./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2560387820
<...>
Warning: Permanently added '10.128.1.252' (ED25519) to the list of known hosts.
execve("./syz-executor2560387820", ["./syz-executor2560387820"], 0x7ffde8d527b0 /* 10 vars */) = 0
brk(NULL) = 0x55555aa1a000
brk(0x55555aa1ad00) = 0x55555aa1ad00
arch_prctl(ARCH_SET_FS, 0x55555aa1a380) = 0
set_tid_address(0x55555aa1a650) = 5867
set_robust_list(0x55555aa1a660, 24) = 0
rseq(0x55555aa1aca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2560387820", 4096) = 28
getrandom("\x78\x43\x86\x1c\x0a\x02\x8d\x43", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555aa1ad00
brk(0x55555aa3bd00) = 0x55555aa3bd00
brk(0x55555aa3c000) = 0x55555aa3c000
mprotect(0x7fa23192f000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555aa1a650) = 5868
./strace-static-x86_64: Process 5868 attached
[pid 5868] set_robust_list(0x55555aa1a660, 24) = 0
[pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5868] setpgid(0, 0) = 0
[pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5868] write(3, "1000", 4) = 4
[pid 5868] close(3) = 0
[pid 5868] write(1, "executing program\n", 18executing program
) = 18
[pid 5868] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 5868] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0c775de0) = 18
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[ 90.726866][ T984] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0c775de0) = 18
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0c775de0) = 9
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0c775de0) = 18
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0c775de0) = 4
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0c775de0) = 8
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0c775de0) = 8
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0c775de0) = 8
[ 90.931339][ T984] usb 1-1: config 0 has an invalid interface number: 93 but max is 0
[ 90.939692][ T984] usb 1-1: config 0 has no interface number 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776df0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd0c775de0) = 0
[ 90.981843][ T984] usb 1-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[ 90.990999][ T984] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 90.999560][ T984] usb 1-1: Product: syz
[ 91.003759][ T984] usb 1-1: Manufacturer: syz
[ 91.008770][ T984] usb 1-1: SerialNumber: syz
[ 91.016143][ T984] usb 1-1: config 0 descriptor??
[pid 5868] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0c776e20) = 0
[pid 5868] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0c775e10) = 16
[ 91.247290][ T984] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[ 91.259904][ T984] dvb-usb: will use the device's hardware PID filter (table count: 32).
[ 91.268889][ T984] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[ 91.277730][ T984] usb 1-1: media controller created
[ 91.285687][ T984] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 91.322291][ T984] DVB: Unable to find symbol dib7000p_attach()
[ 91.328911][ T984] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[ 91.337789][ T984] dvb-usb: will use the device's hardware PID filter (table count: 32).
[ 91.352246][ T984] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[ 91.361108][ T984] usb 1-1: media controller created
[ 91.373193][ T984] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 91.387293][ T984] dib0700: the master dib7090 has to be initialized first
[ 91.394417][ T984] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[pid 5868] openat(AT_FDCWD, "/dev/i2c-1", O_RDWR|O_APPEND) = 4
[ 91.456625][ T984] rc_core: IR keymap rc-dib0700-rc5 not found
[ 91.462745][ T984] Registered IR keymap rc-empty
