./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1904627735 <...> Warning: Permanently added '10.128.1.11' (ED25519) to the list of known hosts. execve("./syz-executor1904627735", ["./syz-executor1904627735"], 0x7fff42b9f190 /* 10 vars */) = 0 brk(NULL) = 0x555557440000 brk(0x555557440d00) = 0x555557440d00 arch_prctl(ARCH_SET_FS, 0x555557440380) = 0 set_tid_address(0x555557440650) = 5036 set_robust_list(0x555557440660, 24) = 0 rseq(0x555557440ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1904627735", 4096) = 28 getrandom("\xfb\xbe\xf4\x95\x0b\x08\x3e\x29", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557440d00 brk(0x555557461d00) = 0x555557461d00 brk(0x555557462000) = 0x555557462000 mprotect(0x7f3daddf3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcb09eae30) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb09e9e20) = 18 [ 84.988587][ T4777] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb09e9e20) = 18 [ 85.228354][ T4777] usb 1-1: Using ep0 maxpacket: 32 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb09e9e20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb09e9e20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb09e9e20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb09e9e20) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 [ 85.388705][ T4777] usb 1-1: unable to get BOS descriptor or descriptor too short ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb09e9e20) = 426 [ 85.478672][ T4777] usb 1-1: config 6 has an invalid interface number: 199 but max is 2 [ 85.487172][ T4777] usb 1-1: config 6 has an invalid interface number: 48 but max is 2 [ 85.495629][ T4777] usb 1-1: config 6 has an invalid interface number: 105 but max is 2 [ 85.503903][ T4777] usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping [ 85.512656][ T4777] usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping [ 85.521601][ T4777] usb 1-1: config 6 has an invalid interface descriptor of length 2, skipping [ 85.530515][ T4777] usb 1-1: config 6 has no interface number 0 [ 85.536589][ T4777] usb 1-1: config 6 has no interface number 1 [ 85.542752][ T4777] usb 1-1: config 6 has no interface number 2 [ 85.549015][ T4777] usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 85.560223][ T4777] usb 1-1: config 6 interface 199 altsetting 128 has an invalid endpoint with address 0x0, skipping [ 85.571200][ T4777] usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x8, skipping [ 85.582246][ T4777] usb 1-1: config 6 interface 199 altsetting 128 bulk endpoint 0x2 has invalid maxpacket 8 [ 85.592318][ T4777] usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 85.603545][ T4777] usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 85.614761][ T4777] usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x1, skipping [ 85.625875][ T4777] usb 1-1: config 6 interface 199 altsetting 128 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 85.637081][ T4777] usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x4, skipping [ 85.648348][ T4777] usb 1-1: config 6 interface 48 altsetting 8 has a duplicate endpoint with address 0xA, skipping [ 85.659119][ T4777] usb 1-1: config 6 interface 105 altsetting 129 has 0 endpoint descriptors, different from the interface descriptor's value: 7 [ 85.672479][ T4777] usb 1-1: config 6 interface 199 has no altsetting 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb09e9e20) = 0 [ 85.679300][ T4777] usb 1-1: config 6 interface 48 has no altsetting 0 [ 85.686011][ T4777] usb 1-1: config 6 interface 105 has no altsetting 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb09e9e20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb09e9e20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb09e9e20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb09e9e20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcb09e9e20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcb09eae30) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xd3) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f3daddf93cc) = -1 EINVAL (Invalid argument) [ 85.928678][ T4777] usb 1-1: string descriptor 0 read error: -22 [ 85.935050][ T4777] usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=b9.c5 [ 85.944203][ T4777] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcb09e9e20) = 0 [ 86.005172][ T4777] ------------[ cut here ]------------ [ 86.010906][ T4777] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 86.017345][ T4777] WARNING: CPU: 1 PID: 4777 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc48/0x18b0 [ 86.027008][ T4777] Modules linked in: [ 86.030980][ T4777] CPU: 1 PID: 4777 Comm: kworker/1:3 Not tainted 6.6.0-rc3-syzkaller #0 [ 86.039366][ T4777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 86.049512][ T4777] Workqueue: usb_hub_wq hub_event [ 86.054562][ T4777] RIP: 0010:usb_submit_urb+0xc48/0x18b0 [ 86.060441][ T4777] Code: 89 f8 48 c1 e8 03 0f b6 04 18 84 c0 0f 85 a8 08 00 00 45 8b 07 48 c7 c7 80 5a a5 8b 48 8b 34 24 4c 89 e2 89 e9 e8 88 45 c1 fa <0f> 0b 48 8b 5c 24 30 41 89 dc 4c 89 e7 48 c7 c6 50 45 e6 8d e8 2f [ 86.080158][ T4777] RSP: 0018:ffffc900037aeaa0 EFLAGS: 00010246 [ 86.086245][ T4777] RAX: fc360272ddcaa100 RBX: dffffc0000000000 RCX: ffff88801dbf9dc0 [ 86.094345][ T4777] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 86.102394][ T4777] RBP: 0000000000000001 R08: ffffffff81543302 R09: 1ffff1101732516a [ 86.110825][ T4777] R10: dffffc0000000000 R11: ffffed101732516b R12: ffff888021df14d8 [ 86.119133][ T4777] R13: ffff8880136c2c00 R14: 0000000000000000 R15: ffffffff8ba55868 [ 86.127235][ T4777] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 86.136376][ T4777] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.143200][ T4777] CR2: 00007ffe1af89ec8 CR3: 0000000074b77000 CR4: 00000000003506e0 exit_group(0) = ? [ 86.151247][ T4777] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 86.159287][ T4777] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 86.167288][ T4777] Call Trace: [ 86.170650][ T4777] [ 86.173612][ T4777] ? __warn+0x162/0x4a0 [ 86.177865][ T4777] ? usb_submit_urb+0xc48/0x18b0 [ 86.182978][ T4777] ? report_bug+0x2b3/0x500 [ 86.187525][ T4777] ? usb_submit_urb+0xc48/0x18b0 [ 86.192561][ T4777] ? handle_bug+0x3d/0x70 [ 86.196923][ T4777] ? exc_invalid_op+0x1a/0x50 +++ exited with 0 +++ [ 86.201813][ T4777] ? asm_exc_invalid_op+0x1a