./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3862313107

<...>
[   95.133517][  T125] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.212' (ECDSA) to the list of known hosts.
execve("./syz-executor3862313107", ["./syz-executor3862313107"], 0x7ffcf83b8ee0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555572e6000
brk(0x5555572e6c40)                     = 0x5555572e6c40
arch_prctl(ARCH_SET_FS, 0x5555572e6300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3862313107", 4096) = 28
brk(0x555557307c40)                     = 0x555557307c40
brk(0x555557308000)                     = 0x555557308000
mprotect(0x7f4169e15000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3479 attached
, child_tidptr=0x5555572e65d0) = 3479
[pid  3479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3479] setpgid(0, 0)               = 0
[pid  3479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3479] write(3, "1000", 4)         = 4
[pid  3479] close(3)                    = 0
[pid  3479] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  3479] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffffc932ea0) = 18
[   99.882199][   T27] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffffc932ea0) = 18
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffffc932ea0) = 9
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffffc932ea0) = 72
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffffc932ea0) = 4
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffffc932ea0) = 8
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffffc932ea0) = 8
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffffc932ea0) = 8
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f4169e1b46c) = 9
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f4169e1b47c) = 10
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f4169e1b48c) = 12
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f4169e1b49c) = 11
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f4169e1b4ac) = 13
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f4169e1b4bc) = 14
[  100.422416][   T27] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  100.431592][   T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.439885][   T27] usb 1-1: Product: syz
[  100.444227][   T27] usb 1-1: Manufacturer: syz
[  100.448895][   T27] usb 1-1: SerialNumber: syz
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 0
[  100.514000][   T27] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 4096
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 4096
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 4096
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 4096
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 4096
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 4096
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 4096
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 4096
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 4096
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 4096
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 4096
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 4096
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 1856
[pid  3479] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffffc933eb0) = 0
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffffc932ea0) = 0
[  101.172400][  T125] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[pid  3479] ioctl(3, USB_RAW_IOCTL_EP_WRITE, 0x7ffffc933ee0) = 8
[  101.382275][    C0] =====================================================
[  101.389300][    C0] BUG: KMSAN: uninit-value in ath9k_htc_rx_msg+0x26b/0xbc0
[  101.396517][    C0]  ath9k_htc_rx_msg+0x26b/0xbc0
[  101.401379][    C0]  ath9k_hif_usb_rx_cb+0x1721/0x1df0
[  101.406679][    C0]  __usb_hcd_giveback_urb+0x6c6/0x930
[  101.412073][    C0]  usb_hcd_giveback_urb+0x1e2/0x7c0
[  101.417290][    C0]  dummy_timer+0x157a/0x51c0
[  101.421886][    C0]  call_timer_fn+0x81/0x540
[  101.426395][    C0]  expire_timers+0x2f5/0x6d0
[  101.430989][    C0]  __run_timers+0x682/0xa80
[  101.435496][    C0]  run_timer_softirq+0x71/0xe0
[  101.440266][    C0]  __do_softirq+0x1ee/0x7c5
[  101.444957][    C0]  invoke_softirq+0xa4/0x130
[  101.449565][    C0]  irq_exit_rcu+0x76/0x130
[  101.454016][    C0]  sysvec_apic_timer_interrupt+0xa2/0xc0
[  101.459672][    C0]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[  101.465685][    C0]  finish_task_switch+0x401/0xad0
[  101.470723][    C0]  __schedule+0x176b/0x21c0
[  101.475238][    C0]  schedule_idle+0x5b/0x90
[  101.479665][    C0]  do_idle+0x816/0x840
[  101.483745][    C0]  cpu_startup_entry+0x3c/0x40
[  101.488519][    C0]  rest_init+0x278/0x2e0
[  101.492760][    C0]  arch_call_rest_init+0x13/0x15
[  101.497719][    C0]  start_kernel+0xa9c/0xc4f
[  101.502231][    C0]  x86_64_start_reservations+0x2a/0x2c
[  101.507707][    C0]  x86_64_start_kernel+0xf5/0xfa
[  101.512654][    C0]  secondary_startup_64_no_verify+0xc4/0xcb
[  101.518566][    C0] 
[  101.520879][    C0] Uninit was created at:
[  101.525160][    C0]  __kmalloc_node_track_caller+0xde3/0x14f0
[  101.531071][    C0]  __alloc_skb+0x545/0xf90
[  101.535496][    C0]  __netdev_alloc_skb+0x4b9/0x8c0
[  101.540531][    C0]  ath9k_hif_usb_rx_cb+0xead/0x1df0
[  101.545742][    C0]  __usb_hcd_giveback_urb+0x6c6/0x930
[  101.551122][    C0]  usb_hcd_giveback_urb+0x1e2/0x7c0
[  101.556353][    C0]  dummy_timer+0x157a/0x51c0
[  101.560949][    C0]  call_timer_fn+0x81/0x540
[  101.565456][    C0]  expire_timers+0x2f5/0x6d0
[  101.570049][    C0]  __run_timers+0x682/0xa80
[  101.574641][    C0]  run_timer_softirq+0x71/0xe0
[  101.579419][    C0]  __do_softirq+0x1ee/0x7c5
[  101.583936][    C0] 
[  101.586251][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.18.0-rc4-syzkaller #0
[  101.594236][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  101.604289][    C0] =====================================================
[  101.611204][    C0] Disabling lock debugging due to kernel taint
[  101.617342][    C0] Kernel panic - not syncing: kmsan.panic set ...
