./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3853169962 <...> [ 111.402893][ T1527] cfg80211: failed to load regulatory.db forked to background, child pid 4617 [ 115.581098][ T4618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.627242][ T4618] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.93' (ECDSA) to the list of known hosts. execve("./syz-executor3853169962", ["./syz-executor3853169962"], 0x7fff15462ff0 /* 10 vars */) = 0 brk(NULL) = 0x555556e54000 brk(0x555556e54c40) = 0x555556e54c40 arch_prctl(ARCH_SET_FS, 0x555556e54300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3853169962", 4096) = 28 brk(0x555556e75c40) = 0x555556e75c40 brk(0x555556e76000) = 0x555556e76000 mprotect(0x7ffa3a785000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e545d0) = 4963 ./strace-static-x86_64: Process 4963 attached [pid 4963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4963] setpgid(0, 0) = 0 [pid 4963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4963] write(3, "1000", 4) = 4 [pid 4963] close(3) = 0 [pid 4963] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 4963] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcecabadf0) = 0 [pid 4963] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabadf0) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabadf0) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcecab9de0) = 18 syzkaller login: [ 169.250707][ T1527] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabadf0) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcecab9de0) = 18 [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabadf0) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcecab9de0) = 9 [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabadf0) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcecab9de0) = 36 [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabadf0) = 0 [ 169.611055][ T1527] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 16 [ 169.621280][ T1527] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 4963] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcecab9de0) = 4 [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabadf0) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcecab9de0) = 8 [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabadf0) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcecab9de0) = 8 [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabadf0) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcecab9de0) = 8 [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabadf0) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 169.791133][ T1527] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=6f.8d [ 169.800813][ T1527] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.809046][ T1527] usb 1-1: Product: syz [ 169.813575][ T1527] usb 1-1: Manufacturer: syz [ 169.818418][ T1527] usb 1-1: SerialNumber: syz [ 169.827939][ T1527] usb 1-1: config 0 descriptor?? [pid 4963] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7ffa3a78b46c) = -1 EINVAL (Invalid argument) [pid 4963] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7ffa3a78b47c) = -1 EINVAL (Invalid argument) [pid 4963] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcecab9de0) = 0 [ 169.859851][ T4963] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 169.869710][ T4963] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 169.893934][ T1527] smsc95xx v2.0.0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabae10) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EP_DISABLE, 0) = -1 EINVAL (Invalid argument) [pid 4963] ioctl(3, USB_RAW_IOCTL_EP_DISABLE, 0) = -1 EINVAL (Invalid argument) [pid 4963] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7ffa3a78b46c) = -1 EINVAL (Invalid argument) [pid 4963] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7ffa3a78b47c) = -1 EINVAL (Invalid argument) [pid 4963] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcecab9e00) = 0 [ 170.104949][ T4963] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 170.115038][ T4963] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabae10) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EP0_STALL, 0) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabae10) = 0 [ 170.350989][ T1527] smsc95xx 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 170.362081][ T1527] smsc95xx 1-1:0.0 (unnamed net_device) (uninitialized): Error reading E2P_CMD [pid 4963] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffcecab9e00) = 4 [pid 4963] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabae10) = 0 [pid 4963] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffcecab9e00) = 