./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3027389477

<...>
syzkaller login: [   95.134221][  T119] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.78' (ECDSA) to the list of known hosts.
execve("./syz-executor3027389477", ["./syz-executor3027389477"], 0x7fffc7d8ece0 /* 10 vars */) = 0
brk(NULL)                               = 0x555556b2f000
brk(0x555556b2fc40)                     = 0x555556b2fc40
arch_prctl(ARCH_SET_FS, 0x555556b2f300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3027389477", 4096) = 28
brk(0x555556b50c40)                     = 0x555556b50c40
brk(0x555556b51000)                     = 0x555556b51000
mprotect(0x7ff68f7f1000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3475 attached
, child_tidptr=0x555556b2f5d0) = 3475
[pid  3475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3475] setpgid(0, 0)               = 0
[pid  3475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3475] write(3, "1000", 4)         = 4
[pid  3475] close(3)                    = 0
[pid  3475] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  3475] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff13fb57d0) = 18
[  100.262869][   T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff13fb57d0) = 18
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff13fb57d0) = 9
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff13fb57d0) = 72
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff13fb57d0) = 4
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff13fb57d0) = 8
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff13fb57d0) = 8
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff13fb57d0) = 8
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7ff68f7f746c) = 9
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7ff68f7f747c) = 10
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7ff68f7f748c) = 12
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7ff68f7f749c) = 11
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7ff68f7f74ac) = 13
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7ff68f7f74bc) = 14
[  100.783123][   T25] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  100.792459][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.800734][   T25] usb 1-1: Product: syz
[  100.805102][   T25] usb 1-1: Manufacturer: syz
[  100.809829][   T25] usb 1-1: SerialNumber: syz
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 0
[  100.874774][   T25] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 4096
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 4096
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 4096
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 4096
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 4096
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 4096
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 4096
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 4096
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 4096
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 4096
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 4096
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 4096
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 1856
[pid  3475] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff13fb67e0) = 0
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff13fb57d0) = 0
[  101.493044][  T122] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[pid  3475] ioctl(3, USB_RAW_IOCTL_EP_WRITE, 0x7fff13fb6810) = 24
[  101.703167][    C1] =====================================================
[  101.710200][    C1] BUG: KMSAN: uninit-value in ath9k_htc_rx_msg+0x26b/0xbc0
[  101.717419][    C1]  ath9k_htc_rx_msg+0x26b/0xbc0
[  101.722287][    C1]  ath9k_hif_usb_rx_cb+0x1721/0x1df0
[  101.727585][    C1]  __usb_hcd_giveback_urb+0x6c6/0x930
[  101.732973][    C1]  usb_hcd_giveback_urb+0x1e2/0x7c0
[  101.738179][    C1]  dummy_timer+0x157a/0x51c0
[  101.742784][    C1]  call_timer_fn+0x81/0x540
[  101.747316][    C1]  expire_timers+0x2f5/0x6d0
[  101.751911][    C1]  __run_timers+0x682/0xa80
[  101.756517][    C1]  run_timer_softirq+0x71/0xe0
[  101.761285][    C1]  __do_softirq+0x1ee/0x7c5
[  101.765800][    C1]  invoke_softirq+0xa4/0x130
[  101.770497][    C1]  irq_exit_rcu+0x76/0x130
[  101.774930][    C1]  sysvec_apic_timer_interrupt+0x9a/0xc0
[  101.780586][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[  101.786581][    C1]  acpi_idle_enter+0x747/0x820
[  101.791358][    C1]  cpuidle_enter_state+0x9a8/0x1840
[  101.796572][    C1]  cpuidle_enter+0xf4/0x180
[  101.801092][    C1]  do_idle+0x68d/0x840
[  101.805256][    C1]  cpu_startup_entry+0x3c/0x40
[  101.810032][    C1]  start_secondary+0x112/0x120
[  101.814812][    C1]  secondary_startup_64_no_verify+0xc4/0xcb
[  101.820726][    C1] 
[  101.823040][    C1] Uninit was created at:
[  101.827324][    C1]  __kmalloc_node_track_caller+0xde3/0x14f0
[  101.833230][    C1]  __alloc_skb+0x545/0xf90
[  101.837657][    C1]  __netdev_alloc_skb+0x4b9/0x8c0
[  101.842697][    C1]  ath9k_hif_usb_rx_cb+0xead/0x1df0
[  101.847913][    C1]  __usb_hcd_giveback_urb+0x6c6/0x930
[  101.853296][    C1]  usb_hcd_giveback_urb+0x1e2/0x7c0
[  101.858525][    C1]  dummy_timer+0x157a/0x51c0
[  101.863125][    C1]  call_timer_fn+0x81/0x540
[  101.867651][    C1]  expire_timers+0x2f5/0x6d0
[  101.872246][    C1]  __run_timers+0x682/0xa80
[  101.876754][    C1]  run_timer_softirq+0x71/0xe0
[  101.881522][    C1]  __do_softirq+0x1ee/0x7c5
[  101.886039][    C1] 
[  101.888353][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.18.0-rc4-syzkaller #0
[  101.896334][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  101.906389][    C1] =====================================================
[  101.913312][    C1] Disabling lock debugging due to kernel taint
[  101.919452][    C1] Kernel panic - not syncing: kmsan.panic set ...
