./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2929557543 <...> Warning: Permanently added '10.128.0.146' (ECDSA) to the list of known hosts. execve("./syz-executor2929557543", ["./syz-executor2929557543"], 0x7ffee1362620 /* 10 vars */) = 0 brk(NULL) = 0x555556d58000 brk(0x555556d58c40) = 0x555556d58c40 arch_prctl(ARCH_SET_FS, 0x555556d58300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2929557543", 4096) = 28 brk(0x555556d79c40) = 0x555556d79c40 brk(0x555556d7a000) = 0x555556d7a000 mprotect(0x7f362e3b4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d585d0) = 5015 ./strace-static-x86_64: Process 5015 attached [pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5015] setpgid(0, 0) = 0 [pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5015] write(3, "1000", 4) = 4 [pid 5015] close(3) = 0 [pid 5015] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5015] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc55a122f0) = 0 [pid 5015] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5015] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc55a122f0) = 0 [pid 5015] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc55a122f0) = 0 [pid 5015] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc55a112e0) = 18 [ 165.642576][ T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 5015] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc55a122f0) = 0 [pid 5015] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc55a112e0) = 18 [ 165.882477][ T25] usb 1-1: Using ep0 maxpacket: 16 [pid 5015] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc55a122f0) = 0 [pid 5015] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc55a112e0) = 9 [pid 5015] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc55a122f0) = 0 [pid 5015] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc55a112e0) = 242 [ 166.002751][ T25] usb 1-1: config 0 has an invalid interface number: 35 but max is 1 [ 166.011190][ T25] usb 1-1: config 0 has an invalid interface descriptor of length 2, skipping [ 166.020900][ T25] usb 1-1: config 0 has an invalid interface number: 74 but max is 1 [ 166.029512][ T25] usb 1-1: config 0 has no interface number 0 [ 166.036017][ T25] usb 1-1: config 0 has no interface number 1 [ 166.042484][ T25] usb 1-1: config 0 interface 35 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 166.053993][ T25] usb 1-1: config 0 interface 35 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 166.064980][ T25] usb 1-1: config 0 interface 35 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 166.076162][ T25] usb 1-1: config 0 interface 35 altsetting 0 endpoint 0x6 has invalid maxpacket 1015, setting to 64 [ 166.087417][ T25] usb 1-1: config 0 interface 35 altsetting 0 has an invalid endpoint with address 0x80, skipping [pid 5015] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc55a122f0) = 0 [pid 5015] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc55a112e0) = 4 [ 166.098761][ T25] usb 1-1: config 0 interface 35 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 166.110196][ T25] usb 1-1: config 0 interface 35 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 7 [ 166.122071][ T25] usb 1-1: config 0 interface 35 altsetting 0 has 9 endpoint descriptors, different from the interface descriptor's value: 10 [pid 5015] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc55a122f0) = 0 [pid 5015] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc55a112e0) = 