./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor985427350
<...>
Warning: Permanently added '10.128.0.148' (ECDSA) to the list of known hosts.
execve("./syz-executor985427350", ["./syz-executor985427350"], 0x7ffe478e7160 /* 10 vars */) = 0
brk(NULL) = 0x555555b9c000
brk(0x555555b9cc40) = 0x555555b9cc40
arch_prctl(ARCH_SET_FS, 0x555555b9c300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor985427350", 4096) = 27
brk(0x555555bbdc40) = 0x555555bbdc40
brk(0x555555bbe000) = 0x555555bbe000
mprotect(0x7f7b4ae2c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b9c5d0) = 3490
./strace-static-x86_64: Process 3490 attached
[pid 3490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3490] setpgid(0, 0) = 0
[pid 3490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3490] write(3, "1000", 4) = 4
[pid 3490] close(3) = 0
[pid 3490] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3490] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed97434b0) = 18
[ 132.373031][ T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed97434b0) = 18
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed97434b0) = 9
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed97434b0) = 72
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed97434b0) = 4
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed97434b0) = 8
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed97434b0) = 8
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffed97434b0) = 8
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f7b4ae3246c) = 9
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f7b4ae3247c) = 10
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f7b4ae3248c) = 12
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f7b4ae3249c) = 11
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f7b4ae324ac) = 13
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f7b4ae324bc) = 14
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 0
[ 132.893462][ T6] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 132.903081][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 132.911465][ T6] usb 1-1: Product: syz
[ 132.916173][ T6] usb 1-1: Manufacturer: syz
[ 132.921567][ T6] usb 1-1: SerialNumber: syz
[ 132.966032][ T6] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 4096
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 1856
[pid 3490] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffed97444c0) = 0
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffed97434b0) = 0
[ 133.593297][ T121] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[pid 3490] ioctl(3, USB_RAW_IOCTL_EP_WRITE, 0x7ffed97444f0) = 4
[ 133.803161][ C0] =====================================================
[ 133.810312][ C0] BUG: KMSAN: uninit-value in ath9k_htc_rx_msg+0x544/0x980
[ 133.817601][ C0] ath9k_htc_rx_msg+0x544/0x980
[ 133.822533][ C0] ath9k_hif_usb_rx_cb+0x196a/0x1f10
[ 133.827907][ C0] __usb_hcd_giveback_urb+0x522/0x740
[ 133.833365][ C0] usb_hcd_giveback_urb+0x150/0x620
[ 133.838665][ C0] dummy_timer+0xd3f/0x4f20
[ 133.843349][ C0] call_timer_fn+0x43/0x480
[ 133.847926][ C0] expire_timers+0x272/0x610
[ 133.852765][ C0] __run_timers+0x5bc/0x8c0
[ 133.857359][ C0] run_timer_softirq+0x64/0xe0
[ 133.862228][ C0] __do_softirq+0x1cc/0x7fb
[ 133.866830][ C0] invoke_softirq+0x8f/0x100
[ 133.871516][ C0] irq_exit_rcu+0x5a/0x110
[ 133.876022][ C0] sysvec_apic_timer_interrupt+0x9a/0xc0
[ 133.881754][ C0] asm_sysvec_apic_timer_interrupt+0x20/0x30
[ 133.887844][ C0] acpi_idle_enter+0x63b/0x770
[ 133.892707][ C0] cpuidle_enter_state+0x83b/0x1620
[ 133.897991][ C0] cpuidle_enter+0x7b/0xf0
[ 133.902484][ C0] do_idle+0x5f1/0x800
[ 133.906665][ C0] cpu_startup_entry+0x1d/0x20
[ 133.911526][ C0] rest_init+0x22a/0x2b0
[ 133.915865][ C0] start_kernel+0x0/0xba9
[ 133.920286][ C0] start_kernel+0x9a5/0xba9
[ 133.924866][ C0] x86_64_start_reservations+0x2a/0x2c
[ 133.930403][ C0] x86_64_start_kernel+0xf5/0xfa
[ 133.935414][ C0] secondary_startup_64_no_verify+0xcf/0xdb
[ 133.941413][ C0]
[ 133.943763][ C0] Uninit was created at:
[ 133.948117][ C0] __kmalloc_node_track_caller+0x86c/0x1230
[ 133.954118][ C0] __alloc_skb+0x34a/0xd70
[ 133.958628][ C0] __netdev_alloc_skb+0x126/0x780
[ 133.963745][ C0] ath9k_hif_usb_rx_cb+0xe7b/0x1f10
[ 133.969032][ C0] __usb_hcd_giveback_urb+0x522/0x740
[ 133.974541][ C0] usb_hcd_giveback_urb+0x150/0x620
[ 133.979823][ C0] dummy_timer+0xd3f/0x4f20
[ 133.984415][ C0] call_timer_fn+0x43/0x480
[ 133.988991][ C0] expire_timers+0x272/0x610
[ 133.993690][ C0] __run_timers+0x5bc/0x8c0
[ 133.998288][ C0] run_timer_softirq+0x64/0xe0
[ 134.003148][ C0] __do_softirq+0x1cc/0x7fb
[ 134.007814][ C0]
[ 134.010186][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc4-syzkaller-31333-g97117d69c353 #0
[ 134.019988][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[ 134.030103][ C0] =====================================================
[ 134.037080][ C0] Disabling lock debugging due to kernel taint
[ 134.043340][ C0] Kernel panic - not syncing: kmsan.panic set ...
