./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2747203809 <...> Warning: Permanently added '10.128.1.151' (ED25519) to the list of known hosts. execve("./syz-executor2747203809", ["./syz-executor2747203809"], 0x7ffdcb102d70 /* 10 vars */) = 0 brk(NULL) = 0x5555678cd000 brk(0x5555678cdd00) = 0x5555678cdd00 arch_prctl(ARCH_SET_FS, 0x5555678cd380) = 0 set_tid_address(0x5555678cd650) = 5857 set_robust_list(0x5555678cd660, 24) = 0 rseq(0x5555678cdca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2747203809", 4096) = 28 getrandom("\xaf\x25\xa0\x57\x89\xc7\x7a\xf8", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555678cdd00 brk(0x5555678eed00) = 0x5555678eed00 brk(0x5555678ef000) = 0x5555678ef000 mprotect(0x7fb3d5829000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555678cd650) = 5858 ./strace-static-x86_64: Process 5858 attached [pid 5857] openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] set_robust_list(0x5555678cd660, 24 [pid 5857] write(3, "10000000000", 11 [pid 5858] <... set_robust_list resumed>) = 0 [pid 5857] <... write resumed>) = 11 [pid 5857] close(3) = 0 [pid 5857] openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "20", 2) = 2 [pid 5857] close(3) = 0 [pid 5857] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1", 1) = 1 [pid 5857] close(3) = 0 [pid 5857] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "0", 1) = 1 [pid 5857] close(3) = 0 [pid 5857] openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "0", 1) = 1 [pid 5857] close(3) = 0 [pid 5857] openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1", 1) = 1 [pid 5857] close(3) = 0 [pid 5857] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "100", 3) = 3 [pid 5857] close(3) = 0 [pid 5857] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "0", 1) = 1 [pid 5857] close(3) = 0 [pid 5857] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "0", 1) = 1 [pid 5857] close(3) = 0 [pid 5857] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "7 4 1 3", 7) = 7 [pid 5857] close(3) = 0 [pid 5857] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1", 1) = 1 [pid 5857] close(3) = 0 [pid 5857] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1", 1) = 1 [pid 5857] close(3) = 0 [pid 5857] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "0", 1) = 1 [pid 5857] close(3) = 0 [pid 5857] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "5858", 4) = 4 [pid 5857] close(3) = 0 [pid 5857] kill(5858, SIGKILL) = 0 [pid 5858] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5858, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached , child_tidptr=0x5555678cd650) = 5859 [pid 5857] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5859] set_robust_list(0x5555678cd660, 24) = 0 ./strace-static-x86_64: Process 5860 attached [pid 5859] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5860] set_robust_list(0x5555678cd660, 24./strace-static-x86_64: Process 5861 attached [pid 5857] <... clone resumed>, child_tidptr=0x5555678cd650) = 5860 [pid 5857] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5860] <... set_robust_list resumed>) = 0 [pid 5860] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5859] <... clone resumed>, child_tidptr=0x5555678cd650) = 5861 [pid 5861] set_robust_list(0x5555678cd660, 24) = 0 ./strace-static-x86_64: Process 5862 attached [pid 5862] set_robust_list(0x5555678cd660, 24) = 0 [pid 5862] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5863 attached [pid 5857] <... clone resumed>, child_tidptr=0x5555678cd650) = 5862 [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5863] set_robust_list(0x5555678cd660, 24./strace-static-x86_64: Process 5864 attached [pid 5857] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5863] <... set_robust_list resumed>) = 0 [pid 5861] <... prctl resumed>) = 0 [pid 5860] <... clone resumed>, child_tidptr=0x5555678cd650) = 5863 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5864] set_robust_list(0x5555678cd660, 24 [pid 5863] <... prctl resumed>) = 0 [pid 5861] setpgid(0, 0 [pid 5864] <... set_robust_list resumed>) = 0 [pid 5863] setpgid(0, 0 [pid 5861] <... setpgid resumed>) = 0 [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5865 attached [pid 5857] <... clone resumed>, child_tidptr=0x5555678cd650) = 5865 [pid 5864] <... prctl resumed>) = 0 [pid 5863] <... setpgid resumed>) = 0 [pid 5862] <... clone resumed>, child_tidptr=0x5555678cd650) = 5864 [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5865] set_robust_list(0x5555678cd660, 24) = 0 [pid 5857] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5865] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5864] setpgid(0, 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5861] <... openat resumed>) = 3 [pid 5861] write(3, "1000", 4./strace-static-x86_64: Process 5867 attached ./strace-static-x86_64: Process 5866 attached [pid 5864] <... setpgid resumed>) = 0 [pid 5861] <... write resumed>) = 4 [pid 5863] <... openat resumed>) = 3 [pid 5857] <... clone resumed>, child_tidptr=0x5555678cd650) = 5866 [pid 5865] <... clone resumed>, child_tidptr=0x5555678cd650) = 5867 [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5863] write(3, "1000", 4 [pid 5861] close(3 [pid 5867] set_robust_list(0x5555678cd660, 24 [pid 5866] set_robust_list(0x5555678cd660, 24 [pid 5863] <... write resumed>) = 4 [pid 5864] <... openat resumed>) = 3 [pid 5863] close(3) = 0 executing program executing program [pid 5867] <... set_robust_list resumed>) = 0 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5863] write(1, "executing program\n", 18 [pid 