./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3246917139 <...> DUID 00:04:03:2c:e5:fc:a2:19:b8:8b:c5:bf:62:63:19:3a:75:c6 forked to background, child pid 3183 [ 23.065178][ T3184] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.078725][ T3184] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.10' (ECDSA) to the list of known hosts. execve("./syz-executor3246917139", ["./syz-executor3246917139"], 0x7ffe6d0da040 /* 10 vars */) = 0 brk(NULL) = 0x5555559e6000 brk(0x5555559e6c40) = 0x5555559e6c40 arch_prctl(ARCH_SET_FS, 0x5555559e6300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3246917139", 4096) = 28 brk(0x555555a07c40) = 0x555555a07c40 brk(0x555555a08000) = 0x555555a08000 mprotect(0x7fd06977d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc9cc953d0) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc9cc943c0) = 18 syzkaller login: [ 39.601659][ T26] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc9cc943c0) = 18 [ 39.841683][ T26] usb 1-1: Using ep0 maxpacket: 16 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc9cc943c0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc9cc943c0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc9cc943c0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc9cc943c0) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 [ 40.002309][ T26] usb 1-1: unable to get BOS descriptor or descriptor too short ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc9cc943c0) = 330 [ 40.081739][ T26] usb 1-1: config 7 has an invalid interface number: 112 but max is 2 [ 40.090081][ T26] usb 1-1: config 7 has an invalid interface number: 208 but max is 2 [ 40.098351][ T26] usb 1-1: config 7 has an invalid interface number: 86 but max is 2 [ 40.106477][ T26] usb 1-1: config 7 has no interface number 0 [ 40.112591][ T26] usb 1-1: config 7 has no interface number 1 [ 40.118664][ T26] usb 1-1: config 7 has no interface number 2 [ 40.124799][ T26] usb 1-1: config 7 interface 208 altsetting 163 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 40.135938][ T26] usb 1-1: config 7 interface 208 altsetting 163 endpoint 0xA has an invalid bInterval 63, changing to 9 [ 40.147193][ T26] usb 1-1: config 7 interface 208 altsetting 163 has a duplicate endpoint with address 0x7, skipping [ 40.158108][ T26] usb 1-1: config 7 interface 208 altsetting 163 endpoint 0x1 has invalid maxpacket 1023, setting to 64 [ 40.169241][ T26] usb 1-1: config 7 interface 208 altsetting 163 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 40.180398][ T26] usb 1-1: config 7 interface 208 altsetting 163 bulk endpoint 0x5 has invalid maxpacket 64 [ 40.190484][ T26] usb 1-1: config 7 interface 208 altsetting 163 has a duplicate endpoint with address 0x2, skipping [ 40.201362][ T26] usb 1-1: config 7 interface 208 altsetting 163 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 40.212513][ T26] usb 1-1: config 7 interface 208 altsetting 163 has a duplicate endpoint with address 0x9, skipping ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc9cc943c0) = 0 [ 40.223458][ T26] usb 1-1: config 7 interface 208 altsetting 163 has a duplicate endpoint with address 0xA, skipping [ 40.234342][ T26] usb 1-1: config 7 interface 208 altsetting 163 endpoint 0xD has invalid maxpacket 1024, setting to 64 [ 40.245508][ T26] usb 1-1: config 7 interface 86 altsetting 169 has an invalid endpoint with address 0x80, skipping [ 40.256301][ T26] usb 1-1: config 7 interface 112 has no altsetting 0 [ 40.263144][ T26] usb 1-1: config 7 interface 208 has no altsetting 0 [ 40.269913][ T26] usb 1-1: config 7 interface 86 has no altsetting 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc9cc943c0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc9cc943c0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc9cc943c0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc9cc943c0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc9cc943c0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc9cc953d0) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x3) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc9cc943c0) = 0 [ 40.512099][ T26] usb 1-1: string descriptor 0 read error: -22 [ 40.518464][ T26] usb 1-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.10 [ 40.527556][ T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.574563][ T26] ------------[ cut here ]------------ [ 40.580043][ T26] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 40.586468][ T26] WARNING: CPU: 1 PID: 26 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x1880 [ 40.595942][ T26] Modules linked in: [ 40.599823][ T26] CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.0.0-rc3-next-20220901-syzkaller #0 [ 40.609285][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 40.619515][ T26] Workqueue: usb_hub_wq hub_event [ 40.624571][ T26] RIP: 0010:usb_submit_urb+0xed2/0x1880 [ 40.630132][ T26] Code: 7c 24 18 e8 b0 43 e9 fb 48 8b 7c 24 18 e8 a6 2e 03 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 40 70 90 8a e8 12 8c aa 03 <0f> 0b e9 58 f8 ff ff e8 82 43 e9 fb 48 81 c5 c0 05 00 00 e9 84 f7 [ 40.649780][ T26] RSP: 0018:ffffc90000a1edd0 EFLAGS: 00010282 [ 40.655873][ T26] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 40.663861][ T26] RDX: ffff888012693a80 RSI: ffffffff81620448 RDI: fffff52000143dac [ 40.671938][ T26] RBP: ffff8881474131e0 R08: 0000000000000005 R09: 0000000000000000 [ 40.679911][ T26] R10: 0000000080000000 R11: 3a312d3120627375 R12: 0000000000000001 [ 40.687899][ T26] R13: ffff88801fe6b230 R14: 0000000000000002 R15: ffff888016b60100 [ 40.695945][ T26] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 40.704913][ T26] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.711513][ T26] CR2: 000055c23e5106e8 CR3: 000000001ebe6000 CR4: 00000000003506e0 [ 40.719522][ T26] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.727508][ T26] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.735553][ T26] Call Trace: [ 40.738857][ T26] [ 40.741822][ T26] ? __init_swait_queue_head+0xc6/0x150 [ 40.747472][ T26] usb_start_wait_urb+0x101/0x4b0 [ 40.752561][ T26] ? usb_api_blocking_completion+0xa0/0xa0 [ 40.758421][ T26] ? __kasan_kmalloc+0xa9/0xd0 [ 40.763254][ T26] ? memset+0x20/0x40 [ 40.767249][ T26] usb_bulk_msg+0x226/0x550 exit_group(0) = ? +++ exited with 0 +++ [ 40.771793][ T26] shark_write_reg+0