Warning: Permanently added '10.128.1.69' (ED25519) to the list of known hosts. 1970/01/01 00:01:25 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:26 parsed 1 programs [ 88.910217][ T4576] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 96.161833][ T4601] chnl_net:caif_netlink_parms(): no params data found [ 96.200629][ T4601] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.202644][ T4601] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.205284][ T4601] device bridge_slave_0 entered promiscuous mode [ 96.210339][ T4601] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.212674][ T4601] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.215257][ T4601] device bridge_slave_1 entered promiscuous mode [ 96.230547][ T4601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.234936][ T4601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.252986][ T4601] team0: Port device team_slave_0 added [ 96.256339][ T4601] team0: Port device team_slave_1 added [ 96.268995][ T4601] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.271065][ T4601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.278719][ T4601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.286330][ T4601] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.288642][ T4601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.295964][ T4601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.350238][ T4601] device hsr_slave_0 entered promiscuous mode [ 96.388525][ T4601] device hsr_slave_1 entered promiscuous mode [ 97.307779][ T4601] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.350122][ T4601] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.390568][ T4601] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.441029][ T4601] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.542599][ T4601] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.561654][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 97.564268][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.571706][ T4601] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.580371][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.583192][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.586035][ T136] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.587946][ T136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.597432][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 97.611531][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.614428][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.621083][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.623152][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.629096][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 97.633525][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 97.656877][ T4601] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 97.663600][ T4601] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 97.667827][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 97.672084][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.674917][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.683075][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.690755][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 97.693527][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 97.696321][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 97.699821][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 97.702549][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 97.705211][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 97.793068][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 97.795409][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 97.799622][ T4601] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.811759][ T1774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 97.814726][ T1774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 97.835876][ T4601] device veth0_vlan entered promiscuous mode [ 97.845184][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 97.855784][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 97.866926][ T4601] device veth1_vlan entered promiscuous mode [ 97.878836][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 97.881479][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 97.884056][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 97.887063][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 97.895819][ T4601] device veth0_macvtap entered promiscuous mode [ 97.898539][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 97.901370][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 97.906620][ T4601] device veth1_macvtap entered promiscuous mode [ 97.910780][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 97.913905][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 97.926110][ T4601] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.929846][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 97.932775][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 97.939473][ T4601] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.941618][ T1774] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 97.944425][ T1774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 97.950353][ T4601] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.952887][ T4601] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.955196][ T4601] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.957716][ T4601] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.056816][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.068018][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.071343][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.073708][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.074041][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 99.082186][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:39 executed programs: 0 [ 99.744739][ T4802] chnl_net:caif_netlink_parms(): no params data found [ 99.841603][ T4802] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.848177][ T4802] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.851142][ T4802] device bridge_slave_0 entered promiscuous mode [ 99.858048][ T4802] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.861911][ T4802] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.864830][ T4802] device bridge_slave_1 entered promiscuous mode [ 99.903546][ T4802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.910225][ T4802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.941775][ T4802] team0: Port device team_slave_0 added [ 99.945838][ T4802] team0: Port device team_slave_1 added [ 99.972760][ T4802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.974864][ T4802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.998237][ T4802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.002991][ T4802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.004917][ T4802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.029070][ T4802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.090116][ T4802] device hsr_slave_0 entered promiscuous mode [ 100.129478][ T4802] device hsr_slave_1 entered