./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1678281866 <...> Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts. execve("./syz-executor1678281866", ["./syz-executor1678281866"], 0x7ffc27b287d0 /* 10 vars */) = 0 brk(NULL) = 0x5555571d4000 brk(0x5555571d4c40) = 0x5555571d4c40 arch_prctl(ARCH_SET_FS, 0x5555571d4300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1678281866", 4096) = 28 brk(0x5555571f5c40) = 0x5555571f5c40 brk(0x5555571f6000) = 0x5555571f6000 mprotect(0x7f3ece50f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3488 ./strace-static-x86_64: Process 3488 attached [pid 3488] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3487] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3488] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3489 ./strace-static-x86_64: Process 3489 attached [pid 3489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3489] setpgid(0, 0./strace-static-x86_64: Process 3490 attached [pid 3487] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3490 [pid 3489] <... setpgid resumed>) = 0 [pid 3489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3487] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3489] <... openat resumed>) = 3 [pid 3487] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3491 [pid 3489] write(3, "1000", 4) = 4 [pid 3489] close(3 [pid 3487] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3490] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3489] <... close resumed>) = 0 [pid 3489] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR./strace-static-x86_64: Process 3491 attached ) = 3 [pid 3487] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3492 [pid 3491] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3490] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3493 [pid 3487] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3489] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3487] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3495 [pid 3489] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN./strace-static-x86_64: Process 3492 attached ./strace-static-x86_64: Process 3495 attached ./strace-static-x86_64: Process 3493 attached [pid 3487] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3491] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3494 [pid 3489] <... ioctl resumed>, 0) = 0 [pid 3492] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3494 attached [pid 3494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3494] setpgid(0, 0) = 0 [pid 3494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3492] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3496 [pid 3494] <... openat resumed>) = 3 [pid 3489] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3494] write(3, "1000", 4 [pid 3489] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3494] <... write resumed>) = 4 [pid 3494] close(3 [pid 3493] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3487] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3497 [pid 3493] <... prctl resumed>) = 0 [pid 3494] <... close resumed>) = 0 [pid 3489] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3495] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3497 attached ./strace-static-x86_64: Process 3496 attached [pid 3494] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3493] setpgid(0, 0 [pid 3497] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3496] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3494] <... openat resumed>) = 3 [pid 3493] <... setpgid resumed>) = 0 [pid 3496] <... prctl resumed>) = 0 [pid 3495] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3498 [pid 3494] ioctl(3, USB_RAW_IOCTL_INIT [pid 3493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 3498 attached [pid 3497] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3499 [pid 3496] setpgid(0, 0 [pid 3494] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3498] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3496] <... setpgid resumed>) = 0 [pid 3494] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3493] <... openat resumed>) = 3 [pid 3498] <... prctl resumed>) = 0 [pid 3496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3494] <... ioctl resumed>, 0) = 0 [pid 3493] write(3, "1000", 4./strace-static-x86_64: Process 3499 attached [pid 3498] setpgid(0, 0 [pid 3496] <... openat resumed>) = 3 [pid 3494] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] <... write resumed>) = 4 [pid 3499] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3498] <... setpgid resumed>) = 0 [pid 3496] write(3, "1000", 4 [pid 3494] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3493] close(3 [pid 3499] <... prctl resumed>) = 0 [pid 3498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3496] <... write resumed>) = 4 [pid 3494] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] <... close resumed>) = 0 [pid 3499] setpgid(0, 0 [pid 3496] close(3 [pid 3499] <... setpgid resumed>) = 0 [pid 3498] <... openat resumed>) = 3 [pid 3496] <... close resumed>) = 0 [pid 3493] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3498] write(3, "1000", 4 [pid 3496] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3493] <... openat resumed>) = 3 [pid 3499] <... openat resumed>) = 3 [pid 3498] <... write resumed>) = 4 [pid 3496] <... openat resumed>) = 3 [pid 3499] write(3, "1000", 4 [pid 3498] close(3 [pid 3496] ioctl(3, USB_RAW_IOCTL_INIT [pid 3493] ioctl(3, USB_RAW_IOCTL_INIT [pid 3499] <... write resumed>) = 4 [pid 3498] <... close resumed>) = 0 [pid 3496] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3499] close(3 [pid 3498] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3496] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3493] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3499] <... close resumed>) = 0 [pid 3498] <... openat resumed>) = 3 [pid 3493] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3499] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3498] ioctl(3, USB_RAW_IOCTL_INIT [pid 3496] <... ioctl resumed>, 0) = 0 [pid 3493] <... ioctl resumed>, 0) = 0 [pid 3499] <... openat resumed>) = 3 [pid 3498] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3499] ioctl(3, USB_RAW_IOCTL_INIT [pid 3498] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3493] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3499] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3498] <... ioctl resumed>, 0) = 0 [pid 3496] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3499] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3498] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3499] <... ioctl resumed>, 0) = 0 [pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3489] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3489] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3494] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3489] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3494] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3489] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3494] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 108.652558][ T3501] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 108.672790][ T113] usb 3-1: new high-speed USB device number 2 using dummy_hcd [pid 3494] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3496] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 108.722505][ T6] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 108.732588][ T28] usb 2-1: new high-speed USB device number 2 using dummy_hcd [pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3493] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3498] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3499] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3498] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3493] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3499] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 108.763014][ T123] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 108.763118][ T25] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 108.892532][ T3501] usb 1-1: Using ep0 maxpacket: 8 [pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3489] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3489] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3494] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3489] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3494] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 108.912725][ T113] usb 3-1: Using ep0 maxpacket: 8 [pid 3489] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3494] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3489] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3494] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3489] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3494] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3489] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3494] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3489] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3496] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3489] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3494] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3494] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 108.973084][ T6] usb 4-1: Using ep0 maxpacket: 8 [pid 3489] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3496] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3494] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3489] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 109.012997][ T3501] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [ 109.021347][ T3501] usb 1-1: config 0 has no interface number 0 [ 109.027724][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 109.033520][ T28] usb 2-1: Using ep0 maxpacket: 8 [ 109.037908][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 109.043318][ T123] usb 5-1: Using ep0 maxpacket: 8 [ 109.053661][ T25] usb 6-1: Using ep0 maxpacket: 8 [pid 3494] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3489] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3494] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3494] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3496] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3489] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3489] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3498] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3493] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3498] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3496] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3493] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3489] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3499] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3489] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3494] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3494] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3498] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3496] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3493] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3489] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3489] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3499] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3494] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 109.066236][ T113] usb 3-1: config 0 has an invalid interface number: 164 but max is 0 [ 109.075055][ T113] usb 3-1: config 0 has no interface number 0 [ 109.081333][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 109.091606][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3494] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3496] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3489] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3489] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3498] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3493] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3499] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3494] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3494] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3498] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3493] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3494] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 109.142918][ T6] usb 4-1: config 0 has an invalid interface number: 164 but max is 0 [ 109.151430][ T6] usb 4-1: config 0 has no interface number 0 [ 109.158265][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 109.168625][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 109.173040][ T28] usb 2-1: config 0 has an invalid interface number: 164 but max is 0 [ 109.187271][ T28] usb 2-1: config 0 has no interface number 0 [pid 3494] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3494] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3499] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3496] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3494] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3489] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3489] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3498] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [ 109.193581][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 109.203872][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 109.223163][ T123] usb 5-1: config 0 has an invalid interface number: 164 but max is 0 [ 109.231595][ T123] usb 5-1: config 0 has no interface number 0 [pid 3499] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3496] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3494] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3493] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3489] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3489] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3493] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3494] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3498] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [ 109.233281][ T25] usb 6-1: config 0 has an invalid interface number: 164 but max is 0 [ 109.238151][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 109.246015][ T25] usb 6-1: config 0 has no interface number 0 [ 109.256001][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 109.272781][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 109.283048][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3499] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3496] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3494] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3493] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3489] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3489] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3498] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3499] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3496] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3489] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3489] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3494] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3498] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 109.313293][ T113] usb 3-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 109.322650][ T113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.330795][ T113] usb 3-1: Product: syz [ 109.335680][ T113] usb 3-1: Manufacturer: syz [ 109.340422][ T113] usb 3-1: SerialNumber: syz [ 109.348146][ T3501] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3498] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3493] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3496] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3498] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3494] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3494] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3493] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3494] <... ioctl resumed>, 0) = 0 [pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3494] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 109.359347][ T3501] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.367639][ T3501] usb 1-1: Product: syz [ 109.371986][ T3501] usb 1-1: Manufacturer: syz [ 109.376844][ T3501] usb 1-1: SerialNumber: syz [ 109.390190][ T113] usb 3-1: config 0 descriptor?? [ 109.397918][ T3501] usb 1-1: config 0 descriptor?? [pid 3499] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3496] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3494] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3489] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3489] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3489] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3489] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3494] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [ 109.426568][ T3494] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 109.432575][ T3489] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 109.443664][ T28] usb 2-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 109.444191][ T3494] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 109.452919][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.462994][ T6] usb 4-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [pid 3494] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3489] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3499] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3496] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3493] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3494] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3498] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3496] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3499] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 109.468185][ T28] usb 2-1: Product: syz [ 109.477196][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.481323][ T28] usb 2-1: Manufacturer: syz [ 109.481404][ T28] usb 2-1: SerialNumber: syz [ 109.489481][ T6] usb 4-1: Product: syz [ 109.495722][ T123] usb 5-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 109.498740][ T6] usb 4-1: Manufacturer: syz [ 109.498822][ T6] usb 4-1: SerialNumber: syz [pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3489] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3499] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3498] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3496] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3489] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3498] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3498] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3498] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3498] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [ 109.503043][ T123] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.503141][ T123] usb 5-1: Product: syz [ 109.503217][ T123] usb 5-1: Manufacturer: syz [ 109.503294][ T123] usb 5-1: SerialNumber: syz [ 109.507323][ T123] usb 5-1: config 0 descriptor?? [ 109.538555][ T6] usb 4-1: config 0 descriptor?? [ 109.548414][ T3489] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 109.566876][ T3498] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22 [pid 3496] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3498] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3499] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3498] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3496] <... ioctl resumed>, 0) = 0 [ 109.576551][ T3498] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22 [ 109.590749][ T3496] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 109.591965][ T28] usb 2-1: config 0 descriptor?? [ 109.611741][ T25] usb 6-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 109.616977][ T123] ------------[ cut here ]------------ [ 109.621139][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.626980][ T123] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [ 109.634730][ T25] usb 6-1: Product: syz [ 109.641971][ T123] WARNING: CPU: 1 PID: 123 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 109.644904][ T25] usb 6-1: Manufacturer: syz [ 109.654703][ T123] Modules linked in: [ 109.659136][ T25] usb 6-1: SerialNumber: syz [ 109.668226][ T123] [ 109.670671][ T123] CPU: 1 PID: 123 Comm: kworker/1:2 Not tainted 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 109.671143][ T113] ------------[ cut here ]------------ [ 109.680833][ T123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 109.680921][ T123] Workqueue: usb_hub_wq hub_event [ 109.686777][ T113] usb 3-1: BOGUS urb xfer, pipe 1 != type 3 [ 109.696674][ T123] [ 109.696708][ T123] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 109.703193][ T113] WARNING: CPU: 0 PID: 113 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 109.707764][ T123] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 109.709993][ T113] Modules linked in: [ 109.715693][ T123] RSP: 0018:ffff8881092b6878 EFLAGS: 00010246 [ 109.715793][ T123] RAX: f603424d0d5e4e00 RBX: 0000000000000000 RCX: ffff888103e720c0 [ 109.725424][ T113] CPU: 0 PID: 113 Comm: kworker/0:2 Not tainted 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 109.745381][ T123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 109.749062][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 109.755201][ T123] RBP: ffff8881092b6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 109.763357][ T113] Workqueue: usb_hub_wq hub_event [ 109.763512][ T113] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 109.763641][ T113] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 109.763735][ T113] RSP: 0018:ffff888109c8e878 EFLAGS: 00010246 [ 109.763829][ T113] RAX: 7c40313c42a2f100 RBX: 0000000000000000 RCX: ffff888109c90000 [ 109.763909][ T113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 109.763978][ T113] RBP: ffff888109c8e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 109.774080][ T123] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 109.774154][ T123] R13: 0000000000000003 R14: ffff888103e72c18 R15: 0000000000000000 [ 109.774224][ T123] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 109.782225][ T113] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 109.792403][ T123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.800391][ T113] R13: 0000000000000003 R14: ffff888109c90b58 R15: 0000000000000000 [ 109.805491][ T123] CR2: 00007ffd5893e960 CR3: 00000001272ef000 CR4: 00000000003506e0 [ 109.805571][ T123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 109.805633][ T123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 109.811284][ T113] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 109.831128][ T123] Call Trace: [ 109.837280][ T113] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.845283][ T123] [ 109.845369][ T123] usb_start_wait_urb+0xcf/0x350 [ 109.853330][ T113] CR2: 00005641472aa048 CR3: 000000010e779000 CR4: 00000000003506f0 [ 109.861328][ T123] usb_bulk_msg+0x5cc/0x6f0 [ 109.869435][ T113] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 109.877462][ T123] usb_interrupt_msg+0x54/0x70 [ 109.886529][ T113] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 109.894617][ T123] vmk80xx_write_packet+0x5f7/0x7d0 [ 109.901185][ T113] Call Trace: [ 109.901218][ T113] [ 109.909292][ T123] vmk80xx_auto_attach+0xe75/0x1e60 [ 109.917369][ T113] usb_start_wait_urb+0xcf/0x350 [ 109.925424][ T123] ? vmk80xx_detach+0x1a0/0x1a0 [ 109.925549][ T123] comedi_auto_config+0x2de/0x620 [ 109.933634][ T113] usb_bulk_msg+0x5cc/0x6f0 [ 109.942649][ T123] comedi_usb_auto_config+0x3f/0x50 [ 109.945956][ T113] usb_interrupt_msg+0x54/0x70 [ 109.952633][ T123] vmk80xx_usb_probe+0x54/0x70 [ 109.955608][ T113] vmk80xx_write_packet+0x5f7/0x7d0 [ 109.960550][ T123] ? vmk80xx_read_packet+0x770/0x770 [ 109.968658][ T113] vmk80xx_auto_attach+0xe75/0x1e60 [ 109.973191][ T123] usb_probe_interface+0xc4b/0x11f0 [ 109.981234][ T113] ? vmk80xx_detach+0x1a0/0x1a0 [ 109.986089][ T123] ? usb_register_driver+0x5f0/0x5f0 [ 109.994143][ T113] comedi_auto_config+0x2de/0x620 [ 109.999323][ T123] really_probe+0x506/0x1000 [ 110.002750][ T113] comedi_usb_auto_config+0x3f/0x50 [ 110.005669][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 110.010889][ T113] vmk80xx_usb_probe+0x54/0x70 [ 110.016056][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 110.020803][ T113] ? vmk80xx_read_packet+0x770/0x770 [ 110.025941][ T123] __driver_probe_device+0x2fa/0x3d0 [ 110.030458][ T113] usb_probe_interface+0xc4b/0x11f0 [ 110.035728][ T123] driver_probe_device+0x72/0x7a0 [ 110.040543][ T113] ? usb_register_driver+0x5f0/0x5f0 [ 110.045430][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 110.050597][ T113] really_probe+0x506/0x1000 [ 110.055983][ T123] __device_attach_driver+0x548/0x8e0 [ 110.061215][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 110.066565][ T123] bus_for_each_drv+0x1fc/0x360 [ 110.071422][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 110.076762][ T123] ? coredump_store+0xa0/0xa0 [ 110.076918][ T123] __device_attach+0x42a/0x720 [ 110.077071][ T123] device_initial_probe+0x2e/0x40 [ 110.082099][ T113] __driver_probe_device+0x2fa/0x3d0 [ 110.086824][ T123] bus_probe_device+0x13c/0x3b0 [ 110.092050][ T113] driver_probe_device+0x72/0x7a0 [ 110.098195][ T123] device_add+0x1d4b/0x26c0 [ 110.103147][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 110.103308][ T113] __device_attach_driver+0x548/0x8e0 [ 110.109217][ T123] usb_set_configuration+0x30f8/0x37e0 [ 110.114595][ T113] bus_for_each_drv+0x1fc/0x360 [ 110.119947][ T123] usb_generic_driver_probe+0x105/0x290 [ 110.125218][ T113] ? coredump_store+0xa0/0xa0 [ 110.130264][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 110.135648][ T113] __device_attach+0x42a/0x720 [ 110.141492][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 110.146218][ T113] device_initial_probe+0x2e/0x40 [ 110.151595][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 110.157799][ T113] bus_probe_device+0x13c/0x3b0 [ 110.163272][ T123] usb_probe_device+0x288/0x490 [ 110.168651][ T113] device_add+0x1d4b/0x26c0 [ 110.173393][ T123] ? usb_register_device_driver+0x440/0x440 [ 110.178205][ T113] usb_set_configuration+0x30f8/0x37e0 [ 110.183338][ T123] really_probe+0x506/0x1000 [ 110.188721][ T113] usb_generic_driver_probe+0x105/0x290 [ 110.193629][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 110.198669][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 110.203318][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 110.209132][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 110.214577][ T123] __driver_probe_device+0x2fa/0x3d0 [ 110.220081][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 110.225048][ T123] driver_probe_device+0x72/0x7a0 [ 110.230597][ T113] usb_probe_device+0x288/0x490 [ 110.235344][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 110.241183][ T113] ? usb_register_device_driver+0x440/0x440 [ 110.246053][ T123] __device_attach_driver+0x548/0x8e0 [ 110.251793][ T113] really_probe+0x506/0x1000 [ 110.256971][ T123] bus_for_each_drv+0x1fc/0x360 [ 110.262807][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 110.267676][ T123] ? coredump_store+0xa0/0xa0 [ 110.272621][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 110.277126][ T123] __device_attach+0x42a/0x720 [ 110.283125][ T113] __driver_probe_device+0x2fa/0x3d0 [ 110.288609][ T123] device_initial_probe+0x2e/0x40 [ 110.293272][ T113] driver_probe_device+0x72/0x7a0 [ 110.298803][ T123] bus_probe_device+0x13c/0x3b0 [ 110.304981][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 110.310808][ T123] device_add+0x1d4b/0x26c0 [ 110.316728][ T113] __device_attach_driver+0x548/0x8e0 [ 110.322555][ T123] usb_new_device+0x17ac/0x2370 [ 110.327868][ T113] bus_for_each_drv+0x1fc/0x360 [ 110.333661][ T123] hub_event+0x5589/0x8080 [ 110.338686][ T113] ? coredump_store+0xa0/0xa0 [ 110.343716][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 110.349476][ T113] __device_attach+0x42a/0x720 [ 110.355420][ T123] ? led_work+0x730/0x730 [ 110.360842][ T113] device_initial_probe+0x2e/0x40 [ 110.365513][ T123] ? led_work+0x730/0x730 [ 110.370380][ T113] bus_probe_device+0x13c/0x3b0 [ 110.376551][ T123] process_one_work+0xb27/0x13e0 [pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3496] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3494] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3496] <... ioctl resumed>, 0) = 0 [pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3489] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3496] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3498] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3494] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3489] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3493] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3499] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3493] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3493] <... ioctl resumed>, 0) = 0 [pid 3493] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [ 110.381269][ T113] device_add+0x1d4b/0x26c0 [ 110.387196][ T123] worker_thread+0x1076/0x1d60 [ 110.391969][ T113] usb_new_device+0x17ac/0x2370 [ 110.397300][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 110.402465][ T113] hub_event+0x5589/0x8080 [ 110.407478][ T123] ? __kthread_parkme+0x110/0x1b0 [ 110.412478][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 110.418216][ T123] kthread+0x31b/0x430 [ 110.422815][ T113] ? led_work+0x730/0x730 [pid 3496] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3498] exit_group(0 [pid 3494] exit_group(0 [pid 3489] exit_group(0 [pid 3498] <... exit_group resumed>) = ? [pid 3494] <... exit_group resumed>) = ? [ 110.428198][ T123] ? worker_clr_flags+0x2b0/0x2b0 [ 110.433270][ T113] ? led_work+0x730/0x730 [ 110.438118][ T123] ? kthread_blkcg+0x120/0x120 [ 110.442629][ T113] process_one_work+0xb27/0x13e0 [ 110.447321][ T123] ret_from_fork+0x1f/0x30 [ 110.453235][ T113] worker_thread+0x1076/0x1d60 [ 110.457982][ T123] [ 110.462433][ T113] kthread+0x31b/0x430 [ 110.467432][ T123] ---[ end trace 0000000000000000 ]--- [ 110.477887][ T3493] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 110.481805][ T113] ? worker_clr_flags+0x2b0/0x2b0 [pid 3489] <... exit_group resumed>) = ? [pid 3498] +++ exited with 0 +++ [pid 3494] +++ exited with 0 +++ [pid 3489] +++ exited with 0 +++ [pid 3495] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3498, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3491] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3494, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3488] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3489, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3495] restart_syscall(<... resuming interrupted clone ...> [pid 3491] restart_syscall(<... resuming interrupted clone ...> [pid 3488] restart_syscall(<... resuming interrupted clone ...> [pid 3495] <... restart_syscall resumed>) = 0 [pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3491] <... restart_syscall resumed>) = 0 [pid 3488] <... restart_syscall resumed>) = 0 [pid 3493] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3495] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3491] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 110.524122][ T3496] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 110.527426][ T113] ? kthread_blkcg+0x120/0x120 [ 110.594621][ T3493] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 110.608119][ T113] ret_from_fork+0x1f/0x30 [ 110.612870][ T113] [ 110.616041][ T113] ---[ end trace 0000000000000000 ]--- [ 110.626970][ T3501] ------------[ cut here ]------------ [pid 3488] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3493] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3495] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3508 [pid 3491] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3509 [pid 3488] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3510 [ 110.632868][ T3501] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 110.641078][ T3501] WARNING: CPU: 0 PID: 3501 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 110.648524][ T28] ------------[ cut here ]------------ [ 110.652669][ T3501] Modules linked in: [ 110.656453][ T28] usb 2-1: BOGUS urb xfer, pipe 1 != type 3 [ 110.657862][ T28] WARNING: CPU: 1 PID: 28 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 110.660400][ T3501] [ 110.660433][ T3501] CPU: 0 PID: 3501 Comm: kworker/0:3 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 110.666363][ T28] Modules linked in: [ 110.666418][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 110.675924][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 110.678258][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 110.689950][ T3501] Workqueue: usb_hub_wq hub_event [ 110.693867][ T28] Workqueue: usb_hub_wq hub_event [ 110.705318][ T3501] [ 110.705346][ T3501] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 110.715455][ T28] [ 110.715483][ T28] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 110.725640][ T3501] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 110.730728][ T28] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 110.735824][ T3501] RSP: 0018:ffff888122a6e878 EFLAGS: 00010246 [ 110.738151][ T28] RSP: 0018:ffff8881027a2878 EFLAGS: 00010246 [ 110.743910][ T3501] [ 110.746209][ T28] [ 110.746236][ T28] RAX: c3242d7576535800 RBX: 0000000000000000 RCX: ffff888102684180 [ 110.751860][ T3501] RAX: f66d70e6d79e2000 RBX: 0000000000000000 RCX: ffff888121010000 [ 110.771557][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 110.791255][ T3501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 110.797388][ T28] RBP: ffff8881027a2998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 110.803787][ T3501] RBP: ffff888122a6e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 110.805890][ T28] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 110.808234][ T3501] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 110.816271][ T28] R13: 0000000000000003 R14: ffff888102684cd8 R15: 0000000000000000 [ 110.824351][ T3501] R13: 0000000000000003 R14: ffff888121010b58 R15: 0000000000000000 [ 110.824423][ T3501] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 110.824515][ T3501] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.832529][ T28] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 110.832625][ T28] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.840597][ T3501] CR2: 00005641472aa048 CR3: 000000010e779000 CR4: 00000000003506f0 [ 110.848703][ T28] CR2: 00005555571d45d0 CR3: 00000001272ee000 CR4: 00000000003506e0 [ 110.856716][ T3501] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 110.864794][ T28] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 110.872863][ T3501] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 110.880848][ T28] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 110.888915][ T3501] Call Trace: [ 110.888949][ T3501] [ 110.897908][ T28] Call Trace: [ 110.897940][ T28] [ 110.898018][ T28] usb_start_wait_urb+0xcf/0x350 [ 110.904787][ T3501] usb_start_wait_urb+0xcf/0x350 [ 110.913801][ T28] usb_bulk_msg+0x5cc/0x6f0 [ 110.920377][ T3501] usb_bulk_msg+0x5cc/0x6f0 [ 110.928443][ T28] usb_interrupt_msg+0x54/0x70 [ 110.936534][ T3501] usb_interrupt_msg+0x54/0x70 [ 110.944565][ T28] vmk80xx_write_packet+0x5f7/0x7d0 [ 110.952667][ T3501] vmk80xx_write_packet+0x5f7/0x7d0 [ 110.960662][ T28] vmk80xx_auto_attach+0xe75/0x1e60 [ 110.968720][ T3501] vmk80xx_auto_attach+0xe75/0x1e60 [ 110.972057][ T28] ? vmk80xx_detach+0x1a0/0x1a0 [ 110.975072][ T3501] ? vmk80xx_detach+0x1a0/0x1a0 [ 110.975193][ T3501] comedi_auto_config+0x2de/0x620 [ 110.978452][ T28] comedi_auto_config+0x2de/0x620 [ 110.981422][ T3501] comedi_usb_auto_config+0x3f/0x50 [ 110.986444][ T28] comedi_usb_auto_config+0x3f/0x50 [ 110.991416][ T3501] vmk80xx_usb_probe+0x54/0x70 [ 110.995978][ T28] vmk80xx_usb_probe+0x54/0x70 [ 111.000508][ T3501] ? vmk80xx_read_packet+0x770/0x770 [ 111.005349][ T28] ? vmk80xx_read_packet+0x770/0x770 [ 111.010124][ T3501] usb_probe_interface+0xc4b/0x11f0 [ 111.015385][ T28] usb_probe_interface+0xc4b/0x11f0 [ 111.020639][ T3501] ? usb_register_driver+0x5f0/0x5f0 [ 111.025918][ T28] ? usb_register_driver+0x5f0/0x5f0 [ 111.031108][ T3501] really_probe+0x506/0x1000 [ 111.036062][ T28] really_probe+0x506/0x1000 [ 111.040905][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 111.046008][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 111.046148][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.051252][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.056527][ T28] __driver_probe_device+0x2fa/0x3d0 [ 111.061780][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 111.066625][ T28] driver_probe_device+0x72/0x7a0 [ 111.071396][ T3501] driver_probe_device+0x72/0x7a0 [ 111.076743][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.082110][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.087421][ T28] __device_attach_driver+0x548/0x8e0 [ 111.092682][ T3501] __device_attach_driver+0x548/0x8e0 [ 111.092837][ T3501] bus_for_each_drv+0x1fc/0x360 [ 111.098130][ T28] bus_for_each_drv+0x1fc/0x360 [ 111.103482][ T3501] ? coredump_store+0xa0/0xa0 [ 111.108092][ T28] ? coredump_store+0xa0/0xa0 [ 111.112775][ T3501] __device_attach+0x42a/0x720 [ 111.118835][ T28] __device_attach+0x42a/0x720 [ 111.125013][ T3501] device_initial_probe+0x2e/0x40 [ 111.130851][ T28] device_initial_probe+0x2e/0x40 [ 111.136764][ T3501] bus_probe_device+0x13c/0x3b0 [ 111.142003][ T28] bus_probe_device+0x13c/0x3b0 [ 111.147383][ T3501] device_add+0x1d4b/0x26c0 [ 111.152480][ T28] device_add+0x1d4b/0x26c0 [ 111.157544][ T3501] usb_set_configuration+0x30f8/0x37e0 [ 111.163435][ T28] usb_set_configuration+0x30f8/0x37e0 [ 111.169307][ T3501] usb_generic_driver_probe+0x105/0x290 [ 111.174741][ T28] usb_generic_driver_probe+0x105/0x290 [ 111.180080][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.185050][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.189876][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 111.194678][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 111.199432][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 111.204276][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 111.209048][ T3501] usb_probe_device+0x288/0x490 [ 111.214135][ T28] usb_probe_device+0x288/0x490 [ 111.219201][ T3501] ? usb_register_device_driver+0x440/0x440 [ 111.224133][ T28] ? usb_register_device_driver+0x440/0x440 [ 111.228983][ T3501] really_probe+0x506/0x1000 [ 111.233543][ T28] really_probe+0x506/0x1000 [ 111.238078][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 111.243657][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 111.249096][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.254702][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.260320][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 111.266207][ T28] __driver_probe_device+0x2fa/0x3d0 [ 111.272034][ T3501] driver_probe_device+0x72/0x7a0 [ 111.277886][ T28] driver_probe_device+0x72/0x7a0 [ 111.283718][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.289460][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.295270][ T3501] __device_attach_driver+0x548/0x8e0 [ 111.300119][ T28] __device_attach_driver+0x548/0x8e0 [ 111.305053][ T3501] bus_for_each_drv+0x1fc/0x360 [ 111.311017][ T28] bus_for_each_drv+0x1fc/0x360 [ 111.317142][ T3501] ? coredump_store+0xa0/0xa0 [ 111.321560][ T28] ? coredump_store+0xa0/0xa0 [ 111.326245][ T3501] __device_attach+0x42a/0x720 [ 111.332376][ T28] __device_attach+0x42a/0x720 [ 111.338483][ T3501] device_initial_probe+0x2e/0x40 [ 111.344399][ T28] device_initial_probe+0x2e/0x40 [ 111.350246][ T3501] bus_probe_device+0x13c/0x3b0 [ 111.355590][ T28] bus_probe_device+0x13c/0x3b0 [ 111.360922][ T3501] device_add+0x1d4b/0x26c0 [ 111.366122][ T28] device_add+0x1d4b/0x26c0 [ 111.371069][ T3501] usb_new_device+0x17ac/0x2370 [ 111.376936][ T28] usb_new_device+0x17ac/0x2370 [ 111.382861][ T3501] hub_event+0x5589/0x8080 [ 111.388237][ T28] hub_event+0x5589/0x8080 [ 111.393732][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.398774][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.403723][ T3501] ? led_work+0x730/0x730 [ 111.408320][ T28] ? led_work+0x730/0x730 [ 111.413081][ T3501] ? led_work+0x730/0x730 [ 111.417844][ T28] ? led_work+0x730/0x730 [ 111.422676][ T3501] process_one_work+0xb27/0x13e0 [ 111.427755][ T28] process_one_work+0xb27/0x13e0 [ 111.433020][ T3501] worker_thread+0x1076/0x1d60 [ 111.437742][ T28] worker_thread+0x1076/0x1d60 [ 111.442678][ T3501] kthread+0x31b/0x430 [ 111.447195][ T28] kthread+0x31b/0x430 [ 111.451671][ T3501] ? worker_clr_flags+0x2b0/0x2b0 [ 111.456583][ T28] ? worker_clr_flags+0x2b0/0x2b0 [ 111.461469][ T3501] ? kthread_blkcg+0x120/0x120 [ 111.465966][ T28] ? kthread_blkcg+0x120/0x120 [ 111.470431][ T3501] ret_from_fork+0x1f/0x30 [ 111.476303][ T28] ret_from_fork+0x1f/0x30 [ 111.482165][ T3501] [ 111.486666][ T28] [ 111.490892][ T3501] ---[ end trace 0000000000000000 ]--- [ 111.569688][ T25] usb 6-1: config 0 descriptor?? [ 111.581384][ T28] ---[ end trace 0000000000000000 ]--- ./strace-static-x86_64: Process 3510 attached ./strace-static-x86_64: Process 3509 attached ./strace-static-x86_64: Process 3508 attached [pid 3499] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3496] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3510] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3509] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3508] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3493] exit_group(0 [pid 3510] <... prctl resumed>) = 0 [pid 3509] <... prctl resumed>) = 0 [pid 3508] <... prctl resumed>) = 0 [pid 3493] <... exit_group resumed>) = ? [pid 3510] setpgid(0, 0 [pid 3509] setpgid(0, 0 [pid 3508] setpgid(0, 0 [pid 3493] +++ exited with 0 +++ [pid 3510] <... setpgid resumed>) = 0 [pid 3509] <... setpgid resumed>) = 0 [pid 3508] <... setpgid resumed>) = 0 [pid 3490] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3493, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 3510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3490] restart_syscall(<... resuming interrupted clone ...> [pid 3510] <... openat resumed>) = 3 [pid 3509] <... openat resumed>) = 3 [pid 3508] <... openat resumed>) = 3 [pid 3490] <... restart_syscall resumed>) = 0 [pid 3510] write(3, "1000", 4 [pid 3509] write(3, "1000", 4 [pid 3508] write(3, "1000", 4 [pid 3510] <... write resumed>) = 4 [pid 3509] <... write resumed>) = 4 [ 111.584933][ T6] ------------[ cut here ]------------ [ 111.592918][ T6] usb 4-1: BOGUS urb xfer, pipe 1 != type 3 [ 111.600491][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 111.610461][ T6] Modules linked in: [ 111.614856][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 111.626744][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 111.637429][ T6] Workqueue: usb_hub_wq hub_event [ 111.643040][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 111.649157][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 111.665054][ T3499] raw-gadget.5 gadget.5: fail, usb_ep_enable returned -22 [ 111.669106][ T6] RSP: 0018:ffff888102616878 EFLAGS: 00010246 [pid 3508] <... write resumed>) = 4 [pid 3510] close(3 [pid 3509] close(3 [pid 3508] close(3 [pid 3490] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3510] <... close resumed>) = 0 [pid 3509] <... close resumed>) = 0 [pid 3508] <... close resumed>) = 0 [pid 3499] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3510] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3509] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3508] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3499] <... ioctl resumed>, 0) = 0 [pid 3490] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3513 [pid 3510] <... openat resumed>) = 3 [pid 3509] <... openat resumed>) = 3 [pid 3508] <... openat resumed>) = 3 [pid 3499] ioctl(3, USB_RAW_IOCTL_CONFIGURE./strace-static-x86_64: Process 3513 attached [ 111.682988][ T6] RAX: 9ab4860bd45fdb00 RBX: 0000000000000000 RCX: ffff888102604180 [ 111.691385][ T6] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 111.699827][ T6] RBP: ffff888102616998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 111.708307][ T6] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 111.716779][ T6] R13: 0000000000000003 R14: ffff888102604cd8 R15: 0000000000000000 [ 111.725270][ T6] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 111.734719][ T6] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.741710][ T6] CR2: 00005641483c6380 CR3: 00000001272b8000 CR4: 00000000003506f0 [ 111.750181][ T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 111.754506][ T3499] raw-gadget.5 gadget.5: fail, usb_ep_enable returned -22 [ 111.758454][ T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 111.774193][ T6] Call Trace: [ 111.777866][ T6] [ 111.781214][ T6] usb_start_wait_urb+0xcf/0x350 [ 111.786723][ T6] usb_bulk_msg+0x5cc/0x6f0 [ 111.791696][ T6] usb_interrupt_msg+0x54/0x70 [ 111.796995][ T6] vmk80xx_write_packet+0x5f7/0x7d0 [ 111.802792][ T6] vmk80xx_auto_attach+0xe75/0x1e60 [ 111.808493][ T6] ? vmk80xx_detach+0x1a0/0x1a0 [ 111.813882][ T6] comedi_auto_config+0x2de/0x620 [ 111.819364][ T6] comedi_usb_auto_config+0x3f/0x50 [ 111.825117][ T6] vmk80xx_usb_probe+0x54/0x70 [ 111.830350][ T6] ? vmk80xx_read_packet+0x770/0x770 [ 111.836195][ T6] usb_probe_interface+0xc4b/0x11f0 [ 111.841885][ T6] ? usb_register_driver+0x5f0/0x5f0 [ 111.847713][ T6] really_probe+0x506/0x1000 [ 111.852854][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 111.859407][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.865779][ T6] __driver_probe_device+0x2fa/0x3d0 [ 111.871556][ T6] driver_probe_device+0x72/0x7a0 [ 111.877147][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.883523][ T6] __device_attach_driver+0x548/0x8e0 [ 111.889400][ T6] bus_for_each_drv+0x1fc/0x360 [ 111.894800][ T6] ? coredump_store+0xa0/0xa0 [ 111.899971][ T6] __device_attach+0x42a/0x720 [ 111.905311][ T6] device_initial_probe+0x2e/0x40 [ 111.910823][ T6] bus_probe_device+0x13c/0x3b0 [ 111.916235][ T6] device_add+0x1d4b/0x26c0 [ 111.921220][ T6] usb_set_configuration+0x30f8/0x37e0 [ 111.927299][ T6] usb_generic_driver_probe+0x105/0x290 [ 111.933397][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.939683][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 111.945948][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 111.952126][ T6] usb_probe_device+0x288/0x490 [ 111.957548][ T6] ? usb_register_device_driver+0x440/0x440 [ 111.963992][ T6] really_probe+0x506/0x1000 [ 111.969047][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 111.975691][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.981979][ T6] __driver_probe_device+0x2fa/0x3d0 [ 111.987838][ T6] driver_probe_device+0x72/0x7a0 [ 111.993437][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 111.999728][ T6] __device_attach_driver+0x548/0x8e0 [ 112.005679][ T6] bus_for_each_drv+0x1fc/0x360 [ 112.010992][ T6] ? coredump_store+0xa0/0xa0 [ 112.016235][ T6] __device_attach+0x42a/0x720 [ 112.021501][ T6] device_initial_probe+0x2e/0x40 [ 112.027129][ T6] bus_probe_device+0x13c/0x3b0 [ 112.032551][ T6] device_add+0x1d4b/0x26c0 [ 112.037533][ T6] usb_new_device+0x17ac/0x2370 [ 112.043040][ T6] hub_event+0x5589/0x8080 [ 112.048012][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 112.054451][ T6] ? led_work+0x730/0x730 [ 112.059258][ T6] ? led_work+0x730/0x730 [ 112.064187][ T6] process_one_work+0xb27/0x13e0 [ 112.069644][ T6] worker_thread+0x1076/0x1d60 [ 112.075046][ T6] kthread+0x31b/0x430 [ 112.079566][ T6] ? worker_clr_flags+0x2b0/0x2b0 [ 112.085199][ T6] ? kthread_blkcg+0x120/0x120 [pid 3510] ioctl(3, USB_RAW_IOCTL_INIT [pid 3509] ioctl(3, USB_RAW_IOCTL_INIT [pid 3508] ioctl(3, USB_RAW_IOCTL_INIT [pid 3499] <... ioctl resumed>, 0) = 0 [pid 3513] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3510] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3509] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3508] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3499] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3513] <... prctl resumed>) = 0 [pid 3510] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3509] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3508] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3499] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3513] setpgid(0, 0 [pid 3510] <... ioctl resumed>, 0) = 0 [pid 3509] <... ioctl resumed>, 0) = 0 [pid 3508] <... ioctl resumed>, 0) = 0 [pid 3513] <... setpgid resumed>) = 0 [pid 3510] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3509] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3510] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3509] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3508] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3513] <... openat resumed>) = 3 [pid 3510] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3509] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3513] write(3, "1000", 4) = 4 [pid 3499] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3513] close(3 [pid 3499] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3513] <... close resumed>) = 0 [pid 3513] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3513] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3513] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3513] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3513] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3496] exit_group(0) = ? [pid 3496] +++ exited with 0 +++ [pid 3492] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3496, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3492] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3515 ./strace-static-x86_64: Process 3515 attached [pid 3515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3515] setpgid(0, 0) = 0 [pid 3515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3515] write(3, "1000", 4) = 4 [pid 3515] close(3) = 0 [pid 3515] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3515] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3515] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3499] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 112.090434][ T6] ret_from_fork+0x1f/0x30 [ 112.095479][ T6] [ 112.098871][ T6] ---[ end trace 0000000000000000 ]--- [ 112.124752][ T25] ------------[ cut here ]------------ [ 112.130369][ T25] usb 6-1: BOGUS urb xfer, pipe 1 != type 3 [ 112.138836][ T25] WARNING: CPU: 0 PID: 25 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 112.148687][ T25] Modules linked in: [ 112.152820][ T25] CPU: 0 PID: 25 Comm: kworker/0:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 112.164519][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 112.174831][ T25] Workqueue: usb_hub_wq hub_event [ 112.180116][ T25] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 112.186106][ T25] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 112.206021][ T25] RSP: 0018:ffff8881026f6878 EFLAGS: 00010246 [ 112.212426][ T25] RAX: 5ec2ec8ff90d0c00 RBX: 0000000000000000 RCX: ffff88810267c180 [ 112.220579][ T25] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 112.228835][ T25] RBP: ffff8881026f6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 112.237096][ T25] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 112.245370][ T25] R13: 0000000000000003 R14: ffff88810267ccd8 R15: 0000000000000000 [ 112.253594][ T25] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 112.262872][ T25] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.269637][ T25] CR2: 00005641483c6380 CR3: 00000001272b8000 CR4: 00000000003506f0 [ 112.277928][ T25] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 3499] exit_group(0) = ? [ 112.282820][ T123] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 112.286068][ T25] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 112.303924][ T25] Call Trace: [ 112.307328][ T25] [ 112.310432][ T25] usb_start_wait_urb+0xcf/0x350 [ 112.315699][ T25] usb_bulk_msg+0x5cc/0x6f0 [ 112.320456][ T25] usb_interrupt_msg+0x54/0x70 [ 112.325548][ T25] vmk80xx_write_packet+0x5f7/0x7d0 [ 112.330998][ T25] vmk80xx_auto_attach+0xe75/0x1e60 [ 112.336575][ T25] ? vmk80xx_detach+0x1a0/0x1a0 [pid 3499] +++ exited with 0 +++ [pid 3497] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3499, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [ 112.341632][ T25] comedi_auto_config+0x2de/0x620 [ 112.347008][ T25] comedi_usb_auto_config+0x3f/0x50 [ 112.352548][ T25] vmk80xx_usb_probe+0x54/0x70 [ 112.357532][ T25] ? vmk80xx_read_packet+0x770/0x770 [ 112.363159][ T25] usb_probe_interface+0xc4b/0x11f0 [ 112.368604][ T25] ? usb_register_driver+0x5f0/0x5f0 [ 112.374232][ T25] really_probe+0x506/0x1000 [ 112.379056][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 112.385524][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3497] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3497] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3516 [ 112.391598][ T25] __driver_probe_device+0x2fa/0x3d0 [ 112.397282][ T25] driver_probe_device+0x72/0x7a0 [ 112.402653][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 112.408715][ T25] __device_attach_driver+0x548/0x8e0 [ 112.414479][ T25] bus_for_each_drv+0x1fc/0x360 [ 112.419555][ T25] ? coredump_store+0xa0/0xa0 [ 112.424602][ T25] __device_attach+0x42a/0x720 [ 112.429617][ T25] device_initial_probe+0x2e/0x40 [ 112.435018][ T25] bus_probe_device+0x13c/0x3b0 [ 112.436485][ T123] usb 5-1: USB disconnect, device number 2 [ 112.440039][ T25] device_add+0x1d4b/0x26c0 [ 112.450690][ T25] usb_set_configuration+0x30f8/0x37e0 [ 112.456518][ T25] usb_generic_driver_probe+0x105/0x290 [ 112.462276][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 112.468437][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 112.474506][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 112.480457][ T25] usb_probe_device+0x288/0x490 [ 112.485662][ T25] ? usb_register_device_driver+0x440/0x440 ./strace-static-x86_64: Process 3516 attached [pid 3516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3516] setpgid(0, 0) = 0 [ 112.491774][ T25] really_probe+0x506/0x1000 [ 112.496704][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 112.503082][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 112.509129][ T25] __driver_probe_device+0x2fa/0x3d0 [ 112.514796][ T25] driver_probe_device+0x72/0x7a0 [ 112.520059][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 112.526277][ T25] __device_attach_driver+0x548/0x8e0 [ 112.531905][ T25] bus_for_each_drv+0x1fc/0x360 [ 112.537118][ T25] ? coredump_store+0xa0/0xa0 [pid 3516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 112.542052][ T25] __device_attach+0x42a/0x720 [ 112.547199][ T25] device_initial_probe+0x2e/0x40 [ 112.552554][ T25] bus_probe_device+0x13c/0x3b0 [ 112.557635][ T25] device_add+0x1d4b/0x26c0 [ 112.562496][ T25] usb_new_device+0x17ac/0x2370 [ 112.567614][ T25] hub_event+0x5589/0x8080 [ 112.572458][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 112.578502][ T25] ? led_work+0x730/0x730 [ 112.583174][ T25] ? led_work+0x730/0x730 [ 112.587728][ T25] process_one_work+0xb27/0x13e0 [pid 3516] write(3, "1000", 4) = 4 [pid 3516] close(3) = 0 [pid 3516] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3516] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3516] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3516] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 112.593071][ T25] worker_thread+0x1076/0x1d60 [ 112.598100][ T25] kthread+0x31b/0x430 [ 112.602521][ T25] ? worker_clr_flags+0x2b0/0x2b0 [ 112.607784][ T25] ? kthread_blkcg+0x120/0x120 [ 112.612870][ T25] ret_from_fork+0x1f/0x30 [ 112.617526][ T25] [ 112.620672][ T25] ---[ end trace 0000000000000000 ]--- [ 112.636847][ T6] comedi comedi4: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 112.651124][ T25] comedi comedi5: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 112.673962][ T6] usb 4-1: USB disconnect, device number 2 [ 112.701650][ T25] usb 6-1: USB disconnect, device number 2 [ 112.723676][ T3501] comedi comedi2: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 112.765681][ T28] comedi comedi3: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 112.774311][ T113] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 112.796670][ T3501] usb 1-1: USB disconnect, device number 2 [ 112.834142][ T113] usb 3-1: USB disconnect, device number 2 [ 112.895735][ T28] usb 2-1: USB disconnect, device number 2 [pid 3516] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3508] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [ 112.952529][ T123] usb 5-1: new high-speed USB device number 3 using dummy_hcd [pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3516] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3516] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3515] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3516] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3516] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3515] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 113.123091][ T25] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 113.130905][ T6] usb 4-1: new high-speed USB device number 3 using dummy_hcd [pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3508] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3510] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3510] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3508] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3510] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 113.202797][ T123] usb 5-1: Using ep0 maxpacket: 8 [ 113.212605][ T3501] usb 1-1: new high-speed USB device number 3 using dummy_hcd [pid 3510] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3508] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 9 [pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3509] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 113.312499][ T113] usb 3-1: new high-speed USB device number 3 using dummy_hcd [pid 3509] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3508] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [ 113.352861][ T123] usb 5-1: config 0 has an invalid interface number: 164 but max is 0 [ 113.361221][ T123] usb 5-1: config 0 has no interface number 0 [ 113.362515][ T25] usb 6-1: Using ep0 maxpacket: 8 [ 113.367464][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 113.372725][ T6] usb 4-1: Using ep0 maxpacket: 8 [ 113.382461][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3509] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3516] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3516] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3515] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3516] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3516] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3515] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3513] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3508] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3513] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3516] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3516] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3515] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 113.402473][ T28] usb 2-1: new high-speed USB device number 3 using dummy_hcd [pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3516] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3513] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3508] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3516] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3513] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3515] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3516] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3510] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3510] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3516] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3515] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3508] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 113.452973][ T3501] usb 1-1: Using ep0 maxpacket: 8 [pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3516] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3510] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3516] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3510] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3515] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [ 113.492936][ T25] usb 6-1: config 0 has an invalid interface number: 164 but max is 0 [ 113.501286][ T25] usb 6-1: config 0 has no interface number 0 [ 113.507798][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 113.519244][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 113.530452][ T6] usb 4-1: config 0 has an invalid interface number: 164 but max is 0 [pid 3516] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3510] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3516] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3510] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3508] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3516] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3510] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3516] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3510] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3508] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3515] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3516] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3516] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3510] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3508] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3510] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3515] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [ 113.540270][ T6] usb 4-1: config 0 has no interface number 0 [ 113.547006][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 113.557409][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3510] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3516] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3510] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3508] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3516] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3515] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 113.612970][ T3501] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [ 113.621929][ T3501] usb 1-1: config 0 has no interface number 0 [ 113.628466][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 113.638639][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 113.649707][ T113] usb 3-1: Using ep0 maxpacket: 8 [pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3516] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3515] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3508] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3510] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3510] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3509] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3509] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3515] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3510] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3510] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3509] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3509] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3516] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3515] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3509] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3513] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 113.663144][ T123] usb 5-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 113.672457][ T123] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.680634][ T123] usb 5-1: Product: syz [ 113.685082][ T123] usb 5-1: Manufacturer: syz [ 113.689852][ T123] usb 5-1: SerialNumber: syz [ 113.695975][ T28] usb 2-1: Using ep0 maxpacket: 8 [pid 3509] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3515] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3513] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3516] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3516] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3513] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3510] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3509] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3508] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3513] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3510] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3509] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3508] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [ 113.715743][ T123] usb 5-1: config 0 descriptor?? [ 113.742958][ T6] usb 4-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 113.752280][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.755544][ T3508] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 113.761008][ T6] usb 4-1: Product: syz [ 113.773084][ T6] usb 4-1: Manufacturer: syz [ 113.773311][ T3508] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 113.777827][ T6] usb 4-1: SerialNumber: syz [pid 3508] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3516] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3515] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3516] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3508] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3516] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3513] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3508] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3516] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3513] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3508] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3513] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3508] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3513] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3510] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3509] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3510] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3509] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3513] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3508] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 113.791755][ T25] usb 6-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 113.801315][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.810889][ T25] usb 6-1: Product: syz [ 113.815358][ T25] usb 6-1: Manufacturer: syz [ 113.820125][ T25] usb 6-1: SerialNumber: syz [ 113.828120][ T113] usb 3-1: config 0 has an invalid interface number: 164 but max is 0 [ 113.833025][ T28] usb 2-1: config 0 has an invalid interface number: 164 but max is 0 [ 113.836609][ T113] usb 3-1: config 0 has no interface number 0 [ 113.844659][ T28] usb 2-1: config 0 has no interface number 0 [ 113.850784][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 113.856920][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 113.866921][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3513] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 36 [pid 3513] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3510] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3510] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3509] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3509] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 113.877184][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 113.895429][ T6] usb 4-1: config 0 descriptor?? [ 113.905995][ T123] ------------[ cut here ]------------ [ 113.911592][ T123] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [ 113.913251][ T25] usb 6-1: config 0 descriptor?? [ 113.919253][ T123] WARNING: CPU: 1 PID: 123 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 113.932436][ T123] Modules linked in: [pid 3509] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3510] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3509] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3510] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3509] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3510] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3510] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3509] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 113.936491][ T123] CPU: 1 PID: 123 Comm: kworker/1:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 113.948307][ T123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 113.958603][ T123] Workqueue: usb_hub_wq hub_event [ 113.964134][ T123] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 113.969995][ T123] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 113.982984][ T3501] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 113.989827][ T123] RSP: 0018:ffff8881092b6878 EFLAGS: 00010246 [ 113.999081][ T3501] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.005274][ T123] RAX: f603424d0d5e4e00 RBX: 0000000000000000 RCX: ffff888103e720c0 [ 114.005356][ T123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 114.005424][ T123] RBP: ffff8881092b6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [pid 3509] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 114.005508][ T123] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 114.005576][ T123] R13: 0000000000000003 R14: ffff888103e72c18 R15: 0000000000000000 [ 114.005648][ T123] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 114.005742][ T123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.005819][ T123] CR2: 00007fbe3967c528 CR3: 000000010e779000 CR4: 00000000003506e0 [ 114.005896][ T123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 3516] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3515] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3513] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3510] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3509] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3516] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3515] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3513] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3510] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3509] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3508] exit_group(0 [pid 3516] <... ioctl resumed>, 0) = 0 [pid 3515] <... ioctl resumed>, 0) = 0 [pid 3510] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3509] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3508] <... exit_group resumed>) = ? [pid 3516] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3515] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3513] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3510] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3509] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3508] +++ exited with 0 +++ [pid 3516] <... ioctl resumed>, 0) = 0 [pid 3515] <... ioctl resumed>, 0) = 0 [pid 3513] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3510] <... ioctl resumed>, 0) = 0 [pid 3495] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3508, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 114.005962][ T123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 114.006033][ T123] Call Trace: [ 114.006064][ T123] [ 114.006145][ T123] usb_start_wait_urb+0xcf/0x350 [ 114.006289][ T123] usb_bulk_msg+0x5cc/0x6f0 [ 114.014316][ T3501] usb 1-1: Product: syz [ 114.022384][ T123] usb_interrupt_msg+0x54/0x70 [ 114.030394][ T3501] usb 1-1: Manufacturer: syz [ 114.030476][ T3501] usb 1-1: SerialNumber: syz [ 114.038509][ T123] vmk80xx_write_packet+0x5f7/0x7d0 [ 114.038667][ T123] vmk80xx_auto_attach+0xe75/0x1e60 [pid 3516] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3515] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3510] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3495] restart_syscall(<... resuming interrupted clone ...