./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1203712821 <...> forked to background, child pid 3046 no interfaces have a carrier [ 68.253926][ T3047] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.280283][ T3047] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 95.143671][ T121] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.133' (ECDSA) to the list of known hosts. execve("./syz-executor1203712821", ["./syz-executor1203712821"], 0x7ffe875a6730 /* 10 vars */) = 0 brk(NULL) = 0x555556afe000 brk(0x555556afec40) = 0x555556afec40 arch_prctl(ARCH_SET_FS, 0x555556afe300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1203712821", 4096) = 28 brk(0x555556b1fc40) = 0x555556b1fc40 brk(0x555556b20000) = 0x555556b20000 mprotect(0x7f626e723000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3477 attached [pid 3477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3477] setpgid(0, 0) = 0 [pid 3477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3476] <... clone resumed>, child_tidptr=0x555556afe5d0) = 3477 [pid 3477] <... openat resumed>) = 3 [pid 3477] write(3, "1000", 4) = 4 [pid 3477] close(3) = 0 [pid 3477] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3477] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdee275af0) = 0 [pid 3477] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3477] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdee275af0) = 0 [pid 3477] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdee275af0) = 0 [pid 3477] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdee274ae0) = 18 [ 99.102244][ T3138] usb 1-1: new full-speed USB device number 2 using dummy_hcd [pid 3477] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdee275af0) = 0 [pid 3477] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdee274ae0) = 18 [pid 3477] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdee275af0) = 0 [pid 3477] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdee274ae0) = 9 [pid 3477] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdee275af0) = 0 [pid 3477] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdee274ae0) = 47 [pid 3477] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdee275af0) = 0 [pid 3477] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdee274ae0) = 4 [ 99.492435][ T3138] usb 1-1: config 0 has an invalid interface number: 92 but max is 0 [ 99.500671][ T3138] usb 1-1: config 0 has no interface number 0 [ 99.507515][ T3138] usb 1-1: config 0 interface 92 altsetting 0 has an invalid endpoint with address 0x0, skipping [pid 3477] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdee275af0) = 0 [pid 3477] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdee274ae0) = 8 [pid 3477] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdee275af0) = 0 [pid 3477] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdee274ae0) = 8 [pid 3477] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdee275af0) = 0 [pid 3477] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffdee274ae0) = 8 [pid 3477] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdee275af0) = 0 [pid 3477] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3477] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 3477] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f626e72946c) = -1 EINVAL (Invalid argument) [ 99.712611][ T3138] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=3d.34 [ 99.721812][ T3138] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.730175][ T3138] usb 1-1: Product: syz [ 99.734523][ T3138] usb 1-1: Manufacturer: syz [ 99.739243][ T3138] usb 1-1: SerialNumber: syz [ 99.748814][ T3138] usb 1-1: config 0 descriptor?? [pid 3477] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffdee274ae0) = 0 [ 99.797508][ T3138] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 99.804317][ T3138] dvb-usb: bulk message failed: -22 (3/0) [ 99.815513][ T3138] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 99.843015][ T3138] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 99.850145][ T3138] usb 1-1: media controller created [ 99.858356][ T3138] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 99.872507][ T3138] dvb-usb: bulk message failed: -22 (6/0) [ 99.878397][ T3138] ===================================================== [ 