./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2244513440 <...> Warning: Permanently added '10.128.0.127' (ED25519) to the list of known hosts. execve("./syz-executor2244513440", ["./syz-executor2244513440"], 0x7ffdc67756c0 /* 10 vars */) = 0 brk(NULL) = 0x55558b5e6000 brk(0x55558b5e6d00) = 0x55558b5e6d00 arch_prctl(ARCH_SET_FS, 0x55558b5e6380) = 0 set_tid_address(0x55558b5e6650) = 5855 set_robust_list(0x55558b5e6660, 24) = 0 rseq(0x55558b5e6ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2244513440", 4096) = 28 getrandom("\x35\xa2\x7a\xe7\x1f\x94\x1b\x97", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558b5e6d00 brk(0x55558b607d00) = 0x55558b607d00 brk(0x55558b608000) = 0x55558b608000 mprotect(0x7f2a917fc000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558b5e6650) = 5856 ./strace-static-x86_64: Process 5856 attached [pid 5855] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5856] set_robust_list(0x55558b5e6660, 24) = 0 [pid 5856] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5857 attached [pid 5855] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5857 [pid 5857] set_robust_list(0x55558b5e6660, 24./strace-static-x86_64: Process 5858 attached [pid 5855] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5858] set_robust_list(0x55558b5e6660, 24 [pid 5857] <... set_robust_list resumed>) = 0 [pid 5856] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5858 [pid 5858] <... set_robust_list resumed>) = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5857] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5858] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5859 attached [pid 5858] setpgid(0, 0./strace-static-x86_64: Process 5860 attached [pid 5855] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5859 [pid 5859] set_robust_list(0x55558b5e6660, 24 [pid 5858] <... setpgid resumed>) = 0 [pid 5859] <... set_robust_list resumed>) = 0 [pid 5857] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5860 [pid 5855] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5860] set_robust_list(0x55558b5e6660, 24./strace-static-x86_64: Process 5861 attached [pid 5859] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5861] set_robust_list(0x55558b5e6660, 24 [pid 5860] <... set_robust_list resumed>) = 0 [pid 5858] <... openat resumed>) = 3 [pid 5861] <... set_robust_list resumed>) = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5855] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5861 [pid 5861] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5860] <... prctl resumed>) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5858] write(3, "1000", 4./strace-static-x86_64: Process 5862 attached [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5858] <... write resumed>) = 4 [pid 5858] close(3) = 0 [pid 5860] <... openat resumed>) = 3 [pid 5858] write(1, "executing program\n", 18./strace-static-x86_64: Process 5863 attached executing program [pid 5863] set_robust_list(0x55558b5e6660, 24 [pid 5858] <... write resumed>) = 18 [pid 5863] <... set_robust_list resumed>) = 0 [pid 5858] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5860] write(3, "1000", 4 [pid 5863] <... prctl resumed>) = 0 [pid 5862] set_robust_list(0x55558b5e6660, 24 [pid 5861] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5863 [pid 5860] <... write resumed>) = 4 [pid 5859] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5862 [pid 5863] setpgid(0, 0 [pid 5862] <... set_robust_list resumed>) = 0 [pid 5858] <... openat resumed>) = 3 [pid 5863] <... setpgid resumed>) = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5860] close(3 [pid 5862] <... prctl resumed>) = 0 [pid 5860] <... close resumed>) = 0 [pid 5858] ioctl(3, USB_RAW_IOCTL_INIT [pid 5862] setpgid(0, 0 [pid 5860] write(1, "executing program\n", 18 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC executing program [pid 5862] <... setpgid resumed>) = 0 [pid 5863] <... openat resumed>) = 3 [pid 5860] <... write resumed>) = 18 [pid 5858] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5863] write(3, "1000", 4 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5860] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5863] <... write resumed>) = 4 [pid 5862] <... openat resumed>) = 3 [pid 5858] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5863] close(3 [pid 5862] write(3, "1000", 4 [pid 5860] <... openat resumed>) = 3 [pid 5863] <... close resumed>) = 0 [pid 5862] <... write resumed>) = 4 [pid 5862] close(3) = 0 executing program executing program [pid 5862] write(1, "executing program\n", 18 [pid 5863] write(1, "executing program\n", 18 [pid 5862] <... write resumed>) = 18 [pid 5860] ioctl(3, USB_RAW_IOCTL_INIT [pid 5858] <... ioctl resumed>, 0) = 0 [pid 5863] <... write resumed>) = 18 [pid 5863] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5862] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5860] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] ioctl(3, USB_RAW_IOCTL_INIT [pid 5860] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5863] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5862] <... openat resumed>) = 3 [pid 5858] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5862] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffca168c630) = 0 [pid 5863] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5860] <... ioctl resumed>, 0) = 0 [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5862] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5863] <... ioctl resumed>, 0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5860] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5862] <... ioctl resumed>, 0) = 0 [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5858] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5860] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5862] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5858] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5860] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5862] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5858] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5858] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5860] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5858] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5860] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5860] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5862] <... ioctl resumed>, 0x7ffca168c630) = 0 [ 92.149509][ T44] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 92.159518][ T24] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 92.189208][ T1220] usb 3-1: new high-speed USB device number 2 using dummy_hcd [pid 5862] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5858] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5860] <... ioctl resumed>, 0x7ffca168c630) = 0 [ 92.190022][ T5864] usb 4-1: new high-speed USB device number 2 using dummy_hcd [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5862] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5858] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5858] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5858] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 9 [pid 5860] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5860] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5860] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5858] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5858] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5860] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5858] <... ioctl resumed>, 0x7ffca168b620) = 27 [pid 5860] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5860] <... ioctl resumed>, 0x7ffca168b620) = 9 [ 92.309197][ T44] usb 1-1: Using ep0 maxpacket: 32 [ 92.319158][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 92.337846][ T44] usb 1-1: config 0 has an invalid interface number: 132 but max is 0 [ 92.346481][ T44] usb 1-1: config 0 has no interface number 0 [ 92.353268][ T5864] usb 4-1: Using ep0 maxpacket: 32 [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5860] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5858] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5860] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 27 [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5862] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5858] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5862] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5863] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5858] <... ioctl resumed>, 0x7ffca168b620) = 4 [pid 5862] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5862] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5862] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5858] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5862] <... ioctl resumed>, 0x7ffca168b620) = 9 [pid 5858] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 92.359103][ T44] usb 1-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 92.359438][ T1220] usb 3-1: Using ep0 maxpacket: 32 [ 92.376681][ T24] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 92.385324][ T24] usb 2-1: config 0 has no interface number 0 [ 92.393249][ T24] usb 2-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [pid 5862] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5863] <... ioctl resumed>, 0x7ffca168b620) = 9 [pid 5860] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5858] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5862] <... ioctl resumed>, 0x7ffca168b620) = 27 [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5858] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5858] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5860] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5858] <... ioctl resumed>, 0x7ffca168b620) = 8 [ 92.410348][ T1220] usb 3-1: config 0 has an invalid interface number: 132 but max is 0 [ 92.417055][ T44] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 