./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1521748170 <...> Warning: Permanently added '10.128.0.228' (ECDSA) to the list of known hosts. execve("./syz-executor1521748170", ["./syz-executor1521748170"], 0x7ffe75860cb0 /* 10 vars */) = 0 brk(NULL) = 0x555555633000 brk(0x555555633c40) = 0x555555633c40 arch_prctl(ARCH_SET_FS, 0x555555633300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1521748170", 4096) = 28 brk(0x555555654c40) = 0x555555654c40 brk(0x555555655000) = 0x555555655000 mprotect(0x7f8f2323e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd0e707f80) = 0 ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0e707f80) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0e707f80) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0e706f70) = 18 syzkaller login: [ 45.262212][ T923] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0e707f80) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0e706f70) = 18 [ 45.502137][ T923] usb 1-1: Using ep0 maxpacket: 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0e707f80) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0e706f70) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0e707f80) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0e706f70) = 36 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0e707f80) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0e706f70) = 4 [ 45.622738][ T923] usb 1-1: config 0 has an invalid interface number: 164 but max is 0 [ 45.631159][ T923] usb 1-1: config 0 has no interface number 0 [ 45.637485][ T923] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 45.647605][ T923] usb 1-1: config 0 interface 164 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0e707f80) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0e706f70) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0e707f80) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0e706f70) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0e707f80) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd0e706f70) = 8 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd0e707f80) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 45.822800][ T923] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=14.b2 [ 45.831905][ T923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 45.840018][ T923] usb 1-1: Product: syz [ 45.844264][ T923] usb 1-1: Manufacturer: syz [ 45.848870][ T923] usb 1-1: SerialNumber: syz [ 45.858195][ T923] usb 1-1: config 0 descriptor?? ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f8f232443ac) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f8f232443bc) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd0e706f70) = 0 [ 45.894870][ T3612] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 45.902829][ T3612] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 45.917074][ T923] ------------[ cut here ]------------ [ 45.922779][ T923] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 45.928966][ T923] WARNING: CPU: 1 PID: 923 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x1880 [ 45.938526][ T923] Modules linked in: [ 45.942478][ T923] CPU: 1 PID: 923 Comm: kworker/1:2 Not tainted 6.0.0-rc5-syzkaller #0 [ 45.950712][ T923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 45.960832][ T923] Workqueue: usb_hub_wq hub_event [ 45.966156][ T923] RIP: 0010:usb_submit_urb+0xed2/0x1880 [ 45.971797][ T923] Code: 7c 24 18 e8 d0 5a ee fb 48 8b 7c 24 18 e8 36 5c 03 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 c0 e9 8f 8a e8 50 fe ac 03 <0f> 0b e9 58 f8 ff ff e8 a2 5a ee fb 48 81 c5 c0 05 00 00 e9 84 f7 [ 45.991551][ T923] RSP: 0018:ffffc90004c2ee78 EFLAGS: 00010282 [ 45.997706][ T923] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 46.005769][ T923] RDX: ffff88801e7e0000 RSI: ffffffff8161f408 RDI: fffff52000985dc1 [ 46.013826][ T923] RBP: ffff888016b89100 R08: 0000000000000005 R09: 0000000000000000 [ 46.021824][ T923] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000001 [ 46.029867][ T923] R13: ffff888020e346e0 R14: 0000000000000002 R15: ffff888016b8fa00 [ 46.037903][ T923] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 46.046997][ T923] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.053660][ T923] CR2: 00007fff30a8ba90 CR3: 000000000bc8e000 CR4: 00000000003506e0 [ 46.061948][ T923] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.070190][ T923] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 46.078269][ T923] Call Trace: [ 46.081569][ T923] [ 46.084552][ T923] ? __init_swait_queue_head+0xc6/0x150 [ 46.090126][ T923] usb_start_wait_urb+0x101/0x4b0 exit_group(0) = ? +++ exited with 0 +++ [ 46.09