./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2234470572

<...>
DUID 00:04:d9:3a:76:1c:b4:63:be:bc:0b:c2:08:9c:83:36:98:31
forked to background, child pid 3212
[   30.762737][ T3213] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.776718][ T3213] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.231' (ECDSA) to the list of known hosts.
execve("./syz-executor2234470572", ["./syz-executor2234470572"], 0x7ffe7f37a730 /* 10 vars */) = 0
brk(NULL)                               = 0x555557374000
brk(0x555557374c40)                     = 0x555557374c40
arch_prctl(ARCH_SET_FS, 0x555557374300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2234470572", 4096) = 28
brk(0x555557395c40)                     = 0x555557395c40
brk(0x555557396000)                     = 0x555557396000
mprotect(0x7f2f0aff4000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573745d0) = 3634
./strace-static-x86_64: Process 3634 attached
[pid  3634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3634] setpgid(0, 0)               = 0
[pid  3634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3634] write(3, "1000", 4)         = 4
[pid  3634] close(3)                    = 0
[pid  3634] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  3634] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fffe7b84920) = 0
[pid  3634] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  3634] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe7b84920) = 0
[pid  3634] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe7b84920) = 0
[pid  3634] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffe7b83910) = 18
syzkaller login: [   49.541875][  T156] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid  3634] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe7b84920) = 0
[pid  3634] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffe7b83910) = 18
[pid  3634] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe7b84920) = 0
[pid  3634] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffe7b83910) = 9
[pid  3634] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe7b84920) = 0
[pid  3634] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffe7b83910) = 224
[   49.911950][  T156] usb 1-1: config 0 has an invalid interface number: 72 but max is 0
[   49.921005][  T156] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[   49.930093][  T156] usb 1-1: config 0 has an invalid interface association descriptor of length 2, skipping
[   49.940723][  T156] usb 1-1: config 0 has an invalid interface association descriptor of length 2, skipping
[   49.950759][  T156] usb 1-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[   49.959570][  T156] usb 1-1: config 0 has no interface number 0
[   49.966368][  T156] usb 1-1: config 0 interface 72 altsetting 0 has an invalid endpoint with address 0x80, skipping
[   49.977009][  T156] usb 1-1: config 0 interface 72 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 64
[   49.988023][  T156] usb 1-1: config 0 interface 72 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[   49.999017][  T156] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[   50.010347][  T156] usb 1-1: config 0 interface 72 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 8
[   50.020458][  T156] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0x4, skipping
[   50.031265][  T156] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[   50.042202][  T156] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[   50.052884][  T156] usb 1-1: config 0 interface 72 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[pid  3634] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe7b84920) = 0
[pid  3634] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid  3634] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  3634] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2f0affa46c) = -1 EINVAL (Invalid argument)
[   50.063029][  T156] usb 1-1: config 0 interface 72 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[   50.074129][  T156] usb 1-1: config 0 interface 72 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[   50.085169][  T156] usb 1-1: New USB device found, idVendor=0846, idProduct=9010, bcdDevice=a0.e4
[   50.094320][  T156] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   50.107138][  T156] usb 1-1: config 0 descriptor??
[pid  3634] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fffe7b83910) = 0
[pid  3634] exit_group(0)               = ?
