./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor977213377 <...> Warning: Permanently added '10.128.0.138' (ED25519) to the list of known hosts. execve("./syz-executor977213377", ["./syz-executor977213377"], 0x7ffce2e8e480 /* 10 vars */) = 0 brk(NULL) = 0x555556b1e000 brk(0x555556b1ed00) = 0x555556b1ed00 arch_prctl(ARCH_SET_FS, 0x555556b1e380) = 0 set_tid_address(0x555556b1e650) = 5052 set_robust_list(0x555556b1e660, 24) = 0 rseq(0x555556b1eca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor977213377", 4096) = 27 getrandom("\x2a\x3c\xd5\xa4\x1a\x08\xca\x54", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556b1ed00 brk(0x555556b3fd00) = 0x555556b3fd00 brk(0x555556b40000) = 0x555556b40000 mprotect(0x7f9ac6e1b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd2837ba20) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd2837aa10) = 18 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 [ 51.472274][ T8] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd2837aa10) = 18 [ 51.712294][ T8] usb 1-1: Using ep0 maxpacket: 32 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd2837aa10) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd2837aa10) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd2837aa10) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd2837aa10) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 [ 51.872423][ T8] usb 1-1: unable to get BOS descriptor or descriptor too short ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd2837aa10) = 553 [ 51.952474][ T8] usb 1-1: config 1 has an invalid interface number: 170 but max is 1 [ 51.960686][ T8] usb 1-1: config 1 has an invalid interface number: 234 but max is 1 [ 51.969127][ T8] usb 1-1: config 1 has no interface number 0 [ 51.975270][ T8] usb 1-1: config 1 has no interface number 1 [ 51.981462][ T8] usb 1-1: config 1 interface 170 altsetting 5 endpoint 0x2 has an invalid bInterval 129, changing to 7 [ 51.992596][ T8] usb 1-1: config 1 interface 170 altsetting 5 has a duplicate endpoint with address 0x4, skipping [ 52.003410][ T8] usb 1-1: config 1 interface 170 altsetting 5 endpoint 0x82 has an invalid bInterval 33, changing to 9 [ 52.014568][ T8] usb 1-1: config 1 interface 170 altsetting 5 has a duplicate endpoint with address 0x4, skipping [ 52.025286][ T8] usb 1-1: config 1 interface 170 altsetting 5 has 6 endpoint descriptors, different from the interface descriptor's value: 5 [ 52.038347][ T8] usb 1-1: config 1 interface 234 altsetting 1 endpoint 0x8 has invalid maxpacket 1024, setting to 64 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd2837aa10) = 0 [ 52.049314][ T8] usb 1-1: config 1 interface 234 altsetting 1 has an invalid endpoint with address 0x80, skipping [ 52.060004][ T8] usb 1-1: config 1 interface 234 altsetting 1 has a duplicate endpoint with address 0xC, skipping [ 52.070693][ T8] usb 1-1: config 1 interface 170 has no altsetting 0 [ 52.077475][ T8] usb 1-1: config 1 interface 234 has no altsetting 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd2837aa10) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd2837aa10) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd2837aa10) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd2837aa10) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd2837aa10) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd2837ba20) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x40) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9ac6e213cc) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9ac6e213dc) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9ac6e213ec) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9ac6e213fc) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9ac6e2140c) = 10 ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd2837aa10) = 0 [ 52.322380][ T8] usb 1-1: string descriptor 0 read error: -22 [ 52.328738][ T8] usb 1-1: New USB device found, idVendor=080e, idProduct=4eb9, bcdDevice=d7.f6 [ 52.337792][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 52.388037][ T8] ------------[ cut here ]------------ [ 52.393601][ T8] UBSAN: array-index-out-of-bounds in drivers/hid/usbhid/hid-core.c:1024:18 [ 52.402292][ T8] index 1 is out of