./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor580351430 <...> Warning: Permanently added '10.128.0.162' (ED25519) to the list of known hosts. execve("./syz-executor580351430", ["./syz-executor580351430"], 0x7ffc8ee02260 /* 10 vars */) = 0 brk(NULL) = 0x55555612b000 brk(0x55555612bd00) = 0x55555612bd00 arch_prctl(ARCH_SET_FS, 0x55555612b380) = 0 set_tid_address(0x55555612b650) = 5007 set_robust_list(0x55555612b660, 24) = 0 rseq(0x55555612bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor580351430", 4096) = 27 getrandom("\x79\xbb\xc4\x2a\x7b\xc9\xa7\x2a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555612bd00 brk(0x55555614cd00) = 0x55555614cd00 brk(0x55555614d000) = 0x55555614d000 mprotect(0x7fd26dd0f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612b650) = 5008 ./strace-static-x86_64: Process 5008 attached [pid 5008] set_robust_list(0x55555612b660, 24) = 0 [pid 5008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5008] setpgid(0, 0) = 0 [pid 5008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5008] write(3, "1000", 4) = 4 [pid 5008] close(3) = 0 [pid 5008] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5008] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe37393e10) = 0 [pid 5008] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe37392e00) = 18 [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [ 144.189249][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [ 144.429086][ T10] usb 1-1: Using ep0 maxpacket: 32 [pid 5008] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe37392e00) = 18 [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe37392e00) = 9 [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe37392e00) = 18 [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe37392e00) = 4 [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe37392e00) = 8 [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe37392e00) = 8 [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe37392e00) = 8 [pid 5008] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5008] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 144.709527][ T10] usb 1-1: New USB device found, idVendor=5032, idProduct=0bb9, bcdDevice=b1.1e [ 144.718865][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.727317][ T10] usb 1-1: Product: syz [ 144.731844][ T10] usb 1-1: Manufacturer: syz [ 144.736651][ T10] usb 1-1: SerialNumber: syz [ 144.745590][ T10] usb 1-1: config 0 descriptor?? [pid 5008] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe37392e00) = 0 [ 144.796246][ T10] dvb-usb: found a 'Grandtec USB1.1 DVB-T' in warm state. [ 144.803689][ T10] dvb-usb: bulk message failed: -22 (3/0) [ 144.845598][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 144.870803][ T10] dvbdev: DVB: registering new adapter (Grandtec USB1.1 DVB-T) [ 144.878599][ T10] usb 1-1: media controller created [ 144.923550][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [pid 5008] exit_group(0) = ? [ 144.973546][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 144.979703][ T10] ===================================================== [ 144.986858][ T10] BUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 [ 144.994338][ T10] dib3000mb_attach+0x2d8/0x3c0 [ 144.999419][ T10] dibusb_dib3000mb_frontend_attach+0x151/0x2e0 [ 145.005851][ T10] dvb_usb_adapter_frontend_init+0xea/0x990 [ 145.012076][ T10] dvb_usb_device_init+0x259a/0x3740 [ 145.017558][ T10] dibusb_probe+0x46/0x250 [pid 5008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5008, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612b650) = 5011 [ 145.022205][ T10] usb_probe_interface+0xc75/0x1210 [ 145.027571][ T10] really_probe+0x506/0xf40 [ 145.032349][ T10] __driver_probe_device+0x2a7/0x5d0 [ 145.037811][ T10] driver_probe_device+0x72/0x7b0 [ 145.043060][ T10] __device_attach_driver+0x55a/0x8f0 [ 145.048606][ T10] bus_for_each_drv+0x3ff/0x620 [ 145.053892][ T10] __device_attach+0x3bd/0x640 [ 145.058811][ T10] device_initial_probe+0x32/0x40 [ 145.064069][ T10] bus_probe_device+0x3d8/0x5a0 [ 145.069180][ T10] device_add+0x1700/0x1f20 ./strace-static-x86_64: Process 5011 attached [pid 5011] set_robust_list(0x55555612b660, 24) = 0 [pid 5011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5011] setpgid(0, 0) = 0 [pid 5011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5011] write(3, "1000", 4) = 4 [pid 5011] close(3) = 0 [ 145.073860][ T10] usb_set_configuration+0x31c9/0x38c0 [ 145.079745][ T10] usb_generic_driver_probe+0x109/0x2a0 [ 145.085451][ T10] usb_probe_device+0x290/0x4a0 [ 145.090523][ T10] really_probe+0x506/0xf40 [ 145.095184][ T10] __driver_probe_device+0x2a7/0x5d0 [ 145.100767][ T10] driver_probe_device+0x72/0x7b0 [ 145.105954][ T10] __device_attach_driver+0x55a/0x8f0 [ 145.111702][ T10] bus_for_each_drv+0x3ff/0x620 [ 145.116764][ T10] __device_attach+0x3bd/0x640 [pid 5011] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5011] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe37393e10) = 0 [pid 5011] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [ 145.121815][ T10] device_initial_probe+0x32/0x40 [ 145.127004][ T10] bus_probe_device+0x3d8/0x5a0 [ 145.132138][ T10] device_add+0x1700/0x1f20 [ 145.136819][ T10] usb_new_device+0x15fc/0x23e0 [ 145.142037][ T10] hub_event+0x53bc/0x7290 [ 145.146630][ T10] process_scheduled_works+0x104e/0x1e70 [ 145.152514][ T10] worker_thread+0xf45/0x1490 [ 145.157347][ T10] kthread+0x3ed/0x540 [ 145.161680][ T10] ret_from_fork+0x66/0x80 [ 145.166287][ T10] ret_from_fork_asm+0x11/0x20 [ 145.171352][ T10] [pid 5011] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe37393e10) = 0 [ 145.173761][ T10] Local variable rb created at: [ 145.178699][ T10] dib3000_read_reg+0x86/0x4e0 [ 145.183683][ T10] dib3000mb_attach+0x123/0x3c0 [ 145.188692][ T10] [ 145.191176][ T10] CPU: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 [ 145.200942][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 145.211213][ T10] Workqueue: usb_hub_wq hub_event [ 145.216416][ T10] ===================================================== [ 145.223546][ T10] Disabling lock debugging due to kernel taint [ 145.229876][ T10] Kernel panic - not syncing: kmsan.panic set ... [ 145.236344][ T10] CPU: 0 PID: 10 Comm: kworker/0:1 Tainted: G B 6.7.0-syzkaller-00562-g9f8413c4a66f #0 [ 145.247452][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 145.257581][ T10] Workqueue: usb_hub_wq hub_event [ 145.262727][ T10] Call Trace: [ 145.266084][ T10] [ 145.269084][ T10] dump_stack_lvl+0x1bf/0x240 [ 145.273981][ T10] dump_stack+0x1e/0x20 [ 145.278320][ T10] panic+0x4de/0xc90 [ 145.282387][ T10] ? add_taint+0x108/0x1a0 [ 145.286967][ T10] kmsan_report+0x2d0/0x2d0 [ 145.291683][ T10] ? dibusb_i2c_xfer+0xe29/0xf30 [ 145.296773][ T10] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 145.303129][ T10] ? __msan_warning+0x96/0x110 [ 145.308001][ T10] ? dib3000mb_attach+0x2d8/0x3c0 [ 145.313135][ T10] ? dibusb_dib3000mb_frontend_attach+0x151/0x2e0 [ 145.319744][ T10] ? dvb_usb_adapter_frontend_init+0xea/0x990 [ 145.326027][ T10] ? dvb_usb_device_init+0x259a/0x3740 [ 145.331673][ T10] ? dibusb_probe+0x46/0x250 [ 145.336370][ T10] ? usb_probe_interface+0xc75/0x1210 [ 145.341892][ T10] ? really_probe+0x506/0xf40 [ 145.346664][ T10] ? __driver_probe_device+0x2a7/0x5d0 [ 145.352237][ T10] ? driver_probe_device+0x72/0x7b0 [ 145.357578][ T10] ? __device_attach_driver+0x55a/0x8f0 [ 145.363243][ T10] ? bus_for_each_drv+0x3ff/0x620 [ 145.368396][ T10] ? __device_attach+0x3bd/0x640 [ 145.373446][ T10] ? device_initial_probe+0x32/0x40 [ 145.378790][ T10] ? bus_probe_device+0x3d8/0x5a0 [ 145.383953][ T10] ? device_add+0x1700/0x1f20 [ 145.388809][ T10] ? usb_set_configuration+0x31c9/0x38c0 [ 145.394594][ T10] ? usb_generic_driver_probe+0x109/0x2a0 [ 145.400433][ T10] ? usb_probe_device+0x290/0x4a0 [ 145.405610][ T10] ? really_probe+0x506/0xf40 [ 145.410375][ T10] ? __driver_probe_device+0x2a7/0x5d0 [ 145.415947][ T10] ? driver_probe_device+0x72/0x7b0 [ 145.421293][ T10] ? __device_attach_driver+0x55a/0x8f0 [ 145.426939][ T10] ? bus_for_each_drv+0x3ff/0x620 [ 145.432102][ T10] ? __device_attach+0x3bd/0x640 [ 145.437194][ T10] ? device_initial_probe+0x32/0x40 [ 145.442533][ T10] ? bus_probe_device+0x3d8/0x5a0 [ 145.447705][ T10] ? device_add+0x1700/0x1f20 [ 145.452567][ T10] ? usb_new_device+0x15fc/0x23e0 [ 145.457716][ T10] ? hub_event+0x53bc/0x7290 [ 145.462433][ T10] ? process_scheduled_works+0x104e/0x1e70 [ 145.468428][ T10] ? worker_thread+0xf45/0x1490 [ 145.473385][ T10] ? kthread+0x3ed/0x540 [ 145.477813][ T10] ? ret_from_fork+0x66/0x80 [ 145.482591][ T10] ? ret_from_fork_asm+0x11/0x20 [ 145.487715][ T10] ? rt_mutex_unlock+0x29/0x50 [ 145.492569][ T10] ? i2c_adapter_unlock_bus+0x22/0x30 [ 145.498071][ T10] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 145.504092][ T10] ? dib3000_read_reg+0x32b/0x4e0 [ 145.509288][ T10] __msan_warning+0x96/0x110 [ 145.514016][ T10] dib3000mb_attach+0x2d8/0x3c0 [ 145.518976][ T10] ? as102_fe_ts_bus_ctrl+0x140/0x140 [ 145.524516][ T10] dibusb_dib3000mb_frontend_attach+0x151/0x2e0 [ 145.530877][ T10] ? dibusb_probe+0x250/0x250 [ 145.535644][ T10] dvb_usb_adapter_frontend_init+0xea/0x990 [ 145.541702][ T10] dvb_usb_device_init+0x259a/0x3740 [ 145.547190][ T10] dibusb_probe+0x46/0x250 [ 145.551774][ T10] ? a800_rc_query+0x430/0x430 [ 145.556699][ T10] usb_probe_interface+0xc75/0x1210 [ 145.562065][ T10] ? usb_register_driver+0x600/0x600 [ 145.567513][ T10] really_probe+0x506/0xf40 [ 145.572178][ T10] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 145.578453][ T10] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 145.584468][ T10] __driver_probe_device+0x2a7/0x5d0 [ 145.589912][ T10] driver_probe_device+0x72/0x7b0 [ 145.595038][ T10] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 145.601033][ T10] __device_attach_driver+0x55a/0x8f0 [ 145.606529][ T10] bus_for_each_drv+0x3ff/0x620 [ 145.611559][ T10] ? coredump_store+0xa0/0xa0 [ 145.616330][ T10] __device_attach+0x3bd/0x640 [ 145.621212][ T10] device_initial_probe+0x32/0x40 [ 145.626401][ T10] bus_probe_device+0x3d8/0x5a0 [ 145.631411][ T10] device_add+0x1700/0x1f20 [ 145.636056][ T10] usb_set_configuration+0x31c9/0x38c0 [ 145.641672][ T10] ? usb_set_configuration+0x8d1/0x38c0 [ 145.647376][ T10] usb_generic_driver_probe+0x109/0x2a0 [ 145.653062][ T10] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 145.659011][ T10] ? usb_choose_configuration+0xde0/0xde0 [ 145.664868][ T10] ? usb_choose_configuration+0xde0/0xde0 [ 145.670731][ T10] usb_probe_device+0x290/0x4a0 [ 145.675724][ T10] ? usb_register_device_driver+0x450/0x450 [ 145.681806][ T10] really_probe+0x506/0xf40 [ 145.686470][ T10] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 145.692745][ T10] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 145.698775][ T10] __driver_probe_device+0x2a7/0x5d0 [ 145.704205][ T10] driver_probe_device+0x72/0x7b0 [ 145.709378][ T10] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 145.715331][ T10] __device_attach_driver+0x55a/0x8f0 [ 145.720837][ T10] bus_for_each_drv+0x3ff/0x620 [ 145.725888][ T10] ? coredump_store+0xa0/0xa0 [ 145.730764][ T10] __device_attach+0x3bd/0x640 [ 145.735642][ T10] device_initial_probe+0x32/0x40 [ 145.740833][ T10] bus_probe_device+0x3d8/0x5a0 [ 145.745884][ T10] device_add+0x1700/0x1f20 [ 145.750515][ T10] usb_new_device+0x15fc/0x23e0 [ 145.755519][ T10] hub_event+0x53bc/0x7290 [ 145.760181][ T10] ? led_work+0x740/0x740 [ 145.764694][ T10] process_scheduled_works+0x104e/0x1e70 [ 145.770504][ T10] worker_thread+0xf45/0x1490 [ 145.775367][ T10] kthread+0x3ed/0x540 [ 145.779617][ T10] ? pr_cont_work+0xce0/0xce0 [ 145.784437][ T10] ? kthread_blkcg+0x120/0x120 [ 145.789307][ T10] ret_from_fork+0x66/0x80 [ 145.793825][ T10] ? kthread_blkcg+0x120/0x120 [ 145.798778][ T10] ret_from_fork_asm+0x11/0x20 [ 145.803731][ T10] [ 145.806953][ T10] Kernel Offset: disabled [ 145.811318][ T10] Rebooting in 86400 seconds..