0 [ 170.621276][ T1527] ===================================================== [ 170.628489][ T1527] BUG: KMSAN: uninit-value in smsc95xx_reset+0x409/0x25f0 [ 170.635906][ T1527] smsc95xx_reset+0x409/0x25f0 [ 170.641113][ T1527] smsc95xx_bind+0x9bc/0x22e0 [ 170.646031][ T1527] usbnet_probe+0x1011/0x3f20 [ 170.651019][ T1527] usb_probe_interface+0xc75/0x1210 [ 170.656450][ T1527] really_probe+0x506/0xf40 [ 170.661411][ T1527] __driver_probe_device+0x2a7/0x5d0 [ 170.666851][ T1527] driver_probe_device+0x72/0x7b0 [ 170.672234][ T1527] __device_attach_driver+0x55a/0x8f0 [ 170.677917][ T1527] bus_for_each_drv+0x3ff/0x620 [ 170.683202][ T1527] __device_attach+0x3bd/0x640 [ 170.688299][ T1527] device_initial_probe+0x32/0x40 [ 170.693665][ T1527] bus_probe_device+0x3d8/0x5a0 [ 170.698716][ T1527] device_add+0x1b6a/0x24b0 [ 170.703503][ T1527] usb_set_configuration+0x31c9/0x38c0 [ 170.709198][ T1527] usb_generic_driver_probe+0x109/0x2a0 [ 170.715153][ T1527] usb_probe_device+0x290/0x4a0 [ 170.720202][ T1527] really_probe+0x506/0xf40 [ 170.725011][ T1527] __driver_probe_device+0x2a7/0x5d0 [ 170.730638][ T1527] driver_probe_device+0x72/0x7b0 [ 170.735920][ T1527] __device_attach_driver+0x55a/0x8f0 [ 170.741721][ T1527] bus_for_each_drv+0x3ff/0x620 [ 170.746758][ T1527] __device_attach+0x3bd/0x640 [ 170.751847][ T1527] device_initial_probe+0x32/0x40 [ 170.757101][ T1527] bus_probe_device+0x3d8/0x5a0 [ 170.762359][ T1527] device_add+0x1b6a/0x24b0 [ 170.767028][ T1527] usb_new_device+0x15f6/0x22f0 [ 170.772135][ T1527] hub_event+0x577b/0x78a0 [ 170.776769][ T1527] process_one_work+0xb0d/0x1410 [ 170.782322][ T1527] worker_thread+0x107e/0x1d60 [ 170.787263][ T1527] kthread+0x3e8/0x540 [ 170.791561][ T1527] ret_from_fork+0x1f/0x30 [ 170.796194][ T1527] [ 170.798604][ T1527] Local variable buf.i225 created at: [ 170.804300][ T1527] smsc95xx_reset+0x203/0x25f0 [ 170.809287][ T1527] smsc95xx_bind+0x9bc/0x22e0 [ 170.814311][ T1527] [pid 4963] exit_group(0) = ? [ 170.816757][ T1527] CPU: 1 PID: 1527 Comm: kworker/1:2 Not tainted 6.4.0-syzkaller-g257152fe29be #0 [ 170.826259][ T1527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 170.836602][ T1527] Workqueue: usb_hub_wq hub_event [ 170.842045][ T1527] ===================================================== [ 170.849111][ T1527] Disabling lock debugging due to kernel taint [ 170.855572][ T1527] Kernel panic - not syncing: kmsan.panic set ... [ 170.862137][ T1527] CPU: 1 PID: 1527 Comm: kworker/1:2 Tainted: G B 6.4.0-syzkaller-g257152fe29be #0 [pid 4963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4963, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e545d0) = 4967 ./strace-static-x86_64: Process 4967 attached [pid 4967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4967] setpgid(0, 0) = 0 [pid 4967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 170.873020][ T1527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 170.883252][ T1527] Workqueue: usb_hub_wq hub_event [ 170.888527][ T1527] Call Trace: [ 170.891934][ T1527] [ 170.894991][ T1527] dump_stack_lvl+0x1bf/0x240 [ 170.899902][ T1527] dump_stack+0x1e/0x20 [ 170.904249][ T1527] panic+0x4d5/0xc70 [ 170.908386][ T1527] ? add_taint+0x108/0x1a0 [ 170.913028][ T1527] kmsan_report+0x2d0/0x2d0 [ 170.917745][ T1527] ? __msan_warning+0x96/0x110 [pid 4967] write(3, "1000", 4) = 4 [pid 4967] close(3) = 0 [pid 4967] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 4967] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffcecabadf0) = 0 [pid 4967] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 4967] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffcecabadf0) = 0 [ 170.922713][ T1527] ? smsc95xx_reset+0x409/0x25f0 [ 170.927895][ T1527] ? smsc95xx_bind+0x9bc/0x22e0 [ 170.932966][ T1527] ? usbnet_probe+0x1011/0x3f20 [ 170.938003][ T1527] ? usb_probe_interface+0xc75/0x1210 [ 170.943592][ T1527] ? really_probe+0x506/0xf40 [ 170.948509][ T1527] ? __driver_probe_device+0x2a7/0x5d0 [ 170.954212][ T1527] ? driver_probe_device+0x72/0x7b0 [ 170.959669][ T1527] ? __device_attach_driver+0x55a/0x8f0 [ 170.965470][ T1527] ? bus_for_each_drv+0x3ff/0x620 [ 170.970714][ T1527] ? __device_attach+0x3bd/0x640 [ 170.975889][ T1527] ? device_initial_probe+0x32/0x40 [ 170.981331][ T1527] ? bus_probe_device+0x3d8/0x5a0 [ 170.986563][ T1527] ? device_add+0x1b6a/0x24b0 [ 170.991386][ T1527] ? usb_set_configuration+0x31c9/0x38c0 [ 170.997213][ T1527] ? usb_generic_driver_probe+0x109/0x2a0 [ 171.003066][ T1527] ? usb_probe_device+0x290/0x4a0 [ 171.008244][ T1527] ? really_probe+0x506/0xf40 [ 171.013156][ T1527] ? __driver_probe_device+0x2a7/0x5d0 [ 171.018876][ T1527] ? driver_probe_device+0x72/0x7b0 [ 171.024298][ T1527] ? __device_attach_driver+0x55a/0x8f0 [ 171.030018][ T1527] ? bus_for_each_drv+0x3ff/0x620 [ 171.035252][ T1527] ? __device_attach+0x3bd/0x640 [ 171.040368][ T1527] ? device_initial_probe+0x32/0x40 [ 171.045774][ T1527] ? bus_probe_device+0x3d8/0x5a0 [ 171.050954][ T1527] ? device_add+0x1b6a/0x24b0 [ 171.055809][ T1527] ? usb_new_device+0x15f6/0x22f0 [ 171.060994][ T1527] ? hub_event+0x577b/0x78a0 [ 171.065813][ T1527] ? process_one_work+0xb0d/0x1410 [ 171.071123][ T1527] ? worker_thread+0x107e/0x1d60 [ 171.076217][ T1527] ? kthread+0x3e8/0x540 [ 171.080638][ T1527] ? ret_from_fork+0x1f/0x30 [ 171.085433][ T1527] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 171.091424][ T1527] ? __pm_runtime_idle+0x251/0x400 [ 171.096770][ T1527] ? usb_autopm_put_interface+0xa3/0xe0 [ 171.102539][ T1527] ? usbnet_read_cmd+0x354/0x3b0 [ 171.107620][ T1527] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 171.113658][ T1527] __msan_warning+0x96/0x110 [ 171.118443][ T1527] smsc95xx_reset+0x409/0x25f0 [ 171.123423][ T1527] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 171.129386][ T1527] smsc95xx_bind+0x9bc/0x22e0 [ 171.134253][ T1527] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 171.140194][ T1527] ? validate_slab+0x549/0x5a0 [ 171.145108][ T1527] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 171.151090][ T1527] ? smsc95xx_start_tx_path+0x5f0/0x5f0 [ 171.156813][ T1527] ? smsc95xx_start_tx_path+0x5f0/0x5f0 [ 171.162558][ T1527] usbnet_probe+0x1011/0x3f20 [ 171.167429][ T1527] ? ktime_get_mono_fast_ns+0x337/0x400 [ 171.173244][ T1527] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 171.179618][ T1527] ? usbnet_disconnect+0x7c0/0x7c0 [ 171.184915][ T1527] usb_probe_interface+0xc75/0x1210 [ 171.190294][ T1527] ? usb_register_driver+0x600/0x600 [ 171.195785][ T1527] really_probe+0x506/0xf40 [ 171.200471][ T1527] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 171.206816][ T1527] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 171.212821][ T1527] __driver_probe_device+0x2a7/0x5d0 [ 171.218304][ T1527] driver_probe_device+0x72/0x7b0 [ 171.223543][ T1527] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 171.229541][ T1527] __device_attach_driver+0x55a/0x8f0 [ 171.235101][ T1527] bus_for_each_drv+0x3ff/0x620 [ 171.240151][ T1527] ? coredump_store+0xa0/0xa0 [ 171.245006][ T1527] __device_attach+0x3bd/0x640 [ 171.250017][ T1527] device_initial_probe+0x32/0x40 [ 171.255218][ T1527] bus_probe_device+0x3d8/0x5a0 [ 171.260313][ T1527] device_add+0x1b6a/0x24b0 [ 171.265088][ T1527] usb_set_configuration+0x31c9/0x38c0 [ 171.270718][ T1527] ? usb_set_configuration+0x971/0x38c0 [ 171.276526][ T1527] usb_generic_driver_probe+0x109/0x2a0 [ 171.282256][ T1527] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 171.288192][ T1527] ? usb_choose_configuration+0xde0/0xde0 [ 171.294070][ T1527] ? usb_choose_configuration+0xde0/0xde0 [ 171.300006][ T1527] usb_probe_device+0x290/0x4a0 [ 171.305048][ T1527] ? usb_register_device_driver+0x450/0x450 [ 171.311105][ T1527] really_probe+0x506/0xf40 [ 171.315827][ T1527] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 171.322066][ T1527] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 171.328032][ T1527] __driver_probe_device+0x2a7/0x5d0 [ 171.333544][ T1527] driver_probe_device+0x72/0x7b0 [ 171.338800][ T1527] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 171.344772][ T1527] __device_attach_driver+0x55a/0x8f0 [ 171.350413][ T1527] bus_for_each_drv+0x3ff/0x620 [ 171.355483][ T1527] ? coredump_store+0xa0/0xa0 [ 171.360375][ T1527] __device_attach+0x3bd/0x640 [ 171.365356][ T1527] device_initial_probe+0x32/0x40 [ 171.370617][ T1527] bus_probe_device+0x3d8/0x5a0 [ 171.375619][ T1527] device_add+0x1b6a/0x24b0 [ 171.380344][ T1527] usb_new_device+0x15f6/0x22f0 [ 171.385416][ T1527] hub_event+0x577b/0x78a0 [ 171.390172][ T1527] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 171.396118][ T1527] ? led_work+0x740/0x740 [ 171.400597][ T1527] ? led_work+0x740/0x740 [ 171.405063][ T1527] process_one_work+0xb0d/0x1410 [ 171.410197][ T1527] worker_thread+0x107e/0x1d60 [ 171.415158][ T1527] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 171.421120][ T1527] ? __kthread_parkme+0x190/0x1e0 [ 171.426356][ T1527] kthread+0x3e8/0x540 [ 171.430603][ T1527] ? pr_cont_work+0xce0/0xce0 [ 171.435500][ T1527] ? kthread_blkcg+0x120/0x120 [ 171.440430][ T1527] ret_from_fork+0x1f/0x30 [ 171.445023][ T1527] [ 171.448391][ T1527] Kernel Offset: disabled [ 171.452803][ T1527] Rebooting in 86400 seconds..