> [pid 3516] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3515] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3510] <... ioctl resumed>, 0) = 0 [pid 3509] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3495] <... restart_syscall resumed>) = 0 [pid 3516] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [ 114.038822][ T123] ? vmk80xx_detach+0x1a0/0x1a0 [ 114.038940][ T123] comedi_auto_config+0x2de/0x620 [ 114.059966][ T3501] usb 1-1: config 0 descriptor?? [ 114.064566][ T123] comedi_usb_auto_config+0x3f/0x50 [ 114.143837][ T3516] raw-gadget.5 gadget.5: fail, usb_ep_enable returned -22 [ 114.146184][ T123] vmk80xx_usb_probe+0x54/0x70 [ 114.151674][ T3515] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 114.156205][ T123] ? vmk80xx_read_packet+0x770/0x770 [ 114.170637][ T3510] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [pid 3510] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3509] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3516] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3510] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3509] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3509] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 114.173421][ T123] usb_probe_interface+0xc4b/0x11f0 [ 114.181945][ T3516] raw-gadget.5 gadget.5: fail, usb_ep_enable returned -22 [ 114.185967][ T123] ? usb_register_driver+0x5f0/0x5f0 [ 114.208783][ T3515] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 114.210802][ T123] really_probe+0x506/0x1000 [ 114.219257][ T113] usb 3-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 114.222724][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [pid 3495] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3515] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3495] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3518 [pid 3515] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3509] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 114.231780][ T113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.238139][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 114.246080][ T113] usb 3-1: Product: syz [ 114.251897][ T123] __driver_probe_device+0x2fa/0x3d0 [ 114.256460][ T113] usb 3-1: Manufacturer: syz [ 114.261414][ T123] driver_probe_device+0x72/0x7a0 [ 114.266093][ T113] usb 3-1: SerialNumber: syz [ 114.277618][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 114.283756][ T123] __device_attach_driver+0x548/0x8e0 [ 114.289394][ T123] bus_for_each_drv+0x1fc/0x360 [pid 3509] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH./strace-static-x86_64: Process 3518 attached [pid 3510] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3518] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3510] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3518] <... prctl resumed>) = 0 [pid 3518] setpgid(0, 0) = 0 [pid 3518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3518] write(3, "1000", 4) = 4 [pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3518] close(3 [pid 3516] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3518] <... close resumed>) = 0 [ 114.294618][ T123] ? coredump_store+0xa0/0xa0 [ 114.299454][ T3510] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 114.299544][ T123] __device_attach+0x42a/0x720 [ 114.311686][ T123] device_initial_probe+0x2e/0x40 [ 114.317069][ T123] bus_probe_device+0x13c/0x3b0 [ 114.322160][ T123] device_add+0x1d4b/0x26c0 [ 114.327000][ T123] usb_set_configuration+0x30f8/0x37e0 [ 114.332886][ T123] usb_generic_driver_probe+0x105/0x290 [ 114.338653][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3510] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3518] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [ 114.344800][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 114.350741][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 114.356846][ T123] usb_probe_device+0x288/0x490 [ 114.361915][ T123] ? usb_register_device_driver+0x440/0x440 [ 114.368133][ T123] really_probe+0x506/0x1000 [ 114.373022][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 114.379327][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 114.383928][ T3501] ------------[ cut here ]------------ [ 114.385424][ T123] __driver_probe_device+0x2fa/0x3d0 [ 114.390791][ T3501] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 114.396174][ T123] driver_probe_device+0x72/0x7a0 [ 114.403547][ T3501] WARNING: CPU: 0 PID: 3501 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 114.408529][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 114.416831][ T3501] Modules linked in: [ 114.422714][ T123] __device_attach_driver+0x548/0x8e0 [ 114.426613][ T3501] CPU: 0 PID: 3501 Comm: kworker/0:3 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 114.432008][ T123] bus_for_each_drv+0x1fc/0x360 [ 114.443613][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 114.448461][ T123] ? coredump_store+0xa0/0xa0 [ 114.458627][ T3501] Workqueue: usb_hub_wq hub_event [ 114.463345][ T123] __device_attach+0x42a/0x720 [ 114.463509][ T123] device_initial_probe+0x2e/0x40 [ 114.468495][ T3501] [ 114.468524][ T3501] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 114.473327][ T123] bus_probe_device+0x13c/0x3b0 [ 114.478459][ T3501] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 114.480817][ T123] device_add+0x1d4b/0x26c0 [ 114.486508][ T3501] RSP: 0018:ffff888122a6e878 EFLAGS: 00010246 [ 114.491384][ T123] usb_new_device+0x17ac/0x2370 [ 114.511073][ T3501] [ 114.515636][ T123] hub_event+0x5589/0x8080 [ 114.521707][ T3501] RAX: f66d70e6d79e2000 RBX: 0000000000000000 RCX: ffff888121010000 [ 114.526703][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 114.528988][ T3501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 114.533468][ T123] ? led_work+0x730/0x730 [ 114.541477][ T3501] RBP: ffff888122a6e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 114.547350][ T123] ? led_work+0x730/0x730 [ 114.555421][ T3501] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 114.559769][ T123] process_one_work+0xb27/0x13e0 [ 114.567850][ T3501] R13: 0000000000000003 R14: ffff888121010b58 R15: 0000000000000000 [ 114.572187][ T123] worker_thread+0x1703/0x1d60 [ 114.580280][ T3501] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 114.585154][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 114.593213][ T3501] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.597984][ T123] ? __kthread_parkme+0x110/0x1b0 [ 114.606986][ T3501] CR2: 00007f3ece476cc0 CR3: 000000012732d000 CR4: 00000000003506f0 [ 114.612853][ T123] kthread+0x31b/0x430 [ 114.619482][ T3501] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 3518] ioctl(3, USB_RAW_IOCTL_INIT [pid 3515] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3516] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3510] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3518] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3518] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3518] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 114.624571][ T123] ? worker_clr_flags+0x2b0/0x2b0 [ 114.632638][ T3501] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 114.636716][ T123] ? kthread_blkcg+0x120/0x120 [ 114.644764][ T3501] Call Trace: [ 114.644797][ T3501] [ 114.649792][ T123] ret_from_fork+0x1f/0x30 [ 114.657891][ T3501] usb_start_wait_urb+0xcf/0x350 [ 114.662674][ T123] [ 114.662711][ T123] ---[ end trace 0000000000000000 ]--- [ 114.665991][ T3501] usb_bulk_msg+0x5cc/0x6f0 [ 114.696800][ T3501] usb_interrupt_msg+0x54/0x70 [ 114.701794][ T3501] vmk80xx_write_packet+0x5f7/0x7d0 [ 114.705812][ T123] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 114.707248][ T3501] vmk80xx_auto_attach+0xe75/0x1e60 [ 114.722120][ T3501] ? vmk80xx_detach+0x1a0/0x1a0 [ 114.727351][ T3501] comedi_auto_config+0x2de/0x620 [ 114.732670][ T3501] comedi_usb_auto_config+0x3f/0x50 [ 114.738100][ T3501] vmk80xx_usb_probe+0x54/0x70 [ 114.743150][ T3501] ? vmk80xx_read_packet+0x770/0x770 [ 114.748658][ T3501] usb_probe_interface+0xc4b/0x11f0 [ 114.754182][ T3501] ? usb_register_driver+0x5f0/0x5f0 [ 114.759687][ T3501] really_probe+0x506/0x1000 [ 114.764593][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 114.770907][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 114.777160][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 114.782771][ T3501] driver_probe_device+0x72/0x7a0 [ 114.783866][ T123] usb 5-1: USB disconnect, device number 3 [ 114.787967][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 114.799875][ T3501] __device_attach_driver+0x548/0x8e0 [ 114.805625][ T3501] bus_for_each_drv+0x1fc/0x360 [ 114.810701][ T3501] ? coredump_store+0xa0/0xa0 [ 114.815702][ T3501] __device_attach+0x42a/0x720 [ 114.820715][ T3501] device_initial_probe+0x2e/0x40 [ 114.826051][ T3501] bus_probe_device+0x13c/0x3b0 [ 114.831138][ T3501] device_add+0x1d4b/0x26c0 [ 114.835973][ T3501] usb_set_configuration+0x30f8/0x37e0 [ 114.841711][ T3501] usb_generic_driver_probe+0x105/0x290 [pid 3518] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3513] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3513] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3516] exit_group(0 [pid 3513] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 114.847544][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 114.853658][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 114.862289][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 114.868600][ T3501] usb_probe_device+0x288/0x490 [ 114.874312][ T3501] ? usb_register_device_driver+0x440/0x440 [ 114.880429][ T3501] really_probe+0x506/0x1000 [ 114.885322][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 114.891968][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3510] exit_group(0 [pid 3516] <... exit_group resumed>) = ? [pid 3513] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3510] <... exit_group resumed>) = ? [pid 3516] +++ exited with 0 +++ [pid 3515] exit_group(0 [pid 3513] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3510] +++ exited with 0 +++ [ 114.898241][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 114.903849][ T3501] driver_probe_device+0x72/0x7a0 [ 114.909117][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 114.915291][ T3501] __device_attach_driver+0x548/0x8e0 [ 114.920927][ T3501] bus_for_each_drv+0x1fc/0x360 [ 114.926130][ T3501] ? coredump_store+0xa0/0xa0 [ 114.931044][ T3501] __device_attach+0x42a/0x720 [ 114.936138][ T3501] device_initial_probe+0x2e/0x40 [ 114.941396][ T3501] bus_probe_device+0x13c/0x3b0 [pid 3515] <... exit_group resumed>) = ? [pid 3515] +++ exited with 0 +++ [pid 3513] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3497] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3516, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3488] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3510, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3513] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3497] restart_syscall(<... resuming interrupted clone ...> [ 114.946618][ T3501] device_add+0x1d4b/0x26c0 [ 114.951368][ T3501] usb_new_device+0x17ac/0x2370 [ 114.956598][ T3501] hub_event+0x5589/0x8080 [ 114.961333][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 114.967498][ T3501] ? led_work+0x730/0x730 [ 114.972074][ T3501] ? led_work+0x730/0x730 [ 114.976740][ T3501] process_one_work+0xb27/0x13e0 [ 114.981949][ T3501] worker_thread+0x1703/0x1d60 [ 114.987110][ T3501] kthread+0x31b/0x430 [ 114.991383][ T3501] ? worker_clr_flags+0x2b0/0x2b0 [pid 3488] restart_syscall(<... resuming interrupted clone ...> [pid 3497] <... restart_syscall resumed>) = 0 [pid 3492] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3515, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3488] <... restart_syscall resumed>) = 0 [pid 3513] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3492] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 114.994492][ T28] usb 2-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 114.996701][ T3501] ? kthread_blkcg+0x120/0x120 [ 115.007054][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.010469][ T3501] ret_from_fork+0x1f/0x30 [ 115.018506][ T28] usb 2-1: Product: syz [ 115.023029][ T3501] [ 115.027174][ T28] usb 2-1: Manufacturer: syz [ 115.030197][ T3501] ---[ end trace 0000000000000000 ]--- [ 115.039219][ T25] ------------[ cut here ]------------ [pid 3513] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3497] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3492] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3519 [pid 3488] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3513] <... ioctl resumed>, 0x7ffcf7248d10) = 8 ./strace-static-x86_64: Process 3519 attached [pid 3513] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3497] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3520 [pid 3488] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3521 ./strace-static-x86_64: Process 3520 attached [pid 3519] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3520] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3519] <... prctl resumed>) = 0 [pid 3520] <... prctl resumed>) = 0 [pid 3519] setpgid(0, 0 [pid 3520] setpgid(0, 0 [pid 3519] <... setpgid resumed>) = 0 [pid 3520] <... setpgid resumed>) = 0 [pid 3519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3519] <... openat resumed>) = 3 [pid 3520] <... openat resumed>) = 3 [ 115.040405][ T28] usb 2-1: SerialNumber: syz [ 115.046170][ T25] usb 6-1: BOGUS urb xfer, pipe 1 != type 3 [ 115.059378][ T25] WARNING: CPU: 0 PID: 25 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 115.069191][ T25] Modules linked in: [ 115.073325][ T25] CPU: 0 PID: 25 Comm: kworker/0:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 115.084998][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [pid 3519] write(3, "1000", 4 [pid 3520] write(3, "1000", 4 [pid 3519] <... write resumed>) = 4 [pid 3520] <... write resumed>) = 4 [pid 3519] close(3 [pid 3520] close(3 [pid 3519] <... close resumed>) = 0 [pid 3520] <... close resumed>) = 0 [pid 3519] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3520] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3519] <... openat resumed>) = 3 [pid 3520] <... openat resumed>) = 3 [pid 3519] ioctl(3, USB_RAW_IOCTL_INIT [pid 3520] ioctl(3, USB_RAW_IOCTL_INIT [pid 3519] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 115.095327][ T25] Workqueue: usb_hub_wq hub_event [ 115.100626][ T25] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 115.106574][ T25] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 115.126507][ T25] RSP: 0018:ffff8881026f6878 EFLAGS: 00010246 [ 115.132864][ T25] RAX: 5ec2ec8ff90d0c00 RBX: 0000000000000000 RCX: ffff88810267c180 [ 115.141015][ T25] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [pid 3520] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3519] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3520] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3519] <... ioctl resumed>, 0) = 0 [pid 3520] <... ioctl resumed>, 0) = 0 [pid 3519] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3520] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3519] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3520] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3519] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 115.149245][ T25] RBP: ffff8881026f6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 115.157492][ T25] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 115.165729][ T25] R13: 0000000000000003 R14: ffff88810267ccd8 R15: 0000000000000000 [ 115.174004][ T25] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 115.183225][ T25] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.190021][ T25] CR2: 00007f3ece476cc0 CR3: 0000000116b29000 CR4: 00000000003506f0 [pid 3520] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH./strace-static-x86_64: Process 3521 attached [ 115.198250][ T25] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 115.206481][ T25] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 115.214776][ T25] Call Trace: [ 115.218182][ T25] [ 115.221288][ T25] usb_start_wait_urb+0xcf/0x350 [ 115.226602][ T25] usb_bulk_msg+0x5cc/0x6f0 [ 115.231335][ T25] usb_interrupt_msg+0x54/0x70 [ 115.236446][ T25] vmk80xx_write_packet+0x5f7/0x7d0 [ 115.241925][ T25] vmk80xx_auto_attach+0xe75/0x1e60 [ 115.247507][ T25] ? vmk80xx_detach+0x1a0/0x1a0 [ 115.252650][ T25] comedi_auto_config+0x2de/0x620 [ 115.257891][ T25] comedi_usb_auto_config+0x3f/0x50 [ 115.263447][ T25] vmk80xx_usb_probe+0x54/0x70 [ 115.265400][ T123] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 115.268354][ T25] ? vmk80xx_read_packet+0x770/0x770 [ 115.281458][ T25] usb_probe_interface+0xc4b/0x11f0 [ 115.287024][ T25] ? usb_register_driver+0x5f0/0x5f0 [ 115.292608][ T25] really_probe+0x506/0x1000 [ 115.297428][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 115.303875][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.309926][ T25] __driver_probe_device+0x2fa/0x3d0 [ 115.315600][ T25] driver_probe_device+0x72/0x7a0 [ 115.320870][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.327060][ T25] __device_attach_driver+0x548/0x8e0 [ 115.332769][ T25] bus_for_each_drv+0x1fc/0x360 [ 115.337841][ T25] ? coredump_store+0xa0/0xa0 [ 115.342880][ T25] __device_attach+0x42a/0x720 [pid 3521] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3521] setpgid(0, 0) = 0 [pid 3521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3521] write(3, "1000", 4) = 4 [pid 3521] close(3) = 0 [pid 3521] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3521] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3521] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3521] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 115.346629][ T28] usb 2-1: config 0 descriptor?? [ 115.347817][ T25] device_initial_probe+0x2e/0x40 [ 115.358087][ T25] bus_probe_device+0x13c/0x3b0 [ 115.363263][ T25] device_add+0x1d4b/0x26c0 [ 115.367996][ T25] usb_set_configuration+0x30f8/0x37e0 [ 115.373863][ T25] usb_generic_driver_probe+0x105/0x290 [ 115.379620][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.385785][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 115.391724][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 115.395664][ T3513] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22 [ 115.397720][ T25] usb_probe_device+0x288/0x490 [ 115.409858][ T25] ? usb_register_device_driver+0x440/0x440 [ 115.415626][ T3513] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22 [ 115.416035][ T25] really_probe+0x506/0x1000 [ 115.427926][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 115.434356][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.440408][ T25] __driver_probe_device+0x2fa/0x3d0 [ 115.446070][ T25] driver_probe_device+0x72/0x7a0 [ 115.451333][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.457518][ T25] __device_attach_driver+0x548/0x8e0 [ 115.463214][ T25] bus_for_each_drv+0x1fc/0x360 [ 115.468288][ T25] ? coredump_store+0xa0/0xa0 [ 115.468525][ T28] ------------[ cut here ]------------ [ 115.473249][ T25] __device_attach+0x42a/0x720 [ 115.473404][ T25] device_initial_probe+0x2e/0x40 [ 115.478846][ T28] usb 2-1: BOGUS urb xfer, pipe 1 != type 3 [ 115.483701][ T25] bus_probe_device+0x13c/0x3b0 [ 115.490074][ T28] WARNING: CPU: 1 PID: 28 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 115.494728][ T25] device_add+0x1d4b/0x26c0 [ 115.499587][ T28] Modules linked in: [ 115.509154][ T25] usb_new_device+0x17ac/0x2370 [ 115.513695][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 115.517638][ T25] hub_event+0x5589/0x8080 [ 115.522574][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 115.534059][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.538441][ T28] Workqueue: usb_hub_wq hub_event [ 115.548567][ T25] ? led_work+0x730/0x730 [ 115.554435][ T28] [ 115.554464][ T28] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 115.559482][ T25] ? led_work+0x730/0x730 [ 115.563875][ T28] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 115.566232][ T25] process_one_work+0xb27/0x13e0 [ 115.571874][ T28] RSP: 0018:ffff8881027a2878 EFLAGS: 00010246 [ 115.576318][ T25] worker_thread+0x1703/0x1d60 [ 115.596070][ T28] [ 115.596098][ T28] RAX: c3242d7576535800 RBX: 0000000000000000 RCX: ffff888102684180 [ 115.601062][ T25] kthread+0x31b/0x430 [ 115.607146][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 115.607214][ T28] RBP: ffff8881027a2998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 115.611946][ T25] ? worker_clr_flags+0x2b0/0x2b0 [pid 3521] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3518] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3518] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3518] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3513] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3513] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3513] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3513] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3513] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3513] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcf7248d10) = 0 [ 115.614356][ T28] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 115.622436][ T25] ? kthread_blkcg+0x120/0x120 [ 115.626483][ T28] R13: 0000000000000003 R14: ffff888102684cd8 R15: 0000000000000000 [ 115.634548][ T25] ret_from_fork+0x1f/0x30 [ 115.642576][ T28] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 115.647663][ T25] [ 115.655698][ T28] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.660478][ T25] ---[ end trace 0000000000000000 ]--- [ 115.673335][ T6] ------------[ cut here ]------------ [ 115.682189][ T28] CR2: 00007f3ece476cc0 CR3: 0000000127330000 CR4: 00000000003506e0 [ 115.685305][ T6] usb 4-1: BOGUS urb xfer, pipe 1 != type 3 [ 115.691889][ T28] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 115.698770][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 115.703073][ T28] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 115.711089][ T6] Modules linked in: [ 115.711148][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 115.711260][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 115.717195][ T28] Call Trace: [ 115.717228][ T28] [ 115.725273][ T6] Workqueue: usb_hub_wq hub_event [ 115.734844][ T28] usb_start_wait_urb+0xcf/0x350 [ 115.742866][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 115.743019][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 115.746904][ T28] usb_bulk_msg+0x5cc/0x6f0 [ 115.747042][ T28] usb_interrupt_msg+0x54/0x70 [ 115.758373][ T6] RSP: 0018:ffff888102616878 EFLAGS: 00010246 [ 115.758476][ T6] RAX: 9ab4860bd45fdb00 RBX: 0000000000000000 RCX: ffff888102604180 [ 115.768637][ T28] vmk80xx_write_packet+0x5f7/0x7d0 [ 115.771969][ T6] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 115.775070][ T28] vmk80xx_auto_attach+0xe75/0x1e60 [ 115.780153][ T6] RBP: ffff888102616998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 115.785185][ T28] ? vmk80xx_detach+0x1a0/0x1a0 [ 115.785308][ T28] comedi_auto_config+0x2de/0x620 [ 115.790941][ T6] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 115.791013][ T6] R13: 0000000000000003 R14: ffff888102604cd8 R15: 0000000000000000 [ 115.791085][ T6] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 115.810793][ T28] comedi_usb_auto_config+0x3f/0x50 [ 115.815359][ T6] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.820124][ T28] vmk80xx_usb_probe+0x54/0x70 [ 115.820252][ T28] ? vmk80xx_read_packet+0x770/0x770 [ 115.826388][ T6] CR2: 00007f3ece476cc0 CR3: 0000000116b29000 CR4: 00000000003506f0 [ 115.826473][ T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 115.826539][ T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 115.834556][ T28] usb_probe_interface+0xc4b/0x11f0 [ 115.839789][ T6] Call Trace: [ 115.839823][ T6] [ 115.839904][ T6] usb_start_wait_urb+0xcf/0x350 [ 115.848012][ T28] ? usb_register_driver+0x5f0/0x5f0 [ 115.853279][ T6] usb_bulk_msg+0x5cc/0x6f0 [ 115.853412][ T6] usb_interrupt_msg+0x54/0x70 [ 115.861359][ T28] really_probe+0x506/0x1000 [ 115.866319][ T6] vmk80xx_write_packet+0x5f7/0x7d0 [ 115.866479][ T6] vmk80xx_auto_attach+0xe75/0x1e60 [ 115.871449][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 115.871602][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.879675][ T6] ? vmk80xx_detach+0x1a0/0x1a0 [ 115.879806][ T6] comedi_auto_config+0x2de/0x620 [ 115.887852][ T28] __driver_probe_device+0x2fa/0x3d0 [ 115.888012][ T28] driver_probe_device+0x72/0x7a0 [ 115.897033][ T6] comedi_usb_auto_config+0x3f/0x50 [ 115.902242][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.902528][ T28] __device_attach_driver+0x548/0x8e0 [ 115.909132][ T6] vmk80xx_usb_probe+0x54/0x70 [ 115.914023][ T28] bus_for_each_drv+0x1fc/0x360 [ 115.919297][ T6] ? vmk80xx_read_packet+0x770/0x770 [ 115.919430][ T6] usb_probe_interface+0xc4b/0x11f0 [ 115.927464][ T28] ? coredump_store+0xa0/0xa0 [ 115.927621][ T28] __device_attach+0x42a/0x720 [ 115.935719][ T6] ? usb_register_driver+0x5f0/0x5f0 [ 115.935848][ T6] really_probe+0x506/0x1000 [ 115.943893][ T28] device_initial_probe+0x2e/0x40 [ 115.949110][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 115.949263][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.952611][ T28] bus_probe_device+0x13c/0x3b0 [ 115.952759][ T28] device_add+0x1d4b/0x26c0 [ 115.955696][ T6] __driver_probe_device+0x2fa/0x3d0 [ 115.955850][ T6] driver_probe_device+0x72/0x7a0 [ 115.960791][ T28] usb_set_configuration+0x30f8/0x37e0 [ 115.966144][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.966295][ T6] __device_attach_driver+0x548/0x8e0 [ 115.970922][ T28] usb_generic_driver_probe+0x105/0x290 [ 115.975842][ T6] bus_for_each_drv+0x1fc/0x360 [ 115.980489][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.980630][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 115.985896][ T6] ? coredump_store+0xa0/0xa0 [ 115.986050][ T6] __device_attach+0x42a/0x720 [ 115.991228][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 115.997423][ T6] device_initial_probe+0x2e/0x40 [ 116.003342][ T28] usb_probe_device+0x288/0x490 [ 116.003484][ T28] ? usb_register_device_driver+0x440/0x440 [ 116.008314][ T6] bus_probe_device+0x13c/0x3b0 [ 116.008479][ T6] device_add+0x1d4b/0x26c0 [ 116.013577][ T28] really_probe+0x506/0x1000 [pid 3513] exit_group(0 [pid 3491] kill(-3509, SIGKILL [pid 3513] <... exit_group resumed>) = ? [pid 3491] <... kill resumed>) = 0 [pid 3513] +++ exited with 0 +++ [ 116.018891][ T6] usb_set_configuration+0x30f8/0x37e0 [ 116.023958][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 116.024114][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 116.029389][ T6] usb_generic_driver_probe+0x105/0x290 [ 116.035227][ T28] __driver_probe_device+0x2fa/0x3d0 [ 116.040601][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 116.040743][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 116.045566][ T28] driver_probe_device+0x72/0x7a0 [pid 3491] kill(3509, SIGKILL) = 0 [pid 3490] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3513, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 3518] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3490] restart_syscall(<... resuming interrupted clone ...> [pid 3518] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3490] <... restart_syscall resumed>) = 0 [pid 3490] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3522 [ 116.050450][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 116.050586][ T6] usb_probe_device+0x288/0x490 [ 116.055966][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 116.056118][ T28] __device_attach_driver+0x548/0x8e0 [ 116.061304][ T6] ? usb_register_device_driver+0x440/0x440 [ 116.066053][ T28] bus_for_each_drv+0x1fc/0x360 [ 116.070836][ T6] really_probe+0x506/0x1000 [ 116.071026][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 116.076537][ T28] ? coredump_store+0xa0/0xa0 [pid 3518] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3518] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 116.081236][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 116.086330][ T28] __device_attach+0x42a/0x720 [ 116.086497][ T28] device_initial_probe+0x2e/0x40 [ 116.092621][ T6] __driver_probe_device+0x2fa/0x3d0 [ 116.092778][ T6] driver_probe_device+0x72/0x7a0 [ 116.098567][ T28] bus_probe_device+0x13c/0x3b0 [ 116.103503][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 116.108017][ T28] device_add+0x1d4b/0x26c0 [ 116.108159][ T28] usb_new_device+0x17ac/0x2370 [ 116.113509][ T6] __device_attach_driver+0x548/0x8e0 [pid 3518] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 9 [pid 3518] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3518] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 36 [ 116.113674][ T6] bus_for_each_drv+0x1fc/0x360 [ 116.118702][ T28] hub_event+0x5589/0x8080 [ 116.124212][ T6] ? coredump_store+0xa0/0xa0 [ 116.124367][ T6] __device_attach+0x42a/0x720 [ 116.130215][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 116.135740][ T6] device_initial_probe+0x2e/0x40 [ 116.141304][ T28] ? led_work+0x730/0x730 [ 116.141450][ T28] ? led_work+0x730/0x730 [ 116.146366][ T6] bus_probe_device+0x13c/0x3b0 [ 116.152169][ T28] process_one_work+0xb27/0x13e0 [pid 3509] <... ioctl resumed> ) = ? [pid 3518] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3509] +++ killed by SIGKILL +++ [pid 3518] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3491] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3509, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=3} --- [pid 3518] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 4 [pid 3518] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3491] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3523 ./strace-static-x86_64: Process 3523 attached [pid 3523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 116.157986][ T6] device_add+0x1d4b/0x26c0 [ 116.162823][ T28] worker_thread+0x1703/0x1d60 [ 116.162997][ T28] kthread+0x31b/0x430 [ 116.167712][ T6] usb_new_device+0x17ac/0x2370 [ 116.173519][ T28] ? worker_clr_flags+0x2b0/0x2b0 [ 116.173663][ T28] ? kthread_blkcg+0x120/0x120 [ 116.178686][ T6] hub_event+0x5589/0x8080 [ 116.183596][ T28] ret_from_fork+0x1f/0x30 [ 116.189575][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 116.194556][ T28] [ 116.194595][ T28] ---[ end trace 0000000000000000 ]--- [pid 3523] setpgid(0, 0 [pid 3518] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] <... setpgid resumed>) = 0 [pid 3518] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3523] write(3, "1000", 4) = 4 [pid 3523] close(3) = 0 [pid 3523] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3518] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3523] ioctl(3, USB_RAW_IOCTL_INIT [pid 3518] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3523] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3518] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3518] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3523] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3518] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 116.252539][ T123] usb 5-1: Using ep0 maxpacket: 8 [ 116.256112][ T6] ? led_work+0x730/0x730 [ 116.383031][ T123] usb 5-1: config 0 has an invalid interface number: 164 but max is 0 [ 116.383143][ T123] usb 5-1: config 0 has no interface number 0 [ 116.383240][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 116.387587][ T6] ? led_work+0x730/0x730 [ 116.392016][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3523] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3518] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH./strace-static-x86_64: Process 3522 attached [pid 3522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3522] setpgid(0, 0 [pid 3518] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3522] <... setpgid resumed>) = 0 [pid 3518] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3522] write(3, "1000", 4) = 4 [pid 3522] close(3) = 0 [ 116.519646][ T6] process_one_work+0xb27/0x13e0 [ 116.525250][ T6] worker_thread+0x1703/0x1d60 [ 116.530530][ T6] kthread+0x31b/0x430 [ 116.535191][ T6] ? worker_clr_flags+0x2b0/0x2b0 [ 116.540709][ T6] ? kthread_blkcg+0x120/0x120 [ 116.546059][ T6] ret_from_fork+0x1f/0x30 [ 116.550965][ T6] [ 116.554444][ T6] ---[ end trace 0000000000000000 ]--- [ 116.563171][ T123] usb 5-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 116.572496][ T123] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.575515][ T113] usb 3-1: config 0 descriptor?? [ 116.580603][ T123] usb 5-1: Product: syz [ 116.587052][ T25] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 116.589872][ T123] usb 5-1: Manufacturer: syz [ 116.604395][ T123] usb 5-1: SerialNumber: syz [ 116.604563][ T113] usb 3-1: can't set config #0, error -71 [pid 3522] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3518] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3522] <... openat resumed>) = 3 [pid 3518] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3522] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3522] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3522] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 116.633034][ T3501] comedi comedi3: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 116.664245][ T25] usb 6-1: USB disconnect, device number 3 [ 116.674177][ T113] usb 3-1: USB disconnect, device number 3 [ 116.722085][ T3501] usb 1-1: USB disconnect, device number 3 [ 116.738836][ T6] comedi comedi2: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3522] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3518] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3518] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3518] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 116.768106][ T123] usb 5-1: config 0 descriptor?? [ 116.774932][ T6] usb 4-1: USB disconnect, device number 3 [ 116.785934][ T28] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3518] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3518] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [ 116.816835][ T3518] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 116.835654][ T28] usb 2-1: USB disconnect, device number 3 [ 116.848531][ T3518] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [pid 3518] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcf7248d10) = 0 [ 116.921747][ T123] ------------[ cut here ]------------ [ 116.927466][ T123] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [ 116.934898][ T123] WARNING: CPU: 1 PID: 123 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 116.944845][ T123] Modules linked in: [ 116.948916][ T123] CPU: 1 PID: 123 Comm: kworker/1:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 116.960678][ T123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 116.971013][ T123] Workqueue: usb_hub_wq hub_event [ 116.976398][ T123] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 116.982264][ T123] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 117.003447][ T123] RSP: 0018:ffff8881092b6878 EFLAGS: 00010246 [ 117.009726][ T123] RAX: f603424d0d5e4e00 RBX: 0000000000000000 RCX: ffff888103e720c0 [ 117.017996][ T123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 117.026198][ T123] RBP: ffff8881092b6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 117.034464][ T123] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 117.042662][ T123] R13: 0000000000000003 R14: ffff888103e72c18 R15: 0000000000000000 [ 117.050803][ T123] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 117.060042][ T123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.066859][ T123] CR2: 00005641483f2000 CR3: 0000000127358000 CR4: 00000000003506e0 [ 117.075125][ T123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 117.083321][ T123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 117.091459][ T123] Call Trace: [ 117.092732][ T113] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 117.094848][ T123] [ 117.095013][ T123] usb_start_wait_urb+0xcf/0x350 [ 117.110792][ T123] usb_bulk_msg+0x5cc/0x6f0 [ 117.115590][ T123] usb_interrupt_msg+0x54/0x70 [ 117.120577][ T123] vmk80xx_write_packet+0x5f7/0x7d0 [ 117.123380][ T3501] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 117.126013][ T123] vmk80xx_auto_attach+0xe75/0x1e60 [ 117.138883][ T123] ? vmk80xx_detach+0x1a0/0x1a0 [ 117.144005][ T123] comedi_auto_config+0x2de/0x620 [ 117.149248][ T123] comedi_usb_auto_config+0x3f/0x50 [ 117.154741][ T123] vmk80xx_usb_probe+0x54/0x70 [ 117.159734][ T123] ? vmk80xx_read_packet+0x770/0x770 [ 117.165291][ T123] usb_probe_interface+0xc4b/0x11f0 [ 117.170739][ T123] ? usb_register_driver+0x5f0/0x5f0 [ 117.176354][ T123] really_probe+0x506/0x1000 [ 117.181174][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 117.187541][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 117.193649][ T123] __driver_probe_device+0x2fa/0x3d0 [ 117.199179][ T123] driver_probe_device+0x72/0x7a0 [ 117.204506][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 117.210575][ T123] __device_attach_driver+0x548/0x8e0 [ 117.216261][ T123] bus_for_each_drv+0x1fc/0x360 [pid 3523] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3521] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3521] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3523] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3523] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3518] exit_group(0) = ? [pid 3521] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3518] +++ exited with 0 +++ [pid 3521] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3495] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3518, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3495] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3524 ./strace-static-x86_64: Process 3524 attached [pid 3524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3524] setpgid(0, 0) = 0 [pid 3524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3524] write(3, "1000", 4) = 4 [pid 3524] close(3) = 0 [pid 3524] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [ 117.221344][ T123] ? coredump_store+0xa0/0xa0 [ 117.226330][ T123] __device_attach+0x42a/0x720 [ 117.231343][ T123] device_initial_probe+0x2e/0x40 [ 117.236653][ T123] bus_probe_device+0x13c/0x3b0 [ 117.241736][ T123] device_add+0x1d4b/0x26c0 [ 117.246524][ T123] usb_set_configuration+0x30f8/0x37e0 [ 117.252268][ T123] usb_generic_driver_probe+0x105/0x290 [ 117.253300][ T6] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 117.258018][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3524] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3524] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3524] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 117.271757][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 117.277750][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 117.283740][ T123] usb_probe_device+0x288/0x490 [ 117.288824][ T123] ? usb_register_device_driver+0x440/0x440 [ 117.292233][ T25] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 117.294934][ T123] really_probe+0x506/0x1000 [ 117.307206][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 117.313586][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3524] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3520] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3520] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3519] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3520] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3519] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [ 117.319637][ T123] __driver_probe_device+0x2fa/0x3d0 [ 117.325231][ T123] driver_probe_device+0x72/0x7a0 [ 117.330504][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 117.336630][ T123] __device_attach_driver+0x548/0x8e0 [ 117.342259][ T123] bus_for_each_drv+0x1fc/0x360 [ 117.347402][ T123] ? coredump_store+0xa0/0xa0 [ 117.352385][ T123] __device_attach+0x42a/0x720 [ 117.357409][ T123] device_initial_probe+0x2e/0x40 [ 117.362720][ T123] bus_probe_device+0x13c/0x3b0 [ 117.367805][ T123] device_add+0x1d4b/0x26c0 [pid 3519] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3523] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 117.372588][ T123] usb_new_device+0x17ac/0x2370 [ 117.377726][ T123] hub_event+0x5589/0x8080 [ 117.382515][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 117.382848][ T113] usb 3-1: Using ep0 maxpacket: 8 [ 117.388484][ T123] ? led_work+0x730/0x730 [ 117.398114][ T123] ? led_work+0x730/0x730 [ 117.402728][ T123] process_one_work+0xb27/0x13e0 [ 117.407924][ T123] worker_thread+0x1703/0x1d60 [ 117.412972][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 117.419024][ T123] ? __kthread_parkme+0x110/0x1b0 [pid 3523] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3523] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3521] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3521] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3523] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 9 [pid 3521] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 117.422599][ T3501] usb 1-1: Using ep0 maxpacket: 8 [ 117.424257][ T123] kthread+0x31b/0x430 [ 117.433604][ T123] ? worker_clr_flags+0x2b0/0x2b0 [ 117.438869][ T123] ? kthread_blkcg+0x120/0x120 [ 117.443904][ T123] ret_from_fork+0x1f/0x30 [ 117.448557][ T123] [ 117.451703][ T123] ---[ end trace 0000000000000000 ]--- [pid 3523] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3521] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3523] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3521] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3521] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3523] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3521] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [ 117.513288][ T113] usb 3-1: config 0 has an invalid interface number: 164 but max is 0 [ 117.521686][ T113] usb 3-1: config 0 has no interface number 0 [ 117.528942][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 117.539196][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 117.550789][ T25] usb 6-1: Using ep0 maxpacket: 8 [pid 3523] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3521] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3523] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3521] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3521] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3523] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3520] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3520] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [ 117.557429][ T123] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 117.578309][ T123] usb 5-1: USB disconnect, device number 4 [ 117.592976][ T6] usb 4-1: Using ep0 maxpacket: 8 [ 117.604642][ T3501] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [pid 3520] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3521] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3520] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3519] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3521] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3520] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3519] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3521] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3520] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3519] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3521] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3520] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3519] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3523] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3521] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3520] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3519] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3521] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3520] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 117.613405][ T3501] usb 1-1: config 0 has no interface number 0 [ 117.619677][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 117.629932][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3519] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3523] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3521] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3520] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3519] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3519] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3521] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3523] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3521] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3520] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3523] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3521] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3520] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3520] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3523] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3521] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3519] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3521] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3519] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3520] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [ 117.693180][ T25] usb 6-1: config 0 has an invalid interface number: 164 but max is 0 [ 117.705220][ T25] usb 6-1: config 0 has no interface number 0 [ 117.711495][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 117.721728][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3520] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3523] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3519] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3519] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3521] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3520] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3521] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3520] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3523] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 117.772986][ T6] usb 4-1: config 0 has an invalid interface number: 164 but max is 0 [ 117.781360][ T6] usb 4-1: config 0 has no interface number 0 [ 117.787865][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 117.798256][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 117.813680][ T113] usb 3-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [pid 3523] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3519] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3519] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 4 [pid 3521] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3520] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3519] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3521] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3520] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3521] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3520] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 117.823490][ T113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.831697][ T113] usb 3-1: Product: syz [ 117.836145][ T113] usb 3-1: Manufacturer: syz [ 117.840910][ T113] usb 3-1: SerialNumber: syz [ 117.851585][ T113] usb 3-1: config 0 descriptor?? [ 117.863565][ T3501] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [pid 3523] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3519] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3519] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3523] <... ioctl resumed>, 0) = 0 [pid 3523] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3523] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [ 117.873243][ T3501] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.881441][ T3501] usb 1-1: Product: syz [ 117.885916][ T3501] usb 1-1: Manufacturer: syz [ 117.887564][ T3523] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 117.890622][ T3501] usb 1-1: SerialNumber: syz [ 117.898439][ T28] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 117.910686][ T3501] usb 1-1: config 0 descriptor?? [pid 3521] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3520] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3519] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3523] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3519] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3520] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3520] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3523] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3522] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3523] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3522] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3521] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3519] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3521] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3519] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3521] <... ioctl resumed>, 0) = 0 [pid 3521] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3521] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3523] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3520] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3519] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3519] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3522] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3520] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3522] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3521] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3521] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3519] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 117.923047][ T3523] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 117.952712][ T3521] raw-gadget.5 gadget.0: fail, usb_ep_enable returned -22 [ 117.963427][ T25] usb 6-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [pid 3520] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3520] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3521] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3519] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3521] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3524] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 117.972952][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.981160][ T25] usb 6-1: Product: syz [ 117.985631][ T25] usb 6-1: Manufacturer: syz [ 117.986265][ T3521] raw-gadget.5 gadget.0: fail, usb_ep_enable returned -22 [ 117.990324][ T25] usb 6-1: SerialNumber: syz [ 118.002510][ T123] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 118.010134][ T113] ------------[ cut here ]------------ [ 118.015939][ T113] usb 3-1: BOGUS urb xfer, pipe 1 != type 3 [pid 3524] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [ 118.023372][ T113] WARNING: CPU: 0 PID: 113 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 118.033279][ T113] Modules linked in: [ 118.037338][ T113] CPU: 0 PID: 113 Comm: kworker/0:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 118.049084][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 118.059486][ T113] Workqueue: usb_hub_wq hub_event [ 118.064843][ T113] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 118.070706][ T113] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 118.090693][ T113] RSP: 0018:ffff888109c8e878 EFLAGS: 00010246 [ 118.097060][ T113] RAX: 7c40313c42a2f100 RBX: 0000000000000000 RCX: ffff888109c90000 [ 118.105347][ T113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 118.113577][ T113] RBP: ffff888109c8e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [pid 3524] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3523] exit_group(0) = ? [ 118.121739][ T113] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 118.130054][ T113] R13: 0000000000000003 R14: ffff888109c90b58 R15: 0000000000000000 [ 118.138283][ T113] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 118.147535][ T113] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.154413][ T113] CR2: 00007f3ece476cc0 CR3: 0000000116b29000 CR4: 00000000003506f0 [ 118.162580][ T28] usb 2-1: Using ep0 maxpacket: 8 [pid 3523] +++ exited with 0 +++ [pid 3491] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3523, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3491] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3522] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 118.167788][ T113] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 118.176064][ T113] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 118.184311][ T113] Call Trace: [ 118.187722][ T113] [ 118.190852][ T113] usb_start_wait_urb+0xcf/0x350 [ 118.196198][ T113] usb_bulk_msg+0x5cc/0x6f0 [ 118.200943][ T113] usb_interrupt_msg+0x54/0x70 [ 118.206058][ T113] vmk80xx_write_packet+0x5f7/0x7d0 [ 118.211510][ T113] vmk80xx_auto_attach+0xe75/0x1e60 [ 118.217090][ T113] ? vmk80xx_detach+0x1a0/0x1a0 [ 118.222154][ T113] comedi_auto_config+0x2de/0x620 [ 118.227534][ T113] comedi_usb_auto_config+0x3f/0x50 [ 118.233105][ T113] vmk80xx_usb_probe+0x54/0x70 [ 118.238087][ T113] ? vmk80xx_read_packet+0x770/0x770 [ 118.243680][ T113] usb_probe_interface+0xc4b/0x11f0 [ 118.249136][ T113] ? usb_register_driver+0x5f0/0x5f0 [ 118.254735][ T113] really_probe+0x506/0x1000 [ 118.259560][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 118.262704][ T123] usb 5-1: Using ep0 maxpacket: 8 [ 118.265887][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 118.276953][ T113] __driver_probe_device+0x2fa/0x3d0 [ 118.282565][ T113] driver_probe_device+0x72/0x7a0 [ 118.287834][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 118.293995][ T113] __device_attach_driver+0x548/0x8e0 [ 118.299596][ T113] bus_for_each_drv+0x1fc/0x360 [ 118.304705][ T113] ? coredump_store+0xa0/0xa0 [ 118.309580][ T113] __device_attach+0x42a/0x720 [ 118.313600][ T28] usb 2-1: config 0 has an invalid interface number: 164 but max is 0 [ 118.314577][ T113] device_initial_probe+0x2e/0x40 [ 118.322997][ T28] usb 2-1: config 0 has no interface number 0 [ 118.327762][ T113] bus_probe_device+0x13c/0x3b0 [ 118.333926][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 118.338806][ T113] device_add+0x1d4b/0x26c0 [ 118.348817][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 118.353378][ T113] usb_set_configuration+0x30f8/0x37e0 [ 118.369487][ T113] usb_generic_driver_probe+0x105/0x290 [ 118.375352][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 118.381399][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 118.387480][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 118.393503][ T113] usb_probe_device+0x288/0x490 [ 118.398583][ T113] ? usb_register_device_driver+0x440/0x440 [ 118.404844][ T113] really_probe+0x506/0x1000 [ 118.409669][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 118.416126][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 118.422178][ T113] __driver_probe_device+0x2fa/0x3d0 [ 118.427843][ T113] driver_probe_device+0x72/0x7a0 [ 118.433262][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 118.439312][ T113] __device_attach_driver+0x548/0x8e0 [ 118.445086][ T113] bus_for_each_drv+0x1fc/0x360 [ 118.450154][ T113] ? coredump_store+0xa0/0xa0 [ 118.452902][ T123] usb 5-1: config 0 has an invalid interface number: 164 but max is 0 [ 118.455140][ T113] __device_attach+0x42a/0x720 [ 118.463438][ T123] usb 5-1: config 0 has no interface number 0 [ 118.468162][ T113] device_initial_probe+0x2e/0x40 [ 118.474328][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 118.479362][ T113] bus_probe_device+0x13c/0x3b0 [ 118.489412][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 118.494282][ T113] device_add+0x1d4b/0x26c0 [ 118.509332][ T113] usb_new_device+0x17ac/0x2370 [ 118.514570][ T113] hub_event+0x5589/0x8080 [ 118.519295][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3491] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3525 [pid 3522] ioctl(3, USB_RAW_IOCTL_EP0_WRITE./strace-static-x86_64: Process 3525 attached [pid 3525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3525] setpgid(0, 0 [pid 3522] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3525] <... setpgid resumed>) = 0 [pid 3522] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3522] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3525] write(3, "1000", 4 [pid 3522] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3525] <... write resumed>) = 4 [pid 3525] close(3) = 0 [pid 3525] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3525] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3525] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3524] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3522] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3525] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3524] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3522] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3525] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3522] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3525] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3522] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3524] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3522] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3524] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3522] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3524] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3524] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 9 [pid 3522] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3524] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3522] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 4 [pid 3522] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3524] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3524] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 36 [pid 3524] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3524] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 4 [pid 3524] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3522] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3522] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3521] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3519] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3522] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 118.525470][ T113] ? led_work+0x730/0x730 [ 118.530029][ T113] ? led_work+0x730/0x730 [ 118.534671][ T113] process_one_work+0xb27/0x13e0 [ 118.539871][ T113] worker_thread+0x1703/0x1d60 [ 118.544992][ T113] kthread+0x31b/0x430 [ 118.549259][ T113] ? worker_clr_flags+0x2b0/0x2b0 [ 118.554603][ T113] ? kthread_blkcg+0x120/0x120 [ 118.559580][ T113] ret_from_fork+0x1f/0x30 [ 118.564312][ T113] [ 118.567462][ T113] ---[ end trace 0000000000000000 ]--- [pid 3519] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3522] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3522] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [ 118.591223][ T6] usb 4-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 118.600682][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.609095][ T6] usb 4-1: Product: syz [ 118.613611][ T6] usb 4-1: Manufacturer: syz [ 118.618476][ T6] usb 4-1: SerialNumber: syz [ 118.626377][ T3501] ------------[ cut here ]------------ [ 118.632003][ T3501] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [pid 3522] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3524] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3522] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3524] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 118.639494][ T3501] WARNING: CPU: 0 PID: 3501 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 118.649492][ T3501] Modules linked in: [ 118.653670][ T3501] CPU: 0 PID: 3501 Comm: kworker/0:3 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 118.665530][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 118.673199][ T28] usb 2-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 118.675856][ T3501] Workqueue: usb_hub_wq hub_event [pid 3522] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3524] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 118.684842][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.684946][ T28] usb 2-1: Product: syz [ 118.689944][ T3501] [ 118.689973][ T3501] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 118.698058][ T28] usb 2-1: Manufacturer: syz [ 118.702193][ T3501] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 118.704626][ T28] usb 2-1: SerialNumber: syz [ 118.710251][ T3501] RSP: 0018:ffff888122a6e878 EFLAGS: 00010246 [ 118.746123][ T3501] RAX: f66d70e6d79e2000 RBX: 0000000000000000 RCX: ffff888121010000 [ 118.754365][ T3501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 118.762626][ T3501] RBP: ffff888122a6e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 118.770780][ T3501] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 118.771880][ T28] usb 2-1: config 0 descriptor?? [ 118.778971][ T3501] R13: 0000000000000003 R14: ffff888121010b58 R15: 0000000000000000 [pid 3522] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3524] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3522] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3524] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3524] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3524] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3524] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3521] exit_group(0) = ? [ 118.792131][ T3501] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 118.801404][ T3501] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.808255][ T3501] CR2: 00007f3ece476cc0 CR3: 0000000116b29000 CR4: 00000000003506f0 [ 118.813517][ T123] usb 5-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 118.816464][ T3501] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 118.825501][ T123] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.833505][ T3501] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 118.833579][ T3501] Call Trace: [ 118.833610][ T3501] [ 118.833693][ T3501] usb_start_wait_urb+0xcf/0x350 [ 118.833840][ T3501] usb_bulk_msg+0x5cc/0x6f0 [ 118.833967][ T3501] usb_interrupt_msg+0x54/0x70 [ 118.834092][ T3501] vmk80xx_write_packet+0x5f7/0x7d0 [ 118.834249][ T3501] vmk80xx_auto_attach+0xe75/0x1e60 [ 118.834407][ T3501] ? vmk80xx_detach+0x1a0/0x1a0 [ 118.834525][ T3501] comedi_auto_config+0x2de/0x620 [ 118.834648][ T3501] comedi_usb_auto_config+0x3f/0x50 [ 118.842810][ T123] usb 5-1: Product: syz [ 118.850815][ T3501] vmk80xx_usb_probe+0x54/0x70 [ 118.854201][ T123] usb 5-1: Manufacturer: syz [ 118.857165][ T3501] ? vmk80xx_read_packet+0x770/0x770 [ 118.862135][ T123] usb 5-1: SerialNumber: syz [ 118.866705][ T3501] usb_probe_interface+0xc4b/0x11f0 [ 118.907730][ T3522] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22 [ 118.911320][ T3501] ? usb_register_driver+0x5f0/0x5f0 [ 118.927720][ T3522] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22 [ 118.933957][ T3501] really_probe+0x506/0x1000 [ 118.951904][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 118.958361][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 118.964508][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 118.970050][ T3501] driver_probe_device+0x72/0x7a0 [ 118.975462][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 118.981514][ T3501] __device_attach_driver+0x548/0x8e0 [ 118.987273][ T3501] bus_for_each_drv+0x1fc/0x360 [ 118.992431][ T3501] ? coredump_store+0xa0/0xa0 [ 118.997352][ T3501] __device_attach+0x42a/0x720 [ 119.002482][ T3501] device_initial_probe+0x2e/0x40 [ 119.007744][ T3501] bus_probe_device+0x13c/0x3b0 [ 119.012983][ T3501] device_add+0x1d4b/0x26c0 [ 119.017718][ T3501] usb_set_configuration+0x30f8/0x37e0 [ 119.023587][ T3501] usb_generic_driver_probe+0x105/0x290 [ 119.029350][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 119.030344][ T28] ------------[ cut here ]------------ [ 119.035441][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 119.040933][ T28] usb 2-1: BOGUS urb xfer, pipe 1 != type 3 [ 119.046744][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 119.054045][ T28] WARNING: CPU: 1 PID: 28 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 119.058436][ T3501] usb_probe_device+0x288/0x490 [ 119.068041][ T28] Modules linked in: [ 119.072943][ T3501] ? usb_register_device_driver+0x440/0x440 [ 119.073079][ T3501] really_probe+0x506/0x1000 [ 119.076959][ T28] [ 119.076993][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 119.082962][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 119.087561][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 119.089921][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 119.101406][ T28] Workqueue: usb_hub_wq hub_event [ 119.107544][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 119.117748][ T28] [ 119.123563][ T3501] driver_probe_device+0x72/0x7a0 [ 119.128569][ T28] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 119.133941][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 119.136290][ T28] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 119.141329][ T3501] __device_attach_driver+0x548/0x8e0 [ 119.147011][ T28] RSP: 0018:ffff8881027a2878 EFLAGS: 00010246 [ 119.152939][ T3501] bus_for_each_drv+0x1fc/0x360 [ 119.172700][ T28] [ 119.178018][ T3501] ? coredump_store+0xa0/0xa0 [ 119.184143][ T28] RAX: c3242d7576535800 RBX: 0000000000000000 RCX: ffff888102684180 [ 119.189045][ T3501] __device_attach+0x42a/0x720 [ 119.191369][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 119.196150][ T3501] device_initial_probe+0x2e/0x40 [ 119.204168][ T28] RBP: ffff8881027a2998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 119.208971][ T3501] bus_probe_device+0x13c/0x3b0 [ 119.217023][ T28] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [pid 