./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2033452120 <...> Warning: Permanently added '10.128.0.205' (ED25519) to the list of known hosts. execve("./syz-executor2033452120", ["./syz-executor2033452120"], 0x7ffe5c0aec10 /* 10 vars */) = 0 brk(NULL) = 0x555555ba2000 brk(0x555555ba2d00) = 0x555555ba2d00 arch_prctl(ARCH_SET_FS, 0x555555ba2380) = 0 set_tid_address(0x555555ba2650) = 4997 set_robust_list(0x555555ba2660, 24) = 0 rseq(0x555555ba2ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2033452120", 4096) = 28 getrandom("\xb8\x3d\xb7\xe8\x64\x7a\x42\xdf", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555ba2d00 brk(0x555555bc3d00) = 0x555555bc3d00 brk(0x555555bc4000) = 0x555555bc4000 mprotect(0x7f9ad7cba000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4998 attached , child_tidptr=0x555555ba2650) = 4998 [pid 4998] set_robust_list(0x555555ba2660, 24) = 0 [pid 4998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4998] setpgid(0, 0) = 0 [pid 4998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4998] write(3, "1000", 4) = 4 [pid 4998] close(3) = 0 [pid 4998] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 4998] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc790266d0) = 0 [pid 4998] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 4998] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc790266d0) = 0 [ 161.070987][ T774] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 4998] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc790266d0) = 0 [pid 4998] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc790256c0) = 18 [pid 4998] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc790266d0) = 0 [ 161.390947][ T774] usb 1-1: Using ep0 maxpacket: 32 [pid 4998] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc790256c0) = 18 [pid 4998] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc790266d0) = 0 [pid 4998] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc790256c0) = 9 [pid 4998] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc790266d0) = 0 [pid 4998] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc790256c0) = 27 [pid 4998] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc790266d0) = 0 [pid 4998] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc790256c0) = 4 [ 161.511355][ T774] usb 1-1: config 0 has an invalid interface number: 75 but max is 1 [ 161.519753][ T774] usb 1-1: config 0 has an invalid interface number: 234 but max is 1 [ 161.528350][ T774] usb 1-1: config 0 has no interface number 0 [ 161.534716][ T774] usb 1-1: config 0 has no interface number 1 [pid 4998] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc790266d0) = 0 [pid 4998] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc790256c0) = 8 [pid 4998] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc790266d0) = 0 [pid 4998] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc790256c0) = 8 [pid 4998] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc790266d0) = 0 [pid 4998] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc790256c0) = 8 [pid 4998] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc790266d0) = 0 [pid 4998] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x81) = 0 [pid 4998] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 161.701513][ T774] usb 1-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=83.58 [ 161.711002][ T774] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.719278][ T774] usb 1-1: Product: syz [ 161.723765][ T774] usb 1-1: Manufacturer: syz [ 161.728616][ T774] usb 1-1: SerialNumber: syz [ 161.738141][ T774] usb 1-1: config 0 descriptor?? [pid 4998] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc790256c0) = 0 [ 161.789413][ T774] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state. [ 161.800943][ T774] dvb-usb: bulk message failed: -22 (3/0) [ 161.838477][ T774] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 161.862948][ T774] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device) [ 161.874692][ T774] usb 1-1: media controller created [ 161.925931][ T774] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [pid 4998] exit_group(0) = ? [pid 4998] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4998, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 161.980381][ T774] dvb-usb: bulk message failed: -22 (6/0) [ 161.986656][ T774] ===================================================== [ 