99.885405][ T3138] BUG: KMSAN: uninit-value in dib3000mb_attach+0x374/0x490 [ 99.892614][ T3138] dib3000mb_attach+0x374/0x490 [ 99.897597][ T3138] dibusb_dib3000mb_frontend_attach+0x137/0x3c0 [ 99.903884][ T3138] dvb_usb_adapter_frontend_init+0x112/0xab0 [ 99.909914][ T3138] dvb_usb_device_init+0x2839/0x3830 [ 99.915242][ T3138] dibusb_probe+0x24b/0x310 [ 99.919761][ T3138] usb_probe_interface+0xf19/0x1600 [ 99.924980][ T3138] really_probe+0x6c7/0x1350 [ 99.929592][ T3138] __driver_probe_device+0x3e9/0x530 [ 99.934909][ T3138] __device_attach_driver+0x79f/0x1120 [ 99.940398][ T3138] bus_for_each_drv+0x2d6/0x3f0 [ 99.945286][ T3138] __device_attach+0x593/0x8e0 [ 99.950072][ T3138] device_initial_probe+0x4a/0x60 [ 99.955134][ T3138] bus_probe_device+0x17b/0x3e0 [ 99.960010][ T3138] device_add+0x1fff/0x26e0 [ 99.964542][ T3138] usb_set_configuration+0x37e9/0x3ed0 [ 99.970022][ T3138] usb_generic_driver_probe+0x13c/0x300 [ 99.975615][ T3138] usb_probe_device+0x309/0x570 [ 99.980514][ T3138] really_probe+0x6c7/0x1350 [ 99.985127][ T3138] __driver_probe_device+0x3e9/0x530 [ 99.990459][ T3138] __device_attach_driver+0x79f/0x1120 [pid 3477] exit_group(0) = ? [pid 3477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3477, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556afe5d0) = 3479 ./strace-static-x86_64: Process 3479 attached [pid 3479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 99.996050][ T3138] bus_for_each_drv+0x2d6/0x3f0 [ 100.000920][ T3138] __device_attach+0x593/0x8e0 [ 100.005720][ T3138] device_initial_probe+0x4a/0x60 [ 100.010770][ T3138] bus_probe_device+0x17b/0x3e0 [ 100.015656][ T3138] device_add+0x1fff/0x26e0 [ 100.020189][ T3138] usb_new_device+0x1b91/0x2950 [ 100.025085][ T3138] hub_event+0x58e3/0x89e0 [ 100.029538][ T3138] process_one_work+0xdb6/0x1820 [ 100.034504][ T3138] worker_thread+0x10d0/0x2240 [ 100.039299][ T3138] kthread+0x3c7/0x500 [ 100.043412][ T3138] ret_from_fork+0x1f/0x30 [pid 3479] setpgid(0, 0) = 0 [pid 3479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3479] write(3, "1000", 4) = 4 [pid 3479] close(3) = 0 [pid 3479] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3479] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffdee275af0) = 0 [pid 3479] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffdee275af0) = 0 [ 100.047869][ T3138] [ 100.050197][ T3138] Local variable rb created at: [ 100.055048][ T3138] dib3000_read_reg+0xdb/0x5c0 [ 100.059843][ T3138] dib3000mb_attach+0x16a/0x490 [ 100.064723][ T3138] [ 100.067054][ T3138] CPU: 0 PID: 3138 Comm: kworker/0:3 Not tainted 5.18.0-rc4-syzkaller #0 [ 100.075500][ T3138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 100.085565][ T3138] Workqueue: usb_hub_wq hub_event [ 100.090631][ T3138] ===================================================== [ 100.097567][ T3138] Disabling lock debugging due to kernel taint [ 100.104054][ T3138] Kernel panic - not syncing: kmsan.panic set ... [ 100.110484][ T3138] CPU: 0 PID: 3138 Comm: kworker/0:3 Tainted: G B 5.18.0-rc4-syzkaller #0 [ 100.120324][ T3138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 100.130522][ T3138] Workqueue: usb_hub_wq hub_event [ 100.135718][ T3138] Call Trace: [ 100.139055][ T3138] [ 100.142003][ T3138] dump_stack_lvl+0x1ff/0x28e [ 100.146748][ T3138] dump_stack+0x25/0x28 [ 100.150948][ T3138] panic+0x4fe/0xc73 [ 100.154900][ T3138] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 100.161107][ T3138] ? add_taint+0x181/0x210 [ 100.165557][ T3138] ? console_unlock+0x1c00/0x2130 [ 100.170622][ T3138] ? _raw_spin_unlock_irqrestore+0x78/0xb0 [ 100.176475][ T3138] kmsan_report+0x2e6/0x2f0 [ 100.181032][ T3138] ? __msan_warning+0x94/0x110 [ 100.185848][ T3138] ? dib3000mb_attach+0x374/0x490 [ 100.190966][ T3138] ? dibusb_dib3000mb_frontend_attach+0x137/0x3c0 [ 100.197410][ T3138] ? dvb_usb_adapter_frontend_init+0x112/0xab0 [ 100.203607][ T3138] ? dvb_usb_device_init+0x2839/0x3830 [ 100.209102][ T3138] ? dibusb_probe+0x24b/0x310 [ 100.213831][ T3138] ? usb_probe_interface+0xf19/0x1600 [ 100.219251][ T3138] ? really_probe+0x6c7/0x1350 [ 100.224123][ T3138] ? __driver_probe_device+0x3e9/0x530 [ 100.229635][ T3138] ? __device_attach_driver+0x79f/0x1120 [ 100.235321][ T3138] ? bus_for_each_drv+0x2d6/0x3f0 [ 