Warning: Permanently added '10.128.1.162' (ED25519) to the list of known hosts. 1970/01/01 00:01:24 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:25 parsed 1 programs [ 87.687492][ T4414] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 94.125462][ T4449] chnl_net:caif_netlink_parms(): no params data found [ 94.161134][ T4449] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.163120][ T4449] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.165723][ T4449] device bridge_slave_0 entered promiscuous mode [ 94.170056][ T4449] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.171956][ T4449] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.174530][ T4449] device bridge_slave_1 entered promiscuous mode [ 94.189321][ T4449] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.193917][ T4449] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.210273][ T4449] team0: Port device team_slave_0 added [ 94.215621][ T4449] team0: Port device team_slave_1 added [ 94.228140][ T4449] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.230886][ T4449] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.237536][ T4449] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.241729][ T4449] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.243486][ T4449] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.250925][ T4449] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.321577][ T4449] device hsr_slave_0 entered promiscuous mode [ 94.369858][ T4449] device hsr_slave_1 entered promiscuous mode [ 95.265725][ T4449] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.321342][ T4449] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.381373][ T4449] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.422608][ T4449] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.556046][ T4449] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.575373][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.577958][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.586953][ T4449] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.603777][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 95.606613][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 95.611174][ T148] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.613178][ T148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.625966][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 95.628518][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 95.631813][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 95.634413][ T148] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.636407][ T148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.638708][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 95.645182][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 95.659165][ T4449] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 95.665468][ T4449] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.670741][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 95.674467][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 95.677161][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 95.685046][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 95.687859][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 95.691689][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 95.694530][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 95.697148][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 95.707084][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 95.710079][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 95.796229][ T4449] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.801284][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 95.803421][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 95.816578][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 95.824732][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 95.857960][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 95.867631][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 95.888439][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 95.903265][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 95.907941][ T4449] device veth0_vlan entered promiscuous mode [ 95.915173][ T4449] device veth1_vlan entered promiscuous mode [ 95.929472][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 95.932247][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 95.935195][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 95.938097][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 95.943853][ T4449] device veth0_macvtap entered promiscuous mode [ 95.948554][ T4449] device veth1_macvtap entered promiscuous mode [ 95.959163][ T4449] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.964607][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 95.967228][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 95.969736][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 95.973351][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 95.980818][ T4449] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.984978][ T4449] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.987268][ T4449] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.990201][ T4449] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.992637][ T4449] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.996331][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 95.999160][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 96.674010][ T334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.676171][ T334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.685094][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 96.716942][ T334] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.719255][ T334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.724913][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:37 executed programs: 0 [ 97.904199][ T4665] chnl_net:caif_netlink_parms(): no params data found [ 97.945404][ T4665] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.947505][ T4665] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.950298][ T4665] device bridge_slave_0 entered promiscuous mode [ 97.954033][ T4665] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.955998][ T4665] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.958402][ T4665] device bridge_slave_1 entered promiscuous mode [ 97.975491][ T4665] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.980105][ T4665] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.996860][ T4665] team0: Port device team_slave_0 added [ 98.001143][ T4665] team0: Port device team_slave_1 added [ 98.015610][ T4665] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.017467][ T4665] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.024579][ T4665] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.029096][ T4665] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.031885][ T4665] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.038615][ T4665] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.121640][ T4665] device hsr_slave_0 entered promiscuous mode [ 98.140105][ T4665] device hsr_slave_1 entered promiscuous mode [ 98.180766][ T4665] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 98.182915][ T4665] Cannot create hsr debugfs directory [ 98.504489][ T4665] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.809670][ T4092] Bluetooth: hci0: command 0x0409 tx timeout [ 101.115298][ T4665] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.176286][ T4665] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.237086][ T4665] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.443486][ T4665] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 101.471407][ T4665] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 101.521925][ T4665] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.561802][ T4665] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.660013][ T4665] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.666977][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.669627][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.674295][ T4665] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.682756][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.685543][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.688275][ T440] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.690341][ T440] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.694875][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.697731][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.700878][ T440] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.702847][ T440] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.705250][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 101.751904][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 101.754782][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 101.759045][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 101.764253][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.767096][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 101.775504][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.778434][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.788309][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 101.791117][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 101.796332][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 101.799087][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 101.806349][ T4665] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 101.878622][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 101.881279][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 101.887395][ T4665] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.889827][ T4129] Bluetooth: hci0: command 0x041b tx timeout [ 101.899221][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 101.902398][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 101.915457][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 101.918184][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 101.922136][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 101.924640][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 101.929302][ T4665] device veth0_vlan entered promiscuous mode [ 101.936038][ T4665] device veth1_vlan entered promiscuous mode [ 101.953395][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 101.956006][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 101.958665][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 101.964062][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 101.968751][ T4665] device veth0_macvtap entered promiscuous mode [ 101.973564][ T4665] device veth1_macvtap entered promiscuous mode [ 101.983899][ T4665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.986658][ T4665] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.991642][ T4665] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.995299][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 101.997791][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 102.000685][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 102.003488][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 102.006768][ T4665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.010556][ T4665] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.014228][ T4665] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.017476][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 102.022206][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 102.026846][ T4665] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.029252][ T4665] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.032055][ T4665] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.034322][ T4665] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.097728][ T334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.103977][ T334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.114462][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 102.117945][ T440] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.122433][ T440] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.125385][ T440] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 102.429531][ T4535] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 102.669571][ T4535] usb 1-1: Using ep0 maxpacket: 8 [ 102.789700][ T4535] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 15 [ 102.792469][ T4535] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 102.949768][ T4535] usb 1-1: New USB device found, idVendor=05ac, idProduct=0243, bcdDevice= 0.40 [ 102.952246][ T4535] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.954303][ T4535] usb 1-1: Product: syz [ 102.955376][ T4535] usb 1-1: Manufacturer: syz [ 102.956527][ T4535] usb 1-1: SerialNumber: syz [ 103.003892][ T4535] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input2 [ 103.429937][ T4843] ------------[ cut here ]------------ [ 103.431508][ T4843] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 103.433466][ T4843] WARNING: CPU: 0 PID: 4843 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 103.435974][ T4843] Modules linked in: [ 103.436993][ T4843] CPU: 0 PID: 4843 Comm: udevd Not tainted 5.15.178-syzkaller #0 [ 103.438982][ T4843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 103.441731][ T4843] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 103.443813][ T4843] pc : usb_submit_urb+0xa44/0x1588 [ 103.445290][ T4843] lr : usb_submit_urb+0xa44/0x1588 [ 103.446737][ T4843] sp : ffff80001fee7370 [ 103.447879][ T4843] x29: ffff80001fee73b0 x28: 0000000000000001 x27: ffff800012d51948 [ 103.450072][ T4843] x26: ffff0000c92e6c00 x25: ffff0000c2ead000 x24: 000000000000000f [ 103.452261][ T4843] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 103.454380][ T4843] x20: 0000000000000cc0 x19: ffff0000cf6b5200 x18: 0000000000000001 [ 103.456472][ T4843] x17: 0000000000000000 x16: ffff800011b4e3fc x15: 00000000ffffffff [ 103.458667][ T4843] x14: ffff0000d9ce51c0 x13: 0000000000000001 x12: 0000000000000001 [ 103.460778][ T4843] x11: 0000000000000000 x10: 0000000000000000 x9 : d4bb4cbb27e5d600 [ 103.462903][ T4843] x8 : d4bb4cbb27e5d600 x7 : 0000000000000001 x6 : 0000000000000001 [ 103.465285][ T4843] x5 : ffff80001fee6ad8 x4 : ffff800014c50660 x3 : ffff8000085568c0 [ 103.467597][ T4843] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 103.469750][ T4843] Call trace: [ 103.470633][ T4843] usb_submit_urb+0xa44/0x1588 [ 103.471945][ T4843] bcm5974_start_traffic+0xe0/0x154 [ 103.473467][ T4843] bcm5974_open+0x98/0x134 [ 103.474671][ T4843] input_open_device+0x170/0x29c [ 103.475964][ T4843] evdev_open+0x308/0x4b4 [ 103.477130][ T4843] chrdev_open+0x3e8/0x4fc [ 103.478351][ T4843] do_dentry_open+0x780/0xed8 [ 103.479746][ T4843] vfs_open+0x7c/0x90 [ 103.480850][ T4843] path_openat+0x1ea0/0x26cc [ 103.482146][ T4843] do_filp_open+0x1a8/0x3b4 [ 103.483307][ T4843] do_sys_openat2+0x128/0x3e0 [ 103.484532][ T4843] __arm64_sys_openat+0x1f0/0x240 [ 103.485824][ T4843] invoke_syscall+0x98/0x2b8 [ 103.487081][ T4843] el0_svc_common+0x138/0x258 [ 103.488359][ T4843] do_el0_svc+0x58/0x14c [ 103.489559][ T4843] el0_svc+0x7c/0x1f0 [ 103.490581][ T4843] el0t_64_sync_handler+0x84/0xe4 [ 103.491948][ T4843] el0t_64_sync+0x1a0/0x1a4 [ 103.493195][ T4843] irq event stamp: 5018 [ 103.494319][ T4843] hardirqs last enabled at (5017): [] __up_console_sem+0xb4/0x100 [ 103.496936][ T4843] hardirqs last disabled at (5018): [] el1_dbg+0x24/0x80 [ 103.499278][ T4843] softirqs last enabled at (4906): [] handle_softirqs+0xb88/0xdbc [ 103.501959][ T4843] softirqs last disabled at (4815): [] __irq_exit_rcu+0x268/0x4d8 [ 103.504439][ T4843] ---[ end trace 7207f0b41dad9675 ]--- [ 103.519464][ C0] ------------[ cut here ]------------ [ 103.521061][ C0] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 103.523062][ C0] WARNING: CPU: 0 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 103.525644][ C0] Modules linked in: [ 103.526710][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.15.178-syzkaller #0 [ 103.529035][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 103.531908][ C0] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 103.533981][ C0] pc : usb_submit_urb+0xa44/0x1588 [ 103.535330][ C0] lr : usb_submit_urb+0xa44/0x1588 [ 103.536674][ C0] sp : ffff8000080075e0 [ 103.537706][ C0] x29: ffff800008007620 x28: 0000000000000001 x27: ffff800012d51948 [ 103.539935][ C0] x26: ffff0000c92e6c00 x25: ffff0000c2ead000 x24: 000000000000000f [ 103.542098][ C0] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 103.544372][ C0] x20: 0000000000000a20 x19: ffff0000cf6b5200 x18: 0000000000000102 [ 103.546542][ C0] x17: 0000000000000000 x16: ffff800011b4e3fc x15: 00000000ffffffff [ 103.548691][ C0] x14: ffff800014b94b80 x13: 0000000000000001 x12: 0000000000000001 [ 103.550858][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : 0112a1afb139d500 [ 103.553034][ C0] x8 : 0112a1afb139d500 x7 : 0000000000000001 x6 : 0000000000000001 [ 103.555257][ C0] x5 : ffff800008006d58 x4 : ffff800014c50660 x3 : ffff8000085568c0 [ 103.557360][ C0] x2 : 0000000000000001 x1 : 0000000100000101 x0 : 0000000000000029 [ 103.559495][ C0] Call trace: [ 103.560377][ C0] usb_submit_urb+0xa44/0x1588 [ 103.561610][ C0] bcm5974_irq_trackpad+0x20c/0xdd0 [ 103.562996][ C0] __usb_hcd_giveback_urb+0x2e0/0x518 [ 103.564433][ C0] usb_hcd_giveback_urb+0x108/0x41c [ 103.565682][ C0] dummy_timer+0x66c/0x26cc [ 103.566750][ C0] call_timer_fn+0x19c/0x8f0 [ 103.567836][ C0] __run_timers+0x554/0x718 [ 103.568921][ C0] run_timer_softirq+0x7c/0x114 [ 103.570151][ C0] handle_softirqs+0x384/0xdbc [ 103.571365][ C0] __irq_exit_rcu+0x268/0x4d8 [ 103.572612][ C0] irq_exit+0x14/0x88 [ 103.573693][ C0] handle_domain_irq+0xf4/0x178 [ 103.575098][ C0] gic_handle_irq+0x78/0x1c8 [ 103.576368][ C0] call_on_irq_stack+0x24/0x4c [ 103.577696][ C0] do_interrupt_handler+0x74/0x94 [ 103.578989][ C0] el1_interrupt+0x30/0x58 [ 103.580174][ C0] el1h_64_irq_handler+0x18/0x24 [ 103.581526][ C0] el1h_64_irq+0x78/0x7c [ 103.582762][ C0] arch_local_irq_enable+0xc/0x18 [ 103.584117][ C0] default_idle_call+0xcc/0x4a8 [ 103.585418][ C0] do_idle+0x1d4/0x4dc [ 103.586499][ C0] cpu_startup_entry+0x24/0x28 [ 103.587756][ C0] rest_init+0x364/0x38c [ 103.588903][ C0] arch_call_rest_init+0x14/0x20 [ 103.590209][ C0] start_kernel+0x440/0x600 [ 103.591380][ C0] __primary_switched+0xa8/0xb0 [ 103.592678][ C0] irq event stamp: 281319 [ 103.593861][ C0] hardirqs last enabled at (281318): [] _raw_spin_unlock_irq+0x9c/0x134 [ 103.596647][ C0] hardirqs last disabled at (281319): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 103.599353][ C0] softirqs last enabled at (281266): [] handle_softirqs+0xb88/0xdbc [ 103.602154][ C0] softirqs last disabled at (281315): [] __irq_exit_rcu+0x268/0x4d8 [ 103.604673][ C0] ---[ end trace 7207f0b41dad9676 ]--- [ 103.606830][ C0] ------------[ cut here ]------------ [ 103.608355][ C0] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 103.610340][ C0] WARNING: CPU: 0 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 103.612899][ C0] Modules linked in: [ 103.613998][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.15.178-syzkaller #0 [ 103.616513][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 103.619088][ C0] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 103.621210][ C0] pc : usb_submit_urb+0xa44/0x1588 [ 103.622684][ C0] lr : usb_submit_urb+0xa44/0x1588 [ 103.624127][ C0] sp : ffff8000080075e0 [ 103.625218][ C0] x29: ffff800008007620 x28: 0000000000000001 x27: ffff800012d51948 [ 103.627422][ C0] x26: ffff0000c92e6c00 x25: ffff0000c2ead000 x24: 000000000000000f [ 103.629592][ C0] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 103.631617][ C0] x20: 0000000000000a20 x19: ffff0000cf6b5200 x18: 0000000000000102 [ 103.632942][ T25] usb 1-1: USB disconnect, device number 2 [ 103.633712][ C0] x17: 0000000000000000 x16: ffff800008336568 x15: 00000000ffffffff [ 103.637314][ C0] x14: ffff800014b94b80 x13: 0000000000000001 x12: 0000000000000001 [ 103.639533][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : 0112a1afb139d500 [ 103.641686][ C0] x8 : 0112a1afb139d500 x7 : 0000000000000001 x6 : 0000000000000001 [ 103.643775][ C0] x5 : ffff800008006d58 x4 : ffff800014c50660 x3 : ffff8000083366b4 [ 103.645913][ C0] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000029 [ 103.648099][ C0] Call trace: [ 103.648924][ C0] usb_submit_urb+0xa44/0x1588 [ 103.650288][ C0] bcm5974_irq_trackpad+0x20c/0xdd0 [ 103.651660][ C0] __usb_hcd_giveback_urb+0x2e0/0x518 [ 103.653170][ C0] usb_hcd_giveback_urb+0x108/0x41c [ 103.654545][ C0] dummy_timer+0x66c/0x26cc [ 103.655743][ C0] call_timer_fn+0x19c/0x8f0 [ 103.657014][ C0] __run_timers+0x554/0x718 [ 103.658223][ C0] run_timer_softirq+0x7c/0x114 [ 103.659504][ C0] handle_softirqs+0x384/0xdbc [ 103.660768][ C0] __irq_exit_rcu+0x268/0x4d8 [ 103.662140][ C0] irq_exit+0x14/0x88 [ 103.663242][ C0] handle_domain_irq+0xf4/0x178 [ 103.664500][ C0] gic_handle_irq+0x78/0x1c8 [ 103.665756][ C0] call_on_irq_stack+0x24/0x4c [ 103.666986][ C0] do_interrupt_handler+0x74/0x94 [ 103.668423][ C0] el1_interrupt+0x30/0x58 [ 103.669662][ C0] el1h_64_irq_handler+0x18/0x24 [ 103.670981][ C0] el1h_64_irq+0x78/0x7c [ 103.672223][ C0] arch_local_irq_enable+0xc/0x18 [ 103.673594][ C0] default_idle_call+0xcc/0x4a8 [ 103.674881][ C0] do_idle+0x1d4/0x4dc [ 103.675999][ C0] cpu_startup_entry+0x24/0x28 [ 103.677398][ C0] rest_init+0x364/0x38c [ 103.678550][ C0] arch_call_rest_init+0x14/0x20 [ 103.679892][ C0] start_kernel+0x440/0x600 [ 103.681217][ C0] __primary_switched+0xa8/0xb0 [ 103.682490][ C0] irq event stamp: 281341 [ 103.683624][ C0] hardirqs last enabled at (281340): [] _raw_spin_unlock_irq+0x9c/0x134 [ 103.686349][ C0] hardirqs last disabled at (281341): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 103.689043][ C0] softirqs last enabled at (281266): [] handle_softirqs+0xb88/0xdbc [ 103.691828][ C0] softirqs last disabled at (281315): [] __irq_exit_rcu+0x268/0x4d8 [ 103.694440][ C0] ---[ end trace 7207f0b41dad9677 ]--- [ 103.695956][ C0] bcm5974 1-1:1.0: trackpad urb failed: -2 [ 103.701967][ T4843] bcm5974 1-1:1.0: could not read from device [ 103.970144][ T4129] Bluetooth: hci0: command 0x040f tx timeout 1970/01/01 00:01:44 executed programs: 3 [ 104.429525][ T4129] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 104.689697][ T4129] usb 1-1: Using ep0 maxpacket: 8 [ 104.829697][ T4129] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 15 [ 104.832369][ T4129] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 104.999693][ T4129] usb 1-1: New USB device found, idVendor=05ac, idProduct=0243, bcdDevice= 0.40 [ 105.002233][ T4129] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.004267][ T4129] usb 1-1: Product: syz [ 105.005293][ T4129] usb 1-1: Manufacturer: syz [ 105.006496][ T4129] usb 1-1: SerialNumber: syz [ 105.051746][ T4129] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input3 [ 105.469638][ T4843] ------------[ cut here ]------------ [ 105.471114][ T4843] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 105.473343][ T4843] WARNING: CPU: 0 PID: 4843 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 105.475875][ T4843] Modules linked in: [ 105.476883][ T4843] CPU: 0 PID: 4843 Comm: udevd Tainted: G W 5.15.178-syzkaller #0 [ 105.479249][ T4843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 105.482027][ T4843] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 105.484156][ T4843] pc : usb_submit_urb+0xa44/0x1588 [ 105.485525][ T4843] lr : usb_submit_urb+0xa44/0x1588 [ 105.486996][ T4843] sp : ffff80001fee7370 [ 105.488138][ T4843] x29: ffff80001fee73b0 x28: 0000000000000001 x27: ffff800012d51948 [ 105.490303][ T4843] x26: ffff0000c81da600 x25: ffff0000d725e000 x24: 000000000000000f [ 105.492408][ T4843] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 105.494542][ T4843] x20: 0000000000000cc0 x19: ffff0000cfaa2400 x18: 0000000000000001 [ 105.496717][ T4843] x17: 0000000000000000 x16: ffff800011b4e3fc x15: 00000000ffffffff [ 105.498857][ T4843] x14: ffff0000d9ce51c0 x13: 0000000000000001 x12: 0000000000000001 [ 105.501029][ T4843] x11: 0000000000000000 x10: 0000000000000000 x9 : d4bb4cbb27e5d600 [ 105.503269][ T4843] x8 : d4bb4cbb27e5d600 x7 : 0000000000000001 x6 : 0000000000000001 [ 105.505477][ T4843] x5 : ffff80001fee6ad8 x4 : ffff800014c50660 x3 : ffff8000085568c0 [ 105.507720][ T4843] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 105.509821][ T4843] Call trace: [ 105.510736][ T4843] usb_submit_urb+0xa44/0x1588 [ 105.511999][ T4843] bcm5974_start_traffic+0xe0/0x154 [ 105.513380][ T4843] bcm5974_open+0x98/0x134 [ 105.514550][ T4843] input_open_device+0x170/0x29c [ 105.515863][ T4843] evdev_open+0x308/0x4b4 [ 105.517014][ T4843] chrdev_open+0x3e8/0x4fc [ 105.518226][ T4843] do_dentry_open+0x780/0xed8 [ 105.519511][ T4843] vfs_open+0x7c/0x90 [ 105.520627][ T4843] path_openat+0x1ea0/0x26cc [ 105.521872][ T4843] do_filp_open+0x1a8/0x3b4 [ 105.523218][ T4843] do_sys_openat2+0x128/0x3e0 [ 105.524359][ T4843] __arm64_sys_openat+0x1f0/0x240 [ 105.525732][ T4843] invoke_syscall+0x98/0x2b8 [ 105.527037][ T4843] el0_svc_common+0x138/0x258 [ 105.528347][ T4843] do_el0_svc+0x58/0x14c [ 105.529528][ T4843] el0_svc+0x7c/0x1f0 [ 105.530555][ T4843] el0t_64_sync_handler+0x84/0xe4 [ 105.531864][ T4843] el0t_64_sync+0x1a0/0x1a4 [ 105.533094][ T4843] irq event stamp: 11100 [ 105.534191][ T4843] hardirqs last enabled at (11099): [] __up_console_sem+0xb4/0x100 [ 105.536738][ T4843] hardirqs last disabled at (11100): [] el1_dbg+0x24/0x80 [ 105.539101][ T4843] softirqs last enabled at (10536): [] local_bh_enable+0x10/0x34 [ 105.541620][ T4843] softirqs last disabled at (10534): [] local_bh_disable+0x10/0x34 [ 105.544222][ T4843] ---[ end trace 7207f0b41dad9678 ]--- [ 105.559467][ C0] ------------[ cut here ]------------ [ 105.561087][ C0] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 105.563057][ C0] WARNING: CPU: 0 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 105.565535][ C0] Modules linked in: [ 105.566587][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.15.178-syzkaller #0 [ 105.568918][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 105.571764][ C0] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 105.573888][ C0] pc : usb_submit_urb+0xa44/0x1588 [ 105.575225][ C0] lr : usb_submit_urb+0xa44/0x1588 [ 105.576708][ C0] sp : ffff8000080075e0 [ 105.577881][ C0] x29: ffff800008007620 x28: 0000000000000001 x27: ffff800012d51948 [ 105.580088][ C0] x26: ffff0000c81da600 x25: ffff0000d725e000 x24: 000000000000000f [ 105.582418][ C0] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 105.584562][ C0] x20: 0000000000000a20 x19: ffff0000cfaa2400 x18: 0000000000000102 [ 105.586841][ C0] x17: 0000000000000000 x16: ffff800011b4e3fc x15: 00000000ffffffff [ 105.588932][ C0] x14: ffff800014b94b80 x13: 0000000000000001 x12: 0000000000000001 [ 105.591213][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : 0112a1afb139d500 [ 105.593383][ C0] x8 : 0112a1afb139d500 x7 : 0000000000000001 x6 : 0000000000000001 [ 105.595478][ C0] x5 : ffff800008006d58 x4 : ffff800014c50660 x3 : ffff8000085568c0 [ 105.597560][ C0] x2 : 0000000000000001 x1 : 0000000100000101 x0 : 0000000000000029 [ 105.599718][ C0] Call trace: [ 105.600613][ C0] usb_submit_urb+0xa44/0x1588 [ 105.601966][ C0] bcm5974_irq_trackpad+0x20c/0xdd0 [ 105.603350][ C0] __usb_hcd_giveback_urb+0x2e0/0x518 [ 105.604870][ C0] usb_hcd_giveback_urb+0x108/0x41c [ 105.606288][ C0] dummy_timer+0x66c/0x26cc [ 105.607510][ C0] call_timer_fn+0x19c/0x8f0 [ 105.608786][ C0] __run_timers+0x554/0x718 [ 105.610031][ C0] run_timer_softirq+0x7c/0x114 [ 105.611310][ C0] handle_softirqs+0x384/0xdbc [ 105.612594][ C0] __irq_exit_rcu+0x268/0x4d8 [ 105.613743][ C0] irq_exit+0x14/0x88 [ 105.614743][ C0] handle_domain_irq+0xf4/0x178 [ 105.615964][ C0] gic_handle_irq+0x78/0x1c8 [ 105.617271][ C0] call_on_irq_stack+0x24/0x4c [ 105.618634][ C0] do_interrupt_handler+0x74/0x94 [ 105.620059][ C0] el1_interrupt+0x30/0x58 [ 105.621272][ C0] el1h_64_irq_handler+0x18/0x24 [ 105.622505][ C0] el1h_64_irq+0x78/0x7c [ 105.623665][ C0] arch_local_irq_enable+0xc/0x18 [ 105.624991][ C0] default_idle_call+0xcc/0x4a8 [ 105.626351][ C0] do_idle+0x1d4/0x4dc [ 105.627500][ C0] cpu_startup_entry+0x24/0x28 [ 105.628847][ C0] rest_init+0x364/0x38c [ 105.629939][ C0] arch_call_rest_init+0x14/0x20 [ 105.631354][ C0] start_kernel+0x440/0x600 [ 105.632539][ C0] __primary_switched+0xa8/0xb0 [ 105.633917][ C0] irq event stamp: 291677 [ 105.635174][ C0] hardirqs last enabled at (291676): [] _raw_spin_unlock_irq+0x9c/0x134 [ 105.637980][ C0] hardirqs last disabled at (291677): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 105.640765][ C0] softirqs last enabled at (291660): [] handle_softirqs+0xb88/0xdbc [ 105.643395][ C0] softirqs last disabled at (291673): [] __irq_exit_rcu+0x268/0x4d8 [ 105.646037][ C0] ---[ end trace 7207f0b41dad9679 ]--- [ 105.676364][ T4129] usb 1-1: USB disconnect, device number 3 [ 105.679684][ T4843] bcm5974 1-1:1.0: could not read from device [ 105.729242][ T136] device hsr_slave_0 left promiscuous mode [ 105.761465][ T136] device hsr_slave_1 left promiscuous mode [ 105.850090][ T136] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.852341][ T136] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 105.855064][ T136] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 105.857047][ T136] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.859609][ T136] device bridge_slave_1 left promiscuous mode [ 105.861434][ T136] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.910752][ T136] device bridge_slave_0 left promiscuous mode [ 105.912639][ T136] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.039716][ T136] device veth1_macvtap left promiscuous mode [ 106.041479][ T136] device veth0_macvtap left promiscuous mode [ 106.043102][ T136] device veth1_vlan left promiscuous mode [ 106.044672][ T136] device veth0_vlan left promiscuous mode [ 106.059558][ T4129] Bluetooth: hci0: command 0x0419 tx timeout [ 106.283004][ T136] team0 (unregistering): Port device team_slave_1 removed [ 106.293427][ T136] team0 (unregistering): Port device team_slave_0 removed [ 106.301557][ T136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 106.357712][ T136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 