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [ 266.496657][ T784] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 266.505362][ T784] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 266.518802][ T784] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 266.527784][ T784] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5269] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5269] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5269] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 266.615189][ T784] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 266.638782][ T784] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 266.646803][ T784] usb 1-1: Product: syz [ 266.658799][ T784] usb 1-1: Manufacturer: syz [pid 5269] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5269] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 266.730063][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 266.735313][ T784] cdc_wdm 1-1:1.0: skipping garbage [ 266.750036][ T784] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 266.755969][ T784] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5269] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5269] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5269] exit_group(0) = ? [ 266.933574][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 266.939282][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 266.945058][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 266.950941][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 266.956659][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 266.962433][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 266.968154][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 [ 266.978221][ T783] usb 1-1: USB disconnect, device number 33 umount2("./157/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5270 attached , child_tidptr=0x555557a32750) = 5270 [pid 5270] set_robust_list(0x555557a32760, 24) = 0 [pid 5270] chdir("./158") = 0 [pid 5270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5270] setpgid(0, 0) = 0 [pid 5270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5270] write(3, "1000", 4) = 4 [pid 5270] close(3) = 0 [pid 5270] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5270] write(1, "executing program\n", 18) = 18 [pid 5270] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5270] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5270] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5270] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5270] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5270] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5270] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5270] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5270] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5270] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5270] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5270] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5270] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5270] close(5) = 0 [pid 5270] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5270] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5270] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5270] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 267.698893][ T783] usb 1-1: new high-speed USB device number 34 using dummy_hcd [pid 5270] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5270] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5270] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5270] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5270] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5270] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 267.904413][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 267.913459][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 267.923609][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 267.932692][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5270] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5270] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 267.958318][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 267.968043][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 267.976126][ T783] usb 1-1: Product: syz [ 267.980377][ T783] usb 1-1: Manufacturer: syz [ 268.012632][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 268.017907][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 268.024593][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 268.030625][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5270] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5270] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5270] exit_group(0) = ? [ 268.223785][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 268.229505][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 268.235313][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 268.241189][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 268.247051][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 268.252903][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 268.258729][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 268.264412][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5270] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5270, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 [ 268.270203][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 268.276121][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 268.281822][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 268.291216][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 268.295471][ T9] usb 1-1: USB disconnect, device number 34 umount2("./158/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5271 attached , child_tidptr=0x555557a32750) = 5271 [pid 5271] set_robust_list(0x555557a32760, 24) = 0 [pid 5271] chdir("./159") = 0 [pid 5271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5271] setpgid(0, 0) = 0 [pid 5271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5271] write(3, "1000", 4) = 4 [pid 5271] close(3) = 0 [pid 5271] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5271] write(1, "executing program\n", 18) = 18 [pid 5271] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5271] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5271] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5271] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5271] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5271] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5271] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5271] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5271] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5271] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5271] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5271] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5271] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5271] close(5) = 0 [pid 5271] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5271] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5271] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5271] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 268.958903][ T9] usb 1-1: new high-speed USB device number 35 using dummy_hcd [pid 5271] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5271] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5271] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5271] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5271] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5271] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 269.163991][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 269.172767][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 269.182928][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 269.191996][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5271] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5271] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5271] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 269.237487][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 269.246693][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 269.254768][ T9] usb 1-1: Product: syz [ 269.259003][ T9] usb 1-1: Manufacturer: syz [ 269.290677][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 269.295950][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 269.302679][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 269.308652][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5271] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5271] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5271] exit_group(0) = ? [ 269.490976][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 269.496811][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 269.502579][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 269.508244][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 269.513996][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 269.519822][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 269.525674][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 269.531378][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5271] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5271, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./159", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./159/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5272 attached [pid 5272] set_robust_list(0x555557a32760, 24) = 0 [pid 5093] <... clone resumed>, child_tidptr=0x555557a32750) = 5272 [pid 5272] chdir("./160") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5272] write(1, "executing program\n", 18) = 18 [ 269.541198][ T783] usb 1-1: USB disconnect, device number 35 [pid 5272] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5272] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5272] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5272] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5272] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5272] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5272] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5272] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5272] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5272] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5272] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5272] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5272] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5272] close(5) = 0 [pid 5272] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5272] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5272] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5272] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 270.128955][ T9] usb 1-1: new high-speed USB device number 36 using dummy_hcd [pid 5272] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5272] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5272] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5272] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5272] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5272] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 270.353286][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 270.362049][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 270.372568][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 270.381663][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5272] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5272] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5272] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 270.407377][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 270.416598][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 270.424673][ T9] usb 1-1: Product: syz [ 270.428912][ T9] usb 1-1: Manufacturer: syz [pid 5272] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 270.462245][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 270.467519][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 270.474525][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 270.480498][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5272] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5272] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5272] exit_group(0) = ? [ 270.672762][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 270.678589][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 270.684342][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 270.690013][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 270.695773][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 270.701661][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 270.707517][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 270.713213][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5272, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./160", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./160/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5273 attached , child_tidptr=0x555557a32750) = 5273 [pid 5273] set_robust_list(0x555557a32760, 24) = 0 [pid 5273] chdir("./161") = 0 [pid 5273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5273] setpgid(0, 0) = 0 [ 270.723330][ T783] usb 1-1: USB disconnect, device number 36 [pid 5273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5273] write(3, "1000", 4) = 4 [pid 5273] close(3) = 0 [pid 5273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5273] write(1, "executing program\n", 18executing program ) = 18 [pid 5273] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5273] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5273] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5273] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5273] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5273] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5273] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5273] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5273] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5273] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5273] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5273] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5273] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5273] close(5) = 0 [pid 5273] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5273] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5273] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5273] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 271.338900][ T783] usb 1-1: new high-speed USB device number 37 using dummy_hcd [pid 5273] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5273] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5273] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5273] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5273] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5273] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 271.533540][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 271.542941][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 271.553103][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 271.562196][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5273] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5273] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 271.597287][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 271.606587][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 271.614627][ T783] usb 1-1: Product: syz [ 271.618889][ T783] usb 1-1: Manufacturer: syz [ 271.641593][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 271.646854][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 271.653862][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 271.659863][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5273] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5273] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5273] exit_group(0) = ? [ 271.842986][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 271.848711][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 271.854456][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 271.860318][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 271.866021][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 271.871823][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 271.877548][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 271.887090][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5273, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./161", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./161/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5274 attached , child_tidptr=0x555557a32750) = 5274 [pid 5274] set_robust_list(0x555557a32760, 24) = 0 [pid 5274] chdir("./162") = 0 [pid 5274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5274] setpgid(0, 0) = 0 [pid 5274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5274] write(3, "1000", 4) = 4 [pid 5274] close(3) = 0 [ 271.891115][ T9] usb 1-1: USB disconnect, device number 37 [pid 5274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5274] write(1, "executing program\n", 18executing program ) = 18 [pid 5274] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5274] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5274] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5274] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5274] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5274] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5274] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5274] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5274] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5274] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5274] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5274] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5274] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5274] close(5) = 0 [pid 5274] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5274] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5274] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5274] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 272.528925][ T9] usb 1-1: new high-speed USB device number 38 using dummy_hcd [pid 5274] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5274] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5274] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5274] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5274] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5274] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 272.733239][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 272.741957][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 272.752097][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 272.761178][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5274] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5274] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 272.807231][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 272.816461][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 272.824531][ T9] usb 1-1: Product: syz [ 272.828786][ T9] usb 1-1: Manufacturer: syz [ 272.859845][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 272.865246][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 272.871983][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 272.877918][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5274] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5274] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5274] exit_group(0) = ? [ 273.061578][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 273.067333][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 273.073099][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 273.078977][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 273.084819][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 273.090478][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 273.096225][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 273.101914][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5274] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5274, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./162", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./162/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 273.107691][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 273.113383][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 273.122721][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 273.124257][ T9] usb 1-1: USB disconnect, device number 38 unlink("./162/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5275 attached , child_tidptr=0x555557a32750) = 5275 [pid 5275] set_robust_list(0x555557a32760, 24) = 0 [pid 5275] chdir("./163") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5275] write(1, "executing program\n", 18) = 18 [pid 5275] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5275] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5275] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5275] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5275] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5275] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5275] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5275] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5275] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5275] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5275] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5275] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5275] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5275] close(5) = 0 [pid 5275] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5275] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5275] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5275] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 273.798858][ T783] usb 1-1: new high-speed USB device number 39 using dummy_hcd [pid 5275] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5275] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5275] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5275] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5275] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5275] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 274.003317][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 274.012143][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 274.022692][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 274.031779][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5275] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5275] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 274.058196][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 274.067729][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 274.075834][ T783] usb 1-1: Product: syz [ 274.080087][ T783] usb 1-1: Manufacturer: syz [ 274.121703][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 274.126933][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 274.133527][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 274.139538][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5275] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5275] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5275] exit_group(0) = ? [ 274.333027][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 274.338754][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 274.344523][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 274.350375][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 274.356067][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 274.361822][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 274.367502][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 274.373075][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./163", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./163/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 [ 274.382875][ T9] usb 1-1: USB disconnect, device number 39 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5276 ./strace-static-x86_64: Process 5276 attached [pid 5276] set_robust_list(0x555557a32760, 24) = 0 [pid 5276] chdir("./164") = 0 [pid 5276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5276] setpgid(0, 0) = 0 [pid 5276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5276] write(3, "1000", 4) = 4 [pid 5276] close(3) = 0 [pid 5276] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5276] write(1, "executing program\n", 18) = 18 [pid 5276] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5276] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5276] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5276] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5276] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5276] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5276] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5276] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5276] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5276] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5276] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5276] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5276] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5276] close(5) = 0 [pid 5276] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5276] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5276] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5276] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 275.028868][ T783] usb 1-1: new high-speed USB device number 40 using dummy_hcd [pid 5276] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5276] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5276] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5276] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5276] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5276] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 275.224070][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 275.233400][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 275.243598][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 