./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3951113196 <...> Warning: Permanently added '10.128.10.12' (ED25519) to the list of known hosts. execve("./syz-executor3951113196", ["./syz-executor3951113196"], 0x7ffd62beabd0 /* 10 vars */) = 0 brk(NULL) = 0x555579748000 brk(0x555579748d00) = 0x555579748d00 arch_prctl(ARCH_SET_FS, 0x555579748380) = 0 set_tid_address(0x555579748650) = 5828 set_robust_list(0x555579748660, 24) = 0 rseq(0x555579748ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3951113196", 4096) = 28 getrandom("\x19\x12\xb0\xd8\x10\x42\xb8\xfa", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555579748d00 brk(0x555579769d00) = 0x555579769d00 brk(0x55557976a000) = 0x55557976a000 mprotect(0x7fef68246000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached , child_tidptr=0x555579748650) = 5829 [pid 5829] set_robust_list(0x555579748660, 24) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5831 attached ./strace-static-x86_64: Process 5830 attached [pid 5830] set_robust_list(0x555579748660, 24) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x555579748650) = 5830 [pid 5831] set_robust_list(0x555579748660, 24 [pid 5829] <... clone resumed>, child_tidptr=0x555579748650) = 5831 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... set_robust_list resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5832 attached ) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x555579748650) = 5832 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] set_robust_list(0x555579748660, 24 [pid 5831] setpgid(0, 0./strace-static-x86_64: Process 5833 attached [pid 5832] <... set_robust_list resumed>) = 0 [pid 5831] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 5834 attached [pid 5833] set_robust_list(0x555579748660, 24 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... clone resumed>, child_tidptr=0x555579748650) = 5833 ./strace-static-x86_64: Process 5835 attached [pid 5834] set_robust_list(0x555579748660, 24 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5830] <... clone resumed>, child_tidptr=0x555579748650) = 5834 [pid 5834] <... set_robust_list resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x555579748650) = 5835 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5835] set_robust_list(0x555579748660, 24 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] write(3, "1000", 4 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5834] <... prctl resumed>) = 0 [pid 5831] <... write resumed>) = 4 ./strace-static-x86_64: Process 5836 attached [pid 5836] set_robust_list(0x555579748660, 24) = 0 ./strace-static-x86_64: Process 5837 attached [pid 5836] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] setpgid(0, 0 [pid 5831] close(3executing program [pid 5835] <... prctl resumed>) = 0 [pid 5834] <... setpgid resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x555579748650) = 5836 [pid 5837] set_robust_list(0x555579748660, 24 [pid 5835] setpgid(0, 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] <... clone resumed>, child_tidptr=0x555579748650) = 5837 [pid 5831] write(1, "executing program\n", 18 [pid 5835] <... setpgid resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5831] <... write resumed>) = 18 ./strace-static-x86_64: Process 5838 attached [pid 5837] <... set_robust_list resumed>) = 0 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] set_robust_list(0x555579748660, 24 [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5838] <... set_robust_list resumed>) = 0 [pid 5837] <... prctl resumed>) = 0 [pid 5836] <... clone resumed>, child_tidptr=0x555579748650) = 5838 [pid 5834] write(3, "1000", 4 [pid 5831] <... openat resumed>) = 3 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... write resumed>) = 4 [pid 5837] setpgid(0, 0 [pid 5834] close(3 [pid 5837] <... setpgid resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5838] <... prctl resumed>) = 0 executing program [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] write(1, "executing program\n", 18 [pid 5831] ioctl(3, USB_RAW_IOCTL_INIT [pid 5838] setpgid(0, 0 [pid 5835] <... openat resumed>) = 3 [pid 5834] <... write resumed>) = 18 [pid 5837] <... openat resumed>) = 3 [pid 5838] <... setpgid resumed>) = 0 [pid 5837] write(3, "1000", 4 [pid 5835] write(3, "1000", 4 [pid 5834] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5837] <... write resumed>) = 4 [pid 5835] <... write resumed>) = 4 [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] close(3 [pid 5835] close(3 [pid 5834] <... openat resumed>) = 3 [pid 5831] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5838] <... openat resumed>) = 3 [pid 5837] <... close resumed>) = 0 executing program [pid 5835] <... close resumed>) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_INIT [pid 5837] write(1, "executing program\n", 18 [pid 5838] write(3, "1000", 4 [pid 5837] <... write resumed>) = 18 executing program [pid 5835] write(1, "executing program\n", 18 [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] <... write resumed>) = 4 [pid 5837] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5835] <... write resumed>) = 18 [pid 5834] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5835] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWRexecuting program [pid 5838] close(3 [pid 5837] <... openat resumed>) = 3 [pid 5835] <... openat resumed>) = 3 [pid 5834] <... ioctl resumed>, 0) = 0 [pid 5831] <... ioctl resumed>, 0) = 0 [pid 5838] <... close resumed>) = 0 [pid 5838] write(1, "executing program\n", 18) = 18 [pid 5838] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5837] ioctl(3, USB_RAW_IOCTL_INIT [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] <... openat resumed>) = 3 [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_INIT [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] ioctl(3, USB_RAW_IOCTL_INIT [pid 5837] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5835] <... ioctl resumed>, 0) = 0 [pid 5838] <... ioctl resumed>, 0) = 0 [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] <... ioctl