./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor716866902
<...>
Warning: Permanently added '10.128.1.2' (ECDSA) to the list of known hosts.
execve("./syz-executor716866902", ["./syz-executor716866902"], 0x7ffc9a7d2910 /* 10 vars */) = 0
brk(NULL) = 0x555555fe3000
brk(0x555555fe3c40) = 0x555555fe3c40
arch_prctl(ARCH_SET_FS, 0x555555fe3300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor716866902", 4096) = 27
brk(0x555556004c40) = 0x555556004c40
brk(0x555556005000) = 0x555556005000
mprotect(0x7f9d332a0000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3488
./strace-static-x86_64: Process 3488 attached
[pid 3488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3488] setpgid(0, 0) = 0
[pid 3488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3488] write(3, "1000", 4) = 4
[pid 3488] close(3) = 0
[pid 3488] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3488] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 117.841909][ T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[ 118.212428][ T6] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 118.382215][ T6] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 118.391559][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 118.399910][ T6] usb 1-1: Product: syz
[ 118.404441][ T6] usb 1-1: Manufacturer: syz
[ 118.409264][ T6] usb 1-1: SerialNumber: syz
[ 118.454061][ T6] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3488] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3488] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 119.072235][ T120] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 119.082608][ T120] ------------[ cut here ]------------
[ 119.088188][ T120] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 119.095694][ T120] WARNING: CPU: 0 PID: 120 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 119.105661][ T120] Modules linked in:
[ 119.109721][ T120] CPU: 0 PID: 120 Comm: kworker/0:2 Not tainted 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 119.119994][ T120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 119.130357][ T120] Workqueue: events request_firmware_work_func
[ 119.136919][ T120] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 119.142992][ T120] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 119.162907][ T120] RSP: 0018:ffff888109c439d8 EFLAGS: 00010246
[ 119.169154][ T120] RAX: 709942e939c66a00 RBX: 0000000000000000 RCX: ffff888103ee4180
[ 119.177403][ T120] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 119.185633][ T120] RBP: ffff888109c43af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 119.193956][ T120] R10: ffff88823f2d11e0 R11: ffff8881098436a0 R12: 0000000000000003
[ 119.202206][ T120] R13: 0000000000000001 R14: ffff888103ee4cd8 R15: 0000000000000000
[ 119.210337][ T120] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
[ 119.219547][ T120] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 119.226420][ T120] CR2: 00007fb689c13b44 CR3: 000000012e9e2000 CR4: 00000000003506f0
[ 119.234695][ T120] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 119.242883][ T120] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 119.250969][ T120] Call Trace:
[ 119.254504][ T120]
[ 119.257573][ T120] ? preempt_count_sub+0x7d/0x280
[ 119.263030][ T120] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3488] exit_group(0) = ?
[pid 3488] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3488, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[ 119.268875][ T120] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 119.274769][ T120] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 119.280827][ T120] request_firmware_work_func+0x12c/0x240
[ 119.286955][ T120] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 119.293210][ T120] ? request_firmware_nowait+0x6e0/0x6e0
[ 119.299066][ T120] process_one_work+0xb27/0x13e0
[ 119.302904][ T28] usb 1-1: USB disconnect, device number 2
[ 119.304367][ T120] worker_thread+0x1076/0x1d60
[ 119.315079][ T120] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3490
./strace-static-x86_64: Process 3490 attached
[pid 3490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3490] setpgid(0, 0) = 0
[pid 3490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3490] write(3, "1000", 4) = 4
[pid 3490] close(3) = 0
[pid 3490] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3490] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[ 119.321138][ T120] ? __kthread_parkme+0x110/0x1b0
[ 119.326498][ T120] kthread+0x31b/0x430
[ 119.330779][ T120] ? worker_clr_flags+0x2b0/0x2b0
[ 119.336132][ T120] ? kthread_blkcg+0x120/0x120
[ 119.341109][ T120] ret_from_fork+0x1f/0x30
[ 119.345874][ T120]
[ 119.349028][ T120] ---[ end trace 0000000000000000 ]---
[ 119.355976][ T120] usb 1-1: ath9k_htc: Unable to allocate URBs
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 119.385748][ T28] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 119.771868][ T28] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 120.182122][ T28] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[ 120.372284][ T28] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 120.382734][ T28] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 120.390856][ T28] usb 1-1: Product: syz
[ 120.395229][ T28] usb 1-1: Manufacturer: syz
[ 120.400001][ T28] usb 1-1: SerialNumber: syz
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[ 120.453981][ T28] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 121.102096][ T20] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 121.112664][ T20] ------------[ cut here ]------------
[ 121.118240][ T20] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 121.125751][ T20] WARNING: CPU: 1 PID: 20 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 121.135586][ T20] Modules linked in:
[ 121.139603][ T20] CPU: 1 PID: 20 Comm: kworker/1:0 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 121.151224][ T20] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 121.161802][ T20] Workqueue: events request_firmware_work_func
[ 121.168213][ T20] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 121.174127][ T20] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 121.193974][ T20] RSP: 0018:ffff8881026779d8 EFLAGS: 00010246
[ 121.200286][ T20] RAX: 3b5a7f5cac5f6b00 RBX: 0000000000000000 RCX: ffff88810265c180
[ 121.208545][ T20] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 121.216745][ T20] RBP: ffff888102677af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 121.224929][ T20] R10: ffff88823f2d11e0 R11: ffff8881022776a0 R12: 0000000000000003
[ 121.233105][ T20] R13: 0000000000000001 R14: ffff88810265ccd8 R15: 0000000000000000
[ 121.241181][ T20] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[ 121.250355][ T20] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 121.257132][ T20] CR2: 00007fb68a46a7f0 CR3: 000000012e9f4000 CR4: 00000000003506e0
[ 121.265324][ T20] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 121.273492][ T20] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 121.281592][ T20] Call Trace:
[ 121.285058][ T20]
[ 121.288111][ T20] ? preempt_count_sub+0x7d/0x280
[ 121.293419][ T20] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3490] exit_group(0) = ?
[pid 3490] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3490, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[ 121.299270][ T20] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 121.305174][ T20] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 121.311261][ T20] request_firmware_work_func+0x12c/0x240
[ 121.317347][ T20] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 121.319343][ T120] usb 1-1: USB disconnect, device number 3
[ 121.323462][ T20] ? request_firmware_nowait+0x6e0/0x6e0
[ 121.335234][ T20] process_one_work+0xb27/0x13e0
[ 121.340439][ T20] worker_thread+0x1076/0x1d60
[ 121.345605][ T20] kthread+0x31b/0x430
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3493
./strace-static-x86_64: Process 3493 attached
[pid 3493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3493] setpgid(0, 0) = 0
[pid 3493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3493] write(3, "1000", 4) = 4
[pid 3493] close(3) = 0
[pid 3493] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3493] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[ 121.349903][ T20] ? worker_clr_flags+0x2b0/0x2b0
[ 121.355308][ T20] ? kthread_blkcg+0x120/0x120
[ 121.360309][ T20] ret_from_fork+0x1f/0x30
[ 121.365068][ T20]
[ 121.368216][ T20] ---[ end trace 0000000000000000 ]---
[ 121.375161][ T20] usb 1-1: ath9k_htc: Unable to allocate URBs
[pid 3493] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 121.399575][ T120] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 121.781924][ T120] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[ 122.142158][ T120] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 122.312244][ T120] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 122.321540][ T120] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 122.329925][ T120] usb 1-1: Product: syz
[ 122.334318][ T120] usb 1-1: Manufacturer: syz
[ 122.339087][ T120] usb 1-1: SerialNumber: syz
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[ 122.384179][ T120] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 122.962099][ T6] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 122.972136][ T6] ------------[ cut here ]------------
[ 122.977809][ T6] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 122.985465][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 122.995352][ T6] Modules linked in:
[ 122.999549][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 123.011368][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 123.021897][ T6] Workqueue: events request_firmware_work_func
[ 123.028366][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 123.034717][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 123.054872][ T6] RSP: 0018:ffff8881026179d8 EFLAGS: 00010246
[ 123.061360][ T6] RAX: c0be2eacba329f00 RBX: 0000000000000000 RCX: ffff888102604180
[ 123.069724][ T6] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 123.078035][ T6] RBP: ffff888102617af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 123.086414][ T6] R10: ffff88823f2d11e0 R11: ffff8881022176a0 R12: 0000000000000003
[ 123.094744][ T6] R13: 0000000000000001 R14: ffff888102604cd8 R15: 0000000000000000
[ 123.103087][ T6] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
[ 123.112510][ T6] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 123.119345][ T6] CR2: 0000563163ef9b78 CR3: 000000012ea29000 CR4: 00000000003506f0
[ 123.131033][ T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 123.139347][ T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 123.147684][ T6] Call Trace:
[ 123.151225][ T6]
[ 123.154566][ T6] ? preempt_count_sub+0x7d/0x280
[pid 3493] exit_group(0) = ?