106.459547][ T4129] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 106.499783][ T136] bond0 (unregistering): Released all slaves [ 106.729502][ T4129] usb 1-1: Using ep0 maxpacket: 8 [ 106.879625][ T4129] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 15 [ 106.882196][ T4129] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 107.069676][ T4129] usb 1-1: New USB device found, idVendor=05ac, idProduct=0243, bcdDevice= 0.40 [ 107.072197][ T4129] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.074286][ T4129] usb 1-1: Product: syz [ 107.075366][ T4129] usb 1-1: Manufacturer: syz [ 107.076543][ T4129] usb 1-1: SerialNumber: syz [ 107.124883][ T4129] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input4 [ 107.549602][ T4846] ------------[ cut here ]------------ [ 107.551101][ T4846] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 107.553027][ T4846] WARNING: CPU: 0 PID: 4846 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 107.555591][ T4846] Modules linked in: [ 107.556554][ T4846] CPU: 0 PID: 4846 Comm: udevd Tainted: G W 5.15.178-syzkaller #0 [ 107.558861][ T4846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 107.561580][ T4846] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 107.563727][ T4846] pc : usb_submit_urb+0xa44/0x1588 [ 107.565067][ T4846] lr : usb_submit_urb+0xa44/0x1588 [ 107.566431][ T4846] sp : ffff800020027370 [ 107.567541][ T4846] x29: ffff8000200273b0 x28: 0000000000000001 x27: ffff800012d51948 [ 107.569600][ T4846] x26: ffff0000ec019e00 x25: ffff0000cdce7000 x24: 000000000000000f [ 107.571664][ T4846] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 107.573764][ T4846] x20: 0000000000000cc0 x19: ffff0000c0ffb400 x18: 0000000000000001 [ 107.575856][ T4846] x17: 0000000000000000 x16: ffff800011b4e3fc x15: 00000000ffffffff [ 107.577942][ T4846] x14: ffff0000ccaa8000 x13: 0000000000000001 x12: 0000000000000001 [ 107.580034][ T4846] x11: 0000000000000000 x10: 0000000000000000 x9 : e7a4d6d449765400 [ 107.582073][ T4846] x8 : e7a4d6d449765400 x7 : 0000000000000001 x6 : 0000000000000001 [ 107.584265][ T4846] x5 : ffff800020026ad8 x4 : ffff800014c50660 x3 : ffff8000085568c0 [ 107.586464][ T4846] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 107.588672][ T4846] Call trace: [ 107.589495][ T4846] usb_submit_urb+0xa44/0x1588 [ 107.590782][ T4846] bcm5974_start_traffic+0xe0/0x154 [ 107.592170][ T4846] bcm5974_open+0x98/0x134 [ 107.593317][ T4846] input_open_device+0x170/0x29c [ 107.594570][ T4846] evdev_open+0x308/0x4b4 [ 107.595677][ T4846] chrdev_open+0x3e8/0x4fc [ 107.596852][ T4846] do_dentry_open+0x780/0xed8 [ 107.598130][ T4846] vfs_open+0x7c/0x90 [ 107.599155][ T4846] path_openat+0x1ea0/0x26cc [ 107.600333][ T4846] do_filp_open+0x1a8/0x3b4 [ 107.601457][ T4846] do_sys_openat2+0x128/0x3e0 [ 107.602680][ T4846] __arm64_sys_openat+0x1f0/0x240 [ 107.604057][ T4846] invoke_syscall+0x98/0x2b8 [ 107.605280][ T4846] el0_svc_common+0x138/0x258 [ 107.606569][ T4846] do_el0_svc+0x58/0x14c [ 107.607710][ T4846] el0_svc+0x7c/0x1f0 [ 107.608770][ T4846] el0t_64_sync_handler+0x84/0xe4 [ 107.610095][ T4846] el0t_64_sync+0x1a0/0x1a4 [ 107.611339][ T4846] irq event stamp: 6236 [ 107.612441][ T4846] hardirqs last enabled at (6235): [] __up_console_sem+0xb4/0x100 [ 107.615013][ T4846] hardirqs last disabled at (6236): [] el1_dbg+0x24/0x80 [ 107.617368][ T4846] softirqs last enabled at (5094): [] local_bh_enable+0x10/0x34 [ 107.619778][ T4846] softirqs last disabled at (5092): [] local_bh_disable+0x10/0x34 [ 107.622249][ T4846] ---[ end trace 7207f0b41dad967a ]--- [ 107.639427][ C1] ------------[ cut here ]------------ [ 107.640948][ C1] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 107.642995][ C1] WARNING: CPU: 1 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 107.645606][ C1] Modules linked in: [ 107.646642][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.15.178-syzkaller #0 [ 107.649090][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 107.651808][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 107.653961][ C1] pc : usb_submit_urb+0xa44/0x1588 [ 107.655365][ C1] lr : usb_submit_urb+0xa44/0x1588 [ 107.656818][ C1] sp : ffff8000080175e0 [ 107.657952][ C1] x29: ffff800008017620 x28: 0000000000000001 x27: ffff800012d51948 [ 107.660169][ C1] x26: ffff0000ec019e00 x25: ffff0000cdce7000 x24: 000000000000000f [ 107.662401][ C1] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 107.664524][ C1] x20: 0000000000000a20 x19: ffff0000c0ffb400 x18: 0000000000000102 [ 107.666782][ C1] x17: 0000000000000000 x16: ffff800011b4e3fc x15: 00000000ffffffff [ 107.668927][ C1] x14: ffff0000c0a68000 x13: 0000000000000001 x12: 0000000000000001 [ 107.671086][ C1] x11: 0000000000000101 x10: 0000000000000000 x9 : eb282cf00f60cb00 [ 107.673333][ C1] x8 : eb282cf00f60cb00 x7 : 0000000000000001 x6 : 0000000000000001 [ 107.675462][ C1] x5 : ffff800008016d58 x4 : ffff800014c50660 x3 : ffff8000085568c0 [ 107.677636][ C1] x2 : 0000000000000001 x1 : 0000000100000101 x0 : 0000000000000029 [ 107.679847][ C1] Call trace: [ 107.680723][ C1] usb_submit_urb+0xa44/0x1588 [ 107.682054][ C1] bcm5974_irq_trackpad+0x20c/0xdd0 [ 107.683566][ C1] __usb_hcd_giveback_urb+0x2e0/0x518 [ 107.685228][ C1] usb_hcd_giveback_urb+0x108/0x41c [ 107.686663][ C1] dummy_timer+0x66c/0x26cc [ 107.687900][ C1] call_timer_fn+0x19c/0x8f0 [ 107.689288][ C1] __run_timers+0x554/0x718 [ 107.690551][ C1] run_timer_softirq+0x7c/0x114 [ 107.691921][ C1] handle_softirqs+0x384/0xdbc [ 107.693255][ C1] __irq_exit_rcu+0x268/0x4d8 [ 107.694523][ C1] irq_exit+0x14/0x88 [ 107.695651][ C1] handle_domain_irq+0xf4/0x178 [ 107.697038][ C1] gic_handle_irq+0x78/0x1c8 [ 107.698371][ C1] call_on_irq_stack+0x24/0x4c [ 107.699688][ C1] do_interrupt_handler+0x74/0x94 [ 107.701153][ C1] el1_interrupt+0x30/0x58 [ 107.702319][ C1] el1h_64_irq_handler+0x18/0x24 [ 107.703604][ C1] el1h_64_irq+0x78/0x7c [ 107.704701][ C1] arch_local_irq_enable+0xc/0x18 [ 107.706187][ C1] default_idle_call+0xcc/0x4a8 [ 107.707529][ C1] do_idle+0x1d4/0x4dc [ 107.708618][ C1] cpu_startup_entry+0x24/0x28 [ 107.710005][ C1] secondary_start_kernel+0x240/0x298 [ 107.711523][ C1] __secondary_switched+0x94/0x98 [ 107.712914][ C1] irq event stamp: 305839 [ 107.714180][ C1] hardirqs last enabled at (305838): [] _raw_spin_unlock_irq+0x9c/0x134 [ 107.717039][ C1] hardirqs last disabled at (305839): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 107.719836][ C1] softirqs last enabled at (305810): [] handle_softirqs+0xb88/0xdbc [ 107.722601][ C1] softirqs last disabled at (305835): [] __irq_exit_rcu+0x268/0x4d8 [ 107.725188][ C1] ---[ end trace 7207f0b41dad967b ]--- [ 107.727088][ C1] ------------[ cut here ]------------ [ 107.728500][ C1] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 107.730510][ C1] WARNING: CPU: 1 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 107.732959][ C1] Modules linked in: [ 107.734086][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.15.178-syzkaller #0 [ 107.736627][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 107.739397][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 107.741570][ C1] pc : usb_submit_urb+0xa44/0x1588 [ 107.742948][ C1] lr : usb_submit_urb+0xa44/0x1588 [ 107.744341][ C1] sp : ffff8000080175e0 [ 107.745541][ C1] x29: ffff800008017620 x28: 0000000000000001 x27: ffff800012d51948 [ 107.747637][ C1] x26: ffff0000ec019e00 x25: ffff0000cdce7000 x24: 000000000000000f [ 107.749848][ C1] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 107.752094][ C1] x20: 0000000000000a20 x19: ffff0000c0ffb400 x18: 0000000000000102 [ 107.754308][ C1] x17: 0000000000000000 x16: ffff800008336568 x15: 00000000ffffffff [ 107.756525][ C1] x14: ffff0000c0a68000 x13: 0000000000000001 x12: 0000000000000001 [ 107.758627][ C1] x11: 0000000000000101 x10: 0000000000000000 x9 : eb282cf00f60cb00 [ 107.760829][ C1] x8 : eb282cf00f60cb00 x7 : 0000000000000001 x6 : 0000000000000001 [ 107.763048][ C1] x5 : ffff800008016d58 x4 : ffff800014c50660 x3 : ffff8000083366b4 [ 107.765340][ C1] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000029 [ 107.767431][ C1] Call trace: [ 107.768311][ C1] usb_submit_urb+0xa44/0x1588 [ 107.769535][ C1] bcm5974_irq_trackpad+0x20c/0xdd0 [ 107.770977][ C1] __usb_hcd_giveback_urb+0x2e0/0x518 [ 107.772399][ C1] usb_hcd_giveback_urb+0x108/0x41c [ 107.773757][ C1] dummy_timer+0x66c/0x26cc [ 107.774970][ C1] call_timer_fn+0x19c/0x8f0 [ 107.776164][ C1] __run_timers+0x554/0x718 [ 107.777357][ C1] run_timer_softirq+0x7c/0x114 [ 107.778607][ C1] handle_softirqs+0x384/0xdbc [ 107.779861][ C1] __irq_exit_rcu+0x268/0x4d8 [ 107.781144][ C1] irq_exit+0x14/0x88 [ 107.782203][ C1] handle_domain_irq+0xf4/0x178 [ 107.783551][ C1] gic_handle_irq+0x78/0x1c8 [ 107.784736][ C1] call_on_irq_stack+0x24/0x4c [ 107.786106][ C1] do_interrupt_handler+0x74/0x94 [ 107.787476][ C1] el1_interrupt+0x30/0x58 [ 107.788682][ C1] el1h_64_irq_handler+0x18/0x24 [ 107.790062][ C1] el1h_64_irq+0x78/0x7c [ 107.791182][ C1] arch_local_irq_enable+0xc/0x18 [ 107.792574][ C1] default_idle_call+0xcc/0x4a8 [ 107.793881][ C1] do_idle+0x1d4/0x4dc [ 107.795033][ C1] cpu_startup_entry+0x24/0x28 [ 107.796410][ C1] secondary_start_kernel+0x240/0x298 [ 107.797861][ C1] __secondary_switched+0x94/0x98 [ 107.799198][ C1] irq event stamp: 305897 [ 107.800349][ C1] hardirqs last enabled at (305896): [] _raw_spin_unlock_irq+0x9c/0x134 [ 107.803039][ C1] hardirqs last disabled at (305897): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 107.805873][ C1] softirqs last enabled at (305810): [] handle_softirqs+0xb88/0xdbc [ 107.808508][ C1] softirqs last disabled at (305835): [] __irq_exit_rcu+0x268/0x4d8 [ 107.811171][ C1] ---[ end trace 7207f0b41dad967c ]--- [ 107.812828][ C1] ------------[ cut here ]------------ [ 107.814212][ C1] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 107.816071][ C1] WARNING: CPU: 1 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 107.818362][ T4129] usb 1-1: USB disconnect, device number 4 [ 107.818431][ C1] Modules linked in: [ 107.821089][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.15.178-syzkaller #0 [ 107.823594][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 107.826310][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 107.828454][ C1] pc : usb_submit_urb+0xa44/0x1588 [ 107.829917][ C1] lr : usb_submit_urb+0xa44/0x1588 [ 107.831291][ C1] sp : ffff8000080175e0 [ 107.832412][ C1] x29: ffff800008017620 x28: 0000000000000001 x27: ffff800012d51948 [ 107.834621][ C1] x26: ffff0000ec019e00 x25: ffff0000cdce7000 x24: 000000000000000f [ 107.836713][ C1] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 107.838979][ C1] x20: 0000000000000a20 x19: ffff0000c0ffb400 x18: 0000000000000102 [ 107.841153][ C1] x17: 0000000000000000 x16: ffff800008336568 x15: 00000000ffffffff [ 107.843295][ C1] x14: ffff0000c0a68000 x13: 0000000000000001 x12: 0000000000000001 [ 107.845455][ C1] x11: 0000000000000101 x10: 0000000000000000 x9 : eb282cf00f60cb00 [ 107.847579][ C1] x8 : eb282cf00f60cb00 x7 : 0000000000000001 x6 : 0000000000000001 [ 107.849768][ C1] x5 : ffff800008016d58 x4 : ffff800014c50660 x3 : ffff8000083366b4 [ 107.851894][ C1] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000029 [ 107.853976][ C1] Call trace: [ 107.854808][ C1] usb_submit_urb+0xa44/0x1588 [ 107.856064][ C1] bcm5974_irq_trackpad+0x20c/0xdd0 [ 107.857441][ C1] __usb_hcd_giveback_urb+0x2e0/0x518 [ 107.858896][ C1] usb_hcd_giveback_urb+0x108/0x41c [ 107.860296][ C1] dummy_timer+0x66c/0x26cc [ 107.861525][ C1] call_timer_fn+0x19c/0x8f0 [ 107.862702][ C1] __run_timers+0x554/0x718 [ 107.863941][ C1] run_timer_softirq+0x7c/0x114 [ 107.865246][ C1] handle_softirqs+0x384/0xdbc [ 107.866528][ C1] __irq_exit_rcu+0x268/0x4d8 [ 107.867772][ C1] irq_exit+0x14/0x88 [ 107.868868][ C1] handle_domain_irq+0xf4/0x178 [ 107.870142][ C1] gic_handle_irq+0x78/0x1c8 [ 107.871331][ C1] call_on_irq_stack+0x24/0x4c [ 107.872590][ C1] do_interrupt_handler+0x74/0x94 [ 107.873918][ C1] el1_interrupt+0x30/0x58 [ 107.875046][ C1] el1h_64_irq_handler+0x18/0x24 [ 107.876404][ C1] el1h_64_irq+0x78/0x7c [ 107.877477][ C1] arch_local_irq_enable+0xc/0x18 [ 107.878896][ C1] default_idle_call+0xcc/0x4a8 [ 107.880205][ C1] do_idle+0x1d4/0x4dc [ 107.881343][ C1] cpu_startup_entry+0x24/0x28 [ 107.882845][ C1] secondary_start_kernel+0x240/0x298 [ 107.884318][ C1] __secondary_switched+0x94/0x98 [ 107.885677][ C1] irq event stamp: 305913 [ 107.886808][ C1] hardirqs last enabled at (305912): [] _raw_spin_unlock_irq+0x9c/0x134 [ 107.889558][ C1] hardirqs last disabled at (305913): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 107.892286][ C1] softirqs last enabled at (305810): [] handle_softirqs+0xb88/0xdbc [ 107.894893][ C1] softirqs last disabled at (305835): [] __irq_exit_rcu+0x268/0x4d8 [ 107.897586][ C1] ---[ end trace 7207f0b41dad967d ]--- [ 107.899059][ C1] bcm5974 1-1:1.0: trackpad urb failed: -2 [ 107.919640][ T4846] bcm5974 1-1:1.0: could not read from device [ 108.609504][ T4129] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 108.849562][ T4129] usb 1-1: Using ep0 maxpacket: 8 [ 108.969649][ T4129] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 15 [ 108.972494][ T4129] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 109.129617][ T4129] usb 1-1: New USB device found, idVendor=05ac, idProduct=0243, bcdDevice= 0.40 [ 109.132194][ T4129] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.134406][ T4129] usb 1-1: Product: syz [ 109.135748][ T4129] usb 1-1: Manufacturer: syz [ 109.136860][ T4129] usb 1-1: SerialNumber: syz [ 109.183131][ T4129] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input5 [ 109.609628][ T4846] ------------[ cut here ]------------ [ 109.611099][ T4846] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 109.613122][ T4846] WARNING: CPU: 1 PID: 4846 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 109.615761][ T4846] Modules linked in: [ 109.616885][ T4846] CPU: 1 PID: 4846 Comm: udevd Tainted: G W 5.15.178-syzkaller #0 [ 109.619297][ T4846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 109.622139][ T4846] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 109.624278][ T4846] pc : usb_submit_urb+0xa44/0x1588 [ 109.625639][ T4846] lr : usb_submit_urb+0xa44/0x1588 [ 109.627082][ T4846] sp : ffff800020027370 [ 109.628218][ T4846] x29: ffff8000200273b0 x28: 0000000000000001 x27: ffff800012d51948 [ 109.630512][ T4846] x26: ffff0000c2712000 x25: ffff0000d129f000 x24: 000000000000000f [ 109.632686][ T4846] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 109.634861][ T4846] x20: 0000000000000cc0 x19: ffff0000cff95000 x18: 0000000000000001 [ 109.636976][ T4846] x17: 0000000000000000 x16: ffff800011b4e3fc x15: 00000000ffffffff [ 109.639176][ T4846] x14: ffff0000ccaa8000 x13: 0000000000000001 x12: 0000000000000001 [ 109.641296][ T4846] x11: 0000000000000000 x10: 0000000000000000 x9 : e7a4d6d449765400 [ 109.643452][ T4846] x8 : e7a4d6d449765400 x7 : 0000000000000001 x6 : 0000000000000001 [ 109.645651][ T4846] x5 : ffff800020026ad8 x4 : ffff800014c50660 x3 : ffff8000085568c0 [ 109.647794][ T4846] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 109.649910][ T4846] Call trace: [ 109.650766][ T4846] usb_submit_urb+0xa44/0x1588 [ 109.652063][ T4846] bcm5974_start_traffic+0xe0/0x154 [ 109.653448][ T4846] bcm5974_open+0x98/0x134 [ 109.654575][ T4846] input_open_device+0x170/0x29c [ 109.655927][ T4846] evdev_open+0x308/0x4b4 [ 109.657003][ T4846] chrdev_open+0x3e8/0x4fc [ 109.658168][ T4846] do_dentry_open+0x780/0xed8 [ 109.659355][ T4846] vfs_open+0x7c/0x90 [ 109.660506][ T4846] path_openat+0x1ea0/0x26cc [ 109.661662][ T4846] do_filp_open+0x1a8/0x3b4 [ 109.662864][ T4846] do_sys_openat2+0x128/0x3e0 [ 109.664198][ T4846] __arm64_sys_openat+0x1f0/0x240 [ 109.665602][ T4846] invoke_syscall+0x98/0x2b8 [ 109.666872][ T4846] el0_svc_common+0x138/0x258 [ 109.668155][ T4846] do_el0_svc+0x58/0x14c [ 109.669232][ T4846] el0_svc+0x7c/0x1f0 [ 109.670298][ T4846] el0t_64_sync_handler+0x84/0xe4 [ 109.671688][ T4846] el0t_64_sync+0x1a0/0x1a4 [ 109.672859][ T4846] irq event stamp: 12694 [ 109.673930][ T4846] hardirqs last enabled at (12693): [] __up_console_sem+0xb4/0x100 [ 109.676513][ T4846] hardirqs last disabled at (12694): [] el1_dbg+0x24/0x80 [ 109.678785][ T4846] softirqs last enabled at (10832): [] handle_softirqs+0xb88/0xdbc [ 109.681330][ T4846] softirqs last disabled at (10823): [] __irq_exit_rcu+0x268/0x4d8 [ 109.683956][ T4846] ---[ end trace 7207f0b41dad967e ]--- [ 109.709540][ C1] ------------[ cut here ]------------ [ 109.711110][ C1] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 109.713106][ C1] WARNING: CPU: 1 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 109.715623][ C1] Modules linked in: [ 109.716637][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.15.178-syzkaller #0 [ 109.719204][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 109.721944][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 109.724031][ C1] pc : usb_submit_urb+0xa44/0x1588 [ 109.725456][ C1] lr : usb_submit_urb+0xa44/0x1588 [ 109.726866][ C1] sp : ffff8000080175e0 [ 109.728002][ C1] x29: ffff800008017620 x28: 0000000000000001 x27: ffff800012d51948 [ 109.730253][ C1] x26: ffff0000c2712000 x25: ffff0000d129f000 x24: 000000000000000f [ 109.732390][ C1] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 109.734586][ C1] x20: 0000000000000a20 x19: ffff0000cff95000 x18: 0000000000000102 [ 109.736750][ C1] x17: 0000000000000000 x16: ffff800011b4e3fc x15: 00000000ffffffff [ 109.738921][ C1] x14: ffff0000c0a68000 x13: 0000000000000001 x12: 0000000000000001 [ 109.741059][ C1] x11: 0000000000000101 x10: 0000000000000000 x9 : eb282cf00f60cb00 [ 109.743206][ C1] x8 : eb282cf00f60cb00 x7 : 0000000000000001 x6 : 0000000000000001 [ 109.745370][ C1] x5 : ffff800008016d58 x4 : ffff800014c50660 x3 : ffff8000085568c0 [ 109.747549][ C1] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000029 [ 109.749698][ C1] Call trace: [ 109.750606][ C1] usb_submit_urb+0xa44/0x1588 [ 109.751909][ C1] bcm5974_irq_trackpad+0x20c/0xdd0 [ 109.753321][ C1] __usb_hcd_giveback_urb+0x2e0/0x518 [ 109.754842][ C1] usb_hcd_giveback_urb+0x108/0x41c [ 109.756295][ C1] dummy_timer+0x66c/0x26cc [ 109.757510][ C1] call_timer_fn+0x19c/0x8f0 [ 109.758733][ C1] __run_timers+0x554/0x718 [ 109.760000][ C1] run_timer_softirq+0x7c/0x114 [ 109.761320][ C1] handle_softirqs+0x384/0xdbc [ 109.762664][ C1] __irq_exit_rcu+0x268/0x4d8 [ 109.763886][ C1] irq_exit+0x14/0x88 [ 109.764993][ C1] handle_domain_irq+0xf4/0x178 [ 109.766324][ C1] gic_handle_irq+0x78/0x1c8 [ 109.767529][ C1] call_on_irq_stack+0x24/0x4c [ 109.768732][ C1] do_interrupt_handler+0x74/0x94 [ 109.770061][ C1] el1_interrupt+0x30/0x58 [ 109.771328][ C1] el1h_64_irq_handler+0x18/0x24 [ 109.772635][ C1] el1h_64_irq+0x78/0x7c [ 109.773735][ C1] arch_local_irq_enable+0xc/0x18 [ 109.775055][ C1] default_idle_call+0xcc/0x4a8 [ 109.776420][ C1] do_idle+0x1d4/0x4dc [ 109.777553][ C1] cpu_startup_entry+0x24/0x28 [ 109.778832][ C1] secondary_start_kernel+0x240/0x298 [ 109.780297][ C1] __secondary_switched+0x94/0x98 [ 109.781660][ C1] irq event stamp: 310375 [ 109.782856][ C1] hardirqs last enabled at (310374): [] _raw_spin_unlock_irq+0x9c/0x134 [ 109.785605][ C1] hardirqs last disabled at (310375): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 109.788436][ C1] softirqs last enabled at (310352): [] handle_softirqs+0xb88/0xdbc [ 109.790972][ C1] softirqs last disabled at (310371): [] __irq_exit_rcu+0x268/0x4d8 [ 109.793573][ C1] ---[ end trace 7207f0b41dad967f ]--- [ 109.813562][ T4036] usb 1-1: USB disconnect, device number 5 [ 109.829571][ T4846] bcm5974 1-1:1.0: could not read from device 1970/01/01 00:01:50 executed programs: 6 [ 110.589515][ T4036] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 110.839456][ T4036] usb 1-1: Using ep0 maxpacket: 8 [ 110.959641][ T4036] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 15 [ 110.962255][ T4036] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 111.139597][ T4036] usb 1-1: New USB device found, idVendor=05ac, idProduct=0243, bcdDevice= 0.40 [ 111.142115][ T4036] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.144173][ T4036] usb 1-1: Product: syz [ 111.145206][ T4036] usb 1-1: Manufacturer: syz [ 111.146399][ T4036] usb 1-1: SerialNumber: syz [ 111.192636][ T4036] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input6 [ 111.629679][ T4846] ------------[ cut here ]------------ [ 111.631223][ T4846] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 111.633197][ T4846] WARNING: CPU: 0 PID: 4846 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 111.635626][ T4846] Modules linked in: [ 111.636743][ T4846] CPU: 0 PID: 4846 Comm: udevd Tainted: G W 5.15.178-syzkaller #0 [ 111.639019][ T4846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 111.641720][ T4846] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 111.643740][ T4846] pc : usb_submit_urb+0xa44/0x1588 [ 111.645142][ T4846] lr : usb_submit_urb+0xa44/0x1588 [ 111.646423][ T4846] sp : ffff800020027370 [ 111.647578][ T4846] x29: ffff8000200273b0 x28: 0000000000000001 x27: ffff800012d51948 [ 111.649696][ T4846] x26: ffff0000d223ed00 x25: ffff0000d7d2a000 x24: 000000000000000f [ 111.651796][ T4846] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 111.653879][ T4846] x20: 0000000000000cc0 x19: ffff0000c2a54400 x18: 0000000000000001 [ 111.656072][ T4846] x17: 0000000000000000 x16: ffff800011b4e3fc x15: 00000000ffffffff [ 111.658279][ T4846] x14: ffff0000ccaa8000 x13: 0000000000000001 x12: 0000000000000001 [ 111.660422][ T4846] x11: 0000000000000000 x10: 0000000000000000 x9 : e7a4d6d449765400 [ 111.662613][ T4846] x8 : e7a4d6d449765400 x7 : 0000000000000001 x6 : 0000000000000001 [ 111.664721][ T4846] x5 : ffff800020026ad8 x4 : ffff800014c50660 x3 : ffff8000085568c0 [ 111.666833][ T4846] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029 [ 111.668899][ T4846] Call trace: [ 111.669758][ T4846] usb_submit_urb+0xa44/0x1588 [ 111.670901][ T4846] bcm5974_start_traffic+0xe0/0x154 [ 111.672221][ T4846] bcm5974_open+0x98/0x134 [ 111.673476][ T4846] input_open_device+0x170/0x29c [ 111.674826][ T4846] evdev_open+0x308/0x4b4 [ 111.675946][ T4846] chrdev_open+0x3e8/0x4fc [ 111.677058][ T4846] do_dentry_open+0x780/0xed8 [ 111.678190][ T4846] vfs_open+0x7c/0x90 [ 111.679247][ T4846] path_openat+0x1ea0/0x26cc [ 111.680493][ T4846] do_filp_open+0x1a8/0x3b4 [ 111.681593][ T4846] do_sys_openat2+0x128/0x3e0 [ 111.682812][ T4846] __arm64_sys_openat+0x1f0/0x240 [ 111.684104][ T4846] invoke_syscall+0x98/0x2b8 [ 111.685260][ T4846] el0_svc_common+0x138/0x258 [ 111.686457][ T4846] do_el0_svc+0x58/0x14c [ 111.687461][ T4846] el0_svc+0x7c/0x1f0 [ 111.688464][ T4846] el0t_64_sync_handler+0x84/0xe4 [ 111.689751][ T4846] el0t_64_sync+0x1a0/0x1a4 [ 