./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2879814777 <...> forked to background, child pid 3179 no interfaces have a carrier [ 22.309999][ T3180] 8021q: adding VLAN 0 to HW filter on device bond0 [ 22.321113][ T3180] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.98' (ECDSA) to the list of known hosts. execve("./syz-executor2879814777", ["./syz-executor2879814777"], 0x7ffcd2c0e550 /* 10 vars */) = 0 brk(NULL) = 0x555555a3b000 brk(0x555555a3bc40) = 0x555555a3bc40 arch_prctl(ARCH_SET_FS, 0x555555a3b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555a3b5d0) = 3607 set_robust_list(0x555555a3b5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fdbd4eed950, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fdbd4eee020}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fdbd4eed9f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fdbd4eee020}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2879814777", 4096) = 28 brk(0x555555a5cc40) = 0x555555a5cc40 brk(0x555555a5d000) = 0x555555a5d000 mprotect(0x7fdbd4fae000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7fdbd4fb44cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd4ebd000 mprotect(0x7fdbd4ebe000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7fdbd4edd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3608 attached , parent_tid=[3608], tls=0x7fdbd4edd700, child_tidptr=0x7fdbd4edd9d0) = 3608 [pid 3608] set_robust_list(0x7fdbd4edd9e0, 24 [pid 3607] futex(0x7fdbd4fb44c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3608] <... set_robust_list resumed>) = 0 [pid 3607] futex(0x7fdbd4fb44cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} [pid 3608] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3608] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fdbd4edc2d0) = 0 [pid 3608] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fdbd4edc2d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fdbd4edc2d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fdbd4edb2c0) = 18 syzkaller login: [ 43.069019][ T143] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fdbd4edc2d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fdbd4edb2c0) = 18 [ 43.308939][ T143] usb 1-1: Using ep0 maxpacket: 16 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fdbd4edc2d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fdbd4edb2c0) = 9 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fdbd4edc2d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fdbd4edb2c0) = 27 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fdbd4edc2d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fdbd4edb2c0) = 4 [ 43.429801][ T143] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 120, changing to 10 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fdbd4edc2d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fdbd4edb2c0) = 8 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fdbd4edc2d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fdbd4edb2c0) = 8 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fdbd4edc2d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fdbd4edb2c0) = 8 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fdbd4edc2d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fdbd4fb460c) = 6 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fdbd4edb2c0) = 0 [ 43.599108][ T143] usb 1-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice=80.f3 [ 43.608454][ T143] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.616470][ T143] usb 1-1: Product: syz [ 43.620660][ T143] usb 1-1: Manufacturer: syz [ 43.625237][ T143] usb 1-1: SerialNumber: syz [ 43.632547][ T143] usb 1-1: config 0 descriptor?? [ 43.673521][ T143] input: iMON Panel, Knob and Mouse(15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [pid 3608] futex(0x7fdbd4fb44cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7fdbd4fb44c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3607] futex(0x7fdbd4fb44cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3608] <... ioctl resumed>, 0x7fdbd4edc2f0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fdbd4edb2e0) = 