./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3762712495 <...> forked to background, child pid 3182 no interfaces have a carrier [ 24.711239][ T3183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 24.723034][ T3183] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.156' (ECDSA) to the list of known hosts. execve("./syz-executor3762712495", ["./syz-executor3762712495"], 0x7ffdd35781e0 /* 10 vars */) = 0 brk(NULL) = 0x5555572c3000 brk(0x5555572c3c40) = 0x5555572c3c40 arch_prctl(ARCH_SET_FS, 0x5555572c3300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555572c35d0) = 3610 set_robust_list(0x5555572c35e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f8782a3b940, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f8782a3c010}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f8782a3b9e0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8782a3c010}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3762712495", 4096) = 28 brk(0x5555572e4c40) = 0x5555572e4c40 brk(0x5555572e5000) = 0x5555572e5000 mprotect(0x7f8782afc000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f8782b024cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8782a0b000 mprotect(0x7f8782a0c000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7f8782a2b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3611 attached , parent_tid=[3611], tls=0x7f8782a2b700, child_tidptr=0x7f8782a2b9d0) = 3611 [pid 3610] futex(0x7f8782b024c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] set_robust_list(0x7f8782a2b9e0, 24) = 0 [pid 3610] <... futex resumed>) = 0 [pid 3610] futex(0x7f8782b024cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} [pid 3611] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3611] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f8782a2a2d0) = 0 [pid 3611] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f8782a2a2d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f8782a2a2d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f8782a292c0) = 18 syzkaller login: [ 41.287499][ T140] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f8782a2a2d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f8782a292c0) = 18 [ 41.527521][ T140] usb 1-1: Using ep0 maxpacket: 16 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f8782a2a2d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f8782a292c0) = 9 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f8782a2a2d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f8782a292c0) = 27 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f8782a2a2d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f8782a292c0) = 4 [ 41.648470][ T140] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f8782a2a2d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f8782a292c0) = 8 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f8782a2a2d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f8782a292c0) = 8 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f8782a2a2d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f8782a292c0) = 8 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f8782a2a2d0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f8782b0260c) = 6 [ 41.817549][ T140] usb 1-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice=80.f3 [ 41.826642][ T140] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.834677][ T140] usb 1-1: Product: syz [ 41.838877][ T140] usb 1-1: Manufacturer: syz [ 41.843461][ T140] usb 1-1: SerialNumber: syz [ 41.851242][ T140] usb 1-1: config 0 descriptor?? [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f8782a292c0) = 0 [ 41.911749][ T140] input: iMON Panel, Knob and Mouse(15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [pid 3611] futex(0x7f8782b024cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3610] <... futex resumed>) = 0 [pid 3611] <... futex resumed>) = 1 [pid 3610] futex(0x7f8782b024c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] futex(0x7f8782b024c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3610] <... futex resumed>) = 0 [pid 3610] futex(0x7f8782b024cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3611] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f8782a2a2f0) = 0 [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f8782a292e0) = 8 [ 42.217541][ T140] rc_core: IR keymap rc-imon-pad not found [ 42.223431][ T140] Registered IR keymap rc-empty [ 42.228556][ T140] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 42.238940][ T140] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [pid 3611] futex(0x7f8782b024cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3610] <... futex resumed>) = 0 [pid 3611] <... futex resumed>) = 1 [pid 3610] futex(0x7f8782b024c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3610] <... futex resumed>) = 0 [pid 3611] <... ioctl resumed>, 0x7f8782a2a2f0) = 0 [pid 3610] futex(0x7f8782b024cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} [pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f8782a292e0) = 8 [ 42.368343][ T140] rc rc0: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 42.379195][ T140] input: iMON Remote (15c2:0040) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 42.394590][ T140] imon 1-1:0.0: iMON device (15c2:0040, intf0) on usb<1:2> initialized [pid 3611] futex(0x7f8782b024cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3610] <... futex resumed>) = 0 [pid 3611] <... futex resumed>) = 1 [pid 3610] futex(0x7f8782b024c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3611] openat(AT_FDCWD, "/dev/char/180:0", O_RDWR [pid 3610] <... futex resumed>) = 0 [pid 3610] futex(0x7f8782b024cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3611] <... openat resumed>) = 4 [pid 3611] futex(0x7f8782b024cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3611] futex(0x7f8782b024c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3610] <... futex resumed>) = 0 [pid 3610] futex(0x7f8782b024c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3611] <... futex resumed>) = 0 [pid 3610] futex(0x7f8782b024cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3611] write(4, "\x12", 1 [pid 3610] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3610] futex(0x7f8782b024dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3610] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f87829ea000 [pid 3610] mprotect(0x7f87829eb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3610] clone(child_stack=0x7f8782a0a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3616 attached , parent_tid=[3616], tls=0x7f8782a0a700, child_tidptr=0x7f8782a0a9d0) = 3616 [pid 3616] set_robust_list(0x7f8782a0a9e0, 24 [pid 3610] futex(0x7f8782b024d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3616] <... set_robust_list resumed>) = 0 [pid 3610] futex(0x7f8782b024dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 42.609349][ T3616] ------------[ cut here ]------------ [ 42.615138][ T3616] URB ffff888016dd0300 submitted while active [ 42.621725][ T3616] WARNING: CPU: 1 PID: 3616 at drivers/usb/core/urb.c:378 usb_submit_urb+0x14e8/0x1880 [ 42.631479][ T3616] Modules linked in: [ 42.635375][ T3616] CPU: 1 PID: 3616 Comm: syz-executor376 Not tainted 6.0.0-rc1-syzkaller-00160-g4c2d0b039c5c #0 [ 42.645949][ T3616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [pid 3616] write(4, "\x12", 1 [pid 3610] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 42.656063][ T3616] RIP: 0010:usb_submit_urb+0x14e8/0x1880 [ 42.662001][ T3616] Code: 89 de e8 7b 94 ee fb 84 db 0f 85 a3 f3 ff ff e8 ee 97 ee fb 4c 89 fe 48 c7 c7 40 e1 8f 8a c6 05 8e 19 3c 08 01 e8 25 c9 ac 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 c7 97 ee fb 48 8b 7c 24 40 [ 42.682300][ T3616] RSP: 0018:ffffc90003affc50 EFLAGS: 00010286 [ 42.688702][ T3616] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 42.696698][ T3616] RDX: ffff88807a793b00 RSI: ffffffff8161f5a8 RDI: fffff5200075ff7c [ 42.704837][ T3616] RBP: ffff888016f3d0f0 R08: 0000000000000005 R09: 0000000000000000 [ 42.713016][ T3616] R10: 0000000080000000 R11: 0000000000000000 R12: ffff888016dd0300 [ 42.721032][ T3616] R13: ffff88801768d128 R14: 00000000fffffff0 R15: ffff888016dd0300 [ 42.729043][ T3616] FS: 00007f8782a0a700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 42.738118][ T3616] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.744902][ T3616] CR2: 00005590ec45b520 CR3: 0000000072700000 CR4: 0000000000350ef0 [ 42.752932][ T3616] Call Trace: [ 42.756214][ T3616] [ 42.759204][ T3616] ? rcu_read_lock_sched_held+0x3a/0x70 [ 42.764981][ T3616] ? trace_kmalloc+0x32/0x100 [ 42.769739][ T3616] send_packet+0x422/0xbc0 [ 42.774283][ T3616] vfd_write+0x2d9/0x550 [ 42.778605][ T3616] vfs_write+0x2d7/0xdd0 [ 42.782867][ T3616] ? send_packet+0xbc0/0xbc0 [ 42.787495][ T3616] ? vfs_read+0x930/0x930 [ 42.791842][ T3616] ? __fget_files+0x26a/0x440 [ 42.796543][ T3616] ? __fget_light+0xe5/0x270 [ 42.801219][ T3616] ksys_write+0x127/0x250 [ 42.805587][ T3616] ? __ia32_sys_read+0xb0/0xb0 [pid 3610] exit_group(0) = ? [ 42.810441][ T3616] ? lockdep_hardirqs_on+0x79/0x100 [ 42.815694][ T3616] ? _raw_spin_unlock_irq+0x2a/0x40 [ 42.821614][ T3616] ? ptrace_notify+0xfa/0x140 [ 42.821741][ T3611] imon:send_packet: task interrupted [ 42.826300][ T3616] do_syscall_64+0x35/0xb0 [ 42.836043][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.842006][ T3616] RIP: 0033:0x7f8782a7e0a9 [ 42.846434][ T3616] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 42.866279][ T3616] RSP: 002b:00007f8782a0a318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 42.874755][ T3616] RAX: ffffffffffffffda RBX: 00007f8782b024d8 RCX: 00007f8782a7e0a9 [ 42.882823][ T3616] RDX: 0000000000000001 RSI: 0000000020001000 RDI: 0000000000000004 [ 42.890843][ T3616] RBP: 00007f8782b024d0 R08: 00007f8782a0a700 R09: 0000000000000000 [ 42.898868][ T3616] R10: 00007f8782a0a700 R11: 0000000000000246 R12: 0b8b0509005505e1 [ 42.906856][ T3616] R13: 00007ffea605bb0f R14: 00007f8782a0a400 R15: 0000000000022000 [ 42.914884][ T3616] [ 42.917954][ T3616] Kernel panic - not syncing: panic_on_warn set ... [ 42.924521][ T3616] CPU: 0 PID: 3616 Comm: syz-executor376 Not tainted 6.0.0-rc1-syzkaller-00160-g4c2d0b039c5c #0 [ 42.934921][ T3616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 42.944979][ T3616] Call Trace: [ 42.948340][ T3616] [ 42.951269][ T3616] dump_stack_lvl+0xcd/0x134 [ 42.955867][ T3616] panic+0x2c8/0x627 [ 42.959765][ T3616] ? panic_print_sys_info.part.0+0x10b/0x10b [ 42.965757][ T3616] ? __warn.cold+0x248/0x2c4 [ 42.970352][ T3616] ? usb_submit_urb+0x14e8/0x1880 [ 42.975383][ T3616] __warn.cold+0x259/0x2c4 [ 42.979803][ T3616] ? __wake_up_klogd.part.0+0x99/0xf0 [ 42.985351][ T3616] ? usb_submit_urb+0x14e8/0x1880 [ 42.990377][ T3616] report_bug+0x1bc/0x210 [ 42.994720][ T3616] handle_bug+0x3c/0x60 [ 42.998880][ T3616] exc_invalid_op+0x14/0x40 [ 43.003387][ T3616] asm_exc_invalid_op+0x16/0x20 [ 43.008243][ T3616] RIP: 0010:usb_submit_urb+0x14e8/0x1880 [ 43.013875][ T3616] Code: 89 de e8 7b 94 ee fb 84 db 0f 85 a3 f3 ff ff e8 ee 97 ee fb 4c 89 fe 48 c7 c7 40 e1 8f 8a c6 05 8e 19 3c 08 01 e8 25 c9 ac 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 c7 97 ee fb 48 8b 7c 24 40 [ 43.033484][ T3616] RSP: 0018:ffffc90003affc50 EFLAGS: 00010286 [ 43.039549][ T3616] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 43.047516][ T3616] RDX: ffff88807a793b00 RSI: ffffffff8161f5a8 RDI: fffff5200075ff7c [ 43.055829][ T3616] RBP: ffff888016f3d0f0 R08: 0000000000000005 R09: 0000000000000000 [ 43.063795][ T3616] R10: 0000000080000000 R11: 0000000000000000 R12: ffff888016dd0300 [ 43.071763][ T3616] R13: ffff88801768d128 R14: 00000000fffffff0 R15: ffff888016dd0300 [ 43.079740][ T3616] ? vprintk+0x88/0x90 [ 43.083813][ T3616] ? rcu_read_lock_sched_held+0x3a/0x70 [ 43.089357][ T3616] ? trace_kmalloc+0x32/0x100 [ 43.094040][ T3616] send_packet+0x422/0xbc0 [ 43.098458][ T3616] vfd_write+0x2d9/0x550 [ 43.102706][ T3616] vfs_write+0x2d7/0xdd0 [ 43.106950][ T3616] ? send_packet+0xbc0/0xbc0 [ 43.111545][ T3616] ? vfs_read+0x930/0x930 [ 43.115874][ T3616] ? __fget_files+0x26a/0x440 [ 43.120554][ T3616] ? __fget_light+0xe5/0x270 [ 43.125145][ T3616] ksys_write+0x127/0x250 [ 43.129476][ T3616] ? __ia32_sys_read+0xb0/0xb0 [ 43.134235][ T3616] ? lockdep_hardirqs_on+0x79/0x100 [ 43.139440][ T3616] ? _raw_spin_unlock_irq+0x2a/0x40 [ 43.144641][ T3616] ? ptrace_notify+0xfa/0x140 [ 43.149324][ T3616] do_syscall_64+0x35/0xb0 [ 43.153739][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 43.159634][ T3616] RIP: 0033:0x7f8782a7e0a9 [ 43.164134][ T3616] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 43.183743][ T3616] RSP: 002b:00007f8782a0a318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 43.192157][ T3616] RAX: ffffffffffffffda RBX: 00007f8782b024d8 RCX: 00007f8782a7e0a9 [ 43.200127][ T3616] RDX: 0000000000000001 RSI: 0000000020001000 RDI: 0000000000000004 [ 43.208144][ T3616] RBP: 00007f8782b024d0 R08: 00007f8782a0a700 R09: 0000000000000000 [ 43.216924][ T3616] R10: 00007f8782a0a700 R11: 0000000000000246 R12: 0b8b0509005505e1 [ 43.224906][ T3616] R13: 00007ffea605bb0f R14: 00007f8782a0a400 R15: 0000000000022000 [ 43.232902][ T3616] [ 43.236653][ T3616] Kernel Offset: disabled [ 43.241088][ T3616] Rebooting in 86400 seconds..