Warning: Permanently added '10.128.1.165' (ED25519) to the list of known hosts. 1970/01/01 00:01:22 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:23 parsed 1 programs [ 86.268804][ T4416] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 93.189567][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.192028][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.198856][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 93.210476][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.212814][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.215748][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 93.468762][ T4456] chnl_net:caif_netlink_parms(): no params data found [ 93.513401][ T4456] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.515456][ T4456] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.518060][ T4456] device bridge_slave_0 entered promiscuous mode [ 93.522468][ T4456] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.524477][ T4456] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.527213][ T4456] device bridge_slave_1 entered promiscuous mode [ 93.547815][ T4456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.554358][ T4456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.572335][ T4456] team0: Port device team_slave_0 added [ 93.576458][ T4456] team0: Port device team_slave_1 added [ 93.593217][ T4456] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.595175][ T4456] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.602191][ T4456] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.606502][ T4456] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.608493][ T4456] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.617507][ T4456] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.673757][ T4456] device hsr_slave_0 entered promiscuous mode [ 93.711844][ T4456] device hsr_slave_1 entered promiscuous mode [ 94.532149][ T4456] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.567615][ T4456] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.613491][ T4456] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.643086][ T4456] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.719759][ T4456] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.729054][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.733367][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.738213][ T4456] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.745750][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.748476][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.751176][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.753091][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.759198][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.762843][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.765534][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.768067][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.770111][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.782559][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 94.785771][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 94.788596][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.792648][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.795369][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.798152][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.807911][ T4456] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.814324][ T4456] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.836899][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 94.839594][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 94.844808][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.847662][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 94.850325][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.856441][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 94.935067][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 94.937281][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 94.947002][ T4456] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.968631][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 94.973409][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 94.986800][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 94.989572][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 94.995188][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 94.998047][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 95.003003][ T4456] device veth0_vlan entered promiscuous mode [ 95.009743][ T4456] device veth1_vlan entered promiscuous mode [ 95.051638][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 95.054349][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 95.056960][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 95.059561][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 95.066388][ T4456] device veth0_macvtap entered promiscuous mode [ 95.074663][ T4456] device veth1_macvtap entered promiscuous mode [ 95.086202][ T4456] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.088287][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 95.093211][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 95.095805][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 95.098627][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 95.104861][ T4456] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.106992][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 95.109646][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 95.116568][ T4456] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.118945][ T4456] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.121743][ T4456] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.124023][ T4456] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:01:36 executed programs: 0 [ 96.608643][ T4644] chnl_net:caif_netlink_parms(): no params data found [ 96.660013][ T4644] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.663461][ T4644] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.666172][ T4644] device bridge_slave_0 entered promiscuous mode [ 96.669843][ T4644] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.673806][ T4644] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.676448][ T4644] device bridge_slave_1 entered promiscuous mode [ 96.697281][ T4644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.703583][ T4644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.722931][ T4644] team0: Port device team_slave_0 added [ 96.726399][ T4644] team0: Port device team_slave_1 added [ 96.747807][ T4644] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.749781][ T4644] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.758644][ T4644] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.764587][ T4644] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.766400][ T4644] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.775114][ T4644] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.853816][ T4644] device hsr_slave_0 entered promiscuous mode [ 96.880598][ T4644] device hsr_slave_1 entered promiscuous mode [ 96.910807][ T4644] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.912933][ T4644] Cannot create hsr debugfs directory [ 96.975463][ T4644] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.570451][ T4091] Bluetooth: hci0: command 0x0409 tx timeout [ 100.467394][ T4644] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.526441][ T4644] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.588731][ T4644] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.660693][ T4089] Bluetooth: hci0: command 