./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor240223300 <...> DUID 00:04:cd:7d:74:7d:04:96:3f:c0:f2:1a:da:5a:49:b1:9f:fb forked to background, child pid 3189 [ 23.234173][ T3190] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.245844][ T3190] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts. execve("./syz-executor240223300", ["./syz-executor240223300"], 0x7ffd5a433d10 /* 10 vars */) = 0 brk(NULL) = 0x5555570e0000 brk(0x5555570e0c40) = 0x5555570e0c40 arch_prctl(ARCH_SET_FS, 0x5555570e0300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555570e05d0) = 3610 set_robust_list(0x5555570e05e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f92050a5940, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f92050a6010}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f92050a59e0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f92050a6010}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor240223300", 4096) = 27 brk(0x555557101c40) = 0x555557101c40 brk(0x555557102000) = 0x555557102000 mprotect(0x7f9205166000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f920516c4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9205075000 mprotect(0x7f9205076000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7f92050953f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3611], tls=0x7f9205095700, child_tidptr=0x7f92050959d0) = 3611 futex(0x7f920516c4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7f920516c4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000}./strace-static-x86_64: Process 3611 attached [pid 3611] set_robust_list(0x7f92050959e0, 24) = 0 [pid 3611] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3611] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f92050942d0) = 0 [pid 3611] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f92050942d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f92050942d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f92050932c0) = 18 syzkaller login: [ 42.480050][ T2748] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f92050942d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f92050932c0) = 18 [ 42.720034][ T2748] usb 1-1: Using ep0 maxpacket: 16 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f92050942d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f92050932c0) = 9 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f92050942d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f92050932c0) = 27 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f92050942d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f92050932c0) = 4 [ 42.840416][ T2748] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f92050942d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f92050932c0) = 8 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f92050942d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f92050932c0) = 8 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f92050942d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f92050932c0) = 8 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f92050942d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f920516c60c) = 6 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f92050932c0) = 0 [ 43.010470][ T2748] usb 1-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice=80.f3 [ 43.019531][ T2748] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.027536][ T2748] usb 1-1: Product: syz [ 43.031729][ T2748] usb 1-1: Manufacturer: syz [ 43.036571][ T2748] usb 1-1: SerialNumber: syz [ 43.045855][ T2748] usb 1-1: config 0 descriptor?? [ 43.092585][ T2748] input: iMON Panel, Knob and Mouse(15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [pid 3611] futex(0x7f920516c4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3610] <... futex resumed>) = 0 [pid 3611] <... futex resumed>) = 1 [pid 3610] futex(0x7f920516c4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3610] futex(0x7f920516c4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f92050942f0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f92050932e0) = 8 [ 43.380012][ T2748] rc_core: IR keymap rc-imon-pad not found [ 43.385869][ T2748] Registered IR keymap rc-empty [ 43.390826][ T2748] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 43.401010][ T2748] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [pid 