./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1116528385 <...> DUID 00:04:03:2c:e5:fc:a2:19:b8:8b:c5:bf:62:63:19:3a:75:c6 forked to background, child pid 3186 [ 23.111735][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.120771][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.38' (ECDSA) to the list of known hosts. execve("./syz-executor1116528385", ["./syz-executor1116528385"], 0x7fffa0c5c700 /* 10 vars */) = 0 brk(NULL) = 0x555557101000 brk(0x555557101c40) = 0x555557101c40 arch_prctl(ARCH_SET_FS, 0x555557101300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1116528385", 4096) = 28 brk(0x555557122c40) = 0x555557122c40 brk(0x555557123000) = 0x555557123000 mprotect(0x7f770b60b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcb771a640) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb771a640) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb771a640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb7719630) = 18 syzkaller login: [ 42.827079][ T923] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb771a640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb7719630) = 18 [ 43.067072][ T923] usb 1-1: Using ep0 maxpacket: 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb771a640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb7719630) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb771a640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb7719630) = 36 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb771a640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb7719630) = 4 [ 43.187448][ T923] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [ 43.195707][ T923] usb 1-1: config 0 has no interface number 0 [ 43.201811][ T923] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 43.211732][ T923] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb771a640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb7719630) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb771a640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb7719630) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb771a640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb7719630) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb771a640) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 43.377135][ T923] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 43.386335][ T923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.394345][ T923] usb 1-1: Product: syz [ 43.398525][ T923] usb 1-1: Manufacturer: syz [ 43.403104][ T923] usb 1-1: SerialNumber: syz [ 43.409781][ T923] usb 1-1: config 0 descriptor?? ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f770b6113ac) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f770b6113bc) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcb7719630) = 0 [ 43.428573][ T3607] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 43.435874][ T3607] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 43.448602][ T923] ------------[ cut here ]------------ [ 43.454065][ T923] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 43.460444][ T923] WARNING: CPU: 1 PID: 923 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed2/0x1880 [ 43.469933][ T923] Modules linked in: [ 43.473820][ T923] CPU: 1 PID: 923 Comm: kworker/1:2 Not tainted 6.1.0-rc1-next-20221019-syzkaller #0 [ 43.483287][ T923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 43.493357][ T923] Workqueue: usb_hub_wq hub_event [ 43.498413][ T923] RIP: 0010:usb_submit_urb+0xed2/0x1880 [ 43.503969][ T923] Code: 7c 24 18 e8 c0 dc e8 fb 48 8b 7c 24 18 e8 e6 40 01 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 80 db 70 8a e8 4f 63 b8 03 <0f> 0b e9 58 f8 ff ff e8 92 dc e8 fb 48 81 c5 c0 05 00 00 e9 84 f7 [ 43.523758][ T923] RSP: 0018:ffffc9000524ee78 EFLAGS: 00010282 [ 43.529863][ T923] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 43.537849][ T923] RDX: ffff88801f231d40 RSI: ffffffff81620b48 RDI: fffff52000a49dc1 [ 43.545804][ T923] RBP: ffff888016bb0600 R08: 0000000000000005 R09: 0000000000000000 [ 43.553783][ T923] R10: 0000000080000000 R11: 3a312d3120627375 R12: 0000000000000001 [ 43.561768][ T923] R13: ffff8880177e8410 R14: 0000000000000002 R15: ffff888016e1af00 [ 43.569751][ T923] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 43.578700][ T923] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.585269][ T923] CR2: 00007ffef65ecff8 CR3: 000000000ba8e000 CR4: 00000000003506e0 [ 43.593254][ T923] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.601250][ T923] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.609248][ T923] Call Trace: [ 43.612521][ T923] [ 43.615441][ T923] ? __init_swait_queue_head+0xc6/0x150 [ 43.621018][ T923] usb_start_wait_urb+0x101/0x4b0 exit_group(0) = ? +++ exited with 0 +++ [ 43.626055][ T923] ? usb_start_wait_