./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2126843572 <...> forked to background, child pid 3185 no interfaces have a carrier [ 22.662476][ T3186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 22.680186][ T3186] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.242' (ECDSA) to the list of known hosts. execve("./syz-executor2126843572", ["./syz-executor2126843572"], 0x7ffe238705a0 /* 10 vars */) = 0 brk(NULL) = 0x5555569bc000 brk(0x5555569bcc40) = 0x5555569bcc40 arch_prctl(ARCH_SET_FS, 0x5555569bc300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2126843572", 4096) = 28 brk(0x5555569ddc40) = 0x5555569ddc40 brk(0x5555569de000) = 0x5555569de000 mprotect(0x7f6a41113000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3606 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "3606", 4) = 4 close(3) = 0 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=680, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3606}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x25\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 680 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3606}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 access("/proc/net", R_OK) = 0 access("/proc/net/unix", R_OK) = 0 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3606}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3606}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3606}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3606}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3606}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3609 attached [pid 3609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3609] setpgid(0, 0 [pid 3606] <... clone resumed>, child_tidptr=0x5555569bc5d0) = 3609 [pid 3609] <... setpgid resumed>) = 0 [pid 3609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3609] write(3, "1000", 4) = 4 [pid 3609] close(3) = 0 [pid 3609] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3609] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe31b6e8b0) = 0 [pid 3609] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 18 syzkaller login: [ 44.437849][ T2936] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 18 [ 44.677837][ T2936] usb 1-1: Using ep0 maxpacket: 16 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 9 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 27 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 4 [ 44.798060][ T2936] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6a4111944c) = 12 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe31b6d8a0) = 0 [ 44.967997][ T2936] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=b6.8f [ 44.977362][ T2936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 44.985754][ T2936] usb 1-1: Product: syz [ 44.990169][ T2936] usb 1-1: Manufacturer: syz [ 44.994762][ T2936] usb 1-1: SerialNumber: syz [ 45.003473][ T2936] usb 1-1: config 0 descriptor?? [ 45.050505][ T2936] cm109 1-1:0.0: invalid payload size 250, expected 4 [ 45.058939][ T2936] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8d0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe31b6d8c0) = 4 [pid 3609] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4 [pid 3609] write(4, "\x1b\x9b\x07\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x38\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 120) = 120 [pid 3609] exit_group(0) = ? [pid 3609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3609, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569bc5d0) = 3610 ./strace-static-x86_64: Process 3610 attached [pid 3610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3610] setpgid(0, 0) = 0 [pid 3610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "1000", 4) = 4 [pid 3610] close(3) = 0 [pid 3610] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3610] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe31b6e8b0) = 0 [pid 3610] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [ 45.476351][ T141] usb 1-1: USB disconnect, device number 2 [ 45.488188][ C0] cm109 1-1:0.0: cm109_urb_ctl_callback: urb status -71 [ 45.495369][ C0] cm109 1-1:0.0: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 45.509627][ T141] cm109 1-1:0.0: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 18 [ 45.927908][ T141] usb 1-1: new high-speed USB device number 3 using dummy_hcd [pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [ 46.197845][ T141] usb 1-1: Using