./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4052638519

<...>
forked to background, child pid 3181
no interfaces have a carrier
[   22.867956][ T3182] 8021q: adding VLAN 0 to HW filter on device bond0
[   22.880142][ T3182] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.70' (ECDSA) to the list of known hosts.
execve("./syz-executor4052638519", ["./syz-executor4052638519"], 0x7ffcbd186440 /* 10 vars */) = 0
brk(NULL)                               = 0x5555567d9000
brk(0x5555567d9c40)                     = 0x5555567d9c40
arch_prctl(ARCH_SET_FS, 0x5555567d9300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor4052638519", 4096) = 28
brk(0x5555567fac40)                     = 0x5555567fac40
brk(0x5555567fb000)                     = 0x5555567fb000
mprotect(0x7fba5e798000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567d95d0) = 3604
./strace-static-x86_64: Process 3604 attached
[pid  3604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3604] setpgid(0, 0)               = 0
[pid  3604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3604] write(3, "1000", 4)         = 4
[pid  3604] close(3)                    = 0
[pid  3604] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  3604] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffda9d1c1d0) = 0
[pid  3604] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  3604] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffda9d1c1d0) = 0
[pid  3604] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffda9d1c1d0) = 0
[pid  3604] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffda9d1b1c0) = 18
syzkaller login: [   43.675251][ T3325] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid  3604] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffda9d1c1d0) = 0
[pid  3604] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffda9d1b1c0) = 18
[pid  3604] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffda9d1c1d0) = 0
[pid  3604] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffda9d1b1c0) = 9
[pid  3604] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffda9d1c1d0) = 0
[pid  3604] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffda9d1b1c0) = 224
[   44.085731][ T3325] usb 1-1: config 0 has an invalid interface number: 72 but max is 0
[   44.094441][ T3325] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[   44.103158][ T3325] usb 1-1: config 0 has an invalid interface association descriptor of length 2, skipping
[   44.113111][ T3325] usb 1-1: config 0 has an invalid interface association descriptor of length 2, skipping
[   44.123103][ T3325] usb 1-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[   44.131804][ T3325] usb 1-1: config 0 has no interface number 0
[   44.137939][ T3325] usb 1-1: config 0 interface 72 altsetting 0 has an invalid endpoint with address 0x80, skipping
[   44.148564][ T3325] usb 1-1: config 0 interface 72 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 64
[   44.159549][ T3325] usb 1-1: config 0 interface 72 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[   44.170344][ T3325] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[   44.181390][ T3325] usb 1-1: config 0 interface 72 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 8
[   44.191302][ T3325] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0x4, skipping
[   44.201947][ T3325] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[   44.212607][ T3325] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[   44.223255][ T3325] usb 1-1: config 0 interface 72 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[pid  3604] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffda9d1c1d0) = 0
[pid  3604] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid  3604] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  3604] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fba5e79e46c) = -1 EINVAL (Invalid argument)
[   44.233029][ T3325] usb 1-1: config 0 interface 72 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[   44.243902][ T3325] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[   44.254534][ T3325] usb 1-1: New USB device found, idVendor=0846, idProduct=9010, bcdDevice=a0.e4
[   44.263610][ T3325] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   44.273977][ T3325] usb 1-1: config 0 descriptor??
[pid  3604] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffda9d1b1c0) = 0
[pid  3604] exit_group(0)               = ?