[  101.925855][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.18.0-rc4-syzkaller #0
[  101.935263][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  101.945403][    C1] Call Trace:
[  101.948676][    C1]  <IRQ>
[  101.951689][    C1]  dump_stack_lvl+0x1ff/0x28e
[  101.956393][    C1]  dump_stack+0x25/0x28
[  101.960563][    C1]  panic+0x4fe/0xc73
[  101.964582][    C1]  ? add_taint+0x181/0x210
[  101.969009][    C1]  ? console_unlock+0x1c00/0x2130
[  101.974059][    C1]  kmsan_report+0x2cd/0x2d0
[  101.978580][    C1]  ? kmsan_get_shadow_origin_ptr+0x9b/0xf0
[  101.984428][    C1]  ? __msan_warning+0x94/0x110
[  101.989213][    C1]  ? ath9k_htc_rx_msg+0x26b/0xbc0
[  101.994257][    C1]  ? ath9k_hif_usb_rx_cb+0x1721/0x1df0
[  101.999741][    C1]  ? __usb_hcd_giveback_urb+0x6c6/0x930
[  102.005384][    C1]  ? usb_hcd_giveback_urb+0x1e2/0x7c0
[  102.010765][    C1]  ? dummy_timer+0x157a/0x51c0
[  102.015541][    C1]  ? call_timer_fn+0x81/0x540
[  102.020231][    C1]  ? expire_timers+0x2f5/0x6d0
[  102.025028][    C1]  ? __run_timers+0x682/0xa80
[  102.029723][    C1]  ? run_timer_softirq+0x71/0xe0
[  102.034675][    C1]  ? __do_softirq+0x1ee/0x7c5
[  102.039364][    C1]  ? invoke_softirq+0xa4/0x130
[  102.044149][    C1]  ? irq_exit_rcu+0x76/0x130
[  102.048759][    C1]  ? sysvec_apic_timer_interrupt+0x9a/0xc0
[  102.054592][    C1]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[  102.060764][    C1]  ? acpi_idle_enter+0x747/0x820
[  102.065802][    C1]  ? cpuidle_enter_state+0x9a8/0x1840
[  102.071194][    C1]  ? cpuidle_enter+0xf4/0x180
[  102.075887][    C1]  ? do_idle+0x68d/0x840
[  102.080143][    C1]  ? cpu_startup_entry+0x3c/0x40
[  102.085095][    C1]  ? start_secondary+0x112/0x120
[  102.090051][    C1]  ? secondary_startup_64_no_verify+0xc4/0xcb
[  102.096147][    C1]  ? kmsan_get_shadow_origin_ptr+0x9b/0xf0
[  102.101974][    C1]  ? kmsan_get_metadata+0x33/0x220
[  102.107092][    C1]  ? kmsan_get_metadata+0x33/0x220
[  102.112211][    C1]  ? kmsan_get_shadow_origin_ptr+0x9b/0xf0
[  102.118034][    C1]  ? __alloc_skb+0xae7/0xf90
[  102.122646][    C1]  ? kmsan_get_metadata+0x33/0x220
[  102.127784][    C1]  ? kmsan_get_shadow_origin_ptr+0x9b/0xf0
[  102.133603][    C1]  __msan_warning+0x94/0x110
[  102.138218][    C1]  ath9k_htc_rx_msg+0x26b/0xbc0
[  102.143096][    C1]  ath9k_hif_usb_rx_cb+0x1721/0x1df0
[  102.148420][    C1]  ? kmsan_get_shadow_origin_ptr+0x9b/0xf0
[  102.154241][    C1]  ? ath9k_hif_usb_alloc_urbs+0x1e50/0x1e50
