./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3874980197
<...>
Warning: Permanently added '10.128.0.69' (ED25519) to the list of known hosts.
execve("./syz-executor3874980197", ["./syz-executor3874980197"], 0x7ffee89c1110 /* 10 vars */) = 0
brk(NULL) = 0x555586a2a000
brk(0x555586a2ad00) = 0x555586a2ad00
arch_prctl(ARCH_SET_FS, 0x555586a2a380) = 0
set_tid_address(0x555586a2a650) = 5822
set_robust_list(0x555586a2a660, 24) = 0
rseq(0x555586a2aca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3874980197", 4096) = 28
getrandom("\x60\x58\x6a\x50\xe3\xd7\x39\x7e", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555586a2ad00
brk(0x555586a4bd00) = 0x555586a4bd00
brk(0x555586a4c000) = 0x555586a4c000
mprotect(0x7fb8df0ad000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586a2a650) = 5823
./strace-static-x86_64: Process 5823 attached
[pid 5823] set_robust_list(0x555586a2a660, 24) = 0
[pid 5823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5823] setpgid(0, 0) = 0
[pid 5823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5823] write(3, "1000", 4) = 4
[pid 5823] close(3) = 0
[pid 5823] write(1, "executing program\n", 18executing program
) = 18
[pid 5823] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 5823] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc8bfa5f50) = 0
[pid 5823] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc8bfa4f40) = 18
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[ 95.793692][ T1892] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc8bfa4f40) = 18
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc8bfa4f40) = 9
[ 95.963483][ T1892] usb 1-1: Using ep0 maxpacket: 16
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc8bfa4f40) = 36
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc8bfa4f40) = 4
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[ 96.023654][ T1892] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 646
[pid 5823] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc8bfa4f40) = 8
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc8bfa4f40) = 8
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc8bfa4f40) = 8
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc8bfa4f40) = 0
[ 96.120004][ T1892] usb 1-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=71.b1
[ 96.129202][ T1892] usb 1-1: New USB device strings: Mfr=156, Product=201, SerialNumber=3
[ 96.138425][ T1892] usb 1-1: Product: syz
[ 96.142647][ T1892] usb 1-1: Manufacturer: syz
[ 96.147485][ T1892] usb 1-1: SerialNumber: syz
[ 96.182921][ T1892] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input5
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f70) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc8bfa4f60) = 8
[pid 5823] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f70) = 0
[pid 5823] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc8bfa4f60) = 8
[ 96.621328][ T5172] ------------[ cut here ]------------
[ 96.627123][ T5172] usb 1-1: BOGUS urb xfer, pipe 1 != type 3
[ 96.634025][ T5172] WARNING: CPU: 0 PID: 5172 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc37/0x1870
[ 96.643692][ T5172] Modules linked in:
[ 96.647725][ T5172] CPU: 0 UID: 0 PID: 5172 Comm: acpid Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full)
[ 96.659028][ T5172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 96.670445][ T5172] RIP: 0010:usb_submit_urb+0xc37/0x1870
[ 96.676094][ T5172] Code: 89 e0 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 73 08 00 00 45 8b 04 24 48 c7 c7 60 17 12 8c 4c 89 f6 4c 89 fa e8 fa 19 6f fa 90 <0f> 0b 90 90 44 0f b6 64 24 48 4c 89 e7 48 c7 c6 70 84 bc 8e e8 30
[ 96.695807][ T5172] RSP: 0018:ffffc900033475d0 EFLAGS: 00010246
[ 96.701950][ T5172] RAX: c0db6ed0ad22df00 RBX: ffff88801b318f00 RCX: ffff88807dd28000
[ 96.710323][ T5172] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[ 96.718391][ T5172] RBP: 0000000000000000 R08: ffff8880b8924293 R09: 1ffff11017124852
[ 96.726691][ T5172] R10: dffffc0000000000 R11: ffffed1017124853 R12: ffffffff8c121548
[ 96.734854][ T5172] R13: dffffc0000000000 R14: ffffffff8c128040 R15: ffff888020a94800
[ 96.742913][ T5172] FS: 00007f6ec8cf4740(0000) GS:ffff8881260c7000(0000) knlGS:0000000000000000
[ 96.752080][ T5172] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 96.758817][ T5172] CR2: 00007fff3c346d68 CR3: 0000000034cfa000 CR4: 00000000003526f0
[ 96.767017][ T5172] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 96.775183][ T5172] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 96.783183][ T5172] Call Trace:
[ 96.786603][ T5172]
[ 96.789633][ T5172] bcm5974_start_traffic+0xd7/0x140
[ 96.794926][ T5172] bcm5974_open+0x92/0x120
[ 96.799385][ T5172] input_open_device+0x1c5/0x360
[ 96.804519][ T5172] mousedev_open_device+0xcc/0x150
[ 96.809685][ T5172] mousedev_open+0x2ef/0x4a0
[ 96.814377][ T5172] chrdev_open+0x4c9/0x5e0
[pid 5823] exit_group(0) = ?
