./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2706188077 <...> DUID 00:04:fb:87:82:62:74:5a:87:37:86:23:e7:72:30:e3:bc:00 forked to background, child pid 3182 [ 23.570354][ T3183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.587386][ T3183] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.11' (ECDSA) to the list of known hosts. execve("./syz-executor2706188077", ["./syz-executor2706188077"], 0x7ffcb3d9e1c0 /* 10 vars */) = 0 brk(NULL) = 0x555556c3d000 brk(0x555556c3dc40) = 0x555556c3dc40 arch_prctl(ARCH_SET_FS, 0x555556c3d300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556c3d5d0) = 3602 set_robust_list(0x555556c3d5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fadb5b8e940, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fadb5b8f010}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fadb5b8e9e0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fadb5b8f010}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2706188077", 4096) = 28 brk(0x555556c5ec40) = 0x555556c5ec40 brk(0x555556c5f000) = 0x555556c5f000 mprotect(0x7fadb5c4f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7fadb5c554cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fadb5b5e000 mprotect(0x7fadb5b5f000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7fadb5b7e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3603], tls=0x7fadb5b7e700, child_tidptr=0x7fadb5b7e9d0) = 3603 futex(0x7fadb5c554c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7fadb5c554cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000}./strace-static-x86_64: Process 3603 attached [pid 3603] set_robust_list(0x7fadb5b7e9e0, 24) = 0 [pid 3603] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3603] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fadb5b7d2d0) = 0 [pid 3603] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fadb5b7d2d0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fadb5b7d2d0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fadb5b7c2c0) = 18 syzkaller login: [ 39.065907][ T26] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3603] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fadb5b7d2d0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fadb5b7c2c0) = 18 [ 39.315906][ T26] usb 1-1: Using ep0 maxpacket: 16 [pid 3603] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fadb5b7d2d0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fadb5b7c2c0) = 9 [pid 3603] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fadb5b7d2d0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fadb5b7c2c0) = 27 [pid 3603] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fadb5b7d2d0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fadb5b7c2c0) = 4 [ 39.436603][ T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [pid 3603] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fadb5b7d2d0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fadb5b7c2c0) = 8 [pid 3603] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fadb5b7d2d0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fadb5b7c2c0) = 8 [pid 3603] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fadb5b7d2d0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fadb5b7c2c0) = 8 [pid 3603] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fadb5b7d2d0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fadb5c5560c) = 6 [pid 3603] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fadb5b7c2c0) = 0 [ 39.625944][ T26] usb 1-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice=80.f3 [ 39.635124][ T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 39.643164][ T26] usb 1-1: Product: syz [ 39.647355][ T26] usb 1-1: Manufacturer: syz [ 39.651936][ T26] usb 1-1: SerialNumber: syz [ 39.658733][ T26] usb 1-1: config 0 descriptor?? [ 39.697919][ T26] input: iMON Panel, Knob and Mouse(15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [pid 3603] futex(0x7fadb5c554cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3602] <... futex resumed>) = 0 [pid 3603] futex(0x7fadb5c554c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3602] futex(0x7fadb5c554c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3603] <... futex resumed>) = 0 [pid 3602] futex(0x7fadb5c554cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3603] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fadb5b7d2f0) = 0 [pid 3603] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fadb5b7c2e0) = 8 [ 39.985995][ T26] rc_core: IR keymap rc-imon-pad not found [ 39.991826][ T26] Registered IR keymap rc-empty [ 