./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2249091124 <...> DUID 00:04:98:96:05:40:f2:aa:0a:66:7a:29:c2:20:2e:76:e0:ec forked to background, child pid 3180 [ 26.736206][ T3181] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.746209][ T3181] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.4' (ECDSA) to the list of known hosts. execve("./syz-executor2249091124", ["./syz-executor2249091124"], 0x7fff4b423700 /* 10 vars */) = 0 brk(NULL) = 0x555555943000 brk(0x555555943c40) = 0x555555943c40 arch_prctl(ARCH_SET_FS, 0x555555943300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555559435d0) = 3608 set_robust_list(0x5555559435e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f3415d2c940, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3415d2d010}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f3415d2c9e0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3415d2d010}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2249091124", 4096) = 28 brk(0x555555964c40) = 0x555555964c40 brk(0x555555965000) = 0x555555965000 mprotect(0x7f3415ded000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f3415df34cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3415cfc000 mprotect(0x7f3415cfd000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7f3415d1c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3609], tls=0x7f3415d1c700, child_tidptr=0x7f3415d1c9d0) = 3609 futex(0x7f3415df34c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7f3415df34cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000}./strace-static-x86_64: Process 3609 attached [pid 3609] set_robust_list(0x7f3415d1c9e0, 24) = 0 [pid 3609] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3609] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f3415d1b2d0) = 0 [pid 3609] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f3415d1b2d0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f3415d1b2d0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f3415d1a2c0) = 18 syzkaller login: [ 48.209073][ T144] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f3415d1b2d0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f3415d1a2c0) = 18 [ 48.449050][ T144] usb 1-1: Using ep0 maxpacket: 16 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f3415d1b2d0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f3415d1a2c0) = 9 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f3415d1b2d0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f3415d1a2c0) = 27 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f3415d1b2d0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f3415d1a2c0) = 4 [ 48.569989][ T144] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f3415d1b2d0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f3415d1a2c0) = 8 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f3415d1b2d0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f3415d1a2c0) = 8 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f3415d1b2d0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f3415d1a2c0) = 8 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f3415d1b2d0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3415df360c) = 6 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f3415d1a2c0) = 0 [ 48.739781][ T144] usb 1-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice=80.f3 [ 48.748863][ T144] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 48.757260][ T144] usb 1-1: Product: syz [ 48.761520][ T144] usb 1-1: Manufacturer: syz [ 48.766195][ T144] usb 1-1: SerialNumber: syz [ 48.775184][ T144] usb 1-1: config 0 descriptor?? [ 48.823172][ T144] input: iMON Panel, Knob and Mouse(15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [pid 3609] futex(0x7f3415df34cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] <... futex resumed>) = 0 [pid 3609] <... futex resumed>) = 1 [pid 3609] futex(0x7f3415df34c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3608] futex(0x7f3415df34c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3608] futex(0x7f3415df34cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3609] <... futex resumed>) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f3415d1b2f0) = 0 [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f3415d1a2e0) = 8 [ 49.119100][ T144] rc_core: IR keymap rc-imon-pad not found [ 49.125015][ T144] Registered IR keymap rc-empty [ 49.130665][ T144] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 49.140795][ T144] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [pid 3609] futex(0x7f3415df34cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] <... futex resumed>) = 0 [pid 3609] <... futex resumed>) = 1 [pid 3608] futex(0x7f3415df34c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3608] <... futex resumed>) = 0 [pid 3609] <... ioctl resumed>, 0x7f3415d1b2f0) = 0 [pid 3608] futex(0x7f3415df34cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3609] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f3415d1a2e0) = 8 [ 49.269829][ T144] rc rc0: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 49.280568][ T144] input: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 49.296145][ T144] imon 1-1:0.0: iMON device (15c2:0040, intf0) on usb<1:2> initialized [pid 3609] futex(0x7f3415df34cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] <... futex resumed>) = 0 [pid 3609] <... futex resumed>) = 1 [pid 3608] futex(0x7f3415df34c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR [pid 3608] <... futex resumed>) = 0 [pid 3608] futex(0x7f3415df34cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3609] <... openat resumed>) = 4 [pid 3609] futex(0x7f3415df34cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] <... futex resumed>) = 0 [pid 3609] <... futex resumed>) = 1 [pid 3608] futex(0x7f3415df34c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3609] write(4, "\x12", 1 [pid 3608] <... futex resumed>) = 0 [pid 3608] futex(0x7f3415df34cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3608] futex(0x7f3415df34dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3415cdb000 [pid 3608] mprotect(0x7f3415cdc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3608] clone(child_stack=0x7f3415cfb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3615], tls=0x7f3415cfb700, child_tidptr=0x7f3415cfb9d0) = 3615 [pid 3608] futex(0x7f3415df34d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3608] futex(0x7f3415df34dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3615 attached [pid 3615] set_robust_list(0x7f3415cfb9e0, 24) = 0 [ 49.506593][ T3615] ------------[ cut here ]------------ [ 49.512330][ T3615] URB ffff888016baf900 submitted while active [ 49.518703][ T3615] WARNING: CPU: 0 PID: 3615 at drivers/usb/core/urb.c:378 usb_submit_urb+0x14de/0x18a0 [ 49.528630][ T3615] Modules linked in: [ 49.532593][ T3615] CPU: 0 PID: 3615 Comm: syz-executor224 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 [ 49.542836][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [pid 3615] write(4, "\x12", 1 [pid 3608] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 49.553024][ T3615] RIP: 0010:usb_submit_urb+0x14de/0x18a0 [ 49.559114][ T3615] Code: 89 de e8 25 0c ef fb 84 db 0f 85 ad f3 ff ff e8 18 10 ef fb 4c 89 fe 48 c7 c7 60 0a 6f 8a c6 05 10 6b 1b 08 01 e8 23 25 a7 03 <0f> 0b e9 8b f3 ff ff 48 89 7c 24 40 e8 f1 0f ef fb 48 8b 7c 24 40 [ 49.579196][ T3615] RSP: 0018:ffffc90002f2fd40 EFLAGS: 00010282 [ 49.585574][ T3615] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 49.593825][ T3615] RDX: ffff88802509bb00 RSI: ffffffff81611718 RDI: fffff520005e5f9a [ 49.602206][ T3615] RBP: ffff888020d898e8 R08: 0000000000000005 R09: 0000000000000000 [ 49.610577][ T3615] R10: 0000000080000000 R11: 0000000000000001 R12: ffff888016baf900 [ 49.618584][ T3615] R13: ffff8880175b1128 R14: 00000000fffffff0 R15: ffff888016baf900 [ 49.627007][ T3615] FS: 00007f3415cfb700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 49.636291][ T3615] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.643112][ T3615] CR2: 00007f3415cfb718 CR3: 000000007220d000 CR4: 00000000003506f0 [ 49.651337][ T3615] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.659508][ T3615] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.667734][ T3615] Call Trace: [ 49.671324][ T3615] [ 49.674468][ T3615] ? rcu_read_lock_sched_held+0x3a/0x70 [ 49.680435][ T3615] ? trace_kmalloc+0x32/0x100 [ 49.685402][ T3615] send_packet+0x422/0xbc0 [ 49.690170][ T3615] vfd_write+0x2d9/0x550 [ 49.694630][ T3615] ? send_packet+0xbc0/0xbc0 [ 49.699571][ T3615] vfs_write+0x269/0xac0 [ 49.704134][ T3615] ksys_write+0x127/0x250 [ 49.708682][ T3615] ? __ia32_sys_read+0xb0/0xb0 [ 49.713789][ T3615] ? lockdep_hardirqs_on+0x79/0x100 [ 49.719163][ T3615] ? _raw_spin_unlock_irq+0x2a/0x40 [ 49.724399][ T3615] ? ptrace_notify+0xfa/0x140 [ 49.729544][ T3615] do_syscall_64+0x35/0xb0 [ 49.733997][ T3615] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.739979][ T3615] RIP: 0033:0x7f3415d6f0a9 [pid 3608] exit_group(0) = ? [ 49.744522][ T3615] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 49.764265][ T3615] RSP: 002b:00007f3415cfb318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 49.772739][ T3615] RAX: ffffffffffffffda RBX: 00007f3415df34d8 RCX: 00007f3415d6f0a9 [ 49.780863][ T3615] RDX: 0000000000000001 RSI: 0000000020001000 RDI: 0000000000000004 [ 49.788875][ T3615] RBP: 00007f3415df34d0 R08: 00007f3415cfb700 R09: 0000000000000000 [ 49.796938][ T3615] R10: 00007f3415cfb700 R11: 0000000000000246 R12: 0b8b0509005504e1 [ 49.805487][ T3615] R13: 00007ffd37111e6f R14: 00007f3415cfb400 R15: 0000000000022000 [ 49.805595][ T3609] imon:send_packet: task interrupted [ 49.813540][ T3615] [ 49.821904][ T3615] Kernel panic - not syncing: panic_on_warn set ... [ 49.828479][ T3615] CPU: 0 PID: 3615 Comm: syz-executor224 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 [ 49.838624][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 49.848672][ T3615] Call Trace: [ 49.851941][ T3615] [ 49.854863][ T3615] dump_stack_lvl+0xcd/0x134 [ 49.859452][ T3615] panic+0x2d7/0x636 [ 49.863338][ T3615] ? panic_print_sys_info.part.0+0x10b/0x10b [ 49.869315][ T3615] ? __warn.cold+0x1d1/0x2c5 [ 49.873895][ T3615] ? usb_submit_urb+0x14de/0x18a0 [ 49.878923][ T3615] __warn.cold+0x1e2/0x2c5 [ 49.883346][ T3615] ? __wake_up_klogd.part.0+0x99/0xf0 [ 49.888714][ T3615] ? usb_submit_urb+0x14de/0x18a0 [ 49.893731][ T3615] report_bug+0x1bc/0x210 [ 49.898064][ T3615] handle_bug+0x3c/0x60 [ 49.902235][ T3615] exc_invalid_op+0x14/0x40 [ 49.906735][ T3615] asm_exc_invalid_op+0x16/0x20 [ 49.911583][ T3615] RIP: 0010:usb_submit_urb+0x14de/0x18a0 [ 49.917210][ T3615] Code: 89 de e8 25 0c ef fb 84 db 0f 85 ad f3 ff ff e8 18 10 ef fb 4c 89 fe 48 c7 c7 60 0a 6f 8a c6 05 10 6b 1b 08 01 e8 23 25 a7 03 <0f> 0b e9 8b f3 ff ff 48 89 7c 24 40 e8 f1 0f ef fb 48 8b 7c 24 40 [ 49.936813][ T3615] RSP: 0018:ffffc90002f2fd40 EFLAGS: 00010282 [ 49.942872][ T3615] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 49.950832][ T3615] RDX: ffff88802509bb00 RSI: ffffffff81611718 RDI: fffff520005e5f9a [ 49.958799][ T3615] RBP: ffff888020d898e8 R08: 0000000000000005 R09: 0000000000000000 [ 49.966771][ T3615] R10: 0000000080000000 R11: 0000000000000001 R12: ffff888016baf900 [ 49.974734][ T3615] R13: ffff8880175b1128 R14: 00000000fffffff0 R15: ffff888016baf900 [ 49.982713][ T3615] ? vprintk+0x88/0x90 [ 49.986798][ T3615] ? rcu_read_lock_sched_held+0x3a/0x70 [ 49.992340][ T3615] ? trace_kmalloc+0x32/0x100 [ 49.997017][ T3615] send_packet+0x422/0xbc0 [ 50.001429][ T3615] vfd_write+0x2d9/0x550 [ 50.005683][ T3615] ? send_packet+0xbc0/0xbc0 [ 50.010280][ T3615] vfs_write+0x269/0xac0 [ 50.014561][ T3615] ksys_write+0x127/0x250 [ 50.018899][ T3615] ? __ia32_sys_read+0xb0/0xb0 [ 50.023672][ T3615] ? lockdep_hardirqs_on+0x79/0x100 [ 50.028863][ T3615] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.034055][ T3615] ? ptrace_notify+0xfa/0x140 [ 50.038729][ T3615] do_syscall_64+0x35/0xb0 [ 50.043140][ T3615] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.049114][ T3615] RIP: 0033:0x7f3415d6f0a9 [ 50.053523][ T3615] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 50.073994][ T3615] RSP: 002b:00007f3415cfb318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 50.082406][ T3615] RAX: ffffffffffffffda RBX: 00007f3415df34d8 RCX: 00007f3415d6f0a9 [ 50.090368][ T3615] RDX: 0000000000000001 RSI: 0000000020001000 RDI: 0000000000000004 [ 50.098339][ T3615] RBP: 00007f3415df34d0 R08: 00007f3415cfb700 R09: 0000000000000000 [ 50.106333][ T3615] R10: 00007f3415cfb700 R11: 0000000000000246 R12: 0b8b0509005504e1 [ 50.114317][ T3615] R13: 00007ffd37111e6f R14: 00007f3415cfb400 R15: 0000000000022000 [ 50.122296][ T3615] [ 50.125627][ T3615] Kernel Offset: disabled [ 50.130031][ T3615] Rebooting in 86400 seconds..