275.252775][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5276] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5276] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 275.278859][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 275.288308][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 275.296406][ T783] usb 1-1: Product: syz [ 275.300660][ T783] usb 1-1: Manufacturer: syz [ 275.342233][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 275.347481][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 275.355877][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 275.361891][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5276] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5276] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5276] exit_group(0) = ? [ 275.543026][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 275.548852][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 275.554612][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 275.560463][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 275.566332][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 275.572169][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 275.577844][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 275.583607][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5276] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5276, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./164", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./164/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5277 ./strace-static-x86_64: Process 5277 attached [pid 5277] set_robust_list(0x555557a32760, 24) = 0 [ 275.589336][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 275.601958][ T9] usb 1-1: USB disconnect, device number 40 [pid 5277] chdir("./165") = 0 [pid 5277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5277] setpgid(0, 0) = 0 [pid 5277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5277] write(3, "1000", 4) = 4 [pid 5277] close(3) = 0 [pid 5277] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5277] write(1, "executing program\n", 18) = 18 [pid 5277] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5277] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5277] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5277] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5277] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5277] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5277] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5277] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5277] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5277] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5277] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5277] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5277] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5277] close(5) = 0 [pid 5277] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5277] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5277] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5277] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 276.228874][ T9] usb 1-1: new high-speed USB device number 41 using dummy_hcd [pid 5277] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5277] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5277] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5277] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5277] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5277] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 276.433352][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 276.442048][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 276.452216][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 276.461245][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5277] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5277] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 276.478962][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 276.488078][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 276.496236][ T9] usb 1-1: Product: syz [ 276.500464][ T9] usb 1-1: Manufacturer: syz [ 276.533227][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 276.538473][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 276.545035][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 276.550995][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5277] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5277] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5277] exit_group(0) = ? [ 276.733558][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 276.739307][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 276.745092][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 276.750946][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 276.756640][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 276.762405][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 276.768089][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 276.773807][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5277] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5277, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./165/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5278 attached , child_tidptr=0x555557a32750) = 5278 [pid 5278] set_robust_list(0x555557a32760, 24) = 0 [pid 5278] chdir("./166") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [ 276.779479][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 276.785054][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 276.794606][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [ 276.797182][ T783] usb 1-1: USB disconnect, device number 41 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5278] write(1, "executing program\n", 18executing program ) = 18 [pid 5278] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5278] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5278] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5278] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5278] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5278] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5278] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5278] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5278] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5278] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5278] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5278] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5278] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5278] close(5) = 0 [pid 5278] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5278] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5278] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5278] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 277.418901][ T783] usb 1-1: new high-speed USB device number 42 using dummy_hcd [pid 5278] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5278] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5278] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5278] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5278] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5278] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 277.643595][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 277.652462][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 277.662852][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 277.671897][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5278] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5278] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5278] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 277.689558][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 277.698655][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 277.706763][ T783] usb 1-1: Product: syz [ 277.711187][ T783] usb 1-1: Manufacturer: syz [ 277.733981][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 277.739357][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 277.745741][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 277.751717][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5278] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5278] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5278] exit_group(0) = ? [ 277.934020][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 277.939745][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 277.945469][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 277.951312][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 277.957157][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 277.962994][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 277.968712][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 277.978071][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./166", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./166/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5279 attached , child_tidptr=0x555557a32750) = 5279 [pid 5279] set_robust_list(0x555557a32760, 24) = 0 [pid 5279] chdir("./167") = 0 [pid 5279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5279] setpgid(0, 0) = 0 [pid 5279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5279] write(3, "1000", 4) = 4 [pid 5279] close(3) = 0 [pid 5279] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5279] write(1, "executing program\n", 18) = 18 [pid 5279] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5279] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5279] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5279] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5279] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5279] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5279] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5279] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [ 277.978240][ T9] usb 1-1: USB disconnect, device number 42 [pid 5279] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5279] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5279] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5279] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5279] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5279] close(5) = 0 [pid 5279] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5279] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5279] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5279] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 278.538929][ T9] usb 1-1: new high-speed USB device number 43 using dummy_hcd [pid 5279] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5279] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5279] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5279] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5279] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5279] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 278.752976][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 278.761786][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 278.771916][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 278.780937][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5279] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5279] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5279] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 278.828373][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 278.837525][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 278.845682][ T9] usb 1-1: Product: syz [ 278.849909][ T9] usb 1-1: Manufacturer: syz [ 278.873151][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 278.878493][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 278.885185][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 278.891160][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5279] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5279] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5279] exit_group(0) = ? [ 279.073140][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 279.078968][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 279.084729][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 279.090400][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 279.096297][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 279.102004][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 279.107771][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 279.113453][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5279] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5279, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./167", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./167/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5280 attached , child_tidptr=0x555557a32750) = 5280 [pid 5280] set_robust_list(0x555557a32760, 24) = 0 [pid 5280] chdir("./168") = 0 [pid 5280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 279.119076][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 279.128823][ T9] usb 1-1: USB disconnect, device number 43 [pid 5280] setpgid(0, 0) = 0 [pid 5280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5280] write(3, "1000", 4) = 4 [pid 5280] close(3) = 0 [pid 5280] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5280] write(1, "executing program\n", 18) = 18 [pid 5280] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5280] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5280] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5280] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5280] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5280] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5280] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5280] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5280] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5280] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5280] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5280] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5280] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5280] close(5) = 0 [pid 5280] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5280] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5280] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5280] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 279.738854][ T9] usb 1-1: new high-speed USB device number 44 using dummy_hcd [pid 5280] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5280] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5280] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5280] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5280] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5280] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 279.954082][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 279.962846][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 279.973019][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 279.982055][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5280] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5280] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5280] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 280.017354][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 280.026507][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 280.034890][ T9] usb 1-1: Product: syz [ 280.039582][ T9] usb 1-1: Manufacturer: syz [ 280.072460][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 280.077767][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 280.084422][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 280.090375][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5280] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5280] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5280] exit_group(0) = ? [pid 5280] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5280, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./168/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5281 attached , child_tidptr=0x555557a32750) = 5281 [pid 5281] set_robust_list(0x555557a32760, 24) = 0 [pid 5281] chdir("./169") = 0 [ 280.272250][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 280.277986][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 280.283728][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 280.289561][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 280.295225][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 280.300809][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 280.313548][ T783] usb 1-1: USB disconnect, device number 44 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] write(1, "executing program\n", 18executing program ) = 18 [pid 5281] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5281] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5281] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5281] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5281] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5281] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5281] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5281] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5281] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5281] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5281] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5281] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5281] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5281] close(5) = 0 [pid 5281] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5281] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5281] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5281] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 280.888872][ T9] usb 1-1: new high-speed USB device number 45 using dummy_hcd [pid 5281] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5281] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5281] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5281] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5281] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5281] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 281.083573][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 281.092348][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 281.102482][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 281.111488][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5281] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5281] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 281.146935][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 281.156233][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 281.164312][ T9] usb 1-1: Product: syz [ 281.168503][ T9] usb 1-1: Manufacturer: syz [ 281.193089][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 281.198496][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 281.205142][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 281.211131][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5281] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5281] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5281] exit_group(0) = ? [ 281.394062][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 281.399812][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 281.405564][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 281.411228][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 281.417024][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 281.422711][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 281.428501][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 281.434194][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./169", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./169/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 [ 281.439785][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 281.451373][ T783] usb 1-1: USB disconnect, device number 45 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5282 attached , child_tidptr=0x555557a32750) = 5282 [pid 5282] set_robust_list(0x555557a32760, 24) = 0 [pid 5282] chdir("./170") = 0 [pid 5282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5282] setpgid(0, 0) = 0 [pid 5282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5282] write(3, "1000", 4) = 4 [pid 5282] close(3) = 0 [pid 5282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5282] write(1, "executing program\n", 18executing program ) = 18 [pid 5282] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5282] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5282] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5282] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5282] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5282] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5282] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5282] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5282] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5282] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5282] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5282] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5282] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5282] close(5) = 0 [pid 5282] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5282] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5282] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5282] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 282.068908][ T783] usb 1-1: new high-speed USB device number 46 using dummy_hcd [pid 5282] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5282] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5282] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5282] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5282] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5282] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 282.254218][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 282.262995][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 282.273162][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 282.282521][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5282] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5282] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 282.298493][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 282.307937][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 282.316059][ T783] usb 1-1: Product: syz [ 282.320280][ T783] usb 1-1: Manufacturer: syz [ 282.352853][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 282.358136][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 282.364581][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 282.370562][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5282] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5282] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5282] exit_group(0) = ? [ 282.554207][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 282.559973][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 282.565724][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 282.571593][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 282.577274][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 282.583069][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 282.588917][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 282.594606][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5282] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5282, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./170/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 282.600187][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 282.609660][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 282.614627][ T9] usb 1-1: USB disconnect, device number 46 newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5283 attached , child_tidptr=0x555557a32750) = 5283 [pid 5283] set_robust_list(0x555557a32760, 24) = 0 [pid 5283] chdir("./171") = 0 [pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5283] setpgid(0, 0) = 0 [pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5283] write(3, "1000", 4) = 4 [pid 5283] close(3) = 0 [pid 5283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5283] write(1, "executing program\n", 18executing program ) = 18 [pid 5283] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5283] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5283] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5283] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5283] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5283] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5283] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5283] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5283] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5283] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5283] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5283] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5283] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5283] close(5) = 0 [pid 5283] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5283] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5283] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5283] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 283.238883][ T9] usb 1-1: new high-speed USB device number 47 using dummy_hcd [pid 5283] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5283] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5283] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5283] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5283] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5283] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 283.434461][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 283.443274][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 283.453444][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 283.462514][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5283] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5283] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 283.498636][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 283.507863][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 283.515948][ T9] usb 1-1: Product: syz [ 283.520525][ T9] usb 1-1: Manufacturer: syz [ 283.551897][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 283.557161][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 283.563966][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 283.569996][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5283] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5283] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5283] exit_group(0) = ? [pid 5283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5283, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./171", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./171/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 [ 283.762238][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 283.767945][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 283.773670][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 283.779441][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 283.785192][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 283.790910][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 283.800564][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 283.804633][ T9] usb 1-1: USB disconnect, device number 47 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5284 attached , child_tidptr=0x555557a32750) = 5284 [pid 5284] set_robust_list(0x555557a32760, 24) = 0 [pid 5284] chdir("./172") = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5284] setpgid(0, 0) = 0 [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5284] write(3, "1000", 4) = 4 [pid 5284] close(3) = 0 [pid 5284] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5284] write(1, "executing program\n", 18) = 18 [pid 5284] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5284] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5284] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5284] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5284] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5284] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5284] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5284] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5284] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5284] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5284] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5284] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5284] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5284] close(5) = 0 [pid 5284] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5284] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5284] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5284] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 284.378854][ T9] usb 1-1: new high-speed USB device number 48 using dummy_hcd [pid 5284] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5284] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5284] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5284] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5284] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5284] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 284.573049][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 284.582291][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 284.592647][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 284.601739][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5284] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5284] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5284] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 284.626811][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 284.636078][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 284.644156][ T9] usb 1-1: Product: syz [ 284.648356][ T9] usb 1-1: Manufacturer: syz [ 284.681907][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 284.687184][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 284.693772][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 284.699774][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5284] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 284.882631][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 284.888504][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 284.894260][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 284.899923][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 284.905657][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 284.911352][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 284.917131][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 284.922820][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5284] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5284] exit_group(0) = ? [pid 5284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./172", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./172/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 284.928580][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 284.934276][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 284.940022][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 284.945748][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 284.956365][ T783] usb 1-1: USB disconnect, device number 48 unlink("./172/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5285 ./strace-static-x86_64: Process 5285 attached [pid 5285] set_robust_list(0x555557a32760, 24) = 0 [pid 5285] chdir("./173") = 0 [pid 5285] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5285] setpgid(0, 0) = 0 [pid 5285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5285] write(3, "1000", 4) = 4 [pid 5285] close(3) = 0 [pid 5285] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5285] write(1, "executing program\n", 18executing program ) = 18 [pid 5285] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5285] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5285] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5285] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5285] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5285] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5285] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5285] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5285] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5285] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5285] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5285] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5285] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5285] close(5) = 0 [pid 5285] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5285] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5285] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5285] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 285.628852][ T783] usb 1-1: new high-speed USB device number 49 using dummy_hcd [pid 5285] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5285] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5285] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5285] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5285] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5285] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 285.823968][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 285.832947][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 285.843192][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 285.852211][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5285] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5285] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 285.868526][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 285.877862][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 285.885920][ T783] usb 1-1: Product: syz [ 285.890125][ T783] usb 1-1: Manufacturer: syz [pid 5285] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 285.925264][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 285.930665][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 285.937241][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 285.943254][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5285] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5285] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 286.147040][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 286.152861][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 286.158608][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 286.164437][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 286.170299][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 286.176240][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 286.182081][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 286.187772][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5285] exit_group(0) = ? [pid 5285] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5285, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./173", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./173/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5286 attached , child_tidptr=0x555557a32750) = 5286 [pid 5286] set_robust_list(0x555557a32760, 24) = 0 [pid 5286] chdir("./174") = 0 [pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5286] setpgid(0, 0) = 0 [ 286.193529][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 286.199379][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 286.205222][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 286.210912][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 286.216673][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 286.222402][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 286.232013][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 286.236144][ T9] usb 1-1: USB disconnect, device number 49 [pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5286] write(3, "1000", 4) = 4 [pid 5286] close(3) = 0 [pid 5286] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5286] write(1, "executing program\n", 18) = 18 [pid 5286] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5286] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5286] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5286] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5286] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5286] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5286] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5286] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5286] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5286] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5286] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5286] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5286] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5286] close(5) = 0 [pid 5286] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5286] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5286] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5286] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 286.808839][ T9] usb 1-1: new high-speed USB device number 50 using dummy_hcd [pid 5286] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5286] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5286] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5286] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5286] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5286] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 287.002822][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 287.011668][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 287.022082][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 287.031172][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5286] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5286] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 287.057281][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 287.066618][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 287.074686][ T9] usb 1-1: Product: syz [ 287.078972][ T9] usb 1-1: Manufacturer: syz [ 287.103777][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 287.109455][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 287.116210][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 287.122199][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5286] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5286] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5286] exit_group(0) = ? [ 287.304760][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 287.310485][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 287.316213][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 287.322074][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 287.327935][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 287.333783][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 287.339731][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 287.345442][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5286] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5286, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./174", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./174/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5287 attached , child_tidptr=0x555557a32750) = 5287 [pid 5287] set_robust_list(0x555557a32760, 24) = 0 [pid 5287] chdir("./175") = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [ 287.354927][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 287.355085][ T9] usb 1-1: USB disconnect, device number 50 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5287] write(1, "executing program\n", 18) = 18 [pid 5287] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5287] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5287] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5287] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5287] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5287] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5287] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5287] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5287] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5287] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5287] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5287] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5287] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5287] close(5) = 0 [pid 5287] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5287] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5287] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5287] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 287.968867][ T783] usb 1-1: new high-speed USB device number 51 using dummy_hcd [pid 5287] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5287] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5287] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5287] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5287] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5287] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 288.183786][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 288.193048][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 288.203215][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 288.212273][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5287] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5287] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 288.247635][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 288.257119][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 288.265190][ T783] usb 1-1: Product: syz [ 288.269448][ T783] usb 1-1: Manufacturer: syz [ 288.301751][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 288.307012][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 288.313780][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 288.319922][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5287] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5287] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5287] exit_group(0) = ? [ 288.502514][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 288.508299][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 288.514059][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 288.519900][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 288.525746][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 288.531446][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 288.537227][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 288.542919][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 [ 288.548528][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 288.558087][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 288.563502][ T9] usb 1-1: USB disconnect, device number 51 umount2("./175/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5288 attached , child_tidptr=0x555557a32750) = 5288 [pid 5288] set_robust_list(0x555557a32760, 24) = 0 [pid 5288] chdir("./176") = 0 [pid 5288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5288] setpgid(0, 0) = 0 [pid 5288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5288] write(3, "1000", 4) = 4 [pid 5288] close(3) = 0 [pid 5288] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5288] write(1, "executing program\n", 18executing program ) = 18 [pid 5288] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5288] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5288] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5288] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5288] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5288] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5288] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5288] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5288] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5288] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5288] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5288] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5288] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5288] close(5) = 0 [pid 5288] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5288] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5288] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5288] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 289.228858][ T783] usb 1-1: new high-speed USB device number 52 using dummy_hcd [pid 5288] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5288] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5288] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5288] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5288] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5288] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 289.434140][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 289.443448][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 289.453618][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 289.462689][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5288] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5288] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 289.479549][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 289.488642][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 289.496743][ T783] usb 1-1: Product: syz [ 289.500973][ T783] usb 1-1: Manufacturer: syz [ 289.515117][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 289.520546][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 289.527336][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 289.533346][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5288] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5288] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5288] exit_group(0) = ? [pid 5288] +++ exited with 0 +++ [ 289.734917][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 289.740691][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 289.746525][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 289.752195][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 289.757984][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 289.763663][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 289.769532][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 289.779352][ T9] usb 1-1: USB disconnect, device number 52 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5288, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./176", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./176/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5289 attached , child_tidptr=0x555557a32750) = 5289 [pid 5289] set_robust_list(0x555557a32760, 24) = 0 [pid 5289] chdir("./177") = 0 [pid 5289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5289] setpgid(0, 0) = 0 [pid 5289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5289] write(3, "1000", 4) = 4 [pid 5289] close(3) = 0 [pid 5289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5289] write(1, "executing program\n", 18executing program ) = 18 [pid 5289] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5289] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5289] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5289] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5289] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5289] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5289] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5289] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5289] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5289] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5289] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5289] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5289] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5289] close(5) = 0 [pid 5289] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5289] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5289] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5289] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 290.408906][ T783] usb 1-1: new high-speed USB device number 53 using dummy_hcd [pid 5289] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5289] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5289] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5289] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5289] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5289] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 290.614785][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 290.624089][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 290.634310][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 290.643355][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5289] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5289] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 290.660614][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 290.669818][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 290.677856][ T783] usb 1-1: Product: syz [ 290.682094][ T783] usb 1-1: Manufacturer: syz [ 290.696665][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 290.702040][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 290.708928][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 290.714866][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5289] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5289] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5289] exit_group(0) = ? [ 290.897167][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 290.902910][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 290.908832][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 290.914682][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 290.920501][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 290.926212][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 290.931952][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 290.937689][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5289, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./177", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 [ 290.947029][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 290.952407][ T9] usb 1-1: USB disconnect, device number 53 umount2("./177/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5290 attached , child_tidptr=0x555557a32750) = 5290 [pid 5290] set_robust_list(0x555557a32760, 24) = 0 [pid 5290] chdir("./178") = 0 [pid 5290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5290] setpgid(0, 0) = 0 [pid 5290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5290] write(3, "1000", 4) = 4 [pid 5290] close(3) = 0 [pid 5290] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5290] write(1, "executing program\n", 18) = 18 [pid 5290] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5290] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5290] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5290] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5290] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5290] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5290] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5290] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5290] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5290] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5290] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5290] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5290] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5290] close(5) = 0 [pid 5290] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5290] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5290] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5290] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 291.578910][ T9] usb 1-1: new high-speed USB device number 54 using dummy_hcd [pid 5290] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5290] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5290] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5290] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5290] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5290] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 291.784219][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 291.793019][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 291.803700][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 