[ 134.049838][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.19.0-rc4-syzkaller-31333-g97117d69c353 #0
[ 134.061035][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[ 134.071171][ C0] Call Trace:
[ 134.074513][ C0]
[ 134.077405][ C0] dump_stack_lvl+0x1c8/0x256
[ 134.082197][ C0] dump_stack+0x1a/0x1c
[ 134.086541][ C0] panic+0x4d3/0xc69
[ 134.090529][ C0] ? kmsan_get_metadata+0x10/0x220
[ 134.095776][ C0] ? add_taint+0x104/0x1a0
[ 134.100297][ C0] kmsan_report+0x2cc/0x2d0
[ 134.104935][ C0] ? should_fail+0x3f/0x810
[ 134.109533][ C0] ? __msan_warning+0x92/0x110
[ 134.114374][ C0] ? ath9k_htc_rx_msg+0x544/0x980
[ 134.119481][ C0] ? ath9k_hif_usb_rx_cb+0x196a/0x1f10
[ 134.125028][ C0] ? __usb_hcd_giveback_urb+0x522/0x740
[ 134.130686][ C0] ? usb_hcd_giveback_urb+0x150/0x620
[ 134.136665][ C0] ? dummy_timer+0xd3f/0x4f20
[ 134.141432][ C0] ? call_timer_fn+0x43/0x480
[ 134.146188][ C0] ? expire_timers+0x272/0x610
[ 134.151047][ C0] ? __run_timers+0x5bc/0x8c0
[ 134.155805][ C0] ? run_timer_softirq+0x64/0xe0
[ 134.160844][ C0] ? __do_softirq+0x1cc/0x7fb
[ 134.165633][ C0] ? invoke_softirq+0x8f/0x100
[ 134.170475][ C0] ? irq_exit_rcu+0x5a/0x110
[ 134.175228][ C0] ? sysvec_apic_timer_interrupt+0x9a/0xc0
[ 134.181133][ C0] ? asm_sysvec_apic_timer_interrupt+0x20/0x30
[ 134.187416][ C0] ? acpi_idle_enter+0x63b/0x770
[ 134.192536][ C0] ? cpuidle_enter_state+0x83b/0x1620
[ 134.198002][ C0] ? cpuidle_enter+0x7b/0xf0
[ 134.202674][ C0] ? do_idle+0x5f1/0x800
[ 134.207038][ C0] ? cpu_startup_entry+0x1d/0x20
[ 134.212079][ C0] ? rest_init+0x22a/0x2b0
[ 134.216664][ C0] ? arch_call_rest_init+0xe/0xe
[ 134.221697][ C0] ? start_kernel+0x9a5/0xba9
[ 134.226449][ C0] ? x86_64_start_reservations+0x2a/0x2c
[ 134.232186][ C0] ? x86_64_start_kernel+0xf5/0xfa
[ 134.237402][ C0] ? secondary_startup_64_no_verify+0xcf/0xdb
[ 134.243576][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.248782][ C0] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 134.254706][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.259916][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.265112][ C0] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 134.271012][ C0] ? __alloc_skb+0x81d/0xd70
[ 134.275713][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.280907][ C0] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 134.286812][ C0] __msan_warning+0x92/0x110
[ 134.291481][ C0] ath9k_htc_rx_msg+0x544/0x980
[ 134.296445][ C0] ath9k_hif_usb_rx_cb+0x196a/0x1f10
[ 134.301848][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.307042][ C0] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 134.312938][ C0] ? ath9k_hif_usb_alloc_urbs+0x1700/0x1700
[ 134.318945][ C0] __usb_hcd_giveback_urb+0x522/0x740
