./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor414018109
<...>
Warning: Permanently added '10.128.1.55' (ECDSA) to the list of known hosts.
execve("./syz-executor414018109", ["./syz-executor414018109"], 0x7fffea2dccb0 /* 10 vars */) = 0
brk(NULL) = 0x5555568f7000
brk(0x5555568f7c40) = 0x5555568f7c40
arch_prctl(ARCH_SET_FS, 0x5555568f7300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor414018109", 4096) = 27
brk(0x555556918c40) = 0x555556918c40
brk(0x555556919000) = 0x555556919000
mprotect(0x7f466246b000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568f75d0) = 3493
./strace-static-x86_64: Process 3493 attached
[pid 3493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3493] setpgid(0, 0) = 0
[pid 3493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3493] write(3, "1000", 4) = 4
[pid 3493] close(3) = 0
[pid 3493] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3493] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff0aba91e0) = 18
[ 132.292131][ T1529] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff0aba91e0) = 18
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff0aba91e0) = 9
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff0aba91e0) = 72
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff0aba91e0) = 4
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff0aba91e0) = 8
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff0aba91e0) = 8
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff0aba91e0) = 8
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f466247146c) = 9
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f466247147c) = 10
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f466247148c) = 12
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f466247149c) = 11
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f46624714ac) = 13
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f46624714bc) = 14
[ 132.832655][ T1529] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 132.842176][ T1529] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 132.850468][ T1529] usb 1-1: Product: syz
[ 132.855006][ T1529] usb 1-1: Manufacturer: syz
[ 132.859814][ T1529] usb 1-1: SerialNumber: syz
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 0
[ 132.905094][ T1529] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 4096
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 1856
[pid 3493] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0abaa1f0) = 0
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0aba91e0) = 0
[ 133.532888][ T6] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[pid 3493] ioctl(3, USB_RAW_IOCTL_EP_WRITE, 0x7fff0abaa220) = 36
[ 133.743232][ C0] =====================================================
[ 133.750382][ C0] BUG: KMSAN: uninit-value in ath9k_htc_rx_msg+0x544/0x980
[ 133.757674][ C0] ath9k_htc_rx_msg+0x544/0x980
[ 133.762611][ C0] ath9k_hif_usb_rx_cb+0x196a/0x1f10
[ 133.767984][ C0] __usb_hcd_giveback_urb+0x522/0x740
[ 133.773452][ C0] usb_hcd_giveback_urb+0x150/0x620
[ 133.778753][ C0] dummy_timer+0xd3f/0x4f20
[ 133.783343][ C0] call_timer_fn+0x43/0x480
[ 133.787940][ C0] expire_timers+0x272/0x610
[ 133.792605][ C0] __run_timers+0x5bc/0x8c0
[ 133.797199][ C0] run_timer_softirq+0x64/0xe0
[ 133.802043][ C0] __do_softirq+0x1cc/0x7fb
[ 133.806649][ C0] invoke_softirq+0x8f/0x100
[ 133.811316][ C0] irq_exit_rcu+0x5a/0x110
[ 133.815817][ C0] sysvec_apic_timer_interrupt+0x9a/0xc0
[ 133.821549][ C0] asm_sysvec_apic_timer_interrupt+0x20/0x30
[ 133.827642][ C0] acpi_idle_enter+0x63b/0x770
[ 133.832528][ C0] cpuidle_enter_state+0x83b/0x1620
[ 133.837859][ C0] cpuidle_enter+0x7b/0xf0
[ 133.842373][ C0] do_idle+0x5f1/0x800
[ 133.846550][ C0] cpu_startup_entry+0x1d/0x20
[ 133.851416][ C0] rest_init+0x22a/0x2b0
[ 133.855755][ C0] start_kernel+0x0/0xba9
[ 133.860189][ C0] start_kernel+0x9a5/0xba9
[ 133.864777][ C0] x86_64_start_reservations+0x2a/0x2c
[ 133.870316][ C0] x86_64_start_kernel+0xf5/0xfa
[ 133.875338][ C0] secondary_startup_64_no_verify+0xcf/0xdb
[ 133.881324][ C0]
[ 133.883676][ C0] Uninit was created at:
[ 133.888033][ C0] __kmalloc_node_track_caller+0x86c/0x1230
[ 133.894027][ C0] __alloc_skb+0x34a/0xd70
[ 133.898538][ C0] __netdev_alloc_skb+0x126/0x780
[ 133.903655][ C0] ath9k_hif_usb_rx_cb+0xe7b/0x1f10
[ 133.908943][ C0] __usb_hcd_giveback_urb+0x522/0x740
[ 133.914415][ C0] usb_hcd_giveback_urb+0x150/0x620
[ 133.919710][ C0] dummy_timer+0xd3f/0x4f20
[ 133.924312][ C0] call_timer_fn+0x43/0x480
[ 133.929153][ C0] expire_timers+0x272/0x610
[ 133.933831][ C0] __run_timers+0x5bc/0x8c0
[ 133.938408][ C0] run_timer_softirq+0x64/0xe0
[ 133.943265][ C0] __do_softirq+0x1cc/0x7fb
[ 133.947867][ C0]
[ 133.950234][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc4-syzkaller-31333-g97117d69c353 #0
[ 133.960039][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 133.970178][ C0] =====================================================
[ 133.977146][ C0] Disabling lock debugging due to kernel taint
[ 133.983351][ C0] Kernel panic - not syncing: kmsan.panic set ...