291.812813][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5290] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5290] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 291.837852][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 291.846989][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 291.855048][ T9] usb 1-1: Product: syz [ 291.859311][ T9] usb 1-1: Manufacturer: syz [ 291.884278][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 291.889686][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 291.896040][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 291.902040][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5290] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5290] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5290] exit_group(0) = ? [ 292.095142][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 292.100969][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 292.106709][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 292.112402][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 292.118179][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 292.123969][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 292.129566][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5290, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./178", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./178/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5291 attached , child_tidptr=0x555557a32750) = 5291 [pid 5291] set_robust_list(0x555557a32760, 24) = 0 [ 292.142437][ T783] usb 1-1: USB disconnect, device number 54 [pid 5291] chdir("./179") = 0 [pid 5291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5291] setpgid(0, 0) = 0 [pid 5291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5291] write(3, "1000", 4) = 4 [pid 5291] close(3) = 0 [pid 5291] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5291] write(1, "executing program\n", 18) = 18 [pid 5291] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5291] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5291] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5291] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5291] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5291] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5291] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5291] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5291] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5291] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5291] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5291] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5291] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5291] close(5) = 0 [pid 5291] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5291] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5291] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5291] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 292.778854][ T9] usb 1-1: new high-speed USB device number 55 using dummy_hcd [pid 5291] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5291] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5291] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5291] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5291] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5291] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 292.983472][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 292.992311][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 293.002495][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 293.011539][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5291] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5291] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 293.039609][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 293.048706][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 293.056888][ T9] usb 1-1: Product: syz [ 293.061135][ T9] usb 1-1: Manufacturer: syz [ 293.083533][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 293.088888][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 293.095327][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 293.101487][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5291] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5291] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5291] exit_group(0) = ? [ 293.283664][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 293.289479][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 293.295231][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 293.301001][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 293.306783][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 293.312474][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 293.318060][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 293.327045][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [pid 5291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5291, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./179", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./179/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5292 ./strace-static-x86_64: Process 5292 attached [pid 5292] set_robust_list(0x555557a32760, 24) = 0 [pid 5292] chdir("./180") = 0 [pid 5292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5292] setpgid(0, 0) = 0 [pid 5292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5292] write(3, "1000", 4) = 4 [pid 5292] close(3) = 0 [pid 5292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5292] write(1, "executing program\n", 18executing program ) = 18 [pid 5292] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5292] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5292] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 293.334120][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE [ 293.339989][ T783] usb 1-1: USB disconnect, device number 55 [pid 5292] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5292] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5292] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5292] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5292] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5292] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5292] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5292] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5292] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5292] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5292] close(5) = 0 [pid 5292] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5292] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5292] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5292] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 293.938916][ T9] usb 1-1: new high-speed USB device number 56 using dummy_hcd [pid 5292] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5292] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5292] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5292] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5292] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5292] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 294.163102][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 294.171986][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 294.182151][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 294.191236][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5292] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5292] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 294.220545][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 294.229806][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 294.237909][ T9] usb 1-1: Product: syz [ 294.242184][ T9] usb 1-1: Manufacturer: syz [ 294.265671][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 294.271186][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 294.277645][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 294.283847][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5292] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5292] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 294.467158][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 294.472912][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 294.478655][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 294.484344][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 294.490102][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 294.495841][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 294.501577][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 294.507380][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5292] exit_group(0) = ? [pid 5292] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5292, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./180", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./180/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/binderfs") = 0 [ 294.513144][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 294.518850][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 294.524588][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 294.530278][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 294.535871][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 294.549240][ T9] usb 1-1: USB disconnect, device number 56 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5293 attached , child_tidptr=0x555557a32750) = 5293 [pid 5293] set_robust_list(0x555557a32760, 24) = 0 [pid 5293] chdir("./181") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5293] write(1, "executing program\n", 18) = 18 [pid 5293] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5293] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5293] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5293] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5293] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5293] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5293] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5293] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5293] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5293] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5293] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5293] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5293] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5293] close(5) = 0 [pid 5293] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5293] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5293] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5293] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 295.188962][ T9] usb 1-1: new high-speed USB device number 57 using dummy_hcd [pid 5293] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5293] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5293] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5293] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5293] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5293] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 295.404154][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 295.413243][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 295.423409][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 295.432432][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5293] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5293] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5293] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 295.468836][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 295.478010][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 295.486476][ T9] usb 1-1: Product: syz [ 295.490747][ T9] usb 1-1: Manufacturer: syz [ 295.531710][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 295.537034][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 295.543590][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 295.549546][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5293] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5293] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5293] exit_group(0) = ? [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./181", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./181/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 295.742200][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 295.747947][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 295.753680][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 295.759366][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 295.765128][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 295.770832][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 295.776427][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 295.786167][ T9] usb 1-1: USB disconnect, device number 57 newfstatat(AT_FDCWD, "./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5294 attached , child_tidptr=0x555557a32750) = 5294 [pid 5294] set_robust_list(0x555557a32760, 24) = 0 [pid 5294] chdir("./182") = 0 [pid 5294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5294] setpgid(0, 0) = 0 [pid 5294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5294] write(3, "1000", 4) = 4 [pid 5294] close(3) = 0 [pid 5294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5294] write(1, "executing program\n", 18executing program ) = 18 [pid 5294] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5294] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5294] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5294] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5294] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5294] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5294] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5294] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5294] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5294] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5294] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5294] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5294] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5294] close(5) = 0 [pid 5294] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5294] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5294] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5294] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 296.388868][ T783] usb 1-1: new high-speed USB device number 58 using dummy_hcd [pid 5294] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5294] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5294] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5294] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5294] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5294] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 296.595339][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 296.604349][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 296.614620][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 296.623702][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5294] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5294] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 296.660332][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 296.669763][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 296.677768][ T783] usb 1-1: Product: syz [ 296.682031][ T783] usb 1-1: Manufacturer: syz [ 296.723207][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 296.728461][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 296.735106][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 296.741064][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5294] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5294] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5294] exit_group(0) = ? [ 296.923121][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 296.928938][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 296.934690][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 296.940539][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 296.946231][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 296.951990][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 296.957702][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 296.967285][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5294] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5294, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./182", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./182/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 296.969044][ T9] usb 1-1: USB disconnect, device number 58 rmdir("./182") = 0 mkdir("./183", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5295 attached , child_tidptr=0x555557a32750) = 5295 [pid 5295] set_robust_list(0x555557a32760, 24) = 0 [pid 5295] chdir("./183") = 0 [pid 5295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5295] setpgid(0, 0) = 0 [pid 5295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5295] write(3, "1000", 4) = 4 [pid 5295] close(3) = 0 [pid 5295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5295] write(1, "executing program\n", 18executing program ) = 18 [pid 5295] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5295] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5295] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5295] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5295] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5295] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5295] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5295] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5295] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5295] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5295] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5295] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5295] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5295] close(5) = 0 [pid 5295] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5295] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5295] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5295] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 297.628947][ T9] usb 1-1: new high-speed USB device number 59 using dummy_hcd [pid 5295] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5295] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5295] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5295] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5295] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5295] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 297.843190][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 297.851969][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 297.862130][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 297.871173][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5295] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5295] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5295] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 297.896152][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 297.905276][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 297.913531][ T9] usb 1-1: Product: syz [ 297.917800][ T9] usb 1-1: Manufacturer: syz [ 297.956692][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 297.962076][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 297.968499][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 297.974572][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5295] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5295] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5295] exit_group(0) = ? [ 298.156918][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 298.162689][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 298.168425][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 298.174102][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 298.180022][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 298.185705][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 298.191443][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 298.197131][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5295] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5295, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./183", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./183/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 298.202722][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 298.212495][ T9] usb 1-1: USB disconnect, device number 59 rmdir("./183") = 0 mkdir("./184", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5296 attached , child_tidptr=0x555557a32750) = 5296 [pid 5296] set_robust_list(0x555557a32760, 24) = 0 [pid 5296] chdir("./184") = 0 [pid 5296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5296] setpgid(0, 0) = 0 [pid 5296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5296] write(3, "1000", 4) = 4 [pid 5296] close(3) = 0 [pid 5296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5296] write(1, "executing program\n", 18executing program ) = 18 [pid 5296] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5296] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5296] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5296] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5296] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5296] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5296] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5296] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5296] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5296] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5296] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5296] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5296] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5296] close(5) = 0 [pid 5296] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5296] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5296] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5296] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 298.838872][ T783] usb 1-1: new high-speed USB device number 60 using dummy_hcd [pid 5296] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5296] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5296] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5296] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5296] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5296] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 299.044628][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 299.053551][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 299.063899][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 299.072985][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5296] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5296] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 299.091680][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 299.101263][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 299.109326][ T783] usb 1-1: Product: syz [ 299.113564][ T783] usb 1-1: Manufacturer: syz [pid 5296] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 299.145807][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 299.151231][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 299.157987][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 299.163977][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5296] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5296] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5296] exit_group(0) = ? [ 299.357230][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 299.362949][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 299.368686][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 299.374366][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 299.380130][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 299.385983][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 299.391851][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 299.397711][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5296, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./184", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./184/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 [ 299.403432][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 299.412708][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 299.414110][ T9] usb 1-1: USB disconnect, device number 60 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5297 attached , child_tidptr=0x555557a32750) = 5297 [pid 5297] set_robust_list(0x555557a32760, 24) = 0 [pid 5297] chdir("./185") = 0 [pid 5297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5297] setpgid(0, 0) = 0 [pid 5297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5297] write(3, "1000", 4) = 4 [pid 5297] close(3) = 0 [pid 5297] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5297] write(1, "executing program\n", 18) = 18 [pid 5297] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5297] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5297] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5297] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5297] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5297] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5297] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5297] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5297] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5297] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5297] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5297] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5297] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5297] close(5) = 0 [pid 5297] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5297] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5297] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5297] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 300.038928][ T783] usb 1-1: new high-speed USB device number 61 using dummy_hcd [pid 