[pid 3493] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3493, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[ 123.160007][ T6] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[ 123.166261][ T6] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 123.172392][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 123.178579][ T6] request_firmware_work_func+0x12c/0x240
[ 123.182936][ T20] usb 1-1: USB disconnect, device number 4
[ 123.184672][ T6] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 123.196744][ T6] ? request_firmware_nowait+0x6e0/0x6e0
[ 123.202872][ T6] process_one_work+0xb27/0x13e0
[ 123.208229][ T6] worker_thread+0x1076/0x1d60
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3495
./strace-static-x86_64: Process 3495 attached
[pid 3495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3495] setpgid(0, 0) = 0
[pid 3495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3495] write(3, "1000", 4) = 4
[pid 3495] close(3) = 0
[pid 3495] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3495] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 123.213518][ T6] kthread+0x31b/0x430
[ 123.217940][ T6] ? worker_clr_flags+0x2b0/0x2b0
[ 123.223441][ T6] ? kthread_blkcg+0x120/0x120
[ 123.228570][ T6] ret_from_fork+0x1f/0x30
[ 123.233600][ T6]
[ 123.236885][ T6] ---[ end trace 0000000000000000 ]---
[ 123.243893][ T6] usb 1-1: ath9k_htc: Unable to allocate URBs
[ 123.266252][ T20] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 123.661880][ T20] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 124.042109][ T20] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[ 124.232195][ T20] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 124.242182][ T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 124.250374][ T20] usb 1-1: Product: syz
[ 124.254818][ T20] usb 1-1: Manufacturer: syz
[ 124.259588][ T20] usb 1-1: SerialNumber: syz
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 124.316542][ T20] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3495] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3495] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 124.962128][ T3492] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 124.971945][ T3492] ------------[ cut here ]------------
[ 124.978134][ T3492] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 124.985579][ T3492] WARNING: CPU: 1 PID: 3492 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 124.995545][ T3492] Modules linked in:
[ 124.999605][ T3492] CPU: 1 PID: 3492 Comm: kworker/1:3 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 125.011433][ T3492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 125.021902][ T3492] Workqueue: events request_firmware_work_func
[ 125.028323][ T3492] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 125.034300][ T3492] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 125.054147][ T3492] RSP: 0018:ffff88811fa139d8 EFLAGS: 00010246
[ 125.060350][ T3492] RAX: bf64756bc2926600 RBX: 0000000000000000 RCX: ffff888116b44180
[ 125.068570][ T3492] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 125.076727][ T3492] RBP: ffff88811fa13af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 125.084993][ T3492] R10: ffff88823f2d11e0 R11: ffff88811f6136a0 R12: 0000000000000003
[ 125.093158][ T3492] R13: 0000000000000001 R14: ffff888116b44cd8 R15: 0000000000000000
[ 125.101263][ T3492] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[ 125.110453][ T3492] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 125.117235][ T3492] CR2: 00007ffefc06ae20 CR3: 000000012e9fb000 CR4: 00000000003506e0
[ 125.125475][ T3492] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 125.133633][ T3492] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 125.141881][ T3492] Call Trace:
[ 125.145296][ T3492]
[ 125.148370][ T3492] ? preempt_count_sub+0x7d/0x280
[ 125.153730][ T3492] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3495] exit_group(0) = ?
[ 125.159615][ T3492] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 125.165544][ T3492] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 125.171577][ T3492] request_firmware_work_func+0x12c/0x240
[ 125.177568][ T3492] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 125.185257][ T3492] ? request_firmware_nowait+0x6e0/0x6e0
[ 125.191140][ T3492] process_one_work+0xb27/0x13e0
[ 125.196434][ T3492] worker_thread+0x1076/0x1d60
[ 125.198287][ T6] usb 1-1: USB disconnect, device number 5
[ 125.201374][ T3492] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[pid 3495] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3495, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3496
./strace-static-x86_64: Process 3496 attached
[pid 3496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3496] setpgid(0, 0) = 0
[pid 3496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 125.213579][ T3492] ? __kthread_parkme+0x110/0x1b0
[ 125.218830][ T3492] kthread+0x31b/0x430
[ 125.223238][ T3492] ? worker_clr_flags+0x2b0/0x2b0
[ 125.229254][ T3492] ? kthread_blkcg+0x120/0x120
[ 125.235081][ T3492] ret_from_fork+0x1f/0x30
[ 125.241532][ T3492]
[ 125.244804][ T3492] ---[ end trace 0000000000000000 ]---
[ 125.253094][ T3492] usb 1-1: ath9k_htc: Unable to allocate URBs
[pid 3496] write(3, "1000", 4) = 4
[pid 3496] close(3) = 0
[pid 3496] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3496] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 125.263537][ T6] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 125.641896][ T6] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[ 126.002241][ T6] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 126.172247][ T6] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 126.181586][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 126.189976][ T6] usb 1-1: Product: syz
[ 126.194484][ T6] usb 1-1: Manufacturer: syz
[ 126.199302][ T6] usb 1-1: SerialNumber: syz
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 126.244116][ T6] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3496] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3496] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 126.832120][ T120] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 126.842064][ T120] ------------[ cut here ]------------
[ 126.847648][ T120] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 126.855097][ T120] WARNING: CPU: 0 PID: 120 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 126.864946][ T120] Modules linked in:
[ 126.868982][ T120] CPU: 0 PID: 120 Comm: kworker/0:2 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 126.880877][ T120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 126.891199][ T120] Workqueue: events request_firmware_work_func
[ 126.897716][ T120] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 126.903603][ T120] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 126.923537][ T120] RSP: 0018:ffff888109c439d8 EFLAGS: 00010246
[ 126.929787][ T120] RAX: 709942e939c66a00 RBX: 0000000000000000 RCX: ffff888103ee4180
[ 126.938059][ T120] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 126.946318][ T120] RBP: ffff888109c43af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 126.954596][ T120] R10: ffff88823f2d11e0 R11: ffff8881098436a0 R12: 0000000000000003
[ 126.962853][ T120] R13: 0000000000000001 R14: ffff888103ee4cd8 R15: 0000000000000000
[ 126.970985][ T120] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
[ 126.980142][ T120] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 126.986957][ T120] CR2: 00007ffefc05f4e8 CR3: 000000012ea29000 CR4: 00000000003506f0
[ 126.995230][ T120] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 127.003404][ T120] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 127.011500][ T120] Call Trace:
[ 127.014989][ T120]
[ 127.018038][ T120] ? preempt_count_sub+0x7d/0x280
[ 127.023354][ T120] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3496] exit_group(0) = ?
