./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3754097839 <...> forked to background, child pid 4586 no interfaces have a carrier [ 100.892066][ T4587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.929228][ T4587] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 110.483280][ T114] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.47' (ECDSA) to the list of known hosts. execve("./syz-executor3754097839", ["./syz-executor3754097839"], 0x7ffe717a8a10 /* 10 vars */) = 0 brk(NULL) = 0x555557307000 brk(0x555557307c40) = 0x555557307c40 arch_prctl(ARCH_SET_FS, 0x555557307300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3754097839", 4096) = 28 brk(0x555557328c40) = 0x555557328c40 brk(0x555557329000) = 0x555557329000 mprotect(0x7f1edd810000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573075d0) = 5009 ./strace-static-x86_64: Process 5009 attached [pid 5009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5009] setpgid(0, 0) = 0 [pid 5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5009] write(3, "1000", 4) = 4 [pid 5009] close(3) = 0 [pid 5009] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5009] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc59f6c3c0) = 0 [pid 5009] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5009] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc59f6c3c0) = 0 [pid 5009] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc59f6c3c0) = 0 [pid 5009] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc59f6b3b0) = 18 [ 142.031984][ T4675] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 5009] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc59f6c3c0) = 0 [ 142.291975][ T4675] usb 1-1: Using ep0 maxpacket: 16 [pid 5009] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc59f6b3b0) = 18 [pid 5009] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc59f6c3c0) = 0 [pid 5009] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc59f6b3b0) = 9 [pid 5009] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc59f6c3c0) = 0 [pid 5009] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc59f6b3b0) = 27 [pid 5009] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc59f6c3c0) = 0 [pid 5009] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc59f6b3b0) = 4 [ 142.422287][ T4675] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 142.432693][ T4675] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 142.443820][ T4675] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [pid 5009] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc59f6c3c0) = 0 [pid 5009] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc59f6b3b0) = 8 [pid 5009] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc59f6c3c0) = 0 [pid 5009] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc59f6b3b0) = 8 [pid 5009] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc59f6c3c0) = 0 [pid 5009] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc59f6b3b0) = 8 [pid 5009] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc59f6c3c0) = 0 [pid 5009] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5009] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 142.632396][ T4675] usb 1-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice=94.b2 [ 142.641718][ T4675] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.650052][ T4675] usb 1-1: Product: syz [ 142.654531][ T4675] usb 1-1: Manufacturer: syz [ 142.659307][ T4675] usb 1-1: SerialNumber: syz [ 142.667806][ T4675] usb 1-1: config 0 descriptor?? [pid 5009] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc59f6b3b0) = 0 [ 142.725072][ T4675] ===================================================== [ 142.732362][ T4675] BUG: KMSAN: uninit-value in kalmia_send_init_packet+0x56f/0x5f0 [ 142.740329][ T4675] kalmia_send_init_packet+0x56f/0x5f0 [ 142.746053][ T4675] kalmia_bind+0x2fd/0x5a0 [ 142.750632][ T4675] usbnet_probe+0xf8e/0x3de0 [ 142.755478][ T4675] usb_probe_interface+0xc4b/0x11f0 [ 142.760803][ T4675] really_probe+0x506/0x1000 [ 142.765687][ T4675] __driver_probe_device+0x2fa/0x3d0 [ 142.771129][ T4675] driver_probe_device+0x72/0x7a0 [ 142.776374][ T4675] __device_attach_driver+0x548/0x8e0 [ 142.782029][ T4675] bus_for_each_drv+0x1fc/0x360 [ 142.787016][ T4675] __device_attach+0x42a/0x720 [ 142.791984][ T4675] device_initial_probe+0x2e/0x40 [ 142.797180][ T4675] bus_probe_device+0x13c/0x3b0 [ 142.802308][ T4675] device_add+0x1d4b/0x26c0 [ 142.806943][ T4675] usb_set_configuration+0x3157/0x3860 [ 142.812681][ T4675] usb_generic_driver_probe+0x105/0x290 [ 142.818376][ T4675] usb_probe_device+0x288/0x490 [ 142.823514][ T4675] really_probe+0x506/0x1000 [ 142.828277][ T4675] __driver_probe_device+0x2fa/0x3d0 [ 142.833792][ T4675] driver_probe_device+0x72/0x7a0 [ 142.838984][ T4675] __device_attach_driver+0x548/0x8e0 [ 142.844644][ T4675] bus_for_each_drv+0x1fc/0x360 [ 142.849646][ T4675] __device_attach+0x42a/0x720 [ 142.854685][ T4675] device_initial_probe+0x2e/0x40 [ 142.859871][ T4675] bus_probe_device+0x13c/0x3b0 [ 142.864949][ T4675] device_add+0x1d4b/0x26c0 [ 142.869564][ T4675] usb_new_device+0x17ac/0x2370 [ 142.874613][ T4675] hub_event+0x56f3/0x7660 [ 142.879174][ T4675] process_one_work+0xb27/0x13e0 [ 142.884349][ T4675] worker_thread+0x1076/0x1d60 [ 142.889272][ T4675] kthread+0x31b/0x430 [ 142.893576][ T4675] ret_from_fork+0x1f/0x30 [ 142.898141][ T4675] [ 142.900518][ T4675] Local variable act_len created at: [ 142.906008][ T4675] kalmia_send_init_packet+0x4e/0x5f0 [ 142.911545][ T4675] kalmia_bind+0x2fd/0x5a0 [ 142.916238][ T4675] [pid 5009] exit_group(0) = ? [pid 5009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5009, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573075d0) = 5011 [ 142.918632][ T4675] CPU: 1 PID: 4675 Comm: kworker/1:3 Not tainted 6.2.0-rc5-syzkaller-80200-g41c66f470616 #0 [ 142.928962][ T4675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 142.939199][ T4675] Workqueue: usb_hub_wq hub_event [ 142.944498][ T4675] ===================================================== [ 142.951504][ T4675] Disabling lock debugging due to kernel taint [ 142.957796][ T4675] Kernel panic - not syncing: kmsan.panic set ... [ 142.964298][ T4675] CPU: 1 PID: 4675 Comm: kworker/1:3 Tainted: G B 6.2.0-rc5-syzkaller-80200-g41c66f470616 #0 ./strace-static-x86_64: Process 5011 attached [pid 5011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5011] setpgid(0, 0) = 0 [pid 5011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5011] write(3, "1000", 4) = 4 [pid 5011] close(3) = 0 [pid 5011] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5011] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc59f6c3c0) = 0 [pid 5011] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5011] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc59f6c3c0) = 0 [ 142.975982][ T4675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 142.986760][ T4675] Workqueue: usb_hub_wq hub_event [ 142.991939][ T4675] Call Trace: [ 142.995299][ T4675] [ 142.998309][ T4675] dump_stack_lvl+0x1c8/0x260 [ 143.003163][ T4675] dump_stack+0x1a/0x20 [ 143.007457][ T4675] panic+0x4d3/0xc70 [ 143.011531][ T4675] ? add_taint+0x104/0x1a0 [ 143.016125][ T4675] kmsan_report+0x2cc/0x2d0 [ 143.020777][ T4675] ? device_add+0x1d4b/0x26c0 [ 143.025598][ T4675] ? really_probe+0x506/0x1000 [ 143.030535][ T4675] ? __driver_probe_device+0x2fa/0x3d0 [ 143.036168][ T4675] ? driver_probe_device+0x72/0x7a0 [ 143.041526][ T4675] ? __device_attach_driver+0x548/0x8e0 [ 143.047244][ T4675] ? bus_for_each_drv+0x1fc/0x360 [ 143.052428][ T4675] ? __msan_warning+0x92/0x110 [ 143.057322][ T4675] ? kalmia_send_init_packet+0x56f/0x5f0 [ 143.063127][ T4675] ? kalmia_bind+0x2fd/0x5a0 [ 143.067877][ T4675] ? usbnet_probe+0xf8e/0x3de0 [ 143.072794][ T4675] ? usb_probe_interface+0xc4b/0x11f0 [ 143.078299][ T4675] ? really_probe+0x506/0x1000 [ 143.083223][ T4675] ? __driver_probe_device+0x2fa/0x3d0 [ 143.088846][ T4675] ? driver_probe_device+0x72/0x7a0 [ 143.094213][ T4675] ? __device_attach_driver+0x548/0x8e0 [ 143.099927][ T4675] ? bus_for_each_drv+0x1fc/0x360 [ 143.105105][ T4675] ? __device_attach+0x42a/0x720 [ 143.110202][ T4675] ? device_initial_probe+0x2e/0x40 [ 143.115566][ T4675] ? bus_probe_device+0x13c/0x3b0 [ 143.120751][ T4675] ? device_add+0x1d4b/0x26c0 [ 143.125560][ T4675] ? usb_set_configuration+0x3157/0x3860 [ 143.131379][ T4675] ? usb_generic_driver_probe+0x105/0x290 [ 143.137271][ T4675] ? usb_probe_device+0x288/0x490 [ 143.142473][ T4675] ? really_probe+0x506/0x1000 [ 143.147404][ T4675] ? __driver_probe_device+0x2fa/0x3d0 [ 143.153030][ T4675] ? driver_probe_device+0x72/0x7a0 [ 143.158397][ T4675] ? __device_attach_driver+0x548/0x8e0 [ 143.164113][ T4675] ? bus_for_each_drv+0x1fc/0x360 [ 143.169284][ T4675] ? __device_attach+0x42a/0x720 [ 143.174384][ T4675] ? device_initial_probe+0x2e/0x40 [ 143.179725][ T4675] ? bus_probe_device+0x13c/0x3b0 [ 143.184852][ T4675] ? device_add+0x1d4b/0x26c0 [ 143.189664][ T4675] ? usb_new_device+0x17ac/0x2370 [ 143.194811][ T4675] ? hub_event+0x56f3/0x7660 [ 143.199481][ T4675] ? process_one_work+0xb27/0x13e0 [ 143.204754][ T4675] ? worker_thread+0x1076/0x1d60 [ 143.209852][ T4675] ? kthread+0x31b/0x430 [ 143.214224][ T4675] ? ret_from_fork+0x1f/0x30 [ 143.218953][ T4675] ? preempt_count_sub+0x7d/0x280 [ 143.224103][ T4675] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.230068][ T4675] ? usb_bulk_msg+0x10a/0x750 [ 143.234892][ T4675] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.240787][ T4675] __msan_warning+0x92/0x110 [ 143.245454][ T4675] kalmia_send_init_packet+0x56f/0x5f0 [ 143.251047][ T4675] ? __msan_memcpy+0x104/0x1b0 [ 143.255909][ T4675] kalmia_bind+0x2fd/0x5a0 [ 143.260490][ T4675] ? tx_complete+0x480/0x480 [ 143.265175][ T4675] ? tx_complete+0x480/0x480 [ 143.269875][ T4675] usbnet_probe+0xf8e/0x3de0 [ 143.274634][ T4675] ? usbnet_disconnect+0x7b0/0x7b0 [ 143.279858][ T4675] usb_probe_interface+0xc4b/0x11f0 [ 143.285217][ T4675] ? usb_register_driver+0x5f0/0x5f0 [ 143.290664][ T4675] really_probe+0x506/0x1000 [ 143.295372][ T4675] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 143.301637][ T4675] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.307603][ T4675] __driver_probe_device+0x2fa/0x3d0 [ 143.313073][ T4675] driver_probe_device+0x72/0x7a0 [ 143.318249][ T4675] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.324146][ T4675] __device_attach_driver+0x548/0x8e0 [ 143.329650][ T4675] bus_for_each_drv+0x1fc/0x360 [ 143.334619][ T4675] ? coredump_store+0xa0/0xa0 [ 143.339476][ T4675] __device_attach+0x42a/0x720 [ 143.344375][ T4675] device_initial_probe+0x2e/0x40 [ 143.349546][ T4675] bus_probe_device+0x13c/0x3b0 [ 143.354519][ T4675] device_add+0x1d4b/0x26c0 [ 143.359157][ T4675] usb_set_configuration+0x3157/0x3860 [ 143.364757][ T4675] ? usb_set_configuration+0x8a1/0x3860 [ 143.370464][ T4675] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.376462][ T4675] usb_generic_driver_probe+0x105/0x290 [ 143.382181][ T4675] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.388135][ T4675] ? usb_choose_configuration+0xdc0/0xdc0 [ 143.394029][ T4675] ? usb_choose_configuration+0xdc0/0xdc0 [ 143.399918][ T4675] usb_probe_device+0x288/0x490 [ 143.404933][ T4675] ? usb_register_device_driver+0x440/0x440 [ 143.410938][ T4675] really_probe+0x506/0x1000 [ 143.415645][ T4675] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 143.421917][ T4675] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.427878][ T4675] __driver_probe_device+0x2fa/0x3d0 [ 143.433345][ T4675] driver_probe_device+0x72/0x7a0 [ 143.438522][ T4675] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.444420][ T4675] __device_attach_driver+0x548/0x8e0 [ 143.449926][ T4675] bus_for_each_drv+0x1fc/0x360 [ 143.454899][ T4675] ? coredump_store+0xa0/0xa0 [ 143.459721][ T4675] __device_attach+0x42a/0x720 [ 143.464642][ T4675] device_initial_probe+0x2e/0x40 [ 143.469783][ T4675] bus_probe_device+0x13c/0x3b0 [ 143.474756][ T4675] device_add+0x1d4b/0x26c0 [ 143.479418][ T4675] usb_new_device+0x17ac/0x2370 [ 143.484411][ T4675] hub_event+0x56f3/0x7660 [ 143.489052][ T4675] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.495004][ T4675] ? led_work+0x730/0x730 [ 143.499427][ T4675] ? led_work+0x730/0x730 [ 143.503846][ T4675] process_one_work+0xb27/0x13e0 [ 143.508954][ T4675] worker_thread+0x1076/0x1d60 [ 143.513841][ T4675] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.519803][ T4675] ? __kthread_parkme+0xc0/0x1b0 [ 143.524866][ T4675] kthread+0x31b/0x430 [ 143.529017][ T4675] ? worker_clr_flags+0x2b0/0x2b0 [ 143.534181][ T4675] ? kthread_blkcg+0x120/0x120 [ 143.539076][ T4675] ret_from_fork+0x1f/0x30 [ 143.543599][ T4675] [ 143.546865][ T4675] Kernel Offset: disabled [ 143.551245][ T4675] Rebooting in 86400 seconds..