resumed>, 0) = 0 [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5838] <... ioctl resumed>, 0x7ffc0615f9b0) = 18 [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc061609c0) = 0 [pid 5831] <... ioctl resumed>, 0x7ffc0615f9b0) = 18 [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5834] <... ioctl resumed>, 0x7ffc0615f9b0) = 18 [pid 5837] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5835] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] <... ioctl resumed>, 0x7ffc0615f9b0) = 18 [pid 5835] <... ioctl resumed>, 0x7ffc0615f9b0) = 18 [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [ 89.054357][ T1206] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 89.064080][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 89.074106][ T5822] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 89.074429][ T24] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 89.089208][ T47] usb 3-1: new high-speed USB device number 2 using dummy_hcd [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5838] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5838] <... ioctl resumed>, 0x7ffc0615f9b0) = 18 [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] <... ioctl resumed>, 0x7ffc0615f9b0) = 18 [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5831] <... ioctl resumed>, 0x7ffc0615f9b0) = 18 [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5834] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5837] <... ioctl resumed>, 0x7ffc0615f9b0) = 18 [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5838] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5834] <... ioctl resumed>, 0x7ffc0615f9b0) = 18 [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5837] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5831] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5838] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5837] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5834] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5838] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5838] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc061609c0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5831] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] <... ioctl resumed>, 0x7ffc0615f9b0) = 9 [pid 5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5834] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc0615f9b0) = 63 [pid 5835] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5831] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc0615f9b0) = 9 [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc061609c0) = 0 [ 89.234129][ T5822] usb 5-1: Using ep0 maxpacket: 8 [ 89.239246][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 89.254079][ T47] usb 3-1: Using ep0 maxpacket: 8 [ 89.260021][ T1206] usb 2-1: Using ep0 maxpacket: 8 [ 89.265466][ T24] usb 4-1: Using ep0 maxpacket: 8 [pid 5835] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] <... ioctl resumed>, 0x7ffc0615f9b0) = 63 [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [ 89.286378][ T5822] usb 5-1: unable to get BOS descriptor or descriptor too short [ 89.289166][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 89.301102][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 89.302506][ T47] usb 3-1: unable to get BOS descriptor or descriptor too short [ 89.312760][ T5822] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [pid 5837] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5834] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5837] <... ioctl resumed>, 0x7ffc0615f9b0) = 9 [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc061609c0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5831] <... ioctl resumed>, 0x7ffc0615f9b0) = 9 [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc061609c0) = 0 [pid 5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5837] <... ioctl resumed>, 0x7ffc0615f9b0) = 63 [pid 5834] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5831] <... ioctl resumed>, 0x7ffc0615f9b0) = 63 [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 89.325974][ T47] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 89.331483][ T5822] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 89.340448][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 89.353823][ T5822] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 89.363114][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc061609c0) = 0 [ 89.375534][ T5822] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1 [ 89.381826][ T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 89.395576][ T10] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 89.403534][ T1206] usb 2-1: unable to get BOS descriptor or descriptor too short [ 89.416479][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [pid 5834] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc0615f9b0) = 9 [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc061609c0) = 0 [ 89.434081][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 89.435283][ T5822] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 89.445738][ T47] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1 [ 89.456088][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 89.465445][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 89.475472][ T5822] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 89.484603][ T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1 [ 89.494898][ T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1 [ 89.504166][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 89.514193][ T5822] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc0615f9b0) = 63 [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc0615f9b0) = 4 [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc061609c0) = 0 [pid 5838] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc0615f9b0) = 8 [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc061609c0) = 0 [pid 5838] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc0615f9b0) = 