./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1607327455 <...> DUID 00:04:2f:bc:f2:2f:e4:1d:55:f7:99:3b:0f:15:66:5c:e9:07 forked to background, child pid 3188 [ 26.037004][ T3189] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.049026][ T3189] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.91' (ECDSA) to the list of known hosts. execve("./syz-executor1607327455", ["./syz-executor1607327455"], 0x7ffe4312e000 /* 10 vars */) = 0 brk(NULL) = 0x555555996000 brk(0x555555996d40) = 0x555555996d40 arch_prctl(ARCH_SET_FS, 0x555555996400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555559966d0) = 3610 set_robust_list(0x5555559966e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f2e98281300, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f2e98280850}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f2e982813a0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2e98280850}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1607327455", 4096) = 28 brk(0x5555559b7d40) = 0x5555559b7d40 brk(0x5555559b8000) = 0x5555559b8000 mprotect(0x7f2e98343000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3610 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "3610", 4) = 4 close(3) = 0 mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24 close(3) = 0 chmod("/dev/raw-gadget", 0666) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f2e98279800, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f2e98280850}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f2e98279800, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f2e98280850}, NULL, 8) = 0 getpid() = 3610 mkdir("./syzkaller.Nu0Ju9", 0700) = 0 chmod("./syzkaller.Nu0Ju9", 0777) = 0 chdir("./syzkaller.Nu0Ju9") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3611 attached , child_tidptr=0x5555559966d0) = 3611 [pid 3611] set_robust_list(0x5555559966e0, 24) = 0 [pid 3611] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3611] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [pid 3611] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 3611] dup2(4, 202) = 202 [pid 3611] close(4) = 0 [pid 3611] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 3611] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a6e000 [pid 3611] mprotect(0x7f2e97a6f000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 3611] clone(child_stack=0x7f2e9826e2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2], tls=0x7f2e9826e700, child_tidptr=0x7f2e9826e9d0) = 2 [pid 3611] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 3614 attached [pid 3614] set_robust_list(0x7f2e9826e9e0, 24) = 0 [pid 3614] read(202, "\x01\x03\x0c\x00", 1024) = 4 [pid 3614] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3614] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 3614] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3614] read(202, "\x01\x01\x10\x00", 1024) = 4 [pid 3614] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3614] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 3614] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 3614] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 3614] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [pid 3614] read(202, "\x01\x23\x0c\x00", 1024) = 4 [pid 3614] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3614] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 3614] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3614] read(202, "\x01\x25\x0c\x00", 1024) = 4 [pid 3614] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3614] read(202, "\x01\x38\x0c\x00", 1024) = 4 [pid 3614] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 syzkaller login: [ 49.700499][ T3612] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 49.709538][ T3615] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 49.718422][ T3615] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 49.729954][ T3615] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 49.738979][ T3615] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [pid 3614] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 3614] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 3614] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 3614] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 [pid 3611] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 3614] <... writev resumed>) = 255 [pid 3611] ioctl(3, HCISETSCAN [pid 3614] read(202, "\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 3614] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7 [pid 3611] <... ioctl resumed>, 0x7ffe9de87020) = 0 [pid 3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3) = 13 [pid 3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14 [pid 3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14 [pid 3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [pid 3611] futex(0x7f2e9826e9d0, FUTEX_WAIT, 2, NULL [pid 3614] madvise(0x7f2e97a6e000, 8372224, MADV_DONTNEED) = 0 [pid 3614] exit(0) = ? [pid 3614] +++ exited with 0 +++ [pid 3611] <... futex resumed>) = 0 [pid 3611] close(3) = 0 [pid 3611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3611] setsid() = 1 [pid 3611] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3611] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3611] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3611] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3611] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3611] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3611] unshare(CLONE_NEWNS) = 0 [pid 3611] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3611] unshare(CLONE_NEWIPC) = 0 [pid 3611] unshare(CLONE_NEWCGROUP) = 0 [pid 3611] unshare(CLONE_NEWUTS) = 0 [pid 3611] unshare(CLONE_SYSVSEM) = 0 [pid 3611] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3611] write(3, "16777216", 8) = 8 [pid 3611] close(3) = 0 [pid 3611] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3611] write(3, "536870912", 9) = 9 [pid 3611] close(3) = 0 [pid 3611] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3611] write(3, "1024", 4) = 4 [pid 3611] close(3) = 0 [pid 3611] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3611] write(3, "8192", 4) = 4 [pid 3611] close(3) = 0 [pid 3611] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3611] write(3, "1024", 4) = 4 [pid 3611] close(3) = 0 [pid 3611] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3611] write(3, "1024", 4) = 4 [pid 3611] close(3) = 0 [pid 3611] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3611] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3611] close(3) = 0 [pid 3611] getpid() = 1 [pid 3611] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< 2 [pid 3611] unshare(CLONE_NEWNET) = 0 [pid 3611] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 3611] write(3, "0 65535", 7) = 7 [pid 3611] close(3) = 0 [pid 3611] mkdir("/dev/binderfs", 0777) = 0 [pid 3611] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 3611] mkdir("./0", 0777) = 0 [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559966d0) = 3 ./strace-static-x86_64: Process 3616 attached [pid 3616] set_robust_list(0x5555559966e0, 24) = 0 [pid 3616] chdir("./0") = 0 [pid 3616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3616] setpgid(0, 0) = 0 [pid 3616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3616] write(3, "1000", 4) = 4 [pid 3616] close(3) = 0 [pid 3616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3616] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a4d000 [pid 3616] mprotect(0x7f2e97a4e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3616] clone(child_stack=0x7f2e97a6d2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3617 attached , parent_tid=[4], tls=0x7f2e97a6d700, child_tidptr=0x7f2e97a6d9d0) = 4 [pid 3617] set_robust_list(0x7f2e97a6d9e0, 24 [pid 3616] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... set_robust_list resumed>) = 0 [pid 3616] <... futex resumed>) = 0 [pid 3617] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3616] futex(0x7f2e9834948c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} [pid 3617] <... openat resumed>) = 3 [pid 3617] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [ 50.109751][ T26] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 9 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 72 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 4 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495cc) = 9 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495dc) = 10 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495ec) = 12 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495fc) = 11 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834960c) = 13 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834961c) = 14 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 50.629861][ T26] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 50.639462][ T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 50.647817][ T26] usb 1-1: Product: syz [ 50.652283][ T26] usb 1-1: Manufacturer: syz [ 50.656896][ T26] usb 1-1: SerialNumber: syz [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [ 50.702537][ T26] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 1856 [pid 3617] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 51.279822][ T26] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [pid 3617] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3617] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3616] <... futex resumed>) = 0 [pid 3616] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... futex resumed>) = 0 [pid 3616] <... futex resumed>) = 1 [pid 3617] ioctl(3, USB_RAW_IOCTL_EP_WRITE [pid 3616] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a2c000 [pid 3616] mprotect(0x7f2e97a2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3616] clone(child_stack=0x7f2e97a4c2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3619 attached [pid 3619] set_robust_list(0x7f2e97a4c9e0, 24) = 0 [pid 3619] futex(0x7f2e98349498, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3616] <... clone resumed>, parent_tid=[5], tls=0x7f2e97a4c700, child_tidptr=0x7f2e97a4c9d0) = 5 [pid 3616] futex(0x7f2e98349498, FUTEX_WAKE_PRIVATE, 1000000 [pid 3619] <... futex resumed>) = 0 [pid 3616] <... futex resumed>) = 1 [pid 3616] futex(0x7f2e9834949c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3619] close(3) = 0 [pid 3617] <... ioctl resumed>, 0x7f2e97a6c1e0) = 257 [ 51.499957][ C1] usb 1-1: ath: unknown panic pattern! [ 51.508504][ T2519] usb 1-1: USB disconnect, device number 2 [pid 3619] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3616] <... futex resumed>) = 0 [pid 3619] futex(0x7f2e98349498, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3617] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3616] close(3) = -1 EBADF (Bad file descriptor) [pid 3616] close(4) = -1 EBADF (Bad file descriptor) [pid 3616] close(5) = -1 EBADF (Bad file descriptor) [pid 3616] close(6) = -1 EBADF (Bad file descriptor) [pid 3616] close(7) = -1 EBADF (Bad file descriptor) [pid 3616] close(8) = -1 EBADF (Bad file descriptor) [pid 3616] close(9) = -1 EBADF (Bad file descriptor) [pid 3616] close(10) = -1 EBADF (Bad file descriptor) [pid 3616] close(11) = -1 EBADF (Bad file descriptor) [pid 3616] close(12) = -1 EBADF (Bad file descriptor) [pid 3616] close(13) = -1 EBADF (Bad file descriptor) [pid 3616] close(14) = -1 EBADF (Bad file descriptor) [pid 3616] close(15) = -1 EBADF (Bad file descriptor) [pid 3616] close(16) = -1 EBADF (Bad file descriptor) [pid 3616] close(17) = -1 EBADF (Bad file descriptor) [pid 3616] close(18) = -1 EBADF (Bad file descriptor) [pid 3616] close(19) = -1 EBADF (Bad file descriptor) [pid 3616] close(20) = -1 EBADF (Bad file descriptor) [pid 3616] close(21) = -1 EBADF (Bad file descriptor) [pid 3616] close(22) = -1 EBADF (Bad file descriptor) [pid 3616] close(23) = -1 EBADF (Bad file descriptor) [pid 3616] close(24) = -1 EBADF (Bad file descriptor) [pid 3616] close(25) = -1 EBADF (Bad file descriptor) [pid 3616] close(26) = -1 EBADF (Bad file descriptor) [pid 3616] close(27) = -1 EBADF (Bad file descriptor) [pid 3616] close(28) = -1 EBADF (Bad file descriptor) [pid 3616] close(29) = -1 EBADF (Bad file descriptor) [pid 3616] exit_group(0 [pid 3617] <... futex resumed>) = ? [pid 3619] <... futex resumed>) = ? [pid 3616] <... exit_group resumed>) = ? [pid 3617] +++ exited with 0 +++ [pid 3619] +++ exited with 0 +++ [pid 3616] +++ exited with 0 +++ [pid 3611] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3611] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3611] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3611] getdents64(3, 0x555555997840 /* 3 entries */, 32768) = 80 [pid 3611] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3611] unlink("./0/binderfs") = 0 [pid 3611] getdents64(3, 0x555555997840 /* 0 entries */, 32768) = 0 [pid 3611] close(3) = 0 [pid 3611] rmdir("./0") = 0 [pid 3611] mkdir("./1", 0777) = 0 [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559966d0) = 6 ./strace-static-x86_64: Process 3621 attached [pid 3621] set_robust_list(0x5555559966e0, 24) = 0 [pid 3621] chdir("./1") = 0 [pid 3621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3621] setpgid(0, 0) = 0 [pid 3621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3621] write(3, "1000", 4) = 4 [pid 3621] close(3) = 0 [pid 3621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3621] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a4d000 [pid 3621] mprotect(0x7f2e97a4e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3621] clone(child_stack=0x7f2e97a6d2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[7], tls=0x7f2e97a6d700, child_tidptr=0x7f2e97a6d9d0) = 7 [pid 3621] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] futex(0x7f2e9834948c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000}./strace-static-x86_64: Process 3622 attached [pid 3622] set_robust_list(0x7f2e97a6d9e0, 24) = 0 [pid 3622] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3622] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [ 51.770318][ T142] Bluetooth: hci0: command 0x0409 tx timeout [ 52.329695][ T26] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 52.336932][ T26] ath9k_htc: Failed to initialize the device [ 52.344435][ T2519] usb 1-1: ath9k_htc: USB layer deinitialized [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [ 52.699726][ T2519] usb 1-1: new high-speed USB device number 3 using dummy_hcd [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 9 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 72 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 4 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495cc) = 9 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495dc) = 10 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495ec) = 12 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495fc) = 11 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834960c) = 13 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834961c) = 14 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 53.219844][ T2519] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 53.228919][ T2519] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 53.237210][ T2519] usb 1-1: Product: syz [ 53.241582][ T2519] usb 1-1: Manufacturer: syz [ 53.246194][ T2519] usb 1-1: SerialNumber: syz [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [ 53.290607][ T2519] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 1856 [pid 3622] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 53.859766][ T142] Bluetooth: hci0: command 0x041b tx timeout [ 53.869965][ T2519] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [pid 3622] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3622] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3621] <... futex resumed>) = 0 [pid 3621] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000 [pid 3622] <... futex resumed>) = 0 [pid 3621] <... futex resumed>) = 1 [pid 3622] ioctl(3, USB_RAW_IOCTL_EP_WRITE [pid 3621] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a2c000 [pid 3621] mprotect(0x7f2e97a2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3621] clone(child_stack=0x7f2e97a4c2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3624 attached , parent_tid=[8], tls=0x7f2e97a4c700, child_tidptr=0x7f2e97a4c9d0) = 8 [pid 3624] set_robust_list(0x7f2e97a4c9e0, 24 [pid 3621] futex(0x7f2e98349498, FUTEX_WAKE_PRIVATE, 1000000 [pid 3624] <... set_robust_list resumed>) = 0 [pid 3621] <... futex resumed>) = 0 [pid 3624] close(3 [pid 3621] futex(0x7f2e9834949c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3624] <... close resumed>) = 0 [pid 3622] <... ioctl resumed>, 0x7f2e97a6c1e0) = 257 [ 54.079848][ C1] usb 1-1: ath: unknown panic pattern! [ 54.091216][ T26] usb 1-1: USB disconnect, device number 3 [pid 3624] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3621] <... futex resumed>) = 0 [pid 3624] futex(0x7f2e98349498, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3622] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3622] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3621] close(3) = -1 EBADF (Bad file descriptor) [pid 3621] close(4) = -1 EBADF (Bad file descriptor) [pid 3621] close(5) = -1 EBADF (Bad file descriptor) [pid 3621] close(6) = -1 EBADF (Bad file descriptor) [pid 3621] close(7) = -1 EBADF (Bad file descriptor) [pid 3621] close(8) = -1 EBADF (Bad file descriptor) [pid 3621] close(9) = -1 EBADF (Bad file descriptor) [pid 3621] close(10) = -1 EBADF (Bad file descriptor) [pid 3621] close(11) = -1 EBADF (Bad file descriptor) [pid 3621] close(12) = -1 EBADF (Bad file descriptor) [pid 3621] close(13) = -1 EBADF (Bad file descriptor) [pid 3621] close(14) = -1 EBADF (Bad file descriptor) [pid 3621] close(15) = -1 EBADF (Bad file descriptor) [pid 3621] close(16) = -1 EBADF (Bad file descriptor) [pid 3621] close(17) = -1 EBADF (Bad file descriptor) [pid 3621] close(18) = -1 EBADF (Bad file descriptor) [pid 3621] close(19) = -1 EBADF (Bad file descriptor) [pid 3621] close(20) = -1 EBADF (Bad file descriptor) [pid 3621] close(21) = -1 EBADF (Bad file descriptor) [pid 3621] close(22) = -1 EBADF (Bad file descriptor) [pid 3621] close(23) = -1 EBADF (Bad file descriptor) [pid 3621] close(24) = -1 EBADF (Bad file descriptor) [pid 3621] close(25) = -1 EBADF (Bad file descriptor) [pid 3621] close(26) = -1 EBADF (Bad file descriptor) [pid 3621] close(27) = -1 EBADF (Bad file descriptor) [pid 3621] close(28) = -1 EBADF (Bad file descriptor) [pid 3621] close(29) = -1 EBADF (Bad file descriptor) [pid 3621] exit_group(0 [pid 3624] <... futex resumed>) = ? [pid 3622] <... futex resumed>) = ? [pid 3621] <... exit_group resumed>) = ? [pid 3624] +++ exited with 0 +++ [pid 3622] +++ exited with 0 +++ [pid 3621] +++ exited with 0 +++ [pid 3611] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3611] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3611] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3611] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3611] getdents64(3, 0x555555997840 /* 3 entries */, 32768) = 80 [pid 3611] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3611] unlink("./1/binderfs") = 0 [pid 3611] getdents64(3, 0x555555997840 /* 0 entries */, 32768) = 0 [pid 3611] close(3) = 0 [pid 3611] rmdir("./1") = 0 [pid 3611] mkdir("./2", 0777) = 0 [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3625 attached , child_tidptr=0x5555559966d0) = 9 [pid 3625] set_robust_list(0x5555559966e0, 24) = 0 [pid 3625] chdir("./2") = 0 [pid 3625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3625] setpgid(0, 0) = 0 [pid 3625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3625] write(3, "1000", 4) = 4 [pid 3625] close(3) = 0 [pid 3625] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3625] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a4d000 [pid 3625] mprotect(0x7f2e97a4e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3625] clone(child_stack=0x7f2e97a6d2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3626 attached [pid 3626] set_robust_list(0x7f2e97a6d9e0, 24) = 0 [pid 3626] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3625] <... clone resumed>, parent_tid=[10], tls=0x7f2e97a6d700, child_tidptr=0x7f2e97a6d9d0) = 10 [pid 3625] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3626] <... futex resumed>) = 0 [pid 3626] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3625] futex(0x7f2e9834948c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} [pid 3626] <... openat resumed>) = 3 [pid 3626] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [ 54.889714][ T2519] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 54.896712][ T2519] ath9k_htc: Failed to initialize the device [ 54.903735][ T26] usb 1-1: ath9k_htc: USB layer deinitialized [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [ 55.259713][ T26] usb 1-1: new high-speed USB device number 4 using dummy_hcd [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 9 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 72 