92.418896][ T1220] usb 3-1: config 0 has no interface number 0 [ 92.430868][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.434707][ T1220] usb 3-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 92.443585][ T44] usb 1-1: Product: syz [pid 5858] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5862] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5860] <... ioctl resumed>, 0x7ffca168b620) = 4 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5862] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5862] <... ioctl resumed>, 0x7ffca168b620) = 4 [pid 5860] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5860] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5862] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5862] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5863] <... ioctl resumed>, 0x7ffca168b620) = 27 [pid 5862] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5862] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5862] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5860] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5862] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5862] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 92.457132][ T5864] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 92.459961][ T1220] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 92.466273][ T5864] usb 4-1: config 0 has no interface number 0 [ 92.478516][ T1220] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.481713][ T44] usb 1-1: Manufacturer: syz [ 92.494218][ T1220] usb 3-1: Product: syz [ 92.495133][ T5864] usb 4-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [pid 5860] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5860] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5860] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... ioctl resumed>, 0x7ffca168c630) = 0 [ 92.499705][ T1220] usb 3-1: Manufacturer: syz [ 92.509689][ T44] usb 1-1: SerialNumber: syz [ 92.515409][ T1220] usb 3-1: SerialNumber: syz [ 92.527018][ T24] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 92.537494][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.549337][ T44] usb 1-1: config 0 descriptor?? [ 92.551481][ T1220] usb 3-1: config 0 descriptor?? [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 4 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5858] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5858] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 5862] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5858] <... ioctl resumed>, 0x2) = 0 [pid 5863] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5862] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5862] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5862] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5858] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 5862] <... ioctl resumed>, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [pid 5862] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 5863] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5862] <... ioctl resumed>, 0x7ffca168b620) = 0 [pid 5858] <... ioctl resumed>, 0) = 0 [ 92.555111][ T24] usb 2-1: Product: syz [ 92.574611][ T5862] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 92.577467][ T24] usb 2-1: Manufacturer: syz [ 92.588415][ T24] usb 2-1: SerialNumber: syz [ 92.599217][ T24] usb 2-1: config 0 descriptor?? [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5860] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5858] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5860] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5863] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5860] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5860] <... ioctl resumed>, 0) = 0 [pid 5863] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5860] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5858] <... ioctl resumed>, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5860] <... ioctl resumed>, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [pid 5858] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 5860] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 5858] <... ioctl resumed>, 0x7ffca168b620) = 0 [pid 5863] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5860] <... ioctl resumed>, 0x7ffca168b620) = 0 [ 92.612884][ T1220] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 92.623562][ T5858] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 92.633526][ T1220] em28xx 3-1:0.132: Video interface 132 found: bulk [ 92.638243][ T5860] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 92.652019][ T5864] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 92.668482][ T44] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 92.681891][ T24] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 92.691770][ T5864] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.699867][ T5864] usb 4-1: Product: syz [ 92.704199][ T5864] usb 4-1: Manufacturer: syz [ 92.708906][ T5864] usb 4-1: SerialNumber: syz [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffca168b620) = 0 [ 92.713690][ T24] em28xx 2-1:0.132: Video interface 132 found: bulk [ 92.720621][ T44] em28xx 1-1:0.132: Video interface 132 found: bulk [ 92.732332][ T5864] usb 4-1: config 0 descriptor?? [ 92.745029][ T5863] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 92.769283][ T5864] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 92.779200][ T5864] em28xx 4-1:0.132: Video interface 132 found: bulk [pid 5862] exit_group(0) = ? [pid 5862] +++ exited with 0 +++ [pid 5858] exit_group(0 [pid 5859] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5860] exit_group(0 [pid 5859] restart_syscall(<... resuming interrupted clone ...> [pid 5860] <... exit_group resumed>) = ? [pid 5859] <... restart_syscall resumed>) = 0 [pid 5858] <... exit_group resumed>) = ? [pid 5860] +++ exited with 0 +++ [pid 5859] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5876 attached [pid 5857] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5857] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5857] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5876] set_robust_list(0x55558b5e6660, 24./strace-static-x86_64: Process 5877 attached [pid 5859] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5876 [pid 5858] +++ exited with 0 +++ [pid 5876] <... set_robust_list resumed>) = 0 [pid 5856] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5856] restart_syscall(<... resuming interrupted clone ...> [pid 5876] <... prctl resumed>) = 0 [pid 5877] set_robust_list(0x55558b5e6660, 24 [pid 5876] setpgid(0, 0 [pid 5877] <... set_robust_list resumed>) = 0 [pid 5876] <... setpgid resumed>) = 0 [pid 5856] <... restart_syscall resumed>) = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5877 [pid 5856] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5877] <... prctl resumed>) = 0 [pid 5876] write(3, "1000", 4 [pid 5877] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 5879 attached [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5876] <... write resumed>) = 4 [pid 5877] <... openat resumed>) = 3 [pid 5879] set_robust_list(0x55558b5e6660, 24 [pid 5876] close(3 [pid 5856] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5879 [pid 5879] <... set_robust_list resumed>) = 0 [pid 5876] <... close resumed>) = 0 executing program [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5877] write(3, "1000", 4 [pid 5876] write(1, "executing program\n", 18 [pid 5879] <... prctl resumed>) = 0 [pid 5877] <... write resumed>) = 4 [pid 5876] <... write resumed>) = 18 [pid 5879] setpgid(0, 0 [pid 5877] close(3 [pid 5876] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5879] <... setpgid resumed>) = 0 [pid 5877] <... close resumed>) = 0 [pid 5876] <... openat resumed>) = 3 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5877] write(1, "executing program\n", 18executing program [pid 5876] ioctl(3, USB_RAW_IOCTL_INIT [pid 5879] <... openat resumed>) = 3 [pid 5877] <... write resumed>) = 18 [pid 5876] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] write(3, "1000", 4 [pid 5876] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5879] <... write resumed>) = 4 [pid 5877] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5876] <... ioctl resumed>, 0) = 0 [pid 5879] close(3 [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCHexecuting program [pid 5879] <... close resumed>) = 0 [pid 5877] <... openat resumed>) = 3 [pid 5876] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] write(1, "executing program\n", 18 [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5879] <... write resumed>) = 18 [pid 5879] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5879] ioctl(3, USB_RAW_IOCTL_INIT [pid 5877] ioctl(3, USB_RAW_IOCTL_INIT [pid 5879] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5877] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5877] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5879] <... ioctl resumed>, 0) = 0 [pid 5877] <... ioctl resumed>, 0) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5879] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5877] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5863] exit_group(0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5863] <... exit_group resumed>) = ? [pid 5863] +++ exited with 0 +++ [pid 5861] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5861] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 92.904169][ T1220] em28xx 3-1:0.132: unknown em28xx chip ID (0) [ 92.929612][ T24] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 92.939629][ T44] em28xx 1-1:0.132: unknown em28xx chip ID (0) [pid 5861] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5880 attached , child_tidptr=0x55558b5e6650) = 5880 [pid 5880] set_robust_list(0x55558b5e6660, 24) = 0 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5880] setpgid(0, 0) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3executing program ) = 0 [pid 5880] write(1, "executing program\n", 18) = 18 [ 92.984739][ T1220] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 92.995646][ T1220] em28xx 3-1:0.132: board has no eeprom [ 93.007540][ T24] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 93.020507][ T44] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 93.029341][ T24] em28xx 2-1:0.132: board has no eeprom [pid 5880] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5880] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffca168c630) = 0 [pid 5880] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 93.036176][ T44] em28xx 1-1:0.132: board has no eeprom [ 93.042006][ T5864] em28xx 4-1:0.132: unknown em28xx chip ID (0) [ 93.069241][ T1220] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 93.077286][ T1220] em28xx 3-1:0.132: analog set to bulk mode. [ 93.084234][ T10] em28xx 3-1:0.132: Registering V4L2 extension [ 93.105916][ T1220] usb 3-1: USB disconnect, device number 2 [ 93.109175][ T24] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 93.120436][ T44] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 93.121021][ T1220] em28xx 3-1:0.132: Disconnecting em28xx [ 93.128499][ T44] em28xx 1-1:0.132: analog set to bulk mode. [ 93.144432][ T24] em28xx 2-1:0.132: analog set to bulk mode. [ 93.151262][ T5864] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 93.164747][ T5864] em28xx 4-1:0.132: board has no eeprom [ 93.180845][ T24] usb 2-1: USB disconnect, device number 2 [ 93.193003][ T24] em28xx 2-1:0.132: Disconnecting em28xx [ 93.203222][ T44] usb 1-1: USB disconnect, device number 2 [ 93.218715][ T44] em28xx 1-1:0.132: Disconnecting em28xx [ 93.259109][ T5864] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 93.267023][ T5864] em28xx 4-1:0.132: analog set to bulk mode. [ 93.275650][ T10] em28xx 3-1:0.132: Config register raw data: 0xffffffed [ 93.284796][ T10] em28xx 3-1:0.132: AC97 chip type couldn't be determined [ 93.288367][ T5864] usb 4-1: USB disconnect, device number 2 [ 93.294299][ T10] em28xx 3-1:0.132: No AC97 audio processor [ 93.307191][ T5864] em28xx 4-1:0.132: Disconnecting em28xx [ 93.317365][ T10] usb 3-1: Decoder not found [ 93.322564][ T10] em28xx 3-1:0.132: failed to create media graph [ 93.329267][ T10] em28xx 3-1:0.132: V4L2 device video103 deregistered [ 93.339386][ T10] em28xx 3-1:0.132: Remote control support is not available for this card. [ 93.348803][ T5868] em28xx 2-1:0.132: Registering V4L2 extension [ 93.446860][ T5868] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 93.454067][ T5868] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 93.463961][ T5868] em28xx 2-1:0.132: No AC97 audio processor [ 93.475144][ T5868] usb 2-1: Decoder not found [ 93.479865][ T5868] em28xx 2-1:0.132: failed to create media graph [ 93.486352][ T5868] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 93.494623][ T5868] em28xx 2-1:0.132: Remote control support is not available for this card. [ 93.503700][ T5884] em28xx 1-1:0.132: Registering V4L2 extension [ 93.596092][ T5884] em28xx 1-1:0.132: Config register raw data: 0xffffffed [ 93.607424][ T5884] em28xx 1-1:0.132: AC97 chip type couldn't be determined [ 93.617957][ T5884] em28xx 1-1:0.132: No AC97 audio processor [ 93.625960][ T5884] usb 1-1: Decoder not found [ 93.630990][ T5884] em28xx 1-1:0.132: failed to create media graph [ 93.637461][ T5884] em28xx 1-1:0.132: V4L2 device video103 deregistered [ 93.646615][ T5884] em28xx 1-1:0.132: Remote control support is not available for this card. [ 93.655362][ T5886] em28xx 4-1:0.132: Registering V4L2 extension [ 93.748858][ T5886] em28xx 4-1:0.132: Config register raw data: 0xffffffed [ 93.757318][ T5886] em28xx 4-1:0.132: AC97 chip type couldn't be determined [ 93.764946][ T5886] em28xx 4-1:0.132: No AC97 audio processor [ 93.772319][ T5886] usb 4-1: Decoder not found [ 93.776960][ T5886] em28xx 4-1:0.132: failed to create media graph [ 93.783399][ T5886] em28xx 4-1:0.132: V4L2 device video103 deregistered [ 93.794681][ T5886] em28xx 4-1:0.132: Remote control support is not available for this card. [ 93.803496][ T5864] em28xx 4-1:0.132: Closing input extension [ 93.809784][ T1220] em28xx 3-1:0.132: Closing input extension [ 93.816742][ T24] em28xx 2-1:0.132: Closing input extension [ 93.824376][ T44] em28xx 1-1:0.132: Closing input extension [ 93.830784][ T5864] em28xx 4-1:0.132: Freeing device [ 93.831162][ T1220] em28xx 3-1:0.132: Freeing device [ 93.858279][ T44] em28xx 1-1:0.132: Freeing device [ 93.863642][ T24] em28xx 2-1:0.132: Freeing device [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5877] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5876] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5879] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5880] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5877] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5876] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5879] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5880] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5876] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5876] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5880] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5879] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5877] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5877] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5877] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5879] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5877] <... ioctl resumed>, 0x7ffca168c630) = 0 [ 94.169107][ T5864] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 94.179102][ T1220] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 94.179189][ T24] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 94.196852][ T44] usb 1-1: new high-speed USB device number 3 using dummy_hcd [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5876] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5877] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5880] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5879] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5876] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5876] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5877] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5880] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5880] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5879] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5877] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5876] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5880] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5879] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5877] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5876] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5880] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5877] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5880] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5879] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5876] <... ioctl resumed>, 0x7ffca168b620) = 9 [pid 5880] <... ioctl resumed>, 0x7ffca168b620) = 9 [pid 5879] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5877] <... ioctl resumed>, 0x7ffca168b620) = 9 [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5879] <... ioctl resumed>, 0x7ffca168b620) = 9 [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5880] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5877] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5876] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5880] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5879] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5876] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5879] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5880] <... ioctl resumed>, 0x7ffca168b620) = 27 [pid 5879] <... ioctl resumed>, 0x7ffca168b620) = 27 [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 94.339237][ T1220] usb 3-1: Using ep0 maxpacket: 32 [ 94.359228][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 94.364867][ T5864] usb 4-1: Using ep0 maxpacket: 32 [ 94.370146][ T44] usb 1-1: Using ep0 maxpacket: 32 [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5877] <... ioctl resumed>, 0x7ffca168b620) = 27 [pid 5876] <... ioctl resumed>, 0x7ffca168b620) = 27 [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 94.395499][ T44] usb 1-1: config 0 has an invalid interface number: 132 but max is 0 [ 94.397871][ T1220] usb 3-1: config 0 has an invalid interface number: 132 but max is 0 [ 94.404102][ T24] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 94.413104][ T1220] usb 3-1: config 0 has no interface number 0 [ 94.421091][ T5864] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 94.430400][ T1220] usb 3-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5876] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5876] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 4 [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5876] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5876] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 94.436248][ T44] usb 1-1: config 0 has no interface number 0 [ 94.451565][ T5864] usb 4-1: config 0 has no interface number 0 [ 94.457717][ T5864] usb 4-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 94.469357][ T24] usb 2-1: config 0 has no interface number 0 [ 94.475765][ T24] usb 2-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [pid 5876] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5876] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5880] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5877] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 4 [pid 5880] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5879] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5880] <... ioctl resumed>, 0x7ffca168b620) = 4 [pid 