./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2956314858 <...> DUID 00:04:83:15:3d:b3:f9:44:11:d6:e6:e1:d9:1f:49:4d:f4:66 forked to background, child pid 3187 [ 25.831733][ T3188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.841487][ T3188] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. execve("./syz-executor2956314858", ["./syz-executor2956314858"], 0x7ffe790d2430 /* 10 vars */) = 0 brk(NULL) = 0x55555700d000 brk(0x55555700dc40) = 0x55555700dc40 arch_prctl(ARCH_SET_FS, 0x55555700d300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2956314858", 4096) = 28 brk(0x55555702ec40) = 0x55555702ec40 brk(0x55555702f000) = 0x55555702f000 mprotect(0x7fdf237a0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3609 attached , child_tidptr=0x55555700d5d0) = 3609 [pid 3609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3609] setpgid(0, 0) = 0 [pid 3609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3609] write(3, "1000", 4) = 4 [pid 3609] close(3) = 0 [pid 3609] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3609] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcd7c7c130) = 0 [pid 3609] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcd7c7c130) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcd7c7c130) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcd7c7b120) = 18 syzkaller login: [ 43.147586][ T2992] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcd7c7c130) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcd7c7b120) = 18 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcd7c7c130) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcd7c7b120) = 9 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcd7c7c130) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcd7c7b120) = 36 [ 43.507809][ T2992] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 50183, setting to 1024 [ 43.519299][ T2992] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1024 [ 43.529477][ T2992] usb 1-1: New USB device found, idVendor=05ac, idProduct=0253, bcdDevice= 0.40 [ 43.538587][ T2992] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcd7c7c130) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 43.555569][ T2992] usb 1-1: config 0 descriptor?? [pid 3609] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fdf237a646c) = -1 EINVAL (Invalid argument) [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcd7c7b120) = 0 [ 43.580189][ T3609] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 43.610276][ T2992] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcd7c7c150) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcd7c7b140) = 8 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcd7c7c150) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcd7c7b140) = 8 [ 44.037640][ T2961] ------------[ cut here ]------------ [ 44.043262][ T2961] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 44.049719][ T2961] WARNING: CPU: 0 PID: 2961 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 [ 44.059515][ T2961] Modules linked in: [ 44.063432][ T2961] CPU: 0 PID: 2961 Comm: acpid Not tainted 5.19.0-rc6-syzkaller-00364-g9b59ec8d50a1 #0 [ 44.073275][ T2961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 44.083586][ T2961] RIP: 0010:usb_submit_urb+0xed2/0x18a0 [ 44.089444][ T2961] Code: 7c 24 18 e8 30 b8 ee fb 48 8b 7c 24 18 e8 46 d3 03 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 e0 02 6f 8a e8 d8 ca a6 03 <0f> 0b e9 58 f8 ff ff e8 02 b8 ee fb 48 81 c5 c0 05 00 00 e9 84 f7 [ 44.109461][ T2961] RSP: 0018:ffffc90002d1f818 EFLAGS: 00010282 [ 44.115577][ T2961] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 44.123822][ T2961] RDX: ffff88807e631d80 RSI: ffffffff8160d168 RDI: fffff520005a3ef5 [ 44.132151][ T2961] RBP: ffff88801f5d0200 R08: 0000000000000005 R09: 0000000000000000 [ 44.140324][ T2961] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000001 [ 44.148544][ T2961] R13: ffff88801e35adc0 R14: 0000000000000002 R15: ffff888016991f00 [ 44.156533][ T2961] FS: 00007fcf16685740(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 44.165663][ T2961] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.172421][ T2961] CR2: 00007fdf237a4130 CR3: 000000001ca64000 CR4: 00000000003506f0 [ 44.180764][ T2961] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.188889][ T2961] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.196889][ T2961] Call Trace: [ 44.200343][ T2961] [ 44.203290][ T2961] bcm5974_start_traffic+0xbd/0x170 [ 44.208672][ T2961] bcm5974_open+0x9f/0x160 [ 44.213113][ T2961] input_open_device+0x1bb/0x320 [ 44.218271][ T2961] ? bcm5974_resume+0xc0/0xc0 [ 44.222976][ T2961] mousedev_open_device+0xdc/0x140 [ 44.228337][ T2961] mousedev_open+0x2f8/0x580 [ 44.233036][ T2961] ? mousedev_event+0x1350/0x1350 [pid 3609] exit_group(0) = ? [pid 3609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3609, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555700d5d0) = 3613 ./strace-static-x86_64: Process 3613 attached [pid 3613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3613] setpgid(0, 0) = 0 [pid 3613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3613] write(3, "1000", 4) = 4 [pid 3613] close(3) = 0 [pid 3613] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3613] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcd7c7c130) = 0 [pid 3613] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3613] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcd7c7c130) = 0 [ 44.238245][ T2961] chrdev_open+0x266/0x770 [ 44.244826][ T2961] ? cdev_device_add+0x220/0x220 [ 44.252662][ T2961] ? fsnotify_perm.part.0+0x221/0x610 [ 44.259862][ T2961] do_dentry_open+0x4a1/0x11f0 [ 44.264883][ T2961] ? cdev_device_add+0x220/0x220 [ 44.270012][ T2961] ? may_open+0x1f6/0x420 [ 44.278281][ T2961] path_openat+0x1c71/0x2910 [ 44.282915][ T2961] ? path_lookupat+0x860/0x860 [ 44.287889][ T2961] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 44.293907][ T2961] do_filp_open+0x1aa/0x400 [ 44.298559][ T2961] ? may_open_dev+0xf0/0xf0 [ 44.303093][ T2961] ? rwlock_bug.part.0+0x90/0x90 [ 44.308126][ T2961] ? _find_next_bit+0x1e3/0x260 [ 44.313000][ T2961] ? _raw_spin_unlock+0x24/0x40 [ 44.318307][ T2961] ? alloc_fd+0x2f0/0x670 [ 44.322661][ T2961] do_sys_openat2+0x16d/0x4c0 [ 44.327424][ T2961] ? find_held_lock+0x2d/0x110 [ 44.332295][ T2961] ? build_open_flags+0x6f0/0x6f0 [ 44.337357][ T2961] ? lock_downgrade+0x6e0/0x6e0 [ 44.342347][ T2961] __x64_sys_openat+0x13f/0x1f0 [ 44.347217][ T2961] ? __ia32_sys_open+0x1c0/0x1c0 [ 44.352226][ T2961] ? syscall_enter_from_user_mode+0x21/0x70 [ 44.358166][ T2961] ? syscall_enter_from_user_mode+0x21/0x70 [ 44.364073][ T2961] do_syscall_64+0x35/0xb0 [ 44.368592][ T2961] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.374501][ T2961] RIP: 0033:0x7fcf1676d697 [ 44.378976][ T2961] Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f [ 44.398794][ T2961] RSP: 002b:00007ffce7b979a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 44.407322][ T2961] RAX: ffffffffffffffda RBX: 00007ffce7b97c88 RCX: 00007fcf1676d697 [ 44.415365][ T2961] RDX: 0000000000080800 RSI: 00007ffce7b97b88 RDI: 00000000ffffff9c [ 44.423402][ T2961] RBP: 00007ffce7b97b88 R08: 00007ffce7b97c9c R09: 00007ffce7b97b88 [ 44.431424][ T2961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080800 [ 44.439473][ T2961] R13: 00007ffce7b97c88 R14: 0000000000000020 R15: 0000000000000000 [ 44.447534][ T2961] [ 44.450561][ T2961] Kernel panic - not syncing: panic_on_warn set ... [ 44.457326][ T2961] CPU: 0 PID: 2961 Comm: acpid Not tainted 5.19.0-rc6-syzkaller-00364-g9b59ec8d50a1 #0 [ 44.466951][ T2961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 