./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4198598165 <...> Warning: Permanently added '10.128.1.79' (ED25519) to the list of known hosts. execve("./syz-executor4198598165", ["./syz-executor4198598165"], 0x7ffe8ed5d040 /* 10 vars */) = 0 brk(NULL) = 0x55558bd2b000 brk(0x55558bd2bd00) = 0x55558bd2bd00 arch_prctl(ARCH_SET_FS, 0x55558bd2b380) = 0 set_tid_address(0x55558bd2b650) = 5058 set_robust_list(0x55558bd2b660, 24) = 0 rseq(0x55558bd2bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4198598165", 4096) = 28 getrandom("\xca\x5a\x63\x16\x79\x35\x21\x95", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558bd2bd00 brk(0x55558bd4cd00) = 0x55558bd4cd00 brk(0x55558bd4d000) = 0x55558bd4d000 mprotect(0x7f6692c10000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5059 attached , child_tidptr=0x55558bd2b650) = 5059 [pid 5059] set_robust_list(0x55558bd2b660, 24) = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5059] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd87aae390) = 0 [pid 5059] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 18 [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [ 54.152744][ T783] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [ 54.402649][ T783] usb 1-1: Using ep0 maxpacket: 16 [pid 5059] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 18 [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 9 [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 27 [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 4 [ 54.522695][ T783] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 54.531243][ T783] usb 1-1: config 0 has no interface number 0 [ 54.537729][ T783] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 8 [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 8 [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6692c1640c) = 8 [pid 5059] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd87aad380) = 0 [ 54.672714][ T783] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 54.681759][ T783] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 54.690585][ T783] usb 1-1: Product: syz [ 54.694838][ T783] usb 1-1: SerialNumber: syz [ 54.701967][ T783] usb 1-1: config 0 descriptor?? [ 54.747057][ T783] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input5 [pid 5059] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae3c0) = 0 [pid 5059] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd87aad3b0) = 4 [pid 5059] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4 [pid 5059] dup(4) = 5 [pid 5059] write(5, "\x0c\x00\x00\x00\xa2\xe3\xad\x21\xed\x0d\x52\xf9\x1b\x45\x09\x09\x87\xf7\x0e\x06\xd0\x38\xe7\xff\x7f\xc6\xe5\x0a\x9b\x32\x44\x07\x8b\x08\x9b\x07\x08\x38\x72\x09\x08\x90\xe0\x87\x8f\x0e\x1a\xc6\xe7\x04\x9b\x33\x4b\x95\x9b\x66\x9a\x24\x0d\x5b\x67\xf3\x98\x8f\x7e\xf3\x19\x52\x01\x00\xff\xe8\xd1\x78\x70\x8c\x52\x3c\x92\x1b\x1b\x5b\x31\x07\x0d\x07\x5d\x06\x36\xcd\x3b\x78\x13\x0d\xaa\x61\xd8\xe8\x09\xea"..., 4110) = 4110 [pid 5059] exit_group(0) = ? [pid 5059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x55558bd2b660, 24) = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5058] <... clone resumed>, child_tidptr=0x55558bd2b650) = 5062 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5062] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd87aae390) = 0 [pid 5062] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [ 55.233730][ T783] usb 1-1: USB disconnect, device number 2 [ 55.242901][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 55.249941][ C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 55.261746][ T783] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 18 [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [ 55.672661][ T783] usb 1-1: new high-speed USB device number 