[ 133.989818][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.19.0-rc4-syzkaller-31333-g97117d69c353 #0
[ 134.001006][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 134.011126][ C0] Call Trace:
[ 134.014452][ C0]
[ 134.017345][ C0] dump_stack_lvl+0x1c8/0x256
[ 134.022144][ C0] dump_stack+0x1a/0x1c
[ 134.026396][ C0] panic+0x4d3/0xc69
[ 134.030382][ C0] ? kmsan_get_metadata+0x10/0x220
[ 134.035592][ C0] ? add_taint+0x104/0x1a0
[ 134.040103][ C0] kmsan_report+0x2cc/0x2d0
[ 134.044695][ C0] ? should_fail+0x3f/0x810
[ 134.049300][ C0] ? __msan_warning+0x92/0x110
[ 134.054155][ C0] ? ath9k_htc_rx_msg+0x544/0x980
[ 134.059267][ C0] ? ath9k_hif_usb_rx_cb+0x196a/0x1f10
[ 134.064818][ C0] ? __usb_hcd_giveback_urb+0x522/0x740
[ 134.070459][ C0] ? usb_hcd_giveback_urb+0x150/0x620
[ 134.075921][ C0] ? dummy_timer+0xd3f/0x4f20
[ 134.080686][ C0] ? call_timer_fn+0x43/0x480
[ 134.085443][ C0] ? expire_timers+0x272/0x610
[ 134.090292][ C0] ? __run_timers+0x5bc/0x8c0
[ 134.095047][ C0] ? run_timer_softirq+0x64/0xe0
[ 134.100065][ C0] ? __do_softirq+0x1cc/0x7fb
[ 134.104858][ C0] ? invoke_softirq+0x8f/0x100
[ 134.109701][ C0] ? irq_exit_rcu+0x5a/0x110
[ 134.114365][ C0] ? sysvec_apic_timer_interrupt+0x9a/0xc0
[ 134.120267][ C0] ? asm_sysvec_apic_timer_interrupt+0x20/0x30
[ 134.126526][ C0] ? acpi_idle_enter+0x63b/0x770
[ 134.131575][ C0] ? cpuidle_enter_state+0x83b/0x1620
[ 134.137043][ C0] ? cpuidle_enter+0x7b/0xf0
[ 134.141713][ C0] ? do_idle+0x5f1/0x800
[ 134.146051][ C0] ? cpu_startup_entry+0x1d/0x20
[ 134.151092][ C0] ? rest_init+0x22a/0x2b0
[ 134.155624][ C0] ? arch_call_rest_init+0xe/0xe
[ 134.160688][ C0] ? start_kernel+0x9a5/0xba9
[ 134.165460][ C0] ? x86_64_start_reservations+0x2a/0x2c
[ 134.171539][ C0] ? x86_64_start_kernel+0xf5/0xfa
[ 134.176737][ C0] ? secondary_startup_64_no_verify+0xcf/0xdb
[ 134.182903][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.188103][ C0] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 134.194021][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.199215][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.204408][ C0] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 134.210313][ C0] ? __alloc_skb+0x81d/0xd70
[ 134.215015][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.220228][ C0] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 134.226131][ C0] __msan_warning+0x92/0x110
[ 134.230801][ C0] ath9k_htc_rx_msg+0x544/0x980
[ 134.235763][ C0] ath9k_hif_usb_rx_cb+0x196a/0x1f10
[ 134.241172][ C0] ? ath9k_hif_usb_alloc_urbs+0x1700/0x1700
[ 134.247162][ C0] __usb_hcd_giveback_urb+0x522/0x740
[ 134.252645][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.257855][ C0] usb_hcd_giveback_urb+0x150/0x620