0x041b tx timeout [ 100.808834][ T4644] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.856240][ T4644] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.893059][ T4644] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.934008][ T4644] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.031585][ T4644] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.041996][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.047339][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.054716][ T4644] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.059325][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.064846][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.067495][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.069473][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.072615][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 101.078167][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.084506][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.087058][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.089002][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.136325][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 101.139349][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 101.144550][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 101.149236][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.155974][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 101.159805][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.166429][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.172106][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 101.174769][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 101.179854][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 101.183899][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 101.188446][ T4644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 101.259971][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 101.262228][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 101.268070][ T4644] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.280076][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 101.285900][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 101.298308][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 101.301839][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 101.304607][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 101.307203][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 101.312200][ T4644] device veth0_vlan entered promiscuous mode [ 101.319413][ T4644] device veth1_vlan entered promiscuous mode [ 101.334627][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 101.337468][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 101.340003][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 101.343950][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 101.348598][ T4644] device veth0_macvtap entered promiscuous mode [ 101.354050][ T4644] device veth1_macvtap entered promiscuous mode [ 101.365681][ T4644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.368680][ T4644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.375100][ T4644] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.377276][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 101.379911][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 101.382956][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 101.385763][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 101.390540][ T4644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.393404][ T4644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.397098][ T4644] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.399567][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 101.402311][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 101.406840][ T4644] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.409322][ T4644] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.412240][ T4644] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.414719][ T4644] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.474935][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.477103][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.479854][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 101.520479][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.522716][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.525811][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:41 executed programs: 2 [ 101.830945][ T4089] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 102.070479][ T4089] usb 1-1: Using ep0 maxpacket: 16 [ 102.190691][ T4089] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 646 [ 102.350505][ T4089] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=71.b1 [ 102.353137][ T4089] usb 1-1: New USB device strings: Mfr=156, Product=201, SerialNumber=3 [ 102.355234][ T4089] usb 1-1: Product: syz [ 102.356325][ T4089] usb 1-1: Manufacturer: syz [ 102.357581][ T4089] usb 1-1: SerialNumber: syz [ 102.407817][ T4089] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input2 [ 102.730595][ T4089] Bluetooth: hci0: command 0x040f tx timeout [ 102.840732][ T4481] ------------[ cut here ]------------ [ 102.842417][ T4481] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 102.844518][ T4481] WARNING: CPU: 1 PID: 4481 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 102.847034][ T4481] Modules linked in: [ 102.848037][ T4481] CPU: 1 PID: 4481 Comm: udevd Not tainted 5.15.179-syzkaller #0 [ 102.850077][ T4481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 102.852704][ T4481] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 102.854840][ T4481] pc : usb_submit_urb+0xa44/0x1588 [ 102.856210][ T4481] lr : usb_submit_urb+0xa44/0x1588 [ 102.857581][ T4481] sp : ffff800020457370 [ 102.858738][ T4481] x29: ffff8000204573b0 x28: 0000000000000001 x27: ffff800012d527e8 [ 102.860937][ T4481] x26: ffff0000c87c2200 x25: ffff0000c9600000 x24: 0000000000000286 [ 102.863414][ T4481] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 102.865574][ T4481] x20: 0000000000000cc0 x19: ffff0000d0a47200 x18: 0000000000000001 [ 102.867739][ T4481] x17: 0000000000000000 x16: ffff800011b5ac80 x15: 00000000ffffffff [ 102.869994][ T4481] x14: ffff0000dca00000 x13: 0000000000000001 x12: 0000000000000001 [ 102.872166][ T4481] x11: 0000000000000000 x10: 0000000000000000 x9 : ad490889efb23000 [ 102.874340][ T4481] x8 : ad490889efb23000 x7 : 0000000000000001 x6 : 0000000000000001 [ 102.876575][ T4481] x5 : ffff800020456ad8 x4 : ffff800014c4fe40 x3 : ffff800008557710 [ 102.878715][ T4481] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 102.880909][ T4481] Call trace: [ 102.881924][ T4481] usb_submit_urb+0xa44/0x1588 [ 102.883235][ T4481] bcm5974_start_traffic+0xe0/0x154 [ 102.884610][ T4481] bcm5974_open+0x98/0x134 [ 102.885836][ T4481] input_open_device+0x170/0x29c [ 102.887178][ T4481] evdev_open+0x308/0x4b4 [ 102.888372][ T4481] chrdev_open+0x3e8/0x4fc [ 102.889549][ T4481] do_dentry_open+0x780/0xed8 [ 102.890768][ T4481] vfs_open+0x7c/0x90 [ 102.891798][ T4481] path_openat+0x1ea0/0x26cc [ 102.893010][ T4481] do_filp_open+0x1a8/0x3b4 [ 102.894188][ T4481] do_sys_openat2+0x128/0x3e0 [ 102.895446][ T4481] __arm64_sys_openat+0x1f0/0x240 [ 102.896765][ T4481] invoke_syscall+0x98/0x2b8 [ 102.898011][ T4481] el0_svc_common+0x138/0x258 [ 102.899254][ T4481] do_el0_svc+0x58/0x14c [ 102.900432][ T4481] el0_svc+0x7c/0x1f0 [ 102.901502][ T4481] el0t_64_sync_handler+0x84/0xe4 [ 102.902843][ T4481] el0t_64_sync+0x1a0/0x1a4 [ 102.904006][ T4481] irq event stamp: 5164 [ 102.905095][ T4481] hardirqs last enabled at (5163): [] __up_console_sem+0xb4/0x100 [ 102.907770][ T4481] hardirqs last disabled at (5164): [] el1_dbg+0x24/0x80 [ 102.910041][ T4481] softirqs last enabled at (5042): [] handle_softirqs+0xb88/0xdbc [ 102.912578][ T4481] softirqs last disabled at (5027): [] __irq_exit_rcu+0x268/0x4d8 [ 102.915131][ T4481] ---[ end trace 8ef5d74734cd971d ]--- [ 102.930333][ C1] ------------[ cut here ]------------ [ 102.931999][ C1] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 102.933994][ C1] WARNING: CPU: 1 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 102.936486][ C1] Modules linked in: [ 102.937531][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.15.179-syzkaller #0 [ 102.939998][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 102.942687][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 102.944824][ C1] pc : usb_submit_urb+0xa44/0x1588 [ 102.946237][ C1] lr : usb_submit_urb+0xa44/0x1588 [ 102.947624][ C1] sp : ffff8000080175e0 [ 102.948752][ C1] x29: ffff800008017620 x28: 0000000000000001 x27: ffff800012d527e8 [ 102.950925][ C1] x26: ffff0000c87c2200 x25: ffff0000c9600000 x24: 0000000000000286 [ 102.953095][ C1] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 102.955353][ C1] x20: 0000000000000a20 x19: ffff0000d0a47200 x18: 0000000000000102 [ 102.957547][ C1] x17: 0000000000000000 x16: ffff800011b5ac80 x15: 00000000ffffffff [ 102.959655][ C1] x14: ffff0000c0a68000 x13: 0000000000000001 x12: 0000000000000001 [ 102.961920][ C1] x11: 0000000000000101 x10: 0000000000000000 x9 : bc206cba68001b00 [ 102.964058][ C1] x8 : bc206cba68001b00 x7 : 0000000000000001 x6 : 0000000000000001 [ 102.966232][ C1] x5 : ffff800008016d58 x4 : ffff800014c4fe40 x3 : ffff800008557710 [ 102.968425][ C1] x2 : 0000000000000001 x1 : 0000000100000101 x0 : 0000000000000029 [ 102.970558][ C1] Call trace: [ 102.971421][ C1] usb_submit_urb+0xa44/0x1588 [ 102.972703][ C1] bcm5974_irq_trackpad+0x20c/0xdd0 [ 102.974113][ C1] __usb_hcd_giveback_urb+0x2e0/0x518 [ 102.975568][ C1] usb_hcd_giveback_urb+0x108/0x41c [ 102.977044][ C1] dummy_timer+0x66c/0x26cc [ 102.978344][ C1] call_timer_fn+0x19c/0x8f0 [ 102.979644][ C1] __run_timers+0x554/0x718 [ 102.980854][ C1] run_timer_softirq+0x7c/0x114 [ 102.982134][ C1] handle_softirqs+0x384/0xdbc [ 102.983422][ C1] __irq_exit_rcu+0x268/0x4d8 [ 102.984677][ C1] irq_exit+0x14/0x88 [ 102.985811][ C1] handle_domain_irq+0x14c/0x1fc [ 102.987158][ C1] gic_handle_irq+0x78/0x1c8 [ 102.988395][ C1] call_on_irq_stack+0x24/0x4c [ 102.989718][ C1] do_interrupt_handler+0x74/0x94 [ 102.991128][ C1] el1_interrupt+0x30/0x58 [ 102.992404][ C1] el1h_64_irq_handler+0x18/0x24 [ 102.993765][ C1] el1h_64_irq+0x78/0x7c [ 102.994882][ C1] arch_local_irq_enable+0xc/0x18 [ 102.996192][ C1] default_idle_call+0xcc/0x4a8 [ 102.997473][ C1] do_idle+0x1d4/0x4dc [ 102.998542][ C1] cpu_startup_entry+0x24/0x28 [ 102.999853][ C1] secondary_start_kernel+0x240/0x298 [ 103.001347][ C1] __secondary_switched+0x94/0x98 [ 103.002636][ C1] irq event stamp: 268161 [ 103.003770][ C1] hardirqs last enabled at (268160): [] _raw_spin_unlock_irq+0x9c/0x134 [ 103.006509][ C1] hardirqs last disabled at (268161): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 103.009303][ C1] softirqs last enabled at (268144): [] handle_softirqs+0xb88/0xdbc [ 103.011868][ C1] softirqs last disabled at (268157): [] __irq_exit_rcu+0x268/0x4d8 [ 103.014493][ C1] ---[ end trace 8ef5d74734cd971e ]--- [ 103.046226][ T4044] usb 1-1: USB disconnect, device number 2 [ 103.050811][ T4481] bcm5974 1-1:1.0: could not read from device [ 103.572970][ T335] device hsr_slave_0 left promiscuous mode [ 103.620665][ T335] device hsr_slave_1 left promiscuous mode [ 103.710520][ T335] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.712735][ T335] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.715366][ T335] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.717427][ T335] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.719972][ T335] device bridge_slave_1 left promiscuous mode [ 103.722014][ T335] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.772080][ T335] device bridge_slave_0 left promiscuous mode [ 103.773922][ T335] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.830523][ T4042] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 103.890675][ T335] device veth1_macvtap left promiscuous mode [ 103.892502][ T335] device veth0_macvtap left promiscuous mode [ 103.894358][ T335] device veth1_vlan left promiscuous mode [ 103.896024][ T335] device veth0_vlan left promiscuous mode [ 104.070674][ T4042] usb 1-1: Using ep0 maxpacket: 16 [ 104.125848][ T335] team0 (unregistering): Port device team_slave_1 removed [ 104.136371][ T335] team0 (unregistering): Port device team_slave_0 removed [ 104.144597][ T335] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 104.177301][ T335] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.192335][ T4042] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 646 [ 104.297970][ T335] bond0 (unregistering): Released all slaves [ 104.350564][ T4042] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=71.b1 [ 104.353151][ T4042] usb 1-1: New USB device strings: Mfr=156, Product=201, SerialNumber=3 [ 104.355401][ T4042] usb 1-1: Product: syz [ 104.356464][ T4042] usb 1-1: Manufacturer: syz [ 104.357687][ T4042] usb 1-1: SerialNumber: syz [ 104.404432][ T4042] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input3 [ 104.811315][ T4089] Bluetooth: hci0: command 0x0419 tx timeout [ 104.830571][ T4481] ------------[ cut here ]------------ [ 104.832149][ T4481] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 104.834300][ T4481] WARNING: CPU: 0 PID: 4481 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 104.836824][ T4481] Modules linked in: [ 104.837843][ T4481] CPU: 0 PID: 4481 Comm: udevd Tainted: G W 5.15.179-syzkaller #0 [ 104.840239][ T4481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 104.842961][ T4481] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 104.845096][ T4481] pc : usb_submit_urb+0xa44/0x1588 [ 104.846475][ T4481] lr : usb_submit_urb+0xa44/0x1588 [ 104.847808][ T4481] sp : ffff800020457370 [ 104.848964][ T4481] x29: ffff8000204573b0 x28: 0000000000000001 x27: ffff800012d527e8 [ 104.851090][ T4481] x26: ffff0000cec94f00 x25: ffff0000c5c79000 x24: 0000000000000286 [ 104.853231][ T4481] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 104.855333][ T4481] x20: 0000000000000cc0 x19: ffff0000cba3e800 x18: 0000000000000001 [ 104.857429][ T4481] x17: 0000000000000000 x16: ffff800011b5ac80 x15: 00000000ffffffff [ 104.859522][ T4481] x14: ffff0000dca00000 x13: 0000000000000001 x12: 0000000000000001 [ 104.861683][ T4481] x11: 0000000000000000 x10: 0000000000000000 x9 : ad490889efb23000 [ 104.863785][ T4481] x8 : ad490889efb23000 x7 : 0000000000000001 x6 : 0000000000000001 [ 104.865893][ T4481] x5 : ffff800020456ad8 x4 : ffff800014c4fe40 x3 : ffff800008557710 [ 104.868007][ T4481] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 104.870213][ T4481] Call trace: [ 104.871168][ T4481] usb_submit_urb+0xa44/0x1588 [ 104.872502][ T4481] bcm5974_start_traffic+0xe0/0x154 [ 104.873871][ T4481] bcm5974_open+0x98/0x134 [ 104.875037][ T4481] input_open_device+0x170/0x29c [ 104.876375][ T4481] evdev_open+0x308/0x4b4 [ 104.877486][ T4481] chrdev_open+0x3e8/0x4fc [ 104.878659][ T4481] do_dentry_open+0x780/0xed8 [ 104.879906][ T4481] vfs_open+0x7c/0x90 [ 104.880981][ T4481] path_openat+0x1ea0/0x26cc [ 104.882195][ T4481] do_filp_open+0x1a8/0x3b4 [ 104.883403][ T4481] do_sys_openat2+0x128/0x3e0 [ 104.884673][ T4481] __arm64_sys_openat+0x1f0/0x240 [ 104.886007][ T4481] invoke_syscall+0x98/0x2b8 [ 104.887235][ T4481] el0_svc_common+0x138/0x258 [ 104.888491][ T4481] do_el0_svc+0x58/0x14c [ 104.889611][ T4481] el0_svc+0x7c/0x1f0 [ 104.890705][ T4481] el0t_64_sync_handler+0x84/0xe4 [ 104.892050][ T4481] el0t_64_sync+0x1a0/0x1a4 [ 104.893259][ T4481] irq event stamp: 12238 [ 104.894386][ T4481] hardirqs last enabled at (12237): [] __up_console_sem+0xb4/0x100 [ 104.896989][ T4481] hardirqs last disabled at (12238): [] el1_dbg+0x24/0x80 [ 104.899221][ T4481] softirqs last enabled at (10958): [] handle_softirqs+0xb88/0xdbc [ 104.901873][ T4481] softirqs last disabled at (10949): [] __irq_exit_rcu+0x268/0x4d8 [ 104.904363][ T4481] ---[ end trace 8ef5d74734cd971f ]--- [ 104.920342][ C0] ------------[ cut here ]------------ [ 104.921864][ C0] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 104.923842][ C0] WARNING: CPU: 0 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 104.926335][ C0] Modules linked in: [ 104.927371][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.15.179-syzkaller #0 [ 104.929816][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 104.932448][ C0] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 104.934510][ C0] pc : usb_submit_urb+0xa44/0x1588 [ 104.935860][ C0] lr : usb_submit_urb+0xa44/0x1588 [ 104.937276][ C0] sp : ffff8000080075e0 [ 104.938358][ C0] x29: ffff800008007620 x28: 0000000000000001 x27: ffff800012d527e8 [ 104.940483][ C0] x26: ffff0000cec94f00 x25: ffff0000c5c79000 x24: 0000000000000286 [ 104.942653][ C0] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 104.944785][ C0] x20: 0000000000000a20 x19: ffff0000cba3e800 x18: 0000000000000102 [ 104.947003][ C0] x17: 0000000000000000 x16: ffff800011b5ac80 x15: 00000000ffffffff [ 104.949146][ C0] x14: ffff800014b94b80 x13: 0000000000000001 x12: 0000000000000001 [ 104.951249][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : 9fb367d9f6334f00 [ 104.953358][ C0] x8 : 9fb367d9f6334f00 x7 : 0000000000000001 x6 : 0000000000000001 [ 104.955451][ C0] x5 : ffff800008006d58 x4 : ffff800014c4fe40 x3 : ffff800008557710 [ 104.957647][ C0] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000029 [ 104.959817][ C0] Call trace: [ 104.960670][ C0] usb_submit_urb+0xa44/0x1588 [ 104.961922][ C0] bcm5974_irq_trackpad+0x20c/0xdd0 [ 104.963277][ C0] __usb_hcd_giveback_urb+0x2e0/0x518 [ 104.964696][ C0] usb_hcd_giveback_urb+0x108/0x41c [ 104.966117][ C0] dummy_timer+0x66c/0x26cc [ 104.967297][ C0] call_timer_fn+0x19c/0x8f0 [ 104.968523][ C0] __run_timers+0x554/0x718 [ 104.969682][ C0] run_timer_softirq+0x7c/0x114 [ 104.970968][ C0] handle_softirqs+0x384/0xdbc [ 104.972178][ C0] __irq_exit_rcu+0x268/0x4d8 [ 104.973433][ C0] irq_exit+0x14/0x88 [ 104.974483][ C0] handle_domain_irq+0x14c/0x1fc [ 104.975791][ C0] gic_handle_irq+0x78/0x1c8 [ 104.977037][ C0] call_on_irq_stack+0x24/0x4c [ 104.978282][ C0] do_interrupt_handler+0x74/0x94 [ 104.979656][ C0] el1_interrupt+0x30/0x58 [ 104.980821][ C0] el1h_64_irq_handler+0x18/0x24 [ 104.982212][ C0] el1h_64_irq+0x78/0x7c [ 104.983343][ C0] arch_local_irq_enable+0xc/0x18 [ 104.984654][ C0] default_idle_call+0xcc/0x4a8 [ 104.985942][ C0] do_idle+0x1d4/0x4dc [ 104.987011][ C0] cpu_startup_entry+0x24/0x28 [ 104.988331][ C0] rest_init+0x364/0x38c [ 104.989456][ C0] arch_call_rest_init+0x14/0x20 [ 104.990733][ C0] start_kernel+0x440/0x600 [ 104.991960][ C0] __primary_switched+0xa8/0xb0 [ 104.993209][ C0] irq event stamp: 295813 [ 104.994387][ C0] hardirqs last enabled at (295812): [] _raw_spin_unlock_irq+0x9c/0x134 [ 104.997061][ C0] hardirqs last disabled at (295813): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 104.999710][ C0] softirqs last enabled at (295796): [] handle_softirqs+0xb88/0xdbc [ 105.002303][ C0] softirqs last disabled at (295809): [] __irq_exit_rcu+0x268/0x4d8 [ 105.004831][ C0] ---[ end trace 8ef5d74734cd9720 ]--- [ 105.010291][ C0] ------------[ cut here ]------------ [ 105.011749][ C0] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 105.013642][ C0] WARNING: CPU: 0 PID: 387 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 105.016212][ C0] Modules linked in: [ 105.017225][ C0] CPU: 0 PID: 387 Comm: kworker/u4:5 Tainted: G W 5.15.179-syzkaller #0 [ 105.019679][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 105.022406][ C0] Workqueue: events_power_efficient wg_ratelimiter_gc_entries [ 105.024392][ C0] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 105.026418][ C0] pc : usb_submit_urb+0xa44/0x1588 [ 105.027764][ C0] lr : usb_submit_urb+0xa44/0x1588 [ 105.029140][ C0] sp : ffff8000080075e0 [ 105.030221][ C0] x29: ffff800008007620 x28: 0000000000000001 x27: ffff800012d527e8 [ 105.031950][ T4042] usb 1-1: USB disconnect, device number 3 [ 105.032341][ C0] x26: ffff0000cec94f00 x25: ffff0000c5c79000 x24: 0000000000000286 [ 105.036066][ C0] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 105.038186][ C0] x20: 0000000000000a20 x19: ffff0000cba3e800 x18: 0000000000000102 [ 105.040336][ C0] x17: 0000000000000000 x16: ffff800011b5ac80 x15: 00000000ffffffff [ 105.042447][ C0] x14: ffff0000c7f68000 x13: 0000000000000001 x12: 0000000000000001 [ 105.044571][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : 547d2bd6e4249700 [ 105.046686][ C0] x8 : 547d2bd6e4249700 x7 : 0000000000000001 x6 : 0000000000000001 [ 105.048804][ C0] x5 : ffff800008006d58 x4 : ffff800014c4fe40 x3 : ffff80000aa1313c [ 105.050929][ C0] x2 : ffff0001b4173d10 x1 : 0000000100000101 x0 : 0000000000000029 [ 105.053056][ C0] Call trace: [ 105.053935][ C0] usb_submit_urb+0xa44/0x1588 [ 105.055201][ C0] bcm5974_irq_trackpad+0x20c/0xdd0 [ 105.056571][ C0] __usb_hcd_giveback_urb+0x2e0/0x518 [ 105.058045][ C0] usb_hcd_giveback_urb+0x108/0x41c [ 105.059402][ C0] dummy_timer+0x66c/0x26cc [ 105.060653][ C0] call_timer_fn+0x19c/0x8f0 [ 105.061877][ C0] __run_timers+0x554/0x718 [ 105.063088][ C0] run_timer_softirq+0x7c/0x114 [ 105.064348][ C0] handle_softirqs+0x384/0xdbc [ 105.065644][ C0] __irq_exit_rcu+0x268/0x4d8 [ 105.066946][ C0] irq_exit+0x14/0x88 [ 105.067997][ C0] handle_domain_irq+0x14c/0x1fc [ 105.069291][ C0] gic_handle_irq+0x78/0x1c8 [ 105.070528][ C0] call_on_irq_stack+0x24/0x4c [ 105.071807][ C0] do_interrupt_handler+0x74/0x94 [ 105.073150][ C0] el1_interrupt+0x30/0x58 [ 105.074347][ C0] el1h_64_irq_handler+0x18/0x24 [ 105.075645][ C0] el1h_64_irq+0x78/0x7c [ 105.076843][ C0] __sanitizer_cov_trace_pc+0xa0/0xac [ 105.078272][ C0] walk_stackframe+0x5c/0xa8 [ 105.079563][ C0] return_address+0x118/0x1ec [ 105.080855][ C0] preempt_count_add+0x164/0x38c [ 105.082174][ C0] _raw_spin_lock+0x24/0x10c [ 105.083416][ C0] wg_ratelimiter_gc_entries+0x74/0x3f8 [ 105.084928][ C0] process_one_work+0x790/0x11b8 [ 105.086245][ C0] worker_thread+0x910/0x1034 [ 105.087486][ C0] kthread+0x37c/0x45c [ 105.088576][ C0] ret_from_fork+0x10/0x20 [ 105.089711][ C0] irq event stamp: 104535 [ 105.090836][ C0] hardirqs last enabled at (104534): [] _raw_spin_unlock_irq+0x9c/0x134 [ 105.093463][ C0] hardirqs last disabled at (104535): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 105.096210][ C0] softirqs last enabled at (104522): [] ieee80211_ibss_work+0x2d8/0x1230 [ 105.098986][ C0] softirqs last disabled at (104531): [] __irq_exit_rcu+0x268/0x4d8 [ 105.101533][ C0] ---[ end trace 8ef5d74734cd9721 ]--- [ 105.103303][ C0] bcm5974 1-1:1.0: trackpad urb failed: -2 [ 105.105415][ T4481] bcm5974 1-1:1.0: could not read from device [ 105.830446][ T4089] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 106.090726][ T4089] usb 1-1: Using ep0 maxpacket: 16 [ 106.210399][ T4089] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 646 [ 106.370388][ T4089] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=71.b1 [ 106.372869][ T4089] usb 1-1: New USB device strings: Mfr=156, Product=201, SerialNumber=3 [ 106.375025][ T4089] usb 1-1: Product: syz [ 106.376118][ T4089] usb 1-1: Manufacturer: syz [ 106.377359][ T4089] usb 1-1: SerialNumber: syz [ 106.422724][ T4089] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input4 [ 106.840464][ T4481] ------------[ cut here ]------------ [ 106.842081][ T4481] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 106.844092][ T4481] WARNING: CPU: 0 PID: 4481 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 106.846630][ T4481] Modules linked in: [ 106.847745][ T4481] CPU: 0 PID: 4481 Comm: udevd Tainted: G W 5.15.179-syzkaller #0 [ 106.850147][ T4481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 106.852838][ T4481] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 106.854860][ T4481] pc : usb_submit_urb+0xa44/0x1588 [ 106.856213][ T4481] lr : usb_submit_urb+0xa44/0x1588 [ 106.857591][ T4481] sp : ffff800020457370 [ 106.858714][ T4481] x29: ffff8000204573b0 x28: 0000000000000001 x27: ffff800012d527e8 [ 106.860891][ T4481] x26: ffff0000c15a6100 x25: ffff0000d179d000 x24: 0000000000000286 [ 106.863007][ T4481] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 106.865181][ T4481] x20: 0000000000000cc0 x19: ffff0000c141f800 x18: 0000000000000001 [ 106.867300][ T4481] x17: 0000000000000000 x16: ffff800011b5ac80 x15: 00000000ffffffff [ 106.869451][ T4481] x14: ffff0000dca00000 x13: 0000000000000001 x12: 0000000000000001 [ 106.871687][ T4481] x11: 0000000000000000 x10: 0000000000000000 x9 : ad490889efb23000 [ 106.873839][ T4481] x8 : ad490889efb23000 x7 : 0000000000000001 x6 : 0000000000000001 [ 106.876122][ T4481] x5 : ffff800020456ad8 x4 : ffff800014c4fe40 x3 : ffff800008557710 [ 106.878252][ T4481] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 106.880457][ T4481] Call trace: [ 106.881323][ T4481] usb_submit_urb+0xa44/0x1588 [ 106.882548][ T4481] bcm5974_start_traffic+0xe0/0x154 [ 106.883926][ T4481] bcm5974_open+0x98/0x134 [ 106.885154][ T4481] input_open_device+0x170/0x29c [ 106.886479][ T4481] evdev_open+0x308/0x4b4 [ 106.887579][ T4481] chrdev_open+0x3e8/0x4fc [ 106.888711][ T4481] do_dentry_open+0x780/0xed8 [ 106.889960][ T4481] vfs_open+0x7c/0x90 [ 106.891021][ T4481] path_openat+0x1ea0/0x26cc [ 106.892318][ T4481] do_filp_open+0x1a8/0x3b4 [ 106.893554][ T4481] do_sys_openat2+0x128/0x3e0 [ 106.894780][ T4481] __arm64_sys_openat+0x1f0/0x240 [ 106.896141][ T4481] invoke_syscall+0x98/0x2b8 [ 106.897363][ T4481] el0_svc_common+0x138/0x258 [ 106.898609][ T4481] do_el0_svc+0x58/0x14c [ 106.899722][ T4481] el0_svc+0x7c/0x1f0 [ 106.900839][ T4481] el0t_64_sync_handler+0x84/0xe4 [ 106.902172][ T4481] el0t_64_sync+0x1a0/0x1a4 [ 106.903381][ T4481] irq event stamp: 18326 [ 106.904511][ T4481] hardirqs last enabled at (18325): [] __up_console_sem+0xb4/0x100 [ 106.907043][ T4481] hardirqs last disabled at (18326): [] el1_dbg+0x24/0x80 [ 106.909383][ T4481] softirqs last enabled at (18150): [] local_bh_enable+0x10/0x34 [ 106.911915][ T4481] softirqs last disabled at (18148): [] local_bh_disable+0x10/0x34 [ 106.914413][ T4481] ---[ end trace 8ef5d74734cd9722 ]--- [ 106.930292][ C1] ------------[ cut here ]------------ [ 106.931723][ C1] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 106.933728][ C1] WARNING: CPU: 1 PID: 335 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 106.936275][ C1] Modules linked in: [ 106.937247][ C1] CPU: 1 PID: 335 Comm: kworker/u4:4 Tainted: G W 5.15.179-syzkaller #0 [ 106.939707][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 106.942385][ C1] Workqueue: netns cleanup_net [ 106.943659][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 106.945661][ C1] pc : usb_submit_urb+0xa44/0x1588 [ 106.947036][ C1] lr : usb_submit_urb+0xa44/0x1588 [ 106.948416][ C1] sp : ffff8000080175e0 [ 106.949541][ C1] x29: ffff800008017620 x28: 0000000000000001 x27: ffff800012d527e8 [ 106.951670][ C1] x26: ffff0000c15a6100 x25: ffff0000d179d000 x24: 0000000000000286 [ 106.953800][ C1] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 106.955997][ C1] x20: 0000000000000a20 x19: ffff0000c141f800 x18: 0000000000000101 [ 106.958097][ C1] x17: 0000000000000000 x16: ffff800011b5ac80 x15: 00000000ffffffff [ 106.960282][ C1] x14: ffff0000c5c151c0 x13: 0000000000000001 x12: 0000000000000001 [ 106.962483][ C1] x11: 0000000000000100 x10: 0000000000000000 x9 : 96239d40a447c000 [ 106.964638][ C1] x8 : 96239d40a447c000 x7 : 0000000000000001 x6 : 0000000000000001 [ 106.966776][ C1] x5 : ffff800008016d58 x4 : ffff800014c4fe40 x3 : ffff800008557710 [ 106.968893][ C1] x2 : 0000000000000001 x1 : 0000000100000100 x0 : 0000000000000029 [ 106.971063][ C1] Call trace: [ 106.971927][ C1] usb_submit_urb+0xa44/0x1588 [ 106.973158][ C1] bcm5974_irq_trackpad+0x20c/0xdd0 [ 106.974577][ C1] __usb_hcd_giveback_urb+0x2e0/0x518 [ 106.976030][ C1] usb_hcd_giveback_urb+0x108/0x41c [ 106.977462][ C1] dummy_timer+0x66c/0x26cc [ 106.978679][ C1] call_timer_fn+0x19c/0x8f0 [ 106.979844][ C1] __run_timers+0x554/0x718 [ 106.981058][ C1] run_timer_softirq+0x7c/0x114 [ 106.982473][ C1] handle_softirqs+0x384/0xdbc [ 106.983756][ C1] __irq_exit_rcu+0x268/0x4d8 [ 106.985042][ C1] irq_exit+0x14/0x88 [ 106.986087][ C1] handle_domain_irq+0x14c/0x1fc [ 106.987436][ C1] gic_handle_irq+0x78/0x1c8 [ 106.988712][ C1] call_on_irq_stack+0x24/0x4c [ 106.990055][ C1] do_interrupt_handler+0x74/0x94 [ 106.991391][ C1] el1_interrupt+0x30/0x58 [ 106.992554][ C1] el1h_64_irq_handler+0x18/0x24 [ 106.993939][ C1] el1h_64_irq+0x78/0x7c [ 106.995027][ C1] __local_bh_enable_ip+0x238/0x470 [ 106.996361][ C1] _raw_spin_unlock_bh+0xf8/0x180 [ 106.997671][ C1] tcp_metrics_flush_all+0x288/0x348 [ 106.999118][ C1] tcp_net_metrics_exit_batch+0x18/0x24 [ 107.000583][ C1] cleanup_net+0x6bc/0xa9c [ 107.001804][ C1] process_one_work+0x790/0x11b8 [ 107.003120][ C1] worker_thread+0x910/0x1034 [ 107.004390][ C1] kthread+0x37c/0x45c [ 107.005455][ C1] ret_from_fork+0x10/0x20 [ 107.006600][ C1] irq event stamp: 2578189 [ 107.007760][ C1] hardirqs last enabled at (2578188): [] _raw_spin_unlock_irq+0x9c/0x134 [ 107.010514][ C1] hardirqs last disabled at (2578189): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 107.013341][ C1] softirqs last enabled at (2578182): [] tcp_metrics_flush_all+0x288/0x348 [ 107.016059][ C1] softirqs last disabled at (2578185): [] __irq_exit_rcu+0x268/0x4d8 [ 107.018671][ C1] ---[ end trace 8ef5d74734cd9723 ]--- [ 107.020636][ C1] ------------[ cut here ]------------ [ 107.022084][ C1] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 107.024079][ C1] WARNING: CPU: 1 PID: 335 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 107.026608][ C1] Modules linked in: [ 107.027673][ C1] CPU: 1 PID: 335 Comm: kworker/u4:4 Tainted: G W 5.15.179-syzkaller #0 [ 107.030321][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 107.033043][ C1] Workqueue: netns cleanup_net [ 107.034286][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 107.036382][ C1] pc : usb_submit_urb+0xa44/0x1588 [ 107.037737][ C1] lr : usb_submit_urb+0xa44/0x1588 [ 107.039138][ C1] sp : ffff8000080175e0 [ 107.040269][ C1] x29: ffff800008017620 x28: 0000000000000001 x27: ffff800012d527e8 [ 107.042504][ C1] x26: ffff0000c15a6100 x25: ffff0000d179d000 x24: 0000000000000286 [ 107.044635][ C1] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 107.046761][ C1] x20: 0000000000000a20 x19: ffff0000c141f800 x18: 0000000000000101 [ 107.048974][ C1] x17: 0000000000000000 x16: ffff800008336cf0 x15: 00000000ffffffff [ 107.051107][ C1] x14: ffff0000c5c151c0 x13: 