./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1531707720 <...> DUID 00:04:48:c1:59:5f:fc:59:49:5e:88:a3:60:14:b2:b9:c6:dc forked to background, child pid 4665 [ 21.595344][ T4666] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.604845][ T4666] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. execve("./syz-executor1531707720", ["./syz-executor1531707720"], 0x7fff13e09060 /* 10 vars */) = 0 brk(NULL) = 0x555556b2b000 brk(0x555556b2bc40) = 0x555556b2bc40 arch_prctl(ARCH_SET_FS, 0x555556b2b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1531707720", 4096) = 28 brk(0x555556b4cc40) = 0x555556b4cc40 brk(0x555556b4d000) = 0x555556b4d000 mprotect(0x7f31f11e0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe256dc7b0) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe256dc7b0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe256dc7b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe256db7a0) = 18 syzkaller login: [ 44.817572][ T897] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe256dc7b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe256db7a0) = 18 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe256dc7b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe256db7a0) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe256dc7b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe256db7a0) = 18 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe256dc7b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe256db7a0) = 4 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe256dc7b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe256db7a0) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe256dc7b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe256db7a0) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe256dc7b0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe256db7a0) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe256dc7b0) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe256db7a0) = 0 [ 45.407918][ T897] usb 1-1: New USB device found, idVendor=2040, idProduct=1801, bcdDevice=46.99 [ 45.417168][ T897] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 45.426052][ T897] usb 1-1: Product: syz [ 45.430296][ T897] usb 1-1: Manufacturer: syz [ 45.434891][ T897] usb 1-1: SerialNumber: syz [ 45.442550][ T897] usb 1-1: config 0 descriptor?? [ 45.490058][ T897] smsusb:smsusb_probe: board id=7, interface number 0 [ 45.496988][ T897] ------------[ cut here ]------------ [ 45.502523][ T897] WARNING: CPU: 0 PID: 897 at kernel/workqueue.c:3182 __flush_work+0x946/0xb60 [ 45.511525][ T897] Modules linked in: [ 45.515405][ T897] CPU: 0 PID: 897 Comm: kworker/0:2 Not tainted 6.4.0-rc2-syzkaller-00018-g4d6d4c7f541d #0 [ 45.525448][ T897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 45.535618][ T897] Workqueue: usb_hub_wq hub_event [ 45.540704][ T897] RIP: 0010:__flush_work+0x946/0xb60 [ 45.546015][ T897] Code: 00 48 c7 c6 9b f7 53 81 48 c7 c7 40 90 79 8c e8 d0 ec 11 00 e9 6f fc ff ff e8 06 4b 30 00 0f 0b e9 63 fc ff ff e8 fa 4a 30 00 <0f> 0b 45 31 ed e9 54 fc ff ff e8 5b 12 83 00 e9 3e fb ff ff e8 e1 [ 45.565721][ T897] RSP: 0018:ffffc90005026c08 EFLAGS: 00010293 [ 45.571820][ T897] RAX: 0000000000000000 RBX: ffff88801f5e20e8 RCX: 0000000000000000 [ 45.579814][ T897] RDX: ffff88801f431dc0 RSI: ffffffff8153f7d6 RDI: 0000000000000001 [ 45.587816][ T897] RBP: ffffc90005026da0 R08: 0000000000000001 R09: 0000000000000000 [ 45.595778][ T897] R10: 0000000000000001 R11: ffffffff81d6e1f2 R12: ffff88801f5e20e8 [ 45.603964][ T897] R13: 0000000000000001 R14: 0000000000000001 R15: ffff88801f5e2100 [ 45.611981][ T897] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 45.620968][ T897] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.627591][ T897] CR2: 0000560d76a382c8 CR3: 0000000026f34000 CR4: 0000000000350ef0 [ 45.635646][ T897] Call Trace: [ 45.638959][ T897] [ 45.641891][ T897] ? lockdep_hardirqs_on+0x7d/0x100 [ 45.647092][ T897] ? print_usage_bug.part.0+0x660/0x660 [ 45.652681][ T897] ? mod_delayed_work_on+0x220/0x220 [ 45.658074][ T897] ? kasan_save_stack+0x32/0x40 [ 45.662936][ T897] ? kasan_save_stack+0x22/0x40 [ 45.667847][ T897] ? kasan_set_track+0x25/0x30 [ 45.672651][ T897] ? __kasan_kmalloc+0xa2/0xb0 [ 45.677540][ T897] ? smsusb_init_device+0xa7/0xd20 [ 45.682710][ T897] ? smsusb_probe+0x5b9/0x10b0 exit_group(0) = ? +++ exited with 0 +++ [ 45.687535][ T897] ? usb_probe_in