[ 127.029198][ T120] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 127.035127][ T120] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 127.041179][ T120] request_firmware_work_func+0x12c/0x240
[ 127.047298][ T120] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 127.053660][ T120] ? request_firmware_nowait+0x6e0/0x6e0
[ 127.055535][ T3492] usb 1-1: USB disconnect, device number 6
[ 127.059466][ T120] process_one_work+0xb27/0x13e0
[ 127.070548][ T120] worker_thread+0x1076/0x1d60
[ 127.075626][ T120] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[pid 3496] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3496, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3497
./strace-static-x86_64: Process 3497 attached
[pid 3497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3497] setpgid(0, 0) = 0
[pid 3497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3497] write(3, "1000", 4) = 4
[pid 3497] close(3) = 0
[pid 3497] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3497] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[ 127.081830][ T120] ? __kthread_parkme+0x110/0x1b0
[ 127.087070][ T120] kthread+0x31b/0x430
[ 127.091345][ T120] ? worker_clr_flags+0x2b0/0x2b0
[ 127.096744][ T120] ? kthread_blkcg+0x120/0x120
[ 127.101807][ T120] ret_from_fork+0x1f/0x30
[ 127.106457][ T120]
[ 127.109603][ T120] ---[ end trace 0000000000000000 ]---
[ 127.116559][ T120] usb 1-1: ath9k_htc: Unable to allocate URBs
[pid 3497] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 127.134006][ T3492] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 127.521882][ T3492] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[ 127.942417][ T3492] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 128.122230][ T3492] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 128.132296][ T3492] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 128.140480][ T3492] usb 1-1: Product: syz
[ 128.144910][ T3492] usb 1-1: Manufacturer: syz
[ 128.149675][ T3492] usb 1-1: SerialNumber: syz
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 128.194995][ T3492] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3497] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3497] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 128.902195][ T20] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 128.912715][ T20] ------------[ cut here ]------------
[ 128.918312][ T20] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 128.925846][ T20] WARNING: CPU: 1 PID: 20 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 128.935595][ T20] Modules linked in:
[ 128.939595][ T20] CPU: 1 PID: 20 Comm: kworker/1:0 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 128.951246][ T20] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 128.961638][ T20] Workqueue: events request_firmware_work_func
[ 128.968156][ T20] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 128.974101][ T20] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 128.993992][ T20] RSP: 0018:ffff8881026779d8 EFLAGS: 00010246
[ 129.000270][ T20] RAX: 3b5a7f5cac5f6b00 RBX: 0000000000000000 RCX: ffff88810265c180
[ 129.008497][ T20] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 129.016658][ T20] RBP: ffff888102677af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 129.024839][ T20] R10: ffff88823f2d11e0 R11: ffff8881022776a0 R12: 0000000000000003
[ 129.033084][ T20] R13: 0000000000000001 R14: ffff88810265ccd8 R15: 0000000000000000
[ 129.041185][ T20] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[ 129.050393][ T20] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 129.057173][ T20] CR2: 00007f9d33262960 CR3: 0000000124fbe000 CR4: 00000000003506e0
[ 129.065346][ T20] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 129.073495][ T20] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 129.081591][ T20] Call Trace:
[ 129.085060][ T20]
[ 129.088108][ T20] ? preempt_count_sub+0x7d/0x280
[ 129.093412][ T20] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3497] exit_group(0) = ?
[ 129.099256][ T20] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 129.105160][ T20] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 129.111232][ T20] request_firmware_work_func+0x12c/0x240
[ 129.117299][ T20] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 129.123467][ T20] ? request_firmware_nowait+0x6e0/0x6e0
[ 129.129327][ T20] process_one_work+0xb27/0x13e0
[ 129.133459][ T120] usb 1-1: USB disconnect, device number 7
[ 129.134566][ T20] worker_thread+0x1076/0x1d60
[ 129.145320][ T20] kthread+0x31b/0x430
[pid 3497] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3497, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3498
./strace-static-x86_64: Process 3498 attached
[pid 3498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3498] setpgid(0, 0) = 0
[pid 3498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3498] write(3, "1000", 4) = 4
[pid 3498] close(3) = 0
[pid 3498] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3498] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 129.149588][ T20] ? worker_clr_flags+0x2b0/0x2b0
[ 129.154903][ T20] ? kthread_blkcg+0x120/0x120
[ 129.159904][ T20] ret_from_fork+0x1f/0x30
[ 129.164674][ T20]
[ 129.167839][ T20] ---[ end trace 0000000000000000 ]---
[ 129.174737][ T20] usb 1-1: ath9k_htc: Unable to allocate URBs
[ 129.192795][ T120] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 129.571956][ T120] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[ 129.932138][ T120] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 130.102330][ T120] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 130.111583][ T120] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 130.119849][ T120] usb 1-1: Product: syz
[ 130.124297][ T120] usb 1-1: Manufacturer: syz
[ 130.129029][ T120] usb 1-1: SerialNumber: syz
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 130.174284][ T120] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3498] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3498] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 130.762150][ T6] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 130.772277][ T6] ------------[ cut here ]------------
[ 130.777958][ T6] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 130.785570][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 130.795420][ T6] Modules linked in:
[ 130.799608][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 130.811361][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 130.821949][ T6] Workqueue: events request_firmware_work_func
[ 130.828456][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 130.834465][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 130.854492][ T6] RSP: 0018:ffff8881026179d8 EFLAGS: 00010246
[ 130.860809][ T6] RAX: c0be2eacba329f00 RBX: 0000000000000000 RCX: ffff888102604180
[ 130.869235][ T6] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 130.877611][ T6] RBP: ffff888102617af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 130.886066][ T6] R10: ffff88823f2d11e0 R11: ffff8881022176a0 R12: 0000000000000003
[ 130.894408][ T6] R13: 0000000000000001 R14: ffff888102604cd8 R15: 0000000000000000
[ 130.902789][ T6] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
[ 130.912091][ T6] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 130.918923][ T6] CR2: 00007ffdfddfbff8 CR3: 0000000118308000 CR4: 00000000003506f0
[ 130.927386][ T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 130.935698][ T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 130.944081][ T6] Call Trace:
[ 130.947578][ T6]
[ 130.950739][ T6] ? preempt_count_sub+0x7d/0x280
[ 130.956245][ T6] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3498] exit_group(0) = ?
[pid 3498] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3498, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[ 130.962255][ T6] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 130.968171][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 130.975523][ T6] request_firmware_work_func+0x12c/0x240
[ 130.981609][ T20] usb 1-1: USB disconnect, device number 8
[ 130.981622][ T6] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 130.993816][ T6] ? request_firmware_nowait+0x6e0/0x6e0
[ 130.999811][ T6] process_one_work+0xb27/0x13e0
[ 131.005296][ T6] worker_thread+0x1076/0x1d60
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3499
./strace-static-x86_64: Process 3499 attached
[pid 3499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3499] setpgid(0, 0) = 0
[pid 3499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3499] write(3, "1000", 4) = 4
[pid 3499] close(3) = 0
[pid 3499] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3499] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[ 131.010474][ T6] kthread+0x31b/0x430
[ 131.015017][ T6] ? worker_clr_flags+0x2b0/0x2b0
[ 131.020413][ T6] ? kthread_blkcg+0x120/0x120
[ 131.025658][ T6] ret_from_fork+0x1f/0x30
[ 131.030453][ T6]
[ 131.033854][ T6] ---[ end trace 0000000000000000 ]---
[ 131.040810][ T6] usb 1-1: ath9k_htc: Unable to allocate URBs
[pid 3499] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 131.059820][ T20] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 131.461878][ T20] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[ 131.852472][ T20] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[ 132.042176][ T20] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 132.053489][ T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 132.061602][ T20] usb 1-1: Product: syz
[ 132.065974][ T20] usb 1-1: Manufacturer: syz
[ 132.070745][ T20] usb 1-1: SerialNumber: syz
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 132.134986][ T20] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3499] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3499] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 132.792068][ T3492] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 132.801951][ T3492] ------------[ cut here ]------------
[ 132.809154][ T3492] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 132.816543][ T3492] WARNING: CPU: 1 PID: 3492 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 132.826518][ T3492] Modules linked in:
[ 132.830577][ T3492] CPU: 1 PID: 3492 Comm: kworker/1:3 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 132.842415][ T3492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 132.852757][ T3492] Workqueue: events request_firmware_work_func
[ 132.859164][ T3492] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 132.865040][ T3492] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 132.884879][ T3492] RSP: 0018:ffff88811fa139d8 EFLAGS: 00010246
[ 132.891080][ T3492] RAX: bf64756bc2926600 RBX: 0000000000000000 RCX: ffff888116b44180
[ 132.899301][ T3492] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 132.907465][ T3492] RBP: ffff88811fa13af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 132.915686][ T3492] R10: ffff88823f2d11e0 R11: ffff88811f6136a0 R12: 0000000000000003
[ 132.923855][ T3492] R13: 0000000000000001 R14: ffff888116b44cd8 R15: 0000000000000000
[ 132.932072][ T3492] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[ 132.941196][ T3492] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 132.948038][ T3492] CR2: 00007f9d33262960 CR3: 000000012ea29000 CR4: 00000000003506e0
[ 132.956216][ T3492] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 132.964411][ T3492] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 132.972727][ T3492] Call Trace:
[ 132.976127][ T3492]
[ 132.979197][ T3492] ? preempt_count_sub+0x7d/0x280
[ 132.984615][ T3492] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[ 132.990492][ T3492] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 132.996649][ T3492] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 133.002770][ T3492] request_firmware_work_func+0x12c/0x240
[ 133.009851][ T3492] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 133.016035][ T3492] ? request_firmware_nowait+0x6e0/0x6e0
[ 133.022887][ T3492] process_one_work+0xb27/0x13e0
[ 133.028101][ T3492] worker_thread+0x1076/0x1d60
[ 133.033260][ T3492] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[pid 3499] exit_group(0) = ?