[  101.623747][    C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B             5.18.0-rc4-syzkaller #0
[  101.633122][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  101.643262][    C0] Call Trace:
[  101.646537][    C0]  <IRQ>
[  101.649374][    C0]  dump_stack_lvl+0x1ff/0x28e
[  101.654075][    C0]  dump_stack+0x25/0x28
[  101.658239][    C0]  panic+0x4fe/0xc73
[  101.662171][    C0]  ? add_taint+0x181/0x210
[  101.666601][    C0]  ? console_unlock+0x1c00/0x2130
[  101.671641][    C0]  ? _raw_spin_unlock_irqrestore+0x78/0xb0
[  101.677464][    C0]  kmsan_report+0x2e6/0x2f0
[  101.682003][    C0]  ? __msan_warning+0x94/0x110
[  101.686807][    C0]  ? ath9k_htc_rx_msg+0x26b/0xbc0
[  101.691844][    C0]  ? ath9k_hif_usb_rx_cb+0x1721/0x1df0
[  101.697320][    C0]  ? __usb_hcd_giveback_urb+0x6c6/0x930
[  101.702878][    C0]  ? usb_hcd_giveback_urb+0x1e2/0x7c0
[  101.708260][    C0]  ? dummy_timer+0x157a/0x51c0
[  101.713031][    C0]  ? call_timer_fn+0x81/0x540
[  101.717949][    C0]  ? expire_timers+0x2f5/0x6d0
[  101.722738][    C0]  ? __run_timers+0x682/0xa80
[  101.727521][    C0]  ? run_timer_softirq+0x71/0xe0
[  101.732479][    C0]  ? __do_softirq+0x1ee/0x7c5
[  101.737183][    C0]  ? invoke_softirq+0xa4/0x130
[  101.741977][    C0]  ? irq_exit_rcu+0x76/0x130
[  101.746606][    C0]  ? sysvec_apic_timer_interrupt+0xa2/0xc0
[  101.752439][    C0]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[  101.758628][    C0]  ? finish_task_switch+0x401/0xad0
[  101.763849][    C0]  ? __schedule+0x176b/0x21c0
[  101.768817][    C0]  ? schedule_idle+0x5b/0x90
[  101.773512][    C0]  ? do_idle+0x816/0x840
[  101.777768][    C0]  ? cpu_startup_entry+0x3c/0x40
[  101.782726][    C0]  ? rest_init+0x278/0x2e0
[  101.787147][    C0]  ? arch_call_rest_init+0x13/0x15
[  101.792276][    C0]  ? start_kernel+0xa9c/0xc4f
[  101.796969][    C0]  ? x86_64_start_reservations+0x2a/0x2c
[  101.802620][    C0]  ? x86_64_start_kernel+0xf5/0xfa
[  101.807751][    C0]  ? secondary_startup_64_no_verify+0xc4/0xcb
[  101.813843][    C0]  ? kmsan_get_metadata+0x33/0x220
[  101.818964][    C0]  ? kmsan_get_metadata+0x33/0x220
[  101.824085][    C0]  ? kmsan_get_shadow_origin_ptr+0x9b/0xf0
[  101.829905][    C0]  ? __alloc_skb+0xae7/0xf90
[  101.834511][    C0]  ? kmsan_get_metadata+0x33/0x220
[  101.839632][    C0]  ? kmsan_get_shadow_origin_ptr+0x9b/0xf0
[  101.845448][    C0]  __msan_warning+0x94/0x110
[  101.850059][    C0]  ath9k_htc_rx_msg+0x26b/0xbc0
[  101.854933][    C0]  ath9k_hif_usb_rx_cb+0x1721/0x1df0
[  101.860256][    C0]  ? kmsan_get_metadata+0x33/0x220
