./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor844948500 <...> DUID 00:04:11:31:ea:d8:bb:db:47:a8:80:cb:7d:0b:3c:d8:ea:74 forked to background, child pid 3186 [ 26.881683][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.893472][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.9' (ECDSA) to the list of known hosts. execve("./syz-executor844948500", ["./syz-executor844948500"], 0x7ffd58f665e0 /* 10 vars */) = 0 brk(NULL) = 0x55555577d000 brk(0x55555577dc40) = 0x55555577dc40 arch_prctl(ARCH_SET_FS, 0x55555577d300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555577d5d0) = 3614 set_robust_list(0x55555577d5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f5133cfd950, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f5133cfe020}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f5133cfd9f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5133cfe020}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor844948500", 4096) = 27 brk(0x55555579ec40) = 0x55555579ec40 brk(0x55555579f000) = 0x55555579f000 mprotect(0x7f5133dbe000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f5133dc44cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5133ccd000 mprotect(0x7f5133cce000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7f5133ced3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3615], tls=0x7f5133ced700, child_tidptr=0x7f5133ced9d0) = 3615 futex(0x7f5133dc44c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7f5133dc44cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000}./strace-static-x86_64: Process 3615 attached [pid 3615] set_robust_list(0x7f5133ced9e0, 24) = 0 [pid 3615] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3615] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f5133cec2d0) = 0 [pid 3615] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f5133cec2d0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f5133cec2d0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f5133ceb2c0) = 18 syzkaller login: [ 50.055029][ T143] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f5133cec2d0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f5133ceb2c0) = 18 [ 50.294973][ T143] usb 1-1: Using ep0 maxpacket: 16 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f5133cec2d0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f5133ceb2c0) = 9 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f5133cec2d0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f5133ceb2c0) = 27 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f5133cec2d0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f5133ceb2c0) = 4 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f5133cec2d0) = 0 [ 50.416119][ T143] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 120, changing to 10 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f5133ceb2c0) = 8 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f5133cec2d0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f5133ceb2c0) = 8 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f5133cec2d0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f5133ceb2c0) = 8 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f5133cec2d0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f5133dc460c) = 6 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f5133ceb2c0) = 0 [ 50.595420][ T143] usb 1-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice=80.f3 [ 50.604768][ T143] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 50.612876][ T143] usb 1-1: Product: syz [ 50.617166][ T143] usb 1-1: Manufacturer: syz [ 50.621776][ T143] usb 1-1: SerialNumber: syz [ 50.629295][ T143] usb 1-1: config 0 descriptor?? [ 50.669496][ T143] input: iMON Panel, Knob and Mouse(15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [pid 3615] futex(0x7f5133dc44cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = 0 [pid 3615] <... futex resumed>) = 1 [pid 3614] futex(0x7f5133dc44c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f5133cec2f0) = 0 [pid 3614] <... futex resumed>) = 0 [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3614] futex(0x7f5133dc44cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3615] <... ioctl resumed>, 0x7f5133ceb2e0) = 8 [ 50.954938][ T143] rc_core: IR keymap rc-imon-pad not found [ 50.960764][ T143] Registered IR keymap rc-empty [ 50.965735][ T143] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 50.976140][ T143] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [pid 3615] futex(0x7f5133dc44cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = 0 [pid 3615] <... futex resumed>) = 1 [pid 3614] futex(0x7f5133dc44c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3614] <... futex resumed>) = 0 [pid 3615] <... ioctl resumed>, 0x7f5133cec2f0) = 0 [pid 3614] futex(0x7f5133dc44cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3615] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f5133ceb2e0) = 8 [ 51.126001][ T143] rc rc0: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 51.137181][ T143] input: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 51.153193][ T143] imon 1-1:0.0: iMON device (15c2:0040, intf0) on usb<1:2> initialized [pid 3615] futex(0x7f5133dc44cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = 0 [pid 3615] <... futex resumed>) = 1 [pid 3614] futex(0x7f5133dc44c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3615] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR [pid 3614] <... futex resumed>) = 0 [pid 3614] futex(0x7f5133dc44cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3615] <... openat resumed>) = 4 [pid 3615] futex(0x7f5133dc44cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3615] futex(0x7f5133dc44c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3614] <... futex resumed>) = 0 [pid 3614] futex(0x7f5133dc44c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3615] <... futex resumed>) = 0 [pid 3614] futex(0x7f5133dc44cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3615] write(4, "V", 1 [pid 3614] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3614] futex(0x7f5133dc44dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5133cac000 [pid 3614] mprotect(0x7f5133cad000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3614] clone(child_stack=0x7f5133ccc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3621 attached [pid 3621] set_robust_list(0x7f5133ccc9e0, 24) = 0 [pid 3621] futex(0x7f5133dc44d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3614] <... clone resumed>, parent_tid=[3621], tls=0x7f5133ccc700, child_tidptr=0x7f5133ccc9d0) = 3621 [pid 3614] futex(0x7f5133dc44d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3614] futex(0x7f5133dc44dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... futex resumed>) = 0 [pid 3621] write(4, "V", 1 [pid 3614] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 51.364360][ T3621] ------------[ cut here ]------------ [ 51.370057][ T3621] URB ffff888016985200 submitted while active [ 51.376619][ T3621] WARNING: CPU: 0 PID: 3621 at drivers/usb/core/urb.c:378 usb_submit_urb+0x14e2/0x18a0 [ 51.386341][ T3621] Modules linked in: [ 51.390243][ T3621] CPU: 0 PID: 3621 Comm: syz-executor844 Not tainted 5.19.0-rc4-syzkaller-00044-g1a0e93df1e10 #0 [ 51.400847][ T3621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2022 [ 51.410959][ T3621] RIP: 0010:usb_submit_urb+0x14e2/0x18a0 [ 51.417101][ T3621] Code: 89 de e8 01 bf ee fb 84 db 0f 85 a9 f3 ff ff e8 f4 c2 ee fb 4c 89 fe 48 c7 c7 80 ef 6e 8a c6 05 d1 14 1b 08 01 e8 1d 8b a6 03 <0f> 0b e9 87 f3 ff ff 41 be ed ff ff ff e9 7c f3 ff ff e8 c7 c2 ee [ 51.437087][ T3621] RSP: 0018:ffffc90002f8fd40 EFLAGS: 00010282 [ 51.443184][ T3621] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 51.451576][ T3621] RDX: ffff88801dd08000 RSI: ffffffff8160cfb8 RDI: fffff520005f1f9a [ 51.459739][ T3621] RBP: ffff8880214eba00 R08: 0000000000000005 R09: 0000000000000000 [ 51.467923][ T3621] R10: 0000000080000000 R11: 0000000000000001 R12: ffff888016985200 [ 51.476133][ T3621] R13: ffff88801722a128 R14: 00000000fffffff0 R15: ffff888016985200 [ 51.484419][ T3621] FS: 00007f5133ccc700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 51.493720][ T3621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.500342][ T3621] CR2: 00007f5133ccc718 CR3: 0000000070f6b000 CR4: 00000000003506e0 [ 51.508531][ T3621] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.516556][ T3621] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.524538][ T3621] Call Trace: [ 51.527879][ T3621] [ 51.530817][ T3621] ? rcu_read_lock_sched_held+0x3a/0x70 [ 51.536465][ T3621] ? trace_kmalloc+0x32/0xf0 [ 51.541082][ T3621] send_packet+0x422/0xbc0 [ 51.545572][ T3621] vfd_write+0x2d9/0x550 [ 51.549859][ T3621] ? send_packet+0xbc0/0xbc0 [ 51.554469][ T3621] vfs_write+0x269/0xac0 [ 51.558769][ T3621] ksys_write+0x127/0x250 [pid 3614] exit_group(0) = ? [ 51.563119][ T3621] ? __ia32_sys_read+0xb0/0xb0 [ 51.567942][ T3621] ? lockdep_hardirqs_on+0x79/0x100 [ 51.573212][ T3621] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.578471][ T3621] ? ptrace_notify+0xfa/0x140 [ 51.583420][ T3621] do_syscall_64+0x35/0xb0 [ 51.588443][ T3621] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.588557][ T3615] imon:send_packet: task interrupted [ 51.594348][ T3621] RIP: 0033:0x7f5133d400b9 [ 51.604110][ T3621] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 51.623821][ T3621] RSP: 002b:00007f5133ccc318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.632295][ T3621] RAX: ffffffffffffffda RBX: 00007f5133dc44d8 RCX: 00007f5133d400b9 [ 51.640335][ T3621] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000004 [ 51.648337][ T3621] RBP: 00007f5133dc44d0 R08: 0000000000000000 R09: 0000000000000000 [ 51.656360][ T3621] R10: 00007f5133ccc700 R11: 0000000000000246 R12: ab0847687fc4f2a2 [ 51.664402][ T3621] R13: 00007ffe90898ecf R14: 00007f5133ccc400 R15: 0000000000022000 [ 51.672438][ T3621] [ 51.675601][ T3621] Kernel panic - not syncing: panic_on_warn set ... [ 51.682172][ T3621] CPU: 1 PID: 3621 Comm: syz-executor844 Not tainted 5.19.0-rc4-syzkaller-00044-g1a0e93df1e10 #0 [ 51.692657][ T3621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2022 [ 51.702703][ T3621] Call Trace: [ 51.705972][ T3621] [ 51.708894][ T3621] dump_stack_lvl+0xcd/0x134 [ 51.713480][ T3621] panic+0x2d7/0x636 [ 51.717365][ T3621] ? panic_print_sys_info.part.0+0x10b/0x10b [ 51.723515][ T3621] ? __warn.cold+0x1d1/0x2c5 [ 51.728095][ T3621] ? usb_submit_urb+0x14e2/0x18a0 [ 51.733119][ T3621] __warn.cold+0x1e2/0x2c5 [ 51.737533][ T3621] ? __wake_up_klogd.part.0+0x99/0xf0 [ 51.742925][ T3621] ? usb_submit_urb+0x14e2/0x18a0 [ 51.747967][ T3621] report_bug+0x1bc/0x210 [ 51.752330][ T3621] handle_bug+0x3c/0x60 [ 51.756505][ T3621] exc_invalid_op+0x14/0x40 [ 51.761026][ T3621] asm_exc_invalid_op+0x1b/0x20 [ 51.766016][ T3621] RIP: 0010:usb_submit_urb+0x14e2/0x18a0 [ 51.771666][ T3621] Code: 89 de e8 01 bf ee fb 84 db 0f 85 a9 f3 ff ff e8 f4 c2 ee fb 4c 89 fe 48 c7 c7 80 ef 6e 8a c6 05 d1 14 1b 08 01 e8 1d 8b a6 03 <0f> 0b e9 87 f3 ff ff 41 be ed ff ff ff e9 7c f3 ff ff e8 c7 c2 ee [ 51.791291][ T3621] RSP: 0018:ffffc90002f8fd40 EFLAGS: 00010282 [ 51.797368][ T3621] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 51.805351][ T3621] RDX: ffff88801dd08000 RSI: ffffffff8160cfb8 RDI: fffff520005f1f9a [ 51.813332][ T3621] RBP: ffff8880214eba00 R08: 0000000000000005 R09: 0000000000000000 [ 51.821309][ T3621] R10: 0000000080000000 R11: 0000000000000001 R12: ffff888016985200 [ 51.829287][ T3621] R13: ffff88801722a128 R14: 00000000fffffff0 R15: ffff888016985200 [ 51.837289][ T3621] ? vprintk+0x88/0x90 [ 51.841375][ T3621] ? rcu_read_lock_sched_held+0x3a/0x70 [ 51.846969][ T3621] ? trace_kmalloc+0x32/0xf0 [ 51.851578][ T3621] send_packet+0x422/0xbc0 [ 51.856022][ T3621] vfd_write+0x2d9/0x550 [ 51.860280][ T3621] ? send_packet+0xbc0/0xbc0 [ 51.864893][ T3621] vfs_write+0x269/0xac0 [ 51.869156][ T3621] ksys_write+0x127/0x250 [ 51.873503][ T3621] ? __ia32_sys_read+0xb0/0xb0 [ 51.878280][ T3621] ? lockdep_hardirqs_on+0x79/0x100 [ 51.883489][ T3621] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.888702][ T3621] ? ptrace_notify+0xfa/0x140 [ 51.893396][ T3621] do_syscall_64+0x35/0xb0 [ 51.897915][ T3621] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.903824][ T3621] RIP: 0033:0x7f5133d400b9 [ 51.908255][ T3621] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 51.927872][ T3621] RSP: 002b:00007f5133ccc318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.936309][ T3621] RAX: ffffffffffffffda RBX: 00007f5133dc44d8 RCX: 00007f5133d400b9 [ 51.944305][ T3621] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000004 [ 51.952307][ T3621] RBP: 00007f5133dc44d0 R08: 0000000000000000 R09: 0000000000000000 [ 51.960290][ T3621] R10: 00007f5133ccc700 R11: 0000000000000246 R12: ab0847687fc4f2a2 [ 51.968275][ T3621] R13: 00007ffe90898ecf R14: 00007f5133ccc400 R15: 0000000000022000 [ 51.976278][ T3621] [ 51.979599][ T3621] Kernel Offset: disabled [ 51.983996][ T3621] Rebooting in 86400 seconds..