./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1903688448 <...> DUID 00:04:b1:ab:2f:56:84:67:19:04:89:9f:a5:d5:fb:d8:0b:17 forked to background, child pid 4606 [ 99.951790][ T4607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.982495][ T4607] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 105.393631][ T39] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.91' (ECDSA) to the list of known hosts. execve("./syz-executor1903688448", ["./syz-executor1903688448"], 0x7fff020c7710 /* 10 vars */) = 0 brk(NULL) = 0x555556895000 brk(0x555556895c40) = 0x555556895c40 arch_prctl(ARCH_SET_FS, 0x555556895300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1903688448", 4096) = 28 brk(0x5555568b6c40) = 0x5555568b6c40 brk(0x5555568b7000) = 0x5555568b7000 mprotect(0x7f94fa324000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4955 attached , child_tidptr=0x5555568955d0) = 4955 [pid 4955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4955] setpgid(0, 0) = 0 [pid 4955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4955] write(3, "1000", 4) = 4 [pid 4955] close(3) = 0 [pid 4955] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 4955] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe0ec7daa0) = 0 [pid 4955] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7daa0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7daa0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe0ec7ca90) = 18 [ 158.871882][ T4683] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7daa0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe0ec7ca90) = 18 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7daa0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe0ec7ca90) = 9 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7daa0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe0ec7ca90) = 36 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7daa0) = 0 [ 159.232136][ T4683] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 159.242292][ T4683] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe0ec7ca90) = 4 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7daa0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe0ec7ca90) = 8 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7daa0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe0ec7ca90) = 8 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7daa0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe0ec7ca90) = 8 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7daa0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 159.412245][ T4683] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 159.421617][ T4683] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.430064][ T4683] usb 1-1: Product: syz [ 159.434470][ T4683] usb 1-1: Manufacturer: syz [ 159.439225][ T4683] usb 1-1: SerialNumber: syz [ 159.447669][ T4683] usb 1-1: config 0 descriptor?? [pid 4955] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f94fa32a46c) = -1 EINVAL (Invalid argument) [pid 4955] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f94fa32a47c) = -1 EINVAL (Invalid argument) [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe0ec7ca90) = 0 [ 159.483624][ T4955] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 159.492520][ T4955] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7dac0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EP_DISABLE, 0) = -1 EINVAL (Invalid argument) [pid 4955] ioctl(3, USB_RAW_IOCTL_EP_DISABLE, 0) = -1 EINVAL (Invalid argument) [pid 4955] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f94fa32a46c) = -1 EINVAL (Invalid argument) [pid 4955] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f94fa32a47c) = -1 EINVAL (Invalid argument) [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe0ec7cab0) = 0 [ 159.723026][ T4955] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 159.733335][ T4955] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7dac0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe0ec7cab0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7dac0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe0ec7cab0) = 6 [ 160.192277][ T4683] dm9601: No valid MAC address in EEPROM, using f2:80:3c:69:ba:c1 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7dac0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe0ec7cab0) = 6 [pid 4955] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7dac0) = 