./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4290116952

<...>
Warning: Permanently added '10.128.1.78' (ED25519) to the list of known hosts.
execve("./syz-executor4290116952", ["./syz-executor4290116952"], 0x7ffc31439240 /* 10 vars */) = 0
brk(NULL)                               = 0x555575d18000
brk(0x555575d18d00)                     = 0x555575d18d00
arch_prctl(ARCH_SET_FS, 0x555575d18380) = 0
set_tid_address(0x555575d18650)         = 282
set_robust_list(0x555575d18660, 24)     = 0
rseq(0x555575d18ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor4290116952", 4096) = 28
getrandom("\xee\xc0\xd1\xfe\xd2\xd1\xf0\x4a", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555575d18d00
brk(0x555575d39d00)                     = 0x555575d39d00
brk(0x555575d3a000)                     = 0x555575d3a000
mprotect(0x7f0fa2dbe000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
write(1, "executing program\n", 18executing program
)     = 18
openat(AT_FDCWD, "/dev/usbmon0", O_RDONLY|O_APPEND) = 3
openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 4
ioctl(4, USB_RAW_IOCTL_INIT, 0x7ffe9fc65760) = 0
ioctl(4, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe9fc65760) = 0
[   30.550377][   T24] audit: type=1400 audit(1755507115.230:64): avc:  denied  { execmem } for  pid=282 comm="syz-executor429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   30.572066][   T24] audit: type=1400 audit(1755507115.250:65): avc:  denied  { read append } for  pid=282 comm="syz-executor429" name="usbmon0" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   30.598254][   T24] audit: type=1400 audit(1755507115.250:66): avc:  denied  { open } for  pid=282 comm="syz-executor429" path="/dev/usbmon0" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   30.624787][   T24] audit: type=1400 audit(1755507115.250:67): avc:  denied  { read write } for  pid=282 comm="syz-executor429" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   30.648815][   T24] audit: type=1400 audit(1755507115.250:68): avc:  denied  { open } for  pid=282 comm="syz-executor429" path="/dev/raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   30.673394][   T24] audit: type=1400 audit(1755507115.250:69): avc:  denied  { ioctl } for  pid=282 comm="syz-executor429" path="/dev/raw-gadget" dev="devtmpfs" ino=253 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe9fc65760) = 0
ioctl(4, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe9fc64750) = 18
[   30.852026][   T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd
ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe9fc65760) = 0
ioctl(4, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe9fc64750) = 18
ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe9fc65760) = 0
[   31.091998][   T25] usb 1-1: Using ep0 maxpacket: 16
ioctl(4, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe9fc64750) = 9
ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe9fc65760) = 0
ioctl(4, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe9fc64750) = 36
[   31.212593][   T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   31.224103][   T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   31.234322][   T25] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   31.248734][   T25] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe9fc65760) = 0
ioctl(4, USB_RAW_IOCTL_VBUS_DRAW, 0)    = 0
ioctl(4, USB_RAW_IOCTL_CONFIGURE, 0)    = 0
ioctl(4, USB_RAW_IOCTL_EP_ENABLE, 0x7f0fa2dc43cc) = -1 EINVAL (Invalid argument)
ioctl(4, USB_RAW_IOCTL_EP0_READ, 0x7ffe9fc64750) = 0
[   31.257925][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   31.269271][   T25] usb 1-1: config 0 descriptor??
ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe9fc65790) = 0
ioctl(4, USB_RAW_IOCTL_EP0_READ, 0x7ffe9fc64780) = 0
ioctl(4, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe9fc65790) = 0
ioctl(4, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe9fc64780) = 34
[   31.753574][   T25] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[   31.761363][   T25] microsoft 0003:045E:07DA.0001: ignoring exceeding usage max
[   31.773218][   T25] ==================================================================
[   31.781899][   T25] BUG: KASAN: slab-out-of-bounds in mon_bin_event+0x1307/0x24e0
[   31.790214][   T25] Read of size 832 at addr ffff8881083f69b1 by task kworker/1:1/25
[   31.798799][   T25] 
[   31.801468][   T25] CPU: 1 PID: 25 Comm: kworker/1:1 Not tainted 5.10.240-syzkaller #0
[   31.809925][   T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   31.820095][   T25] Workqueue: usb_hub_wq hub_event
[   31.825325][   T25] Call Trace:
[   31.828815][   T25]  __dump_stack+0x21/0x24
[   31.834523][   T25]  dump_stack_lvl+0x169/0x1d8
[   31.839431][   T25]  ? show_regs_print_info+0x18/0x18
[   31.844652][   T25]  ? thaw_kernel_threads+0x220/0x220
[   31.849949][   T25]  print_address_description+0x7f/0x2c0
[   31.855615][   T25]  ? mon_bin_event+0x1307/0x24e0
[   31.860901][   T25]  kasan_report+0xe2/0x130
[   31.866000][   T25]  ? mon_bin_event+0x1307/0x24e0
[   31.871127][   T25]  ? mon_bin_event+0x1307/0x24e0
[   31.876542][   T25]  kasan_check_range+0x280/0x290
[   31.881847][   T25]  memcpy+0x2d/0x70
[   31.886283][   T25]  mon_bin_event+0x1307/0x24e0
[   31.891049][   T25]  ? mon_bin_complete+0x30/0x30
[   31.896266][   T25]  ? __kasan_kmalloc+0xec/0x110
[   31.901296][   T25]  ? __kasan_kmalloc+0xda/0x110
[   31.906706][   T25]  ? __kmalloc+0x1a7/0x330
[   31.911676][   T25]  ? mon_bin_vma_fault+0x1e0/0x1e0
[   31.916912][   T25]  mon_bin_submit+0x27/0x30
[   31.921425][   T25]  mon_submit+0x185/0x200
[   31.925975][   T25]  usb_hcd_submit_urb+0x117/0x1780
[   31.931199][   T25]  ? really_probe+0x3d8/0xa90
[   31.935979][   T25]  ? bus_for_each_drv+0x175/0x200
[   31.941029][   T25]  ? device_initial_probe+0x1a/0x20
[   31.946400][   T25]  ? usb_set_configuration+0x1a47/0x1f80
[   31.952122][   T25]  ? usb_generic_driver_probe+0x91/0x150
[   31.957905][   T25]  usb_submit_urb+0x10eb/0x1620
[   31.963137][   T25]  ? device_add+0x8b4/0xbf0
[   31.967831][   T25]  usb_start_wait_urb+0x117/0x2f0
[   31.972865][   T25]  ? usb_api_blocking_completion+0xb0/0xb0
[   31.978846][   T25]  ? __kasan_check_write+0x14/0x20
[   31.984062][   T25]  usb_control_msg+0x241/0x3f0
[   31.989035][   T25]  ? hid_output_report+0x722/0x7b0
[   31.994599][   T25]  usbhid_raw_request+0x453/0x580
[   31.999966][   T25]  ? usbhid_request+0x60/0x60
[   32.004855][   T25]  __hid_request+0x1d2/0x390
[   32.009564][   T25]  hidinput_connect+0x1d6d/0x2c30
[   32.015478][   T25]  hid_connect+0x458/0xdf0
[   32.020098][   T25]  ? usbhid_start+0x1a3c/0x2450
[   32.025234][   T25]  ? hid_match_id+0x340/0x340
[   32.029917][   T25]  hid_hw_start+0xaa/0x130
[   32.034372][   T25]  ms_probe+0x190/0x460
[   32.038826][   T25]  ? magicmouse_emit_touch+0x10f0/0x10f0
[   32.044666][   T25]  hid_device_probe+0x287/0x380
[   32.050100][   T25]  really_probe+0x386/0xa90
[   32.054627][   T25]  ? __kasan_check_write+0x14/0x20
[   32.060253][   T25]  driver_probe_device+0xe7/0x190
[   32.065429][   T25]  __device_attach_driver+0x282/0x3f0
[   32.071090][   T25]  ? state_synced_show+0x90/0x90
[   32.077183][   T25]  bus_for_each_drv+0x175/0x200
[   32.082295][   T25]  ? __kasan_check_write+0x14/0x20
[   32.087688][   T25]  ? subsys_find_device_by_id+0x350/0x350
[   32.093430][   T25]  __device_attach+0x29a/0x400
[   32.098902][   T25]  ? kfree+0xc0/0x270
