./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor898855758 <...> Warning: Permanently added '10.128.1.97' (ED25519) to the list of known hosts. execve("./syz-executor898855758", ["./syz-executor898855758"], 0x7ffe699594f0 /* 10 vars */) = 0 brk(NULL) = 0x55557bfae000 brk(0x55557bfaed00) = 0x55557bfaed00 arch_prctl(ARCH_SET_FS, 0x55557bfae380) = 0 set_tid_address(0x55557bfae650) = 5783 set_robust_list(0x55557bfae660, 24) = 0 rseq(0x55557bfaeca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor898855758", 4096) = 27 getrandom("\x31\xb7\xc8\xbf\xaf\xc4\xc2\xed", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557bfaed00 brk(0x55557bfcfd00) = 0x55557bfcfd00 brk(0x55557bfd0000) = 0x55557bfd0000 mprotect(0x7f05a3000000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557bfae650) = 5784 ./strace-static-x86_64: Process 5784 attached [pid 5784] set_robust_list(0x55557bfae660, 24) = 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5784] setpgid(0, 0) = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5784] write(3, "1000", 4) = 4 [pid 5784] close(3executing program ) = 0 [pid 5784] write(1, "executing program\n", 18) = 18 [pid 5784] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5784] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3da1d1a0) = 18 [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [ 180.880855][ T3067] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3da1d1a0) = 18 [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3da1d1a0) = 9 [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3da1d1a0) = 36 [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3da1d1a0) = 4 [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3da1d1a0) = 8 [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3da1d1a0) = 8 [ 181.050788][ T3067] usb 1-1: Using ep0 maxpacket: 8 [ 181.066610][ T3067] usb 1-1: config 2 has an invalid interface number: 31 but max is 0 [ 181.075044][ T3067] usb 1-1: config 2 has no interface number 0 [ 181.081502][ T3067] usb 1-1: config 2 interface 31 has no altsetting 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff3da1d1a0) = 8 [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x3) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f05a30063ec) = 1 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f05a30063fc) = 10 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff3da1d1a0) = 0 [ 181.104887][ T3067] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 181.114338][ T3067] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.122791][ T3067] usb 1-1: Product: syz [ 181.127225][ T3067] usb 1-1: Manufacturer: syz [ 181.132114][ T3067] usb 1-1: SerialNumber: syz [pid 5784] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1e0) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP_DISABLE, 0x1) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP_DISABLE, 0xa) = 0 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f05a30063ec) = 1 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f05a30063fc) = 10 [pid 5784] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff3da1d1d0) = 0 [pid 5784] exit_group(0) = ? [ 181.586332][ T3067] ===================================================== [ 181.593798][ T3067] BUG: KMSAN: uninit-value in mii_nway_restart+0x119/0x1e0 [ 181.601386][ T3067] mii_nway_restart+0x119/0x1e0 [ 181.606469][ T3067] ch9200_bind+0x238/0xeb0 [ 181.611245][ T3067] usbnet_probe+0xdb0/0x3eb0 [ 181.616039][ T3067] usb_probe_interface+0xd33/0x12e0 [ 181.621657][ T3067] really_probe+0x4dc/0xd90 [ 181.626478][ T3067] __driver_probe_device+0x2ab/0x5d0 [ 181.632172][ T3067] driver_probe_device+0x72/0x890 [ 181.637421][ T3067] __device_attach_driver+0x568/0x9e0 [ 181.643126][ T3067] bus_for_each_drv+0x403/0x620 [ 181.648179][ T3067] __device_attach+0x3c1/0x650 [ 181.653280][ T3067] device_initial_probe+0x32/0x40 [ 181.658803][ T3067] bus_probe_device+0x3dc/0x5c0 [ 181.664077][ T3067] device_add+0x13aa/0x1ba0 [ 181.668790][ T3067] usb_set_configuration+0x31c9/0x38d0 [ 181.674708][ T3067] usb_generic_driver_probe+0x109/0x2a0 [ 181.680467][ T3067] usb_probe_device+0x3a7/0x690 [ 181.685647][ T3067] really_probe+0x4dc/0xd90 [ 181.690816][ T3067] __driver_probe_device+0x2ab/0x5d0 [ 181.696324][ T3067] driver_probe_device+0x72/0x890 [ 181.701670][ T3067] __device_attach_driver+0x568/0x9e0 [ 181.707258][ T3067] bus_for_each_drv+0x403/0x620 [ 181.712461][ T3067] __device_attach+0x3c1/0x650 [ 181.717428][ T3067] device_initial_probe+0x32/0x40 [ 181.722841][ T3067] bus_probe_device+0x3dc/0x5c0 [ 181.727875][ T3067] device_add+0x13aa/0x1ba0 executing program [pid 5784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5784, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5787 attached , child_tidptr=0x55557bfae650) = 5787 [pid 5787] set_robust_list(0x55557bfae660, 24) = 0 [pid 5787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5787] setpgid(0, 0) = 0 [pid 5787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5787] write(3, "1000", 4) = 4 [pid 5787] close(3) = 0 [pid 5787] write(1, "executing program\n", 18) = 18 [pid 5787] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5787] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fff3da1e1b0) = 0 [pid 5787] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5787] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff3da1e1b0) = 0 [ 181.732687][ T3067] usb_new_device+0x15f0/0x2470 [ 181.737717][ T3067] hub_event+0x4ffb/0x72d0 [ 181.742457][ T3067] process_scheduled_works+0xc1a/0x1e80 [ 181.748235][ T3067] worker_thread+0xea7/0x14f0 [ 181.753190][ T3067] kthread+0x6b9/0xef0 [ 181.757457][ T3067] ret_from_fork+0x6d/0x90 [ 181.762232][ T3067] ret_from_fork_asm+0x1a/0x30 [ 181.767439][ T3067] [ 181.769855][ T3067] Local variable buff created at: [ 181.775060][ T3067] ch9200_mdio_read+0x3c/0x100 [ 181.779929][ T3067] mii_nway_restart+0x8a/0x1e0 [ 181.785090][ T3067] [ 181.787517][ T3067] CPU: 1 UID: 0 PID: 3067 Comm: kworker/1:2 Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0 [ 181.798548][ T3067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 181.808877][ T3067] Workqueue: usb_hub_wq hub_event [ 181.814152][ T3067] ===================================================== [ 181.821277][ T3067] Disabling lock debugging due to kernel taint [ 181.827689][ T3067] Kernel panic - not syncing: kmsan.panic set ... [ 181.834223][ T3067] CPU: 1 UID: 0 PID: 3067 Comm: kworker/1:2 Tainted: G B 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0 [ 181.846940][ T3067] Tainted: [B]=BAD_PAGE [ 181.851162][ T3067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 181.861491][ T3067] Workqueue: usb_hub_wq hub_event [ 181.866677][ T3067] Call Trace: [ 181.870043][ T3067] [ 181.873054][ T3067] dump_stack_lvl+0x216/0x2d0 [ 181.877836][ T3067] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 181.883783][ T3067] dump_stack+0x1e/0x24 [ 181.888082][ T3067] panic+0x4e2/0xcf0 [ 181.892211][ T3067] ? kmsan_get_metadata+0x121/0x1c0 [ 181.897640][ T3067] kmsan_report+0x2c7/0x2d0 [ 181.902313][ T3067] ? __device_attach+0x3c1/0x650 [ 181.907386][ T3067] ? worker_thread+0xea7/0x14f0 [ 181.912534][ T3067] ? __switch_to_asm+0x50/0x60 [ 181.917447][ T3067] ? __msan_warning+0x95/0x120 [ 181.922373][ T3067] ? mii_nway_restart+0x119/0x1e0 [ 181.927668][ T3067] ? ch9200_bind+0x238/0xeb0 [ 181.932397][ T3067] ? usbnet_probe+0xdb0/0x3eb0 [ 181.937482][ T3067] ? usb_probe_interface+0xd33/0x12e0 [ 181.943023][ T3067] ? really_probe+0x4dc/0xd90 [ 181.947837][ T3067] ? __driver_probe_device+0x2ab/0x5d0 [ 181.953440][ T3067] ? driver_probe_device+0x72/0x890 [ 181.958766][ T3067] ? __device_attach_driver+0x568/0x9e0 [ 181.964471][ T3067] ? bus_for_each_drv+0x403/0x620 [ 181.969790][ T3067] ? __device_attach+0x3c1/0x650 [ 181.974847][ T3067] ? device_initial_probe+0x32/0x40 [ 181.980279][ T3067] ? bus_probe_device+0x3dc/0x5c0 [ 181.985429][ T3067] ? device_add+0x13aa/0x1ba0 [ 181.990243][ T3067] ? usb_set_configuration+0x31c9/0x38d0 [ 181.996062][ T3067] ? usb_generic_driver_probe+0x109/0x2a0 [ 182.001921][ T3067] ? usb_probe_device+0x3a7/0x690 [ 182.007134][ T3067] ? really_probe+0x4dc/0xd90 [ 182.011937][ T3067] ? __driver_probe_device+0x2ab/0x5d0 [ 182.017548][ T3067] ? driver_probe_device+0x72/0x890 [ 182.022907][ T3067] ? __device_attach_driver+0x568/0x9e0 [ 182.028600][ T3067] ? bus_for_each_drv+0x403/0x620 [ 182.033741][ T3067] ? __device_attach+0x3c1/0x650 [ 182.038842][ T3067] ? device_initial_probe+0x32/0x40 [ 182.044163][ T3067] ? bus_probe_device+0x3dc/0x5c0 [ 182.049293][ T3067] ? device_add+0x13aa/0x1ba0 [ 182.054079][ T3067] ? usb_new_device+0x15f0/0x2470 [ 182.059232][ T3067] ? hub_event+0x4ffb/0x72d0 [ 182.063997][ T3067] ? process_scheduled_works+0xc1a/0x1e80 [ 182.069842][ T3067] ? worker_thread+0xea7/0x14f0 [ 182.074793][ T3067] ? kthread+0x6b9/0xef0 [ 182.079144][ T3067] ? ret_from_fork+0x6d/0x90 [ 182.083849][ T3067] ? ret_from_fork_asm+0x1a/0x30 [ 182.088891][ T3067] ? control_read+0x25b/0x2d0 [ 182.093700][ T3067] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.099193][ T3067] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.105179][ T3067] __msan_warning+0x95/0x120 [ 182.109944][ T3067] mii_nway_restart+0x119/0x1e0 [ 182.114930][ T3067] ch9200_bind+0x238/0xeb0 [ 182.119474][ T3067] ? __pfx_ch9200_bind+0x10/0x10 [ 182.124548][ T3067] usbnet_probe+0xdb0/0x3eb0 [ 182.129319][ T3067] ? pm_runtime_enable+0x3bb/0x3f0 [ 182.134555][ T3067] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.140550][ T3067] ? __pfx_usbnet_probe+0x10/0x10 [ 182.145725][ T3067] usb_probe_interface+0xd33/0x12e0 [ 182.151120][ T3067] ? __pfx_usb_probe_interface+0x10/0x10 [ 182.156961][ T3067] really_probe+0x4dc/0xd90 [ 182.161599][ T3067] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.167558][ T3067] __driver_probe_device+0x2ab/0x5d0 [ 182.172987][ T3067] driver_probe_device+0x72/0x890 [ 182.178146][ T3067] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.183514][ T3067] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.189469][ T3067] __device_attach_driver+0x568/0x9e0 [ 182.194992][ T3067] bus_for_each_drv+0x403/0x620 [ 182.199954][ T3067] ? __pfx___device_attach_driver+0x10/0x10 [ 182.205994][ T3067] __device_attach+0x3c1/0x650 [ 182.210896][ T3067] device_initial_probe+0x32/0x40 [ 182.216043][ T3067] bus_probe_device+0x3dc/0x5c0 [ 182.221092][ T3067] device_add+0x13aa/0x1ba0 [ 182.225717][ T3067] usb_set_configuration+0x31c9/0x38d0 [ 182.231332][ T3067] ? usb_set_configuration+0x8d1/0x38d0 [ 182.237096][ T3067] usb_generic_driver_probe+0x109/0x2a0 [ 182.242779][ T3067] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.248818][ T3067] ? __pfx_usb_generic_driver_probe+0x10/0x10 [ 182.255011][ T3067] usb_probe_device+0x3a7/0x690 [ 182.260001][ T3067] ? __pfx_usb_probe_device+0x10/0x10 [ 182.265529][ T3067] really_probe+0x4dc/0xd90 [ 182.270235][ T3067] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.276192][ T3067] __driver_probe_device+0x2ab/0x5d0 [ 182.281694][ T3067] driver_probe_device+0x72/0x890 [ 182.286848][ T3067] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.292168][ T3067] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.298118][ T3067] __device_attach_driver+0x568/0x9e0 [ 182.303655][ T3067] bus_for_each_drv+0x403/0x620 [ 182.308620][ T3067] ? __pfx___device_attach_driver+0x10/0x10 [ 182.314669][ T3067] __device_attach+0x3c1/0x650 [ 182.319589][ T3067] device_initial_probe+0x32/0x40 [ 182.324841][ T3067] bus_probe_device+0x3dc/0x5c0 [ 182.329808][ T3067] device_add+0x13aa/0x1ba0 [ 182.334483][ T3067] usb_new_device+0x15f0/0x2470 [ 182.339521][ T3067] hub_event+0x4ffb/0x72d0 [ 182.344097][ T3067] ? __pfx_hub_event+0x10/0x10 [ 182.348973][ T3067] process_scheduled_works+0xc1a/0x1e80 [ 182.354673][ T3067] worker_thread+0xea7/0x14f0 [ 182.359442][ T3067] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.365395][ T3067] kthread+0x6b9/0xef0 [ 182.369563][ T3067] ? __pfx_worker_thread+0x10/0x10 [ 182.374774][ T3067] ? __pfx_kthread+0x10/0x10 [ 182.379481][ T3067] ret_from_fork+0x6d/0x90 [ 182.384154][ T3067] ? __pfx_kthread+0x10/0x10 [ 182.388840][ T3067] ret_from_fork_asm+0x1a/0x30 [ 182.393739][ T3067] [ 182.397019][ T3067] Kernel Offset: disabled [ 182.401423][ T3067] Rebooting in 86400 seconds..