./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1653137709

<...>
[   34.785500][ T4633] 8021q: adding VLAN 0 to HW filter on device bond0
[   34.807067][ T4633] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
syzkaller login: [   43.119238][   T26] kauditd_printk_skb: 37 callbacks suppressed
[   43.119253][   T26] audit: type=1400 audit(1672714430.549:73): avc:  denied  { transition } for  pid=4851 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   43.147946][   T26] audit: type=1400 audit(1672714430.559:74): avc:  denied  { write } for  pid=4851 comm="sh" path="pipe:[28307]" dev="pipefs" ino=28307 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts.
execve("./syz-executor1653137709", ["./syz-executor1653137709"], 0x7fff6777f1a0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555571ad000
brk(0x5555571adc40)                     = 0x5555571adc40
arch_prctl(ARCH_SET_FS, 0x5555571ad300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1653137709", 4096) = 28
brk(0x5555571cec40)                     = 0x5555571cec40
brk(0x5555571cf000)                     = 0x5555571cf000
mprotect(0x7f6a6fdd0000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ad5d0) = 5066
./strace-static-x86_64: Process 5066 attached
[pid  5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5066] setpgid(0, 0)               = 0
[pid  5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5066] write(3, "1000", 4)         = 4
[pid  5066] close(3)                    = 0
[   54.909779][   T26] audit: type=1400 audit(1672714442.339:75): avc:  denied  { execmem } for  pid=5065 comm="syz-executor165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[pid  5066] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  5066] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd8e2ea110) = 0
[pid  5066] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  5066] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd8e2ea110) = 0
[   54.943798][   T26] audit: type=1400 audit(1672714442.369:76): avc:  denied  { read write } for  pid=5066 comm="syz-executor165" name="raw-gadget" dev="devtmpfs" ino=732 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   54.968645][   T26] audit: type=1400 audit(1672714442.399:77): avc:  denied  { open } for  pid=5066 comm="syz-executor165" path="/dev/raw-gadget" dev="devtmpfs" ino=732 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   54.997497][   T26] audit: type=1400 audit(1672714442.399:78): avc:  denied  { ioctl } for  pid=5066 comm="syz-executor165" path="/dev/raw-gadget" dev="devtmpfs" ino=732 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[pid  5066] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd8e2ea110) = 0
[pid  5066] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd8e2e9100) = 18
[   55.245046][ T4721] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid  5066] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd8e2ea110) = 0
[pid  5066] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd8e2e9100) = 18
[pid  5066] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd8e2ea110) = 0
[pid  5066] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd8e2e9100) = 9
[pid  5066] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd8e2ea110) = 0
[pid  5066] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd8e2e9100) = 224
[   55.635141][ T4721] usb 1-1: config 0 has an invalid interface number: 72 but max is 0
[   55.643399][ T4721] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[   55.652965][ T4721] usb 1-1: config 0 has an invalid interface association descriptor of length 2, skipping
[   55.663141][ T4721] usb 1-1: config 0 has an invalid interface association descriptor of length 2, skipping
[   55.673456][ T4721] usb 1-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[   55.682649][ T4721] usb 1-1: config 0 has no interface number 0
[   55.688926][ T4721] usb 1-1: config 0 interface 72 altsetting 0 has an invalid endpoint with address 0x80, skipping
[   55.699660][ T4721] usb 1-1: config 0 interface 72 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 64
[   55.710667][ T4721] usb 1-1: config 0 interface 72 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[   55.721580][ T4721] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[   55.732404][ T4721] usb 1-1: config 0 interface 72 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 8
[   55.742416][ T4721] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0x4, skipping
[   55.753197][ T4721] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[   55.763953][ T4721] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[   55.774734][ T4721] usb 1-1: config 0 interface 72 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[pid  5066] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd8e2ea110) = 0
[pid  5066] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid  5066] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  5066] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6a6fdd646c) = -1 EINVAL (Invalid argument)
[   55.784622][ T4721] usb 1-1: config 0 interface 72 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[   55.796205][ T4721] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[   55.806959][ T4721] usb 1-1: New USB device found, idVendor=0846, idProduct=9010, bcdDevice=a0.e4
[   55.816173][ T4721] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   55.829670][ T4721] usb 1-1: config 0 descriptor??
[pid  5066] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd8e2e9100) = 0
[pid  5066] exit_group(0)               = ?