[pid  3634] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3634, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3640 attached
, child_tidptr=0x5555573745d0) = 3640
[pid  3640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3640] setpgid(0, 0)               = 0
[pid  3640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3640] write(3, "1000", 4)         = 4
[pid  3640] close(3)                    = 0
[pid  3640] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[   50.311833][  T156] usb 1-1: reset high-speed USB device number 2 using dummy_hcd
[pid  3640] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fffe7b84920) = 0
[pid  3640] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  3640] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe7b84920) = 0
[   50.731820][  T156] usb 1-1: device descriptor read/64, error -71
[pid  3640] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe7b84920) = 0
[pid  3640] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffe7b83910) = 18
[   51.001825][  T156] usb 1-1: reset high-speed USB device number 2 using dummy_hcd
[pid  3640] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe7b84920) = 0
[pid  3640] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffe7b83910) = 18
[pid  3640] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe7b84920) = 0
[pid  3640] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffe7b83910) = 224
[pid  3640] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe7b84920) = 0
[pid  3640] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid  3640] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  3640] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2f0affa46c) = -1 EINVAL (Invalid argument)
[pid  3640] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fffe7b83910) = 0
[   51.468830][  T156] usb 1-1: driver   API: 1.9.9 2016-02-15 [1-1]
[   51.475363][  T156] usb 1-1: firmware API: 1.9.6 2012-07-07
[   51.481343][  T156] ------------[ cut here ]------------
[   51.486888][  T156] usb 1-1: BOGUS urb xfer, pipe 1 != type 3
[   51.493288][  T156] WARNING: CPU: 0 PID: 156 at drivers/usb/core/urb.c:505 usb_submit_urb+0xce2/0x1920
[   51.503243][  T156] Modules linked in:
[   51.507596][  T156] CPU: 0 PID: 156 Comm: kworker/0:2 Not tainted 6.1.0-rc5-syzkaller-00307-gfe24a97cf254 #0
[   51.518340][  T156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   51.529374][  T156] Workqueue: events request_firmware_work_func
[   51.536825][  T156] RIP: 0010:usb_submit_urb+0xce2/0x1920
[   51.542870][  T156] Code: 48 c1 e8 03 8a 04 18 84 c0 0f 85 d4 08 00 00 45 8b 06 48 c7 c7 20 f2 c1 8b 48 8b 74 24 20 4c 89 fa 89 e9 31 c0 e8 3e 11 d7 fa <0f> 0b 4c 8b 74 24 30 44 89 e5 48 89 ef 48 c7 c6 10 56 e2 8d e8 a5
[   51.563984][  T156] RSP: 0018:ffffc90002e2f9f0 EFLAGS: 00010246
[   51.570522][  T156] RAX: 9e6db0d643c20300 RBX: dffffc0000000000 RCX: ffff88801d2d1d40
[   51.578917][  T156] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   51.588232][  T156] RBP: 0000000000000001 R08: ffffffff816fdb6d R09: fffff520005c5ef9
[   51.597076][  T156] R10: fffff520005c5ef9 R11: 1ffff920005c5ef8 R12: 0000000000000002
[   51.605637][  T156] R13: ffff888029ae8100 R14: ffffffff8bc1f008 R15: ffff88801deb11b8
[pid  3640] exit_group(0)               = ?
[pid  3640] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3640, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
[   51.614124][  T156] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   51.623225][  T156] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   51.629875][  T156] CR2: 0000561d5f5ceda8 CR3: 000000007836f000 CR4: 00000000003506f0
[   51.638191][  T156] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   51.646390][  T156] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   51.655757][  T156] Call Trace:
[   51.666729][  T156]  <TASK>
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573745d0) = 3641
./strace-static-x86_64: Process 3641 attached
[pid  3641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3641] setpgid(0, 0)               = 0
[pid  3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3641] write(3, "1000", 4)         = 4
[pid  3641] close(3)                    = 0
[pid  3641] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  3641] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fffe7b84920) = 0
[pid  3641] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  3641] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe7b84920) = 0
[   51.670234][  T156]  ? usb_anchor_urb+0x1ca/0x240
[   51.675834][  T156]  carl9170_usb_init_device+0x24f/0x870
[   51.687923][  T156]  carl9170_usb_firmware_step2+0xa5/0x260
[   51.694755][  T156]  request_firmware_work_func+0x198/0x270
[   51.700677][  T156]  ? carl9170_usb_tasklet+0x280/0x280
[   51.707127][  T156]  ? request_firmware_nowait+0x450/0x450
[   51.713333][  T156]  process_one_work+0x81c/0xd10
[   51.718306][  T156]  ? worker_detach_from_pool+0x260/0x260
[   51.724550][  T156]  ? _raw_spin_lock_irqsave+0x120/0x120
[   51.730711][  T156]  ? kthread_data+0x4d/0xc0
[   51.735700][  T156]  ? wq_worker_running+0x95/0x190
[   51.741009][  T156]  worker_thread+0xb14/0x1330
[   51.746533][  T156]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   51.753140][  T156]  kthread+0x266/0x300
[   51.757446][  T156]  ? rcu_lock_release+0x20/0x20
[   51.762797][  T156]  ? kthread_blkcg+0xd0/0xd0
[   51.767761][  T156]  ret_from_fork+0x1f/0x30
[   51.772824][  T156]  </TASK>
[   51.776004][  T156] Kernel panic - not syncing: panic_on_warn set ...