[   32.103411][   T25]  ? device_attach+0x20/0x20
[   32.108118][   T25]  ? kobject_uevent_env+0x34d/0x700
[   32.113592][   T25]  device_initial_probe+0x1a/0x20
[   32.119026][   T25]  bus_probe_device+0xc0/0x1e0
[   32.124038][   T25]  device_add+0x8b4/0xbf0
[   32.128588][   T25]  hid_add_device+0x356/0x4b0
[   32.134145][   T25]  usbhid_probe+0xb2e/0xee0
[   32.139304][   T25]  usb_probe_interface+0x5ff/0xae0
[   32.145801][   T25]  really_probe+0x3d8/0xa90
[   32.150586][   T25]  ? __kasan_check_write+0x14/0x20
[   32.156180][   T25]  driver_probe_device+0xe7/0x190
[   32.161406][   T25]  __device_attach_driver+0x282/0x3f0
[   32.166972][   T25]  ? state_synced_show+0x90/0x90
[   32.172485][   T25]  bus_for_each_drv+0x175/0x200
[   32.177747][   T25]  ? __kasan_check_write+0x14/0x20
[   32.183601][   T25]  ? subsys_find_device_by_id+0x350/0x350
[   32.189552][   T25]  __device_attach+0x29a/0x400
[   32.194568][   T25]  ? device_attach+0x20/0x20
[   32.199189][   T25]  device_initial_probe+0x1a/0x20
[   32.204378][   T25]  bus_probe_device+0xc0/0x1e0
[   32.209228][   T25]  device_add+0x8b4/0xbf0
[   32.213653][   T25]  usb_set_configuration+0x1a47/0x1f80
[   32.219137][   T25]  usb_generic_driver_probe+0x91/0x150
[   32.224634][   T25]  usb_probe_device+0x148/0x260
[   32.229644][   T25]  really_probe+0x3d8/0xa90
[   32.234250][   T25]  ? __kasan_check_write+0x14/0x20
[   32.239627][   T25]  driver_probe_device+0xe7/0x190
[   32.244847][   T25]  __device_attach_driver+0x282/0x3f0
[   32.250962][   T25]  ? state_synced_show+0x90/0x90
[   32.255915][   T25]  bus_for_each_drv+0x175/0x200
[   32.260894][   T25]  ? __kasan_check_write+0x14/0x20
[   32.266034][   T25]  ? subsys_find_device_by_id+0x350/0x350
[   32.272106][   T25]  __device_attach+0x29a/0x400
[   32.276873][   T25]  ? device_attach+0x20/0x20
[   32.282066][   T25]  ? kobject_uevent_env+0x34d/0x700
[   32.287649][   T25]  device_initial_probe+0x1a/0x20
[   32.293127][   T25]  bus_probe_device+0xc0/0x1e0
[   32.298382][   T25]  device_add+0x8b4/0xbf0
[   32.302897][   T25]  usb_new_device+0xcd1/0x1450
[   32.307757][   T25]  ? wq_worker_last_func+0x50/0x50
[   32.312896][   T25]  ? usb_disconnect+0x850/0x850
[   32.318174][   T25]  hub_event+0x2679/0x4120
[   32.322935][   T25]  ? __kasan_check_write+0x14/0x20
[   32.328784][   T25]  ? led_work+0x5f0/0x5f0
[   32.333511][   T25]  ? __kasan_check_write+0x14/0x20
[   32.339072][   T25]  ? _raw_spin_lock_irq+0x8f/0xe0
[   32.344193][   T25]  ? __kasan_check_read+0x11/0x20
[   32.349504][   T25]  ? read_word_at_a_time+0x12/0x20
[   32.354705][   T25]  ? strscpy+0x9b/0x290
[   32.359038][   T25]  process_one_work+0x6e1/0xba0
[   32.363920][   T25]  worker_thread+0xa6a/0x13b0
[   32.368606][   T25]  ? _raw_spin_lock_irqsave+0xb0/0x110
[   32.374332][   T25]  kthread+0x346/0x3d0
[   32.378533][   T25]  ? worker_clr_flags+0x190/0x190
[   32.383728][   T25]  ? kthread_blkcg+0xd0/0xd0
[   32.388594][   T25]  ret_from_fork+0x1f/0x30
[   32.393287][   T25] 
[   32.395792][   T25] Allocated by task 25:
[   32.399953][   T25]  __kasan_kmalloc+0xda/0x110
[   32.404630][   T25]  __kmalloc+0x1a7/0x330
[   32.409143][   T25]  __hid_request+0x9a/0x390
[   32.413847][   T25]  hidinput_connect+0x1d6d/0x2c30
[   32.419183][   T25]  hid_connect+0x458/0xdf0
[   32.424082][   T25]  hid_hw_start+0xaa/0x130
[   32.428720][   T25]  ms_probe+0x190/0x460
[   32.433441][   T25]  hid_device_probe+0x287/0x380
[   32.438579][   T25]  really_probe+0x386/0xa90
[   32.443294][   T25]  driver_probe_device+0xe7/0x190
[   32.448400][   T25]  __device_attach_driver+0x282/0x3f0
[   32.453882][   T25]  bus_for_each_drv+0x175/0x200
[   32.459441][   T25]  __device_attach+0x29a/0x400
[   32.464396][   T25]  device_initial_probe+0x1a/0x20
[   32.469434][   T25]  bus_probe_device+0xc0/0x1e0
