./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor683178681

<...>
Warning: Permanently added '10.128.1.144' (ED25519) to the list of known hosts.
execve("./syz-executor683178681", ["./syz-executor683178681"], 0x7ffdf4605140 /* 10 vars */) = 0
brk(NULL)                               = 0x555555f2c000
brk(0x555555f2cd40)                     = 0x555555f2cd40
arch_prctl(ARCH_SET_FS, 0x555555f2c3c0) = 0
set_tid_address(0x555555f2c690)         = 5007
set_robust_list(0x555555f2c6a0, 24)     = 0
rseq(0x555555f2cce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor683178681", 4096) = 27
getrandom("\x1d\x55\xa9\x74\x7d\xf2\xa5\x41", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555555f2cd40
brk(0x555555f4dd40)                     = 0x555555f4dd40
brk(0x555555f4e000)                     = 0x555555f4e000
mprotect(0x7f3f5f103000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5008 attached
, child_tidptr=0x555555f2c690) = 5008
[pid  5008] set_robust_list(0x555555f2c6a0, 24) = 0
[pid  5008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5008] setpgid(0, 0)               = 0
[pid  5008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5008] write(3, "1000", 4)         = 4
[pid  5008] close(3)                    = 0
[pid  5008] futex(0x7f3f5f10936c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5008] rt_sigaction(SIGRT_1, {sa_handler=0x7f3f5f0a63b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3f5f097a30}, NULL, 8) = 0
[pid  5008] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3f5f020000
[pid  5008] mprotect(0x7f3f5f021000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3f5f040990, parent_tid=0x7f3f5f040990, exit_signal=0, stack=0x7f3f5f020000, stack_size=0x20300, tls=0x7f3f5f0406c0}./strace-static-x86_64: Process 5009 attached
 => {parent_tid=[5009]}, 88) = 5009
[pid  5008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5008] futex(0x7f3f5f109368, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5008] futex(0x7f3f5f10936c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5009] rseq(0x7f3f5f040fe0, 0x20, 0, 0x53053053) = 0
[pid  5009] set_robust_list(0x7f3f5f0409a0, 24) = 0
[pid  5009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5009] openat(AT_FDCWD, "/dev/virtual_nci", O_RDWR) = 3
[pid  5009] futex(0x7f3f5f10936c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5009] futex(0x7f3f5f109368, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5008] <... futex resumed>)        = 0
[pid  5008] futex(0x7f3f5f109368, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5009] <... futex resumed>)        = 0
[pid  5008] futex(0x7f3f5f10936c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5009] ioctl(3, _IOC(_IOC_NONE, 0, 0, 0), 0x200000c0) = 0
[pid  5009] futex(0x7f3f5f10936c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5008] <... futex resumed>)        = 0
[pid  5008] futex(0x7f3f5f109368, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5009] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC <unfinished ...>
[pid  5008] futex(0x7f3f5f10936c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5009] <... socket resumed>)       = 4
[pid  5009] futex(0x7f3f5f10936c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5008] <... futex resumed>)        = 0
[pid  5008] futex(0x7f3f5f109368, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5009] sendto(4, [{nlmsg_len=28, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x08\x00\x02\x00\x6e\x66\x63\x00"], 28, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 <unfinished ...>
[pid  5008] <... futex resumed>)        = 0
[pid  5008] futex(0x7f3f5f10936c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5009] <... sendto resumed>)       = 28
[pid  5009] recvfrom(4, [{nlmsg_len=472, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5008}, "\x01\x02\x00\x00\x08\x00\x02\x00\x6e\x66\x63\x00\x06\x00\x01\x00\x1e\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1f\x00\x00\x00\x80\x01\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00\x03\x00\x00\x00"...], 4096, 0, NULL, NULL) = 472
[pid  5009] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5008}, {error=0, msg={nlmsg_len=28, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5009] futex(0x7f3f5f10936c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5008] <... futex resumed>)        = 0
[pid  5009] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x1c\x00\x00\x00\x1e\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x08\x00\x01\x00\x02\x00\x00\x00", iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 <unfinished ...>
[pid  5008] futex(0x7f3f5f109368, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5008] futex(0x7f3f5f10936c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  5008] futex(0x7f3f5f10937c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3f5efff000
[pid  5008] mprotect(0x7f3f5f000000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3f5f01f990, parent_tid=0x7f3f5f01f990, exit_signal=0, stack=0x7f3f5efff000, stack_size=0x20300, tls=0x7f3f5f01f6c0}./strace-static-x86_64: Process 5014 attached