[pid 3499] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3499, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3500
./strace-static-x86_64: Process 3500 attached
[pid 3500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3500] setpgid(0, 0) = 0
[pid 3500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3500] write(3, "1000", 4) = 4
[ 133.033501][ T6] usb 1-1: USB disconnect, device number 9
[ 133.039247][ T3492] ? __kthread_parkme+0x110/0x1b0
[ 133.050499][ T3492] kthread+0x31b/0x430
[ 133.054831][ T3492] ? worker_clr_flags+0x2b0/0x2b0
[ 133.060114][ T3492] ? kthread_blkcg+0x120/0x120
[ 133.065174][ T3492] ret_from_fork+0x1f/0x30
[ 133.069856][ T3492]
[ 133.073083][ T3492] ---[ end trace 0000000000000000 ]---
[ 133.079904][ T3492] usb 1-1: ath9k_htc: Unable to allocate URBs
[pid 3500] close(3) = 0
[pid 3500] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3500] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 133.245099][ T6] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 133.611875][ T6] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[ 133.972171][ T6] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 134.142235][ T6] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 134.151856][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 134.160200][ T6] usb 1-1: Product: syz
[ 134.164814][ T6] usb 1-1: Manufacturer: syz
[ 134.169670][ T6] usb 1-1: SerialNumber: syz
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 134.214163][ T6] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 134.802133][ T120] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 134.811910][ T120] ------------[ cut here ]------------
[ 134.817508][ T120] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 134.825226][ T120] WARNING: CPU: 0 PID: 120 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 134.835119][ T120] Modules linked in:
[ 134.839115][ T120] CPU: 0 PID: 120 Comm: kworker/0:2 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 134.850920][ T120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 134.861253][ T120] Workqueue: events request_firmware_work_func
[ 134.867747][ T120] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 134.873683][ T120] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 134.893654][ T120] RSP: 0018:ffff888109c439d8 EFLAGS: 00010246
[ 134.899904][ T120] RAX: 709942e939c66a00 RBX: 0000000000000000 RCX: ffff888103ee4180
[ 134.908151][ T120] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 134.916415][ T120] RBP: ffff888109c43af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 134.924726][ T120] R10: ffff88823f2d11e0 R11: ffff8881098436a0 R12: 0000000000000003
[ 134.932917][ T120] R13: 0000000000000001 R14: ffff888103ee4cd8 R15: 0000000000000000
[ 134.941150][ T120] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
[ 134.950429][ T120] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 134.957262][ T120] CR2: 00007f9d33262960 CR3: 000000012ea3b000 CR4: 00000000003506f0
[ 134.965478][ T120] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 134.973657][ T120] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 134.981919][ T120] Call Trace:
[ 134.985332][ T120]
[ 134.988376][ T120] ? preempt_count_sub+0x7d/0x280
[ 134.993726][ T120] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3500] exit_group(0) = ?
[ 134.999601][ T120] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 135.005553][ T120] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 135.011599][ T120] request_firmware_work_func+0x12c/0x240
[ 135.017662][ T120] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 135.023930][ T120] ? request_firmware_nowait+0x6e0/0x6e0
[ 135.029792][ T120] process_one_work+0xb27/0x13e0
[ 135.035094][ T120] worker_thread+0x1076/0x1d60
[ 135.040091][ T120] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 135.043518][ T3492] usb 1-1: USB disconnect, device number 10
[pid 3500] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3500, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3501
./strace-static-x86_64: Process 3501 attached
[pid 3501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3501] setpgid(0, 0) = 0
[pid 3501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 135.046288][ T120] ? __kthread_parkme+0x110/0x1b0
[ 135.057351][ T120] kthread+0x31b/0x430
[ 135.061616][ T120] ? worker_clr_flags+0x2b0/0x2b0
[ 135.067113][ T120] ? kthread_blkcg+0x120/0x120
[ 135.072222][ T120] ret_from_fork+0x1f/0x30
[ 135.076869][ T120]
[ 135.080023][ T120] ---[ end trace 0000000000000000 ]---
[ 135.086977][ T120] usb 1-1: ath9k_htc: Unable to allocate URBs
[pid 3501] write(3, "1000", 4) = 4
[pid 3501] close(3) = 0
[pid 3501] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3501] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 135.107179][ T3492] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 135.491873][ T3492] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 135.882139][ T3492] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[ 136.112164][ T3492] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 136.122214][ T3492] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 136.130421][ T3492] usb 1-1: Product: syz
[ 136.134891][ T3492] usb 1-1: Manufacturer: syz
[ 136.139637][ T3492] usb 1-1: SerialNumber: syz
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 136.195793][ T3492] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3501] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3501] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 136.882067][ T20] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 136.892601][ T20] ------------[ cut here ]------------
[ 136.898177][ T20] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 136.905610][ T20] WARNING: CPU: 1 PID: 20 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 136.915368][ T20] Modules linked in:
[ 136.919359][ T20] CPU: 1 PID: 20 Comm: kworker/1:0 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 136.930995][ T20] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 136.941301][ T20] Workqueue: events request_firmware_work_func
[ 136.947722][ T20] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 136.953602][ T20] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 136.973449][ T20] RSP: 0018:ffff8881026779d8 EFLAGS: 00010246
[ 136.979726][ T20] RAX: 3b5a7f5cac5f6b00 RBX: 0000000000000000 RCX: ffff88810265c180
[ 136.987973][ T20] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 136.996123][ T20] RBP: ffff888102677af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 137.004356][ T20] R10: ffff88823f2d11e0 R11: ffff8881022776a0 R12: 0000000000000003
[ 137.012605][ T20] R13: 0000000000000001 R14: ffff88810265ccd8 R15: 0000000000000000
[ 137.020703][ T20] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[ 137.029896][ T20] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 137.036672][ T20] CR2: 00007ffdfddfbff8 CR3: 000000012e9f4000 CR4: 00000000003506e0
[ 137.044891][ T20] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 137.053043][ T20] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 137.061146][ T20] Call Trace:
[ 137.064670][ T20]
[ 137.067717][ T20] ? preempt_count_sub+0x7d/0x280
[ 137.073026][ T20] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3501] exit_group(0) = ?
[ 137.078871][ T20] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 137.084776][ T20] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 137.090901][ T20] request_firmware_work_func+0x12c/0x240
[ 137.096956][ T20] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 137.103125][ T20] ? request_firmware_nowait+0x6e0/0x6e0
[ 137.104192][ T120] usb 1-1: USB disconnect, device number 11
[ 137.108997][ T20] process_one_work+0xb27/0x13e0
[ 137.120221][ T20] worker_thread+0x1076/0x1d60
[ 137.125329][ T20] kthread+0x31b/0x430
[pid 3501] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3501, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3502
./strace-static-x86_64: Process 3502 attached
[pid 3502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3502] setpgid(0, 0) = 0
[pid 3502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3502] write(3, "1000", 4) = 4
[pid 3502] close(3) = 0
[pid 3502] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3502] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 137.129611][ T20] ? worker_clr_flags+0x2b0/0x2b0
[ 137.134988][ T20] ? kthread_blkcg+0x120/0x120
[ 137.139969][ T20] ret_from_fork+0x1f/0x30
[ 137.144750][ T20]
[ 137.147915][ T20] ---[ end trace 0000000000000000 ]---
[ 137.154862][ T20] usb 1-1: ath9k_htc: Unable to allocate URBs
[ 137.167099][ T120] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 137.551895][ T120] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[ 137.912121][ T120] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 138.082218][ T120] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 138.091476][ T120] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 138.099742][ T120] usb 1-1: Product: syz
[ 138.104102][ T120] usb 1-1: Manufacturer: syz
[ 138.108826][ T120] usb 1-1: SerialNumber: syz
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 138.154132][ T120] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3502] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3502] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 138.742085][ T6] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 138.752043][ T6] ------------[ cut here ]------------
[ 138.757742][ T6] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 138.765296][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 138.775093][ T6] Modules linked in:
[ 138.779170][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 138.790863][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 138.801340][ T6] Workqueue: events request_firmware_work_func
[ 138.808025][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 138.814057][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 138.834096][ T6] RSP: 0018:ffff8881026179d8 EFLAGS: 00010246
[ 138.840503][ T6] RAX: c0be2eacba329f00 RBX: 0000000000000000 RCX: ffff888102604180
[ 138.848894][ T6] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 138.857204][ T6] RBP: ffff888102617af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 138.865535][ T6] R10: ffff88823f2d11e0 R11: ffff8881022176a0 R12: 0000000000000003
[ 138.873859][ T6] R13: 0000000000000001 R14: ffff888102604cd8 R15: 0000000000000000
[ 138.882195][ T6] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
[ 138.891400][ T6] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 138.898376][ T6] CR2: 00007ffefc064ee8 CR3: 000000012ea29000 CR4: 00000000003506f0
[ 138.906738][ T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 138.915111][ T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 138.923411][ T6] Call Trace:
[ 138.926862][ T6]
[ 138.930020][ T6] ? preempt_count_sub+0x7d/0x280
[ 138.935590][ T6] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3502] exit_group(0) = ?
