./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1904267139 <...> Warning: Permanently added '10.128.1.168' (ED25519) to the list of known hosts. execve("./syz-executor1904267139", ["./syz-executor1904267139"], 0x7ffccfc606d0 /* 10 vars */) = 0 brk(NULL) = 0x55556644d000 brk(0x55556644dd00) = 0x55556644dd00 arch_prctl(ARCH_SET_FS, 0x55556644d380) = 0 set_tid_address(0x55556644d650) = 5067 set_robust_list(0x55556644d660, 24) = 0 rseq(0x55556644dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1904267139", 4096) = 28 getrandom("\x2f\x1f\x33\x8b\x46\xba\x58\x94", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556644dd00 brk(0x55556646ed00) = 0x55556646ed00 brk(0x55556646f000) = 0x55556646f000 mprotect(0x7fe69fa02000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc820dc850) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc820db840) = 18 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 [ 73.784994][ T784] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 [ 74.024730][ T784] usb 1-1: Using ep0 maxpacket: 8 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc820db840) = 18 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc820db840) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc820db840) = 36 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc820db840) = 4 [ 74.164907][ T784] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 15 [ 74.175091][ T784] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc820db840) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc820db840) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc820db840) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc850) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 74.344966][ T784] usb 1-1: New USB device found, idVendor=05ac, idProduct=0243, bcdDevice= 0.40 [ 74.354093][ T784] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.362264][ T784] usb 1-1: Product: syz [ 74.366505][ T784] usb 1-1: Manufacturer: syz [ 74.371166][ T784] usb 1-1: SerialNumber: syz ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc820db840) = 0 [ 74.440366][ T784] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input5 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc880) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc820db870) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc820dc880) = 0 ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc820db870) = 8 [ 74.924828][ T4508] ------------[ cut here ]------------ [ 74.930538][ T4508] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 74.937519][ T4508] WARNING: CPU: 0 PID: 4508 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 [ 74.947191][ T4508] Modules linked in: [ 74.951113][ T4508] CPU: 0 PID: 4508 Comm: acpid Not tainted 6.8.0-syzkaller-08073-g480e035fc4c7 #0 [ 74.960379][ T4508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 74.970535][ T4508] RIP: 0010:usb_submit_urb+0xc4e/0x18c0 [ 74.976261][ T4508] Code: f8 48 c1 e8 03 0f b6 04 18 84 c0 0f 85 b7 08 00 00 45 8b 07 48 c7 c7 40 94 4b 8c 48 8b 34 24 4c 89 e2 89 e9 e8 93 60 49 fa 90 <0f> 0b 90 90 48 8b 5c 24 30 41 89 dc 4c 89 e7 48 c7 c6 90 41 cf 8e [ 74.995951][ T4508] RSP: 0018:ffffc9000310f5a0 EFLAGS: 00010246 [ 75.002059][ T4508] RAX: 31186ede28019b00 RBX: dffffc0000000000 RCX: ffff88807c223c00 [ 75.010224][ T4508] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 75.018293][ T4508] RBP: 0000000000000001 R08: ffffffff8157cc12 R09: fffffbfff1bf9650 [ 75.026394][ T4508] R10: dffffc0000000000 R11: fffffbfff1bf9650 R12: ffff888023047f40 [ 75.034414][ T4508] R13: ffff88801a2e4200 R14: 0000000000000001 R15: ffffffff8c4b9228 [ 75.042561][ T4508] FS: 00007fe0059ca740(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 75.051593][ T4508] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.058264][ T4508] CR2: 00007ffe88583f48 CR3: 000000007c17e000 CR4: 00000000003506f0 [ 75.066350][ T4508] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.074410][ T4508] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.082495][ T4508] Call Trace: [ 75.085879][ T4508] [ 75.088846][ T4508] ? __warn+0x163/0x4b0 [ 75.093062][ T4508] ? usb_submit_urb+0xc4e/0x18c0 [ 75.098196][ T4508] ? report_bug+0x2b3/0x500 [ 75.102780][ T4508] ? usb_submit_urb+0xc4e/0x18c0 [ 75.107817][ T4508] ? handle_bug+0x3e/0x70 [ 75.112190][ T4508] ? exc_invalid_op+0x1a/0x50 [ 75.116968][ T4508] ? asm_exc_invalid_op+0x1a/0x20 exit_group(0) = ? +++ exited with 0 +++ [ 75.122057][ T4508] ? __warn_printk+0x29