./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor884329258 <...> Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. execve("./syz-executor884329258", ["./syz-executor884329258"], 0x7ffe689e9d00 /* 10 vars */) = 0 brk(NULL) = 0x555555a9d000 brk(0x555555a9dc40) = 0x555555a9dc40 arch_prctl(ARCH_SET_FS, 0x555555a9d300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555a9d5d0) = 3606 set_robust_list(0x555555a9d5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fc355cc09b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fc355cc1080}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fc355cc0a50, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc355cc1080}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor884329258", 4096) = 27 brk(0x555555abec40) = 0x555555abec40 brk(0x555555abf000) = 0x555555abf000 mprotect(0x7fc355d81000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7fc355d874cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc355c90000 mprotect(0x7fc355c91000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7fc355cb03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3607], tls=0x7fc355cb0700, child_tidptr=0x7fc355cb09d0) = 3607 futex(0x7fc355d874c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7fc355d874cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000}./strace-static-x86_64: Process 3607 attached [pid 3607] set_robust_list(0x7fc355cb09e0, 24) = 0 [pid 3607] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3607] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fc355caf2b0) = 0 [pid 3607] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fc355caf2b0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fc355caf2b0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fc355cae2a0) = 18 syzkaller login: [ 49.211128][ T141] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3607] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fc355caf2b0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fc355cae2a0) = 18 [ 49.451086][ T141] usb 1-1: Using ep0 maxpacket: 16 [pid 3607] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fc355caf2b0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fc355cae2a0) = 9 [pid 3607] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fc355caf2b0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fc355cae2a0) = 27 [pid 3607] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fc355caf2b0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fc355cae2a0) = 4 [ 49.581464][ T141] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [pid 3607] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fc355caf2b0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fc355cae2a0) = 8 [pid 3607] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fc355caf2b0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fc355cae2a0) = 8 [pid 3607] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fc355caf2b0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fc355cae2a0) = 8 [pid 3607] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fc355caf2b0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fc355d8760c) = 6 [ 49.751770][ T141] usb 1-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice=80.f3 [ 49.760848][ T141] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 49.768878][ T141] usb 1-1: Product: syz [ 49.773082][ T141] usb 1-1: Manufacturer: syz [ 49.777663][ T141] usb 1-1: SerialNumber: syz [ 49.785600][ T141] usb 1-1: config 0 descriptor?? [pid 3607] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fc355cae2a0) = 0 [ 49.845832][ T141] input: iMON Panel, Knob and Mouse(15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [pid 3607] futex(0x7fc355d874cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3606] <... futex resumed>) = 0 [pid 3606] futex(0x7fc355d874c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3606] futex(0x7fc355d874cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3607] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fc355caf2d0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fc355cae2c0) = 8 [ 50.131085][ T141] rc_core: IR keymap rc-imon-pad not found [ 50.136904][ T141] Registered IR keymap rc-empty [ 50.141867][ T141] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 50.152130][ T141] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [pid 3607] futex(0x7fc355d874cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3606] <... futex