[pid 5823] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5823, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 96.818874][ T5172] ? __pfx_chrdev_open+0x10/0x10
[ 96.823933][ T5172] ? __pfx_chrdev_open+0x10/0x10
[ 96.828934][ T5172] do_dentry_open+0xdf0/0x1970
[ 96.833808][ T5172] vfs_open+0x3b/0x340
[ 96.837894][ T5172] ? path_openat+0x2ecd/0x3830
[ 96.842935][ T5172] path_openat+0x2ee5/0x3830
[ 96.847602][ T5172] ? arch_stack_walk+0xfc/0x150
[ 96.852556][ T5172] ? __pfx_path_openat+0x10/0x10
[ 96.857662][ T5172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 96.865316][ T5172] do_filp_open+0x1fa/0x410
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586a2a650) = 5827
./strace-static-x86_64: Process 5827 attached
[pid 5827] set_robust_list(0x555586a2a660, 24) = 0
[ 96.870278][ T5172] ? __lock_acquire+0xab9/0xd20
[ 96.875609][ T5172] ? __pfx_do_filp_open+0x10/0x10
[ 96.880717][ T5172] ? _raw_spin_unlock+0x28/0x50
[ 96.885694][ T5172] ? alloc_fd+0x64c/0x6c0
[ 96.890449][ T5172] do_sys_openat2+0x121/0x1c0
[ 96.895255][ T5172] ? __pfx_do_sys_openat2+0x10/0x10
[ 96.900492][ T5172] ? ksys_read+0x1e1/0x250
[ 96.905295][ T5172] ? __pfx_ksys_read+0x10/0x10
[ 96.910088][ T5172] ? rcu_is_watching+0x15/0xb0
[ 96.915315][ T5172] __x64_sys_openat+0x138/0x170
[pid 5827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5827] setpgid(0, 0) = 0
[pid 5827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5827] write(3, "1000", 4) = 4
[pid 5827] close(3) = 0
[pid 5827] write(1, "executing program\n", 18executing program
) = 18
[pid 5827] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 5827] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc8bfa5f50) = 0
[pid 5827] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[ 96.920461][ T5172] do_syscall_64+0xfa/0x3b0
[ 96.925220][ T5172] ? lockdep_hardirqs_on+0x9c/0x150
[ 96.931019][ T5172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 96.937175][ T5172] ? clear_bhb_loop+0x60/0xb0
[ 96.944331][ T5172] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 96.950268][ T5172] RIP: 0033:0x7f6ec8d7e407
[pid 5827] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc8bfa5f50) = 0
[ 96.954823][ T5172] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 96.975937][ T5172] RSP: 002b:00007fffd4325150 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 96.984772][ T5172] RAX: ffffffffffffffda RBX: 00007f6ec8cf4740 RCX: 00007f6ec8d7e407
[ 96.992783][ T5172] RDX: 0000000000080800 RSI: 00007fffd4325360 RDI: ffffffffffffff9c
[ 97.000910][ T5172] RBP: 00007fffd4325360 R08: 0000000000000000 R09: 0000000000000000
[ 97.008982][ T5172] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000020
[ 97.017097][ T5172] R13: 00007fffd4325460 R14: 00005629ddbae7fe R15: 00007fffd4325460
[ 97.025180][ T5172]
[ 97.028239][ T5172] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 97.035607][ T5172] CPU: 0 UID: 0 PID: 5172 Comm: acpid Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full)
[ 97.046910][ T5172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 97.056982][ T5172] Call Trace:
[ 97.060271][ T5172]
[ 97.063204][ T5172] dump_stack_lvl+0x99/0x250
[ 97.067812][ T5172] ? __asan_memcpy+0x40/0x70
[ 97.072493][ T5172] ? __pfx_dump_stack_lvl+0x10/0x10
[ 97.077731][ T5172] ? __pfx__printk+0x10/0x10
[ 97.082357][ T5172] panic+0x2db/0x790
[ 97.086281][ T5172] ? __pfx_panic+0x10/0x10
[ 97.090725][ T5172] __warn+0x31b/0x4b0
[ 97.094718][ T5172] ? usb_submit_urb+0xc37/0x1870