0000000000000001 x12: 0000000000000001 [ 107.053256][ C1] x11: 0000000000000100 x10: 0000000000000000 x9 : 96239d40a447c000 [ 107.055365][ C1] x8 : 96239d40a447c000 x7 : 0000000000000001 x6 : 0000000000000001 [ 107.057561][ C1] x5 : ffff800008016d58 x4 : ffff800014c4fe40 x3 : ffff800008336e3c [ 107.059718][ C1] x2 : 0000000000000001 x1 : 0000000000000100 x0 : 0000000000000029 [ 107.061839][ C1] Call trace: [ 107.062738][ C1] usb_submit_urb+0xa44/0x1588 [ 107.064070][ C1] bcm5974_irq_trackpad+0x20c/0xdd0 [ 107.065566][ C1] __usb_hcd_giveback_urb+0x2e0/0x518 [ 107.067010][ C1] usb_hcd_giveback_urb+0x108/0x41c [ 107.068517][ C1] dummy_timer+0x66c/0x26cc [ 107.069680][ C1] call_timer_fn+0x19c/0x8f0 [ 107.070897][ C1] __run_timers+0x554/0x718 [ 107.072077][ C1] run_timer_softirq+0x7c/0x114 [ 107.073486][ C1] handle_softirqs+0x384/0xdbc [ 107.074765][ C1] __irq_exit_rcu+0x268/0x4d8 [ 107.075999][ C1] irq_exit+0x14/0x88 [ 107.077095][ C1] handle_domain_irq+0x14c/0x1fc [ 107.078551][ C1] gic_handle_irq+0x78/0x1c8 [ 107.079769][ C1] call_on_irq_stack+0x24/0x4c [ 107.081120][ C1] do_interrupt_handler+0x74/0x94 [ 107.082506][ C1] el1_interrupt+0x30/0x58 [ 107.083746][ C1] el1h_64_irq_handler+0x18/0x24 [ 107.085115][ C1] el1h_64_irq+0x78/0x7c [ 107.086206][ C1] __local_bh_enable_ip+0x238/0x470 [ 107.087596][ C1] _raw_spin_unlock_bh+0xf8/0x180 [ 107.088957][ C1] tcp_metrics_flush_all+0x288/0x348 [ 107.090349][ C1] tcp_net_metrics_exit_batch+0x18/0x24 [ 107.091802][ C1] cleanup_net+0x6bc/0xa9c [ 107.092960][ C1] process_one_work+0x790/0x11b8 [ 107.094261][ C1] worker_thread+0x910/0x1034 [ 107.095478][ C1] kthread+0x37c/0x45c [ 107.096575][ C1] ret_from_fork+0x10/0x20 [ 107.097722][ C1] irq event stamp: 2578311 [ 107.098893][ C1] hardirqs last enabled at (2578310): [] _raw_spin_unlock_irq+0x9c/0x134 [ 107.101651][ C1] hardirqs last disabled at (2578311): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 107.104347][ C1] softirqs last enabled at (2578182): [] tcp_metrics_flush_all+0x288/0x348 [ 107.107030][ C1] softirqs last disabled at (2578185): [] __irq_exit_rcu+0x268/0x4d8 [ 107.109691][ C1] ---[ end trace 8ef5d74734cd9724 ]--- [ 107.111391][ C1] ------------[ cut here ]------------ [ 107.112113][ T4089] usb 1-1: USB disconnect, device number 4 [ 107.112799][ C1] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 107.116263][ C1] WARNING: CPU: 1 PID: 335 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 107.118782][ C1] Modules linked in: [ 107.119809][ C1] CPU: 1 PID: 335 Comm: kworker/u4:4 Tainted: G W 5.15.179-syzkaller #0 [ 107.122410][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 107.125055][ C1] Workqueue: netns cleanup_net [ 107.126399][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 107.128540][ C1] pc : usb_submit_urb+0xa44/0x1588 [ 107.129986][ C1] lr : usb_submit_urb+0xa44/0x1588 [ 107.131353][ C1] sp : ffff8000080175e0 [ 107.132475][ C1] x29: ffff800008017620 x28: 0000000000000001 x27: ffff800012d527e8 [ 107.134632][ C1] x26: ffff0000c15a6100 x25: ffff0000d179d000 x24: 0000000000000286 [ 107.136763][ C1] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 107.138894][ C1] x20: 0000000000000a20 x19: ffff0000c141f800 x18: 0000000000000101 [ 107.141034][ C1] x17: 0000000000000000 x16: ffff800008336cf0 x15: 00000000ffffffff [ 107.143197][ C1] x14: ffff0000c5c151c0 x13: 0000000000000001 x12: 0000000000000001 [ 107.145342][ C1] x11: 0000000000000100 x10: 0000000000000000 x9 : 96239d40a447c000 [ 107.147521][ C1] x8 : 96239d40a447c000 x7 : 0000000000000001 x6 : 0000000000000001 [ 107.149646][ C1] x5 : ffff800008016d58 x4 : ffff800014c4fe40 x3 : ffff800008336e3c [ 107.151839][ C1] x2 : 0000000000000001 x1 : 0000000000000100 x0 : 0000000000000029 [ 107.153956][ C1] Call trace: [ 107.154858][ C1] usb_submit_urb+0xa44/0x1588 [ 107.156169][ C1] bcm5974_irq_trackpad+0x20c/0xdd0 [ 107.157590][ C1] __usb_hcd_giveback_urb+0x2e0/0x518 [ 107.159018][ C1] usb_hcd_giveback_urb+0x108/0x41c [ 107.160405][ C1] dummy_timer+0x66c/0x26cc [ 107.161552][ C1] call_timer_fn+0x19c/0x8f0 [ 107.162838][ C1] __run_timers+0x554/0x718 [ 107.164022][ C1] run_timer_softirq+0x7c/0x114 [ 107.165311][ C1] handle_softirqs+0x384/0xdbc [ 107.166601][ C1] __irq_exit_rcu+0x268/0x4d8 [ 107.167854][ C1] irq_exit+0x14/0x88 [ 107.169000][ C1] handle_domain_irq+0x14c/0x1fc [ 107.170321][ C1] gic_handle_irq+0x78/0x1c8 [ 107.171606][ C1] call_on_irq_stack+0x24/0x4c [ 107.172890][ C1] do_interrupt_handler+0x74/0x94 [ 107.174294][ C1] el1_interrupt+0x30/0x58 [ 107.175495][ C1] el1h_64_irq_handler+0x18/0x24 [ 107.176853][ C1] el1h_64_irq+0x78/0x7c [ 107.177950][ C1] __local_bh_enable_ip+0x238/0x470 [ 107.179437][ C1] _raw_spin_unlock_bh+0xf8/0x180 [ 107.180739][ C1] tcp_metrics_flush_all+0x288/0x348 [ 107.182139][ C1] tcp_net_metrics_exit_batch+0x18/0x24 [ 107.183590][ C1] cleanup_net+0x6bc/0xa9c [ 107.184744][ C1] process_one_work+0x790/0x11b8 [ 107.186066][ C1] worker_thread+0x910/0x1034 [ 107.187370][ C1] kthread+0x37c/0x45c [ 107.188427][ C1] ret_from_fork+0x10/0x20 [ 107.189564][ C1] irq event stamp: 2578331 [ 107.190717][ C1] hardirqs last enabled at (2578330): [] _raw_spin_unlock_irq+0x9c/0x134 [ 107.193503][ C1] hardirqs last disabled at (2578331): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 107.196214][ C1] softirqs last enabled at (2578182): [] tcp_metrics_flush_all+0x288/0x348 [ 107.198921][ C1] softirqs last disabled at (2578185): [] __irq_exit_rcu+0x268/0x4d8 [ 107.201482][ C1] ---[ end trace 8ef5d74734cd9725 ]--- [ 107.202994][ C1] bcm5974 1-1:1.0: trackpad urb failed: -2 [ 107.221998][ T4089] bcm5974 1-1:1.0: could not read from device 1970/01/01 00:01:47 executed programs: 5 [ 107.900432][ T21] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 108.140409][ T21] usb 1-1: Using ep0 maxpacket: 16 [ 108.260421][ T21] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 646 [ 108.420628][ T21] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=71.b1 [ 108.423206][ T21] usb 1-1: New USB device strings: Mfr=156, Product=201, SerialNumber=3 [ 108.425456][ T21] usb 1-1: Product: syz [ 108.426560][ T21] usb 1-1: Manufacturer: syz [ 108.427702][ T21] usb 1-1: SerialNumber: syz [ 108.473369][ T21] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input5 [ 108.910411][ T4481] ------------[ cut here ]------------ [ 108.911866][ T4481] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 108.913861][ T4481] WARNING: CPU: 0 PID: 4481 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 108.916313][ T4481] Modules linked in: [ 108.917293][ T4481] CPU: 0 PID: 4481 Comm: udevd Tainted: G W 5.15.179-syzkaller #0 [ 108.919706][ T4481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 108.922342][ T4481] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 108.924420][ T4481] pc : usb_submit_urb+0xa44/0x1588 [ 108.925775][ T4481] lr : usb_submit_urb+0xa44/0x1588 [ 108.927079][ T4481] sp : ffff800020457370 [ 108.928157][ T4481] x29: ffff8000204573b0 x28: 0000000000000001 x27: ffff800012d527e8 [ 108.930318][ T4481] x26: ffff0000cdecb100 x25: ffff0000c6007000 x24: 0000000000000286 [ 108.932424][ T4481] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 108.934729][ T4481] x20: 0000000000000cc0 x19: ffff0000d0599000 x18: 0000000000000001 [ 108.936894][ T4481] x17: 0000000000000000 x16: ffff800011b5ac80 x15: 00000000ffffffff [ 108.939036][ T4481] x14: ffff0000dca00000 x13: 0000000000000001 x12: 0000000000000001 [ 108.941124][ T4481] x11: 0000000000000000 x10: 0000000000000000 x9 : ad490889efb23000 [ 108.943259][ T4481] x8 : ad490889efb23000 x7 : 0000000000000001 x6 : 0000000000000001 [ 108.945380][ T4481] x5 : ffff800020456ad8 