resumed>) = 0 [pid 3607] futex(0x7fc355d874c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3606] futex(0x7fc355d874c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3607] <... futex resumed>) = 0 [pid 3606] futex(0x7fc355d874cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3607] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fc355caf2d0) = 0 [pid 3607] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fc355cae2c0) = 8 [ 50.302200][ T141] rc rc0: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 50.313262][ T141] input: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 50.328734][ T141] imon 1-1:0.0: iMON device (15c2:0040, intf0) on usb<1:2> initialized [pid 3607] futex(0x7fc355d874cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3606] <... futex resumed>) = 0 [pid 3607] <... futex resumed>) = 1 [pid 3606] futex(0x7fc355d874c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR [pid 3606] <... futex resumed>) = 0 [pid 3606] futex(0x7fc355d874cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3607] <... openat resumed>) = 4 [pid 3607] futex(0x7fc355d874cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3607] futex(0x7fc355d874c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3606] <... futex resumed>) = 0 [pid 3606] futex(0x7fc355d874c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3607] <... futex resumed>) = 0 [pid 3606] futex(0x7fc355d874cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3607] write(4, "\x68\x04\xd2\x58\xd4\x56\x9c\x00\x68\x00\x00\x00\x00\x00\x7f\xcc\x96\x4e\x80\xcb\x4e\x71\x97\x0d\xb8\x4e\x67\xb7\x6a\x0e\xf5", 31 [pid 3606] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3606] futex(0x7fc355d874dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc355c6f000 [pid 3606] mprotect(0x7fc355c70000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3606] clone(child_stack=0x7fc355c8f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3612 attached , parent_tid=[3612], tls=0x7fc355c8f700, child_tidptr=0x7fc355c8f9d0) = 3612 [pid 3606] futex(0x7fc355d874d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3606] futex(0x7fc355d874dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3612] set_robust_list(0x7fc355c8f9e0, 24) = 0 [pid 3612] write(4, "\xe8", 1 [pid 3606] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 50.540214][ T3612] ------------[ cut here ]------------ [ 50.546071][ T3612] URB ffff888016b68600 submitted while active [ 50.552674][ T3612] WARNING: CPU: 1 PID: 3612 at drivers/usb/core/urb.c:378 usb_submit_urb+0x14e8/0x1880 [ 50.562460][ T3612] Modules linked in: [ 50.566354][ T3612] CPU: 1 PID: 3612 Comm: syz-executor884 Not tainted 6.0.0-rc2-syzkaller-00327-g8379c0b31fbc #0 [ 50.576813][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 50.586906][ T3612] RIP: 0010:usb_submit_urb+0x14e8/0x1880 [ 50.592583][ T3612] Code: 89 de e8 8b 8c ee fb 84 db 0f 85 a3 f3 ff ff e8 fe 8f ee fb 4c 89 fe 48 c7 c7 60 e7 8f 8a c6 05 fd 16 3c 08 01 e8 55 d2 ac 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 d7 8f ee fb 48 8b 7c 24 40 [ 50.612255][ T3612] RSP: 0018:ffffc9000396fc50 EFLAGS: 00010286 [ 50.618315][ T3612] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 50.626315][ T3612] RDX: ffff888017fa8000 RSI: ffffffff8161f408 RDI: fffff5200072df7c [ 50.634334][ T3612] RBP: ffff8880206b5910 R08: 0000000000000005 R09: 0000000000000000 [ 50.642598][ T3612] R10: 0000000080000000 R11: 0000000000000000 R12: ffff888016b68600 [ 50.650580][ T3612] R13: ffff88801b93d128 R14: 00000000fffffff0 R15: ffff888016b68600 [ 50.658613][ T3612] FS: 00007fc355c8f700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 50.667613][ T3612] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.674274][ T3612] CR2: 00007faeda5f5a70 CR3: 0000000072f48000 CR4: 00000000003506e0 [ 50.682363][ T3612] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 3606] exit_group(0) = ? [ 50.690346][ T3612] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 50.698373][ T3612] Call Trace: [ 50.701685][ T3612] [ 50.704615][ T3612] ? rcu_read_lock_sched_held+0x3a/0x70 [ 50.710165][ T3612] ? trace_kmalloc+0x32/0x100 [ 50.714903][ T3612] send_packet+0x422/0xbc0 [ 50.719350][ T3612] vfd_write+0x2d9/0x550 [ 50.723661][ T3612] vfs_write+0x2d7/0xdd0 [ 50.727923][ T3612] ? send_packet+0xbc0/0xbc0 [ 50.733043][ T3612] ? vfs_read+0x930/0x930 [ 50.733168][ T3607] imon:send_packet: task