8 [ 43.968993][ T143] rc_core: IR keymap rc-imon-pad not found [ 43.974834][ T143] Registered IR keymap rc-empty [ 43.980409][ T143] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 43.990615][ T143] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [pid 3608] futex(0x7fdbd4fb44cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3608] futex(0x7fdbd4fb44c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7fdbd4fb44c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3608] <... futex resumed>) = 0 [pid 3607] futex(0x7fdbd4fb44cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fdbd4edc2f0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fdbd4edb2e0) = 8 [ 44.119931][ T143] rc rc0: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 44.130777][ T143] input: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 44.145420][ T143] imon 1-1:0.0: iMON device (15c2:0040, intf0) on usb<1:2> initialized [pid 3608] futex(0x7fdbd4fb44cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7fdbd4fb44c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR [pid 3607] <... futex resumed>) = 0 [pid 3608] <... openat resumed>) = 4 [pid 3607] futex(0x7fdbd4fb44cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] futex(0x7fdbd4fb44cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7fdbd4fb44c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] write(4, "V", 1 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7fdbd4fb44cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3607] futex(0x7fdbd4fb44dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbd4e9c000 [pid 3607] mprotect(0x7fdbd4e9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3607] clone(child_stack=0x7fdbd4ebc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3614 attached , parent_tid=[3614], tls=0x7fdbd4ebc700, child_tidptr=0x7fdbd4ebc9d0) = 3614 [pid 3607] futex(0x7fdbd4fb44d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7fdbd4fb44dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] set_robust_list(0x7fdbd4ebc9e0, 24) = 0 [ 44.357995][ T3614] ------------[ cut here ]------------ [ 44.363792][ T3614] URB ffff8880169ab600 submitted while active [ 44.370254][ T3614] WARNING: CPU: 0 PID: 3614 at drivers/usb/core/urb.c:378 usb_submit_urb+0x14de/0x18a0 [ 44.380027][ T3614] Modules linked in: [ 44.383920][ T3614] CPU: 0 PID: 3614 Comm: syz-executor287 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 [ 44.394191][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [pid 3614] write(4, "V", 1 [pid 3607] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 44.404393][ T3614] RIP: 0010:usb_submit_urb+0x14de/0x18a0 [ 44.410080][ T3614] Code: 89 de e8 25 0c ef fb 84 db 0f 85 ad f3 ff ff e8 18 10 ef fb 4c 89 fe 48 c7 c7 60 0a 6f 8a c6 05 10 6b 1b 08 01 e8 23 25 a7 03 <0f> 0b e9 8b f3 ff ff 48 89 7c 24 40 e8 f1 0f ef fb 48 8b 7c 24 40 [ 44.430054][ T3614] RSP: 0018:ffffc9000302fd40 EFLAGS: 00010282 [ 44.436123][ T3614] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 44.444829][ T3614] RDX: ffff888022901d80 RSI: ffffffff81611718 RDI: fffff52000605f9a [ 44.453138][ T3614] RBP: ffff88801f428000 R08: 0000000000000005 R09: 0000000000000000 [ 44.461318][ T3614] R10: 0000000080000000 R11: 0000000000000001 R12: ffff8880169ab600 [ 44.469331][ T3614] R13: ffff8880170ec128 R14: 00000000fffffff0 R15: ffff8880169ab600 [ 44.477321][ T3614] FS: 00007fdbd4ebc700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 44.486287][ T3614] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.492903][ T3614] CR2: 00007fdbd4ebc718 CR3: 00000000709bf000 CR4: 0000000000350ef0 [ 44.500920][ T3614] Call Trace: [ 44.504201][ T3614] [pid 3607] exit_group(0) = ? [ 44.507129][ T3614] ? rcu_read_lock_sched_held+0x3a/0x70 [ 44.512722][ T3614] ? trace_kmalloc+0x32/0x100 [ 44.517427][ T3614] send_packet+0x422/0xbc0 [ 44.521965][ T3614] vfd_write+0x2d9/0x550 [ 44.526223][ T3614] ? send_packet+0xbc0/0xbc0 [ 44.530867][ T3614] vfs_write+0x269/0xac0 [ 44.535142][ T3614] ksys_write+0x127/0x250 [ 44.539672][ T3614] ? __ia32_sys_read+0xb0/0xb0 [ 44.544543][ T3614] ? lockdep_hardirqs_on+0x79/0x100 [ 44.549475][ T3608] imon:send_packet: task interrupted [ 44.555178][ T3614] ? _raw_spin_unlock_irq+0x2a/0x40 [ 44.560456][ T3614] ? ptrace_notify+0xfa/0x140 [ 44.565139][ T3614] do_syscall_64+0x35/0xb0 [ 44.569591][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.575498][ T3614] RIP: 0033:0x7fdbd4f300b9 [ 44.579931][ T3614] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 44.599565][ T3614] RSP: 002b:00007fdbd4ebc318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 44.607984][ T3614] RAX: ffffffffffffffda RBX: 00007fdbd4fb44d8 RCX: 00007fdbd4f300b9 [ 44.615974][ T3614] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000004 [ 44.623996][ T3614] RBP: 00007fdbd4fb44d0 R08: 00007fdbd4ebc700 R09: 0000000000000000 [ 44.631991][ T3614] R10: 00007fdbd4ebc700 R11: 0000000000000246 R12: ab0847687fc4f2a2 [ 44.640008][ T3614] R13: 00007ffe98f0d59f R14: 00007fdbd4ebc400 R15: 0000000000022000 [ 44.647984][ T3614] [ 44.651032][ T3614] Kernel panic - not syncing: panic_on_warn set ... [ 44.657616][ T3614] CPU: 0 PID: 3614 Comm: syz-executor287 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 [ 44.667747][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 44.677786][ T3614] Call Trace: [ 44.681049][ T3614] [ 44.683962][ T3614] dump_stack_lvl+0xcd/0x134 [ 44.688537][ T3614] panic+0x2d7/0x636 [ 44.692422][ T3614] ? panic_print_sys_info.part.0+0x10b/0x10b [ 44.698393][ T3614] ? __warn.cold+0x1d1/0x2c5 [ 44.702968][ T3614] ? usb_submit_urb+0x14de/0x18a0 [ 44.707973][ T3614] __warn.cold+0x1e2/0x2c5 [ 44.712378][ T3614] ? __wake_up_klogd.part.0+0x99/0xf0 [ 44.717834][ T3614] ? usb_submit_urb+0x14de/0x18a0 [ 44.722858][ T3614] report_bug+0x1bc/0x210 [ 44.727186][ T3614] handle_bug+0x3c/0x60 [ 44.731337][ T3614] exc_invalid_op+0x14/0x40 [ 44.735836][ T3614] asm_exc_invalid_op+0x16/0x20 [ 44.740682][ T3614] RIP: 0010:usb_submit_urb+0x14de/0x18a0 [ 44.746307][ T3614] Code: 89 de e8 25 0c ef fb 84 db 0f 85 ad f3 ff ff e8 18 10 ef fb 4c 89 fe 48 c7 c7 60 0a 6f 8a c6 05 10 6b 1b 08 01 e8 23 25 a7 03 <0f> 0b e9 8b f3 ff ff 48 89 7c 24 40 e8 f1 0f ef fb 48 8b 7c 24 40 [ 44.765997][ T3614] RSP: 0018:ffffc9000302fd40 EFLAGS: 00010282 [ 44.772056][ T3614] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 44.780019][ T3614] RDX: ffff888022901d80 RSI: ffffffff81611718 RDI: fffff52000605f9a [ 44.787982][ T3614] RBP: ffff88801f428000 R08: 0000000000000005 R09: 0000000000000000 [ 44.795946][ T3614] R10: 0000000080000000 R11: 0000000000000001 R12: ffff8880169ab600 [ 44.803909][ T3614] R13: ffff8880170ec128 R14: 00000000fffffff0 R15: ffff8880169ab600 [ 44.811971][ T3614] ? vprintk+0x88/0x90 [ 44.816043][ T3614] ? rcu_read_lock_sched_held+0x3a/0x70 [ 44.821606][ T3614] ? trace_kmalloc+0x32/0x100 [ 44.826370][ T3614] send_packet+0x422/0xbc0 [ 44.830789][ T3614] vfd_write+0x2d9/0x550 [ 44.835031][ T3614] ? send_packet+0xbc0/0xbc0 [ 44.839619][ T3614] vfs_write+0x269/0xac0 [ 44.843888][ T3614] ksys_write+0x127/0x250 [ 44.848213][ T3614] ? __ia32_sys_read+0xb0/0xb0 [ 44.852976][ T3614] ? lockdep_hardirqs_on+0x79/0x100 [ 44.858169][ T3614] ? _raw_spin_unlock_irq+0x2a/0x40 [ 44.863359][ T3614] ? ptrace_notify+0xfa/0x140 [ 44.868034][ T3614] do_syscall_64+0x35/0xb0 [ 44.872445][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.878331][ T3614] RIP: 0033:0x7fdbd4f300b9 [ 44.882738][ T3614] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 44.902513][ T3614] RSP: 002b:00007fdbd4ebc318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 44.910922][ T3614] RAX: ffffffffffffffda RBX: 00007fdbd4fb44d8 RCX: 00007fdbd4f300b9 [ 44.918884][ T3614] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000004 [ 44.926846][ T3614] RBP: 00007fdbd4fb44d0 R08: 00007fdbd4ebc700 R09: 0000000000000000 [ 44.934808][ T3614] R10: 00007fdbd4ebc700 R11: 0000000000000246 R12: ab0847687fc4f2a2 [ 44.942776][ T3614] R13: 00007ffe98f0d59f R14: 00007fdbd4ebc400 R15: 0000000000022000 [ 44.950752][ T3614] [ 44.953951][ T3614] Kernel Offset: disabled [ 44.958324][ T3614] Rebooting in 86400 seconds..