./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3928166862

<...>

no interfaces have a carrier
[   25.007227][ T3188] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: [   25.344645][ T3280] sshd (3280) used greatest stack depth: 20352 bytes left
OK

syzkaller
Warning: Permanently added '10.128.0.223' (ECDSA) to the list of known hosts.
execve("./syz-executor3928166862", ["./syz-executor3928166862"], 0x7ffc27c89f80 /* 10 vars */) = 0
brk(NULL)                               = 0x555555788000
brk(0x555555788c40)                     = 0x555555788c40
arch_prctl(ARCH_SET_FS, 0x555555788300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3928166862", 4096) = 28
brk(0x5555557a9c40)                     = 0x5555557a9c40
brk(0x5555557aa000)                     = 0x5555557aa000
mprotect(0x7f500881e000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd9ca82010) = 0
ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd9ca81000) = 18
syzkaller login: [   48.111015][ T3273] usb 1-1: new high-speed USB device number 2 using dummy_hcd
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd9ca81000) = 18
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd9ca81000) = 9
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd9ca81000) = 72
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd9ca81000) = 4
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
[   48.471891][ T3273] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd9ca81000) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd9ca81000) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd9ca81000) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0)    = 0
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f50088243ac) = 9
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f50088243bc) = 10
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f50088243cc) = 12
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f50088243dc) = 11
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f50088243ec) = 13
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f50088243fc) = 14
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
[   48.631530][ T3273] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   48.631554][ T3273] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   48.631569][ T3273] usb 1-1: Product: syz
[   48.631578][ T3273] usb 1-1: Manufacturer: syz
[   48.631587][ T3273] usb 1-1: SerialNumber: syz
[   48.673423][ T3273] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 4096
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 1856
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd9ca82010) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd9ca81000) = 0
[   49.251310][ T3273] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   49.251647][ T3273] ------------[ cut here ]------------
[   49.251653][ T3273] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[   49.251848][ T3273] WARNING: CPU: 1 PID: 3273 at drivers/usb/core/urb.c:503 usb_submit_urb+0xce2/0x1920
[   49.281982][ T3273] Modules linked in:
[   49.285879][ T3273] CPU: 1 PID: 3273 Comm: kworker/1:2 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0
[   49.296126][ T3273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.306304][ T3273] Workqueue: events request_firmware_work_func
[   49.312584][ T3273] RIP: 0010:usb_submit_urb+0xce2/0x1920
[   49.318179][ T3273] Code: 48 c1 e8 03 8a 04 18 84 c0 0f 85 d4 08 00 00 45 8b 06 48 c7 c7 60 a6 32 8b 48 8b 74 24 20 4c 89 fa 89 e9 31 c0 e8 ee e7 42 fb <0f> 0b 4c 8b 74 24 30 44 89 e5 48 89 ef 48 c7 c6 f0 dd 55 8d e8 25
[   49.337942][ T3273] RSP: 0018:ffffc90002fff9d8 EFLAGS: 00010246
[   49.344207][ T3273] RAX: 03b025edf3fdbd00 RBX: dffffc0000000000 RCX: ffff8880207b9d80
[   49.352254][ T3273] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   49.360237][ T3273] RBP: 0000000000000003 R08: ffffffff816bd62d R09: ffffed1017364f14
[   49.368304][ T3273] R10: ffffed1017364f14 R11: 1ffff11017364f13 R12: 0000000000000003
[   49.376417][ T3273] R13: ffff888016cabf00 R14: ffffffff8b32a44c R15: ffff8880177bd348
[   49.384464][ T3273] FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[   49.393512][ T3273] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   49.400111][ T3273] CR2: 000055b69dc70fd8 CR3: 0000000072eb9000 CR4: 00000000003506e0