[   51.783039][  T156] CPU: 0 PID: 156 Comm: kworker/0:2 Not tainted 6.1.0-rc5-syzkaller-00307-gfe24a97cf254 #0
[   51.793439][  T156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   51.803758][  T156] Workqueue: events request_firmware_work_func
[   51.810086][  T156] Call Trace:
[   51.813435][  T156]  <TASK>
[   51.816624][  T156]  dump_stack_lvl+0x1e3/0x2cb
[   51.821562][  T156]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   51.827140][  T156]  ? panic+0x766/0x766
[   51.831924][  T156]  ? vscnprintf+0x59/0x80
[   51.836263][  T156]  ? usb_submit_urb+0xc20/0x1920
[   51.841299][  T156]  panic+0x316/0x766
[   51.845457][  T156]  ? __warn+0x131/0x220
[   51.849962][  T156]  ? memcpy_page_flushcache+0xfc/0xfc
[   51.855528][  T156]  ? ret_from_fork+0x1f/0x30
[   51.860299][  T156]  ? usb_submit_urb+0xce2/0x1920
[   51.865375][  T156]  __warn+0x1fa/0x220
[   51.869499][  T156]  ? usb_submit_urb+0xce2/0x1920
[   51.874709][  T156]  report_bug+0x1b3/0x2d0
[   51.879494][  T156]  handle_bug+0x3d/0x70
[   51.883908][  T156]  exc_invalid_op+0x16/0x40
[   51.888414][  T156]  asm_exc_invalid_op+0x16/0x20
[   51.893259][  T156] RIP: 0010:usb_submit_urb+0xce2/0x1920
[   51.898796][  T156] Code: 48 c1 e8 03 8a 04 18 84 c0 0f 85 d4 08 00 00 45 8b 06 48 c7 c7 20 f2 c1 8b 48 8b 74 24 20 4c 89 fa 89 e9 31 c0 e8 3e 11 d7 fa <0f> 0b 4c 8b 74 24 30 44 89 e5 48 89 ef 48 c7 c6 10 56 e2 8d e8 a5
[   51.918409][  T156] RSP: 0018:ffffc90002e2f9f0 EFLAGS: 00010246
[   51.924473][  T156] RAX: 9e6db0d643c20300 RBX: dffffc0000000000 RCX: ffff88801d2d1d40
[   51.932714][  T156] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   51.940710][  T156] RBP: 0000000000000001 R08: ffffffff816fdb6d R09: fffff520005c5ef9
[   51.948690][  T156] R10: fffff520005c5ef9 R11: 1ffff920005c5ef8 R12: 0000000000000002
[   51.956660][  T156] R13: ffff888029ae8100 R14: ffffffff8bc1f008 R15: ffff88801deb11b8
[   51.965075][  T156]  ? __wake_up_klogd+0xcd/0x100
[   51.970579][  T156]  ? usb_anchor_urb+0x1ca/0x240
[   51.975855][  T156]  carl9170_usb_init_device+0x24f/0x870
[   51.981524][  T156]  carl9170_usb_firmware_step2+0xa5/0x260
[   51.987251][  T156]  request_firmware_work_func+0x198/0x270
[   51.993060][  T156]  ? carl9170_usb_tasklet+0x280/0x280
[   51.998796][  T156]  ? request_firmware_nowait+0x450/0x450
[   52.004524][  T156]  process_one_work+0x81c/0xd10
[   52.009467][  T156]  ? worker_detach_from_pool+0x260/0x260
[   52.015186][  T156]  ? _raw_spin_lock_irqsave+0x120/0x120
[   52.020794][  T156]  ? kthread_data+0x4d/0xc0
[   52.025473][  T156]  ? wq_worker_running+0x95/0x190
[   52.030753][  T156]  worker_thread+0xb14/0x1330
[   52.036057][  T156]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   52.042212][  T156]  kthread+0x266/0x300
[   52.046631][  T156]  ? rcu_lock_release+0x20/0x20
[   52.051646][  T156]  ? kthread_blkcg+0xd0/0xd0
[   52.056249][  T156]  ret_from_fork+0x1f/0x30
[   52.060935][  T156]  </TASK>
[   52.064289][  T156] Kernel Offset: disabled
[   52.068984][  T156] Rebooting in 86400 seconds..