3 using dummy_hcd [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [ 55.912662][ T783] usb 1-1: Using ep0 maxpacket: 16 [pid 5062] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 18 [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 9 [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 27 [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 4 [ 56.032719][ T783] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 56.040746][ T783] usb 1-1: config 0 has no interface number 0 [ 56.047729][ T783] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 8 [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 8 [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6692c1640c) = 8 [pid 5062] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd87aad380) = 0 [ 56.172724][ T783] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 56.181869][ T783] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 56.190060][ T783] usb 1-1: Product: syz [ 56.194262][ T783] usb 1-1: SerialNumber: syz [ 56.200282][ T783] usb 1-1: config 0 descriptor?? [ 56.256039][ T783] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input6 [pid 5062] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae3c0) = 0 [pid 5062] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd87aad3b0) = 4 [pid 5062] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4 [pid 5062] dup(4) = 5 [pid 5062] write(5, "\x0c\x00\x00\x00\xa2\xe3\xad\x21\xed\x0d\x52\xf9\x1b\x45\x09\x09\x87\xf7\x0e\x06\xd0\x38\xe7\xff\x7f\xc6\xe5\x0a\x9b\x32\x44\x07\x8b\x08\x9b\x07\x08\x38\x72\x09\x08\x90\xe0\x87\x8f\x0e\x1a\xc6\xe7\x04\x9b\x33\x4b\x95\x9b\x66\x9a\x24\x0d\x5b\x67\xf3\x98\x8f\x7e\xf3\x19\x52\x01\x00\xff\xe8\xd1\x78\x70\x8c\x52\x3c\x92\x1b\x1b\x5b\x31\x07\x0d\x07\x5d\x06\x36\xcd\x3b\x78\x13\x0d\xaa\x61\xd8\xe8\x09\xea"..., 4110) = 4110 [pid 5062] exit_group(0) = ? [pid 5062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5063 attached [pid 5063] set_robust_list(0x55558bd2b660, 24 [pid 5058] <... clone resumed>, child_tidptr=0x55558bd2b650) = 5063 [pid 5063] <... set_robust_list resumed>) = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5063] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd87aae390) = 0 [pid 5063] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [ 56.708475][ T783] usb 1-1: USB disconnect, device number 3 [ 56.722671][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 56.729648][ C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 56.740694][ T783] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 18 [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [ 57.202687][ T783] usb 1-1: new high-speed USB device number 4 using dummy_hcd [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [ 57.482627][ T783] usb 1-1: Using ep0 maxpacket: 16 [pid 5063] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 18 [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 9 [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 27 [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 4 [ 57.622717][ T783] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 57.630824][ T783] usb 1-1: config 0 has no interface number 0 [ 57.636944][ T783] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 8 [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd87aad380) = 8 [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae390) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6692c1640c) = 8 [ 57.772771][ T783] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 57.781939][ T783] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 57.790420][ T783] usb 1-1: Product: syz [ 57.794633][ T783] usb 1-1: SerialNumber: syz [ 57.800896][ T783] usb 1-1: config 0 descriptor?? [pid 5063] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd87aad380) = 