./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2332001650 <...> Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. execve("./syz-executor2332001650", ["./syz-executor2332001650"], 0x7ffcf32a5ea0 /* 10 vars */) = 0 brk(NULL) = 0x5555560a2000 brk(0x5555560a2c40) = 0x5555560a2c40 arch_prctl(ARCH_SET_FS, 0x5555560a2300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555560a25d0) = 3607 set_robust_list(0x5555560a25e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fa91f668950, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fa91f669020}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fa91f6689f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa91f669020}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2332001650", 4096) = 28 brk(0x5555560c3c40) = 0x5555560c3c40 brk(0x5555560c4000) = 0x5555560c4000 mprotect(0x7fa91f729000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7fa91f72f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa91f638000 mprotect(0x7fa91f639000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7fa91f6583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3608 attached , parent_tid=[3608], tls=0x7fa91f658700, child_tidptr=0x7fa91f6589d0) = 3608 [pid 3607] futex(0x7fa91f72f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7fa91f72f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} [pid 3608] set_robust_list(0x7fa91f6589e0, 24) = 0 [pid 3608] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3608] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fa91f6572d0) = 0 [pid 3608] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fa91f6572d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fa91f6572d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fa91f6562c0) = 18 syzkaller login: [ 49.212386][ T27] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fa91f6572d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fa91f6562c0) = 18 [ 49.452318][ T27] usb 1-1: Using ep0 maxpacket: 16 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fa91f6572d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fa91f6562c0) = 9 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fa91f6572d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fa91f6562c0) = 27 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fa91f6572d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fa91f6562c0) = 4 [ 49.573332][ T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 120, changing to 10 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fa91f6572d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fa91f6562c0) = 8 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fa91f6572d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fa91f6562c0) = 8 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fa91f6572d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fa91f6562c0) = 8 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fa91f6572d0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fa91f72f60c) = 6 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fa91f6562c0) = 0 [ 49.742919][ T27] usb 1-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice=80.f3 [ 49.751978][ T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 49.760288][ T27] usb 1-1: Product: syz [ 49.764635][ T27] usb 1-1: Manufacturer: syz [ 49.769212][ T27] usb 1-1: SerialNumber: syz [ 49.777766][ T27] usb 1-1: config 0 descriptor?? [ 49.827224][ T27] input: iMON Panel, Knob and Mouse(15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [pid 3608] futex(0x7fa91f72f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7fa91f72f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7fa91f72f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fa91f6572f0) = 0 [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fa91f6562e0) = 8 [ 50.112488][ T27] rc_core: IR keymap rc-imon-pad not found [ 50.118326][ T27] Registered IR keymap rc-empty [ 50.123331][ T27] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 50.133565][ T27] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [pid 3608] futex(0x7fa91f72f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7fa91f72f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3607] <... futex resumed>) = 0 [pid 3608] <... ioctl resumed>, 0x7fa91f6572f0) = 0 [pid 