./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4099428006 <...> forked to background, child pid 3184 no interfaces have a carrier [ 22.579189][ T3185] 8021q: adding VLAN 0 to HW filter on device bond0 [ 22.591405][ T3185] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.114' (ECDSA) to the list of known hosts. execve("./syz-executor4099428006", ["./syz-executor4099428006"], 0x7ffd1e8fa600 /* 10 vars */) = 0 brk(NULL) = 0x555556d48000 brk(0x555556d48c40) = 0x555556d48c40 arch_prctl(ARCH_SET_FS, 0x555556d48300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4099428006", 4096) = 28 brk(0x555556d69c40) = 0x555556d69c40 brk(0x555556d6a000) = 0x555556d6a000 mprotect(0x7f3cce805000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7fff58731fe0) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff58731fe0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff58731fe0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff58730fd0) = 18 syzkaller login: [ 40.712456][ T2986] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff58731fe0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff58730fd0) = 18 [ 40.962446][ T2986] usb 1-1: Using ep0 maxpacket: 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff58731fe0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff58730fd0) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff58731fe0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff58730fd0) = 36 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff58731fe0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff58730fd0) = 4 [ 41.082457][ T2986] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [ 41.090920][ T2986] usb 1-1: config 0 has no interface number 0 [ 41.097075][ T2986] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 41.107273][ T2986] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff58731fe0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff58730fd0) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff58731fe0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff58730fd0) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff58731fe0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff58730fd0) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff58731fe0) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 41.272533][ T2986] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 41.281626][ T2986] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.289672][ T2986] usb 1-1: Product: syz [ 41.293972][ T2986] usb 1-1: Manufacturer: syz [ 41.299023][ T2986] usb 1-1: SerialNumber: syz [ 41.307324][ T2986] usb 1-1: config 0 descriptor?? ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3cce80b3ac) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3cce80b3bc) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff58730fd0) = 0 [ 41.335276][ T3605] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 41.343495][ T3605] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 41.356403][ T2986] ------------[ cut here ]------------ [ 41.362013][ T2986] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 41.368491][ T2986] WARNING: CPU: 1 PID: 2986 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x1880 [ 41.378126][ T2986] Modules linked in: [ 41.382018][ T2986] CPU: 1 PID: 2986 Comm: kworker/1:3 Not tainted 6.0.0-rc5-syzkaller-00007-g6504d82f4440 #0 [ 41.392149][ T2986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 41.402277][ T2986] Workqueue: usb_hub_wq hub_event [ 41.407381][ T2986] RIP: 0010:usb_submit_urb+0xed2/0x1880 [ 41.412993][ T2986] Code: 7c 24 18 e8 50 59 ee fb 48 8b 7c 24 18 e8 36 5c 03 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 80 eb 8f 8a e8 d0 fc ac 03 <0f> 0b e9 58 f8 ff ff e8 22 59 ee fb 48 81 c5 c0 05 00 00 e9 84 f7 [ 41.432721][ T2986] RSP: 0018:ffffc90002d9ee78 EFLAGS: 00010282 [ 41.438827][ T2986] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 41.447049][ T2986] RDX: ffff88807ced3b00 RSI: ffffffff8161f408 RDI: fffff520005b3dc1 [ 41.455073][ T2986] RBP: ffff888012664c00 R08: 0000000000000005 R09: 0000000000000000 [ 41.463109][ T2986] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000001 [ 41.471091][ T2986] R13: ffff8880175e0938 R14: 0000000000000002 R15: ffff888016ac7f00 [ 41.479164][ T2986] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 41.488155][ T2986] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.494794][ T2986] CR2: 00007fffd767dc90 CR3: 000000007f742000 CR4: 0000000000350ee0 [ 41.502811][ T2986] Call Trace: [ 41.506078][ T2986] [ 41.508998][ T2986] ? __init_swait_queue_head+0xc6/0x150 [ 41.514591][ T2986] usb_start_wait_urb+0x101/0x4b0 [ 41.519634][ T2986] ? usb_api_blocking_completion+0xa0/0xa0 [ 41.525494][ T2986] ? trace_kmalloc+0x32/0x100 [ 41.530189][ T2986] ? memset+0x20/0x40 exit_group(0) = ? +++ exited with 0 +++ [ 41.534252][ T2986] u