0 [ 57.855232][ T783] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input7 [pid 5063] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd87aae3c0) = 0 [pid 5063] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd87aad3b0) = 4 [pid 5063] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4 [pid 5063] dup(4) = 5 [pid 5063] write(5, "\x0c\x00\x00\x00\xa2\xe3\xad\x21\xed\x0d\x52\xf9\x1b\x45\x09\x09\x87\xf7\x0e\x06\xd0\x38\xe7\xff\x7f\xc6\xe5\x0a\x9b\x32\x44\x07\x8b\x08\x9b\x07\x08\x38\x72\x09\x08\x90\xe0\x87\x8f\x0e\x1a\xc6\xe7\x04\x9b\x33\x4b\x95\x9b\x66\x9a\x24\x0d\x5b\x67\xf3\x98\x8f\x7e\xf3\x19\x52\x01\x00\xff\xe8\xd1\x78\x70\x8c\x52\x3c\x92\x1b\x1b\x5b\x31\x07\x0d\x07\x5d\x06\x36\xcd\x3b\x78\x13\x0d\xaa\x61\xd8\xe8\x09\xea"..., 4110) = 4110 [pid 5063] exit_group(0) = ? [ 58.337124][ T783] usb 1-1: USB disconnect, device number 4 [ 58.343125][ C1] cm109 1-1:0.8: cm109_urb_irq_callback: urb status -71 [ 58.343160][ C1] ------------[ cut here ]------------ [ 58.343181][ C1] URB ffff888019ebcc00 submitted while active [ 58.343663][ C1] WARNING: CPU: 1 PID: 783 at drivers/usb/core/urb.c:379 usb_submit_urb+0x1039/0x18c0 [ 58.343718][ C1] Modules linked in: [ 58.343733][ C1] CPU: 1 PID: 783 Comm: kworker/1:2 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 58.343752][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 58.343764][ C1] Workqueue: usb_hub_wq hub_event [ 58.343789][ C1] RIP: 0010:usb_submit_urb+0x1039/0x18c0 [ 58.343813][ C1] Code: 00 eb 66 e8 79 69 8f fa e9 79 f0 ff ff e8 6f 69 8f fa c6 05 90 22 6b 08 01 90 48 c7 c7 c0 c2 4a 8c 4c 89 ee e8 98 3d 52 fa 90 <0f> 0b 90 90 e9 40 f0 ff ff e8 49 69 8f fa eb 12 e8 42 69 8f fa 41 [ 58.343828][ C1] RSP: 0018:ffffc90000a08750 EFLAGS: 00010046 [ 58.343845][ C1] RAX: 1f42e79138f0e000 RBX: 0000000000000820 RCX: ffff88801f83da00 [ 58.343860][ C1] RDX: 0000000000000102 RSI: 0000000000000000 RDI: 0000000000000000 [ 58.343872][ C1] RBP: ffff888019ebcc08 R08: ffffffff8157cb22 R09: 1ffff110172a51a2 [ 58.343885][ C1] R10: dffffc0000000000 R11: ffffed10172a51a3 R12: ffff88802e812830 [ 58.343908][ C1] R13: ffff888019ebcc00 R14: dffffc0000000000 R15: ffff888014c92b21 [ 58.343924][ C1] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 58.343941][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.343955][ C1] CR2: 00007f6692be4af8 CR3: 000000002ddca000 CR4: 00000000003506f0 [ 58.343971][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.343982][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.343992][ C1] Call Trace: [ 58.343999][ C1] [ 58.344008][ C1] ? __warn+0x163/0x4b0 [ 58.344033][ C1] ? usb_submit_urb+0x1039/0x18c0 [ 58.344057][ C1] ? report_bug+0x2b3/0x500 [ 58.344081][ C1] ? usb_submit_urb+0x1039/0x18c0 [ 58.344107][ C1] ? handle_bug+0x3e/0x70 [ 58.344127][ C1] ? exc_invalid_op+0x1a/0x50 [ 58.344144][ C1] ? asm_exc_invalid_op+0x1a/0x20 [ 58.344171][ C1] ? __warn_printk+0x292/0x360 [ 58.344198][ C1] ? usb_submit_urb+0x1039/0x18c0 [ 58.344219][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 58.344247][ C1] ? kcov_remote_start+0x9e/0x7e0 [ 58.344274][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 58.344308][ C1] cm109_urb_irq_callback+0x6cc/0xc30 [ 58.344336][ C1] __usb_hcd_giveback_urb+0x373/0x530 [ 58.344360][ C1] dummy_timer+0x8aa/0x3220 [ 58.344390][ C1] ? __pfx_register_lock_class+0x10/0x10 [ 58.344414][ C1] ? mark_lock+0x9a/0x350 [ 58.344440][ C1] ? __lock_acquire+0x1346/0x1fd0 [ 58.344495][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 58.344523][ C1] ? call_timer_fn+0xa8/0x600 [ 58.344549][ C1] call_timer_fn+0x17e/0x600 [ 58.344572][ C1] ? call_timer_fn+0xc0/0x600 [ 58.344591][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 58.344614][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 