./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3453990669

<...>
Warning: Permanently added '10.128.0.195' (ED25519) to the list of known hosts.
execve("./syz-executor3453990669", ["./syz-executor3453990669"], 0x7ffc62134c50 /* 10 vars */) = 0
brk(NULL)                               = 0x55556bc78000
brk(0x55556bc78d40)                     = 0x55556bc78d40
arch_prctl(ARCH_SET_FS, 0x55556bc783c0) = 0
set_tid_address(0x55556bc78690)         = 5044
set_robust_list(0x55556bc786a0, 24)     = 0
rseq(0x55556bc78ce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3453990669", 4096) = 28
getrandom("\xa1\x2e\x46\xf7\x0d\xb8\x37\x6c", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55556bc78d40
brk(0x55556bc99d40)                     = 0x55556bc99d40
brk(0x55556bc9a000)                     = 0x55556bc9a000
mprotect(0x7f9db948e000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556bc78690) = 5045
./strace-static-x86_64: Process 5045 attached
[pid  5045] set_robust_list(0x55556bc786a0, 24) = 0
[pid  5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5045] setpgid(0, 0)               = 0
[pid  5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5045] write(3, "1000", 4)         = 4
[pid  5045] close(3)                    = 0
executing program
[pid  5045] write(1, "executing program\n", 18) = 18
[pid  5045] futex(0x7f9db949436c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5045] rt_sigaction(SIGRT_1, {sa_handler=0x7f9db94313b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9db9422a30}, NULL, 8) = 0
[pid  5045] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9db93a5000
[pid  5045] mprotect(0x7f9db93a6000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9db93c5990, parent_tid=0x7f9db93c5990, exit_signal=0, stack=0x7f9db93a5000, stack_size=0x20300, tls=0x7f9db93c56c0}./strace-static-x86_64: Process 5046 attached
 => {parent_tid=[5046]}, 88) = 5046
[pid  5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5045] futex(0x7f9db9494368, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5045] futex(0x7f9db949436c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5046] rseq(0x7f9db93c5fe0, 0x20, 0, 0x53053053) = 0
[pid  5046] set_robust_list(0x7f9db93c59a0, 24) = 0
[pid  5046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5046] openat(AT_FDCWD, "/dev/virtual_nci", O_RDWR) = 3
[pid  5046] futex(0x7f9db949436c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5045] <... futex resumed>)        = 0
[pid  5046] futex(0x7f9db9494368, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5045] futex(0x7f9db9494368, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5046] <... futex resumed>)        = 0
[pid  5046] ioctl(3, _IOC(_IOC_NONE, 0, 0, 0), 0x200000c0) = 0
[pid  5045] futex(0x7f9db949436c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5046] futex(0x7f9db949436c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5045] <... futex resumed>)        = 0
[pid  5046] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC <unfinished ...>
[pid  5045] futex(0x7f9db9494368, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5045] futex(0x7f9db949436c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5046] <... socket resumed>)       = 4
[pid  5046] futex(0x7f9db949436c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5045] <... futex resumed>)        = 0
[pid  5045] futex(0x7f9db9494368, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5046] sendto(4, [{nlmsg_len=28, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x08\x00\x02\x00\x6e\x66\x63\x00"], 28, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 <unfinished ...>
[pid  5045] futex(0x7f9db949436c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5046] <... sendto resumed>)       = 28
[pid  5046] recvfrom(4, [{nlmsg_len=472, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5045}, "\x01\x02\x00\x00\x08\x00\x02\x00\x6e\x66\x63\x00\x06\x00\x01\x00\x1e\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1f\x00\x00\x00\x80\x01\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00\x03\x00\x00\x00"...], 4096, 0, NULL, NULL) = 472
[pid  5046] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5045}, {error=0, msg={nlmsg_len=28, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5046] futex(0x7f9db949436c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5045] <... futex resumed>)        = 0
[pid  5046] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x1c\x00\x00\x00\x1e\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x08\x00\x01\x00\x02\x00\x00\x00", iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 <unfinished ...>
[pid  5045] futex(0x7f9db9494368, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5045] futex(0x7f9db949436c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  5045] futex(0x7f9db949437c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9db9384000
[pid  5045] mprotect(0x7f9db9385000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9db93a4990, parent_tid=0x7f9db93a4990, exit_signal=0, stack=0x7f9db9384000, stack_size=0x20300, tls=0x7f9db93a46c0}./strace-static-x86_64: Process 5051 attached