0 [pid 4955] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe0ec7cab0) = 1 [pid 4955] exit_group(0) = ? [pid 4955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4955, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568955d0) = 4958 ./strace-static-x86_64: Process 4958 attached [pid 4958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4958] setpgid(0, 0) = 0 [pid 4958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4958] write(3, "1000", 4) = 4 [pid 4958] close(3) = 0 [pid 4958] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 4958] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe0ec7daa0) = 0 [pid 4958] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe0ec7daa0) = 0 [ 160.972111][ T4683] ===================================================== [ 160.979250][ T4683] BUG: KMSAN: uninit-value in mii_nway_restart+0x11b/0x1e0 [ 160.986718][ T4683] mii_nway_restart+0x11b/0x1e0 [ 160.991825][ T4683] dm9601_bind+0xa10/0xb30 [ 160.996408][ T4683] usbnet_probe+0x1011/0x3f20 [ 161.001205][ T4683] usb_probe_interface+0xc75/0x1210 [ 161.006652][ T4683] really_probe+0x506/0xf40 [ 161.011328][ T4683] __driver_probe_device+0x2a7/0x5d0 [ 161.016923][ T4683] driver_probe_device+0x72/0x7b0 [ 161.022169][ T4683] __device_attach_driver+0x55a/0x8f0 [ 161.027677][ T4683] bus_for_each_drv+0x3ff/0x620 [ 161.032720][ T4683] __device_attach+0x3bd/0x640 [ 161.037631][ T4683] device_initial_probe+0x32/0x40 [ 161.042925][ T4683] bus_probe_device+0x3d8/0x5a0 [ 161.047939][ T4683] device_add+0x1b6a/0x24b0 [ 161.052720][ T4683] usb_set_configuration+0x31c9/0x38c0 [ 161.058378][ T4683] usb_generic_driver_probe+0x109/0x2a0 [ 161.064277][ T4683] usb_probe_device+0x290/0x4a0 [ 161.069269][ T4683] really_probe+0x506/0xf40 [ 161.074088][ T4683] __driver_probe_device+0x2a7/0x5d0 [ 161.079541][ T4683] driver_probe_device+0x72/0x7b0 [ 161.085096][ T4683] __device_attach_driver+0x55a/0x8f0 [ 161.090643][ T4683] bus_for_each_drv+0x3ff/0x620 [ 161.095758][ T4683] __device_attach+0x3bd/0x640 [ 161.100671][ T4683] device_initial_probe+0x32/0x40 [ 161.105949][ T4683] bus_probe_device+0x3d8/0x5a0 [ 161.110947][ T4683] device_add+0x1b6a/0x24b0 [ 161.115773][ T4683] usb_new_device+0x15f6/0x22f0 [ 161.120780][ T4683] hub_event+0x577b/0x78a0 [ 161.125522][ T4683] process_one_work+0xb0d/0x1410 [ 161.130610][ T4683] worker_thread+0x107e/0x1d60 [ 161.135668][ T4683] kthread+0x3e8/0x540 [ 161.139878][ T4683] ret_from_fork+0x1f/0x30 [ 161.144512][ T4683] [ 161.146898][ T4683] Local variable res created at: [ 161.152043][ T4683] dm9601_mdio_read+0x3d/0xd0 [ 161.156909][ T4683] mii_nway_restart+0x88/0x1e0 [ 161.162020][ T4683] [ 161.164402][ T4683] CPU: 1 PID: 4683 Comm: kworker/1:3 Not tainted 6.4.0-rc6-syzkaller-g7cccf3be6dcb #0 [ 161.174176][ T4683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 161.184416][ T4683] Workqueue: usb_hub_wq hub_event [ 161.189567][ T4683] ===================================================== [ 161.196788][ T4683] Disabling lock debugging due to kernel taint [ 161.203085][ T4683] Kernel panic - not syncing: kmsan.panic set ... [ 161.209553][ T4683] CPU: 1 PID: 4683 Comm: kworker/1:3 Tainted: G B 6.4.0-rc6-syzkaller-g7cccf3be6dcb #0 [ 161.220712][ T4683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 161.230847][ T4683] Workqueue: usb_hub_wq hub_event [ 161.236009][ T4683] Call Trace: [ 161.239352][ T4683] [ 161.242351][ T4683] dump_stack_lvl+0x1bf/0x240 [ 161.247187][ T4683] dump_stack+0x1e/0x20 [ 161.251484][ T4683] panic+0x4d5/0xc70 [ 161.255463][ T4683] ? add_taint+0x108/0x1a0 [ 161.260001][ T4683] kmsan_report+0x2d0/0x2d0 [ 161.264717][ T4683] ? __msan_warning+0x96/0x110 [ 161.269643][ T4683] ? mii_nway_restart+0x11b/0x1e0 [ 161.274820][ T4683] ? dm9601_bind+0xa10/0xb30 [ 161.279544][ T4683] ? usbnet_probe+0x1011/0x3f20 [ 161.284557][ T4683] ? usb_probe_interface+0xc75/0x1210 [ 161.290031][ T4683] ? really_probe+0x506/0xf40 [ 161.294812][ T4683] ? __driver_probe_device+0x2a7/0x5d0 [ 161.300417][ T4683] ? driver_probe_device+0x72/0x7b0 [ 161.305717][ T4683] ? __device_attach_driver+0x55a/0x8f0 [ 161.311364][ T4683] ? bus_for_each_drv+0x3ff/0x620 [ 161.316493][ T4683] ? __device_attach+0x3bd/0x640 [ 161.321576][ T4683] ? device_initial_probe+0x32/0x40 [ 161.326925][ T4683] ? bus_probe_device+0x3d8/0x5a0 [ 161.332059][ T4683] ? device_add+0x1b6a/0x24b0 [ 161.336899][ T4683] ? usb_set_configuration+0x31c9/0x38c0 [ 161.342655][ T4683] ? usb_generic_driver_probe+0x109/0x2a0 [ 161.348488][ T4683] ? usb_probe_device+0x290/0x4a0 [ 161.353593][ T4683] ? really_probe+0x506/0xf40 [ 161.358381][ T4683] ? __driver_probe_device+0x2a7/0x5d0 [ 161.364010][ T4683] ? driver_probe_device+0x72/0x7b0 [ 161.369361][ T4683] ? __device_attach_driver+0x55a/0x8f0 [ 161.375007][ T4683] ? bus_for_each_drv+0x3ff/0x620 [ 161.380140][ T4683] ? __device_attach+0x3bd/0x640 [ 161.385281][ T4683] ? device_initial_probe+0x32/0x40 [ 161.390640][ T4683] ? bus_probe_device+0x3d8/0x5a0 [ 161.395781][ T4683] ? device_add+0x1b6a/0x24b0 [ 161.400625][ T4683] ? usb_new_device+0x15f6/0x22f0 [ 161.405749][ T4683] ? hub_event+0x577b/0x78a0 [ 161.410431][ T4683] ? process_one_work+0xb0d/0x1410 [ 161.415676][ T4683] ? worker_thread+0x107e/0x1d60 [ 161.420721][ T4683] ? kthread+0x3e8/0x540 [ 161.425112][ T4683] ? ret_from_fork+0x1f/0x30 [ 161.429817][ T4683] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 161.436262][ T4683] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 161.442510][ T4683] ? mutex_unlock+0x28/0x50 [ 161.447146][ T4683] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 161.453138][ T4683] __msan_warning+0x96/0x110 [ 161.457895][ T4683] mii_nway_restart+0x11b/0x1e0 [ 161.462880][ T4683] dm9601_bind+0xa10/0xb30 [ 161.467477][ T4683] ? eem_linkcmd_complete+0x50/0x50 [ 161.472812][ T4683] usbnet_probe+0x1011/0x3f20 [ 161.477662][ T4683] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 161.483881][ T4683] ? usbnet_disconnect+0x7c0/0x7c0 [ 161.489154][ T4683] usb_probe_interface+0xc75/0x1210 [ 161.494450][ T4683] ? usb_register_driver+0x600/0x600 [ 161.499840][ T4683] really_probe+0x506/0xf40 [ 161.504491][ T4683] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 161.510699][ T4683] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 161.516718][ T4683] __driver_probe_device+0x2a7/0x5d0 [ 161.522182][ T4683] driver_probe_device+0x72/0x7b0 [ 161.527318][ T4683] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 161.533254][ T4683] __device_attach_driver+0x55a/0x8f0 [ 161.538743][ T4683] bus_for_each_drv+0x3ff/0x620 [ 161.543708][ T4683] ? coredump_store+0xa0/0xa0 [ 161.548546][ T4683] __device_attach+0x3bd/0x640 [ 161.553445][ T4683] device_initial_probe+0x32/0x40 [ 161.558621][ T4683] bus_probe_device+0x3d8/0x5a0 [ 161.563590][ T4683] device_add+0x1b6a/0x24b0 [ 161.568273][ T4683] usb_set_configuration+0x31c9/0x38c0 [ 161.573859][ T4683] ? usb_set_configuration+0x921/0x38c0 [ 161.579549][ T4683] usb_generic_driver_probe+0x109/0x2a0 [ 161.585213][ T4683] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 161.591140][ T4683] ? usb_choose_configuration+0xde0/0xde0 [ 161.596979][ T4683] ? usb_choose_configuration+0xde0/0xde0 [ 161.602815][ T4683] usb_probe_device+0x290/0x4a0 [ 161.607772][ T4683] ? usb_register_device_driver+0x450/0x450 [ 161.613826][ T4683] really_probe+0x506/0xf40 [ 161.618479][ T4683] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 161.624685][ T4683] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 161.630693][ T4683] __driver_probe_device+0x2a7/0x5d0 [ 161.636166][ T4683] driver_probe_device+0x72/0x7b0 [ 161.641342][ T4683] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 161.647271][ T4683] __device_attach_driver+0x55a/0x8f0 [ 161.652755][ T4683] bus_for_each_drv+0x3ff/0x620 [ 161.657710][ T4683] ? coredump_store+0xa0/0xa0 [ 161.662541][ T4683] __device_attach+0x3bd/0x640 [ 161.667439][ T4683] device_initial_probe+0x32/0x40 [ 161.672612][ T4683] bus_probe_device+0x3d8/0x5a0 [ 161.677582][ T4683] device_add+0x1b6a/0x24b0 [ 161.682231][ T4683] usb_new_device+0x15f6/0x22f0 [ 161.687217][ T4683] hub_event+0x577b/0x78a0 [ 161.691770][ T4683] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 161.697721][ T4683] ? led_work+0x740/0x740 [ 161.702210][ T4683] ? led_work+0x740/0x740 [ 161.706680][ T4683] process_one_work+0xb0d/0x1410 [ 161.711744][ T4683] worker_thread+0x107e/0x1d60 [ 161.716664][ T4683] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 161.722673][ T4683] ? __kthread_parkme+0xe0/0x1e0 [ 161.727787][ T4683] kthread+0x3e8/0x540 [ 161.732025][ T4683] ? pr_cont_work+0xce0/0xce0 [ 161.736846][ T4683] ? kthread_blkcg+0x120/0x120 [ 161.741782][ T4683] ret_from_fork+0x1f/0x30 [ 161.746374][ T4683] [ 161.749650][ T4683] Kernel Offset: disabled [ 161.754034][ T4683] Rebooting in 86400 seconds..