5297] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5297] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5297] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5297] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5297] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5297] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 300.244472][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 300.253504][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 300.263718][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 300.272855][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5297] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5297] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 300.307856][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 300.317294][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 300.325361][ T783] usb 1-1: Product: syz [ 300.329596][ T783] usb 1-1: Manufacturer: syz [ 300.353613][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 300.358966][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 300.365422][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 300.371439][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5297] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5297] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5297] exit_group(0) = ? [ 300.554881][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 300.560786][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 300.566544][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 300.572247][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 300.578003][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 300.583859][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 300.589735][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 300.595613][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5297, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./185", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./185/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 300.601334][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 300.610884][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 300.611281][ T9] usb 1-1: USB disconnect, device number 61 unlink("./185/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5298 attached , child_tidptr=0x555557a32750) = 5298 [pid 5298] set_robust_list(0x555557a32760, 24) = 0 [pid 5298] chdir("./186") = 0 [pid 5298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5298] setpgid(0, 0) = 0 [pid 5298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5298] write(3, "1000", 4) = 4 [pid 5298] close(3) = 0 [pid 5298] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5298] write(1, "executing program\n", 18) = 18 [pid 5298] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5298] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5298] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5298] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5298] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5298] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5298] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5298] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5298] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5298] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5298] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5298] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5298] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5298] close(5) = 0 [pid 5298] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5298] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5298] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5298] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 301.258860][ T9] usb 1-1: new high-speed USB device number 62 using dummy_hcd [pid 5298] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5298] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5298] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5298] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5298] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5298] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 301.464069][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 301.472852][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 301.483015][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 301.492215][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5298] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5298] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 301.517653][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 301.526821][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 301.534920][ T9] usb 1-1: Product: syz [ 301.539135][ T9] usb 1-1: Manufacturer: syz [pid 5298] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 301.571607][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 301.576864][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 301.583847][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 301.589834][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5298] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5298] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5298] exit_group(0) = ? [ 301.782210][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 301.787957][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 301.793707][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 301.799581][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 301.805260][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 301.811037][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 301.816904][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 301.822575][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5298, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 301.828397][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 301.834088][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 301.844779][ T9] usb 1-1: USB disconnect, device number 62 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./186/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5299 attached , child_tidptr=0x555557a32750) = 5299 [pid 5299] set_robust_list(0x555557a32760, 24) = 0 [pid 5299] chdir("./187") = 0 [pid 5299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5299] setpgid(0, 0) = 0 [pid 5299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5299] write(3, "1000", 4) = 4 [pid 5299] close(3) = 0 [pid 5299] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5299] write(1, "executing program\n", 18) = 18 [pid 5299] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5299] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5299] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5299] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5299] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5299] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5299] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5299] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5299] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5299] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5299] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5299] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5299] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5299] close(5) = 0 [pid 5299] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5299] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5299] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5299] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 302.548892][ T9] usb 1-1: new high-speed USB device number 63 using dummy_hcd [pid 5299] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5299] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5299] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5299] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5299] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5299] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 302.763096][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 302.771955][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 302.782099][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 302.791146][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5299] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5299] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 302.826039][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 302.835180][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 302.843244][ T9] usb 1-1: Product: syz [ 302.847435][ T9] usb 1-1: Manufacturer: syz [ 302.871885][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 302.877168][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 302.883855][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 302.889875][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5299] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5299] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5299] exit_group(0) = ? [ 303.073274][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 303.079012][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 303.084761][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 303.090585][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 303.096274][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 303.102015][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 303.107721][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 303.113337][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5299, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./187", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./187/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 303.126863][ T9] usb 1-1: USB disconnect, device number 63 rmdir("./187") = 0 mkdir("./188", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5300 ./strace-static-x86_64: Process 5300 attached [pid 5300] set_robust_list(0x555557a32760, 24) = 0 [pid 5300] chdir("./188") = 0 [pid 5300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5300] setpgid(0, 0) = 0 [pid 5300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5300] write(3, "1000", 4) = 4 [pid 5300] close(3) = 0 [pid 5300] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5300] write(1, "executing program\n", 18) = 18 [pid 5300] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5300] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5300] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5300] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5300] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5300] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5300] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5300] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5300] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5300] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5300] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5300] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5300] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5300] close(5) = 0 [pid 5300] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5300] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5300] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5300] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 303.758891][ T9] usb 1-1: new high-speed USB device number 64 using dummy_hcd [pid 5300] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5300] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5300] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5300] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5300] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5300] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 303.972964][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 303.981686][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 303.991863][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 304.000915][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5300] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5300] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5300] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 304.030430][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 304.039614][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 304.047598][ T9] usb 1-1: Product: syz [ 304.051827][ T9] usb 1-1: Manufacturer: syz [ 304.085304][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 304.090618][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 304.096945][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 304.102962][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5300] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5300] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5300] exit_group(0) = ? [pid 5300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5300, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./188", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./188/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5301 ./strace-static-x86_64: Process 5301 attached [pid 5301] set_robust_list(0x555557a32760, 24) = 0 [pid 5301] chdir("./189") = 0 [ 304.286452][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 304.292168][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 304.297902][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 304.303777][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 304.309522][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 304.319280][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 304.321108][ T9] usb 1-1: USB disconnect, device number 64 [pid 5301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5301] setpgid(0, 0) = 0 [pid 5301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5301] write(3, "1000", 4) = 4 [pid 5301] close(3) = 0 [pid 5301] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5301] write(1, "executing program\n", 18) = 18 [pid 5301] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5301] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5301] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5301] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5301] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5301] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5301] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5301] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5301] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5301] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5301] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5301] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5301] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5301] close(5) = 0 [pid 5301] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5301] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5301] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5301] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 304.928852][ T9] usb 1-1: new high-speed USB device number 65 using dummy_hcd [pid 5301] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5301] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5301] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5301] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5301] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5301] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 305.133271][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 305.142024][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 305.152171][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 305.161198][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5301] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5301] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 305.196331][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 305.205558][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 305.213709][ T9] usb 1-1: Product: syz [ 305.217990][ T9] usb 1-1: Manufacturer: syz [ 305.252715][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 305.257967][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 305.264518][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 305.270572][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5301] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5301] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5301] exit_group(0) = ? [pid 5301] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5301, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./189", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 305.453415][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 305.459170][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 305.464932][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 305.470627][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 305.476382][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 305.482131][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 305.495225][ T9] usb 1-1: USB disconnect, device number 65 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./189/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5302 attached , child_tidptr=0x555557a32750) = 5302 [pid 5302] set_robust_list(0x555557a32760, 24) = 0 [pid 5302] chdir("./190") = 0 [pid 5302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5302] setpgid(0, 0) = 0 [pid 5302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5302] write(3, "1000", 4) = 4 [pid 5302] close(3) = 0 [pid 5302] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5302] write(1, "executing program\n", 18) = 18 [pid 5302] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5302] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5302] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5302] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5302] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5302] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5302] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5302] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5302] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5302] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5302] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5302] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5302] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5302] close(5) = 0 [pid 5302] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5302] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5302] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5302] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 306.178887][ T9] usb 1-1: new high-speed USB device number 66 using dummy_hcd [pid 5302] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5302] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5302] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5302] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5302] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5302] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 306.393412][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 306.402100][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 306.412236][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 306.421244][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5302] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5302] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5302] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 306.446341][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 306.455515][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 306.463604][ T9] usb 1-1: Product: syz [ 306.467787][ T9] usb 1-1: Manufacturer: syz [ 306.489090][ T9] cdc_wdm 1-1:1.0: skipping garbage [pid 5302] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 306.494429][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 306.501014][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 306.506943][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5302] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5302] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5302] exit_group(0) = ? [pid 5302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5302, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./190", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./190/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5303 ./strace-static-x86_64: Process 5303 attached [pid 5303] set_robust_list(0x555557a32760, 24) = 0 [pid 5303] chdir("./191") = 0 [pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5303] setpgid(0, 0) = 0 [ 306.700405][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 306.706238][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 306.712004][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 306.717692][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 306.723292][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 306.734586][ T9] usb 1-1: USB disconnect, device number 66 [pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5303] write(3, "1000", 4) = 4 [pid 5303] close(3) = 0 [pid 5303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5303] write(1, "executing program\n", 18executing program ) = 18 [pid 5303] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5303] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5303] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5303] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5303] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5303] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5303] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5303] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5303] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5303] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5303] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5303] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5303] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5303] close(5) = 0 [pid 5303] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5303] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5303] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5303] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 307.348853][ T783] usb 1-1: new high-speed USB device number 67 using dummy_hcd [pid 5303] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5303] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5303] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5303] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5303] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5303] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 307.564297][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 307.573344][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 307.584091][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 307.593350][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5303] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5303] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 307.609580][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 307.619005][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 307.627019][ T783] usb 1-1: Product: syz [ 307.631284][ T783] usb 1-1: Manufacturer: syz [pid 5303] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 307.681151][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 307.686428][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 307.693272][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 307.699283][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5303] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5303] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5303] exit_group(0) = ? [ 307.891684][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 307.897494][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 307.903259][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 307.909131][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 307.915120][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 307.920933][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 307.926616][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 307.932398][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./191", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./191/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5304 attached , child_tidptr=0x555557a32750) = 5304 [pid 5304] set_robust_list(0x555557a32760, 24) = 0 [pid 5304] chdir("./192") = 0 [pid 5304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5304] setpgid(0, 0) = 0 [pid 5304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 307.938224][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 307.951183][ T9] usb 1-1: USB disconnect, device number 67 [pid 5304] write(3, "1000", 4) = 4 [pid 5304] close(3) = 0 [pid 5304] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5304] write(1, "executing program\n", 18) = 18 [pid 5304] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5304] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5304] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5304] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5304] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5304] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5304] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5304] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5304] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5304] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5304] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5304] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5304] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5304] close(5) = 0 [pid 5304] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5304] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5304] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5304] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 308.588873][ T9] usb 1-1: new high-speed USB device number 68 using dummy_hcd [pid 5304] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5304] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5304] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5304] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5304] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5304] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 308.793159][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 