[  101.865375][    C0]  ? kmsan_get_shadow_origin_ptr+0x9b/0xf0
[  101.871194][    C0]  ? ath9k_hif_usb_alloc_urbs+0x1e50/0x1e50
[  101.877109][    C0]  __usb_hcd_giveback_urb+0x6c6/0x930
[  101.882505][    C0]  usb_hcd_giveback_urb+0x1e2/0x7c0
[  101.887733][    C0]  dummy_timer+0x157a/0x51c0
[  101.892385][    C0]  ? dummy_free_streams+0x940/0x940
[  101.897594][    C0]  call_timer_fn+0x81/0x540
[  101.902117][    C0]  expire_timers+0x2f5/0x6d0
[  101.906731][    C0]  ? dummy_free_streams+0x940/0x940
[  101.911946][    C0]  __run_timers+0x682/0xa80
[  101.916466][    C0]  ? kmsan_get_metadata+0x33/0x220
[  101.921584][    C0]  ? kmsan_get_shadow_origin_ptr+0x9b/0xf0
[  101.927404][    C0]  run_timer_softirq+0x71/0xe0
[  101.932179][    C0]  ? migrate_timer_list+0x4f0/0x4f0
[  101.937387][    C0]  __do_softirq+0x1ee/0x7c5
[  101.941913][    C0]  invoke_softirq+0xa4/0x130
[  101.946536][    C0]  irq_exit_rcu+0x76/0x130
[  101.950972][    C0]  sysvec_apic_timer_interrupt+0xa2/0xc0
[  101.956641][    C0]  </IRQ>
[  101.959564][    C0]  <TASK>
[  101.962489][    C0]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[  101.968486][    C0] RIP: 0010:finish_task_switch+0x401/0xad0
[  101.974306][    C0] Code: f6 0f 85 2d fe ff ff 0f 1f 44 00 00 48 8b 7d a8 48 8b 45 b0 48 89 03 8b 45 d4 89 83 88 0c 00 00 e8 d4 06 9d 0e fb 48 8b 45 98 <4c> 8d a0 08 1b 00 00 41 bd ff ff ff bf 8b 98 08 1b 00 00 44 21 eb
[  101.993931][    C0] RSP: 0018:ffffffff91403be0 EFLAGS: 00000282
[  102.000002][    C0] RAX: ffffffff914310c0 RBX: ffffffff91431c00 RCX: 0000000000000001
[  102.007980][    C0] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 000000000001ad08
[  102.015952][    C0] RBP: ffffffff91403c70 R08: 0000000000000000 R09: 0000000000000001
[  102.023931][    C0] R10: ffff888114613800 R11: ffff88810c2b20c0 R12: 0000000000000000
[  102.031908][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88813fc2ce80
[  102.039900][    C0]  __schedule+0x176b/0x21c0
[  102.044435][    C0]  schedule_idle+0x5b/0x90
[  102.048881][    C0]  do_idle+0x816/0x840
[  102.052971][    C0]  cpu_startup_entry+0x3c/0x40
[  102.057750][    C0]  rest_init+0x278/0x2e0
[  102.062010][    C0]  arch_call_rest_init+0x13/0x15
[  102.066981][    C0]  start_kernel+0xa9c/0xc4f
[  102.071505][    C0]  x86_64_start_reservations+0x2a/0x2c
[  102.076978][    C0]  x86_64_start_kernel+0xf5/0xfa
[  102.081933][    C0]  secondary_startup_64_no_verify+0xc4/0xcb
[  102.087865][    C0]  </TASK>
[  102.090965][    C0] Kernel Offset: disabled
[  102.095287][    C0] Rebooting in 86400 seconds..