./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor990757575 <...> Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. execve("./syz-executor990757575", ["./syz-executor990757575"], 0x7ffe15410d70 /* 10 vars */) = 0 brk(NULL) = 0x555556a95000 brk(0x555556a95c40) = 0x555556a95c40 arch_prctl(ARCH_SET_FS, 0x555556a95300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556a955d0) = 3607 set_robust_list(0x555556a955e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f61a778d9b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f61a778e080}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f61a778da50, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f61a778e080}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor990757575", 4096) = 27 brk(0x555556ab6c40) = 0x555556ab6c40 brk(0x555556ab7000) = 0x555556ab7000 mprotect(0x7f61a784e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f61a78544cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f61a775d000 mprotect(0x7f61a775e000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7f61a777d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3608], tls=0x7f61a777d700, child_tidptr=0x7f61a777d9d0) = 3608 futex(0x7f61a78544c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7f61a78544cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000}./strace-static-x86_64: Process 3608 attached [pid 3608] set_robust_list(0x7f61a777d9e0, 24) = 0 [pid 3608] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3608] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f61a777c2b0) = 0 [pid 3608] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f61a777c2b0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f61a777c2b0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f61a777b2a0) = 18 syzkaller login: [ 40.048385][ T3272] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f61a777c2b0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f61a777b2a0) = 18 [ 40.288341][ T3272] usb 1-1: Using ep0 maxpacket: 16 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f61a777c2b0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f61a777b2a0) = 9 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f61a777c2b0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f61a777b2a0) = 27 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f61a777c2b0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f61a777b2a0) = 4 [ 40.408849][ T3272] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f61a777c2b0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f61a777b2a0) = 8 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f61a777c2b0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f61a777b2a0) = 8 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f61a777c2b0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f61a777b2a0) = 8 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f61a777c2b0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f61a785460c) = 6 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f61a777b2a0) = 0 [ 40.578911][ T3272] usb 1-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice=80.f3 [ 40.588083][ T3272] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.596120][ T3272] usb 1-1: Product: syz [ 40.600333][ T3272] usb 1-1: Manufacturer: syz [ 40.604925][ T3272] usb 1-1: SerialNumber: syz [ 40.610989][ T3272] usb 1-1: config 0 descriptor?? [ 40.650760][ T3272] input: iMON Panel, Knob and Mouse(15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [pid 3608] futex(0x7f61a78544cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7f61a78544c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3607] <... futex resumed>) = 0 [pid 3608] <... ioctl resumed>, 0x7f61a777c2d0) = 0 [pid 3607] futex(0x7f61a78544cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f61a777b2c0) = 8 [ 40.938322][ T3272] rc_core: IR keymap rc-imon-pad not found [ 40.944149][ T3272] Registered IR keymap rc-empty [ 40.949138][ T3272] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 40.959233][ T3272] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [pid 3608] futex(0x7f61a78544cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7f61a78544c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3607] <... futex