./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1985378953 <...> DUID 00:04:d9:3a:76:1c:b4:63:be:bc:0b:c2:08:9c:83:36:98:31 forked to background, child pid 3209 [ 30.660751][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.671641][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.79' (ECDSA) to the list of known hosts. execve("./syz-executor1985378953", ["./syz-executor1985378953"], 0x7ffd11cfad30 /* 10 vars */) = 0 brk(NULL) = 0x5555565db000 brk(0x5555565dbc40) = 0x5555565dbc40 arch_prctl(ARCH_SET_FS, 0x5555565db300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1985378953", 4096) = 28 brk(0x5555565fcc40) = 0x5555565fcc40 brk(0x5555565fd000) = 0x5555565fd000 mprotect(0x7f9ffb206000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdf8e08640) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf8e08640) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf8e08640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdf8e07630) = 18 syzkaller login: [ 54.278434][ T3295] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf8e08640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdf8e07630) = 18 [ 54.518360][ T3295] usb 1-1: Using ep0 maxpacket: 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf8e08640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdf8e07630) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf8e08640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdf8e07630) = 36 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf8e08640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdf8e07630) = 4 [ 54.638989][ T3295] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [ 54.647544][ T3295] usb 1-1: config 0 has no interface number 0 [ 54.653711][ T3295] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 54.663758][ T3295] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf8e08640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdf8e07630) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf8e08640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdf8e07630) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf8e08640) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdf8e07630) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdf8e08640) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 54.829191][ T3295] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 54.838356][ T3295] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 54.846350][ T3295] usb 1-1: Product: syz [ 54.850866][ T3295] usb 1-1: Manufacturer: syz [ 54.855607][ T3295] usb 1-1: SerialNumber: syz [ 54.863581][ T3295] usb 1-1: config 0 descriptor?? ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9ffb20c3ac) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9ffb20c3bc) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdf8e07630) = 0 [ 54.890936][ T3631] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 54.898876][ T3631] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 54.912731][ T3295] ------------[ cut here ]------------ [ 54.918459][ T3295] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 54.924661][ T3295] WARNING: CPU: 0 PID: 3295 at drivers/usb/core/urb.c:505 usb_submit_urb+0xce2/0x1920 [ 54.934360][ T3295] Modules linked in: [ 54.938359][ T3295] CPU: 0 PID: 3295 Comm: kworker/0:3 Not tainted 6.1.0-rc5-syzkaller-00144-g84368d882b96 #0 [ 54.948511][ T3295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.958691][ T3295] Workqueue: usb_hub_wq hub_event [ 54.963722][ T3295] RIP: 0010:usb_submit_urb+0xce2/0x1920 [ 54.969387][ T3295] Code: 48 c1 e8 03 8a 04 18 84 c0 0f 85 d4 08 00 00 45 8b 06 48 c7 c7 e0 f1 c1 8b 48 8b 74 24 20 4c 89 fa 89 e9 31 c0 e8 6e 10 d7 fa <0f> 0b 4c 8b 74 24 30 44 89 e5 48 89 ef 48 c7 c6 30 56 e2 8d e8 d5 [ 54.989145][ T3295] RSP: 0018:ffffc900036ce830 EFLAGS: 00010246 [ 54.995331][ T3295] RAX: 1aed2cacde807400 RBX: dffffc0000000000 RCX: ffff888021560000 [ 55.003407][ T3295] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 55.011514][ T3295] RBP: 0000000000000001 R08: ffffffff816fdb6d R09: ffffed1017304f1b [ 55.019564][ T3295] R10: ffffed1017304f1b R11: 1ffff11017304f1a R12: 0000000000000002 [ 55.027565][ T3295] R13: ffff888017c13200 R14: ffffffff8bc1efc8 R15: ffff888018813c80 [ 55.035662][ T3295] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 55.044666][ T3295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.051399][ T3295] CR2: 00007ffdcd83b5c8 CR3: 000000007ac97000 CR4: 00000000003506f0 [ 55.059482][ T3295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.067467][ T3295] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.075519][ T3295] Call Trace: [ 55.078843][ T3295] [ 55.081794][ T3295] ? __init_swait_queue_head+0xa6/0x140 exit_group(0) = ? +++ exited with 0 +++ [ 55.087380][ T3295] usb_start_wait_urb+0x10e/0x51