./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor84527880 <...> Warning: Permanently added '10.128.0.112' (ECDSA) to the list of known hosts. execve("./syz-executor84527880", ["./syz-executor84527880"], 0x7ffeaca7a270 /* 10 vars */) = 0 brk(NULL) = 0x555555ff8000 brk(0x555555ff8c40) = 0x555555ff8c40 arch_prctl(ARCH_SET_FS, 0x555555ff8300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor84527880", 4096) = 26 brk(0x555556019c40) = 0x555556019c40 brk(0x55555601a000) = 0x55555601a000 mprotect(0x7fbdfcdb6000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ff85d0) = 3500 ./strace-static-x86_64: Process 3500 attached [pid 3500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3500] setpgid(0, 0) = 0 [pid 3500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3500] write(3, "1000", 4) = 4 [pid 3500] close(3) = 0 [pid 3500] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3500] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe8f040950) = 0 [pid 3500] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe8f040950) = 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe8f040950) = 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe8f03f940) = 18 [ 141.452016][ T28] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe8f040950) = 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe8f03f940) = 18 [ 141.701961][ T28] usb 1-1: Using ep0 maxpacket: 32 [pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe8f040950) = 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe8f03f940) = 9 [pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe8f040950) = 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe8f03f940) = 27 [pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe8f040950) = 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe8f03f940) = 4 [ 141.822326][ T28] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe8f040950) = 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe8f03f940) = 8 [pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe8f040950) = 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe8f03f940) = 8 [pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe8f040950) = 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe8f03f940) = 8 [pid 3500] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe8f040950) = 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3500] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fbdfcdbc46c) = -1 EINVAL (Invalid argument) [ 142.032301][ T28] usb 1-1: New USB device found, idVendor=10b8, idProduct=0bb9, bcdDevice=25.f3 [ 142.042505][ T28] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.050654][ T28] usb 1-1: Product: syz [ 142.055042][ T28] usb 1-1: Manufacturer: syz [ 142.059804][ T28] usb 1-1: SerialNumber: syz [ 142.068682][ T28] usb 1-1: config 0 descriptor?? [pid 3500] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe8f03f940) = 0 [ 142.118722][ T28] dvb-usb: found a 'DiBcom USB1.1 DVB-T reference design (MOD3000)' in warm state. [ 142.128375][ T28] dvb-usb: bulk message failed: -22 (3/0) [ 142.167473][ T28] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 142.193518][ T28] dvbdev: DVB: registering new adapter (DiBcom USB1.1 DVB-T reference design (MOD3000)) [ 142.203528][ T28] usb 1-1: media controller created [ 142.239698][ T28] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [pid 3500] exit_group(0) = ? [ 142.281143][ T28] dvb-usb: bulk message failed: -22 (6/0) [ 142.287249][ T28] ===================================================== [ 142.294602][ T28] BUG: KMSAN: uninit-value in dib3000mb_attach+0x2d1/0x3c0 [ 142.302029][ T28] dib3000mb_attach+0x2d1/0x3c0 [ 142.307043][ T28] dibusb_dib3000mb_frontend_attach+0x15a/0x300 [ 142.313623][ T28] dvb_usb_adapter_frontend_init+0xe6/0x990 [ 142.321383][ T28] dvb_usb_device_init+0x2655/0x3680 [ 142.326950][ T28] dibusb_probe+0x42/0x250 [pid 3500] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3500, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ff85d0) = 3503 [ 142.331524][ T28] usb_probe_interface+0xc4b/0x11f0 [ 142.336958][ T28] really_probe+0x506/0x1000 [ 142.341719][ T28] __driver_probe_device+0x2fa/0x3d0 [ 142.347285][ T28] driver_probe_device+0x72/0x7a0 [ 142.355734][ T28] __device_attach_driver+0x548/0x8e0 [ 142.362217][ T28] bus_for_each_drv+0x1fc/0x360 [ 142.368040][ T28] __device_attach+0x42a/0x720 [ 142.373117][ T28] device_initial_probe+0x2e/0x40 ./strace-static-x86_64: Process 3503 attached [pid 3503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 142.378317][ T28] bus_probe_device+0x13c/0x3b0 [ 142.383437][ T28] device_add+0x1d4b/0x26c0 [ 142.388074][ T28] usb_set_configuration+0x30f8/0x37e0 [ 142.393825][ T28] usb_generic_driver_probe+0x105/0x290 [ 142.399532][ T28] usb_probe_device+0x288/0x490 [ 142.404630][ T28] really_probe+0x506/0x1000 [ 142.409605][ T28] __driver_probe_device+0x2fa/0x3d0 [ 142.415139][ T28] driver_probe_device+0x72/0x7a0 [ 142.420361][ T28] __device_attach_driver+0x548/0x8e0 [ 142.426741][ T28] bus_for_each_drv+0x1fc/0x360 [pid 3503] setpgid(0, 0) = 0 [pid 3503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3503] write(3, "1000", 4) = 4 [pid 3503] close(3) = 0 [pid 3503] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3503] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe8f040950) = 0 [pid 3503] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [ 142.431872][ T28] __device_attach+0x42a/0x720 [ 142.436826][ T28] device_initial_probe+0x2e/0x40 [ 142.442112][ T28] bus_probe_device+0x13c/0x3b0 [ 142.447181][ T28] device_add+0x1d4b/0x26c0 [ 142.451895][ T28] usb_new_device+0x17ac/0x2370 [ 142.456954][ T28] hub_event+0x5571/0x8070 [ 142.461586][ T28] process_one_work+0xb27/0x13e0 [ 142.466868][ T28] worker_thread+0x1076/0x1d60 [ 142.471890][ T28] kthread+0x31b/0x430 [ 142.476095][ T28] ret_from_fork+0x1f/0x30 [pid 3503] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe8f040950) = 0 [ 142.480766][ T28] [ 142.483257][ T28] Local variable rb created at: [ 142.488279][ T28] dib3000_read_reg+0x94/0x510 [ 142.493266][ T28] dib3000mb_attach+0x11c/0x3c0 [ 142.498274][ T28] [ 142.500667][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Not tainted 6.1.0-rc7-syzkaller-63931-g49a9a20768f5 #0 [ 142.510744][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 142.521014][ T28] Workqueue: usb_hub_wq hub_event [ 142.526378][ T28] ===================================================== [ 142.533424][ T28] Disabling lock debugging due to kernel taint [ 142.539813][ T28] Kernel panic - not syncing: kmsan.panic set ... [ 142.546344][ T28] CPU: 1 PID: 28 Comm: kworker/1:1 Tainted: G B 6.1.0-rc7-syzkaller-63931-g49a9a20768f5 #0 [ 142.557824][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 142.567995][ T28] Workqueue: usb_hub_wq hub_event [ 142.573162][ T28] Call Trace: [ 142.576517][ T28] [ 142.579514][ T28] dump_stack_lvl+0x1c8/0x256 [ 142.584342][ T28] dump_stack+0x1a/0x1f [ 142.588651][ T28] panic+0x4d3/0xc64 [ 142.592741][ T28] ? add_taint+0x104/0x1a0 [ 142.597313][ T28] kmsan_report+0x2ca/0x2d0 [ 142.601953][ T28] ? __msan_warning+0x92/0x110 [ 142.606876][ T28] ? dib3000mb_attach+0x2d1/0x3c0 [ 142.612090][ T28] ? dibusb_dib3000mb_frontend_attach+0x15a/0x300 [ 142.618702][ T28] ? dvb_usb_adapter_frontend_init+0xe6/0x990 [ 142.625004][ T28] ? dvb_usb_device_init+0x2655/0x3680 [ 142.630593][ T28] ? dibusb_probe+0x42/0x250 [ 142.635290][ T28] ? usb_probe_interface+0xc4b/0x11f0 [ 142.640794][ T28] ? really_probe+0x506/0x1000 [ 142.646225][ T28] ? __driver_probe_device+0x2fa/0x3d0 [ 142.652050][ T28] ? driver_probe_device+0x72/0x7a0 [ 142.657410][ T28] ? __device_attach_driver+0x548/0x8e0 [ 142.663089][ T28] ? bus_for_each_drv+0x1fc/0x360 [ 142.668237][ T28] ? __device_attach+0x42a/0x720 [ 142.673369][ T28] ? device_initial_probe+0x2e/0x40 [ 142.678681][ T28] ? bus_probe_device+0x13c/0x3b0 [ 142.683868][ T28] ? device_add+0x1d4b/0x26c0 [ 142.688686][ T28] ? usb_set_configuration+0x30f8/0x37e0 [ 142.694459][ T28] ? usb_generic_driver_probe+0x105/0x290 [ 142.700362][ T28] ? usb_probe_device+0x288/0x490 [ 142.705589][ T28] ? really_probe+0x506/0x1000 [ 142.710509][ T28] ? __driver_probe_device+0x2fa/0x3d0 [ 142.716092][ T28] ? driver_probe_device+0x72/0x7a0 [ 142.721484][ T28] ? __device_attach_driver+0x548/0x8e0 [ 142.727388][ T28] ? bus_for_each_drv+0x1fc/0x360 [ 142.732553][ T28] ? __device_attach+0x42a/0x720 [ 142.737602][ T28] ? device_initial_probe+0x2e/0x40 [ 142.742972][ T28] ? bus_probe_device+0x13c/0x3b0 [ 142.748132][ T28] ? device_add+0x1d4b/0x26c0 [ 142.752899][ T28] ? usb_new_device+0x17ac/0x2370 [ 142.758081][ T28] ? hub_event+0x5571/0x8070 [ 142.762789][ T28] ? process_one_work+0xb27/0x13e0 [ 142.768073][ T28] ? worker_thread+0x1076/0x1d60 [ 142.773148][ T28] ? kthread+0x31b/0x430 [ 142.777469][ T28] ? ret_from_fork+0x1f/0x30 [ 142.782171][ T28] ? rt_mutex_unlock+0x25/0x50 [ 142.787160][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 142.793078][ T28] ? dib3000_read_reg+0x33d/0x510 [ 142.798223][ T28] __msan_warning+0x92/0x110 [ 142.802960][ T28] dib3000mb_attach+0x2d1/0x3c0 [ 142.807921][ T28] ? as102_fe_ts_bus_ctrl+0x140/0x140 [ 142.813458][ T28] dibusb_dib3000mb_frontend_attach+0x15a/0x300 [ 142.819882][ T28] ? dibusb_probe+0x228/0x250 [ 142.824683][ T28] ? dibusb_probe+0x250/0x250 [ 142.829585][ T28] dvb_usb_adapter_frontend_init+0xe6/0x990 [ 142.835576][ T28] dvb_usb_device_init+0x2655/0x3680 [ 142.841017][ T28] dibusb_probe+0x42/0x250 [ 142.845549][ T28] ? a800_rc_query+0x420/0x420 [ 142.850421][ T28] usb_probe_interface+0xc4b/0x11f0 [ 142.855809][ T28] ? usb_register_driver+0x5f0/0x5f0 [ 142.861240][ T28] really_probe+0x506/0x1000 [ 142.865954][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 142.872200][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 142.878194][ T28] __driver_probe_device+0x2fa/0x3d0 [ 142.883616][ T28] driver_probe_device+0x72/0x7a0 [ 142.888838][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 142.894828][ T28] __device_attach_driver+0x548/0x8e0 [ 142.900390][ T28] bus_for_each_drv+0x1fc/0x360 [ 142.905379][ T28] ? coredump_store+0xa0/0xa0 [ 142.910187][ T28] __device_attach+0x42a/0x720 [ 142.915124][ T28] device_initial_probe+0x2e/0x40 [ 142.920273][ T28] bus_probe_device+0x13c/0x3b0 [ 142.925278][ T28] device_add+0x1d4b/0x26c0 [ 142.929896][ T28] usb_set_configuration+0x30f8/0x37e0 [ 142.935555][ T28] usb_generic_driver_probe+0x105/0x290 [ 142.941243][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 142.947190][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 142.953071][ T28] ? usb_choose_configuration+0xdc0/0xdc0 [ 142.958887][ T28] usb_probe_device+0x288/0x490 [ 142.963881][ T28] ? usb_register_device_driver+0x440/0x440 [ 142.969913][ T28] really_probe+0x506/0x1000 [ 142.974625][ T28] ? kmsan_internal_unpoison_memory+0x10/0x20 [ 142.980878][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 142.986867][ T28] __driver_probe_device+0x2fa/0x3d0 [ 142.992344][ T28] driver_probe_device+0x72/0x7a0 [ 142.997530][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.003443][ T28] __device_attach_driver+0x548/0x8e0 [ 143.008929][ T28] bus_for_each_drv+0x1fc/0x360 [ 143.013884][ T28] ? coredump_store+0xa0/0xa0 [ 143.018717][ T28] __device_attach+0x42a/0x720 [ 143.023617][ T28] device_initial_probe+0x2e/0x40 [ 143.028802][ T28] bus_probe_device+0x13c/0x3b0 [ 143.033807][ T28] device_add+0x1d4b/0x26c0 [ 143.038409][ T28] usb_new_device+0x17ac/0x2370 [ 143.043419][ T28] hub_event+0x5571/0x8070 [ 143.048033][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.054032][ T28] ? led_work+0x730/0x730 [ 143.058538][ T28] ? led_work+0x730/0x730 [ 143.063021][ T28] process_one_work+0xb27/0x13e0 [ 143.068104][ T28] worker_thread+0x1076/0x1d60 [ 143.073017][ T28] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 143.078928][ T28] ? __kthread_parkme+0xc0/0x1b0 [ 143.083970][ T28] kthread+0x31b/0x430 [ 143.088179][ T28] ? worker_clr_flags+0x2b0/0x2b0 [ 143.093350][ T28] ? kthread_blkcg+0x120/0x120 [ 143.098236][ T28] ret_from_fork+0x1f/0x30 [ 143.102760][ T28] [ 143.106037][ T28] Kernel Offset: disabled [ 143.110410][ T28] Rebooting in 86400 seconds..