111.690804][ T4846] irq event stamp: 20098 [ 111.691921][ T4846] hardirqs last enabled at (20097): [] __up_console_sem+0xb4/0x100 [ 111.694449][ T4846] hardirqs last disabled at (20098): [] el1_dbg+0x24/0x80 [ 111.696818][ T4846] softirqs last enabled at (19816): [] handle_softirqs+0xb88/0xdbc [ 111.699299][ T4846] softirqs last disabled at (19807): [] __irq_exit_rcu+0x268/0x4d8 [ 111.701927][ T4846] ---[ end trace 7207f0b41dad9680 ]--- [ 111.719498][ C0] ------------[ cut here ]------------ [ 111.720985][ C0] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 111.722942][ C0] WARNING: CPU: 0 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 111.725420][ C0] Modules linked in: [ 111.726368][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.15.178-syzkaller #0 [ 111.728856][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 111.731569][ C0] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 111.733747][ C0] pc : usb_submit_urb+0xa44/0x1588 [ 111.735143][ C0] lr : usb_submit_urb+0xa44/0x1588 [ 111.736507][ C0] sp : ffff8000080075e0 [ 111.737545][ C0] x29: ffff800008007620 x28: 0000000000000001 x27: ffff800012d51948 [ 111.739796][ C0] x26: ffff0000d223ed00 x25: ffff0000d7d2a000 x24: 000000000000000f [ 111.742049][ C0] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 111.744206][ C0] x20: 0000000000000a20 x19: ffff0000c2a54400 x18: 0000000000000102 [ 111.746302][ C0] x17: 0000000000000000 x16: ffff800011b4e3fc x15: 00000000ffffffff [ 111.748391][ C0] x14: ffff800014b94b80 x13: 0000000000000001 x12: 0000000000000001 [ 111.750526][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : 0112a1afb139d500 [ 111.752710][ C0] x8 : 0112a1afb139d500 x7 : 0000000000000001 x6 : 0000000000000001 [ 111.754885][ C0] x5 : ffff800008006d58 x4 : ffff800014c50660 x3 : ffff8000085568c0 [ 111.757029][ C0] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000029 [ 111.759237][ C0] Call trace: [ 111.760117][ C0] usb_submit_urb+0xa44/0x1588 [ 111.761324][ C0] bcm5974_irq_trackpad+0x20c/0xdd0 [ 111.762728][ C0] __usb_hcd_giveback_urb+0x2e0/0x518 [ 111.764259][ C0] usb_hcd_giveback_urb+0x108/0x41c [ 111.765643][ C0] dummy_timer+0x66c/0x26cc [ 111.766758][ C0] call_timer_fn+0x19c/0x8f0 [ 111.767960][ C0] __run_timers+0x554/0x718 [ 111.769210][ C0] run_timer_softirq+0x7c/0x114 [ 111.770567][ C0] handle_softirqs+0x384/0xdbc [ 111.771805][ C0] __irq_exit_rcu+0x268/0x4d8 [ 111.773077][ C0] irq_exit+0x14/0x88 [ 111.774104][ C0] handle_domain_irq+0xf4/0x178 [ 111.775432][ C0] gic_handle_irq+0x78/0x1c8 [ 111.776598][ C0] call_on_irq_stack+0x24/0x4c [ 111.777908][ C0] do_interrupt_handler+0x74/0x94 [ 111.779299][ C0] el1_interrupt+0x30/0x58 [ 111.780541][ C0] el1h_64_irq_handler+0x18/0x24 [ 111.781859][ C0] el1h_64_irq+0x78/0x7c [ 111.782984][ C0] arch_local_irq_enable+0xc/0x18 [ 111.784471][ C0] default_idle_call+0xcc/0x4a8 [ 111.785727][ C0] do_idle+0x1d4/0x4dc [ 111.786816][ C0] cpu_startup_entry+0x24/0x28 [ 111.788157][ C0] rest_init+0x364/0x38c [ 111.789431][ C0] arch_call_rest_init+0x14/0x20 [ 111.790833][ C0] start_kernel+0x440/0x600 [ 111.792086][ C0] __primary_switched+0xa8/0xb0 [ 111.793380][ C0] irq event stamp: 322343 [ 111.794583][ C0] hardirqs last enabled at (322342): [] exit_el1_irq_or_nmi+0x10/0x1c [ 111.797203][ C0] hardirqs last disabled at (322343): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 111.799930][ C0] softirqs last enabled at (322318): [] handle_softirqs+0xb88/0xdbc [ 111.802548][ C0] softirqs last disabled at (322337): [] __irq_exit_rcu+0x268/0x4d8 [ 111.805050][ C0] ---[ end trace 7207f0b41dad9681 ]--- [ 111.806685][ C0] ------------[ cut here ]------------ [ 111.808138][ C0] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 111.810148][ C0] WARNING: CPU: 0 PID: 0 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 [ 111.812687][ C0] Modules linked in: [ 111.813706][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.15.178-syzkaller #0 [ 111.816123][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 111.818951][ C0] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 111.821214][ C0] pc : usb_submit_urb+0xa44/0x1588 [ 111.822646][ C0] lr : usb_submit_urb+0xa44/0x1588 [ 111.824055][ C0] sp : ffff8000080075e0 [ 111.825151][ C0] x29: ffff800008007620 x28: 0000000000000001 x27: ffff800012d51948 [ 111.827322][ C0] x26: ffff0000d223ed00 x25: ffff0000d7d2a000 x24: 000000000000000f [ 111.829438][ C0] x23: ffff800012d58200 x22: dfff800000000000 x21: 0000000000000002 [ 111.830242][ T25] usb 1-1: USB disconnect, device number 6 [ 111.831604][ C0] x20: 0000000000000a20 x19: ffff0000c2a54400 x18: 0000000000000102 [ 111.835306][ C0] x17: 0000000000000000 x16: ffff800008336568 x15: 00000000ffffffff [ 111.837368][ C0] x14: ffff800014b94b80 x13: 0000000000000001 x12: 0000000000000001 [ 111.839487][ C0] x11: 0000000000000101 x10: 0000000000000000 x9 : 0112a1afb139d500 [ 111.841673][ C0] x8 : 0112a1afb139d500 x7 : 0000000000000001 x6 : 0000000000000001 [ 111.843887][ C0] x5 : ffff800008006d58 x4 : ffff800014c50660 x3 : ffff8000083366b4 [ 111.846176][ C0] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000029 [ 111.848381][ C0] Call trace: [ 111.849305][ C0] usb_submit_urb+0xa44/0x1588 [ 111.850524][ C0] bcm5974_irq_trackpad+0x20c/0xdd0 [ 111.851963][ C0] __usb_hcd_giveback_urb+0x2e0/0x518 [ 111.853432][ C0] usb_hcd_giveback_urb+0x108/0x41c [ 111.854883][ C0] dummy_timer+0x66c/0x26cc [ 111.856097][ C0] call_timer_fn+0x19c/0x8f0 [ 111.857340][ C0] __run_timers+0x554/0x718 [ 111.858560][ C0] run_timer_softirq+0x7c/0x114 [ 111.859848][ C0] handle_softirqs+0x384/0xdbc [ 111.861158][ C0] __irq_exit_rcu+0x268/0x4d8 [ 111.862483][ C0] irq_exit+0x14/0x88 [ 111.863555][ C0] handle_domain_irq+0xf4/0x178 [ 111.864911][ C0] gic_handle_irq+0x78/0x1c8 [ 111.866159][ C0] call_on_irq_stack+0x24/0x4c [ 111.867396][ C0] do_interrupt_handler+0x74/0x94 [ 111.868808][ C0] el1_interrupt+0x30/0x58 [ 111.870009][ C0] el1h_64_irq_handler+0x18/0x24 [ 111.871360][ C0] el1h_64_irq+0x78/0x7c [ 111.872445][ C0] arch_local_irq_enable+0xc/0x18 [ 111.873961][ C0] default_idle_call+0xcc/0x4a8 [ 111.875297][ C0] do_idle+0x1d4/0x4dc [ 111.876508][ C0] cpu_startup_entry+0x24/0x28 [ 111.877814][ C0] rest_init+0x364/0x38c [ 111.878987][ C0] arch_call_rest_init+0x14/0x20 [ 111.880337][ C0] start_kernel+0x440/0x600 [ 111.881515][ C0] __primary_switched+0xa8/0xb0 [ 111.882903][ C0] irq event stamp: 322349 [ 111.884077][ C0] hardirqs last enabled at (322348): [] _raw_spin_unlock_irq+0x9c/0x134 [ 111.886934][ C0] hardirqs last disabled at (322349): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 111.889733][ C0] softirqs last enabled at (322318): [] handle_softirqs+0xb88/0xdbc [ 111.892327][ C0] softirqs last disabled at (322337): [] __irq_exit_rcu+0x268/0x4d8 [ 111.894970][ C0] ---[ end trace 7207f0b41dad9682 ]--- [ 111.896547][ C0] bcm5974 1-1:1.0: trackpad urb failed: -2 [ 111.920710][ T25] bcm5974 1-1:1.0: could not read from device [ 112.629566][ T4129] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 112.869509][ T4129] usb 1-1: Using ep0 maxpacket: 8 [ 112.989581][ T4129] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 15 [ 112.992221][ T4129] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 113.149603][ T4129] usb 1-1: New USB device found, idVendor=05ac, idProduct=0243, bcdDevice= 0.40 [ 113.152074][ T4129] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.154176][ T4129] usb 1-1: Product: syz [ 113.155196][ T4129] usb 1-1: Manufacturer: syz [ 113.156388][ T4129] usb 1-1: SerialNumber: syz [ 113.202815][ T4129] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input7