58.344636][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 58.344659][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 58.344684][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 58.344706][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 58.344731][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 58.344754][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 58.344780][ C1] __run_timer_base+0x66a/0x8e0 [ 58.344813][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 58.344840][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.344857][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 58.344888][ C1] run_timer_softirq+0xb7/0x170 [ 58.344916][ C1] __do_softirq+0x2bc/0x943 [ 58.344941][ C1] ? __irq_exit_rcu+0xf2/0x1c0 [ 58.344967][ C1] ? __pfx___do_softirq+0x10/0x10 [ 58.344989][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 58.345019][ C1] __irq_exit_rcu+0xf2/0x1c0 [ 58.345040][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 58.345069][ C1] irq_exit_rcu+0x9/0x30 [ 58.345087][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 58.345112][ C1] [ 58.345120][ C1] [ 58.345128][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 58.345150][ C1] RIP: 0010:console_flush_all+0xaad/0xfd0 [ 58.345177][ C1] Code: ff ff e8 86 6e 1f 00 90 0f 0b 90 e9 d8 f8 ff ff e8 78 6e 1f 00 e8 03 0e f6 09 4d 85 f6 74 b6 e8 69 6e 1f 00 fb 48 8b 44 24 70 <42> 0f b6 04 38 84 c0 48 8b 7c 24 30 0f 85 22 02 00 00 0f b6 1f 31 [ 58.345190][ C1] RSP: 0018:ffffc9000374f0a0 EFLAGS: 00000293 [ 58.345209][ C1] RAX: 1ffff920006e9e60 RBX: 0000000000000000 RCX: ffff88801f83da00 [ 58.345222][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 58.345235][ C1] RBP: ffffc9000374f250 R08: ffffffff81758584 R09: 1ffffffff2595ca0 [ 58.345257][ C1] R10: dffffc0000000000 R11: fffffbfff2595ca1 R12: ffffffff8e8e61f8 [ 58.345272][ C1] R13: ffffffff8e8e61a0 R14: 0000000000000200 R15: dffffc0000000000 [ 58.345294][ C1] ? console_flush_all+0xa44/0xfd0 [ 58.345334][ C1] ? console_flush_all+0x152/0xfd0 [ 58.345372][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 58.345401][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 58.345426][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 58.345453][ C1] console_unlock+0x13b/0x4d0 [ 58.345483][ C1] ? __pfx_console_unlock+0x10/0x10 [ 58.345506][ C1] ? dev_vprintk_emit+0x2ae/0x330 [ 58.345534][ C1] ? dev_vprintk_emit+0x2ae/0x330 [ 58.345559][ C1] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 58.345599][ C1] vprintk_emit+0x5a6/0x770 [ 58.345625][ C1] ? __pfx_vprintk_emit+0x10/0x10 [ 58.345649][ C1] ? __pfx_snprintf+0x10/0x10 [ 58.345679][ C1] ? read_word_at_a_time+0xe/0x20 [ 58.345697][ C1] ? sized_strscpy+0x8d/0x220 [ 58.345719][ C1] dev_vprintk_emit+0x2ae/0x330 [ 58.345747][ C1] ? __pfx_dev_vprintk_emit+0x10/0x10 [ 58.345788][ C1] dev_printk_emit+0xdd/0x120 [ 58.345820][ C1] ? __pfx_dev_printk_emit+0x10/0x10 [ 58.345854][ C1] ? __dev_printk+0x137/0x1a0 [ 58.345885][ C1] _dev_info+0x122/0x170 [ 58.345928][ C1] ? __pfx__dev_info+0x10/0x10 [ 58.345956][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.345993][ C1] ? kernfs_notify+0x2ef/0x370 [ 58.346016][ C1] usb_disconnect+0xe7/0x950 [ 58.346049][ C1] hub_event+0x1e62/0x50f0 [ 58.346095][ C1] ? debug_object_deactivate+0x2d5/0x390 [ 58.346148][ C1] ? __pfx_hub_event+0x10/0x10 [ 58.346178][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 58.346198][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 58.346222][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.346253][ C1] ? process_scheduled_works+0x91b/0x1770 [ 58.346275][ C1] process_scheduled_works+0xa00/0x1770 [ 58.346323][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 58.346351][ C1] ? assign_work+0x364/0x3d0 [ 58.346376][ C1] worker_thread+0x86d/0xd70 [ 58.346404][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.346440][ C1] ? __kthread_parkme+0x169/0x1d0 [ 58.346465][ C1] ? __pfx_worker_thread+0x10/0x10 [ 58.346486][ C1] kthread+0x2f0/0x390 [ 58.346508][ C1] ? __pfx_worker_thread+0x10/0x10 [ 58.346528][ C1] ? __pfx_kthread+0x10/0x10 [ 58.346552][ C1] ret_from_fork+0x4b/0x80 [ 58.346580][ C1] ? __pfx_kthread+0x10/0x10 [ 58.346603][ C1] ret_from_fork_asm+0x1a/0x30 [ 58.346645][ C1] [ 58.346656][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 58.346667][ C1] CPU: 1 PID: 783 Comm: kworker/1:2 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 58.346688][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 58.346700][ C1] Workqueue: usb_hub_wq hub_event [ 58.346728][ C1] Call Trace: [ 58.346736][ C1] [ 58.346744][ C1] dump_stack_lvl+0x241/0x360 [ 58.346767][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.346787][ C1] ? __pfx__printk+0x10/0x10 [ 58.346813][ C1] ? _printk+0xd5/0x120 [ 58.346842][ C1] ? vscnprintf+0x5d/0x90 [ 58.346864][ C1] panic+0x349/0x860 [ 58.346891][ C1] ? __warn+0x172/0x4b0 [ 58.346922][ C1] ? __pfx_panic+0x10/0x10 [ 58.346946][ C1] ? show_trace_log_lvl+0x4e6/0x520 [ 58.346985][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 58.347017][ C1] __warn+0x31e/0x4b0 [ 58.347041][ C1] ? usb_submit_urb+0x1039/0x18c0 [ 58.347066][ C1] report_bug+0x2b3/0x500 [ 58.347088][ C1] ? usb_submit_urb+0x1039/0x18c0 [ 58.347113][ C1] handle_bug+0x3e/0x70 [ 58.347134][ C1] exc_invalid_op+0x1a/0x50 [ 58.347152][ C1] asm_exc_invalid_op+0x1a/0x20 [ 58.347172][ C1] RIP: 0010:usb_submit_urb+0x1039/0x18c0 [ 58.347193][ C1] Code: 00 eb 66 e8 79 69 8f fa e9 79 f0 ff ff e8 6f 69 8f fa c6 05 90 22 6b 08 01 90 48 c7 c7 c0 c2 4a 8c 4c 89 ee e8 98 3d 52 fa 90 <0f> 0b 90 90 e9 40 f0 ff ff e8 49 69 8f fa eb 12 e8 42 69 8f fa 41 [ 58.347207][ C1] RSP: 0018:ffffc90000a08750 EFLAGS: 00010046 [ 58.347222][ C1] RAX: 1f42e79138f0e000 RBX: 0000000000000820 RCX: ffff88801f83da00 [ 58.347238][ C1] RDX: 0000000000000102 RSI: 0000000000000000 RDI: 0000000000000000 [ 58.347251][ C1] RBP: ffff888019ebcc08 R08: ffffffff8157cb22 R09: 1ffff110172a51a2 [ 58.347264][ C1] R10: dffffc0000000000 R11: ffffed10172a51a3 R12: ffff88802e812830 [ 58.347276][ C1] R13: ffff888019ebcc00 R14: dffffc0000000000 R15: ffff888014c92b21 [ 58.347296][ C1] ? __warn_printk+0x292/0x360 [ 58.347329][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 58.347356][ C1] ? kcov_remote_start+0x9e/0x7e0 [ 58.347383][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 58.347416][ C1] cm109_urb_irq_callback+0x6cc/0xc30 [ 58.347447][ C1] __usb_hcd_giveback_urb+0x373/0x530 [ 58.347472][ C1] dummy_timer+0x8aa/0x3220 [ 58.347500][ C1] ? __pfx_register_lock_class+0x10/0x10 [ 58.347522][ C1] ? mark_lock+0x9a/0x350 [ 58.347548][ C1] ? __lock_acquire+0x1346/0x1fd0 [ 58.347607][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 58.347638][ C1] ? call_timer_fn+0xa8/0x600 [ 58.347664][ C1] call_timer_fn+0x17e/0x600 [ 58.347687][ C1] ? call_timer_fn+0xc0/0x600 [ 58.347706][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 58.347730][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 58.347755][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 58.347781][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 58.347804][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 58.347826][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 58.347852][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 58.347876][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 58.347909][ C1] __run_timer_base+0x66a/0x8e0 [ 58.347941][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 