./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4079580205

<...>
Warning: Permanently added '10.128.1.11' (ECDSA) to the list of known hosts.
execve("./syz-executor4079580205", ["./syz-executor4079580205"], 0x7fff0416a530 /* 10 vars */) = 0
brk(NULL)                               = 0x555556ca0000
brk(0x555556ca0c40)                     = 0x555556ca0c40
arch_prctl(ARCH_SET_FS, 0x555556ca0300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor4079580205", 4096) = 28
brk(0x555556cc1c40)                     = 0x555556cc1c40
brk(0x555556cc2000)                     = 0x555556cc2000
mprotect(0x7fcbfd8ae000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffed9db45a0) = 0
ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed9db3590) = 18
syzkaller login: [   38.018949][ T3341] usb 1-1: new high-speed USB device number 2 using dummy_hcd
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed9db3590) = 18
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed9db3590) = 9
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed9db3590) = 72
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed9db3590) = 4
[   38.379409][ T3341] usb 1-1: config 1 interface 0 altsetting 0 has a duplicate endpoint with address 0x4, skipping
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed9db3590) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed9db3590) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed9db3590) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0)    = 0
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fcbfd8b43ac) = 11
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fcbfd8b43bc) = 10
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fcbfd8b43cc) = 12
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fcbfd8b43dc) = 13
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fcbfd8b43ec) = 14
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fcbfd8b43fc) = 16
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 0
[   38.549015][ T3341] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   38.558331][ T3341] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   38.566391][ T3341] usb 1-1: Product: syz
[   38.570595][ T3341] usb 1-1: Manufacturer: syz
[   38.575177][ T3341] usb 1-1: SerialNumber: syz
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 4096
[   38.621369][ T3341] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 1856
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed9db45a0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed9db3590) = 0
[   39.198999][ T3341] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
ioctl(3, USB_RAW_IOCTL_EP_WRITE, 0x7ffed9db45e0) = 16
[   39.419473][ T3341] ------------[ cut here ]------------
[   39.424957][ T3341] usb 1-1: BOGUS urb xfer, pipe 1 != type 3
[   39.431330][ T3341] WARNING: CPU: 0 PID: 3341 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0
[   39.441033][ T3341] Modules linked in:
[   39.444916][ T3341] CPU: 0 PID: 3341 Comm: kworker/0:4 Not tainted 5.19.0-rc4-syzkaller-00187-g089866061428 #0
[   39.455117][ T3341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   39.465288][ T3341] Workqueue: events request_firmware_work_func
[   39.471505][ T3341] RIP: 0010:usb_submit_urb+0xed2/0x18a0
[   39.477066][ T3341] Code: 7c 24 18 e8 50 c1 ee fb 48 8b 7c 24 18 e8 a6 da 03 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 20 f1 6e 8a e8 6d b9 a6 03 <0f> 0b e9 58 f8 ff ff e8 22 c1 ee fb 48 81 c5 c0 05 00 00 e9 84 f7
[   39.496797][ T3341] RSP: 0018:ffffc9000312f808 EFLAGS: 00010286
[   39.502939][ T3341] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[   39.511003][ T3341] RDX: ffff88801ddf8000 RSI: ffffffff8160cfb8 RDI: fffff52000625ef3
[   39.519040][ T3341] RBP: ffff8880790a1c00 R08: 0000000000000005 R09: 0000000000000000
[   39.527031][ T3341] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000001
[   39.535102][ T3341] R13: ffff888017334488 R14: 0000000000000002 R15: ffff888016a7d200
[   39.543130][ T3341] FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   39.552174][ T3341] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   39.558980][ T3341] CR2: 0000557074a23290 CR3: 000000007ae31000 CR4: 0000000000350ef0
[   39.566966][ T3341] Call Trace:
exit_group(0)                           = ?
[   39.570342][ T3341]  <TASK>
[   39.573273][ T3341]  ? _raw_spin_unlock+0x32/0x40
[   39.578119][ T3341]  hif_usb_send+0x4c1/0xcf0
[   39.582688][ T3341]  ? htc_issue_send.constprop.0+0x105/0x250
[   39.588689][ T3341]  htc_connect_service+0x612/0x8c0
[   39.593902][ T3341]  ath9k_wmi_connect+0xc9/0x190
[   39.598808][ T3341]  ? ath9k_fatal_work+0x20/0x20
[   39.603709][ T3341]  ? ath9k_hif_usb_exit+0x20/0x20
[   39.609049][ T3341]  ? ath9k_wmi_event_tasklet+0x450/0x450
[   39.611231][   T27] usb 1-1: USB disconnect, device number 2
+++ exited with 0 +++
[