x4 : ffff800014c4fe40 x3 : ffff800008557710 [ 108.947432][ T4481] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 108.949517][ T4481] Call trace: [ 108.950364][ T4481] usb_submit_urb+0xa44/0x1588 [ 108.951649][ T4481] bcm5974_start_traffic+0xe0/0x154 [ 108.953025][ T4481] bcm5974_open+0x98/0x134 [ 108.954196][ T4481] input_open_device+0x170/0x29c [ 108.955500][ T4481] evdev_open+0x308/0x4b4 [ 108.956664][ T4481] chrdev_open+0x3e8/0x4fc [ 108.957858][ T4481] do_dentry_open+0x780/0xed8 [ 108.959093][ T4481] vfs_open+0x7c/0x90 [ 108.960142][ T4481] path_openat+0x1ea0/0x26cc [ 108.961359][ T4481] do_filp_open+0x1a8/0x3b4 [ 108.962515][ T4481] do_sys_openat2+0x128/0x3e0 [ 108.963765][ T4481] __arm64_sys_openat+0x1f0/0x240 [ 108.965078][ T4481] invoke_syscall+0x98/0x2b8 [ 108.966349][ T4481] el0_svc_common+0x138/0x258 [ 108.967602][ T4481] do_el0_svc+0x58/0x14c [ 108.968710][ T4481] el0_svc+0x7c/0x1f0 [ 108.969812][ T4481] el0t_64_sync_handler+0x84/0xe4 [ 108.971193][ T4481] el0t_64_sync+0x1a0/0x1a4 [ 108.972382][ T4481] irq event stamp: 24572 [ 108.973521][ T4481] hardirqs last enabled at (24571): [] __up_console_sem+0xb4/0x100 [ 108.975969][ T4481] hardirqs last disabled at (24572): [] el1_dbg+0x24/0x80 [ 108.978283][ T4481] softirqs last enabled at (23792): [] handle_softirqs+0xb88/0xdbc [ 108.980740][ T4481] softirqs last disabled at (23725): [] __irq_exit_rcu+0x268/0x4d8 [ 108.983298][ T4481] ---[ end trace 8ef5d74734cd9726 ]--- [ 109.000335][ C0] ------------[ cut here ]------------ [ 109.001862][ C0] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 109.003846][ C0] WARNING: CPU: 0 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 109.006304][ C0] Modules linked in: [ 109.007403][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.15.179-syzkaller #0 [ 109.009969][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 109.012693][ C0] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 109.014778][ C0] pc : usb_submit_urb+0xa44/0x1588 [ 109.016205][ C0] lr : usb_submit_urb+0xa44/0x1588 [ 109.017538][ C0] sp : ffff8000080075e0 [ 109.018644][ C0] x29: ffff800008007620 x28: 0000000000000001 x27: ffff800012d527e8 [ 109.020783][ C0] x26: ffff0000cdecb100 x25: ffff0000c6007000 x24: 0000000000000286 [ 109.022918][ C0] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 109.025098][ C0] x20: 0000000000000a20 x19: ffff0000d0599000 x18: 0000000000000102 [ 109.027285][ C0] x17: 0000000000000000 x16: ffff800011b5ac80 x15: 00000000ffffffff [ 109.029444][ C0] x14: ffff800014b94b80 x13: 0000000000000001 x12: 0000000000000001 [ 109.031688][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : 9fb367d9f6334f00 [ 109.033866][ C0] x8 : 9fb367d9f6334f00 x7 : 0000000000000001 x6 : 0000000000000001 [ 109.036070][ C0] x5 : ffff800008006d58 x4 : ffff800014c4fe40 x3 : ffff800008557710 [ 109.038277][ C0] x2 : 0000000000000001 x1 : 0000000100000101 x0 : 0000000000000029 [ 109.040391][ C0] Call trace: [ 109.041248][ C0] usb_submit_urb+0xa44/0x1588 [ 109.042478][ C0] bcm5974_irq_trackpad+0x20c/0xdd0 [ 109.043884][ C0] __usb_hcd_giveback_urb+0x2e0/0x518 [ 109.045337][ C0] usb_hcd_giveback_urb+0x108/0x41c [ 109.046711][ C0] dummy_timer+0x66c/0x26cc [ 109.048032][ C0] call_timer_fn+0x19c/0x8f0 [ 109.049316][ C0] __run_timers+0x554/0x718 [ 109.050520][ C0] run_timer_softirq+0x7c/0x114 [ 109.051801][ C0] handle_softirqs+0x384/0xdbc [ 109.053112][ C0] __irq_exit_rcu+0x268/0x4d8 [ 109.054336][ C0] irq_exit+0x14/0x88 [ 109.055381][ C0] handle_domain_irq+0x14c/0x1fc [ 109.056707][ C0] gic_handle_irq+0x78/0x1c8 [ 109.057964][ C0] call_on_irq_stack+0x24/0x4c [ 109.059210][ C0] do_interrupt_handler+0x74/0x94 [ 109.060536][ C0] el1_interrupt+0x30/0x58 [ 109.061730][ C0] el1h_64_irq_handler+0x18/0x24 [ 109.063097][ C0] el1h_64_irq+0x78/0x7c [ 109.064262][ C0] arch_local_irq_enable+0xc/0x18 [ 109.065594][ C0] default_idle_call+0xcc/0x4a8 [ 109.066922][ C0] do_idle+0x1d4/0x4dc [ 109.068059][ C0] cpu_startup_entry+0x24/0x28 [ 109.069307][ C0] rest_init+0x364/0x38c [ 109.070547][ C0] arch_call_rest_init+0x14/0x20 [ 109.071899][ C0] start_kernel+0x440/0x600 [ 109.073058][ C0] __primary_switched+0xa8/0xb0 [ 109.074279][ C0] irq event stamp: 310711 [ 109.075429][ C0] hardirqs last enabled at (310710): [] _raw_spin_unlock_irq+0x9c/0x134 [ 109.078131][ C0] hardirqs last disabled at (310711): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 109.080878][ C0] softirqs last enabled at (310700): [] handle_softirqs+0xb88/0xdbc [ 109.083530][ C0] softirqs last disabled at (310707): [] __irq_exit_rcu+0x268/0x4d8 [ 109.086068][ C0] ---[ end trace 8ef5d74734cd9727 ]--- [ 109.111378][ T4089] usb 1-1: USB disconnect, device number 5 [ 109.120518][ T4481] bcm5974 1-1:1.0: could not read from device [ 109.890400][ T4042] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 110.140394][ T4042] usb 1-1: Using ep0 maxpacket: 16 [ 110.290631][ T4042] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 646 [ 110.450483][ T4042] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=71.b1 [ 110.452972][ T4042] usb 1-1: New USB device strings: Mfr=156, Product=201, SerialNumber=3 [ 110.455224][ T4042] usb 1-1: Product: syz [ 110.456310][ T4042] usb 1-1: Manufacturer: syz [ 110.457476][ T4042] usb 1-1: SerialNumber: syz [ 110.514395][ T4042] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input6 [ 110.940442][ T4481] ------------[ cut here ]------------ [ 110.941981][ T4481] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 110.944024][ T4481] WARNING: CPU: 0 PID: 4481 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 110.946494][ T4481] Modules linked in: [ 110.947569][ T4481] CPU: 0 PID: 4481 Comm: udevd Tainted: G W 5.15.179-syzkaller #0 [ 110.950120][ T4481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 110.952894][ T4481] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 110.955074][ T4481] pc : usb_submit_urb+0xa44/0x1588 [ 110.956535][ T4481] lr : usb_submit_urb+0xa44/0x1588 [ 110.957845][ T4481] sp : ffff800020457370 [ 110.958942][ T4481] x29: ffff8000204573b0 x28: 0000000000000001 x27: ffff800012d527e8 [ 110.961188][ T4481] x26: ffff0000ce216e00 x25: ffff0000e68dc000 x24: 0000000000000286 [ 110.963372][ T4481] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 110.965435][ T4481] x20: 0000000000000cc0 x19: ffff0000d0444000 x18: 0000000000000001 [ 110.967694][ T4481] x17: 0000000000000000 x16: ffff800011b5ac80 x15: 00000000ffffffff [ 110.969794][ T4481] x14: ffff0000dca00000 x13: 0000000000000001 x12: 0000000000000001 [ 110.971955][ T4481] x11: 0000000000000000 x10: 0000000000000000 x9 : ad490889efb23000 [ 110.974109][ T4481] x8 : ad490889efb23000 x7 : 0000000000000001 x6 : 0000000000000001 [ 110.976249][ T4481] x5 : ffff800020456ad8 x4 : ffff800014c4fe40 x3 : ffff800008557710 [ 110.978300][ T4481] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 110.980455][ T4481] Call trace: [ 110.981348][ T4481] usb_submit_urb+0xa44/0x1588 [ 110.982612][ T4481] bcm5974_start_traffic+0xe0/0x154 [ 110.984156][ T4481] bcm5974_open+0x98/0x134 [ 110.985325][ T4481] input_open_device+0x170/0x29c [ 110.986744][ T4481] evdev_open+0x308/0x4b4 [ 110.987905][ T4481] chrdev_open+0x3e8/0x4fc [ 110.989061][ T4481] do_dentry_open+0x780/0xed8 [ 110.990366][ T4481] vfs_open+0x7c/0x90 [ 110.991425][ T4481] path_openat+0x1ea0/0x26cc [ 110.992588][ T4481] do_filp_open+0x1a8/0x3b4 [ 110.993783][ T4481] do_sys_openat2+0x128/0x3e0 [ 110.995032][ T4481] __arm64_sys_openat+0x1f0/0x240 [ 110.996458][ T4481] invoke_syscall+0x98/0x2b8 [ 110.997655][ T4481] el0_svc_common+0x138/0x258 [ 110.998903][ T4481] do_el0_svc+0x58/0x14c [ 111.000022][ T4481] el0_svc+0x7c/0x1f0 [ 111.001091][ T4481] el0t_64_sync_handler+0x84/0xe4 [ 111.002474][ T4481] el0t_64_sync+0x1a0/0x1a4 [ 111.003705][ T4481] irq event stamp: 30718 [ 111.004868][ T4481] hardirqs last enabled at (30717): [] __up_console_sem+0xb4/0x100 [ 111.007485][ T4481] hardirqs last disabled at (30718): [] el1_dbg+0x24/0x80 [ 111.009897][ T4481] softirqs last enabled at (29696): [] local_bh_enable+0x10/0x34 [ 111.012377][ T4481] softirqs last disabled at (29694): [] local_bh_disable+0x10/0x34 [ 111.014955][ T4481] ---[ end trace 8ef5d74734cd9728 ]--- [ 111.030361][ C0] ------------[ cut here ]------------ [ 111.032127][ C0] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 111.034059][ C0] WARNING: CPU: 0 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 111.036415][ C0] Modules linked in: [ 111.037414][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.15.179-syzkaller #0 [ 111.039785][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 111.042520][ C0] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 111.044563][ C0] pc : usb_submit_urb+0xa44/0x1588 [ 111.045907][ C0] lr : usb_submit_urb+0xa44/0x1588 [ 111.047245][ C0] sp : ffff8000080075e0 [ 111.048321][ C0] x29: ffff800008007620 x28: 0000000000000001 x27: ffff800012d527e8 [ 111.050423][ C0] x26: ffff0000ce216e00 x25: ffff0000e68dc000 x24: 0000000000000286 [ 111.052519][ C0] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 111.054674][ C0] x20: 0000000000000a20 x19: ffff0000d0444000 x18: 0000000000000102 [ 111.056797][ C0] x17: 0000000000000000 x16: ffff800011b5ac80 x15: 00000000ffffffff [ 111.058936][ C0] x14: ffff800014b94b80 x13: 0000000000000001 x12: 0000000000000001 [ 111.061039][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : 9fb367d9f6334f00 [ 111.063226][ C0] x8 : 9fb367d9f6334f00 x7 : 0000000000000001 x6 : 0000000000000001 [ 111.065487][ C0] x5 : ffff800008006d58 x4 : ffff800014c4fe40 x3 : ffff800008557710 [ 111.067601][ C0] x2 : 0000000000000001 x1 : 0000000100000101 x0 : 0000000000000029 [ 111.069815][ C0] Call trace: [ 111.070731][ C0] usb_submit_urb+0xa44/0x1588 [ 111.072013][ C0] bcm5974_irq_trackpad+0x20c/0xdd0 [ 111.073429][ C0] __usb_hcd_giveback_urb+0x2e0/0x518 [ 111.074811][ C0] usb_hcd_giveback_urb+0x108/0x41c [ 111.076172][ C0] dummy_timer+0x66c/0x26cc [ 111.077393][ C0] call_timer_fn+0x19c/0x8f0 [ 111.078590][ C0] __run_timers+0x554/0x718 [ 111.079786][ C0] run_timer_softirq+0x7c/0x114 [ 111.081207][ C0] handle_softirqs+0x384/0xdbc [ 111.082532][ C0] __irq_exit_rcu+0x268/0x4d8 [ 111.083838][ C0] irq_exit+0x14/0x88 [ 111.084904][ C0] handle_domain_irq+0x14c/0x1fc [ 111.086237][ C0] gic_handle_irq+0x78/0x1c8 [ 111.087509][ C0] call_on_irq_stack+0x24/0x4c [ 111.088736][ C0] do_interrupt_handler+0x74/0x94 [ 111.090023][ C0] el1_interrupt+0x30/0x58 [ 111.091224][ C0] el1h_64_irq_handler+0x18/0x24 [ 111.092471][ C0] el1h_64_irq+0x78/0x7c [ 111.093655][ C0] arch_local_irq_enable+0xc/0x18 [ 111.095065][ C0] default_idle_call+0xcc/0x4a8 [ 111.096356][ C0] do_idle+0x1d4/0x4dc [ 111.097421][ C0] cpu_startup_entry+0x24/0x28 [ 111.098683][ C0] rest_init+0x364/0x38c [ 111.099806][ C0] arch_call_rest_init+0x14/0x20 [ 111.101160][ C0] start_kernel+0x440/0x600 [ 111.102372][ C0] __primary_switched+0xa8/0xb0 [ 111.103682][ C0] irq event stamp: 317803 [ 111.104810][ C0] hardirqs last enabled at (317802): [] _raw_spin_unlock_irq+0x9c/0x134 [ 111.107475][ C0] hardirqs last disabled at (317803): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 111.110192][ C0] softirqs last enabled at (317780): [] handle_softirqs+0xb88/0xdbc [ 111.112796][ C0] softirqs last disabled at (317799): [] __irq_exit_rcu+0x268/0x4d8 [ 111.115362][ C0] ---[ end trace 8ef5d74734cd9729 ]--- [ 111.116991][ C0] ------------[ cut here ]------------ [ 111.118441][ C0] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 111.120371][ C0] WARNING: CPU: 0 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 111.122901][ C0] Modules linked in: [ 111.123895][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.15.179-syzkaller #0 [ 111.126371][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 111.129119][ C0] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 111.131150][ C0] pc : usb_submit_urb+0xa44/0x1588 [ 111.132428][ C0] lr : usb_submit_urb+0xa44/0x1588 [ 111.133689][ C0] sp : ffff8000080075e0 [ 111.134760][ C0] x29: ffff800008007620 x28: 0000000000000001 x27: ffff800012d527e8 [ 111.136919][ C0] x26: ffff0000ce216e00 x25: ffff0000e68dc000 x24: 0000000000000286 [ 111.138976][ C0] x23: ffff800012d590a0 x22: dfff800000000000 x21: 0000000000000002 [ 111.141054][ C0] x20: 0000000000000a20 x19: ffff0000d0444000 x18: 0000000000000102 [ 111.143143][ C0] x17: 0000000000000000 x16: ffff800008336cf0 x15: 00000000ffffffff [ 111.144942][ T21] usb 1-1: USB disconnect, device number 6 [ 111.145286][ C0] x14: ffff800014b94b80 x13: 0000000000000001 x12: 0000000000000001 [ 111.148957][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : 9fb367d9f6334f00 [ 111.151130][ C0] x8 : 9fb367d9f6334f00 x7 : 0000000000000001 x6 : 0000000000000001 [ 111.153249][ C0] x5 : ffff800008006d58 x4 : ffff800014c4fe40 x3 : ffff800008336e3c [ 111.155382][ C0] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000029 [ 111.157560][ C0] Call trace: [ 111.158403][ C0] usb_submit_urb+0xa44/0x1588 [ 111.159676][ C0] bcm5974_irq_trackpad+0x20c/0xdd0 [ 111.161062][ C0] __usb_hcd_giveback_urb+0x2e0/0x518 [ 111.162480][ C0] usb_hcd_giveback_urb+0x108/0x41c [ 111.163872][ C0] dummy_timer+0x66c/0x26cc [ 111.165080][ C0] call_timer_fn+0x19c/0x8f0 [ 111.166227][ C0] __run_timers+0x554/0x718 [ 111.167406][ C0] run_timer_softirq+0x7c/0x114 [ 111.168620][ C0] handle_softirqs+0x384/0xdbc [ 111.169887][ C0] __irq_exit_rcu+0x268/0x4d8 [ 111.171114][ C0] irq_exit+0x14/0x88 [ 111.172176][ C0] handle_domain_irq+0x14c/0x1fc [ 111.173428][ C0] gic_handle_irq+0x78/0x1c8 [ 111.174628][ C0] call_on_irq_stack+0x24/0x4c [ 111.175872][ C0] do_interrupt_handler+0x74/0x94 [ 111.177173][ C0] el1_interrupt+0x30/0x58 [ 111.178347][ C0] el1h_64_irq_handler+0x18/0x24 [ 111.179643][ C0] el1h_64_irq+0x78/0x7c [ 111.180766][ C0] arch_local_irq_enable+0xc/0x18 [ 111.182097][ C0] default_idle_call+0xcc/0x4a8 [ 111.183427][ C0] do_idle+0x1d4/0x4dc [ 111.184517][ C0] cpu_startup_entry+0x24/0x28 [ 111.185937][ C0] rest_init+0x364/0x38c [ 111.187030][ C0] arch_call_rest_init+0x14/0x20 [ 111.188384][ C0] start_kernel+0x440/0x600 [ 111.189570][ C0] __primary_switched+0xa8/0xb0 [ 111.190890][ C0] irq event stamp: 317817 [ 111.191996][ C0] hardirqs last enabled at (317816): [] _raw_spin_unlock_irq+0x9c/0x134 [ 111.194655][ C0] hardirqs last disabled at (317817): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 111.197387][ C0] softirqs last enabled at (317780): [] handle_softirqs+0xb88/0xdbc [ 111.199924][ C0] softirqs last disabled at (317799): [] __irq_exit_rcu+0x268/0x4d8 [ 111.202525][ C0] ---[ end trace 8ef5d74734cd972a ]--- [ 111.204039][ C0] bcm5974 1-1:1.0: trackpad urb failed: -2 [ 111.210516][ T4481] bcm5974 1-1:1.0: could not read from device [ 111.920476][ T21] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 112.160370][ T21] usb 1-1: Using ep0 maxpacket: 16 [ 112.280449][ T21] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 646 [ 112.440549][ T21] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=71.b1 [ 112.443268][ T21] usb 1-1: New USB device strings: Mfr=156, Product=201, SerialNumber=3 [ 112.445485][ T21] usb 1-1: Product: syz [ 112.446664][ T21] usb 1-1: Manufacturer: syz [ 112.447833][ T21] usb 1-1: SerialNumber: syz [ 112.492774][ T21] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input7