308.801887][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 308.812026][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 308.821036][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5304] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5304] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 308.866124][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 308.875263][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 308.883311][ T9] usb 1-1: Product: syz [ 308.887504][ T9] usb 1-1: Manufacturer: syz [ 308.928250][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 308.933609][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 308.940112][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 308.946043][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5304] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5304] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5304] exit_group(0) = ? [pid 5304] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5304, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./192", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 309.129484][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 309.135203][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 309.140954][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 309.146807][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 309.152576][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 309.158322][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 309.170343][ T9] usb 1-1: USB disconnect, device number 68 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./192/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5305 attached , child_tidptr=0x555557a32750) = 5305 [pid 5305] set_robust_list(0x555557a32760, 24) = 0 [pid 5305] chdir("./193") = 0 [pid 5305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5305] setpgid(0, 0) = 0 [pid 5305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5305] write(3, "1000", 4) = 4 [pid 5305] close(3) = 0 [pid 5305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5305] write(1, "executing program\n", 18executing program ) = 18 [pid 5305] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5305] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5305] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5305] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5305] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5305] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5305] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5305] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5305] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5305] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5305] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5305] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5305] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5305] close(5) = 0 [pid 5305] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5305] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5305] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5305] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 309.858865][ T9] usb 1-1: new high-speed USB device number 69 using dummy_hcd [pid 5305] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5305] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5305] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5305] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5305] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5305] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 310.073284][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 310.082102][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 310.092735][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 310.101809][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5305] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5305] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 310.129649][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 310.138881][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 310.146883][ T9] usb 1-1: Product: syz [ 310.151087][ T9] usb 1-1: Manufacturer: syz [ 310.183671][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 310.189009][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 310.195384][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 310.201390][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5305] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5305] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5305] exit_group(0) = ? [ 310.383849][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 310.389670][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 310.395423][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 310.401271][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 310.407096][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 310.412761][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 310.418493][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 310.424207][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5305, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./193", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./193/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5306 attached , child_tidptr=0x555557a32750) = 5306 [pid 5306] set_robust_list(0x555557a32760, 24) = 0 [pid 5306] chdir("./194") = 0 [pid 5306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 310.435192][ T9] usb 1-1: USB disconnect, device number 69 [pid 5306] setpgid(0, 0) = 0 [pid 5306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5306] write(3, "1000", 4) = 4 [pid 5306] close(3) = 0 [pid 5306] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5306] write(1, "executing program\n", 18) = 18 [pid 5306] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5306] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5306] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5306] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5306] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5306] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5306] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5306] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5306] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5306] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5306] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5306] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5306] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5306] close(5) = 0 [pid 5306] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5306] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5306] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5306] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 311.038858][ T9] usb 1-1: new high-speed USB device number 70 using dummy_hcd [pid 5306] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5306] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5306] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5306] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5306] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5306] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 311.263036][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 311.271754][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 311.281891][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 311.290927][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5306] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5306] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 311.325899][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 311.335096][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 311.343226][ T9] usb 1-1: Product: syz [ 311.347425][ T9] usb 1-1: Manufacturer: syz [ 311.381270][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 311.386535][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 311.393159][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 311.399128][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5306] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5306] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 311.581744][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 311.587456][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 311.593179][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 311.598862][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 311.604587][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 311.610437][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 311.616315][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 311.622036][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5306] exit_group(0) = ? [pid 5306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5306, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./194", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./194/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./194/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5307 attached , child_tidptr=0x555557a32750) = 5307 [pid 5307] set_robust_list(0x555557a32760, 24) = 0 [pid 5307] chdir("./195") = 0 [pid 5307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 311.634082][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 311.640459][ T783] usb 1-1: USB disconnect, device number 70 [pid 5307] setpgid(0, 0) = 0 [pid 5307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5307] write(3, "1000", 4) = 4 [pid 5307] close(3) = 0 [pid 5307] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5307] write(1, "executing program\n", 18) = 18 [pid 5307] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5307] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5307] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5307] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5307] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5307] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5307] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5307] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5307] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5307] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5307] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5307] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5307] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5307] close(5) = 0 [pid 5307] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5307] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5307] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5307] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 312.238887][ T783] usb 1-1: new high-speed USB device number 71 using dummy_hcd [pid 5307] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5307] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5307] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5307] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5307] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5307] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 312.445268][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 312.454133][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 312.464374][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 312.473452][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5307] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5307] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 312.496913][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 312.506076][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 312.514175][ T783] usb 1-1: Product: syz [ 312.518360][ T783] usb 1-1: Manufacturer: syz [ 312.560778][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 312.566051][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 312.572661][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 312.578620][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5307] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5307] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5307] exit_group(0) = ? [ 312.761653][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 312.767489][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 312.773255][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 312.779094][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 312.784946][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 312.790786][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 312.796612][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 312.802425][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5307, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./195", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./195/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 [ 312.808253][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 312.813937][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 312.819662][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 312.825365][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 312.837568][ T9] usb 1-1: USB disconnect, device number 71 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5308 attached [pid 5308] set_robust_list(0x555557a32760, 24 [pid 5093] <... clone resumed>, child_tidptr=0x555557a32750) = 5308 [pid 5308] <... set_robust_list resumed>) = 0 [pid 5308] chdir("./196") = 0 [pid 5308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5308] setpgid(0, 0) = 0 [pid 5308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5308] write(3, "1000", 4) = 4 [pid 5308] close(3) = 0 [pid 5308] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5308] write(1, "executing program\n", 18) = 18 [pid 5308] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5308] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5308] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5308] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5308] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5308] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5308] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5308] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5308] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5308] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5308] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5308] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5308] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5308] close(5) = 0 [pid 5308] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5308] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5308] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5308] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 313.478853][ T783] usb 1-1: new high-speed USB device number 72 using dummy_hcd [pid 5308] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5308] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5308] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5308] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5308] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5308] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 313.674963][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 313.683738][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 313.693898][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 313.703004][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5308] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5308] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 313.749753][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 313.759153][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 313.767168][ T783] usb 1-1: Product: syz [ 313.771386][ T783] usb 1-1: Manufacturer: syz [ 313.804750][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 313.810122][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 313.816710][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 313.822741][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5308] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5308] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5308] exit_group(0) = ? [ 314.004674][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 314.010392][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 314.016133][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 314.022003][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 314.027836][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 314.033668][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 314.039524][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 314.045226][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5308, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./196", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 314.050975][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 314.056696][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 314.065967][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 314.069504][ T9] usb 1-1: USB disconnect, device number 72 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./196/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5309 attached , child_tidptr=0x555557a32750) = 5309 [pid 5309] set_robust_list(0x555557a32760, 24) = 0 [pid 5309] chdir("./197") = 0 [pid 5309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5309] setpgid(0, 0) = 0 [pid 5309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5309] write(3, "1000", 4) = 4 [pid 5309] close(3) = 0 [pid 5309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5309] write(1, "executing program\n", 18executing program ) = 18 [pid 5309] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5309] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5309] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5309] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5309] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5309] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5309] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5309] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5309] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5309] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5309] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5309] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5309] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5309] close(5) = 0 [pid 5309] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5309] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5309] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5309] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 314.738854][ T9] usb 1-1: new high-speed USB device number 73 using dummy_hcd [pid 5309] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5309] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5309] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5309] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5309] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5309] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 314.933789][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 314.942515][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 314.952672][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 314.961718][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5309] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5309] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5309] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 314.995919][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 315.005111][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 315.013526][ T9] usb 1-1: Product: syz [ 315.017723][ T9] usb 1-1: Manufacturer: syz [ 315.050341][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 315.055609][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 315.062278][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 315.068299][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5309] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5309] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5309] exit_group(0) = ? [ 315.261413][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 315.267157][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 315.272907][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 315.278683][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 315.284444][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 315.290145][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 315.295889][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 315.301605][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5309, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./197", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./197/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5310 ./strace-static-x86_64: Process 5310 attached [pid 5310] set_robust_list(0x555557a32760, 24) = 0 [pid 5310] chdir("./198") = 0 [pid 5310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5310] setpgid(0, 0) = 0 [pid 5310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5310] write(3, "1000", 4) = 4 [pid 5310] close(3) = 0 [pid 5310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5310] write(1, "executing program\n", 18executing program ) = 18 [pid 5310] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5310] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5310] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5310] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5310] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5310] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5310] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5310] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5310] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [ 315.307331][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 315.313017][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 315.318628][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 315.331074][ T783] usb 1-1: USB disconnect, device number 73 [pid 5310] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5310] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5310] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5310] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5310] close(5) = 0 [pid 5310] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5310] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5310] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5310] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 315.898849][ T9] usb 1-1: new high-speed USB device number 74 using dummy_hcd [pid 5310] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5310] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5310] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5310] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5310] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5310] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 316.103175][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 316.111877][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 316.122262][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 316.131342][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5310] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5310] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 316.157126][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 316.166238][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 316.174272][ T9] usb 1-1: Product: syz [ 316.178445][ T9] usb 1-1: Manufacturer: syz [ 316.203730][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 316.209086][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 316.215928][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 316.221978][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5310] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5310] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5310] exit_group(0) = ? [ 316.404279][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 316.410015][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 316.415751][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 316.421625][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 316.427314][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 316.433084][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 316.438836][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5310, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./198", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./198/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 316.449819][ T9] usb 1-1: USB disconnect, device number 74 unlink("./198/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5311 ./strace-static-x86_64: Process 5311 attached [pid 5311] set_robust_list(0x555557a32760, 24) = 0 [pid 5311] chdir("./199") = 0 [pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5311] setpgid(0, 0) = 0 [pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5311] write(3, "1000", 4) = 4 [pid 5311] close(3) = 0 [pid 5311] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5311] write(1, "executing program\n", 18) = 18 [pid 5311] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5311] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5311] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5311] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5311] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5311] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5311] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5311] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5311] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5311] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5311] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5311] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5311] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5311] close(5) = 0 [pid 5311] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5311] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5311] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5311] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 317.078909][ T9] usb 1-1: new high-speed USB device number 75 using dummy_hcd [pid 