ep0 maxpacket: 16 [pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 18 [pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 9 [pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 27 [pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 4 [ 46.367998][ T141] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3610] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3610] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3610] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6a4111944c) = 12 [ 46.578023][ T141] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=b6.8f [ 46.587223][ T141] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 46.595498][ T141] usb 1-1: Product: syz [ 46.599748][ T141] usb 1-1: Manufacturer: syz [ 46.604353][ T141] usb 1-1: SerialNumber: syz [ 46.612281][ T141] usb 1-1: config 0 descriptor?? [pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe31b6d8a0) = 0 [ 46.649089][ T141] cm109 1-1:0.0: invalid payload size 250, expected 4 [ 46.656797][ T141] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input6 [pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8d0) = 0 [pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe31b6d8c0) = 4 [pid 3610] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4 [pid 3610] write(4, "\x1b\x9b\x07\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x38\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 120) = 120 [pid 3610] exit_group(0) = ? [pid 3610] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3610, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569bc5d0) = 3612 ./strace-static-x86_64: Process 3612 attached [pid 3612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3612] setpgid(0, 0) = 0 [pid 3612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "1000", 4) = 4 [pid 3612] close(3) = 0 [pid 3612] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3612] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe31b6e8b0) = 0 [pid 3612] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [ 47.073162][ T2936] usb 1-1: USB disconnect, device number 3 [ 47.097856][ C1] cm109 1-1:0.0: cm109_urb_ctl_callback: urb status -71 [ 47.104831][ C1] cm109 1-1:0.0: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 47.115552][ T2936] cm109 1-1:0.0: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 18 [ 47.477869][ T2936] usb 1-1: new high-speed USB device number 4 using dummy_hcd [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 18 [ 47.718168][ T2936] usb 1-1: Using ep0 maxpacket: 16 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 9 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 27 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 4 [ 47.838047][ T2936] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6a4111944c) = 12 [ 48.008003][ T2936] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=b6.8f [ 48.017408][ T2936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 48.026040][ T2936] usb 1-1: Product: syz [ 48.030941][ T2936] usb 1-1: Manufacturer: syz [ 48.035553][ T2936] usb 1-1: SerialNumber: syz [ 48.041681][ T2936] usb 1-1: config 0 descriptor?? [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe31b6d8a0) = 0 [ 48.079316][ T2936] cm109 1-1:0.0: invalid payload size 250, expected 4 [ 48.086636][ T2936] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input7 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8d0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe31b6d8c0) = 4 [pid 3612] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4 [pid 3612] write(4, "\x1b\x9b\x07\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x38\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 120) = 120 [pid 3612] exit_group(0) = ? [pid 3612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3612, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569bc5d0) = 3613 ./strace-static-x86_64: Process 3613 attached [pid 3613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3613] setpgid(0, 0) = 0 [pid 3613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3613] write(3, "1000", 4) = 4 [pid 3613] close(3) = 0 [pid 3613] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3613] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe31b6e8b0) = 0 [pid 3613] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [ 48.513724][ T2936] usb 1-1: USB disconnect, device number 4 [ 48.527852][ C0] cm109 1-1:0.0: cm109_urb_ctl_callback: urb status -71 [ 48.534805][ C0] cm109 1-1:0.0: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 48.547933][ T2936] cm109 1-1:0.0: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 18 [ 48.907867][ T2936] usb 1-1: new high-speed USB device number 5 using dummy_hcd [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 18 [ 49.147839][ T2936] usb 1-1: Using ep0 maxpacket: 16 [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 9 [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 27 [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 4 [ 49.267881][ T2936] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6a4111944c) = 12 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe31b6d8a0) = 0 [ 49.437932][ T2936] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=b6.8f [ 49.446995][ T2936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 49.455505][ T2936] usb 1-1: Product: syz [ 49.459798][ T2936] usb 1-1: Manufacturer: syz [ 49.464570][ T2936] usb 1-1: SerialNumber: syz [ 49.471388][ T2936] usb 1-1: config 0 descriptor?? [ 49.509307][ T2936] cm109 1-1:0.0: invalid payload size 250, expected 4 [ 49.516794][ T2936] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input8 [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8d0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe31b6d8c0) = 4 [pid 3613] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4 [pid 3613] write(4, "\x1b\x9b\x07\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x38\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 120) = 120 [pid 3613] exit_group(0) = ? [pid 3613] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3613, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569bc5d0) = 3614 ./strace-static-x86_64: Process 3614 attached [pid 3614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3614] setpgid(0, 0) = 0 [pid 3614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "1000", 4) = 4 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3614] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe31b6e8b0) = 0 [pid 3614] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [ 49.923231][ T2936] usb 1-1: USB disconnect, device number 5 [ 49.937858][ C0] cm109 1-1:0.0: cm109_urb_ctl_callback: urb status -71 [ 49.944811][ C0] cm109 1-1:0.0: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 49.956574][ T2936] cm109 1-1:0.0: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 18 [ 50.327921][ T2936] usb 1-1: new high-speed USB device number 6 using dummy_hcd [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [ 50.567849][ T2936] usb 1-1: Using ep0 maxpacket: 16 [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 18 [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 9 [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 27 [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 4 [ 50.688024][ T2936] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6a4111944c) = 12 [ 50.857972][ T2936] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=b6.8f [ 50.867033][ T2936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 50.875504][ T2936] usb 1-1: Product: syz [ 50.880313][ T2936] usb 1-1: Manufacturer: syz [ 50.884900][ T2936] usb 1-1: SerialNumber: syz [ 50.891887][ T2936] usb 1-1: config 0 descriptor?? [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe31b6d8a0) = 0 [ 50.929216][ T2936] cm109 1-1:0.0: invalid payload size 250, expected 4 [ 50.936718][ T2936] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input9 [pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8d0) = 0 [pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe31b6d8c0) = 4 [pid 3614] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4 [pid 3614] write(4, "\x1b\x9b\x07\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x38\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 120) = 120 [pid 3614] exit_group(0) = ? [pid 3614] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3614, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569bc5d0) = 3615 ./strace-static-x86_64: Process 3615 attached [pid 3615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3615] setpgid(0, 0) = 0 [pid 3615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "1000", 4) = 4 [pid 3615] close(3) = 0 [pid 3615] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3615] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe31b6e8b0) = 0 [pid 3615] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [ 51.363742][ T141] usb 1-1: USB disconnect, device number 6 [ 51.378058][ C0] cm109 1-1:0.0: cm109_urb_ctl_callback: urb status -71 [ 51.385025][ C0] cm109 1-1:0.0: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 51.400085][ T141] cm109 1-1:0.0: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 18 [ 51.817851][ T141] usb 1-1: new high-speed USB device number 7 using dummy_hcd [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [ 52.087882][ T141] usb 1-1: Using ep0 maxpacket: 16 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 18 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 9 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 27 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [ 52.267966][ T141] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 4 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe31b6d8a0) = 8 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8b0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6a4111944c) = 12 [ 52.468002][ T141] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=b6.8f [ 52.477167][ T141] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 52.485498][ T141] usb 1-1: Product: syz [ 52.489900][ T141] usb 1-1: Manufacturer: syz [ 52.494620][ T141] usb 1-1: SerialNumber: syz [ 52.501306][ T141] usb 1-1: config 0 descriptor?? [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe31b6d8a0) = 0 [ 52.548983][ T141] cm109 1-1:0.0: invalid payload size 250, expected 4 [ 52.557207][ T141] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input10 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe31b6e8d0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe31b6d8c0) = 4 [pid 3615] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 4 [pid 3615] write(4, "\x1b\x9b\x07\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x38\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 120) = 120 [pid 3615] exit_group(0) = ? [ 52.973203][ T141] usb 1-1: USB disconnect, device number 7 [ 52.979238][ C1] cm109 1-1:0.0: cm109_urb_irq_callback: urb status -71 [ 52.979279][ C1] ------------[ cut here ]------------ [ 52.979298][ C1] URB ffff888016742a00 submitted while active [ 52.979702][ C1] WARNING: CPU: 1 PID: 141 at drivers/usb/core/urb.c:378 usb_submit_urb+0x14e2/0x18a0 [ 52.979748][ C1] Modules linked in: [ 52.979761][ C1] CPU: 1 PID: 141 Comm: kworker/1:2 Not tainted 5.19.0-rc8-syzkaller #0 [ 52.979781][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 52.979798][ C1] Workqueue: usb_hub_wq hub_event [ 52.979822][ C1] RIP: 0010:usb_submit_urb+0x14e2/0x18a0 [ 52.979847][ C1] Code: 89 de e8 11 7c ee fb 84 db 0f 85 a9 f3 ff ff e8 04 80 ee fb 4c 89 fe 48 c7 c7 00 07 6f 8a c6 05 4f fe 1a 08 01 e8 d8 c2 a6 03 <0f> 0b e9 87 f3 ff ff 41 be ed ff ff ff e9 7c f3 ff ff e8 d7 7f ee [ 52.979864][ C1] RSP: 0018:ffffc900001e09d0 EFLAGS: 00010082 [ 52.979880][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 52.979895][ C1] RDX: ffff88801b650000 RSI: ffffffff8160d108 RDI: fffff5200003c12c [ 52.979907][ C1] RBP: ffff8880250a26e0 R08: 0000000000000005 R09: 0000000000000000 [ 52.979918][ C1] R10: 0000000000000102 R11: 0000000000000001 R12: 0000000000000046 [ 52.979935][ C1] R13: ffff88802089c058 R14: 00000000fffffff0 R15: ffff888016742a00 [ 52.979954][ C1] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 52.979974][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.979988][ C1] CR2: 00007f6a410e8868 CR3: 000000000ba8e000 CR4: 0000000000350ee0 [ 52.980001][ C1] Call Trace: [ 52.980009][ C1] [ 52.980017][ C1] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 52.980049][ C1] cm109_urb_irq_callback+0x44c/0xaa0 [ 52.980074][ C1] ? dummy_timer+0x11e7/0x32b0 [ 52.980105][ C1] __usb_hcd_giveback_urb+0x2b0/0x5c0 [ 52.980137][ C1] usb_hcd_giveback_urb+0x367/0x410 [ 52.980167][ C1] dummy_timer+0x11f9/0x32b0 [ 52.980197][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 52.980266][ C1] ? dummy_dequeue+0x500/0x500 [ 52.980297][ C1] ? dummy_dequeue+0x500/0x500 [ 52.980317][ C1] call_timer_fn+0x1a5/0x6b0 [ 52.980335][ C1] ? timer_fixup_activate+0x350/0x350 [ 52.980361][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 52.980383][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 52.980404][ C1] ? dummy_dequeue+0x500/0x500 [ 52.980428][ C1] __run_timers.part.0+0x679/0xa80 [ 52.980458][ C1] ? call_timer_fn+0x6b0/0x6b0 [ 52.980485][ C1] ? __wake_up_locked_sync_key+0x20/0x20 [ 52.980521][ C1] run_timer_softirq+0xb3/0x1d0 [ 52.980545][ C1] __do_softirq+0x29b/0x9c2 [ 52.980581][ C1] __irq_exit_rcu+0x123/0x180 [ 52.980607][ C1] irq_exit_rcu+0x5/0x20 [ 52.980629][ C1] sysvec_apic_timer_interrupt+0x93/0xc0 [ 52.980649][ C1] [ 52.980655][ C1] [ 52.980661][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 52.980682][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 52.980704][ C1] Code: 48 89 ef 5d e9 41 3b 4c 00 5d be 03 00 00 00 e9 b6 47 82 02 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 39 03 88 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b [ 52.980720][ C1] RSP: 0018:ffffc900029cf508 EFLAGS: 00000293 [ 52.980736][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 52.980746][ C1] RDX: ffff88801b650000 RSI: ffffffff81608ee5 RDI: 0000000000000007 [ 52.980757][ C1] RBP: ffffc900029cf6b0 R08: 0000000000000007 R09: 0000000000000000 [ 52.980768][ C1] R10: 0000000000000200 R11: 0000000000000001 R12: 0000000000000001 [ 52.980778][ C1] R13: ffffffff90f13d20 R14: 0000000000000200 R15: ffffffff8c81c298 [ 52.980800][ C1] ? console_emit_next_record.constprop.0+0x4f5/0x840 [ 52.980826][ C1] console_emit_next_record.constprop.0+0x4fb/0x840 [ 52.980851][ C1] ? devkmsg_read+0x730/0x730 [ 52.980884][ C1] ? lock_release+0x780/0x780 [ 52.980905][ C1] console_unlock+0x37a/0x5a0 [ 52.980926][ C1] ? console_emit_next_record.constprop.0+0x840/0x840 [ 52.980945][ C1] ? __down_trylock_console_sem+0x108/0x120 [ 52.980969][ C1] ? dev_vprintk_emit+0x2bd/0x3b2 [ 52.980991][ C1] ? dev_vprintk_emit+0x36e/0x3b2 [ 52.981015][ C1] vprintk_emit+0x1b9/0x5f0 [ 52.981038][ C1] dev_vprintk_emit+0x36e/0x3b2 [ 52.981059][ C1] ? dev_attr_show.cold+0x3a/0x3a [ 52.981085][ C1] ? __lock_acquire+0x163e/0x5660 [ 52.981115][ C1] dev_printk_emit+0xba/0xf1 [ 52.981132][ C1] ? dev_vprintk_emit+0x3b2/0x3b2 [ 52.981150][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 52.981173][ C1] ? lock_chain_count+0x20/0x20 [ 52.981194][ C1] ? find_held_lock+0x2d/0x110 [ 52.981225][ C1] __dev_printk+0xcf/0xf5 [ 52.981260][ C1] _dev_info+0xd7/0x109 [ 52.981281][ C1] ? _dev_notice+0x109/0x109 [ 52.981305][ C1] ? mark_held_locks+0x9f/0xe0 [ 52.981335][ C1] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 52.981364][ C1] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 52.981396][ C1] usb_disconnect.cold+0x25/0x6ec [ 52.981425][ C1] hub_event+0x1e83/0x4690 [ 52.981467][ C1] ? hub_port_debounce+0x3c0/0x3c0 [ 52.981497][ C1] ? lock_release+0x780/0x780 [ 52.981522][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 52.981552][ C1] ? do_raw_spin_lock+0x120/0x2a0 [ 52.981583][ C1] process_one_work+0x996/0x1610 [ 52.981618][ C1] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 52.981649][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 52.981671][ C1] ? _raw_spin_lock_irq+0x41/0x50 [ 52.981701][ C1] worker_thread+0x665/0x1080 [ 52.981736][ C1] ? __kthread_parkme+0x15f/0x220 [ 52.981761][ C1] ? process_one_work+0x1610/0x1610 [ 52.981783][ C1] kthread+0x2e9/0x3a0 [ 52.981799][ C1] ? kthread_complete_and_exit+0x40/0x40 [ 52.981819][ C1] ret_from_fork+0x1f/0x30 [ 52.981854][ C1] [ 52.981862][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 52.981869][ C1] CPU: 1 PID: 141 Comm: kworker/1:2 Not tainted 5.19.0-rc8-syzkaller #0 [ 52.981892][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 52.981906][ C1] Workqueue: usb_hub_wq hub_event [ 52.981927][ C1] Call Trace: [ 52.981933][ C1] [ 52.981940][ C1] dump_stack_lvl+0xcd/0x134 [ 52.981966][ C1] panic+0x2d7/0x636 [ 52.981985][ C1] ? panic_print_sys_info.part.0+0x10b/0x10b [ 52.982017][ C1] ? __warn.cold+0x1d1/0x2c5 [ 52.982042][ C1] ? usb_submit_urb+0x14e2/0x18a0 [ 52.982069][ C1] __warn.cold+0x1e2/0x2c5 [ 52.982088][ C1] ? __wake_up_klogd.part.0+0x99/0xf0 [ 52.982114][ C1] ? usb_submit_urb+0x14e2/0x18a0 [ 52.982139][ C1] report_bug+0x1bc/0x210 [ 52.982167][ C1] handle_bug+0x3c/0x60 [ 52.982193][ C1] exc_invalid_op+0x14/0x40 [ 52.982209][ C1] asm_exc_invalid_op+0x16/0x20 [ 52.982244][ C1] RIP: 0010:usb_submit_urb+0x14e2/0x18a0 [ 52.982272][ C1] Code: 89 de e8 11 7c ee fb 84 db 0f 85 a9 f3 ff ff e8 04 80 ee fb 4c 89 fe 48 c7 c7 00 07 6f 8a c6 05 4f fe 1a 08 01 e8 d8 c2 a6 03 <0f> 0b e9 87 f3 ff ff 41 be ed ff ff ff e9 7c f3 ff ff e8 d7 7f ee [ 52.982292][ C1] RSP: 0018:ffffc900001e09d0 EFLAGS: 00010082 [ 52.982307][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 52.982318][ C1] RDX: ffff88801b650000 RSI: ffffffff8160d108 