[   56.025012][ T4721] usb 1-1: reset high-speed USB device number 2 using dummy_hcd
[pid  5066] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ad5d0) = 5071
./strace-static-x86_64: Process 5071 attached
[pid  5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5071] setpgid(0, 0)               = 0
[pid  5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5071] write(3, "1000", 4)         = 4
[pid  5071] close(3)                    = 0
[pid  5071] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  5071] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd8e2ea110) = 0
[pid  5071] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  5071] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd8e2ea110) = 0
[   56.465008][ T4721] usb 1-1: device descriptor read/64, error -71
[pid  5071] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd8e2ea110) = 0
[pid  5071] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd8e2e9100) = 18
[   56.735017][ T4721] usb 1-1: reset high-speed USB device number 2 using dummy_hcd
[pid  5071] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd8e2ea110) = 0
[pid  5071] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd8e2e9100) = 18
[pid  5071] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd8e2ea110) = 0
[pid  5071] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd8e2e9100) = 224
[pid  5071] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd8e2ea110) = 0
[pid  5071] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid  5071] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  5071] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6a6fdd646c) = -1 EINVAL (Invalid argument)
[pid  5071] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd8e2e9100) = 0
[   57.118012][ T4721] usb 1-1: driver   API: 1.9.9 2016-02-15 [1-1]
[   57.124283][ T4721] usb 1-1: firmware API: 1.9.6 2012-07-07
[   57.130960][ T4721] ------------[ cut here ]------------
[   57.136725][ T4721] usb 1-1: BOGUS urb xfer, pipe 1 != type 3
[   57.143116][ T4721] WARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880
[   57.153219][ T4721] Modules linked in:
[   57.157636][ T4721] CPU: 0 PID: 4721 Comm: kworker/0:3 Not tainted 6.2.0-rc2-syzkaller #0
[   57.166032][ T4721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.176140][ T4721] Workqueue: events request_firmware_work_func
[   57.182308][ T4721] RIP: 0010:usb_submit_urb+0xed6/0x1880
[   57.187925][ T4721] Code: 7c 24 18 e8 6c 5b 80 fb 48 8b 7c 24 18 e8 f2 2d 01 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 40 86 fa 8a e8 2f 84 be 03 <0f> 0b e9 58 f8 ff ff e8 3e 5b 80 fb 48 81 c5 c0 05 00 00 e9 84 f7
[   57.207652][ T4721] RSP: 0018:ffffc90003357ba0 EFLAGS: 00010282
[   57.213727][ T4721] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[   57.221769][ T4721] RDX: ffff88807345a080 RSI: ffffffff8165927c RDI: fffff5200066af66
[   57.229791][ T4721] RBP: ffff888020fe4140 R08: 0000000000000005 R09: 0000000000000000
[   57.238112][ T4721] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000001
[   57.246134][ T4721] R13: ffff88802996b1c0 R14: 0000000000000002 R15: ffff8880135bf300
[   57.254107][ T4721] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[pid  5071] exit_group(0)               = ?
[   57.263102][ T4721] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   57.269956][ T4721] CR2: 0000557068778028 CR3: 000000000c48e000 CR4: 00000000003506f0
[   57.277998][ T4721] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   57.286069][ T4721] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   57.294048][ T4721] Call Trace:
[   57.297382][ T4721]  <TASK>
[   57.300324][ T4721]  carl9170_usb_send_rx_irq_urb+0x273/0x340
[   57.306295][ T4721]  carl9170_usb_firmware_step2+0x175/0x240
[   57.312514][ T4721]  ? carl9170_usb_resume+0x170/0x170
[pid  5071] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ad5d0) = 5072
./strace-static-x86_64: Process 5072 attached
[pid  5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5072] setpgid(0, 0)               = 0