44.477028][ T2961] Call Trace: [ 44.480413][ T2961] [ 44.483358][ T2961] dump_stack_lvl+0xcd/0x134 [ 44.487945][ T2961] panic+0x2d7/0x636 [ 44.491843][ T2961] ? panic_print_sys_info.part.0+0x10b/0x10b [ 44.497824][ T2961] ? __warn.cold+0x1d1/0x2c5 [ 44.502410][ T2961] ? usb_submit_urb+0xed2/0x18a0 [ 44.507351][ T2961] __warn.cold+0x1e2/0x2c5 [ 44.511789][ T2961] ? usb_submit_urb+0xed2/0x18a0 [ 44.516742][ T2961] report_bug+0x1bc/0x210 [ 44.521070][ T2961] handle_bug+0x3c/0x60 [ 44.525222][ T2961] exc_invalid_op+0x14/0x40 [ 44.529712][ T2961] asm_exc_invalid_op+0x16/0x20 [ 44.534555][ T2961] RIP: 0010:usb_submit_urb+0xed2/0x18a0 [ 44.540091][ T2961] Code: 7c 24 18 e8 30 b8 ee fb 48 8b 7c 24 18 e8 46 d3 03 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 e0 02 6f 8a e8 d8 ca a6 03 <0f> 0b e9 58 f8 ff ff e8 02 b8 ee fb 48 81 c5 c0 05 00 00 e9 84 f7 [ 44.559697][ T2961] RSP: 0018:ffffc90002d1f818 EFLAGS: 00010282 [ 44.565767][ T2961] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 44.573740][ T2961] RDX: ffff88807e631d80 RSI: ffffffff8160d168 RDI: fffff520005a3ef5 [ 44.581714][ T2961] RBP: ffff88801f5d0200 R08: 0000000000000005 R09: 0000000000000000 [ 44.589687][ T2961] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000001 [ 44.597657][ T2961] R13: ffff88801e35adc0 R14: 0000000000000002 R15: ffff888016991f00 [ 44.605637][ T2961] ? vprintk+0x88/0x90 [ 44.609718][ T2961] ? usb_submit_urb+0xed2/0x18a0 [ 44.614675][ T2961] bcm5974_start_traffic+0xbd/0x170 [ 44.619932][ T2961] bcm5974_open+0x9f/0x160 [ 44.624355][ T2961] input_open_device+0x1bb/0x320 [ 44.629298][ T2961] ? bcm5974_resume+0xc0/0xc0 [ 44.633984][ T2961] mousedev_open_device+0xdc/0x140 [ 44.639102][ T2961] mousedev_open+0x2f8/0x580 [ 44.643698][ T2961] ? mousedev_event+0x1350/0x1350 [ 44.648723][ T2961] chrdev_open+0x266/0x770 [ 44.653145][ T2961] ? cdev_device_add+0x220/0x220 [ 44.658084][ T2961] ? fsnotify_perm.part.0+0x221/0x610 [ 44.663470][ T2961] do_dentry_open+0x4a1/0x11f0 [ 44.668238][ T2961] ? cdev_device_add+0x220/0x220 [ 44.673193][ T2961] ? may_open+0x1f6/0x420 [ 44.677524][ T2961] path_openat+0x1c71/0x2910 [ 44.682134][ T2961] ? path_lookupat+0x860/0x860 [ 44.686898][ T2961] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 44.692897][ T2961] do_filp_open+0x1aa/0x400 [ 44.697404][ T2961] ? may_open_dev+0xf0/0xf0 [ 44.701920][ T2961] ? rwlock_bug.part.0+0x90/0x90 [ 44.706867][ T2961] ? _find_next_bit+0x1e3/0x260 [ 44.711739][ T2961] ? _raw_spin_unlock+0x24/0x40 [ 44.716595][ T2961] ? alloc_fd+0x2f0/0x670 [ 44.720939][ T2961] do_sys_openat2+0x16d/0x4c0 [ 44.725618][ T2961] ? find_held_lock+0x2d/0x110 [ 44.730399][ T2961] ? build_open_flags+0x6f0/0x6f0 [ 44.735429][ T2961] ? lock_downgrade+0x6e0/0x6e0 [ 44.740293][ T2961] __x64_sys_openat+0x13f/0x1f0 [ 44.745145][ T2961] ? __ia32_sys_open+0x1c0/0x1c0 [ 44.750091][ T2961] ? syscall_enter_from_user_mode+0x21/0x70 [ 44.756007][ T2961] ? syscall_enter_from_user_mode+0x21/0x70 [ 44.761909][ T2961] do_syscall_64+0x35/0xb0 [ 44.766328][ T2961] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.772226][ T2961] RIP: 0033:0x7fcf1676d697 [ 44.776638][ T2961] Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f [ 44.796247][ T2961] RSP: 002b:00007ffce7b979a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 44.804662][ T2961] RAX: ffffffffffffffda RBX: 00007ffce7b97c88 RCX: 00007fcf1676d697 [ 44.812636][ T2961] RDX: 0000000000080800 RSI: 00007ffce7b97b88 RDI: 00000000ffffff9c [ 44.820605][ T2961] RBP: 00007ffce7b97b88 R08: 00007ffce7b97c9c R09: 00007ffce7b97b88 [ 44.828591][ T2961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080800 [ 44.836558][ T2961] R13: 00007ffce7b97c88 R14: 0000000000000020 R15: 0000000000000000 [ 44.844545][ T2961] [ 44.847830][ T2961] Kernel Offset: disabled [ 44.852223][ T2961] Rebooting in 86400 seconds..