range for type 'hid_class_descriptor [1]' [ 52.409760][ T8] CPU: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.7.0-syzkaller-06264-g70d201a40823 #0 [ 52.419212][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 52.429252][ T8] Workqueue: usb_hub_wq hub_event [ 52.434290][ T8] Call Trace: [ 52.437555][ T8] [ 52.440469][ T8] dump_stack_lvl+0x125/0x1b0 [ 52.445135][ T8] __ubsan_handle_out_of_bounds+0x111/0x150 [ 52.451019][ T8] usbhid_parse+0x94a/0xa20 [ 52.455512][ T8] ? usbhid_start+0x2340/0x2340 [ 52.460352][ T8] hid_add_device+0x189/0xa60 [ 52.465024][ T8] ? lockdep_init_map_type+0x16d/0x7d0 [ 52.470473][ T8] ? modalias_show+0x150/0x150 [ 52.475237][ T8] ? lockdep_init_map_type+0x16d/0x7d0 [ 52.480682][ T8] ? __raw_spin_lock_init+0x3a/0x110 [ 52.485955][ T8] usbhid_probe+0xd0a/0x1360 [ 52.490716][ T8] usb_probe_interface+0x307/0x930 [ 52.495826][ T8] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 52.501190][ T8] really_probe+0x234/0xc90 [ 52.505687][ T8] __driver_probe_device+0x1de/0x4b0 [ 52.510964][ T8] driver_probe_device+0x4c/0x1a0 [ 52.515980][ T8] __device_attach_driver+0x1d4/0x300 [ 52.521340][ T8] ? driver_probe_device+0x1a0/0x1a0 [ 52.526617][ T8] bus_for_each_drv+0x157/0x1d0 [ 52.531467][ T8] ? bus_for_each_dev+0x1d0/0x1d0 [ 52.536485][ T8] ? rcu_is_watching+0x12/0xb0 [ 52.541247][ T8] ? trace_irq_enable.constprop.0+0xd0/0x100 [ 52.547226][ T8] ? _raw_spin_unlock_irqrestore+0x3b/0x70 [ 52.553025][ T8] __device_attach+0x1e8/0x4b0 [ 52.557790][ T8] ? device_driver_attach+0x200/0x200 [ 52.563161][ T8] ? do_raw_spin_unlock+0x173/0x230 [ 52.568361][ T8] bus_probe_device+0x17c/0x1c0 [ 52.573203][ T8] device_add+0x117e/0x1aa0 [ 52.577746][ T8] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 52.584679][ T8] ? kfree+0x124/0x360 [ 52.588758][ T8] usb_set_configuration+0x10cb/0x1c40 [ 52.594401][ T8] usb_generic_driver_probe+0xca/0x130 [ 52.599858][ T8] usb_probe_device+0xda/0x2c0 [ 52.604624][ T8] ? usb_driver_release_interface+0x190/0x190 [ 52.610689][ T8] really_probe+0x234/0xc90 [ 52.615188][ T8] __driver_probe_device+0x1de/0x4b0 [ 52.620467][ T8] ? usb_driver_applicable+0x1c4/0x220 [ 52.625933][ T8] driver_probe_device+0x4c/0x1a0 [ 52.630957][ T8] __device_attach_driver+0x1d4/0x300 [ 52.636323][ T8] ? driver_probe_device+0x1a0/0x1a0 [ 52.641603][ T8] bus_for_each_drv+0x157/0x1d0 [ 52.646450][ T8] ? bus_for_each_dev+0x1d0/0x1d0 [ 52.651462][ T8] ? rcu_is_watching+0x12/0xb0 [ 52.656220][ T8] ? trace_irq_enable.constprop.0+0xd0/0x100 [ 52.662202][ T8] ? _raw_spin_unlock_irqrestore+0x3b/0x70 [ 52.668013][ T8] __device_attach+0x1e8/0x4b0 [ 52.672779][ T8] ? device_driver_attach+0x200/0x200 [ 52.678143][ T8] ? do_raw_spin_unlock+0x173/0x230 [ 52.683334][ T8] bus_probe_device+0x17c/0x1c0 [ 52.688180][ T8] device_add+0x117e/0x1aa0 [ 52.692692][ T8] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270 [ 52.699543][ T8] ? usb_detect_static_quirks+0x335/0x3e0 [ 52.705254][ T8] ? kfree+0x124/0x360 [ 52.709316][ T8] usb_new_device+0xd80/0x19f0 [ 52.714084][ T8] ? do_raw_spin_lock+0x12e/0x2b0 [ 52.719100][ T8] ? hub_disconnect+0x520/0x520 [ 52.723947][ T8] ? spin_bug+0x1d0/0x1d0 [ 52.728266][ T8] ? rcu_is_watching+0x12/0xb0 [ 52.733023][ T8] hub_event+0x2dac/0x4e10 [ 52.737446][ T8] ? hub_port_debounce+0x3d0/0x3d0 [ 52.742650][ T8] ? lock_acquire+0x464/0x520 [ 52.747320][ T8] ? check_irq_usage+0xa11/0x1490 [ 52.752345][ T8] ? lock_sync+0x190/0x190 [ 52.756749][ T8] ? reacquire_held_locks+0x4c0/0x4c0 [ 52.762118][ T8] ? spin_bug+0x1d0/0x1d0 [ 52.766444][ T8] process_one_work+0x886/0x15d0 [ 52.771413][ T8] ? hcd_died_work+0x60/0x60 [ 52.775991][ T8] ? workqueue_congested+0x300/0x300 [ 52.781271][ T8] ? assign_work+0x1a0/0x250 [ 52.785851][ T8] worker_thread+0x8b9/0x1290 [ 52.790525][ T8] ? process_one_work+0x15d0/0x15d0 [ 52.795715][ T8] kthread+0x2c6/0x3a0 [ 52.799778][ T8] ? kthread_complete_and_exit+0x40/0x40 [ 52.805399][ T8] ? kthread_complete_and_exit+0x40/0x40 [ 52.811023][ T8] ret_from_fork+0x45/0x80 [ 52.815432][ T8] ? kthread_complete_and_exit+0x40/0x40 [ 52.821057][ T8] ret_from_fork_asm+0x11/0x20 [ 52.825821][ T8] [ 52.833749][ T8] ---[ end trace ]--- exit_group(0) = ? +++ exited with 0 +++ [ 52.837769][ T8] Ker