8 [pid 5015] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc55a122f0) = 0 [pid 5015] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc55a112e0) = 8 [pid 5015] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc55a122f0) = 0 [pid 5015] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc55a112e0) = 8 [pid 5015] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc55a122f0) = 0 [pid 5015] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5015] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5015] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f362e3ba46c) = -1 EINVAL (Invalid argument) [pid 5015] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f362e3ba47c) = 11 [ 166.292859][ T25] usb 1-1: New USB device found, idVendor=5032, idProduct=0fa1, bcdDevice=71.b4 [ 166.302368][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.310609][ T25] usb 1-1: Product: syz [ 166.315257][ T25] usb 1-1: Manufacturer: syz [ 166.320059][ T25] usb 1-1: SerialNumber: syz [ 166.329547][ T25] usb 1-1: config 0 descriptor?? [pid 5015] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc55a112e0) = 0 [ 166.380748][ T25] dvb-usb: found a 'Grandtec USB1.1 DVB-T' in warm state. [ 166.388559][ T25] dvb-usb: bulk message failed: -22 (3/0) [ 166.429737][ T25] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 166.454078][ T25] dvbdev: DVB: registering new adapter (Grandtec USB1.1 DVB-T) [ 166.462094][ T25] usb 1-1: media controller created [ 166.507126][ T25] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [pid 5015] exit_group(0) = ? [ 166.557790][ T25] dvb-usb: bulk message failed: -22 (6/0) [ 166.564073][ T25] ===================================================== [ 166.571430][ T25] BUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 [ 166.579122][ T25] dib3000mb_attach+0x2d8/0x3c0 [ 166.584420][ T25] dibusb_dib3000mb_frontend_attach+0x15e/0x310 [ 166.590979][ T25] dvb_usb_adapter_frontend_init+0xea/0x990 [ 166.597596][ T25] dvb_usb_device_init+0x25e1/0x3790 [ 166.603274][ T25] dibusb_probe+0x46/0x250 [pid 5015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d585d0) = 5019 ./strace-static-x86_64: Process 5019 attached [ 166.608007][ T25] usb_probe_interface+0xc75/0x1210 [ 166.613808][ T25] really_probe+0x507/0xf40 [ 166.618540][ T25] __driver_probe_device+0x300/0x3e0 [ 166.624346][ T25] driver_probe_device+0x72/0x7b0 [ 166.629654][ T25] __device_attach_driver+0x55a/0x8f0 [ 166.635816][ T25] bus_for_each_drv+0x433/0x680 [ 166.640895][ T25] __device_attach+0x406/0x660 [ 166.646144][ T25] device_initial_probe+0x32/0x40 [ 166.651419][ T25] bus_probe_device+0x3d8/0x5a0 [pid 5019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5019] setpgid(0, 0) = 0 [pid 5019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5019] write(3, "1000", 4) = 4 [pid 5019] close(3) = 0 [pid 5019] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5019] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc55a122f0) = 0 [ 166.656861][ T25] device_add+0x1cb0/0x25e0 [ 166.661599][ T25] usb_set_configuration+0x30b9/0x37b0 [ 166.667886][ T25] usb_generic_driver_probe+0x109/0x2a0 [ 166.673977][ T25] usb_probe_device+0x290/0x4a0 [ 166.680602][ T25] really_probe+0x507/0xf40 [ 166.685557][ T25] __driver_probe_device+0x300/0x3e0 [ 166.691268][ T25] driver_probe_device+0x72/0x7b0 [ 166.696821][ T25] __device_attach_driver+0x55a/0x8f0 [ 166.702642][ T25] bus_for_each_drv+0x433/0x680 [pid 