 => {parent_tid=[5051]}, 88) = 5051
[pid  5045] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5051] rseq(0x7f9db93a4fe0, 0x20, 0, 0x53053053) = 0
[pid  5045] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5045] futex(0x7f9db9494378, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5045] futex(0x7f9db949437c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5051] set_robust_list(0x7f9db93a49a0, 24) = 0
[pid  5051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5051] write(3, NULL, 0)           = 0
[pid  5051] futex(0x7f9db949437c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5051] futex(0x7f9db9494378, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5045] <... futex resumed>)        = 0
[  172.723481][ T1079] =====================================================
[  172.730994][ T1079] BUG: KMSAN: uninit-value in nci_rx_work+0x35a/0x5d0
[  172.738138][ T1079]  nci_rx_work+0x35a/0x5d0
[  172.742761][ T1079]  process_scheduled_works+0xa81/0x1bd0
[  172.748718][ T1079]  worker_thread+0xea5/0x1560
[  172.753609][ T1079]  kthread+0x3e2/0x540
[  172.758315][ T1079]  ret_from_fork+0x6d/0x90
[  172.762922][ T1079]  ret_from_fork_asm+0x1a/0x30
[  172.768030][ T1079] 
[  172.770464][ T1079] Uninit was created at:
[  172.775123][ T1079]  kmem_cache_alloc_node+0x622/0xc90
[  172.780639][ T1079]  kmalloc_reserve+0x13d/0x4a0
[  172.785884][ T1079]  __alloc_skb+0x35b/0x7a0
[  172.790506][ T1079]  virtual_ncidev_write+0x6d/0x290
[  172.795949][ T1079]  vfs_write+0x497/0x14d0
[  172.800510][ T1079]  ksys_write+0x20f/0x4c0
[  172.805209][ T1079]  __x64_sys_write+0x93/0xe0
[  172.810042][ T1079]  x64_sys_call+0x3062/0x3b50
[  172.815120][ T1079]  do_syscall_64+0xcf/0x1e0
[  172.819844][ T1079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.826021][ T1079] 
[  172.828470][ T1079] CPU: 0 PID: 1079 Comm: kworker/u8:6 Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0
[  172.838607][ T1079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  172.849100][ T1079] Workqueue: nfc2_nci_rx_wq nci_rx_work
[  172.854870][ T1079] =====================================================
[  172.862120][ T1079] Disabling lock debugging due to kernel taint
[  172.868622][ T1079] Kernel panic - not syncing: kmsan.panic set ...
[  172.875185][ T1079] CPU: 0 PID: 1079 Comm: kworker/u8:6 Tainted: G    B              6.9.0-syzkaller-02707-g614da38e2f7a #0
[  172.886622][ T1079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  172.896809][ T1079] Workqueue: nfc2_nci_rx_wq nci_rx_work
[  172.902618][ T1079] Call Trace:
[  172.906033][ T1079]  <TASK>
[  172.909085][ T1079]  dump_stack_lvl+0x216/0x2d0
[  172.914041][ T1079]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  172.920088][ T1079]  dump_stack+0x1e/0x30
[  172.924479][ T1079]  panic+0x4e2/0xcd0
[  172.928558][ T1079]  ? kmsan_get_metadata+0xf1/0x1d0
[  172.933916][ T1079]  kmsan_report+0x2d5/0x2e0
[  172.938639][ T1079]  ? kmsan_get_metadata+0x146/0x1d0
[  172.944034][ T1079]  ? __msan_warning+0x95/0x120
[  172.948965][ T1079]  ? nci_rx_work+0x35a/0x5d0
[  172.953757][ T1079]  ? process_scheduled_works+0xa81/0x1bd0
[  172.959700][ T1079]  ? worker_thread+0xea5/0x1560
[  172.964759][ T1079]  ? kthread+0x3e2/0x540
[  172.969248][ T1079]  ? ret_from_fork+0x6d/0x90
[pid  5045] exit_group(0)               = ?
[pid  5051] <... futex resumed>)        = ?
[pid  5051] +++ exited with 0 +++
[pid  5046] <... sendmsg resumed>)      = ?
[  172.974047][ T1079]  ? ret_from_fork_asm+0x1a/0x30
[  172.979238][ T1079]  ? filter_irq_stacks+0x60/0x1a0
[  172.984540][ T1079]  ? stack_depot_save_flags+0x2c/0x6e0
[  172.990394][ T1079]  ? kmsan_get_metadata+0x146/0x1d0
[  172.995803][ T1079]  ? kmsan_get_metadata+0x146/0x1d0
[  173.001202][ T1079]  ? kmsan_get_metadata+0x146/0x1d0
[  173.006598][ T1079]  ? kmsan_internal_set_shadow_origin+0x66/0xe0
[  173.013103][ T1079]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  173.019427][ T1079]  ? kfree_skb_reason+0x197/0x4f0
[  173.024586][ T1079]  ? nfc_send_to_raw_sock+0x504/0x530
[  173.030134][ T1079]  ? kmsan_get_metadata+0x146/0x1d0
[  173.035544][ T1079]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  173.041544][ T1079]  __msan_warning+0x95/0x120
[  173.046292][ T1079]  nci_rx_work+0x35a/0x5d0
[  173.050901][ T1079]  ? __pfx_nci_rx_work+0x10/0x10
[  173.056047][ T1079]  process_scheduled_works+0xa81/0x1bd0
[  173.062043][ T1079]  worker_thread+0xea5/0x1560
[  173.066982][ T1079]  kthread+0x3e2/0x540
[  173.071274][ T1079]  ? __pfx_worker_thread+0x10/0x10
[  173.076563][ T1079]  ? __pfx_kthread+0x10/0x10
[  173.081348][ T1079]  ret_from_fork+0x6d/0x90
[  173.085974][ T1079]  ? __pfx_kthread+0x10/0x10
[  173.090815][ T1079]  ret_from_fork_asm+0x1a/0x30
[  173.095850][ T1079]  </TASK>
[  173.099325][ T1079] Kernel Offset: disabled
[  173.103743][ T1079] Rebooting in 86400 seconds..