./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4065213468 <...> DUID 00:04:83:15:3d:b3:f9:44:11:d6:e6:e1:d9:1f:49:4d:f4:66 forked to background, child pid 4669 [ 50.522443][ T4670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.542183][ T4670] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.57' (ECDSA) to the list of known hosts. execve("./syz-executor4065213468", ["./syz-executor4065213468"], 0x7ffdf7774d10 /* 10 vars */) = 0 brk(NULL) = 0x555555c24000 brk(0x555555c24c40) = 0x555555c24c40 arch_prctl(ARCH_SET_FS, 0x555555c24300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4065213468", 4096) = 28 brk(0x555555c45c40) = 0x555555c45c40 brk(0x555555c46000) = 0x555555c46000 mprotect(0x7fd50e398000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe22382550) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe22381540) = 18 syzkaller login: [ 91.645780][ T4746] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe22381540) = 18 [ 91.895722][ T4746] usb 1-1: Using ep0 maxpacket: 32 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe22381540) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe22381540) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe22381540) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe22381540) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 [ 92.056575][ T4746] usb 1-1: unable to get BOS descriptor or descriptor too short ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe22381540) = 426 [ 92.136214][ T4746] usb 1-1: config 6 has an invalid interface number: 199 but max is 2 [ 92.144727][ T4746] usb 1-1: config 6 has an invalid interface number: 48 but max is 2 [ 92.152947][ T4746] usb 1-1: config 6 has an invalid interface number: 105 but max is 2 [ 92.161186][ T4746] usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping [ 92.169943][ T4746] usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping [ 92.178686][ T4746] usb 1-1: config 6 has an invalid interface descriptor of length 2, skipping [ 92.187598][ T4746] usb 1-1: config 6 has no interface number 0 [ 92.193702][ T4746] usb 1-1: config 6 has no interface number 1 [ 92.199887][ T4746] usb 1-1: config 6 has no interface number 2 [ 92.206100][ T4746] usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 92.217210][ T4746] usb 1-1: config 6 interface 199 altsetting 128 has an invalid endpoint with address 0x0, skipping [ 92.229484][ T7] cfg80211: failed to load regulatory.db [ 92.235949][ T4746] usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x8, skipping [ 92.246988][ T4746] usb 1-1: config 6 interface 199 altsetting 128 bulk endpoint 0x2 has invalid maxpacket 8 [ 92.257104][ T4746] usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 92.268377][ T4746] usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 92.279614][ T4746] usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x1, skipping [ 92.290805][ T4746] usb 1-1: config 6 interface 199 altsetting 128 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 92.301906][ T4746] usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x4, skipping [ 92.313012][ T4746] usb 1-1: config 6 interface 48 altsetting 8 has a duplicate endpoint with address 0xA, skipping [ 92.323701][ T4746] usb 1-1: config 6 interface 105 altsetting 129 has 0 endpoint descriptors, different from the interface descriptor's value: 7 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe22381540) = 0 [ 92.336968][ T4746] usb 1-1: config 6 interface 199 has no altsetting 0 [ 92.343742][ T4746] usb 1-1: config 6 interface 48 has no altsetting 0 [ 92.350476][ T4746] usb 1-1: config 6 interface 105 has no altsetting 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe22381540) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe22381540) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe22381540) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe22381540) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe22381540) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe22382550) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xd3) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fd50e39e3ac) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe22381540) = 0 [ 92.596247][ T4746] usb 1-1: string descriptor 0 read error: -22 [ 92.602543][ T4746] usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=b9.c5 [ 92.611666][ T4746] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.662147][ T4746] ------------[ cut here ]------------ [ 92.668011][ T4746] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 92.674647][ T4746] WARNING: CPU: 0 PID: 4746 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 [ 92.684318][ T4746] Modules linked in: [ 92.688257][ T4746] CPU: 0 PID: 4746 Comm: kworker/0:3 Not tainted 6.3.0-syzkaller-13466-gfc4354c6e5c2 #0 [ 92.698035][ T4746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 92.708176][ T4746] Workqueue: usb_hub_wq hub_event [ 92.713267][ T4746] RIP: 0010:usb_submit_urb+0xed6/0x1880 [ 92.718895][ T4746] Code: 7c 24 18 e8 2c 37 5c fb 48 8b 7c 24 18 e8 62 1d f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 e0 ae fc 8a e8 8a f4 23 fb <0f> 0b e9 58 f8 ff ff e8 fe 36 5c fb 48 81 c5 c0 05 00 00 e9 84 f7 [ 92.738713][ T4746] RSP: 0018:ffffc900037deeb8 EFLAGS: 00010282 [ 92.744810][ T4746] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 92.752906][ T4746] RDX: ffff888014be5940 RSI: ffffffff814c03e7 RDI: 0000000000000001 [ 92.761097][ T4746] RBP: ffff8880162bd190 R08: 0000000000000001 R09: 0000000000000000 [ 92.769269][ T4746] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 92.777391][ T4746] R13: ffff8880152da1b8 R14: 0000000000000002 R15: ffff888017a6f900 [ 92.785401][ T4746] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 92.794432][ T4746] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.801085][ T4746] CR2: 000000000066c7e0 CR3: 000000001773a000 CR4: 00000000003506f0 [ 92.809129][ T4746] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 92.817166][ T4746] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 92.825152][ T4746] Call Trace: [ 92.828549][ T4746] [ 92.831518][ T4746] ? __init_swait_queue_head+0xca/0x150 [ 92.837191][ T4746] usb_start_wait_urb+0x101/0x4b0 [ 92.842287][ T4746] ? usb_api_blocking_completion+0xa0/0xa0 [ 92.848196][ T4746] ? usb_alloc_urb+0xa4/0xb0 [ 92.852887][ T4746] ? rcu_is_watching+0x12/0xb0 [ 92.857774][ T4746] ? __kmalloc+0xf2/0x190 exit_group(0) = ? +++ exited with 0 +++ [ 92.8621