5861] <... close resumed>) = 0 [pid 5864] write(3, "1000", 4 [pid 5863] <... write resumed>) = 18 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5864] <... write resumed>) = 4 [pid 5863] setsockopt(-1, SOL_IP, IP_OPTIONS, "", 0 [pid 5867] <... prctl resumed>) = 0 [pid 5866] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5864] close(3 [pid 5863] <... setsockopt resumed>) = -1 EBADF (Bad file descriptor) [pid 5861] write(1, "executing program\n", 18 [pid 5864] <... close resumed>) = 0 [pid 5863] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_WAITALL|MSG_CONFIRM|MSG_FASTOPEN|0x2000000) = -1 EBADF (Bad file descriptor) executing program [pid 5864] write(1, "executing program\n", 18 [pid 5863] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5861] <... write resumed>) = 18 [pid 5864] <... write resumed>) = 18 [pid 5863] <... openat resumed>) = 3 [pid 5861] setsockopt(-1, SOL_IP, IP_OPTIONS, "", 0 [pid 5867] setpgid(0, 0 [pid 5864] setsockopt(-1, SOL_IP, IP_OPTIONS, "", 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_INIT [pid 5864] <... setsockopt resumed>) = -1 EBADF (Bad file descriptor) [pid 5864] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_WAITALL|MSG_CONFIRM|MSG_FASTOPEN|0x2000000./strace-static-x86_64: Process 5868 attached [pid 5867] <... setpgid resumed>) = 0 [pid 5864] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5863] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] <... setsockopt resumed>) = -1 EBADF (Bad file descriptor) [pid 5868] set_robust_list(0x5555678cd660, 24 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5866] <... clone resumed>, child_tidptr=0x5555678cd650) = 5868 [pid 5864] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5863] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5861] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_WAITALL|MSG_CONFIRM|MSG_FASTOPEN|0x2000000 [pid 5868] <... set_robust_list resumed>) = 0 [pid 5867] <... openat resumed>) = 3 [pid 5864] <... openat resumed>) = 3 [pid 5861] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5867] write(3, "1000", 4 [pid 5864] ioctl(3, USB_RAW_IOCTL_INIT [pid 5861] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5868] <... prctl resumed>) = 0 [pid 5867] <... write resumed>) = 4 [pid 5864] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] <... openat resumed>) = 3 [pid 5868] setpgid(0, 0 [pid 5867] close(3 [pid 5861] ioctl(3, USB_RAW_IOCTL_INIT [pid 5868] <... setpgid resumed>) = 0 [pid 5867] <... close resumed>) = 0 [pid 5864] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5867] write(1, "executing program\n", 18 [pid 5864] <... ioctl resumed>, 0) = 0 [pid 5863] <... ioctl resumed>, 0) = 0 [pid 5861] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCHexecuting program [pid 5867] <... write resumed>) = 18 [pid 5863] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5867] setsockopt(-1, SOL_IP, IP_OPTIONS, "", 0 [pid 5861] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] <... setsockopt resumed>) = -1 EBADF (Bad file descriptor) [pid 5867] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_WAITALL|MSG_CONFIRM|MSG_FASTOPEN|0x2000000 [pid 5861] <... ioctl resumed>, 0) = 0 [pid 5867] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 5867] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5868] write(3, "1000", 4 [pid 5867] <... openat resumed>) = 3 [pid 5868] <... write resumed>) = 4 [pid 5867] ioctl(3, USB_RAW_IOCTL_INIT [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] close(3 [pid 5867] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5864] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] <... close resumed>) = 0 [pid 5868] write(1, "executing program\n", 18 [pid 5867] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUNexecuting program [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5861] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5868] <... write resumed>) = 18 [pid 5868] setsockopt(-1, SOL_IP, IP_OPTIONS, "", 0 [pid 5867] <... ioctl resumed>, 0) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] <... setsockopt resumed>) = -1 EBADF (Bad file descriptor) [pid 5868] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_WAITALL|MSG_CONFIRM|MSG_FASTOPEN|0x2000000) = -1 EBADF (Bad file descriptor) [pid 5868] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] ioctl(3, USB_RAW_IOCTL_INIT [pid 5867] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5868] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5864] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5864] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5861] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5867] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5863] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd29c2dfc0) = 18 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5864] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5867] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5864] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5861] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5867] <... ioctl resumed>, 0x7ffd29c2dfc0) = 18 [pid 5864] <... ioctl resumed>, 0x7ffd29c2dfc0) = 18 [pid 5861] <... ioctl resumed>, 0x7ffd29c2dfc0) = 18 [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5864] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5861] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [ 129.544796][ T918] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 129.554540][ T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 129.562294][ T976] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 129.570242][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5863] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd29c2dfc0) = 18 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5861] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5864] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 129.624640][ T5870] usb 5-1: new high-speed USB device number 2 using dummy_hcd [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd29c2dfc0) = 18 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd29c2dfc0) = 9 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd29c2dfc0) = 27 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5861] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd29c2dfc0) = 18 [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [ 129.714536][ T918] usb 2-1: Using ep0 maxpacket: 32 [ 129.734638][ T976] usb 1-1: Using ep0 maxpacket: 32 [ 129.740206][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 129.742597][ T918] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 129.745733][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 129.756243][ T918] usb 2-1: config 0 has no interface number 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5867] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5864] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5863] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5867] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5864] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5861] <... ioctl resumed>, 0x7ffd29c2dfc0) = 9 [pid 5863] <... ioctl resumed>, 0x7ffd29c2dfc0) = 4 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5867] <... ioctl resumed>, 0x7ffd29c2dfc0) = 18 [pid 5863] <... ioctl resumed>, 0x7ffd29c2dfc0) = 8 [pid 5861] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5861] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5864] <... ioctl resumed>, 0x7ffd29c2dfc0) = 18 [pid 5863] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd29c2dfc0) = 8 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffd29c2dfc0) = 8 [pid 5861] <... ioctl resumed>, 0x7ffd29c2dfc0) = 27 [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5864] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 129.764963][ T918] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 129.779528][ T976] usb 1-1: config 0 has an invalid interface number: 132 but max is 0 [ 129.780889][ T918] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 129.787903][ T5870] usb 5-1: Using ep0 maxpacket: 32 [ 129.797954][ T918] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [pid 5864] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd29c2dfc0) = 9 [pid 5867] <... ioctl resumed>, 0x7ffd29c2dfc0) = 9 [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5867] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5867] <... ioctl resumed>, 0x7ffd29c2dfc0) = 27 [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5864] <... ioctl resumed>, 0x7ffd29c2dfc0) = 27 [ 129.802641][ T976] usb 1-1: config 0 has no interface number 0 [ 129.812465][ T918] usb 2-1: Product: syz [ 129.817159][ T976] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 129.825323][ T918] usb 2-1: Manufacturer: syz [ 129.831549][ T10] usb 3-1: config 0 has an invalid interface number: 132 but max is 0 [ 129.837381][ T918] usb 2-1: SerialNumber: syz [ 129.843214][ T9] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 129.843239][ T9] usb 4-1: config 0 has no interface number 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5863] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fb3d582f3ec) = -1 EINVAL (Invalid argument) [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd29c2dfc0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5861] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd29c2dfc0) = 4 [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] <... ioctl resumed>, 0x7ffd29c2dfc0) = 18 [pid 5861] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 129.844054][ T9] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 129.872377][ T10] usb 3-1: config 0 has no interface number 0 [ 129.874225][ T918] usb 2-1: config 0 descriptor?? [ 129.878542][ T10] usb 3-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 129.901899][ T976] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [pid 5861] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5868] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5867] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] <... ioctl resumed>, 0x7ffd29c2dfc0) = 8 [pid 5867] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5864] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5867] <... ioctl resumed>, 0x7ffd29c2dfc0) = 4 [pid 5864] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5868] <... ioctl resumed>, 0x7ffd29c2dfc0) = 9 [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5861] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5864] <... ioctl resumed>, 0x7ffd29c2dfc0) = 4 [pid 5861] <... ioctl resumed>, 0x7ffd29c2dfc0) = 8 [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd29c2dfc0) = 8 [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd29c2dfc0) = 27 [pid 5864] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5864] <... ioctl resumed>, 0x7ffd29c2dfc0) = 8 [pid 5867] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [ 129.905460][ T918] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 129.911120][ T976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.922714][ T918] em28xx 2-1:0.132: Video interface 132 found: [ 129.930210][ T5870] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 129.944342][ T5870] usb 5-1: config 0 has no interface number 0 [ 129.950574][ T976] usb 1-1: Product: syz [ 129.955647][ T5870] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5867] <... ioctl resumed>, 0x7ffd29c2dfc0) = 8 [pid 5864] <... ioctl resumed>, 0x7ffd29c2dfc0) = 8 [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5864] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5868] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5867] <... ioctl resumed>, 0x7ffd29c2dfc0) = 8 [pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5867] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5864] <... ioctl resumed>, 0x7ffd29c2dfc0) = 8 [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] <... ioctl resumed>, 0x7ffd29c2dfc0) = 4 [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] <... ioctl resumed>, 0x7ffd29c2dfc0) = 8 [ 129.966385][ T976] usb 1-1: Manufacturer: syz [ 129.971465][ T976] usb 1-1: SerialNumber: syz [ 129.981577][ T976] usb 1-1: config 0 descriptor?? [ 129.987634][ T10] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 129.997429][ T9] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 130.008159][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5861] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5861] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fb3d582f3ec) = -1 EINVAL (Invalid argument) [pid 5861] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 5868] <... ioctl resumed>, 0x7ffd29c2dfc0) = 8 [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5861] <... ioctl resumed>, 0x7ffd29c2dfc0) = 0 [pid 5868] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd29c2dfc0) = 8 [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd29c2dfc0) = 8 [ 130.016270][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.029007][ T976] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 130.039390][ T9] usb 4-1: Product: syz [ 130.043631][ T9] usb 4-1: Manufacturer: syz [ 130.048748][ T10] usb 3-1: Product: syz [ 130.052940][ T10] usb 3-1: Manufacturer: syz [ 130.057825][ T9] usb 4-1: SerialNumber: syz [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2f000) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd29c2dff0) = 1 [pid 5864] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fb3d582f3ec) = -1 EINVAL (Invalid argument) [pid 5864] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd29c2dfc0) = 0 [ 130.063444][ T5870] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 130.072799][ T10] usb 3-1: SerialNumber: syz [ 130.077556][ T976] em28xx 1-1:0.132: Video interface 132 found: [ 130.083874][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.097132][ T10] usb 3-1: config 0 descriptor?? [ 130.104253][ T9] usb 4-1: config 0 descriptor?? [ 130.110599][ T5870] usb 5-1: Product: syz [pid 5867] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5867] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5867] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5867] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fb3d582f3ec) = -1 EINVAL (Invalid argument) [pid 5867] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd29c2dfc0) = 0 [pid 5868] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [ 130.118447][ T10] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 130.128732][ T5870] usb 5-1: Manufacturer: syz [ 130.133811][ T5870] usb 5-1: SerialNumber: syz [ 130.141947][ T9] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 130.152018][ T10] em28xx 3-1:0.132: Video interface 132 found: [ 130.159855][ T9] em28xx 4-1:0.132: Video interface 132 found: [pid 5868] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fb3d582f3ec) = -1 EINVAL (Invalid argument) [pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd29c2dfc0) = 0 [ 130.167503][ T5870] usb 5-1: config 0 descriptor?? [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2f000) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd29c2dff0) = 1 [ 130.194340][ T5870] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 130.204227][ T5870] em28xx 5-1:0.132: Video interface 132 found: [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2f000) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_STALL, 0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffd29c2f000) = 0 [pid 5864] <... ioctl resumed>, 0x7ffd29c2f000) = 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 5864] <... ioctl resumed>, 0x7ffd29c2dff0) = 1 [pid 5863] <... ioctl resumed>, 0x7ffd29c2dff0) = 1 [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2f000) = 0 [pid 5867] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd29c2dff0) = 1 [ 130.308584][ T918] em28xx 2-1:0.132: unknown em28xx chip ID (0) [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2f000) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd29c2dff0) = 1 [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2f000) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EP0_STALL, 0) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2f000) = 0 [pid 5861] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd29c2dff0) = 1 [ 130.452251][ T976] em28xx 1-1:0.132: unknown em28xx chip ID (0) [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] exit_group(0 [pid 5864] <... ioctl resumed>, 0x7ffd29c2f000) = 0 [pid 5863] <... exit_group resumed>) = ? [pid 5864] ioctl(3, USB_RAW_IOCTL_EP0_STALL, 0) = 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] +++ exited with 0 +++ [pid 