3524] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3522] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3524] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3522] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3522] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3521] +++ exited with 0 +++ [pid 3522] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3488] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3521, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [pid 3488] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3522] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3488] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3522] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3488] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3526 ./strace-static-x86_64: Process 3526 attached [pid 3526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3526] setpgid(0, 0) = 0 [pid 3526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3526] write(3, "1000", 4) = 4 [pid 3526] close(3) = 0 [pid 3526] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3526] ioctl(3, USB_RAW_IOCTL_INIT [pid 3522] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3526] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3526] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3522] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3526] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 119.222104][ T3501] device_add+0x1d4b/0x26c0 [ 119.230170][ T28] R13: 0000000000000003 R14: ffff888102684cd8 R15: 0000000000000000 [ 119.235105][ T3501] usb_new_device+0x17ac/0x2370 [ 119.243120][ T28] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 119.247695][ T3501] hub_event+0x5589/0x8080 [ 119.255719][ T28] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.260664][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 119.269612][ T28] CR2: 00007f3ece476cc0 CR3: 00000001272d2000 CR4: 00000000003506e0 [ 119.274106][ T3501] ? led_work+0x730/0x730 [ 119.280782][ T28] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 119.286671][ T3501] ? led_work+0x730/0x730 [ 119.286802][ T3501] process_one_work+0xb27/0x13e0 [ 119.286972][ T3501] worker_thread+0x1703/0x1d60 [ 119.287143][ T3501] kthread+0x31b/0x430 [ 119.287253][ T3501] ? worker_clr_flags+0x2b0/0x2b0 [ 119.287401][ T3501] ? kthread_blkcg+0x120/0x120 [ 119.287521][ T3501] ret_from_fork+0x1f/0x30 [ 119.287663][ T3501] [ 119.287700][ T3501] ---[ end trace 0000000000000000 ]--- [ 119.299524][ T6] usb 4-1: config 0 descriptor?? [ 119.302032][ T25] usb 6-1: config 0 descriptor?? [ 119.304017][ T28] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 119.312937][ T113] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 119.316458][ T28] Call Trace: [ 119.326222][ T113] usb 3-1: USB disconnect, device number 4 [ 119.330313][ T28] [ 119.330397][ T28] usb_start_wait_urb+0xcf/0x350 [ 119.370403][ T3501] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 119.371746][ T28] usb_bulk_msg+0x5cc/0x6f0 [ 119.387617][ T3501] usb 1-1: USB disconnect, device number 4 [ 119.390616][ T28] usb_interrupt_msg+0x54/0x70 [ 119.416049][ T3519] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 119.418897][ T28] vmk80xx_write_packet+0x5f7/0x7d0 [ 119.424679][ T3519] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [pid 3526] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3522] exit_group(0) = ? [pid 3522] +++ exited with 0 +++ [pid 3519] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3519] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3519] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3519] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3519] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3520] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3519] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3520] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3490] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3522, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [ 119.430937][ T28] vmk80xx_auto_attach+0xe75/0x1e60 [ 119.453112][ T28] ? vmk80xx_detach+0x1a0/0x1a0 [ 119.458199][ T28] comedi_auto_config+0x2de/0x620 [ 119.463561][ T28] comedi_usb_auto_config+0x3f/0x50 [ 119.468991][ T28] vmk80xx_usb_probe+0x54/0x70 [ 119.474033][ T28] ? vmk80xx_read_packet+0x770/0x770 [ 119.479540][ T28] usb_probe_interface+0xc4b/0x11f0 [ 119.485041][ T28] ? usb_register_driver+0x5f0/0x5f0 [ 119.490567][ T28] really_probe+0x506/0x1000 [pid 3520] <... ioctl resumed>, 0) = 0 [pid 3490] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3520] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3520] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3490] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3527 [ 119.495450][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 119.498004][ T3520] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 119.501689][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 119.515027][ T28] __driver_probe_device+0x2fa/0x3d0 [ 119.520574][ T28] driver_probe_device+0x72/0x7a0 [ 119.525922][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 119.531980][ T28] __device_attach_driver+0x548/0x8e0 [ 119.537676][ T28] bus_for_each_drv+0x1fc/0x360 [pid 3519] ioctl(3, USB_RAW_IOCTL_EP0_READ [ 119.542811][ T28] ? coredump_store+0xa0/0xa0 [ 119.547744][ T28] __device_attach+0x42a/0x720 [ 119.552819][ T28] device_initial_probe+0x2e/0x40 [ 119.558084][ T28] bus_probe_device+0x13c/0x3b0 [ 119.560880][ T3500] udevd[3500]: setting owner of /dev/bus/usb/003/004 to uid=0, gid=0 failed: No such file or directory [ 119.563161][ T28] device_add+0x1d4b/0x26c0 [ 119.579027][ T28] usb_set_configuration+0x30f8/0x37e0 [ 119.584837][ T28] usb_generic_driver_probe+0x105/0x290 [pid 3520] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3519] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 119.590620][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 119.592749][ T3520] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 119.596654][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 119.609685][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 119.615684][ T28] usb_probe_device+0x288/0x490 [ 119.620765][ T28] ? usb_register_device_driver+0x440/0x440 [ 119.625381][ T6] ------------[ cut here ]------------ [ 119.626881][ T28] really_probe+0x506/0x1000 [ 119.632566][ T6] usb 4-1: BOGUS urb xfer, pipe 1 != type 3 [ 119.637060][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 119.637213][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 119.644576][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 119.649222][ T28] __driver_probe_device+0x2fa/0x3d0 [ 119.655144][ T6] Modules linked in: [ 119.655203][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 119.664667][ T28] driver_probe_device+0x72/0x7a0 [ 119.669972][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 119.670050][ T6] Workqueue: usb_hub_wq hub_event [ 119.674066][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 119.674219][ T28] __device_attach_driver+0x548/0x8e0 [ 119.685595][ T6] [ 119.685624][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 119.690634][ T28] bus_for_each_drv+0x1fc/0x360 [ 119.690765][ T28] ? coredump_store+0xa0/0xa0 [ 119.700924][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 119.701019][ T6] RSP: 0018:ffff888102616878 EFLAGS: 00010246 [ 119.706100][ T28] __device_attach+0x42a/0x720 [ 119.711966][ T6] [ 119.711993][ T6] RAX: 9ab4860bd45fdb00 RBX: 0000000000000000 RCX: ffff888102604180 [ 119.717422][ T28] device_initial_probe+0x2e/0x40 [ 119.717567][ T28] bus_probe_device+0x13c/0x3b0 [ 119.719920][ T6] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 119.719988][ T6] RBP: ffff888102616998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 119.720080][ T6] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 119.725757][ T28] device_add+0x1d4b/0x26c0 [ 119.730639][ T6] R13: 0000000000000003 R14: ffff888102604cd8 R15: 0000000000000000 [ 119.735404][ T28] usb_new_device+0x17ac/0x2370 [ 119.735573][ T28] hub_event+0x5589/0x8080 [ 119.755285][ T6] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 119.755384][ T6] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.761527][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 119.766365][ T6] CR2: 00007ffcf724ad48 CR3: 00000001272d2000 CR4: 00000000003506f0 [ 119.766446][ T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 119.768746][ T28] ? led_work+0x730/0x730 [ 119.768891][ T28] ? led_work+0x730/0x730 [ 119.776954][ T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 119.781952][ T28] process_one_work+0xb27/0x13e0 [ 119.786880][ T6] Call Trace: [ 119.786912][ T6] [ 119.786993][ T6] usb_start_wait_urb+0xcf/0x350 [ 119.795065][ T28] worker_thread+0x1703/0x1d60 [ 119.795239][ T28] kthread+0x31b/0x430 [ 119.803282][ T6] usb_bulk_msg+0x5cc/0x6f0 [ 119.803420][ T6] usb_interrupt_msg+0x54/0x70 [ 119.811360][ T28] ? worker_clr_flags+0x2b0/0x2b0 [ 119.815984][ T6] vmk80xx_write_packet+0x5f7/0x7d0 [ 119.824097][ T28] ? kthread_blkcg+0x120/0x120 [ 119.824218][ T28] ret_from_fork+0x1f/0x30 [ 119.829088][ T6] vmk80xx_auto_attach+0xe75/0x1e60 [ 119.833561][ T28] [ 119.833599][ T28] ---[ end trace 0000000000000000 ]--- [ 119.839949][ T123] usb 5-1: config 0 descriptor?? [ 119.842775][ T6] ? vmk80xx_detach+0x1a0/0x1a0 [ 119.842905][ T6] comedi_auto_config+0x2de/0x620 [ 119.843029][ T6] comedi_usb_auto_config+0x3f/0x50 [ 119.843169][ T6] vmk80xx_usb_probe+0x54/0x70 [ 119.843294][ T6] ? vmk80xx_read_packet+0x770/0x770 [ 119.908572][ T28] comedi comedi2: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 119.913046][ T6] usb_probe_interface+0xc4b/0x11f0 [ 119.973792][ T28] usb 2-1: USB disconnect, device number 4 [ 119.977428][ T6] ? usb_register_driver+0x5f0/0x5f0 [ 120.024793][ T6] really_probe+0x506/0x1000 [ 120.029871][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 120.036596][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 120.042975][ T6] __driver_probe_device+0x2fa/0x3d0 [ 120.048775][ T6] driver_probe_device+0x72/0x7a0 [ 120.054430][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 120.060732][ T6] __device_attach_driver+0x548/0x8e0 [ 120.066726][ T6] bus_for_each_drv+0x1fc/0x360 [ 120.072044][ T6] ? coredump_store+0xa0/0xa0 [ 120.077325][ T6] __device_attach+0x42a/0x720 [ 120.082672][ T6] device_initial_probe+0x2e/0x40 [ 120.088184][ T6] bus_probe_device+0x13c/0x3b0 [ 120.093647][ T6] device_add+0x1d4b/0x26c0 [ 120.098625][ T6] usb_set_configuration+0x30f8/0x37e0 [ 120.104707][ T6] usb_generic_driver_probe+0x105/0x290 [ 120.110745][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 120.117170][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 120.123409][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 120.129611][ T6] usb_probe_device+0x288/0x490 [ 120.135222][ T6] ? usb_register_device_driver+0x440/0x440 [ 120.141584][ T6] really_probe+0x506/0x1000 ./strace-static-x86_64: Process 3527 attached [pid 3524] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3520] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3527] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3524] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3519] exit_group(0 [pid 3497] kill(-3520, SIGKILL [pid 3527] <... prctl resumed>) = 0 [pid 3524] <... ioctl resumed>, 0) = 0 [pid 3520] <... ioctl resumed> ) = ? [pid 3519] <... exit_group resumed>) = ? [pid 3497] <... kill resumed>) = 0 [pid 3527] setpgid(0, 0 [pid 3524] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3520] +++ killed by SIGKILL +++ [pid 3519] +++ exited with 0 +++ [pid 3497] kill(3520, SIGKILL [pid 3527] <... setpgid resumed>) = 0 [ 120.146732][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 120.153361][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 120.159652][ T6] __driver_probe_device+0x2fa/0x3d0 [ 120.165541][ T6] driver_probe_device+0x72/0x7a0 [ 120.173658][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 120.179986][ T6] __device_attach_driver+0x548/0x8e0 [ 120.186000][ T6] bus_for_each_drv+0x1fc/0x360 [ 120.191316][ T6] ? coredump_store+0xa0/0xa0 [pid 3524] <... ioctl resumed>, 0) = 0 [pid 3497] <... kill resumed>) = 0 [pid 3492] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3519, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 3527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3524] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3497] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3520, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=5} --- [pid 3492] kill(-3519, SIGKILL [pid 3527] <... openat resumed>) = 3 [pid 3524] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3492] <... kill resumed>) = 0 [pid 3527] write(3, "1000", 4 [pid 3492] kill(3519, SIGKILL [pid 3527] <... write resumed>) = 4 [pid 3497] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3492] <... kill resumed>) = 0 [pid 3527] close(3) = 0 [pid 3497] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3528 [pid 3527] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3492] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3528 attached [pid 3527] <... openat resumed>) = 3 [pid 3528] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3527] ioctl(3, USB_RAW_IOCTL_INIT [pid 3492] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3529 [pid 3528] <... prctl resumed>) = 0 [pid 3527] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 120.191795][ T3524] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 120.196398][ T6] __device_attach+0x42a/0x720 [ 120.208893][ T6] device_initial_probe+0x2e/0x40 [ 120.214532][ T6] bus_probe_device+0x13c/0x3b0 [ 120.219867][ T6] device_add+0x1d4b/0x26c0 [ 120.224958][ T6] usb_new_device+0x17ac/0x2370 [ 120.230332][ T6] hub_event+0x5589/0x8080 [ 120.235507][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 120.239152][ T3524] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [pid 3524] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3528] setpgid(0, 0 [pid 3527] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3524] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3528] <... setpgid resumed>) = 0 [pid 3527] <... ioctl resumed>, 0) = 0 [ 120.241623][ T6] ? led_work+0x730/0x730 [ 120.253816][ T6] ? led_work+0x730/0x730 [ 120.258622][ T6] process_one_work+0xb27/0x13e0 [ 120.264191][ T6] worker_thread+0x1703/0x1d60 [ 120.269488][ T6] kthread+0x31b/0x430 [ 120.274147][ T6] ? worker_clr_flags+0x2b0/0x2b0 [ 120.279676][ T6] ? kthread_blkcg+0x120/0x120 [ 120.285033][ T6] ret_from_fork+0x1f/0x30 [ 120.289926][ T6] [ 120.293444][ T6] ---[ end trace 0000000000000000 ]--- [pid 3528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3527] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3528] <... openat resumed>) = 3 [pid 3527] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3528] write(3, "1000", 4 [pid 3527] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3528] <... write resumed>) = 4 [pid 3528] close(3) = 0 [pid 3528] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3528] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3528] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3524] ioctl(3, USB_RAW_IOCTL_EP0_READ [ 120.299731][ T25] usb 6-1: can't set config #0, error -71 [ 120.328193][ T25] usb 6-1: USB disconnect, device number 4 [ 120.336780][ T6] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 120.360541][ T123] ------------[ cut here ]------------ [ 120.366210][ T123] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [ 120.373643][ T123] WARNING: CPU: 1 PID: 123 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 120.383520][ T123] Modules linked in: [ 120.383505][ T6] usb 4-1: USB disconnect, device number 4 [ 120.393696][ T123] [ 120.396138][ T123] CPU: 1 PID: 123 Comm: kworker/1:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 120.407906][ T123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 120.418200][ T123] Workqueue: usb_hub_wq hub_event [ 120.423597][ T123] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 120.429460][ T123] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 120.449403][ T123] RSP: 0018:ffff8881092b6878 EFLAGS: 00010246 [ 120.455744][ T123] RAX: f603424d0d5e4e00 RBX: 0000000000000000 RCX: ffff888103e720c0 [ 120.464022][ T123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 120.472168][ T123] RBP: ffff8881092b6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 120.480445][ T123] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 120.488707][ T123] R13: 0000000000000003 R14: ffff888103e72c18 R15: 0000000000000000 [ 120.496919][ T123] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [pid 3528] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH./strace-static-x86_64: Process 3529 attached , 0x7ffcf7249d20) = 0 [pid 3529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3529] setpgid(0, 0) = 0 [pid 3529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3529] write(3, "1000", 4) = 4 [pid 3529] close(3) = 0 [pid 3529] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3529] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3529] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3529] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3529] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3528] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3524] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 120.506110][ T123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.512939][ T123] CR2: 00007f3ece476cc0 CR3: 0000000127358000 CR4: 00000000003506e0 [ 120.521096][ T123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 120.529301][ T123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 120.537569][ T123] Call Trace: [ 120.541156][ T123] [ 120.544321][ T123] usb_start_wait_urb+0xcf/0x350 [ 120.549494][ T123] usb_bulk_msg+0x5cc/0x6f0 [ 120.554282][ T123] usb_interrupt_msg+0x54/0x70 [ 120.559266][ T123] vmk80xx_write_packet+0x5f7/0x7d0 [ 120.564773][ T123] vmk80xx_auto_attach+0xe75/0x1e60 [ 120.570225][ T123] ? vmk80xx_detach+0x1a0/0x1a0 [ 120.575345][ T123] comedi_auto_config+0x2de/0x620 [ 120.580586][ T123] comedi_usb_auto_config+0x3f/0x50 [ 120.586071][ T123] vmk80xx_usb_probe+0x54/0x70 [ 120.591048][ T123] ? vmk80xx_read_packet+0x770/0x770 [ 120.596611][ T123] usb_probe_interface+0xc4b/0x11f0 [ 120.602052][ T123] ? usb_register_driver+0x5f0/0x5f0 [ 120.607606][ T123] really_probe+0x506/0x1000 [ 120.612482][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 120.618786][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 120.622683][ T113] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 120.624819][ T123] __driver_probe_device+0x2fa/0x3d0 [ 120.632643][ T3501] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 120.637604][ T123] driver_probe_device+0x72/0x7a0 [ 120.650396][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 120.656517][ T123] __device_attach_driver+0x548/0x8e0 [pid 3525] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 120.662145][ T123] bus_for_each_drv+0x1fc/0x360 [ 120.667264][ T123] ? coredump_store+0xa0/0xa0 [ 120.672181][ T123] __device_attach+0x42a/0x720 [ 120.677246][ T123] device_initial_probe+0x2e/0x40 [ 120.682550][ T123] bus_probe_device+0x13c/0x3b0 [ 120.687636][ T123] device_add+0x1d4b/0x26c0 [ 120.692429][ T123] usb_set_configuration+0x30f8/0x37e0 [ 120.698177][ T123] usb_generic_driver_probe+0x105/0x290 [ 120.704032][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3525] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3524] exit_group(0) = ? [pid 3525] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 120.710078][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 120.712757][ T25] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 120.716048][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 120.729387][ T123] usb_probe_device+0x288/0x490 [ 120.734567][ T123] ? usb_register_device_driver+0x440/0x440 [ 120.740686][ T123] really_probe+0x506/0x1000 [ 120.745618][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 120.751933][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3528] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3525] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3524] +++ exited with 0 +++ [pid 3528] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3495] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3524, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 3528] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3528] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3495] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3530 [ 120.758095][ T123] __driver_probe_device+0x2fa/0x3d0 [ 120.763689][ T123] driver_probe_device+0x72/0x7a0 [ 120.768968][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 120.775126][ T123] __device_attach_driver+0x548/0x8e0 [ 120.780759][ T123] bus_for_each_drv+0x1fc/0x360 [ 120.785942][ T123] ? coredump_store+0xa0/0xa0 [ 120.790864][ T123] __device_attach+0x42a/0x720 [ 120.795990][ T123] device_initial_probe+0x2e/0x40 [ 120.801254][ T123] bus_probe_device+0x13c/0x3b0 ./strace-static-x86_64: Process 3530 attached [pid 3530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3530] setpgid(0, 0) = 0 [pid 3530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3529] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3530] <... openat resumed>) = 3 [pid 3529] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3530] write(3, "1000", 4) = 4 [pid 3530] close(3) = 0 [pid 3530] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3529] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3530] ioctl(3, USB_RAW_IOCTL_INIT [ 120.802721][ T6] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 120.806371][ T123] device_add+0x1d4b/0x26c0 [ 120.818741][ T123] usb_new_device+0x17ac/0x2370 [ 120.823955][ T123] hub_event+0x5589/0x8080 [ 120.828680][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 120.834838][ T123] ? led_work+0x730/0x730 [ 120.839401][ T123] ? led_work+0x730/0x730 [ 120.844069][ T123] process_one_work+0xb27/0x13e0 [ 120.849273][ T123] worker_thread+0x1703/0x1d60 [ 120.854364][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3529] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3530] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3530] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3530] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3526] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3530] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3526] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3530] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3526] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 120.860415][ T123] ? __kthread_parkme+0x110/0x1b0 [ 120.865749][ T123] kthread+0x31b/0x430 [ 120.870020][ T123] ? worker_clr_flags+0x2b0/0x2b0 [ 120.875378][ T123] ? kthread_blkcg+0x120/0x120 [ 120.880356][ T123] ret_from_fork+0x1f/0x30 [ 120.885112][ T123] [ 120.888258][ T123] ---[ end trace 0000000000000000 ]--- [pid 3526] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3525] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3525] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [ 120.912904][ T123] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 120.933025][ T113] usb 3-1: Using ep0 maxpacket: 8 [ 120.941865][ T123] usb 5-1: USB disconnect, device number 5 [pid 3525] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3525] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3528] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3528] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3525] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [ 120.982709][ T25] usb 6-1: Using ep0 maxpacket: 8 [pid 3525] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3528] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3528] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3525] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3525] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3528] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3528] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3525] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3525] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3528] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3528] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3525] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3525] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3529] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3528] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3529] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3528] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3525] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [ 121.052822][ T113] usb 3-1: config 0 has an invalid interface number: 164 but max is 0 [ 121.061182][ T113] usb 3-1: config 0 has no interface number 0 [ 121.067724][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 121.078026][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 121.088697][ T6] usb 4-1: Using ep0 maxpacket: 8 [pid 3525] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3529] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3528] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3525] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3528] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3525] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3529] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3529] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3525] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3528] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3525] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3528] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3529] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3527] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3526] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3525] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3529] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3527] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3526] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 121.133189][ T25] usb 6-1: config 0 has an invalid interface number: 164 but max is 0 [ 121.141493][ T25] usb 6-1: config 0 has no interface number 0 [ 121.147950][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 121.158310][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 121.168931][ T3501] usb 1-1: Using ep0 maxpacket: 8 [ 121.172632][ T28] usb 2-1: new high-speed USB device number 5 using dummy_hcd [pid 3525] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3528] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3528] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3527] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3529] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3526] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3525] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3529] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3528] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3527] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3528] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3526] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3525] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3526] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3525] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3526] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3525] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3528] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 121.252994][ T6] usb 4-1: config 0 has an invalid interface number: 164 but max is 0 [ 121.261508][ T6] usb 4-1: config 0 has no interface number 0 [ 121.268195][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 121.278676][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 121.290728][ T113] usb 3-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [pid 3528] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3529] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3528] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3526] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3525] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3528] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [ 121.300087][ T113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.308737][ T113] usb 3-1: Product: syz [ 121.313146][ T113] usb 3-1: Manufacturer: syz [ 121.317902][ T113] usb 3-1: SerialNumber: syz [pid 3528] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3529] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3526] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3525] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3529] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3528] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3526] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3529] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3528] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3526] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3525] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3525] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3525] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 121.352623][ T113] usb 3-1: config 0 descriptor?? [pid 3525] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3529] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3526] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3525] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3529] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 121.381997][ T3525] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 121.390086][ T3501] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [ 121.398510][ T3501] usb 1-1: config 0 has no interface number 0 [ 121.404917][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 121.415123][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3526] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3528] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3528] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3526] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3530] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3526] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 121.426028][ T25] usb 6-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 121.435378][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.443654][ T25] usb 6-1: Product: syz [ 121.447970][ T25] usb 6-1: Manufacturer: syz [ 121.452794][ T25] usb 6-1: SerialNumber: syz [ 121.463940][ T123] usb 5-1: new high-speed USB device number 6 using dummy_hcd [pid 3530] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3525] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3526] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3525] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3526] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3530] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3530] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3525] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3529] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3529] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3525] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3527] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 121.501603][ T3525] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 121.517390][ T25] usb 6-1: config 0 descriptor?? [ 121.521941][ T28] usb 2-1: Using ep0 maxpacket: 8 [ 121.543965][ T113] ------------[ cut here ]------------ [pid 3527] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3529] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3528] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3526] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3529] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3528] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3526] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3528] <... ioctl resumed>, 0) = 0 [pid 3527] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3528] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3527] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3528] <... ioctl resumed>, 0) = 0 [pid 3528] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3527] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 121.551301][ T113] usb 3-1: BOGUS urb xfer, pipe 1 != type 3 [ 121.559358][ T113] WARNING: CPU: 0 PID: 113 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 121.569347][ T113] Modules linked in: [ 121.573565][ T113] CPU: 0 PID: 113 Comm: kworker/0:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 121.584675][ T3528] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 121.585256][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [pid 3527] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3528] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3527] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3527] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 121.601481][ T3528] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 121.602574][ T113] Workqueue: usb_hub_wq hub_event [ 121.615074][ T113] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 121.620957][ T113] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 121.640894][ T113] RSP: 0018:ffff888109c8e878 EFLAGS: 00010246 [pid 3528] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3527] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 121.647258][ T113] RAX: 7c40313c42a2f100 RBX: 0000000000000000 RCX: ffff888109c90000 [ 121.655495][ T113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 121.662943][ T28] usb 2-1: config 0 has an invalid interface number: 164 but max is 0 [ 121.663641][ T113] RBP: ffff888109c8e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 121.671816][ T28] usb 2-1: config 0 has no interface number 0 [ 121.679802][ T113] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 121.679874][ T113] R13: 0000000000000003 R14: ffff888109c90b58 R15: 0000000000000000 [ 121.687364][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 121.694110][ T113] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 121.702086][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 121.712043][ T113] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.738408][ T113] CR2: 00007f3ece476cc0 CR3: 000000012731e000 CR4: 00000000003506f0 [ 121.746722][ T113] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 121.754936][ T113] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 121.763153][ T113] Call Trace: [ 121.766555][ T113] [ 121.769655][ T113] usb_start_wait_urb+0xcf/0x350 [ 121.772465][ T123] usb 5-1: Using ep0 maxpacket: 8 [ 121.774836][ T113] usb_bulk_msg+0x5cc/0x6f0 [ 121.784660][ T113] usb_interrupt_msg+0x54/0x70 [ 121.789646][ T113] vmk80xx_write_packet+0x5f7/0x7d0 [ 121.795176][ T113] vmk80xx_auto_attach+0xe75/0x1e60 [ 121.800628][ T113] ? vmk80xx_detach+0x1a0/0x1a0 [ 121.805803][ T113] comedi_auto_config+0x2de/0x620 [ 121.811044][ T113] comedi_usb_auto_config+0x3f/0x50 [ 121.816561][ T113] vmk80xx_usb_probe+0x54/0x70 [ 121.821549][ T113] ? vmk80xx_read_packet+0x770/0x770 [ 121.827217][ T113] usb_probe_interface+0xc4b/0x11f0 [ 121.832738][ T113] ? usb_register_driver+0x5f0/0x5f0 [ 121.838243][ T113] really_probe+0x506/0x1000 [ 121.843199][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 121.849511][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 121.855684][ T113] __driver_probe_device+0x2fa/0x3d0 [ 121.861216][ T113] driver_probe_device+0x72/0x7a0 [ 121.866629][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 121.872754][ T113] __device_attach_driver+0x548/0x8e0 [ 121.878380][ T113] bus_for_each_drv+0x1fc/0x360 [ 121.883616][ T113] ? coredump_store+0xa0/0xa0 [ 121.888535][ T113] __device_attach+0x42a/0x720 [ 121.893676][ T113] device_initial_probe+0x2e/0x40 [ 121.898941][ T113] bus_probe_device+0x13c/0x3b0 [ 121.904150][ T113] device_add+0x1d4b/0x26c0 [ 121.908882][ T113] usb_set_configuration+0x30f8/0x37e0 [ 121.914761][ T113] usb_generic_driver_probe+0x105/0x290 [ 121.920519][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 121.926695][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 121.932711][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 121.938668][ T113] usb_probe_device+0x288/0x490 [ 121.943818][ T113] ? usb_register_device_driver+0x440/0x440 [ 121.949936][ T113] really_probe+0x506/0x1000 [ 121.954890][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 121.961205][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 121.967354][ T113] __driver_probe_device+0x2fa/0x3d0 [ 121.972968][ T113] driver_probe_device+0x72/0x7a0 [ 121.978233][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 121.984357][ T113] __device_attach_driver+0x548/0x8e0 [ 121.989987][ T113] bus_for_each_drv+0x1fc/0x360 [ 121.995198][ T113] ? coredump_store+0xa0/0xa0 [ 122.000119][ T113] __device_attach+0x42a/0x720 [ 122.003663][ T123] usb 5-1: config 0 has an invalid interface number: 164 but max is 0 [ 122.005184][ T113] device_initial_probe+0x2e/0x40 [ 122.013504][ T123] usb 5-1: config 0 has no interface number 0 [ 122.018325][ T113] bus_probe_device+0x13c/0x3b0 [ 122.024479][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 122.029358][ T113] device_add+0x1d4b/0x26c0 [ 122.039354][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 122.043924][ T113] usb_new_device+0x17ac/0x2370 [ 122.059364][ T113] hub_event+0x5589/0x8080 [ 122.064212][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 122.070258][ T113] ? led_work+0x730/0x730 [ 122.074950][ T113] ? led_work+0x730/0x730 [ 122.079504][ T113] process_one_work+0xb27/0x13e0 [ 122.083296][ T28] usb 2-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 122.084765][ T113] worker_thread+0x1703/0x1d60 [pid 3527] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 36 [pid 3527] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3527] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 4 [pid 3527] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3525] exit_group(0) = ? [pid 3525] +++ exited with 0 +++ [pid 3491] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3525, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 3491] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3491] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3531 ./strace-static-x86_64: Process 3531 attached [pid 3531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3531] setpgid(0, 0) = 0 [pid 3531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3531] write(3, "1000", 4) = 4 [pid 3531] close(3) = 0 [pid 3531] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3531] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3531] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3531] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3530] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3531] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3530] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3531] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3530] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3530] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3527] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3530] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3527] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3530] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3527] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3530] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3527] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3530] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3527] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3530] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3527] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3530] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3527] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3530] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3527] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3527] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3530] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3527] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3530] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3527] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3528] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3526] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3530] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3526] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 122.093849][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.098571][ T113] kthread+0x31b/0x430 [ 122.106611][ T28] usb 2-1: Product: syz [ 122.110693][ T113] ? worker_clr_flags+0x2b0/0x2b0 [ 122.114975][ T28] usb 2-1: Manufacturer: syz [ 122.119979][ T113] ? kthread_blkcg+0x120/0x120 [ 122.124648][ T28] usb 2-1: SerialNumber: syz [ 122.129435][ T113] ret_from_fork+0x1f/0x30 [ 122.139154][ T113] [ 122.142444][ T113] ---[ end trace 0000000000000000 ]--- [pid 3530] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3529] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3529] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3526] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 122.167664][ T25] ------------[ cut here ]------------ [ 122.173663][ T25] usb 6-1: BOGUS urb xfer, pipe 1 != type 3 [ 122.181003][ T25] WARNING: CPU: 0 PID: 25 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 122.190849][ T25] Modules linked in: [ 122.194995][ T25] CPU: 0 PID: 25 Comm: kworker/0:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 122.206716][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 122.217047][ T25] Workqueue: usb_hub_wq hub_event [ 122.222401][ T25] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 122.228252][ T25] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 122.248172][ T25] RSP: 0018:ffff8881026f6878 EFLAGS: 00010246 [ 122.249703][ T28] usb 2-1: config 0 descriptor?? [ 122.254454][ T25] RAX: 5ec2ec8ff90d0c00 RBX: 0000000000000000 RCX: ffff88810267c180 [pid 3526] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3530] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3530] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3527] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3530] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3527] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3530] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3527] <... ioctl resumed>, 0) = 0 [pid 3530] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3527] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 122.254536][ T25] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 122.254600][ T25] RBP: ffff8881026f6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 122.254684][ T25] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 122.292232][ T25] R13: 0000000000000003 R14: ffff88810267ccd8 R15: 0000000000000000 [ 122.300483][ T25] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 122.304437][ T3527] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [pid 3527] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3530] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 122.309638][ T25] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.323626][ T25] CR2: 00007f3ece476cc0 CR3: 00000001272b3000 CR4: 00000000003506f0 [ 122.331777][ T25] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 122.335442][ T3527] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 122.339929][ T25] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 122.355318][ T25] Call Trace: [ 122.358728][ T25] [ 122.361828][ T25] usb_start_wait_urb+0xcf/0x350 [ 122.367071][ T25] usb_bulk_msg+0x5cc/0x6f0 [ 122.371821][ T25] usb_interrupt_msg+0x54/0x70 [ 122.373291][ T123] usb 5-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 122.376855][ T25] vmk80xx_write_packet+0x5f7/0x7d0 [ 122.385987][ T123] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.391076][ T25] vmk80xx_auto_attach+0xe75/0x1e60 [ 122.399110][ T123] usb 5-1: Product: syz [ 122.404430][ T25] ? vmk80xx_detach+0x1a0/0x1a0 [ 122.408599][ T123] usb 5-1: Manufacturer: syz [ 122.413515][ T25] comedi_auto_config+0x2de/0x620 [ 122.418115][ T123] usb 5-1: SerialNumber: syz [ 122.423228][ T25] comedi_usb_auto_config+0x3f/0x50 [ 122.433770][ T25] vmk80xx_usb_probe+0x54/0x70 [ 122.438752][ T25] ? vmk80xx_read_packet+0x770/0x770 [ 122.444388][ T25] usb_probe_interface+0xc4b/0x11f0 [ 122.449836][ T25] ? usb_register_driver+0x5f0/0x5f0 [ 122.455432][ T25] really_probe+0x506/0x1000 [ 122.460250][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 122.466686][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 122.472818][ T25] __driver_probe_device+0x2fa/0x3d0 [ 122.478362][ T25] driver_probe_device+0x72/0x7a0 [ 122.483749][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 122.489802][ T25] __device_attach_driver+0x548/0x8e0 [ 122.495566][ T25] bus_for_each_drv+0x1fc/0x360 [ 122.500635][ T25] ? coredump_store+0xa0/0xa0 [ 122.505636][ T25] __device_attach+0x42a/0x720 [ 122.510669][ T25] device_initial_probe+0x2e/0x40 [ 122.516081][ T25] bus_probe_device+0x13c/0x3b0 [ 122.521173][ T25] device_add+0x1d4b/0x26c0 [ 122.526031][ T25] usb_set_configuration+0x30f8/0x37e0 [ 122.531776][ T25] usb_generic_driver_probe+0x105/0x290 [ 122.537661][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 122.543782][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 122.549721][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 122.555786][ T25] usb_probe_device+0x288/0x490 [ 122.560858][ T25] ? usb_register_device_driver+0x440/0x440 [ 122.567103][ T25] really_probe+0x506/0x1000 [ 122.571923][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 122.574597][ T28] ------------[ cut here ]------------ [ 122.578295][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 122.583758][ T28] usb 2-1: BOGUS urb xfer, pipe 1 != type 3 [ 122.589534][ T25] __driver_probe_device+0x2fa/0x3d0 [ 122.596873][ T28] WARNING: CPU: 1 PID: 28 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 122.600811][ T25] driver_probe_device+0x72/0x7a0 [ 122.610379][ T28] Modules linked in: [pid 3527] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3530] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3527] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3530] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3527] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3530] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3528] exit_group(0 [pid 3530] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3528] <... exit_group resumed>) = ? [pid 3530] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3528] +++ exited with 0 +++ [ 122.615467][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 122.619459][ T28] [ 122.619492][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 122.625362][ T25] __device_attach_driver+0x548/0x8e0 [ 122.627697][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 122.639162][ T25] bus_for_each_drv+0x1fc/0x360 [ 122.644597][ T28] Workqueue: usb_hub_wq hub_event [pid 3497] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3528, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3497] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3527] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3497] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3532 ./strace-static-x86_64: Process 3532 attached [pid 3527] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3532] setpgid(0, 0) = 0 [pid 3532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3532] write(3, "1000", 4) = 4 [pid 3532] close(3) = 0 [pid 3532] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3532] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3532] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3532] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 122.654721][ T25] ? coredump_store+0xa0/0xa0 [ 122.654874][ T25] __device_attach+0x42a/0x720 [ 122.655029][ T25] device_initial_probe+0x2e/0x40 [ 122.655172][ T25] bus_probe_device+0x13c/0x3b0 [ 122.655318][ T25] device_add+0x1d4b/0x26c0 [ 122.655462][ T25] usb_new_device+0x17ac/0x2370 [ 122.655628][ T25] hub_event+0x5589/0x8080 [ 122.655830][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 122.655972][ T25] ? led_work+0x730/0x730 [ 122.656109][ T25] ? led_work+0x730/0x730 [ 122.656241][ T25] process_one_work+0xb27/0x13e0 [ 122.656417][ T25] worker_thread+0x1703/0x1d60 [ 122.656587][ T25] kthread+0x31b/0x430 [ 122.656708][ T25] ? worker_clr_flags+0x2b0/0x2b0 [ 122.656841][ T25] ? kthread_blkcg+0x120/0x120 [ 122.661813][ T28] [ 122.661848][ T28] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 122.666934][ T25] ret_from_fork+0x1f/0x30 [ 122.671608][ T28] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 122.676469][ T25] [ 122.681466][ T28] RSP: 0018:ffff8881027a2878 EFLAGS: 00010246 [ 122.686405][ T25] ---[ end trace 0000000000000000 ]--- [ 122.690896][ T28] [ 122.690923][ T28] RAX: c3242d7576535800 RBX: 0000000000000000 RCX: ffff888102684180 [ 122.710305][ T113] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 122.710721][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 122.719200][ T25] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 122.720001][ T28] RBP: ffff8881027a2998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 122.729750][ T113] usb 3-1: USB disconnect, device number 5 [ 122.734062][ T28] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 122.744301][ T25] usb 6-1: USB disconnect, device number 5 [ 122.746952][ T28] R13: 0000000000000003 R14: ffff888102684cd8 R15: 0000000000000000 [ 122.793207][ T6] usb 4-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [pid 3532] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3529] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3529] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3529] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3526] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3526] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3526] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3527] exit_group(0) = ? [pid 3527] +++ exited with 0 +++ [ 122.796386][ T28] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 122.805934][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.813912][ T28] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.813991][ T28] CR2: 00007f3ece476cc0 CR3: 0000000127330000 CR4: 00000000003506e0 [ 122.823536][ T6] usb 4-1: Product: syz [ 122.831498][ T28] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 122.837406][ T6] usb 4-1: Manufacturer: syz [pid 3529] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3526] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3490] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3527, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 122.845408][ T28] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 122.851261][ T6] usb 4-1: SerialNumber: syz [ 122.859287][ T28] Call Trace: [ 122.859320][ T28] [ 122.859398][ T28] usb_start_wait_urb+0xcf/0x350 [ 122.859540][ T28] usb_bulk_msg+0x5cc/0x6f0 [ 122.859667][ T28] usb_interrupt_msg+0x54/0x70 [ 122.859788][ T28] vmk80xx_write_packet+0x5f7/0x7d0 [ 122.859946][ T28] vmk80xx_auto_attach+0xe75/0x1e60 [ 122.870588][ T3501] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [pid 3529] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3526] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3490] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3533 [ 122.878084][ T28] ? vmk80xx_detach+0x1a0/0x1a0 [ 122.886237][ T3501] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.892813][ T28] comedi_auto_config+0x2de/0x620 [ 122.900842][ T3501] usb 1-1: Product: syz [ 122.900921][ T3501] usb 1-1: Manufacturer: syz [ 122.901001][ T3501] usb 1-1: SerialNumber: syz [ 122.905194][ T28] comedi_usb_auto_config+0x3f/0x50 [ 123.011537][ T28] vmk80xx_usb_probe+0x54/0x70 [ 123.016618][ T28] ? vmk80xx_read_packet+0x770/0x770 [ 123.022153][ T28] usb_probe_interface+0xc4b/0x11f0 [ 123.027662][ T28] ? usb_register_driver+0x5f0/0x5f0 [ 123.033240][ T28] really_probe+0x506/0x1000 [ 123.038066][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 123.044436][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.050485][ T28] __driver_probe_device+0x2fa/0x3d0 [ 123.056147][ T28] driver_probe_device+0x72/0x7a0 [ 123.061416][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.067523][ T28] __device_attach_driver+0x548/0x8e0 [ 123.073204][ T28] bus_for_each_drv+0x1fc/0x360 [ 123.078271][ T28] ? coredump_store+0xa0/0xa0 [ 123.083248][ T28] __device_attach+0x42a/0x720 [ 123.088253][ T28] device_initial_probe+0x2e/0x40 [ 123.093566][ T28] bus_probe_device+0x13c/0x3b0 [ 123.098654][ T28] device_add+0x1d4b/0x26c0 [ 123.103445][ T28] usb_set_configuration+0x30f8/0x37e0 [ 123.109184][ T28] usb_generic_driver_probe+0x105/0x290 [ 123.115010][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.121050][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 123.127050][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 123.133040][ T28] usb_probe_device+0x288/0x490 [ 123.138115][ T28] ? usb_register_device_driver+0x440/0x440 [ 123.144285][ T28] really_probe+0x506/0x1000 [ 123.149106][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 123.155477][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.161524][ T28] __driver_probe_device+0x2fa/0x3d0 [ 123.167116][ T28] driver_probe_device+0x72/0x7a0 [pid 3526] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 123.172442][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.178492][ T28] __device_attach_driver+0x548/0x8e0 [ 123.184174][ T28] bus_for_each_drv+0x1fc/0x360 [ 123.185279][ T3501] usb 1-1: config 0 descriptor?? [ 123.189169][ T28] ? coredump_store+0xa0/0xa0 [ 123.199071][ T28] __device_attach+0x42a/0x720 [ 123.204141][ T28] device_initial_probe+0x2e/0x40 [ 123.209397][ T28] bus_probe_device+0x13c/0x3b0 [ 123.214532][ T28] device_add+0x1d4b/0x26c0 [pid 3526] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3526] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3526] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [ 123.219327][ T28] usb_new_device+0x17ac/0x2370 [ 123.224516][ T28] hub_event+0x5589/0x8080 [ 123.229233][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.235350][ T28] ? led_work+0x730/0x730 [ 123.239950][ T28] ? led_work+0x730/0x730 [ 123.242754][ T3526] raw-gadget.5 gadget.0: fail, usb_ep_enable returned -22 [ 123.244502][ T28] process_one_work+0xb27/0x13e0 [ 123.256792][ T28] worker_thread+0x1703/0x1d60 [ 123.261825][ T28] kthread+0x31b/0x430 [ 123.266150][ T28] ? worker_clr_flags+0x2b0/0x2b0 ./strace-static-x86_64: Process 3533 attached [pid 3533] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3526] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3533] <... prctl resumed>) = 0 [pid 3526] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3533] setpgid(0, 0 [pid 3530] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3526] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3533] <... setpgid resumed>) = 0 [pid 3533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3530] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3533] <... openat resumed>) = 3 [pid 3530] <... ioctl resumed>, 0) = 0 [pid 3530] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3533] write(3, "1000", 4 [pid 3530] <... ioctl resumed>, 0) = 0 [pid 3526] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 123.271447][ T28] ? kthread_blkcg+0x120/0x120 [ 123.276487][ T28] ret_from_fork+0x1f/0x30 [ 123.281132][ T28] [ 123.284416][ T28] ---[ end trace 0000000000000000 ]--- [ 123.294297][ T123] usb 5-1: config 0 descriptor?? [ 123.303790][ T3526] raw-gadget.5 gadget.0: fail, usb_ep_enable returned -22 [pid 3530] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3533] <... write resumed>) = 4 [pid 3530] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3533] close(3) = 0 [pid 3530] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [ 123.339230][ T3530] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 123.352984][ T3501] ------------[ cut here ]------------ [ 123.355115][ T3530] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 123.358547][ T3501] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 123.373332][ T3501] WARNING: CPU: 0 PID: 3501 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [pid 3530] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcf7248d10) = 0 [ 123.375914][ T28] comedi comedi2: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 123.383257][ T3501] Modules linked in: [ 123.383316][ T3501] CPU: 0 PID: 3501 Comm: kworker/0:3 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 123.408690][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 123.419028][ T3501] Workqueue: usb_hub_wq hub_event [ 123.424390][ T3501] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 123.430248][ T3501] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 123.450167][ T3501] RSP: 0018:ffff888122a6e878 EFLAGS: 00010246 [ 123.456543][ T3501] RAX: f66d70e6d79e2000 RBX: 0000000000000000 RCX: ffff888121010000 [ 123.464804][ T3501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 123.473023][ T3501] RBP: ffff888122a6e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 123.477756][ T123] ------------[ cut here ]------------ [ 123.481106][ T3501] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 123.487044][ T123] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [ 123.494727][ T3501] R13: 0000000000000003 R14: ffff888121010b58 R15: 0000000000000000 [ 123.494800][ T3501] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 123.502075][ T123] WARNING: CPU: 1 PID: 123 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 123.508801][ T3501] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.517842][ T123] Modules linked in: [ 123.527463][ T3501] CR2: 00007f3ece4e601d CR3: 00000001272f6000 CR4: 00000000003506f0 [ 123.534123][ T123] CPU: 1 PID: 123 Comm: kworker/1:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 123.538027][ T3501] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 123.546067][ T123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 123.546146][ T123] Workqueue: usb_hub_wq hub_event [ 123.557624][ T3501] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 123.557696][ T3501] Call Trace: [ 123.557729][ T3501] [ 123.557811][ T3501] usb_start_wait_urb+0xcf/0x350 [ 123.565765][ T123] [ 123.565795][ T123] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 123.575957][ T3501] usb_bulk_msg+0x5cc/0x6f0 [ 123.580982][ T123] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 123.589056][ T3501] usb_interrupt_msg+0x54/0x70 [ 123.592385][ T123] RSP: 0018:ffff8881092b6878 EFLAGS: 00010246 [ 123.595358][ T3501] vmk80xx_write_packet+0x5f7/0x7d0 [ 123.600299][ T123] [ 123.600326][ T123] RAX: f603424d0d5e4e00 RBX: 0000000000000000 RCX: ffff888103e720c0 [ 123.602741][ T3501] vmk80xx_auto_attach+0xe75/0x1e60 [ 123.602900][ T3501] ? vmk80xx_detach+0x1a0/0x1a0 [ 123.603016][ T3501] comedi_auto_config+0x2de/0x620 [ 123.603142][ T3501] comedi_usb_auto_config+0x3f/0x50 [ 123.603284][ T3501] vmk80xx_usb_probe+0x54/0x70 [ 123.603413][ T3501] ? vmk80xx_read_packet+0x770/0x770 [ 123.603540][ T3501] usb_probe_interface+0xc4b/0x11f0 [ 123.603693][ T3501] ? usb_register_driver+0x5f0/0x5f0 [ 123.603816][ T3501] really_probe+0x506/0x1000 [ 123.603958][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 123.604107][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.604254][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 123.609914][ T123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 123.614513][ T3501] driver_probe_device+0x72/0x7a0 [ 123.634321][ T123] RBP: ffff8881092b6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 123.639062][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.645180][ T123] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 123.650422][ T3501] __device_attach_driver+0x548/0x8e0 [ 123.652822][ T123] R13: 0000000000000003 R14: ffff888103e72c18 R15: 0000000000000000 [ 123.660832][ T3501] bus_for_each_drv+0x1fc/0x360 [ 123.666075][ T123] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 123.670965][ T3501] ? coredump_store+0xa0/0xa0 [ 123.678193][ T123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.681315][ T3501] __device_attach+0x42a/0x720 [ 123.686109][ T123] CR2: 00007ffcf7248cb8 CR3: 00000001272d2000 CR4: 00000000003506e0 [ 123.691449][ T3501] device_initial_probe+0x2e/0x40 [ 123.696689][ T123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 123.702009][ T3501] bus_probe_device+0x13c/0x3b0 [ 123.706654][ T123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 123.712841][ T3501] device_add+0x1d4b/0x26c0 [ 123.718626][ T123] Call Trace: [ 123.718659][ T123] [ 123.724020][ T3501] usb_set_configuration+0x30f8/0x37e0 [ 123.732008][ T123] usb_start_wait_urb+0xcf/0x350 [ 123.737136][ T3501] usb_generic_driver_probe+0x105/0x290 [ 123.745107][ T123] usb_bulk_msg+0x5cc/0x6f0 [ 123.750926][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.758987][ T123] usb_interrupt_msg+0x54/0x70 [ 123.764442][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 123.772470][ T123] vmk80xx_write_packet+0x5f7/0x7d0 [ 123.777348][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 123.786364][ T123] vmk80xx_auto_attach+0xe75/0x1e60 [ 123.791050][ T3501] usb_probe_device+0x288/0x490 [ 123.797735][ T123] ? vmk80xx_detach+0x1a0/0x1a0 [ 123.802575][ T3501] ? usb_register_device_driver+0x440/0x440 [ 123.810538][ T123] comedi_auto_config+0x2de/0x620 [ 123.815653][ T3501] really_probe+0x506/0x1000 [ 123.823693][ T123] comedi_usb_auto_config+0x3f/0x50 [ 123.828558][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 123.836602][ T123] vmk80xx_usb_probe+0x54/0x70 [ 123.841150][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.844489][ T123] ? vmk80xx_read_packet+0x770/0x770 [ 123.847471][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 123.852986][ T123] usb_probe_interface+0xc4b/0x11f0 [ 123.857964][ T3501] driver_probe_device+0x72/0x7a0 [ 123.863585][ T123] ? usb_register_driver+0x5f0/0x5f0 [ 123.868100][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.873959][ T123] really_probe+0x506/0x1000 [ 123.878766][ T3501] __device_attach_driver+0x548/0x8e0 [ 123.884539][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 123.889782][ T3501] bus_for_each_drv+0x1fc/0x360 [ 123.895562][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.900783][ T3501] ? coredump_store+0xa0/0xa0 [ 123.905710][ T123] __driver_probe_device+0x2fa/0x3d0 [ 123.910599][ T3501] __device_attach+0x42a/0x720 [ 123.916549][ T123] driver_probe_device+0x72/0x7a0 [ 123.921615][ T3501] device_initial_probe+0x2e/0x40 [ 123.926252][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.931481][ T3501] bus_probe_device+0x13c/0x3b0 [ 123.937618][ T123] __device_attach_driver+0x548/0x8e0 [ 123.942490][ T3501] device_add+0x1d4b/0x26c0 [ 123.948289][ T123] bus_for_each_drv+0x1fc/0x360 [ 123.953693][ T3501] usb_new_device+0x17ac/0x2370 [ 123.958951][ T123] ? coredump_store+0xa0/0xa0 [ 123.964264][ T3501] hub_event+0x5589/0x8080 [ 123.969267][ T123] __device_attach+0x42a/0x720 [ 123.974693][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 123.980438][ T123] device_initial_probe+0x2e/0x40 [ 123.985091][ T3501] ? led_work+0x730/0x730 [ 123.990463][ T123] bus_probe_device+0x13c/0x3b0 [ 123.996609][ T3501] ? led_work+0x730/0x730 [ 124.001466][ T123] device_add+0x1d4b/0x26c0 [ 124.007344][ T3501] process_one_work+0xb27/0x13e0 [ 124.012040][ T123] usb_set_configuration+0x30f8/0x37e0 [ 124.017420][ T3501] worker_thread+0x1703/0x1d60 [ 124.022207][ T123] usb_generic_driver_probe+0x105/0x290 [ 124.027293][ T3501] kthread+0x31b/0x430 [ 124.032219][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 124.038113][ T3501] ? worker_clr_flags+0x2b0/0x2b0 [pid 3533] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3530] exit_group(0 [pid 3526] exit_group(0 [pid 3530] <... exit_group resumed>) = ? [pid 3526] <... exit_group resumed>) = ? [pid 3526] +++ exited with 0 +++ [pid 3530] +++ exited with 0 +++ [pid 3533] <... openat resumed>) = 3 [pid 3532] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3531] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 124.042959][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 124.048371][ T3501] ? kthread_blkcg+0x120/0x120 [ 124.052942][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 124.057826][ T3501] ret_from_fork+0x1f/0x30 [ 124.062746][ T123] usb_probe_device+0x288/0x490 [ 124.067473][ T3501] [ 124.071897][ T123] ? usb_register_device_driver+0x440/0x440 [ 124.076732][ T3501] ---[ end trace 0000000000000000 ]--- [ 124.082584][ T123] really_probe+0x506/0x1000 [pid 3495] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3530, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3488] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3526, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3533] ioctl(3, USB_RAW_IOCTL_INIT [pid 3532] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3531] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3488] kill(-3526, SIGKILL [pid 3533] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3488] <... kill resumed>) = 0 [pid 3533] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3495] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3488] kill(3526, SIGKILL [pid 3533] <... ioctl resumed>, 0) = 0 [pid 3531] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 124.094228][ T113] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 124.096973][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 124.101497][ T25] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 124.105838][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 124.220500][ T123] __driver_probe_device+0x2fa/0x3d0 [ 124.226113][ T123] driver_probe_device+0x72/0x7a0 [ 124.231408][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 124.237528][ T123] __device_attach_driver+0x548/0x8e0 [pid 3488] <... kill resumed>) = 0 [pid 3533] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3532] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3531] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3495] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3534 [pid 3533] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3532] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3529] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3533] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3529] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3488] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3529] <... ioctl resumed>, 0) = 0 [ 124.243217][ T123] bus_for_each_drv+0x1fc/0x360 [ 124.244797][ T6] usb 4-1: config 0 descriptor?? [ 124.248219][ T123] ? coredump_store+0xa0/0xa0 [ 124.258343][ T123] __device_attach+0x42a/0x720 [ 124.263428][ T123] device_initial_probe+0x2e/0x40 [ 124.268774][ T123] bus_probe_device+0x13c/0x3b0 [ 124.273956][ T123] device_add+0x1d4b/0x26c0 [ 124.278709][ T123] usb_new_device+0x17ac/0x2370 [ 124.283892][ T123] hub_event+0x5589/0x8080 [pid 3529] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3488] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3535 [pid 3529] <... ioctl resumed>, 0) = 0 [pid 3529] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [ 124.288638][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 124.294736][ T123] ? led_work+0x730/0x730 [ 124.299294][ T123] ? led_work+0x730/0x730 [ 124.303966][ T123] process_one_work+0xb27/0x13e0 [ 124.309164][ T123] worker_thread+0x1703/0x1d60 [ 124.313678][ T3529] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22 [ 124.314156][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 124.327292][ T123] ? __kthread_parkme+0x110/0x1b0 [ 124.332602][ T123] kthread+0x31b/0x430 [ 124.336874][ T123] ? worker_clr_flags+0x2b0/0x2b0 ./strace-static-x86_64: Process 3535 attached ./strace-static-x86_64: Process 3534 attached [pid 3529] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3535] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3534] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3529] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3535] <... prctl resumed>) = 0 [pid 3534] <... prctl resumed>) = 0 [pid 3535] setpgid(0, 0 [pid 3534] setpgid(0, 0 [pid 3535] <... setpgid resumed>) = 0 [pid 3534] <... setpgid resumed>) = 0 [pid 3535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3535] <... openat resumed>) = 3 [pid 3534] <... openat resumed>) = 3 [pid 3529] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3535] write(3, "1000", 4 [ 124.342132][ T123] ? kthread_blkcg+0x120/0x120 [ 124.347166][ T123] ret_from_fork+0x1f/0x30 [ 124.351834][ T123] [ 124.353326][ T3529] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22 [ 124.354974][ T123] ---[ end trace 0000000000000000 ]--- [ 124.371248][ T28] usb 2-1: USB disconnect, device number 5 [pid 3534] write(3, "1000", 4 [pid 3535] <... write