8 [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc061609c0) = 0 [ 89.523170][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 89.533352][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 89.542502][ T1206] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 89.552698][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 89.572726][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [pid 5838] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] <... ioctl resumed>, 0x7ffc0615f9b0) = 8 [pid 5838] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5834] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5835] <... ioctl resumed>, 0x7ffc0615f9b0) = 4 [pid 5834] <... ioctl resumed>, 0x7ffc0615f9b0) = 4 [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5834] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5835] <... ioctl resumed>, 0x7ffc0615f9b0) = 8 [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5834] <... ioctl resumed>, 0x7ffc0615f9b0) = 8 [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] <... ioctl resumed>, 0x7ffc0615f9b0) = 8 [pid 5834] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5834] <... ioctl resumed>, 0x7ffc0615f9b0) = 8 [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [ 89.572753][ T47] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 89.586945][ T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 89.602061][ T5822] usb 5-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 89.611184][ T1206] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 89.611216][ T1206] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] <... ioctl resumed>, 0x7ffc0615f9b0) = 8 [pid 5834] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5834] <... ioctl resumed>, 0x7ffc0615f9b0) = 8 [pid 5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 89.611237][ T1206] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1 [ 89.611259][ T1206] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 89.611278][ T1206] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 89.611297][ T1206] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 89.622337][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] <... ioctl resumed>, 0x7ffc0615f9b0) = 4 [pid 5831] <... ioctl resumed>, 0x7ffc0615f9b0) = 4 [pid 5838] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] <... ioctl resumed>, 0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5838] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 5831] <... ioctl resumed>, 0x7ffc0615f9b0) = 8 [pid 5838] <... ioctl resumed>, 0) = 0 [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5838] <... ioctl resumed>, 0x7fef6824c3ec) = 12 [pid 5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5838] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5831] <... ioctl resumed>, 0x7ffc0615f9b0) = 8 [pid 5838] <... ioctl resumed>, 0x7fef6824c3fc) = -1 EINVAL (Invalid argument) [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] <... ioctl resumed>, 0x7ffc0615f9b0) = 8 [ 89.622386][ T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 89.634780][ T5822] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.666371][ T47] usb 3-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 89.675084][ T5822] usb 5-1: Product: syz [ 89.684022][ T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.694337][ T5822] usb 5-1: Manufacturer: syz [ 89.702697][ T1206] usb 2-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [pid 5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5831] <... ioctl resumed>, 0x7ffc0615f9b0) = 8 [pid 5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5838] <... ioctl resumed>, 0x7fef6824c40c) = -1 EINVAL (Invalid argument) [pid 5838] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c41c) = -1 EINVAL (Invalid argument) [pid 5838] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c42c) = -1 EINVAL (Invalid argument) [pid 5838] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc0615f9b0) = 0 [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc0615f9b0) = 8 [ 89.711256][ T5822] usb 5-1: SerialNumber: syz [ 89.717243][ T1206] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.730062][ T5822] usb 5-1: config 0 descriptor?? [ 89.737980][ T47] usb 3-1: Product: syz [ 89.752751][ T5838] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22 [ 89.767998][ T10] usb 1-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 89.774222][ T1206] usb 2-1: Product: syz [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5834] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 5837] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5834] <... ioctl resumed>, 0) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5834] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c3ec) = 12 [pid 5834] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c3fc) = -1 EINVAL (Invalid argument) [pid 5834] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5837] <... ioctl resumed>, 0x7ffc0615f9b0) = 8 [ 89.777375][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.781454][ T1206] usb 2-1: Manufacturer: syz [ 89.795504][ T10] usb 1-1: Product: syz [ 89.797650][ T47] usb 3-1: Manufacturer: syz [ 89.800734][ T10] usb 1-1: Manufacturer: syz [ 89.805305][ T47] usb 3-1: SerialNumber: syz [ 89.814839][ T1206] usb 2-1: SerialNumber: syz [ 89.818150][ T5822] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 89.826529][ T1206] usb 2-1: config 0 descriptor?? [ 89.828883][ T47] usb 3-1: config 0 descriptor?? [pid 5837] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5835] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 5834] <... ioctl resumed>, 0x7fef6824c40c) = -1 EINVAL (Invalid argument) [pid 5834] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c41c) = -1 EINVAL (Invalid argument) [pid 5834] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c42c) = -1 EINVAL (Invalid argument) [pid 5834] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc0615f9b0) = 0 [pid 5835] <... ioctl resumed>, 