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 4 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495cc) = 9 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495dc) = 10 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495ec) = 12 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495fc) = 11 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834960c) = 13 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834961c) = 14 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 55.779859][ T26] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 55.788927][ T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 55.797514][ T26] usb 1-1: Product: syz [ 55.801768][ T26] usb 1-1: Manufacturer: syz [ 55.806373][ T26] usb 1-1: SerialNumber: syz [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [ 55.851538][ T26] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [ 55.939713][ T142] Bluetooth: hci0: command 0x040f tx timeout [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 1856 [pid 3626] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 56.419837][ T26] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [pid 3626] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3625] <... futex resumed>) = 0 [pid 3626] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3625] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000 [pid 3626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3625] <... futex resumed>) = 0 [pid 3626] ioctl(3, USB_RAW_IOCTL_EP_WRITE [pid 3625] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a2c000 [pid 3625] mprotect(0x7f2e97a2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3625] clone(child_stack=0x7f2e97a4c2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[11], tls=0x7f2e97a4c700, child_tidptr=0x7f2e97a4c9d0) = 11 [pid 3625] futex(0x7f2e98349498, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3625] futex(0x7f2e9834949c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000}./strace-static-x86_64: Process 3627 attached [pid 3627] set_robust_list(0x7f2e97a4c9e0, 24) = 0 [pid 3627] close(3) = 0 [pid 3626] <... ioctl resumed>, 0x7f2e97a6c1e0) = 257 [ 56.639875][ C1] usb 1-1: ath: unknown panic pattern! [ 56.651318][ T2519] usb 1-1: USB disconnect, device number 4 [pid 3627] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3625] <... futex resumed>) = 0 [pid 3627] futex(0x7f2e98349498, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3626] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3626] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3625] close(3) = -1 EBADF (Bad file descriptor) [pid 3625] close(4) = -1 EBADF (Bad file descriptor) [pid 3625] close(5) = -1 EBADF (Bad file descriptor) [pid 3625] close(6) = -1 EBADF (Bad file descriptor) [pid 3625] close(7) = -1 EBADF (Bad file descriptor) [pid 3625] close(8) = -1 EBADF (Bad file descriptor) [pid 3625] close(9) = -1 EBADF (Bad file descriptor) [pid 3625] close(10) = -1 EBADF (Bad file descriptor) [pid 3625] close(11) = -1 EBADF (Bad file descriptor) [pid 3625] close(12) = -1 EBADF (Bad file descriptor) [pid 3625] close(13) = -1 EBADF (Bad file descriptor) [pid 3625] close(14) = -1 EBADF (Bad file descriptor) [pid 3625] close(15) = -1 EBADF (Bad file descriptor) [pid 3625] close(16) = -1 EBADF (Bad file descriptor) [pid 3625] close(17) = -1 EBADF (Bad file descriptor) [pid 3625] close(18) = -1 EBADF (Bad file descriptor) [pid 3625] close(19) = -1 EBADF (Bad file descriptor) [pid 3625] close(20) = -1 EBADF (Bad file descriptor) [pid 3625] close(21) = -1 EBADF (Bad file descriptor) [pid 3625] close(22) = -1 EBADF (Bad file descriptor) [pid 3625] close(23) = -1 EBADF (Bad file descriptor) [pid 3625] close(24) = -1 EBADF (Bad file descriptor) [pid 3625] close(25) = -1 EBADF (Bad file descriptor) [pid 3625] close(26) = -1 EBADF (Bad file descriptor) [pid 3625] close(27) = -1 EBADF (Bad file descriptor) [pid 3625] close(28) = -1 EBADF (Bad file descriptor) [pid 3625] close(29) = -1 EBADF (Bad file descriptor) [pid 3625] exit_group(0) = ? [pid 3626] <... futex resumed>) = ? [pid 3627] <... futex resumed>) = ? [pid 3627] +++ exited with 0 +++ [pid 3626] +++ exited with 0 +++ [pid 3625] +++ exited with 0 +++ [pid 3611] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3611] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3611] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3611] getdents64(3, 0x555555997840 /* 3 entries */, 32768) = 80 [pid 3611] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3611] unlink("./2/binderfs") = 0 [pid 3611] getdents64(3, 0x555555997840 /* 0 entries */, 32768) = 0 [pid 3611] close(3) = 0 [pid 3611] rmdir("./2") = 0 [pid 3611] mkdir("./3", 0777) = 0 [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3628 attached , child_tidptr=0x5555559966d0) = 12 [pid 3628] set_robust_list(0x5555559966e0, 24) = 0 [pid 3628] chdir("./3") = 0 [pid 3628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3628] setpgid(0, 0) = 0 [pid 3628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3628] write(3, "1000", 4) = 4 [pid 3628] close(3) = 0 [pid 3628] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3628] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a4d000 [pid 3628] mprotect(0x7f2e97a4e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3628] clone(child_stack=0x7f2e97a6d2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[13], tls=0x7f2e97a6d700, child_tidptr=0x7f2e97a6d9d0) = 13 [pid 3628] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3628] futex(0x7f2e9834948c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000}./strace-static-x86_64: Process 3629 attached [pid 3629] set_robust_list(0x7f2e97a6d9e0, 24) = 0 [pid 3629] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3629] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [ 57.449702][ T26] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 57.456696][ T26] ath9k_htc: Failed to initialize the device [ 57.463211][ T2519] usb 1-1: ath9k_htc: USB layer deinitialized [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [ 57.819727][ T2519] usb 1-1: new high-speed USB device number 5 using dummy_hcd [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [ 58.019741][ T142] Bluetooth: hci0: command 0x0419 tx timeout [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 9 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 72 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 4 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495cc) = 9 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495dc) = 10 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495ec) = 12 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495fc) = 11 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834960c) = 13 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834961c) = 14 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 58.339892][ T2519] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 58.349007][ T2519] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 58.357306][ T2519] usb 