./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1400027279

<...>
DUID 00:04:cd:7d:74:7d:04:96:3f:c0:f2:1a:da:5a:49:b1:9f:fb
forked to background, child pid 3183
[   22.618293][ T3184] 8021q: adding VLAN 0 to HW filter on device bond0
[   22.632499][ T3184] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts.
execve("./syz-executor1400027279", ["./syz-executor1400027279"], 0x7ffeed7ab4f0 /* 10 vars */) = 0
brk(NULL)                               = 0x555556c4a000
brk(0x555556c4ac40)                     = 0x555556c4ac40
arch_prctl(ARCH_SET_FS, 0x555556c4a300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1400027279", 4096) = 28
brk(0x555556c6bc40)                     = 0x555556c6bc40
brk(0x555556c6c000)                     = 0x555556c6c000
mprotect(0x7f2332b47000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd7ea44430) = 0
ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd7ea43420) = 18
syzkaller login: [   42.171281][   T14] usb 1-1: new high-speed USB device number 2 using dummy_hcd
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd7ea43420) = 18
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd7ea43420) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd7ea43420) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd7ea43420) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd7ea43420) = 9
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
[   42.571461][   T14] usb 1-1: unable to get BOS descriptor or descriptor too short
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd7ea43420) = 128
[   42.651614][   T14] usb 1-1: config 0 has an invalid interface number: 39 but max is 2
[   42.659739][   T14] usb 1-1: config 0 has an invalid interface number: 182 but max is 2
[   42.668144][   T14] usb 1-1: config 0 has an invalid interface number: 182 but max is 2
[   42.676348][   T14] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[   42.685357][   T14] usb 1-1: config 0 has no interface number 0
[   42.691433][   T14] usb 1-1: config 0 has no interface number 1
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd7ea43420) = 0
[   42.697519][   T14] usb 1-1: config 0 interface 39 altsetting 9 endpoint 0xC has invalid maxpacket 1024, setting to 64
[   42.708407][   T14] usb 1-1: config 0 interface 39 altsetting 9 has an invalid endpoint with address 0x0, skipping
[   42.718947][   T14] usb 1-1: Duplicate descriptor for config 0 interface 182 altsetting 0, skipping
[   42.728165][   T14] usb 1-1: config 0 interface 39 has no altsetting 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd7ea43420) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd7ea43420) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd7ea43420) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd7ea43420) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd7ea43420) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd7ea44430) = 0
ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x92) = 0
ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0)    = 0
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2332b4d3ac) = 1
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd7ea43420) = 0
[   42.971348][   T14] usb 1-1: string descriptor 0 read error: -22
[   42.977632][   T14] usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=9c.90
[   42.986891][   T14] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   42.996855][   T14] usb 1-1: config 0 descriptor??
[   43.042990][   T14] ------------[ cut here ]------------
[   43.048476][   T14] usb 1-1: BOGUS urb xfer, pipe 1 != type 3
[   43.054925][   T14] WARNING: CPU: 0 PID: 14 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x1880
[   43.064803][   T14] Modules linked in:
[   43.068691][   T14] CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 6.0.0-rc3-next-20220901-syzkaller #0
[   43.078111][   T14] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[   43.088271][   T14] Workqueue: usb_hub_wq hub_event
[   43.093321][   T14] RIP: 0010:usb_submit_urb+0xed2/0x1880
[   43.098897][   T14] Code: 7c 24 18 e8 b0 43 e9 fb 48 8b 7c 24 18 e8 a6 2e 03 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 40 70 90 8a e8 12 8c aa 03 <0f> 0b e9 58 f8 ff ff e8 82 43 e9 fb 48 81 c5 c0 05 00 00 e9 84 f7
[   43.118545][   T14] RSP: 0018:ffffc90000136e68 EFLAGS: 00010286
[   43.124634][   T14] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[   43.132656][   T14] RDX: ffff888011a69d40 RSI: ffffffff81620448 RDI: fffff52000026dbf
[   43.140629][   T14] RBP: ffff888016f27c00 R08: 0000000000000005 R09: 0000000000000000
[   43.148654][   T14] R10: 0000000080000000 R11: 3a312d3120627375 R12: 0000000000000001
[   43.156674][   T14] R13: ffff888027c1c7d0 R14: 0000000000000002 R15: ffff888012667e00
[   43.164701][   T14] FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   43.173696][   T14] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.180267][   T14] CR2: 00007ffcf2da7970 CR3: 0000000026ad6000 CR4: 00000000003506f0
[   43.188258][   T14] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   43.196273][   T14] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   43.204269][   T14] Call Trace:
[   43.207543][   T14]  <TASK>
[   43.210459][   T14]  ? __init_swait_queue_head+0xc6/0x150
[   43.216056][   T14]  usb_start_wait_urb+0x101/0x4b0
[   43.221095][   T14]  ? usb_api_blocking_completion+0xa0/0xa0
[   43.226932][   T14]  ? __kasan_kmalloc+0xa9/0xd0
[   43.231748][   T14]  ? memset+0x20/0x40
[   43.235720][   T14]  usb_bulk_msg+0x226/0x550
exit_group(0)                           = ?
+++ exited with 0 +++
[   43.240228][   T14]  amradio_send_cmd+0x2d