5877] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5877] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5879] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5877] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5877] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5880] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5880] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5879] <... ioctl resumed>, 0x7ffca168b620) = 4 [pid 5880] <... ioctl resumed>, 0x7ffca168c630) = 0 [ 94.486472][ T44] usb 1-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 94.494609][ T1220] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 94.505993][ T1220] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.513256][ T24] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 94.514353][ T1220] usb 3-1: Product: syz [ 94.524706][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.527690][ T1220] usb 3-1: Manufacturer: syz [ 94.539776][ T24] usb 2-1: Product: syz [pid 5880] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5879] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5880] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5880] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5879] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5880] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5880] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5876] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5876] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5876] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5876] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5879] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [ 94.540477][ T1220] usb 3-1: SerialNumber: syz [ 94.553100][ T5864] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 94.554375][ T1220] usb 3-1: config 0 descriptor?? [ 94.564029][ T24] usb 2-1: Manufacturer: syz [ 94.573429][ T5864] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.577720][ T5876] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 94.583197][ T24] usb 2-1: SerialNumber: syz [pid 5879] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5876] <... ioctl resumed>, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [pid 5876] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffca168b620) = 0 [ 94.594260][ T44] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 94.604242][ T5864] usb 4-1: Product: syz [ 94.609384][ T5864] usb 4-1: Manufacturer: syz [ 94.612476][ T1220] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 94.614010][ T5864] usb 4-1: SerialNumber: syz [ 94.625343][ T1220] em28xx 3-1:0.132: Video interface 132 found: bulk [ 94.628775][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [pid 5877] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5880] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5880] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5880] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5880] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5877] <... ioctl resumed>, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [ 94.646300][ T24] usb 2-1: config 0 descriptor?? [ 94.653257][ T44] usb 1-1: Product: syz [ 94.658928][ T44] usb 1-1: Manufacturer: syz [ 94.664876][ T5864] usb 4-1: config 0 descriptor?? [ 94.670802][ T44] usb 1-1: SerialNumber: syz [ 94.679294][ T5877] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 94.682806][ T5880] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [pid 5880] <... ioctl resumed>, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [pid 5879] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5877] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 5880] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 5879] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5877] <... ioctl resumed>, 0x7ffca168b620) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [pid 5880] <... ioctl resumed>, 0x7ffca168b620) = 0 [pid 5879] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffca168b620) = 0 [ 94.691164][ T44] usb 1-1: config 0 descriptor?? [ 94.713452][ T5879] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 94.716009][ T5864] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 94.735985][ T24] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 94.749466][ T44] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 94.759321][ T24] em28xx 2-1:0.132: Video interface 132 found: bulk [ 94.766106][ T5864] em28xx 4-1:0.132: Video interface 132 found: bulk [ 94.773129][ T44] em28xx 1-1:0.132: Video interface 132 found: bulk [pid 5876] exit_group(0) = ? [pid 5876] +++ exited with 0 +++ [pid 5859] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5859] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5859] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached , child_tidptr=0x55558b5e6650) = 5904 [pid 5904] set_robust_list(0x55558b5e6660, 24) = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0) = 0 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 executing program [pid 5904] write(1, "executing program\n", 18) = 18 [pid 5904] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 5877] exit_group(0) = ? [pid 5904] <... openat resumed>) = 3 [pid 5904] ioctl(3, USB_RAW_IOCTL_INIT [pid 5877] +++ exited with 0 +++ [pid 5904] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5880] exit_group(0 [pid 5879] exit_group(0 [pid 5904] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5880] <... exit_group resumed>) = ? [pid 5857] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5857] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5905 attached [pid 5904] <... ioctl resumed>, 0) = 0 [pid 5879] <... exit_group resumed>) = ? [pid 5905] set_robust_list(0x55558b5e6660, 24) = 0 [pid 5857] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5905 [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5880] +++ exited with 0 +++ [pid 5905] <... prctl resumed>) = 0 [pid 5905] setpgid(0, 0) = 0 [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5861] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5904] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5861] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5905] write(3, "1000", 4) = 4 executing program [pid 5861] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5905] close(3) = 0 [pid 5905] write(1, "executing program\n", 18) = 18 [ 94.899708][ T1220] em28xx 3-1:0.132: unknown em28xx chip ID (0) [pid 5905] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR./strace-static-x86_64: Process 5906 attached ) = 3 [pid 5879] +++ exited with 0 +++ [pid 5861] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5906 [pid 5906] set_robust_list(0x55558b5e6660, 24 [pid 5856] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5906] <... set_robust_list resumed>) = 0 [pid 5905] ioctl(3, USB_RAW_IOCTL_INIT [pid 5856] restart_syscall(<... resuming interrupted clone ...> [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5905] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5856] <... restart_syscall resumed>) = 0 [pid 5905] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5906] <... prctl resumed>) = 0 [pid 5905] <... ioctl resumed>, 0) = 0 [pid 5906] setpgid(0, 0 [pid 5856] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH./strace-static-x86_64: Process 5907 attached [pid 5906] <... setpgid resumed>) = 0 [pid 5905] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5907] set_robust_list(0x55558b5e6660, 24 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5907] <... set_robust_list resumed>) = 0 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5906] <... openat resumed>) = 3 [pid 5907] <... prctl resumed>) = 0 [pid 5907] setpgid(0, 0) = 0 executing program [pid 5906] write(3, "1000", 4 [pid 5856] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5907 [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5906] <... write resumed>) = 4 [pid 5907] <... openat resumed>) = 3 [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] write(1, "executing program\n", 18) = 18 [pid 5907] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5906] close(3 [pid 5907] ioctl(3, USB_RAW_IOCTL_INIT [pid 5906] <... close resumed>) = 0 [pid 5907] <... ioctl resumed>, 0x7ffca168c630) = 0 executing program [pid 5906] write(1, "executing program\n", 18) = 18 [pid 5907] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5906] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5907] <... ioctl resumed>, 0) = 0 [pid 5906] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffca168c630) = 0 [pid 5906] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5907] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 94.967285][ T1220] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 94.978370][ T1220] em28xx 3-1:0.132: board has no eeprom [ 94.992895][ T24] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 94.999792][ T5864] em28xx 4-1:0.132: unknown em28xx chip ID (0) [ 95.010512][ T44] em28xx 1-1:0.132: unknown em28xx chip ID (0) [ 95.039121][ T1220] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 95.046973][ T1220] em28xx 3-1:0.132: analog set to bulk mode. [ 95.053992][ T10] em28xx 3-1:0.132: Registering V4L2 extension [ 95.072914][ T1220] usb 3-1: USB disconnect, device number 3 [ 95.087834][ T44] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 95.090037][ T1220] em28xx 3-1:0.132: Disconnecting em28xx [ 95.096797][ T24] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 95.113631][ T44] em28xx 1-1:0.132: board has no eeprom [ 95.121696][ T5864] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 95.132944][ T24] em28xx 2-1:0.132: board has no eeprom [ 95.139864][ T5864] em28xx 4-1:0.132: board has no eeprom [ 95.192592][ T10] em28xx 3-1:0.132: Config register raw data: 0xffffffed [ 95.199771][ T10] em28xx 3-1:0.132: AC97 chip type couldn't be determined [ 95.206907][ T10] em28xx 3-1:0.132: No AC97 audio processor [ 95.209350][ T44] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 95.216339][ T10] usb 3-1: Decoder not found [ 