resumed>) = 4 [pid 3534] <... write resumed>) = 4 [pid 3531] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3529] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3535] close(3 [pid 3534] close(3 [pid 3531] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3535] <... close resumed>) = 0 [pid 3534] <... close resumed>) = 0 [ 124.412924][ T113] usb 3-1: Using ep0 maxpacket: 8 [ 124.414886][ T123] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 124.426814][ T25] usb 6-1: Using ep0 maxpacket: 8 [pid 3535] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3534] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3535] <... openat resumed>) = 3 [pid 3532] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 124.453209][ T6] ------------[ cut here ]------------ [ 124.453273][ T123] usb 5-1: USB disconnect, device number 6 [ 124.465083][ T6] usb 4-1: BOGUS urb xfer, pipe 1 != type 3 [ 124.472771][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 124.482731][ T6] Modules linked in: [ 124.487026][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [pid 3532] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3531] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3531] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3535] ioctl(3, USB_RAW_IOCTL_INIT [pid 3534] <... openat resumed>) = 3 [ 124.498855][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 124.509443][ T6] Workqueue: usb_hub_wq hub_event [ 124.515037][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 124.521130][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 124.541296][ T6] RSP: 0018:ffff888102616878 EFLAGS: 00010246 [pid 3535] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3534] ioctl(3, USB_RAW_IOCTL_INIT [pid 3535] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3534] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3535] <... ioctl resumed>, 0) = 0 [pid 3534] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3535] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3534] <... ioctl resumed>, 0) = 0 [pid 3535] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 124.547967][ T6] RAX: 9ab4860bd45fdb00 RBX: 0000000000000000 RCX: ffff888102604180 [ 124.556465][ T6] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 124.564942][ T6] RBP: ffff888102616998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 124.573430][ T6] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 124.581836][ T6] R13: 0000000000000003 R14: ffff888102604cd8 R15: 0000000000000000 [ 124.590321][ T6] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [pid 3534] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3535] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3534] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3534] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 124.599813][ T6] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.606900][ T6] CR2: 00007ffcf7248cb8 CR3: 000000010e51d000 CR4: 00000000003506f0 [ 124.615400][ T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 124.623873][ T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 124.632259][ T6] Call Trace: [ 124.635986][ T6] [ 124.639332][ T6] usb_start_wait_urb+0xcf/0x350 [ 124.644838][ T6] usb_bulk_msg+0x5cc/0x6f0 [pid 3529] exit_group(0) = ? [pid 3529] +++ exited with 0 +++ [pid 3492] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3529, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 124.649819][ T6] usb_interrupt_msg+0x54/0x70 [ 124.655194][ T6] vmk80xx_write_packet+0x5f7/0x7d0 [ 124.660892][ T6] vmk80xx_auto_attach+0xe75/0x1e60 [ 124.666687][ T6] ? vmk80xx_detach+0x1a0/0x1a0 [ 124.671989][ T6] comedi_auto_config+0x2de/0x620 [ 124.677557][ T6] comedi_usb_auto_config+0x3f/0x50 [ 124.683311][ T6] vmk80xx_usb_probe+0x54/0x70 [ 124.688549][ T6] ? vmk80xx_read_packet+0x770/0x770 [ 124.694407][ T6] usb_probe_interface+0xc4b/0x11f0 [ 124.700096][ T6] ? usb_register_driver+0x5f0/0x5f0 [ 124.705933][ T6] really_probe+0x506/0x1000 [ 124.711006][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 124.717644][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 124.724019][ T6] __driver_probe_device+0x2fa/0x3d0 [ 124.729820][ T6] driver_probe_device+0x72/0x7a0 [ 124.735414][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 124.741711][ T6] __device_attach_driver+0x548/0x8e0 [ 124.747675][ T6] bus_for_each_drv+0x1fc/0x360 [ 124.753071][ T6] ? coredump_store+0xa0/0xa0 [ 124.758242][ T6] __device_attach+0x42a/0x720 [ 124.762867][ T28] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 124.763387][ T6] device_initial_probe+0x2e/0x40 [ 124.776444][ T6] bus_probe_device+0x13c/0x3b0 [ 124.781779][ T6] device_add+0x1d4b/0x26c0 [ 124.786833][ T6] usb_set_configuration+0x30f8/0x37e0 [ 124.792892][ T6] usb_generic_driver_probe+0x105/0x290 [ 124.798900][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 124.805304][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 124.811492][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 124.817799][ T6] usb_probe_device+0x288/0x490 [ 124.823205][ T6] ? usb_register_device_driver+0x440/0x440 [ 124.829573][ T6] really_probe+0x506/0x1000 [ 124.834757][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 124.841307][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 124.847726][ T6] __driver_probe_device+0x2fa/0x3d0 [ 124.853579][ T6] driver_probe_device+0x72/0x7a0 [ 124.859091][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 124.865519][ T6] __device_attach_driver+0x548/0x8e0 [ 124.871393][ T6] bus_for_each_drv+0x1fc/0x360 [ 124.876825][ T6] ? coredump_store+0xa0/0xa0 [ 124.881989][ T6] __device_attach+0x42a/0x720 [ 124.887377][ T6] device_initial_probe+0x2e/0x40 [ 124.892998][ T6] bus_probe_device+0x13c/0x3b0 [ 124.898326][ T6] device_add+0x1d4b/0x26c0 [ 124.903421][ T6] usb_new_device+0x17ac/0x2370 [ 124.908772][ T6] hub_event+0x5589/0x8080 [ 124.913851][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 124.920158][ T6] ? led_work+0x730/0x730 [ 124.925080][ T6] ? led_work+0x730/0x730 [ 124.929879][ T6] process_one_work+0xb27/0x13e0 [ 124.935449][ T6] worker_thread+0x1703/0x1d60 [ 124.940719][ T6] kthread+0x31b/0x430 [ 124.945357][ T6] ? worker_clr_flags+0x2b0/0x2b0 [ 124.950890][ T6] ? kthread_blkcg+0x120/0x120 [pid 3492] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3536 ./strace-static-x86_64: Process 3536 attached [pid 3536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3536] setpgid(0, 0) = 0 [pid 3536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3536] write(3, "1000", 4) = 4 [pid 3536] close(3) = 0 [pid 3536] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3536] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3536] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3536] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3536] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3533] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3533] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3533] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3532] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3532] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3531] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3532] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 124.956261][ T6] ret_from_fork+0x1f/0x30 [ 124.961162][ T6] [ 124.964718][ T6] ---[ end trace 0000000000000000 ]--- [ 124.978775][ T3501] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 124.994364][ T6] comedi comedi2: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3531] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3532] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3531] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3532] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3531] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3534] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3533] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3532] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3531] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3534] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3533] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3532] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3531] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3534] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 125.012574][ T28] usb 2-1: Using ep0 maxpacket: 8 [ 125.018577][ T123] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 125.039570][ T3501] usb 1-1: USB disconnect, device number 5 [ 125.048350][ T6] usb 4-1: USB disconnect, device number 5 [pid 3534] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3533] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3531] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3533] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3531] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3533] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3532] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3533] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3532] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3533] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [ 125.086215][ T113] usb 3-1: config 0 has an invalid interface number: 164 but max is 0 [ 125.094708][ T113] usb 3-1: config 0 has no interface number 0 [ 125.100973][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 125.111210][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 125.121884][ T25] usb 6-1: config 0 has an invalid interface number: 164 but max is 0 [ 125.130387][ T25] usb 6-1: config 0 has no interface number 0 [pid 3533] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3533] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3531] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3533] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [ 125.136744][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 125.146992][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 125.163347][ T28] usb 2-1: config 0 has an invalid interface number: 164 but max is 0 [ 125.171721][ T28] usb 2-1: config 0 has no interface number 0 [pid 3533] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3531] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3532] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3532] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3533] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3532] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3531] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3533] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3532] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3531] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3533] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [ 125.178089][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 125.188278][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3533] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3533] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3532] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3531] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3533] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3532] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3531] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3534] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3534] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3533] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3532] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3531] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3533] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 125.263104][ T123] usb 5-1: Using ep0 maxpacket: 8 [pid 3532] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3531] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3534] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3534] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3533] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3532] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3531] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3533] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3532] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3531] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3534] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3533] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3532] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3531] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3534] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3533] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3532] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 125.353079][ T28] usb 2-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 125.362449][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.370648][ T28] usb 2-1: Product: syz [ 125.373299][ T25] usb 6-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 125.375036][ T28] usb 2-1: Manufacturer: syz [ 125.384025][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.388605][ T28] usb 2-1: SerialNumber: syz [pid 3531] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3533] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3532] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3531] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3532] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3531] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3534] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3534] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3533] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3532] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3531] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3531] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3534] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 125.396707][ T25] usb 6-1: Product: syz [ 125.405962][ T25] usb 6-1: Manufacturer: syz [ 125.411877][ T25] usb 6-1: SerialNumber: syz [ 125.418135][ T113] usb 3-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 125.427482][ T113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.435779][ T113] usb 3-1: Product: syz [ 125.440105][ T113] usb 3-1: Manufacturer: syz [ 125.444985][ T113] usb 3-1: SerialNumber: syz [pid 3532] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3534] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3531] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3531] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [ 125.456729][ T113] usb 3-1: config 0 descriptor?? [ 125.476851][ T25] usb 6-1: config 0 descriptor?? [ 125.494552][ T123] usb 5-1: config 0 has an invalid interface number: 164 but max is 0 [pid 3534] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3534] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3532] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3532] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3532] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3532] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3532] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3531] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3531] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3532] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3531] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3532] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3534] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 125.502999][ T123] usb 5-1: config 0 has no interface number 0 [ 125.508071][ T3532] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 125.509189][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 125.518867][ T3532] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 125.526405][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 125.540229][ T3531] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 125.551107][ T28] usb 2-1: config 0 descriptor?? [pid 3534] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3533] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3533] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3533] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3533] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3533] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3534] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3533] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3534] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 125.566672][ T25] ------------[ cut here ]------------ [ 125.574907][ T25] usb 6-1: BOGUS urb xfer, pipe 1 != type 3 [ 125.580987][ T3533] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 125.582454][ T25] WARNING: CPU: 0 PID: 25 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 125.594883][ T3533] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 125.597768][ T25] Modules linked in: [pid 3533] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3534] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3533] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 125.609084][ T25] CPU: 0 PID: 25 Comm: kworker/0:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 125.620767][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 125.631035][ T25] Workqueue: usb_hub_wq hub_event [ 125.636373][ T25] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 125.642231][ T25] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 125.655464][ T28] ------------[ cut here ]------------ [ 125.662142][ T25] RSP: 0018:ffff8881026f6878 EFLAGS: 00010246 [ 125.667873][ T28] usb 2-1: BOGUS urb xfer, pipe 1 != type 3 [ 125.673895][ T25] RAX: 5ec2ec8ff90d0c00 RBX: 0000000000000000 RCX: ffff88810267c180 [ 125.673973][ T25] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 125.674039][ T25] RBP: ffff8881026f6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 125.681278][ T28] WARNING: CPU: 1 PID: 28 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 125.687978][ T25] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 125.697209][ T28] Modules linked in: [ 125.704119][ T25] R13: 0000000000000003 R14: ffff88810267ccd8 R15: 0000000000000000 [ 125.704194][ T25] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 125.713681][ T28] [ 125.713715][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 125.721694][ T25] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.725678][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 125.733737][ T25] CR2: 00007ffcf7248cb8 CR3: 00000001272e9000 CR4: 00000000003506f0 [ 125.742763][ T28] Workqueue: usb_hub_wq hub_event [ 125.745085][ T25] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 125.756514][ T28] [ 125.756543][ T28] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 125.763205][ T25] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 125.763278][ T25] Call Trace: [ 125.773436][ T28] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 125.781396][ T25] [ 125.781480][ T25] usb_start_wait_urb+0xcf/0x350 [ 125.786588][ T28] RSP: 0018:ffff8881027a2878 EFLAGS: 00010246 [ 125.794671][ T25] usb_bulk_msg+0x5cc/0x6f0 [ 125.796973][ T28] [ 125.797001][ T28] RAX: c3242d7576535800 RBX: 0000000000000000 RCX: ffff888102684180 [ 125.802722][ T25] usb_interrupt_msg+0x54/0x70 [ 125.810693][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 125.814075][ T25] vmk80xx_write_packet+0x5f7/0x7d0 [ 125.833809][ T28] RBP: ffff8881027a2998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 125.836755][ T25] vmk80xx_auto_attach+0xe75/0x1e60 [ 125.841676][ T28] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 125.847865][ T25] ? vmk80xx_detach+0x1a0/0x1a0 [ 125.852444][ T28] R13: 0000000000000003 R14: ffff888102684cd8 R15: 0000000000000000 [ 125.854741][ T25] comedi_auto_config+0x2de/0x620 [ 125.862787][ T28] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 125.867614][ T25] comedi_usb_auto_config+0x3f/0x50 [ 125.875678][ T28] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.880900][ T25] vmk80xx_usb_probe+0x54/0x70 [ 125.888934][ T28] CR2: 00007f3ece476cc0 CR3: 00000001272e5000 CR4: 00000000003506e0 [ 125.894256][ T25] ? vmk80xx_read_packet+0x770/0x770 [ 125.902434][ T28] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 125.907233][ T25] usb_probe_interface+0xc4b/0x11f0 [ 125.919345][ T28] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 125.920376][ T25] ? usb_register_driver+0x5f0/0x5f0 [ 125.929370][ T28] Call Trace: [ 125.929403][ T28] [ 125.934677][ T25] really_probe+0x506/0x1000 [ 125.941329][ T28] usb_start_wait_urb+0xcf/0x350 [ 125.946133][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 125.954229][ T28] usb_bulk_msg+0x5cc/0x6f0 [ 125.959474][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 125.967520][ T28] usb_interrupt_msg+0x54/0x70 [ 125.972811][ T25] __driver_probe_device+0x2fa/0x3d0 [ 125.980803][ T28] vmk80xx_write_packet+0x5f7/0x7d0 [ 125.986176][ T25] driver_probe_device+0x72/0x7a0 [ 125.989473][ T28] vmk80xx_auto_attach+0xe75/0x1e60 [ 125.992470][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 125.997104][ T28] ? vmk80xx_detach+0x1a0/0x1a0 [ 126.002030][ T25] __device_attach_driver+0x548/0x8e0 [ 126.008196][ T28] comedi_auto_config+0x2de/0x620 [ 126.012767][ T25] bus_for_each_drv+0x1fc/0x360 [ 126.018636][ T28] comedi_usb_auto_config+0x3f/0x50 [ 126.023467][ T25] ? coredump_store+0xa0/0xa0 [ 126.028748][ T28] vmk80xx_usb_probe+0x54/0x70 [ 126.034035][ T25] __device_attach+0x42a/0x720 [ 126.039058][ T28] ? vmk80xx_read_packet+0x770/0x770 [ 126.044357][ T25] device_initial_probe+0x2e/0x40 [ 126.050139][ T28] usb_probe_interface+0xc4b/0x11f0 [ 126.055080][ T25] bus_probe_device+0x13c/0x3b0 [ 126.060537][ T28] ? usb_register_driver+0x5f0/0x5f0 [ 126.065634][ T25] device_add+0x1d4b/0x26c0 [ 126.070457][ T28] really_probe+0x506/0x1000 [ 126.075758][ T25] usb_set_configuration+0x30f8/0x37e0 [ 126.080474][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 126.085383][ T25] usb_generic_driver_probe+0x105/0x290 [ 126.090087][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 126.095441][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 126.100490][ T28] __driver_probe_device+0x2fa/0x3d0 [ 126.105761][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 126.110612][ T28] driver_probe_device+0x72/0x7a0 [ 126.115971][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 126.120493][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 126.125159][ T25] usb_probe_device+0x288/0x490 [ 126.130617][ T28] __device_attach_driver+0x548/0x8e0 [ 126.136763][ T25] ? usb_register_device_driver+0x440/0x440 [ 126.142415][ T28] bus_for_each_drv+0x1fc/0x360 [ 126.148239][ T25] really_probe+0x506/0x1000 [ 126.154128][ T28] ? coredump_store+0xa0/0xa0 [ 126.159428][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 126.165219][ T28] __device_attach+0x42a/0x720 [ 126.170270][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 126.176084][ T28] device_initial_probe+0x2e/0x40 [ 126.181894][ T25] __driver_probe_device+0x2fa/0x3d0 [ 126.186803][ T28] bus_probe_device+0x13c/0x3b0 [ 126.192221][ T25] driver_probe_device+0x72/0x7a0 [ 126.198248][ T28] device_add+0x1d4b/0x26c0 [ 126.203057][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 126.207660][ T28] usb_set_configuration+0x30f8/0x37e0 [ 126.212413][ T25] __device_attach_driver+0x548/0x8e0 [ 126.218570][ T28] usb_generic_driver_probe+0x105/0x290 [ 126.223365][ T25] bus_for_each_drv+0x1fc/0x360 [ 126.229154][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 126.234261][ T25] ? coredump_store+0xa0/0xa0 [ 126.239560][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 126.244510][ T25] __device_attach+0x42a/0x720 [ 126.249521][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 126.254148][ T25] device_initial_probe+0x2e/0x40 [ 126.260001][ T28] usb_probe_device+0x288/0x490 [ 126.265549][ T25] bus_probe_device+0x13c/0x3b0 [ 126.270954][ T28] ? usb_register_device_driver+0x440/0x440 [ 126.276565][ T25] device_add+0x1d4b/0x26c0 [ 126.281422][ T28] really_probe+0x506/0x1000 [ 126.287339][ T25] usb_new_device+0x17ac/0x2370 [ 126.291989][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 126.297819][ T25] hub_event+0x5589/0x8080 [ 126.302625][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 126.308448][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 126.313534][ T28] __driver_probe_device+0x2fa/0x3d0 [ 126.318345][ T25] ? led_work+0x730/0x730 [ 126.323273][ T28] driver_probe_device+0x72/0x7a0 [ 126.329190][ T25] ? led_work+0x730/0x730 [ 126.333778][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 126.338378][ T25] process_one_work+0xb27/0x13e0 [ 126.344537][ T28] __device_attach_driver+0x548/0x8e0 [ 126.349489][ T25] worker_thread+0x1703/0x1d60 [ 126.353909][ T28] bus_for_each_drv+0x1fc/0x360 [ 126.359750][ T25] kthread+0x31b/0x430 [ 126.365578][ T28] ? coredump_store+0xa0/0xa0 [ 126.370901][ T25] ? worker_clr_flags+0x2b0/0x2b0 [ 126.375516][ T28] __device_attach+0x42a/0x720 [ 126.380352][ T25] ? kthread_blkcg+0x120/0x120 [ 126.384758][ T28] device_initial_probe+0x2e/0x40 [ 126.390580][ T25] ret_from_fork+0x1f/0x30 [ 126.395594][ T28] bus_probe_device+0x13c/0x3b0 [ 126.400996][ T25] [ 126.405873][ T28] device_add+0x1d4b/0x26c0 [ 126.410685][ T25] ---[ end trace 0000000000000000 ]--- [ 126.416565][ T6] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 126.419626][ T28] usb_new_device+0x17ac/0x2370 [ 126.482108][ T28] hub_event+0x5589/0x8080 [ 126.486922][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 126.487713][ T25] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 126.493101][ T28] ? led_work+0x730/0x730 [ 126.506554][ T3501] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 126.506886][ T28] ? led_work+0x730/0x730 [pid 3534] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3534] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3532] exit_group(0) = ? [pid 3532] +++ exited with 0 +++ [pid 3536] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3535] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3536] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3535] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3533] exit_group(0 [pid 3497] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3532, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3533] <... exit_group resumed>) = ? [pid 3536] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3535] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3536] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 126.519075][ T28] process_one_work+0xb27/0x13e0 [ 126.524336][ T28] worker_thread+0x1703/0x1d60 [ 126.529370][ T28] kthread+0x31b/0x430 [ 126.533715][ T28] ? worker_clr_flags+0x2b0/0x2b0 [ 126.538974][ T28] ? kthread_blkcg+0x120/0x120 [ 126.544001][ T28] ret_from_fork+0x1f/0x30 [ 126.548653][ T28] [ 126.551800][ T28] ---[ end trace 0000000000000000 ]--- [pid 3535] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3497] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3537 ./strace-static-x86_64: Process 3537 attached [pid 3534] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3533] +++ exited with 0 +++ [pid 3531] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3534] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3490] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3533, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 3490] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3538 [pid 3531] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3537] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 3538 attached ) = 0 [pid 3538] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3537] setpgid(0, 0 [pid 3538] <... prctl resumed>) = 0 [pid 3537] <... setpgid resumed>) = 0 [pid 3534] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3538] setpgid(0, 0 [pid 3534] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3538] <... setpgid resumed>) = 0 [pid 3537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3537] <... openat resumed>) = 3 [pid 3538] write(3, "1000", 4 [pid 3537] write(3, "1000", 4 [pid 3538] <... write resumed>) = 4 [pid 3537] <... write resumed>) = 4 [pid 3538] close(3) = 0 [pid 3537] close(3 [pid 3534] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3538] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3537] <... close resumed>) = 0 [pid 3534] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3538] <... openat resumed>) = 3 [pid 3537] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3538] ioctl(3, USB_RAW_IOCTL_INIT [pid 3537] <... openat resumed>) = 3 [pid 3538] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3537] ioctl(3, USB_RAW_IOCTL_INIT [pid 3531] ioctl(3, USB_RAW_IOCTL_EP0_READ [ 126.576778][ T25] usb 6-1: USB disconnect, device number 6 [ 126.599129][ T3531] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [pid 3538] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3537] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3538] <... ioctl resumed>, 0) = 0 [pid 3537] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3534] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3538] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3534] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3538] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 126.663648][ T123] usb 5-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 126.673472][ T123] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.681663][ T123] usb 5-1: Product: syz [ 126.686089][ T123] usb 5-1: Manufacturer: syz [ 126.688158][ T113] ------------[ cut here ]------------ [ 126.690783][ T123] usb 5-1: SerialNumber: syz [ 126.696358][ T113] usb 3-1: BOGUS urb xfer, pipe 1 != type 3 [ 126.708531][ T113] WARNING: CPU: 0 PID: 113 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 126.710707][ T28] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 126.718396][ T113] Modules linked in: [ 126.732040][ T113] CPU: 0 PID: 113 Comm: kworker/0:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 126.734861][ T123] usb 5-1: config 0 descriptor?? [ 126.743692][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 126.759032][ T113] Workqueue: usb_hub_wq hub_event [ 126.764432][ T113] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 126.770289][ T113] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 126.790198][ T113] RSP: 0018:ffff888109c8e878 EFLAGS: 00010246 [ 126.796607][ T113] RAX: 7c40313c42a2f100 RBX: 0000000000000000 RCX: ffff888109c90000 [ 126.804850][ T113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 126.813138][ T113] RBP: ffff888109c8e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 126.815833][ T28] usb 2-1: USB disconnect, device number 6 [ 126.821218][ T113] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 126.835432][ T113] R13: 0000000000000003 R14: ffff888109c90b58 R15: 0000000000000000 [ 126.843711][ T113] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 126.852918][ T113] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 3538] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3537] <... ioctl resumed>, 0) = 0 [pid 3534] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3531] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3534] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3534] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3534] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3537] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3534] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [ 126.859673][ T113] CR2: 00007f3ece476cc0 CR3: 0000000122a5f000 CR4: 00000000003506f0 [ 126.867978][ T113] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 126.876211][ T113] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 126.879967][ T3534] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [ 126.884433][ T113] Call Trace: [ 126.894979][ T113] [ 126.898080][ T113] usb_start_wait_urb+0xcf/0x350 [ 126.903400][ T113] usb_bulk_msg+0x5cc/0x6f0 [ 126.908122][ T113] usb_interrupt_msg+0x54/0x70 [pid 3491] kill(-3531, SIGKILL [pid 3537] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3491] <... kill resumed>) = 0 [pid 3537] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3531] +++ killed by SIGKILL +++ [pid 3491] kill(3531, SIGKILL) = 0 [pid 3491] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3531, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=3} --- [pid 3491] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3539 [ 126.913181][ T113] vmk80xx_write_packet+0x5f7/0x7d0 [ 126.918624][ T113] vmk80xx_auto_attach+0xe75/0x1e60 [ 126.924161][ T113] ? vmk80xx_detach+0x1a0/0x1a0 [ 126.929234][ T113] comedi_auto_config+0x2de/0x620 [ 126.934557][ T113] comedi_usb_auto_config+0x3f/0x50 [ 126.940015][ T113] vmk80xx_usb_probe+0x54/0x70 [ 126.945079][ T113] ? vmk80xx_read_packet+0x770/0x770 [ 126.950614][ T113] usb_probe_interface+0xc4b/0x11f0 [ 126.956156][ T113] ? usb_register_driver+0x5f0/0x5f0 [ 126.961658][ T113] really_probe+0x506/0x1000 [ 126.962640][ T3534] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [ 126.966492][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 126.979904][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 126.986040][ T113] __driver_probe_device+0x2fa/0x3d0 [ 126.991576][ T113] driver_probe_device+0x72/0x7a0 [ 126.996972][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 127.003097][ T113] __device_attach_driver+0x548/0x8e0 [ 127.008724][ T113] bus_for_each_drv+0x1fc/0x360 [ 127.013951][ T113] ? coredump_store+0xa0/0xa0 [ 127.018873][ T113] __device_attach+0x42a/0x720 [ 127.024018][ T113] device_initial_probe+0x2e/0x40 [ 127.029274][ T113] bus_probe_device+0x13c/0x3b0 [ 127.034488][ T113] device_add+0x1d4b/0x26c0 [ 127.039222][ T113] usb_set_configuration+0x30f8/0x37e0 [ 127.045081][ T113] usb_generic_driver_probe+0x105/0x290 [ 127.050835][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 127.056969][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 127.062991][ T123] ------------[ cut here ]------------ [ 127.063029][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 127.068504][ T123] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [ 127.074310][ T113] usb_probe_device+0x288/0x490 [ 127.074445][ T113] ? usb_register_device_driver+0x440/0x440 [ 127.081684][ T123] WARNING: CPU: 1 PID: 123 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 127.085314][ T113] really_probe+0x506/0x1000 [ 127.091222][ T123] Modules linked in: [ 127.100870][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 127.105579][ T123] CPU: 1 PID: 123 Comm: kworker/1:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 127.109515][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 127.115664][ T123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 127.127214][ T113] __driver_probe_device+0x2fa/0x3d0 [ 127.133196][ T123] Workqueue: usb_hub_wq hub_event [ 127.143259][ T113] driver_probe_device+0x72/0x7a0 [ 127.148541][ T123] [ 127.148570][ T123] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 127.153658][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 127.158699][ T123] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 127.161046][ T113] __device_attach_driver+0x548/0x8e0 [ 127.166730][ T123] RSP: 0018:ffff8881092b6878 EFLAGS: 00010246 [ 127.172667][ T113] bus_for_each_drv+0x1fc/0x360 [ 127.192406][ T123] RAX: f603424d0d5e4e00 RBX: 0000000000000000 RCX: ffff888103e720c0 [ 127.197754][ T113] ? coredump_store+0xa0/0xa0 [ 127.203887][ T123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 127.203956][ T123] RBP: ffff8881092b6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 127.208798][ T113] __device_attach+0x42a/0x720 [ 127.216852][ T123] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 127.221562][ T113] device_initial_probe+0x2e/0x40 [ 127.229582][ T123] R13: 0000000000000003 R14: ffff888103e72c18 R15: 0000000000000000 [ 127.237667][ T113] bus_probe_device+0x13c/0x3b0 [ 127.246003][ T123] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 127.250532][ T113] device_add+0x1d4b/0x26c0 [ 127.255676][ T123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.263710][ T113] usb_new_device+0x17ac/0x2370 [ 127.268598][ T123] CR2: 00007ffcf724ad48 CR3: 0000000125a92000 CR4: 00000000003506e0 [ 127.277646][ T113] hub_event+0x5589/0x8080 [ 127.282151][ T123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 127.288902][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 127.293736][ T123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 127.301731][ T113] ? led_work+0x730/0x730 [ 127.306212][ T123] Call Trace: [ 127.306247][ T123] [ 127.314296][ T113] ? led_work+0x730/0x730 [ 127.320205][ T123] usb_start_wait_urb+0xcf/0x350 [ 127.328227][ T113] process_one_work+0xb27/0x13e0 [ 127.332639][ T123] usb_bulk_msg+0x5cc/0x6f0 [ 127.335953][ T113] worker_thread+0x1703/0x1d60 [ 127.338899][ T123] usb_interrupt_msg+0x54/0x70 [pid 3534] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3534] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcf7248d10) = 0 [ 127.343332][ T113] kthread+0x31b/0x430 [ 127.348235][ T123] vmk80xx_write_packet+0x5f7/0x7d0 [ 127.353243][ T113] ? worker_clr_flags+0x2b0/0x2b0 [ 127.357785][ T123] vmk80xx_auto_attach+0xe75/0x1e60 [ 127.362613][ T113] ? kthread_blkcg+0x120/0x120 [ 127.367393][ T123] ? vmk80xx_detach+0x1a0/0x1a0 [ 127.371448][ T113] ret_from_fork+0x1f/0x30 [ 127.376764][ T123] comedi_auto_config+0x2de/0x620 [ 127.381774][ T113] [ 127.387033][ T123] comedi_usb_auto_config+0x3f/0x50 [ 127.391810][ T113] ---[ end trace 0000000000000000 ]--- [ 127.421714][ T113] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 127.422116][ T123] vmk80xx_usb_probe+0x54/0x70 [ 127.437990][ T3501] usb 1-1: Using ep0 maxpacket: 8 [ 127.442609][ T6] usb 4-1: Using ep0 maxpacket: 8 [ 127.443193][ T123] ? vmk80xx_read_packet+0x770/0x770 [ 127.455311][ T123] usb_probe_interface+0xc4b/0x11f0 [ 127.460757][ T123] ? usb_register_driver+0x5f0/0x5f0 ./strace-static-x86_64: Process 3539 attached [pid 3536] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3535] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3539] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3536] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3535] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3534] exit_group(0 [pid 3539] <... prctl resumed>) = 0 [pid 3534] <... exit_group resumed>) = ? [pid 3539] setpgid(0, 0 [pid 3536] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3535] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 127.466338][ T123] really_probe+0x506/0x1000 [ 127.471172][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 127.477545][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 127.483652][ T123] __driver_probe_device+0x2fa/0x3d0 [ 127.489193][ T123] driver_probe_device+0x72/0x7a0 [ 127.494527][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 127.500579][ T123] __device_attach_driver+0x548/0x8e0 [ 127.506267][ T123] bus_for_each_drv+0x1fc/0x360 [ 127.511345][ T123] ? coredump_store+0xa0/0xa0 [pid 3534] +++ exited with 0 +++ [pid 3539] <... setpgid resumed>) = 0 [pid 3536] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3535] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3536] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3535] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3495] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3534, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 3539] <... openat resumed>) = 3 [pid 3536] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3535] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 127.516328][ T123] __device_attach+0x42a/0x720 [ 127.521341][ T123] device_initial_probe+0x2e/0x40 [ 127.526665][ T123] bus_probe_device+0x13c/0x3b0 [ 127.526829][ T113] usb 3-1: USB disconnect, device number 6 [ 127.531679][ T123] device_add+0x1d4b/0x26c0 [ 127.542252][ T123] usb_set_configuration+0x30f8/0x37e0 [ 127.548061][ T123] usb_generic_driver_probe+0x105/0x290 [ 127.553875][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 127.559925][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [pid 3495] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3539] write(3, "1000", 4 [pid 3536] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3535] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3539] <... write resumed>) = 4 [pid 3536] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3535] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3495] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3540 ./strace-static-x86_64: Process 3540 attached [pid 3539] close(3 [pid 3536] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3535] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3540] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3539] <... close resumed>) = 0 [pid 3536] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 127.565927][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 127.571866][ T123] usb_probe_device+0x288/0x490 [ 127.577004][ T123] ? usb_register_device_driver+0x440/0x440 [ 127.583182][ T123] really_probe+0x506/0x1000 [ 127.588009][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 127.593398][ T3501] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [ 127.594307][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 127.602610][ T3501] usb 1-1: config 0 has no interface number 0 [ 127.608348][ T123] __driver_probe_device+0x2fa/0x3d0 [ 127.614606][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 127.619781][ T123] driver_probe_device+0x72/0x7a0 [ 127.629794][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 127.634820][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 127.645315][ T6] usb 4-1: config 0 has an invalid interface number: 164 but max is 0 [ 127.650696][ T123] __device_attach_driver+0x548/0x8e0 [pid 3535] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3540] <... prctl resumed>) = 0 [pid 3539] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3536] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3535] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3540] setpgid(0, 0 [pid 3539] <... openat resumed>) = 3 [pid 3536] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3535] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3540] <... setpgid resumed>) = 0 [pid 3539] ioctl(3, USB_RAW_IOCTL_INIT [pid 3536] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3535] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3539] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3536] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 127.658988][ T6] usb 4-1: config 0 has no interface number 0 [ 127.664411][ T123] bus_for_each_drv+0x1fc/0x360 [ 127.664542][ T123] ? coredump_store+0xa0/0xa0 [ 127.670683][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 127.675588][ T123] __device_attach+0x42a/0x720 [ 127.680294][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 127.706812][ T123] device_initial_probe+0x2e/0x40 [ 127.712088][ T123] bus_probe_device+0x13c/0x3b0 [pid 3535] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3540] <... openat resumed>) = 3 [pid 3539] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3536] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3540] write(3, "1000", 4 [pid 3539] <... ioctl resumed>, 0) = 0 [pid 3536] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3535] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3540] <... write resumed>) = 4 [pid 3539] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3535] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3540] close(3 [pid 3539] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3540] <... close resumed>) = 0 [pid 3539] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 127.717293][ T123] device_add+0x1d4b/0x26c0 [ 127.722034][ T123] usb_new_device+0x17ac/0x2370 [ 127.727216][ T123] hub_event+0x5589/0x8080 [ 127.731940][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 127.738051][ T123] ? led_work+0x730/0x730 [ 127.742705][ T123] ? led_work+0x730/0x730 [ 127.747269][ T123] process_one_work+0xb27/0x13e0 [ 127.752576][ T123] worker_thread+0x1703/0x1d60 [ 127.757572][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 127.763720][ T123] ? __kthread_parkme+0x110/0x1b0 [pid 3540] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3540] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3540] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [ 127.768968][ T123] kthread+0x31b/0x430 [ 127.773328][ T123] ? worker_clr_flags+0x2b0/0x2b0 [ 127.778593][ T123] ? kthread_blkcg+0x120/0x120 [ 127.783665][ T123] ret_from_fork+0x1f/0x30 [ 127.788316][ T123] [ 127.791463][ T123] ---[ end trace 0000000000000000 ]--- [pid 3540] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3540] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3537] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3536] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3535] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3537] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3536] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3535] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3536] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3535] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3536] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3537] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 127.823920][ T25] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 127.826006][ T123] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3535] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3537] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3536] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3535] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3536] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3535] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3536] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3535] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3536] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3535] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3536] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3535] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3536] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 127.874422][ T123] usb 5-1: USB disconnect, device number 7 [pid 3535] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3536] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3535] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3535] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 127.933679][ T6] usb 4-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 127.943172][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.951555][ T6] usb 4-1: Product: syz [ 127.956112][ T6] usb 4-1: Manufacturer: syz [ 127.960994][ T6] usb 4-1: SerialNumber: syz [ 127.967362][ T3501] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [pid 3536] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3535] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3535] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3535] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3536] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3535] <... ioctl resumed>, 0) = 0 [ 127.976715][ T3501] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.984961][ T3501] usb 1-1: Product: syz [ 127.989279][ T3501] usb 1-1: Manufacturer: syz [ 127.994113][ T3501] usb 1-1: SerialNumber: syz [ 128.011203][ T3501] usb 1-1: config 0 descriptor?? [ 128.021058][ T6] usb 4-1: config 0 descriptor?? [pid 3536] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3535] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3536] <... ioctl resumed>, 0) = 0 [pid 3536] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3536] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3535] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3536] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3535] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3536] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3536] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3535] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3535] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3536] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 128.048755][ T3535] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 128.056895][ T3536] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22 [ 128.067079][ T3536] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22 [ 128.067435][ T3535] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [pid 3535] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 128.102568][ T28] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 128.107878][ T6] ------------[ cut here ]------------ [ 128.116148][ T6] usb 4-1: BOGUS urb xfer, pipe 1 != type 3 [ 128.124015][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 128.134053][ T6] Modules linked in: [ 128.138348][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 128.150203][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 128.160774][ T6] Workqueue: usb_hub_wq hub_event [ 128.166381][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 128.172571][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 128.192786][ T6] RSP: 0018:ffff888102616878 EFLAGS: 00010246 [pid 3538] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3538] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [ 128.199307][ T6] RAX: 9ab4860bd45fdb00 RBX: 0000000000000000 RCX: ffff888102604180 [ 128.207783][ T6] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 128.216372][ T6] RBP: ffff888102616998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 128.224866][ T6] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 128.233413][ T6] R13: 0000000000000003 R14: ffff888102604cd8 R15: 0000000000000000 [ 128.241807][ T6] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 128.251351][ T6] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.258442][ T6] CR2: 00007f3ece476cc0 CR3: 0000000127315000 CR4: 00000000003506f0 [ 128.266954][ T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 128.275423][ T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 128.283927][ T6] Call Trace: [ 128.287575][ T6] [ 128.290921][ T6] usb_start_wait_urb+0xcf/0x350 [ 128.292529][ T123] usb 5-1: new high-speed USB device number 8 using dummy_hcd [pid 3538] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3536] exit_group(0 [pid 3535] exit_group(0 [pid 3536] <... exit_group resumed>) = ? [pid 3535] <... exit_group resumed>) = ? [ 128.296273][ T6] usb_bulk_msg+0x5cc/0x6f0 [ 128.308903][ T6] usb_interrupt_msg+0x54/0x70 [ 128.314284][ T6] vmk80xx_write_packet+0x5f7/0x7d0 [ 128.319986][ T6] vmk80xx_auto_attach+0xe75/0x1e60 [ 128.325811][ T6] ? vmk80xx_detach+0x1a0/0x1a0 [ 128.331122][ T6] comedi_auto_config+0x2de/0x620 [ 128.336742][ T6] comedi_usb_auto_config+0x3f/0x50 [ 128.342525][ T6] vmk80xx_usb_probe+0x54/0x70 [ 128.347752][ T6] ? vmk80xx_read_packet+0x770/0x770 [pid 3536] +++ exited with 0 +++ [pid 3535] +++ exited with 0 +++ [pid 3492] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3536, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3488] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3535, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 3492] restart_syscall(<... resuming interrupted clone ...> [pid 3488] restart_syscall(<... resuming interrupted clone ...> [pid 3492] <... restart_syscall resumed>) = 0 [pid 3488] <... restart_syscall resumed>) = 0 [pid 3492] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3488] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3540] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3538] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3540] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3538] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3492] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3541 [ 128.353648][ T6] usb_probe_interface+0xc4b/0x11f0 [ 128.359365][ T6] ? usb_register_driver+0x5f0/0x5f0 [ 128.362763][ T28] usb 2-1: Using ep0 maxpacket: 8 [ 128.365060][ T6] really_probe+0x506/0x1000 [ 128.375215][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 128.381778][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 128.388223][ T6] __driver_probe_device+0x2fa/0x3d0 [ 128.394090][ T6] driver_probe_device+0x72/0x7a0 [pid 3488] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3542 ./strace-static-x86_64: Process 3541 attached ./strace-static-x86_64: Process 3542 attached [pid 3541] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3542] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3541] <... prctl resumed>) = 0 [pid 3542] <... prctl resumed>) = 0 [pid 3541] setpgid(0, 0 [pid 3540] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3538] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3542] setpgid(0, 0 [pid 3541] <... setpgid resumed>) = 0 [pid 3540] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3538] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3542] <... setpgid resumed>) = 0 [ 128.399605][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 128.406049][ T6] __device_attach_driver+0x548/0x8e0 [ 128.411927][ T6] bus_for_each_drv+0x1fc/0x360 [ 128.417341][ T6] ? coredump_store+0xa0/0xa0 [ 128.422598][ T6] __device_attach+0x42a/0x720 [ 128.427865][ T6] device_initial_probe+0x2e/0x40 [ 128.433467][ T6] bus_probe_device+0x13c/0x3b0 [ 128.438801][ T6] device_add+0x1d4b/0x26c0 [ 128.443858][ T6] usb_set_configuration+0x30f8/0x37e0 [ 128.449892][ T6] usb_generic_driver_probe+0x105/0x290 [ 128.455972][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 128.462256][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 128.468531][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 128.474797][ T6] usb_probe_device+0x288/0x490 [ 128.480109][ T6] ? usb_register_device_driver+0x440/0x440 [ 128.486570][ T6] really_probe+0x506/0x1000 [ 128.491666][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 128.498298][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 128.504689][ T6] __driver_probe_device+0x2fa/0x3d0 [ 128.510479][ T6] driver_probe_device+0x72/0x7a0 [ 128.516165][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 128.522542][ T6] __device_attach_driver+0x548/0x8e0 [ 128.522968][ T28] usb 2-1: config 0 has an invalid interface number: 164 but max is 0 [ 128.528218][ T6] bus_for_each_drv+0x1fc/0x360 [ 128.536445][ T28] usb 2-1: config 0 has no interface number 0 [ 128.536545][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 128.536666][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 128.541482][ T6] ? coredump_store+0xa0/0xa0 [ 128.573369][ T6] __device_attach+0x42a/0x720 [ 128.578645][ T6] device_initial_probe+0x2e/0x40 [ 128.584280][ T6] bus_probe_device+0x13c/0x3b0 [ 128.589624][ T6] device_add+0x1d4b/0x26c0 [ 128.594725][ T6] usb_new_device+0x17ac/0x2370 [ 128.600078][ T6] hub_event+0x5589/0x8080 [ 128.605166][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 128.611461][ T6] ? led_work+0x730/0x730 [ 128.612716][ T123] usb 5-1: Using ep0 maxpacket: 8 [ 128.616204][ T6] ? led_work+0x730/0x730 [ 128.626087][ T6] process_one_work+0xb27/0x13e0 [ 128.631537][ T6] worker_thread+0x1703/0x1d60 [ 128.636918][ T6] kthread+0x31b/0x430 [ 128.641444][ T6] ? worker_clr_flags+0x2b0/0x2b0 [ 128.647063][ T6] ? kthread_blkcg+0x120/0x120 [pid 3541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3541] <... openat resumed>) = 3 [pid 3542] <... openat resumed>) = 3 [pid 3541] write(3, "1000", 4 [pid 3542] write(3, "1000", 4 [pid 3541] <... write resumed>) = 4 [pid 3542] <... write resumed>) = 4 [pid 3541] close(3 [pid 3538] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3542] close(3 [pid 3541] <... close resumed>) = 0 [pid 3538] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3542] <... close resumed>) = 0 [pid 3541] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3542] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3541] <... openat resumed>) = 3 [pid 3542] <... openat resumed>) = 3 [pid 3541] ioctl(3, USB_RAW_IOCTL_INIT [pid 3542] ioctl(3, USB_RAW_IOCTL_INIT [pid 3541] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3542] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3541] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3542] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3541] <... ioctl resumed>, 0) = 0 [pid 3538] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3542] <... ioctl resumed>, 0) = 0 [pid 3541] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3538] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3542] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3541] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3538] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3542] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3541] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3538] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3542] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3538] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3538] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3538] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 4 [pid 3538] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3538] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3540] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3538] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3540] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3538] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3540] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3538] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3540] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3538] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3540] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3538] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3540] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3538] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3540] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [ 128.652289][ T6] ret_from_fork+0x1f/0x30 [ 128.657368][ T6] [ 128.660763][ T6] ---[ end trace 0000000000000000 ]--- [ 128.666914][ T25] usb 6-1: Using ep0 maxpacket: 8 [ 128.684910][ T3501] ------------[ cut here ]------------ [ 128.690508][ T3501] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [pid 3538] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3540] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 128.699393][ T3501] WARNING: CPU: 0 PID: 3501 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 128.709451][ T3501] Modules linked in: [ 128.713607][ T3501] CPU: 0 PID: 3501 Comm: kworker/0:3 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 128.723598][ T28] usb 2-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 128.725426][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 128.734496][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [pid 3538] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3540] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3538] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3540] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 128.744590][ T3501] Workqueue: usb_hub_wq hub_event [ 128.752646][ T28] usb 2-1: Product: syz [ 128.752729][ T28] usb 2-1: Manufacturer: syz [ 128.757769][ T3501] [ 128.757798][ T3501] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 128.761960][ T28] usb 2-1: SerialNumber: syz [ 128.766620][ T3501] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 128.790048][ T28] usb 2-1: config 0 descriptor?? [ 128.799172][ T3501] RSP: 0018:ffff888122a6e878 EFLAGS: 00010246 [ 128.799276][ T3501] RAX: f66d70e6d79e2000 RBX: 0000000000000000 RCX: ffff888121010000 [ 128.799354][ T3501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 128.799419][ T3501] RBP: ffff888122a6e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 128.799508][ T3501] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 128.806781][ T123] usb 5-1: config 0 has an invalid interface number: 164 but max is 0 [pid 3538] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3540] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3537] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3540] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3538] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3537] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3538] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3538] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3538] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3540] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3538] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [ 128.810673][ T3501] R13: 0000000000000003 R14: ffff888121010b58 R15: 0000000000000000 [ 128.818775][ T123] usb 5-1: config 0 has no interface number 0 [ 128.826832][ T3501] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 128.826928][ T3501] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.827006][ T3501] CR2: 00007f3ece476cc0 CR3: 0000000127315000 CR4: 00000000003506f0 [ 128.835101][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 128.843133][ T3501] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 128.851324][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 128.859365][ T3501] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 128.886532][ T3538] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 128.889395][ T3501] Call Trace: [ 128.916894][ T3538] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 128.917518][ T3501] [ 128.947546][ T3501] usb_start_wait_urb+0xcf/0x350 [ 128.952807][ T3501] usb_bulk_msg+0x5cc/0x6f0 [ 128.957540][ T3501] usb_interrupt_msg+0x54/0x70 [ 128.962602][ T3501] vmk80xx_write_packet+0x5f7/0x7d0 [ 128.968051][ T3501] vmk80xx_auto_attach+0xe75/0x1e60 [ 128.969561][ T28] ------------[ cut here ]------------ [ 128.973512][ T3501] ? vmk80xx_detach+0x1a0/0x1a0 [ 128.978925][ T28] usb 2-1: BOGUS urb xfer, pipe 1 != type 3 [ 128.983861][ T3501] comedi_auto_config+0x2de/0x620 [ 128.983986][ T3501] comedi_usb_auto_config+0x3f/0x50 [ 128.984130][ T3501] vmk80xx_usb_probe+0x54/0x70 [ 128.991388][ T28] WARNING: CPU: 1 PID: 28 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 128.995149][ T3501] ? vmk80xx_read_packet+0x770/0x770 [ 129.000359][ T28] Modules linked in: [ 129.005208][ T3501] usb_probe_interface+0xc4b/0x11f0 [ 129.014756][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 129.020100][ T3501] ? usb_register_driver+0x5f0/0x5f0 [ 129.024097][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [pid 3540] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3538] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3540] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3538] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3540] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3538] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3540] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3538] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 129.029261][ T3501] really_probe+0x506/0x1000 [ 129.040710][ T28] Workqueue: usb_hub_wq hub_event [ 129.046076][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 129.056213][ T28] [ 129.056245][ T28] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 129.060855][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 129.065986][ T28] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 129.072078][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 129.074469][ T28] RSP: 0018:ffff8881027a2878 EFLAGS: 00010246 [ 129.080145][ T3501] driver_probe_device+0x72/0x7a0 [ 129.086083][ T28] [ 129.105750][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 129.105913][ T3501] __device_attach_driver+0x548/0x8e0 [ 129.106083][ T3501] bus_for_each_drv+0x1fc/0x360 [ 129.106212][ T3501] ? coredump_store+0xa0/0xa0 [ 129.106364][ T3501] __device_attach+0x42a/0x720 [ 129.106510][ T3501] device_initial_probe+0x2e/0x40 [ 129.106653][ T3501] bus_probe_device+0x13c/0x3b0 [ 129.106797][ T3501] device_add+0x1d4b/0x26c0 [ 129.106939][ T3501] usb_set_configuration+0x30f8/0x37e0 [ 129.107132][ T3501] usb_generic_driver_probe+0x105/0x290 [ 129.107255][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 129.107393][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 129.107516][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 129.107649][ T3501] usb_probe_device+0x288/0x490 [ 129.112991][ T28] RAX: c3242d7576535800 RBX: 0000000000000000 RCX: ffff888102684180 [ 129.119106][ T3501] ? usb_register_device_driver+0x440/0x440 [ 129.124181][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 129.126546][ T3501] really_probe+0x506/0x1000 [ 129.132425][ T28] RBP: ffff8881027a2998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 129.137824][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 129.142734][ T28] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 129.147456][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 129.152219][ T28] R13: 0000000000000003 R14: ffff888102684cd8 R15: 0000000000000000 [ 129.157336][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 129.162172][ T28] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 129.166771][ T3501] driver_probe_device+0x72/0x7a0 [ 129.172280][ T28] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.177853][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 129.183645][ T28] CR2: 00007f3ece476cc0 CR3: 00000001272d2000 CR4: 00000000003506e0 [ 129.189407][ T3501] __device_attach_driver+0x548/0x8e0 [ 129.195193][ T28] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 129.200089][ T3501] bus_for_each_drv+0x1fc/0x360 [ 129.208113][ T28] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 129.214110][ T3501] ? coredump_store+0xa0/0xa0 [ 129.222087][ T28] Call Trace: [ 129.222122][ T28] [ 129.226776][ T3501] __device_attach+0x42a/0x720 [ 129.234828][ T28] usb_start_wait_urb+0xcf/0x350 [ 129.240905][ T3501] device_initial_probe+0x2e/0x40 [ 129.248942][ T28] usb_bulk_msg+0x5cc/0x6f0 [ 129.254859][ T3501] bus_probe_device+0x13c/0x3b0 [ 129.262930][ T28] usb_interrupt_msg+0x54/0x70 [ 129.268252][ T3501] device_add+0x1d4b/0x26c0 [ 129.277289][ T28] vmk80xx_write_packet+0x5f7/0x7d0 [ 129.282428][ T3501] usb_new_device+0x17ac/0x2370 [ 129.289021][ T28] vmk80xx_auto_attach+0xe75/0x1e60 [ 129.294913][ T3501] hub_event+0x5589/0x8080 [ 129.302937][ T28] ? vmk80xx_detach+0x1a0/0x1a0 [ 129.308394][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 129.316359][ T28] comedi_auto_config+0x2de/0x620 [ 129.321244][ T3501] ? led_work+0x730/0x730 [ 129.329305][ T28] comedi_usb_auto_config+0x3f/0x50 [ 129.334065][ T3501] ? led_work+0x730/0x730 [ 129.337351][ T28] vmk80xx_usb_probe+0x54/0x70 [ 129.340296][ T3501] process_one_work+0xb27/0x13e0 [ 129.345120][ T28] ? vmk80xx_read_packet+0x770/0x770 [ 129.350119][ T3501] worker_thread+0x1703/0x1d60 [ 129.355174][ T28] usb_probe_interface+0xc4b/0x11f0 [ 129.359745][ T3501] kthread+0x31b/0x430 [ 129.364645][ T28] ? usb_register_driver+0x5f0/0x5f0 [ 129.369414][ T3501] ? worker_clr_flags+0x2b0/0x2b0 [ 129.373983][ T28] really_probe+0x506/0x1000 [ 129.379223][ T3501] ? kthread_blkcg+0x120/0x120 [ 129.384186][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 129.389419][ T3501] ret_from_fork+0x1f/0x30 [ 129.393916][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 129.398811][ T3501] [ 129.404687][ T28] __driver_probe_device+0x2fa/0x3d0 [ 129.409727][ T3501] ---[ end trace 0000000000000000 ]--- [pid 3540] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3537] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3540] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3538] exit_group(0 [pid 3537] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3538] <... exit_group resumed>) = ? [pid 3539] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3538] +++ exited with 0 +++ [pid 3537] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3539] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3537] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3539] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3537] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3539] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3537] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 129.421755][ T113] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 129.423869][ T28] driver_probe_device+0x72/0x7a0 [ 129.500017][ T6] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 129.504063][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 129.504222][ T28] __device_attach_driver+0x548/0x8e0 [ 129.504389][ T28] bus_for_each_drv+0x1fc/0x360 [ 129.504517][ T28] ? coredump_store+0xa0/0xa0 [ 129.504668][ T28] __device_attach+0x42a/0x720 [pid 3537] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 36 [pid 3537] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3490] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3538, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 3490] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3537] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3537] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3490] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3543 [ 129.529707][ T25] usb 6-1: config 0 has an invalid interface number: 164 but max is 0 [ 129.532876][ T28] device_initial_probe+0x2e/0x40 [ 129.538311][ T25] usb 6-1: config 0 has no interface number 0 [ 129.543261][ T28] bus_probe_device+0x13c/0x3b0 [ 129.548020][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 129.552845][ T28] device_add+0x1d4b/0x26c0 [ 129.561074][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 129.566174][ T28] usb_set_configuration+0x30f8/0x37e0 [pid 3537] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [ 129.612507][ T28] usb_generic_driver_probe+0x105/0x290 [ 129.618302][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 129.624472][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 129.630442][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 129.636457][ T28] usb_probe_device+0x288/0x490 [ 129.641534][ T28] ? usb_register_device_driver+0x440/0x440 [ 129.647710][ T28] really_probe+0x506/0x1000 [ 129.649281][ T6] usb 4-1: USB disconnect, device number 6 [ 129.652518][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 129.652673][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 129.670832][ T28] __driver_probe_device+0x2fa/0x3d0 [ 129.676433][ T28] driver_probe_device+0x72/0x7a0 [ 129.681700][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 129.687806][ T28] __device_attach_driver+0x548/0x8e0 [ 129.693488][ T28] bus_for_each_drv+0x1fc/0x360 [ 129.698587][ T28] ? coredump_store+0xa0/0xa0 [ 129.703557][ T28] __device_attach+0x42a/0x720 [pid 3537] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3539] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3539] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [ 129.708564][ T28] device_initial_probe+0x2e/0x40 [ 129.712911][ T113] usb 3-1: Using ep0 maxpacket: 8 [ 129.713807][ T28] bus_probe_device+0x13c/0x3b0 [ 129.723915][ T28] device_add+0x1d4b/0x26c0 [ 129.728650][ T28] usb_new_device+0x17ac/0x2370 [ 129.733866][ T28] hub_event+0x5589/0x8080 [ 129.738603][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 129.744720][ T28] ? led_work+0x730/0x730 [ 129.749296][ T28] ? led_work+0x730/0x730 [ 129.753916][ T28] process_one_work+0xb27/0x13e0 [pid 3539] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3539] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3537] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3537] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3539] <... ioctl resumed>, 0x7ffcf7248d10) = 9 ./strace-static-x86_64: Process 3543 attached [pid 3540] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3539] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3537] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3543] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3540] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3543] <... prctl resumed>) = 0 [pid 3543] setpgid(0, 0) = 0 [pid 3539] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3537] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3539] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3543] <... openat resumed>) = 3 [pid 3543] write(3, "1000", 4) = 4 [pid 3543] close(3) = 0 [pid 3543] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3540] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3537] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3543] ioctl(3, USB_RAW_IOCTL_INIT [pid 3540] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3537] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3543] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 129.759131][ T28] worker_thread+0x1703/0x1d60 [ 129.764214][ T28] kthread+0x31b/0x430 [ 129.768485][ T28] ? worker_clr_flags+0x2b0/0x2b0 [ 129.773791][ T28] ? kthread_blkcg+0x120/0x120 [ 129.778788][ T28] ret_from_fork+0x1f/0x30 [ 129.783498][ T28] [ 129.786662][ T28] ---[ end trace 0000000000000000 ]--- [pid 3543] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3543] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3543] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3540] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3539] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3540] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3539] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3537] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 129.845026][ T3501] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 129.862998][ T113] usb 3-1: config 0 has an invalid interface number: 164 but max is 0 [ 129.871387][ T113] usb 3-1: config 0 has no interface number 0 [ 129.877778][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [pid 3537] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3540] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 129.888025][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 129.893400][ T123] usb 5-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 129.907480][ T123] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.907548][ T3501] usb 1-1: USB disconnect, device number 6 [ 129.921586][ T123] usb 5-1: Product: syz [ 129.926332][ T123] usb 5-1: Manufacturer: syz [ 129.931102][ T123] usb 5-1: SerialNumber: syz [pid 3540] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3539] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3537] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3539] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 129.946714][ T28] comedi comedi2: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 129.961220][ T123] usb 5-1: config 0 descriptor?? [ 129.973508][ T25] usb 6-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 129.982857][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.991036][ T25] usb 6-1: Product: syz [pid 3537] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3540] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3539] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3537] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3539] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3540] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3537] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3540] <... ioctl resumed>, 0) = 0 [pid 3540] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3540] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3539] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3539] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 129.995495][ T25] usb 6-1: Manufacturer: syz [ 130.000255][ T25] usb 6-1: SerialNumber: syz [ 130.006512][ T28] usb 2-1: USB disconnect, device number 7 [ 130.025469][ T3540] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [pid 3540] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3539] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3539] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3539] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3540] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3539] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 130.049633][ T3540] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [pid 3539] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 130.108394][ T25] usb 6-1: config 0 descriptor?? [pid 3539] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3540] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 130.133251][ T113] usb 3-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 130.143060][ T113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.145662][ T123] ------------[ cut here ]------------ [ 130.151173][ T113] usb 3-1: Product: syz [ 130.156951][ T123] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [ 130.160952][ T113] usb 3-1: Manufacturer: syz [ 130.168233][ T123] WARNING: CPU: 1 PID: 123 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 130.171545][ T113] usb 3-1: SerialNumber: syz [ 130.181165][ T123] Modules linked in: [ 130.190213][ T123] CPU: 1 PID: 123 Comm: kworker/1:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 130.201965][ T123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 130.212258][ T123] Workqueue: usb_hub_wq hub_event [ 130.217614][ T123] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 130.224280][ T3537] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 130.224343][ T123] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 130.235528][ T3537] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 130.251221][ T123] RSP: 0018:ffff8881092b6878 EFLAGS: 00010246 [ 130.258795][ T6] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 130.264729][ T123] RAX: f603424d0d5e4e00 RBX: 0000000000000000 RCX: ffff888103e720c0 [pid 3539] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3537] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3537] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3537] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3537] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3537] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3541] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3539] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 130.264812][ T123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 130.288796][ T123] RBP: ffff8881092b6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 130.297006][ T123] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 130.305223][ T123] R13: 0000000000000003 R14: ffff888103e72c18 R15: 0000000000000000 [ 130.313439][ T123] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 130.323385][ T123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 3541] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3539] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3541] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3539] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [ 130.330153][ T123] CR2: 00007f3ece476cc0 CR3: 00000001272b4000 CR4: 00000000003506e0 [ 130.338432][ T123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 130.341441][ T113] usb 3-1: config 0 descriptor?? [ 130.346591][ T123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 130.346673][ T123] Call Trace: [ 130.346706][ T123] [ 130.354078][ T3501] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 130.359964][ T123] usb_start_wait_urb+0xcf/0x350 [pid 3539] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3539] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3539] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3542] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3542] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 130.377210][ T3539] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 130.378573][ T123] usb_bulk_msg+0x5cc/0x6f0 [ 130.390750][ T123] usb_interrupt_msg+0x54/0x70 [ 130.395821][ T123] vmk80xx_write_packet+0x5f7/0x7d0 [ 130.401277][ T123] vmk80xx_auto_attach+0xe75/0x1e60 [ 130.406779][ T123] ? vmk80xx_detach+0x1a0/0x1a0 [ 130.411851][ T123] comedi_auto_config+0x2de/0x620 [ 130.417177][ T123] comedi_usb_auto_config+0x3f/0x50 [ 130.422721][ T123] vmk80xx_usb_probe+0x54/0x70 [ 130.426746][ T3539] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [pid 3540] exit_group(0 [pid 3542] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3540] <... exit_group resumed>) = ? [pid 3539] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3542] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 130.427634][ T123] ? vmk80xx_read_packet+0x770/0x770 [ 130.440310][ T123] usb_probe_interface+0xc4b/0x11f0 [ 130.446115][ T123] ? usb_register_driver+0x5f0/0x5f0 [ 130.451623][ T123] really_probe+0x506/0x1000 [ 130.456500][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 130.462890][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 130.468966][ T123] __driver_probe_device+0x2fa/0x3d0 [ 130.474600][ T123] driver_probe_device+0x72/0x7a0 [pid 3539] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcf7248d10) = 0 [ 130.479869][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 130.486012][ T123] __device_attach_driver+0x548/0x8e0 [ 130.491633][ T123] bus_for_each_drv+0x1fc/0x360 [ 130.496754][ T123] ? coredump_store+0xa0/0xa0 [ 130.498758][ T113] ------------[ cut here ]------------ [ 130.501616][ T123] __device_attach+0x42a/0x720 [ 130.507187][ T113] usb 3-1: BOGUS urb xfer, pipe 1 != type 3 [ 130.511957][ T123] device_initial_probe+0x2e/0x40 [ 130.519380][ T113] WARNING: CPU: 0 PID: 113 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 130.523013][ T123] bus_probe_device+0x13c/0x3b0 [ 130.532708][ T113] Modules linked in: [ 130.532767][ T113] CPU: 0 PID: 113 Comm: kworker/0:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 130.537687][ T123] device_add+0x1d4b/0x26c0 [ 130.541577][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 130.553147][ T123] usb_set_configuration+0x30f8/0x37e0 [ 130.557679][ T113] Workqueue: usb_hub_wq hub_event [ 130.567890][ T123] usb_generic_driver_probe+0x105/0x290 [ 130.573364][ T113] [ 130.578381][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 130.584050][ T113] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 130.586336][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 130.592161][ T113] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 130.597869][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 130.603690][ T113] RSP: 0018:ffff888109c8e878 EFLAGS: 00010246 [ 130.623414][ T123] usb_probe_device+0x288/0x490 [ 130.629175][ T113] [ 130.629202][ T113] RAX: 7c40313c42a2f100 RBX: 0000000000000000 RCX: ffff888109c90000 [ 130.635319][ T123] ? usb_register_device_driver+0x440/0x440 [ 130.640188][ T113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 130.642600][ T123] really_probe+0x506/0x1000 [ 130.650665][ T113] RBP: ffff888109c8e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 130.656625][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 130.664722][ T113] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 130.669315][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 130.677361][ T113] R13: 0000000000000003 R14: ffff888109c90b58 R15: 0000000000000000 [ 130.683541][ T123] __driver_probe_device+0x2fa/0x3d0 [ 130.691509][ T113] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 130.697392][ T123] driver_probe_device+0x72/0x7a0 [ 130.705568][ T113] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 130.710814][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 130.719835][ T113] CR2: 00007f3ece513138 CR3: 0000000125a92000 CR4: 00000000003506f0 [ 130.724945][ T123] __device_attach_driver+0x548/0x8e0 [ 130.731558][ T113] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 130.737445][ T123] bus_for_each_drv+0x1fc/0x360 [ 130.745571][ T113] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 130.745643][ T113] Call Trace: [ 130.745676][ T113] [ 130.745757][ T113] usb_start_wait_urb+0xcf/0x350 [ 130.751072][ T123] ? coredump_store+0xa0/0xa0 [ 130.759149][ T113] usb_bulk_msg+0x5cc/0x6f0 [ 130.764061][ T123] __device_attach+0x42a/0x720 [ 130.764216][ T123] device_initial_probe+0x2e/0x40 [ 130.772221][ T113] usb_interrupt_msg+0x54/0x70 [ 130.775694][ T123] bus_probe_device+0x13c/0x3b0 [ 130.778461][ T113] vmk80xx_write_packet+0x5f7/0x7d0 [ 130.783468][ T123] device_add+0x1d4b/0x26c0 [ 130.788218][ T113] vmk80xx_auto_attach+0xe75/0x1e60 [ 130.792801][ T123] usb_new_device+0x17ac/0x2370 [ 130.792975][ T123] hub_event+0x5589/0x8080 [ 130.797722][ T113] ? vmk80xx_detach+0x1a0/0x1a0 [ 130.802935][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 130.807610][ T113] comedi_auto_config+0x2de/0x620 [ 130.812540][ T123] ? led_work+0x730/0x730 [ 130.817766][ T113] comedi_usb_auto_config+0x3f/0x50 [ 130.822265][ T123] ? led_work+0x730/0x730 [ 130.827616][ T113] vmk80xx_usb_probe+0x54/0x70 [ 130.832648][ T123] process_one_work+0xb27/0x13e0 [ 130.836973][ T113] ? vmk80xx_read_packet+0x770/0x770 [ 130.841867][ T123] worker_thread+0x1703/0x1d60 [ 130.847784][ T113] usb_probe_interface+0xc4b/0x11f0 [ 130.852821][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 130.857173][ T113] ? usb_register_driver+0x5f0/0x5f0 [ 130.862462][ T123] ? __kthread_parkme+0x110/0x1b0 [ 130.866802][ T113] really_probe+0x506/0x1000 [ 130.871591][ T123] kthread+0x31b/0x430 [ 130.876596][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 130.881895][ T123] ? worker_clr_flags+0x2b0/0x2b0 [ 130.886859][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3539] exit_group(0) = ? [pid 3539] +++ exited with 0 +++ [pid 3537] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3491] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3539, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 3491] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3544 [pid 3540] +++ exited with 0 +++ [pid 3495] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3540, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [ 130.891957][ T123] ? kthread_blkcg+0x120/0x120 [ 130.897846][ T113] __driver_probe_device+0x2fa/0x3d0 [ 130.903184][ T123] ret_from_fork+0x1f/0x30 [ 130.908276][ T113] driver_probe_device+0x72/0x7a0 [ 130.912959][ T123] [ 130.912995][ T123] ---[ end trace 0000000000000000 ]--- [ 130.968263][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 130.974441][ T113] __device_attach_driver+0x548/0x8e0 [ 130.980076][ T113] bus_for_each_drv+0x1fc/0x360 [pid 3495] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3544 attached [ 130.985255][ T113] ? coredump_store+0xa0/0xa0 [ 130.990202][ T113] __device_attach+0x42a/0x720 [ 130.995300][ T113] device_initial_probe+0x2e/0x40 [ 131.000561][ T113] bus_probe_device+0x13c/0x3b0 [ 131.005729][ T113] device_add+0x1d4b/0x26c0 [ 131.010481][ T113] usb_set_configuration+0x30f8/0x37e0 [ 131.016323][ T113] usb_generic_driver_probe+0x105/0x290 [ 131.022094][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 131.028215][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [pid 3544] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3495] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3545 [pid 3544] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 3545 attached [pid 3544] setpgid(0, 0 [pid 3545] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3544] <... setpgid resumed>) = 0 [pid 3545] <... prctl resumed>) = 0 [pid 3544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 131.034239][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 131.040179][ T113] usb_probe_device+0x288/0x490 [ 131.045331][ T113] ? usb_register_device_driver+0x440/0x440 [ 131.051464][ T113] really_probe+0x506/0x1000 [ 131.056390][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 131.062779][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 131.068830][ T113] __driver_probe_device+0x2fa/0x3d0 [ 131.074453][ T113] driver_probe_device+0x72/0x7a0 [ 131.079727][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 131.085877][ T113] __device_attach_driver+0x548/0x8e0 [ 131.091510][ T113] bus_for_each_drv+0x1fc/0x360 [ 131.096663][ T113] ? coredump_store+0xa0/0xa0 [ 131.101582][ T113] __device_attach+0x42a/0x720 [ 131.106674][ T113] device_initial_probe+0x2e/0x40 [ 131.111927][ T113] bus_probe_device+0x13c/0x3b0 [ 131.117098][ T113] device_add+0x1d4b/0x26c0 [ 131.121828][ T113] usb_new_device+0x17ac/0x2370 [ 131.127020][ T113] hub_event+0x5589/0x8080 [ 131.131743][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3545] setpgid(0, 0 [pid 3544] <... openat resumed>) = 3 [pid 3545] <... setpgid resumed>) = 0 [pid 3544] write(3, "1000", 4 [pid 3545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3544] <... write resumed>) = 4 [pid 3545] <... openat resumed>) = 3 [pid 3544] close(3 [pid 3545] write(3, "1000", 4 [pid 3544] <... close resumed>) = 0 [pid 3545] <... write resumed>) = 4 [pid 3544] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3545] close(3 [pid 3544] <... openat resumed>) = 3 [pid 3545] <... close resumed>) = 0 [pid 3544] ioctl(3, USB_RAW_IOCTL_INIT [pid 3545] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3544] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3545] <... openat resumed>) = 3 [pid 3544] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3545] ioctl(3, USB_RAW_IOCTL_INIT [pid 3544] <... ioctl resumed>, 0) = 0 [pid 3545] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3544] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3545] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3544] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3545] <... ioctl resumed>, 0) = 0 [pid 3544] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3545] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3545] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3537] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 131.137870][ T113] ? led_work+0x730/0x730 [ 131.142504][ T113] ? led_work+0x730/0x730 [ 131.147056][ T113] process_one_work+0xb27/0x13e0 [ 131.152251][ T113] worker_thread+0x1703/0x1d60 [ 131.157420][ T113] kthread+0x31b/0x430 [ 131.161692][ T113] ? worker_clr_flags+0x2b0/0x2b0 [ 131.167032][ T113] ? kthread_blkcg+0x120/0x120 [ 131.172011][ T113] ret_from_fork+0x1f/0x30 [ 131.176796][ T113] [ 131.179945][ T113] ---[ end trace 0000000000000000 ]--- [ 131.205777][ T25] ------------[ cut here ]------------ [ 131.211390][ T25] usb 6-1: BOGUS urb xfer, pipe 1 != type 3 [ 131.220085][ T123] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 131.220473][ T25] WARNING: CPU: 0 PID: 25 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 131.234948][ T28] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 131.239357][ T25] Modules linked in: [pid 3543] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3543] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [ 131.251050][ T25] CPU: 0 PID: 25 Comm: kworker/0:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 131.262719][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 131.273095][ T25] Workqueue: usb_hub_wq hub_event [ 131.278391][ T25] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 131.284399][ T25] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 131.304337][ T25] RSP: 0018:ffff8881026f6878 EFLAGS: 00010246 [ 131.310639][ T25] RAX: 5ec2ec8ff90d0c00 RBX: 0000000000000000 RCX: ffff88810267c180 [ 131.318958][ T25] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 131.327192][ T25] RBP: ffff8881026f6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 131.332519][ T123] usb 5-1: USB disconnect, device number 8 [ 131.335407][ T25] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [pid 3543] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3537] exit_group(0) = ? [ 131.349357][ T25] R13: 0000000000000003 R14: ffff88810267ccd8 R15: 0000000000000000 [ 131.357650][ T25] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 131.366857][ T25] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 131.373764][ T25] CR2: 00007f3ece513138 CR3: 0000000125a92000 CR4: 00000000003506f0 [ 131.381915][ T25] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 131.390196][ T25] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 131.398444][ T25] Call Trace: [ 131.401865][ T25] [pid 3537] +++ exited with 0 +++ [pid 3497] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3537, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [ 131.405088][ T25] usb_start_wait_urb+0xcf/0x350 [ 131.410260][ T25] usb_bulk_msg+0x5cc/0x6f0 [ 131.415077][ T25] usb_interrupt_msg+0x54/0x70 [ 131.420058][ T25] vmk80xx_write_packet+0x5f7/0x7d0 [ 131.425641][ T25] vmk80xx_auto_attach+0xe75/0x1e60 [ 131.431087][ T25] ? vmk80xx_detach+0x1a0/0x1a0 [ 131.436254][ T25] comedi_auto_config+0x2de/0x620 [ 131.441509][ T25] comedi_usb_auto_config+0x3f/0x50 [ 131.447063][ T25] vmk80xx_usb_probe+0x54/0x70 [pid 3497] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3546 ./strace-static-x86_64: Process 3546 attached [pid 3546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3546] setpgid(0, 0) = 0 [ 131.452060][ T25] ? vmk80xx_read_packet+0x770/0x770 [ 131.457715][ T25] usb_probe_interface+0xc4b/0x11f0 [ 131.463254][ T25] ? usb_register_driver+0x5f0/0x5f0 [ 131.468780][ T25] really_probe+0x506/0x1000 [ 131.473681][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 131.480011][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 131.486152][ T25] __driver_probe_device+0x2fa/0x3d0 [ 131.491697][ T25] driver_probe_device+0x72/0x7a0 [ 131.497095][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 131.502479][ T28] usb 2-1: Using ep0 maxpacket: 8 [ 131.503153][ T25] __device_attach_driver+0x548/0x8e0 [ 131.513796][ T25] bus_for_each_drv+0x1fc/0x360 [ 131.518884][ T25] ? coredump_store+0xa0/0xa0 [ 131.523920][ T25] __device_attach+0x42a/0x720 [ 131.528932][ T25] device_initial_probe+0x2e/0x40 [ 131.534324][ T25] bus_probe_device+0x13c/0x3b0 [ 131.539424][ T25] device_add+0x1d4b/0x26c0 [ 131.544277][ T25] usb_set_configuration+0x30f8/0x37e0 [ 131.550028][ T25] usb_generic_driver_probe+0x105/0x290 [ 131.555918][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 131.561964][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 131.568030][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 131.574050][ T25] usb_probe_device+0x288/0x490 [ 131.579133][ T25] ? usb_register_device_driver+0x440/0x440 [ 131.585384][ T25] really_probe+0x506/0x1000 [ 131.590213][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 131.596678][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 131.602806][ T25] __driver_probe_device+0x2fa/0x3d0 [ 131.608340][ T25] driver_probe_device+0x72/0x7a0 [ 131.613750][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 131.619802][ T25] __device_attach_driver+0x548/0x8e0 [ 131.625557][ T25] bus_for_each_drv+0x1fc/0x360 [ 131.630642][ T25] ? coredump_store+0xa0/0xa0 [ 131.635683][ T25] __device_attach+0x42a/0x720 [ 131.640694][ T25] device_initial_probe+0x2e/0x40 [ 131.646100][ T25] bus_probe_device+0x13c/0x3b0 [ 131.651183][ T25] device_add+0x1d4b/0x26c0 [ 131.652805][ T28] usb 2-1: config 0 has an invalid interface number: 164 but max is 0 [ 131.655957][ T25] usb_new_device+0x17ac/0x2370 [ 131.664279][ T28] usb 2-1: config 0 has no interface number 0 [ 131.669043][ T25] hub_event+0x5589/0x8080 [ 131.675171][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 131.679669][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 131.689581][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3546] write(3, "1000", 4) = 4 [pid 3546] close(3) = 0 [pid 3546] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3546] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3546] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3543] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3546] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3543] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3546] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3546] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3543] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3543] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3543] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 9 [pid 3543] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3543] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 36 [pid 3543] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3543] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 4 [ 131.695455][ T25] ? led_work+0x730/0x730 [ 131.710310][ T25] ? led_work+0x730/0x730 [ 131.714991][ T25] process_one_work+0xb27/0x13e0 [ 131.720201][ T25] worker_thread+0x1703/0x1d60 [ 131.725357][ T25] kthread+0x31b/0x430 [ 131.729630][ T25] ? worker_clr_flags+0x2b0/0x2b0 [ 131.735014][ T25] ? kthread_blkcg+0x120/0x120 [ 131.739990][ T25] ret_from_fork+0x1f/0x30 [ 131.744761][ T25] [ 131.747908][ T25] ---[ end trace 0000000000000000 ]--- [ 131.766097][ T113] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 131.779907][ T25] comedi comedi2: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3543] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3541] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 131.812800][ T6] usb 4-1: Using ep0 maxpacket: 8 [pid 3541] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3541] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3543] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3543] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3541] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3541] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3543] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3543] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3542] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3541] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3542] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3541] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3543] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 131.835500][ T113] usb 3-1: USB disconnect, device number 7 [ 131.864858][ T25] usb 6-1: USB disconnect, device number 7 [ 131.874580][ T3501] usb 1-1: Using ep0 maxpacket: 8 [pid 3543] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3542] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3541] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3542] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3541] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3543] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3542] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3541] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3543] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3542] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3541] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3543] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3543] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3541] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 131.933466][ T6] usb 4-1: config 0 has an invalid interface number: 164 but max is 0 [ 131.941968][ T6] usb 4-1: config 0 has no interface number 0 [ 131.948948][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 131.959314][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 131.963499][ T123] usb 5-1: new high-speed USB device number 9 using dummy_hcd [pid 3541] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3545] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3543] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3542] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3541] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3543] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3542] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3541] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3542] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 131.996015][ T28] usb 2-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 132.005575][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.013845][ T28] usb 2-1: Product: syz [ 132.018165][ T28] usb 2-1: Manufacturer: syz [ 132.022978][ T28] usb 2-1: SerialNumber: syz [ 132.038807][ T28] usb 2-1: config 0 descriptor?? [pid 3542] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3545] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3542] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3542] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3545] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3545] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3543] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3542] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3542] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3543] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3543] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 132.040064][ T3501] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [ 132.052284][ T3501] usb 1-1: config 0 has no interface number 0 [ 132.058633][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 132.068886][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3543] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3542] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3542] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3543] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3543] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcf7248d10) = 0 [pid 3542] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3541] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 132.110325][ T3543] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 132.138739][ T3543] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [pid 3542] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3541] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3542] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3541] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3542] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3541] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3542] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3541] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3542] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 132.178876][ T28] ------------[ cut here ]------------ [ 132.184628][ T28] usb 2-1: BOGUS urb xfer, pipe 1 != type 3 [ 132.191986][ T28] WARNING: CPU: 1 PID: 28 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 132.201806][ T28] Modules linked in: [ 132.205958][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 132.217658][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [pid 3541] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3542] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3541] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3542] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3541] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3542] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3541] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3542] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 132.228021][ T28] Workqueue: usb_hub_wq hub_event [ 132.233356][ T28] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 132.239220][ T28] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 132.259179][ T28] RSP: 0018:ffff8881027a2878 EFLAGS: 00010246 [ 132.265648][ T28] RAX: c3242d7576535800 RBX: 0000000000000000 RCX: ffff888102684180 [ 132.273284][ T6] usb 4-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 132.273835][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 132.282983][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.283087][ T6] usb 4-1: Product: syz [ 132.283169][ T6] usb 4-1: Manufacturer: syz [ 132.283249][ T6] usb 4-1: SerialNumber: syz [ 132.291194][ T28] RBP: ffff8881027a2998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 132.291284][ T28] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 132.301020][ T3501] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 132.303659][ T28] R13: 0000000000000003 R14: ffff888102684cd8 R15: 0000000000000000 [ 132.303738][ T28] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 132.308379][ T3501] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.308481][ T3501] usb 1-1: Product: syz [ 132.313432][ T28] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.321180][ T3501] usb 1-1: Manufacturer: syz [pid 3541] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3541] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3541] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3543] exit_group(0 [pid 3541] <... ioctl resumed>, 0) = 0 [ 132.329230][ T28] CR2: 00007f3ece476cc0 CR3: 0000000127315000 CR4: 00000000003506e0 [ 132.329313][ T28] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 132.329381][ T28] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 132.338527][ T3501] usb 1-1: SerialNumber: syz [ 132.346683][ T28] Call Trace: [ 132.360299][ T6] usb 4-1: config 0 descriptor?? [ 132.363645][ T28] [ 132.363728][ T28] usb_start_wait_urb+0xcf/0x350 [pid 3543] <... exit_group resumed>) = ? [pid 3541] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3543] +++ exited with 0 +++ [pid 3541] <... ioctl resumed>, 0) = 0 [pid 3541] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3490] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3543, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3490] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3547 ./strace-static-x86_64: Process 3547 attached [pid 3547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 132.377137][ T3501] usb 1-1: config 0 descriptor?? [ 132.379300][ T28] usb_bulk_msg+0x5cc/0x6f0 [ 132.436189][ T28] usb_interrupt_msg+0x54/0x70 [ 132.441186][ T28] vmk80xx_write_packet+0x5f7/0x7d0 [ 132.446693][ T28] vmk80xx_auto_attach+0xe75/0x1e60 [ 132.448233][ T3541] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 132.452088][ T28] ? vmk80xx_detach+0x1a0/0x1a0 [ 132.464376][ T28] comedi_auto_config+0x2de/0x620 [ 132.469623][ T28] comedi_usb_auto_config+0x3f/0x50 [ 132.475117][ T28] vmk80xx_usb_probe+0x54/0x70 [pid 3547] setpgid(0, 0) = 0 [pid 3547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3541] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3547] <... openat resumed>) = 3 [pid 3541] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3547] write(3, "1000", 4) = 4 [pid 3547] close(3) = 0 [pid 3547] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3547] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [ 132.480098][ T28] ? vmk80xx_read_packet+0x770/0x770 [ 132.485682][ T28] usb_probe_interface+0xc4b/0x11f0 [ 132.489267][ T3541] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 132.491067][ T28] ? usb_register_driver+0x5f0/0x5f0 [ 132.503845][ T28] really_probe+0x506/0x1000 [ 132.508673][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 132.515045][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 132.521101][ T28] __driver_probe_device+0x2fa/0x3d0 [pid 3547] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3547] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3547] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 132.526706][ T28] driver_probe_device+0x72/0x7a0 [ 132.531982][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 132.538086][ T28] __device_attach_driver+0x548/0x8e0 [ 132.543811][ T28] bus_for_each_drv+0x1fc/0x360 [ 132.548895][ T28] ? coredump_store+0xa0/0xa0 [ 132.552822][ T25] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 132.553841][ T28] __device_attach+0x42a/0x720 [ 132.561531][ T113] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 132.566164][ T28] device_initial_probe+0x2e/0x40 [pid 3541] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcf7248d10) = 0 [ 132.579036][ T28] bus_probe_device+0x13c/0x3b0 [ 132.584197][ T28] device_add+0x1d4b/0x26c0 [ 132.588926][ T28] usb_set_configuration+0x30f8/0x37e0 [ 132.594707][ T28] usb_generic_driver_probe+0x105/0x290 [ 132.599491][ T6] ------------[ cut here ]------------ [ 132.600402][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 132.600553][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 132.606093][ T6] usb 4-1: BOGUS urb xfer, pipe 1 != type 3 [ 132.611900][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 132.619347][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 132.623828][ T28] usb_probe_device+0x288/0x490 [ 132.629593][ T6] Modules linked in: [ 132.629651][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 132.629768][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 132.639160][ T28] ? usb_register_device_driver+0x440/0x440 [ 132.644246][ T6] Workqueue: usb_hub_wq hub_event [ 132.648189][ T28] really_probe+0x506/0x1000 [ 132.648333][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 132.659724][ T6] [ 132.659752][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 132.669977][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 132.676005][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 132.676104][ T6] RSP: 0018:ffff888102616878 EFLAGS: 00010246 [ 132.676198][ T6] RAX: 9ab4860bd45fdb00 RBX: 0000000000000000 RCX: ffff888102604180 [ 132.676279][ T6] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 132.676352][ T6] RBP: ffff888102616998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 132.681392][ T28] __driver_probe_device+0x2fa/0x3d0 [ 132.686078][ T6] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 132.692147][ T28] driver_probe_device+0x72/0x7a0 [ 132.692352][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 132.694721][ T6] R13: 0000000000000003 R14: ffff888102604cd8 R15: 0000000000000000 [ 132.694798][ T6] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 132.694895][ T6] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.700510][ T28] __device_attach_driver+0x548/0x8e0 [ 132.706594][ T6] CR2: 00007f3ece476cc0 CR3: 000000010e779000 CR4: 00000000003506f0 [ 132.726274][ T28] bus_for_each_drv+0x1fc/0x360 [ 132.726409][ T28] ? coredump_store+0xa0/0xa0 [ 132.732634][ T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 132.732704][ T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 132.740706][ T28] __device_attach+0x42a/0x720 [ 132.740873][ T28] device_initial_probe+0x2e/0x40 [ 132.748948][ T6] Call Trace: [ 132.748982][ T6] [ 132.749062][ T6] usb_start_wait_urb+0xcf/0x350 [ 132.757045][ T28] bus_probe_device+0x13c/0x3b0 [ 132.762504][ T6] usb_bulk_msg+0x5cc/0x6f0 [ 132.762641][ T6] usb_interrupt_msg+0x54/0x70 [ 132.770626][ T28] device_add+0x1d4b/0x26c0 [ 132.775726][ T6] vmk80xx_write_packet+0x5f7/0x7d0 [ 132.781541][ T28] usb_new_device+0x17ac/0x2370 [ 132.781713][ T28] hub_event+0x5589/0x8080 [ 132.789788][ T6] vmk80xx_auto_attach+0xe75/0x1e60 [ 132.798903][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 132.799052][ T28] ? led_work+0x730/0x730 [ 132.805839][ T6] ? vmk80xx_detach+0x1a0/0x1a0 [ 132.811114][ T28] ? led_work+0x730/0x730 [ 132.811249][ T28] process_one_work+0xb27/0x13e0 [ 132.819304][ T6] comedi_auto_config+0x2de/0x620 [ 132.824285][ T28] worker_thread+0x1703/0x1d60 [ 132.828999][ T6] comedi_usb_auto_config+0x3f/0x50 [ 132.829145][ T6] vmk80xx_usb_probe+0x54/0x70 [ 132.837202][ T28] kthread+0x31b/0x430 [ 132.837317][ T28] ? worker_clr_flags+0x2b0/0x2b0 [ 132.845416][ T6] ? vmk80xx_read_packet+0x770/0x770 [ 132.850116][ T28] ? kthread_blkcg+0x120/0x120 [ 132.855268][ T6] usb_probe_interface+0xc4b/0x11f0 [ 132.858639][ T28] ret_from_fork+0x1f/0x30 [ 132.858786][ T28] [ 132.861739][ T6] ? usb_register_driver+0x5f0/0x5f0 [ 132.861868][ T6] really_probe+0x506/0x1000 [ 132.866840][ T28] ---[ end trace 0000000000000000 ]--- [ 132.877387][ T3542] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 132.878232][ T3542] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 132.883248][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 132.891114][ T28] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 132.893390][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 132.893547][ T6] __driver_probe_device+0x2fa/0x3d0 [ 132.893703][ T6] driver_probe_device+0x72/0x7a0 [ 132.893850][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 132.922494][ T123] usb 5-1: Using ep0 maxpacket: 8 [ 132.924662][ T6] __device_attach_driver+0x548/0x8e0 [ 132.996953][ T28] usb 2-1: USB disconnect, device number 8 [ 132.998642][ T6] bus_for_each_drv+0x1fc/0x360 [ 133.085999][ T6] ? coredump_store+0xa0/0xa0 [ 133.091193][ T6] __device_attach+0x42a/0x720 [ 133.096535][ T6] device_initial_probe+0x2e/0x40 [ 133.102036][ T6] bus_probe_device+0x13c/0x3b0 [ 133.103196][ T123] usb 5-1: config 0 has an invalid interface number: 164 but max is 0 [ 133.107262][ T6] device_add+0x1d4b/0x26c0 [ 133.115640][ T123] usb 5-1: config 0 has no interface number 0 [ 133.120153][ T6] usb_set_configuration+0x30f8/0x37e0 [pid 3544] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3544] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3546] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3546] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3542] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3542] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3542] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3542] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3542] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3542] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3544] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3542] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3544] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3542] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3541] exit_group(0) = ? [pid 3541] +++ exited with 0 +++ [pid 3545] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3545] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3492] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3541, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 3492] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3548 ./strace-static-x86_64: Process 3548 attached [pid 3545] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3548] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3545] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3548] <... prctl resumed>) = 0 [pid 3548] setpgid(0, 0) = 0 [pid 3545] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3545] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3548] <... openat resumed>) = 3 [pid 3548] write(3, "1000", 4) = 4 [pid 3548] close(3) = 0 [pid 3545] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3548] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3545] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3548] <... openat resumed>) = 3 [pid 3548] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3548] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3545] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3548] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3545] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3548] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3548] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3546] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3545] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3546] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3545] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3545] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 4 [pid 3545] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3542] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 133.126340][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 133.126465][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 133.153216][ T6] usb_generic_driver_probe+0x105/0x290 [ 133.159230][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 133.165617][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 133.171810][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 133.178095][ T6] usb_probe_device+0x288/0x490 [pid 3545] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 133.183498][ T6] ? usb_register_device_driver+0x440/0x440 [ 133.189883][ T6] really_probe+0x506/0x1000 [ 133.195032][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 133.201596][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 133.207980][ T6] __driver_probe_device+0x2fa/0x3d0 [ 133.213837][ T6] driver_probe_device+0x72/0x7a0 [ 133.219355][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 133.225791][ T6] __device_attach_driver+0x548/0x8e0 [ 133.231682][ T6] bus_for_each_drv+0x1fc/0x360 [pid 3545] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [ 133.237089][ T6] ? coredump_store+0xa0/0xa0 [ 133.242259][ T6] __device_attach+0x42a/0x720 [ 133.247585][ T6] device_initial_probe+0x2e/0x40 [ 133.253169][ T6] bus_probe_device+0x13c/0x3b0 [ 133.258506][ T6] device_add+0x1d4b/0x26c0 [ 133.263573][ T6] usb_new_device+0x17ac/0x2370 [ 133.268926][ T6] hub_event+0x5589/0x8080 [ 133.273973][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 133.280258][ T6] ? led_work+0x730/0x730 [ 133.285155][ T6] ? led_work+0x730/0x730 [ 133.289959][ T6] process_one_work+0xb27/0x13e0 [ 133.295495][ T6] worker_thread+0x1703/0x1d60 [ 133.300773][ T6] kthread+0x31b/0x430 [ 133.305370][ T6] ? worker_clr_flags+0x2b0/0x2b0 [ 133.310882][ T6] ? kthread_blkcg+0x120/0x120 [ 133.316204][ T6] ret_from_fork+0x1f/0x30 [ 133.321103][ T6] [ 133.324571][ T6] ---[ end trace 0000000000000000 ]--- [pid 3545] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3545] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3545] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3545] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [ 133.333758][ T123] usb 5-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 133.343077][ T123] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.346984][ T6] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 133.351185][ T123] usb 5-1: Product: syz [ 133.351266][ T123] usb 5-1: Manufacturer: syz [ 133.370364][ T123] usb 5-1: SerialNumber: syz [ 133.373827][ T6] usb 4-1: USB disconnect, device number 7 [pid 3545] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3542] exit_group(0) = ? [pid 3542] +++ exited with 0 +++ [pid 3488] kill(-3542, SIGKILL) = 0 [ 133.387619][ T3501] ------------[ cut here ]------------ [ 133.393295][ T3501] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 133.400671][ T3501] WARNING: CPU: 0 PID: 3501 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 133.410668][ T3501] Modules linked in: [ 133.414809][ T3501] CPU: 0 PID: 3501 Comm: kworker/0:3 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 133.426656][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [pid 3488] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3542, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3488] kill(3542, SIGKILL) = 0 [pid 3488] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3549 ./strace-static-x86_64: Process 3549 attached [pid 3549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 133.436991][ T3501] Workqueue: usb_hub_wq hub_event [ 133.442290][ T3501] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 133.448250][ T3501] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 133.468175][ T3501] RSP: 0018:ffff888122a6e878 EFLAGS: 00010246 [ 133.474566][ T3501] RAX: f66d70e6d79e2000 RBX: 0000000000000000 RCX: ffff888121010000 [ 133.482818][ T3501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 133.490958][ T3501] RBP: ffff888122a6e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 133.499229][ T3501] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 133.507462][ T3501] R13: 0000000000000003 R14: ffff888121010b58 R15: 0000000000000000 [ 133.515728][ T3501] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 133.524941][ T3501] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 133.531703][ T3501] CR2: 00007f3ece476cc0 CR3: 00000001272b4000 CR4: 00000000003506f0 [ 133.539973][ T3501] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 133.548193][ T3501] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 133.556470][ T3501] Call Trace: [ 133.559879][ T3501] [ 133.563105][ T3501] usb_start_wait_urb+0xcf/0x350 [ 133.566300][ T123] usb 5-1: config 0 descriptor?? [ 133.568239][ T3501] usb_bulk_msg+0x5cc/0x6f0 [ 133.578007][ T3501] usb_interrupt_msg+0x54/0x70 [ 133.583073][ T3501] vmk80xx_write_packet+0x5f7/0x7d0 [ 133.588517][ T3501] vmk80xx_auto_attach+0xe75/0x1e60 [ 133.592501][ T28] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 133.594014][ T3501] ? vmk80xx_detach+0x1a0/0x1a0 [ 133.606479][ T3501] comedi_auto_config+0x2de/0x620 [ 133.611728][ T3501] comedi_usb_auto_config+0x3f/0x50 [ 133.614390][ T3545] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [ 133.617226][ T3501] vmk80xx_usb_probe+0x54/0x70 [ 133.629262][ T3501] ? vmk80xx_read_packet+0x770/0x770 [ 133.634823][ T3545] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [ 133.634883][ T3501] usb_probe_interface+0xc4b/0x11f0 [ 133.647479][ T3501] ? usb_register_driver+0x5f0/0x5f0 [ 133.653100][ T3501] really_probe+0x506/0x1000 [ 133.657916][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 133.664352][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 133.670412][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 133.676091][ T3501] driver_probe_device+0x72/0x7a0 [ 133.680688][ T123] sysfs: cannot create duplicate filename '/class/comedi/comedi1' [pid 3549] setpgid(0, 0) = 0 [pid 3549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3549] write(3, "1000", 4) = 4 [pid 3549] close(3) = 0 [pid 3549] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3549] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3549] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3549] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3549] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3545] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 133.681287][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 133.692918][ T123] CPU: 1 PID: 123 Comm: kworker/1:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 133.695089][ T3501] __device_attach_driver+0x548/0x8e0 [ 133.706471][ T123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 133.706551][ T123] Workqueue: usb_hub_wq hub_event [ 133.711953][ T3501] bus_for_each_drv+0x1fc/0x360 [ 133.722013][ T123] [ 133.722044][ T123] Call Trace: [ 133.722080][ T123] [ 133.722118][ T123] dump_stack_lvl+0x1c8/0x256 [ 133.727182][ T3501] ? coredump_store+0xa0/0xa0 [ 133.732004][ T123] dump_stack+0x1a/0x1c [ 133.734451][ T3501] __device_attach+0x42a/0x720 [ 133.737638][ T123] sysfs_warn_dup+0x125/0x170 [ 133.740610][ T3501] device_initial_probe+0x2e/0x40 [ 133.745286][ T123] sysfs_do_create_link_sd+0x19b/0x260 [ 133.750046][ T3501] bus_probe_device+0x13c/0x3b0 [ 133.754221][ T123] sysfs_create_link+0x83/0xe0 [ 133.759074][ T3501] device_add+0x1d4b/0x26c0 [ 133.763753][ T123] device_add+0x17a6/0x26c0 [ 133.768877][ T3501] usb_set_configuration+0x30f8/0x37e0 [ 133.774348][ T123] device_create+0x40a/0x550 [ 133.779327][ T3501] usb_generic_driver_probe+0x105/0x290 [ 133.784083][ T123] comedi_alloc_board_minor+0x4c4/0xa20 [ 133.788621][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 133.793155][ T123] ? vmk80xx_detach+0x1a0/0x1a0 [ 133.798680][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 133.803286][ T123] comedi_auto_config+0x188/0x620 [ 133.803414][ T123] comedi_usb_auto_config+0x3f/0x50 [ 133.808923][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 133.814484][ T123] vmk80xx_usb_probe+0x54/0x70 [ 133.820368][ T3501] usb_probe_device+0x288/0x490 [ 133.825232][ T123] ? vmk80xx_read_packet+0x770/0x770 [ 133.831045][ T3501] ? usb_register_device_driver+0x440/0x440 [ 133.836072][ T123] usb_probe_interface+0xc4b/0x11f0 [ 133.841358][ T3501] really_probe+0x506/0x1000 [ 133.847119][ T123] ? usb_register_driver+0x5f0/0x5f0 [ 133.851941][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 133.856804][ T123] really_probe+0x506/0x1000 [ 133.862181][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 133.868080][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 133.873377][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 133.877908][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 133.883277][ T3501] driver_probe_device+0x72/0x7a0 [ 133.889287][ T123] __driver_probe_device+0x2fa/0x3d0 [ 133.893957][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 133.899714][ T123] driver_probe_device+0x72/0x7a0 [ 133.905863][ T3501] __device_attach_driver+0x548/0x8e0 [ 133.911092][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 133.916991][ T3501] bus_for_each_drv+0x1fc/0x360 [ 133.921952][ T123] __device_attach_driver+0x548/0x8e0 [ 133.927310][ T3501] ? coredump_store+0xa0/0xa0 [ 133.933075][ T123] bus_for_each_drv+0x1fc/0x360 [ 133.938180][ T3501] __device_attach+0x42a/0x720 [ 133.943549][ T123] ? coredump_store+0xa0/0xa0 [ 133.949461][ T3501] device_initial_probe+0x2e/0x40 [ 133.954345][ T123] __device_attach+0x42a/0x720 [ 133.959826][ T3501] bus_probe_device+0x13c/0x3b0 [ 133.964712][ T123] device_initial_probe+0x2e/0x40 [ 133.969643][ T3501] device_add+0x1d4b/0x26c0 [ 133.974405][ T123] bus_probe_device+0x13c/0x3b0 [ 133.979184][ T3501] usb_new_device+0x17ac/0x2370 [ 133.984208][ T123] device_add+0x1d4b/0x26c0 [ 133.989070][ T3501] hub_event+0x5589/0x8080 [ 133.993924][ T123] usb_set_configuration+0x30f8/0x37e0 [ 133.999084][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 134.003584][ T123] usb_generic_driver_probe+0x105/0x290 [ 134.008449][ T3501] ? led_work+0x730/0x730 [ 134.013311][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 134.017900][ T3501] ? led_work+0x730/0x730 [ 134.022326][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 134.027868][ T3501] process_one_work+0xb27/0x13e0 [ 134.033686][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 134.039346][ T3501] worker_thread+0x1703/0x1d60 [ 134.043652][ T123] usb_probe_device+0x288/0x490 [ 134.049580][ T3501] kthread+0x31b/0x430 [ 134.053889][ T123] ? usb_register_device_driver+0x440/0x440 [pid 3545] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3545] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3545] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3545] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3545] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3547] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 134.059678][ T3501] ? worker_clr_flags+0x2b0/0x2b0 [ 134.064630][ T123] really_probe+0x506/0x1000 [ 134.070442][ T3501] ? kthread_blkcg+0x120/0x120 [ 134.075210][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 134.080148][ T3501] ret_from_fork+0x1f/0x30 [ 134.084231][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 134.090220][ T3501] [ 134.095243][ T123] __driver_probe_device+0x2fa/0x3d0 [ 134.099906][ T3501] ---[ end trace 0000000000000000 ]--- [ 134.139503][ T123] driver_probe_device+0x72/0x7a0 [ 134.144783][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 134.150840][ T123] __device_attach_driver+0x548/0x8e0 [ 134.156459][ T123] bus_for_each_drv+0x1fc/0x360 [ 134.161524][ T123] ? coredump_store+0xa0/0xa0 [ 134.166440][ T123] __device_attach+0x42a/0x720 [ 134.168345][ T3501] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 134.171390][ T123] device_initial_probe+0x2e/0x40 [ 134.186076][ T123] bus_probe_device+0x13c/0x3b0 [pid 3547] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3545] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 134.191179][ T123] device_add+0x1d4b/0x26c0 [ 134.195921][ T123] usb_new_device+0x17ac/0x2370 [ 134.201029][ T123] hub_event+0x5589/0x8080 [ 134.205748][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 134.211793][ T123] ? led_work+0x730/0x730 [ 134.216388][ T123] ? led_work+0x730/0x730 [ 134.220948][ T123] process_one_work+0xb27/0x13e0 [ 134.226147][ T123] worker_thread+0x1703/0x1d60 [ 134.231152][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3547] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 134.237200][ T123] ? __kthread_parkme+0x110/0x1b0 [ 134.242442][ T123] kthread+0x31b/0x430 [ 134.242857][ T113] usb 3-1: Using ep0 maxpacket: 8 [ 134.246644][ T123] ? worker_clr_flags+0x2b0/0x2b0 [ 134.251939][ T25] usb 6-1: Using ep0 maxpacket: 8 [ 134.256731][ T123] ? kthread_blkcg+0x120/0x120 [ 134.256859][ T123] ret_from_fork+0x1f/0x30 [ 134.271434][ T123] [ 134.272071][ T3501] usb 1-1: USB disconnect, device number 7 [ 134.277217][ T123] ------------[ cut here ]------------ [ 134.286149][ T123] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [pid 3546] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3544] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3546] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3544] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3546] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3544] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 134.293611][ T123] WARNING: CPU: 1 PID: 123 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 134.303513][ T123] Modules linked in: [ 134.307576][ T123] CPU: 1 PID: 123 Comm: kworker/1:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 134.319318][ T123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 134.329635][ T123] Workqueue: usb_hub_wq hub_event [ 134.334997][ T123] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [pid 3546] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3545] exit_group(0 [pid 3544] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3546] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3545] <... exit_group resumed>) = ? [pid 3544] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3546] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3545] +++ exited with 0 +++ [pid 3544] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3546] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3544] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3495] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3545, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [ 134.340857][ T123] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 134.360802][ T123] RSP: 0000:ffff8881092b6878 EFLAGS: 00010246 [ 134.367151][ T123] RAX: f603424d0d5e4e00 RBX: 0000000000000000 RCX: ffff888103e720c0 [ 134.375428][ T123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 134.383733][ T123] RBP: ffff8881092b6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [pid 3546] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3544] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3495] restart_syscall(<... resuming interrupted clone ...