[pid  5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5072] write(3, "1000", 4)         = 4
[   57.317985][ T4721]  request_firmware_work_func+0x130/0x240
[   57.323736][ T4721]  ? request_partial_firmware_into_buf+0xa0/0xa0
[   57.324216][   T25] usb 1-1: USB disconnect, device number 2
[   57.330136][ T4721]  process_one_work+0x9bf/0x1710
[   57.342197][ T4721]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   57.347663][ T4721]  ? rwlock_bug.part.0+0x90/0x90
[   57.352606][ T4721]  ? _raw_spin_lock_irq+0x45/0x50
[   57.358034][ T4721]  worker_thread+0x669/0x1090
[   57.362760][ T4721]  ? __kthread_parkme+0x163/0x220
[pid  5072] close(3)                    = 0
[pid  5072] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  5072] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd8e2ea110) = 0
[pid  5072] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  5072] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd8e2ea110) = 0
[   57.368578][ T4721]  ? process_one_work+0x1710/0x1710
[   57.378916][ T4721]  kthread+0x2e8/0x3a0
[   57.382998][ T4721]  ? kthread_complete_and_exit+0x40/0x40
[   57.388695][ T4721]  ret_from_fork+0x1f/0x30
[   57.393135][ T4721]  </TASK>
[   57.396236][ T4721] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   57.403528][ T4721] CPU: 0 PID: 4721 Comm: kworker/0:3 Not tainted 6.2.0-rc2-syzkaller #0
[   57.411884][ T4721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.421952][ T4721] Workqueue: events request_firmware_work_func
[   57.428128][ T4721] Call Trace:
[   57.431415][ T4721]  <TASK>
[   57.434350][ T4721]  dump_stack_lvl+0xd1/0x138
[   57.438966][ T4721]  panic+0x2cc/0x626
[   57.442873][ T4721]  ? panic_print_sys_info.part.0+0x110/0x110
[   57.448870][ T4721]  ? usb_submit_urb+0xed6/0x1880
[   57.453813][ T4721]  check_panic_on_warn.cold+0x19/0x35
[   57.459199][ T4721]  __warn+0xf2/0x1a0
[   57.463111][ T4721]  ? __wake_up_klogd.part.0+0x99/0xf0
[   57.468499][ T4721]  ? usb_submit_urb+0xed6/0x1880
[   57.473439][ T4721]  report_bug+0x1c0/0x210
[   57.477776][ T4721]  handle_bug+0x3c/0x70
[   57.481935][ T4721]  exc_invalid_op+0x18/0x50
[   57.486444][ T4721]  asm_exc_invalid_op+0x1a/0x20
[   57.491304][ T4721] RIP: 0010:usb_submit_urb+0xed6/0x1880
[   57.496861][ T4721] Code: 7c 24 18 e8 6c 5b 80 fb 48 8b 7c 24 18 e8 f2 2d 01 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 40 86 fa 8a e8 2f 84 be 03 <0f> 0b e9 58 f8 ff ff e8 3e 5b 80 fb 48 81 c5 c0 05 00 00 e9 84 f7
[   57.516471][ T4721] RSP: 0018:ffffc90003357ba0 EFLAGS: 00010282
[   57.522557][ T4721] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[   57.530534][ T4721] RDX: ffff88807345a080 RSI: ffffffff8165927c RDI: fffff5200066af66
[   57.538509][ T4721] RBP: ffff888020fe4140 R08: 0000000000000005 R09: 0000000000000000
[   57.546496][ T4721] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000001
[   57.554475][ T4721] R13: ffff88802996b1c0 R14: 0000000000000002 R15: ffff8880135bf300
[   57.562463][ T4721]  ? vprintk+0x8c/0xa0
[   57.566548][ T4721]  carl9170_usb_send_rx_irq_urb+0x273/0x340
[   57.572451][ T4721]  carl9170_usb_firmware_step2+0x175/0x240
[   57.578264][ T4721]  ? carl9170_usb_resume+0x170/0x170
[   57.583552][ T4721]  request_firmware_work_func+0x130/0x240
[   57.589285][ T4721]  ? request_partial_firmware_into_buf+0xa0/0xa0
[   57.595624][ T4721]  process_one_work+0x9bf/0x1710
[   57.600578][ T4721]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   57.605960][ T4721]  ? rwlock_bug.part.0+0x90/0x90
[   57.610905][ T4721]  ? _raw_spin_lock_irq+0x45/0x50
[   57.615946][ T4721]  worker_thread+0x669/0x1090
[   57.620629][ T4721]  ? __kthread_parkme+0x163/0x220
[   57.625664][ T4721]  ? process_one_work+0x1710/0x1710
[   57.630868][ T4721]  kthread+0x2e8/0x3a0
[   57.634959][ T4721]  ? kthread_complete_and_exit+0x40/0x40
[   57.640609][ T4721]  ret_from_fork+0x1f/0x30
[   57.645047][ T4721]  </TASK>
[   57.648215][ T4721] Kernel Offset: disabled
[   57.652615][ T4721] Rebooting in 86400 seconds..