0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5831] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5831] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5831] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5831] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5835] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5831] <... ioctl resumed>, 0x7fef6824c3ec) = 12 [pid 5831] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c3fc) = -1 EINVAL (Invalid argument) [pid 5831] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5835] <... ioctl resumed>, 0x7fef6824c3ec) = 12 [pid 5835] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c3fc) = -1 EINVAL (Invalid argument) [pid 5835] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5831] <... ioctl resumed>, 0x7fef6824c40c) = -1 EINVAL (Invalid argument) [pid 5831] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c41c) = -1 EINVAL (Invalid argument) [pid 5831] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c42c) = -1 EINVAL (Invalid argument) [pid 5831] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc0615f9b0) = 0 [pid 5837] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5835] <... ioctl resumed>, 0x7fef6824c40c) = -1 EINVAL (Invalid argument) [pid 5837] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 5835] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5837] <... ioctl resumed>, 0) = 0 [pid 5835] <... ioctl resumed>, 0x7fef6824c41c) = -1 EINVAL (Invalid argument) [pid 5835] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5837] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 5835] <... ioctl resumed>, 0x7fef6824c42c) = -1 EINVAL (Invalid argument) [pid 5837] <... ioctl resumed>, 0) = 0 [pid 5835] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 5837] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c3ec) = 12 [pid 5835] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5837] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c3fc) = -1 EINVAL (Invalid argument) [ 89.836900][ T10] usb 1-1: SerialNumber: syz [ 89.844116][ T24] usb 4-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 89.853307][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.855553][ T5834] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 89.862653][ T24] usb 4-1: Product: syz [ 89.872550][ T10] usb 1-1: config 0 descriptor?? [ 89.876836][ T24] usb 4-1: Manufacturer: syz [ 89.882414][ T24] usb 4-1: SerialNumber: syz [pid 5837] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c40c) = -1 EINVAL (Invalid argument) [pid 5837] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c41c) = -1 EINVAL (Invalid argument) [pid 5837] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fef6824c42c) = -1 EINVAL (Invalid argument) [pid 5837] ioctl(3, USB_RAW_IOCTL_EP0_READ [ 89.900779][ T5831] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 89.910796][ T5835] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 89.919015][ T24] usb 4-1: config 0 descriptor?? [pid 5838] openat(AT_FDCWD, "/dev/sequencer", O_RDONLY) = 4 [pid 5837] <... ioctl resumed>, 0x7ffc0615f9b0) = 0 [pid 5838] exit_group(0) = ? [pid 5838] +++ exited with 0 +++ [pid 5836] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5836] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 89.948950][ T5837] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 89.973907][ T5822] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -12 [ 89.975429][ T1206] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [pid 5836] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached , child_tidptr=0x555579748650) = 5851 [pid 5851] set_robust_list(0x555579748660, 24) = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] openat(AT_FDCWD, "/dev/sequencer", O_RDONLY [pid 5851] <... openat resumed>) = 3 [pid 5834] <... openat resumed>) = 4 [pid 5835] openat(AT_FDCWD, "/dev/sequencer", O_RDONLY [pid 5851] write(3, "1000", 4 [pid 5835] <... openat resumed>) = 4 [pid 5834] exit_group(0 [pid 5851] <... write resumed>) = 4 [pid 5834] <... exit_group resumed>) = ? [pid 5831] openat(AT_FDCWD, "/dev/sequencer", O_RDONLY [pid 5851] close(3 [pid 5835] exit_group(0) = ? [ 90.036125][ T5822] usb 5-1: USB disconnect, device number 2 [pid 5851] <... close resumed>) = 0 [pid 5831] <... openat resumed>) = 4 executing program [pid 5851] write(1, "executing program\n", 18 [pid 5835] +++ exited with 0 +++ [pid 5834] +++ exited with 0 +++ [pid 5831] exit_group(0 [pid 5851] <... write resumed>) = 18 [pid 5831] <... exit_group resumed>) = ? [pid 5851] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5851] <... openat resumed>) = 3 [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5851] ioctl(3, USB_RAW_IOCTL_INIT [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5831, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5851] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5830] <... restart_syscall resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached ./strace-static-x86_64: Process 5853 attached [pid 5851] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5854] set_robust_list(0x555579748660, 24 [pid 5853] set_robust_list(0x555579748660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x555579748650) = 5854 [pid 5829] <... clone resumed>, child_tidptr=0x555579748650) = 5853 [pid 5854] <... set_robust_list resumed>) = 0 [pid 5853] <... set_robust_list resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5854] <... prctl resumed>) = 0 [pid 5853] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5855 attached [pid 5854] setpgid(0, 0 [pid 5851] <... ioctl resumed>, 0) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x555579748650) = 5855 [pid 5851] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5854] <... setpgid resumed>) = 0 [pid 5855] set_robust_list(0x555579748660, 24 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5851] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5853] setpgid(0, 0 [pid 5855] setpgid(0, 0 [pid 5854] <... openat resumed>) = 3 [pid 5853] <... setpgid resumed>) = 