1-1: Product: syz [ 58.361765][ T2519] usb 1-1: Manufacturer: syz [ 58.366373][ T2519] usb 1-1: SerialNumber: syz [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [ 58.411241][ T2519] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 1856 [pid 3629] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 58.979792][ T3620] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [pid 3629] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3629] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3628] <... futex resumed>) = 0 [pid 3628] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000 [pid 3629] <... futex resumed>) = 0 [pid 3628] <... futex resumed>) = 1 [pid 3629] ioctl(3, USB_RAW_IOCTL_EP_WRITE [pid 3628] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a2c000 [pid 3628] mprotect(0x7f2e97a2d000, 131072, PROT_READ|PROT_WRITE [pid 3629] <... ioctl resumed>, 0x7f2e97a6c1e0) = 257 [pid 3628] <... mprotect resumed>) = 0 [pid 3628] clone(child_stack=0x7f2e97a4c2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[14], tls=0x7f2e97a4c700, child_tidptr=0x7f2e97a4c9d0) = 14 ./strace-static-x86_64: Process 3630 attached [pid 3628] futex(0x7f2e98349498, FUTEX_WAKE_PRIVATE, 1000000 [pid 3630] set_robust_list(0x7f2e97a4c9e0, 24 [pid 3628] <... futex resumed>) = 0 [pid 3628] futex(0x7f2e9834949c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3630] <... set_robust_list resumed>) = 0 [pid 3630] close(3) = 0 [ 59.199873][ C1] usb 1-1: ath: unknown panic pattern! [ 59.220288][ T142] usb 1-1: USB disconnect, device number 5 [pid 3629] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3629] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3630] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3628] <... futex resumed>) = 0 [pid 3630] futex(0x7f2e98349498, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3628] close(3) = -1 EBADF (Bad file descriptor) [pid 3628] close(4) = -1 EBADF (Bad file descriptor) [pid 3628] close(5) = -1 EBADF (Bad file descriptor) [pid 3628] close(6) = -1 EBADF (Bad file descriptor) [pid 3628] close(7) = -1 EBADF (Bad file descriptor) [pid 3628] close(8) = -1 EBADF (Bad file descriptor) [pid 3628] close(9) = -1 EBADF (Bad file descriptor) [pid 3628] close(10) = -1 EBADF (Bad file descriptor) [pid 3628] close(11) = -1 EBADF (Bad file descriptor) [pid 3628] close(12) = -1 EBADF (Bad file descriptor) [pid 3628] close(13) = -1 EBADF (Bad file descriptor) [pid 3628] close(14) = -1 EBADF (Bad file descriptor) [pid 3628] close(15) = -1 EBADF (Bad file descriptor) [pid 3628] close(16) = -1 EBADF (Bad file descriptor) [pid 3628] close(17) = -1 EBADF (Bad file descriptor) [pid 3628] close(18) = -1 EBADF (Bad file descriptor) [pid 3628] close(19) = -1 EBADF (Bad file descriptor) [pid 3628] close(20) = -1 EBADF (Bad file descriptor) [pid 3628] close(21) = -1 EBADF (Bad file descriptor) [pid 3628] close(22) = -1 EBADF (Bad file descriptor) [pid 3628] close(23) = -1 EBADF (Bad file descriptor) [pid 3628] close(24) = -1 EBADF (Bad file descriptor) [pid 3628] close(25) = -1 EBADF (Bad file descriptor) [pid 3628] close(26) = -1 EBADF (Bad file descriptor) [pid 3628] close(27) = -1 EBADF (Bad file descriptor) [pid 3628] close(28) = -1 EBADF (Bad file descriptor) [pid 3628] close(29) = -1 EBADF (Bad file descriptor) [pid 3628] exit_group(0 [pid 3630] <... futex resumed>) = ? [pid 3629] <... futex resumed>) = ? [pid 3628] <... exit_group resumed>) = ? [pid 3630] +++ exited with 0 +++ [pid 3629] +++ exited with 0 +++ [pid 3628] +++ exited with 0 +++ [pid 3611] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3611] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3611] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3611] getdents64(3, 0x555555997840 /* 3 entries */, 32768) = 80 [pid 3611] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3611] unlink("./3/binderfs") = 0 [pid 3611] getdents64(3, 0x555555997840 /* 0 entries */, 32768) = 0 [pid 3611] close(3) = 0 [pid 3611] rmdir("./3") = 0 [pid 3611] mkdir("./4", 0777) = 0 [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559966d0) = 15 ./strace-static-x86_64: Process 3631 attached [pid 3631] set_robust_list(0x5555559966e0, 24) = 0 [pid 3631] chdir("./4") = 0 [pid 3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3631] setpgid(0, 0) = 0 [pid 3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1000", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3631] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a4d000 [pid 3631] mprotect(0x7f2e97a4e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3631] clone(child_stack=0x7f2e97a6d2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3632 attached [pid 3632] set_robust_list(0x7f2e97a6d9e0, 24) = 0 [pid 3632] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3631] <... clone resumed>, parent_tid=[16], tls=0x7f2e97a6d700, child_tidptr=0x7f2e97a6d9d0) = 16 [pid 3631] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3632] <... futex resumed>) = 0 [pid 3632] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3631] futex(0x7f2e9834948c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} [pid 3632] <... openat resumed>) = 3 [pid 3632] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [ 60.009704][ T3620] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 60.016709][ T3620] ath9k_htc: Failed to initialize the device [ 60.023815][ T142] usb 1-1: ath9k_htc: USB layer deinitialized [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [ 60.419729][ T142] usb 1-1: new high-speed USB device number 6 using dummy_hcd [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 9 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 72 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 4 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495cc) = 9 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495dc) = 10 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495ec) = 12 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495fc) = 11 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834960c) = 13 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834961c) = 14 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 61.059921][ T142] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 61.068994][ T142] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 61.077719][ T142] usb 1-1: Product: syz [ 61.082724][ T142] usb 1-1: Manufacturer: syz [ 61.087427][ T142] usb 1-1: SerialNumber: syz [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [ 61.143268][ T142] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 1856 [pid 3632] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 61.919842][ T142] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [pid 3632] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3631] <... futex resumed>) = 0 [pid 3632] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3631] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000 [pid 3632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3631] <... futex resumed>) = 