./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3257976318 <...> [ 110.494281][ T39] cfg80211: failed to load regulatory.db forked to background, child pid 4611 [ 110.822299][ T4612] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.863235][ T4612] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.25' (ECDSA) to the list of known hosts. execve("./syz-executor3257976318", ["./syz-executor3257976318"], 0x7ffcb57c8220 /* 10 vars */) = 0 brk(NULL) = 0x555555c51000 brk(0x555555c51c40) = 0x555555c51c40 arch_prctl(ARCH_SET_FS, 0x555555c51300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3257976318", 4096) = 28 brk(0x555555c72c40) = 0x555555c72c40 brk(0x555555c73000) = 0x555555c73000 mprotect(0x7fb065180000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c515d0) = 4958 ./strace-static-x86_64: Process 4958 attached [pid 4958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4958] setpgid(0, 0) = 0 [pid 4958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4958] write(3, "1000", 4) = 4 [pid 4958] close(3) = 0 [pid 4958] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 4958] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc2ec76260) = 18 syzkaller login: [ 165.912229][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [ 166.152187][ T9] usb 1-1: Using ep0 maxpacket: 32 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc2ec76260) = 18 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc2ec76260) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc2ec76260) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc2ec76260) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc2ec76260) = 9 [ 166.312379][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc2ec76260) = 320 [ 166.392398][ T9] usb 1-1: config 5 has an invalid interface number: 241 but max is 1 [ 166.400947][ T9] usb 1-1: config 5 has an invalid interface number: 201 but max is 1 [ 166.409522][ T9] usb 1-1: config 5 has an invalid interface association descriptor of length 2, skipping [ 166.419864][ T9] usb 1-1: config 5 has an invalid interface association descriptor of length 2, skipping [ 166.430341][ T9] usb 1-1: config 5 has no interface number 0 [ 166.436856][ T9] usb 1-1: config 5 has no interface number 1 [ 166.443447][ T9] usb 1-1: config 5 interface 241 altsetting 0 has a duplicate endpoint with address 0xC, skipping [ 166.454652][ T9] usb 1-1: config 5 interface 241 altsetting 0 has a duplicate endpoint with address 0x5, skipping [ 166.465880][ T9] usb 1-1: config 5 interface 241 altsetting 0 endpoint 0x9 has an invalid bInterval 162, changing to 11 [ 166.477576][ T9] usb 1-1: config 5 interface 241 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 166.488646][ T9] usb 1-1: config 5 interface 201 altsetting 1 has a duplicate endpoint with address 0x1, skipping [ 166.499781][ T9] usb 1-1: config 5 interface 201 altsetting 1 has a duplicate endpoint with address 0xC, skipping [ 166.511008][ T9] usb 1-1: config 5 interface 201 altsetting 1 bulk endpoint 0xA has invalid maxpacket 528 [ 166.521620][ T9] usb 1-1: config 5 interface 201 altsetting 1 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 166.533047][ T9] usb 1-1: config 5 interface 201 altsetting 1 endpoint 0x7 has an invalid bInterval 200, changing to 7 [ 166.544614][ T9] usb 1-1: config 5 interface 201 altsetting 1 has a duplicate endpoint with address 0x7, skipping [ 166.555857][ T9] usb 1-1: config 5 interface 