./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1792767602 <...> DUID 00:04:ef:48:41:79:0b:5e:d9:4d:76:cd:70:81:2e:69:59:2c forked to background, child pid 4667 [ 21.720421][ T4668] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.731223][ T4668] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.133' (ECDSA) to the list of known hosts. execve("./syz-executor1792767602", ["./syz-executor1792767602"], 0x7ffc80f9e440 /* 10 vars */) = 0 brk(NULL) = 0x5555557af000 brk(0x5555557afc40) = 0x5555557afc40 arch_prctl(ARCH_SET_FS, 0x5555557af300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1792767602", 4096) = 28 brk(0x5555557d0c40) = 0x5555557d0c40 brk(0x5555557d1000) = 0x5555557d1000 mprotect(0x7f773a897000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd1b6d4710) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd1b6d3700) = 18 syzkaller login: [ 55.076827][ T3164] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd1b6d3700) = 18 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 [ 55.316736][ T3164] usb 1-1: Using ep0 maxpacket: 32 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd1b6d3700) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd1b6d3700) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd1b6d3700) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd1b6d3700) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 [ 55.476965][ T3164] usb 1-1: unable to get BOS descriptor or descriptor too short ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd1b6d3700) = 426 [ 55.557009][ T3164] usb 1-1: config 6 has an invalid interface number: 199 but max is 2 [ 55.565517][ T3164] usb 1-1: config 6 has an invalid interface number: 48 but max is 2 [ 55.573698][ T3164] usb 1-1: config 6 has an invalid interface number: 105 but max is 2 [ 55.581932][ T3164] usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping [ 55.590674][ T3164] usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping [ 55.599478][ T3164] usb 1-1: config 6 has an invalid interface descriptor of length 2, skipping [ 55.608396][ T3164] usb 1-1: config 6 has no interface number 0 [ 55.614455][ T3164] usb 1-1: config 6 has no interface number 1 [ 55.620668][ T3164] usb 1-1: config 6 has no interface number 2 [ 55.626794][ T3164] usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 55.637867][ T3164] usb 1-1: config 6 interface 199 altsetting 128 has an invalid endpoint with address 0x0, skipping [ 55.648683][ T3164] usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x8, skipping [ 55.659577][ T3164] usb 1-1: config 6 interface 199 altsetting 128 bulk endpoint 0x2 has invalid maxpacket 8 [ 55.669599][ T3164] usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 55.680867][ T3164] usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 55.692038][ T3164] usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x1, skipping [ 55.702959][ T3164] usb 1-1: config 6 interface 199 altsetting 128 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 55.714010][ T3164] usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x4, skipping [ 55.724944][ T3164] usb 1-1: config 6 interface 48 altsetting 8 has a duplicate endpoint with address 0xA, skipping [ 55.735572][ T3164] usb 1-1: config 6 interface 105 altsetting 129 has 0 endpoint descriptors, different from the interface descriptor's value: 7 [ 55.748814][ T3164] usb 1-1: config 6 interface 199 has no altsetting 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd1b6d3700) = 0 [ 55.755592][ T3164] usb 1-1: config 6 interface 48 has no altsetting 0 [ 55.762306][ T3164] usb 1-1: config 6 interface 105 has no altsetting 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd1b6d3700) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd1b6d3700) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd1b6d3700) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd1b6d3700) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd1b6d3700) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd1b6d4710) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xd3) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f773a89d3ac) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd1b6d3700) = 0 [ 56.006842][ T3164] usb 1-1: string descriptor 0 read error: -22 [ 56.013093][ T3164] usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=b9.c5 [ 56.022172][ T3164] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.070930][ T3164] ------------[ cut here ]------------ [ 56.076528][ T3164] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 56.082901][ T3164] WARNING: CPU: 1 PID: 3164 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 [ 56.092480][ T3164] Modules linked in: [ 56.096372][ T3164] CPU: 1 PID: 3164 Comm: kworker/1:2 Not tainted 6.4.0-rc7-syzkaller #0 [ 56.104752][ T3164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 56.114882][ T3164] Workqueue: usb_hub_wq hub_event [ 56.119971][ T3164] RIP: 0010:usb_submit_urb+0xed6/0x1880 [ 56.125636][ T3164] Code: 7c 24 18 e8 3c b4 5b fb 48 8b 7c 24 18 e8 d2 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 20 c7 fc 8a e8 6a 6f 23 fb <0f> 0b e9 58 f8 ff ff e8 0e b4 5b fb 48 81 c5 c0 05 00 00 e9 84 f7 [ 56.145330][ T3164] RSP: 0018:ffffc9000c9e6eb8 EFLAGS: 00010282 [ 56.151449][ T3164] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 56.159467][ T3164] RDX: ffff888029b1d940 RSI: ffffffff814c03b7 RDI: 0000000000000001 [ 56.167514][ T3164] RBP: ffff888015aa0190 R08: 0000000000000001 R09: 0000000000000000 [ 56.175498][ T3164] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 56.183527][ T3164] R13: ffff88802309c730 R14: 0000000000000002 R15: ffff888019645f00 [ 56.191576][ T3164] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 56.200577][ T3164] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.207192][ T3164] CR2: 000000000066c7e0 CR3: 000000007b54a000 CR4: 0000000000350ee0 [ 56.215156][ T3164] Call Trace: [ 56.218505][ T3164] [ 56.221442][ T3164] ? __warn+0xe6/0x390 [ 56.225512][ T3164] ? __wake_up_klogd.part.0+0x99/0xf0 [ 56.230941][ T3164] ? usb_submit_urb+0xed6/0x1880 [ 56.235912][ T3164] ? report_bug+0x2da/0x500 [ 56.240491][ T3164] ? handle_bug+0x3c/0x70 [ 56.244835][ T3164] ? exc_invalid_op+0x18/0x50 [ 56.249564][ T3164] ? asm_exc_invalid_op+0x1a/0x20 [ 56.254628][ T3164] ? __warn_printk+0x187/0x310 [ 56.259449][ T3164] ? usb_submit_urb+0xed6/0x1880 [ 56.264403][ T3164] ? usb_submit_urb+0xed6/0x1880 exit_group(0) = ? +++ exited with 0 +++ [ 56.269414][ T3164] ? __