[ 138.941573][ T6] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 138.947606][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 138.953952][ T6] request_firmware_work_func+0x12c/0x240
[ 138.960034][ T6] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 138.966469][ T6] ? request_firmware_nowait+0x6e0/0x6e0
[ 138.967089][ T20] usb 1-1: USB disconnect, device number 12
[ 138.972452][ T6] process_one_work+0xb27/0x13e0
[ 138.983854][ T6] worker_thread+0x1076/0x1d60
[ 138.989016][ T6] kthread+0x31b/0x430
[pid 3502] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3502, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3503
./strace-static-x86_64: Process 3503 attached
[pid 3503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3503] setpgid(0, 0) = 0
[pid 3503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3503] write(3, "1000", 4) = 4
[pid 3503] close(3) = 0
[pid 3503] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3503] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 138.993523][ T6] ? worker_clr_flags+0x2b0/0x2b0
[ 138.998923][ T6] ? kthread_blkcg+0x120/0x120
[ 139.004116][ T6] ret_from_fork+0x1f/0x30
[ 139.008915][ T6]
[ 139.012383][ T6] ---[ end trace 0000000000000000 ]---
[ 139.019333][ T6] usb 1-1: ath9k_htc: Unable to allocate URBs
[ 139.047655][ T20] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 139.431898][ T20] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 139.852198][ T20] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[ 140.052309][ T20] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 140.062599][ T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 140.070767][ T20] usb 1-1: Product: syz
[ 140.075216][ T20] usb 1-1: Manufacturer: syz
[ 140.079956][ T20] usb 1-1: SerialNumber: syz
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 140.124216][ T20] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3503] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 140.762124][ T3492] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 140.773509][ T3492] ------------[ cut here ]------------
[ 140.779078][ T3492] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 140.786619][ T3492] WARNING: CPU: 1 PID: 3492 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 140.796552][ T3492] Modules linked in:
[ 140.800543][ T3492] CPU: 1 PID: 3492 Comm: kworker/1:3 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 140.812469][ T3492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 140.822724][ T3492] Workqueue: events request_firmware_work_func
[ 140.829067][ T3492] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 140.835038][ T3492] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 140.854880][ T3492] RSP: 0018:ffff88811fa139d8 EFLAGS: 00010246
[ 140.861104][ T3492] RAX: bf64756bc2926600 RBX: 0000000000000000 RCX: ffff888116b44180
[ 140.869377][ T3492] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 140.877542][ T3492] RBP: ffff88811fa13af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 140.885723][ T3492] R10: ffff88823f2d11e0 R11: ffff88811f6136a0 R12: 0000000000000003
[ 140.893896][ T3492] R13: 0000000000000001 R14: ffff888116b44cd8 R15: 0000000000000000
[ 140.902113][ T3492] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[ 140.911235][ T3492] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 140.918079][ T3492] CR2: 00007ffdfddfcbd8 CR3: 000000012d389000 CR4: 00000000003506e0
[ 140.926270][ T3492] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 140.934449][ T3492] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 140.942617][ T3492] Call Trace:
[ 140.945972][ T3492]
[ 140.949014][ T3492] ? preempt_count_sub+0x7d/0x280
[ 140.954466][ T3492] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3503] exit_group(0) = ?
[pid 3503] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3503, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[ 140.960325][ T3492] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 140.966253][ T3492] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 140.972406][ T3492] request_firmware_work_func+0x12c/0x240
[ 140.978379][ T3492] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 140.982990][ T6] usb 1-1: USB disconnect, device number 13
[ 140.984528][ T3492] ? request_firmware_nowait+0x6e0/0x6e0
[ 140.996331][ T3492] process_one_work+0xb27/0x13e0
[ 141.001539][ T3492] worker_thread+0x1076/0x1d60
[ 141.006665][ T3492] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3504
./strace-static-x86_64: Process 3504 attached
[pid 3504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3504] setpgid(0, 0) = 0
[pid 3504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3504] write(3, "1000", 4) = 4
[pid 3504] close(3) = 0
[pid 3504] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3504] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 141.012859][ T3492] ? __kthread_parkme+0x110/0x1b0
[ 141.018128][ T3492] kthread+0x31b/0x430
[ 141.022543][ T3492] ? worker_clr_flags+0x2b0/0x2b0
[ 141.027832][ T3492] ? kthread_blkcg+0x120/0x120
[ 141.032882][ T3492] ret_from_fork+0x1f/0x30
[ 141.037557][ T3492]
[ 141.040706][ T3492] ---[ end trace 0000000000000000 ]---
[ 141.047589][ T3492] usb 1-1: ath9k_htc: Unable to allocate URBs
[ 141.073202][ T6] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 141.431898][ T6] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[ 141.792136][ T6] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 141.962207][ T6] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 141.971591][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 141.980014][ T6] usb 1-1: Product: syz
[ 141.984541][ T6] usb 1-1: Manufacturer: syz
[ 141.989363][ T6] usb 1-1: SerialNumber: syz
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 142.034153][ T6] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3504] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3504] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 142.622179][ T120] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 142.632282][ T120] ------------[ cut here ]------------
[ 142.637879][ T120] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 142.645406][ T120] WARNING: CPU: 0 PID: 120 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 142.655321][ T120] Modules linked in:
[ 142.659316][ T120] CPU: 0 PID: 120 Comm: kworker/0:2 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 142.671064][ T120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 142.681434][ T120] Workqueue: events request_firmware_work_func
[ 142.687941][ T120] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 142.693869][ T120] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 142.713847][ T120] RSP: 0018:ffff888109c439d8 EFLAGS: 00010246
[ 142.720105][ T120] RAX: 709942e939c66a00 RBX: 0000000000000000 RCX: ffff888103ee4180
[ 142.728359][ T120] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 142.736566][ T120] RBP: ffff888109c43af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 142.744813][ T120] R10: ffff88823f2d11e0 R11: ffff8881098436a0 R12: 0000000000000003
[ 142.753025][ T120] R13: 0000000000000001 R14: ffff888103ee4cd8 R15: 0000000000000000
[ 142.761170][ T120] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
[ 142.770448][ T120] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 142.777371][ T120] CR2: 0000563163efedb8 CR3: 000000012ea29000 CR4: 00000000003506f0
[ 142.785623][ T120] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 142.793820][ T120] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 142.802035][ T120] Call Trace:
[ 142.805440][ T120]
[ 142.808483][ T120] ? preempt_count_sub+0x7d/0x280
[ 142.813895][ T120] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3504] exit_group(0) = ?
