./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3083739769 <...> Warning: Permanently added '10.128.1.166' (ECDSA) to the list of known hosts. execve("./syz-executor3083739769", ["./syz-executor3083739769"], 0x7ffe33f09f00 /* 10 vars */) = 0 brk(NULL) = 0x555555dc2000 brk(0x555555dc2c40) = 0x555555dc2c40 arch_prctl(ARCH_SET_FS, 0x555555dc2300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3083739769", 4096) = 28 brk(0x555555de3c40) = 0x555555de3c40 brk(0x555555de4000) = 0x555555de4000 mprotect(0x7f52ad3bb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dc25d0) = 4950 ./strace-static-x86_64: Process 4950 attached [pid 4950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4950] setpgid(0, 0) = 0 [pid 4950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4950] write(3, "1000", 4) = 4 [pid 4950] close(3) = 0 [pid 4950] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 4950] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdaeb5e2e0) = 0 [pid 4950] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 4950] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdaeb5e2e0) = 0 [pid 4950] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdaeb5e2e0) = 0 syzkaller login: [ 162.447557][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 4950] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdaeb5d2d0) = 18 [pid 4950] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdaeb5e2e0) = 0 [pid 4950] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdaeb5d2d0) = 18 [pid 4950] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdaeb5e2e0) = 0 [pid 4950] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdaeb5d2d0) = 9 [pid 4950] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdaeb5e2e0) = 0 [pid 4950] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdaeb5d2d0) = 36 [pid 4950] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdaeb5e2e0) = 0 [ 162.842288][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 16 [ 162.852488][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 4950] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdaeb5d2d0) = 4 [pid 4950] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdaeb5e2e0) = 0 [pid 4950] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdaeb5d2d0) = 8 [pid 4950] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdaeb5e2e0) = 0 [pid 4950] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdaeb5d2d0) = 8 [pid 4950] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdaeb5e2e0) = 0 [pid 4950] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdaeb5d2d0) = 8 [pid 4950] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdaeb5e2e0) = 0 [pid 4950] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 4950] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 163.022329][ T9] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=6f.8d [ 163.031929][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.040297][ T9] usb 1-1: Product: syz [ 163.044977][ T9] usb 1-1: Manufacturer: syz [ 163.049912][ T9] usb 1-1: SerialNumber: syz [ 163.059294][ T9] usb 1-1: config 0 descriptor?? [pid 4950] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f52ad3c146c) = -1 EINVAL (Invalid argument) [pid 4950] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f52ad3c147c) = -1 EINVAL (Invalid argument) [pid 4950] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdaeb5d2d0) = 0 [ 163.090024][ T4950] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 163.098689][ T4950] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 163.124902][ T9] smsc95xx v2.0.0 [pid 4950] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdaeb5e300) = 0 [pid 4950] ioctl(3, USB_RAW_IOCTL_EP_DISABLE, 0) = -1 EINVAL (Invalid argument) [pid 4950] ioctl(3, USB_RAW_IOCTL_EP_DISABLE, 0) = -1 EINVAL (Invalid argument) [pid 4950] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f52ad3c146c) = -1 EINVAL (Invalid argument) [pid 4950] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f52ad3c147c) = -1 EINVAL (Invalid argument) [pid 4950] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdaeb5d2f0) = 0 [ 163.333344][ T4950] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 163.343506][ T4950] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [pid 4950] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdaeb5e300) = 0 [pid 4950] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdaeb5d2f0) = 0 [ 163.582476][ T9] ===================================================== [ 