./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3383970196 <...> Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. execve("./syz-executor3383970196", ["./syz-executor3383970196"], 0x7ffe842da200 /* 10 vars */) = 0 brk(NULL) = 0x5555556b8000 brk(0x5555556b8c40) = 0x5555556b8c40 arch_prctl(ARCH_SET_FS, 0x5555556b8300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3383970196", 4096) = 28 brk(0x5555556d9c40) = 0x5555556d9c40 brk(0x5555556da000) = 0x5555556da000 mprotect(0x7f64449f6000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556b85d0) = 3479 ./strace-static-x86_64: Process 3479 attached [pid 3479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3479] setpgid(0, 0) = 0 [pid 3479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3479] write(3, "1000", 4) = 4 [pid 3479] close(3) = 0 [pid 3479] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3479] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffce79fb1a0) = 0 [pid 3479] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffce79fb1a0) = 0 [pid 3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffce79fb1a0) = 0 [pid 3479] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffce79fa190) = 18 [ 136.051902][ T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffce79fb1a0) = 0 [ 136.291926][ T25] usb 1-1: Using ep0 maxpacket: 8 [pid 3479] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffce79fa190) = 18 [pid 3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffce79fb1a0) = 0 [pid 3479] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffce79fa190) = 9 [pid 3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffce79fb1a0) = 0 [pid 3479] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffce79fa190) = 36 [ 136.412320][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid maxpacket 6912, setting to 1024 [ 136.423677][ T25] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xE has invalid maxpacket 1024 [ 136.433928][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 136.443957][ T25] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [pid 3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffce79fb1a0) = 0 [pid 3479] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x5b) = 0 [pid 3479] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 136.454115][ T25] usb 1-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02 [ 136.463345][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.475215][ T25] usb 1-1: config 0 descriptor?? [pid 3479] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f64449fc46c) = -1 EINVAL (Invalid argument) [pid 3479] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f64449fc47c) = -1 EINVAL (Invalid argument) [pid 3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffce79fa190) = 0 [ 136.502827][ T3479] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 136.534599][ T25] ums-alauda 1-1:0.0: USB Mass Storage device detected [ 136.548537][ T25] scsi host1: usb-storage 1-1:0.0 [ 137.623743][ T962] scsi 1:0:0:0: Direct-Access Olympus MAUSB-10 (Alauda 0102 PQ: 0 ANSI: 0 CCS [ 137.634883][ T962] scsi 1:0:0:1: Direct-Access Olympus MAUSB-10 (Alauda 0102 PQ: 0 ANSI: 0 CCS [pid 3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffce79fb1c0) = 0 [pid 3479] ioctl(3, USB_RAW_IOCTL_EP0_STALL, 0) = 0 [pid 3479] exit_group(0) = ? [pid 3479] +++ exited with 0 +++ [ 137.672123][ T962] sd 1:0:0:0: Attached scsi generic sg1 type 0 [ 137.693452][ T962] sd 1:0:0:1: Attached scsi generic sg2 type 0 [ 137.707577][ T28] usb 1-1: USB disconnect, device number 2 [ 137.714407][ T9] sd 1:0:0:0: [sdb] Media removed, stopped polling --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3479, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556b85d0) = 3484 ./strace-static-x86_64: Process 3484 attached [pid 3484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3484] setpgid(0, 0) = 0 [ 137.727425][ T3483] ===================================================== [ 137.734771][ T3483] BUG: KMSAN: uninit-value in alauda_check_media+0x294/0x2620 [ 137.742523][ T3483] alauda_check_media+0x294/0x2620 [ 137.747777][ T3483] alauda_transport+0x10b/0x4fc0 [ 137.749424][ T9] sd 1:0:0:0: [sdb] Attached SCSI removable disk [ 137.752894][ T3483] usb_stor_invoke_transport+0x8d/0x3230 [ 137.765150][ T3483] usb_stor_transparent_scsi_command+0x22/0x30 [ 137.771526][ T3483] usb_stor_control_thread+0x685/0xbc0 [pid 3484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 137.777234][ T3483] kthread+0x31b/0x430 [ 137.781477][ T3483] ret_from_fork+0x1f/0x30 [ 137.786149][ T3483] [ 137.788556][ T3483] Local variable status created at: [ 137.793929][ T3483] alauda_check_media+0x6f/0x2620 [ 137.799353][ T3483] alauda_transport+0x10b/0x4fc0 [ 137.804516][ T3483] [ 137.806916][ T3483] CPU: 1 PID: 3483 Comm: usb-storage Not tainted 6.1.0-rc2-syzkaller-61959-gbe8b0d020631 #0 [ 137.817171][ T3483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [pid 3484] write(3, "1000", 4) = 4 [pid 3484] close(3) = 0 [pid 3484] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3484] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffce79fb1a0) = 0 [pid 3484] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3484] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffce79fb1a0) = 0 [ 137.827393][ T3483] ===================================================== [ 137.834490][ T3483] Disabling lock debugging due to kernel taint [ 137.840681][ T3483] Kernel panic - not syncing: kmsan.panic set ... [ 137.847160][ T3483] CPU: 1 PID: 3483 Comm: usb-storage Tainted: G B 6.1.0-rc2-syzkaller-61959-gbe8b0d020631 #0 [ 137.858862][ T3483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 137.869029][ T3483] Call Trace: [ 137.872388][ T3483] [ 137.875384][ T3483] dump_stack_lvl+0x1c8/0x256 [ 137.880174][ T3483] dump_stack+0x1a/0x23 [ 137.884466][ T3483] panic+0x4d3/0xc64 [ 137.888536][ T3483] ? add_taint+0x104/0x1a0 [ 137.893103][ T3483] kmsan_report+0x2ca/0x2d0 [ 137.897727][ T3483] ? __msan_warning+0x92/0x110 [ 137.902648][ T3483] ? alauda_check_media+0x294/0x2620 [ 137.908036][ T3483] ? alauda_transport+0x10b/0x4fc0 [ 137.913277][ T3483] ? usb_stor_invoke_transport+0x8d/0x3230 [ 137.919274][ T3483] ? usb_stor_transparent_scsi_command+0x22/0x30 [ 137.925801][ T3483] ? usb_stor_control_thread+0x685/0xbc0 [ 137.931582][ T3483] ? kthread+0x31b/0x430 [ 137.935959][ T3483] ? ret_from_fork+0x1f/0x30 [ 137.940663][ T3483] ? __stack_depot_save+0x21/0x4b0 [ 137.945958][ T3483] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.951877][ T3483] ? interpret_urb_result+0x11c/0x620 [ 137.957365][ T3483] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.963284][ T3483] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.969207][ T3483] __msan_warning+0x92/0x110 [ 137.973901][ T3483] alauda_check_media+0x294/0x2620 [ 137.979255][ T3483] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.985264][ T3483] alauda_transport+0x10b/0x4fc0 [ 137.990333][ T3483] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 137.996269][ T3483] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 138.002178][ T3483] ? finish_task_switch+0x226/0xa20 [ 138.007569][ T3483] ? __switch_to+0x297/0x580 [ 138.012256][ T3483] ? __schedule+0x15df/0x2180 [ 138.017065][ T3483] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 138.022971][ T3483] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 138.028872][ T3483] ? alauda_probe+0x230/0x230 [ 138.033640][ T3483] ? alauda_probe+0x230/0x230 [ 138.038433][ T3483] usb_stor_invoke_transport+0x8d/0x3230 [ 138.044200][ T3483] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 138.050184][ T3483] ? preempt_count_sub+0x7d/0x280 [ 138.055386][ T3483] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 138.061302][ T3483] usb_stor_transparent_scsi_command+0x22/0x30 [ 138.067600][ T3483] ? usb_stor_ufi_command+0x1c0/0x1c0 [ 138.073144][ T3483] usb_stor_control_thread+0x685/0xbc0 [ 138.078695][ T3483] ? __kthread_parkme+0x18c/0x1b0 [ 138.083843][ T3483] kthread+0x31b/0x430 [ 138.088030][ T3483] ? usb_stor_disconnect+0x3a0/0x3a0 [ 138.093419][ T3483] ? kthread_blkcg+0x120/0x120 [ 138.098308][ T3483] ret_from_fork+0x1f/0x30 [ 138.102852][ T3483] [ 138.106104][ T3483] Kernel Offset: disabled [ 138.110497][ T3483] Rebooting in 86400 seconds..