0 [pid 5851] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5855] <... setpgid resumed>) = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5854] write(3, "1000", 4 [pid 5853] <... openat resumed>) = 3 [pid 5855] <... openat resumed>) = 3 [pid 5855] write(3, "1000", 4 [pid 5854] <... write resumed>) = 4 [pid 5853] write(3, "1000", 4 [pid 5855] <... write resumed>) = 4 [pid 5854] close(3 [pid 5853] <... write resumed>) = 4 [pid 5855] close(3 [pid 5854] <... close resumed>) = 0 [pid 5853] close(3 [pid 5855] <... close resumed>) = 0 executing program executing program [pid 5855] write(1, "executing program\n", 18 [pid 5854] write(1, "executing program\n", 18 [pid 5853] <... close resumed>) = 0 [pid 5855] <... write resumed>) = 18 executing program [pid 5855] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5854] <... write resumed>) = 18 [pid 5853] write(1, "executing program\n", 18 [pid 5855] <... openat resumed>) = 3 [pid 5854] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5853] <... write resumed>) = 18 [pid 5855] ioctl(3, USB_RAW_IOCTL_INIT [pid 5854] <... openat resumed>) = 3 [pid 5853] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5854] ioctl(3, USB_RAW_IOCTL_INIT [pid 5853] <... openat resumed>) = 3 [pid 5855] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5854] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5853] ioctl(3, USB_RAW_IOCTL_INIT [pid 5855] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5854] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5853] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5853] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5855] <... ioctl resumed>, 0) = 0 [pid 5853] <... ioctl resumed>, 0) = 0 [pid 5855] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5853] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5855] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5853] <... ioctl resumed>, 0x7ffc061609c0) = 0 [pid 5855] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5853] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5854] <... ioctl resumed>, 0) = 0 [pid 5854] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc061609c0) = 0 [ 90.093210][ T1206] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -12 [ 90.095042][ T10] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 90.118552][ T5850] udevd[5850]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [pid 5837] openat(AT_FDCWD, "/dev/sequencer", O_RDONLY [pid 5854] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5837] <... openat resumed>) = 4 [pid 5837] exit_group(0) = ? [pid 5837] +++ exited with 0 +++ [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5857 attached [ 90.157948][ T1206] usb 2-1: USB disconnect, device number 2 [pid 5857] set_robust_list(0x555579748660, 24 [pid 5833] <... clone resumed>, child_tidptr=0x555579748650) = 5857 [pid 5857] <... set_robust_list resumed>) = 0 [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5857] setpgid(0, 0) = 0 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1000", 4) = 4 [pid 5857] close(3) = 0 executing program [pid 5857] write(1, "executing program\n", 18) = 18 [pid 5857] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5857] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc061609c0) = 0 [pid 5857] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5857] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc061609c0) = 0 [ 90.261145][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 90.302964][ T10] ------------[ cut here ]------------ [ 90.308872][ T10] ODEBUG: free active (active state 0) object: ffff888027cf0040 object type: timer_list hint: snd_usbmidi_error_timer+0x0/0x660 [ 90.324216][ C1] ================================================================== [ 90.327589][ T10] WARNING: CPU: 0 PID: 10 at lib/debugobjects.c:615 debug_print_object+0x16b/0x1e0 [ 90.332305][ C1] BUG: KASAN: slab-use-after-free in snd_usbmidi_error_timer+0x602/0x660 [ 90.342520][ T10] Modules linked in: [ 90.350054][ C1] Read of size 1 at addr ffff888033e87543 by task strace-static-x/5825 [ 90.350077][ C1] [ 90.350104][ C1] CPU: 1 UID: 0 PID: 5825 Comm: strace-static-x Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) [ 90.350129][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 90.350147][ C1] Call Trace: [ 90.350159][ C1] [ 90.350168][ C1] dump_stack_lvl+0x189/0x250 [ 90.350199][ C1] ? __virt_addr_valid+0x18c/0x540 [ 90.350225][ C1] ? rcu_is_watching+0x15/0xb0 [ 90.350255][ C1] ? __kasan_check_byte+0x12/0x40 [ 90.350280][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.350308][ C1] ? rcu_is_watching+0x15/0xb0 [ 90.350338][ C1] ? lock_release+0x4b/0x3e0 [ 90.350368][ C1] ? __virt_addr_valid+0x18c/0x540 [ 90.350394][ C1] ? __virt_addr_valid+0x469/0x540 [ 90.350421][ C1] print_report+0xb4/0x290 [ 90.350446][ C1] ? snd_usbmidi_error_timer+0x602/0x660 [ 90.350466][ C1] kasan_report+0x118/0x150 [ 90.350493][ C1] ? snd_usbmidi_error_timer+0x602/0x660 [ 90.350517][ C1] snd_usbmidi_error_timer+0x602/0x660 [ 90.350541][ C1] call_timer_fn+0x17b/0x5f0 [ 90.350568][ C1] ? __pfx_snd_usbmidi_error_timer+0x10/0x10 [ 90.350589][ C1] ? call_timer_fn+0xbe/0x5f0 [ 90.350614][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 90.350645][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 90.350666][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 90.350687][ C1] ? __pfx_snd_usbmidi_error_timer+0x10/0x10 [ 90.350710][ C1] __run_timer_base+0x61a/0x860 [ 90.350736][ C1] ? ktime_get+0x3e/0x1f0 [ 90.350763][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 90.350787][ C1] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 90.350826][ C1] run_timer_softirq+0xb7/0x180 [ 90.350853][ C1] handle_softirqs+0x283/0x870 [ 90.350889][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 90.350910][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 90.350945][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 90.350973][ C1] __irq_exit_rcu+0xca/0x1f0 [ 90.350991][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 