201 altsetting 1 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 166.567305][ T9] usb 1-1: config 5 interface 201 altsetting 1 has a duplicate endpoint with address 0xA, skipping [ 166.578563][ T9] usb 1-1: config 5 interface 201 altsetting 1 endpoint 0x8 has an invalid bInterval 63, changing to 9 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc2ec76260) = 0 [ 166.590065][ T9] usb 1-1: config 5 interface 201 has no altsetting 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc2ec76260) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc2ec76260) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc2ec76260) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc2ec76260) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc2ec76260) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x2) = 0 [ 166.832532][ T9] usb 1-1: string descriptor 0 read error: -22 [ 166.839485][ T9] usb 1-1: New USB device found, idVendor=5032, idProduct=0fa1, bcdDevice=1e.5a [ 166.849128][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [pid 4958] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 4958] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fb06518646c) = -1 EINVAL (Invalid argument) [pid 4958] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fb06518647c) = -1 EINVAL (Invalid argument) [pid 4958] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc2ec76260) = 0 [ 166.929817][ T9] dvb-usb: found a 'Grandtec USB1.1 DVB-T' in warm state. [ 166.937891][ T9] dvb-usb: bulk message failed: -8 (3/0) [ 166.980533][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 167.005674][ T9] dvbdev: DVB: registering new adapter (Grandtec USB1.1 DVB-T) [ 167.013860][ T9] usb 1-1: media controller created [ 167.069646][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 167.129614][ T9] dvb-usb: bulk message failed: -8 (6/0) [ 167.135989][ T9] ===================================================== [ 167.143389][ T9] BUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 [ 167.150866][ T9] dib3000mb_attach+0x2d8/0x3c0 [ 167.156103][ T9] dibusb_dib3000mb_frontend_attach+0x151/0x2e0 [ 167.162654][ T9] dvb_usb_adapter_frontend_init+0xea/0x990 [ 167.168766][ T9] dvb_usb_device_init+0x259a/0x3740 [ 167.174405][ T9] dibusb_probe+0x46/0x250 [ 167.178997][ T9] usb_probe_interface+0xc75/0x1210 [ 167.184512][ T9] really_probe+0x506/0xf40 [ 167.189224][ T9] __driver_probe_device+0x2a7/0x5d0 [ 167.195294][ T9] driver_probe_device+0x72/0x7b0 [ 167.200493][ T9] __device_attach_driver+0x55a/0x8f0 [ 167.206162][ T9] bus_for_each_drv+0x3ff/0x620 [ 167.211198][ T9] __device_attach+0x3bd/0x640 [ 167.216384][ T9] device_initial_probe+0x32/0x40 [ 167.221609][ T9] bus_probe_device+0x3d8/0x5a0 [pid 4958] exit_group(0) = ? [pid 4958] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4958, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c515d0) = 4962 [ 167.226748][ T9] device_add+0x1b6a/0x24b0 [ 167.231447][ T9] usb_set_configuration+0x31c9/0x38c0 [ 167.237196][ T9] usb_generic_driver_probe+0x109/0x2a0 [ 167.243039][ T9] usb_probe_device+0x290/0x4a0 [ 167.248058][ T9] really_probe+0x506/0xf40 [ 167.252846][ T9] __driver_probe_device+0x2a7/0x5d0 [ 167.258325][ T9] driver_probe_device+0x72/0x7b0 [ 167.263697][ T9] __device_attach_driver+0x55a/0x8f0 [ 167.269268][ T9] bus_for_each_drv+0x3ff/0x620 [ 167.274577][ T9] __device_attach+0x3bd/0x640 ./strace-static-x86_64: Process 4962 attached [pid 