./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor309936353 <...> DUID 00:04:ac:03:58:10:d0:76:5c:28:30:a7:8a:8b:4a:a3:06:e2 forked to background, child pid 3183 [ 23.266758][ T3184] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.280752][ T3184] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.184' (ECDSA) to the list of known hosts. execve("./syz-executor309936353", ["./syz-executor309936353"], 0x7ffd223f56c0 /* 10 vars */) = 0 brk(NULL) = 0x55555629a000 brk(0x55555629ac40) = 0x55555629ac40 arch_prctl(ARCH_SET_FS, 0x55555629a300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555629a5d0) = 3611 set_robust_list(0x55555629a5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f9b91006950, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f9b91007020}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f9b910069f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9b91007020}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor309936353", 4096) = 27 brk(0x5555562bbc40) = 0x5555562bbc40 brk(0x5555562bc000) = 0x5555562bc000 mprotect(0x7f9b910c7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f9b910cd4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9b90fd6000 mprotect(0x7f9b90fd7000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7f9b90ff63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3612], tls=0x7f9b90ff6700, child_tidptr=0x7f9b90ff69d0) = 3612 futex(0x7f9b910cd4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7f9b910cd4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000}./strace-static-x86_64: Process 3612 attached [pid 3612] set_robust_list(0x7f9b90ff69e0, 24) = 0 [pid 3612] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3612] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f9b90ff52d0) = 0 [pid 3612] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f9b90ff52d0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f9b90ff52d0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f9b90ff42c0) = 18 syzkaller login: [ 40.123404][ T14] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f9b90ff52d0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f9b90ff42c0) = 18 [ 40.363396][ T14] usb 1-1: Using ep0 maxpacket: 16 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f9b90ff52d0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f9b90ff42c0) = 9 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f9b90ff52d0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f9b90ff42c0) = 27 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f9b90ff52d0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f9b90ff42c0) = 4 [ 40.483871][ T14] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 120, changing to 10 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f9b90ff52d0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f9b90ff42c0) = 8 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f9b90ff52d0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f9b90ff42c0) = 8 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f9b90ff52d0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f9b90ff42c0) = 8 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f9b90ff52d0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9b910cd60c) = 6 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f9b90ff42c0) = 0 [ 40.653748][ T14] usb 1-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice=80.f3 [ 40.663185][ T14] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.671210][ T14] usb 1-1: Product: syz [ 40.675403][ T14] usb 1-1: Manufacturer: syz [ 40.680247][ T14] usb 1-1: SerialNumber: syz [ 40.686789][ T14] usb 1-1: config 0 descriptor?? [ 40.725062][ T14] input: iMON Panel, Knob and Mouse(15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [pid 3612] futex(0x7f9b910cd4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = 0 [pid 3612] <... futex resumed>) = 1 [pid 3611] futex(0x7f9b910cd4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] futex(0x7f9b910cd4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f9b90ff52f0) = 0 [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f9b90ff42e0) = 8 [ 41.013431][ T14] rc_core: IR keymap rc-imon-pad not found [ 41.019261][ T14] Registered IR keymap rc-empty [ 41.024182][ T14] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 41.034394][ T14] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [pid 3612] futex(0x7f9b910cd4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = 0 [pid 3612] <... futex resumed>) = 1 [pid 3611] futex(0x7f9b910cd4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3612] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3611] <... futex resumed>) = 0 [pid 3612] <... ioctl resumed>, 0x7f9b90ff52f0) = 0 [pid 3611] futex(0x7f9b910cd4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3612] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f9b90ff42e0) = 8 [ 41.183958][ T14] rc rc0: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 41.194696][ T14] input: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 41.207519][ T14] imon 1-1:0.0: iMON device (15c2:0040, intf0) on usb<1:2> initialized [pid 3612] futex(0x7f9b910cd4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = 0 [pid 3612] <... futex resumed>) = 1 [pid 3611] futex(0x7f9b910cd4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3612] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR [pid 3611] <... futex resumed>) = 0 [pid 3612] <... openat resumed>) = 4 [pid 3611] futex(0x7f9b910cd4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3612] futex(0x7f9b910cd4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] <... futex resumed>) = 0 [pid 3612] <... futex resumed>) = 1 [pid 3611] futex(0x7f9b910cd4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] futex(0x7f9b910cd4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3612] write(4, "V", 1 [pid 3611] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3611] futex(0x7f9b910cd4dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9b90fb5000 [pid 3611] mprotect(0x7f9b90fb6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3611] clone(child_stack=0x7f9b90fd53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3617], tls=0x7f9b90fd5700, child_tidptr=0x7f9b90fd59d0) = 3617 [pid 3611] futex(0x7f9b910cd4d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3611] futex(0x7f9b910cd4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3617 attached [pid 3617] set_robust_list(0x7f9b90fd59e0, 24) = 0 [pid 3617] write(4, "V", 1 [pid 3611] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3611] futex(0x7f9b910cd4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 41.417071][ T3617] ------------[ cut here ]------------ [ 41.422677][ T3617] URB ffff888016e42f00 submitted while active [ 41.429234][ T3617] WARNING: CPU: 0 PID: 3617 at drivers/usb/core/urb.c:378 usb_submit_urb+0x14e8/0x1880 [ 41.439122][ T3617] Modules linked in: [ 41.443147][ T3617] CPU: 0 PID: 3617 Comm: syz-executor309 Not tainted 6.0.0-rc3-next-20220901-syzkaller #0 [ 41.453244][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 41.463639][ T3617] RIP: 0010:usb_submit_urb+0x14e8/0x1880 [ 41.469573][ T3617] Code: 89 de e8 2b 3a e9 fb 84 db 0f 85 a3 f3 ff ff e8 8e 3d e9 fb 4c 89 fe 48 c7 c7 c0 6e 90 8a c6 05 0a f9 36 08 01 e8 fc 85 aa 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 67 3d e9 fb 48 8b 7c 24 40 [ 41.489396][ T3617] RSP: 0018:ffffc90003befc50 EFLAGS: 00010286 [ 41.495716][ T3617] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 41.503848][ T3617] RDX: ffff88807d228000 RSI: ffffffff81620448 RDI: fffff5200077df7c [ 41.511834][ T3617] RBP: ffff888012781aa0 R08: 0000000000000005 R09: 0000000000000000 [ 41.519939][ T3617] R10: 0000000080000000 R11: 6666666620425255 R12: ffff888016e42f00 [ 41.528133][ T3617] R13: ffff888024f99128 R14: 00000000fffffff0 R15: ffff888016e42f00 [ 41.536310][ T3617] FS: 00007f9b90fd5700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 41.545364][ T3617] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.551990][ T3617] CR2: 0000563bdf0bd8a8 CR3: 0000000071362000 CR4: 00000000003506f0 [pid 3611] exit_group(0) = ? [ 41.560133][ T3617] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.568329][ T3617] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.576464][ T3617] Call Trace: [ 41.579749][ T3617] [ 41.582670][ T3617] ? __kmem_cache_alloc_node+0x1d8/0x3d0 [ 41.588541][ T3617] ? send_packet+0x643/0xbc0 [ 41.593426][ T3617] send_packet+0x422/0xbc0 [ 41.597947][ T3617] vfd_write+0x2d9/0x550 [ 41.602198][ T3617] vfs_write+0x2d7/0xdd0 [ 41.606533][ T3617] ? send_packet+0xbc0/0xbc0 [ 41.606697][ T3612] imon:send_packet: task interrupted [ 41.611121][ T3617] ? vfs_read+0x930/0x930 [ 41.620766][ T3617] ? __fget_files+0x26a/0x440 [ 41.625531][ T3617] ? __fget_light+0xe5/0x270 [ 41.630143][ T3617] ksys_write+0x127/0x250 [ 41.634504][ T3617] ? __ia32_sys_read+0xb0/0xb0 [ 41.639311][ T3617] ? _raw_spin_unlock_irq+0x2a/0x40 [ 41.644573][ T3617] ? ptrace_notify+0xfa/0x140 [ 41.649264][ T3617] do_syscall_64+0x35/0xb0 [ 41.653802][ T3617] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.659711][ T3617] RIP: 0033:0x7f9b910490b9 [ 41.664159][ T3617] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 41.683826][ T3617] RSP: 002b:00007f9b90fd5318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 41.692229][ T3617] RAX: ffffffffffffffda RBX: 00007f9b910cd4d8 RCX: 00007f9b910490b9 [ 41.700242][ T3617] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000004 [ 41.708367][ T3617] RBP: 00007f9b910cd4d0 R08: 00007f9b90fd5700 R09: 0000000000000000 [ 41.716375][ T3617] R10: 00007f9b90fd5700 R11: 0000000000000246 R12: ab0847687fc4f2a2 [ 41.724396][ T3617] R13: 00007fff35def13f R14: 00007f9b90fd5400 R15: 0000000000022000 [ 41.732375][ T3617] [ 41.735427][ T3617] Kernel panic - not syncing: panic_on_warn set ... [ 41.742016][ T3617] CPU: 0 PID: 3617 Comm: syz-executor309 Not tainted 6.0.0-rc3-next-20220901-syzkaller #0 [ 41.751902][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 41.761968][ T3617] Call Trace: [ 41.765254][ T3617] [ 41.768186][ T3617] dump_stack_lvl+0xcd/0x134 [ 41.772786][ T3617] panic+0x2c8/0x622 [ 41.776697][ T3617] ? panic_print_sys_info.part.0+0x110/0x110 [ 41.782711][ T3617] ? __warn.cold+0x248/0x2c4 [ 41.787330][ T3617] ? usb_submit_urb+0x14e8/0x1880 [ 41.792365][ T3617] __warn.cold+0x259/0x2c4 [ 41.796817][ T3617] ? __wake_up_klogd.part.0+0x99/0xf0 [ 41.802196][ T3617] ? usb_submit_urb+0x14e8/0x1880 [ 41.807230][ T3617] report_bug+0x1bc/0x210 [ 41.811564][ T3617] handle_bug+0x3c/0x60 [ 41.815728][ T3617] exc_invalid_op+0x14/0x40 [ 41.820249][ T3617] asm_exc_invalid_op+0x16/0x20 [ 41.825120][ T3617] RIP: 0010:usb_submit_urb+0x14e8/0x1880 [ 41.830954][ T3617] Code: 89 de e8 2b 3a e9 fb 84 db 0f 85 a3 f3 ff ff e8 8e 3d e9 fb 4c 89 fe 48 c7 c7 c0 6e 90 8a c6 05 0a f9 36 08 01 e8 fc 85 aa 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 67 3d e9 fb 48 8b 7c 24 40 [ 41.850559][ T3617] RSP: 0018:ffffc90003befc50 EFLAGS: 00010286 [ 41.856627][ T3617] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 41.864594][ T3617] RDX: ffff88807d228000 RSI: ffffffff81620448 RDI: fffff5200077df7c [ 41.872563][ T3617] RBP: ffff888012781aa0 R08: 0000000000000005 R09: 0000000000000000 [ 41.880573][ T3617] R10: 0000000080000000 R11: 6666666620425255 R12: ffff888016e42f00 [ 41.888598][ T3617] R13: ffff888024f99128 R14: 00000000fffffff0 R15: ffff888016e42f00 [ 41.896589][ T3617] ? vprintk+0x88/0x90 [ 41.900674][ T3617] ? __kmem_cache_alloc_node+0x1d8/0x3d0 [ 41.906316][ T3617] ? send_packet+0x643/0xbc0 [ 41.910908][ T3617] send_packet+0x422/0xbc0 [ 41.915327][ T3617] vfd_write+0x2d9/0x550 [ 41.919918][ T3617] vfs_write+0x2d7/0xdd0 [ 41.924175][ T3617] ? send_packet+0xbc0/0xbc0 [ 41.928768][ T3617] ? vfs_read+0x930/0x930 [ 41.933108][ T3617] ? __fget_files+0x26a/0x440 [ 41.937801][ T3617] ? __fget_light+0xe5/0x270 [ 41.942405][ T3617] ksys_write+0x127/0x250 [ 41.946743][ T3617] ? __ia32_sys_read+0xb0/0xb0 [ 41.951515][ T3617] ? _raw_spin_unlock_irq+0x2a/0x40 [ 41.956730][ T3617] ? ptrace_notify+0xfa/0x140 [ 41.961414][ T3617] do_syscall_64+0x35/0xb0 [ 41.965836][ T3617] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.971754][ T3617] RIP: 0033:0x7f9b910490b9 [ 41.976168][ T3617] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 41.995862][ T3617] RSP: 002b:00007f9b90fd5318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 42.004275][ T3617] RAX: ffffffffffffffda RBX: 00007f9b910cd4d8 RCX: 00007f9b910490b9 [ 42.012246][ T3617] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000004 [ 42.020225][ T3617] RBP: 00007f9b910cd4d0 R08: 00007f9b90fd5700 R09: 0000000000000000 [ 42.028195][ T3617] R10: 00007f9b90fd5700 R11: 0000000000000246 R12: ab0847687fc4f2a2 [ 42.036165][ T3617] R13: 00007fff35def13f R14: 00007f9b90fd5400 R15: 0000000000022000 [ 42.044161][ T3617] [ 42.047417][ T3617] Kernel Offset: disabled [ 42.051739][ T3617] Rebooting in 86400 seconds..