95.220911][ T24] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 95.225400][ T10] em28xx 3-1:0.132: failed to create media graph [ 95.233267][ T5864] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 95.240341][ T10] em28xx 3-1:0.132: V4L2 device video103 deregistered [ 95.247886][ T44] em28xx 1-1:0.132: analog set to bulk mode. [ 95.261763][ T24] em28xx 2-1:0.132: analog set to bulk mode. [ 95.266946][ T10] em28xx 3-1:0.132: Remote control support is not available for this card. [ 95.271539][ T5864] em28xx 4-1:0.132: analog set to bulk mode. [ 95.277782][ T1220] em28xx 3-1:0.132: Closing input extension [ 95.289412][ T5886] em28xx 2-1:0.132: Registering V4L2 extension [ 95.296152][ T1220] em28xx 3-1:0.132: Freeing device [ 95.324355][ T24] usb 2-1: USB disconnect, device number 3 [ 95.330762][ T5864] usb 4-1: USB disconnect, device number 3 [ 95.340778][ T24] em28xx 2-1:0.132: Disconnecting em28xx [ 95.358697][ T5864] em28xx 4-1:0.132: Disconnecting em28xx [ 95.380057][ T44] usb 1-1: USB disconnect, device number 3 [ 95.399413][ T44] em28xx 1-1:0.132: Disconnecting em28xx [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5904] <... ioctl resumed>, 0x7ffca168c630) = 0 [ 95.501696][ T5886] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 95.508911][ T5886] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 95.516866][ T5886] em28xx 2-1:0.132: No AC97 audio processor [ 95.525374][ T5886] usb 2-1: Decoder not found [ 95.531195][ T5886] em28xx 2-1:0.132: failed to create media graph [ 95.537553][ T5886] em28xx 2-1:0.132: V4L2 device video103 deregistered [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 95.547979][ T5886] em28xx 2-1:0.132: Remote control support is not available for this card. [ 95.556709][ T5884] em28xx 1-1:0.132: Registering V4L2 extension [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5904] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 95.649193][ T1220] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 95.656005][ T5884] em28xx 1-1:0.132: Config register raw data: 0xffffffed [ 95.664282][ T5884] em28xx 1-1:0.132: AC97 chip type couldn't be determined [ 95.672948][ T5884] em28xx 1-1:0.132: No AC97 audio processor [ 95.680476][ T5884] usb 1-1: Decoder not found [ 95.685118][ T5884] em28xx 1-1:0.132: failed to create media graph [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 95.694169][ T5884] em28xx 1-1:0.132: V4L2 device video103 deregistered [ 95.702478][ T5884] em28xx 1-1:0.132: Remote control support is not available for this card. [ 95.711213][ T5868] em28xx 4-1:0.132: Registering V4L2 extension [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5904] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5904] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 9 [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5904] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 27 [ 95.808198][ T5868] em28xx 4-1:0.132: Config register raw data: 0xffffffed [ 95.809261][ T1220] usb 3-1: Using ep0 maxpacket: 32 [ 95.817610][ T5868] em28xx 4-1:0.132: AC97 chip type couldn't be determined [ 95.827869][ T5868] em28xx 4-1:0.132: No AC97 audio processor [ 95.836745][ T5868] usb 4-1: Decoder not found [ 95.841348][ T1220] usb 3-1: config 0 has an invalid interface number: 132 but max is 0 [ 95.842749][ T5868] em28xx 4-1:0.132: failed to create media graph [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5904] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 4 [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5904] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5904] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5904] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [ 95.852402][ T1220] usb 3-1: config 0 has no interface number 0 [ 95.857237][ T5868] em28xx 4-1:0.132: V4L2 device video103 deregistered [ 95.869563][ T1220] usb 3-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 95.878883][ T1220] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 95.888617][ T5868] em28xx 4-1:0.132: Remote control support is not available for this card. [ 95.900138][ T1220] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [pid 5904] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5904] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [ 95.903095][ T24] em28xx 2-1:0.132: Closing input extension [ 95.908174][ T1220] usb 3-1: Product: syz [ 95.914842][ T44] em28xx 1-1:0.132: Closing input extension [ 95.919849][ T1220] usb 3-1: Manufacturer: syz [ 95.929389][ T1220] usb 3-1: SerialNumber: syz [ 95.931802][ T24] em28xx 2-1:0.132: Freeing device [ 95.939769][ T5864] em28xx 4-1:0.132: Closing input extension [ 95.946493][ T1220] usb 3-1: config 0 descriptor?? [ 95.953640][ T44] em28xx 1-1:0.132: Freeing device [pid 5904] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5904] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [pid 5904] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffca168b620) = 0 [ 95.965850][ T5864] em28xx 4-1:0.132: Freeing device [ 95.970981][ T5904] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 96.008721][ T1220] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 96.026184][ T1220] em28xx 3-1:0.132: Video interface 132 found: bulk [pid 5905] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5907] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5904] exit_group(0) = ? [pid 5905] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5904] +++ exited with 0 +++ [pid 5859] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5859] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5924 attached [pid 5924] set_robust_list(0x55558b5e6660, 24 [pid 5859] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5924 [pid 5924] <... set_robust_list resumed>) = 0 [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5924] setpgid(0, 0) = 0 [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5907] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5924] write(3, "1000", 4) = 4 [pid 5924] close(3) = 0 executing program [pid 5924] write(1, "executing program\n", 18) = 18 [pid 5924] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5924] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffca168c630) = 0 [pid 5924] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5905] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5905] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 96.271858][ T1220] em28xx 3-1:0.132: unknown em28xx chip ID (0) [ 96.279976][ T24] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 96.309645][ T44] usb 1-1: new high-speed USB device number 4 using dummy_hcd [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5907] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5906] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5907] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5906] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5907] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 96.317360][ T5864] usb 4-1: new high-speed USB device number 4 using dummy_hcd [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5905] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5907] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 96.342916][ T1220] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 96.352195][ T1220] em28xx 3-1:0.132: board has no eeprom [ 96.409170][ T1220] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 96.417096][ T1220] em28xx 3-1:0.132: analog set to bulk mode. [ 96.423282][ T10] em28xx 3-1:0.132: Registering V4L2 extension [ 96.439456][ T1220] usb 3-1: USB disconnect, device number 4 [ 96.447060][ T1220] em28xx 3-1:0.132: Disconnecting em28xx [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5905] <... ioctl resumed>, 0x7ffca168c630) = 0 [ 96.459282][ T24] usb 2-1: Using ep0 maxpacket: 32 [pid 5905] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5905] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5907] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5905] <... ioctl resumed>, 0x7ffca168b620) = 9 [pid 5907] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5906] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5906] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5905] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5905] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5907] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5906] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5905] <... ioctl resumed>, 0x7ffca168b620) = 27 [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5907] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 9 [pid 5906] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5906] <... ioctl resumed>, 0x7ffca168b620) = 9 [ 96.480990][ T44] usb 1-1: Using ep0 maxpacket: 32 [ 96.487147][ T5864] usb 4-1: Using ep0 maxpacket: 32 [ 96.509041][ T24] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 96.520519][ T24] usb 2-1: config 0 has no interface number 0 [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5907] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5906] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5907] <... ioctl resumed>, 0x7ffca168b620) = 27 [pid 5906] <... ioctl resumed>, 0x7ffca168b620) = 27 [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 96.530275][ T5864] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 96.539169][ T44] usb 1-1: config 0 has an invalid interface number: 132 but max is 0 [ 96.549962][ T5864] usb 4-1: config 0 has no interface number 0 [ 96.556147][ T5864] usb 4-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 96.566728][ T24] usb 2-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5905] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5905] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 4 [pid 5907] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 4 [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5905] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5905] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5906] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5905] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5906] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5906] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5905] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5905] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5905] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5906] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5906] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5905] <... ioctl resumed>, 0x7ffca168c630) = 0 [ 96.577868][ T44] usb 1-1: config 0 has no interface number 0 [ 96.585521][ T44] usb 1-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 96.587407][ T10] em28xx 3-1:0.132: Config register raw data: 0xffffffed [ 96.605119][ T10] em28xx 3-1:0.132: AC97 chip type couldn't be determined [ 96.612318][ T10] em28xx 3-1:0.132: No AC97 audio processor [ 96.620077][ T5864] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [pid 5907] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 4 [pid 5906] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5905] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5906] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5905] <... ioctl resumed>, 0x7ffca168b620) = 8 [pid 5905] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5907] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 96.622996][ T10] usb 3-1: Decoder not found [ 96.630838][ T5864] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.637419][ T10] em28xx 3-1:0.132: failed to create media graph [ 96.643366][ T24] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 96.649985][ T10] em28xx 3-1:0.132: V4L2 device video103 deregistered [ 96.658355][ T5864] usb 4-1: Product: syz [ 96.669803][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [pid 5907] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [ 96.671753][ T10] em28xx 3-1:0.132: Remote control support is not available for this card. [ 96.678793][ T24] usb 2-1: Product: syz [ 96.688475][ T1220] em28xx 3-1:0.132: Closing input extension [ 96.691275][ T44] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 96.705909][ T5864] usb 4-1: Manufacturer: syz [ 96.712310][ T1220] em28xx 3-1:0.132: Freeing device [ 96.712726][ T5864] usb 4-1: SerialNumber: syz [ 96.722359][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [pid 5907] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5906] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5906] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 96.730421][ T24] usb 2-1: Manufacturer: syz [ 96.735273][ T24] usb 2-1: SerialNumber: syz [ 96.740200][ T44] usb 1-1: Product: syz [ 96.744532][ T44] usb 1-1: Manufacturer: syz [ 96.752367][ T44] usb 1-1: SerialNumber: syz [ 96.759739][ T5864] usb 4-1: config 0 descriptor?? [ 96.771110][ T5906] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [pid 5906] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [pid 5905] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5906] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 5905] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 5906] <... ioctl resumed>, 0x7ffca168b620) = 0 [pid 5905] <... ioctl resumed>, 0x2) = 0 [pid 5905] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5905] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [ 96.779681][ T24] usb 2-1: config 0 descriptor?? [ 96.788484][ T5905] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 96.794250][ T5864] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 96.812170][ T5864] em28xx 4-1:0.132: Video interface 132 found: bulk [ 96.822978][ T24] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [pid 5905] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffca168b620) = 0 [pid 5907] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5907] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [pid 5907] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffca168b620) = 0 [ 96.834428][ T44] usb 1-1: config 0 descriptor?? [ 96.839748][ T24] em28xx 2-1:0.132: Video interface 132 found: bulk [ 96.850788][ T5907] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 96.863326][ T44] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 96.875665][ T44] em28xx 1-1:0.132: Video interface 132 found: bulk [pid 5924] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5906] exit_group(0) = ? [pid 5906] +++ exited with 0 +++ [pid 5861] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5861] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5861] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5929 attached , child_tidptr=0x55558b5e6650) = 5929 [pid 5929] set_robust_list(0x55558b5e6660, 24) = 0 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5929] setpgid(0, 0) = 0 [pid 5905] exit_group(0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5905] <... exit_group resumed>) = ? [pid 5929] <... openat resumed>) = 3 [pid 5924] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5929] write(3, "1000", 4 [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5929] <... write resumed>) = 4 [pid 5905] +++ exited with 0 +++ [pid 5924] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5929] close(3 [pid 5857] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5929] <... close resumed>) = 0 [pid 5857] restart_syscall(<... resuming interrupted clone ...> [pid 5929] write(1, "executing program\n", 18 [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5857] <... restart_syscall resumed>) = 0 executing program [pid 5929] <... write resumed>) = 18 [pid 5857] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5929] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR./strace-static-x86_64: Process 5930 attached [pid 5857] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5930 [pid 5930] set_robust_list(0x55558b5e6660, 24 [pid 5929] <... openat resumed>) = 3 [pid 5929] ioctl(3, USB_RAW_IOCTL_INIT [pid 5930] <... set_robust_list resumed>) = 0 [pid 5929] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5930] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5929] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5930] <... prctl resumed>) = 0 [pid 5907] exit_group(0) = ? [pid 5930] setpgid(0, 0 [pid 5929] <... ioctl resumed>, 0) = 0 [pid 5930] <... setpgid resumed>) = 0 [pid 5907] +++ exited with 0 +++ [pid 5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5856] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5907, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5930] <... openat resumed>) = 3 [pid 5929] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5856] restart_syscall(<... resuming interrupted clone ...> [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 97.041052][ T1220] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 97.059444][ T5864] em28xx 4-1:0.132: unknown em28xx chip ID (0) [pid 5930] write(3, "1000", 4) = 4 [pid 5930] close(3) = 0 executing program [pid 5930] write(1, "executing program\n", 18) = 18 [pid 5930] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5856] <... restart_syscall resumed>) = 0 [pid 5856] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5930] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffca168c630) = 0 ./strace-static-x86_64: Process 5931 attached [pid 5930] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 5924] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5931] set_robust_list(0x55558b5e6660, 24) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5856] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5931 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5931] setpgid(0, 0 [pid 5930] <... ioctl resumed>, 0) = 0 [pid 5931] <... setpgid resumed>) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5930] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3) = 0 executing program [pid 5931] write(1, "executing program\n", 18) = 18 [pid 5931] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5931] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffca168c630) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5931] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [ 97.109801][ T24] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 97.132920][ T5864] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 97.142823][ T5864] em28xx 4-1:0.132: board has no eeprom [pid 5931] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 97.159423][ T44] em28xx 1-1:0.132: unknown em28xx chip ID (0) [ 97.172277][ T24] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 97.181091][ T24] em28xx 2-1:0.132: board has no eeprom [ 97.199136][ T5864] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7) [pid 5931] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5924] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 9 [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 27 [ 97.207033][ T5864] em28xx 4-1:0.132: analog set to bulk mode. [ 97.213206][ T1220] usb 3-1: Using ep0 maxpacket: 32 [ 97.213486][ T5868] em28xx 4-1:0.132: Registering V4L2 extension [ 97.232765][ T1220] usb 3-1: config 0 has an invalid interface number: 132 but max is 0 [ 97.239901][ T44] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 97.250933][ T5864] usb 4-1: USB disconnect, device number 4 [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 4 [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 97.256560][ T1220] usb 3-1: config 0 has no interface number 0 [ 97.257427][ T24] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 97.271521][ T1220] usb 3-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 97.289446][ T5864] em28xx 4-1:0.132: Disconnecting em28xx [ 97.297125][ T927] cfg80211: failed to load regulatory.db [ 97.303427][ T44] em28xx 1-1:0.132: board has no eeprom [pid 5924] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [ 97.303911][ T1220] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 97.313982][ T24] em28xx 2-1:0.132: analog set to bulk mode. [ 97.334773][ T24] usb 2-1: USB