[pid 3504] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3504, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3505
[ 142.819769][ T120] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 142.825745][ T120] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 142.831926][ T120] request_firmware_work_func+0x12c/0x240
[ 142.837877][ T120] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 142.839919][ T3492] usb 1-1: USB disconnect, device number 14
[ 142.844040][ T120] ? request_firmware_nowait+0x6e0/0x6e0
[ 142.855814][ T120] process_one_work+0xb27/0x13e0
[ 142.861021][ T120] worker_thread+0x1076/0x1d60
[ 142.866113][ T120] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
./strace-static-x86_64: Process 3505 attached
[pid 3505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3505] setpgid(0, 0) = 0
[pid 3505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3505] write(3, "1000", 4) = 4
[pid 3505] close(3) = 0
[pid 3505] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3505] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 142.872283][ T120] ? __kthread_parkme+0x110/0x1b0
[ 142.877523][ T120] kthread+0x31b/0x430
[ 142.881877][ T120] ? worker_clr_flags+0x2b0/0x2b0
[ 142.887146][ T120] ? kthread_blkcg+0x120/0x120
[ 142.892417][ T120] ret_from_fork+0x1f/0x30
[ 142.897070][ T120]
[ 142.900226][ T120] ---[ end trace 0000000000000000 ]---
[ 142.907233][ T120] usb 1-1: ath9k_htc: Unable to allocate URBs
[ 142.916238][ T3492] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 143.331885][ T3492] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 143.742122][ T3492] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[ 143.932175][ T3492] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 143.942766][ T3492] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 143.950895][ T3492] usb 1-1: Product: syz
[ 143.955264][ T3492] usb 1-1: Manufacturer: syz
[ 143.960038][ T3492] usb 1-1: SerialNumber: syz
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 144.014870][ T3492] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3505] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3505] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 144.692070][ T20] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 144.702526][ T20] ------------[ cut here ]------------
[ 144.708108][ T20] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 144.715542][ T20] WARNING: CPU: 1 PID: 20 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 144.725299][ T20] Modules linked in:
[ 144.729310][ T20] CPU: 1 PID: 20 Comm: kworker/1:0 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 144.740952][ T20] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 144.751200][ T20] Workqueue: events request_firmware_work_func
[ 144.757649][ T20] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 144.763536][ T20] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 144.783383][ T20] RSP: 0018:ffff8881026779d8 EFLAGS: 00010246
[ 144.789628][ T20] RAX: 3b5a7f5cac5f6b00 RBX: 0000000000000000 RCX: ffff88810265c180
[ 144.797887][ T20] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 144.806042][ T20] RBP: ffff888102677af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 144.814301][ T20] R10: ffff88823f2d11e0 R11: ffff8881022776a0 R12: 0000000000000003
[ 144.822496][ T20] R13: 0000000000000001 R14: ffff88810265ccd8 R15: 0000000000000000
[ 144.830646][ T20] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[ 144.839879][ T20] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 144.846693][ T20] CR2: 00007ffdfddfbff8 CR3: 000000012e9f4000 CR4: 00000000003506e0
[ 144.854960][ T20] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 144.863107][ T20] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 144.871203][ T20] Call Trace:
[ 144.874714][ T20]
[ 144.877766][ T20] ? preempt_count_sub+0x7d/0x280
[ 144.883060][ T20] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3505] exit_group(0) = ?
[pid 3505] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3505, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3506
[ 144.888903][ T20] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 144.894809][ T20] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 144.902306][ T20] request_firmware_work_func+0x12c/0x240
[ 144.908265][ T20] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 144.912969][ T120] usb 1-1: USB disconnect, device number 15
[ 144.914437][ T20] ? request_firmware_nowait+0x6e0/0x6e0
[ 144.926090][ T20] process_one_work+0xb27/0x13e0
[ 144.932124][ T20] worker_thread+0x1076/0x1d60
[ 144.937187][ T20] kthread+0x31b/0x430
./strace-static-x86_64: Process 3506 attached
[pid 3506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3506] setpgid(0, 0) = 0
[pid 3506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3506] write(3, "1000", 4) = 4
[pid 3506] close(3) = 0
[pid 3506] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3506] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[ 144.941968][ T20] ? worker_clr_flags+0x2b0/0x2b0
[ 144.947226][ T20] ? kthread_blkcg+0x120/0x120
[ 144.952285][ T20] ret_from_fork+0x1f/0x30
[ 144.956947][ T20]
[ 144.960114][ T20] ---[ end trace 0000000000000000 ]---
[ 144.967053][ T20] usb 1-1: ath9k_htc: Unable to allocate URBs
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 144.995518][ T120] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 145.361921][ T120] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[ 145.722121][ T120] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 145.892222][ T120] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 145.901515][ T120] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 145.909824][ T120] usb 1-1: Product: syz
[ 145.914202][ T120] usb 1-1: Manufacturer: syz
[ 145.918922][ T120] usb 1-1: SerialNumber: syz
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 145.964107][ T120] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3506] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3506] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 146.552260][ T6] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 146.562391][ T6] ------------[ cut here ]------------
[ 146.568097][ T6] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 146.575642][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 146.585440][ T6] Modules linked in:
[ 146.589639][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 146.601408][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 146.611978][ T6] Workqueue: events request_firmware_work_func
[ 146.618452][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 146.624461][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 146.644643][ T6] RSP: 0018:ffff8881026179d8 EFLAGS: 00010246
[ 146.650991][ T6] RAX: c0be2eacba329f00 RBX: 0000000000000000 RCX: ffff888102604180
[ 146.659367][ T6] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 146.667672][ T6] RBP: ffff888102617af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 146.676080][ T6] R10: ffff88823f2d11e0 R11: ffff8881022176a0 R12: 0000000000000003
[ 146.684456][ T6] R13: 0000000000000001 R14: ffff888102604cd8 R15: 0000000000000000
[ 146.692855][ T6] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
[ 146.702223][ T6] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 146.709108][ T6] CR2: 00007f9d33262960 CR3: 000000012e957000 CR4: 00000000003506f0
[ 146.717552][ T6] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 146.725856][ T6] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 146.734244][ T6] Call Trace:
[ 146.737769][ T6]
[ 146.740919][ T6] ? preempt_count_sub+0x7d/0x280
[ 146.746517][ T6] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3506] exit_group(0) = ?
[pid 3506] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3506, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3508
[ 146.752523][ T6] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 146.758436][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 146.764972][ T6] request_firmware_work_func+0x12c/0x240
[ 146.771063][ T6] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 146.772429][ T20] usb 1-1: USB disconnect, device number 16
[ 146.777341][ T6] ? request_firmware_nowait+0x6e0/0x6e0
[ 146.789289][ T6] process_one_work+0xb27/0x13e0
[ 146.794749][ T6] worker_thread+0x1076/0x1d60
./strace-static-x86_64: Process 3508 attached
[pid 3508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3508] setpgid(0, 0) = 0
[pid 3508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3508] write(3, "1000", 4) = 4
[pid 3508] close(3) = 0
[pid 3508] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3508] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 146.799910][ T6] kthread+0x31b/0x430
[ 146.804441][ T6] ? worker_clr_flags+0x2b0/0x2b0
[ 146.809831][ T6] ? kthread_blkcg+0x120/0x120
[ 146.815042][ T6] ret_from_fork+0x1f/0x30
[ 146.819833][ T6]
[ 146.823190][ T6] ---[ end trace 0000000000000000 ]---
[ 146.830133][ T6] usb 1-1: ath9k_htc: Unable to allocate URBs
[ 146.859231][ T20] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 147.231888][ T20] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 147.662218][ T20] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 147.862364][ T20] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 147.872653][ T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 147.880798][ T20] usb 1-1: Product: syz
[ 147.885187][ T20] usb 1-1: Manufacturer: syz
[ 147.889958][ T20] usb 1-1: SerialNumber: syz
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 147.936973][ T20] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3508] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3508] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 148.602134][ T3492] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 148.612786][ T3492] ------------[ cut here ]------------
[ 148.618363][ T3492] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 148.626047][ T3492] WARNING: CPU: 1 PID: 3492 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 148.636016][ T3492] Modules linked in:
[ 148.640034][ T3492] CPU: 1 PID: 3492 Comm: kworker/1:3 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 148.651884][ T3492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 148.662223][ T3492] Workqueue: events request_firmware_work_func
[ 148.668659][ T3492] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 148.674666][ T3492] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 148.694550][ T3492] RSP: 0018:ffff88811fa139d8 EFLAGS: 00010246
[ 148.700846][ T3492] RAX: bf64756bc2926600 RBX: 0000000000000000 RCX: ffff888116b44180
[ 148.709074][ T3492] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 148.717248][ T3492] RBP: ffff88811fa13af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 148.725435][ T3492] R10: ffff88823f2d11e0 R11: ffff88811f6136a0 R12: 0000000000000003
[ 148.733609][ T3492] R13: 0000000000000001 R14: ffff888116b44cd8 R15: 0000000000000000
[ 148.741820][ T3492] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[ 148.750947][ T3492] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 148.757794][ T3492] CR2: 0000560576bbd680 CR3: 0000000118308000 CR4: 00000000003506e0
[ 148.765968][ T3492] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 148.774194][ T3492] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 148.782359][ T3492] Call Trace:
[ 148.785713][ T3492]
[ 148.788758][ T3492] ? preempt_count_sub+0x7d/0x280
[ 148.794162][ T3492] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3508] exit_group(0) = ?
