./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor575962079 <...> Warning: Permanently added '10.128.1.69' (ED25519) to the list of known hosts. execve("./syz-executor575962079", ["./syz-executor575962079"], 0x7fff41404db0 /* 10 vars */) = 0 brk(NULL) = 0x55557d39d000 brk(0x55557d39dd00) = 0x55557d39dd00 arch_prctl(ARCH_SET_FS, 0x55557d39d380) = 0 set_tid_address(0x55557d39d650) = 5839 set_robust_list(0x55557d39d660, 24) = 0 rseq(0x55557d39dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor575962079", 4096) = 27 getrandom("\x52\x30\xb8\xb3\x54\xff\xfc\x12", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557d39dd00 brk(0x55557d3bed00) = 0x55557d3bed00 brk(0x55557d3bf000) = 0x55557d3bf000 mprotect(0x7fb79739b000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5840 attached [pid 5840] set_robust_list(0x55557d39d660, 24 [pid 5839] <... clone resumed>, child_tidptr=0x55557d39d650) = 5840 [pid 5840] <... set_robust_list resumed>) = 0 [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] setpgid(0, 0) = 0 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5840] write(3, "1000", 4) = 4 [pid 5840] close(3) = 0 [pid 5840] write(1, "executing program\n", 18executing program ) = 18 [pid 5840] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5840] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe09476290) = 0 [pid 5840] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe09475280) = 18 [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [ 91.762303][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe09475280) = 18 [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe09475280) = 9 [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [ 91.932000][ T9] usb 1-1: Using ep0 maxpacket: 8 [pid 5840] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe09475280) = 27 [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe09475280) = 4 [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe09475280) = 8 [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [ 91.972235][ T9] usb 1-1: config 0 has an invalid interface number: 200 but max is 0 [ 91.980680][ T9] usb 1-1: config 0 has no interface number 0 [ 91.987079][ T9] usb 1-1: config 0 interface 200 altsetting 2 has an endpoint descriptor with address 0xED, changing to 0x8D [ 91.998841][ T9] usb 1-1: config 0 interface 200 altsetting 2 bulk endpoint 0x8D has invalid maxpacket 16 [ 92.008932][ T9] usb 1-1: config 0 interface 200 has no altsetting 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe09475280) = 8 [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe09475280) = 8 [pid 5840] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xb) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5840] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fb7973a13ec) = -1 EINVAL (Invalid argument) [pid 5840] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe09475280) = 0 [ 92.071251][ T9] usb 1-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39 [ 92.080701][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.088827][ T9] usb 1-1: Product: syz [ 92.093072][ T9] usb 1-1: Manufacturer: syz [ 92.097695][ T9] usb 1-1: SerialNumber: syz [ 92.105837][ T9] usb 1-1: config 0 descriptor?? [ 92.113806][ T5840] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [pid 5840] exit_group(0) = ? [pid 5840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557d39d650) = 5846 ./strace-static-x86_64: Process 5846 attached [pid 5846] set_robust_list(0x55557d39d660, 24) = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5846] setpgid(0, 0) = 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 92.353759][ T9] input: Hanwang Art Master III 0906 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.200/input/input5 [ 92.370323][ T5191] ------------[ cut here ]------------ [ 92.376085][ T5191] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 92.384459][ T5191] WARNING: CPU: 1 PID: 5191 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc82/0x1890 [ 92.392627][ T9] usb 1-1: USB