5019] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5019] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc55a122f0) = 0 [ 166.707713][ T25] __device_attach+0x406/0x660 [ 166.712894][ T25] device_initial_probe+0x32/0x40 [ 166.718151][ T25] bus_probe_device+0x3d8/0x5a0 [ 166.723676][ T25] device_add+0x1cb0/0x25e0 [ 166.728394][ T25] usb_new_device+0x163b/0x2340 [ 166.733624][ T25] hub_event+0x5777/0x7890 [ 166.738211][ T25] process_one_work+0xb0d/0x1410 [ 166.743469][ T25] worker_thread+0x107e/0x1d60 [ 166.748816][ T25] kthread+0x31f/0x430 [ 166.753419][ T25] ret_from_fork+0x1f/0x30 [ 166.758038][ T25] [ 166.760419][ T25] Local variable rb created at: [ 166.765490][ T25] dib3000_read_reg+0x94/0x510 [ 166.770448][ T25] dib3000mb_attach+0x123/0x3c0 [ 166.775601][ T25] [ 166.778042][ T25] CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 6.3.0-rc1-syzkaller-ge61893130d87 #0 [ 166.787818][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 166.798156][ T25] Workqueue: usb_hub_wq hub_event [ 166.803590][ T25] ===================================================== [ 166.810717][ T25] Disabling lock debugging due to kernel taint [ 166.817235][ T25] Kernel panic - not syncing: kmsan.panic set ... [ 166.823831][ T25] CPU: 0 PID: 25 Comm: kworker/0:1 Tainted: G B 6.3.0-rc1-syzkaller-ge61893130d87 #0 [ 166.834885][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 166.845212][ T25] Workqueue: usb_hub_wq hub_event [ 166.850446][ T25] Call Trace: [ 166.853859][ T25] [ 166.856904][ T25] dump_stack_lvl+0x1cc/0x260 [ 166.861804][ T25] dump_stack+0x1e/0x20 [ 166.866158][ T25] panic+0x4e2/0xc70 [ 166.870308][ T25] ? add_taint+0x108/0x1a0 [ 166.874927][ T25] kmsan_report+0x2d0/0x2d0 [ 166.879660][ T25] ? dibusb_i2c_xfer+0xe29/0xf30 [ 166.884805][ T25] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 166.891326][ T25] ? __msan_warning+0x96/0x110 [ 166.896287][ T25] ? dib3000mb_attach+0x2d8/0x3c0 [ 166.901510][ T25] ? dibusb_dib3000mb_frontend_attach+0x15e/0x310 [ 166.908164][ T25] ? dvb_usb_adapter_frontend_init+0xea/0x990 [ 166.914493][ T25] ? dvb_usb_device_init+0x25e1/0x3790 [ 166.920201][ T25] ? dibusb_probe+0x46/0x250 [ 166.924980][ T25] ? usb_probe_interface+0xc75/0x1210 [ 166.930640][ T25] ? really_probe+0x507/0xf40 [ 166.935543][ T25] ? __driver_probe_device+0x300/0x3e0 [ 166.941227][ T25] ? driver_probe_device+0x72/0x7b0 [ 166.946653][ T25] ? __device_attach_driver+0x55a/0x8f0 [ 166.952532][ T25] ? bus_for_each_drv+0x433/0x680 [ 166.957785][ T25] ? __device_attach+0x406/0x660 [ 166.962953][ T25] ? device_initial_probe+0x32/0x40 [ 166.968386][ T25] ? bus_probe_device+0x3d8/0x5a0 [ 166.973634][ T25] ? device_add+0x1cb0/0x25e0 [ 166.978518][ T25] ? usb_set_configuration+0x30b9/0x37b0 [ 166.984406][ T25] ? usb_generic_driver_probe+0x109/0x2a0 [ 166.990353][ T25] ? usb_probe_device+0x290/0x4a0 [ 166.995615][ T25] ? really_probe+0x507/0xf40 [ 167.000578][ T25] ? __driver_probe_device+0x300/0x3e0 [ 167.006273][ T25] ? driver_probe_device+0x72/0x7b0 [ 167.011737][ T25] ? __device_attach_driver+0x55a/0x8f0 [ 167.017521][ T25] ? bus_for_each_drv+0x433/0x680 [ 167.022767][ T25] ? __device_attach+0x406/0x660 [ 167.027925][ T25] ? device_initial_probe+0x32/0x40 [ 167.033347][ T25] ? bus_probe_device+0x3d8/0x5a0 [ 167.038675][ T25] ? device_add+0x1cb0/0x25e0 [ 167.043559][ T25] ? usb_new_device+0x163b/0x2340 [ 167.048785][ T25] ? hub_event+0x5777/0x7890 [ 167.053561][ T25] ? process_one_work+0xb0d/0x1410 [ 167.058863][ T25] ? worker_thread+0x107e/0x1d60 [ 167.063992][ T25] ? kthread+0x31f/0x430 [ 167.068450][ T25] ? ret_from_fork+0x1f/0x30 [ 167.073272][ T25] ? rt_mutex_unlock+0x29/0x50 [ 167.078301][ T25] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.084331][ T25] ? dib3000_read_reg+0x33d/0x510 [ 167.089578][ T25] __msan_warning+0x96/0x110 [ 167.094401][ T25] dib3000mb_attach+0x2d8/0x3c0 [ 167.099447][ T25] ? as102_fe_ts_bus_ctrl+0x140/0x140 [ 167.105025][ T25] dibusb_dib3000mb_frontend_attach+0x15e/0x310 [ 167.111521][ T25] ? dibusb_probe+0x1e8/0x250 [ 167.116497][ T25] ? dibusb_probe+0x250/0x250 [ 167.121375][ T25] dvb_usb_adapter_frontend_init+0xea/0x990 [ 167.127537][ T25] dvb_usb_device_init+0x25e1/0x3790 [ 167.133135][ T25] dibusb_probe+0x46/0x250 [ 167.137772][ T25] ? a800_rc_query+0x430/0x430 [ 167.142760][ T25] usb_probe_interface+0xc75/0x1210 [ 167.148247][ T25] ? usb_register_driver+0x600/0x600 [ 167.153758][ T25] really_probe+0x507/0xf40 [ 167.158567][ T25] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 167.164895][ T25] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.170910][ T25] __driver_probe_device+0x300/0x3e0 [ 167.176458][ T25] driver_probe_device+0x72/0x7b0 [ 167.181720][ T25] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.187744][ T25] __device_attach_driver+0x55a/0x8f0 [ 167.193367][ T25] bus_for_each_drv+0x433/0x680 [ 167.198426][ T25] ? coredump_store+0xa0/0xa0 [ 167.203342][ T25] __device_attach+0x406/0x660 [ 167.208384][ T25] device_initial_probe+0x32/0x40 [ 167.213640][ T25] bus_probe_device+0x3d8/0x5a0 [ 167.218730][ T25] device_add+0x1cb0/0x25e0 [ 167.223440][ T25] usb_set_configuration+0x30b9/0x37b0 [ 167.229165][ T25] ? usb_set_configuration+0x971/0x37b0 [ 167.235041][ T25] usb_generic_driver_probe+0x109/0x2a0 [ 167.240851][ T25] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.246966][ T25] ? usb_choose_configuration+0xde0/0xde0 [ 167.252934][ T25] ? usb_choose_configuration+0xde0/0xde0 [ 167.258897][ T25] usb_probe_device+0x290/0x4a0 [ 167.264008][ T25] ? usb_register_device_driver+0x450/0x450 [ 167.270160][ T25] really_probe+0x507/0xf40 [ 167.274895][ T25] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 167.281259][ T25] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.287284][ T25] __driver_probe_device+0x300/0x3e0 [ 167.292812][ T25] driver_probe_device+0x72/0x7b0 [ 167.298073][ T25] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.304179][ T25] __device_attach_driver+0x55a/0x8f0 [ 167.309796][ T25] bus_for_each_drv+0x433/0x680 [ 167.314852][ T25] ? coredump_store+0xa0/0xa0 [ 167.319778][ T25] __device_attach+0x406/0x660 [ 167.324779][ T25] device_initial_probe+0x32/0x40 [ 167.330018][ T25] bus_probe_device+0x3d8/0x5a0 [ 167.335207][ T25] device_add+0x1cb0/0x25e0 [ 167.339932][ T25] usb_new_device+0x163b/0x2340 [ 167.345014][ T25] hub_event+0x5777/0x7890 [ 167.349720][ T25] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.355727][ T25] ? led_work+0x740/0x740 [ 167.360262][ T25] ? led_work+0x740/0x740 [ 167.364872][ T25] process_one_work+0xb0d/0x1410 [ 167.370182][ T25] worker_thread+0x107e/0x1d60 [ 167.375217][ T25] kthread+0x31f/0x430 [ 167.379512][ T25] ? pr_cont_work+0xce0/0xce0 [ 167.384417][ T25] ? kthread_blkcg+0x120/0x120 [ 167.389541][ T25] ret_from_fork+0x1f/0x30 [ 167.394210][ T25] [ 167.397556][ T25] Kernel Offset: disabled [ 167.402053][ T25] Rebooting in 86400 seconds..