[pid 3508] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3508, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
[ 148.800041][ T3492] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 148.806022][ T3492] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 148.812212][ T3492] request_firmware_work_func+0x12c/0x240
[ 148.818162][ T3492] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 148.823292][ T6] usb 1-1: USB disconnect, device number 17
[ 148.824312][ T3492] ? request_firmware_nowait+0x6e0/0x6e0
[ 148.836099][ T3492] process_one_work+0xb27/0x13e0
[ 148.841299][ T3492] worker_thread+0x1076/0x1d60
[ 148.846448][ T3492] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3511
./strace-static-x86_64: Process 3511 attached
[pid 3511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3511] setpgid(0, 0) = 0
[pid 3511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3511] write(3, "1000", 4) = 4
[pid 3511] close(3) = 0
[pid 3511] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3511] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 148.852573][ T3492] ? __kthread_parkme+0x110/0x1b0
[ 148.857828][ T3492] kthread+0x31b/0x430
[ 148.862205][ T3492] ? worker_clr_flags+0x2b0/0x2b0
[ 148.867479][ T3492] ? kthread_blkcg+0x120/0x120
[ 148.872579][ T3492] ret_from_fork+0x1f/0x30
[ 148.877252][ T3492]
[ 148.880418][ T3492] ---[ end trace 0000000000000000 ]---
[ 148.887398][ T3492] usb 1-1: ath9k_htc: Unable to allocate URBs
[ 148.914716][ T6] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 149.271893][ T6] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[ 149.632186][ T6] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 149.802285][ T6] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 149.811620][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 149.820027][ T6] usb 1-1: Product: syz
[ 149.824528][ T6] usb 1-1: Manufacturer: syz
[ 149.829345][ T6] usb 1-1: SerialNumber: syz
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 149.873896][ T6] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3511] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3511] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 150.462092][ T120] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 150.472101][ T120] ------------[ cut here ]------------
[ 150.477712][ T120] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 150.485184][ T120] WARNING: CPU: 0 PID: 120 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 150.495114][ T120] Modules linked in:
[ 150.499142][ T120] CPU: 0 PID: 120 Comm: kworker/0:2 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 150.510941][ T120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 150.521268][ T120] Workqueue: events request_firmware_work_func
[ 150.527855][ T120] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 150.533780][ T120] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 150.553741][ T120] RSP: 0018:ffff888109c439d8 EFLAGS: 00010246
[ 150.560015][ T120] RAX: 709942e939c66a00 RBX: 0000000000000000 RCX: ffff888103ee4180
[ 150.568308][ T120] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 150.576595][ T120] RBP: ffff888109c43af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 150.584853][ T120] R10: ffff88823f2d11e0 R11: ffff8881098436a0 R12: 0000000000000003
[ 150.593081][ T120] R13: 0000000000000001 R14: ffff888103ee4cd8 R15: 0000000000000000
[ 150.601190][ T120] FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
[ 150.610403][ T120] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 150.617224][ T120] CR2: 00007f9d33262960 CR3: 000000012ea29000 CR4: 00000000003506f0
[ 150.625461][ T120] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 150.633646][ T120] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 150.641910][ T120] Call Trace:
[ 150.645313][ T120]
[ 150.648354][ T120] ? preempt_count_sub+0x7d/0x280
[ 150.654975][ T120] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3511] exit_group(0) = ?
[pid 3511] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3511, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3512
./strace-static-x86_64: Process 3512 attached
[ 150.660863][ T120] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 150.666858][ T120] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 150.673003][ T120] request_firmware_work_func+0x12c/0x240
[ 150.678060][ T3492] usb 1-1: USB disconnect, device number 18
[ 150.678885][ T120] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 150.691013][ T120] ? request_firmware_nowait+0x6e0/0x6e0
[ 150.696995][ T120] process_one_work+0xb27/0x13e0
[ 150.702265][ T120] worker_thread+0x1076/0x1d60
[ 150.707272][ T120] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[pid 3512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3512] setpgid(0, 0) = 0
[pid 3512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3512] write(3, "1000", 4) = 4
[pid 3512] close(3) = 0
[pid 3512] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3512] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 150.713490][ T120] ? __kthread_parkme+0x110/0x1b0
[ 150.718750][ T120] kthread+0x31b/0x430
[ 150.723118][ T120] ? worker_clr_flags+0x2b0/0x2b0
[ 150.728383][ T120] ? kthread_blkcg+0x120/0x120
[ 150.733486][ T120] ret_from_fork+0x1f/0x30
[ 150.738142][ T120]
[ 150.741285][ T120] ---[ end trace 0000000000000000 ]---
[ 150.748230][ T120] usb 1-1: ath9k_htc: Unable to allocate URBs
[ 150.766483][ T3492] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 151.151886][ T3492] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[ 151.552078][ T3492] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[ 151.742201][ T3492] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 151.752205][ T3492] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 151.760402][ T3492] usb 1-1: Product: syz
[ 151.764853][ T3492] usb 1-1: Manufacturer: syz
[ 151.769626][ T3492] usb 1-1: SerialNumber: syz
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 151.824886][ T3492] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3512] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3512] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 152.542209][ T20] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 152.552861][ T20] ------------[ cut here ]------------
[ 152.558463][ T20] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 152.565965][ T20] WARNING: CPU: 1 PID: 20 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 152.575735][ T20] Modules linked in:
[ 152.579729][ T20] CPU: 1 PID: 20 Comm: kworker/1:0 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 152.591404][ T20] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 152.601675][ T20] Workqueue: events request_firmware_work_func
[ 152.608141][ T20] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 152.614115][ T20] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 152.634023][ T20] RSP: 0018:ffff8881026779d8 EFLAGS: 00010246
[ 152.640302][ T20] RAX: 3b5a7f5cac5f6b00 RBX: 0000000000000000 RCX: ffff88810265c180
[ 152.648525][ T20] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 152.656699][ T20] RBP: ffff888102677af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 152.664890][ T20] R10: ffff88823f2d11e0 R11: ffff8881022776a0 R12: 0000000000000003
[ 152.673051][ T20] R13: 0000000000000001 R14: ffff88810265ccd8 R15: 0000000000000000
[ 152.681129][ T20] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[ 152.690264][ T20] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 152.697042][ T20] CR2: 00007ffec56c9c10 CR3: 000000012ea56000 CR4: 00000000003506e0
[ 152.705220][ T20] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 152.713371][ T20] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 152.721469][ T20] Call Trace:
[ 152.724939][ T20]
[ 152.727988][ T20] ? preempt_count_sub+0x7d/0x280
[ 152.733281][ T20] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[pid 3512] exit_group(0) = ?