4962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4962] setpgid(0, 0) = 0 [ 167.279533][ T9] device_initial_probe+0x32/0x40 [ 167.284898][ T9] bus_probe_device+0x3d8/0x5a0 [ 167.289925][ T9] device_add+0x1b6a/0x24b0 [ 167.294800][ T9] usb_new_device+0x15f6/0x22f0 [ 167.299838][ T9] hub_event+0x577b/0x78a0 [ 167.304727][ T9] process_one_work+0xb0d/0x1410 [ 167.309837][ T9] worker_thread+0x107e/0x1d60 [ 167.314959][ T9] kthread+0x3e8/0x540 [ 167.319220][ T9] ret_from_fork+0x1f/0x30 [ 167.323916][ T9] [pid 4962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4962] write(3, "1000", 4) = 4 [pid 4962] close(3) = 0 [pid 4962] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 4962] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc2ec77270) = 0 [pid 4962] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 4962] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc2ec77270) = 0 [ 167.326329][ T9] Local variable rb created at: [ 167.331275][ T9] dib3000_read_reg+0x86/0x4e0 [ 167.336424][ T9] dib3000mb_attach+0x123/0x3c0 [ 167.341442][ T9] [ 167.343981][ T9] CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.4.0-rc7-syzkaller-ge6bc8833d80f #0 [ 167.353517][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 167.363812][ T9] Workqueue: usb_hub_wq hub_event [ 167.369014][ T9] ===================================================== [ 167.376099][ T9] Disabling lock debugging due to kernel taint [ 167.382474][ T9] Kernel panic - not syncing: kmsan.panic set ... [ 167.388989][ T9] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G B 6.4.0-rc7-syzkaller-ge6bc8833d80f #0 [ 167.399876][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 167.410130][ T9] Workqueue: usb_hub_wq hub_event [ 167.415372][ T9] Call Trace: [ 167.418729][ T9] [ 167.421734][ T9] dump_stack_lvl+0x1bf/0x240 [ 167.426638][ T9] dump_stack+0x1e/0x20 [ 167.430992][ T9] panic+0x4d5/0xc70 [ 167.435075][ T9] ? add_taint+0x108/0x1a0 [ 167.439656][ T9] kmsan_report+0x2d0/0x2d0 [ 167.444350][ T9] ? __msan_warning+0x96/0x110 [ 167.449317][ T9] ? dib3000mb_attach+0x2d8/0x3c0 [ 167.454516][ T9] ? dibusb_dib3000mb_frontend_attach+0x151/0x2e0 [ 167.461225][ T9] ? dvb_usb_adapter_frontend_init+0xea/0x990 [ 167.467473][ T9] ? dvb_usb_device_init+0x259a/0x3740 [ 167.473109][ T9] ? dibusb_probe+0x46/0x250 [ 167.477859][ T9] ? usb_probe_interface+0xc75/0x1210 [ 167.483353][ T9] ? really_probe+0x506/0xf40 [ 167.488226][ T9] ? __driver_probe_device+0x2a7/0x5d0 [ 167.493844][ T9] ? driver_probe_device+0x72/0x7b0 [ 167.499232][ T9] ? __device_attach_driver+0x55a/0x8f0 [ 167.504933][ T9] ? bus_for_each_drv+0x3ff/0x620 [ 167.510070][ T9] ? __device_attach+0x3bd/0x640 [ 167.515222][ T9] ? device_initial_probe+0x32/0x40 [ 167.520599][ T9] ? bus_probe_device+0x3d8/0x5a0 [ 167.525756][ T9] ? device_add+0x1b6a/0x24b0 [ 167.530645][ T9] ? usb_set_configuration+0x31c9/0x38c0 [ 167.536754][ T9] ? usb_generic_driver_probe+0x109/0x2a0 [ 167.542706][ T9] ? usb_probe_device+0x290/0x4a0 [ 167.547880][ T9] ? really_probe+0x506/0xf40 [ 167.552706][ T9] ? __driver_probe_device+0x2a7/0x5d0 [ 167.558337][ T9] ? driver_probe_device+0x72/0x7b0 [ 167.563670][ T9] ? __device_attach_driver+0x55a/0x8f0 [ 167.569422][ T9] ? bus_for_each_drv+0x3ff/0x620 [ 167.574598][ T9] ? __device_attach+0x3bd/0x640 [ 167.579670][ T9] ? device_initial_probe+0x32/0x40 [ 167.585050][ T9] ? bus_probe_device+0x3d8/0x5a0 [ 167.590210][ T9] ? device_add+0x1b6a/0x24b0 [ 