5311] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5311] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5311] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5311] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5311] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5311] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 317.273897][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 317.282749][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 317.292951][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 317.301987][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5311] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5311] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 317.337633][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 317.346852][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 317.354907][ T9] usb 1-1: Product: syz [ 317.359167][ T9] usb 1-1: Manufacturer: syz [ 317.402068][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 317.407304][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 317.414466][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 317.420484][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5311] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5311] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5311] exit_group(0) = ? [ 317.603360][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 317.609368][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 317.615183][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 317.620876][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 317.626638][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 317.632517][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 317.638252][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 317.647656][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [pid 5311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./199", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./199/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 317.648070][ T9] usb 1-1: USB disconnect, device number 75 unlink("./199/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5312 attached , child_tidptr=0x555557a32750) = 5312 [pid 5312] set_robust_list(0x555557a32760, 24) = 0 [pid 5312] chdir("./200") = 0 [pid 5312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5312] setpgid(0, 0) = 0 [pid 5312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5312] write(3, "1000", 4) = 4 [pid 5312] close(3) = 0 [pid 5312] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5312] write(1, "executing program\n", 18) = 18 [pid 5312] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5312] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5312] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5312] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5312] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5312] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5312] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5312] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5312] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5312] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5312] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5312] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5312] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5312] close(5) = 0 [pid 5312] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5312] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5312] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5312] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 318.258997][ T9] usb 1-1: new high-speed USB device number 76 using dummy_hcd [pid 5312] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5312] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5312] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5312] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5312] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5312] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 318.454073][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 318.462841][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 318.472992][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 318.482072][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5312] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5312] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5312] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 318.509225][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 318.518504][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 318.526776][ T9] usb 1-1: Product: syz [ 318.531034][ T9] usb 1-1: Manufacturer: syz [ 318.572791][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 318.578077][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 318.585114][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 318.591192][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5312] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5312] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5312] exit_group(0) = ? [ 318.774411][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 318.780178][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 318.785925][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 318.791637][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 318.797389][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 318.803096][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 318.808895][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 318.814777][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5312, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./200", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./200/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 [ 318.820488][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 318.826134][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 318.838871][ T9] usb 1-1: USB disconnect, device number 76 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5313 attached , child_tidptr=0x555557a32750) = 5313 [pid 5313] set_robust_list(0x555557a32760, 24) = 0 [pid 5313] chdir("./201") = 0 [pid 5313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5313] setpgid(0, 0) = 0 [pid 5313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5313] write(3, "1000", 4) = 4 [pid 5313] close(3) = 0 [pid 5313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5313] write(1, "executing program\n", 18executing program ) = 18 [pid 5313] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5313] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5313] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5313] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5313] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5313] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5313] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5313] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5313] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5313] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5313] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5313] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5313] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5313] close(5) = 0 [pid 5313] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5313] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5313] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5313] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 319.478871][ T9] usb 1-1: new high-speed USB device number 77 using dummy_hcd [pid 5313] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5313] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5313] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5313] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5313] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5313] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 319.693674][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 319.702455][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 319.712645][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 319.721760][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5313] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5313] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5313] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 319.767798][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 319.776990][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 319.785049][ T9] usb 1-1: Product: syz [ 319.789294][ T9] usb 1-1: Manufacturer: syz [ 319.830483][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 319.835853][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 319.842489][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 319.848593][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5313] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5313] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5313] exit_group(0) = ? [ 320.041118][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 320.046827][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 320.052561][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 320.058399][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 320.064206][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 320.069897][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 320.075666][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 320.081381][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5313, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./201", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./201/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5314 attached , child_tidptr=0x555557a32750) = 5314 [pid 5314] set_robust_list(0x555557a32760, 24) = 0 [pid 5314] chdir("./202") = 0 [pid 5314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5314] setpgid(0, 0) = 0 [pid 5314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 320.092349][ T9] usb 1-1: USB disconnect, device number 77 [pid 5314] write(3, "1000", 4) = 4 [pid 5314] close(3) = 0 [pid 5314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5314] write(1, "executing program\n", 18executing program ) = 18 [pid 5314] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5314] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5314] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5314] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5314] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5314] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5314] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5314] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5314] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5314] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5314] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5314] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5314] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5314] close(5) = 0 [pid 5314] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5314] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5314] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5314] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 320.748857][ T9] usb 1-1: new high-speed USB device number 78 using dummy_hcd [pid 5314] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5314] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5314] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5314] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5314] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5314] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 320.943743][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 320.952561][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 320.962721][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 320.971771][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5314] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5314] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 321.006751][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 321.016090][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 321.024231][ T9] usb 1-1: Product: syz [ 321.028428][ T9] usb 1-1: Manufacturer: syz [ 321.059917][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 321.065227][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 321.071775][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 321.077702][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5314] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [ 321.260126][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 321.265943][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 321.271765][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 321.277427][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 321.283153][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 321.288838][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 321.294584][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 321.300696][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5314] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5314] exit_group(0) = ? [ 321.306434][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 321.312206][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 321.317930][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 321.323605][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 321.329322][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 321.334995][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 321.340720][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 321.346408][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5314, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./202", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./202/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5315 ./strace-static-x86_64: Process 5315 attached [pid 5315] set_robust_list(0x555557a32760, 24) = 0 [pid 5315] chdir("./203") = 0 [pid 5315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 321.356964][ T783] usb 1-1: USB disconnect, device number 78 [pid 5315] setpgid(0, 0) = 0 [pid 5315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5315] write(3, "1000", 4) = 4 [pid 5315] close(3) = 0 [pid 5315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5315] write(1, "executing program\n", 18executing program ) = 18 [pid 5315] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5315] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5315] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5315] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5315] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5315] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5315] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5315] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5315] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5315] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5315] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5315] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5315] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5315] close(5) = 0 [pid 5315] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5315] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5315] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5315] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 321.948916][ T783] usb 1-1: new high-speed USB device number 79 using dummy_hcd [pid 5315] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5315] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5315] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5315] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5315] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5315] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 322.145206][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 322.154214][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 322.164406][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 322.173524][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5315] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5315] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 322.190946][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 322.200666][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 322.208837][ T783] usb 1-1: Product: syz [ 322.213018][ T783] usb 1-1: Manufacturer: syz [pid 5315] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 322.244378][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 322.249750][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 322.256312][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 322.262300][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5315] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5315] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5315] exit_group(0) = ? [ 322.455068][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 322.460787][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 322.466616][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 322.472500][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 322.478317][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 322.484001][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 322.489745][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 322.495468][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5315, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./203", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./203/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./203/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5316 attached , child_tidptr=0x555557a32750) = 5316 [pid 5316] set_robust_list(0x555557a32760, 24) = 0 [pid 5316] chdir("./204") = 0 [pid 5316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5316] setpgid(0, 0) = 0 [pid 5316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5316] write(3, "1000", 4) = 4 [ 322.501238][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 322.506963][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 322.516584][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 322.518146][ T9] usb 1-1: USB disconnect, device number 79 [pid 5316] close(3) = 0 [pid 5316] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5316] write(1, "executing program\n", 18) = 18 [pid 5316] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5316] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5316] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5316] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5316] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5316] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5316] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5316] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5316] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5316] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5316] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5316] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5316] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5316] close(5) = 0 [pid 5316] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5316] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5316] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5316] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 323.118874][ T783] usb 1-1: new high-speed USB device number 80 using dummy_hcd [pid 5316] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5316] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5316] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5316] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5316] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5316] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 323.323781][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 323.332747][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 323.343372][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 323.352618][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5316] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5316] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5316] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 323.379744][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 323.388867][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 323.397015][ T783] usb 1-1: Product: syz [ 323.401295][ T783] usb 1-1: Manufacturer: syz [pid 5316] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 323.432827][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 323.438059][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 323.444919][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 323.450877][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5316] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5316] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [ 323.643532][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 323.649316][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 323.655094][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 323.660990][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 323.666899][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 323.672763][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 323.678625][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 323.684492][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5316] exit_group(0) = ? [pid 5316] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5316, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./204", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./204/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5317 attached , child_tidptr=0x555557a32750) = 5317 [pid 5317] set_robust_list(0x555557a32760, 24) = 0 [pid 5317] chdir("./205") = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5317] setpgid(0, 0) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5317] write(3, "1000", 4) = 4 [ 323.690385][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 323.696236][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 323.701940][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 323.707735][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 323.713444][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 323.726590][ T9] usb 1-1: USB disconnect, device number 80 [pid 5317] close(3) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5317] write(1, "executing program\n", 18) = 18 [pid 5317] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5317] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5317] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5317] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5317] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5317] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5317] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5317] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5317] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5317] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5317] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5317] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5317] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5317] close(5) = 0 [pid 5317] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5317] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5317] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5317] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 324.318878][ T9] usb 1-1: new high-speed USB device number 81 using dummy_hcd [pid 5317] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5317] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5317] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5317] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5317] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5317] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 324.553689][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 324.562430][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 324.572638][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 324.581694][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5317] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5317] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 324.607017][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 324.616231][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 324.624361][ T9] usb 1-1: Product: syz [ 324.628601][ T9] usb 1-1: Manufacturer: syz [ 324.661210][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 324.666478][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 324.673067][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 324.679062][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5317] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5317] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5317] exit_group(0) = ? [ 324.862200][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 324.868402][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 324.874180][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 324.880006][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 324.885738][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 324.891515][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 324.897208][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 324.902828][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./205", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./205/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 [ 324.914008][ T9] usb 1-1: USB disconnect, device number 81 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5318 attached , child_tidptr=0x555557a32750) = 5318 [pid 5318] set_robust_list(0x555557a32760, 24) = 0 [pid 5318] chdir("./206") = 0 [pid 5318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5318] setpgid(0, 0) = 0 [pid 5318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5318] write(3, "1000", 4) = 4 [pid 5318] close(3) = 0 [pid 5318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5318] write(1, "executing program\n", 18executing program ) = 18 [pid 