[ 152.739122][ T20] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 152.744985][ T20] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 152.751057][ T20] request_firmware_work_func+0x12c/0x240
[ 152.757132][ T20] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 152.763301][ T20] ? request_firmware_nowait+0x6e0/0x6e0
[ 152.769337][ T20] process_one_work+0xb27/0x13e0
[ 152.773032][ T120] usb 1-1: USB disconnect, device number 19
[ 152.774595][ T20] worker_thread+0x1076/0x1d60
[ 152.785413][ T20] kthread+0x31b/0x430
[pid 3512] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3512, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3515
./strace-static-x86_64: Process 3515 attached
[pid 3515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3515] setpgid(0, 0) = 0
[pid 3515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3515] write(3, "1000", 4) = 4
[pid 3515] close(3) = 0
[pid 3515] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3515] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 152.789677][ T20] ? worker_clr_flags+0x2b0/0x2b0
[ 152.795001][ T20] ? kthread_blkcg+0x120/0x120
[ 152.799979][ T20] ret_from_fork+0x1f/0x30
[ 152.804723][ T20]
[ 152.807871][ T20] ---[ end trace 0000000000000000 ]---
[ 152.814801][ T20] usb 1-1: ath9k_htc: Unable to allocate URBs
[ 152.829895][ T120] usb 1-1: ath9k_htc: USB layer deinitialized
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[ 153.221919][ T120] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 18
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 9
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 72
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 4
[ 153.582125][ T120] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdfddfaba0) = 8
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a646c) = 9
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a647c) = 10
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a648c) = 12
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a649c) = 11
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64ac) = 13
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9d332a64bc) = 14
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 153.752293][ T120] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 153.761545][ T120] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 153.769830][ T120] usb 1-1: Product: syz
[ 153.774294][ T120] usb 1-1: Manufacturer: syz
[ 153.779035][ T120] usb 1-1: SerialNumber: syz
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 153.824104][ T120] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 4096
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 1856
[pid 3515] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[pid 3515] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdfddfaba0) = 0
[ 154.412215][ T6] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 154.422223][ T6] ------------[ cut here ]------------
[ 154.427933][ T6] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 154.435606][ T6] WARNING: CPU: 0 PID: 6 at drivers/usb/core/urb.c:505 usb_submit_urb+0x19a2/0x2760
[ 154.445457][ T6] Modules linked in:
[ 154.449640][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 154.461390][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 154.471988][ T6] Workqueue: events request_firmware_work_func
[ 154.478541][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 154.484738][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 154.504748][ T6] =====================================================
[ 154.511956][ T6] BUG: KMSAN: uninit-value in show_iret_regs+0x207/0x230
[ 154.519128][ T6] show_iret_regs+0x207/0x230
[ 154.524071][ T6] __show_regs+0x31/0xc90
[ 154.528536][ T6] show_regs+0x6e/0xd0
[ 154.532809][ T6] __warn+0x242/0x580
[ 154.536918][ T6] report_bug+0x7ff/0xa10
[ 154.541325][ T6] handle_bug+0x41/0x70
[ 154.545837][ T6] exc_invalid_op+0x1b/0x50
[ 154.550461][ T6] asm_exc_invalid_op+0x1b/0x20
[ 154.555553][ T6] usb_submit_urb+0x19a2/0x2760
[ 154.560534][ T6] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[ 154.566459][ T6] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 154.572271][ T6] request_firmware_work_func+0x12c/0x240
[ 154.578089][ T6] process_one_work+0xb27/0x13e0
[ 154.583247][ T6] worker_thread+0x1076/0x1d60
[ 154.588143][ T6] kthread+0x31b/0x430
[ 154.592444][ T6] ret_from_fork+0x1f/0x30
[ 154.596994][ T6]
[ 154.599376][ T6] Local variable rf created at:
[ 154.604453][ T6] __schedule+0x44/0x21d0
[ 154.608891][ T6] schedule+0x136/0x200
[pid 3515] exit_group(0) = ?
[pid 3515] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3515, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
[ 154.613191][ T6]
[ 154.615580][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 154.627168][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 154.637426][ T6] Workqueue: events request_firmware_work_func
[ 154.642363][ T20] usb 1-1: USB disconnect, device number 20
[ 154.643870][ T6] =====================================================
[ 154.656757][ T6] Disabling lock debugging due to kernel taint
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe35d0) = 3517
./strace-static-x86_64: Process 3517 attached
[pid 3517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3517] setpgid(0, 0) = 0
[pid 3517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3517] write(3, "1000", 4) = 4
[pid 3517] close(3) = 0
[pid 3517] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3517] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdfddfbbb0) = 0
[ 154.663118][ T6] Kernel panic - not syncing: kmsan.panic set ...
[ 154.669617][ T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G B W 6.0.0-rc5-syzkaller-48543-g968c2729e576 #0
[ 154.681040][ T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 154.691207][ T6] Workqueue: events request_firmware_work_func
[ 154.697534][ T6] Call Trace:
[ 154.700981][ T6]
[ 154.703988][ T6] dump_stack_lvl+0x1c8/0x256
[ 154.708846][ T6] dump_stack+0x1a/0x1c
[pid 3517] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3517] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdfddfbbb0) = 0
[ 154.713158][ T6] panic+0x4d3/0xc69
[ 154.717212][ T6] ? add_taint+0x104/0x1a0
[ 154.721798][ T6] kmsan_report+0x2cc/0x2d0
[ 154.726466][ T6] ? __msan_warning+0x92/0x110
[ 154.731374][ T6] ? show_iret_regs+0x207/0x230
[ 154.736361][ T6] ? __show_regs+0x31/0xc90
[ 154.741013][ T6] ? show_regs+0x6e/0xd0
[ 154.745385][ T6] ? __warn+0x242/0x580
[ 154.749688][ T6] ? report_bug+0x7ff/0xa10
[ 154.754319][ T6] ? handle_bug+0x41/0x70
[ 154.758772][ T6] ? exc_invalid_op+0x1b/0x50
[ 154.763577][ T6] ? asm_exc_invalid_op+0x1b/0x20
[ 154.768761][ T6] ? usb_submit_urb+0x19a2/0x2760
[ 154.773929][ T6] ? ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[ 154.779875][ T6] ? ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 154.785816][ T6] ? request_firmware_work_func+0x12c/0x240
[ 154.791852][ T6] ? process_one_work+0xb27/0x13e0
[ 154.797157][ T6] ? worker_thread+0x1076/0x1d60
[ 154.802248][ T6] ? kthread+0x31b/0x430
[ 154.806615][ T6] ? ret_from_fork+0x1f/0x30
[ 154.811327][ T6] ? _printk+0x160/0x19f
[ 154.815699][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 154.821762][ T6] ? usb_submit_urb+0x1978/0x2760
[ 154.826928][ T6] ? show_opcodes+0x238/0x2e0
[ 154.831755][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 154.837679][ T6] __msan_warning+0x92/0x110
[ 154.842371][ T6] show_iret_regs+0x207/0x230
[ 154.847179][ T6] __show_regs+0x31/0xc90
[ 154.851635][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 154.857612][ T6] show_regs+0x6e/0xd0
[ 154.861786][ T6] __warn+0x242/0x580
[ 154.865859][ T6] ? usb_submit_urb+0x19a2/0x2760
[ 154.870963][ T6] report_bug+0x7ff/0xa10
[ 154.875366][ T6] ? usb_submit_urb+0x19a2/0x2760
[ 154.880495][ T6] handle_bug+0x41/0x70
[ 154.884725][ T6] exc_invalid_op+0x1b/0x50
[ 154.889320][ T6] asm_exc_invalid_op+0x1b/0x20
[ 154.894311][ T6] RIP: 0010:usb_submit_urb+0x19a2/0x2760
[ 154.900026][ T6] Code: ff 44 8b 28 85 db 4c 8b a5 00 ff ff ff 0f 85 cd 02 00 00 48 c7 c7 08 bf dc 8e 48 8b 75 b8 48 8b 55 88 45 89 e8 e8 7e 30 4d f9 <0f> 0b 44 8a ad 08 ff ff ff 48 8b 9d f0 fe ff ff 89 d8 44 89 e7 48
[ 154.919738][ T6] RSP: 0018:ffff8881026179d8 EFLAGS: 00010246
[ 154.925933][ T6] RAX: c0be2eacba329f00 RBX: 0000000000000000 RCX: ffff888102604180
[ 154.933982][ T6] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 154.942023][ T6] RBP: ffff888102617af8 R08: ffffffff817e4fc4 R09: ffff88823e9bc1e0
[ 154.950111][ T6] R10: ffff88823f2d11e0 R11: ffff8881022176a0 R12: 0000000000000003
[ 154.958178][ T6] R13: 0000000000000001 R14: ffff888102604cd8 R15: 0000000000000000
[ 154.966214][ T6] ? vprintk_emit+0x4c4/0x8d0
[ 154.971003][ T6] ? usb_submit_urb+0x19a2/0x2760
[ 154.976163][ T6] ? preempt_count_sub+0x7d/0x280
[ 154.981345][ T6] ath9k_hif_usb_alloc_urbs+0xbfb/0x1700
[ 154.987084][ T6] ath9k_hif_usb_firmware_cb+0x17f/0x7f0
[ 154.992856][ T6] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 154.998833][ T6] request_firmware_work_func+0x12c/0x240
[ 155.004707][ T6] ? ath9k_hif_request_firmware+0x6e0/0x6e0
[ 155.010732][ T6] ? request_firmware_nowait+0x6e0/0x6e0
[ 155.016451][ T6] process_one_work+0xb27/0x13e0
[ 155.021526][ T6] worker_thread+0x1076/0x1d60
[ 155.026448][ T6] kthread+0x31b/0x430
[ 155.030606][ T6] ? worker_clr_flags+0x2b0/0x2b0
[ 155.035770][ T6] ? kthread_blkcg+0x120/0x120
[ 155.040632][ T6] ret_from_fork+0x1f/0x30
[ 155.045178][ T6]
[ 155.048524][ T6] Kernel Offset: disabled
[ 155.052897][ T6] Rebooting in 86400 seconds..