0 [pid 3632] ioctl(3, USB_RAW_IOCTL_EP_WRITE [pid 3631] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a2c000 [pid 3631] mprotect(0x7f2e97a2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3631] clone(child_stack=0x7f2e97a4c2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[17], tls=0x7f2e97a4c700, child_tidptr=0x7f2e97a4c9d0) = 17 [pid 3631] futex(0x7f2e98349498, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3633 attached [pid 3633] set_robust_list(0x7f2e97a4c9e0, 24) = 0 [pid 3633] close(3) = 0 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7f2e9834949c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3632] <... ioctl resumed>, 0x7f2e97a6c1e0) = 257 [ 62.149936][ C0] usb 1-1: ath: unknown panic pattern! [ 62.160542][ T6] usb 1-1: USB disconnect, device number 6 [pid 3633] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3633] futex(0x7f2e98349498, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3631] <... futex resumed>) = 0 [pid 3632] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3632] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3631] close(3) = -1 EBADF (Bad file descriptor) [pid 3631] close(4) = -1 EBADF (Bad file descriptor) [pid 3631] close(5) = -1 EBADF (Bad file descriptor) [pid 3631] close(6) = -1 EBADF (Bad file descriptor) [pid 3631] close(7) = -1 EBADF (Bad file descriptor) [pid 3631] close(8) = -1 EBADF (Bad file descriptor) [pid 3631] close(9) = -1 EBADF (Bad file descriptor) [pid 3631] close(10) = -1 EBADF (Bad file descriptor) [pid 3631] close(11) = -1 EBADF (Bad file descriptor) [pid 3631] close(12) = -1 EBADF (Bad file descriptor) [pid 3631] close(13) = -1 EBADF (Bad file descriptor) [pid 3631] close(14) = -1 EBADF (Bad file descriptor) [pid 3631] close(15) = -1 EBADF (Bad file descriptor) [pid 3631] close(16) = -1 EBADF (Bad file descriptor) [pid 3631] close(17) = -1 EBADF (Bad file descriptor) [pid 3631] close(18) = -1 EBADF (Bad file descriptor) [pid 3631] close(19) = -1 EBADF (Bad file descriptor) [pid 3631] close(20) = -1 EBADF (Bad file descriptor) [pid 3631] close(21) = -1 EBADF (Bad file descriptor) [pid 3631] close(22) = -1 EBADF (Bad file descriptor) [pid 3631] close(23) = -1 EBADF (Bad file descriptor) [pid 3631] close(24) = -1 EBADF (Bad file descriptor) [pid 3631] close(25) = -1 EBADF (Bad file descriptor) [pid 3631] close(26) = -1 EBADF (Bad file descriptor) [pid 3631] close(27) = -1 EBADF (Bad file descriptor) [pid 3631] close(28) = -1 EBADF (Bad file descriptor) [pid 3631] close(29) = -1 EBADF (Bad file descriptor) [pid 3631] exit_group(0) = ? [pid 3632] <... futex resumed>) = ? [pid 3633] <... futex resumed>) = ? [pid 3633] +++ exited with 0 +++ [pid 3632] +++ exited with 0 +++ [pid 3631] +++ exited with 0 +++ [pid 3611] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3611] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3611] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3611] getdents64(3, 0x555555997840 /* 3 entries */, 32768) = 80 [pid 3611] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3611] unlink("./4/binderfs") = 0 [pid 3611] getdents64(3, 0x555555997840 /* 0 entries */, 32768) = 0 [pid 3611] close(3) = 0 [pid 3611] rmdir("./4") = 0 [pid 3611] mkdir("./5", 0777) = 0 [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3635 attached [pid 3635] set_robust_list(0x5555559966e0, 24 [pid 3611] <... clone resumed>, child_tidptr=0x5555559966d0) = 18 [pid 3635] <... set_robust_list resumed>) = 0 [pid 3635] chdir("./5") = 0 [pid 3635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3635] setpgid(0, 0) = 0 [pid 3635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3635] write(3, "1000", 4) = 4 [pid 3635] close(3) = 0 [pid 3635] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3635] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a4d000 [pid 3635] mprotect(0x7f2e97a4e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3635] clone(child_stack=0x7f2e97a6d2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3636 attached , parent_tid=[19], tls=0x7f2e97a6d700, child_tidptr=0x7f2e97a6d9d0) = 19 [pid 3636] set_robust_list(0x7f2e97a6d9e0, 24 [pid 3635] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] <... set_robust_list resumed>) = 0 [pid 3635] <... futex resumed>) = 0 [pid 3635] futex(0x7f2e9834948c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} [pid 3636] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3636] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [ 62.979742][ T142] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 62.986722][ T142] ath9k_htc: Failed to initialize the device [ 62.993810][ T6] usb 1-1: ath9k_htc: USB layer deinitialized [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [ 63.399722][ T6] usb 1-1: new high-speed USB device number 7 using dummy_hcd [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 9 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 72 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 4 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495cc) = 9 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495dc) = 10 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495ec) = 12 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495fc) = 11 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834960c) = 13 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834961c) = 14 [ 64.089859][ T6] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 64.100168][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 64.108340][ T6] usb 1-1: Product: syz [ 64.113268][ T6] usb 1-1: Manufacturer: syz [ 64.117871][ T6] usb 1-1: SerialNumber: syz [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [ 64.180549][ T6] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 1856 [pid 3636] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 64.979794][ T6] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [pid 3636] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3635] <... futex resumed>) = 0 [pid 3636] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3635] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3635] <... futex resumed>) = 0 [pid 3636] ioctl(3, USB_RAW_IOCTL_EP_WRITE [pid 3635] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a2c000 [pid 3635] mprotect(0x7f2e97a2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3635] clone(child_stack=0x7f2e97a4c2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[20], tls=0x7f2e97a4c700, child_tidptr=0x7f2e97a4c9d0) = 20 [pid 3635] futex(0x7f2e98349498, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] futex(0x7f2e9834949c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000}./strace-static-x86_64: Process 3637 attached [pid 3637] set_robust_list(0x7f2e97a4c9e0, 24) = 0 [pid 3637] close(3) = 0 [pid 3636] <... ioctl resumed>, 0x7f2e97a6c1e0) = 257 [ 65.199919][ C0] usb 1-1: ath: unknown panic pattern! [ 65.211050][ T142] usb 1-1: USB disconnect, device number 7 [pid 3637] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3635] <... futex resumed>) = 0 [pid 3637] futex(0x7f2e98349498, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3636] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3636] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3635] close(3) = -1 EBADF (Bad file descriptor) [pid 3635] close(4) = -1 EBADF (Bad file descriptor) [pid 3635] close(5) = -1 EBADF (Bad file descriptor) [pid 3635] close(6) = -1 EBADF (Bad file descriptor) [pid 3635] close(7) = -1 EBADF (Bad file descriptor) [pid 3635] close(8) = -1 EBADF (Bad file descriptor) [pid 3635] close(9) = -1 EBADF (Bad file descriptor) [pid 3635] close(10) = -1 EBADF (Bad file descriptor) [pid 3635] close(11) = -1 EBADF (Bad file descriptor) [pid 3635] close(12) = -1 EBADF (Bad file descriptor) [pid 3635] close(13) = -1 EBADF (Bad file descriptor) [pid 3635] close(14) = -1 EBADF (Bad file descriptor) [pid 3635] close(15) = -1 EBADF (Bad file descriptor) [pid 3635] close(16) = -1 EBADF (Bad file descriptor) [pid 3635] close(17) = -1 EBADF (Bad file descriptor) [pid 3635] close(18) = -1 EBADF (Bad file descriptor) [pid 3635] close(19) = -1 EBADF (Bad file descriptor) [pid 3635] close(20) = -1 EBADF (Bad file descriptor) [pid 3635] close(21) = -1 EBADF (Bad file descriptor) [pid 3635] close(22) = -1 EBADF (Bad file descriptor) [pid 3635] close(23) = -1 EBADF (Bad file descriptor) [pid 3635] close(24) = -1 EBADF (Bad file descriptor) [pid 3635] close(25) = -1 EBADF (Bad file descriptor) [pid 3635] close(26) = -1 EBADF (Bad file descriptor) [pid 3635] close(27) = -1 EBADF (Bad file descriptor) [pid 3635] close(28) = -1 EBADF (Bad file descriptor) [pid 3635] close(29) = -1 EBADF (Bad file descriptor) [pid 3635] exit_group(0 [pid 3637] <... futex resumed>) = ? [pid 3636] <... futex resumed>) = ? [pid 3635] <... exit_group resumed>) = ? [pid 3637] +++ exited with 0 +++ [pid 3636] +++ exited with 0 +++ [pid 3635] +++ exited with 0 +++ [pid 3611] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 3611] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3611] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3611] getdents64(3, 0x555555997840 /* 3 entries */, 32768) = 80 [pid 3611] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3611] unlink("./5/binderfs") = 0 [pid 3611] getdents64(3, 0x555555997840 /* 0 entries */, 32768) = 0 [pid 3611] close(3) = 0 [pid 3611] rmdir("./5") = 0 [pid 3611] mkdir("./6", 0777) = 0 [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559966d0) = 21 ./strace-static-x86_64: Process 3638 attached [pid 3638] set_robust_list(0x5555559966e0, 24) = 0 [pid 3638] chdir("./6") = 0 [pid 3638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3638] setpgid(0, 0) = 0 [pid 3638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3638] write(3, "1000", 4) = 4 [pid 3638] close(3) = 0 [pid 3638] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3638] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a4d000 [pid 3638] mprotect(0x7f2e97a4e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3638] clone(child_stack=0x7f2e97a6d2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[22], tls=0x7f2e97a6d700, child_tidptr=0x7f2e97a6d9d0) = 22 [pid 3638] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3638] futex(0x7f2e9834948c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000}./strace-static-x86_64: Process 3639 attached [pid 3639] set_robust_list(0x7f2e97a6d9e0, 24) = 0 [pid 3639] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3639] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [ 66.019678][ T6] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 66.026660][ T6] ath9k_htc: Failed to initialize the device [ 66.033824][ T142] usb 1-1: ath9k_htc: USB layer deinitialized [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [ 66.419719][ T142] usb 1-1: new high-speed USB device number 8 using dummy_hcd [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 9 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 72 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 4 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495cc) = 9 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495dc) = 10 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495ec) = 12 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495fc) = 11 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834960c) = 13 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834961c) = 14 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 67.049829][ T142] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 67.058928][ T142] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 67.067526][ T142] usb 1-1: Product: syz [ 67.072885][ T142] usb 1-1: Manufacturer: syz [ 67.077635][ T142] usb 1-1: SerialNumber: syz [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [ 67.134163][ T142] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 1856 [pid 3639] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 67.889929][ T142] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [pid 3639] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3638] <... futex resumed>) = 0 [pid 3638] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3638] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a2c000 [pid 3638] mprotect(0x7f2e97a2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3638] clone(child_stack=0x7f2e97a4c2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[23], tls=0x7f2e97a4c700, child_tidptr=0x7f2e97a4c9d0) = 23 [pid 3639] ioctl(3, USB_RAW_IOCTL_EP_WRITE [pid 3638] futex(0x7f2e98349498, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3638] futex(0x7f2e9834949c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000}./strace-static-x86_64: Process 3640 attached [pid 3640] set_robust_list(0x7f2e97a4c9e0, 24) = 0 [pid 3640] close(3 [pid 3639] <... ioctl resumed>, 0x7f2e97a6c1e0) = -1 EBADF (Bad file descriptor) [pid 3639] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3639] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3640] <... close resumed>) = 0 [ 68.105005][ T3620] usb 1-1: USB disconnect, device number 8 [pid 3640] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3638] <... futex resumed>) = 0 [pid 3640] futex(0x7f2e98349498, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3638] close(3) = -1 EBADF (Bad file descriptor) [pid 3638] close(4) = -1 EBADF (Bad file descriptor) [pid 3638] close(5) = -1 EBADF (Bad file descriptor) [pid 3638] close(6) = -1 EBADF (Bad file descriptor) [pid 3638] close(7) = -1 EBADF (Bad file descriptor) [pid 3638] close(8) = -1 EBADF (Bad file descriptor) [pid 3638] close(9) = -1 EBADF (Bad file descriptor) [pid 3638] close(10) = -1 EBADF (Bad file descriptor) [pid 3638] close(11) = -1 EBADF (Bad file descriptor) [pid 3638] close(12) = -1 EBADF (Bad file descriptor) [pid 3638] close(13) = -1 EBADF (Bad file descriptor) [pid 3638] close(14) = -1 EBADF (Bad file descriptor) [pid 3638] close(15) = -1 EBADF (Bad file descriptor) [pid 3638] close(16) = -1 EBADF (Bad file descriptor) [pid 3638] close(17) = -1 EBADF (Bad file