[ 134.263151][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.268354][ C0] dummy_timer+0xd3f/0x4f20
[ 134.272990][ C0] ? kmsan_internal_set_shadow_origin+0x62/0xe0
[ 134.279363][ C0] ? dummy_free_streams+0x690/0x690
[ 134.284667][ C0] ? dummy_free_streams+0x690/0x690
[ 134.289964][ C0] call_timer_fn+0x43/0x480
[ 134.294559][ C0] ? dummy_free_streams+0x690/0x690
[ 134.299871][ C0] expire_timers+0x272/0x610
[ 134.304556][ C0] __run_timers+0x5bc/0x8c0
[ 134.309164][ C0] ? kmsan_get_metadata+0x33/0x220
[ 134.314363][ C0] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 134.320268][ C0] ? migrate_timer_list+0x5d0/0x5d0
[ 134.325555][ C0] run_timer_softirq+0x64/0xe0
[ 134.330418][ C0] __do_softirq+0x1cc/0x7fb
[ 134.335037][ C0] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 134.340966][ C0] invoke_softirq+0x8f/0x100
[ 134.345643][ C0] irq_exit_rcu+0x5a/0x110
[ 134.350147][ C0] sysvec_apic_timer_interrupt+0x9a/0xc0
[ 134.355890][ C0]
[ 134.358868][ C0]
[ 134.361838][ C0] asm_sysvec_apic_timer_interrupt+0x20/0x30
[ 134.367940][ C0] RIP: 0010:acpi_idle_enter+0x63b/0x770
[ 134.373604][ C0] Code: e0 08 74 0d f7 d3 44 89 f8 21 d8 0f 84 b8 00 00 00 4d 85 ff 0f 85 c0 00 00 00 66 90 e8 8e 39 9e fb 0f 00 2d 71 a5 16 08 fb f4 e9 af 00 00 00 e8 ca e1 1c fc e9 76 fc ff ff 8b 7d c4 e8 bd e1
[ 134.393313][ C0] RSP: 0018:ffffffff8f003bc8 EFLAGS: 000002d3
[ 134.399452][ C0] RAX: ffffffff860a0222 RBX: 0000000000000000 RCX: ffffffff8f031140
[ 134.407503][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 134.415534][ C0] RBP: ffffffff8f003c40 R08: ffffffff860a01fc R09: ffffffff860a00b2
[ 134.423582][ C0] R10: 0000000000000002 R11: ffffffff8f031140 R12: 0000000000000002
[ 134.431623][ C0] R13: ffffffff8f031c80 R14: 0000000000000000 R15: 0000000000000000
[ 134.439669][ C0] ? acpi_idle_enter+0x4c2/0x770
[ 134.444710][ C0] ? acpi_idle_enter+0x60c/0x770
[ 134.449754][ C0] ? acpi_idle_enter+0x632/0x770
[ 134.454802][ C0] ? acpi_idle_enter+0x632/0x770
[ 134.459846][ C0] ? acpi_idle_lpi_enter+0x120/0x120
[ 134.465243][ C0] cpuidle_enter_state+0x83b/0x1620
[ 134.470562][ C0] cpuidle_enter+0x7b/0xf0
[ 134.475083][ C0] do_idle+0x5f1/0x800
[ 134.479267][ C0] cpu_startup_entry+0x1d/0x20
[ 134.484143][ C0] rest_init+0x22a/0x2b0
[ 134.488475][ C0] arch_call_rest_init+0xe/0xe
[ 134.493323][ C0] start_kernel+0x9a5/0xba9
[ 134.497915][ C0] x86_64_start_reservations+0x2a/0x2c
[ 134.503461][ C0] x86_64_start_kernel+0xf5/0xfa
[ 134.508479][ C0] secondary_startup_64_no_verify+0xcf/0xdb
[ 134.514483][ C0]
[ 134.517801][ C0] Kernel Offset: disabled
[ 134.522183][ C0] Rebooting in 86400 seconds..