39.996901][ T26] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 40.007038][ T26] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [pid 3603] futex(0x7fadb5c554cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3602] <... futex resumed>) = 0 [pid 3603] <... futex resumed>) = 1 [pid 3602] futex(0x7fadb5c554c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3603] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3602] <... futex resumed>) = 0 [pid 3603] <... ioctl resumed>, 0x7fadb5b7d2f0) = 0 [pid 3602] futex(0x7fadb5c554cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3603] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fadb5b7c2e0) = 8 [ 40.156490][ T26] rc rc0: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 40.167302][ T26] input: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 40.180157][ T26] imon 1-1:0.0: iMON device (15c2:0040, intf0) on usb<1:2> initialized [pid 3603] futex(0x7fadb5c554cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3602] <... futex resumed>) = 0 [pid 3603] <... futex resumed>) = 1 [pid 3602] futex(0x7fadb5c554c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3603] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR [pid 3602] <... futex resumed>) = 0 [pid 3603] <... openat resumed>) = 4 [pid 3602] futex(0x7fadb5c554cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3603] futex(0x7fadb5c554cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3602] <... futex resumed>) = 0 [pid 3603] <... futex resumed>) = 1 [pid 3602] futex(0x7fadb5c554c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3603] write(4, "\x12", 1 [pid 3602] <... futex resumed>) = 0 [pid 3602] futex(0x7fadb5c554cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3602] futex(0x7fadb5c554dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fadb5b3d000 [pid 3602] mprotect(0x7fadb5b3e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3602] clone(child_stack=0x7fadb5b5d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3611 attached , parent_tid=[3611], tls=0x7fadb5b5d700, child_tidptr=0x7fadb5b5d9d0) = 3611 [pid 3602] futex(0x7fadb5c554d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] set_robust_list(0x7fadb5b5d9e0, 24 [pid 3602] <... futex resumed>) = 0 [pid 3602] futex(0x7fadb5c554dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3611] <... set_robust_list resumed>) = 0 [ 40.391142][ T3611] ------------[ cut here ]------------ [ 40.396868][ T3611] URB ffff888017955400 submitted while active [ 40.403178][ T3611] WARNING: CPU: 1 PID: 3611 at drivers/usb/core/urb.c:379 usb_submit_urb+0x1116/0x1920 [ 40.413049][ T3611] Modules linked in: [ 40.417011][ T3611] CPU: 1 PID: 3611 Comm: syz-executor270 Not tainted 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0 [ 40.427495][ T3611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [pid 3611] write(4, "\x12", 1 [pid 3602] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 40.437588][ T3611] RIP: 0010:usb_submit_urb+0x1116/0x1920 [ 40.443441][ T3611] Code: 00 41 8b 06 89 44 24 10 e9 a5 f8 ff ff e8 72 ed 71 fb c6 05 08 6a fb 07 01 48 c7 c7 e0 fe 53 8b 4c 89 ee 31 c0 e8 7a ef 38 fb <0f> 0b e9 62 ef ff ff e8 4e ed 71 fb eb 2d e8 47 ed 71 fb 44 8b 74 [ 40.463342][ T3611] RSP: 0018:ffffc90003dafb98 EFLAGS: 00010246 [ 40.469753][ T3611] RAX: 7c7fa8acd5779300 RBX: ffff888018781170 RCX: ffff888023e50000 [ 40.478126][ T3611] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 40.486277][ T3611] RBP: ffff888017955408 R08: ffffffff816ced5d R09: ffffed1017364f13 [ 40.494258][ T3611] R10: ffffed1017364f13 R11: 1ffff11017364f12 R12: 0000000000000cc0 [ 40.502475][ T3611] R13: ffff888017955400 R14: dffffc0000000000 R15: dffffc0000000000 [ 40.510640][ T3611] FS: 00007fadb5b5d700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 40.519760][ T3611] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.526504][ T3611] CR2: 0000555ca12a7b88 CR3: 000000007557c000 CR4: 00000000003506f0 [pid 3602] exit_group(0) = ? [ 40.534475][ T3611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.542692][ T3611] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.550875][ T3611] Call Trace: [ 40.554156][ T3611] [ 40.557316][ T3611] send_packet+0x5ad/0xa90 [ 40.561737][ T3611] vfd_write+0x218/0x5b0 [ 40.566360][ T3611] ? rcu_lock_release+0x20/0x20 [ 40.571217][ T3611] vfs_write+0x2e5/0xbb0 [ 40.575551][ T3611] ? file_end_write+0x230/0x230 [ 40.580930][ T3611] ? ptrace_stop+0x74d/0x970 [ 40.585541][ T3611] ? __fget_files+0x3ba/0x420 [ 40.590518][ T3611] ? __fdget_pos+0x1d2/0x2e0 [ 40.595121][ T3611] ? ksys_write+0x77/0x2c0 [ 40.595899][ T3603] imon:send_packet: task interrupted [ 40.599747][ T3611] ksys_write+0x19b/0x2c0 [ 40.609167][ T3611] ? print_irqtrace_events+0x220/0x220 [ 40.614624][ T3611] ? __ia32_sys_read+0x80/0x80 [ 40.619416][ T3611] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 40.625416][ T3611] do_syscall_64+0x2b/0x70 [ 40.629930][ T3611] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 40.635873][ T3611] RIP: 0033:0x7fadb5bd10a9 [ 40.640294][ T3611] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 40.660087][ T3611] RSP: 002b:00007fadb5b5d318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 40.668557][ T3611] RAX: ffffffffffffffda RBX: 00007fadb5c554d8 RCX: 00007fadb5bd10a9 [ 40.676614][ T3611] RDX: 0000000000000001 RSI: 0000000020001000 RDI: 0000000000000004 [ 40.684615][ T3611] RBP: 00007fadb5c554d0 R08: 00007fadb5b5d700 R09: 0000000000000000 [ 40.692624][ T3611] R10: 00007fadb5b5d700 R11: 0000000000000246 R12: 0b8b0509005504e1 [ 40.700631][ T3611] R13: 00007ffc538aa27f R14: 00007fadb5b5d400 R15: 0000000000022000 [ 40.708649][ T3611] [ 40.711678][ T3611] Kernel panic - not syncing: panic_on_warn set ... [ 40.718256][ T3611] CPU: 0 PID: 3611 Comm: syz-executor270 Not tainted 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0 [ 40.728673][ T3611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 40.738745][ T3611] Call Trace: [ 40.742036][ T3611] [ 40.744976][ T3611] dump_stack_lvl+0x1e3/0x2cb [ 40.749655][ T3611] ? nf_tcp_handle_invalid+0x62e/0x62e [ 40.755108][ T3611] ? panic+0x766/0x766 [ 40.759195][ T3611] ? vscnprintf+0x59/0x80 [ 40.763537][ T3611] ? usb_submit_urb+0x1060/0x1920 [ 40.768569][ T3611] panic+0x316/0x766 [ 40.772477][ T3611] ? __warn+0x131/0x220 [ 40.776633][ T3611] ? memcpy_page_flushcache+0xfc/0xfc [ 40.782030][ T3611] ? usb_submit_urb+0x1116/0x1920 [ 40.787072][ T3611] __warn+0x1fa/0x220 [ 40.791059][ T3611] ? usb_submit_urb+0x1116/0x1920 [ 40.796094][ T3611] report_bug+0x1b3/0x2d0 [ 40.800541][ T3611] handle_bug+0x3d/0x70 [ 40.804706][ T3611] exc_invalid_op+0x16/0x40 [ 40.809205][ T3611] asm_exc_invalid_op+0x16/0x20 [ 40.814062][ T3611] RIP: 0010:usb_submit_urb+0x1116/0x1920 [ 40.819692][ T3611] Code: 00 41 8b 06 89 44 24 10 e9 a5 f8 ff ff e8 72 ed 71 fb c6 05 08 6a fb 07 01 48 c7 c7 e0 fe 53 8b 4c 89 ee 31 c0 e8 7a ef 38 fb <0f> 0b e9 62 ef ff ff e8 4e ed 71 fb eb 2d e8 47 ed 71 fb 44 8b 74 [ 40.839300][ T3611] RSP: 0018:ffffc90003dafb98 EFLAGS: 00010246 [ 40.845366][ T3611] RAX: 7c7fa8acd5779300 RBX: ffff888018781170 RCX: ffff888023e50000 [ 40.853366][ T3611] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 40.861358][ T3611] RBP: ffff888017955408 R08: ffffffff816ced5d R09: ffffed1017364f13 [ 40.869340][ T3611] R10: ffffed1017364f13 R11: 1ffff11017364f12 R12: 0000000000000cc0 [ 40.877307][ T3611] R13: ffff888017955400 R14: dffffc0000000000 R15: dffffc0000000000 [ 40.885280][ T3611] ? __wake_up_klogd+0xcd/0x100 [ 40.890139][ T3611] ? usb_submit_urb+0x1116/0x1920 [ 40.895168][ T3611] send_packet+0x5ad/0xa90 [ 40.899588][ T3611] vfd_write+0x218/0x5b0 [ 40.903832][ T3611] ? rcu_lock_release+0x20/0x20 [ 40.908681][ T3611] vfs_write+0x2e5/0xbb0 [ 40.912933][ T3611] ? file_end_write+0x230/0x230 [ 40.917782][ T3611] ? ptrace_stop+0x74d/0x970 [ 40.922371][ T3611] ? __fget_files+0x3ba/0x420 [ 40.927056][ T3611] ? __fdget_pos+0x1d2/0x2e0 [ 40.931651][ T3611] ? ksys_write+0x77/0x2c0 [ 40.936070][ T3611] ksys_write+0x19b/0x2c0 [ 40.940403][ T3611] ? print_irqtrace_events+0x220/0x220 [ 40.945864][ T3611] ? __ia32_sys_read+0x80/0x80 [ 40.950631][ T3611] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 40.956610][ T3611] do_syscall_64+0x2b/0x70 [ 40.961020][ T3611] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 40.966922][ T3611] RIP: 0033:0x7fadb5bd10a9 [ 40.971335][ T3611] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 40.991025][ T3611] RSP: 002b:00007fadb5b5d318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 40.999435][ T3611] RAX: ffffffffffffffda RBX: 00007fadb5c554d8 RCX: 00007fadb5bd10a9 [ 41.007428][ T3611] RDX: 0000000000000001 RSI: 0000000020001000 RDI: 0000000000000004 [ 41.015394][ T3611] RBP: 00007fadb5c554d0 R08: 00007fadb5b5d700 R09: 0000000000000000 [ 41.023365][ T3611] R10: 00007fadb5b5d700 R11: 0000000000000246 R12: 0b8b0509005504e1 [ 41.031333][ T3611] R13: 00007ffc538aa27f R14: 00007fadb5b5d400 R15: 0000000000022000 [ 41.039307][ T3611] [ 41.042472][ T3611] Kernel Offset: disabled [ 41.046794][ T3611] Rebooting in 86400 seconds..