100.240505][ T3138] ? __device_attach+0x593/0x8e0 [ 100.245471][ T3138] ? device_initial_probe+0x4a/0x60 [ 100.250721][ T3138] ? bus_probe_device+0x17b/0x3e0 [ 100.255924][ T3138] ? device_add+0x1fff/0x26e0 [ 100.260814][ T3138] ? usb_set_configuration+0x37e9/0x3ed0 [ 100.266480][ T3138] ? usb_generic_driver_probe+0x13c/0x300 [ 100.272232][ T3138] ? usb_probe_device+0x309/0x570 [ 100.277320][ T3138] ? really_probe+0x6c7/0x1350 [ 100.282132][ T3138] ? __driver_probe_device+0x3e9/0x530 [ 100.287646][ T3138] ? __device_attach_driver+0x79f/0x1120 [ 100.293371][ T3138] ? bus_for_each_drv+0x2d6/0x3f0 [ 100.298440][ T3138] ? __device_attach+0x593/0x8e0 [ 100.303489][ T3138] ? device_initial_probe+0x4a/0x60 [ 100.308732][ T3138] ? bus_probe_device+0x17b/0x3e0 [ 100.313800][ T3138] ? device_add+0x1fff/0x26e0 [ 100.318512][ T3138] ? usb_new_device+0x1b91/0x2950 [ 100.323586][ T3138] ? hub_event+0x58e3/0x89e0 [ 100.328197][ T3138] ? process_one_work+0xdb6/0x1820 [ 100.333344][ T3138] ? worker_thread+0x10d0/0x2240 [ 100.338297][ T3138] ? kthread+0x3c7/0x500 [ 100.342584][ T3138] ? ret_from_fork+0x1f/0x30 [ 100.347223][ T3138] ? i2c_adapter_unlock_bus+0x3b/0x50 [ 100.352624][ T3138] ? i2c_transfer+0x37c/0x620 [ 100.357340][ T3138] ? kmsan_get_metadata+0x33/0x220 [ 100.362476][ T3138] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 100.368331][ T3138] ? dib3000_read_reg+0x3e7/0x5c0 [ 100.373396][ T3138] __msan_warning+0x94/0x110 [ 100.378045][ T3138] dib3000mb_attach+0x374/0x490 [ 100.382937][ T3138] ? as102_fe_ts_bus_ctrl+0x180/0x180 [ 100.388343][ T3138] dibusb_dib3000mb_frontend_attach+0x137/0x3c0 [ 100.394618][ T3138] ? dibusb_probe+0x310/0x310 [ 100.399358][ T3138] dvb_usb_adapter_frontend_init+0x112/0xab0 [ 100.405378][ T3138] dvb_usb_device_init+0x2839/0x3830 [ 100.410732][ T3138] dibusb_probe+0x24b/0x310 [ 100.415270][ T3138] ? a800_rc_query+0x4a0/0x4a0 [ 100.420050][ T3138] usb_probe_interface+0xf19/0x1600 [ 100.425307][ T3138] ? kmsan_get_metadata+0x33/0x220 [ 100.430444][ T3138] ? usb_register_driver+0x900/0x900 [ 100.435783][ T3138] really_probe+0x6c7/0x1350 [ 100.440434][ T3138] __driver_probe_device+0x3e9/0x530 [ 100.445767][ T3138] __device_attach_driver+0x79f/0x1120 [ 100.451294][ T3138] bus_for_each_drv+0x2d6/0x3f0 [ 100.456190][ T3138] ? deferred_probe_work_func+0x4c0/0x4c0 [ 100.461967][ T3138] __device_attach+0x593/0x8e0 [ 100.466771][ T3138] ? btf_enum_check_meta+0xb51/0x1b50 [ 100.472188][ T3138] device_initial_probe+0x4a/0x60 [ 100.477251][ T3138] bus_probe_device+0x17b/0x3e0 [ 100.482156][ T3138] device_add+0x1fff/0x26e0 [ 100.486711][ T3138] usb_set_configuration+0x37e9/0x3ed0 [ 100.492224][ T3138] ? usb_set_configuration+0xb11/0x3ed0 [ 100.497848][ T3138] usb_generic_driver_probe+0x13c/0x300 [ 100.503436][ T3138] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 100.509264][ T3138] ? usb_choose_configuration+0xf90/0xf90 [ 100.515006][ T3138] usb_probe_device+0x309/0x570 [ 100.519883][ T3138] ? kmsan_get_metadata+0x33/0x220 [ 100.525029][ T3138] ? usb_register_device_driver+0x580/0x580 [ 100.530949][ T3138] really_probe+0x6c7/0x1350 [ 100.535584][ T3138] __driver_probe_device+0x3e9/0x530 [ 100.540936][ T3138] __device_attach_driver+0x79f/0x1120 [ 100.546452][ T3138] bus_for_each_drv+0x2d6/0x3f0 [ 100.551328][ T3138] ? deferred_probe_work_func+0x4c0/0x4c0 [ 100.557108][ T3138] __device_attach+0x593/0x8e0 [ 100.561919][ T3138] ? btf_enum_check_meta+0xb51/0x1b50 [ 100.567342][ T3138] device_initial_probe+0x4a/0x60 [ 100.572399][ T3138] bus_probe_device+0x17b/0x3e0 [ 100.577299][ T3138] device_add+0x1fff/0x26e0 [ 100.581833][ T3138] usb_new_device+0x1b91/0x2950 [ 100.586755][ T3138] hub_event+0x58e3/0x89e0 [ 100.591234][ T3138] ? kmsan_get_metadata+0x33/0x220 [ 100.596365][ T3138] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 100.602219][ T3138] ? led_work+0x7b0/0x7b0 [ 100.606582][ T3138] process_one_work+0xdb6/0x1820 [ 100.612257][ T3138] worker_thread+0x10d0/0x2240 [ 100.617074][ T3138] kthread+0x3c7/0x500 [ 100.621166][ T3138] ? worker_clr_flags+0x3a0/0x3a0 [ 100.626227][ T3138] ? kthread_blkcg+0x120/0x120 [ 100.631171][ T3138] ret_from_fork+0x1f/0x30 [ 100.635647][ T3138] [ 100.638747][ T3138] Kernel Offset: disabled [ 100.643142][ T3138] Rebooting in 86400 seconds..