disconnect, device number 2 [ 92.394687][ T5191] Modules linked in: [ 92.404468][ T5191] CPU: 1 UID: 0 PID: 5191 Comm: acpid Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 92.414467][ T5191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 92.424996][ T5191] RIP: 0010:usb_submit_urb+0xc82/0x1890 [ 92.430618][ T5191] Code: 89 e0 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 6d 08 00 00 45 8b 04 24 48 c7 c7 e0 5d 33 8c 4c 89 f6 4c 89 fa e8 ef 4b 6b fa 90 <0f> 0b 90 90 44 0f b6 64 24 48 4c 89 e7 48 c7 c6 b0 f6 dc 8e e8 b5 [pid 5846] write(3, "1000", 4) = 4 [pid 5846] close(3) = 0 [pid 5846] write(1, "executing program\n", 18executing program ) = 18 [pid 5846] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5846] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe09476290) = 0 [ 92.450767][ T5191] RSP: 0018:ffffc90003047648 EFLAGS: 00010246 [ 92.457106][ T5191] RAX: ea37b9e6b4509100 RBX: ffff88801a592c00 RCX: ffff8880749a3c00 [ 92.465234][ T5191] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 92.473381][ T5191] RBP: 0000000000000000 R08: ffffc90003047367 R09: 1ffff92000608e6c [ 92.481384][ T5191] R10: dffffc0000000000 R11: fffff52000608e6d R12: ffffffff8c335bc8 [ 92.489456][ T5191] R13: dffffc0000000000 R14: ffffffff8c33c6c0 R15: ffff888020ea4960 [pid 5846] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5846] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe09476290) = 0 [ 92.497505][ T5191] FS: 00007f102c2e0740(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000 [ 92.506534][ T5191] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.513212][ T5191] CR2: 0000558ef39bc368 CR3: 000000002f7f8000 CR4: 00000000003526f0 [ 92.521235][ T5191] Call Trace: [ 92.524628][ T5191] [ 92.527608][ T5191] hanwang_open+0x9f/0xd0 [ 92.532033][ T5191] input_open_device+0x1c5/0x360 [ 92.537044][ T5191] evdev_open+0x4ac/0x5a0 [ 92.541427][ T5191] chrdev_open+0x4c9/0x5e0 [ 92.545934][ T5191] ? __pfx_chrdev_open+0x10/0x10 [ 92.550995][ T5191] ? __pfx_chrdev_open+0x10/0x10 [ 92.556037][ T5191] do_dentry_open+0xdf0/0x1970 [ 92.560924][ T5191] vfs_open+0x3b/0x340 [ 92.565085][ T5191] ? path_openat+0x2ecd/0x3830 [ 92.570024][ T5191] path_openat+0x2ee5/0x3830 [ 92.574686][ T5191] ? arch_stack_walk+0xfc/0x150 [ 92.579625][ T5191] ? __pfx_path_openat+0x10/0x10 [ 92.584639][ T5191] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.590755][ T5191] do_filp_open+0x1fa/0x410 [ 92.595360][ T5191] ? __lock_acquire+0xab9/0xd20 [ 92.600249][ T5191] ? __pfx_do_filp_open+0x10/0x10 [ 92.605387][ T5191] ? _raw_spin_unlock+0x28/0x50 [ 92.610306][ T5191] ? alloc_fd+0x64c/0x6c0 [ 92.614738][ T5191] do_sys_openat2+0x121/0x1c0 [ 92.619550][ T5191] ? __pfx_do_sys_openat2+0x10/0x10 [ 92.624873][ T5191] ? ksys_read+0x1e1/0x250 [ 92.629331][ T5191] ? __pfx_ksys_read+0x10/0x10 [ 92.634169][ T5191] ? rcu_is_watching+0x15/0xb0 [ 92.639044][ T5191] __x64_sys_openat+0x138/0x170 [ 92.644055][ T5191] do_syscall_64+0xfa/0x3b0 [ 92.648584][ T5191] ? lockdep_hardirqs_on+0x9c/0x150 [ 92.653849][ T5191] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.659992][ T5191] ? clear_bhb_loop+0x60/0xb0 [ 92.664790][ T5191] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.670713][ T5191] RIP: 0033:0x7f102c36a407 [ 92.675248][ T5191] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 92.694940][ T5191] RSP: 002b:00007ffe208ca8a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 92.703494][ T5191] RAX: ffffffffffffffda RBX: 00007f102c2e0740 RCX: 00007f102c36a407 [ 92.711524][ T5191] RDX: 0000000000080800 RSI: 00007ffe208caab0 RDI: ffffffffffffff9c [ 92.719576][ T5191] RBP: 00007ffe208caab0 R08: 0000000000000000 R09: 0000000000000000 [ 92.727729][ T5191] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000020 [ 92.735804][ T5191] R13: 00007ffe208cabb0 R14: 000055820532e7fe R15: 00007ffe208cabb0 [ 92.743881][ T5191] [ 92.746945][ T5191] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 92.754241][ T5191] CPU: 1 UID: 0 PID: 5191 Comm: acpid Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 