[  102.160160][    C1]  __usb_hcd_giveback_urb+0x6c6/0x930
[  102.165564][    C1]  usb_hcd_giveback_urb+0x1e2/0x7c0
[  102.170805][    C1]  dummy_timer+0x157a/0x51c0
[  102.175827][    C1]  ? dummy_free_streams+0x940/0x940
[  102.181046][    C1]  call_timer_fn+0x81/0x540
[  102.185572][    C1]  expire_timers+0x2f5/0x6d0
[  102.190187][    C1]  ? dummy_free_streams+0x940/0x940
[  102.195410][    C1]  __run_timers+0x682/0xa80
[  102.199935][    C1]  ? kmsan_get_metadata+0x33/0x220
[  102.205205][    C1]  ? kmsan_get_shadow_origin_ptr+0x9b/0xf0
[  102.211051][    C1]  run_timer_softirq+0x71/0xe0
[  102.215840][    C1]  ? migrate_timer_list+0x4f0/0x4f0
[  102.221067][    C1]  __do_softirq+0x1ee/0x7c5
[  102.225606][    C1]  invoke_softirq+0xa4/0x130
[  102.230241][    C1]  irq_exit_rcu+0x76/0x130
[  102.234708][    C1]  sysvec_apic_timer_interrupt+0x9a/0xc0
[  102.240377][    C1]  </IRQ>
[  102.243308][    C1]  <TASK>
[  102.246242][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[  102.252262][    C1] RIP: 0010:acpi_idle_enter+0x747/0x820
[  102.257920][    C1] Code: 83 e0 08 74 0c f7 d3 44 89 e0 21 d8 48 85 c0 74 66 4d 85 e4 75 6e 4c 8b 65 c0 eb 0c e8 02 e0 d3 fa 0f 00 2d 75 60 8a 09 fb f4 <fa> eb 60 44 89 f7 44 89 65 8c e8 2a 26 68 fb 44 8b 65 8c e9 a1 fa
[  102.277801][    C1] RSP: 0018:ffff88810264fc28 EFLAGS: 00000246
[  102.283880][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  102.291854][    C1] RDX: ffff888102638000 RSI: 0000000000000000 RDI: 0000000000000000
[  102.299825][    C1] RBP: ffff88810264fcc0 R08: ffffffff86f5ebe9 R09: ffffffff86f5ea8b
[  102.307896][    C1] R10: 0000000000000002 R11: ffff888102638000 R12: 0000000000000000
[  102.316061][    C1] R13: ffff888102638b40 R14: 0000000000000000 R15: ffff888142231c64
[  102.324062][    C1]  ? acpi_idle_enter+0x5bb/0x820
[  102.329028][    C1]  ? acpi_idle_enter+0x719/0x820
[  102.333992][    C1]  ? acpi_idle_enter+0x719/0x820
[  102.338954][    C1]  ? acpi_idle_lpi_enter+0x170/0x170
[  102.344261][    C1]  cpuidle_enter_state+0x9a8/0x1840
[  102.349503][    C1]  cpuidle_enter+0xf4/0x180
[  102.354028][    C1]  do_idle+0x68d/0x840
[  102.358132][    C1]  cpu_startup_entry+0x3c/0x40
[  102.362912][    C1]  ? setup_APIC_timer+0x390/0x390
[  102.367958][    C1]  start_secondary+0x112/0x120
[  102.372743][    C1]  secondary_startup_64_no_verify+0xc4/0xcb
[  102.378685][    C1]  </TASK>
[  102.381792][    C1] Kernel Offset: disabled
[  102.386141][    C1] Rebooting in 86400 seconds..