163.589756][ T9] BUG: KMSAN: uninit-value in smsc95xx_eeprom_confirm_not_busy+0x1eb/0x360 [ 163.598759][ T9] smsc95xx_eeprom_confirm_not_busy+0x1eb/0x360 [ 163.605233][ T9] smsc95xx_read_eeprom+0x59/0x670 [ 163.610468][ T9] smsc95xx_bind+0x6d8/0x22e0 [ 163.615447][ T9] usbnet_probe+0x1011/0x3f20 [ 163.620307][ T9] usb_probe_interface+0xc75/0x1210 [ 163.625781][ T9] really_probe+0x506/0xf40 [ 163.630465][ T9] __driver_probe_device+0x2a7/0x5d0 [ 163.636090][ T9] driver_probe_device+0x72/0x7b0 [ 163.641286][ T9] __device_attach_driver+0x55a/0x8f0 [ 163.647022][ T9] bus_for_each_drv+0x3ff/0x620 [ 163.652105][ T9] __device_attach+0x3bd/0x640 [ 163.656992][ T9] device_initial_probe+0x32/0x40 [ 163.662317][ T9] bus_probe_device+0x3d8/0x5a0 [ 163.667307][ T9] device_add+0x1b6a/0x24b0 [ 163.672155][ T9] usb_set_configuration+0x31c9/0x38c0 [ 163.677830][ T9] usb_generic_driver_probe+0x109/0x2a0 [ 163.683769][ T9] usb_probe_device+0x290/0x4a0 [ 163.688760][ T9] really_probe+0x506/0xf40 [ 163.693643][ T9] __driver_probe_device+0x2a7/0x5d0 [ 163.699096][ T9] driver_probe_device+0x72/0x7b0 [ 163.704443][ T9] __device_attach_driver+0x55a/0x8f0 [ 163.709986][ T9] bus_for_each_drv+0x3ff/0x620 [ 163.715123][ T9] __device_attach+0x3bd/0x640 [ 163.720026][ T9] device_initial_probe+0x32/0x40 [ 163.725349][ T9] bus_probe_device+0x3d8/0x5a0 [ 163.730330][ T9] device_add+0x1b6a/0x24b0 [ 163.735133][ T9] usb_new_device+0x15f6/0x22f0 [ 163.740150][ T9] hub_event+0x577b/0x78a0 [ 163.744858][ T9] process_one_work+0xb0d/0x1410 [ 163.749923][ T9] worker_thread+0x107e/0x1d60 [ 163.754966][ T9] kthread+0x3e8/0x540 [ 163.759181][ T9] ret_from_fork+0x1f/0x30 [ 163.763906][ T9] [ 163.766290][ T9] Local variable buf.i created at: [ 163.771456][ T9] smsc95xx_eeprom_confirm_not_busy+0x92/0x360 [ 163.777943][ T9] smsc95xx_read_eeprom+0x59/0x670 [pid 4950] exit_group(0) = ? [pid 4950] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4950, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 163.783250][ T9] [ 163.785633][ T9] CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.4.0-syzkaller-g257152fe29be #0 [ 163.794943][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 163.805245][ T9] Workqueue: usb_hub_wq hub_event [ 163.810469][ T9] ===================================================== [ 163.817724][ T9] Disabling lock debugging due to kernel taint [ 163.824124][ T9] Kernel panic - not syncing: kmsan.panic set ... clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dc25d0) = 4954 ./strace-static-x86_64: Process 4954 attached [pid 4954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4954] setpgid(0, 0) = 0 [pid 4954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4954] write(3, "1000", 4) = 4 [pid 4954] close(3) = 0 [pid 4954] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 4954] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdaeb5e2e0) = 0 [ 163.830676][ T9] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G B 6.4.0-syzkaller-g257152fe29be #0 [ 163.841262][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 163.851471][ T9] Workqueue: usb_hub_wq hub_event [ 163.856706][ T9] Call Trace: [ 163.860078][ T9] [ 163.863106][ T9] dump_stack_lvl+0x1bf/0x240 [ 163.868015][ T9] dump_stack+0x1e/0x20 [ 163.872359][ T9] panic+0x4d5/0xc70 [ 163.876439][ T9] ? add_taint+0x108/0x1a0 [pid 4954] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 4954] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdaeb5e2e0) = 0 [ 163.881030][ T9] kmsan_report+0x2d0/0x2d0 [ 163.885732][ T9] ? __msan_warning+0x96/0x110 [ 163.890681][ T9] ? smsc95xx_eeprom_confirm_not_busy+0x1eb/0x360 [ 163.897296][ T9] ? smsc95xx_read_eeprom+0x59/0x670 [ 163.902774][ T9] ? smsc95xx_bind+0x6d8/0x22e0 [ 163.907801][ T9] ? usbnet_probe+0x1011/0x3f20 [ 163.912843][ T9] ? usb_probe_interface+0xc75/0x1210 [ 163.918388][ T9] ? really_probe+0x506/0xf40 [ 163.923237][ T9] ? __driver_probe_device+0x2a7/0x5d0 [ 163.928820][ T9] ? driver_probe_device+0x72/0x7b0 [ 163.934157][ T9] ? __device_attach_driver+0x55a/0x8f0 [ 163.939858][ T9] ? bus_for_each_drv+0x3ff/0x620 [ 163.945002][ T9] ? __device_attach+0x3bd/0x640 [ 163.950099][ T9] ? device_initial_probe+0x32/0x40 [ 163.955491][ T9] ? bus_probe_device+0x3d8/0x5a0 [ 163.960732][ T9] ? device_add+0x1b6a/0x24b0 [ 163.965691][ T9] ? usb_set_configuration+0x31c9/0x38c0 [ 163.971519][ T9] ? usb_generic_driver_probe+0x109/0x2a0 [ 163.977461][ T9] ? usb_probe_device+0x290/0x4a0 [ 163.982642][ T9] ? really_probe+0x506/0xf40 [ 163.987449][ T9] ? __driver_probe_device+0x2a7/0x5d0 [ 163.993094][ T9] ? driver_probe_device+0x72/0x7b0 [ 163.998452][ T9] ? __device_attach_driver+0x55a/0x8f0 [ 164.004146][ T9] ? bus_for_each_drv+0x3ff/0x620 [ 164.009302][ T9] ? __device_attach+0x3bd/0x640 [ 164.014399][ T9] ? device_initial_probe+0x32/0x40 [ 164.019732][ T9] ? bus_probe_device+0x3d8/0x5a0 [ 164.024910][ T9] ? device_add+0x1b6a/0x24b0 [ 164.029729][ T9] ? usb_new_device+0x15f6/0x22f0 [ 164.034911][ T9] ? hub_event+0x577b/0x78a0 [ 164.039633][ T9] ? process_one_work+0xb0d/0x1410 [ 164.044889][ T9] ? worker_thread+0x107e/0x1d60 [ 164.049939][ T9] ? kthread+0x3e8/0x540 [ 164.054367][ T9] ? ret_from_fork+0x1f/0x30 [ 164.059123][ T9] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 164.065044][ T9] ? __pm_runtime_idle+0x251/0x400 [ 164.070285][ T9] ? usb_autopm_put_interface+0xa3/0xe0 [ 164.076018][ T9] ? usbnet_read_cmd+0x354/0x3b0 [ 164.081226][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 164.087169][ T9] __msan_warning+0x96/0x110 [ 164.091876][ T9] smsc95xx_eeprom_confirm_not_busy+0x1eb/0x360 [ 164.098288][ T9] smsc95xx_read_eeprom+0x59/0x670 [ 164.103607][ T9] ? arch_get_platform_mac_address+0x16/0x30 [ 164.109696][ T9] ? platform_get_ethdev_address+0x1c4/0x230 [ 164.115786][ T9] smsc95xx_bind+0x6d8/0x22e0 [ 164.120587][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 164.126627][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 164.132663][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 164.138700][ T9] ? smsc95xx_start_tx_path+0x5f0/0x5f0 [ 164.144435][ T9] ? smsc95xx_start_tx_path+0x5f0/0x5f0 [ 164.150150][ T9] usbnet_probe+0x1011/0x3f20 [ 164.154965][ T9] ? ktime_get_mono_fast_ns+0x337/0x400 [ 164.160763][ T9] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 164.167153][ T9] ? usbnet_disconnect+0x7c0/0x7c0 [ 164.172551][ T9] usb_probe_interface+0xc75/0x1210 [ 164.177921][ T9] ? usb_register_driver+0x600/0x600 [ 164.183333][ T9] really_probe+0x506/0xf40 [ 164.188008][ T9] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 164.194201][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 164.200157][ T9] __driver_probe_device+0x2a7/0x5d0 [ 164.206980][ T9] driver_probe_device+0x72/0x7b0 [ 164.212177][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 164.218140][ T9] __device_attach_driver+0x55a/0x8f0 [ 164.223651][ T9] bus_for_each_drv+0x3ff/0x620 [ 164.228639][ T9] ? coredump_store+0xa0/0xa0 [ 164.233528][ T9] __device_attach+0x3bd/0x640 [ 164.238640][ T9] device_initial_probe+0x32/0x40 [ 164.243845][ T9] bus_probe_device+0x3d8/0x5a0 [ 164.248833][ T9] device_add+0x1b6a/0x24b0 [ 164.253529][ T9] usb_set_configuration+0x31c9/0x38c0 [ 164.259156][ T9] ? usb_set_configuration+0x8b1/0x38c0 [ 164.264960][ T9] usb_generic_driver_probe+0x109/0x2a0 [ 164.270721][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 164.276745][ T9] ? usb_choose_configuration+0xde0/0xde0 [ 164.282709][ T9] ? usb_choose_configuration+0xde0/0xde0 [ 164.288659][ T9] usb_probe_device+0x290/0x4a0 [ 164.293661][ T9] ? usb_register_device_driver+0x450/0x450 [ 164.299663][ T9] really_probe+0x506/0xf40 [ 164.304308][ T9] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 164.310592][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 164.316622][ T9] __driver_probe_device+0x2a7/0x5d0 [ 164.322122][ T9] driver_probe_device+0x72/0x7b0 [ 164.327319][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 164.333254][ T9] __device_attach_driver+0x55a/0x8f0 [ 164.338768][ T9] bus_for_each_drv+0x3ff/0x620 [ 164.343763][ T9] ? coredump_store+0xa0/0xa0 [ 164.348576][ T9] __device_attach+0x3bd/0x640 [ 164.353511][ T9] device_initial_probe+0x32/0x40 [ 164.358676][ T9] bus_probe_device+0x3d8/0x5a0 [ 164.363685][ T9] device_add+0x1b6a/0x24b0 [ 164.368348][ T9] usb_new_device+0x15f6/0x22f0 [ 164.373385][ T9] hub_event+0x577b/0x78a0 [ 164.378142][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 164.384186][ T9] ? led_work+0x740/0x740 [ 164.388700][ T9] ? led_work+0x740/0x740 [ 164.393180][ T9] process_one_work+0xb0d/0x1410 [ 164.398258][ T9] worker_thread+0x107e/0x1d60 [ 164.403179][ T9] kthread+0x3e8/0x540 [ 164.407351][ T9] ? pr_cont_work+0xce0/0xce0 [ 164.412143][ T9] ? kthread_blkcg+0x120/0x120 [ 164.417102][ T9] ret_from_fork+0x1f/0x30 [ 164.421634][ T9] [ 164.424833][ T9] Kernel Offset: disabled [ 164.429223][ T9] Rebooting in 86400 seconds..