3611] futex(0x7f920516c4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3610] <... futex resumed>) = 0 [pid 3611] <... futex resumed>) = 1 [pid 3610] futex(0x7f920516c4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3610] <... futex resumed>) = 0 [pid 3611] <... ioctl resumed>, 0x7f92050942f0) = 0 [pid 3610] futex(0x7f920516c4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f92050932e0) = 8 [ 43.550996][ T2748] rc rc0: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 43.561496][ T2748] input: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 43.573674][ T2748] imon 1-1:0.0: iMON device (15c2:0040, intf0) on usb<1:2> initialized [pid 3611] futex(0x7f920516c4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3611] futex(0x7f920516c4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3610] <... futex resumed>) = 0 [pid 3610] futex(0x7f920516c4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3611] <... futex resumed>) = 0 [pid 3610] futex(0x7f920516c4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3611] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 4 [pid 3611] futex(0x7f920516c4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3611] futex(0x7f920516c4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3610] <... futex resumed>) = 0 [pid 3610] futex(0x7f920516c4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3611] <... futex resumed>) = 0 [pid 3610] futex(0x7f920516c4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3611] write(4, "\x12", 1 [pid 3610] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3610] futex(0x7f920516c4dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3610] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9205054000 [pid 3610] mprotect(0x7f9205055000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3610] clone(child_stack=0x7f92050743f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3617], tls=0x7f9205074700, child_tidptr=0x7f92050749d0) = 3617 [pid 3610] futex(0x7f920516c4d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3610] futex(0x7f920516c4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3617 attached [pid 3617] set_robust_list(0x7f92050749e0, 24) = 0 [ 43.784652][ T3617] ------------[ cut here ]------------ [ 43.790259][ T3617] URB ffff888016eafe00 submitted while active [ 43.796646][ T3617] WARNING: CPU: 1 PID: 3617 at drivers/usb/core/urb.c:379 usb_submit_urb+0x14e8/0x1880 [ 43.806332][ T3617] Modules linked in: [ 43.810264][ T3617] CPU: 1 PID: 3617 Comm: syz-executor240 Not tainted 6.0.0-rc6-next-20220923-syzkaller #0 [ 43.820173][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [pid 3617] write(4, "\x12", 1 [pid 3610] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 43.830266][ T3617] RIP: 0010:usb_submit_urb+0x14e8/0x1880 [ 43.836106][ T3617] Code: 89 de e8 cb 7e 12 fc 84 db 0f 85 a3 f3 ff ff e8 2e 82 12 fc 4c 89 fe 48 c7 c7 a0 6b 8c 8a c6 05 09 40 61 08 01 e8 38 bb dd 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 07 82 12 fc 48 8b 7c 24 40 [ 43.856037][ T3617] RSP: 0018:ffffc90003b5fc50 EFLAGS: 00010286 [ 43.862300][ T3617] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 43.870371][ T3617] RDX: ffff888022408000 RSI: ffffffff81620008 RDI: fffff5200076bf7c [ 43.878356][ T3617] RBP: ffff88801bf1a028 R08: 0000000000000005 R09: 0000000000000000 [ 43.886363][ T3617] R10: 0000000080000000 R11: 6666666620425255 R12: ffff888016eafe00 [ 43.894507][ T3617] R13: ffff888017d5b128 R14: 00000000fffffff0 R15: ffff888016eafe00 [ 43.902532][ T3617] FS: 00007f9205074700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 43.911502][ T3617] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.918173][ T3617] CR2: 00007f9205074718 CR3: 0000000070850000 CR4: 00000000003506e0 [ 43.926186][ T3617] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 3610] exit_group(0) = ? [ 43.934209][ T3617] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.942202][ T3617] Call Trace: [ 43.945488][ T3617] [ 43.948496][ T3617] ? __kmem_cache_alloc_node+0x1d8/0x3d0 [ 43.954178][ T3617] ? send_packet+0x643/0xbc0 [ 43.958785][ T3617] ? kasan_set_track+0x21/0x30 [ 43.963581][ T3617] send_packet+0x422/0xbc0 [ 43.968103][ T3617] vfd_write+0x2d9/0x550 [ 43.972399][ T3617] vfs_write+0x2d7/0xdd0 [ 43.976660][ T3617] ? send_packet+0xbc0/0xbc0 [ 43.981292][ T3617] ? vfs_read+0x930/0x930 [ 43.985658][ T3617] ? __fget_files+0x26a/0x440 [ 43.990488][ T3617] ? __fget_light+0xe5/0x270 [ 43.990626][ T3611] imon:send_packet: task interrupted [ 43.995188][ T3617] ksys_write+0x127/0x250 [ 44.004851][ T3617] ? __ia32_sys_read+0xb0/0xb0 [ 44.009658][ T3617] ? _raw_spin_unlock_irq+0x2a/0x40 [ 44.014954][ T3617] ? ptrace_notify+0xfa/0x140 [ 44.019651][ T3617] do_syscall_64+0x35/0xb0 [ 44.024102][ T3617] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.030041][ T3617] RIP: 0033:0x7f92050e80a9 [ 44.034449][ T3617] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 44.054119][ T3617] RSP: 002b:00007f9205074318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 44.062574][ T3617] RAX: ffffffffffffffda RBX: 00007f920516c4d8 RCX: 00007f92050e80a9 [ 44.070583][ T3617] RDX: 0000000000000001 RSI: 0000000020001000 RDI: 0000000000000004 [ 44.078557][ T3617] RBP: 00007f920516c4d0 R08: 00007f9205074700 R09: 0000000000000000 [ 44.086548][ T3617] R10: 00007f9205074700 R11: 0000000000000246 R12: 0b8b0509005505e1 [ 44.094551][ T3617] R13: 00007ffe3c9291af R14: 00007f9205074400 R15: 0000000000022000 [ 44.102560][ T3617] [ 44.105584][ T3617] Kernel panic - not syncing: panic_on_warn set ... [ 44.112151][ T3617] CPU: 1 PID: 3617 Comm: syz-executor240 Not tainted 6.0.0-rc6-next-20220923-syzkaller #0 [ 44.122026][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 44.132071][ T3617] Call Trace: [ 44.135338][ T3617] [ 44.138256][ T3617] dump_stack_lvl+0xcd/0x134 [ 44.142841][ T3617] panic+0x2c8/0x622 [ 44.146721][ T3617] ? panic_print_sys_info.part.0+0x110/0x110 [ 44.152691][ T3617] ? __warn.cold+0x24b/0x350 [ 44.157264][ T3617] ? usb_submit_urb+0x14e8/0x1880 [ 44.162283][ T3617] __warn.cold+0x25c/0x350 [ 44.166708][ T3617] ? __wake_up_klogd.part.0+0x99/0xf0 [ 44.172088][ T3617] ? usb_submit_urb+0x14e8/0x1880 [ 44.177125][ T3617] report_bug+0x1bc/0x210 [ 44.181468][ T3617] handle_bug+0x3c/0x60 [ 44.185629][ T3617] exc_invalid_op+0x14/0x40 [ 44.190137][ T3617] asm_exc_invalid_op+0x16/0x20 [ 44.195004][ T3617] RIP: 0010:usb_submit_urb+0x14e8/0x1880 [ 44.200645][ T3617] Code: 89 de e8 cb 7e 12 fc 84 db 0f 85 a3 f3 ff ff e8 2e 82 12 fc 4c 89 fe 48 c7 c7 a0 6b 8c 8a c6 05 09 40 61 08 01 e8 38 bb dd 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 07 82 12 fc 48 8b 7c 24 40 [ 44.220257][ T3617] RSP: 0018:ffffc90003b5fc50 EFLAGS: 00010286 [ 44.226325][ T3617] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 44.234295][ T3617] RDX: ffff888022408000 RSI: ffffffff81620008 RDI: fffff5200076bf7c [ 44.242265][ T3617] RBP: ffff88801bf1a028 R08: 0000000000000005 R09: 0000000000000000 [ 44.250235][ T3617] R10: 0000000080000000 R11: 6666666620425255 R12: ffff888016eafe00 [ 44.258215][ T3617] R13: ffff888017d5b128 R14: 00000000fffffff0 R15: ffff888016eafe00 [ 44.266194][ T3617] ? vprintk+0x88/0x90 [ 44.270276][ T3617] ? __kmem_cache_alloc_node+0x1d8/0x3d0 [ 44.275919][ T3617] ? send_packet+0x643/0xbc0 [ 44.280531][ T3617] ? kasan_set_track+0x21/0x30 [ 44.285311][ T3617] send_packet+0x422/0xbc0 [ 44.289828][ T3617] vfd_write+0x2d9/0x550 [ 44.294084][ T3617] vfs_write+0x2d7/0xdd0 [ 44.298516][ T3617] ? send_packet+0xbc0/0xbc0 [ 44.303117][ T3617] ? vfs_read+0x930/0x930 [ 44.307494][ T3617] ? __fget_files+0x26a/0x440 [ 44.312188][ T3617] ? __fget_light+0xe5/0x270 [ 44.316793][ T3617] ksys_write+0x127/0x250 [ 44.321137][ T3617] ? __ia32_sys_read+0xb0/0xb0 [ 44.325918][ T3617] ? _raw_spin_unlock_irq+0x2a/0x40 [ 44.331128][ T3617] ? ptrace_notify+0xfa/0x140 [ 44.335811][ T3617] do_syscall_64+0x35/0xb0 [ 44.340229][ T3617] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.346137][ T3617] RIP: 0033:0x7f92050e80a9 [ 44.350552][ T3617] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 44.370247][ T3617] RSP: 002b:00007f9205074318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 44.378663][ T3617] RAX: ffffffffffffffda RBX: 00007f920516c4d8 RCX: 00007f92050e80a9 [ 44.386636][ T3617] RDX: 0000000000000001 RSI: 0000000020001000 RDI: 0000000000000004 [ 44.394607][ T3617] RBP: 00007f920516c4d0 R08: 00007f9205074700 R09: 0000000000000000 [ 44.402584][ T3617] R10: 00007f9205074700 R11: 0000000000000246 R12: 0b8b0509005505e1 [ 44.410555][ T3617] R13: 00007ffe3c9291af R14: 00007f9205074400 R15: 0000000000022000 [ 44.418536][ T3617] [ 44.421782][ T3617] Kernel Offset: disabled [ 44.426098][ T3617] Rebooting in 86400 seconds..