RDI: fffff5200003c12c [ 52.982331][ C1] RBP: ffff8880250a26e0 R08: 0000000000000005 R09: 0000000000000000 [ 52.982346][ C1] R10: 0000000000000102 R11: 0000000000000001 R12: 0000000000000046 [ 52.982360][ C1] R13: ffff88802089c058 R14: 00000000fffffff0 R15: ffff888016742a00 [ 52.982387][ C1] ? vprintk+0x88/0x90 [ 52.982416][ C1] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 52.982449][ C1] cm109_urb_irq_callback+0x44c/0xaa0 [ 52.982472][ C1] ? dummy_timer+0x11e7/0x32b0 [ 52.982503][ C1] __usb_hcd_giveback_urb+0x2b0/0x5c0 [ 52.982533][ C1] usb_hcd_giveback_urb+0x367/0x410 [ 52.982561][ C1] dummy_timer+0x11f9/0x32b0 [ 52.982588][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 52.982647][ C1] ? dummy_dequeue+0x500/0x500 [ 52.982681][ C1] ? dummy_dequeue+0x500/0x500 [ 52.982706][ C1] call_timer_fn+0x1a5/0x6b0 [ 52.982725][ C1] ? timer_fixup_activate+0x350/0x350 [ 52.982752][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 52.982774][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 52.982799][ C1] ? dummy_dequeue+0x500/0x500 [ 52.982823][ C1] __run_timers.part.0+0x679/0xa80 [ 52.982849][ C1] ? call_timer_fn+0x6b0/0x6b0 [ 52.982871][ C1] ? __wake_up_locked_sync_key+0x20/0x20 [ 52.982902][ C1] run_timer_softirq+0xb3/0x1d0 [ 52.982929][ C1] __do_softirq+0x29b/0x9c2 [ 52.982964][ C1] __irq_exit_rcu+0x123/0x180 [ 52.982986][ C1] irq_exit_rcu+0x5/0x20 [ 52.983001][ C1] sysvec_apic_timer_interrupt+0x93/0xc0 [ 52.983028][ C1] [ 52.983037][ C1] [ 52.983043][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 52.983071][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 52.983093][ C1] Code: 48 89 ef 5d e9 41 3b 4c 00 5d be 03 00 00 00 e9 b6 47 82 02 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 39 03 88 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b [ 52.983112][ C1] RSP: 0018:ffffc900029cf508 EFLAGS: 00000293 [ 52.983131][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 52.983145][ C1] RDX: ffff88801b650000 RSI: ffffffff81608ee5 RDI: 0000000000000007 [ 52.983158][ C1] RBP: ffffc900029cf6b0 R08: 0000000000000007 R09: 0000000000000000 [ 52.983173][ C1] R10: 0000000000000200 R11: 0000000000000001 R12: 0000000000000001 [ 52.983183][ C1] R13: ffffffff90f13d20 R14: 0000000000000200 R15: ffffffff8c81c298 [ 52.983206][ C1] ? console_emit_next_record.constprop.0+0x4f5/0x840 [ 52.983247][ C1] console_emit_next_record.constprop.0+0x4fb/0x840 [ 52.983276][ C1] ? devkmsg_read+0x730/0x730 [ 52.983311][ C1] ? lock_release+0x780/0x780 [ 52.983335][ C1] console_unlock+0x37a/0x5a0 [ 52.983358][ C1] ? console_emit_next_record.constprop.0+0x840/0x840 [ 52.983378][ C1] ? __down_trylock_console_sem+0x108/0x120 [ 52.983405][ C1] ? dev_vprintk_emit+0x2bd/0x3b2 [ 52.983430][ C1] ? dev_vprintk_emit+0x36e/0x3b2 [ 52.983451][ C1] vprintk_emit+0x1b9/0x5f0 [ 52.983473][ C1] dev_vprintk_emit+0x36e/0x3b2 [ 52.983499][ C1] ? dev_attr_show.cold+0x3a/0x3a [ 52.983527][ C1] ? __lock_acquire+0x163e/0x5660 [ 52.983553][ C1] dev_printk_emit+0xba/0xf1 [ 52.983569][ C1] ? dev_vprintk_emit+0x3b2/0x3b2 [ 52.983587][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 52.983609][ C1] ? lock_chain_count+0x20/0x20 [ 52.983629][ C1] ? find_held_lock+0x2d/0x110 [ 52.983656][ C1] __dev_printk+0xcf/0xf5 [ 52.983675][ C1] _dev_info+0xd7/0x109 [ 52.983691][ C1] ? _dev_notice+0x109/0x109 [ 52.983712][ C1] ? mark_held_locks+0x9f/0xe0 [ 52.983732][ C1] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 52.983750][ C1] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 52.983774][ C1] usb_disconnect.cold+0x25/0x6ec [ 52.983800][ C1] hub_event+0x1e83/0x4690 [ 52.983845][ C1] ? hub_port_debounce+0x3c0/0x3c0 [ 52.983875][ C1] ? lock_release+0x780/0x780 [ 52.983897][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 52.983924][ C1] ? do_raw_spin_lock+0x120/0x2a0 [ 52.983954][ C1] process_one_work+0x996/0x1610 [ 52.983989][ C1] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 52.984017][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 52.984038][ C1] ? _raw_spin_lock_irq+0x41/0x50 [ 52.984069][ C1] worker_thread+0x665/0x1080 [ 52.984096][ C1] ? __kthread_parkme+0x15f/0x220 [ 52.984116][ C1] ? process_one_work+0x1610/0x1610 [ 52.984144][ C1] kthread+0x2e9/0x3a0 [ 52.984166][ C1] ? kthread_complete_and_exit+0x40/0x40 [ 52.984192][ C1] ret_from_fork+0x1f/0x30 [ 52.984239][ C1] [ 52.985319][ C1] Kernel Offset: disabled [ 54.109924][ C1] Rebooting in 86400 seconds..