90.351014][ C1] irq_exit_rcu+0x9/0x30 [ 90.351031][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 90.351054][ C1] [ 90.351061][ C1] [ 90.351070][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 90.351092][ C1] RIP: 0010:__sanitizer_cov_trace_switch+0x97/0x130 [ 90.351120][ C1] Code: 54 53 48 8b 54 24 20 65 4c 8b 04 25 08 50 75 92 45 31 c9 eb 08 49 ff c1 4c 39 c8 74 77 4e 8b 54 ce 10 65 44 8b 1d c9 89 b5 10 <41> 81 e3 00 01 ff 00 74 13 41 81 fb 00 01 00 00 75 d9 41 83 b8 3c [ 90.351138][ C1] RSP: 0018:ffffc900040af9d8 EFLAGS: 00000202 [ 90.351158][ C1] RAX: 0000000000000002 RBX: 0000000000000004 RCX: 0000000000000005 [ 90.351171][ C1] RDX: ffffffff818563fd RSI: ffffffff8ddda350 RDI: 0000000000000004 [ 90.351186][ C1] RBP: ffffc900040afb88 R08: ffff8880267d9e00 R09: 0000000000000001 [ 90.351201][ C1] R10: 0000000000000004 R11: 0000000080000001 R12: ffffc900040afca0 [ 90.351215][ C1] R13: 0000000000000001 R14: dffffc0000000000 R15: 0000000000000000 [ 90.351234][ C1] ? wait_consider_task+0x10d/0x2e60 [ 90.351269][ C1] wait_consider_task+0x10d/0x2e60 [ 90.351302][ C1] ? __lock_acquire+0xaac/0xd20 [ 90.351333][ C1] ? __do_wait+0xde/0x740 [ 90.351360][ C1] ? __pfx_wait_consider_task+0x10/0x10 [ 90.351391][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 90.351418][ C1] __do_wait+0x19f/0x740 [ 90.351447][ C1] do_wait+0x1f8/0x520 [ 90.351474][ C1] ? do_wait+0x18e/0x520 [ 90.351501][ C1] kernel_wait4+0x1af/0x280 [ 90.351527][ C1] ? __lock_acquire+0xaac/0xd20 [ 90.351556][ C1] ? __pfx_kernel_wait4+0x10/0x10 [ 90.351586][ C1] ? __pfx_child_wait_callback+0x10/0x10 [ 90.351621][ C1] __x64_sys_wait4+0x133/0x1e0 [ 90.351651][ C1] ? __pfx___x64_sys_wait4+0x10/0x10 [ 90.351678][ C1] ? __rseq_handle_notify_resume+0x37e/0x11f0 [ 90.351713][ C1] ? do_syscall_64+0xba/0x210 [ 90.351740][ C1] do_syscall_64+0xf6/0x210 [ 90.351766][ C1] ? asm_common_interrupt+0x26/0x40 [ 90.351785][ C1] ? clear_bhb_loop+0x45/0xa0 [ 90.351809][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.351839][ C1] RIP: 0033:0x4d6ad6 [ 90.351866][ C1] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 90.351883][ C1] RSP: 002b:00007ffd62bea878 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 90.351904][ C1] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004d6ad6 [ 90.351919][ C1] RDX: 0000000040000001 RSI: 00007ffd62bea89c RDI: 00000000ffffffff [ 90.351934][ C1] RBP: 00000000000016cc R08: 0000000000000000 R09: 00000000000002cc [ 90.351946][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000357e33f0 [ 90.351959][ C1] R13: 00007ffd62bea89c R14: 00000000357df610 R15: 000000000063f160 [ 90.351982][ C1] [ 90.351990][ C1] [ 90.355161][ T10] [ 90.362811][ C1] Allocated by task 10: [ 90.365788][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) [ 90.377574][ C1] kasan_save_track+0x3e/0x80 [ 90.377600][ C1] __kasan_kmalloc+0x93/0xb0 [ 90.377621][ C1] __kmalloc_cache_noprof+0x230/0x3d0 [ 90.377645][ C1] snd_usbmidi_in_endpoint_create+0x7e/0xa30 [ 90.377670][ C1] __snd_usbmidi_create+0x21bd/0x29d0 [ 90.377689][ C1] snd_usb_midi_v2_create+0x43e1/0x4650 [ 90.377719][ C1] usb_audio_probe+0xb78/0x1dc0 [ 90.377745][ C1] usb_probe_interface+0x641/0xbc0 [ 90.377775][ C1] really_probe+0x26a/0x9a0 [ 90.377799][ C1] __driver_probe_device+0x18c/0x2f0 [ 90.377827][ C1] driver_probe_device+0x4f/0x430 [ 90.377851][ C1] __device_attach_driver+0x2ce/0x530 [ 90.377876][ C1] bus_for_each_drv+0x24e/0x2e0 [ 90.377905][ C1] __device_attach+0x2b8/0x400 [ 90.377926][ C1] bus_probe_device+0x185/0x260 [ 90.377955][ C1] device_add+0x7b6/0xb50 [ 90.377975][ C1] usb_set_configuration+0x1a87/0x20e0 [ 90.378002][ C1] usb_generic_driver_probe+0x8d/0x150 [ 90.378029][ C1] usb_probe_device+0x1c1/0x390 [ 90.378057][ C1] really_probe+0x26a/0x9a0 [ 90.378080][ C1] __driver_probe_device+0x18c/0x2f0 [ 90.378103][ C1] driver_probe_device+0x4f/0x430 [ 90.378126][ C1] __device_attach_driver+0x2ce/0x530 [ 90.378150][ C1] bus_for_each_drv+0x24e/0x2e0 [ 90.378180][ C1] __device_attach+0x2b8/0x400 [ 90.378201][ C1] bus_probe_device+0x185/0x260 [ 90.378230][ C1] device_add+0x7b6/0xb50 [ 90.378249][ C1] usb_new_device+0xa39/0x16c0 [ 90.378271][ C1] hub_event+0x2941/0x4a00 [ 90.378296][ C1] process_scheduled_works+0xadb/0x17a0 [ 90.378327][ C1] worker_thread+0x8a0/0xda0 [ 90.378343][ C1] kthread+0x70e/0x8a0 [ 90.378364][ C1] ret_from_fork+0x4b/0x80 [ 90.378383][ C1] ret_from_fork_asm+0x1a/0x30 [ 90.389215][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 90.391725][ C1] [ 90.391734][ C1] Freed by task 10: [ 90.395188][ T10] Workqueue: usb_hub_wq hub_event [ 90.399229][ C1] kasan_save_track+0x3e/0x80 [ 90.404365][ T10] [ 90.409072][ C1] kasan_save_free_info+0x46/0x50 [ 90.414130][ T10] RIP: 0010:debug_print_object+0x16b/0x1e0 [ 90.419284][ C1] __kasan_slab_free+0x62/0x70 [ 90.419308][ C1] kfree+0x193/0x440 [ 90.424112][ T10] Code: 4c 89 ff e8 47 42 63 fd 4d 8b 0f 48 c7 c7 c0 db c1 8b 48 8b 34 24 4c 89 ea 89 e9 4d 89 f0 41 54 e8 aa a9 c5 fc 48 83 c4 08 90 <0f> 0b 90 90 ff 05 57 95 c0 0a 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 [ 90.428633][ C1] snd_usbmidi_rawmidi_free+0xae/0x150 [ 90.433728][ T10] RSP: 0018:ffffc900000f6990 EFLAGS: 00010296 [ 90.438826][ C1] snd_rawmidi_free+0x3bc/0x410 [ 90.438852][ C1] snd_rawmidi_dev_free+0x38/0x50 [ 90.438873][ C1] __snd_device_free+0x1d2/0x2e0 [ 90.443271][ T10] [ 90.443281][ T10] RAX: 847b0a2dc845ef00 RBX: dffffc0000000000 RCX: ffff88801b681e00 [ 90.448889][ C1] snd_device_free_all+0xcf/0x180 [ 90.448920][ C1] release_card_device+0x75/0x1b0 [ 90.453490][ T10] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 90.459108][ C1] device_release+0x99/0x1c0 [ 90.459137][ C1] kobject_put+0x228/0x480 [ 90.459162][ C1] snd_card_free+0x110/0x190 [ 90.464632][ T10] RBP: 0000000000000000 R08: ffffc900000f6667 R09: 1ffff9200001eccc [ 90.469176][ C1] usb_audio_probe+0x18ea/0x1dc0 [ 90.475183][ T10] R10: dffffc0000000000 R11: fffff5200001eccd R12: ffffffff892410d0 [ 90.479799][ C1] usb_probe_interface+0x641/0xbc0 [ 90.484922][ T10] R13: ffffffff8bc1dd40 R14: ffff888027cf0040 R15: ffffffff8b6cc2e0 [ 90.490076][ C1] really_probe+0x26a/0x9a0 [ 90.495322][ T10] FS: 0000000000000000(0000) GS:ffff8881260cb000(0000) knlGS:0000000000000000 [ 90.501228][ C1] __driver_probe_device+0x18c/0x2f0 [ 90.506104][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 90.510385][ C1] driver_probe_device+0x4f/0x430 [ 90.515791][ T10] CR2: 00007fff286001b8 CR3: 00000000316c4000 CR4: 00000000003526f0 [ 90.521967][ C1] __device_attach_driver+0x2ce/0x530 [ 90.526850][ T10] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 90.531558][ C1] bus_for_each_drv+0x24e/0x2e0 [ 90.536348][ T10] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 90.541572][ C1] __device_attach+0x2b8/0x400 [ 90.546875][ T10] Call Trace: [ 90.551501][ C1] bus_probe_device+0x185/0x260 [ 90.556734][ T10] [ 90.560911][ C1] device_add+0x7b6/0xb50 [ 90.566605][ T10] debug_check_no_obj_freed+0x3a2/0x470 [ 90.569459][ C1] usb_set_configuration+0x1a87/0x20e0 [ 90.572422][ T10] ? snd_rawmidi_free+0x3bc/0x410 [ 90.578376][ C1] usb_generic_driver_probe+0x8d/0x150 [ 90.578415][ C1] usb_probe_device+0x1c1/0x390 [ 90.578443][ C1] really_probe+0x26a/0x9a0 [ 90.578465][ C1] __driver_probe_device+0x18c/0x2f0 [ 90.578486][ C1] driver_probe_device+0x4f/0x430 [ 90.578508][ C1] __device_attach_driver+0x2ce/0x530 [ 90.578530][ C1] bus_for_each_drv+0x24e/0x2e0 [ 90.578557][ C1] __device_attach+0x2b8/0x400 [ 90.578578][ C1] bus_probe_device+0x185/0x260 [ 90.578607][ C1] device_add+0x7b6/0xb50 [ 90.585324][ T10] kfree+0x117/0x440 [ 90.604862][ C1] usb_new_device+0xa39/0x16c0 [ 90.604892][ C1] hub_event+0x2941/0x4a00 [ 90.604917][ C1] process_scheduled_works+0xadb/0x17a0 [ 90.610972][ T10] ? mutex_is_locked+0x17/0x50 [ 90.618942][ C1] worker_thread+0x8a0/0xda0 [ 90.618962][ C1] kthread+0x70e/0x8a0 [ 90.618983][ C1] ret_from_fork+0x4b/0x80 [ 90.627019][ T10] ? __pfx_snd_usbmidi_rawmidi_free+0x10/0x10 [ 90.634913][ C1] ret_from_fork_asm+0x1a/0x30 [ 90.634936][ C1] [ 90.634943][ C1] The buggy address belongs to the object at ffff888033e87400 [ 90.634943][ C1] which belongs to the cache kmalloc-512 of size 512 [ 90.642909][ T10] snd_rawmidi_free+0x3bc/0x410 [ 90.650870][ C1] The buggy address is located 323 bytes inside of [ 90.650870][ C1] freed 512-byte region [ffff888033e87400, ffff888033e87600) [ 90.650893][ C1] [ 90.650899][ C1] The buggy address belongs to the physical page: [ 90.650921][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33e84 [ 90.656232][ T10] snd_rawmidi_dev_free+0x38/0x50 [ 90.661291][ C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 90.666178][ T10] __snd_device_free+0x1d2/0x2e0 [ 90.670484][ C1] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 90.676066][ T10] snd_device_free_all+0xcf/0x180 [ 90.681199][ C1] page_type: f5(slab) [ 90.685479][ T10] ? __pfx_snd_mixer_oss_notify_handler+0x10/0x10 [ 90.689491][ C1] raw: 00fff00000000040 ffff88801a041c80 0000000000000000 dead000000000001 [ 90.693711][ T10] release_card_device+0x75/0x1b0 [ 90.698224][ C1] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 90.698246][ C1] head: 00fff00000000040 ffff88801a041c80 0000000000000000 dead000000000001 [ 90.703098][ T10] ? __pfx_release_card_device+0x10/0x10 [ 90.708109][ C1] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 90.708130][ C1] head: 00fff00000000002 ffffea0000cfa101 00000000ffffffff 00000000ffffffff [ 90.708147][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 90.713765][ T10] device_release+0x99/0x1c0 [ 90.718512][ C1] page dumped because: kasan: bad access detected [ 90.718533][ C1] page_owner tracks the page as allocated [ 90.718542][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5213, tgid 5213 (udevadm), ts 36639195152, free_ts 36630161969 [ 90.718576][ C1] post_alloc_hook+0x1d8/0x230 [ 90.718602][ C1] get_page_from_freelist+0x21ce/0x22b0 [ 90.723892][ T10] kobject_put+0x228/0x480 [ 90.729969][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 90.730008][ C1] alloc_pages_mpol+0x232/0x4a0 [ 90.730031][ C1] allocate_slab+0x8a/0x3b0 [ 90.730048][ C1] ___slab_alloc+0xbfc/0x1480 [ 90.734767][ T10] snd_card_free+0x110/0x190 [ 90.739226][ C1] __kmalloc_cache_noprof+0x296/0x3d0 [ 90.744469][ T10] ? __pfx_snd_card_free+0x10/0x10 [ 90.749075][ C1] kernfs_fop_open+0x397/0xca0 [ 90.754996][ T10] ? usb_match_one_id+0x654/0x980 [ 90.758846][ C1] do_dentry_open+0xdf0/0x1970 [ 90.778571][ T10] ? snd_usb_create_quirk+0x5d/0x110 [ 90.786857][ C1] vfs_open+0x3b/0x340 [ 90.786887][ C1] path_openat+0x2ee5/0x3830 [ 90.786905][ C1] do_filp_open+0x1fa/0x410 [ 90.794926][ T10] usb_audio_probe+0x18ea/0x1dc0 [ 90.802835][ C1] do_sys_openat2+0x121/0x1c0 [ 90.810869][ T10] ? __pfx_usb_audio_probe+0x10/0x10 [ 90.818758][ C1] __x64_sys_openat+0x138/0x170 [ 90.818790][ C1] do_syscall_64+0xf6/0x210 [ 90.826826][ T10] ? ktime_get_mono_fast_ns+0x2af/0x2d0 [ 90.829786][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.832123][ T10] ? pm_runtime_enable+0x1f3/0x340 [ 90.834436][ C1] page last free pid 5209 tgid 5209 stack trace: [ 90.834451][ C1] __free_frozen_pages+0xb0e/0xcd0 [ 90.834479][ C1] __put_partials+0x161/0x1c0 [ 90.838630][ T10] usb_probe_interface+0x641/0xbc0 [ 90.850576][ C1] put_cpu_partial+0x17c/0x250 [ 90.850608][ C1] __slab_free+0x2f7/0x400 [ 90.850626][ C1] qlist_free_all+0x9a/0x140 [ 90.855342][ T10] ? __pfx_usb_probe_interface+0x10/0x10 [ 90.859855][ C1] kasan_quarantine_reduce+0x148/0x160 [ 90.865269][ T10] really_probe+0x26a/0x9a0 [ 90.871202][ C1] __kasan_slab_alloc+0x22/0x80 [ 90.876669][ T10] __driver_probe_device+0x18c/0x2f0 [ 90.882098][ C1] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 90.886980][ T10] driver_probe_device+0x4f/0x430 [ 90.892029][ C1] getname_flags+0xb8/0x540 [ 90.896607][ T10] __device_attach_driver+0x2ce/0x530 [ 90.901821][ C1] __x64_sys_symlink+0x5d/0x90 [ 90.906884][ T10] bus_for_each_drv+0x24e/0x2e0 [ 90.912189][ C1] do_syscall_64+0xf6/0x210 [ 90.917092][ T10] ? __pfx___device_attach_driver+0x10/0x10 [ 