descriptor) [pid 3638] close(18) = -1 EBADF (Bad file descriptor) [pid 3638] close(19) = -1 EBADF (Bad file descriptor) [pid 3638] close(20) = -1 EBADF (Bad file descriptor) [pid 3638] close(21) = -1 EBADF (Bad file descriptor) [pid 3638] close(22) = -1 EBADF (Bad file descriptor) [pid 3638] close(23) = -1 EBADF (Bad file descriptor) [pid 3638] close(24) = -1 EBADF (Bad file descriptor) [pid 3638] close(25) = -1 EBADF (Bad file descriptor) [pid 3638] close(26) = -1 EBADF (Bad file descriptor) [pid 3638] close(27) = -1 EBADF (Bad file descriptor) [pid 3638] close(28) = -1 EBADF (Bad file descriptor) [pid 3638] close(29) = -1 EBADF (Bad file descriptor) [pid 3638] exit_group(0 [pid 3640] <... futex resumed>) = ? [pid 3639] <... futex resumed>) = ? [pid 3638] <... exit_group resumed>) = ? [pid 3640] +++ exited with 0 +++ [pid 3639] +++ exited with 0 +++ [pid 3638] +++ exited with 0 +++ [pid 3611] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3611] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3611] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3611] getdents64(3, 0x555555997840 /* 3 entries */, 32768) = 80 [pid 3611] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3611] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3611] unlink("./6/binderfs") = 0 [pid 3611] getdents64(3, 0x555555997840 /* 0 entries */, 32768) = 0 [pid 3611] close(3) = 0 [pid 3611] rmdir("./6") = 0 [pid 3611] mkdir("./7", 0777) = 0 [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559966d0) = 24 ./strace-static-x86_64: Process 3641 attached [pid 3641] set_robust_list(0x5555559966e0, 24) = 0 [pid 3641] chdir("./7") = 0 [pid 3641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3641] setpgid(0, 0) = 0 [pid 3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3641] write(3, "1000", 4) = 4 [pid 3641] close(3) = 0 [pid 3641] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3641] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a4d000 [pid 3641] mprotect(0x7f2e97a4e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3641] clone(child_stack=0x7f2e97a6d2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[25], tls=0x7f2e97a6d700, child_tidptr=0x7f2e97a6d9d0) = 25 [pid 3641] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3641] futex(0x7f2e9834948c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000}./strace-static-x86_64: Process 3642 attached [pid 3642] set_robust_list(0x7f2e97a6d9e0, 24) = 0 [pid 3642] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3642] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [ 68.979754][ T142] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 68.986779][ T142] ath9k_htc: Failed to initialize the device [ 68.993743][ T3620] usb 1-1: ath9k_htc: USB layer deinitialized [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [ 69.349719][ T3620] usb 1-1: new high-speed USB device number 9 using dummy_hcd [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 18 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 9 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 72 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 4 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f2e97a6b1a0) = 8 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495cc) = 9 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495dc) = 10 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495ec) = 12 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e983495fc) = 11 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834960c) = 13 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2e9834961c) = 14 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 69.869840][ T3620] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 69.879448][ T3620] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.887998][ T3620] usb 1-1: Product: syz [ 69.892667][ T3620] usb 1-1: Manufacturer: syz [ 69.897262][ T3620] usb 1-1: SerialNumber: syz [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [ 69.941546][ T3620] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 4096 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 1856 [pid 3642] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f2e97a6c1b0) = 0 [pid 3642] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f2e97a6b1a0) = 0 [ 70.509817][ T2519] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [pid 3642] futex(0x7f2e9834948c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3641] <... futex resumed>) = 0 [pid 3642] futex(0x7f2e98349488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3641] futex(0x7f2e98349488, FUTEX_WAKE_PRIVATE, 1000000 [pid 3642] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3642] ioctl(3, USB_RAW_IOCTL_EP_WRITE [pid 3641] <... futex resumed>) = 0 [pid 3641] futex(0x7f2e9834949c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e97a2c000 [pid 3641] mprotect(0x7f2e97a2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3641] clone(child_stack=0x7f2e97a4c2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3643 attached [pid 3643] set_robust_list(0x7f2e97a4c9e0, 24) = 0 [pid 3643] futex(0x7f2e98349498, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3641] <... clone resumed>, parent_tid=[26], tls=0x7f2e97a4c700, child_tidptr=0x7f2e97a4c9d0) = 26 [pid 3641] futex(0x7f2e98349498, FUTEX_WAKE_PRIVATE, 1000000 [pid 3643] <... futex resumed>) = 0 [pid 3641] <... futex resumed>) = 1 [pid 3643] close(3 [pid 3641] futex(0x7f2e9834949c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3643] <... close resumed>) = 0 [pid 3642] <... ioctl resumed>, 0x7f2e97a6c1e0) = 257 [ 70.729896][ C1] usb 1-1: ath: unknown panic pattern! [ 70.730964][ T142] usb 1-1: USB disconnect, device number 9 [ 70.735417][ C1] ================================================================== [ 70.749273][ C1] BUG: KASAN: use-after-free in kfree_skb_reason+0x2a/0xf0 [ 70.756491][ C1] Read of size 4 at addr ffff8880214ffea4 by task swapper/1/0 [ 70.763978][ C1] [ 70.766304][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.19.0-rc4-syzkaller-00187-g089866061428 #0 [ 70.776020][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 70.786090][ C1] Call Trace: [ 70.789370][ C1] [ 70.792206][ C1] dump_stack_lvl+0x1e3/0x2cb [ 70.796886][ C1] ? bfq_pos_tree_add_move+0x436/0x436 [ 70.802334][ C1] ? _printk+0xcf/0x10f [ 70.806504][ C1] ? __wake_up_klogd+0xd6/0x100 [ 70.811360][ C1] ? __wake_up_klogd+0xcd/0x100 [ 70.816204][ C1] ? panic+0x76e/0x76e [ 70.820273][ C1] ? _printk+0xcf/0x10f [ 70.824415][ C1] print_address_description+0x65/0x4b0 [ 70.829952][ C1] print_report+0xf4/0x210 [ 70.834362][ C1] ? kfree_skb_reason+0x2a/0xf0 [ 70.839204][ C1] kasan_report+0xfb/0x130 [ 70.843614][ C1] ? kfree_skb_reason+0x2a/0xf0 [ 70.848461][ C1] kasan_check_range+0x2a7/0x2e0 [ 70.853393][ C1] kfree_skb_reason+0x2a/0xf0 [ 70.858065][ C1] ath9k_hif_usb_reg_in_cb+0x48f/0x630 [ 70.863541][ C1] __usb_hcd_giveback_urb+0x369/0x530 [ 70.868906][ C1] dummy_timer+0x86b/0x3110 [ 70.873411][ C1] ? dummy_free_streams+0x320/0x320 [ 70.878606][ C1]