./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1711815424

<...>
forked to background, child pid 3184
no interfaces have a carri[   20.556858][ T3185] 8021q: adding VLAN 0 to HW filter on device bond0
er
[   20.569530][ T3185] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.79' (ECDSA) to the list of known hosts.
execve("./syz-executor1711815424", ["./syz-executor1711815424"], 0x7fffe2c60d00 /* 10 vars */) = 0
brk(NULL)                               = 0x555555e99000
brk(0x555555e99c40)                     = 0x555555e99c40
arch_prctl(ARCH_SET_FS, 0x555555e99300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1711815424", 4096) = 28
brk(0x555555ebac40)                     = 0x555555ebac40
brk(0x555555ebb000)                     = 0x555555ebb000
mprotect(0x7f04f4787000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd01658cb0) = 0
ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd01657ca0) = 18
syzkaller login: [   36.960453][ T3343] usb 1-1: new high-speed USB device number 2 using dummy_hcd
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd01657ca0) = 18
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd01657ca0) = 9
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd01657ca0) = 72
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd01657ca0) = 4
[   37.321137][ T3343] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd01657ca0) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd01657ca0) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd01657ca0) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0)    = 0
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f04f478d3ac) = 9
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f04f478d3bc) = 10
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f04f478d3cc) = 12
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f04f478d3dc) = 11
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f04f478d3ec) = 13
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f04f478d3fc) = 14
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 0
[   37.490487][ T3343] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   37.499676][ T3343] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   37.507682][ T3343] usb 1-1: Product: syz
[   37.511898][ T3343] usb 1-1: Manufacturer: syz
[   37.516501][ T3343] usb 1-1: SerialNumber: syz
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 4096
[   37.561082][ T3343] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 1856
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd01658cb0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd01657ca0) = 0
[   38.130447][ T3343] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   38.139730][ T3343] ------------[ cut here ]------------
[   38.145226][ T3343] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[   38.151472][ T3343] WARNING: CPU: 0 PID: 3343 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x1880
[   38.161051][ T3343] Modules linked in:
[   38.164946][ T3343] CPU: 0 PID: 3343 Comm: kworker/0:3 Not tainted 6.0.0-syzkaller-09039-ga6afa4199d3d #0
[   38.174823][ T3343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   38.184945][ T3343] Workqueue: events request_firmware_work_func
[   38.191160][ T3343] RIP: 0010:usb_submit_urb+0xed2/0x1880
[   38.196728][ T3343] Code: 7c 24 18 e8 c0 d7 e9 fb 48 8b 7c 24 18 e8 d6 67 02 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 6e 91 8a e8 ba 8e ac 03 <0f> 0b e9 58 f8 ff ff e8 92 d7 e9 fb 48 81 c5 c0 05 00 00 e9 84 f7
[   38.216467][ T3343] RSP: 0018:ffffc900039bfb38 EFLAGS: 00010286
[   38.222805][ T3343] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
[   38.230819][ T3343] RDX: ffff88807daf3b00 RSI: ffffffff8160f738 RDI: fffff52000737f59
[   38.238797][ T3343] RBP: ffff88807a9ed050 R08: 0000000000000005 R09: 0000000000000000
[   38.246788][ T3343] R10: 0000000080000000 R11: 3a312d3120627375 R12: 0000000000000003
[   38.254817][ T3343] R13: ffff88801c49a398 R14: 0000000000000003 R15: ffff888017115500
[   38.262876][ T3343] FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   38.271850][ T3343] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   38.278437][ T3343] CR2: 00007f399ea70edb CR3: 00000000268a6000 CR4: 00000000003506f0
[   38.286429][ T3343] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   38.294420][ T3343] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   38.302405][ T3343] Call Trace:
[   38.305716][ T3343]  <TASK>
[   38.308656][ T3343]  ? trace_hardirqs_on+0x2d/0x120
[   38.313729][ T3343]  ath9k_hif_usb_alloc_urbs+0x7d8/0x1050
[   38.319385][ T3343]  ath9k_hif_usb_firmware_cb+0x148/0x530
[   38.325048][ T3343]  ? ath9k_hif_usb_alloc_urbs+0x1050/0x1050
exit_group(0)                           = ?
+++ exited with 0 +++
[   3