[ 91.471597][ T5868] ------------[ cut here ]------------
[ 91.477288][ T5868] usb 1-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[ 91.486790][ T5868] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x112b/0x1830, CPU#0: syz-executor256/5868
[ 91.497568][ T5868] Modules linked in:
[ 91.501584][ T5868] CPU: 0 UID: 0 PID: 5868 Comm: syz-executor256 Not tainted 6.16.0-next-20250808-syzkaller #0 PREEMPT(full)
[ 91.513201][ T5868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 91.523330][ T5868] RIP: 0010:usb_submit_urb+0x112b/0x1830
[ 91.529018][ T5868] Code: 0f b6 44 05 00 84 c0 0f 85 e8 05 00 00 45 0f b6 45 00 48 c7 c7 20 a5 56 8c 48 8b 74 24 10 4c 89 fa 44 89 f1 e8 76 02 4f fa 90 <0f> 0b 90 90 49 bc 00 00 00 00 00 fc ff df e9 17 f4 ff ff 89 e9 80
[ 91.548696][ T5868] RSP: 0018:ffffc900040bf850 EFLAGS: 00010246
[ 91.554778][ T5868] RAX: 77c1ddfa4dc5eb00 RBX: ffff888021eac100 RCX: ffff88802c9d0000
[ 91.562827][ T5868] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[ 91.570911][ T5868] RBP: 1ffff110052e2eb8 R08: ffffc900040bf567 R09: 1ffff92000817eac
[ 91.579021][ T5868] R10: dffffc0000000000 R11: fffff52000817ead R12: dffffc0000000000
[ 91.587113][ T5868] R13: ffff8880297175c0 R14: 0000000080000280 R15: ffff8880297e6540
[ 91.595202][ T5868] FS: 000055555aa1a380(0000) GS:ffff8881257db000(0000) knlGS:0000000000000000
[ 91.604212][ T5868] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 91.611047][ T5868] CR2: 0000561c15428c90 CR3: 00000000716c0000 CR4: 00000000003526f0
[ 91.619147][ T5868] Call Trace:
[ 91.622456][ T5868]
[ 91.625431][ T5868] usb_start_wait_urb+0x114/0x4c0
[ 91.630622][ T5868] ? __pfx_usb_start_wait_urb+0x10/0x10
[ 91.636202][ T5868] usb_control_msg+0x232/0x3e0
[ 91.641047][ T5868] dib0700_i2c_xfer+0xba7/0xf70
[ 91.645946][ T5868] __i2c_transfer+0x874/0x2170
[ 91.651028][ T5868] ? lockdep_hardirqs_on+0x9c/0x150
[ 91.656273][ T5868] ? __pfx___i2c_transfer+0x10/0x10
[ 91.661521][ T5868] ? rt_mutex_lock_nested+0x15e/0x1e0
[ 91.667036][ T5868] ? i2c_transfer+0x11d/0x3a0
[ 91.671730][ T5868] i2c_transfer+0x25b/0x3a0
[ 91.676226][ T5868] ? __pfx_i2c_transfer+0x10/0x10
[ 91.681312][ T5868] ? _copy_from_user+0x94/0xb0
[ 91.686120][ T5868] i2cdev_ioctl_rdwr+0x460/0x740
[ 91.691182][ T5868] i2cdev_ioctl+0x64b/0x7f0
[ 91.695706][ T5868] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 91.701231][ T5868] ? bpf_lsm_file_ioctl+0x9/0x20
[ 91.706205][ T5868] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 91.711309][ T5868] __se_sys_ioctl+0xfc/0x170
[ 91.715918][ T5868] do_syscall_64+0xfa/0x3b0
[ 91.720609][ T5868] ? lockdep_hardirqs_on+0x9c/0x150
[ 91.725844][ T5868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 91.732109][ T5868] ? clear_bhb_loop+0x60/0xb0
[ 91.736877][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 91.742798][ T5868] RIP: 0033:0x7fa2318bc8f9
[ 91.747296][ T5868] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 91.767025][ T5868] RSP: 002b:00007ffd0c777e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 91.775478][ T5868] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa2318bc8f9
[ 91.783551][ T5868] RDX: 0000200000000a40 RSI: 0000000000000707 RDI: 0000000000000004
[ 91.791587][ T5868] RBP: 00007fa23192f5f0 R08: 00232d6332692f76 R09: 0000000000000006
[ 91.799596][ T5868] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000001
[ 91.807712][ T5868] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 91.815781][ T5868]
[ 91.818839][ T5868] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 91.826152][ T5868] CPU: 0 UID: 0 PID: 5868 Comm: syz-executor256 Not tainted 6.16.0-next-20250808-syzkaller #0 PREEMPT(full)
[ 91.837782][ T5868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 91.847952][ T5868] Call Trace:
[ 91.851235][ T5868]