[   32.474365][   T25]  device_add+0x8b4/0xbf0
[   32.479088][   T25]  hid_add_device+0x356/0x4b0
[   32.484177][   T25]  usbhid_probe+0xb2e/0xee0
[   32.489059][   T25]  usb_probe_interface+0x5ff/0xae0
[   32.494785][   T25]  really_probe+0x3d8/0xa90
[   32.499854][   T25]  driver_probe_device+0xe7/0x190
[   32.506015][   T25]  __device_attach_driver+0x282/0x3f0
[   32.512182][   T25]  bus_for_each_drv+0x175/0x200
[   32.517451][   T25]  __device_attach+0x29a/0x400
[   32.522667][   T25]  device_initial_probe+0x1a/0x20
[   32.528015][   T25]  bus_probe_device+0xc0/0x1e0
[   32.533323][   T25]  device_add+0x8b4/0xbf0
[   32.538002][   T25]  usb_set_configuration+0x1a47/0x1f80
[   32.543651][   T25]  usb_generic_driver_probe+0x91/0x150
[   32.549738][   T25]  usb_probe_device+0x148/0x260
[   32.554955][   T25]  really_probe+0x3d8/0xa90
[   32.559930][   T25]  driver_probe_device+0xe7/0x190
[   32.565242][   T25]  __device_attach_driver+0x282/0x3f0
[   32.571049][   T25]  bus_for_each_drv+0x175/0x200
[   32.575983][   T25]  __device_attach+0x29a/0x400
[   32.580959][   T25]  device_initial_probe+0x1a/0x20
[   32.586342][   T25]  bus_probe_device+0xc0/0x1e0
[   32.591517][   T25]  device_add+0x8b4/0xbf0
[   32.596195][   T25]  usb_new_device+0xcd1/0x1450
[   32.601316][   T25]  hub_event+0x2679/0x4120
[   32.605735][   T25]  process_one_work+0x6e1/0xba0
[   32.610943][   T25]  worker_thread+0xa6a/0x13b0
[   32.615739][   T25]  kthread+0x346/0x3d0
[   32.619944][   T25]  ret_from_fork+0x1f/0x30
[   32.625330][   T25] 
[   32.628012][   T25] The buggy address belongs to the object at ffff8881083f69b0
[   32.628012][   T25]  which belongs to the cache kmalloc-8 of size 8
[   32.642969][   T25] The buggy address is located 1 bytes inside of
[   32.642969][   T25]  8-byte region [ffff8881083f69b0, ffff8881083f69b8)
[   32.656372][   T25] The buggy address belongs to the page:
[   32.662393][   T25] page:ffffea000420fd80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1083f6
[   32.673607][   T25] flags: 0x4000000000000200(slab)
[   32.680197][   T25] raw: 4000000000000200 ffffea0004001040 0000000200000002 ffff888100043c80
[   32.689398][   T25] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000
[   32.699170][   T25] page dumped because: kasan: bad access detected
[   32.706468][   T25] page_owner tracks the page as allocated
[   32.712656][   T25] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 1423936310, free_ts 0
[   32.729899][   T25]  prep_new_page+0x179/0x180
[   32.735688][   T25]  get_page_from_freelist+0x2235/0x23d0
[   32.742253][   T25]  __alloc_pages_nodemask+0x268/0x5f0
[   32.748066][   T25]  new_slab+0x84/0x3f0
[   32.752762][   T25]  ___slab_alloc+0x2a6/0x450
[   32.757706][   T25]  __slab_alloc+0x63/0xa0
[   32.762248][   T25]  kmem_cache_alloc_trace+0x1b3/0x2e0
[   32.768604][   T25]  add_sysfs_param+0x54f/0x830
[   32.773838][   T25]  kernel_add_sysfs_param+0xb3/0x128
[   32.779543][   T25]  param_sysfs_builtin+0x164/0x1d9
[   32.785592][   T25]  param_sysfs_init+0x6a/0x6f
[   32.790801][   T25]  do_one_initcall+0x187/0x510
[   32.795832][   T25]  do_initcall_level+0x16f/0x2cf
[   32.801128][   T25]  do_initcalls+0x50/0x92
[   32.805745][   T25]  do_basic_setup+0x88/0x8f
[   32.810516][   T25]  kernel_init_freeable+0x287/0x3be
[   32.816114][   T25] page_owner free stack trace missing
[   32.821801][   T25] 
[   32.825492][   T25] Memory state around the buggy address:
[   32.831632][   T25]  ffff8881083f6880: fc fc fc fb fc fc fc fc 00 fc fc fc fc fb fc fc
[   32.840064][   T25]  ffff8881083f6900: fc fc 00 fc fc fc fc 00 fc fc fc fc 00 fc fc fc
[   32.848754][   T25] >ffff8881083f6980: fc fb fc fc fc fc 07 fc fc fc fc 00 fc fc fc fc
exit_group(0)                           = ?
+++ exited with 0 +++
[   32.85