> [pid 3546] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3495] <... restart_syscall resumed>) = 0 [ 134.391924][ T123] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 134.400208][ T123] R13: 0000000000000003 R14: ffff888103e72c18 R15: 0000000000000000 [ 134.403567][ T25] usb 6-1: config 0 has an invalid interface number: 164 but max is 0 [ 134.408337][ T123] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 134.416607][ T25] usb 6-1: config 0 has no interface number 0 [ 134.425578][ T123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 3546] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 36 [pid 3544] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3546] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3544] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 134.425664][ T123] CR2: 00007f3ece476cc0 CR3: 0000000127330000 CR4: 00000000003506e0 [ 134.431802][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 134.438433][ T123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 134.446556][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 134.456452][ T123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 134.483215][ T123] Call Trace: [ 134.486624][ T123] [ 134.489728][ T123] usb_start_wait_urb+0xcf/0x350 [ 134.495031][ T123] usb_bulk_msg+0x5cc/0x6f0 [ 134.499760][ T123] usb_interrupt_msg+0x54/0x70 [ 134.502895][ T113] usb 3-1: config 0 has an invalid interface number: 164 but max is 0 [ 134.504743][ T123] vmk80xx_write_packet+0x5f7/0x7d0 [ 134.512965][ T113] usb 3-1: config 0 has no interface number 0 [ 134.518193][ T123] vmk80xx_auto_attach+0xe75/0x1e60 [ 134.524409][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 134.529537][ T123] ? vmk80xx_detach+0x1a0/0x1a0 [pid 3495] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3546] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3544] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3546] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3544] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3495] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3550 [pid 3546] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3546] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH./strace-static-x86_64: Process 3550 attached [pid 3544] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3550] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3544] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3550] <... prctl resumed>) = 0 [ 134.539509][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 134.544370][ T123] comedi_auto_config+0x2de/0x620 [ 134.544502][ T123] comedi_usb_auto_config+0x3f/0x50 [ 134.565363][ T123] vmk80xx_usb_probe+0x54/0x70 [ 134.570344][ T123] ? vmk80xx_read_packet+0x770/0x770 [ 134.575979][ T123] usb_probe_interface+0xc4b/0x11f0 [ 134.581445][ T123] ? usb_register_driver+0x5f0/0x5f0 [ 134.587071][ T123] really_probe+0x506/0x1000 [pid 3550] setpgid(0, 0) = 0 [pid 3544] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3544] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3550] <... openat resumed>) = 3 [pid 3550] write(3, "1000", 4) = 4 [ 134.591915][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 134.598329][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 134.604435][ T123] __driver_probe_device+0x2fa/0x3d0 [ 134.609970][ T123] driver_probe_device+0x72/0x7a0 [ 134.615361][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 134.621419][ T123] __device_attach_driver+0x548/0x8e0 [ 134.622469][ T6] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 134.627077][ T123] bus_for_each_drv+0x1fc/0x360 [ 134.639780][ T123] ? coredump_store+0xa0/0xa0 [pid 3550] close(3) = 0 [pid 3550] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3550] ioctl(3, USB_RAW_IOCTL_INIT [pid 3548] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3550] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 134.644812][ T123] __device_attach+0x42a/0x720 [ 134.649850][ T123] device_initial_probe+0x2e/0x40 [ 134.655239][ T123] bus_probe_device+0x13c/0x3b0 [ 134.660329][ T123] device_add+0x1d4b/0x26c0 [ 134.665164][ T123] usb_set_configuration+0x30f8/0x37e0 [ 134.670933][ T123] usb_generic_driver_probe+0x105/0x290 [ 134.676798][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 134.682908][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 134.688847][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [pid 3548] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3550] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3548] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3550] <... ioctl resumed>, 0) = 0 [pid 3548] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3550] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 134.694899][ T123] usb_probe_device+0x288/0x490 [ 134.699987][ T123] ? usb_register_device_driver+0x440/0x440 [ 134.706208][ T123] really_probe+0x506/0x1000 [ 134.711029][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 134.717484][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 134.723609][ T123] __driver_probe_device+0x2fa/0x3d0 [ 134.729144][ T123] driver_probe_device+0x72/0x7a0 [ 134.734514][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 134.740572][ T123] __device_attach_driver+0x548/0x8e0 [ 134.746314][ T123] bus_for_each_drv+0x1fc/0x360 [ 134.751388][ T123] ? coredump_store+0xa0/0xa0 [ 134.756409][ T123] __device_attach+0x42a/0x720 [ 134.761416][ T123] device_initial_probe+0x2e/0x40 [ 134.766779][ T123] bus_probe_device+0x13c/0x3b0 [ 134.771883][ T123] device_add+0x1d4b/0x26c0 [ 134.776711][ T123] usb_new_device+0x17ac/0x2370 [ 134.781827][ T123] hub_event+0x5589/0x8080 [ 134.786672][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3550] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3544] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3544] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3546] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 134.792775][ T123] ? led_work+0x730/0x730 [ 134.797332][ T123] ? led_work+0x730/0x730 [ 134.801889][ T123] process_one_work+0xb27/0x13e0 [ 134.807182][ T123] worker_thread+0x1703/0x1d60 [ 134.812184][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 134.818338][ T123] ? __kthread_parkme+0x110/0x1b0 [ 134.823673][ T123] kthread+0x31b/0x430 [ 134.827944][ T123] ? worker_clr_flags+0x2b0/0x2b0 [ 134.833296][ T123] ? kthread_blkcg+0x120/0x120 [ 134.838287][ T123] ret_from_fork+0x1f/0x30 [ 134.843051][ T123] [pid 3546] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3544] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3544] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3546] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3546] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3544] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 134.846200][ T123] ---[ end trace 0000000000000000 ]--- [pid 3544] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3546] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3544] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3546] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3544] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3546] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3546] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3544] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3544] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3548] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3546] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 134.883956][ T123] (NULL device *): driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 134.903558][ T6] usb 4-1: Using ep0 maxpacket: 8 [ 134.917163][ T123] usb 5-1: USB disconnect, device number 9 [pid 3548] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3544] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3544] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3546] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3548] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3546] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 134.933412][ T113] usb 3-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 134.942986][ T113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.951187][ T113] usb 3-1: Product: syz [ 134.955653][ T113] usb 3-1: Manufacturer: syz [ 134.960426][ T113] usb 3-1: SerialNumber: syz [ 134.974642][ T25] usb 6-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [pid 3548] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 134.984006][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.992181][ T25] usb 6-1: Product: syz [ 134.996639][ T25] usb 6-1: Manufacturer: syz [ 135.001406][ T25] usb 6-1: SerialNumber: syz [pid 3546] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3548] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3548] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3549] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3549] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3548] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [ 135.026863][ T3501] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 135.062643][ T25] usb 6-1: config 0 descriptor?? [pid 3549] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3548] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3546] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3548] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3547] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3546] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3549] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3548] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3547] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3546] <... ioctl resumed>, 0) = 0 [pid 3546] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3548] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3546] <... ioctl resumed>, 0) = 0 [pid 3544] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 135.074099][ T28] usb 2-1: Using ep0 maxpacket: 8 [ 135.081655][ T113] usb 3-1: config 0 descriptor?? [ 135.103460][ T6] usb 4-1: config 0 has an invalid interface number: 164 but max is 0 [ 135.111931][ T6] usb 4-1: config 0 has no interface number 0 [pid 3546] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3544] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3547] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3546] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3544] <... ioctl resumed>, 0) = 0 [pid 3547] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3544] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3548] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3546] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3544] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3544] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3548] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3546] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3548] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3544] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3547] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3547] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3546] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3544] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3546] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3544] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3548] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [ 135.118376][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 135.120146][ T3546] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 135.128560][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 135.149061][ T3544] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 135.149307][ T3546] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 135.163310][ T3544] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [pid 3548] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3547] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3547] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 135.204331][ T25] ------------[ cut here ]------------ [ 135.210677][ T25] usb 6-1: BOGUS urb xfer, pipe 1 != type 3 [ 135.218222][ T25] WARNING: CPU: 0 PID: 25 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 135.228038][ T25] Modules linked in: [ 135.232098][ T25] CPU: 0 PID: 25 Comm: kworker/0:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 135.243811][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 135.253007][ T28] usb 2-1: config 0 has an invalid interface number: 164 but max is 0 [ 135.254050][ T25] Workqueue: usb_hub_wq hub_event [ 135.262225][ T28] usb 2-1: config 0 has no interface number 0 [ 135.267405][ T25] [ 135.267436][ T25] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 135.274636][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [pid 3547] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 36 [pid 3547] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3547] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 4 [ 135.275964][ T25] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 135.281606][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 135.291575][ T25] RSP: 0018:ffff8881026f6878 EFLAGS: 00010246 [ 135.315460][ T123] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 135.321369][ T25] [ 135.338123][ T25] RAX: 5ec2ec8ff90d0c00 RBX: 0000000000000000 RCX: ffff88810267c180 [ 135.346429][ T25] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [pid 3547] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3547] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3546] exit_group(0 [ 135.354660][ T25] RBP: ffff8881026f6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 135.362956][ T25] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 135.371098][ T25] R13: 0000000000000003 R14: ffff88810267ccd8 R15: 0000000000000000 [ 135.379361][ T25] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 135.388617][ T25] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.395537][ T25] CR2: 00007f3ece476cc0 CR3: 000000010e51d000 CR4: 00000000003506f0 [pid 3544] exit_group(0 [pid 3546] <... exit_group resumed>) = ? [ 135.403765][ T25] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 135.411908][ T25] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 135.420186][ T25] Call Trace: [ 135.423683][ T25] [ 135.426786][ T25] usb_start_wait_urb+0xcf/0x350 [ 135.431962][ T25] usb_bulk_msg+0x5cc/0x6f0 [ 135.436825][ T25] usb_interrupt_msg+0x54/0x70 [ 135.441813][ T25] vmk80xx_write_packet+0x5f7/0x7d0 [ 135.447399][ T25] vmk80xx_auto_attach+0xe75/0x1e60 [ 135.452932][ T25] ? vmk80xx_detach+0x1a0/0x1a0 [ 135.457994][ T25] comedi_auto_config+0x2de/0x620 [ 135.463371][ T25] comedi_usb_auto_config+0x3f/0x50 [ 135.468824][ T25] vmk80xx_usb_probe+0x54/0x70 [ 135.473934][ T25] ? vmk80xx_read_packet+0x770/0x770 [ 135.479441][ T25] usb_probe_interface+0xc4b/0x11f0 [ 135.485010][ T25] ? usb_register_driver+0x5f0/0x5f0 [ 135.490518][ T25] really_probe+0x506/0x1000 [ 135.495480][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 135.501790][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 135.502990][ T28] usb 2-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 135.507895][ T25] __driver_probe_device+0x2fa/0x3d0 [ 135.516931][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.522176][ T25] driver_probe_device+0x72/0x7a0 [ 135.530298][ T28] usb 2-1: Product: syz [ 135.535268][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 135.539485][ T28] usb 2-1: Manufacturer: syz [ 135.545369][ T25] __device_attach_driver+0x548/0x8e0 [ 135.549953][ T28] usb 2-1: SerialNumber: syz [ 135.555407][ T25] bus_for_each_drv+0x1fc/0x360 [ 135.565541][ T25] ? coredump_store+0xa0/0xa0 [ 135.570471][ T25] __device_attach+0x42a/0x720 [ 135.575624][ T25] device_initial_probe+0x2e/0x40 [ 135.580883][ T25] bus_probe_device+0x13c/0x3b0 [ 135.586125][ T25] device_add+0x1d4b/0x26c0 [ 135.590855][ T25] usb_set_configuration+0x30f8/0x37e0 [ 135.596718][ T25] usb_generic_driver_probe+0x105/0x290 [ 135.602557][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 135.608597][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 135.614658][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 135.620595][ T25] usb_probe_device+0x288/0x490 [ 135.625792][ T25] ? usb_register_device_driver+0x440/0x440 [ 135.631912][ T25] really_probe+0x506/0x1000 [ 135.636858][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 135.643253][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 135.649311][ T25] __driver_probe_device+0x2fa/0x3d0 [ 135.654994][ T25] driver_probe_device+0x72/0x7a0 [ 135.660267][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 135.666446][ T25] __device_attach_driver+0x548/0x8e0 [ 135.672084][ T25] bus_for_each_drv+0x1fc/0x360 [ 135.677285][ T25] ? coredump_store+0xa0/0xa0 [ 135.682205][ T25] __device_attach+0x42a/0x720 [ 135.683007][ T123] usb 5-1: Using ep0 maxpacket: 8 [ 135.687269][ T25] device_initial_probe+0x2e/0x40 [ 135.697609][ T25] bus_probe_device+0x13c/0x3b0 [ 135.702809][ T25] device_add+0x1d4b/0x26c0 [ 135.707544][ T25] usb_new_device+0x17ac/0x2370 [ 135.712783][ T25] hub_event+0x5589/0x8080 [ 135.717510][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 135.723671][ T25] ? led_work+0x730/0x730 [ 135.728236][ T25] ? led_work+0x730/0x730 [ 135.732905][ T25] process_one_work+0xb27/0x13e0 [ 135.733200][ T28] usb 2-1: config 0 descriptor?? [ 135.738022][ T25] worker_thread+0x1703/0x1d60 [ 135.748020][ T25] kthread+0x31b/0x430 [pid 3544] <... exit_group resumed>) = ? [pid 3550] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3547] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3546] +++ exited with 0 +++ [pid 3544] +++ exited with 0 +++ [pid 3550] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3547] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3491] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3544, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3547] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3497] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3546, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 3547] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3497] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3550] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3547] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3550] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3547] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3497] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3551 ./strace-static-x86_64: Process 3551 attached [pid 3491] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3547] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3491] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3552 [pid 3551] setpgid(0, 0 [pid 3547] ioctl(3, USB_RAW_IOCTL_EP0_WRITE./strace-static-x86_64: Process 3552 attached [pid 3551] <... setpgid resumed>) = 0 [pid 3552] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3552] <... prctl resumed>) = 0 [pid 3551] <... openat resumed>) = 3 [pid 3552] setpgid(0, 0 [pid 3551] write(3, "1000", 4 [pid 3552] <... setpgid resumed>) = 0 [pid 3551] <... write resumed>) = 4 [pid 3552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3551] close(3 [pid 3547] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3552] <... openat resumed>) = 3 [pid 3551] <... close resumed>) = 0 [pid 3547] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3552] write(3, "1000", 4 [pid 3551] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3552] <... write resumed>) = 4 [pid 3551] <... openat resumed>) = 3 [pid 3552] close(3 [pid 3551] ioctl(3, USB_RAW_IOCTL_INIT [pid 3552] <... close resumed>) = 0 [pid 3551] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3552] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3551] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3552] <... openat resumed>) = 3 [pid 3551] <... ioctl resumed>, 0) = 0 [pid 3552] ioctl(3, USB_RAW_IOCTL_INIT [pid 3551] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3552] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3551] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3552] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3551] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3552] <... ioctl resumed>, 0) = 0 [pid 3552] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3552] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3550] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3550] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3550] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3547] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3550] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3547] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3550] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3547] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3550] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3547] <... ioctl resumed>, 0) = 0 [ 135.752288][ T25] ? worker_clr_flags+0x2b0/0x2b0 [ 135.757674][ T25] ? kthread_blkcg+0x120/0x120 [ 135.762783][ T25] ret_from_fork+0x1f/0x30 [ 135.767439][ T25] [ 135.770599][ T25] ---[ end trace 0000000000000000 ]--- [ 135.786979][ T113] ------------[ cut here ]------------ [ 135.792687][ T113] usb 3-1: BOGUS urb xfer, pipe 1 != type 3 [ 135.793833][ T3547] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [pid 3547] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3550] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3547] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [ 135.800031][ T113] WARNING: CPU: 0 PID: 113 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 135.815780][ T113] Modules linked in: [ 135.819697][ T3547] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 135.827146][ T113] CPU: 0 PID: 113 Comm: kworker/0:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 135.833120][ T123] usb 5-1: config 0 has an invalid interface number: 164 but max is 0 [ 135.838819][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [pid 3550] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3547] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3547] ioctl(3, USB_RAW_IOCTL_EP0_READ [ 135.847101][ T123] usb 5-1: config 0 has no interface number 0 [ 135.857241][ T113] Workqueue: usb_hub_wq hub_event [ 135.863387][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 135.863514][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 135.868507][ T113] [ 135.868537][ T113] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 135.897062][ T113] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 135.905118][ T28] ------------[ cut here ]------------ [ 135.916935][ T113] RSP: 0018:ffff888109c8e878 EFLAGS: 00010246 [ 135.917036][ T113] RAX: 7c40313c42a2f100 RBX: 0000000000000000 RCX: ffff888109c90000 [ 135.922555][ T28] usb 2-1: BOGUS urb xfer, pipe 1 != type 3 [ 135.928646][ T113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 135.938082][ T28] WARNING: CPU: 1 PID: 28 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 135.942693][ T113] RBP: ffff888109c8e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 135.950685][ T28] Modules linked in: [ 135.960220][ T113] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 135.960293][ T113] R13: 0000000000000003 R14: ffff888109c90b58 R15: 0000000000000000 [ 135.968299][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [pid 3550] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3547] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3550] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 135.972221][ T113] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 135.980303][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 135.988275][ T113] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.999744][ T28] Workqueue: usb_hub_wq hub_event [ 136.008719][ T113] CR2: 00007f3ece476cc0 CR3: 000000010e51d000 CR4: 00000000003506f0 [ 136.020816][ T28] [ 136.025595][ T113] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 136.030605][ T28] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 136.038676][ T113] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 136.041008][ T28] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 136.049061][ T113] Call Trace: [ 136.054733][ T28] RSP: 0018:ffff8881027a2878 EFLAGS: 00010246 [ 136.062840][ T113] [ 136.082498][ T28] [ 136.082526][ T28] RAX: c3242d7576535800 RBX: 0000000000000000 RCX: ffff888102684180 [ 136.085872][ T113] usb_start_wait_urb+0xcf/0x350 [ 136.091902][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 136.094948][ T113] usb_bulk_msg+0x5cc/0x6f0 [ 136.097307][ T28] RBP: ffff8881027a2998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 136.105328][ T113] usb_interrupt_msg+0x54/0x70 [ 136.110243][ T28] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 136.118314][ T113] vmk80xx_write_packet+0x5f7/0x7d0 [ 136.122849][ T28] R13: 0000000000000003 R14: ffff888102684cd8 R15: 0000000000000000 [ 136.130903][ T113] vmk80xx_auto_attach+0xe75/0x1e60 [ 136.135697][ T28] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 136.143832][ T113] ? vmk80xx_detach+0x1a0/0x1a0 [ 136.149022][ T28] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 136.157101][ T113] comedi_auto_config+0x2de/0x620 [ 136.162361][ T28] CR2: 00007f3ece476cc0 CR3: 0000000127315000 CR4: 00000000003506e0 [ 136.171355][ T113] comedi_usb_auto_config+0x3f/0x50 [ 136.176253][ T28] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 136.182952][ T113] vmk80xx_usb_probe+0x54/0x70 [ 136.187962][ T28] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 136.196025][ T113] ? vmk80xx_read_packet+0x770/0x770 [ 136.201217][ T28] Call Trace: [ 136.201253][ T28] [ 136.209302][ T113] usb_probe_interface+0xc4b/0x11f0 [ 136.214177][ T28] usb_start_wait_urb+0xcf/0x350 [ 136.222173][ T113] ? usb_register_driver+0x5f0/0x5f0 [ 136.227520][ T28] usb_bulk_msg+0x5cc/0x6f0 [ 136.230749][ T113] really_probe+0x506/0x1000 [ 136.233775][ T28] usb_interrupt_msg+0x54/0x70 [ 136.238988][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 136.243999][ T28] vmk80xx_write_packet+0x5f7/0x7d0 [ 136.249316][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 136.253907][ T28] vmk80xx_auto_attach+0xe75/0x1e60 [ 136.258513][ T113] __driver_probe_device+0x2fa/0x3d0 [ 136.263366][ T28] ? vmk80xx_detach+0x1a0/0x1a0 [ 136.269437][ T113] driver_probe_device+0x72/0x7a0 [ 136.274769][ T28] comedi_auto_config+0x2de/0x620 [ 136.280617][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 136.285886][ T28] comedi_usb_auto_config+0x3f/0x50 [ 136.291199][ T113] __device_attach_driver+0x548/0x8e0 [ 136.296114][ T28] vmk80xx_usb_probe+0x54/0x70 [ 136.301182][ T113] bus_for_each_drv+0x1fc/0x360 [ 136.306252][ T28] ? vmk80xx_read_packet+0x770/0x770 [ 136.312087][ T113] ? coredump_store+0xa0/0xa0 [ 136.317359][ T28] usb_probe_interface+0xc4b/0x11f0 [ 136.322834][ T113] __device_attach+0x42a/0x720 [ 136.327601][ T28] ? usb_register_driver+0x5f0/0x5f0 [ 136.332528][ T113] device_initial_probe+0x2e/0x40 [ 136.337786][ T28] really_probe+0x506/0x1000 [ 136.342548][ T113] bus_probe_device+0x13c/0x3b0 [ 136.347737][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 136.352600][ T113] device_add+0x1d4b/0x26c0 [ 136.357873][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 136.362994][ T113] usb_set_configuration+0x30f8/0x37e0 [ 136.367565][ T28] __driver_probe_device+0x2fa/0x3d0 [ 136.372553][ T113] usb_generic_driver_probe+0x105/0x290 [ 136.378558][ T28] driver_probe_device+0x72/0x7a0 [ 136.383131][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 136.388940][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 136.394473][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 136.399766][ T28] __device_attach_driver+0x548/0x8e0 [ 136.405386][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 136.410417][ T28] bus_for_each_drv+0x1fc/0x360 [ 136.416288][ T113] usb_probe_device+0x288/0x490 [ 136.422089][ T28] ? coredump_store+0xa0/0xa0 [ 136.427911][ T113] ? usb_register_device_driver+0x440/0x440 [ 136.433324][ T28] __device_attach+0x42a/0x720 [ 136.439061][ T113] really_probe+0x506/0x1000 [ 136.443998][ T28] device_initial_probe+0x2e/0x40 [ 136.448867][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 136.453606][ T28] bus_probe_device+0x13c/0x3b0 [ 136.459540][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 136.464376][ T28] device_add+0x1d4b/0x26c0 [ 136.468987][ T113] __driver_probe_device+0x2fa/0x3d0 [ 136.474089][ T28] usb_set_configuration+0x30f8/0x37e0 [ 136.480174][ T113] driver_probe_device+0x72/0x7a0 [ 136.485142][ T28] usb_generic_driver_probe+0x105/0x290 [ 136.490919][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 136.495477][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 136.500804][ T113] __device_attach_driver+0x548/0x8e0 [ 136.506316][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 136.511389][ T113] bus_for_each_drv+0x1fc/0x360 [ 136.516982][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 136.522887][ T113] ? coredump_store+0xa0/0xa0 [ 136.528684][ T28] usb_probe_device+0x288/0x490 [ 136.534154][ T113] __device_attach+0x42a/0x720 [ 136.539863][ T28] ? usb_register_device_driver+0x440/0x440 [ 136.544812][ T113] device_initial_probe+0x2e/0x40 [ 136.550503][ T28] really_probe+0x506/0x1000 [ 136.555277][ T113] bus_probe_device+0x13c/0x3b0 [ 136.560117][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 136.564976][ T113] device_add+0x1d4b/0x26c0 [ 136.570856][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 136.575979][ T113] usb_new_device+0x17ac/0x2370 [ 136.580548][ T28] __driver_probe_device+0x2fa/0x3d0 [ 136.585505][ T113] hub_event+0x5589/0x8080 [ 136.591540][ T28] driver_probe_device+0x72/0x7a0 [ 136.596192][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 136.601918][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 136.606844][ T113] ? led_work+0x730/0x730 [ 136.612129][ T28] __device_attach_driver+0x548/0x8e0 [ 136.616639][ T113] ? led_work+0x730/0x730 [ 136.621669][ T28] bus_for_each_drv+0x1fc/0x360 [ 136.627543][ T113] process_one_work+0xb27/0x13e0 [ 136.633394][ T28] ? coredump_store+0xa0/0xa0 [ 136.637790][ T113] worker_thread+0x1703/0x1d60 [ 136.643206][ T28] __device_attach+0x42a/0x720 [ 136.647594][ T113] kthread+0x31b/0x430 [ 136.652491][ T28] device_initial_probe+0x2e/0x40 [ 136.657440][ T113] ? worker_clr_flags+0x2b0/0x2b0 [ 136.662391][ T28] bus_probe_device+0x13c/0x3b0 [ 136.667190][ T113] ? kthread_blkcg+0x120/0x120 [ 136.671973][ T28] device_add+0x1d4b/0x26c0 [ 136.676110][ T113] ret_from_fork+0x1f/0x30 [ 136.681148][ T28] usb_new_device+0x17ac/0x2370 [pid 3547] exit_group(0) = ? [ 136.686249][ T113] [ 136.691101][ T28] hub_event+0x5589/0x8080 [ 136.695921][ T113] ---[ end trace 0000000000000000 ]--- [ 136.700487][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 136.736217][ T28] ? led_work+0x730/0x730 [ 136.740809][ T28] ? led_work+0x730/0x730 [ 136.741761][ T3501] usb 1-1: Using ep0 maxpacket: 8 [ 136.745363][ T28] process_one_work+0xb27/0x13e0 [ 136.755653][ T28] worker_thread+0x1703/0x1d60 [pid 3550] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3549] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3547] +++ exited with 0 +++ [pid 3549] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3490] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3547, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 3550] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3550] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3490] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3549] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 136.760687][ T28] kthread+0x31b/0x430 [ 136.765020][ T28] ? worker_clr_flags+0x2b0/0x2b0 [ 136.770278][ T28] ? kthread_blkcg+0x120/0x120 [ 136.775315][ T28] ret_from_fork+0x1f/0x30 [ 136.779975][ T28] [ 136.783174][ T28] ---[ end trace 0000000000000000 ]--- [pid 3550] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3549] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3490] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3553 [ 136.802753][ T28] comedi comedi2: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3550] ioctl(3, USB_RAW_IOCTL_EP0_WRITE./strace-static-x86_64: Process 3553 attached [pid 3549] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3553] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3549] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3550] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3553] <... prctl resumed>) = 0 [pid 3550] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3553] setpgid(0, 0) = 0 [pid 3553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3550] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3549] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3550] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3549] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3553] <... openat resumed>) = 3 [pid 3553] write(3, "1000", 4) = 4 [pid 3550] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3549] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3553] close(3 [pid 3550] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3553] <... close resumed>) = 0 [ 136.832140][ T28] usb 2-1: USB disconnect, device number 9 [pid 3549] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3553] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3548] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3553] <... openat resumed>) = 3 [pid 3553] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3548] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3553] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3553] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3549] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3550] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3553] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3550] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3549] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3548] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3549] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 136.906277][ T3501] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [ 136.915235][ T3501] usb 1-1: config 0 has no interface number 0 [ 136.921516][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 136.931751][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3548] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3549] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3550] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3549] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3548] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 136.963414][ T123] usb 5-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 136.972822][ T123] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.981008][ T123] usb 5-1: Product: syz [ 136.985445][ T123] usb 5-1: Manufacturer: syz [ 136.988069][ T25] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 136.990145][ T123] usb 5-1: SerialNumber: syz [pid 3548] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3550] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3549] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3549] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3548] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3548] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3550] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3549] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3548] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3550] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3549] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 137.018837][ T123] usb 5-1: config 0 descriptor?? [ 137.033750][ T25] usb 6-1: USB disconnect, device number 8 [ 137.056284][ T3500] udevd[3500]: setting owner of /dev/bus/usb/006/008 to uid=0, gid=0 failed: No such file or directory [pid 3548] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3550] <... ioctl resumed>, 0) = 0 [pid 3549] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3548] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3550] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3549] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 137.065544][ T6] usb 4-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 137.076878][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.085280][ T6] usb 4-1: Product: syz [ 137.089711][ T6] usb 4-1: Manufacturer: syz [ 137.094702][ T6] usb 4-1: SerialNumber: syz [ 137.103727][ T113] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3548] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 137.117591][ T6] usb 4-1: config 0 descriptor?? [pid 3550] <... ioctl resumed>, 0) = 0 [pid 3550] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3549] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3548] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3550] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3549] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3548] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3550] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3549] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3548] <... ioctl resumed>, 0) = 0 [ 137.143899][ T113] usb 3-1: USB disconnect, device number 8 [ 137.149075][ T3550] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [ 137.178291][ T3550] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [ 137.184112][ T3548] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [pid 3549] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3548] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3548] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3550] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3549] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3548] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3549] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3548] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3550] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3548] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [ 137.194000][ T3501] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 137.203357][ T3501] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.211545][ T3501] usb 1-1: Product: syz [ 137.216005][ T3501] usb 1-1: Manufacturer: syz [ 137.220774][ T3501] usb 1-1: SerialNumber: syz [ 137.231816][ T3548] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [pid 3548] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3550] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3548] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3549] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3549] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [ 137.253939][ T3501] usb 1-1: config 0 descriptor?? [pid 3549] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 137.279588][ T3549] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 137.295833][ T123] ------------[ cut here ]------------ [ 137.296068][ T3549] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 137.301371][ T123] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [ 137.317248][ T123] WARNING: CPU: 1 PID: 123 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 137.327127][ T123] Modules linked in: [ 137.331184][ T123] CPU: 1 PID: 123 Comm: kworker/1:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 137.342911][ T123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 137.353206][ T123] Workqueue: usb_hub_wq hub_event [ 137.354207][ T6] ------------[ cut here ]------------ [ 137.358417][ T123] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 137.358554][ T123] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 137.364128][ T6] usb 4-1: BOGUS urb xfer, pipe 1 != type 3 [ 137.369714][ T123] RSP: 0018:ffff8881092b6878 EFLAGS: 00010246 [ 137.390783][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 137.395506][ T123] [ 137.395534][ T123] RAX: f603424d0d5e4e00 RBX: 0000000000000000 RCX: ffff888103e720c0 [ 137.401606][ T6] Modules linked in: [ 137.401663][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 137.411161][ T123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 137.411229][ T123] RBP: ffff8881092b6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 137.411310][ T123] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 137.411384][ T123] R13: 0000000000000003 R14: ffff888103e72c18 R15: 0000000000000000 [ 137.411458][ T123] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 137.413844][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 137.421820][ T123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 137.421902][ T123] CR2: 00007f3ece476cc0 CR3: 0000000116b1a000 CR4: 00000000003506e0 [ 137.421982][ T123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 137.425961][ T6] Workqueue: usb_hub_wq hub_event [ 137.437409][ T123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 137.437493][ T123] Call Trace: [ 137.445563][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 137.453576][ T123] [ 137.453661][ T123] usb_start_wait_urb+0xcf/0x350 [ 137.461594][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 137.469710][ T123] usb_bulk_msg+0x5cc/0x6f0 [ 137.478713][ T6] RSP: 0018:ffff888102616878 EFLAGS: 00010246 [ 137.478817][ T6] RAX: 9ab4860bd45fdb00 RBX: 0000000000000000 RCX: ffff888102604180 [ 137.489038][ T123] usb_interrupt_msg+0x54/0x70 [ 137.495769][ T6] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 137.503779][ T123] vmk80xx_write_packet+0x5f7/0x7d0 [ 137.511779][ T6] RBP: ffff888102616998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 137.511875][ T6] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 137.511946][ T6] R13: 0000000000000003 R14: ffff888102604cd8 R15: 0000000000000000 [ 137.517041][ T123] vmk80xx_auto_attach+0xe75/0x1e60 [ 137.525109][ T6] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 137.528401][ T123] ? vmk80xx_detach+0x1a0/0x1a0 [ 137.528527][ T123] comedi_auto_config+0x2de/0x620 [ 137.534264][ T6] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 137.537225][ T123] comedi_usb_auto_config+0x3f/0x50 [ 137.542154][ T6] CR2: 00007ffcf724ad48 CR3: 0000000127358000 CR4: 00000000003506f0 [ 137.542238][ T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 137.542375][ T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 137.562066][ T123] vmk80xx_usb_probe+0x54/0x70 [ 137.566714][ T6] Call Trace: [ 137.566748][ T6] [ 137.566834][ T6] usb_start_wait_urb+0xcf/0x350 [ 137.573066][ T123] ? vmk80xx_read_packet+0x770/0x770 [ 137.573200][ T123] usb_probe_interface+0xc4b/0x11f0 [ 137.581219][ T6] usb_bulk_msg+0x5cc/0x6f0 [ 137.586060][ T123] ? usb_register_driver+0x5f0/0x5f0 [ 137.586191][ T123] really_probe+0x506/0x1000 [ 137.594249][ T6] usb_interrupt_msg+0x54/0x70 [ 137.599433][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 137.599588][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.607623][ T6] vmk80xx_write_packet+0x5f7/0x7d0 [ 137.607779][ T6] vmk80xx_auto_attach+0xe75/0x1e60 [ 137.615779][ T123] __driver_probe_device+0x2fa/0x3d0 [ 137.615939][ T123] driver_probe_device+0x72/0x7a0 [ 137.624058][ T6] ? vmk80xx_detach+0x1a0/0x1a0 [ 137.629227][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.629386][ T123] __device_attach_driver+0x548/0x8e0 [ 137.638382][ T6] comedi_auto_config+0x2de/0x620 [ 137.643314][ T123] bus_for_each_drv+0x1fc/0x360 [ 137.648375][ T6] comedi_usb_auto_config+0x3f/0x50 [ 137.648530][ T6] vmk80xx_usb_probe+0x54/0x70 [ 137.655168][ T123] ? coredump_store+0xa0/0xa0 [ 137.660393][ T6] ? vmk80xx_read_packet+0x770/0x770 [ 137.660528][ T6] usb_probe_interface+0xc4b/0x11f0 [ 137.668583][ T123] __device_attach+0x42a/0x720 [ 137.668746][ T123] device_initial_probe+0x2e/0x40 [ 137.676863][ T6] ? usb_register_driver+0x5f0/0x5f0 [ 137.684960][ T123] bus_probe_device+0x13c/0x3b0 [ 137.689751][ T6] really_probe+0x506/0x1000 [ 137.689892][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 137.693247][ T123] device_add+0x1d4b/0x26c0 [ 137.693390][ T123] usb_set_configuration+0x30f8/0x37e0 [ 137.696342][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.696494][ T6] __driver_probe_device+0x2fa/0x3d0 [ 137.701473][ T123] usb_generic_driver_probe+0x105/0x290 [ 137.706790][ T6] driver_probe_device+0x72/0x7a0 [ 137.711983][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.712124][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 137.716698][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.721981][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 137.726657][ T6] __device_attach_driver+0x548/0x8e0 [ 137.731535][ T123] usb_probe_device+0x288/0x490 [ 137.737832][ T6] bus_for_each_drv+0x1fc/0x360 [ 137.743576][ T123] ? usb_register_device_driver+0x440/0x440 [ 137.743726][ T123] really_probe+0x506/0x1000 [pid 3549] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3549] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3549] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcf7248d10) = 0 [pid 3553] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3553] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 137.748923][ T6] ? coredump_store+0xa0/0xa0 [ 137.749086][ T6] __device_attach+0x42a/0x720 [ 137.754330][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 137.759664][ T6] device_initial_probe+0x2e/0x40 [ 137.764748][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.764905][ T123] __driver_probe_device+0x2fa/0x3d0 [ 137.769747][ T6] bus_probe_device+0x13c/0x3b0 [ 137.775626][ T123] driver_probe_device+0x72/0x7a0 [ 137.781058][ T6] device_add+0x1d4b/0x26c0 [pid 3550] exit_group(0 [pid 3549] exit_group(0 [pid 3548] exit_group(0 [pid 3550] <... exit_group resumed>) = ? [pid 3549] <... exit_group resumed>) = ? [pid 3548] <... exit_group resumed>) = ? [pid 3553] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3550] +++ exited with 0 +++ [pid 3549] +++ exited with 0 +++ [pid 3548] +++ exited with 0 +++ [ 137.781197][ T6] usb_set_configuration+0x30f8/0x37e0 [ 137.786261][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.791197][ T6] usb_generic_driver_probe+0x105/0x290 [ 137.796616][ T123] __device_attach_driver+0x548/0x8e0 [ 137.796780][ T123] bus_for_each_drv+0x1fc/0x360 [ 137.801575][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.806318][ T123] ? coredump_store+0xa0/0xa0 [ 137.806473][ T123] __device_attach+0x42a/0x720 [ 137.811766][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [pid 3553] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3495] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3550, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 3492] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3548, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 3488] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3549, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3492] kill(-3548, SIGKILL) = 0 [pid 3495] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3492] kill(3548, SIGKILL [pid 3488] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3492] <... kill resumed>) = 0 [pid 3492] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3495] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3554 [pid 3488] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3555 [pid 3492] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3556 [ 137.811895][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 137.817174][ T123] device_initial_probe+0x2e/0x40 [ 137.821948][ T6] usb_probe_device+0x288/0x490 [ 137.827041][ T123] bus_probe_device+0x13c/0x3b0 [ 137.827191][ T123] device_add+0x1d4b/0x26c0 [ 137.832554][ T6] ? usb_register_device_driver+0x440/0x440 [ 137.837420][ T123] usb_new_device+0x17ac/0x2370 [ 137.837593][ T123] hub_event+0x5589/0x8080 [ 137.842125][ T6] really_probe+0x506/0x1000 [ 137.842266][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 ./strace-static-x86_64: Process 3556 attached ./strace-static-x86_64: Process 3555 attached ./strace-static-x86_64: Process 3554 attached [ 137.848461][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.852975][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.858379][ T123] ? led_work+0x730/0x730 [ 137.858520][ T123] ? led_work+0x730/0x730 [ 137.864431][ T6] __driver_probe_device+0x2fa/0x3d0 [ 137.869828][ T123] process_one_work+0xb27/0x13e0 [ 137.875468][ T6] driver_probe_device+0x72/0x7a0 [ 137.880635][ T123] worker_thread+0x1703/0x1d60 [ 137.886532][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.892235][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.892441][ T123] ? __kthread_parkme+0x110/0x1b0 [ 137.898254][ T6] __device_attach_driver+0x548/0x8e0 [ 137.904038][ T123] kthread+0x31b/0x430 [ 137.904150][ T123] ? worker_clr_flags+0x2b0/0x2b0 [ 137.909568][ T6] bus_for_each_drv+0x1fc/0x360 [ 137.914476][ T123] ? kthread_blkcg+0x120/0x120 [ 137.914601][ T123] ret_from_fork+0x1f/0x30 [ 137.919514][ T6] ? coredump_store+0xa0/0xa0 [ 137.925493][ T123] [ 137.925533][ T123] ---[ end trace 0000000000000000 ]--- [ 137.930108][ T6] __device_attach+0x42a/0x720 [ 137.930267][ T6] device_initial_probe+0x2e/0x40 [ 137.936775][ T28] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 137.939871][ T6] bus_probe_device+0x13c/0x3b0 [ 138.212455][ T28] usb 2-1: Using ep0 maxpacket: 8 [ 138.223190][ T6] device_add+0x1d4b/0x26c0 [ 138.228185][ T6] usb_new_device+0x17ac/0x2370 [ 138.233636][ T6] hub_event+0x5589/0x8080 [ 138.238613][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 138.244988][ T6] ? led_work+0x730/0x730 [ 138.249786][ T6] ? led_work+0x730/0x730 [ 138.254672][ T6] process_one_work+0xb27/0x13e0 [ 138.260117][ T6] worker_thread+0x1703/0x1d60 [ 138.265479][ T6] kthread+0x31b/0x430 [ 138.270000][ T6] ? worker_clr_flags+0x2b0/0x2b0 [ 138.275606][ T6] ? kthread_blkcg+0x120/0x120 [pid 3556] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3555] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3554] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3556] <... prctl resumed>) = 0 [pid 3555] <... prctl resumed>) = 0 [pid 3554] <... prctl resumed>) = 0 [pid 3556] setpgid(0, 0 [pid 3555] setpgid(0, 0 [pid 3554] setpgid(0, 0 [pid 3556] <... setpgid resumed>) = 0 [pid 3555] <... setpgid resumed>) = 0 [pid 3554] <... setpgid resumed>) = 0 [pid 3556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3556] <... openat resumed>) = 3 [pid 3555] <... openat resumed>) = 3 [pid 3554] <... openat resumed>) = 3 [pid 3556] write(3, "1000", 4 [pid 3555] write(3, "1000", 4 [pid 3554] write(3, "1000", 4 [pid 3556] <... write resumed>) = 4 [pid 3555] <... write resumed>) = 4 [pid 3554] <... write resumed>) = 4 [pid 3556] close(3 [pid 3555] close(3 [pid 3554] close(3 [pid 3556] <... close resumed>) = 0 [pid 3555] <... close resumed>) = 0 [pid 3554] <... close resumed>) = 0 [pid 3556] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3555] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3554] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3556] <... openat resumed>) = 3 [pid 3555] <... openat resumed>) = 3 [pid 3554] <... openat resumed>) = 3 [pid 3556] ioctl(3, USB_RAW_IOCTL_INIT [pid 3555] ioctl(3, USB_RAW_IOCTL_INIT [pid 3554] ioctl(3, USB_RAW_IOCTL_INIT [pid 3556] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3555] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3554] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3556] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3555] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3554] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3556] <... ioctl resumed>, 0) = 0 [pid 3555] <... ioctl resumed>, 0) = 0 [pid 3554] <... ioctl resumed>, 0) = 0 [pid 3553] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3556] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3555] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3554] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3553] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3556] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3555] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3554] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3556] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3555] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3554] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3553] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3553] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3553] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 9 [ 138.280841][ T6] ret_from_fork+0x1f/0x30 [ 138.285870][ T6] [ 138.289263][ T6] ---[ end trace 0000000000000000 ]--- [ 138.309807][ T3501] ------------[ cut here ]------------ [ 138.316790][ T3501] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 138.325174][ T3501] WARNING: CPU: 0 PID: 3501 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [pid 3553] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 138.335254][ T3501] Modules linked in: [ 138.339313][ T3501] CPU: 0 PID: 3501 Comm: kworker/0:3 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 138.351226][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 138.361583][ T3501] Workqueue: usb_hub_wq hub_event [ 138.366992][ T3501] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 138.372852][ T28] usb 2-1: config 0 has an invalid interface number: 164 but max is 0 [ 138.372933][ T3501] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 138.381199][ T28] usb 2-1: config 0 has no interface number 0 [ 138.400854][ T3501] RSP: 0018:ffff888122a6e878 EFLAGS: 00010246 [ 138.400953][ T3501] RAX: f66d70e6d79e2000 RBX: 0000000000000000 RCX: ffff888121010000 [ 138.407568][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [pid 3553] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 36 [pid 3553] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3553] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 4 [ 138.413258][ T3501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 138.421278][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 138.431236][ T3501] RBP: ffff888122a6e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 138.458013][ T3501] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 138.466306][ T3501] R13: 0000000000000003 R14: ffff888121010b58 R15: 0000000000000000 [ 138.474554][ T3501] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 138.483791][ T3501] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.490589][ T3501] CR2: 00007ffcf724ad48 CR3: 0000000127358000 CR4: 00000000003506f0 [ 138.498877][ T3501] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 138.507096][ T3501] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 138.515355][ T3501] Call Trace: [ 138.518759][ T3501] [ 138.521862][ T3501] usb_start_wait_urb+0xcf/0x350 [ 138.527153][ T3501] usb_bulk_msg+0x5cc/0x6f0 [ 138.531879][ T3501] usb_interrupt_msg+0x54/0x70 [ 138.536997][ T3501] vmk80xx_write_packet+0x5f7/0x7d0 [ 138.542572][ T3501] vmk80xx_auto_attach+0xe75/0x1e60 [ 138.548070][ T3501] ? vmk80xx_detach+0x1a0/0x1a0 [ 138.553253][ T3501] comedi_auto_config+0x2de/0x620 [ 138.558500][ T3501] comedi_usb_auto_config+0x3f/0x50 [ 138.564054][ T3501] vmk80xx_usb_probe+0x54/0x70 [ 138.569031][ T3501] ? vmk80xx_read_packet+0x770/0x770 [ 138.574658][ T3501] usb_probe_interface+0xc4b/0x11f0 [ 138.580106][ T3501] ? usb_register_driver+0x5f0/0x5f0 [pid 3553] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3553] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [ 138.585736][ T3501] really_probe+0x506/0x1000 [ 138.590594][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 138.597019][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 138.603144][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 138.608679][ T3501] driver_probe_device+0x72/0x7a0 [ 138.614053][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 138.620123][ T3501] __device_attach_driver+0x548/0x8e0 [ 138.625865][ T3501] bus_for_each_drv+0x1fc/0x360 [ 138.630939][ T3501] ? coredump_store+0xa0/0xa0 [pid 3553] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 138.636005][ T3501] __device_attach+0x42a/0x720 [ 138.641036][ T3501] device_initial_probe+0x2e/0x40 [ 138.646412][ T3501] bus_probe_device+0x13c/0x3b0 [ 138.651512][ T3501] device_add+0x1d4b/0x26c0 [ 138.656380][ T3501] usb_set_configuration+0x30f8/0x37e0 [ 138.662148][ T3501] usb_generic_driver_probe+0x105/0x290 [ 138.668029][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 138.674193][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 138.680149][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 138.686189][ T3501] usb_probe_device+0x288/0x490 [ 138.691266][ T3501] ? usb_register_device_driver+0x440/0x440 [ 138.697512][ T3501] really_probe+0x506/0x1000 [ 138.702432][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 138.703137][ T28] usb 2-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 138.708676][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 138.717837][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.723773][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 138.723931][ T3501] driver_probe_device+0x72/0x7a0 [ 138.724082][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 138.724239][ T3501] __device_attach_driver+0x548/0x8e0 [ 138.724399][ T3501] bus_for_each_drv+0x1fc/0x360 [ 138.724531][ T3501] ? coredump_store+0xa0/0xa0 [ 138.724686][ T3501] __device_attach+0x42a/0x720 [ 138.732820][ T28] usb 2-1: Product: syz [ 138.738144][ T3501] device_initial_probe+0x2e/0x40 [ 138.743248][ T28] usb 2-1: Manufacturer: syz [ 138.749055][ T3501] bus_probe_device+0x13c/0x3b0 [ 138.754503][ T28] usb 2-1: SerialNumber: syz [ 138.759396][ T3501] device_add+0x1d4b/0x26c0 [ 138.797880][ T3501] usb_new_device+0x17ac/0x2370 [ 138.803108][ T3501] hub_event+0x5589/0x8080 [ 138.807818][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 138.813980][ T3501] ? led_work+0x730/0x730 [ 138.818548][ T3501] ? led_work+0x730/0x730 [ 138.823224][ T3501] process_one_work+0xb27/0x13e0 [ 138.828430][ T3501] worker_thread+0x1703/0x1d60 [ 138.833578][ T3501] kthread+0x31b/0x430 [pid 3553] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3553] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3553] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [ 138.837852][ T3501] ? worker_clr_flags+0x2b0/0x2b0 [ 138.843232][ T3501] ? kthread_blkcg+0x120/0x120 [ 138.848208][ T3501] ret_from_fork+0x1f/0x30 [ 138.852970][ T3501] [ 138.856116][ T3501] ---[ end trace 0000000000000000 ]--- [ 138.872978][ T3501] comedi comedi2: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3553] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3551] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 138.887937][ T3501] usb 1-1: USB disconnect, device number 8 [ 138.898650][ T6] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 138.919245][ T6] usb 4-1: USB disconnect, device number 8 [ 138.929638][ T25] usb 6-1: new high-speed USB device number 9 using dummy_hcd [pid 3551] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3553] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3551] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3551] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3553] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3553] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3553] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [ 138.965501][ T28] usb 2-1: config 0 descriptor?? [ 138.976153][ T123] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 138.997395][ T3553] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 139.008204][ T123] usb 5-1: USB disconnect, device number 10 [pid 3553] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [ 139.015685][ T3553] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [pid 3553] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcf7248d10) = 0 [ 139.062629][ T113] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 139.088677][ T28] ------------[ cut here ]------------ [ 139.095174][ T28] usb 2-1: BOGUS urb xfer, pipe 1 != type 3 [ 139.102648][ T28] WARNING: CPU: 1 PID: 28 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 139.112432][ T28] Modules linked in: [ 139.116491][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 139.128362][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 139.138708][ T28] Workqueue: usb_hub_wq hub_event [ 139.144087][ T28] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 139.149956][ T28] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 139.170013][ T28] RSP: 0018:ffff8881027a2878 EFLAGS: 00010246 [ 139.172667][ T25] usb 6-1: Using ep0 maxpacket: 8 [ 139.176277][ T28] RAX: c3242d7576535800 RBX: 0000000000000000 RCX: ffff888102684180 [ 139.189552][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 139.197822][ T28] RBP: ffff8881027a2998 R08: ffffffff817e4fc4 R09: ffffea000000000f [pid 3552] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3552] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3552] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3551] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3551] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3551] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3551] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 9 [ 139.206068][ T28] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 139.214264][ T28] R13: 0000000000000003 R14: ffff888102684cd8 R15: 0000000000000000 [ 139.223171][ T28] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 139.232350][ T28] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.239114][ T28] CR2: 000055a4744ff600 CR3: 000000012736e000 CR4: 00000000003506e0 [ 139.247354][ T28] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 139.255717][ T28] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [pid 3551] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3551] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3553] exit_group(0) = ? [ 139.263962][ T28] Call Trace: [ 139.267368][ T28] [ 139.270498][ T28] usb_start_wait_urb+0xcf/0x350 [ 139.275789][ T28] usb_bulk_msg+0x5cc/0x6f0 [ 139.280531][ T28] usb_interrupt_msg+0x54/0x70 [ 139.285654][ T28] vmk80xx_write_packet+0x5f7/0x7d0 [ 139.291111][ T28] vmk80xx_auto_attach+0xe75/0x1e60 [ 139.295645][ T25] usb 6-1: config 0 has an invalid interface number: 164 but max is 0 [ 139.296549][ T28] ? vmk80xx_detach+0x1a0/0x1a0 [ 139.304768][ T25] usb 6-1: config 0 has no interface number 0 [ 139.309599][ T28] comedi_auto_config+0x2de/0x620 [ 139.315774][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 139.315899][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 139.320960][ T28] comedi_usb_auto_config+0x3f/0x50 [ 139.331247][ T3501] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 139.340979][ T28] vmk80xx_usb_probe+0x54/0x70 [ 139.359176][ T28] ? vmk80xx_read_packet+0x770/0x770 [pid 3553] +++ exited with 0 +++ [pid 3551] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3551] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3490] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3553, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3551] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3490] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3551] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3551] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3490] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3559 [ 139.364763][ T28] usb_probe_interface+0xc4b/0x11f0 [ 139.370226][ T28] ? usb_register_driver+0x5f0/0x5f0 [ 139.375850][ T28] really_probe+0x506/0x1000 [ 139.380670][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 139.387074][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 139.393177][ T28] __driver_probe_device+0x2fa/0x3d0 [ 139.398709][ T28] driver_probe_device+0x72/0x7a0 [ 139.402616][ T113] usb 3-1: Using ep0 maxpacket: 8 [ 139.404022][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3552] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3552] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3555] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3552] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3555] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 139.415055][ T28] __device_attach_driver+0x548/0x8e0 [ 139.420682][ T28] bus_for_each_drv+0x1fc/0x360 [ 139.425827][ T28] ? coredump_store+0xa0/0xa0 [ 139.430750][ T28] __device_attach+0x42a/0x720 [ 139.432621][ T6] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 139.435743][ T28] device_initial_probe+0x2e/0x40 [ 139.448714][ T28] bus_probe_device+0x13c/0x3b0 [ 139.453855][ T28] device_add+0x1d4b/0x26c0 [ 139.458597][ T28] usb_set_configuration+0x30f8/0x37e0 [pid 3552] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3555] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3552] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3555] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3552] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3551] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3552] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3551] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 139.464540][ T28] usb_generic_driver_probe+0x105/0x290 [ 139.470303][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 139.476483][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 139.482500][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 139.488442][ T28] usb_probe_device+0x288/0x490 [ 139.493726][ T28] ? usb_register_device_driver+0x440/0x440 [ 139.499846][ T28] really_probe+0x506/0x1000 [ 139.504776][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 139.511082][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 139.517236][ T28] __driver_probe_device+0x2fa/0x3d0 [ 139.522895][ T28] driver_probe_device+0x72/0x7a0 [ 139.523868][ T113] usb 3-1: config 0 has an invalid interface number: 164 but max is 0 [ 139.528088][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 139.536540][ T113] usb 3-1: config 0 has no interface number 0 [ 139.542191][ T28] __device_attach_driver+0x548/0x8e0 [ 139.548421][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [pid 3552] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3551] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3551] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH./strace-static-x86_64: Process 3559 attached [pid 3552] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3552] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3559] setpgid(0, 0) = 0 [pid 3559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3551] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3559] write(3, "1000", 4 [pid 3551] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3559] <... write resumed>) = 4 [pid 3559] close(3) = 0 [pid 3559] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3559] ioctl(3, USB_RAW_IOCTL_INIT [pid 3556] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3552] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3551] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3559] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 139.553735][ T28] bus_for_each_drv+0x1fc/0x360 [ 139.564012][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 139.568538][ T28] ? coredump_store+0xa0/0xa0 [ 139.584074][ T28] __device_attach+0x42a/0x720 [ 139.589081][ T28] device_initial_probe+0x2e/0x40 [ 139.594451][ T28] bus_probe_device+0x13c/0x3b0 [ 139.599538][ T28] device_add+0x1d4b/0x26c0 [ 139.604366][ T28] usb_new_device+0x17ac/0x2370 [ 139.609488][ T28] hub_event+0x5589/0x8080 [pid 3556] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3552] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3551] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3559] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3552] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3551] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3559] <... ioctl resumed>, 0) = 0 [pid 3556] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3552] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3551] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3559] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3556] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3559] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 139.614566][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 139.620610][ T28] ? led_work+0x730/0x730 [ 139.625223][ T28] ? led_work+0x730/0x730 [ 139.629782][ T28] process_one_work+0xb27/0x13e0 [ 139.635051][ T28] worker_thread+0x1703/0x1d60 [ 139.640073][ T28] kthread+0x31b/0x430 [ 139.644536][ T28] ? worker_clr_flags+0x2b0/0x2b0 [ 139.649794][ T28] ? kthread_blkcg+0x120/0x120 [ 139.653418][ T25] usb 6-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [pid 3559] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3552] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3551] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3552] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 139.654821][ T28] ret_from_fork+0x1f/0x30 [ 139.663829][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.668244][ T28] [ 139.676336][ T25] usb 6-1: Product: syz [ 139.676415][ T25] usb 6-1: Manufacturer: syz [ 139.676497][ T25] usb 6-1: SerialNumber: syz [ 139.679535][ T28] ---[ end trace 0000000000000000 ]--- [ 139.706373][ T28] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3551] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3552] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 139.718483][ T25] usb 6-1: config 0 descriptor?? [pid 3552] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3551] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3551] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3552] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3551] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3552] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3551] <... ioctl resumed>, 0) = 0 [pid 3551] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3555] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3551] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3555] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3551] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3555] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3552] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3551] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3555] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3552] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3551] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3552] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3552] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3555] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3555] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3552] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3552] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3551] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 139.742833][ T3501] usb 1-1: Using ep0 maxpacket: 8 [ 139.762750][ T3551] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 139.765502][ T28] usb 2-1: USB disconnect, device number 10 [ 139.775463][ T3551] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [pid 3555] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [ 139.828978][ T25] ------------[ cut here ]------------ [ 139.834997][ T25] usb 6-1: BOGUS urb xfer, pipe 1 != type 3 [ 139.842678][ T25] WARNING: CPU: 0 PID: 25 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 139.852495][ T25] Modules linked in: [ 139.856544][ T25] CPU: 0 PID: 25 Comm: kworker/0:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 139.868232][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [pid 3555] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3552] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3555] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3552] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3555] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [ 139.878593][ T25] Workqueue: usb_hub_wq hub_event [ 139.883987][ T25] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 139.889848][ T25] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 139.909948][ T25] RSP: 0018:ffff8881026f6878 EFLAGS: 00010246 [ 139.917115][ T25] RAX: 5ec2ec8ff90d0c00 RBX: 0000000000000000 RCX: ffff88810267c180 [ 139.925656][ T25] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 139.933986][ T25] RBP: ffff8881026f6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 139.942139][ T25] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 139.950349][ T25] R13: 0000000000000003 R14: ffff88810267ccd8 R15: 0000000000000000 [ 139.958569][ T25] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 139.967809][ T25] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 3555] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3551] exit_group(0) = ? [ 139.974662][ T25] CR2: 00007f3ece476cc0 CR3: 00000001272d2000 CR4: 00000000003506f0 [ 139.982934][ T25] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 139.991071][ T25] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 139.999331][ T25] Call Trace: [ 140.002809][ T25] [ 140.005926][ T25] usb_start_wait_urb+0xcf/0x350 [ 140.011101][ T25] usb_bulk_msg+0x5cc/0x6f0 [ 140.015952][ T25] usb_interrupt_msg+0x54/0x70 [ 140.021002][ T25] vmk80xx_write_packet+0x5f7/0x7d0 [pid 3551] +++ exited with 0 +++ [pid 3497] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3551, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [ 140.026576][ T25] vmk80xx_auto_attach+0xe75/0x1e60 [ 140.032048][ T25] ? vmk80xx_detach+0x1a0/0x1a0 [ 140.037236][ T25] comedi_auto_config+0x2de/0x620 [ 140.042554][ T25] comedi_usb_auto_config+0x3f/0x50 [ 140.047992][ T25] vmk80xx_usb_probe+0x54/0x70 [ 140.053091][ T25] ? vmk80xx_read_packet+0x770/0x770 [ 140.058621][ T25] usb_probe_interface+0xc4b/0x11f0 [ 140.062847][ T123] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 140.064131][ T25] ? usb_register_driver+0x5f0/0x5f0 [pid 3497] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3560 [pid 3554] <... ioctl resumed>, 0x7ffcf7249d20) = 0 ./strace-static-x86_64: Process 3560 attached [pid 3554] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 140.077212][ T25] really_probe+0x506/0x1000 [ 140.082063][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 140.088528][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 140.094676][ T25] __driver_probe_device+0x2fa/0x3d0 [ 140.100236][ T25] driver_probe_device+0x72/0x7a0 [ 140.105648][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 140.111704][ T25] __device_attach_driver+0x548/0x8e0 [ 140.117466][ T25] bus_for_each_drv+0x1fc/0x360 [ 140.122618][ T25] ? coredump_store+0xa0/0xa0 [ 140.127540][ T25] __device_attach+0x42a/0x720 [ 140.132679][ T25] device_initial_probe+0x2e/0x40 [ 140.137948][ T25] bus_probe_device+0x13c/0x3b0 [ 140.143162][ T25] device_add+0x1d4b/0x26c0 [ 140.147897][ T25] usb_set_configuration+0x30f8/0x37e0 [ 140.153759][ T25] usb_generic_driver_probe+0x105/0x290 [ 140.159530][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 140.165697][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 140.171648][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 140.177697][ T25] usb_probe_device+0x288/0x490 [ 140.182859][ T25] ? usb_register_device_driver+0x440/0x440 [ 140.188976][ T25] really_probe+0x506/0x1000 [ 140.193920][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 140.200228][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 140.206394][ T25] __driver_probe_device+0x2fa/0x3d0 [ 140.211930][ T25] driver_probe_device+0x72/0x7a0 [ 140.217341][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 140.222513][ T28] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 140.223395][ T25] __device_attach_driver+0x548/0x8e0 [ 140.236594][ T25] bus_for_each_drv+0x1fc/0x360 [ 140.241663][ T25] ? coredump_store+0xa0/0xa0 [ 140.246727][ T25] __device_attach+0x42a/0x720 [ 140.251766][ T25] device_initial_probe+0x2e/0x40 [ 140.257155][ T25] bus_probe_device+0x13c/0x3b0 [ 140.262246][ T25] device_add+0x1d4b/0x26c0 [ 140.267189][ T25] usb_new_device+0x17ac/0x2370 [ 140.272436][ T25] hub_event+0x5589/0x8080 [ 140.277166][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 140.283340][ T25] ? led_work+0x730/0x730 [ 140.287902][ T25] ? led_work+0x730/0x730 [ 140.292562][ T25] process_one_work+0xb27/0x13e0 [ 140.297764][ T25] worker_thread+0x1703/0x1d60 [ 140.302926][ T25] kthread+0x31b/0x430 [ 140.307196][ T25] ? worker_clr_flags+0x2b0/0x2b0 [ 140.312585][ T25] ? kthread_blkcg+0x120/0x120 [ 140.317566][ T25] ret_from_fork+0x1f/0x30 [ 140.322211][ T25] [ 140.325488][ T25] ---[ end trace 0000000000000000 ]--- [ 140.331469][ T113] usb 3-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 140.332585][ T123] usb 5-1: Using ep0 maxpacket: 8 [ 140.340753][ T113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.354077][ T113] usb 3-1: Product: syz [ 140.358410][ T113] usb 3-1: Manufacturer: syz [ 140.363297][ T113] usb 3-1: SerialNumber: syz [ 140.369234][ T6] usb 4-1: Using ep0 maxpacket: 8 [pid 3560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3560] setpgid(0, 0) = 0 [pid 3560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3554] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3560] write(3, "1000", 4 [pid 3554] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3560] <... write resumed>) = 4 [pid 3560] close(3) = 0 [pid 3560] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3560] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3560] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3560] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3560] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3559] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3559] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3559] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3554] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3554] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3554] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3554] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 140.374965][ T3501] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [ 140.383400][ T3501] usb 1-1: config 0 has no interface number 0 [ 140.389665][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 140.399900][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 140.421237][ T113] usb 3-1: config 0 descriptor?? [pid 3556] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3555] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3556] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3555] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3554] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3552] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3554] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3552] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [ 140.427285][ T25] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3552] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3552] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3556] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3555] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3554] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3552] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3556] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3555] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3554] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3552] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3555] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 140.457268][ T3552] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 140.461071][ T25] usb 6-1: USB disconnect, device number 9 [ 140.480926][ T3552] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 140.489532][ T28] usb 2-1: Using ep0 maxpacket: 8 [ 140.495604][ T123] usb 5-1: config 0 has an invalid interface number: 164 but max is 0 [pid 3554] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3552] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3559] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3556] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3555] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3554] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3559] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3556] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3554] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3554] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3491] kill(-3552, SIGKILL) = 0 [ 140.504191][ T123] usb 5-1: config 0 has no interface number 0 [ 140.510457][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 140.520799][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3491] kill(3552, SIGKILL) = 0 [ 140.563414][ T113] usb 3-1: can't set config #0, error -71 [ 140.593561][ T6] usb 4-1: config 0 has an invalid interface number: 164 but max is 0 [ 140.602064][ T6] usb 4-1: config 0 has no interface number 0 [pid 3556] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3555] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3556] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3555] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3559] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3554] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3559] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3554] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3559] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3556] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3555] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3559] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3556] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3555] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3556] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3555] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3556] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3555] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3559] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3559] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3554] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3559] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3554] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3552] +++ killed by SIGKILL +++ [pid 3491] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3552, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=3} --- [pid 3491] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3556] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3555] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3556] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3555] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3491] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3561 [ 140.608557][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 140.618858][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 140.637509][ T113] usb 3-1: USB disconnect, device number 9 [ 140.653576][ T28] usb 2-1: config 0 has an invalid interface number: 164 but max is 0 [ 140.661957][ T28] usb 2-1: config 0 has no interface number 0 [ 140.663322][ T3501] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 140.668384][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 140.677253][ T3501] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.687314][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 140.705978][ T3501] usb 1-1: Product: syz ./strace-static-x86_64: Process 3561 attached [pid 3559] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3554] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3561] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3559] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3554] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3561] <... prctl resumed>) = 0 [pid 3554] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3561] setpgid(0, 0 [pid 3554] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3561] <... setpgid resumed>) = 0 [pid 3561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3561] write(3, "1000", 4) = 4 [pid 3556] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3555] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3561] close(3 [pid 3556] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3555] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3561] <... close resumed>) = 0 [pid 3561] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3561] ioctl(3, USB_RAW_IOCTL_INIT [pid 3559] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3554] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3561] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3559] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3554] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3561] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3559] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3554] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3561] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3559] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3554] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3561] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 140.710306][ T3501] usb 1-1: Manufacturer: syz [ 140.715226][ T3501] usb 1-1: SerialNumber: syz [ 140.751853][ T3501] usb 1-1: config 0 descriptor?? [pid 3561] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3559] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3556] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3554] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3555] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3555] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3559] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3556] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3555] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3554] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3555] <... ioctl resumed>, 0) = 0 [ 140.764332][ T123] usb 5-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 140.773660][ T123] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.781841][ T123] usb 5-1: Product: syz [ 140.786268][ T123] usb 5-1: Manufacturer: syz [ 140.791033][ T123] usb 5-1: SerialNumber: syz [ 140.802150][ T123] usb 5-1: config 0 descriptor?? [pid 3555] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3559] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3559] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3555] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3556] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3556] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3555] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3554] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3554] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3555] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3554] <... ioctl resumed>, 0) = 0 [pid 3554] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3554] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3555] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3556] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3556] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3554] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3559] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3559] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3554] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3555] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3554] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3559] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3556] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 140.816088][ T3555] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 140.827687][ T3555] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 140.841373][ T3554] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [ 140.851581][ T3554] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [pid 3559] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3556] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3554] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3559] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3554] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 140.867667][ T3501] ------------[ cut here ]------------ [ 140.873555][ T3501] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 140.880913][ T3501] WARNING: CPU: 0 PID: 3501 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 140.890930][ T3501] Modules linked in: [ 140.895067][ T3501] CPU: 0 PID: 3501 Comm: kworker/0:3 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 140.906963][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 140.913790][ T123] ------------[ cut here ]------------ [ 140.917241][ T3501] Workqueue: usb_hub_wq hub_event [ 140.922712][ T123] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [ 140.924123][ T123] WARNING: CPU: 1 PID: 123 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 140.927803][ T3501] [ 140.927833][ T3501] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 140.933766][ T123] Modules linked in: [ 140.933827][ T123] CPU: 1 PID: 123 Comm: kworker/1:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 140.943425][ T3501] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 140.943521][ T3501] RSP: 0018:ffff888122a6e878 EFLAGS: 00010246 [ 140.943615][ T3501] RAX: f66d70e6d79e2000 RBX: 0000000000000000 RCX: ffff888121010000 [ 140.943697][ T3501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 140.943766][ T3501] RBP: ffff888122a6e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 140.943852][ T3501] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 140.943924][ T3501] R13: 0000000000000003 R14: ffff888121010b58 R15: 0000000000000000 [ 140.943999][ T3501] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 140.944096][ T3501] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 140.944175][ T3501] CR2: 00007f3ece476cc0 CR3: 0000000125a92000 CR4: 00000000003506f0 [ 140.944257][ T3501] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 140.944325][ T3501] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 140.944397][ T3501] Call Trace: [ 140.944433][ T3501] [ 140.944516][ T3501] usb_start_wait_urb+0xcf/0x350 [ 140.944671][ T3501] usb_bulk_msg+0x5cc/0x6f0 [ 140.947008][ T123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 140.952747][ T3501] usb_interrupt_msg+0x54/0x70 [ 140.956639][ T123] Workqueue: usb_hub_wq hub_event [ 140.968164][ T3501] vmk80xx_write_packet+0x5f7/0x7d0 [ 140.987821][ T123] [ 140.987851][ T123] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 140.994017][ T3501] vmk80xx_auto_attach+0xe75/0x1e60 [ 141.001971][ T123] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 141.010054][ T3501] ? vmk80xx_detach+0x1a0/0x1a0 [ 141.018042][ T123] RSP: 0018:ffff8881092b6878 EFLAGS: 00010246 [ 141.026122][ T3501] comedi_auto_config+0x2de/0x620 [ 141.034138][ T123] [ 141.034168][ T123] RAX: f603424d0d5e4e00 RBX: 0000000000000000 RCX: ffff888103e720c0 [ 141.043192][ T3501] comedi_usb_auto_config+0x3f/0x50 [ 141.049753][ T123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 141.057823][ T3501] vmk80xx_usb_probe+0x54/0x70 [ 141.065834][ T123] RBP: ffff8881092b6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 141.073917][ T3501] ? vmk80xx_read_packet+0x770/0x770 [ 141.077265][ T123] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 141.080154][ T3501] usb_probe_interface+0xc4b/0x11f0 [ 141.085151][ T123] R13: 0000000000000003 R14: ffff888103e72c18 R15: 0000000000000000 [ 141.089716][ T3501] ? usb_register_driver+0x5f0/0x5f0 [ 141.099812][ T123] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 141.104687][ T3501] really_probe+0x506/0x1000 [ 141.109691][ T123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.114975][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 141.117342][ T123] CR2: 00007f3ece476cc0 CR3: 00000001272d2000 CR4: 00000000003506e0 [ 141.123075][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 141.128253][ T123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 141.147963][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 141.152849][ T123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 141.158961][ T3501] driver_probe_device+0x72/0x7a0 [ 141.164037][ T123] Call Trace: [ 141.164070][ T123] [ 141.166414][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 141.174490][ T123] usb_start_wait_urb+0xcf/0x350 [ 141.179692][ T3501] __device_attach_driver+0x548/0x8e0 [ 141.187744][ T123] usb_bulk_msg+0x5cc/0x6f0 [ 141.192607][ T3501] bus_for_each_drv+0x1fc/0x360 [ 141.200582][ T123] usb_interrupt_msg+0x54/0x70 [ 141.205928][ T3501] ? coredump_store+0xa0/0xa0 [ 141.213967][ T123] vmk80xx_write_packet+0x5f7/0x7d0 [ 141.219196][ T3501] __device_attach+0x42a/0x720 [ 141.227247][ T123] vmk80xx_auto_attach+0xe75/0x1e60 [ 141.232621][ T3501] device_initial_probe+0x2e/0x40 [ 141.241562][ T123] ? vmk80xx_detach+0x1a0/0x1a0 [ 141.246207][ T3501] bus_probe_device+0x13c/0x3b0 [ 141.252835][ T123] comedi_auto_config+0x2de/0x620 [ 141.258951][ T3501] device_add+0x1d4b/0x26c0 [ 141.266997][ T123] comedi_usb_auto_config+0x3f/0x50 [ 141.272898][ T3501] usb_set_configuration+0x30f8/0x37e0 [ 141.280932][ T123] vmk80xx_usb_probe+0x54/0x70 [ 141.286355][ T3501] usb_generic_driver_probe+0x105/0x290 [ 141.294311][ T123] ? vmk80xx_read_packet+0x770/0x770 [ 141.299368][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 141.302719][ T123] usb_probe_interface+0xc4b/0x11f0 [ 141.305700][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 141.311544][ T123] ? usb_register_driver+0x5f0/0x5f0 [ 141.316540][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 141.321903][ T123] really_probe+0x506/0x1000 [ 141.326491][ T3501] usb_probe_device+0x288/0x490 [ 141.331334][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 141.336189][ T3501] ? usb_register_device_driver+0x440/0x440 [ 141.340857][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 141.346123][ T3501] really_probe+0x506/0x1000 [ 141.350891][ T123] __driver_probe_device+0x2fa/0x3d0 [ 141.356163][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 141.361191][ T123] driver_probe_device+0x72/0x7a0 [ 141.366125][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 141.370966][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 141.376076][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 141.380574][ T123] __device_attach_driver+0x548/0x8e0 [ 141.385854][ T3501] driver_probe_device+0x72/0x7a0 [ 141.391310][ T123] bus_for_each_drv+0x1fc/0x360 [ 141.396148][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 141.401682][ T123] ? coredump_store+0xa0/0xa0 [ 141.407055][ T3501] __device_attach_driver+0x548/0x8e0 [ 141.412907][ T123] __device_attach+0x42a/0x720 [ 141.418138][ T3501] bus_for_each_drv+0x1fc/0x360 [ 141.423933][ T123] device_initial_probe+0x2e/0x40 [ 141.429221][ T3501] ? coredump_store+0xa0/0xa0 [ 141.435009][ T123] bus_probe_device+0x13c/0x3b0 [ 141.439645][ T3501] __device_attach+0x42a/0x720 [ 141.444560][ T123] device_add+0x1d4b/0x26c0 [ 141.450664][ T3501] device_initial_probe+0x2e/0x40 [ 141.456624][ T123] usb_set_configuration+0x30f8/0x37e0 [ 141.462507][ T3501] bus_probe_device+0x13c/0x3b0 [ 141.467153][ T123] usb_generic_driver_probe+0x105/0x290 [ 141.472484][ T3501] device_add+0x1d4b/0x26c0 [ 141.478524][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 141.483654][ T3501] usb_new_device+0x17ac/0x2370 [ 141.489450][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 141.495371][ T3501] hub_event+0x5589/0x8080 [ 141.500620][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [pid 3559] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3556] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3559] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3556] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3555] exit_group(0 [pid 3554] exit_group(0 [pid 3560] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 141.506167][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 141.511106][ T123] usb_probe_device+0x288/0x490 [ 141.516039][ T3501] ? led_work+0x730/0x730 [ 141.521848][ T123] ? usb_register_device_driver+0x440/0x440 [ 141.526600][ T3501] ? led_work+0x730/0x730 [ 141.531962][ T123] really_probe+0x506/0x1000 [ 141.536807][ T3501] process_one_work+0xb27/0x13e0 [ 141.541658][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 141.546792][ T3501] worker_thread+0x1703/0x1d60 [ 141.551438][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 141.556401][ T3501] kthread+0x31b/0x430 [ 141.561128][ T123] __driver_probe_device+0x2fa/0x3d0 [ 141.565706][ T3501] ? worker_clr_flags+0x2b0/0x2b0 [ 141.570739][ T123] driver_probe_device+0x72/0x7a0 [ 141.576274][ T3501] ? kthread_blkcg+0x120/0x120 [ 141.581115][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 141.586738][ T3501] ret_from_fork+0x1f/0x30 [ 141.591240][ T123] __device_attach_driver+0x548/0x8e0 [ 141.597142][ T3501] [ 141.601981][ T123] bus_for_each_drv+0x1fc/0x360 [pid 3555] <... exit_group resumed>) = ? [pid 3554] <... exit_group resumed>) = ? [pid 3560] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3556] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3555] +++ exited with 0 +++ [pid 3554] +++ exited with 0 +++ [pid 3556] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3495] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3554, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3488] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3555, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3488] restart_syscall(<... resuming interrupted clone ...> [pid 3560] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 141.607767][ T3501] ---[ end trace 0000000000000000 ]--- [ 141.612178][ T123] ? coredump_store+0xa0/0xa0 [ 141.626090][ T25] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 141.628720][ T123] __device_attach+0x42a/0x720 [ 141.683173][ T6] usb 4-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 141.684836][ T123] device_initial_probe+0x2e/0x40 [ 141.689825][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.694640][ T123] bus_probe_device+0x13c/0x3b0 [pid 3488] <... restart_syscall resumed>) = 0 [pid 3560] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3495] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3562 [pid 3488] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3563 ./strace-static-x86_64: Process 3563 attached ./strace-static-x86_64: Process 3562 attached [pid 3563] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3562] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3563] <... prctl resumed>) = 0 [pid 3562] <... prctl resumed>) = 0 [ 141.700553][ T6] usb 4-1: Product: syz [ 141.705034][ T123] device_add+0x1d4b/0x26c0 [ 141.710457][ T6] usb 4-1: Manufacturer: syz [ 141.713555][ T123] usb_new_device+0x17ac/0x2370 [ 141.718537][ T6] usb 4-1: SerialNumber: syz [ 141.724082][ T123] hub_event+0x5589/0x8080 [ 141.804640][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 141.810689][ T123] ? led_work+0x730/0x730 [ 141.815330][ T123] ? led_work+0x730/0x730 [pid 3563] setpgid(0, 0 [pid 3562] setpgid(0, 0 [pid 3563] <... setpgid resumed>) = 0 [pid 3562] <... setpgid resumed>) = 0 [pid 3563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3563] <... openat resumed>) = 3 [pid 3562] <... openat resumed>) = 3 [pid 3563] write(3, "1000", 4 [pid 3562] write(3, "1000", 4 [pid 3563] <... write resumed>) = 4 [pid 3562] <... write resumed>) = 4 [pid 3563] close(3 [pid 3562] close(3 [pid 3563] <... close resumed>) = 0 [pid 3562] <... close resumed>) = 0 [pid 3563] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3562] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3563] <... openat resumed>) = 3 [pid 3562] <... openat resumed>) = 3 [ 141.819901][ T123] process_one_work+0xb27/0x13e0 [ 141.825163][ T123] worker_thread+0x1703/0x1d60 [ 141.830179][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 141.836302][ T123] ? __kthread_parkme+0x110/0x1b0 [ 141.841543][ T123] kthread+0x31b/0x430 [ 141.845882][ T123] ? worker_clr_flags+0x2b0/0x2b0 [ 141.851174][ T123] ? kthread_blkcg+0x120/0x120 [ 141.856207][ T123] ret_from_fork+0x1f/0x30 [ 141.860871][ T123] [ 141.864084][ T123] ---[ end trace 0000000000000000 ]--- [pid 3563] ioctl(3, USB_RAW_IOCTL_INIT [pid 3562] ioctl(3, USB_RAW_IOCTL_INIT [pid 3563] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3562] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3563] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3562] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3563] <... ioctl resumed>, 0) = 0 [pid 3561] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3561] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 141.870105][ T28] usb 2-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 141.872563][ T113] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 141.879326][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.895143][ T28] usb 2-1: Product: syz [ 141.899467][ T28] usb 2-1: Manufacturer: syz [ 141.904289][ T28] usb 2-1: SerialNumber: syz [pid 3563] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3562] <... ioctl resumed>, 0) = 0 [pid 3563] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3562] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3561] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3563] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3562] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3561] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3562] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3559] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3559] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3559] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 141.921273][ T28] usb 2-1: config 0 descriptor?? [ 141.934133][ T123] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 141.953042][ T25] usb 6-1: Using ep0 maxpacket: 8 [pid 3559] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3560] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3559] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3560] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3560] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 141.967348][ T3559] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 141.983116][ T123] usb 5-1: USB disconnect, device number 11 [ 142.010627][ T3500] udevd[3500]: setting owner of /dev/bus/usb/005/011 to uid=0, gid=0 failed: No such file or directory [pid 3559] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3560] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3559] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3559] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3560] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 9 [pid 3559] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3556] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3560] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3556] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [ 142.012959][ T3559] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 142.026291][ T6] usb 4-1: config 0 descriptor?? [ 142.040088][ T3501] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3560] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3556] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 142.074492][ T3501] usb 1-1: USB disconnect, device number 9 [ 142.089432][ T28] ------------[ cut here ]------------ [ 142.095201][ T28] usb 2-1: BOGUS urb xfer, pipe 1 != type 3 [ 142.102725][ T28] WARNING: CPU: 1 PID: 28 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 142.112526][ T28] Modules linked in: [ 142.116586][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 142.120160][ T3556] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 142.128188][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 142.136536][ T25] usb 6-1: config 0 has an invalid interface number: 164 but max is 0 [ 142.145482][ T28] Workqueue: usb_hub_wq hub_event [ 142.153909][ T25] usb 6-1: config 0 has no interface number 0 [ 142.158896][ T28] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 142.165135][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 142.170706][ T28] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 142.180740][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 142.200382][ T28] RSP: 0018:ffff8881027a2878 EFLAGS: 00010246 [ 142.217476][ T28] RAX: c3242d7576535800 RBX: 0000000000000000 RCX: ffff888102684180 [pid 3560] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3556] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3560] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3556] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3560] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3560] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 4 [ 142.225724][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 142.233944][ T28] RBP: ffff8881027a2998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 142.242100][ T28] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 142.250393][ T28] R13: 0000000000000003 R14: ffff888102684cd8 R15: 0000000000000000 [ 142.252545][ T113] usb 3-1: Using ep0 maxpacket: 8 [ 142.258538][ T28] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [pid 3560] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3561] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3560] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3561] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3560] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3561] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3560] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3561] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3560] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3561] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 142.272922][ T28] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.279684][ T28] CR2: 00007f3ece476cc0 CR3: 00000001272d2000 CR4: 00000000003506e0 [ 142.287940][ T28] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 142.296150][ T28] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 142.304439][ T28] Call Trace: [ 142.307849][ T28] [ 142.310956][ T28] usb_start_wait_urb+0xcf/0x350 [ 142.316256][ T28] usb_bulk_msg+0x5cc/0x6f0 [ 142.320990][ T28] usb_interrupt_msg+0x54/0x70 [pid 3560] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3561] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3560] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3559] exit_group(0 [pid 3561] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3560] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3559] <... exit_group resumed>) = ? [pid 3561] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3560] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3559] +++ exited with 0 +++ [ 142.326082][ T28] vmk80xx_write_packet+0x5f7/0x7d0 [ 142.331538][ T28] vmk80xx_auto_attach+0xe75/0x1e60 [ 142.337114][ T28] ? vmk80xx_detach+0x1a0/0x1a0 [ 142.342183][ T28] comedi_auto_config+0x2de/0x620 [ 142.347488][ T28] comedi_usb_auto_config+0x3f/0x50 [ 142.352983][ T28] vmk80xx_usb_probe+0x54/0x70 [ 142.357963][ T28] ? vmk80xx_read_packet+0x770/0x770 [ 142.363709][ T28] usb_probe_interface+0xc4b/0x11f0 [ 142.369157][ T28] ? usb_register_driver+0x5f0/0x5f0 [pid 3561] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3560] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3561] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 142.374752][ T28] really_probe+0x506/0x1000 [ 142.379574][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 142.383137][ T113] usb 3-1: config 0 has an invalid interface number: 164 but max is 0 [ 142.385860][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 142.394082][ T113] usb 3-1: config 0 has no interface number 0 [ 142.399915][ T28] __driver_probe_device+0x2fa/0x3d0 [ 142.406126][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 142.411350][ T28] driver_probe_device+0x72/0x7a0 [ 142.421349][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 142.426445][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 142.437182][ T25] usb 6-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 142.442441][ T28] __device_attach_driver+0x548/0x8e0 [ 142.451494][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.457133][ T28] bus_for_each_drv+0x1fc/0x360 [ 142.465127][ T25] usb 6-1: Product: syz [ 142.469960][ T28] ? coredump_store+0xa0/0xa0 [ 142.474253][ T25] usb 6-1: Manufacturer: syz [ 142.478901][ T28] __device_attach+0x42a/0x720 [ 142.483758][ T25] usb 6-1: SerialNumber: syz [ 142.488377][ T28] device_initial_probe+0x2e/0x40 [ 142.499102][ T28] bus_probe_device+0x13c/0x3b0 [ 142.504246][ T28] device_add+0x1d4b/0x26c0 [ 142.508979][ T28] usb_set_configuration+0x30f8/0x37e0 [ 142.514798][ T28] usb_generic_driver_probe+0x105/0x290 [ 142.520553][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 142.526646][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 142.532650][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 142.538583][ T28] usb_probe_device+0x288/0x490 [ 142.543759][ T28] ? usb_register_device_driver+0x440/0x440 [ 142.549873][ T28] really_probe+0x506/0x1000 [ 142.554759][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 142.561071][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 142.567176][ T28] __driver_probe_device+0x2fa/0x3d0 [ 142.572775][ T28] driver_probe_device+0x72/0x7a0 [ 142.578041][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 142.584157][ T28] __device_attach_driver+0x548/0x8e0 [ 142.589790][ T28] bus_for_each_drv+0x1fc/0x360 [ 142.594953][ T28] ? coredump_store+0xa0/0xa0 [ 142.599898][ T28] __device_attach+0x42a/0x720 [ 142.605102][ T28] device_initial_probe+0x2e/0x40 [ 142.610355][ T28] bus_probe_device+0x13c/0x3b0 [ 142.615521][ T28] device_add+0x1d4b/0x26c0 [ 142.620253][ T28] usb_new_device+0x17ac/0x2370 [ 142.625421][ T28] hub_event+0x5589/0x8080 [ 142.630143][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 142.636363][ T28] ? led_work+0x730/0x730 [ 142.640932][ T28] ? led_work+0x730/0x730 [ 142.645544][ T28] process_one_work+0xb27/0x13e0 [ 142.650745][ T28] worker_thread+0x1703/0x1d60 [ 142.655862][ T28] kthread+0x31b/0x430 [ 142.660131][ T28] ? worker_clr_flags+0x2b0/0x2b0 [ 142.665444][ T28] ? kthread_blkcg+0x120/0x120 [ 142.670416][ T28] ret_from_fork+0x1f/0x30 [pid 3560] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3490] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3559, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 3490] restart_syscall(<... resuming interrupted clone ...> [pid 3561] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3560] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3490] <... restart_syscall resumed>) = 0 [pid 3561] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3560] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3561] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3561] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3490] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3561] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3561] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3490] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3564 ./strace-static-x86_64: Process 3564 attached [pid 3564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3564] setpgid(0, 0) = 0 [pid 3564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3564] write(3, "1000", 4) = 4 [pid 3564] close(3) = 0 [pid 3564] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3564] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3564] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3564] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3564] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3556] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3563] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3563] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3556] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3561] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3563] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3561] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3560] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3563] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3560] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3560] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 142.675162][ T28] [ 142.678315][ T28] ---[ end trace 0000000000000000 ]--- [ 142.692655][ T3501] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 142.715825][ T25] usb 6-1: config 0 descriptor?? [ 142.716130][ T3556] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [pid 3560] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3561] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3561] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3560] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3561] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3556] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3560] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3561] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3560] ioctl(3, USB_RAW_IOCTL_EP0_READ [ 142.742278][ T3560] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 142.767489][ T3560] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 142.781503][ T28] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3561] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3556] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3561] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3560] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 142.800950][ T28] usb 2-1: USB disconnect, device number 11 [ 142.830380][ T25] ------------[ cut here ]------------ [ 142.836145][ T25] usb 6-1: BOGUS urb xfer, pipe 1 != type 3 [ 142.844992][ T25] WARNING: CPU: 0 PID: 25 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 142.854813][ T25] Modules linked in: [ 142.858871][ T25] CPU: 0 PID: 25 Comm: kworker/0:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 142.870533][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 142.880868][ T25] Workqueue: usb_hub_wq hub_event [ 142.886225][ T25] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 142.892087][ T25] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 142.912073][ T25] RSP: 0018:ffff8881026f6878 EFLAGS: 00010246 [ 142.918406][ T25] RAX: 5ec2ec8ff90d0c00 RBX: 0000000000000000 RCX: ffff88810267c180 [ 142.926694][ T25] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 142.934909][ T25] RBP: ffff8881026f6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 142.943200][ T25] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [pid 3561] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [ 142.951356][ T25] R13: 0000000000000003 R14: ffff88810267ccd8 R15: 0000000000000000 [ 142.959623][ T25] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 142.962791][ T123] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 142.968746][ T25] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.983233][ T25] CR2: 000055a4744ff600 CR3: 0000000127315000 CR4: 00000000003506f0 [ 142.991384][ T25] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 3561] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3562] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3562] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3560] exit_group(0 [pid 3556] exit_group(0 [pid 3562] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [ 142.999650][ T25] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 143.007870][ T25] Call Trace: [ 143.011276][ T25] [ 143.014509][ T25] usb_start_wait_urb+0xcf/0x350 [ 143.019721][ T25] usb_bulk_msg+0x5cc/0x6f0 [ 143.024582][ T25] usb_interrupt_msg+0x54/0x70 [ 143.029580][ T25] vmk80xx_write_packet+0x5f7/0x7d0 [ 143.035174][ T25] vmk80xx_auto_attach+0xe75/0x1e60 [ 143.040628][ T25] ? vmk80xx_detach+0x1a0/0x1a0 [ 143.045826][ T25] comedi_auto_config+0x2de/0x620 [pid 3560] <... exit_group resumed>) = ? [pid 3556] <... exit_group resumed>) = ? [pid 3562] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3560] +++ exited with 0 +++ [pid 3556] +++ exited with 0 +++ [ 143.051071][ T25] comedi_usb_auto_config+0x3f/0x50 [ 143.056594][ T25] vmk80xx_usb_probe+0x54/0x70 [ 143.061587][ T25] ? vmk80xx_read_packet+0x770/0x770 [ 143.067179][ T25] usb_probe_interface+0xc4b/0x11f0 [ 143.072713][ T25] ? usb_register_driver+0x5f0/0x5f0 [ 143.078226][ T25] really_probe+0x506/0x1000 [ 143.083148][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 143.089458][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.095586][ T25] __driver_probe_device+0x2fa/0x3d0 [pid 3497] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3560, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3492] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3556, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3492] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3492] kill(-3556, SIGKILL) = 0 [pid 3497] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3492] kill(3556, SIGKILL) = 0 [pid 3497] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3566 ./strace-static-x86_64: Process 3566 attached [ 143.101122][ T25] driver_probe_device+0x72/0x7a0 [ 143.106464][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.112590][ T25] __device_attach_driver+0x548/0x8e0 [ 143.118235][ T25] bus_for_each_drv+0x1fc/0x360 [ 143.123432][ T25] ? coredump_store+0xa0/0xa0 [ 143.128359][ T25] __device_attach+0x42a/0x720 [ 143.133502][ T25] device_initial_probe+0x2e/0x40 [ 143.138763][ T25] bus_probe_device+0x13c/0x3b0 [ 143.143987][ T25] device_add+0x1d4b/0x26c0 [ 143.148720][ T25] usb_set_configuration+0x30f8/0x37e0 [ 143.154597][ T25] usb_generic_driver_probe+0x105/0x290 [ 143.160362][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.166536][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 143.172557][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 143.178488][ T25] usb_probe_device+0x288/0x490 [ 143.183694][ T25] ? usb_register_device_driver+0x440/0x440 [ 143.189816][ T25] really_probe+0x506/0x1000 [ 143.194783][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 143.201094][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.207277][ T25] __driver_probe_device+0x2fa/0x3d0 [ 143.212891][ T25] driver_probe_device+0x72/0x7a0 [ 143.218162][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.224328][ T25] __device_attach_driver+0x548/0x8e0 [ 143.229960][ T25] bus_for_each_drv+0x1fc/0x360 [ 143.235149][ T25] ? coredump_store+0xa0/0xa0 [ 143.240065][ T25] __device_attach+0x42a/0x720 [ 143.245160][ T25] device_initial_probe+0x2e/0x40 [ 143.247010][ T123] usb 5-1: Using ep0 maxpacket: 8 [ 143.250350][ T25] bus_probe_device+0x13c/0x3b0 [ 143.255787][ T28] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 143.260396][ T25] device_add+0x1d4b/0x26c0 [ 143.272915][ T25] usb_new_device+0x17ac/0x2370 [ 143.278044][ T25] hub_event+0x5589/0x8080 [ 143.282883][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.288932][ T25] ? led_work+0x730/0x730 [ 143.293617][ T25] ? led_work+0x730/0x730 [ 143.298197][ T25] process_one_work+0xb27/0x13e0 [ 143.303509][ T25] worker_thread+0x1703/0x1d60 [ 143.308537][ T25] kthread+0x31b/0x430 [ 143.312913][ T25] ? worker_clr_flags+0x2b0/0x2b0 [ 143.318183][ T25] ? kthread_blkcg+0x120/0x120 [ 143.323267][ T25] ret_from_fork+0x1f/0x30 [ 143.327917][ T25] [ 143.331071][ T25] ---[ end trace 0000000000000000 ]--- [ 143.337217][ T113] usb 3-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [pid 3566] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3492] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3566] <... prctl resumed>) = 0 [pid 3566] setpgid(0, 0 [pid 3492] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3567 [pid 3566] <... setpgid resumed>) = 0 [pid 3566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3566] write(3, "1000", 4) = 4 [pid 3566] close(3) = 0 [pid 3566] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3566] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3566] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3566] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3566] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH./strace-static-x86_64: Process 3567 attached [pid 3567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3567] setpgid(0, 0) = 0 [pid 3567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3567] write(3, "1000", 4) = 4 [pid 3567] close(3) = 0 [pid 3567] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3567] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3567] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3567] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3567] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3562] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3562] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3562] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3562] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 9 [pid 3562] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 143.346563][ T113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.354885][ T113] usb 3-1: Product: syz [ 143.359222][ T113] usb 3-1: Manufacturer: syz [ 143.364115][ T113] usb 3-1: SerialNumber: syz [ 143.372931][ T123] usb 5-1: config 0 has an invalid interface number: 164 but max is 0 [ 143.379468][ T6] ------------[ cut here ]------------ [ 143.381229][ T123] usb 5-1: config 0 has no interface number 0 [ 143.381334][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [pid 3562] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3564] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3562] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3562] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3562] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 4 [ 143.386863][ T6] usb 4-1: BOGUS urb xfer, pipe 1 != type 3 [ 143.388267][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 143.393164][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 143.403101][ T6] Modules linked in: [ 143.403164][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [pid 3562] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3564] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3562] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 143.445523][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 143.456160][ T6] Workqueue: usb_hub_wq hub_event [ 143.461709][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 143.467944][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 143.488162][ T6] RSP: 0018:ffff888102616878 EFLAGS: 00010246 [ 143.494827][ T6] RAX: 9ab4860bd45fdb00 RBX: 0000000000000000 RCX: ffff888102604180 [pid 3564] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3562] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [ 143.503351][ T6] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 143.511733][ T6] RBP: ffff888102616998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 143.520300][ T6] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 143.528776][ T6] R13: 0000000000000003 R14: ffff888102604cd8 R15: 0000000000000000 [ 143.537323][ T6] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 143.546773][ T6] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 3562] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3562] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3562] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 143.553931][ T6] CR2: 000055a4744ff600 CR3: 000000010dbfe000 CR4: 00000000003506f0 [ 143.562409][ T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 143.570834][ T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 143.579352][ T6] Call Trace: [ 143.583080][ T6] [ 143.586426][ T6] usb_start_wait_urb+0xcf/0x350 [ 143.591846][ T6] usb_bulk_msg+0x5cc/0x6f0 [ 143.593250][ T123] usb 5-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 143.596779][ T6] usb_interrupt_msg+0x54/0x70 [ 143.605801][ T123] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.605908][ T123] usb 5-1: Product: syz [ 143.610684][ T6] vmk80xx_write_packet+0x5f7/0x7d0 [ 143.618742][ T123] usb 5-1: Manufacturer: syz [ 143.623012][ T6] vmk80xx_auto_attach+0xe75/0x1e60 [ 143.623176][ T6] ? vmk80xx_detach+0x1a0/0x1a0 [ 143.628401][ T123] usb 5-1: SerialNumber: syz [ 143.633059][ T6] comedi_auto_config+0x2de/0x620 [ 143.633191][ T6] comedi_usb_auto_config+0x3f/0x50 [ 143.660135][ T6] vmk80xx_usb_probe+0x54/0x70 [ 143.665502][ T6] ? vmk80xx_read_packet+0x770/0x770 [ 143.671258][ T6] usb_probe_interface+0xc4b/0x11f0 [ 143.677075][ T6] ? usb_register_driver+0x5f0/0x5f0 [ 143.682906][ T6] really_probe+0x506/0x1000 [ 143.687977][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 143.692463][ T28] usb 2-1: Using ep0 maxpacket: 8 [ 143.694467][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [pid 3562] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3562] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3564] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 143.705841][ T6] __driver_probe_device+0x2fa/0x3d0 [ 143.711634][ T6] driver_probe_device+0x72/0x7a0 [ 143.717287][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.723665][ T6] __device_attach_driver+0x548/0x8e0 [ 143.729611][ T6] bus_for_each_drv+0x1fc/0x360 [ 143.735053][ T6] ? coredump_store+0xa0/0xa0 [ 143.740225][ T6] __device_attach+0x42a/0x720 [ 143.745598][ T6] device_initial_probe+0x2e/0x40 [ 143.751108][ T6] bus_probe_device+0x13c/0x3b0 [pid 3564] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3564] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3564] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 143.752091][ T123] usb 5-1: config 0 descriptor?? [ 143.756354][ T6] device_add+0x1d4b/0x26c0 [ 143.756493][ T6] usb_set_configuration+0x30f8/0x37e0 [ 143.772579][ T6] usb_generic_driver_probe+0x105/0x290 [ 143.778630][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.785055][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 143.786723][ T3562] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [ 143.791047][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 143.804648][ T6] usb_probe_device+0x288/0x490 [ 143.809979][ T6] ? usb_register_device_driver+0x440/0x440 [ 143.811424][ T3562] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [ 143.816293][ T6] really_probe+0x506/0x1000 [ 143.828522][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 143.835204][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.841502][ T6] __driver_probe_device+0x2fa/0x3d0 [ 143.847409][ T6] driver_probe_device+0x72/0x7a0 [ 143.852995][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.859283][ T6] __device_attach_driver+0x548/0x8e0 [ 143.861417][ T28] usb 2-1: config 0 has an invalid interface number: 164 but max is 0 [ 143.865066][ T6] bus_for_each_drv+0x1fc/0x360 [ 143.873295][ T28] usb 2-1: config 0 has no interface number 0 [ 143.873394][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 143.878252][ T6] ? coredump_store+0xa0/0xa0 [pid 3562] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3562] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3562] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3562] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3564] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3562] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3564] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3562] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3564] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3562] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3564] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3562] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3564] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3562] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 143.884418][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 143.894392][ T6] __device_attach+0x42a/0x720 [ 143.909600][ T123] ------------[ cut here ]------------ [ 143.914339][ T6] device_initial_probe+0x2e/0x40 [ 143.914491][ T6] bus_probe_device+0x13c/0x3b0 [ 143.919991][ T123] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [ 143.921397][ T123] WARNING: CPU: 1 PID: 123 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 143.925261][ T6] device_add+0x1d4b/0x26c0 [ 143.925402][ T6] usb_new_device+0x17ac/0x2370 [ 143.930318][ T123] Modules linked in: [ 143.936326][ T6] hub_event+0x5589/0x8080 [ 143.936539][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.936683][ T6] ? led_work+0x730/0x730 [ 143.936819][ T6] ? led_work+0x730/0x730 [ 143.936959][ T6] process_one_work+0xb27/0x13e0 [ 143.937129][ T6] worker_thread+0x1703/0x1d60 [ 143.937300][ T6] kthread+0x31b/0x430 [ 143.937403][ T6] ? worker_clr_flags+0x2b0/0x2b0 [ 143.937547][ T6] ? kthread_blkcg+0x120/0x120 [ 143.937667][ T6] ret_from_fork+0x1f/0x30 [ 143.937811][ T6] [ 143.937848][ T6] ---[ end trace 0000000000000000 ]--- [ 143.947967][ T113] usb 3-1: config 0 descriptor?? [ 143.948640][ T25] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 143.952832][ T123] CPU: 1 PID: 123 Comm: kworker/1:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 143.952949][ T123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 143.953026][ T123] Workqueue: usb_hub_wq hub_event [ 143.953168][ T123] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 143.972616][ T3501] usb 1-1: Using ep0 maxpacket: 8 [ 143.973721][ T25] usb 6-1: USB disconnect, device number 10 [ 143.977243][ T123] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 143.990052][ T6] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 143.991836][ T123] RSP: 0018:ffff8881092b6878 EFLAGS: 00010246 [ 143.991936][ T123] RAX: f603424d0d5e4e00 RBX: 0000000000000000 RCX: ffff888103e720c0 [ 144.000932][ T6] usb 4-1: USB disconnect, device number 9 [ 144.001244][ T123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 144.001317][ T123] RBP: ffff8881092b6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 144.069154][ T3561] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [pid 3564] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3563] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3563] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3563] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3563] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 9 [pid 3563] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3561] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3561] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3561] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3561] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3563] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3561] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3563] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3561] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3564] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3563] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3561] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3564] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3563] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3563] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 4 [ 144.072611][ T123] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 144.081310][ T3561] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 144.098294][ T123] R13: 0000000000000003 R14: ffff888103e72c18 R15: 0000000000000000 [ 144.109687][ T3501] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [ 144.113897][ T123] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 144.121928][ T3501] usb 1-1: config 0 has no interface number 0 [ 144.122033][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 144.127959][ T123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.128041][ T123] CR2: 00007f41126ce990 CR3: 0000000127315000 CR4: 00000000003506e0 [ 144.136163][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 144.144118][ T123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 144.144190][ T123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [pid 3563] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 144.246542][ T3507] udevd[3507]: setting mode of /dev/bus/usb/004/009 to 020664 failed: No such file or directory [ 144.250501][ T123] Call Trace: [ 144.250534][ T123] [ 144.250632][ T123] usb_start_wait_urb+0xcf/0x350 [ 144.274967][ T123] usb_bulk_msg+0x5cc/0x6f0 [ 144.279709][ T123] usb_interrupt_msg+0x54/0x70 [ 144.284746][ T123] vmk80xx_write_packet+0x5f7/0x7d0 [ 144.290198][ T123] vmk80xx_auto_attach+0xe75/0x1e60 [ 144.295708][ T123] ? vmk80xx_detach+0x1a0/0x1a0 [ 144.300773][ T123] comedi_auto_config+0x2de/0x620 [pid 3561] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcf7248d10) = 0 [ 144.306075][ T123] comedi_usb_auto_config+0x3f/0x50 [ 144.311503][ T123] vmk80xx_usb_probe+0x54/0x70 [ 144.316545][ T123] ? vmk80xx_read_packet+0x770/0x770 [ 144.322043][ T123] usb_probe_interface+0xc4b/0x11f0 [ 144.327539][ T123] ? usb_register_driver+0x5f0/0x5f0 [ 144.333095][ T123] really_probe+0x506/0x1000 [ 144.337917][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 144.344203][ T113] ------------[ cut here ]------------ [ 144.344236][ T113] usb 3-1: BOGUS urb xfer, pipe 1 != type 3 [ 144.345638][ T113] WARNING: CPU: 0 PID: 113 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 144.349778][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 144.355751][ T113] Modules linked in: [ 144.365356][ T123] __driver_probe_device+0x2fa/0x3d0 [ 144.371261][ T113] CPU: 0 PID: 113 Comm: kworker/0:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 144.375227][ T123] driver_probe_device+0x72/0x7a0 [ 144.380593][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 144.392121][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 144.397303][ T113] Workqueue: usb_hub_wq hub_event [ 144.407387][ T123] __device_attach_driver+0x548/0x8e0 [ 144.413339][ T113] [ 144.413368][ T113] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 144.418386][ T123] bus_for_each_drv+0x1fc/0x360 [ 144.423826][ T113] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 144.426147][ T123] ? coredump_store+0xa0/0xa0 [ 144.431790][ T113] RSP: 0018:ffff888109c8e878 EFLAGS: 00010246 [ 144.436726][ T123] __device_attach+0x42a/0x720 [ 144.456509][ T113] [ 144.461130][ T123] device_initial_probe+0x2e/0x40 [ 144.467257][ T113] RAX: 7c40313c42a2f100 RBX: 0000000000000000 RCX: ffff888109c90000 [ 144.472023][ T123] bus_probe_device+0x13c/0x3b0 [ 144.474428][ T113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 144.479473][ T123] device_add+0x1d4b/0x26c0 [ 144.487536][ T113] RBP: ffff888109c8e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 144.492447][ T123] usb_set_configuration+0x30f8/0x37e0 [ 144.500424][ T113] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 144.505065][ T123] usb_generic_driver_probe+0x105/0x290 [ 144.513135][ T113] R13: 0000000000000003 R14: ffff888109c90b58 R15: 0000000000000000 [ 144.518593][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 144.526650][ T113] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 144.532198][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 144.540299][ T113] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.546059][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 144.555086][ T113] CR2: 00007f41125136c8 CR3: 0000000127358000 CR4: 00000000003506f0 [ 144.560807][ T123] usb_probe_device+0x288/0x490 [ 144.569053][ T113] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 144.573247][ T123] ? usb_register_device_driver+0x440/0x440 [ 144.581247][ T113] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 144.586184][ T123] really_probe+0x506/0x1000 [ 144.594275][ T113] Call Trace: [ 144.600149][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 144.608270][ T113] [ 144.612849][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 144.616204][ T113] usb_start_wait_urb+0xcf/0x350 [ 144.622248][ T123] __driver_probe_device+0x2fa/0x3d0 [ 144.625279][ T113] usb_bulk_msg+0x5cc/0x6f0 [ 144.631020][ T123] driver_probe_device+0x72/0x7a0 [ 144.636044][ T113] usb_interrupt_msg+0x54/0x70 [ 144.641313][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 144.645902][ T113] vmk80xx_write_packet+0x5f7/0x7d0 [ 144.650917][ T123] __device_attach_driver+0x548/0x8e0 [ 144.655777][ T113] vmk80xx_auto_attach+0xe75/0x1e60 [ 144.661568][ T123] bus_for_each_drv+0x1fc/0x360 [ 144.666862][ T113] ? vmk80xx_detach+0x1a0/0x1a0 [ 144.672196][ T123] ? coredump_store+0xa0/0xa0 [ 144.677478][ T113] comedi_auto_config+0x2de/0x620 [ 144.682290][ T123] __device_attach+0x42a/0x720 [ 144.687226][ T113] comedi_usb_auto_config+0x3f/0x50 [ 144.691917][ T123] device_initial_probe+0x2e/0x40 [ 144.697003][ T113] vmk80xx_usb_probe+0x54/0x70 [ 144.701764][ T123] bus_probe_device+0x13c/0x3b0 [ 144.707120][ T113] ? vmk80xx_read_packet+0x770/0x770 [ 144.712069][ T123] device_add+0x1d4b/0x26c0 [ 144.716903][ T113] usb_probe_interface+0xc4b/0x11f0 [ 144.721769][ T123] usb_new_device+0x17ac/0x2370 [ 144.727136][ T113] ? usb_register_driver+0x5f0/0x5f0 [ 144.731643][ T123] hub_event+0x5589/0x8080 [ 144.736889][ T113] really_probe+0x506/0x1000 [ 144.741812][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 144.747101][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 144.751516][ T123] ? led_work+0x730/0x730 [ 144.756209][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 144.761992][ T123] ? led_work+0x730/0x730 [ 144.768144][ T113] __driver_probe_device+0x2fa/0x3d0 [ 144.772505][ T123] process_one_work+0xb27/0x13e0 [ 144.778369][ T113] driver_probe_device+0x72/0x7a0 [ 144.782791][ T123] worker_thread+0x1703/0x1d60 [ 144.788083][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 144.793089][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 144.798139][ T113] __device_attach_driver+0x548/0x8e0 [ 144.802965][ T123] ? __kthread_parkme+0x110/0x1b0 [ 144.803092][ T123] kthread+0x31b/0x430 [ 144.808870][ T113] bus_for_each_drv+0x1fc/0x360 [ 144.814722][ T123] ? worker_clr_flags+0x2b0/0x2b0 [ 144.820146][ T113] ? coredump_store+0xa0/0xa0 [ 144.825243][ T123] ? kthread_blkcg+0x120/0x120 [ 144.829349][ T113] __device_attach+0x42a/0x720 [ 144.834259][ T123] ret_from_fork+0x1f/0x30 [ 144.839327][ T113] device_initial_probe+0x2e/0x40 [ 144.844067][ T123] [ 144.844107][ T123] ---[ end trace 0000000000000000 ]--- [ 144.848842][ T113] bus_probe_device+0x13c/0x3b0 [ 144.879853][ T113] device_add+0x1d4b/0x26c0 [ 144.884604][ T113] usb_set_configuration+0x30f8/0x37e0 [ 144.888252][ T3507] udevd[3507]: setting owner of /dev/bus/usb/004/009 to uid=0, gid=0 failed: No such file or directory [ 144.890301][ T113] usb_generic_driver_probe+0x105/0x290 [ 144.908250][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 144.914371][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 144.920313][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 144.926325][ T113] usb_probe_device+0x288/0x490 [ 144.931402][ T113] ? usb_register_device_driver+0x440/0x440 [ 144.937600][ T113] really_probe+0x506/0x1000 [ 144.942497][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 144.948805][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 144.954945][ T113] __driver_probe_device+0x2fa/0x3d0 [ 144.960482][ T113] driver_probe_device+0x72/0x7a0 [ 144.965833][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 144.971895][ T113] __device_attach_driver+0x548/0x8e0 [ 144.977598][ T113] bus_for_each_drv+0x1fc/0x360 [ 144.982748][ T113] ? coredump_store+0xa0/0xa0 [ 144.987668][ T113] __device_attach+0x42a/0x720 [ 144.992753][ T113] device_initial_probe+0x2e/0x40 [ 144.998016][ T113] bus_probe_device+0x13c/0x3b0 [ 145.003171][ T113] device_add+0x1d4b/0x26c0 [ 145.007965][ T113] usb_new_device+0x17ac/0x2370 [ 145.013153][ T113] hub_event+0x5589/0x8080 [ 145.017903][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 145.024028][ T113] ? led_work+0x730/0x730 [ 145.028587][ T113] ? led_work+0x730/0x730 [ 145.033223][ T113] process_one_work+0xb27/0x13e0 [ 145.038424][ T113] worker_thread+0x1703/0x1d60 [ 145.043531][ T113] kthread+0x31b/0x430 [ 145.047804][ T113] ? worker_clr_flags+0x2b0/0x2b0 [ 145.053144][ T113] ? kthread_blkcg+0x120/0x120 [ 145.058116][ T113] ret_from_fork+0x1f/0x30 [pid 3564] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3564] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3562] exit_group(0 [pid 3561] exit_group(0 [pid 3564] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3562] <... exit_group resumed>) = ? [pid 3561] <... exit_group resumed>) = ? [pid 3564] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3564] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3562] +++ exited with 0 +++ [pid 3561] +++ exited with 0 +++ [pid 3564] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3495] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3562, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3491] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3561, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 3495] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3491] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3564] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3495] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3570 [pid 3491] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3571 ./strace-static-x86_64: Process 3571 attached ./strace-static-x86_64: Process 3570 attached [pid 3564] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 145.062840][ T113] [ 145.066106][ T113] ---[ end trace 0000000000000000 ]--- [ 145.087838][ T113] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3571] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3570] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3564] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3571] <... prctl resumed>) = 0 [pid 3570] <... prctl resumed>) = 0 [pid 3564] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3563] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3564] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3571] setpgid(0, 0 [pid 3570] setpgid(0, 0 [pid 3563] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3571] <... setpgid resumed>) = 0 [pid 3570] <... setpgid resumed>) = 0 [pid 3571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3571] <... openat resumed>) = 3 [pid 3571] write(3, "1000", 4 [pid 3570] <... openat resumed>) = 3 [ 145.122986][ T28] usb 2-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 145.132243][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.136040][ T113] usb 3-1: USB disconnect, device number 10 [ 145.140555][ T28] usb 2-1: Product: syz [ 145.150892][ T28] usb 2-1: Manufacturer: syz [ 145.155709][ T28] usb 2-1: SerialNumber: syz [pid 3571] <... write resumed>) = 4 [pid 3570] write(3, "1000", 4 [pid 3571] close(3 [pid 3570] <... write resumed>) = 4 [pid 3571] <... close resumed>) = 0 [pid 3570] close(3 [pid 3563] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3571] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3570] <... close resumed>) = 0 [pid 3563] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3571] <... openat resumed>) = 3 [pid 3570] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3571] ioctl(3, USB_RAW_IOCTL_INIT [pid 3570] <... openat resumed>) = 3 [pid 3563] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3570] ioctl(3, USB_RAW_IOCTL_INIT [pid 3571] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3563] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3571] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3570] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3570] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3571] <... ioctl resumed>, 0) = 0 [pid 3570] <... ioctl resumed>, 0) = 0 [pid 3571] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3570] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3563] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3571] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3570] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3563] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3571] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3570] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3563] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3563] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3564] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3563] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 145.283826][ T3501] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 145.285408][ T28] usb 2-1: config 0 descriptor?? [ 145.293103][ T3501] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.306427][ T3501] usb 1-1: Product: syz [ 145.310749][ T3501] usb 1-1: Manufacturer: syz [ 145.315622][ T3501] usb 1-1: SerialNumber: syz [pid 3564] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3564] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3564] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3567] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3564] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3567] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3564] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3567] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3566] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3564] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3563] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3567] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3566] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3563] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3563] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 145.332833][ T6] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 145.340952][ T25] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 145.341834][ T3564] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 145.356601][ T3501] usb 1-1: config 0 descriptor?? [ 145.375967][ T3564] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [pid 3563] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3566] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3564] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3563] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3566] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3563] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [ 145.388659][ T3563] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 145.390469][ T123] comedi comedi2: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 145.403171][ T3563] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [pid 3563] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3564] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3563] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 145.434227][ T28] ------------[ cut here ]------------ [ 145.439825][ T28] usb 2-1: BOGUS urb xfer, pipe 1 != type 3 [ 145.447983][ T28] WARNING: CPU: 1 PID: 28 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 145.457747][ T28] Modules linked in: [ 145.461805][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 145.466428][ T3501] ------------[ cut here ]------------ [ 145.473496][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 145.478982][ T3501] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 145.489175][ T28] Workqueue: usb_hub_wq hub_event [ 145.496495][ T3501] WARNING: CPU: 0 PID: 3501 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 145.500434][ T28] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 145.510148][ T3501] Modules linked in: [ 145.515859][ T28] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 145.519765][ T3501] CPU: 0 PID: 3501 Comm: kworker/0:3 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 145.539464][ T28] RSP: 0018:ffff8881027a2878 EFLAGS: 00010246 [ 145.539561][ T28] RAX: c3242d7576535800 RBX: 0000000000000000 RCX: ffff888102684180 [ 145.551138][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 145.551218][ T3501] Workqueue: usb_hub_wq hub_event [ 145.557313][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 145.557386][ T28] RBP: ffff8881027a2998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 145.565411][ T3501] [ 145.565442][ T3501] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 145.575543][ T28] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 145.580588][ T3501] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 145.588616][ T28] R13: 0000000000000003 R14: ffff888102684cd8 R15: 0000000000000000 [ 145.596693][ T3501] RSP: 0018:ffff888122a6e878 EFLAGS: 00010246 [ 145.599044][ T28] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 145.604756][ T3501] [ 145.604785][ T3501] RAX: f66d70e6d79e2000 RBX: 0000000000000000 RCX: ffff888121010000 [ 145.612836][ T28] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.612920][ T28] CR2: 000055a474500680 CR3: 000000010dbfe000 CR4: 00000000003506e0 [ 145.632579][ T3501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 145.640574][ T28] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 145.646738][ T3501] RBP: ffff888122a6e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 145.655713][ T28] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 145.655788][ T28] Call Trace: [ 145.658102][ T3501] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 145.666185][ T28] [ 145.672898][ T3501] R13: 0000000000000003 R14: ffff888121010b58 R15: 0000000000000000 [ 145.680887][ T28] usb_start_wait_urb+0xcf/0x350 [ 145.688907][ T3501] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 145.696942][ T28] usb_bulk_msg+0x5cc/0x6f0 [ 145.705002][ T3501] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.713063][ T28] usb_interrupt_msg+0x54/0x70 [ 145.716360][ T3501] CR2: 00007f3ece476cc0 CR3: 000000010dbfe000 CR4: 00000000003506f0 [ 145.724477][ T28] vmk80xx_write_packet+0x5f7/0x7d0 [ 145.727373][ T3501] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 145.735450][ T28] vmk80xx_auto_attach+0xe75/0x1e60 [ 145.740424][ T3501] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 145.749481][ T28] ? vmk80xx_detach+0x1a0/0x1a0 [ 145.754040][ T3501] Call Trace: [ 145.760607][ T28] comedi_auto_config+0x2de/0x620 [ 145.765466][ T3501] [ 145.765551][ T3501] usb_start_wait_urb+0xcf/0x350 [ 145.773524][ T28] comedi_usb_auto_config+0x3f/0x50 [ 145.778759][ T3501] usb_bulk_msg+0x5cc/0x6f0 [ 145.786843][ T28] vmk80xx_usb_probe+0x54/0x70 [ 145.792027][ T3501] usb_interrupt_msg+0x54/0x70 [ 145.800048][ T28] ? vmk80xx_read_packet+0x770/0x770 [ 145.805044][ T3501] vmk80xx_write_packet+0x5f7/0x7d0 [ 145.808337][ T28] usb_probe_interface+0xc4b/0x11f0 [ 145.813464][ T3501] vmk80xx_auto_attach+0xe75/0x1e60 [ 145.816405][ T28] ? usb_register_driver+0x5f0/0x5f0 [ 145.821358][ T3501] ? vmk80xx_detach+0x1a0/0x1a0 [ 145.826602][ T28] really_probe+0x506/0x1000 [ 145.831118][ T3501] comedi_auto_config+0x2de/0x620 [ 145.835942][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 145.840754][ T3501] comedi_usb_auto_config+0x3f/0x50 [ 145.846147][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 145.851317][ T3501] vmk80xx_usb_probe+0x54/0x70 [ 145.856577][ T28] __driver_probe_device+0x2fa/0x3d0 [ 145.861842][ T3501] ? vmk80xx_read_packet+0x770/0x770 [ 145.867213][ T28] driver_probe_device+0x72/0x7a0 [ 145.872086][ T3501] usb_probe_interface+0xc4b/0x11f0 [ 145.876743][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 145.881817][ T3501] ? usb_register_driver+0x5f0/0x5f0 [ 145.887947][ T28] __device_attach_driver+0x548/0x8e0 [ 145.893220][ T3501] really_probe+0x506/0x1000 [ 145.899036][ T28] bus_for_each_drv+0x1fc/0x360 [ 145.903864][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 145.904010][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 145.909366][ T28] ? coredump_store+0xa0/0xa0 [ 145.915077][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 145.919764][ T28] __device_attach+0x42a/0x720 [ 145.925035][ T3501] driver_probe_device+0x72/0x7a0 [ 145.930874][ T28] device_initial_probe+0x2e/0x40 [ 145.936227][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 145.936375][ T3501] __device_attach_driver+0x548/0x8e0 [ 145.936533][ T3501] bus_for_each_drv+0x1fc/0x360 [ 145.941921][ T28] bus_probe_device+0x13c/0x3b0 [ 145.946786][ T3501] ? coredump_store+0xa0/0xa0 [ 145.951469][ T28] device_add+0x1d4b/0x26c0 [ 145.957621][ T3501] __device_attach+0x42a/0x720 [ 145.963538][ T28] usb_set_configuration+0x30f8/0x37e0 [ 145.968183][ T3501] device_initial_probe+0x2e/0x40 [ 145.973568][ T28] usb_generic_driver_probe+0x105/0x290 [ 145.978356][ T3501] bus_probe_device+0x13c/0x3b0 [ 145.983462][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 145.988514][ T3501] device_add+0x1d4b/0x26c0 [ 145.994366][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 145.999794][ T3501] usb_set_configuration+0x30f8/0x37e0 [ 146.004729][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 146.009667][ T3501] usb_generic_driver_probe+0x105/0x290 [ 146.014341][ T28] usb_probe_device+0x288/0x490 [ 146.018881][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 146.023838][ T28] ? usb_register_device_driver+0x440/0x440 [ 146.029189][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 146.034274][ T28] really_probe+0x506/0x1000 [ 146.039894][ T3501] ? usb_choose_configuration+0xdc0/0xdc0 [ 146.044823][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 146.050640][ T3501] usb_probe_device+0x288/0x490 [ 146.055338][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 146.060960][ T3501] ? usb_register_device_driver+0x440/0x440 [ 146.066497][ T28] __driver_probe_device+0x2fa/0x3d0 [ 146.072214][ T3501] really_probe+0x506/0x1000 [ 146.077833][ T28] driver_probe_device+0x72/0x7a0 [ 146.082786][ T3501] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 146.088568][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 146.094582][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 146.100252][ T28] __device_attach_driver+0x548/0x8e0 [ 146.104981][ T3501] __driver_probe_device+0x2fa/0x3d0 [ 146.110724][ T28] bus_for_each_drv+0x1fc/0x360 [ 146.116865][ T3501] driver_probe_device+0x72/0x7a0 [ 146.121697][ T28] ? coredump_store+0xa0/0xa0 [ 146.127588][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 146.133584][ T28] __device_attach+0x42a/0x720 [ 146.138899][ T3501] __device_attach_driver+0x548/0x8e0 [ 146.143635][ T28] device_initial_probe+0x2e/0x40 [ 146.148613][ T3501] bus_for_each_drv+0x1fc/0x360 [ 146.154743][ T28] bus_probe_device+0x13c/0x3b0 [ 146.160621][ T3501] ? coredump_store+0xa0/0xa0 [ 146.166541][ T28] device_add+0x1d4b/0x26c0 [ 146.171924][ T3501] __device_attach+0x42a/0x720 [ 146.177280][ T28] usb_new_device+0x17ac/0x2370 [ 146.182154][ T3501] device_initial_probe+0x2e/0x40 [ 146.187278][ T28] hub_event+0x5589/0x8080 [ 146.191866][ T3501] bus_probe_device+0x13c/0x3b0 [ 146.197810][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 146.202633][ T3501] device_add+0x1d4b/0x26c0 [ 146.208050][ T28] ? led_work+0x730/0x730 [ 146.213224][ T3501] usb_new_device+0x17ac/0x2370 [ 146.218007][ T28] ? led_work+0x730/0x730 [ 146.222971][ T3501] hub_event+0x5589/0x8080 [ 146.227624][ T28] process_one_work+0xb27/0x13e0 [ 146.232214][ T3501] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 146.236998][ T28] worker_thread+0x1703/0x1d60 [ 146.241780][ T3501] ? led_work+0x730/0x730 [ 146.246924][ T28] kthread+0x31b/0x430 [ 146.251322][ T3501] ? led_work+0x730/0x730 [ 146.256229][ T28] ? worker_clr_flags+0x2b0/0x2b0 [ 146.262073][ T3501] process_one_work+0xb27/0x13e0 [ 146.266707][ T28] ? kthread_blkcg+0x120/0x120 [ 146.271026][ T3501] worker_thread+0x1703/0x1d60 [ 146.275986][ T28] ret_from_fork+0x1f/0x30 [ 146.276127][ T28] [ 146.276162][ T28] ---[ end trace 0000000000000000 ]--- [ 146.294357][ T123] usb 5-1: USB disconnect, device number 12 [ 146.297601][ T3501] kthread+0x31b/0x430 [ 146.318716][ T28] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 146.320380][ T3501] ? worker_clr_flags+0x2b0/0x2b0 [ 146.380535][ T3501] ? kthread_blkcg+0x120/0x120 [pid 3563] exit_group(0) = ? [pid 3563] +++ exited with 0 +++ [ 146.385604][ T3501] ret_from_fork+0x1f/0x30 [ 146.390259][ T3501] [ 146.393478][ T3501] ---[ end trace 0000000000000000 ]--- [ 146.428235][ T3501] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3488] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3563, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 3567] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3488] restart_syscall(<... resuming interrupted clone ...> [ 146.443447][ T6] usb 4-1: Using ep0 maxpacket: 8 [pid 3567] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3488] <... restart_syscall resumed>) = 0 [pid 3567] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3567] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 146.473679][ T3501] usb 1-1: USB disconnect, device number 10 [pid 3488] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3567] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3488] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3574 [pid 3566] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 146.534271][ T25] usb 6-1: Using ep0 maxpacket: 8 [pid 3566] ioctl(3, USB_RAW_IOCTL_EP0_WRITE./strace-static-x86_64: Process 3574 attached [pid 3567] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3566] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3574] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3567] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3566] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3574] <... prctl resumed>) = 0 [pid 3574] setpgid(0, 0) = 0 [pid 3571] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3567] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3571] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3567] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3574] <... openat resumed>) = 3 [pid 3574] write(3, "1000", 4) = 4 [pid 3566] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3574] close(3 [pid 3566] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3574] <... close resumed>) = 0 [ 146.563247][ T113] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 146.603160][ T6] usb 4-1: config 0 has an invalid interface number: 164 but max is 0 [pid 3574] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3571] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3567] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3566] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3574] ioctl(3, USB_RAW_IOCTL_INIT [pid 3571] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3567] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3566] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3574] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3564] exit_group(0 [pid 3574] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3564] <... exit_group resumed>) = ? [pid 3574] <... ioctl resumed>, 0) = 0 [pid 3567] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3566] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3574] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3567] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3566] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3574] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 146.611644][ T6] usb 4-1: config 0 has no interface number 0 [ 146.618394][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 146.628722][ T6] usb 4-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3574] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3567] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3566] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3564] +++ exited with 0 +++ [pid 3490] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3564, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3490] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3490] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3567] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3566] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3490] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3575 ./strace-static-x86_64: Process 3575 attached [pid 3575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3575] setpgid(0, 0) = 0 [pid 3575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3575] write(3, "1000", 4 [pid 3566] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3575] <... write resumed>) = 4 [pid 3575] close(3 [pid 3566] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3575] <... close resumed>) = 0 [pid 3575] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3575] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [ 146.674575][ T28] usb 2-1: USB disconnect, device number 12 [ 146.675074][ T25] usb 6-1: config 0 has an invalid interface number: 164 but max is 0 [ 146.689074][ T25] usb 6-1: config 0 has no interface number 0 [ 146.695511][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 146.705701][ T25] usb 6-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 3575] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3567] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3566] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3575] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3567] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3566] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3575] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3575] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3570] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3567] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3566] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3570] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3567] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3566] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3570] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3567] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3566] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3570] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3567] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [ 146.755474][ T123] usb 5-1: new high-speed USB device number 13 using dummy_hcd [pid 3566] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3567] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3566] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3567] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3566] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3567] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3566] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3567] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3566] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3571] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 146.833298][ T113] usb 3-1: Using ep0 maxpacket: 8 [pid 3571] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3567] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3566] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3571] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3571] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3567] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3566] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [ 146.863128][ T6] usb 4-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 146.872785][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.881493][ T6] usb 4-1: Product: syz [ 146.886118][ T6] usb 4-1: Manufacturer: syz [ 146.891004][ T6] usb 4-1: SerialNumber: syz [ 146.902584][ T6] usb 4-1: config 0 descriptor?? [pid 3566] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3571] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3571] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3567] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3567] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3567] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3567] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3571] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3567] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [ 146.911356][ T25] usb 6-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 146.920901][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.929345][ T25] usb 6-1: Product: syz [ 146.933757][ T25] usb 6-1: Manufacturer: syz [ 146.938531][ T25] usb 6-1: SerialNumber: syz [ 146.944545][ T3567] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 146.954552][ T25] usb 6-1: config 0 descriptor?? [pid 3571] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3567] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3571] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3571] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3566] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3567] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3566] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3566] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3567] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3566] <... ioctl resumed>, 0) = 0 [pid 3567] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3571] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [ 146.969882][ T3567] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 146.992571][ T113] usb 3-1: config 0 has an invalid interface number: 164 but max is 0 [ 147.000966][ T3566] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 147.003278][ T123] usb 5-1: Using ep0 maxpacket: 8 [pid 3571] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3566] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3566] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3566] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3570] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3570] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [ 147.009856][ T113] usb 3-1: config 0 has no interface number 0 [ 147.016231][ T3566] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 147.021113][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 147.038595][ T113] usb 3-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 147.055645][ T6] ------------[ cut here ]------------ [ 147.063256][ T6] usb 4-1: BOGUS urb xfer, pipe 1 != type 3 [pid 3570] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3570] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 9 [ 147.070833][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 147.080812][ T6] Modules linked in: [ 147.085213][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 147.097047][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 147.107617][ T6] Workqueue: usb_hub_wq hub_event [ 147.113292][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [pid 3570] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 147.119401][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 147.139608][ T6] RSP: 0018:ffff888102616878 EFLAGS: 00010246 [ 147.142686][ T28] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 147.146019][ T6] RAX: 9ab4860bd45fdb00 RBX: 0000000000000000 RCX: ffff888102604180 [ 147.154078][ T123] usb 5-1: config 0 has an invalid interface number: 164 but max is 0 [pid 3570] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3575] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3570] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3575] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3570] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 147.161740][ T6] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 147.170909][ T123] usb 5-1: config 0 has no interface number 0 [ 147.178175][ T6] RBP: ffff888102616998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 147.178264][ T6] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 147.178337][ T6] R13: 0000000000000003 R14: ffff888102604cd8 R15: 0000000000000000 [ 147.184494][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [pid 3567] exit_group(0) = ? [pid 3575] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3570] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3575] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3570] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3567] +++ exited with 0 +++ [pid 3570] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3492] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3567, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [ 147.184622][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 147.192663][ T6] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 147.192762][ T6] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 147.246737][ T6] CR2: 00007f3ece476cc0 CR3: 0000000116b29000 CR4: 00000000003506f0 [ 147.255218][ T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 147.263676][ T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 147.272067][ T6] Call Trace: [ 147.275781][ T6] [ 147.279138][ T6] usb_start_wait_urb+0xcf/0x350 [ 147.284626][ T6] usb_bulk_msg+0x5cc/0x6f0 [ 147.289595][ T6] usb_interrupt_msg+0x54/0x70 [ 147.294893][ T6] vmk80xx_write_packet+0x5f7/0x7d0 [ 147.300588][ T6] vmk80xx_auto_attach+0xe75/0x1e60 [ 147.306401][ T6] ? vmk80xx_detach+0x1a0/0x1a0 [ 147.311714][ T6] comedi_auto_config+0x2de/0x620 [ 147.317351][ T6] comedi_usb_auto_config+0x3f/0x50 [ 147.323107][ T6] vmk80xx_usb_probe+0x54/0x70 [ 147.328358][ T6] ? vmk80xx_read_packet+0x770/0x770 [ 147.334225][ T6] usb_probe_interface+0xc4b/0x11f0 [ 147.339937][ T6] ? usb_register_driver+0x5f0/0x5f0 [ 147.345809][ T6] really_probe+0x506/0x1000 [ 147.350885][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 147.357562][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 147.363925][ T6] __driver_probe_device+0x2fa/0x3d0 [ 147.369721][ T6] driver_probe_device+0x72/0x7a0 [ 147.375380][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 147.381688][ T6] __device_attach_driver+0x548/0x8e0 [ 147.387678][ T6] bus_for_each_drv+0x1fc/0x360 [ 147.393075][ T6] ? coredump_store+0xa0/0xa0 [ 147.398243][ T6] __device_attach+0x42a/0x720 [ 147.403620][ T6] device_initial_probe+0x2e/0x40 [ 147.409125][ T6] bus_probe_device+0x13c/0x3b0 [ 147.414583][ T6] device_add+0x1d4b/0x26c0 [ 147.419567][ T6] usb_set_configuration+0x30f8/0x37e0 [ 147.425677][ T6] usb_generic_driver_probe+0x105/0x290 [ 147.431694][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 147.438105][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 147.442891][ T123] usb 5-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 147.444186][ T6] ? usb_choose_configuration+0xdc0/0xdc0 [ 147.453427][ T123] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.459172][ T6] usb_probe_device+0x288/0x490 [ 147.467234][ T123] usb 5-1: Product: syz [ 147.467315][ T123] usb 5-1: Manufacturer: syz [ 147.467398][ T123] usb 5-1: SerialNumber: syz [ 147.472239][ T6] ? usb_register_device_driver+0x440/0x440 [ 147.479343][ T28] usb 2-1: Using ep0 maxpacket: 8 [ 147.481009][ T6] really_probe+0x506/0x1000 [ 147.502894][ T6] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 147.509461][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 147.515832][ T6] __driver_probe_device+0x2fa/0x3d0 [ 147.521606][ T6] driver_probe_device+0x72/0x7a0 [ 147.527186][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 147.533566][ T6] __device_attach_driver+0x548/0x8e0 [ 147.539440][ T6] bus_for_each_drv+0x1fc/0x360 [ 147.544835][ T6] ? coredump_store+0xa0/0xa0 [ 147.550001][ T6] __device_attach+0x42a/0x720 [ 147.552901][ T123] usb 5-1: config 0 descriptor?? [ 147.555135][ T6] device_initial_probe+0x2e/0x40 [ 147.565682][ T6] bus_probe_device+0x13c/0x3b0 [ 147.571019][ T6] device_add+0x1d4b/0x26c0 [ 147.576125][ T6] usb_new_device+0x17ac/0x2370 [ 147.581492][ T6] hub_event+0x5589/0x8080 [ 147.586594][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 147.592960][ T6] ? led_work+0x730/0x730 [ 147.593739][ T3570] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [ 147.597568][ T6] ? led_work+0x730/0x730 [ 147.609712][ T6] process_one_work+0xb27/0x13e0 [ 147.615269][ T6] worker_thread+0x1703/0x1d60 [pid 3570] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3492] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3576 [pid 3570] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3570] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3570] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3570] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3570] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3570] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3570] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3575] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3575] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [pid 3575] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3575] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3570] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3570] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3570] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3570] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3575] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [pid 3570] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3575] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3570] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3575] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3570] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3575] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3570] ioctl(3, USB_RAW_IOCTL_EP0_READ./strace-static-x86_64: Process 3576 attached [ 147.619328][ T3570] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [ 147.620363][ T6] kthread+0x31b/0x430 [ 147.632200][ T6] ? worker_clr_flags+0x2b0/0x2b0 [ 147.637838][ T6] ? kthread_blkcg+0x120/0x120 [ 147.643158][ T6] ret_from_fork+0x1f/0x30 [ 147.648063][ T6] [ 147.651460][ T6] ---[ end trace 0000000000000000 ]--- [ 147.661522][ T28] usb 2-1: config 0 has an invalid interface number: 164 but max is 0 [ 147.670008][ T28] usb 2-1: config 0 has no interface number 0 [ 147.674599][ T3501] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 147.676290][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 147.684667][ T6] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 147.693839][ T28] usb 2-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 147.708465][ T6] usb 4-1: USB disconnect, device number 10 [pid 3576] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3575] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3574] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3571] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3570] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3566] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [ 147.721462][ T25] ------------[ cut here ]------------ [ 147.727439][ T25] usb 6-1: BOGUS urb xfer, pipe 1 != type 3 [ 147.737441][ T25] WARNING: CPU: 0 PID: 25 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 147.737966][ T123] ------------[ cut here ]------------ [ 147.747219][ T25] Modules linked in: [ 147.747279][ T25] CPU: 0 PID: 25 Comm: kworker/0:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 147.747403][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 147.747481][ T25] Workqueue: usb_hub_wq hub_event [ 147.752994][ T123] usb 5-1: BOGUS urb xfer, pipe 1 != type 3 [ 147.756881][ T25] [ 147.756912][ T25] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 147.769693][ T123] WARNING: CPU: 1 PID: 123 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 147.778487][ T25] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 147.783589][ T123] Modules linked in: [ 147.789473][ T25] RSP: 0018:ffff8881026f6878 EFLAGS: 00010246 [ 147.791828][ T123] CPU: 1 PID: 123 Comm: kworker/1:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 147.797532][ T25] [ 147.797559][ T25] RAX: 5ec2ec8ff90d0c00 RBX: 0000000000000000 RCX: ffff88810267c180 [ 147.807194][ T123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 147.826833][ T25] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 147.826906][ T25] RBP: ffff8881026f6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 147.830843][ T123] Workqueue: usb_hub_wq hub_event [ 147.836961][ T25] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 147.848499][ T123] [ 147.850822][ T25] R13: 0000000000000003 R14: ffff88810267ccd8 R15: 0000000000000000 [ 147.858920][ T123] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 147.869029][ T25] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000 [ 147.877098][ T123] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 147.885168][ T25] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 147.885251][ T25] CR2: 00007f3ece476cc0 CR3: 00000001229b1000 CR4: 00000000003506f0 [ 147.890265][ T123] RSP: 0018:ffff8881092b6878 EFLAGS: 00010246 [ 147.898349][ T25] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 147.900662][ T123] [ 147.900689][ T123] RAX: f603424d0d5e4e00 RBX: 0000000000000000 RCX: ffff888103e720c0 [ 147.908721][ T25] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 147.914437][ T123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 147.923471][ T25] Call Trace: [ 147.923506][ T25] [ 147.923587][ T25] usb_start_wait_urb+0xcf/0x350 [ 147.943326][ T123] RBP: ffff8881092b6998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 147.949810][ T25] usb_bulk_msg+0x5cc/0x6f0 [ 147.957846][ T123] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 147.964029][ T25] usb_interrupt_msg+0x54/0x70 [ 147.972017][ T123] R13: 0000000000000003 R14: ffff888103e72c18 R15: 0000000000000000 [ 147.974439][ T25] vmk80xx_write_packet+0x5f7/0x7d0 [ 147.982481][ T123] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 147.990492][ T25] vmk80xx_auto_attach+0xe75/0x1e60 [ 147.998497][ T123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 148.001851][ T25] ? vmk80xx_detach+0x1a0/0x1a0 [ 148.004939][ T123] CR2: 00007f3ece45e910 CR3: 0000000127330000 CR4: 00000000003506e0 [ 148.009793][ T25] comedi_auto_config+0x2de/0x620 [ 148.017846][ T123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 148.022462][ T25] comedi_usb_auto_config+0x3f/0x50 [ 148.030447][ T123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 148.035301][ T25] vmk80xx_usb_probe+0x54/0x70 [ 148.043348][ T123] Call Trace: [ 148.043384][ T123] [ 148.048547][ T25] ? vmk80xx_read_packet+0x770/0x770 [ 148.057584][ T123] usb_start_wait_urb+0xcf/0x350 [ 148.062839][ T25] usb_probe_interface+0xc4b/0x11f0 [ 148.069522][ T123] usb_bulk_msg+0x5cc/0x6f0 [ 148.074460][ T25] ? usb_register_driver+0x5f0/0x5f0 [ 148.082511][ T123] usb_interrupt_msg+0x54/0x70 [ 148.087509][ T25] really_probe+0x506/0x1000 [ 148.095555][ T123] vmk80xx_write_packet+0x5f7/0x7d0 [ 148.100780][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 148.108896][ T123] vmk80xx_auto_attach+0xe75/0x1e60 [ 148.113703][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 148.117005][ T123] ? vmk80xx_detach+0x1a0/0x1a0 [ 148.119932][ T25] __driver_probe_device+0x2fa/0x3d0 [ 148.125352][ T123] comedi_auto_config+0x2de/0x620 [ 148.130249][ T25] driver_probe_device+0x72/0x7a0 [ 148.135514][ T123] comedi_usb_auto_config+0x3f/0x50 [ 148.140035][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 148.145419][ T123] vmk80xx_usb_probe+0x54/0x70 [ 148.150177][ T25] __device_attach_driver+0x548/0x8e0 [ 148.154824][ T123] ? vmk80xx_read_packet+0x770/0x770 [ 148.160067][ T25] bus_for_each_drv+0x1fc/0x360 [ 148.166236][ T123] usb_probe_interface+0xc4b/0x11f0 [ 148.171426][ T25] ? coredump_store+0xa0/0xa0 [ 148.177319][ T123] ? usb_register_driver+0x5f0/0x5f0 [ 148.182199][ T25] __device_attach+0x42a/0x720 [ 148.187611][ T123] really_probe+0x506/0x1000 [ 148.192607][ T25] device_initial_probe+0x2e/0x40 [ 148.197606][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 148.202889][ T25] bus_probe_device+0x13c/0x3b0 [ 148.208740][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 148.213592][ T25] device_add+0x1d4b/0x26c0 [ 148.218955][ T123] __driver_probe_device+0x2fa/0x3d0 [ 148.224428][ T25] usb_set_configuration+0x30f8/0x37e0 [ 148.229301][ T123] driver_probe_device+0x72/0x7a0 [ 148.234640][ T25] usb_generic_driver_probe+0x105/0x290 [ 148.239253][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 148.244611][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 148.249458][ T123] __device_attach_driver+0x548/0x8e0 [ 148.254123][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 148.259157][ T123] bus_for_each_drv+0x1fc/0x360 [ 148.265322][ T25] ? usb_choose_configuration+0xdc0/0xdc0 [ 148.270258][ T123] ? coredump_store+0xa0/0xa0 [ 148.276119][ T25] usb_probe_device+0x288/0x490 [ 148.280635][ T123] __device_attach+0x42a/0x720 [ 148.285999][ T25] ? usb_register_device_driver+0x440/0x440 [ 148.291508][ T123] device_initial_probe+0x2e/0x40 [ 148.296603][ T25] really_probe+0x506/0x1000 [ 148.302162][ T123] bus_probe_device+0x13c/0x3b0 [ 148.308049][ T25] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 148.314013][ T123] device_add+0x1d4b/0x26c0 [ 148.319412][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 148.325254][ T123] usb_set_configuration+0x30f8/0x37e0 [ 148.330081][ T25] __driver_probe_device+0x2fa/0x3d0 [ 148.335929][ T123] usb_generic_driver_probe+0x105/0x290 [ 148.340581][ T25] driver_probe_device+0x72/0x7a0 [ 148.345525][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 148.350286][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 148.356235][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 148.361315][ T25] __device_attach_driver+0x548/0x8e0 [ 148.366082][ T123] ? usb_choose_configuration+0xdc0/0xdc0 [ 148.370881][ T25] bus_for_each_drv+0x1fc/0x360 [ 148.377001][ T123] usb_probe_device+0x288/0x490 [ 148.381539][ T25] ? coredump_store+0xa0/0xa0 [ 148.387463][ T123] ? usb_register_device_driver+0x440/0x440 [ 148.393012][ T25] __device_attach+0x42a/0x720 [ 148.398291][ T123] really_probe+0x506/0x1000 [ 148.403950][ T25] device_initial_probe+0x2e/0x40 [ 148.409064][ T123] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 148.414955][ T25] bus_probe_device+0x13c/0x3b0 [ 148.420767][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 148.426574][ T25] device_add+0x1d4b/0x26c0 [ 148.432036][ T123] __driver_probe_device+0x2fa/0x3d0 [ 148.437857][ T25] usb_new_device+0x17ac/0x2370 [ 148.442792][ T123] driver_probe_device+0x72/0x7a0 [ 148.447655][ T25] hub_event+0x5589/0x8080 [ 148.452368][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 148.458373][ T25] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 148.463168][ T123] __device_attach_driver+0x548/0x8e0 [ 148.467742][ T25] ? led_work+0x730/0x730 [ 148.472846][ T123] bus_for_each_drv+0x1fc/0x360 [ 148.478934][ T25] ? led_work+0x730/0x730 [ 148.484526][ T123] ? coredump_store+0xa0/0xa0 [ 148.489684][ T25] process_one_work+0xb27/0x13e0 [ 148.494264][ T123] __device_attach+0x42a/0x720 [ 148.499602][ T25] worker_thread+0x1703/0x1d60 [ 148.504538][ T123] device_initial_probe+0x2e/0x40 [ 148.509573][ T25] kthread+0x31b/0x430 [ 148.514014][ T123] bus_probe_device+0x13c/0x3b0 [ 148.519853][ T25] ? worker_clr_flags+0x2b0/0x2b0 [ 148.525777][ T123] device_add+0x1d4b/0x26c0 [ 148.531136][ T25] ? kthread_blkcg+0x120/0x120 [ 148.535542][ T123] usb_new_device+0x17ac/0x2370 [ 148.540405][ T25] ret_from_fork+0x1f/0x30 [ 148.544911][ T123] hub_event+0x5589/0x8080 [ 148.549520][ T25] [ 148.554572][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 148.559293][ T25] ---[ end trace 0000000000000000 ]--- [pid 3575] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3574] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3571] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3575] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3570] exit_group(0 [pid 3566] exit_group(0 [pid 3497] kill(-3566, SIGKILL [pid 3571] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3576] <... prctl resumed>) = 0 [pid 3574] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3571] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3570] <... exit_group resumed>) = ? [pid 3566] +++ killed by SIGKILL +++ [pid 3497] <... kill resumed>) = 0 [pid 3576] setpgid(0, 0 [pid 3574] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3571] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3497] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3566, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 3576] <... setpgid resumed>) = 0 [pid 3571] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3570] +++ exited with 0 +++ [pid 3497] kill(3566, SIGKILL [pid 3576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3497] <... kill resumed>) = 0 [pid 3495] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3570, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 3576] <... openat resumed>) = 3 [pid 3495] restart_syscall(<... resuming interrupted clone ...> [pid 3576] write(3, "1000", 4 [pid 3571] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3495] <... restart_syscall resumed>) = 0 [pid 3576] <... write resumed>) = 4 [pid 3571] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3497] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3576] close(3) = 0 [pid 3497] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3577 [pid 3495] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3576] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3571] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3495] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3578 [pid 3576] ioctl(3, USB_RAW_IOCTL_INIT [pid 3571] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3576] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 148.630179][ T123] ? led_work+0x730/0x730 [ 148.634813][ T123] ? led_work+0x730/0x730 [ 148.639382][ T123] process_one_work+0xb27/0x13e0 [ 148.644637][ T123] worker_thread+0x1703/0x1d60 [ 148.649641][ T123] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 148.655756][ T123] ? __kthread_parkme+0x110/0x1b0 [ 148.661005][ T123] kthread+0x31b/0x430 [ 148.665322][ T123] ? worker_clr_flags+0x2b0/0x2b0 [ 148.670587][ T123] ? kthread_blkcg+0x120/0x120 [ 148.675620][ T123] ret_from_fork+0x1f/0x30 [pid 3576] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3575] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3571] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3575] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3571] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3576] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3571] <... ioctl resumed>, 0x7ffcf7249d20) = 0 ./strace-static-x86_64: Process 3578 attached ./strace-static-x86_64: Process 3577 attached [pid 3576] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3575] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3571] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3578] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3577] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3576] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3575] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3578] <... prctl resumed>) = 0 [pid 3577] <... prctl resumed>) = 0 [pid 3578] setpgid(0, 0 [pid 3577] setpgid(0, 0 [pid 3578] <... setpgid resumed>) = 0 [pid 3577] <... setpgid resumed>) = 0 [pid 3578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3578] <... openat resumed>) = 3 [pid 3577] <... openat resumed>) = 3 [pid 3575] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 148.680264][ T123] [ 148.683460][ T123] ---[ end trace 0000000000000000 ]--- [ 148.716913][ T25] comedi comedi2: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [pid 3578] write(3, "1000", 4 [pid 3577] write(3, "1000", 4 [pid 3575] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3571] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3578] <... write resumed>) = 4 [pid 3577] <... write resumed>) = 4 [pid 3575] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3571] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3578] close(3 [pid 3577] close(3 [pid 3575] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3578] <... close resumed>) = 0 [pid 3577] <... close resumed>) = 0 [pid 3578] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3577] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR [pid 3578] <... openat resumed>) = 3 [pid 3577] <... openat resumed>) = 3 [ 148.750516][ T25] usb 6-1: USB disconnect, device number 11 [ 148.760044][ T113] usb 3-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 148.769646][ T113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.778059][ T113] usb 3-1: Product: syz [ 148.782458][ T113] usb 3-1: Manufacturer: syz [ 148.787221][ T113] usb 3-1: SerialNumber: syz [pid 3578] ioctl(3, USB_RAW_IOCTL_INIT [pid 3577] ioctl(3, USB_RAW_IOCTL_INIT [pid 3578] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3577] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3578] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3577] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN [pid 3575] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3577] <... ioctl resumed>, 0) = 0 [pid 3578] <... ioctl resumed>, 0) = 0 [pid 3577] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3575] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3574] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3578] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3577] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3575] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3574] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3578] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3577] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [ 148.822509][ T3501] usb 1-1: Using ep0 maxpacket: 8 [pid 3575] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3578] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3574] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3574] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3574] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3575] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3575] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3574] <... ioctl resumed>, 0x7ffcf7248d10) = 9 [ 148.862890][ T28] usb 2-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 148.872165][ T28] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.880411][ T28] usb 2-1: Product: syz [ 148.885481][ T28] usb 2-1: Manufacturer: syz [ 148.890250][ T28] usb 2-1: SerialNumber: syz [pid 3574] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3574] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3575] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 148.914275][ T28] usb 2-1: config 0 descriptor?? [ 148.936499][ T123] comedi comedi1: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 148.941722][ T113] usb 3-1: config 0 descriptor?? [ 148.952224][ T3501] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [ 148.960706][ T3501] usb 1-1: config 0 has no interface number 0 [ 148.967180][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [pid 3575] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3574] <... ioctl resumed>, 0x7ffcf7248d10) = 36 [pid 3571] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3574] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3575] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3571] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW [pid 3575] <... ioctl resumed>, 0) = 0 [pid 3574] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3571] <... ioctl resumed>, 0) = 0 [pid 3575] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3574] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3571] ioctl(3, USB_RAW_IOCTL_CONFIGURE [pid 3575] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [pid 3571] <... ioctl resumed>, 0) = 0 [pid 3571] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3574] <... ioctl resumed>, 0x7ffcf7248d10) = 4 [pid 3574] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3571] <... ioctl resumed>, 0x7f3ece51546c) = -1 EINVAL (Invalid argument) [ 148.977800][ T3501] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 148.978404][ T123] usb 5-1: USB disconnect, device number 13 [ 149.006956][ T3575] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 149.021472][ T3571] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [pid 3575] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3571] ioctl(3, USB_RAW_IOCTL_EP_ENABLE [pid 3575] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcf7248d10) = 0 [pid 3574] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3574] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3571] <... ioctl resumed>, 0x7f3ece51547c) = -1 EINVAL (Invalid argument) [pid 3574] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [ 149.036239][ T3575] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 149.066405][ T3571] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 149.087903][ T28] ------------[ cut here ]------------ [ 149.093627][ T28] usb 2-1: BOGUS urb xfer, pipe 1 != type 3 [ 149.100985][ T28] WARNING: CPU: 1 PID: 28 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 149.111462][ T28] Modules linked in: [ 149.115676][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 149.127319][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 149.132578][ T6] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 149.137600][ T28] Workqueue: usb_hub_wq hub_event [ 149.150590][ T28] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 149.156579][ T28] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 149.171273][ T113] sysfs: cannot create duplicate filename '/class/comedi/comedi1' [ 149.176602][ T28] RSP: 0018:ffff8881027a2878 EFLAGS: 00010246 [ 149.184549][ T113] CPU: 0 PID: 113 Comm: kworker/0:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 149.190594][ T28] RAX: c3242d7576535800 RBX: 0000000000000000 RCX: ffff888102684180 [ 149.202065][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 149.202146][ T113] Workqueue: usb_hub_wq hub_event [ 149.210179][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 149.220209][ T113] [ 149.220237][ T113] Call Trace: [ 149.220275][ T113] [ 149.225339][ T28] RBP: ffff8881027a2998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 149.233290][ T113] dump_stack_lvl+0x1c8/0x256 [ 149.235675][ T28] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 149.238997][ T113] dump_stack+0x1a/0x1c [ 149.241939][ T28] R13: 0000000000000003 R14: ffff888102684cd8 R15: 0000000000000000 [ 149.249932][ T113] sysfs_warn_dup+0x125/0x170 [ 149.250062][ T113] sysfs_do_create_link_sd+0x19b/0x260 [ 149.254810][ T28] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 149.262767][ T113] sysfs_create_link+0x83/0xe0 [ 149.266976][ T28] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.274976][ T113] device_add+0x17a6/0x26c0 [ 149.279731][ T28] CR2: 00007f3ece476cc0 CR3: 0000000127315000 CR4: 00000000003506e0 [ 149.285233][ T113] device_create+0x40a/0x550 [ 149.294330][ T28] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 149.299052][ T113] comedi_alloc_board_minor+0x4c4/0xa20 [ 149.305659][ T28] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 149.310142][ T113] ? vmk80xx_detach+0x1a0/0x1a0 [ 149.318168][ T28] Call Trace: [ 149.322723][ T113] comedi_auto_config+0x188/0x620 [ 149.330769][ T28] [ 149.330854][ T28] usb_start_wait_urb+0xcf/0x350 [ 149.336349][ T113] comedi_usb_auto_config+0x3f/0x50 [ 149.344556][ T28] usb_bulk_msg+0x5cc/0x6f0 [ 149.349253][ T113] vmk80xx_usb_probe+0x54/0x70 [ 149.352640][ T28] usb_interrupt_msg+0x54/0x70 [ 149.357601][ T113] ? vmk80xx_read_packet+0x770/0x770 [ 149.360559][ T28] vmk80xx_write_packet+0x5f7/0x7d0 [ 149.365501][ T113] usb_probe_interface+0xc4b/0x11f0 [ 149.370799][ T28] vmk80xx_auto_attach+0xe75/0x1e60 [ 149.375311][ T113] ? usb_register_driver+0x5f0/0x5f0 [ 149.380239][ T28] ? vmk80xx_detach+0x1a0/0x1a0 [ 149.384986][ T113] really_probe+0x506/0x1000 [ 149.390334][ T28] comedi_auto_config+0x2de/0x620 [ 149.395542][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 149.395693][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 149.400896][ T28] comedi_usb_auto_config+0x3f/0x50 [ 149.406093][ T113] __driver_probe_device+0x2fa/0x3d0 [ 149.411439][ T28] vmk80xx_usb_probe+0x54/0x70 [ 149.416304][ T113] driver_probe_device+0x72/0x7a0 [ 149.420948][ T28] ? vmk80xx_read_packet+0x770/0x770 [ 149.425995][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 149.432115][ T28] usb_probe_interface+0xc4b/0x11f0 [ 149.437938][ T113] __device_attach_driver+0x548/0x8e0 [ 149.443364][ T28] ? usb_register_driver+0x5f0/0x5f0 [ 149.448497][ T113] bus_for_each_drv+0x1fc/0x360 [ 149.453307][ T28] really_probe+0x506/0x1000 [ 149.458297][ T113] ? coredump_store+0xa0/0xa0 [ 149.463663][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 149.469445][ T113] __device_attach+0x42a/0x720 [ 149.474701][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 149.480047][ T113] device_initial_probe+0x2e/0x40 [ 149.485383][ T28] __driver_probe_device+0x2fa/0x3d0 [ 149.490193][ T113] bus_probe_device+0x13c/0x3b0 [ 149.494904][ T28] driver_probe_device+0x72/0x7a0 [ 149.499494][ T113] device_add+0x1d4b/0x26c0 [ 149.505609][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 149.510357][ T113] usb_set_configuration+0x30f8/0x37e0 [ 149.516206][ T28] __device_attach_driver+0x548/0x8e0 [ 149.521248][ T113] usb_generic_driver_probe+0x105/0x290 [ 149.526542][ T28] bus_for_each_drv+0x1fc/0x360 [ 149.531342][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 149.536423][ T28] ? coredump_store+0xa0/0xa0 [ 149.540890][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 149.546870][ T28] __device_attach+0x42a/0x720 [ 149.552183][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 149.557632][ T28] device_initial_probe+0x2e/0x40 [ 149.563120][ T113] usb_probe_device+0x288/0x490 [ 149.568036][ T28] bus_probe_device+0x13c/0x3b0 [ 149.573860][ T113] ? usb_register_device_driver+0x440/0x440 [ 149.578603][ T28] device_add+0x1d4b/0x26c0 [ 149.584323][ T113] really_probe+0x506/0x1000 [ 149.589167][ T28] usb_set_configuration+0x30f8/0x37e0 [ 149.594871][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 149.595022][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 149.600067][ T28] usb_generic_driver_probe+0x105/0x290 [ 149.604876][ T113] __driver_probe_device+0x2fa/0x3d0 [ 149.609776][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 149.615693][ T113] driver_probe_device+0x72/0x7a0 [ 149.620248][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 149.624855][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 149.630366][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 149.636449][ T113] __device_attach_driver+0x548/0x8e0 [ 149.642450][ T28] usb_probe_device+0x288/0x490 [ 149.647885][ T113] bus_for_each_drv+0x1fc/0x360 [ 149.653223][ T28] ? usb_register_device_driver+0x440/0x440 [ 149.658980][ T113] ? coredump_store+0xa0/0xa0 [ 149.664065][ T28] really_probe+0x506/0x1000 [ 149.669764][ T113] __device_attach+0x42a/0x720 [ 149.675616][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 149.681323][ T113] device_initial_probe+0x2e/0x40 [ 149.686738][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 149.691547][ T113] bus_probe_device+0x13c/0x3b0 [ 149.696510][ T28] __driver_probe_device+0x2fa/0x3d0 [ 149.702326][ T113] device_add+0x1d4b/0x26c0 [ 149.707053][ T28] driver_probe_device+0x72/0x7a0 [ 149.711668][ T113] usb_new_device+0x17ac/0x2370 [ 149.716472][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 149.722526][ T113] hub_event+0x5589/0x8080 [ 149.727587][ T28] __device_attach_driver+0x548/0x8e0 [ 149.733469][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 149.738318][ T28] bus_for_each_drv+0x1fc/0x360 [ 149.743602][ T113] ? led_work+0x730/0x730 [ 149.743739][ T113] ? led_work+0x730/0x730 [ 149.748252][ T28] ? coredump_store+0xa0/0xa0 [ 149.753285][ T113] process_one_work+0xb27/0x13e0 [ 149.758211][ T28] __device_attach+0x42a/0x720 [ 149.764045][ T113] worker_thread+0x1703/0x1d60 [ 149.768510][ T28] device_initial_probe+0x2e/0x40 [ 149.773910][ T113] kthread+0x31b/0x430 [ 149.779738][ T28] bus_probe_device+0x13c/0x3b0 [ 149.784603][ T113] ? worker_clr_flags+0x2b0/0x2b0 [ 149.789010][ T28] device_add+0x1d4b/0x26c0 [ 149.793345][ T113] ? kthread_blkcg+0x120/0x120 [ 149.793469][ T113] ret_from_fork+0x1f/0x30 [ 149.798142][ T28] usb_new_device+0x17ac/0x2370 [ 149.803085][ T113] [ 149.807601][ T113] ------------[ cut here ]------------ [ 149.807924][ T28] hub_event+0x5589/0x8080 [ 149.812746][ T113] usb 3-1: BOGUS urb xfer, pipe 1 != type 3 [ 149.814125][ T113] WARNING: CPU: 0 PID: 113 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760 [ 149.818243][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 149.822249][ T113] Modules linked in: [ 149.827172][ T28] ? led_work+0x730/0x730 [ 149.832152][ T113] CPU: 0 PID: 113 Comm: kworker/0:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 149.836736][ T28] ? led_work+0x730/0x730 [ 149.841503][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 149.846023][ T28] process_one_work+0xb27/0x13e0 [ 149.850907][ T113] Workqueue: usb_hub_wq hub_event [ 149.854025][ T28] worker_thread+0x1076/0x1d60 [ 149.859477][ T113] [ 149.859506][ T113] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 149.863994][ T28] kthread+0x31b/0x430 [ 149.864105][ T28] ? worker_clr_flags+0x2b0/0x2b0 [ 149.864243][ T28] ? kthread_blkcg+0x120/0x120 [ 149.864362][ T28] ret_from_fork+0x1f/0x30 [ 149.870295][ T113] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 149.879931][ T28] [ 149.885829][ T113] RSP: 0018:ffff888109c8e878 EFLAGS: 00010246 [ 149.889695][ T28] ---[ end trace 0000000000000000 ]--- [ 150.005422][ T113] ===================================================== [ 150.012737][ T113] BUG: KMSAN: uninit-value in __show_regs+0x8c/0xc90 [ 150.019565][ T113] __show_regs+0x8c/0xc90 [ 150.024139][ T113] show_regs+0x6e/0xd0 [ 150.028338][ T113] __warn+0x242/0x580 [ 150.032602][ T113] report_bug+0x7ff/0xa10 [ 150.037049][ T113] handle_bug+0x41/0x70 [ 150.040844][ T28] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 150.041279][ T113] exc_invalid_op+0x1b/0x50 [ 150.041361][ T113] asm_exc_invalid_op+0x1b/0x20 [ 150.060603][ T113] usb_submit_urb+0x19a2/0x2760 [ 150.065734][ T113] usb_start_wait_urb+0xcf/0x350 [ 150.070810][ T113] usb_bulk_msg+0x5cc/0x6f0 [ 150.075607][ T113] usb_interrupt_msg+0x54/0x70 [ 150.080498][ T113] vmk80xx_write_packet+0x5f7/0x7d0 [ 150.085964][ T113] vmk80xx_auto_attach+0xe75/0x1e60 [ 150.091306][ T113] comedi_auto_config+0x2de/0x620 [ 150.096533][ T113] comedi_usb_auto_config+0x3f/0x50 [ 150.101880][ T113] vmk80xx_usb_probe+0x54/0x70 [ 150.106856][ T113] usb_probe_interface+0xc4b/0x11f0 [ 150.112200][ T113] really_probe+0x506/0x1000 [ 150.117023][ T113] __driver_probe_device+0x2fa/0x3d0 [ 150.122600][ T113] driver_probe_device+0x72/0x7a0 [ 150.127780][ T113] __device_attach_driver+0x548/0x8e0 [ 150.129522][ T28] usb 2-1: USB disconnect, device number 13 [pid 3574] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3574] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 8 [pid 3574] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3574] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3571] ioctl(3, USB_RAW_IOCTL_EP0_READ [pid 3576] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [pid 3571] <... ioctl resumed>, 0x7ffcf7248d10) = 0 [pid 3575] exit_group(0) = ? [pid 3576] ioctl(3, USB_RAW_IOCTL_EP0_WRITE [pid 3575] +++ exited with 0 +++ [pid 3490] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3575, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 3490] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3490] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3576] <... ioctl resumed>, 0x7ffcf7248d10) = 18 [pid 3576] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3490] <... clone resumed>, child_tidptr=0x5555571d45d0) = 3579 ./strace-static-x86_64: Process 3579 attached [pid 3579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3579] setpgid(0, 0) = 0 [pid 3579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3579] write(3, "1000", 4) = 4 [pid 3579] close(3) = 0 [pid 3579] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3579] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3579] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3579] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [pid 3579] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3574] <... ioctl resumed>, 0x7ffcf7248d10) = 8 [pid 3574] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3491] kill(-3571, SIGKILL) = 0 [pid 3571] +++ killed by SIGKILL +++ [pid 3491] kill(3571, SIGKILL) = 0 [pid 3491] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3571, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=1} --- [pid 3491] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571d45d0) = 3580 ./strace-static-x86_64: Process 3580 attached [pid 3580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3580] setpgid(0, 0) = 0 [pid 3580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3580] write(3, "1000", 4) = 4 [pid 3580] close(3) = 0 [pid 3580] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3580] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcf7249d20) = 0 [pid 3580] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3580] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcf7249d20) = 0 [ 150.133443][ T113] bus_for_each_drv+0x1fc/0x360 [ 150.144369][ T113] __device_attach+0x42a/0x720 [ 150.149283][ T113] device_initial_probe+0x2e/0x40 [ 150.154580][ T113] bus_probe_device+0x13c/0x3b0 [ 150.159570][ T113] device_add+0x1d4b/0x26c0 [ 150.164311][ T113] usb_set_configuration+0x30f8/0x37e0 [ 150.169920][ T113] usb_generic_driver_probe+0x105/0x290 [ 150.175733][ T113] usb_probe_device+0x288/0x490 [ 150.180723][ T113] really_probe+0x506/0x1000 [ 150.186694][ T113] __driver_probe_device+0x2fa/0x3d0 [ 150.192142][ T113] driver_probe_device+0x72/0x7a0 [ 150.197490][ T113] __device_attach_driver+0x548/0x8e0 [ 150.203094][ T113] bus_for_each_drv+0x1fc/0x360 [ 150.208086][ T113] __device_attach+0x42a/0x720 [ 150.213099][ T113] device_initial_probe+0x2e/0x40 [ 150.218280][ T113] bus_probe_device+0x13c/0x3b0 [ 150.223397][ T113] device_add+0x1d4b/0x26c0 [ 150.228023][ T113] usb_new_device+0x17ac/0x2370 [ 150.233142][ T113] hub_event+0x5589/0x8080 [ 150.237708][ T113] process_one_work+0xb27/0x13e0 [ 150.242921][ T113] worker_thread+0x1703/0x1d60 [ 150.247834][ T113] kthread+0x31b/0x430 [ 150.252024][ T113] ret_from_fork+0x1f/0x30 [ 150.256741][ T113] [ 150.259130][ T113] Local variable wlist created at: [ 150.264422][ T113] rwsem_mark_wake+0x4c/0xaa0 [ 150.269240][ T113] up_write+0x128/0x170 [ 150.273659][ T113] [ 150.276047][ T113] CPU: 0 PID: 113 Comm: kworker/0:2 Tainted: G W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 150.287758][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 150.298001][ T113] Workqueue: usb_hub_wq hub_event [ 150.303305][ T113] ===================================================== [ 150.310332][ T113] Disabling lock debugging due to kernel taint [ 150.316717][ T113] Kernel panic - not syncing: kmsan.panic set ... [ 150.322807][ T123] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 150.330787][ T113] CPU: 0 PID: 113 Comm: kworker/0:2 Tainted: G B W 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [pid 3580] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3578] <... ioctl resumed>, 0x7ffcf7249d20) = 0 [ 150.342381][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 150.352546][ T113] Workqueue: usb_hub_wq hub_event [ 150.357734][ T113] Call Trace: [ 150.361080][ T113] [ 150.364079][ T113] dump_stack_lvl+0x1c8/0x256 [ 150.368925][ T113] dump_stack+0x1a/0x1c [ 150.373227][ T113] panic+0x4d3/0xc69 [ 150.377285][ T113] kmsan_report+0x2cc/0x2d0 [ 150.381943][ T113] ? preempt_count_sub+0x7d/0x280 [ 150.387129][ T113] ? vprintk_emit+0x52b/0x8d0 [pid 3578] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcf7248d10) = 18 [ 150.391944][ T113] ? __msan_warning+0x92/0x110 [ 150.396848][ T113] ? __show_regs+0x8c/0xc90 [ 150.401501][ T113] ? show_regs+0x6e/0xd0 [ 150.405875][ T113] ? __warn+0x242/0x580 [ 150.410174][ T113] ? report_bug+0x7ff/0xa10 [ 150.414792][ T113] ? handle_bug+0x41/0x70 [ 150.419239][ T113] ? exc_invalid_op+0x1b/0x50 [ 150.424042][ T113] ? asm_exc_invalid_op+0x1b/0x20 [ 150.429220][ T113] ? usb_submit_urb+0x19a2/0x2760 [ 150.434382][ T113] ? usb_start_wait_urb+0xcf/0x350 [ 150.439630][ T113] ? usb_bulk_msg+0x5cc/0x6f0 [ 150.444435][ T113] ? usb_interrupt_msg+0x54/0x70 [ 150.449503][ T113] ? vmk80xx_write_packet+0x5f7/0x7d0 [ 150.455019][ T113] ? vmk80xx_auto_attach+0xe75/0x1e60 [ 150.460528][ T113] ? comedi_auto_config+0x2de/0x620 [ 150.465840][ T113] ? comedi_usb_auto_config+0x3f/0x50 [ 150.471361][ T113] ? vmk80xx_usb_probe+0x54/0x70 [ 150.476434][ T113] ? usb_probe_interface+0xc4b/0x11f0 [ 150.481952][ T113] ? really_probe+0x506/0x1000 [ 150.486868][ T113] ? __driver_probe_device+0x2fa/0x3d0 [ 150.492479][ T113] ? driver_probe_device+0x72/0x7a0 [ 150.497832][ T113] ? __device_attach_driver+0x548/0x8e0 [ 150.503533][ T113] ? bus_for_each_drv+0x1fc/0x360 [ 150.508698][ T113] ? __device_attach+0x42a/0x720 [ 150.513786][ T113] ? device_initial_probe+0x2e/0x40 [ 150.519132][ T113] ? bus_probe_device+0x13c/0x3b0 [ 150.524299][ T113] ? device_add+0x1d4b/0x26c0 [ 150.529106][ T113] ? usb_set_configuration+0x30f8/0x37e0 [ 150.534877][ T113] ? usb_generic_driver_probe+0x105/0x290 [ 150.540729][ T113] ? usb_probe_device+0x288/0x490 [ 150.545886][ T113] ? really_probe+0x506/0x1000 [ 150.550796][ T113] ? __driver_probe_device+0x2fa/0x3d0 [ 150.556410][ T113] ? driver_probe_device+0x72/0x7a0 [ 150.561761][ T113] ? __device_attach_driver+0x548/0x8e0 [ 150.567459][ T113] ? bus_for_each_drv+0x1fc/0x360 [ 150.572628][ T113] ? __device_attach+0x42a/0x720 [ 150.577705][ T113] ? device_initial_probe+0x2e/0x40 [ 150.583056][ T113] ? bus_probe_device+0x13c/0x3b0 [ 150.588217][ T113] ? device_add+0x1d4b/0x26c0 [ 150.593024][ T113] ? usb_new_device+0x17ac/0x2370 [ 150.598195][ T113] ? hub_event+0x5589/0x8080 [ 150.602937][ T113] ? process_one_work+0xb27/0x13e0 [ 150.608194][ T113] ? worker_thread+0x1703/0x1d60 [ 150.613276][ T113] ? kthread+0x31b/0x430 [ 150.617640][ T113] ? ret_from_fork+0x1f/0x30 [ 150.622386][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 150.628333][ T113] __msan_warning+0x92/0x110 [ 150.633024][ T113] __show_regs+0x8c/0xc90 [ 150.637499][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 150.643470][ T113] show_regs+0x6e/0xd0 [ 150.647672][ T113] __warn+0x242/0x580 [ 150.651795][ T113] ? usb_submit_urb+0x19a2/0x2760 [ 150.656954][ T113] report_bug+0x7ff/0xa10 [ 150.661411][ T113] ? usb_submit_urb+0x19a2/0x2760 [ 150.666572][ T113] handle_bug+0x41/0x70 [ 150.670846][ T113] exc_invalid_op+0x1b/0x50 [ 150.672902][ T28] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 150.683043][ T113] asm_exc_invalid_op+0x1b/0x20 [ 150.688045][ T113] RIP: 0010:usb_submit_urb+0x19a2/0x2760 [ 150.693819][ T113] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 78 9e dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 2e 2d 4e f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48 [ 150.713568][ T113] RSP: 0018:ffff888109c8e878 EFLAGS: 00010246 [ 150.719747][ T113] RAX: 7c40313c42a2f100 RBX: 0000000000000000 RCX: ffff888109c90000 [ 150.723373][ T123] usb 5-1: Using ep0 maxpacket: 8 [ 150.732879][ T113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 150.740950][ T113] RBP: ffff888109c8e998 R08: ffffffff817e4fc4 R09: ffffea000000000f [ 150.749034][ T113] R10: 0000000000000010 R11: 000000000fef1e80 R12: 0000000000000002 [ 150.757102][ T113] R13: 0000000000000003 R14: ffff888109c90b58 R15: 0000000000000000 [ 150.765183][ T113] ? vprintk_emit+0x4c4/0x8d0 [ 150.770012][ T113] ? usb_submit_urb+0x19a2/0x2760 [ 150.775206][ T113] usb_start_wait_urb+0xcf/0x350 [ 150.780301][ T113] usb_bulk_msg+0x5cc/0x6f0 [ 150.784953][ T113] usb_interrupt_msg+0x54/0x70 [ 150.789850][ T113] vmk80xx_write_packet+0x5f7/0x7d0 [ 150.795216][ T113] vmk80xx_auto_attach+0xe75/0x1e60 [ 150.800581][ T113] ? vmk80xx_detach+0x1a0/0x1a0 [ 150.805562][ T113] comedi_auto_config+0x2de/0x620 [ 150.810722][ T113] comedi_usb_auto_config+0x3f/0x50 [ 150.816073][ T113] vmk80xx_usb_probe+0x54/0x70 [ 150.820979][ T113] ? vmk80xx_read_packet+0x770/0x770 [ 150.826401][ T113] usb_probe_interface+0xc4b/0x11f0 [ 150.831762][ T113] ? usb_register_driver+0x5f0/0x5f0 [ 150.837187][ T113] really_probe+0x506/0x1000 [ 150.841936][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 150.848163][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 150.854135][ T113] __driver_probe_device+0x2fa/0x3d0 [ 150.859582][ T113] driver_probe_device+0x72/0x7a0 [ 150.864784][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 150.870753][ T113] __device_attach_driver+0x548/0x8e0 [ 150.876300][ T113] bus_for_each_drv+0x1fc/0x360 [ 150.881302][ T113] ? coredump_store+0xa0/0xa0 [ 150.886147][ T113] __device_attach+0x42a/0x720 [ 150.891073][ T113] device_initial_probe+0x2e/0x40 [ 150.896252][ T113] bus_probe_device+0x13c/0x3b0 [ 150.901261][ T113] device_add+0x1d4b/0x26c0 [ 150.905913][ T113] usb_set_configuration+0x30f8/0x37e0 [ 150.911569][ T113] usb_generic_driver_probe+0x105/0x290 [ 150.917252][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 150.923219][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 150.929080][ T113] ? usb_choose_configuration+0xdc0/0xdc0 [ 150.934937][ T113] usb_probe_device+0x288/0x490 [ 150.939931][ T113] ? usb_register_device_driver+0x440/0x440 [ 150.945973][ T113] really_probe+0x506/0x1000 [ 150.950716][ T113] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 150.956944][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 150.962914][ T113] __driver_probe_device+0x2fa/0x3d0 [ 150.968365][ T113] driver_probe_device+0x72/0x7a0 [ 150.973554][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 150.979523][ T113] __device_attach_driver+0x548/0x8e0 [ 150.985073][ T113] bus_for_each_drv+0x1fc/0x360 [ 150.990066][ T113] ? coredump_store+0xa0/0xa0 [ 150.994904][ T113] __device_attach+0x42a/0x720 [ 150.999832][ T113] device_initial_probe+0x2e/0x40 [ 151.005009][ T113] bus_probe_device+0x13c/0x3b0 [ 151.010012][ T113] device_add+0x1d4b/0x26c0 [ 151.014637][ T113] usb_new_device+0x17ac/0x2370 [ 151.019622][ T113] hub_event+0x5589/0x8080 [ 151.023310][ T123] usb 5-1: config 0 has an invalid interface number: 164 but max is 0 [ 151.023418][ T123] usb 5-1: config 0 has no interface number 0 [ 151.023519][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 151.023644][ T123] usb 5-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 151.058431][ T113] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 151.064397][ T113] ? led_work+0x730/0x730 [ 151.068879][ T113] ? led_work+0x730/0x730 [ 151.073360][ T113] process_one_work+0xb27/0x13e0 [ 151.073878][ T28] usb 2-1: Using ep0 maxpacket: 8 [ 151.083525][ T113] worker_thread+0x1703/0x1d60 [ 151.088474][ T113] kthread+0x31b/0x430 [ 151.092668][ T113] ? worker_clr_flags+0x2b0/0x2b0 [ 151.097845][ T113] ? kthread_blkcg+0x120/0x120 [ 151.102743][ T113] ret_from_fork+0x1f/0x30 [ 151.107290][ T113] [ 151.110525][ T113] Kernel Offset: disabled [ 151.114903][ T113] Rebooting in 86400 seconds..