promiscuous mode [ 100.178285][ T4802] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 100.180612][ T4802] Cannot create hsr debugfs directory [ 100.276345][ T4802] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.568271][ T4123] Bluetooth: hci0: command 0x0409 tx timeout [ 103.516507][ T4802] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.565825][ T4802] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.626629][ T4802] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.648680][ T4118] Bluetooth: hci0: command 0x041b tx timeout [ 103.798789][ T4802] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 103.830630][ T4802] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 103.882991][ T4802] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 103.940488][ T4802] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 104.061541][ T4802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.073944][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 104.076561][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 104.081797][ T4802] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.086370][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 104.089815][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 104.092377][ T148] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.094360][ T148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.098031][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 104.141325][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 104.144425][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 104.147061][ T136] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.149212][ T136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.153569][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 104.159073][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 104.165271][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 104.169209][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 104.172063][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 104.177279][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 104.181429][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 104.186585][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 104.189939][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 104.215589][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 104.218932][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 104.224058][ T4802] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 104.320281][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 104.322641][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 104.329037][ T4802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.343479][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 104.346405][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 104.362885][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 104.365631][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 104.369016][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 104.371597][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 104.376030][ T4802] device veth0_vlan entered promiscuous mode [ 104.382652][ T4802] device veth1_vlan entered promiscuous mode [ 104.397541][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 104.403260][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 104.406381][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 104.409792][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 104.414493][ T4802] device veth0_macvtap entered promiscuous mode [ 104.419095][ T4802] device veth1_macvtap entered promiscuous mode [ 104.428254][ T4802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.431345][ T4802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.435149][ T4802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.438868][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 104.441442][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 104.444114][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 104.447231][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 104.451907][ T4802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.454865][ T4802] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.458912][ T4802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.461656][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 104.464585][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 104.469736][ T4802] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.472273][ T4802] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.474641][ T4802] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.477155][ T4802] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.515608][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.518942][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.526335][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 104.541441][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.543781][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.546847][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:44 executed programs: 2 [ 104.858390][ T1982] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 105.118361][ T1982] usb 1-1: Using ep0 maxpacket: 16 [ 105.240112][ T1982] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 646 [ 105.418648][ T1982] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=71.b1 [ 105.421368][ T1982] usb 1-1: New USB device strings: Mfr=156, Product=201, SerialNumber=3 [ 105.423705][ T1982] usb 1-1: Product: syz [ 105.424868][ T1982] usb 1-1: Manufacturer: syz [ 105.426110][ T1982] usb 1-1: SerialNumber: syz [ 105.474135][ T1982] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input2 [ 105.729792][ T4118] Bluetooth: hci0: command 0x040f tx timeout [ 105.908336][ T5011] ------------[ cut here ]------------ [ 105.910084][ T5011] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 105.912088][ T5011] WARNING: CPU: 1 PID: 5011 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1580 [ 105.914870][ T5011] Modules linked in: [ 105.915949][ T5011] CPU: 1 PID: 5011 Comm: udevd Not tainted 5.15.184-syzkaller #0 [ 105.918052][ T5011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.920957][ T5011] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 105.923142][ T5011] pc : usb_submit_urb+0xa44/0x1580 [ 105.924632][ T5011] lr : usb_submit_urb+0xa44/0x1580 [ 105.926053][ T5011] sp : ffff80001f7a7470 [ 105.927182][ T5011] x29: ffff80001f7a74b0 x28: 1fffe0001b37a803 x27: ffff80001237bee8 [ 105.929431][ T5011] x26: ffff0000c6bb5200 x25: ffff0000c1c26050 x24: 0000000000000286 [ 105.931689][ T5011] x23: ffff800012382540 x22: dfff800000000000 x21: 0000000000000002 [ 105.933924][ T5011] x20: 0000000000000cc0 x19: ffff0000c1c26000 x18: 0000000000000001 [ 105.936218][ T5011] x17: 0000000000000000 x16: ffff8000111a5644 x15: 00000000ffffffff [ 105.938481][ T5011] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 105.940827][ T5011] x11: 0000000000000000 x10: 0000000000000000 x9 : bb52485a4205f200 [ 105.943031][ T5011] x8 : bb52485a4205f200 x7 : 0000000000000001 x6 : 0000000000000001 [ 105.945177][ T5011] x5 : ffff80001f7a6d58 x4 : ffff80001422f280 x3 : ffff80000850383c [ 105.947344][ T5011] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 105.949643][ T5011] Call trace: [ 105.950549][ T5011] usb_submit_urb+0xa44/0x1580 [ 105.951896][ T5011] bcm5974_start_traffic+0xe0/0x154 [ 105.953324][ T5011] bcm5974_open+0x94/0x130 [ 105.954563][ T5011] input_open_device+0x134/0x288 [ 105.955922][ T5011] evdev_open+0x3c4/0x468 [ 105.957133][ T5011] chrdev_open+0x26c/0x4f0 [ 105.958329][ T5011] do_dentry_open+0x760/0xebc [ 105.959636][ T5011] vfs_open+0x7c/0x90 [ 105.960718][ T5011] path_openat+0x1f80/0x26e4 [ 105.961995][ T5011] do_filp_open+0x164/0x330 [ 105.963219][ T5011] do_sys_openat2+0x128/0x3d8 [ 105.964441][ T5011] __arm64_sys_openat+0x120/0x154 [ 105.965802][ T5011] invoke_syscall+0x98/0x2b8 [ 105.967138][ T5011] el0_svc_common+0x138/0x258 [ 105.968442][ T5011] do_el0_svc+0x58/0x14c [ 105.969626][ T5011] el0_svc+0x78/0x1e0 [ 105.970681][ T5011] el0t_64_sync_handler+0xcc/0xe4 [ 105.972017][ T5011] el0t_64_sync+0x1a0/0x1a4 [ 105.973260][ T5011] irq event stamp: 5158 [ 105.974433][ T5011] hardirqs last enabled at (5157): [] __up_console_sem+0xb4/0x100 [ 105.977028][ T5011] hardirqs last disabled at (5158): [] el1_dbg+0x24/0x80 [ 105.979438][ T5011] softirqs last enabled at (4206): [] local_bh_enable+0x10/0x34 [ 105.982059][ T5011] softirqs last disabled at (4204): [] local_bh_disable+0x10/0x34 [ 105.984711][ T5011] ---[ end trace 9a57da9f2c0eb268 ]--- [ 106.008246][ C1] ------------[ cut here ]------------ [ 106.009992][ C1] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 106.011932][ C1] WARNING: CPU: 1 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1580 [ 106.014475][ C1] Modules linked in: [ 106.015549][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.15.184-syzkaller #0 [ 106.018022][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.020856][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 106.023046][ C1] pc : usb_submit_urb+0xa44/0x1580 [ 106.024475][ C1] lr : usb_submit_urb+0xa44/0x1580 [ 106.025881][ C1] sp : ffff800008017620 [ 106.026990][ C1] x29: ffff800008017660 x28: 1fffe0001b37a803 x27: ffff80001237bee8 [ 106.029193][ C1] x26: ffff0000c6bb5200 x25: ffff0000c1c26050 x24: 0000000000000286 [ 106.031430][ C1] x23: ffff800012382540 x22: dfff800000000000 x21: 0000000000000002 [ 106.033611][ C1] x20: 0000000000000a20 x19: ffff0000c1c26000 x18: 0000000000000102 [ 106.035838][ C1] x17: 0000000000000000 x16: ffff8000111a5644 x15: 00000000ffffffff [ 106.038072][ C1] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 106.040225][ C1] x11: 0000000000000101 x10: 0000000000000000 x9 : 722e1e6665d0e900 [ 106.042454][ C1] x8 : 722e1e6665d0e900 x7 : 0000000000000001 x6 : 0000000000000001 [ 106.044627][ C1] x5 : ffff800008016f18 x4 : ffff80001422f280 x3 : ffff80000850383c [ 106.046824][ C1] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000029 [ 106.049082][ C1] Call trace: [ 106.049978][ C1] usb_submit_urb+0xa44/0x1580 [ 106.051295][ C1] bcm5974_irq_trackpad+0x204/0xe88 [ 106.052719][ C1] __usb_hcd_giveback_urb+0x2e0/0x518 [ 106.054187][ C1] usb_hcd_giveback_urb+0x100/0x3e0 [ 106.055655][ C1] dummy_timer+0x5b8/0x231c [ 106.056987][ C1] call_timer_fn+0x19c/0x858 [ 106.058362][ C1] __run_timers+0x46c/0x6c4 [ 106.059546][ C1] run_timer_softirq+0x7c/0x114 [ 106.060910][ C1] handle_softirqs+0x344/0xbf0 [ 106.062173][ C1] __irq_exit_rcu+0x240/0x440 [ 106.063464][ C1] irq_exit+0x14/0x88 [ 106.064660][ C1] handle_domain_irq+0x14c/0x1fc [ 106.066059][ C1] gic_handle_irq+0x78/0x1c8 [ 106.067365][ C1] call_on_irq_stack+0x24/0x4c [ 106.068676][ C1] do_interrupt_handler+0x6c/0x88 [ 106.070087][ C1] el1_interrupt+0x30/0x58 [ 106.071284][ C1] el1h_64_irq_handler+0x18/0x24 [ 106.072635][ C1] el1h_64_irq+0x78/0x7c [ 106.073771][ C1] arch_local_irq_enable+0xc/0x18 [ 106.075114][ C1] default_idle_call+0xcc/0x418 [ 106.076415][ C1] do_idle+0x1c8/0x480 [ 106.077497][ C1] cpu_startup_entry+0x24/0x28 [ 106.078849][ C1] secondary_start_kernel+0x23c/0x294 [ 106.080330][ C1] __secondary_switched+0x94/0x98 [ 106.081777][ C1] irq event stamp: 283601 [ 106.082945][ C1] hardirqs last enabled at (283600): [] _raw_spin_unlock_irq+0x98/0x128 [ 106.085743][ C1] hardirqs last disabled at (283601): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 106.088561][ C1] softirqs last enabled at (283586): [] handle_softirqs+0xa4c/0xbf0 [ 106.091311][ C1] softirqs last disabled at (283593): [] __irq_exit_rcu+0x240/0x440 [ 106.093863][ C1] ---[ end trace 9a57da9f2c0eb269 ]--- [ 106.111502][ T1982] usb 1-1: USB disconnect, device number 2 [ 106.118783][ T5011] bcm5974 1-1:1.0: could not read from device [ 106.898200][ T4118] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 107.020941][ T153] device hsr_slave_0 left promiscuous mode [ 107.049137][ T153] device hsr_slave_1 left promiscuous mode [ 107.148294][ T153] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 107.150534][ T153] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 107.153271][ T153] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 107.155337][ T153] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 107.157904][ T153] device bridge_slave_1 left promiscuous mode [ 107.162736][ T153] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.168252][ T4118] usb 1-1: Using ep0 maxpacket: 16 [ 107.212829][ T153] device bridge_slave_0 left promiscuous mode [ 107.214691][ T153] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.308271][ T4118] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 646 [ 107.348387][ T153] device veth1_macvtap left promiscuous mode [ 107.354488][ T153] device veth0_macvtap left promiscuous mode [ 107.356534][ T153] device veth1_vlan left promiscuous mode [ 107.358861][ T153] device veth0_vlan left promiscuous mode [ 107.500673][ T4118] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=71.b1 [ 107.503361][ T4118] usb 1-1: New USB device strings: Mfr=156, Product=201, SerialNumber=3 [ 107.505720][ T4118] usb 1-1: Product: syz [ 107.507026][ T4118] usb 1-1: Manufacturer: syz [ 107.510357][ T4118] usb 1-1: SerialNumber: syz [ 107.561279][ T4118] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input3 [ 107.646976][ T153] team0 (unregistering): Port device team_slave_1 removed [ 107.665285][ T153] team0 (unregistering): Port device team_slave_0 removed [ 107.674757][ T153] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 107.725054][ T153] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 107.808442][ T4118] Bluetooth: hci0: command 0x0419 tx timeout [ 107.855668][ T153] bond0 (unregistering): Released all slaves [ 107.998380][ T5004] ------------[ cut here ]------------ [ 108.000052][ T5004] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 108.002086][ T5004] WARNING: CPU: 0 PID: 5004 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1580 [ 108.004792][ T5004] Modules linked in: [ 108.005872][ T5004] CPU: 0 PID: 5004 Comm: udevd Tainted: G W 5.15.184-syzkaller #0 [ 108.008433][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.011128][ T5004] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 108.013343][ T5004] pc : usb_submit_urb+0xa44/0x1580 [ 108.014776][ T5004] lr : usb_submit_urb+0xa44/0x1580 [ 108.016159][ T5004] sp : ffff80001f4a7470 [ 108.017340][ T5004] x29: ffff80001f4a74b0 x28: 1fffe0001d7d6803 x27: ffff80001237bee8 [ 108.019658][ T5004] x26: ffff0000ca965d00 x25: ffff0000c763ac50 x24: 0000000000000286 [ 108.021895][ T5004] x23: ffff800012382540 x22: dfff800000000000 x21: 0000000000000002 [ 108.024201][ T5004] x20: 0000000000000cc0 x19: ffff0000c763ac00 x18: 0000000000000001 [ 108.026433][ T5004] x17: 0000000000000000 x16: ffff8000111a5644 x15: 00000000ffffffff [ 108.028696][ T5004] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 108.030900][ T5004] x11: 0000000000000000 x10: 0000000000000000 x9 : d6b1f38f65b7e800 [ 108.033166][ T5004] x8 : d6b1f38f65b7e800 x7 : 0000000000000001 x6 : 0000000000000001 [ 108.035329][ T5004] x5 : ffff80001f4a6d58 x4 : ffff80001422f280 x3 : ffff80000850383c [ 108.037527][ T5004] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 108.039764][ T5004] Call trace: [ 108.040612][ T5004] usb_submit_urb+0xa44/0x1580 [ 108.041915][ T5004] bcm5974_start_traffic+0xe0/0x154 [ 108.043337][ T5004] bcm5974_open+0x94/0x130 [ 108.044567][ T5004] input_open_device+0x134/0x288 [ 108.045896][ T5004] evdev_open+0x3c4/0x468 [ 108.047130][ T5004] chrdev_open+0x26c/0x4f0 [ 108.048380][ T5004] do_dentry_open+0x760/0xebc [ 108.049749][ T5004] vfs_open+0x7c/0x90 [ 108.050864][ T5004] path_openat+0x1f80/0x26e4 [ 108.052168][ T5004] do_filp_open+0x164/0x330 [ 108.053487][ T5004] do_sys_openat2+0x128/0x3d8 [ 108.054789][ T5004] __arm64_sys_openat+0x120/0x154 [ 108.056148][ T5004] invoke_syscall+0x98/0x2b8 [ 108.057429][ T5004] el0_svc_common+0x138/0x258 [ 108.058767][ T5004] do_el0_svc+0x58/0x14c [ 108.059928][ T5004] el0_svc+0x78/0x1e0 [ 108.061094][ T5004] el0t_64_sync_handler+0xcc/0xe4 [ 108.062511][ T5004] el0t_64_sync+0x1a0/0x1a4 [ 108.063811][ T5004] irq event stamp: 29832 [ 108.065054][ T5004] hardirqs last enabled at (29831): [] __up_console_sem+0xb4/0x100 [ 108.067777][ T5004] hardirqs last disabled at (29832): [] el1_dbg+0x24/0x80 [ 108.070377][ T5004] softirqs last enabled at (29640): [] local_bh_enable+0x10/0x34 [ 108.073120][ T5004] softirqs last disabled at (29638): [] local_bh_disable+0x10/0x34 [ 108.075784][ T5004] ---[ end trace 9a57da9f2c0eb26a ]--- [ 108.088195][ C0] ------------[ cut here ]------------ [ 108.089808][ C0] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 108.091780][ C0] WARNING: CPU: 0 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1580 [ 108.094416][ C0] Modules linked in: [ 108.095537][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.15.184-syzkaller #0 [ 108.098122][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.100947][ C0] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 108.103101][ C0] pc : usb_submit_urb+0xa44/0x1580 [ 108.104580][ C0] lr : usb_submit_urb+0xa44/0x1580 [ 108.106075][ C0] sp : ffff800008007620 [ 108.107213][ C0] x29: ffff800008007660 x28: 1fffe0001d7d6803 x27: ffff80001237bee8 [ 108.109427][ C0] x26: ffff0000ca965d00 x25: ffff0000c763ac50 x24: 0000000000000286 [ 108.111695][ C0] x23: ffff800012382540 x22: dfff800000000000 x21: 0000000000000002 [ 108.113937][ C0] x20: 0000000000000a20 x19: ffff0000c763ac00 x18: 0000000000000102 [ 108.116077][ C0] x17: 0000000000000000 x16: ffff8000111a5644 x15: 00000000ffffffff [ 108.118261][ C0] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 108.120524][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : ee4d2915c5b25c00 [ 108.122717][ C0] x8 : ee4d2915c5b25c00 x7 : 0000000000000001 x6 : 0000000000000001 [ 108.124950][ C0] x5 : ffff800008006f18 x4 : ffff80001422f280 x3 : ffff80000850383c [ 108.127191][ C0] x2 : 0000000000000001 x1 : 0000000100000101 x0 : 0000000000000029 [ 108.129409][ C0] Call trace: [ 108.130321][ C0] usb_submit_urb+0xa44/0x1580 [ 108.131719][ C0] bcm5974_irq_trackpad+0x204/0xe88 [ 108.133180][ C0] __usb_hcd_giveback_urb+0x2e0/0x518 [ 108.134676][ C0] usb_hcd_giveback_urb+0x100/0x3e0 [ 108.136156][ C0] dummy_timer+0x5b8/0x231c [ 108.137412][ C0] call_timer_fn+0x19c/0x858 [ 108.138681][ C0] __run_timers+0x46c/0x6c4 [ 108.139920][ C0] run_timer_softirq+0x7c/0x114 [ 108.141245][ C0] handle_softirqs+0x344/0xbf0 [ 108.142597][ C0] __irq_exit_rcu+0x240/0x440 [ 108.143906][ C0] irq_exit+0x14/0x88 [ 108.145018][ C0] handle_domain_irq+0x14c/0x1fc [ 108.146384][ C0] gic_handle_irq+0x78/0x1c8 [ 108.147664][ C0] call_on_irq_stack+0x24/0x4c [ 108.148958][ C0] do_interrupt_handler+0x6c/0x88 [ 108.150333][ C0] el1_interrupt+0x30/0x58 [ 108.151621][ C0] el1h_64_irq_handler+0x18/0x24 [ 108.153020][ C0] el1h_64_irq+0x78/0x7c [ 108.154219][ C0] arch_local_irq_enable+0xc/0x18 [ 108.155619][ C0] default_idle_call+0xcc/0x418 [ 108.156978][ C0] do_idle+0x1c8/0x480 [ 108.158111][ C0] cpu_startup_entry+0x24/0x28 [ 108.159493][ C0] rest_init+0x360/0x390 [ 108.160667][ C0] arch_call_rest_init+0x14/0x20 [ 108.162052][ C0] start_kernel+0x49c/0x54c [ 108.163275][ C0] __primary_switched+0xa8/0xb0 [ 108.164589][ C0] irq event stamp: 296369 [ 108.165752][ C0] hardirqs last enabled at (296368): [] _raw_spin_unlock_irq+0x98/0x128 [ 108.168631][ C0] hardirqs last disabled at (296369): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 108.171506][ C0] softirqs last enabled at (296352): [] handle_softirqs+0xa4c/0xbf0 [ 108.174171][ C0] softirqs last disabled at (296365): [] __irq_exit_rcu+0x240/0x440 [ 108.176936][ C0] ---[ end trace 9a57da9f2c0eb26b ]--- [ 108.178831][ C0] ------------[ cut here ]------------ [ 108.180317][ C0] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 108.182271][ C0] WARNING: CPU: 0 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1580 [ 108.184948][ C0] Modules linked in: [ 108.186159][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.15.184-syzkaller #0 [ 108.188803][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.191635][ C0] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 108.193980][ C0] pc : usb_submit_urb+0xa44/0x1580 [ 108.195420][ C0] lr : usb_submit_urb+0xa44/0x1580 [ 108.196823][ C0] sp : ffff800008007620 [ 108.197930][ C0] x29: ffff800008007660 x28: 1fffe0001d7d6803 x27: ffff80001237bee8 [ 108.199676][ T1982] usb 1-1: USB disconnect, device number 3 [ 108.200109][ C0] x26: ffff0000ca965d00 x25: ffff0000c763ac50 x24: 0000000000000286 [ 108.203953][ C0] x23: ffff800012382540 x22: dfff800000000000 x21: 0000000000000002 [ 108.206192][ C0] x20: 0000000000000a20 x19: ffff0000c763ac00 x18: 0000000000000102 [ 108.208444][ C0] x17: 0000000000000000 x16: ffff8000083007ec x15: 00000000ffffffff [ 108.210642][ C0] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 108.212829][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : ee4d2915c5b25c00 [ 108.214983][ C0] x8 : ee4d2915c5b25c00 x7 : 0000000000000001 x6 : 0000000000000001 [ 108.217181][ C0] x5 : ffff800008006f18 x4 : ffff80001422f280 x3 : ffff8000083008fc [ 108.219421][ C0] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000029 [ 108.221677][ C0] Call trace: [ 108.222535][ C0] usb_submit_urb+0xa44/0x1580 [ 108.223871][ C0] bcm5974_irq_trackpad+0x204/0xe88 [ 108.225316][ C0] __usb_hcd_giveback_urb+0x2e0/0x518 [ 108.226804][ C0] usb_hcd_giveback_urb+0x100/0x3e0 [ 108.228209][ C0] dummy_timer+0x5b8/0x231c [ 108.229437][ C0] call_timer_fn+0x19c/0x858 [ 108.230708][ C0] __run_timers+0x46c/0x6c4 [ 108.232037][ C0] run_timer_softirq+0x7c/0x114 [ 108.233341][ C0] handle_softirqs+0x344/0xbf0 [ 108.234656][ C0] __irq_exit_rcu+0x240/0x440 [ 108.235972][ C0] irq_exit+0x14/0x88 [ 108.237077][ C0] handle_domain_irq+0x14c/0x1fc [ 108.238570][ C0] gic_handle_irq+0x78/0x1c8 [ 108.239816][ C0] call_on_irq_stack+0x24/0x4c [ 108.241197][ C0] do_interrupt_handler+0x6c/0x88 [ 108.242687][ C0] el1_interrupt+0x30/0x58 [ 108.243985][ C0] el1h_64_irq_handler+0x18/0x24 [ 108.245349][ C0] el1h_64_irq+0x78/0x7c [ 108.246502][ C0] arch_local_irq_enable+0xc/0x18 [ 108.247934][ C0] default_idle_call+0xcc/0x418 [ 108.249276][ C0] do_idle+0x1c8/0x480 [ 108.250409][ C0] cpu_startup_entry+0x24/0x28 [ 108.251729][ C0] rest_init+0x360/0x390 [ 108.252887][ C0] arch_call_rest_init+0x14/0x20 [ 108.254298][ C0] start_kernel+0x49c/0x54c [ 108.255568][ C0] __primary_switched+0xa8/0xb0 [ 108.256992][ C0] irq event stamp: 296461 [ 108.258167][ C0] hardirqs last enabled at (296460): [] _raw_spin_unlock_irq+0x98/0x128 [ 108.260970][ C0] hardirqs last disabled at (296461): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 108.263808][ C0] softirqs last enabled at (296352): [] handle_softirqs+0xa4c/0xbf0 [ 108.266511][ C0] softirqs last disabled at (296365): [] __irq_exit_rcu+0x240/0x440 [ 108.269141][ C0] ---[ end trace 9a57da9f2c0eb26c ]--- [ 108.270735][ C0] bcm5974 1-1:1.0: trackpad urb failed: -2 [ 108.278556][ T5004] bcm5974 1-1:1.0: could not read from device [ 108.978270][ T4118] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 109.228285][ T4118] usb 1-1: Using ep0 maxpacket: 16 [ 109.368366][ T4118] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 646 [ 109.548557][ T4118] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=71.b1 [ 109.551169][ T4118] usb 1-1: New USB device strings: Mfr=156, Product=201, SerialNumber=3 [ 109.553401][ T4118] usb 1-1: Product: syz [ 109.554548][ T4118] usb 1-1: Manufacturer: syz [ 109.555800][ T4118] usb 1-1: SerialNumber: syz [ 109.601387][ T4118] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input4 [ 110.018287][ T5004] ------------[ cut here ]------------ [ 110.019984][ T5004] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 110.021971][ T5004] WARNING: CPU: 0 PID: 5004 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1580 [ 110.024680][ T5004] Modules linked in: [ 110.025731][ T5004] CPU: 0 PID: 5004 Comm: udevd Tainted: G W 5.15.184-syzkaller #0 [ 110.028175][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 110.031052][ T5004] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 110.033178][ T5004] pc : usb_submit_urb+0xa44/0x1580 [ 110.034595][ T5004] lr : usb_submit_urb+0xa44/0x1580 [ 110.036102][ T5004] sp : ffff80001f4a7470 [ 110.037230][ T5004] x29: ffff80001f4a74b0 x28: 1fffe0001aac2603 x27: ffff80001237bee8 [ 110.039555][ T5004] x26: ffff0000c1311e00 x25: ffff0000cf7d0450 x24: 0000000000000286 [ 110.041840][ T5004] x23: ffff800012382540 x22: dfff800000000000 x21: 0000000000000002 [ 110.044111][ T5004] x20: 0000000000000cc0 x19: ffff0000cf7d0400 x18: 0000000000000001 [ 110.046278][ T5004] x17: 0000000000000000 x16: ffff8000111a5644 x15: 00000000ffffffff [ 110.048597][ T5004] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 110.050874][ T5004] x11: 0000000000000000 x10: 0000000000000000 x9 : d6b1f38f65b7e800 [ 110.053124][ T5004] x8 : d6b1f38f65b7e800 x7 : 0000000000000001 x6 : 0000000000000001 [ 110.055443][ T5004] x5 : ffff80001f4a6d58 x4 : ffff80001422f280 x3 : ffff80000850383c [ 110.057654][ T5004] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 110.059891][ T5004] Call trace: [ 110.060804][ T5004] usb_submit_urb+0xa44/0x1580 [ 110.062148][ T5004] bcm5974_start_traffic+0xe0/0x154 [ 110.063681][ T5004] bcm5974_open+0x94/0x130 [ 110.064899][ T5004] input_open_device+0x134/0x288 [ 110.066262][ T5004] evdev_open+0x3c4/0x468 [ 110.067508][ T5004] chrdev_open+0x26c/0x4f0 [ 110.068738][ T5004] do_dentry_open+0x760/0xebc [ 110.070056][ T5004] vfs_open+0x7c/0x90 [ 110.071137][ T5004] path_openat+0x1f80/0x26e4 [ 110.072422][ T5004] do_filp_open+0x164/0x330 [ 110.073764][ T5004] do_sys_openat2+0x128/0x3d8 [ 110.075093][ T5004] __arm64_sys_openat+0x120/0x154 [ 110.076527][ T5004] invoke_syscall+0x98/0x2b8 [ 110.077833][ T5004] el0_svc_common+0x138/0x258 [ 110.079177][ T5004] do_el0_svc+0x58/0x14c [ 110.080419][ T5004] el0_svc+0x78/0x1e0 [ 110.081557][ T5004] el0t_64_sync_handler+0xcc/0xe4 [ 110.082969][ T5004] el0t_64_sync+0x1a0/0x1a4 [ 110.084225][ T5004] irq event stamp: 36206 [ 110.085461][ T5004] hardirqs last enabled at (36205): [] __up_console_sem+0xb4/0x100 [ 110.088104][ T5004] hardirqs last disabled at (36206): [] el1_dbg+0x24/0x80 [ 110.090563][ T5004] softirqs last enabled at (33400): [] handle_softirqs+0xa4c/0xbf0 [ 110.093279][ T5004] softirqs last disabled at (32845): [] __irq_exit_rcu+0x240/0x440 [ 110.096020][ T5004] ---[ end trace 9a57da9f2c0eb26d ]--- [ 110.118148][ C0] ------------[ cut here ]------------ [ 110.119753][ C0] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 110.121812][ C0] WARNING: CPU: 0 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1580 [ 110.124455][ C0] Modules linked in: [ 110.125560][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.15.184-syzkaller #0 [ 110.128161][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 110.131173][ C0] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 110.133360][ C0] pc : usb_submit_urb+0xa44/0x1580 [ 110.134875][ C0] lr : usb_submit_urb+0xa44/0x1580 [ 110.136307][ C0] sp : ffff800008007620 [ 110.137512][ C0] x29: ffff800008007660 x28: 1fffe0001aac2603 x27: ffff80001237bee8 [ 110.139812][ C0] x26: ffff0000c1311e00 x25: ffff0000cf7d0450 x24: 0000000000000286 [ 110.142061][ C0] x23: ffff800012382540 x22: dfff800000000000 x21: 0000000000000002 [ 110.144402][ C0] x20: 0000000000000a20 x19: ffff0000cf7d0400 x18: 0000000000000102 [ 110.146673][ C0] x17: 0000000000000000 x16: ffff8000111a5644 x15: 00000000ffffffff [ 110.148878][ C0] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 110.151158][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : ee4d2915c5b25c00 [ 110.153490][ C0] x8 : ee4d2915c5b25c00 x7 : 0000000000000001 x6 : 0000000000000001 [ 110.155806][ C0] x5 : ffff800008006f18 x4 : ffff80001422f280 x3 : ffff80000850383c [ 110.158114][ C0] x2 : 0000000000000001 x1 : 0000000100000101 x0 : 0000000000000029 [ 110.160384][ C0] Call trace: [ 110.161322][ C0] usb_submit_urb+0xa44/0x1580 [ 110.162662][ C0] bcm5974_irq_trackpad+0x204/0xe88 [ 110.164139][ C0] __usb_hcd_giveback_urb+0x2e0/0x518 [ 110.165680][ C0] usb_hcd_giveback_urb+0x100/0x3e0 [ 110.167091][ C0] dummy_timer+0x5b8/0x231c [ 110.168342][ C0] call_timer_fn+0x19c/0x858 [ 110.169616][ C0] __run_timers+0x46c/0x6c4 [ 110.170890][ C0] run_timer_softirq+0x7c/0x114 [ 110.172272][ C0] handle_softirqs+0x344/0xbf0 [ 110.173604][ C0] __irq_exit_rcu+0x240/0x440 [ 110.174910][ C0] irq_exit+0x14/0x88 [ 110.176002][ C0] handle_domain_irq+0x14c/0x1fc [ 110.177328][ C0] gic_handle_irq+0x78/0x1c8 [ 110.178616][ C0] call_on_irq_stack+0x24/0x4c [ 110.179910][ C0] do_interrupt_handler+0x6c/0x88 [ 110.181380][ C0] el1_interrupt+0x30/0x58 [ 110.182574][ C0] el1h_64_irq_handler+0x18/0x24 [ 110.184017][ C0] el1h_64_irq+0x78/0x7c [ 110.185183][ C0] arch_local_irq_enable+0xc/0x18 [ 110.186564][ C0] default_idle_call+0xcc/0x418 [ 110.187888][ C0] do_idle+0x1c8/0x480 [ 110.189010][ C0] cpu_startup_entry+0x24/0x28 [ 110.190312][ C0] rest_init+0x360/0x390 [ 110.191449][ C0] arch_call_rest_init+0x14/0x20 [ 110.192801][ C0] start_kernel+0x49c/0x54c [ 110.194005][ C0] __primary_switched+0xa8/0xb0 [ 110.195405][ C0] irq event stamp: 305461 [ 110.196647][ C0] hardirqs last enabled at (305460): [] _raw_spin_unlock_irq+0x98/0x128 [ 110.199468][ C0] hardirqs last disabled at (305461): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 110.202275][ C0] softirqs last enabled at (305444): [] handle_softirqs+0xa4c/0xbf0 [ 110.204985][ C0] softirqs last disabled at (305457): [] __irq_exit_rcu+0x240/0x440 [ 110.207584][ C0] ---[ end trace 9a57da9f2c0eb26e ]--- [ 110.219251][ T4679] usb 1-1: USB disconnect, device number 4 [ 110.230946][ T5004] bcm5974 1-1:1.0: could not read from device 1970/01/01 00:01:50 executed programs: 5 [ 111.018283][ T4679] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 111.268235][ T4679] usb 1-1: Using ep0 maxpacket: 16 [ 111.388412][ T4679] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 646 [ 111.568427][ T4679] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=71.b1 [ 111.570927][ T4679] usb 1-1: New USB device strings: Mfr=156, Product=201, SerialNumber=3 [ 111.573552][ T4679] usb 1-1: Product: syz [ 111.574692][ T4679] usb 1-1: Manufacturer: syz [ 111.575921][ T4679] usb 1-1: SerialNumber: syz [ 111.621314][ T4679] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input5 [ 112.048415][ T5004] ------------[ cut here ]------------ [ 112.049999][ T5004] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 112.051974][ T5004] WARNING: CPU: 1 PID: 5004 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1580 [ 112.054605][ T5004] Modules linked in: [ 112.055665][ T5004] CPU: 1 PID: 5004 Comm: udevd Tainted: G W 5.15.184-syzkaller #0 [ 112.058129][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.060941][ T5004] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 112.063098][ T5004] pc : usb_submit_urb+0xa44/0x1580 [ 112.064472][ T5004] lr : usb_submit_urb+0xa44/0x1580 [ 112.065854][ T5004] sp : ffff80001f4a7470 [ 112.066936][ T5004] x29: ffff80001f4a74b0 x28: 1fffe000192cd203 x27: ffff80001237bee8 [ 112.069055][ T5004] x26: ffff0000d81c1b00 x25: ffff0000cef43450 x24: 0000000000000286 [ 112.071185][ T5004] x23: ffff800012382540 x22: dfff800000000000 x21: 0000000000000002 [ 112.073370][ T5004] x20: 0000000000000cc0 x19: ffff0000cef43400 x18: 0000000000000001 [ 112.075496][ T5004] x17: 0000000000000000 x16: ffff8000111a5644 x15: 00000000ffffffff [ 112.077727][ T5004] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 112.079995][ T5004] x11: 0000000000000000 x10: 0000000000000000 x9 : d6b1f38f65b7e800 [ 112.082172][ T5004] x8 : d6b1f38f65b7e800 x7 : 0000000000000001 x6 : 0000000000000001 [ 112.084362][ T5004] x5 : ffff80001f4a6d58 x4 : ffff80001422f280 x3 : ffff80000850383c [ 112.086606][ T5004] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 112.088803][ T5004] Call trace: [ 112.089685][ T5004] usb_submit_urb+0xa44/0x1580 [ 112.091036][ T5004] bcm5974_start_traffic+0xe0/0x154 [ 112.092511][ T5004] bcm5974_open+0x94/0x130 [ 112.093779][ T5004] input_open_device+0x134/0x288 [ 112.095126][ T5004] evdev_open+0x3c4/0x468 [ 112.096304][ T5004] chrdev_open+0x26c/0x4f0 [ 112.097533][ T5004] do_dentry_open+0x760/0xebc [ 112.098816][ T5004] vfs_open+0x7c/0x90 [ 112.099917][ T5004] path_openat+0x1f80/0x26e4 [ 112.101171][ T5004] do_filp_open+0x164/0x330 [ 112.102366][ T5004] do_sys_openat2+0x128/0x3d8 [ 112.103629][ T5004] __arm64_sys_openat+0x120/0x154 [ 112.104985][ T5004] invoke_syscall+0x98/0x2b8 [ 112.106213][ T5004] el0_svc_common+0x138/0x258 [ 112.107546][ T5004] do_el0_svc+0x58/0x14c [ 112.108765][ T5004] el0_svc+0x78/0x1e0 [ 112.109863][ T5004] el0t_64_sync_handler+0xcc/0xe4 [ 112.111193][ T5004] el0t_64_sync+0x1a0/0x1a4 [ 112.112422][ T5004] irq event stamp: 42764 [ 112.113577][ T5004] hardirqs last enabled at (42763): [] __up_console_sem+0xb4/0x100 [ 112.116135][ T5004] hardirqs last disabled at (42764): [] el1_dbg+0x24/0x80 [ 112.118507][ T5004] softirqs last enabled at (40024): [] handle_softirqs+0xa4c/0xbf0 [ 112.121170][ T5004] softirqs last disabled at (40019): [] __irq_exit_rcu+0x240/0x440 [ 112.123818][ T5004] ---[ end trace 9a57da9f2c0eb26f ]--- [ 112.138168][ C1] ------------[ cut here ]------------ [ 112.139693][ C1] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 112.141640][ C1] WARNING: CPU: 1 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1580 [ 112.144168][ C1] Modules linked in: [ 112.145234][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.15.184-syzkaller #0 [ 112.147723][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.150493][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 112.152739][ C1] pc : usb_submit_urb+0xa44/0x1580 [ 112.154109][ C1] lr : usb_submit_urb+0xa44/0x1580 [ 112.155468][ C1] sp : ffff800008017620 [ 112.156549][ C1] x29: ffff800008017660 x28: 1fffe000192cd203 x27: ffff80001237bee8 [ 112.158688][ C1] x26: ffff0000d81c1b00 x25: ffff0000cef43450 x24: 0000000000000286 [ 112.160920][ C1] x23: ffff800012382540 x22: dfff800000000000 x21: 0000000000000002 [ 112.163113][ C1] x20: 0000000000000a20 x19: ffff0000cef43400 x18: 0000000000000102 [ 112.165344][ C1] x17: 0000000000000000 x16: ffff8000111a5644 x15: 00000000ffffffff [ 112.167600][ C1] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 112.169821][ C1] x11: 0000000000000101 x10: 0000000000000000 x9 : 722e1e6665d0e900 [ 112.172033][ C1] x8 : 722e1e6665d0e900 x7 : 0000000000000001 x6 : 0000000000000001 [ 112.174338][ C1] x5 : ffff800008016f18 x4 : ffff80001422f280 x3 : ffff80000850383c [ 112.176578][ C1] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000029 [ 112.178795][ C1] Call trace: [ 112.179660][ C1] usb_submit_urb+0xa44/0x1580 [ 112.180985][ C1] bcm5974_irq_trackpad+0x204/0xe88 [ 112.182440][ C1] __usb_hcd_giveback_urb+0x2e0/0x518 [ 112.183932][ C1] usb_hcd_giveback_urb+0x100/0x3e0 [ 112.185367][ C1] dummy_timer+0x5b8/0x231c [ 112.186745][ C1] call_timer_fn+0x19c/0x858 [ 112.188005][ C1] __run_timers+0x46c/0x6c4 [ 112.189291][ C1] run_timer_softirq+0x7c/0x114 [ 112.190656][ C1] handle_softirqs+0x344/0xbf0 [ 112.191991][ C1] __irq_exit_rcu+0x240/0x440 [ 112.193300][ C1] irq_exit+0x14/0x88 [ 112.194459][ C1] handle_domain_irq+0x14c/0x1fc [ 112.195857][ C1] gic_handle_irq+0x78/0x1c8 [ 112.197167][ C1] call_on_irq_stack+0x24/0x4c [ 112.198549][ C1] do_interrupt_handler+0x6c/0x88 [ 112.199998][ C1] el1_interrupt+0x30/0x58 [ 112.201220][ C1] el1h_64_irq_handler+0x18/0x24 [ 112.202636][ C1] el1h_64_irq+0x78/0x7c [ 112.203882][ C1] arch_local_irq_enable+0xc/0x18 [ 112.205374][ C1] default_idle_call+0xcc/0x418 [ 112.206713][ C1] do_idle+0x1c8/0x480 [ 112.207816][ C1] cpu_startup_entry+0x24/0x28 [ 112.209153][ C1] secondary_start_kernel+0x23c/0x294 [ 112.210627][ C1] __secondary_switched+0x94/0x98 [ 112.212017][ C1] irq event stamp: 314957 [ 112.213186][ C1] hardirqs last enabled at (314956): [] _raw_spin_unlock_irq+0x98/0x128 [ 112.215926][ C1] hardirqs last disabled at (314957): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 112.218737][ C1] softirqs last enabled at (314904): [] handle_softirqs+0xa4c/0xbf0 [ 112.221388][ C1] softirqs last disabled at (314953): [] __irq_exit_rcu+0x240/0x440 [ 112.224021][ C1] ---[ end trace 9a57da9f2c0eb270 ]--- [ 112.225703][ C1] ------------[ cut here ]------------ [ 112.227144][ C1] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 112.229093][ C1] WARNING: CPU: 1 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1580 [ 112.231735][ C1] Modules linked in: [ 112.232825][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.15.184-syzkaller #0 [ 112.235435][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.238149][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 112.240309][ C1] pc : usb_submit_urb+0xa44/0x1580 [ 112.241711][ C1] lr : usb_submit_urb+0xa44/0x1580 [ 112.243078][ C1] sp : ffff800008017620 [ 112.244187][ C1] x29: ffff800008017660 x28: 1fffe000192cd203 x27: ffff80001237bee8 [ 112.246323][ C1] x26: ffff0000d81c1b00 x25: ffff0000cef43450 x24: 0000000000000286 [ 112.248478][ C1] x23: ffff800012382540 x22: dfff800000000000 x21: 0000000000000002 [ 112.249196][ T4679] usb 1-1: USB disconnect, device number 5 [ 112.250644][ C1] x20: 0000000000000a20 x19: ffff0000cef43400 x18: 0000000000000102 [ 112.254435][ C1] x17: 0000000000000000 x16: ffff8000083007ec x15: 00000000ffffffff [ 112.256727][ C1] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 112.258960][ C1] x11: 0000000000000101 x10: 0000000000000000 x9 : 722e1e6665d0e900 [ 112.261149][ C1] x8 : 722e1e6665d0e900 x7 : 0000000000000001 x6 : 0000000000000001 [ 112.263538][ C1] x5 : ffff800008016f18 x4 : ffff80001422f280 x3 : ffff8000083008fc [ 112.265721][ C1] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000029 [ 112.267948][ C1] Call trace: [ 112.268839][ C1] usb_submit_urb+0xa44/0x1580 [ 112.270099][ C1] bcm5974_irq_trackpad+0x204/0xe88 [ 112.271557][ C1] __usb_hcd_giveback_urb+0x2e0/0x518 [ 112.272999][ C1] usb_hcd_giveback_urb+0x100/0x3e0 [ 112.274423][ C1] dummy_timer+0x5b8/0x231c [ 112.275681][ C1] call_timer_fn+0x19c/0x858 [ 112.276889][ C1] __run_timers+0x46c/0x6c4 [ 112.278069][ C1] run_timer_softirq+0x7c/0x114 [ 112.279401][ C1] handle_softirqs+0x344/0xbf0 [ 112.280767][ C1] __irq_exit_rcu+0x240/0x440 [ 112.281985][ C1] irq_exit+0x14/0x88 [ 112.283193][ C1] handle_domain_irq+0x14c/0x1fc [ 112.284570][ C1] gic_handle_irq+0x78/0x1c8 [ 112.285825][ C1] call_on_irq_stack+0x24/0x4c [ 112.287133][ C1] do_interrupt_handler+0x6c/0x88 [ 112.288507][ C1] el1_interrupt+0x30/0x58 [ 112.289737][ C1] el1h_64_irq_handler+0x18/0x24 [ 112.291102][ C1] el1h_64_irq+0x78/0x7c [ 112.292279][ C1] arch_local_irq_enable+0xc/0x18 [ 112.293646][ C1] default_idle_call+0xcc/0x418 [ 112.294980][ C1] do_idle+0x1c8/0x480 [ 112.296139][ C1] cpu_startup_entry+0x24/0x28 [ 112.297507][ C1] secondary_start_kernel+0x23c/0x294 [ 112.298982][ C1] __secondary_switched+0x94/0x98 [ 112.300347][ C1] irq event stamp: 314975 [ 112.301554][ C1] hardirqs last enabled at (314974): [] _raw_spin_unlock_irq+0x98/0x128 [ 112.304336][ C1] hardirqs last disabled at (314975): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 112.307150][ C1] softirqs last enabled at (314904): [] handle_softirqs+0xa4c/0xbf0 [ 112.309830][ C1] softirqs last disabled at (314953): [] __irq_exit_rcu+0x240/0x440 [ 112.312509][ C1] ---[ end trace 9a57da9f2c0eb271 ]--- [ 112.314029][ C1] bcm5974 1-1:1.0: trackpad urb failed: -2 [ 112.328754][ T5004] bcm5974 1-1:1.0: could not read from device [ 113.038295][ T4679] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 113.318220][ T4679] usb 1-1: Using ep0 maxpacket: 16 [ 113.448349][ T4679] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 646 [ 113.608361][ T4679] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=71.b1 [ 113.611150][ T4679] usb 1-1: New USB device strings: Mfr=156, Product=201, SerialNumber=3 [ 113.613505][ T4679] usb 1-1: Product: syz [ 113.614714][ T4679] usb 1-1: Manufacturer: syz [ 113.615980][ T4679] usb 1-1: SerialNumber: syz [ 113.662665][ T4679] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input6 [ 114.088336][ T5004] ------------[ cut here ]------------ [ 114.089880][ T5004] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 114.091843][ T5004] WARNING: CPU: 1 PID: 5004 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1580 [ 114.094486][ T5004] Modules linked in: [ 114.095517][ T5004] CPU: 1 PID: 5004 Comm: udevd Tainted: G W 5.15.184-syzkaller #0 [ 114.097941][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.100834][ T5004] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 114.103044][ T5004] pc : usb_submit_urb+0xa44/0x1580 [ 114.104525][ T5004] lr : usb_submit_urb+0xa44/0x1580 [ 114.105988][ T5004] sp : ffff80001f4a7470 [ 114.107115][ T5004] x29: ffff80001f4a74b0 x28: 1fffe0001b67a403 x27: ffff80001237bee8 [ 114.109417][ T5004] x26: ffff0000d7328800 x25: ffff0000cddef250 x24: 0000000000000286 [ 114.111663][ T5004] x23: ffff800012382540 x22: dfff800000000000 x21: 0000000000000002 [ 114.113937][ T5004] x20: 0000000000000cc0 x19: ffff0000cddef200 x18: 0000000000000001 [ 114.116226][ T5004] x17: 0000000000000000 x16: ffff8000111a5644 x15: 00000000ffffffff [ 114.118530][ T5004] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 114.120751][ T5004] x11: 0000000000000000 x10: 0000000000000000 x9 : d6b1f38f65b7e800 [ 114.123017][ T5004] x8 : d6b1f38f65b7e800 x7 : 0000000000000001 x6 : 0000000000000001 [ 114.125282][ T5004] x5 : ffff80001f4a6d58 x4 : ffff80001422f280 x3 : ffff80000850383c [ 114.127559][ T5004] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 114.129889][ T5004] Call trace: [ 114.130800][ T5004] usb_submit_urb+0xa44/0x1580 [ 114.132161][ T5004] bcm5974_start_traffic+0xe0/0x154 [ 114.133688][ T5004] bcm5974_open+0x94/0x130 [ 114.134939][ T5004] input_open_device+0x134/0x288 [ 114.136334][ T5004] evdev_open+0x3c4/0x468 [ 114.137629][ T5004] chrdev_open+0x26c/0x4f0 [ 114.138922][ T5004] do_dentry_open+0x760/0xebc [ 114.140204][ T5004] vfs_open+0x7c/0x90 [ 114.141347][ T5004] path_openat+0x1f80/0x26e4 [ 114.142607][ T5004] do_filp_open+0x164/0x330 [ 114.143885][ T5004] do_sys_openat2+0x128/0x3d8 [ 114.145143][ T5004] __arm64_sys_openat+0x120/0x154 [ 114.146540][ T5004] invoke_syscall+0x98/0x2b8 [ 114.147879][ T5004] el0_svc_common+0x138/0x258 [ 114.149167][ T5004] do_el0_svc+0x58/0x14c [ 114.150357][ T5004] el0_svc+0x78/0x1e0 [ 114.151500][ T5004] el0t_64_sync_handler+0xcc/0xe4 [ 114.152926][ T5004] el0t_64_sync+0x1a0/0x1a4 [ 114.154148][ T5004] irq event stamp: 49324 [ 114.155311][ T5004] hardirqs last enabled at (49323): [] __up_console_sem+0xb4/0x100 [ 114.158075][ T5004] hardirqs last disabled at (49324): [] el1_dbg+0x24/0x80 [ 114.160468][ T5004] softirqs last enabled at (48130): [] handle_softirqs+0xa4c/0xbf0 [ 114.163103][ T5004] softirqs last disabled at (48121): [] __irq_exit_rcu+0x240/0x440 [ 114.165920][ T5004] ---[ end trace 9a57da9f2c0eb272 ]--- [ 114.188168][ C1] ------------[ cut here ]------------ [ 114.189849][ C1] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 114.191878][ C1] WARNING: CPU: 1 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1580 [ 114.194514][ C1] Modules linked in: [ 114.195624][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.15.184-syzkaller #0 [ 114.198293][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.201139][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 114.203424][ C1] pc : usb_submit_urb+0xa44/0x1580 [ 114.204932][ C1] lr : usb_submit_urb+0xa44/0x1580 [ 114.206300][ C1] sp : ffff800008017620 [ 114.207531][ C1] x29: ffff800008017660 x28: 1fffe0001b67a403 x27: ffff80001237bee8 [ 114.209830][ C1] x26: ffff0000d7328800 x25: ffff0000cddef250 x24: 0000000000000286 [ 114.212032][ C1] x23: ffff800012382540 x22: dfff800000000000 x21: 0000000000000002 [ 114.214338][ C1] x20: 0000000000000a20 x19: ffff0000cddef200 x18: 0000000000000102 [ 114.216622][ C1] x17: 0000000000000000 x16: ffff8000111a5644 x15: 00000000ffffffff [ 114.218868][ C1] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 114.221142][ C1] x11: 0000000000000101 x10: 0000000000000000 x9 : 722e1e6665d0e900 [ 114.223301][ C1] x8 : 722e1e6665d0e900 x7 : 0000000000000001 x6 : 0000000000000001 [ 114.225554][ C1] x5 : ffff800008016f18 x4 : ffff80001422f280 x3 : ffff80000850383c [ 114.227757][ C1] x2 : 0000000000000001 x1 : 0000000100000101 x0 : 0000000000000029 [ 114.229984][ C1] Call trace: [ 114.230884][ C1] usb_submit_urb+0xa44/0x1580 [ 114.232246][ C1] bcm5974_irq_trackpad+0x204/0xe88 [ 114.233712][ C1] __usb_hcd_giveback_urb+0x2e0/0x518 [ 114.235221][ C1] usb_hcd_giveback_urb+0x100/0x3e0 [ 114.236692][ C1] dummy_timer+0x5b8/0x231c [ 114.237961][ C1] call_timer_fn+0x19c/0x858 [ 114.239325][ C1] __run_timers+0x46c/0x6c4 [ 114.240592][ C1] run_timer_softirq+0x7c/0x114 [ 114.241985][ C1] handle_softirqs+0x344/0xbf0 [ 114.243298][ C1] __irq_exit_rcu+0x240/0x440 [ 114.244600][ C1] irq_exit+0x14/0x88 [ 114.245697][ C1] handle_domain_irq+0x14c/0x1fc [ 114.247032][ C1] gic_handle_irq+0x78/0x1c8 [ 114.248329][ C1] call_on_irq_stack+0x24/0x4c [ 114.249715][ C1] do_interrupt_handler+0x6c/0x88 [ 114.251139][ C1] el1_interrupt+0x30/0x58 [ 114.252422][ C1] el1h_64_irq_handler+0x18/0x24 [ 114.253900][ C1] el1h_64_irq+0x78/0x7c [ 114.255071][ C1] arch_local_irq_enable+0xc/0x18 [ 114.256537][ C1] default_idle_call+0xcc/0x418 [ 114.257890][ C1] do_idle+0x1c8/0x480 [ 114.259029][ C1] cpu_startup_entry+0x24/0x28 [ 114.260334][ C1] secondary_start_kernel+0x23c/0x294 [ 114.261853][ C1] __secondary_switched+0x94/0x98 [ 114.263257][ C1] irq event stamp: 322889 [ 114.264431][ C1] hardirqs last enabled at (322888): [] _raw_spin_unlock_irq+0x98/0x128 [ 114.267255][ C1] hardirqs last disabled at (322889): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 114.270136][ C1] softirqs last enabled at (322878): [] handle_softirqs+0xa4c/0xbf0 [ 114.272809][ C1] softirqs last disabled at (322885): [] __irq_exit_rcu+0x240/0x440 [ 114.275541][ C1] ---[ end trace 9a57da9f2c0eb273 ]--- [ 114.288203][ C1] ------------[ cut here ]------------ [ 114.289770][ C1] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 114.291665][ C1] WARNING: CPU: 1 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1580 [ 114.292372][ T4679] usb 1-1: USB disconnect, device number 6 [ 114.294153][ C1] Modules linked in: [ 114.296831][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.15.184-syzkaller #0 [ 114.299243][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.302019][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 114.304140][ C1] pc : usb_submit_urb+0xa44/0x1580 [ 114.305540][ C1] lr : usb_submit_urb+0xa44/0x1580 [ 114.306961][ C1] sp : ffff800008017620 [ 114.308101][ C1] x29: ffff800008017660 x28: 1fffe0001b67a403 x27: ffff80001237bee8 [ 114.310303][ C1] x26: ffff0000d7328800 x25: ffff0000cddef250 x24: 0000000000000286 [ 114.312545][ C1] x23: ffff800012382540 x22: dfff800000000000 x21: 0000000000000002 [ 114.314817][ C1] x20: 0000000000000a20 x19: ffff0000cddef200 x18: 0000000000000102 [ 114.317005][ C1] x17: 0000000000000000 x16: ffff8000111a5644 x15: 00000000ffffffff [ 114.319231][ C1] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 114.321404][ C1] x11: 0000000000000101 x10: 0000000000000000 x9 : 722e1e6665d0e900 [ 114.323625][ C1] x8 : 722e1e6665d0e900 x7 : 0000000000000001 x6 : 0000000000000001 [ 114.325835][ C1] x5 : ffff800008016f18 x4 : ffff80001422f280 x3 : ffff80000850383c [ 114.328069][ C1] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000029 [ 114.330338][ C1] Call trace: [ 114.331291][ C1] usb_submit_urb+0xa44/0x1580 [ 114.332666][ C1] bcm5974_irq_trackpad+0x204/0xe88 [ 114.334075][ C1] __usb_hcd_giveback_urb+0x2e0/0x518 [ 114.335554][ C1] usb_hcd_giveback_urb+0x100/0x3e0 [ 114.336968][ C1] dummy_timer+0x5b8/0x231c [ 114.338171][ C1] call_timer_fn+0x19c/0x858 [ 114.339481][ C1] __run_timers+0x46c/0x6c4 [ 114.340772][ C1] run_timer_softirq+0x7c/0x114 [ 114.342121][ C1] handle_softirqs+0x344/0xbf0 [ 114.343405][ C1] __irq_exit_rcu+0x240/0x440 [ 114.344688][ C1] irq_exit+0x14/0x88 [ 114.345751][ C1] handle_domain_irq+0x14c/0x1fc [ 114.347052][ C1] gic_handle_irq+0x78/0x1c8 [ 114.348335][ C1] call_on_irq_stack+0x24/0x4c [ 114.349667][ C1] do_interrupt_handler+0x6c/0x88 [ 114.351093][ C1] el1_interrupt+0x30/0x58 [ 114.352283][ C1] el1h_64_irq_handler+0x18/0x24 [ 114.353649][ C1] el1h_64_irq+0x78/0x7c [ 114.354796][ C1] arch_local_irq_enable+0xc/0x18 [ 114.356136][ C1] default_idle_call+0xcc/0x418 [ 114.357481][ C1] do_idle+0x1c8/0x480 [ 114.358634][ C1] cpu_startup_entry+0x24/0x28 [ 114.359894][ C1] secondary_start_kernel+0x23c/0x294 [ 114.361355][ C1] __secondary_switched+0x94/0x98 [ 114.362768][ C1] irq event stamp: 322953 [ 114.363914][ C1] hardirqs last enabled at (322952): [] _raw_spin_unlock_irq+0x98/0x128 [ 114.366625][ C1] hardirqs last disabled at (322953): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 114.369329][ C1] softirqs last enabled at (322916): [] handle_softirqs+0xa4c/0xbf0 [ 114.372005][ C1] softirqs last disabled at (322941): [] __irq_exit_rcu+0x240/0x440 [ 114.374610][ C1] ---[ end trace 9a57da9f2c0eb274 ]--- [ 114.376133][ C1] bcm5974 1-1:1.0: trackpad urb failed: -2 [ 114.388358][ T5004] bcm5974 1-1:1.0: could not read from device [ 115.068225][ T4679] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 115.328283][ T4679] usb 1-1: Using ep0 maxpacket: 16 [ 115.478443][ T4679] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 646 [ 115.668509][ T4679] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=71.b1 [ 115.671093][ T4679] usb 1-1: New USB device strings: Mfr=156, Product=201, SerialNumber=3 [ 115.673429][ T4679] usb 1-1: Product: syz [ 115.674498][ T4679] usb 1-1: Manufacturer: syz [ 115.675836][ T4679] usb 1-1: SerialNumber: syz [ 115.720399][ T4679] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input7