92.763703][ T5191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 92.773771][ T5191] Call Trace: [ 92.777116][ T5191] [ 92.780062][ T5191] dump_stack_lvl+0x99/0x250 [ 92.784668][ T5191] ? __asan_memcpy+0x40/0x70 [ 92.789275][ T5191] ? __pfx_dump_stack_lvl+0x10/0x10 [ 92.794504][ T5191] ? __pfx__printk+0x10/0x10 [ 92.799149][ T5191] panic+0x2db/0x790 [ 92.803083][ T5191] ? __pfx_panic+0x10/0x10 [ 92.807518][ T5191] ? show_trace_log_lvl+0x4fb/0x550 [ 92.812751][ T5191] __warn+0x31b/0x4b0 [ 92.816753][ T5191] ? usb_submit_urb+0xc82/0x1890 [ 92.821727][ T5191] ? usb_submit_urb+0xc82/0x1890 [ 92.826683][ T5191] report_bug+0x2be/0x4f0 [ 92.831027][ T5191] ? usb_submit_urb+0xc82/0x1890 [ 92.836072][ T5191] ? usb_submit_urb+0xc82/0x1890 [ 92.841036][ T5191] ? usb_submit_urb+0xc84/0x1890 [ 92.846000][ T5191] handle_bug+0x84/0x160 [ 92.850260][ T5191] exc_invalid_op+0x1a/0x50 [ 92.854790][ T5191] asm_exc_invalid_op+0x1a/0x20 [ 92.859738][ T5191] RIP: 0010:usb_submit_urb+0xc82/0x1890 [ 92.865298][ T5191] Code: 89 e0 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 6d 08 00 00 45 8b 04 24 48 c7 c7 e0 5d 33 8c 4c 89 f6 4c 89 fa e8 ef 4b 6b fa 90 <0f> 0b 90 90 44 0f b6 64 24 48 4c 89 e7 48 c7 c6 b0 f6 dc 8e e8 b5 [ 92.884930][ T5191] RSP: 0018:ffffc90003047648 EFLAGS: 00010246 [ 92.891021][ T5191] RAX: ea37b9e6b4509100 RBX: ffff88801a592c00 RCX: ffff8880749a3c00 [ 92.899003][ T5191] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 92.906986][ T5191] RBP: 0000000000000000 R08: ffffc90003047367 R09: 1ffff92000608e6c [ 92.914969][ T5191] R10: dffffc0000000000 R11: fffff52000608e6d R12: ffffffff8c335bc8 [ 92.922958][ T5191] R13: dffffc0000000000 R14: ffffffff8c33c6c0 R15: ffff888020ea4960 [ 92.930976][ T5191] ? usb_submit_urb+0xc81/0x1890 [ 92.935961][ T5191] hanwang_open+0x9f/0xd0 [ 92.940302][ T5191] input_open_device+0x1c5/0x360 [ 92.945261][ T5191] evdev_open+0x4ac/0x5a0 [ 92.949615][ T5191] chrdev_open+0x4c9/0x5e0 [ 92.954053][ T5191] ? __pfx_chrdev_open+0x10/0x10 [ 92.959011][ T5191] ? __pfx_chrdev_open+0x10/0x10 [ 92.963962][ T5191] do_dentry_open+0xdf0/0x1970 [ 92.968753][ T5191] vfs_open+0x3b/0x340 [ 92.972834][ T5191] ? path_openat+0x2ecd/0x3830 [ 92.977621][ T5191] path_openat+0x2ee5/0x3830 [ 92.982234][ T5191] ? arch_stack_walk+0xfc/0x150 [ 92.987129][ T5191] ? __pfx_path_openat+0x10/0x10 [ 92.992079][ T5191] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.998188][ T5191] do_filp_open+0x1fa/0x410 [ 93.003252][ T5191] ? __lock_acquire+0xab9/0xd20 [ 93.008113][ T5191] ? __pfx_do_filp_open+0x10/0x10 [ 93.013182][ T5191] ? _raw_spin_unlock+0x28/0x50 [ 93.018061][ T5191] ? alloc_fd+0x64c/0x6c0 [ 93.022412][ T5191] do_sys_openat2+0x121/0x1c0 [ 93.027110][ T5191] ? __pfx_do_sys_openat2+0x10/0x10 [ 93.032329][ T5191] ? ksys_read+0x1e1/0x250 [ 93.036755][ T5191] ? __pfx_ksys_read+0x10/0x10 [ 93.041537][ T5191] ? rcu_is_watching+0x15/0xb0 [ 93.046320][ T5191] __x64_sys_openat+0x138/0x170 [ 93.051327][ T5191] do_syscall_64+0xfa/0x3b0 [ 93.055940][ T5191] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.061156][ T5191] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.067238][ T5191] ? clear_bhb_loop+0x60/0xb0 [ 93.072001][ T5191] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.077933][ T5191] RIP: 0033:0x7f102c36a407 [ 93.082382][ T5191] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 93.102018][ T5191] RSP: 002b:00007ffe208ca8a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 93.110453][ T5191] RAX: ffffffffffffffda RBX: 00007f102c2e0740 RCX: 00007f102c36a407 [ 93.118437][ T5191] RDX: 0000000000080800 RSI: 00007ffe208caab0 RDI: ffffffffffffff9c [ 93.126425][ T5191] RBP: 00007ffe208caab0 R08: 0000000000000000 R09: 0000000000000000 [ 93.134411][ T5191] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000020 [ 93.142421][ T5191] R13: 00007ffe208cabb0 R14: 000055820532e7fe R15: 00007ffe208cabb0 [ 93.150417][ T5191] [ 93.153830][ T5191] Kernel Offset: disabled [ 93.158176][ T5191] Rebooting in 86400 seconds..