167.595103][ T9] ? usb_new_device+0x15f6/0x22f0 [ 167.600310][ T9] ? hub_event+0x577b/0x78a0 [ 167.605042][ T9] ? process_one_work+0xb0d/0x1410 [ 167.610311][ T9] ? worker_thread+0x107e/0x1d60 [ 167.615372][ T9] ? kthread+0x3e8/0x540 [ 167.619804][ T9] ? ret_from_fork+0x1f/0x30 [ 167.624569][ T9] ? rt_mutex_unlock+0x29/0x50 [ 167.629461][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.635475][ T9] ? dib3000_read_reg+0x32b/0x4e0 [ 167.640642][ T9] __msan_warning+0x96/0x110 [ 167.645457][ T9] dib3000mb_attach+0x2d8/0x3c0 [ 167.650471][ T9] ? as102_fe_ts_bus_ctrl+0x140/0x140 [ 167.656059][ T9] dibusb_dib3000mb_frontend_attach+0x151/0x2e0 [ 167.662434][ T9] ? dibusb_probe+0x250/0x250 [ 167.667204][ T9] dvb_usb_adapter_frontend_init+0xea/0x990 [ 167.673253][ T9] dvb_usb_device_init+0x259a/0x3740 [ 167.678784][ T9] dibusb_probe+0x46/0x250 [ 167.683304][ T9] ? a800_rc_query+0x430/0x430 [ 167.688193][ T9] usb_probe_interface+0xc75/0x1210 [ 167.693583][ T9] ? usb_register_driver+0x600/0x600 [ 167.698997][ T9] really_probe+0x506/0xf40 [ 167.703671][ T9] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 167.709893][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.715854][ T9] __driver_probe_device+0x2a7/0x5d0 [ 167.721315][ T9] driver_probe_device+0x72/0x7b0 [ 167.726531][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.732530][ T9] __device_attach_driver+0x55a/0x8f0 [ 167.738094][ T9] bus_for_each_drv+0x3ff/0x620 [ 167.743117][ T9] ? coredump_store+0xa0/0xa0 [ 167.747944][ T9] __device_attach+0x3bd/0x640 [ 167.752850][ T9] device_initial_probe+0x32/0x40 [ 167.758034][ T9] bus_probe_device+0x3d8/0x5a0 [ 167.763019][ T9] device_add+0x1b6a/0x24b0 [ 167.767772][ T9] usb_set_configuration+0x31c9/0x38c0 [ 167.773414][ T9] ? usb_set_configuration+0x8e1/0x38c0 [ 167.779229][ T9] usb_generic_driver_probe+0x109/0x2a0 [ 167.784975][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.790920][ T9] ? usb_choose_configuration+0xde0/0xde0 [ 167.796804][ T9] ? usb_choose_configuration+0xde0/0xde0 [ 167.802739][ T9] usb_probe_device+0x290/0x4a0 [ 167.807752][ T9] ? usb_register_device_driver+0x450/0x450 [ 167.813757][ T9] really_probe+0x506/0xf40 [ 167.818374][ T9] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 167.824584][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.830542][ T9] __driver_probe_device+0x2a7/0x5d0 [ 167.835986][ T9] driver_probe_device+0x72/0x7b0 [ 167.841190][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.847313][ T9] __device_attach_driver+0x55a/0x8f0 [ 167.852850][ T9] bus_for_each_drv+0x3ff/0x620 [ 167.857860][ T9] ? coredump_store+0xa0/0xa0 [ 167.862680][ T9] __device_attach+0x3bd/0x640 [ 167.867613][ T9] device_initial_probe+0x32/0x40 [ 167.872819][ T9] bus_probe_device+0x3d8/0x5a0 [ 167.877837][ T9] device_add+0x1b6a/0x24b0 [ 167.882481][ T9] usb_new_device+0x15f6/0x22f0 [ 167.887486][ T9] hub_event+0x577b/0x78a0 [ 167.892170][ T9] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 167.898172][ T9] ? led_work+0x740/0x740 [ 167.902603][ T9] ? led_work+0x740/0x740 [ 167.907057][ T9] process_one_work+0xb0d/0x1410 [ 167.912164][ T9] worker_thread+0x107e/0x1d60 [ 167.917070][ T9] kthread+0x3e8/0x540 [ 167.921333][ T9] ? pr_cont_work+0xce0/0xce0 [ 167.926162][ T9] ? kthread_blkcg+0x120/0x120 [ 167.931064][ T9] ret_from_fork+0x1f/0x30 [ 167.935691][ T9] [ 167.939089][ T9] Kernel Offset: disabled [ 167.943485][ T9] Rebooting in 86400 seconds..