5318] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5318] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5318] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5318] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5318] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5318] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5318] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5318] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5318] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5318] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5318] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5318] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5318] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5318] close(5) = 0 [pid 5318] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5318] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5318] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5318] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 325.588858][ T9] usb 1-1: new high-speed USB device number 82 using dummy_hcd [pid 5318] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5318] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5318] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5318] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5318] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5318] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 325.823913][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 325.832683][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 325.843082][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 325.852166][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5318] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5318] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 325.887120][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 325.896283][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 325.904332][ T9] usb 1-1: Product: syz [ 325.908509][ T9] usb 1-1: Manufacturer: syz [ 325.940368][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 325.945627][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 325.952255][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 325.958188][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5318] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5318] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5318] exit_group(0) = ? [ 326.141977][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 326.147727][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 326.153516][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 326.159382][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 326.165311][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 326.171187][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 326.176868][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 326.182904][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [pid 5318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5318, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./206", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 326.188811][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 326.194697][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 326.200425][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 326.210577][ T9] usb 1-1: USB disconnect, device number 82 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./206/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5319 attached , child_tidptr=0x555557a32750) = 5319 [pid 5319] set_robust_list(0x555557a32760, 24) = 0 [pid 5319] chdir("./207") = 0 [pid 5319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5319] setpgid(0, 0) = 0 [pid 5319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5319] write(3, "1000", 4) = 4 [pid 5319] close(3) = 0 [pid 5319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5319] write(1, "executing program\n", 18executing program ) = 18 [pid 5319] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5319] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5319] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5319] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5319] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5319] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5319] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5319] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5319] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5319] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5319] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5319] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5319] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5319] close(5) = 0 [pid 5319] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5319] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5319] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5319] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 326.858853][ T783] usb 1-1: new high-speed USB device number 83 using dummy_hcd [pid 5319] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5319] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5319] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5319] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5319] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5319] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 327.043932][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 327.053166][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 327.063401][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 327.072452][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5319] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5319] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 327.089151][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 327.098418][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 327.106545][ T783] usb 1-1: Product: syz [ 327.110826][ T783] usb 1-1: Manufacturer: syz [ 327.142232][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 327.147468][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 327.154497][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 327.160536][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5319] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5319] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5319] exit_group(0) = ? [ 327.342161][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 327.347875][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 327.353612][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 327.359286][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 327.365036][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 327.370889][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 327.376744][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 327.382474][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [pid 5319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5319, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./207", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./207/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5320 attached , child_tidptr=0x555557a32750) = 5320 [pid 5320] set_robust_list(0x555557a32760, 24) = 0 [pid 5320] chdir("./208") = 0 [pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5320] setpgid(0, 0) = 0 [pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5320] write(3, "1000", 4) = 4 [ 327.392389][ T9] usb 1-1: USB disconnect, device number 83 [pid 5320] close(3) = 0 [pid 5320] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5320] write(1, "executing program\n", 18) = 18 [pid 5320] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5320] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5320] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5320] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5320] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5320] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5320] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5320] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5320] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5320] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5320] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5320] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5320] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5320] close(5) = 0 [pid 5320] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5320] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5320] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5320] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 328.008798][ T9] usb 1-1: new high-speed USB device number 84 using dummy_hcd [pid 5320] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5320] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5320] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5320] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5320] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5320] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 328.223166][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 328.231938][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 328.242110][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 328.251147][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5320] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5320] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5320] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [ 328.276844][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 328.286197][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 328.294279][ T9] usb 1-1: Product: syz [ 328.298466][ T9] usb 1-1: Manufacturer: syz [pid 5320] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 328.349568][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 328.354896][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 328.361595][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 328.367519][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5320] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5320] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5320] exit_group(0) = ? [ 328.560447][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 328.566190][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 328.571930][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 328.577899][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 328.583585][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 328.589376][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 328.595273][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 328.600981][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5320, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./208", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./208/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5321 attached , child_tidptr=0x555557a32750) = 5321 [pid 5321] set_robust_list(0x555557a32760, 24) = 0 [ 328.606593][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 328.617516][ T9] usb 1-1: USB disconnect, device number 84 [pid 5321] chdir("./209") = 0 [pid 5321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5321] setpgid(0, 0) = 0 [pid 5321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5321] write(3, "1000", 4) = 4 [pid 5321] close(3) = 0 [pid 5321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5321] write(1, "executing program\n", 18executing program ) = 18 [pid 5321] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5321] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5321] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5321] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5321] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5321] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5321] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5321] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5321] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5321] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5321] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5321] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5321] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5321] close(5) = 0 [pid 5321] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5321] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5321] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5321] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 329.248857][ T9] usb 1-1: new high-speed USB device number 85 using dummy_hcd [pid 5321] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5321] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5321] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5321] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5321] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5321] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 329.463359][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 329.472102][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 329.482655][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 329.491786][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5321] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5321] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5321] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 329.546672][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 329.555974][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 329.564083][ T9] usb 1-1: Product: syz [ 329.568261][ T9] usb 1-1: Manufacturer: syz [ 329.582310][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 329.587564][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 329.594198][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 329.600196][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5321] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5321] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5321] exit_group(0) = ? [ 329.793053][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 329.798879][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 329.804599][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 329.810272][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 329.816051][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 329.821734][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [ 329.827455][ C0] cdc_wdm 1-1:1.0: Stall on int endpoint [ 329.833124][ C0] cdc_wdm 1-1:1.0: Cannot schedule work [pid 5321] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5321, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./209", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./209/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5322 ./strace-static-x86_64: Process 5322 attached [pid 5322] set_robust_list(0x555557a32760, 24) = 0 [pid 5322] chdir("./210") = 0 [pid 5322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5322] setpgid(0, 0) = 0 [pid 5322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5322] write(3, "1000", 4) = 4 [ 329.838693][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 329.847894][ C0] cdc_wdm 1-1:1.0: Unexpected error -71 [ 329.849940][ T783] usb 1-1: USB disconnect, device number 85 [pid 5322] close(3) = 0 [pid 5322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5322] write(1, "executing program\n", 18executing program ) = 18 [pid 5322] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5322] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [pid 5322] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5322] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5322] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5322] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5322] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5322] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [pid 5322] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5322] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5322] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5322] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5322] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5322] close(5) = 0 [pid 5322] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 5 [pid 5322] ioctl(5, USB_RAW_IOCTL_INIT, 0x7fffed2c2a00) = 0 [pid 5322] ioctl(5, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5322] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [ 330.458907][ T783] usb 1-1: new high-speed USB device number 86 using dummy_hcd [pid 5322] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 18 [pid 5322] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 9 [pid 5322] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 96 [pid 5322] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 4 [pid 5322] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [pid 5322] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EP0_WRITE, 0x7fffed2c19f0) = 8 [ 330.664267][ T783] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 330.673569][ T783] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 330.683810][ T783] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 330.692875][ T783] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [pid 5322] ioctl(5, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffed2c2a00) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EP_ENABLE, 0x7f5dbbf7c42c) = 0 [pid 5322] ioctl(5, USB_RAW_IOCTL_EP0_READ, 0x7fffed2c19f0) = 0 [ 330.719405][ T783] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 330.729015][ T783] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 330.737128][ T783] usb 1-1: Product: syz [ 330.741388][ T783] usb 1-1: Manufacturer: syz [ 330.757303][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 330.762600][ T783] cdc_wdm 1-1:1.0: skipping garbage [ 330.769129][ T783] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 330.775053][ T783] cdc_wdm 1-1:1.0: Unknown control protocol [pid 5322] ioctl(5, USB_RAW_IOCTL_EP_SET_WEDGE, 0) = 0 [pid 5322] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 6 [pid 5322] exit_group(0) = ? [ 330.958469][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 330.964194][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 330.970081][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 330.975792][ C1] cdc_wdm 1-1:1.0: Cannot schedule work [ 330.981552][ C1] cdc_wdm 1-1:1.0: Stall on int endpoint [ 330.987276][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 330.996539][ T783] ------------[ cut here ]------------ [ 330.998354][ T9] usb 1-1: USB disconnect, device number 86 [pid 5322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5322, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./210", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557a337f0 /* 3 entries */, 32768) = 80 umount2("./210/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/binderfs") = 0 getdents64(3, 0x555557a337f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 [ 331.002291][ C1] cdc_wdm 1-1:1.0: Unexpected error -71 [ 331.002378][ T783] URB ffff888028c6fe00 submitted while active [ 331.022189][ T783] WARNING: CPU: 1 PID: 783 at drivers/usb/core/urb.c:379 usb_submit_urb+0x1039/0x18c0 [ 331.032486][ T783] Modules linked in: [ 331.037032][ T783] CPU: 1 PID: 783 Comm: kworker/1:2 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 [ 331.047238][ T783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a32750) = 5323 ./strace-static-x86_64: Process 5323 attached [pid 5323] set_robust_list(0x555557a32760, 24) = 0 [pid 5323] chdir("./211") = 0 [pid 5323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5323] setpgid(0, 0) = 0 [ 331.057675][ T783] Workqueue: events wdm_rxwork [ 331.062561][ T783] RIP: 0010:usb_submit_urb+0x1039/0x18c0 [ 331.068862][ T783] Code: 00 eb 66 e8 79 61 79 fa e9 79 f0 ff ff e8 6f 61 79 fa c6 05 6c 09 7b 08 01 90 48 c7 c7 a0 a5 6d 8c 4c 89 ee e8 e8 8f 3b fa 90 <0f> 0b 90 90 e9 40 f0 ff ff e8 49 61 79 fa eb 12 e8 42 61 79 fa 41 [ 331.088616][ T783] RSP: 0018:ffffc90003abfae8 EFLAGS: 00010246 [ 331.095523][ T783] RAX: c2b49586d1a48b00 RBX: 0000000000000cc0 RCX: ffff88801fd6bc00 [pid 5323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5323] write(3, "1000", 4) = 4 [pid 5323] close(3) = 0 [pid 5323] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5323] write(1, "executing program\n", 18) = 18 [pid 5323] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="mm_page_alloc", prog_fd=-1}}, 16) = -1 EBADF (Bad file descriptor) [pid 5323] bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) [ 331.103627][ T783] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 331.111957][ T783] RBP: ffff888028c6fe08 R08: ffffffff81585822 R09: 1ffff92000757efc [ 331.120029][ T783] R10: dffffc0000000000 R11: fffff52000757efd R12: 1ffff11005de3812 [ 331.128547][ T783] R13: ffff888028c6fe00 R14: dffffc0000000000 R15: ffff88802ef1c028 [ 331.136865][ T783] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 331.145915][ T783] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 5323] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5323] ioctl(-1, USBDEVFS_CONTROL, 0) = -1 EBADF (Bad file descriptor) [pid 5323] bpf(BPF_MAP_CREATE, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5323] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5323] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5323] socket(AF_ALG, SOCK_SEQPACKET, 0) = 4 [ 331.153286][ T783] CR2: 00007f5dbbf61aa0 CR3: 000000000e132000 CR4: 00000000003506f0 [ 331.161417][ T783] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 331.169992][ T783] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 331.178362][ T783] Call Trace: [ 331.181729][ T783] [ 331.184880][ T783] ? __warn+0x163/0x4e0 [ 331.189146][ T783] ? usb_submit_urb+0x1039/0x18c0 [ 331.194441][ T783] ? report_bug+0x2b3/0x500 [ 331.199111][ T783] ? usb_submit_urb+0x1039/0x18c0 [ 331.204176][ T783] ? handle_bug+0x3e/0x70 [pid 5323] dup2(-1, -1) = -1 EBADF (Bad file descriptor) [pid 5323] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0 [pid 5323] setsockopt(3, SOL_SCTP, SCTP_PRIMARY_ADDR, NULL, 0) = -1 EINVAL (Invalid argument) [pid 5323] ioctl(-1, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = -1 EBADF (Bad file descriptor) [pid 5323] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [ 331.208977][ T783] ? exc_invalid_op+0x1a/0x50 [ 331.213794][ T783] ? asm_exc_invalid_op+0x1a/0x20 [ 331.218939][ T783] ? __warn_printk+0x292/0x360 [ 331.224306][ T783] ? usb_submit_urb+0x1039/0x18c0 [ 331.229425][ T783] ? usb_submit_urb+0x1038/0x18c0 [ 331.234483][ T783] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 331.241242][ T783] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 331.247612][ T783] wdm_rxwork+0x116/0x1f0 [ 331.252011][ T783] ? process_scheduled_works+0x945/0x1830 [ 331.257781][ T783] process_scheduled_works+0xa2c/0x1830 [ 331.263445][ T783] ? __pfx_process_scheduled_works+0x10/0x10 [ 331.269489][ T783] ? assign_work+0x364/0x3d0 [ 331.274124][ T783] worker_thread+0x86d/0xd70 [ 331.278786][ T783] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 331.284728][ T783] ? __kthread_parkme+0x169/0x1d0 [ 331.289842][ T783] ? __pfx_worker_thread+0x10/0x10 [ 331.294999][ T783] kthread+0x2f0/0x390 [ 331.299162][ T783] ? __pfx_worker_thread+0x10/0x10 [ 331.304301][ T783] ? __pfx_kthread+0x10/0x10 [ 331.308972][ T783] ret_from_fork+0x4b/0x80 [ 331.313419][ T783] ? __pfx_kthread+0x10/0x10 [ 331.318128][ T783] ret_from_fork_asm+0x1a/0x30 [ 331.323032][ T783] [ 331.326071][ T783] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 331.333345][ T783] CPU: 1 PID: 783 Comm: kworker/1:2 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 [ 331.343408][ T783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 331.353491][ T783] Workqueue: events wdm_rxwork [ 331.358264][ T783] Call Trace: [ 331.361544][ T783] [ 331.364475][ T783] dump_stack_lvl+0x241/0x360 [ 331.369169][ T783] ? __pfx_dump_stack_lvl+0x10/0x10 [ 331.374373][ T783] ? __pfx__printk+0x10/0x10 [ 331.378997][ T783] ? vscnprintf+0x5d/0x90 [ 331.383352][ T783] panic+0x349/0x860 [ 331.387256][ T783] ? __warn+0x172/0x4e0 [ 331.391420][ T783] ? __pfx_panic+0x10/0x10 [ 331.395850][ T783] ? ret_from_fork_asm+0x1a/0x30 [ 331.400805][ T783] __warn+0x346/0x4e0 [ 331.404794][ T783] ? usb_submit_urb+0x1039/0x18c0 [ 331.409830][ T783] report_bug+0x2b3/0x500 [ 331.414167][ T783] ? usb_submit_urb+0x1039/0x18c0 [ 331.419209][ T783] handle_bug+0x3e/0x70 [ 331.423375][ T783] exc_invalid_op+0x1a/0x50 [ 331.427891][ T783] asm_exc_invalid_op+0x1a/0x20 [ 331.432773][ T783] RIP: 0010:usb_submit_urb+0x1039/0x18c0 [ 331.438417][ T783] Code: 00 eb 66 e8 79 61 79 fa e9 79 f0 ff ff e8 6f 61 79 fa c6 05 6c 09 7b 08 01 90 48 c7 c7 a0 a5 6d 8c 4c 89 ee e8 e8 8f 3b fa 90 <0f> 0b 90 90 e9 40 f0 ff ff e8 49 61 79 fa eb 12 e8 42 61 79 fa 41 [ 331.458031][ T783] RSP: 0018:ffffc90003abfae8 EFLAGS: 00010246 [ 331.464109][ T783] RAX: c2b49586d1a48b00 RBX: 0000000000000cc0 RCX: ffff88801fd6bc00 [ 331.472088][ T783] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 331.480064][ T783] RBP: ffff888028c6fe08 R08: ffffffff81585822 R09: 1ffff92000757efc [ 331.488043][ T783] R10: dffffc0000000000 R11: fffff52000757efd R12: 1ffff11005de3812 [ 331.496020][ T783] R13: ffff888028c6fe00 R14: dffffc0000000000 R15: ffff88802ef1c028 [ 331.504005][ T783] ? __warn_printk+0x292/0x360 [ 331.508795][ T783] ? usb_submit_urb+0x1038/0x18c0 [ 331.513830][ T783] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 331.520177][ T783] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 331.526520][ T783] wdm_rxwork+0x116/0x1f0 [ 331.530874][ T783] ? process_scheduled_works+0x945/0x1830 [ 331.536605][ T783] process_scheduled_works+0xa2c/0x1830 [ 331.542183][ T783] ? __pfx_process_scheduled_works+0x10/0x10 [ 331.548177][ T783] ? assign_work+0x364/0x3d0 [ 331.552780][ T783] worker_thread+0x86d/0xd70 [ 331.557386][ T783] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 331.563295][ T783] ? __kthread_parkme+0x169/0x1d0 [ 331.568333][ T783] ? __pfx_worker_thread+0x10/0x10 [ 331.573453][ T783] kthread+0x2f0/0x390 [ 331.577534][ T783] ? __pfx_worker_thread+0x10/0x10 [ 331.582674][ T783] ? __pfx_kthread+0x10/0x10 [ 331.587315][ T783] ret_from_fork+0x4b/0x80 [ 331.591781][ T783] ? __pfx_kthread+0x10/0x10 [ 331.596388][ T783] ret_from_fork_asm+0x1a/0x30 [ 331.601180][ T783] [ 331.604582][ T783] Kernel Offset: disabled [ 331.608962][ T783] Rebooting in 86400 seconds..