90.921788][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.926677][ T10] ? __pfx_bus_for_each_drv+0x10/0x10 [ 90.930954][ C1] [ 90.936456][ T10] __device_attach+0x2b8/0x400 [ 90.941840][ C1] Memory state around the buggy address: [ 90.946718][ T10] ? __pfx___device_attach+0x10/0x10 [ 90.951177][ C1] ffff888033e87400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 90.956496][ T10] ? do_raw_spin_unlock+0x122/0x240 [ 90.961452][ C1] ffff888033e87480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 90.966884][ T10] bus_probe_device+0x185/0x260 [ 90.971675][ C1] >ffff888033e87500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 90.976476][ T10] device_add+0x7b6/0xb50 [ 90.981256][ C1] ^ [ 90.985610][ T10] usb_set_configuration+0x1a87/0x20e0 [ 90.990322][ C1] ffff888033e87580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 90.994819][ T10] usb_generic_driver_probe+0x8d/0x150 [ 91.000263][ C1] ffff888033e87600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.004871][ T10] usb_probe_device+0x1c1/0x390 [ 91.008886][ C1] ================================================================== [ 91.013292][ T10] ? __pfx_usb_probe_device+0x10/0x10 [ 91.018158][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 91.018180][ C1] CPU: 1 UID: 0 PID: 5825 Comm: strace-static-x Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) [ 91.018208][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 91.018222][ C1] Call Trace: [ 91.018230][ C1] [ 91.018239][ C1] dump_stack_lvl+0x99/0x250 [ 91.018272][ C1] ? __asan_memcpy+0x40/0x70 [ 91.018295][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.018326][ C1] ? __pfx__printk+0x10/0x10 [ 91.018354][ C1] panic+0x2db/0x790 [ 91.018387][ C1] ? __pfx_panic+0x10/0x10 [ 91.018418][ C1] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 91.018442][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 91.018464][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 91.018486][ C1] ? print_memory_metadata+0x314/0x400 [ 91.018514][ C1] ? snd_usbmidi_error_timer+0x602/0x660 [ 91.018537][ C1] check_panic_on_warn+0x89/0xb0 [ 91.018567][ C1] ? snd_usbmidi_error_timer+0x602/0x660 [ 91.018589][ C1] end_report+0x78/0x160 [ 91.018615][ C1] kasan_report+0x129/0x150 [ 91.018643][ C1] ? snd_usbmidi_error_timer+0x602/0x660 [ 91.018670][ C1] snd_usbmidi_error_timer+0x602/0x660 [ 91.018696][ C1] call_timer_fn+0x17b/0x5f0 [ 91.018725][ C1] ? __pfx_snd_usbmidi_error_timer+0x10/0x10 [ 91.018748][ C1] ? call_timer_fn+0xbe/0x5f0 [ 91.018775][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 91.018808][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.018829][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 91.018852][ C1] ? __pfx_snd_usbmidi_error_timer+0x10/0x10 [ 91.018876][ C1] __run_timer_base+0x61a/0x860 [ 91.018902][ C1] ? ktime_get+0x3e/0x1f0 [ 91.018929][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 91.018954][ C1] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 91.018986][ C1] run_timer_softirq+0xb7/0x180 [ 91.019013][ C1] handle_softirqs+0x283/0x870 [ 91.019049][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 91.019078][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 91.019114][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 91.019142][ C1] __irq_exit_rcu+0xca/0x1f0 [ 91.019161][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 91.019185][ C1] irq_exit_rcu+0x9/0x30 [ 91.019203][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 91.019227][ C1] [ 91.019234][ C1] [ 91.019243][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 91.019267][ C1] RIP: 0010:__sanitizer_cov_trace_switch+0x97/0x130 [ 91.019295][ C1] Code: 54 53 48 8b 54 24 20 65 4c 8b 04 25 08 50 75 92 45 31 c9 eb 08 49 ff c1 4c 39 c8 74 77 4e 8b 54 ce 10 65 44 8b 1d c9 89 b5 10 <41> 81 e3 00 01 ff 00 74 13 41 81 fb 00 01 00 00 75 d9 41 83 b8 3c [ 91.019314][ C1] RSP: 0018:ffffc900040af9d8 EFLAGS: 00000202 [ 91.019335][ C1] RAX: 0000000000000002 RBX: 0000000000000004 RCX: 0000000000000005 [ 91.019349][ C1] RDX: ffffffff818563fd RSI: ffffffff8ddda350 RDI: 0000000000000004 [ 91.019364][ C1] RBP: ffffc900040afb88 R08: ffff8880267d9e00 R09: 0000000000000001 [ 91.019380][ C1] R10: 0000000000000004 R11: 0000000080000001 R12: ffffc900040afca0 [ 91.019395][ C1] R13: 0000000000000001 R14: dffffc0000000000 R15: 0000000000000000 [ 91.019414][ C1] ? wait_consider_task+0x10d/0x2e60 [ 91.019450][ C1] wait_consider_task+0x10d/0x2e60 [ 91.019484][ C1] ? __lock_acquire+0xaac/0xd20 [ 91.019516][ C1] ? __do_wait+0xde/0x740 [ 91.019545][ C1] ? __pfx_wait_consider_task+0x10/0x10 [ 91.019578][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 91.019607][ C1] __do_wait+0x19f/0x740 [ 91.019637][ C1] do_wait+0x1f8/0x520 [ 91.019664][ C1] ? do_wait+0x18e/0x520 [ 91.019694][ C1] kernel_wait4+0x1af/0x280 [ 91.019720][ C1] ? __lock_acquire+0xaac/0xd20 [ 91.019750][ C1] ? __pfx_kernel_wait4+0x10/0x10 [ 91.019780][ C1] ? __pfx_child_wait_callback+0x10/0x10 [ 91.019815][ C1] __x64_sys_wait4+0x133/0x1e0 [ 91.019846][ C1] ? __pfx___x64_sys_wait4+0x10/0x10 [ 91.019873][ C1] ? __rseq_handle_notify_resume+0x37e/0x11f0 [ 91.019909][ C1] ? do_syscall_64+0xba/0x210 [ 91.019938][ C1] do_syscall_64+0xf6/0x210 [ 91.019963][ C1] ? asm_common_interrupt+0x26/0x40 [ 91.019983][ C1] ? clear_bhb_loop+0x45/0xa0 [ 91.020008][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.020028][ C1] RIP: 0033:0x4d6ad6 [ 91.020046][ C1] Code: 00 00 00 90 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24 [ 91.020071][ C1] RSP: 002b:00007ffd62bea878 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 91.020093][ C1] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004d6ad6 [ 91.020108][ C1] RDX: 0000000040000001 RSI: 00007ffd62bea89c RDI: 00000000ffffffff [ 91.020124][ C1] RBP: 00000000000016cc R08: 0000000000000000 R09: 00000000000002cc [ 91.020137][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000357e33f0 [ 91.020151][ C1] R13: 00007ffd62bea89c R14: 00000000357df610 R15: 000000000063f160 [ 91.020175][ C1] [ 91.028386][ C1] Kernel Offset: disabled