[ 97.099674][ T5172] ? usb_submit_urb+0xc37/0x1870
[ 97.104626][ T5172] report_bug+0x2be/0x4f0
[ 97.108961][ T5172] ? usb_submit_urb+0xc37/0x1870
[ 97.113910][ T5172] ? usb_submit_urb+0xc37/0x1870
[ 97.118851][ T5172] ? usb_submit_urb+0xc39/0x1870
[ 97.123792][ T5172] handle_bug+0x84/0x160
[ 97.128049][ T5172] exc_invalid_op+0x1a/0x50
[ 97.132570][ T5172] asm_exc_invalid_op+0x1a/0x20
[ 97.138008][ T5172] RIP: 0010:usb_submit_urb+0xc37/0x1870
[ 97.143575][ T5172] Code: 89 e0 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 73 08 00 00 45 8b 04 24 48 c7 c7 60 17 12 8c 4c 89 f6 4c 89 fa e8 fa 19 6f fa 90 <0f> 0b 90 90 44 0f b6 64 24 48 4c 89 e7 48 c7 c6 70 84 bc 8e e8 30
[ 97.163295][ T5172] RSP: 0018:ffffc900033475d0 EFLAGS: 00010246
[ 97.169479][ T5172] RAX: c0db6ed0ad22df00 RBX: ffff88801b318f00 RCX: ffff88807dd28000
[ 97.177579][ T5172] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[ 97.185658][ T5172] RBP: 0000000000000000 R08: ffff8880b8924293 R09: 1ffff11017124852
[ 97.193682][ T5172] R10: dffffc0000000000 R11: ffffed1017124853 R12: ffffffff8c121548
[ 97.202291][ T5172] R13: dffffc0000000000 R14: ffffffff8c128040 R15: ffff888020a94800
[ 97.210435][ T5172] bcm5974_start_traffic+0xd7/0x140
[ 97.215748][ T5172] bcm5974_open+0x92/0x120
[ 97.220275][ T5172] input_open_device+0x1c5/0x360
[ 97.225233][ T5172] mousedev_open_device+0xcc/0x150
[ 97.230367][ T5172] mousedev_open+0x2ef/0x4a0
[ 97.234987][ T5172] chrdev_open+0x4c9/0x5e0
[ 97.239432][ T5172] ? __pfx_chrdev_open+0x10/0x10
[ 97.244398][ T5172] ? __pfx_chrdev_open+0x10/0x10
[ 97.249372][ T5172] do_dentry_open+0xdf0/0x1970
[ 97.254172][ T5172] vfs_open+0x3b/0x340
[ 97.258245][ T5172] ? path_openat+0x2ecd/0x3830
[ 97.263036][ T5172] path_openat+0x2ee5/0x3830
[ 97.267641][ T5172] ? arch_stack_walk+0xfc/0x150
[ 97.272628][ T5172] ? __pfx_path_openat+0x10/0x10
[ 97.277577][ T5172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 97.283759][ T5172] do_filp_open+0x1fa/0x410
[ 97.288370][ T5172] ? __lock_acquire+0xab9/0xd20
[ 97.293240][ T5172] ? __pfx_do_filp_open+0x10/0x10
[ 97.298319][ T5172] ? _raw_spin_unlock+0x28/0x50
[ 97.303190][ T5172] ? alloc_fd+0x64c/0x6c0
[ 97.307551][ T5172] do_sys_openat2+0x121/0x1c0
[ 97.312244][ T5172] ? __pfx_do_sys_openat2+0x10/0x10
[ 97.317461][ T5172] ? ksys_read+0x1e1/0x250
[ 97.321928][ T5172] ? __pfx_ksys_read+0x10/0x10
[ 97.326766][ T5172] ? rcu_is_watching+0x15/0xb0
[ 97.331578][ T5172] __x64_sys_openat+0x138/0x170
[ 97.336490][ T5172] do_syscall_64+0xfa/0x3b0
[ 97.341054][ T5172] ? lockdep_hardirqs_on+0x9c/0x150
[ 97.346286][ T5172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 97.352470][ T5172] ? clear_bhb_loop+0x60/0xb0
[ 97.357176][ T5172] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 97.363186][ T5172] RIP: 0033:0x7f6ec8d7e407
[ 97.367629][ T5172] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 97.387364][ T5172] RSP: 002b:00007fffd4325150 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 97.395907][ T5172] RAX: ffffffffffffffda RBX: 00007f6ec8cf4740 RCX: 00007f6ec8d7e407
[ 97.403909][ T5172] RDX: 0000000000080800 RSI: 00007fffd4325360 RDI: ffffffffffffff9c
[ 97.411903][ T5172] RBP: 00007fffd4325360 R08: 0000000000000000 R09: 0000000000000000
[ 97.419893][ T5172] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000020
[ 97.428040][ T5172] R13: 00007fffd4325460 R14: 00005629ddbae7fe R15: 00007fffd4325460
[ 97.438347][ T5172]
[ 97.442290][ T5172] Kernel Offset: disabled
[ 97.446634][ T5172] Rebooting in 86400 seconds..