5860] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5860] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555678cd650) = 5877 [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2f000) = 0 [pid 5867] ioctl(3, USB_RAW_IOCTL_EP0_STALL, 0) = 0 [pid 5867] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH./strace-static-x86_64: Process 5877 attached [pid 5877] set_robust_list(0x5555678cd660, 24 [pid 5867] <... ioctl resumed>, 0x7ffd29c2f000) = 0 [pid 5864] <... ioctl resumed>, 0x7ffd29c2f000) = 0 [pid 5864] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 5877] <... set_robust_list resumed>) = 0 [pid 5867] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5867] <... ioctl resumed>, 0x7ffd29c2dff0) = 1 [pid 5864] <... ioctl resumed>, 0x7ffd29c2dff0) = 1 [pid 5877] <... prctl resumed>) = 0 [pid 5877] setpgid(0, 0) = 0 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5877] write(3, "1000", 4) = 4 [pid 5877] close(3) = 0 [pid 5877] write(1, "executing program\n", 18executing program [ 130.532724][ T918] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 130.533029][ T10] em28xx 3-1:0.132: unknown em28xx chip ID (0) [ 130.542084][ T918] em28xx 2-1:0.132: board has no eeprom [ 130.565554][ T9] em28xx 4-1:0.132: unknown em28xx chip ID (0) ) = 18 [pid 5877] setsockopt(-1, SOL_IP, IP_OPTIONS, "", 0) = -1 EBADF (Bad file descriptor) [pid 5877] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_WAITALL|MSG_CONFIRM|MSG_FASTOPEN|0x2000000) = -1 EBADF (Bad file descriptor) [pid 5877] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2f000) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_INIT [pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_STALL, 0) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5877] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5877] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5868] <... ioctl resumed>, 0x7ffd29c2f000) = 0 [pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd29c2dff0) = 1 [ 130.615081][ T918] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 130.619209][ T5870] em28xx 5-1:0.132: unknown em28xx chip ID (0) [ 130.622941][ T918] em28xx 2-1:0.132: analog set to bulk mode. [ 130.623877][ T52] em28xx 2-1:0.132: Registering V4L2 extension [ 130.650361][ T918] usb 2-1: USB disconnect, device number 2 [pid 5861] exit_group(0) = ? [pid 5861] +++ exited with 0 +++ [pid 5859] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5859] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 130.664586][ T918] em28xx 2-1:0.132: Disconnecting em28xx [ 130.679823][ T976] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [pid 5859] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555678cd650) = 5882 ./strace-static-x86_64: Process 5882 attached [pid 5882] set_robust_list(0x5555678cd660, 24) = 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5882] setpgid(0, 0) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5882] write(3, "1000", 4) = 4 [pid 5882] close(3) = 0 executing program [pid 5882] write(1, "executing program\n", 18) = 18 [pid 5882] setsockopt(-1, SOL_IP, IP_OPTIONS, "", 0) = -1 EBADF (Bad file descriptor) [pid 5882] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_WAITALL|MSG_CONFIRM|MSG_FASTOPEN|0x2000000) = -1 EBADF (Bad file descriptor) [pid 5882] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5882] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd29c2efd0) = 0 [pid 5882] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5882] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [ 130.702586][ T976] em28xx 1-1:0.132: board has no eeprom [pid 5882] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] exit_group(0 [pid 5864] exit_group(0 [pid 5867] <... exit_group resumed>) = ? [pid 5864] <... exit_group resumed>) = ? [pid 5867] +++ exited with 0 +++ [pid 5865] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5865] restart_syscall(<... resuming interrupted clone ...> [pid 5864] +++ exited with 0 +++ [pid 5862] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5862] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5865] <... restart_syscall resumed>) = 0 [pid 5862] <... clone resumed>, child_tidptr=0x5555678cd650) = 5885 [ 130.783085][ T52] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 130.790910][ T976] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 130.799272][ T52] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 130.799302][ T52] em28xx 2-1:0.132: No AC97 audio processor [ 130.810787][ T9] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [pid 5865] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5885 attached [pid 5885] set_robust_list(0x5555678cd660, 24) = 0 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5885] setpgid(0, 0) = 0 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5885] write(3, "1000", 4) = 4 [pid 5885] close(3) = 0 [pid 5885] write(1, "executing program\n", 18executing program ) = 18 [pid 5885] setsockopt(-1, SOL_IP, IP_OPTIONS, "", 0) = -1 EBADF (Bad file descriptor) [pid 5885] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_WAITALL|MSG_CONFIRM|MSG_FASTOPEN|0x2000000) = -1 EBADF (Bad file descriptor) [pid 5885] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5885] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd29c2efd0) = 0 [pid 5885] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5868] exit_group(0) = ? [pid 5865] <... clone resumed>, child_tidptr=0x5555678cd650) = 5886 [pid 5885] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [pid 5885] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH./strace-static-x86_64: Process 5886 attached [pid 5868] +++ exited with 0 +++ [pid 5886] set_robust_list(0x5555678cd660, 24 [pid 5866] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5886] <... set_robust_list resumed>) = 0 [pid 5866] restart_syscall(<... resuming interrupted clone ...