disconnect, device number 4 [ 97.341102][ T1220] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.351010][ T1220] usb 3-1: Product: syz [ 97.355236][ T1220] usb 3-1: Manufacturer: syz [pid 5924] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5924] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 97.357336][ T24] em28xx 2-1:0.132: Disconnecting em28xx [ 97.366556][ T1220] usb 3-1: SerialNumber: syz [ 97.380110][ T44] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 97.381343][ T1220] usb 3-1: config 0 descriptor?? [ 97.388102][ T44] em28xx 1-1:0.132: analog set to bulk mode. [ 97.400433][ T5924] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [pid 5924] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [pid 5924] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffca168b620) = 0 [ 97.410682][ T44] usb 1-1: USB disconnect, device number 4 [ 97.418429][ T44] em28xx 1-1:0.132: Disconnecting em28xx [ 97.426803][ T1220] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 97.449757][ T1220] em28xx 3-1:0.132: Video interface 132 found: bulk [ 97.492900][ T5868] em28xx 4-1:0.132: Config register raw data: 0xffffffed [ 97.502033][ T5868] em28xx 4-1:0.132: AC97 chip type couldn't be determined [ 97.509252][ T5868] em28xx 4-1:0.132: No AC97 audio processor [ 97.517788][ T5868] usb 4-1: Decoder not found [ 97.522543][ T5868] em28xx 4-1:0.132: failed to create media graph [ 97.528925][ T5868] em28xx 4-1:0.132: V4L2 device video103 deregistered [ 97.542253][ T5868] em28xx 4-1:0.132: Remote control support is not available for this card. [ 97.551001][ T5886] em28xx 2-1:0.132: Registering V4L2 extension [pid 5924] exit_group(0) = ? [pid 5924] +++ exited with 0 +++ [pid 5859] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5859] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5859] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5938 attached [pid 5938] set_robust_list(0x55558b5e6660, 24) = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] setpgid(0, 0 [pid 5859] <... clone resumed>, child_tidptr=0x55558b5e6650) = 5938 [pid 5938] <... setpgid resumed>) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 executing program [pid 5938] write(1, "executing program\n", 18) = 18 [pid 5938] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5938] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffca168c630) = 0 [pid 5938] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5938] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 97.675438][ T5886] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 97.688677][ T5886] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 97.696126][ T5886] em28xx 2-1:0.132: No AC97 audio processor [ 97.700876][ T1220] em28xx 3-1:0.132: unknown em28xx chip ID (0) [ 97.704006][ T5886] usb 2-1: Decoder not found [ 97.714013][ T5886] em28xx 2-1:0.132: failed to create media graph [ 97.720550][ T5886] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 97.729091][ T5886] em28xx 2-1:0.132: Remote control support is not available for this card. [ 97.737747][ T5884] em28xx 1-1:0.132: Registering V4L2 extension [ 97.767047][ T1220] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 97.776910][ T1220] em28xx 3-1:0.132: board has no eeprom [ 97.839196][ T1220] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 97.847097][ T1220] em28xx 3-1:0.132: analog set to bulk mode. [ 97.857148][ T5884] em28xx 1-1:0.132: Config register raw data: 0xffffffed [ 97.866384][ T5884] em28xx 1-1:0.132: AC97 chip type couldn't be determined [ 97.870635][ T1220] usb 3-1: USB disconnect, device number 5 [ 97.877186][ T5884] em28xx 1-1:0.132: No AC97 audio processor [ 97.893995][ T5884] usb 1-1: Decoder not found [ 97.898787][ T1220] em28xx 3-1:0.132: Disconnecting em28xx [ 97.900484][ T5884] em28xx 1-1:0.132: failed to create media graph [ 97.912947][ T5884] em28xx 1-1:0.132: V4L2 device video103 deregistered [ 97.922054][ T5884] em28xx 1-1:0.132: Remote control support is not available for this card. [ 97.932498][ T5864] em28xx 4-1:0.132: Closing input extension [ 97.939331][ T24] em28xx 2-1:0.132: Closing input extension [ 97.945543][ T10] em28xx 3-1:0.132: Registering V4L2 extension [ 97.957627][ T5864] em28xx 4-1:0.132: Freeing device [ 97.965522][ T24] em28xx 2-1:0.132: Freeing device [pid 5938] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5930] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5929] <... ioctl resumed>, 0x7ffca168c630) = 0 [ 98.152613][ T10] em28xx 3-1:0.132: Config register raw data: 0xffffffed [ 98.161576][ T10] em28xx 3-1:0.132: AC97 chip type couldn't be determined [ 98.168772][ T10] em28xx 3-1:0.132: No AC97 audio processor [ 98.177940][ T10] usb 3-1: Decoder not found [ 98.188034][ T10] em28xx 3-1:0.132: failed to create media graph [ 98.195650][ T10] em28xx 3-1:0.132: V4L2 device video103 deregistered [ 98.205746][ T10] em28xx 3-1:0.132: Remote control support is not available for this card. [ 98.207078][ T5946] ================================================================== [ 98.215065][ T1220] em28xx 3-1:0.132: Closing input extension [ 98.222827][ T5946] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xc7/0x430 [ 98.222882][ T5946] Read of size 8 at addr ffff88807f0a8740 by task v4l_id/5946 [ 98.222899][ T5946] [ 98.222919][ T5946] CPU: 1 UID: 0 PID: 5946 Comm: v4l_id Not tainted 6.16.0-rc5-next-20250711-syzkaller #0 PREEMPT(full) [ 98.222943][ T5946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 98.222968][ T5946] Call Trace: [ 98.222978][ T5946] [ 98.222988][ T5946] dump_stack_lvl+0x189/0x250 [ 98.223024][ T5946] ? rcu_is_watching+0x15/0xb0 [ 98.223057][ T5946] ? __kasan_check_byte+0x12/0x40 [ 98.223080][ T5946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.223111][ T5946] ? rcu_is_watching+0x15/0xb0 [ 98.223140][ T5946] ? lock_release+0x4b/0x3e0 [ 98.223169][ T5946] ? __virt_addr_valid+0x1c8/0x5c0 [ 98.223204][ T5946] ? __virt_addr_valid+0x4a5/0x5c0 [ 98.223238][ T5946] print_report+0xca/0x230 [ 98.223260][ T5946] ? v4l2_fh_open+0xc7/0x430 [ 98.223280][ T5946] kasan_report+0x118/0x150 [ 98.223302][ T5946] ? v4l2_fh_open+0xc7/0x430 [ 98.223327][ T5946] v4l2_fh_open+0xc7/0x430 [ 98.223349][ T5946] ? __pfx___mutex_lock+0x10/0x10 [ 98.223382][ T5946] em28xx_v4l2_open+0x157/0x9a0 [ 98.223410][ T5946] v4l2_open+0x20f/0x360 [ 98.223434][ T5946] chrdev_open+0x4cc/0x5e0 [ 98.223465][ T5946] ? __pfx_chrdev_open+0x10/0x10 [ 98.223493][ T5946] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 98.223524][ T5946] ? __pfx_chrdev_open+0x10/0x10 [ 98.223549][ T5946] do_dentry_open+0x950/0x13f0 [ 98.223588][ T5946] vfs_open+0x3b/0x340 [ 98.223615][ T5946] ? path_openat+0x2ecd/0x3830 [ 98.223643][ T5946] path_openat+0x2ee5/0x3830 [ 98.223661][ T5946] ? arch_stack_walk+0xfc/0x150 [ 98.223713][ T5946] ? __pfx_path_openat+0x10/0x10 [ 98.223730][ T5946] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.223765][ T5946] do_filp_open+0x1fa/0x410 [ 98.223798][ T5946] ? __lock_acquire+0xab9/0xd20 [ 98.223824][ T5946] ? __pfx_do_filp_open+0x10/0x10 [ 98.223871][ T5946] ? _raw_spin_unlock+0x28/0x50 [ 98.223902][ T5946] ? alloc_fd+0x64c/0x6c0 [ 98.223933][ T5946] do_sys_openat2+0x121/0x1c0 [ 98.223966][ T5946] ? __pfx_do_sys_openat2+0x10/0x10 [ 98.223997][ T5946] ? exc_page_fault+0x76/0xf0 [ 98.224021][ T5946] ? do_user_addr_fault+0xc8a/0x1390 [ 98.224047][ T5946] __x64_sys_openat+0x138/0x170 [ 98.224082][ T5946] do_syscall_64+0xfa/0x3b0 [ 98.224105][ T5946] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.224128][ T5946] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.224149][ T5946] ? clear_bhb_loop+0x60/0xb0 [ 98.224174][ T5946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.224195][ T5946] RIP: 0033:0x7f4575aa7407 [ 98.224229][ T5946] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 98.224248][ T5946] RSP: 002b:00007fff26fd25d0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 98.224271][ T5946] RAX: ffffffffffffffda RBX: 00007f4576181880 RCX: 00007f4575aa7407 [ 98.224288][ T5946] RDX: 0000000000000000 RSI: 00007fff26fd2f1d RDI: ffffffffffffff9c [ 98.224304][ T5946] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 98.224316][ T5946] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 98.224329][ T5946] R13: 00007fff26fd2820 R14: 00007f45762e8000 R15: 000055bcb12464d8 [ 98.224355][ T5946] [ 98.224363][ T5946] [ 98.573338][ T5946] Allocated by task 10: [ 98.577967][ T5946] kasan_save_track+0x3e/0x80 [ 98.582776][ T5946] __kasan_kmalloc+0x93/0xb0 [ 98.588277][ T5946] __kmalloc_cache_noprof+0x230/0x3d0 [ 98.594310][ T5946] em28xx_v4l2_init+0x10b/0x2e70 [ 98.599542][ T5946] em28xx_init_extension+0x11d/0x1c0 [ 98.605214][ T5946] process_scheduled_works+0xade/0x17b0 [ 98.611129][ T5946] worker_thread+0x8a0/0xda0 [ 98.615732][ T5946] kthread+0x711/0x8a0 [ 98.620016][ T5946] ret_from_fork+0x3f9/0x770 [ 98.624938][ T5946] ret_from_fork_asm+0x1a/0x30 [ 98.629731][ T5946] [ 98.632087][ T5946] Freed by task 10: [ 98.635947][ T5946] kasan_save_track+0x3e/0x80 [ 98.640665][ T5946] kasan_save_free_info+0x46/0x50 [ 98.645723][ T5946] __kasan_slab_free+0x62/0x70 [ 98.650608][ T5946] kfree+0x18e/0x440 [ 98.654552][ T5946] em28xx_v4l2_init+0x1683/0x2e70 [ 98.659619][ T5946] em28xx_init_extension+0x11d/0x1c0 [ 98.664939][ T5946] process_scheduled_works+0xade/0x17b0 [ 98.670717][ T5946] worker_thread+0x8a0/0xda0 [ 98.675329][ T5946] kthread+0x711/0x8a0 [ 98.679413][ T5946] ret_from_fork+0x3f9/0x770 [ 98.684032][ T5946] ret_from_fork_asm+0x1a/0x30 [ 98.688814][ T5946] [ 98.691156][ T5946] The buggy address belongs to the object at ffff88807f0a8000 [ 98.691156][ T5946] which belongs to the cache kmalloc-8k of size 8192 [ 98.706121][ T5946] The buggy address is located 1856 bytes inside of [ 98.706121][ T5946] freed 8192-byte region [ffff88807f0a8000, ffff88807f0aa000) [ 98.720114][ T5946] [ 98.722450][ T5946] The buggy address belongs to the physical page: [ 98.729072][ T5946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f0a8 [ 98.737897][ T5946] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 98.746424][ T5946] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 98.754622][ T5946] page_type: f5(slab) [ 98.758816][ T5946] raw: 00fff00000000040 ffff88801a842280 ffffea0001ea7800 0000000000000005 [ 98.767497][ T5946] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 98.776100][ T5946] head: 00fff00000000040 ffff88801a842280 ffffea0001ea7800 0000000000000005 [ 98.784872][ T5946] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 98.793952][ T5946] head: 00fff00000000003 ffffea0001fc2a01 00000000ffffffff 00000000ffffffff [ 98.802734][ T5946] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 98.811434][ T5946] page dumped because: kasan: bad access detected [ 98.817882][ T5946] page_owner tracks the page as allocated [ 98.823616][ T5946] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5531, tgid 5531 (dhcpcd-run-hook), ts 59123016234, free_ts 59122352992 [ 98.845532][ T5946] post_alloc_hook+0x240/0x2a0 [ 98.850580][ T5946] get_page_from_freelist+0x21e4/0x22c0 [ 98.856226][ T5946] __alloc_frozen_pages_noprof+0x181/0x370 [ 98.862213][ T5946] alloc_pages_mpol+0x232/0x4a0 [ 98.867119][ T5946] allocate_slab+0x8a/0x370 [ 98.871738][ T5946] ___slab_alloc+0xbeb/0x1410 [ 98.876441][ T5946] __kmalloc_cache_noprof+0x296/0x3d0 [ 98.881844][ T5946] tomoyo_init_log+0x111f/0x1f70 [ 98.886873][ T5946] tomoyo_supervisor+0x340/0x1480 [ 98.892253][ T5946] tomoyo_env_perm+0x149/0x1e0 [ 98.897161][ T5946] tomoyo_find_next_domain+0x15cf/0x1aa0 [ 98.903202][ T5946] tomoyo_bprm_check_security+0x11c/0x180 [ 98.910161][ T5946] security_bprm_check+0x89/0x270 [ 98.915396][ T5946] bprm_execve+0x8ee/0x1450 [ 98.920280][ T5946] do_execveat_common+0x510/0x6a0 [ 98.925424][ T5946] __x64_sys_execve+0x94/0xb0 [ 98.930645][ T5946] page last free pid 5531 tgid 5531 stack trace: [ 98.937508][ T5946] __free_frozen_pages+0xbc4/0xd30 [ 98.942978][ T5946] __put_partials+0x156/0x1a0 [ 98.947768][ T5946] put_cpu_partial+0x17c/0x250 [ 98.953260][ T5946] __slab_free+0x2d5/0x3c0 [ 98.957791][ T5946] qlist_free_all+0x97/0x140 [ 98.962856][ T5946] kasan_quarantine_reduce+0x148/0x160 [ 98.968645][ T5946] __kasan_slab_alloc+0x22/0x80 [ 98.974340][ T5946] __kmalloc_noprof+0x224/0x4f0 [ 98.979252][ T5946] tomoyo_supervisor+0xbd5/0x1480 [ 98.984384][ T5946] tomoyo_env_perm+0x149/0x1e0 [ 98.989785][ T5946] tomoyo_find_next_domain+0x15cf/0x1aa0 [ 98.995978][ T5946] tomoyo_bprm_check_security+0x11c/0x180 [ 99.001974][ T5946] security_bprm_check+0x89/0x270 [ 99.007115][ T5946] bprm_execve+0x8ee/0x1450 [ 99.011647][ T5946] do_execveat_common+0x510/0x6a0 [ 99.016680][ T5946] __x64_sys_execve+0x94/0xb0 [ 99.021370][ T5946] [ 99.023717][ T5946] Memory state around the buggy address: [ 99.029555][ T5946] ffff88807f0a8600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.038742][ T5946] ffff88807f0a8680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.046825][ T5946] >ffff88807f0a8700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5930] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5929] <... ioctl resumed>, 0x7ffca168c630) = 0 [ 99.054995][ T5946] ^ [ 99.061180][ T5946] ffff88807f0a8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.070073][ T5946] ffff88807f0a8800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 99.078145][ T5946] ================================================================== [ 99.086720][ T44] em28xx 1-1:0.132: Closing input extension [ 99.098892][ T5946] Kernel panic - not syncing: KASAN: panic_on_warn set ... [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 99.106537][ T5946] CPU: 0 UID: 0 PID: 5946 Comm: v4l_id Not tainted 6.16.0-rc5-next-20250711-syzkaller #0 PREEMPT(full) [ 99.117963][ T5946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 99.128058][ T5946] Call Trace: [ 99.131631][ T5946] [ 99.134599][ T5946] dump_stack_lvl+0x99/0x250 [ 99.139393][ T5946] ? __asan_memcpy+0x40/0x70 [ 99.144226][ T5946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.149480][ T5946] ? __pfx__printk+0x10/0x10 [ 99.154112][ T5946] vpanic+0x281/0x750 [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5930] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5929] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5929] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5930] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5929] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 99.158125][ T5946] ? preempt_schedule+0xae/0xc0 [ 99.163018][ T5946] ? __pfx_vpanic+0x10/0x10 [ 99.167567][ T5946] ? preempt_schedule_common+0x83/0xd0 [ 99.173150][ T5946] ? preempt_schedule+0xae/0xc0 [ 99.178192][ T5946] ? __pfx_preempt_schedule+0x10/0x10 [ 99.183677][ T5946] panic+0xb9/0xc0 [ 99.187433][ T5946] ? __pfx_panic+0x10/0x10 [ 99.191868][ T5946] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 99.197826][ T5946] ? v4l2_fh_open+0xc7/0x430 [ 99.202441][ T5946] check_panic_on_warn+0x89/0xb0 [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5930] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5929] <... ioctl resumed>, 0x7ffca168c630) = 0 [ 99.207409][ T5946] ? v4l2_fh_open+0xc7/0x430 [ 99.212127][ T5946] end_report+0x78/0x160 [ 99.216379][ T5946] kasan_report+0x129/0x150 [ 99.220984][ T5946] ? v4l2_fh_open+0xc7/0x430 [ 99.225839][ T5946] v4l2_fh_open+0xc7/0x430 [ 99.230917][ T5946] ? __pfx___mutex_lock+0x10/0x10 [ 99.236304][ T5946] em28xx_v4l2_open+0x157/0x9a0 [ 99.241278][ T5946] v4l2_open+0x20f/0x360 [ 99.245707][ T5946] chrdev_open+0x4cc/0x5e0 [ 99.250143][ T5946] ? __pfx_chrdev_open+0x10/0x10 [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5931] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5931] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5930] <... ioctl resumed>, 0x7ffca168c630) = 0 [ 99.255111][ T5946] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 99.261673][ T5946] ? __pfx_chrdev_open+0x10/0x10 [ 99.266645][ T5946] do_dentry_open+0x950/0x13f0 [ 99.271977][ T5946] vfs_open+0x3b/0x340 [ 99.276137][ T5946] ? path_openat+0x2ecd/0x3830 [ 99.281022][ T5946] path_openat+0x2ee5/0x3830 [ 99.285737][ T5946] ? arch_stack_walk+0xfc/0x150 [ 99.290666][ T5946] ? __pfx_path_openat+0x10/0x10 [ 99.295720][ T5946] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.301992][ T5946] do_filp_open+0x1fa/0x410 [pid 5930] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 9 [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 27 [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 4 [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5930] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5930] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 5929] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5930] <... ioctl resumed>, 0) = 0 [pid 5929] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5930] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 5929] <... ioctl resumed>, 0x7ffca168b620) = 18 [pid 5930] <... ioctl resumed>, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5930] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 5929] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5929] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5930] <... ioctl resumed>, 0x7ffca168b620) = 0 [pid 5929] <... ioctl resumed>, 0x7ffca168b620) = 9 [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5929] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 27 [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5931] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5929] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5929] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 5931] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5929] <... ioctl resumed>, 0x7ffca168b620) = 4 [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5929] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5929] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5929] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 8 [ 99.306614][ T5946] ? __lock_acquire+0xab9/0xd20 [ 99.311941][ T5946] ? __pfx_do_filp_open+0x10/0x10 [ 99.317140][ T5946] ? _raw_spin_unlock+0x28/0x50 [ 99.322236][ T5946] ? alloc_fd+0x64c/0x6c0 [ 99.326620][ T5946] do_sys_openat2+0x121/0x1c0 [ 99.331374][ T5946] ? __pfx_do_sys_openat2+0x10/0x10 [ 99.336644][ T5946] ? exc_page_fault+0x76/0xf0 [ 99.341659][ T5946] ? do_user_addr_fault+0xc8a/0x1390 [ 99.347233][ T5946] __x64_sys_openat+0x138/0x170 [ 99.352252][ T5946] do_syscall_64+0xfa/0x3b0 [pid 5929] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [pid 5929] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [pid 5929] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5929] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2a918023ec) = -1 EINVAL (Invalid argument) [pid 5929] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffca168b620) = 0 [pid 5931] <... ioctl resumed>, 0x7ffca168c630) = 0 [pid 5931] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca168b620) = 18 [pid 5931] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca168c630) = 0 [ 99.356813][ T5946] ? lockdep_hardirqs_on+0x9c/0x150 [ 99.362055][ T5946] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.368253][ T5946] ? clear_bhb_loop+0x60/0xb0 [ 99.372981][ T5946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.378910][ T5946] RIP: 0033:0x7f4575aa7407 [ 99.383359][ T5946] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 99.403182][ T5946] RSP: 002b:00007fff26fd25d0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 99.411645][ T5946] RAX: ffffffffffffffda RBX: 00007f4576181880 RCX: 00007f4575aa7407 [ 99.419642][ T5946] RDX: 0000000000000000 RSI: 00007fff26fd2f1d RDI: ffffffffffffff9c [ 99.427822][ T5946] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 99.435825][ T5946] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 99.443832][ T5946] R13: 00007fff26fd2820 R14: 00007f45762e8000 R15: 000055bcb12464d8 [ 99.451857][ T5946] [ 99.455244][ T5946] Kernel Offset: disabled [ 99.459582][ T5946] Rebooting in 86400 seconds..