58.347967][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.347985][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 58.348019][ C1] run_timer_softirq+0xb7/0x170 [ 58.348040][ C1] __do_softirq+0x2bc/0x943 [ 58.348065][ C1] ? __irq_exit_rcu+0xf2/0x1c0 [ 58.348091][ C1] ? __pfx___do_softirq+0x10/0x10 [ 58.348116][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 58.348146][ C1] __irq_exit_rcu+0xf2/0x1c0 [ 58.348166][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 58.348194][ C1] irq_exit_rcu+0x9/0x30 [ 58.348212][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 58.348239][ C1] [ 58.348247][ C1] [ 58.348256][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 58.348278][ C1] RIP: 0010:console_flush_all+0xaad/0xfd0 [ 58.348303][ C1] Code: ff ff e8 86 6e 1f 00 90 0f 0b 90 e9 d8 f8 ff ff e8 78 6e 1f 00 e8 03 0e f6 09 4d 85 f6 74 b6 e8 69 6e 1f 00 fb 48 8b 44 24 70 <42> 0f b6 04 38 84 c0 48 8b 7c 24 30 0f 85 22 02 00 00 0f b6 1f 31 [ 58.348319][ C1] RSP: 0018:ffffc9000374f0a0 EFLAGS: 00000293 [ 58.348336][ C1] RAX: 1ffff920006e9e60 RBX: 0000000000000000 RCX: ffff88801f83da00 [ 58.348351][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 58.348364][ C1] RBP: ffffc9000374f250 R08: ffffffff81758584 R09: 1ffffffff2595ca0 [ 58.348379][ C1] R10: dffffc0000000000 R11: fffffbfff2595ca1 R12: ffffffff8e8e61f8 [ 58.348394][ C1] R13: ffffffff8e8e61a0 R14: 0000000000000200 R15: dffffc0000000000 [ 58.348414][ C1] ? console_flush_all+0xa44/0xfd0 [ 58.348454][ C1] ? console_flush_all+0x152/0xfd0 [ 58.348489][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 58.348518][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 58.348540][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 58.348563][ C1] console_unlock+0x13b/0x4d0 [ 58.348593][ C1] ? __pfx_console_unlock+0x10/0x10 [ 58.348614][ C1] ? dev_vprintk_emit+0x2ae/0x330 [ 58.348640][ C1] ? dev_vprintk_emit+0x2ae/0x330 [ 58.348666][ C1] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 58.348707][ C1] vprintk_emit+0x5a6/0x770 [ 58.348733][ C1] ? __pfx_vprintk_emit+0x10/0x10 [ 58.348757][ C1] ? __pfx_snprintf+0x10/0x10 [ 58.348782][ C1] ? read_word_at_a_time+0xe/0x20 [ 58.348800][ C1] ? sized_strscpy+0x8d/0x220 [ 58.348820][ C1] dev_vprintk_emit+0x2ae/0x330 [ 58.348850][ C1] ? __pfx_dev_vprintk_emit+0x10/0x10 [ 58.348893][ C1] dev_printk_emit+0xdd/0x120 [ 58.348938][ C1] ? __pfx_dev_printk_emit+0x10/0x10 [ 58.348971][ C1] ? __dev_printk+0x137/0x1a0 [ 58.348999][ C1] _dev_info+0x122/0x170 [ 58.349027][ C1] ? __pfx__dev_info+0x10/0x10 [ 58.349053][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.349090][ C1] ? kernfs_notify+0x2ef/0x370 [ 58.349112][ C1] usb_disconnect+0xe7/0x950 [ 58.349145][ C1] hub_event+0x1e62/0x50f0 [ 58.349188][ C1] ? debug_object_deactivate+0x2d5/0x390 [ 58.349243][ C1] ? __pfx_hub_event+0x10/0x10 [ 58.349271][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 58.349291][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 58.349315][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.349345][ C1] ? process_scheduled_works+0x91b/0x1770 [ 58.349367][ C1] process_scheduled_works+0xa00/0x1770 [ 58.349414][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 58.349443][ C1] ? assign_work+0x364/0x3d0 [ 58.349468][ C1] worker_thread+0x86d/0xd70 [ 58.349496][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.349527][ C1] ? __kthread_parkme+0x169/0x1d0 [ 58.349550][ C1] ? __pfx_worker_thread+0x10/0x10 [ 58.349569][ C1] kthread+0x2f0/0x390 [ 58.349592][ C1] ? __pfx_worker_thread+0x10/0x10 [ 58.349612][ C1] ? __pfx_kthread+0x10/0x10 [ 58.349636][ C1] ret_from_fork+0x4b/0x80 [ 58.349662][ C1] ? __pfx_kthread+0x10/0x10 [ 58.349685][ C1] ret_from_fork_asm+0x1a/0x30 [ 58.349726][ C1] [ 58.349983][ C1] Kernel Offset: disabled