> [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5886] setpgid(0, 0) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] write(3, "1000", 4) = 4 [ 130.831703][ T10] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 130.850753][ T52] usb 2-1: Decoder not found [ 130.855436][ T976] em28xx 1-1:0.132: analog set to bulk mode. [ 130.862048][ T9] em28xx 4-1:0.132: board has no eeprom executing program executing program [pid 5886] close(3) = 0 [pid 5886] write(1, "executing program\n", 18) = 18 [pid 5886] setsockopt(-1, SOL_IP, IP_OPTIONS, "", 0) = -1 EBADF (Bad file descriptor) [pid 5886] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_WAITALL|MSG_CONFIRM|MSG_FASTOPEN|0x2000000) = -1 EBADF (Bad file descriptor) [pid 5886] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5886] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd29c2efd0) = 0 [pid 5886] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5866] <... restart_syscall resumed>) = 0 [pid 5866] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5888 attached , child_tidptr=0x5555678cd650) = 5888 [pid 5888] set_robust_list(0x5555678cd660, 24) = 0 [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5888] setpgid(0, 0) = 0 [pid 5886] <... ioctl resumed>, 0) = 0 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5888] write(3, "1000", 4 [pid 5886] <... ioctl resumed>, 0x7ffd29c2efd0) = 0 [pid 5888] <... write resumed>) = 4 [pid 5886] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5888] close(3) = 0 [pid 5888] write(1, "executing program\n", 18) = 18 [pid 5888] setsockopt(-1, SOL_IP, IP_OPTIONS, "", 0) = -1 EBADF (Bad file descriptor) [pid 5888] sendmsg(-1, NULL, MSG_DONTROUTE|MSG_WAITALL|MSG_CONFIRM|MSG_FASTOPEN|0x2000000) = -1 EBADF (Bad file descriptor) [pid 5888] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5888] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd29c2efd0) = 0 [pid 5888] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5888] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd29c2efd0) = 0 [ 130.884622][ T5870] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 130.890666][ T52] em28xx 2-1:0.132: failed to create media graph [ 130.893936][ T10] em28xx 3-1:0.132: board has no eeprom [ 130.912483][ T976] usb 1-1: USB disconnect, device number 2 [ 130.919293][ T5870] em28xx 5-1:0.132: board has no eeprom [ 130.925940][ T52] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 130.926999][ T976] em28xx 1-1:0.132: Disconnecting em28xx [ 130.951791][ T52] em28xx 2-1:0.132: Remote control support is not available for this card. [ 130.962210][ T5875] em28xx 1-1:0.132: Registering V4L2 extension [ 130.974533][ T9] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 130.982403][ T9] em28xx 4-1:0.132: analog set to bulk mode. [ 130.994495][ T5870] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 131.002352][ T5870] em28xx 5-1:0.132: analog set to bulk mode. [ 131.009748][ T10] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 131.017855][ T10] em28xx 3-1:0.132: analog set to bulk mode. [ 131.029889][ T9] usb 4-1: USB disconnect, device number 2 [ 131.037259][ T5870] usb 5-1: USB disconnect, device number 2 [ 131.047092][ T9] em28xx 4-1:0.132: Disconnecting em28xx [ 131.056309][ T10] usb 3-1: USB disconnect, device number 2 [ 131.063185][ T10] em28xx 3-1:0.132: Disconnecting em28xx [ 131.069004][ T5870] em28xx 5-1:0.132: Disconnecting em28xx [ 131.103263][ T5875] em28xx 1-1:0.132: Config register raw data: 0xffffffed [ 131.110850][ T5875] em28xx 1-1:0.132: AC97 chip type couldn't be determined [ 131.118014][ T5875] em28xx 1-1:0.132: No AC97 audio processor [ 131.125646][ T5875] usb 1-1: Decoder not found [ 131.130287][ T5875] em28xx 1-1:0.132: failed to create media graph [ 131.136768][ T5875] em28xx 1-1:0.132: V4L2 device video103 deregistered [ 131.147618][ T5875] em28xx 1-1:0.132: Remote control support is not available for this card. [ 131.156435][ T918] em28xx 2-1:0.132: Closing input extension [ 131.162874][ T5890] em28xx 4-1:0.132: Registering V4L2 extension [ 131.177220][ T918] em28xx 2-1:0.132: Freeing device [ 131.270771][ T5890] em28xx 4-1:0.132: Config register raw data: 0xffffffed [ 131.279197][ T5890] em28xx 4-1:0.132: AC97 chip type couldn't be determined [ 131.286840][ T5890] em28xx 4-1:0.132: No AC97 audio processor [ 131.296149][ T5890] usb 4-1: Decoder not found [ 131.300847][ T5890] em28xx 4-1:0.132: failed to create media graph [ 131.309053][ T5890] em28xx 4-1:0.132: V4L2 device video103 deregistered [ 131.317199][ T5890] em28xx 4-1:0.132: Remote control support is not available for this card. [ 131.317409][ T5900] ================================================================== [ 131.325867][ T5893] em28xx 3-1:0.132: Registering V4L2 extension [ 131.333859][ T5900] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xc8/0x430 [ 131.347406][ T5900] Read of size 8 at addr ffff888034820738 by task v4l_id/5900 [ 131.354883][ T5900] [ 131.357242][ T5900] CPU: 1 UID: 0 PID: 5900 Comm: v4l_id Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) [ 131.357266][ T5900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 131.357281][ T5900] Call Trace: [ 131.357288][ T5900] [ 131.357296][ T5900] dump_stack_lvl+0x241/0x360 [ 131.357327][ T5900] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.357353][ T5900] ? rcu_is_watching+0x15/0xb0 [ 131.357370][ T5900] ? __virt_addr_valid+0x183/0x530 [ 131.357394][ T5900] ? lock_release+0x4e/0x3e0 [ 131.357421][ T5900] ? __virt_addr_valid+0x183/0x530 [ 131.357444][ T5900] ? __virt_addr_valid+0x183/0x530 [ 131.357468][ T5900] print_report+0x16e/0x5b0 [ 131.357490][ T5900] ? __virt_addr_valid+0x183/0x530 [ 131.357513][ T5900] ? __virt_addr_valid+0x183/0x530 [ 131.357535][ T5900] ? __virt_addr_valid+0x45f/0x530 [ 131.357557][ T5900] ? __phys_addr+0xba/0x170 [ 131.357580][ T5900] ? v4l2_fh_open+0xc8/0x430 [ 131.357596][ T5900] kasan_report+0x143/0x180 [ 131.357614][ T5900] ? v4l2_fh_open+0xc8/0x430 [ 131.357633][ T5900] v4l2_fh_open+0xc8/0x430 [ 131.357653][ T5900] em28xx_v4l2_open+0x14c/0x9e0 [ 131.357690][ T5900] v4l2_open+0x22f/0x370 [ 131.357716][ T5900] chrdev_open+0x514/0x600 [ 131.357733][ T5900] ? __pfx_chrdev_open+0x10/0x10 [ 131.357749][ T5900] ? file_set_fsnotify_mode_from_watchers+0x123/0x640 [ 131.357778][ T5900] ? __pfx_chrdev_open+0x10/0x10 [ 131.357793][ T5900] do_dentry_open+0xdec/0x1960 [ 131.357814][ T5900] ? vfs_open+0x31/0x370 [ 131.357833][ T5900] vfs_open+0x3b/0x370 [ 131.357851][ T5900] path_openat+0x2caf/0x35d0 [ 131.357885][ T5900] ? stack_depot_save_flags+0x44/0x940 [ 131.357911][ T5900] ? __pfx_features_show+0x1/0x10 [ 131.357940][ T5900] ? kasan_save_track+0x51/0x80 [ 131.357965][ T5900] ? __pfx_path_openat+0x10/0x10 [ 131.357985][ T5900] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.358012][ T5900] do_filp_open+0x284/0x4e0 [ 131.358034][ T5900] ? __pfx_do_filp_open+0x10/0x10 [ 131.358053][ T5900] ? do_raw_spin_lock+0x151/0x370 [ 131.358090][ T5900] do_sys_openat2+0x12b/0x1d0 [ 131.358110][ T5900] ? __pfx_do_sys_openat2+0x10/0x10 [ 131.358131][ T5900] ? lock_vma_under_rcu+0x1f0/0x9a0 [ 131.358153][ T5900] __x64_sys_openat+0x249/0x2a0 [ 131.358173][ T5900] ? __pfx___x64_sys_openat+0x10/0x10 [ 131.358197][ T5900] ? do_syscall_64+0xb6/0x210 [ 131.358217][ T5900] do_syscall_64+0xf3/0x210 [ 131.358235][ T5900] ? clear_bhb_loop+0x45/0xa0 [ 131.358254][ T5900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.358271][ T5900] RIP: 0033:0x7f0a8d5169a4 [ 131.358291][ T5900] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83 [ 131.358306][ T5900] RSP: 002b:00007ffd449415b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 131.358328][ T5900] RAX: ffffffffffffffda RBX: 00007ffd449417c8 RCX: 00007f0a8d5169a4 [ 131.358341][ T5900] RDX: 0000000000000000 RSI: 00007ffd44942f1d RDI: 00000000ffffff9c [ 131.358353][ T5900] RBP: 00007ffd44942f1d R08: 0000000000000000 R09: 0000000000000000 [ 131.358364][ T5900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 131.358374][ T5900] R13: 00007ffd449417e0 R14: 00005611aadea670 R15: 00007f0a8da28a80 [ 131.358393][ T5900] [ 131.358399][ T5900] [ 131.673572][ T5900] Allocated by task 5890: [ 131.677902][ T5900] kasan_save_track+0x3f/0x80 [ 131.682587][ T5900] __kasan_kmalloc+0x9d/0xb0 [ 131.687180][ T5900] __kmalloc_cache_noprof+0x236/0x370 [ 131.692550][ T5900] em28xx_v4l2_init+0xfd/0x2f70 [ 131.697399][ T5900] em28xx_init_extension+0x120/0x1c0 [ 131.702701][ T5900] process_scheduled_works+0xac3/0x18e0 [ 131.708243][ T5900] worker_thread+0x870/0xd50 [ 131.712830][ T5900] kthread+0x7b7/0x940 [ 131.716896][ T5900] ret_from_fork+0x4b/0x80 [ 131.721301][ T5900] ret_from_fork_asm+0x1a/0x30 [ 131.726055][ T5900] [ 131.728370][ T5900] Freed by task 5890: [ 131.732368][ T5900] kasan_save_track+0x3f/0x80 [ 131.737050][ T5900] kasan_save_free_info+0x40/0x50 [ 131.742098][ T5900] __kasan_slab_free+0x59/0x70 [ 131.746873][ T5900] kfree+0x198/0x430 [ 131.750786][ T5900] em28xx_v4l2_init+0x16fc/0x2f70 [ 131.755814][ T5900] em28xx_init_extension+0x120/0x1c0 [ 131.761106][ T5900] process_scheduled_works+0xac3/0x18e0 [ 131.766656][ T5900] worker_thread+0x870/0xd50 [ 131.771259][ T5900] kthread+0x7b7/0x940 [ 131.775343][ T5900] ret_from_fork+0x4b/0x80 [ 131.779762][ T5900] ret_from_fork_asm+0x1a/0x30 [ 131.784525][ T5900] [ 131.786846][ T5900] The buggy address belongs to the object at ffff888034820000 [ 131.786846][ T5900] which belongs to the cache kmalloc-8k of size 8192 [ 131.800914][ T5900] The buggy address is located 1848 bytes inside of [ 131.800914][ T5900] freed 8192-byte region [ffff888034820000, ffff888034822000) [ 131.814890][ T5900] [ 131.817230][ T5900] The buggy address belongs to the physical page: [ 131.823650][ T5900] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34820 [ 131.832422][ T5900] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 131.840919][ T5900] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 131.848471][ T5900] page_type: f5(slab) [ 131.852449][ T5900] raw: 00fff00000000040 ffff88801b042280 ffffea0001b1a400 0000000000000006 [ 131.861036][ T5900] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 131.869639][ T5900] head: 00fff00000000040 ffff88801b042280 ffffea0001b1a400 0000000000000006 [ 131.878319][ T5900] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 131.886996][ T5900] head: 00fff00000000003 ffffea0000d20801 00000000ffffffff 00000000ffffffff [ 131.895665][ T5900] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 131.904324][ T5900] page dumped because: kasan: bad access detected [ 131.910746][ T5900] page_owner tracks the page as allocated [ 131.916452][ T5900] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5514, tgid 5514 (dhcpcd-run-hook), ts 52977829806, free_ts 52951577787 [ 131.937300][ T5900] post_alloc_hook+0x1f4/0x240 [ 131.942068][ T5900] get_page_from_freelist+0x360a/0x37a0 [ 131.947618][ T5900] __alloc_frozen_pages_noprof+0x211/0x5b0 [ 131.953438][ T5900] alloc_pages_mpol+0x339/0x690 [ 131.958285][ T5900] allocate_slab+0x8f/0x3b0 [ 131.962783][ T5900] ___slab_alloc+0xc3b/0x1500 [ 131.967458][ T5900] __slab_alloc+0x58/0xa0 [ 131.971785][ T5900] __kmalloc_cache_noprof+0x26a/0x370 [ 131.977157][ T5900] tomoyo_init_log+0x121e/0x2150 [ 131.982108][ T5900] tomoyo_supervisor+0x3c0/0x18b0 [ 131.987148][ T5900] tomoyo_env_perm+0x17b/0x220 [ 131.991917][ T5900] tomoyo_find_next_domain+0x1497/0x1dd0 [ 131.997566][ T5900] tomoyo_bprm_check_security+0x11a/0x180 [ 132.003309][ T5900] security_bprm_check+0x86/0x250 [ 132.008340][ T5900] bprm_execve+0x903/0x1430 [ 132.012855][ T5900] do_execveat_common+0x57c/0x710 [ 132.017890][ T5900] page last free pid 5513 tgid 5513 stack trace: [ 132.024212][ T5900] __free_frozen_pages+0xde8/0x10a0 [ 132.029504][ T5900] __slab_free+0x2c6/0x390 [ 132.033926][ T5900] qlist_free_all+0x9a/0x140 [ 132.038516][ T5900] kasan_quarantine_reduce+0x14f/0x170 [ 132.043971][ T5900] __kasan_slab_alloc+0x23/0x80 [ 132.048824][ T5900] __kmalloc_cache_noprof+0x1c8/0x370 [ 132.054197][ T5900] tomoyo_init_log+0x1c6/0x2150 [ 132.059049][ T5900] tomoyo_supervisor+0x3c0/0x18b0 [ 132.064070][ T5900] tomoyo_path_permission+0x243/0x360 [ 132.069437][ T5900] tomoyo_path_perm+0x4c9/0x640 [ 132.074285][ T5900] security_inode_getattr+0x130/0x330 [ 132.079652][ T5900] vfs_fstatat+0xa5/0x150 [ 132.083978][ T5900] __x64_sys_newfstatat+0x11f/0x1a0 [ 132.089172][ T5900] do_syscall_64+0xf3/0x210 [ 132.093674][ T5900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.099562][ T5900] [ 132.101883][ T5900] Memory state around the buggy address: [ 132.107504][ T5900] ffff888034820600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.115558][ T5900] ffff888034820680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.123700][ T5900] >ffff888034820700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.131744][ T5900] ^ [ 132.137626][ T5900] ffff888034820780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.145675][ T5900] ffff888034820800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.153725][ T5900] ================================================================== [ 132.162663][ T5900] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 132.169884][ T5900] CPU: 1 UID: 0 PID: 5900 Comm: v4l_id Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) [ 132.181563][ T5900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 132.191628][ T5900] Call Trace: [ 132.194926][ T5900] [ 132.197874][ T5900] dump_stack_lvl+0x241/0x360 [ 132.202586][ T5900] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.207924][ T5900] ? __pfx__printk+0x10/0x10 [ 132.212535][ T5900] ? vprintk_emit+0x81f/0xa40 [ 132.217339][ T5900] ? vscnprintf+0x5d/0x90 [ 132.221699][ T5900] panic+0x349/0x880 [ 132.225617][ T5900] ? check_panic_on_warn+0x21/0xb0 [ 132.230753][ T5900] ? __pfx_panic+0x10/0x10 [ 132.235202][ T5900] ? _raw_spin_unlock_irqrestore+0x134/0x140 [ 132.241210][ T5900] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 132.247573][ T5900] check_panic_on_warn+0x86/0xb0 [ 132.252537][ T5900] ? v4l2_fh_open+0xc8/0x430 [ 132.257151][ T5900] end_report+0x77/0x160 [ 132.261406][ T5900] kasan_report+0x154/0x180 [ 132.265931][ T5900] ? v4l2_fh_open+0xc8/0x430 [ 132.270545][ T5900] v4l2_fh_open+0xc8/0x430 [ 132.274982][ T5900] em28xx_v4l2_open+0x14c/0x9e0 [ 132.279865][ T5900] v4l2_open+0x22f/0x370 [ 132.284138][ T5900] chrdev_open+0x514/0x600 [ 132.288577][ T5900] ? __pfx_chrdev_open+0x10/0x10 [ 132.293539][ T5900] ? file_set_fsnotify_mode_from_watchers+0x123/0x640 [ 132.300343][ T5900] ? __pfx_chrdev_open+0x10/0x10 [ 132.305303][ T5900] do_dentry_open+0xdec/0x1960 [ 132.310087][ T5900] ? vfs_open+0x31/0x370 [ 132.314339][ T5900] vfs_open+0x3b/0x370 [ 132.318420][ T5900] path_openat+0x2caf/0x35d0 [ 132.323033][ T5900] ? stack_depot_save_flags+0x44/0x940 [ 132.328505][ T5900] ? __pfx_features_show+0x1/0x10 [ 132.333541][ T5900] ? kasan_save_track+0x51/0x80 [ 132.338400][ T5900] ? __pfx_path_openat+0x10/0x10 [ 132.343335][ T5900] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.349405][ T5900] do_filp_open+0x284/0x4e0 [ 132.353916][ T5900] ? __pfx_do_filp_open+0x10/0x10 [ 132.358938][ T5900] ? do_raw_spin_lock+0x151/0x370 [ 132.363975][ T5900] do_sys_openat2+0x12b/0x1d0 [ 132.368653][ T5900] ? __pfx_do_sys_openat2+0x10/0x10 [ 132.373865][ T5900] ? lock_vma_under_rcu+0x1f0/0x9a0 [ 132.379087][ T5900] __x64_sys_openat+0x249/0x2a0 [ 132.383945][ T5900] ? __pfx___x64_sys_openat+0x10/0x10 [ 132.389325][ T5900] ? do_syscall_64+0xb6/0x210 [ 132.394013][ T5900] do_syscall_64+0xf3/0x210 [ 132.398516][ T5900] ? clear_bhb_loop+0x45/0xa0 [ 132.403196][ T5900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.409087][ T5900] RIP: 0033:0x7f0a8d5169a4 [ 132.413500][ T5900] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83 [ 132.433102][ T5900] RSP: 002b:00007ffd449415b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 132.441684][ T5900] RAX: ffffffffffffffda RBX: 00007ffd449417c8 RCX: 00007f0a8d5169a4 [ 132.449654][ T5900] RDX: 0000000000000000 RSI: 00007ffd44942f1d RDI: 00000000ffffff9c [ 132.457620][ T5900] RBP: 00007ffd44942f1d R08: 0000000000000000 R09: 0000000000000000 [ 132.465580][ T5900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.473550][ T5900] R13: 00007ffd449417e0 R14: 00005611aadea670 R15: 00007f0a8da28a80 [ 132.481526][ T5900] [ 132.484888][ T5900] Kernel Offset: disabled [ 132.489244][ T5900] Rebooting in 86400 seconds..