interrupted [ 50.737383][ T3612] ? __fget_files+0x26a/0x440 [ 50.747377][ T3612] ? __fget_light+0xe5/0x270 [ 50.752033][ T3612] ksys_write+0x127/0x250 [ 50.756357][ T3612] ? __ia32_sys_read+0xb0/0xb0 [ 50.761153][ T3612] ? lockdep_hardirqs_on+0x79/0x100 [ 50.766390][ T3612] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.771650][ T3612] ? ptrace_notify+0xfa/0x140 [ 50.776345][ T3612] do_syscall_64+0x35/0xb0 [ 50.780755][ T3612] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.786705][ T3612] RIP: 0033:0x7fc355d03119 [ 50.791188][ T3612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 50.810895][ T3612] RSP: 002b:00007fc355c8f2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 50.819390][ T3612] RAX: ffffffffffffffda RBX: 00007fc355d874d0 RCX: 00007fc355d03119 [ 50.827400][ T3612] RDX: 0000000000000001 RSI: 00000000200004c0 RDI: 0000000000000004 [ 50.835412][ T3612] RBP: 00007fc355d874dc R08: 00007fc355c8f700 R09: 0000000000000000 [ 50.843417][ T3612] R10: 00007fc355c8f700 R11: 0000000000000246 R12: 00007fc355d55080 [ 50.851432][ T3612] R13: 0b8b0509005505e1 R14: 0d97714ecb804e96 R15: 00007fc355d874d8 [ 50.859416][ T3612] [ 50.862477][ T3612] Kernel panic - not syncing: panic_on_warn set ... [ 50.869058][ T3612] CPU: 1 PID: 3612 Comm: syz-executor884 Not tainted 6.0.0-rc2-syzkaller-00327-g8379c0b31fbc #0 [ 50.879455][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 50.889498][ T3612] Call Trace: [ 50.892763][ T3612] [ 50.895684][ T3612] dump_stack_lvl+0xcd/0x134 [ 50.900339][ T3612] panic+0x2c8/0x627 [ 50.904224][ T3612] ? panic_print_sys_info.part.0+0x10b/0x10b [ 50.910202][ T3612] ? __warn.cold+0x248/0x2c4 [ 50.914795][ T3612] ? usb_submit_urb+0x14e8/0x1880 [ 50.919832][ T3612] __warn.cold+0x259/0x2c4 [ 50.924249][ T3612] ? __wake_up_klogd.part.0+0x99/0xf0 [ 50.929633][ T3612] ? usb_submit_urb+0x14e8/0x1880 [ 50.934670][ T3612] report_bug+0x1bc/0x210 [ 50.939015][ T3612] handle_bug+0x3c/0x60 [ 50.943177][ T3612] exc_invalid_op+0x14/0x40 [ 50.947695][ T3612] asm_exc_invalid_op+0x16/0x20 [ 50.952551][ T3612] RIP: 0010:usb_submit_urb+0x14e8/0x1880 [ 50.958209][ T3612] Code: 89 de e8 8b 8c ee fb 84 db 0f 85 a3 f3 ff ff e8 fe 8f ee fb 4c 89 fe 48 c7 c7 60 e7 8f 8a c6 05 fd 16 3c 08 01 e8 55 d2 ac 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 d7 8f ee fb 48 8b 7c 24 40 [ 50.977818][ T3612] RSP: 0018:ffffc9000396fc50 EFLAGS: 00010286 [ 50.983894][ T3612] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 50.991876][ T3612] RDX: ffff888017fa8000 RSI: ffffffff8161f408 RDI: fffff5200072df7c [ 50.999851][ T3612] RBP: ffff8880206b5910 R08: 0000000000000005 R09: 0000000000000000 [ 51.007824][ T3612] R10: 0000000080000000 R11: 0000000000000000 R12: ffff888016b68600 [ 51.015810][ T3612] R13: ffff88801b93d128 R14: 00000000fffffff0 R15: ffff888016b68600 [ 51.023803][ T3612] ? vprintk+0x88/0x90 [ 51.027897][ T3612] ? rcu_read_lock_sched_held+0x3a/0x70 [ 51.033461][ T3612] ? trace_kmalloc+0x32/0x100 [ 51.038163][ T3612] send_packet+0x422/0xbc0 [ 51.042591][ T3612] vfd_write+0x2d9/0x550 [ 51.046848][ T3612] vfs_write+0x2d7/0xdd0 [ 51.051111][ T3612] ? send_packet+0xbc0/0xbc0 [ 51.055803][ T3612] ? vfs_read+0x930/0x930 [ 51.060153][ T3612] ? __fget_files+0x26a/0x440 [ 51.064867][ T3612] ? __fget_light+0xe5/0x270 [ 51.069477][ T3612] ksys_write+0x127/0x250 [ 51.073835][ T3612] ? __ia32_sys_read+0xb0/0xb0 [ 51.078619][ T3612] ? lockdep_hardirqs_on+0x79/0x100 [ 51.083833][ T3612] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.089046][ T3612] ? ptrace_notify+0xfa/0x140 [ 51.093737][ T3612] do_syscall_64+0x35/0xb0 [ 51.098178][ T3612] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.104084][ T3612] RIP: 0033:0x7fc355d03119 [ 51.108508][ T3612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 51.128134][ T3612] RSP: 002b:00007fc355c8f2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.136557][ T3612] RAX: ffffffffffffffda RBX: 00007fc355d874d0 RCX: 00007fc355d03119 [ 51.144533][ T3612] RDX: 0000000000000001 RSI: 00000000200004c0 RDI: 0000000000000004 [ 51.152506][ T3612] RBP: 00007fc355d874dc R08: 00007fc355c8f700 R09: 0000000000000000 [ 51.160478][ T3612] R10: 00007fc355c8f700 R11: 0000000000000246 R12: 00007fc355d55080 [ 51.168460][ T3612] R13: 0b8b0509005505e1 R14: 0d97714ecb804e96 R15: 00007fc355d874d8 [ 51.176471][ T3612] [ 51.179772][ T3612] Kernel Offset: disabled [ 51.184152][ T3612] Rebooting in 86400 seconds..