161.994119][ T774] BUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 [ 162.001648][ T774] dib3000mb_attach+0x2d8/0x3c0 [ 162.006690][ T774] dibusb_dib3000mb_frontend_attach+0x151/0x2e0 [ 162.013351][ T774] dvb_usb_adapter_frontend_init+0xea/0x990 [ 162.019512][ T774] dvb_usb_device_init+0x259a/0x3740 [ 162.025163][ T774] dibusb_probe+0x46/0x250 restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ba2650) = 5001 [ 162.029808][ T774] usb_probe_interface+0xc75/0x1210 [ 162.035368][ T774] really_probe+0x506/0xf40 [ 162.040082][ T774] __driver_probe_device+0x2a7/0x5d0 [ 162.046053][ T774] driver_probe_device+0x72/0x7b0 [ 162.051433][ T774] __device_attach_driver+0x55a/0x8f0 [ 162.057035][ T774] bus_for_each_drv+0x3ff/0x620 [ 162.062169][ T774] __device_attach+0x3bd/0x640 [ 162.067127][ T774] device_initial_probe+0x32/0x40 [ 162.072564][ T774] bus_probe_device+0x3d8/0x5a0 ./strace-static-x86_64: Process 5001 attached [pid 5001] set_robust_list(0x555555ba2660, 24) = 0 [pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5001] setpgid(0, 0) = 0 [pid 5001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 162.077595][ T774] device_add+0x1700/0x1f20 [ 162.082405][ T774] usb_set_configuration+0x31c9/0x38c0 [ 162.088086][ T774] usb_generic_driver_probe+0x109/0x2a0 [ 162.093976][ T774] usb_probe_device+0x290/0x4a0 [ 162.099050][ T774] really_probe+0x506/0xf40 [ 162.103893][ T774] __driver_probe_device+0x2a7/0x5d0 [ 162.109387][ T774] driver_probe_device+0x72/0x7b0 [ 162.114751][ T774] __device_attach_driver+0x55a/0x8f0 [ 162.120354][ T774] bus_for_each_drv+0x3ff/0x620 [ 162.125515][ T774] __device_attach+0x3bd/0x640 [pid 5001] write(3, "1000", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5001] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc790266d0) = 0 [pid 5001] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5001] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc790266d0) = 0 [ 162.130474][ T774] device_initial_probe+0x32/0x40 [ 162.135837][ T774] bus_probe_device+0x3d8/0x5a0 [ 162.140972][ T774] device_add+0x1700/0x1f20 [ 162.145695][ T774] usb_new_device+0x15f6/0x22f0 [ 162.150853][ T774] hub_event+0x53bc/0x7290 [ 162.155465][ T774] process_scheduled_works+0x104e/0x1e70 [ 162.161575][ T774] worker_thread+0xf45/0x1490 [ 162.166451][ T774] kthread+0x3e8/0x540 [ 162.170849][ T774] ret_from_fork+0x66/0x80 [ 162.175471][ T774] ret_from_fork_asm+0x11/0x20 [ 162.180447][ T774] [ 162.182979][ T774] Local variable rb created at: [ 162.187939][ T774] dib3000_read_reg+0x86/0x4e0 [ 162.193204][ T774] dib3000mb_attach+0x123/0x3c0 [ 162.198252][ T774] [ 162.200676][ T774] CPU: 1 PID: 774 Comm: kworker/1:2 Not tainted 6.6.0-rc3-syzkaller-00055-g9ed22ae6be81 #0 [ 162.211074][ T774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 162.221461][ T774] Workqueue: usb_hub_wq hub_event [ 162.226670][ T774] ===================================================== [ 162.233886][ T774] Disabling lock debugging due to kernel taint [ 162.240140][ T774] Kernel panic - not syncing: kmsan.panic set ... [ 162.246651][ T774] CPU: 1 PID: 774 Comm: kworker/1:2 Tainted: G B 6.6.0-rc3-syzkaller-00055-g9ed22ae6be81 #0 [ 162.258304][ T774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 162.268494][ T774] Workqueue: usb_hub_wq hub_event [ 162.273681][ T774] Call Trace: [ 162.277073][ T774] [ 162.280093][ T774] dump_stack_lvl+0x1bf/0x240 [ 162.284902][ T774] dump_stack+0x1e/0x20 [ 162.289178][ T774] panic+0x4d5/0xc70 [ 162.293240][ T774] ? add_taint+0x108/0x1a0 [ 162.297854][ T774] kmsan_report+0x2d0/0x2d0 [ 162.302582][ T774] ? __msan_warning+0x96/0x110 [ 162.307533][ T774] ? dib3000mb_attach+0x2d8/0x3c0 [ 162.312808][ T774] ? dibusb_dib3000mb_frontend_attach+0x151/0x2e0 [ 162.319492][ T774] ? dvb_usb_adapter_frontend_init+0xea/0x990 [ 162.325770][ T774] ? dvb_usb_device_init+0x259a/0x3740 [ 162.331407][ T774] ? dibusb_probe+0x46/0x250 [ 162.336326][ T774] ? usb_probe_interface+0xc75/0x1210 [ 162.341945][ T774] ? really_probe+0x506/0xf40 [ 162.346830][ T774] ? __driver_probe_device+0x2a7/0x5d0 [ 162.352418][ T774] ? driver_probe_device+0x72/0x7b0 [ 162.357764][ T774] ? __device_attach_driver+0x55a/0x8f0 [ 162.363509][ T774] ? bus_for_each_drv+0x3ff/0x620 [ 162.368653][ T774] ? __device_attach+0x3bd/0x640 [ 162.373761][ T774] ? device_initial_probe+0x32/0x40 [ 162.379154][ T774] ? bus_probe_device+0x3d8/0x5a0 [ 162.384370][ T774] ? device_add+0x1700/0x1f20 [ 162.389274][ T774] ? usb_set_configuration+0x31c9/0x38c0 [ 162.395079][ T774] ? usb_generic_driver_probe+0x109/0x2a0 [ 162.400957][ T774] ? usb_probe_device+0x290/0x4a0 [ 162.406216][ T774] ? really_probe+0x506/0xf40 [ 162.411089][ T774] ? __driver_probe_device+0x2a7/0x5d0 [ 162.416769][ T774] ? driver_probe_device+0x72/0x7b0 [ 162.422155][ T774] ? __device_attach_driver+0x55a/0x8f0 [ 162.427941][ T774] ? bus_for_each_drv+0x3ff/0x620 [ 162.433143][ T774] ? __device_attach+0x3bd/0x640 [ 162.438211][ T774] ? device_initial_probe+0x32/0x40 [ 162.443559][ T774] ? bus_probe_device+0x3d8/0x5a0 [ 162.448779][ T774] ? device_add+0x1700/0x1f20 [ 162.453691][ T774] ? usb_new_device+0x15f6/0x22f0 [ 162.458896][ T774] ? hub_event+0x53bc/0x7290 [ 162.464403][ T774] ? process_scheduled_works+0x104e/0x1e70 [ 162.470364][ T774] ? worker_thread+0xf45/0x1490 [ 162.475405][ T774] ? kthread+0x3e8/0x540 [ 162.479850][ T774] ? ret_from_fork+0x66/0x80 [ 162.484665][ T774] ? ret_from_fork_asm+0x11/0x20 [ 162.489806][ T774] ? rt_mutex_unlock+0x29/0x50 [ 162.494734][ T774] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.500702][ T774] ? dib3000_read_reg+0x32b/0x4e0 [ 162.505970][ T774] __msan_warning+0x96/0x110 [ 162.510779][ T774] dib3000mb_attach+0x2d8/0x3c0 [ 162.515853][ T774] ? as102_fe_ts_bus_ctrl+0x140/0x140 [ 162.521475][ T774] dibusb_dib3000mb_frontend_attach+0x151/0x2e0 [ 162.527928][ T774] ? dibusb_probe+0x250/0x250 [ 162.532839][ T774] dvb_usb_adapter_frontend_init+0xea/0x990 [ 162.538961][ T774] dvb_usb_device_init+0x259a/0x3740 [ 162.544502][ T774] dibusb_probe+0x46/0x250 [ 162.549157][ T774] ? a800_rc_query+0x430/0x430 [ 162.554168][ T774] usb_probe_interface+0xc75/0x1210 [ 162.559636][ T774] ? usb_register_driver+0x600/0x600 [ 162.565153][ T774] really_probe+0x506/0xf40 [ 162.569787][ T774] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 162.576018][ T774] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.582028][ T774] __driver_probe_device+0x2a7/0x5d0 [ 162.587504][ T774] driver_probe_device+0x72/0x7b0 [ 162.592839][ T774] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.598797][ T774] __device_attach_driver+0x55a/0x8f0 [ 162.604428][ T774] bus_for_each_drv+0x3ff/0x620 [ 162.609405][ T774] ? coredump_store+0xa0/0xa0 [ 162.614235][ T774] __device_attach+0x3bd/0x640 [ 162.619139][ T774] device_initial_probe+0x32/0x40 [ 162.624321][ T774] bus_probe_device+0x3d8/0x5a0 [ 162.629384][ T774] device_add+0x1700/0x1f20 [ 162.634132][ T774] usb_set_configuration+0x31c9/0x38c0 [ 162.639820][ T774] ? usb_set_configuration+0x921/0x38c0 [ 162.645534][ T774] usb_generic_driver_probe+0x109/0x2a0 [ 162.651250][ T774] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.657269][ T774] ? usb_choose_configuration+0xde0/0xde0 [ 162.663149][ T774] ? usb_choose_configuration+0xde0/0xde0 [ 162.669065][ T774] usb_probe_device+0x290/0x4a0 [ 162.674078][ T774] ? usb_register_device_driver+0x450/0x450 [ 162.680189][ T774] really_probe+0x506/0xf40 [ 162.684844][ T774] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 162.691067][ T774] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.697084][ T774] __driver_probe_device+0x2a7/0x5d0 [ 162.702538][ T774] driver_probe_device+0x72/0x7b0 [ 162.707783][ T774] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.713799][ T774] __device_attach_driver+0x55a/0x8f0 [ 162.719343][ T774] bus_for_each_drv+0x3ff/0x620 [ 162.724393][ T774] ? coredump_store+0xa0/0xa0 [ 162.729295][ T774] __device_attach+0x3bd/0x640 [ 162.734287][ T774] device_initial_probe+0x32/0x40 [ 162.739518][ T774] bus_probe_device+0x3d8/0x5a0 [ 162.744493][ T774] device_add+0x1700/0x1f20 [ 162.749145][ T774] usb_new_device+0x15f6/0x22f0 [ 162.754118][ T774] hub_event+0x53bc/0x7290 [ 162.758694][ T774] ? led_work+0x740/0x740 [ 162.763139][ T774] process_scheduled_works+0x104e/0x1e70 [ 162.768967][ T774] worker_thread+0xf45/0x1490 [ 162.773873][ T774] kthread+0x3e8/0x540 [ 162.778165][ T774] ? pr_cont_work+0xce0/0xce0 [ 162.783042][ T774] ? kthread_blkcg+0x120/0x120 [ 162.788039][ T774] ret_from_fork+0x66/0x80 [ 162.792684][ T774] ? kthread_blkcg+0x120/0x120 [ 162.797682][ T774] ret_from_fork_asm+0x11/0x20 [ 162.802691][ T774] [ 162.806242][ T774] Kernel Offset: disabled [ 162.810630][ T774] Rebooting in 86400 seconds..