 <unfinished ...>
[pid  5014] rseq(0x7f3f5f01ffe0, 0x20, 0, 0x53053053) = 0
[pid  5014] set_robust_list(0x7f3f5f01f9a0, 24) = 0
[pid  5014] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5014] futex(0x7f3f5f109378, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5008] <... clone3 resumed> => {parent_tid=[5014]}, 88) = 5014
[pid  5008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5008] futex(0x7f3f5f109378, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5014] <... futex resumed>)        = 0
[pid  5008] <... futex resumed>)        = 1
[pid  5014] write(3, NULL, 0)           = 0
[pid  5008] futex(0x7f3f5f10937c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5014] futex(0x7f3f5f10937c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5008] <... futex resumed>)        = 0
[  146.382949][ T2933] =====================================================
[  146.390184][ T2933] BUG: KMSAN: uninit-value in nci_rx_work+0x2e6/0x500
[  146.397310][ T2933]  nci_rx_work+0x2e6/0x500
[  146.402036][ T2933]  process_scheduled_works+0x104e/0x1e70
[  146.407862][ T2933]  worker_thread+0xf45/0x1490
[  146.412829][ T2933]  kthread+0x3ed/0x540
[  146.417075][ T2933]  ret_from_fork+0x66/0x80
[  146.421847][ T2933]  ret_from_fork_asm+0x11/0x20
[  146.426792][ T2933] 
[  146.429191][ T2933] Uninit was created at:
[  146.433748][ T2933]  slab_post_alloc_hook+0x129/0xa70
[  146.439108][ T2933]  kmem_cache_alloc_node+0x5e9/0xb10
[  146.444659][ T2933]  kmalloc_reserve+0x13d/0x4a0
[  146.449610][ T2933]  __alloc_skb+0x318/0x740
[  146.454335][ T2933]  virtual_ncidev_write+0x6d/0x280
[  146.459612][ T2933]  vfs_write+0x48b/0x1200
[  146.464258][ T2933]  ksys_write+0x20f/0x4c0
[  146.468734][ T2933]  __x64_sys_write+0x93/0xd0
[  146.473671][ T2933]  do_syscall_64+0x6d/0x140
[  146.478356][ T2933]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[  146.484612][ T2933] 
[  146.487021][ T2933] CPU: 1 PID: 2933 Comm: kworker/u4:11 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0
[  146.497225][ T2933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[  146.507527][ T2933] Workqueue: nfc2_nci_rx_wq nci_rx_work
[  146.513364][ T2933] =====================================================
[  146.520388][ T2933] Disabling lock debugging due to kernel taint
[  146.526736][ T2933] Kernel panic - not syncing: kmsan.panic set ...
[  146.533253][ T2933] CPU: 1 PID: 2933 Comm: kworker/u4:11 Tainted: G    B              6.7.0-syzkaller-00562-g9f8413c4a66f #0
[  146.544764][ T2933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[  146.554885][ T2933] Workqueue: nfc2_nci_rx_wq nci_rx_work
[  146.560573][ T2933] Call Trace:
[  146.563943][ T2933]  <TASK>
[  146.566947][ T2933]  dump_stack_lvl+0x1bf/0x240
[  146.571735][ T2933]  dump_stack+0x1e/0x20
[  146.576005][ T2933]  panic+0x4de/0xc90
[  146.580067][ T2933]  ? add_taint+0x108/0x1a0
[pid  5014] futex(0x7f3f5f109378, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5008] exit_group(0 <unfinished ...>
[pid  5014] <... futex resumed>)        = ?
[pid  5008] <... exit_group resumed>)   = ?
[pid  5009] <... sendmsg resumed>)      = ?
[pid  5014] +++ exited with 0 +++
[  146.584630][ T2933]  kmsan_report+0x2d0/0x2d0
[  146.589266][ T2933]  ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[  146.595276][ T2933]  ? _raw_spin_lock_irqsave+0x35/0xc0
[  146.600827][ T2933]  ? __msan_warning+0x96/0x110
[  146.605771][ T2933]  ? nci_rx_work+0x2e6/0x500
[  146.606345][ T5009] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  146.619272][ T2933]  ? process_scheduled_works+0x104e/0x1e70
[  146.625256][ T2933]  ? worker_thread+0xf45/0x1490
[  146.630265][ T2933]  ? kthread+0x3ed/0x540
[  146.634666][ T2933]  ? ret_from_fork+0x66/0x80
[  146.639386][ T2933]  ? ret_from_fork_asm+0x11/0x20
[  146.644512][ T2933]  ? filter_irq_stacks+0x60/0x1a0
[  146.649702][ T2933]  ? kmsan_internal_set_shadow_origin+0x66/0xe0
[  146.656058][ T2933]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  146.662255][ T2933]  ? kfree_skb_reason+0x191/0x4f0
[  146.667401][ T2933]  ? nfc_send_to_raw_sock+0x504/0x520
[  146.672915][ T2933]  ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[  146.678929][ T2933]  __msan_warning+0x96/0x110
[  146.683710][ T2933]  nci_rx_work+0x2e6/0x500
[  146.688329][ T2933]  ? nci_cmd_work+0x480/0x480
[  146.693204][ T2933]  process_scheduled_works+0x104e/0x1e70
[  146.698996][ T2933]  worker_thread+0xf45/0x1490
[  146.703863][ T2933]  kthread+0x3ed/0x540
[  146.708120][ T2933]  ? pr_cont_work+0xce0/0xce0
[  146.712942][ T2933]  ? kthread_blkcg+0x120/0x120
[  146.717818][ T2933]  ret_from_fork+0x66/0x80
[  146.722340][ T2933]  ? kthread_blkcg+0x120/0x120
[  146.727251][ T2933]  ret_from_fork_asm+0x11/0x20
[  146.732210][ T2933]  </TASK>
[  146.735566][ T2933] Kernel Offset: disabled
[  146.739935][ T2933] Rebooting in 86400 seconds..