resumed>) = 0 [pid 3608] <... ioctl resumed>, 0x7f61a777c2d0) = 0 [pid 3607] futex(0x7f61a78544cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f61a777b2c0) = 8 [ 41.108885][ T3272] rc rc0: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 41.119755][ T3272] input: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 41.132387][ T3272] imon 1-1:0.0: iMON device (15c2:0040, intf0) on usb<1:2> initialized [pid 3608] futex(0x7f61a78544cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7f61a78544c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR [pid 3607] <... futex resumed>) = 0 [pid 3608] <... openat resumed>) = 4 [pid 3607] futex(0x7f61a78544cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] futex(0x7f61a78544cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7f61a78544c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7f61a78544cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] write(4, "\x68\x04\xd2\x58\xd4\x56\x9c\x00\x68\x00\x00\x00\x00\x00\x7f\xcc\x96\x4e\x80\xcb\x4e\x71\x97\x0d\xb8\x4e\x67\xb7\x6a\x0e\xf5", 31 [pid 3607] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3607] futex(0x7f61a78544cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3607] futex(0x7f61a78544cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3607] futex(0x7f61a78544dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f61a773c000 [pid 3607] mprotect(0x7f61a773d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3607] clone(child_stack=0x7f61a775c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3614], tls=0x7f61a775c700, child_tidptr=0x7f61a775c9d0) = 3614 [pid 3607] futex(0x7f61a78544d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7f61a78544dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3614 attached [pid 3614] set_robust_list(0x7f61a775c9e0, 24) = 0 [ 41.343037][ T3614] ------------[ cut here ]------------ [ 41.348564][ T3614] URB ffff888016c3ea00 submitted while active [ 41.354924][ T3614] WARNING: CPU: 1 PID: 3614 at drivers/usb/core/urb.c:379 usb_submit_urb+0x14e8/0x1880 [ 41.364762][ T3614] Modules linked in: [ 41.368754][ T3614] CPU: 1 PID: 3614 Comm: syz-executor990 Not tainted 6.0.0-rc6-next-20220923-syzkaller #0 [ 41.378829][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [pid 3614] write(4, "\xe8", 1 [pid 3607] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 41.389014][ T3614] RIP: 0010:usb_submit_urb+0x14e8/0x1880 [ 41.394844][ T3614] Code: 89 de e8 cb 7e 12 fc 84 db 0f 85 a3 f3 ff ff e8 2e 82 12 fc 4c 89 fe 48 c7 c7 a0 6b 8c 8a c6 05 09 40 61 08 01 e8 38 bb dd 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 07 82 12 fc 48 8b 7c 24 40 [ 41.414873][ T3614] RSP: 0018:ffffc90003cefc50 EFLAGS: 00010286 [ 41.421181][ T3614] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 41.429280][ T3614] RDX: ffff8880269c1d40 RSI: ffffffff81620008 RDI: fffff5200079df7c [ 41.437277][ T3614] RBP: ffff88801788a898 R08: 0000000000000005 R09: 0000000000000000 [ 41.445464][ T3614] R10: 0000000080000000 R11: 6666666620425255 R12: ffff888016c3ea00 [ 41.453573][ T3614] R13: ffff888020c80128 R14: 00000000fffffff0 R15: ffff888016c3ea00 [ 41.461613][ T3614] FS: 00007f61a775c700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 41.470582][ T3614] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.477161][ T3614] CR2: 00007f61a775c718 CR3: 000000007de7a000 CR4: 00000000003506e0 [ 41.485167][ T3614] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 3607] exit_group(0) = ? [ 41.493165][ T3614] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.501166][ T3614] Call Trace: [ 41.504452][ T3614] [ 41.507380][ T3614] ? __kmem_cache_alloc_node+0x1d8/0x3d0 [ 41.513072][ T3614] ? send_packet+0x643/0xbc0 [ 41.517688][ T3614] ? kasan_set_track+0x21/0x30 [ 41.522495][ T3614] send_packet+0x422/0xbc0 [ 41.526951][ T3614] vfd_write+0x2d9/0x550 [ 41.528325][ T3608] imon:send_packet: task interrupted [ 41.531243][ T3614] vfs_write+0x2d7/0xdd0 [ 41.540768][ T3614] ? send_packet+0xbc0/0xbc0 [ 41.545393][ T3614] ? vfs_read+0x930/0x930 [ 41.549767][ T3614] ? __fget_files+0x26a/0x440 [ 41.554477][ T3614] ? __fget_light+0xe5/0x270 [ 41.559121][ T3614] ksys_write+0x127/0x250 [ 41.563468][ T3614] ? __ia32_sys_read+0xb0/0xb0 [ 41.568225][ T3614] ? _raw_spin_unlock_irq+0x2a/0x40 [ 41.573488][ T3614] ? ptrace_notify+0xfa/0x140 [ 41.578159][ T3614] do_syscall_64+0x35/0xb0 [ 41.582602][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.588542][ T3614] RIP: 0033:0x7f61a77d0119 [ 41.592947][ T3614] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 41.612578][ T3614] RSP: 002b:00007f61a775c2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 41.621021][ T3614] RAX: ffffffffffffffda RBX: 00007f61a78544d0 RCX: 00007f61a77d0119 [ 41.629013][ T3614] RDX: 0000000000000001 RSI: 00000000200004c0 RDI: 0000000000000004 [ 41.636993][ T3614] RBP: 00007f61a78544dc R08: 00007f61a775c700 R09: 0000000000000000 [ 41.644990][ T3614] R10: 00007f61a775c700 R11: 0000000000000246 R12: 00007f61a7822080 [ 41.652984][ T3614] R13: 0b8b0509005505e1 R14: 0d97714ecb804e96 R15: 00007f61a78544d8 [ 41.660995][ T3614] [ 41.664027][ T3614] Kernel panic - not syncing: panic_on_warn set ... [ 41.670613][ T3614] CPU: 1 PID: 3614 Comm: syz-executor990 Not tainted 6.0.0-rc6-next-20220923-syzkaller #0 [ 41.680507][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 41.690563][ T3614] Call Trace: [ 41.693847][ T3614] [ 41.696782][ T3614] dump_stack_lvl+0xcd/0x134 [ 41.701427][ T3614] panic+0x2c8/0x622 [ 41.705329][ T3614] ? panic_print_sys_info.part.0+0x110/0x110 [ 41.711496][ T3614] ? __warn.cold+0x24b/0x350 [ 41.716093][ T3614] ? usb_submit_urb+0x14e8/0x1880 [ 41.721134][ T3614] __warn.cold+0x25c/0x350 [ 41.725557][ T3614] ? __wake_up_klogd.part.0+0x99/0xf0 [ 41.730936][ T3614] ? usb_submit_urb+0x14e8/0x1880 [ 41.735970][ T3614] report_bug+0x1bc/0x210 [ 41.740317][ T3614] handle_bug+0x3c/0x60 [ 41.744481][ T3614] exc_invalid_op+0x14/0x40 [ 41.748988][ T3614] asm_exc_invalid_op+0x16/0x20 [ 41.753861][ T3614] RIP: 0010:usb_submit_urb+0x14e8/0x1880 [ 41.759520][ T3614] Code: 89 de e8 cb 7e 12 fc 84 db 0f 85 a3 f3 ff ff e8 2e 82 12 fc 4c 89 fe 48 c7 c7 a0 6b 8c 8a c6 05 09 40 61 08 01 e8 38 bb dd 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 07 82 12 fc 48 8b 7c 24 40 [ 41.779221][ T3614] RSP: 0018:ffffc90003cefc50 EFLAGS: 00010286 [ 41.785390][ T3614] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 41.793457][ T3614] RDX: ffff8880269c1d40 RSI: ffffffff81620008 RDI: fffff5200079df7c [ 41.801435][ T3614] RBP: ffff88801788a898 R08: 0000000000000005 R09: 0000000000000000 [ 41.809416][ T3614] R10: 0000000080000000 R11: 6666666620425255 R12: ffff888016c3ea00 [ 41.817391][ T3614] R13: ffff888020c80128 R14: 00000000fffffff0 R15: ffff888016c3ea00 [ 41.825375][ T3614] ? vprintk+0x88/0x90 [ 41.829465][ T3614] ? __kmem_cache_alloc_node+0x1d8/0x3d0 [ 41.835205][ T3614] ? send_packet+0x643/0xbc0 [ 41.839815][ T3614] ? kasan_set_track+0x21/0x30 [ 41.845031][ T3614] send_packet+0x422/0xbc0 [ 41.849483][ T3614] vfd_write+0x2d9/0x550 [ 41.853769][ T3614] vfs_write+0x2d7/0xdd0 [ 41.858051][ T3614] ? send_packet+0xbc0/0xbc0 [ 41.862663][ T3614] ? vfs_read+0x930/0x930 [ 41.867021][ T3614] ? __fget_files+0x26a/0x440 [ 41.871732][ T3614] ? __fget_light+0xe5/0x270 [ 41.876342][ T3614] ksys_write+0x127/0x250 [ 41.880693][ T3614] ? __ia32_sys_read+0xb0/0xb0 [ 41.885477][ T3614] ? _raw_spin_unlock_irq+0x2a/0x40 [ 41.890695][ T3614] ? ptrace_notify+0xfa/0x140 [ 41.895385][ T3614] do_syscall_64+0x35/0xb0 [ 41.899807][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.905842][ T3614] RIP: 0033:0x7f61a77d0119 [ 41.910295][ T3614] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 41.929927][ T3614] RSP: 002b:00007f61a775c2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 41.938349][ T3614] RAX: ffffffffffffffda RBX: 00007f61a78544d0 RCX: 00007f61a77d0119 [ 41.946373][ T3614] RDX: 0000000000000001 RSI: 00000000200004c0 RDI: 0000000000000004 [ 41.954384][ T3614] RBP: 00007f61a78544dc R08: 00007f61a775c700 R09: 0000000000000000 [ 41.962363][ T3614] R10: 00007f61a775c700 R11: 0000000000000246 R12: 00007f61a7822080 [ 41.970367][ T3614] R13: 0b8b0509005505e1 R14: 0d97714ecb804e96 R15: 00007f61a78544d8 [ 41.978391][ T3614] [ 41.981465][ T3614] Kernel Offset: disabled [ 41.985791][ T3614] Rebooting in 86400 seconds..