./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2168795675 <...> forked to background, child pid 3177 no interfaces have a carrier [ 21.168555][ T3178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.178556][ T3178] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts. execve("./syz-executor2168795675", ["./syz-executor2168795675"], 0x7ffcf1fcb910 /* 10 vars */) = 0 brk(NULL) = 0x55555603b000 brk(0x55555603bc40) = 0x55555603bc40 arch_prctl(ARCH_SET_FS, 0x55555603b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2168795675", 4096) = 28 brk(0x55555605cc40) = 0x55555605cc40 brk(0x55555605d000) = 0x55555605d000 mprotect(0x7fa20a83b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd75e3ba40) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd75e3aa30) = 18 syzkaller login: [ 37.973517][ T22] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd75e3aa30) = 18 [ 38.213467][ T22] usb 1-1: Using ep0 maxpacket: 16 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd75e3aa30) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd75e3aa30) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd75e3aa30) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd75e3aa30) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 [ 38.373660][ T22] usb 1-1: unable to get BOS descriptor or descriptor too short ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd75e3aa30) = 330 [ 38.453493][ T22] usb 1-1: config 7 has an invalid interface number: 112 but max is 2 [ 38.461849][ T22] usb 1-1: config 7 has an invalid interface number: 208 but max is 2 [ 38.470065][ T22] usb 1-1: config 7 has an invalid interface number: 86 but max is 2 [ 38.478153][ T22] usb 1-1: config 7 has no interface number 0 [ 38.484422][ T22] usb 1-1: config 7 has no interface number 1 [ 38.490498][ T22] usb 1-1: config 7 has no interface number 2 [ 38.496839][ T22] usb 1-1: config 7 interface 208 altsetting 163 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 38.507992][ T22] usb 1-1: config 7 interface 208 altsetting 163 endpoint 0xA has an invalid bInterval 63, changing to 9 [ 38.519220][ T22] usb 1-1: config 7 interface 208 altsetting 163 has a duplicate endpoint with address 0x7, skipping [ 38.530090][ T22] usb 1-1: config 7 interface 208 altsetting 163 endpoint 0x1 has invalid maxpacket 1023, setting to 64 [ 38.541239][ T22] usb 1-1: config 7 interface 208 altsetting 163 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 38.552397][ T22] usb 1-1: config 7 interface 208 altsetting 163 bulk endpoint 0x5 has invalid maxpacket 64 [ 38.562636][ T22] usb 1-1: config 7 interface 208 altsetting 163 has a duplicate endpoint with address 0x2, skipping [ 38.573700][ T22] usb 1-1: config 7 interface 208 altsetting 163 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 38.584854][ T22] usb 1-1: config 7 interface 208 altsetting 163 has a duplicate endpoint with address 0x9, skipping ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 [ 38.595737][ T22] usb 1-1: config 7 interface 208 altsetting 163 has a duplicate endpoint with address 0xA, skipping [ 38.606635][ T22] usb 1-1: config 7 interface 208 altsetting 163 endpoint 0xD has invalid maxpacket 1024, setting to 64 [ 38.617772][ T22] usb 1-1: config 7 interface 86 altsetting 169 has an invalid endpoint with address 0x80, skipping [ 38.628579][ T22] usb 1-1: config 7 interface 112 has no altsetting 0 [ 38.635367][ T22] usb 1-1: config 7 interface 208 has no altsetting 0 [ 38.642106][ T22] usb 1-1: config 7 interface 86 has no altsetting 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd75e3aa30) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd75e3aa30) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd75e3aa30) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd75e3aa30) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd75e3aa30) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd75e3aa30) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd75e3ba40) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x3) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd75e3aa30) = 0 [ 38.893544][ T22] usb 1-1: string descriptor 0 read error: -22 [ 38.899813][ T22] usb 1-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.10 [ 38.908956][ T22] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.958297][ T22] ------------[ cut here ]------------ [ 38.963880][ T22] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 38.970257][ T22] WARNING: CPU: 1 PID: 22 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 [ 38.979671][ T22] Modules linked in: [ 38.983595][ T22] CPU: 1 PID: 22 Comm: kworker/1:0 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 [ 38.993201][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 39.003286][ T22] Workqueue: usb_hub_wq hub_event [ 39.008362][ T22] RIP: 0010:usb_submit_urb+0xed2/0x18a0 [ 39.013938][ T22] Code: 7c 24 18 e8 30 16 ef fb 48 8b 7c 24 18 e8 f6 8e 03 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 e0 0b 6f 8a e8 2f 2b a7 03 <0f> 0b e9 58 f8 ff ff e8 02 16 ef fb 48 81 c5 c0 05 00 00 e9 84 f7 [ 39.033653][ T22] RSP: 0018:ffffc900001c6de0 EFLAGS: 00010286 [ 39.039701][ T22] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 39.047713][ T22] RDX: ffff888011a4bb00 RSI: ffffffff81611718 RDI: fffff52000038dae [ 39.055728][ T22] RBP: ffff88801d0631e0 R08: 0000000000000005 R09: 0000000000000000 [ 39.064037][ T22] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000001 [ 39.072039][ T22] R13: ffff8880208ecf78 R14: 0000000000000002 R15: ffff888016a0f900 [ 39.080103][ T22] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 39.089163][ T22] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.095786][ T22] CR2: 0000563a0b5d2b68 CR3: 000000000ba8e000 CR4: 0000000000350ee0 [ 39.103784][ T22] Call Trace: [ 39.107043][ T22] [ 39.109980][ T22] ? __init_swait_queue_head+0xc6/0x150 [ 39.115563][ T22] usb_start_wait_urb+0x101/0x4c0 [ 39.120606][ T22] ? usb_api_blocking_completion+0xa0/0xa0 [ 39.126452][ T22] ? trace_kmalloc+0x32/0x100 [ 39.131149][ T22] ? memset+0x20/0x40 [ 39.135171][ T22] usb_bulk_msg+0x226/0x550 [ 39.139688][ T22] shark_write_reg+0x1ff/0x2e0 [ 39.144475][ T22] ? devm_of_led_get+0x110/0x110 [ 39.149422][ T22] ? shark_read_reg+0x460/0x460 [ 39.154337][ T22] ? snprintf+0xbb/0xf0 exit_group(0) = ? +++ exited with 0 +++ [