./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4110877199 <...> Warning: Permanently added '10.128.0.241' (ED25519) to the list of known hosts. execve("./syz-executor4110877199", ["./syz-executor4110877199"], 0x7ffd07e94a20 /* 10 vars */) = 0 brk(NULL) = 0x55555d4a6000 brk(0x55555d4a6d00) = 0x55555d4a6d00 arch_prctl(ARCH_SET_FS, 0x55555d4a6380) = 0 set_tid_address(0x55555d4a6650) = 5832 set_robust_list(0x55555d4a6660, 24) = 0 rseq(0x55555d4a6ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4110877199", 4096) = 28 getrandom("\x3f\xc1\x78\x30\x07\xa2\xc7\xc3", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555d4a6d00 brk(0x55555d4c7d00) = 0x55555d4c7d00 brk(0x55555d4c8000) = 0x55555d4c8000 mprotect(0x7fa54bd14000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5833 attached [pid 5833] set_robust_list(0x55555d4a6660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55555d4a6650) = 5833 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] write(1, "executing program\n", 18executing program ) = 18 [pid 5833] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5833] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3a50eb70) = 18 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [ 92.565648][ T975] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3a50eb70) = 18 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3a50eb70) = 9 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3a50eb70) = 18 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3a50eb70) = 4 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3a50eb70) = 8 [ 92.735398][ T975] usb 1-1: Using ep0 maxpacket: 16 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3a50eb70) = 8 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3a50eb70) = 8 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fb80) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff3a50eb70) = 0 [ 92.779914][ T975] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 92.789628][ T975] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.798042][ T975] usb 1-1: Product: syz [ 92.802267][ T975] usb 1-1: Manufacturer: syz [ 92.807029][ T975] usb 1-1: SerialNumber: syz [ 92.815365][ T975] usb 1-1: config 0 descriptor?? [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fbb0) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff3a50eba0) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3a50fbb0) = 0 [pid 5833] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff3a50eba0) = 0 [ 93.282573][ T975] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 93.294166][ T975] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 93.304827][ T975] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 93.313077][ T975] usb 1-1: media controller created [ 93.333964][ T975] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [pid 5833] openat(AT_FDCWD, "/dev/i2c-1", O_RDWR|O_APPEND) = 4 [ 93.877080][ T975] zl10353_read_register: readreg error (reg=127, ret==0) [ 93.884231][ T975] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 93.892245][ T975] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 93.905448][ T5833] ------------[ cut here ]------------ [ 93.911085][ T5833] usb 1-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0 [ 93.926065][ T5833] WARNING: CPU: 0 PID: 5833 at drivers/usb/core/urb.c:413 usb_submit_urb+0x1112/0x1870 [ 93.935950][ T5833] Modules linked in: [ 93.940033][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor411 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 93.950597][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 93.961231][ T5833] RIP: 0010:usb_submit_urb+0x1112/0x1870 [ 