[   49.408141][ T3273] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   49.408141][ T3273] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   49.408168][ T3273] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   49.408184][ T3273] Call Trace:
[   49.408192][ T3273]  <TASK>
[   49.408211][ T3273]  ? usb_anchor_urb+0x1ca/0x240
[   49.408242][ T3273]  ath9k_hif_usb_alloc_urbs+0x88a/0xe90
[   49.408282][ T3273]  ath9k_hif_usb_firmware_cb+0x12b/0x4d0
[   49.408312][ T3273]  request_firmware_work_func+0x198/0x270
[   49.408335][ T3273]  ? ath9k_hif_request_firmware+0x4e0/0x4e0
[   49.408359][ T3273]  ? request_firmware_nowait+0x450/0x450
[   49.408383][ T3273]  ? _raw_spin_unlock_irq+0x1f/0x40
[   49.408425][ T3273]  process_one_work+0x81c/0xd10
[   49.408466][ T3273]  ? worker_detach_from_pool+0x260/0x260
[   49.408493][ T3273]  ? _raw_spin_lock_irqsave+0x120/0x120
[   49.408514][ T3273]  ? kthread_data+0x4d/0xc0
[   49.408541][ T3273]  ? wq_worker_running+0x95/0x190
[   49.408566][ T3273]  worker_thread+0xb14/0x1330
[   49.408601][ T3273]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   49.408640][ T3273]  kthread+0x266/0x300
[   49.408659][ T3273]  ? rcu_lock_release+0x20/0x20
[   49.408678][ T3273]  ? kthread_blkcg+0xd0/0xd0
[   49.408701][ T3273]  ret_from_fork+0x1f/0x30
[   49.408740][ T3273]  </TASK>
[   49.408751][ T3273] Kernel panic - not syncing: panic_on_warn set ...
[   49.408762][ T3273] CPU: 1 PID: 3273 Comm: kworker/1:2 Not tainted 5.19.0-rc1-syzkaller-00303-g7a68065eb9cd #0
[   49.408782][ T3273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.408794][ T3273] Workqueue: events request_firmware_work_func
[   49.408816][ T3273] Call Trace:
[   49.408824][ T3273]  <TASK>
[   49.408832][ T3273]  dump_stack_lvl+0x1e3/0x2cb
[   49.408856][ T3273]  ? bfq_pos_tree_add_move+0x436/0x436
[   49.408877][ T3273]  ? panic+0x76e/0x76e
[   49.408903][ T3273]  ? vscnprintf+0x59/0x80
[   49.408921][ T3273]  ? usb_submit_urb+0xc40/0x1920
[   49.408941][ T3273]  panic+0x312/0x76e
[   49.408961][ T3273]  ? __warn+0x136/0x230
[   49.408981][ T3273]  ? fb_is_primary_device+0xcc/0xcc
[   49.409008][ T3273]  ? ret_from_fork+0x1f/0x30
[   49.409029][ T3273]  ? usb_submit_urb+0xce2/0x1920
[   49.409048][ T3273]  __warn+0x203/0x230
[   49.409067][ T3273]  ? usb_submit_urb+0xce2/0x1920
[   49.409087][ T3273]  report_bug+0x1b3/0x2d0
[   49.409113][ T3273]  handle_bug+0x3d/0x70
[   49.409132][ T3273]  exc_invalid_op+0x16/0x40
[   49.409151][ T3273]  asm_exc_invalid_op+0x1b/0x20
[   49.409168][ T3273] RIP: 0010:usb_submit_urb+0xce2/0x1920
[   49.409188][ T3273] Code: 48 c1 e8 03 8a 04 18 84 c0 0f 85 d4 08 00 00 45 8b 06 48 c7 c7 60 a6 32 8b 48 8b 74 24 20 4c 89 fa 89 e9 31 c0 e8 ee e7 42 fb <0f> 0b 4c 8b 74 24 30 44 89 e5 48 89 ef 48 c7 c6 f0 dd 55 8d e8 25
[   49.409202][ T3273] RSP: 0018:ffffc90002fff9d8 EFLAGS: 00010246
[   49.409220][ T3273] RAX: 03b025edf3fdbd00 RBX: dffffc0000000000 RCX: ffff8880207b9d80
[   49.409234][ T3273] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   49.409247][ T3273] RBP: 0000000000000003 R08: ffffffff816bd62d R09: ffffed1017364f14
[   49.409266][ T3273] R10: ffffed1017364f14 R11: 1ffff11017364f13 R12: 0000000000000003
[   49.409279][ T3273] R13: ffff888016cabf00 R14: ffffffff8b32a44c R15: ffff8880177bd348
[   49.409301][ T3273]  ? __wake_up_klogd+0xcd/0x100
[   49.409329][ T3273]  ? usb_submit_urb+0xce2/0x1920
[   49.409355][ T3273]  ? usb_anchor_urb+0x1ca/0x240
[   49.409378][ T3273]  ath9k_hif_usb_alloc_urbs+0x88a/0xe90
[   49.409407][ T3273]  ath9k_hif_usb_firmware_cb+0x12b/0x4d0
[   49.409434][ T3273]  request_firmware_work_func+0x198/0x270
[   49.409454][ T3273]  ? ath9k_hif_request_firmware+0x4e0/0x4e0
[   49.409476][ T3273]  ? request_firmware_nowait+0x450/0x450
[   49.409500][ T3273]  ? _raw_spin_unlock_irq+0x1f/0x40
[   49.409525][ T3273]  process_one_work+0x81c/0xd10
[   49.409560][ T3273]  ? worker_detach_from_pool+0x260/0x260
[   49.409584][ T3273]  ? _raw_spin_lock_irqsave+0x120/0x120
[   49.409603][ T3273]  ? kthread_data+0x4d/0xc0
[   49.409626][ T3273]  ? wq_worker_running+0x95/0x190
[   49.409648][ T3273]  worker_thread+0xb14/0x1330
[   49.409679][ T3273]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   49.409715][ T3273]  kthread+0x266/0x300
[   49.409732][ T3273]  ? rcu_lock_release+0x20/0x20
[   49.409749][ T3273]  ? kthread_blkcg+0xd0/0xd0
[   49.409769][ T3273]  ret_from_fork+0x1f/0x30
[   49.409802][ T3273]  </TASK>
[   49.416282][ T3273] Kernel Offset: disabled