[ 134.324449][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.329677][ C0] usb_hcd_giveback_urb+0x150/0x620
[ 134.334998][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.340224][ C0] dummy_timer+0xd3f/0x4f20
[ 134.344850][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.350095][ C0] ? dummy_free_streams+0x690/0x690
[ 134.355399][ C0] ? dummy_free_streams+0x690/0x690
[ 134.360727][ C0] call_timer_fn+0x43/0x480
[ 134.365330][ C0] ? dummy_free_streams+0x690/0x690
[ 134.370639][ C0] expire_timers+0x272/0x610
[ 134.375346][ C0] __run_timers+0x5bc/0x8c0
[ 134.379958][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.385167][ C0] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 134.391078][ C0] ? migrate_timer_list+0x5d0/0x5d0
[ 134.396483][ C0] run_timer_softirq+0x64/0xe0
[ 134.401359][ C0] __do_softirq+0x1cc/0x7fb
[ 134.405986][ C0] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 134.411918][ C0] invoke_softirq+0x8f/0x100
[ 134.416608][ C0] irq_exit_rcu+0x5a/0x110
[ 134.421108][ C0] sysvec_apic_timer_interrupt+0x9a/0xc0
[ 134.426833][ C0]
[ 134.429816][ C0]
[ 134.432784][ C0] asm_sysvec_apic_timer_interrupt+0x20/0x30
[ 134.438879][ C0] RIP: 0010:acpi_idle_enter+0x63b/0x770
[ 134.444525][ C0] Code: e0 08 74 0d f7 d3 44 89 f8 21 d8 0f 84 b8 00 00 00 4d 85 ff 0f 85 c0 00 00 00 66 90 e8 8e 39 9e fb 0f 00 2d 71 a5 16 08 fb f4 e9 af 00 00 00 e8 ca e1 1c fc e9 76 fc ff ff 8b 7d c4 e8 bd e1
[ 134.464322][ C0] RSP: 0018:ffffffff8f003bc8 EFLAGS: 000002d3
[ 134.470465][ C0] RAX: ffffffff860a0222 RBX: 0000000000000000 RCX: ffffffff8f031140
[ 134.478499][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 134.486528][ C0] RBP: ffffffff8f003c40 R08: ffffffff860a01fc R09: ffffffff860a00b2
[ 134.494571][ C0] R10: 0000000000000002 R11: ffffffff8f031140 R12: 0000000000000002
[ 134.502605][ C0] R13: ffffffff8f031c80 R14: 0000000000000000 R15: 0000000000000000
[ 134.510656][ C0] ? acpi_idle_enter+0x4c2/0x770
[ 134.515689][ C0] ? acpi_idle_enter+0x60c/0x770
[ 134.520771][ C0] ? acpi_idle_enter+0x632/0x770
[ 134.525808][ C0] ? acpi_idle_enter+0x632/0x770
[ 134.530849][ C0] ? acpi_idle_lpi_enter+0x120/0x120
[ 134.536232][ C0] cpuidle_enter_state+0x83b/0x1620
[ 134.541553][ C0] cpuidle_enter+0x7b/0xf0
[ 134.546064][ C0] do_idle+0x5f1/0x800
[ 134.550325][ C0] cpu_startup_entry+0x1d/0x20
[ 134.555192][ C0] rest_init+0x22a/0x2b0
[ 134.559524][ C0] arch_call_rest_init+0xe/0xe
[ 134.564383][ C0] start_kernel+0x9a5/0xba9
[ 134.568982][ C0] x86_64_start_reservations+0x2a/0x2c
[ 134.574524][ C0] x86_64_start_kernel+0xf5/0xfa
[ 134.579537][ C0] secondary_startup_64_no_verify+0xcf/0xdb
[ 134.585545][ C0]
[ 134.588913][ C0] Kernel Offset: disabled
[ 134.593303][ C0] Rebooting in 86400 seconds..