3607] futex(0x7fa91f72f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fa91f6562e0) = 8 [ 50.283340][ T27] rc rc0: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 50.294801][ T27] input: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 50.310422][ T27] imon 1-1:0.0: iMON device (15c2:0040, intf0) on usb<1:2> initialized [pid 3608] futex(0x7fa91f72f4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3608] futex(0x7fa91f72f4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7fa91f72f4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3608] <... futex resumed>) = 0 [pid 3607] futex(0x7fa91f72f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR) = 4 [pid 3608] futex(0x7fa91f72f4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7fa91f72f4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] write(4, "V", 1 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7fa91f72f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3607] futex(0x7fa91f72f4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3607] futex(0x7fa91f72f4dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa91f617000 [pid 3607] mprotect(0x7fa91f618000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3607] clone(child_stack=0x7fa91f6373f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3613], tls=0x7fa91f637700, child_tidptr=0x7fa91f6379d0) = 3613 [pid 3607] futex(0x7fa91f72f4d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7fa91f72f4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3613 attached [pid 3613] set_robust_list(0x7fa91f6379e0, 24) = 0 [ 50.521130][ T3613] ------------[ cut here ]------------ [ 50.526899][ T3613] URB ffff8880175c9100 submitted while active [ 50.533363][ T3613] WARNING: CPU: 1 PID: 3613 at drivers/usb/core/urb.c:378 usb_submit_urb+0x1116/0x1920 [ 50.543066][ T3613] Modules linked in: [ 50.546948][ T3613] CPU: 1 PID: 3613 Comm: syz-executor233 Not tainted 6.0.0-syzkaller-00372-ga5088ee7251e #0 [ 50.557079][ T3613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [pid 3613] write(4, "V", 1 [pid 3607] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 50.567175][ T3613] RIP: 0010:usb_submit_urb+0x1116/0x1920 [ 50.573224][ T3613] Code: 00 41 8b 06 89 44 24 10 e9 a5 f8 ff ff e8 d2 98 75 fb c6 05 2f e9 fd 07 01 48 c7 c7 c0 f4 53 8b 4c 89 ee 31 c0 e8 9a 5a 3d fb <0f> 0b e9 62 ef ff ff e8 ae 98 75 fb eb 2d e8 a7 98 75 fb 44 8b 74 [ 50.593239][ T3613] RSP: 0018:ffffc9000379fb98 EFLAGS: 00010246 [ 50.599531][ T3613] RAX: 8b697ef13be93300 RBX: ffff888017dbe170 RCX: ffff8880762e1d80 [ 50.607861][ T3613] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 50.616195][ T3613] RBP: ffff8880175c9108 R08: ffffffff816d5aed R09: fffff520006f3ef1 [ 50.624633][ T3613] R10: fffff520006f3ef1 R11: 1ffff920006f3ef0 R12: 0000000000000cc0 [ 50.632944][ T3613] R13: ffff8880175c9100 R14: dffffc0000000000 R15: dffffc0000000000 [ 50.641128][ T3613] FS: 00007fa91f637700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 50.650448][ T3613] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.657369][ T3613] CR2: 00007fa91f637718 CR3: 00000000715a7000 CR4: 00000000003506e0 [ 50.665570][ T3613] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.673723][ T3613] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 50.681702][ T3613] Call Trace: [ 50.685301][ T3613] [ 50.688253][ T3613] ? kmem_cache_alloc_trace+0x97/0x310 [ 50.693952][ T3613] ? send_packet+0x86/0xa90 [ 50.698472][ T3613] send_packet+0x5ad/0xa90 [ 50.703142][ T3613] vfd_write+0x218/0x5b0 [ 50.707393][ T3613] ? rcu_lock_release+0x20/0x20 [ 50.712513][ T3613] vfs_write+0x2e5/0xbb0 [pid 3607] exit_group(0) = ? [ 50.716771][ T3613] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 50.723098][ T3613] ? file_end_write+0x230/0x230 [ 50.727963][ T3613] ? __fget_files+0x3ba/0x420 [ 50.732892][ T3613] ? __fdget_pos+0x1d2/0x2e0 [ 50.737479][ T3613] ? ksys_write+0x77/0x2c0 [ 50.741884][ T3613] ksys_write+0x19b/0x2c0 [ 50.747042][ T3613] ? print_irqtrace_events+0x220/0x220 [ 50.752715][ T3613] ? __ia32_sys_read+0x80/0x80 [ 50.757479][ T3613] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 50.763758][ T3613] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 50.769760][ T3613] do_syscall_64+0x2b/0x70 [ 50.775025][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.781069][ T3613] RIP: 0033:0x7fa91f6ab0b9 [ 50.785668][ T3613] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 50.792906][ T3608] imon:send_packet: task interrupted [ 50.805579][ T3613] RSP: 002b:00007fa91f637318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 50.819102][ T3613] RAX: ffffffffffffffda RBX: 00007fa91f72f4d8 RCX: 00007fa91f6ab0b9 [ 50.827122][ T3613] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000004 [ 50.835148][ T3613] RBP: 00007fa91f72f4d0 R08: 00007fa91f637700 R09: 0000000000000000 [ 50.843177][ T3613] R10: 00007fa91f637700 R11: 0000000000000246 R12: ab0847687fc4f2a2 [ 50.851156][ T3613] R13: 00007ffeb6fa8faf R14: 00007fa91f637400 R15: 0000000000022000 [ 50.859243][ T3613] [ 50.862317][ T3613] Kernel panic - not syncing: panic_on_warn set ... [ 50.868907][ T3613] CPU: 0 PID: 3613 Comm: syz-executor233 Not tainted 6.0.0-syzkaller-00372-ga5088ee7251e #0 [ 50.878965][ T3613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 50.889013][ T3613] Call Trace: [ 50.892287][ T3613] [ 50.895217][ T3613] dump_stack_lvl+0x1e3/0x2cb [ 50.899905][ T3613] ? io_alloc_page_table+0x110/0x110 [ 50.905204][ T3613] ? panic+0x76b/0x76b [ 50.909298][ T3613] ? vscnprintf+0x59/0x80 [ 50.913626][ T3613] ? usb_submit_urb+0x10a0/0x1920 [ 50.918672][ T3613] panic+0x316/0x76b [ 50.922575][ T3613] ? __warn+0x131/0x220 [ 50.926733][ T3613] ? fb_is_primary_device+0xcc/0xcc [ 50.931941][ T3613] ? usb_submit_urb+0x1116/0x1920 [ 50.936959][ T3613] __warn+0x1fa/0x220 [ 50.940935][ T3613] ? usb_submit_urb+0x1116/0x1920 [ 50.945955][ T3613] report_bug+0x1b3/0x2d0 [ 50.950280][ T3613] handle_bug+0x3d/0x70 [ 50.954429][ T3613] exc_invalid_op+0x16/0x40 [ 50.958926][ T3613] asm_exc_invalid_op+0x16/0x20 [ 50.963767][ T3613] RIP: 0010:usb_submit_urb+0x1116/0x1920 [ 50.969396][ T3613] Code: 00 41 8b 06 89 44 24 10 e9 a5 f8 ff ff e8 d2 98 75 fb c6 05 2f e9 fd 07 01 48 c7 c7 c0 f4 53 8b 4c 89 ee 31 c0 e8 9a 5a 3d fb <0f> 0b e9 62 ef ff ff e8 ae 98 75 fb eb 2d e8 a7 98 75 fb 44 8b 74 [ 50.989006][ T3613] RSP: 0018:ffffc9000379fb98 EFLAGS: 00010246 [ 50.995069][ T3613] RAX: 8b697ef13be93300 RBX: ffff888017dbe170 RCX: ffff8880762e1d80 [ 51.003031][ T3613] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 51.010996][ T3613] RBP: ffff8880175c9108 R08: ffffffff816d5aed R09: fffff520006f3ef1 [ 51.018956][ T3613] R10: fffff520006f3ef1 R11: 1ffff920006f3ef0 R12: 0000000000000cc0 [ 51.026919][ T3613] R13: ffff8880175c9100 R14: dffffc0000000000 R15: dffffc0000000000 [ 51.034997][ T3613] ? __wake_up_klogd+0xcd/0x100 [ 51.039863][ T3613] ? usb_submit_urb+0x1116/0x1920 [ 51.044894][ T3613] ? kmem_cache_alloc_trace+0x97/0x310 [ 51.050366][ T3613] ? send_packet+0x86/0xa90 [ 51.054872][ T3613] send_packet+0x5ad/0xa90 [ 51.059288][ T3613] vfd_write+0x218/0x5b0 [ 51.063525][ T3613] ? rcu_lock_release+0x20/0x20 [ 51.068381][ T3613] vfs_write+0x2e5/0xbb0 [ 51.072621][ T3613] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 51.078596][ T3613] ? file_end_write+0x230/0x230 [ 51.083480][ T3613] ? __fget_files+0x3ba/0x420 [ 51.088155][ T3613] ? __fdget_pos+0x1d2/0x2e0 [ 51.092734][ T3613] ? ksys_write+0x77/0x2c0 [ 51.097165][ T3613] ksys_write+0x19b/0x2c0 [ 51.101503][ T3613] ? print_irqtrace_events+0x220/0x220 [ 51.106969][ T3613] ? __ia32_sys_read+0x80/0x80 [ 51.111826][ T3613] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 51.117818][ T3613] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 51.123805][ T3613] do_syscall_64+0x2b/0x70 [ 51.128218][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.134126][ T3613] RIP: 0033:0x7fa91f6ab0b9 [ 51.138549][ T3613] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 51.158171][ T3613] RSP: 002b:00007fa91f637318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.166596][ T3613] RAX: ffffffffffffffda RBX: 00007fa91f72f4d8 RCX: 00007fa91f6ab0b9 [ 51.174560][ T3613] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000004 [ 51.182526][ T3613] RBP: 00007fa91f72f4d0 R08: 00007fa91f637700 R09: 0000000000000000 [ 51.190489][ T3613] R10: 00007fa91f637700 R11: 0000000000000246 R12: ab0847687fc4f2a2 [ 51.198453][ T3613] R13: 00007ffeb6fa8faf R14: 00007fa91f637400 R15: 0000000000022000 [ 51.206435][ T3613] [ 51.209738][ T3613] Kernel Offset: disabled [ 51.214115][ T3613] Rebooting in 86400 seconds..