93.967031][ T5833] Code: 0f b6 44 05 00 84 c0 0f 85 38 06 00 00 45 0f b6 04 24 48 c7 c7 a0 87 12 8c 48 8b 74 24 18 4c 89 fa 44 89 f1 e8 df db 6e fa 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 2b f4 ff ff 89 e9 80 [ 93.986872][ T5833] RSP: 0018:ffffc9000440f610 EFLAGS: 00010246 [ 93.993185][ T5833] RAX: eecd5c38d4424c00 RBX: ffff888021eac200 RCX: ffff888033e81e00 [ 94.001632][ T5833] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 94.009971][ T5833] RBP: 1ffff1100435d80c R08: 0000000000000003 R09: 0000000000000004 [ 94.018082][ T5833] R10: dffffc0000000000 R11: fffffbfff1bba984 R12: ffff888021aec060 [ 94.026172][ T5833] R13: dffffc0000000000 R14: 0000000080000280 R15: ffff888028cb5dc0 [ 94.034188][ T5833] FS: 000055555d4a6380(0000) GS:ffff8881260c2000(0000) knlGS:0000000000000000 [ 94.043232][ T5833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 94.049953][ T5833] CR2: 00007fd4d4ed1140 CR3: 00000000779d6000 CR4: 00000000003526f0 [ 94.058031][ T5833] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 94.066107][ T5833] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 94.074301][ T5833] Call Trace: [ 94.077771][ T5833] [ 94.080847][ T5833] usb_start_wait_urb+0x114/0x4c0 [ 94.086013][ T5833] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 94.091792][ T5833] usb_control_msg+0x232/0x3e0 [ 94.096730][ T5833] dtv5100_i2c_msg+0x250/0x330 [ 94.101568][ T5833] dtv5100_i2c_xfer+0x1a4/0x3c0 [ 94.106780][ T5833] __i2c_transfer+0x871/0x2170 [ 94.111776][ T5833] ? i2c_transfer+0x120/0x3a0 [ 94.116557][ T5833] ? __pfx___i2c_transfer+0x10/0x10 [ 94.121809][ T5833] ? rt_mutex_lock_nested+0x172/0x1e0 [ 94.127382][ T5833] ? i2c_transfer+0x120/0x3a0 [ 94.132155][ T5833] i2c_transfer+0x25b/0x3a0 [ 94.136761][ T5833] ? __pfx_i2c_transfer+0x10/0x10 [ 94.141848][ T5833] ? __might_fault+0xb0/0x130 [ 94.146686][ T5833] i2c_transfer_buffer_flags+0x105/0x190 [ 94.152363][ T5833] ? __pfx_i2c_transfer_buffer_flags+0x10/0x10 [ 94.158684][ T5833] ? _copy_from_user+0x94/0xb0 [ 94.163503][ T5833] i2cdev_write+0x112/0x1b0 [ 94.168130][ T5833] vfs_writev+0x4a5/0x9a0 [ 94.172504][ T5833] ? __pfx_i2cdev_write+0x10/0x10 [ 94.177697][ T5833] ? __pfx_vfs_writev+0x10/0x10 [ 94.183265][ T5833] ? _raw_spin_unlock_irq+0x23/0x50 [ 94.188604][ T5833] ? _raw_spin_unlock_irq+0x2e/0x50 [ 94.194044][ T5833] ? ptrace_notify+0x22d/0x2c0 [ 94.199027][ T5833] do_writev+0x14d/0x2d0 [ 94.203324][ T5833] ? __pfx_do_writev+0x10/0x10 [ 94.208265][ T5833] do_syscall_64+0xf6/0x210 [ 94.212951][ T5833] ? clear_bhb_loop+0x60/0xb0 [ 94.218025][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.224110][ T5833] RIP: 0033:0x7fa54bca17b9 [ 94.228637][ T5833] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 94.248336][ T5833] RSP: 002b:00007fff3a510bc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 94.256827][ T5833] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa54bca17b9 [ 94.264832][ T5833] RDX: 0000000000000001 RSI: 0000200000000680 RDI: 0000000000000004 [ 94.273133][ T5833] RBP: 00007fa54bd145f0 R08: 00232d6332692f76 R09: 0000000000000006 [ 94.281232][ T5833] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001 [ 94.289317][ T5833] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 94.297408][ T5833] [ 94.300476][ T5833] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 94.307888][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor411 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 94.318326][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 94.328395][ T5833] Call Trace: [ 94.331694][ T5833] [ 94.334654][ T5833] dump_stack_lvl+0x99/0x250 [ 94.339356][ T5833] ? __asan_memcpy+0x40/0x70 [ 94.343984][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.349293][ T5833] ? __pfx__printk+0x10/0x10 [ 94.354064][ T5833] panic+0x2db/0x790 [ 94.358292][ T5833] ? __pfx_panic+0x10/0x10 [ 94.363058][ T5833] __warn+0x31b/0x4b0 [ 94.367116][ T5833] ? usb_submit_urb+0x1112/0x1870 [ 94.372177][ T5833] ? usb_submit_urb+0x1112/0x1870 [ 94.377566][ T5833] report_bug+0x2be/0x4f0 [ 94.382467][ T5833] ? usb_submit_urb+0x1112/0x1870 [ 94.387756][ T5833] ? usb_submit_urb+0x1112/0x1870 [ 94.392815][ T5833] ? usb_submit_urb+0x1114/0x1870 [ 94.397947][ T5833] handle_bug+0x84/0x160 [ 94.402329][ T5833] exc_invalid_op+0x1a/0x50 [ 94.406865][ T5833] asm_exc_invalid_op+0x1a/0x20 [ 94.411750][ T5833] RIP: 0010:usb_submit_urb+0x1112/0x1870 [ 94.417399][ T5833] Code: 0f b6 44 05 00 84 c0 0f 85 38 06 00 00 45 0f b6 04 24 48 c7 c7 a0 87 12 8c 48 8b 74 24 18 4c 89 fa 44 89 f1 e8 df db 6e fa 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 2b f4 ff ff 89 e9 80 [ 94.437133][ T5833] RSP: 0018:ffffc9000440f610 EFLAGS: 00010246 [ 94.445161][ T5833] RAX: eecd5c38d4424c00 RBX: ffff888021eac200 RCX: ffff888033e81e00 [ 94.453456][ T5833] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 94.461721][ T5833] RBP: 1ffff1100435d80c R08: 0000000000000003 R09: 0000000000000004 [ 94.469829][ T5833] R10: dffffc0000000000 R11: fffffbfff1bba984 R12: ffff888021aec060 [ 94.477954][ T5833] R13: dffffc0000000000 R14: 0000000080000280 R15: ffff888028cb5dc0 [ 94.485968][ T5833] usb_start_wait_urb+0x114/0x4c0 [ 94.491192][ T5833] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 94.497554][ T5833] usb_control_msg+0x232/0x3e0 [ 94.502516][ T5833] dtv5100_i2c_msg+0x250/0x330 [ 94.507457][ T5833] dtv5100_i2c_xfer+0x1a4/0x3c0 [ 94.512520][ T5833] __i2c_transfer+0x871/0x2170 [ 94.517427][ T5833] ? i2c_transfer+0x120/0x3a0 [ 94.522218][ T5833] ? __pfx___i2c_transfer+0x10/0x10 [ 94.527773][ T5833] ? rt_mutex_lock_nested+0x172/0x1e0 [ 94.533176][ T5833] ? i2c_transfer+0x120/0x3a0 [ 94.537874][ T5833] i2c_transfer+0x25b/0x3a0 [ 94.542396][ T5833] ? __pfx_i2c_transfer+0x10/0x10 [ 94.547516][ T5833] ? __might_fault+0xb0/0x130 [ 94.552221][ T5833] i2c_transfer_buffer_flags+0x105/0x190 [ 94.557964][ T5833] ? __pfx_i2c_transfer_buffer_flags+0x10/0x10 [ 94.564163][ T5833] ? _copy_from_user+0x94/0xb0 [ 94.568960][ T5833] i2cdev_write+0x112/0x1b0 [ 94.573480][ T5833] vfs_writev+0x4a5/0x9a0 [ 94.578007][ T5833] ? __pfx_i2cdev_write+0x10/0x10 [ 94.583135][ T5833] ? __pfx_vfs_writev+0x10/0x10 [ 94.588019][ T5833] ? _raw_spin_unlock_irq+0x23/0x50 [ 94.593334][ T5833] ? _raw_spin_unlock_irq+0x2e/0x50 [ 94.598545][ T5833] ? ptrace_notify+0x22d/0x2c0 [ 94.603431][ T5833] do_writev+0x14d/0x2d0 [ 94.607699][ T5833] ? __pfx_do_writev+0x10/0x10 [ 94.612487][ T5833] do_syscall_64+0xf6/0x210 [ 94.617007][ T5833] ? clear_bhb_loop+0x60/0xb0 [ 94.621961][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.627863][ T5833] RIP: 0033:0x7fa54bca17b9 [ 94.632294][ T5833] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 94.652182][ T5833] RSP: 002b:00007fff3a510bc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 94.660703][ T5833] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa54bca17b9 [ 94.668692][ T5833] RDX: 0000000000000001 RSI: 0000200000000680 RDI: 0000000000000004 [ 94.676934][ T5833] RBP: 00007fa54bd145f0 R08: 00232d6332692f76 R09: 0000000000000006 [ 94.684931][ T5833] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001 [ 94.692913][ T5833] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 94.700912][ T5833] [ 94.704309][ T5833] Kernel Offset: disabled [ 94.708648][ T5833] Rebooting in 86400 seconds..