[ 91.854158][ T5868] dump_stack_lvl+0x99/0x250
[ 91.858768][ T5868] ? __asan_memcpy+0x40/0x70
[ 91.863355][ T5868] ? __pfx_dump_stack_lvl+0x10/0x10
[ 91.868553][ T5868] ? __pfx__printk+0x10/0x10
[ 91.873148][ T5868] vpanic+0x281/0x750
[ 91.877127][ T5868] ? __pfx__printk+0x10/0x10
[ 91.881715][ T5868] ? __pfx_vpanic+0x10/0x10
[ 91.886248][ T5868] ? is_bpf_text_address+0x292/0x2b0
[ 91.891647][ T5868] ? is_bpf_text_address+0x26/0x2b0
[ 91.897047][ T5868] panic+0xb9/0xc0
[ 91.900785][ T5868] ? __pfx_panic+0x10/0x10
[ 91.905204][ T5868] __warn+0x334/0x4c0
[ 91.909195][ T5868] ? usb_submit_urb+0x112b/0x1830
[ 91.914346][ T5868] ? usb_submit_urb+0x112b/0x1830
[ 91.919548][ T5868] report_bug+0x2be/0x4f0
[ 91.923900][ T5868] ? usb_submit_urb+0x112b/0x1830
[ 91.929193][ T5868] ? usb_submit_urb+0x112b/0x1830
[ 91.934762][ T5868] ? usb_submit_urb+0x112d/0x1830
[ 91.939796][ T5868] handle_bug+0x84/0x160
[ 91.944147][ T5868] exc_invalid_op+0x1a/0x50
[ 91.948657][ T5868] asm_exc_invalid_op+0x1a/0x20
[ 91.953518][ T5868] RIP: 0010:usb_submit_urb+0x112b/0x1830
[ 91.959240][ T5868] Code: 0f b6 44 05 00 84 c0 0f 85 e8 05 00 00 45 0f b6 45 00 48 c7 c7 20 a5 56 8c 48 8b 74 24 10 4c 89 fa 44 89 f1 e8 76 02 4f fa 90 <0f> 0b 90 90 49 bc 00 00 00 00 00 fc ff df e9 17 f4 ff ff 89 e9 80
[ 91.978956][ T5868] RSP: 0018:ffffc900040bf850 EFLAGS: 00010246
[ 91.985033][ T5868] RAX: 77c1ddfa4dc5eb00 RBX: ffff888021eac100 RCX: ffff88802c9d0000
[ 91.993009][ T5868] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[ 92.000994][ T5868] RBP: 1ffff110052e2eb8 R08: ffffc900040bf567 R09: 1ffff92000817eac
[ 92.009122][ T5868] R10: dffffc0000000000 R11: fffff52000817ead R12: dffffc0000000000
[ 92.017313][ T5868] R13: ffff8880297175c0 R14: 0000000080000280 R15: ffff8880297e6540
[ 92.025407][ T5868] usb_start_wait_urb+0x114/0x4c0
[ 92.030448][ T5868] ? __pfx_usb_start_wait_urb+0x10/0x10
[ 92.036018][ T5868] usb_control_msg+0x232/0x3e0
[ 92.040793][ T5868] dib0700_i2c_xfer+0xba7/0xf70
[ 92.045673][ T5868] __i2c_transfer+0x874/0x2170
[ 92.050443][ T5868] ? lockdep_hardirqs_on+0x9c/0x150
[ 92.055659][ T5868] ? __pfx___i2c_transfer+0x10/0x10
[ 92.060946][ T5868] ? rt_mutex_lock_nested+0x15e/0x1e0
[ 92.066334][ T5868] ? i2c_transfer+0x11d/0x3a0
[ 92.071019][ T5868] i2c_transfer+0x25b/0x3a0
[ 92.075526][ T5868] ? __pfx_i2c_transfer+0x10/0x10
[ 92.080565][ T5868] ? _copy_from_user+0x94/0xb0
[ 92.085348][ T5868] i2cdev_ioctl_rdwr+0x460/0x740
[ 92.090300][ T5868] i2cdev_ioctl+0x64b/0x7f0
[ 92.094900][ T5868] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 92.099943][ T5868] ? bpf_lsm_file_ioctl+0x9/0x20
[ 92.104881][ T5868] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 92.109913][ T5868] __se_sys_ioctl+0xfc/0x170
[ 92.114506][ T5868] do_syscall_64+0xfa/0x3b0
[ 92.119010][ T5868] ? lockdep_hardirqs_on+0x9c/0x150
[ 92.124216][ T5868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 92.130283][ T5868] ? clear_bhb_loop+0x60/0xb0
[ 92.134966][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 92.140860][ T5868] RIP: 0033:0x7fa2318bc8f9
[ 92.145281][ T5868] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 92.164890][ T5868] RSP: 002b:00007ffd0c777e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 92.173306][ T5868] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa2318bc8f9
[ 92.181371][ T5868] RDX: 0000200000000a40 RSI: 0000000000000707 RDI: 0000000000000004
[ 92.189356][ T5868] RBP: 00007fa23192f5f0 R08: 00232d6332692f76 R09: 0000000000000006
[ 92.197331][ T5868] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000001
[ 92.205330][ T5868] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 92.213406][ T5868]
[ 92.216746][ T5868] Kernel Offset: disabled
[ 92.221144][ T5868] Rebooting in 86400 seconds..