./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1241573355

<...>
forked to background, child pid 3182
no interfaces have a carrier
[   34.603736][ T3183] 8021q: adding VLAN 0 to HW filter on device bond0
[   34.613301][ T3183] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.213' (ECDSA) to the list of known hosts.
execve("./syz-executor1241573355", ["./syz-executor1241573355"], 0x7ffd7301f2e0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555b25000
brk(0x555555b25c40)                     = 0x555555b25c40
arch_prctl(ARCH_SET_FS, 0x555555b25300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1241573355", 4096) = 28
brk(0x555555b46c40)                     = 0x555555b46c40
brk(0x555555b47000)                     = 0x555555b47000
mprotect(0x7f4b6de45000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
ioctl(3, USB_RAW_IOCTL_INIT, 0x7fff7b55a490) = 0
ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff7b559480) = 18
syzkaller login: [   50.678357][   T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff7b559480) = 18
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff7b559480) = 9
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff7b559480) = 72
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff7b559480) = 4
[   51.039350][   T23] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff7b559480) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff7b559480) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff7b559480) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0)    = 0
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f4b6de4b3ac) = 9
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f4b6de4b3bc) = 10
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f4b6de4b3cc) = 12
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f4b6de4b3dc) = 11
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f4b6de4b3ec) = 13
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f4b6de4b3fc) = 14
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 0
[   51.208498][   T23] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   51.217585][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   51.225602][   T23] usb 1-1: Product: syz
[   51.229808][   T23] usb 1-1: Manufacturer: syz
[   51.234379][   T23] usb 1-1: SerialNumber: syz
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 4096
[   51.279343][   T23] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 1856
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff7b55a490) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff7b559480) = 0
[   51.848404][   T23] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   51.858343][   T23] ------------[ cut here ]------------
[   51.864080][   T23] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[   51.871013][   T23] WARNING: CPU: 1 PID: 23 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x1880
[   51.880697][   T23] Modules linked in:
[   51.884629][   T23] CPU: 1 PID: 23 Comm: kworker/1:0 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
[   51.894282][   T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   51.904420][   T23] Workqueue: events request_firmware_work_func
[   51.910788][   T23] RIP: 0010:usb_submit_urb+0xed2/0x1880
[   51.916387][   T23] Code: 7c 24 18 e8 c0 a3 e9 fb 48 8b 7c 24 18 e8 66 68 02 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 7d 91 8a e8 ad 87 ac 03 <0f> 0b e9 58 f8 ff ff e8 92 a3 e9 fb 48 81 c5 c0 05 00 00 e9 84 f7
[   51.936656][   T23] RSP: 0018:ffffc900001d7b38 EFLAGS: 00010286
[   51.943031][   T23] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
[   51.951285][   T23] RDX: ffff888011a4d880 RSI: ffffffff81612e28 RDI: fffff5200003af59
[   51.959309][   T23] RBP: ffff88801f1ef050 R08: 0000000000000005 R09: 0000000000000000
[   51.967335][   T23] R10: 0000000080000000 R11: 3a312d3120627375 R12: 0000000000000003
[   51.975381][   T23] R13: ffff888020364848 R14: 0000000000000003 R15: ffff888016b29300
[   51.983581][   T23] FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[   51.992583][   T23] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   51.999215][   T23] CR2: 00007ff8abc70edb CR3: 00000000169f7000 CR4: 0000000000350ee0
[   52.007372][   T23] Call Trace:
[   52.010871][   T23]  <TASK>
[   52.013812][   T23]  ? trace_hardirqs_on+0x2d/0x120
[   52.019006][   T23]  ath9k_hif_usb_alloc_urbs+0x7d8/0x1050
[   52.024712][   T23]  ? ath9k_hif_usb_firmware_cb+0x140/0x530
[   52.030687][   T23]  ath9k_hif_usb_firmware_cb+0x148/0x530
[   52.036580][   T23]  ? ath9k_hif_usb_alloc_urbs+0x1050/0x1050
[   52.042541][   T23]  request_firmware_work_func+0x12c/0x230
exit_group(0)                           = ?
+++ exited with 0 +++
[   52.048331]