[pid  3604] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3604, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567d95d0) = 3608
./strace-static-x86_64: Process 3608 attached
[pid  3608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3608] setpgid(0, 0)               = 0
[pid  3608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "1000", 4)         = 4
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  3608] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffda9d1c1d0) = 0
[pid  3608] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffda9d1c1d0) = 0
[   44.495158][ T3325] usb 1-1: reset high-speed USB device number 2 using dummy_hcd
[   44.955168][ T3325] usb 1-1: device descriptor read/64, error -71
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffda9d1c1d0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffda9d1b1c0) = 18
[   45.235209][ T3325] usb 1-1: reset high-speed USB device number 2 using dummy_hcd
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffda9d1c1d0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffda9d1b1c0) = 18
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffda9d1c1d0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffda9d1b1c0) = 224
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffda9d1c1d0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fba5e79e46c) = -1 EINVAL (Invalid argument)
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffda9d1b1c0) = 0
[   45.696606][ T3325] usb 1-1: driver   API: 1.9.9 2016-02-15 [1-1]
[   45.702984][ T3325] usb 1-1: firmware API: 1.9.6 2012-07-07
[   45.709043][ T3325] ------------[ cut here ]------------
[   45.714505][ T3325] usb 1-1: BOGUS urb xfer, pipe 1 != type 3
[   45.720844][ T3325] WARNING: CPU: 1 PID: 3325 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x1880
[   45.730438][ T3325] Modules linked in:
[   45.734332][ T3325] CPU: 1 PID: 3325 Comm: kworker/1:3 Not tainted 6.0.0-rc5-syzkaller-00017-gd1221cea11fc #0
[   45.744544][ T3325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[   45.754662][ T3325] Workqueue: events request_firmware_work_func
[   45.760898][ T3325] RIP: 0010:usb_submit_urb+0xed2/0x1880
[   45.766498][ T3325] Code: 7c 24 18 e8 90 0a ee fb 48 8b 7c 24 18 e8 36 5c 03 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 80 f6 8f 8a e8 10 fe ac 03 <0f> 0b e9 58 f8 ff ff e8 62 0a ee fb 48 81 c5 c0 05 00 00 e9 84 f7
[   45.786171][ T3325] RSP: 0018:ffffc9000332fba0 EFLAGS: 00010282
[   45.792267][ T3325] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[   45.800300][ T3325] RDX: ffff888023493b00 RSI: ffffffff8161f408 RDI: fffff52000665f66
[   45.808821][ T3325] RBP: ffff88801d92b140 R08: 0000000000000005 R09: 0000000000000000
[   45.816912][ T3325] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000001
[   45.824894][ T3325] R13: ffff8880253feeb0 R14: 0000000000000002 R15: ffff888016b91100
[   45.832897][ T3325] FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[pid  3608] exit_group(0)               = ?
[pid  3608] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3608, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567d95d0) = 3610
./strace-static-x86_64: Process 3610 attached
[pid  3610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3610] setpgid(0, 0)               = 0
[   45.841854][ T3325] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   45.848654][ T3325] CR2: 00005565e4848fa0 CR3: 00000000209d2000 CR4: 0000000000350ee0
[   45.856665][ T3325] Call Trace:
[   45.860034][ T3325]  <TASK>
[   45.862969][ T3325]  ? _raw_spin_unlock+0x12/0x40
[   45.868111][ T3325]  carl9170_usb_send_rx_irq_urb+0x273/0x340
[   45.874028][ T3325]  carl9170_usb_firmware_step2+0x171/0x240
[   45.874109][   T14] usb 1-1: USB disconnect, device number 2
[   45.880142][ T3325]  ? carl9170_usb_resume+0x170/0x170
[   45.891163][ T3325]  request_firmware_work_func+0x12c/0x230
[pid  3610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3610] write(3, "1000", 4)         = 4
[pid  3610] close(3)                    = 0
[pid  3610] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  3610] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffda9d1c1d0) = 0
[pid  3610] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffda9d1c1d0) = 0
[   45.897392][ T3325]  ? request_partial_firmware_into_buf+0xa0/0xa0
[   45.904276][ T3325]  process_one_work+0x991/0x1610
[   45.909625][ T3325]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   45.915421][ T3325]  ? rwlock_bug.part.0+0x90/0x90
[   45.920372][ T3325]  ? _raw_spin_lock_irq+0x41/0x50
[   45.925452][ T3325]  worker_thread+0x665/0x1080
[   45.930149][ T3325]  ? __kthread_parkme+0x15f/0x220
[   45.935241][ T3325]  ? process_one_work+0x1610/0x1610
[   45.940458][ T3325]  kthread+0x2e4/0x3a0
[   45.944516][ T3325]  ? kthread_complete_and_exit+0x40/0x40
[   45.950180][ T3325]  ret_from_fork+0x1f/0x30
[   45.954619][ T3325]  </TASK>
[   45.957669][ T3325] Kernel panic - not syncing: panic_on_warn set ...
[   45.964250][ T3325] CPU: 1 PID: 3325 Comm: kworker/1:3 Not tainted 6.0.0-rc5-syzkaller-00017-gd1221cea11fc #0
[   45.974296][ T3325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[   45.984337][ T3325] Workqueue: events request_firmware_work_func
[   45.990571][ T3325] Call Trace:
[   45.993847][ T3325]  <TASK>
[   45.996798][ T3325]  dump_stack_lvl+0xcd/0x134
[   46.001408][ T3325]  panic+0x2c8/0x627
[   46.005302][ T3325]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   46.011287][ T3325]  ? __warn.cold+0x248/0x2c4
[   46.015876][ T3325]  ? usb_submit_urb+0xed2/0x1880
[   46.020808][ T3325]  __warn.cold+0x259/0x2c4
[   46.025220][ T3325]  ? __wake_up_klogd.part.0+0x99/0xf0
[   46.030585][ T3325]  ? usb_submit_urb+0xed2/0x1880
[   46.035513][ T3325]  report_bug+0x1bc/0x210
[   46.039839][ T3325]  handle_bug+0x3c/0x60
[   46.043989][ T3325]  exc_invalid_op+0x14/0x40
[   46.048485][ T3325]  asm_exc_invalid_op+0x16/0x20
[   46.053328][ T3325] RIP: 0010:usb_submit_urb+0xed2/0x1880
[   46.058869][ T3325] Code: 7c 24 18 e8 90 0a ee fb 48 8b 7c 24 18 e8 36 5c 03 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 80 f6 8f 8a e8 10 fe ac 03 <0f> 0b e9 58 f8 ff ff e8 62 0a ee fb 48 81 c5 c0 05 00 00 e9 84 f7
[   46.078558][ T3325] RSP: 0018:ffffc9000332fba0 EFLAGS: 00010282
[   46.084619][ T3325] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[   46.092581][ T3325] RDX: ffff888023493b00 RSI: ffffffff8161f408 RDI: fffff52000665f66
[   46.100545][ T3325] RBP: ffff88801d92b140 R08: 0000000000000005 R09: 0000000000000000
[   46.108768][ T3325] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000001
[   46.116729][ T3325] R13: ffff8880253feeb0 R14: 0000000000000002 R15: ffff888016b91100
[   46.124697][ T3325]  ? vprintk+0x88/0x90
[   46.128853][ T3325]  ? _raw_spin_unlock+0x12/0x40
[   46.133700][ T3325]  carl9170_usb_send_rx_irq_urb+0x273/0x340
[   46.139595][ T3325]  carl9170_usb_firmware_step2+0x171/0x240
[   46.145398][ T3325]  ? carl9170_usb_resume+0x170/0x170
[   46.150679][ T3325]  request_firmware_work_func+0x12c/0x230
[   46.156395][ T3325]  ? request_partial_firmware_into_buf+0xa0/0xa0
[   46.162725][ T3325]  process_one_work+0x991/0x1610
[   46.167665][ T3325]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   46.173189][ T3325]  ? rwlock_bug.part.0+0x90/0x90
[   46.178134][ T3325]  ? _raw_spin_lock_irq+0x41/0x50
[   46.183160][ T3325]  worker_thread+0x665/0x1080
[   46.187844][ T3325]  ? __kthread_parkme+0x15f/0x220
[   46.192860][ T3325]  ? process_one_work+0x1610/0x1610
[   46.198056][ T3325]  kthread+0x2e4/0x3a0
[   46.202114][ T3325]  ? kthread_complete_and_exit+0x40/0x40
[   46.207742][ T3325]  ret_from_fork+0x1f/0x30
[   46.212163][ T3325]  </TASK>
[   46.216187][ T3325] Kernel Offset: disabled
[   46.220559][ T3325] Rebooting in 86400 seconds..