./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3583840092
<...>
Warning: Permanently added '10.128.1.171' (ED25519) to the list of known hosts.
execve("./syz-executor3583840092", ["./syz-executor3583840092"], 0x7ffc21c3c570 /* 10 vars */) = 0
brk(NULL) = 0x55557f452000
brk(0x55557f452d40) = 0x55557f452d40
arch_prctl(ARCH_SET_FS, 0x55557f4523c0) = 0
set_tid_address(0x55557f452690) = 5182
set_robust_list(0x55557f4526a0, 24) = 0
rseq(0x55557f452ce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3583840092", 4096) = 28
getrandom("\x54\x53\x24\x26\x36\xda\xd7\x65", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55557f452d40
brk(0x55557f473d40) = 0x55557f473d40
brk(0x55557f474000) = 0x55557f474000
mprotect(0x7fba021f5000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557f452690) = 5183
./strace-static-x86_64: Process 5183 attached
[pid 5183] set_robust_list(0x55557f4526a0, 24) = 0
[pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5183] setpgid(0, 0) = 0
[pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5183] write(3, "1000", 4) = 4
[pid 5183] close(3) = 0
[pid 5183] write(1, "executing program\n", 18executing program
) = 18
[pid 5183] futex(0x7fba021fb36c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5183] rt_sigaction(SIGRT_1, {sa_handler=0x7fba021983b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fba02189a30}, NULL, 8) = 0
[pid 5183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba0210c000
[pid 5183] mprotect(0x7fba0210d000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fba0212c990, parent_tid=0x7fba0212c990, exit_signal=0, stack=0x7fba0210c000, stack_size=0x20300, tls=0x7fba0212c6c0} => {parent_tid=[5184]}, 88) = 5184
[pid 5183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 5183] futex(0x7fba021fb368, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5183] futex(0x7fba021fb36c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5184 attached
<unfinished ...>
[pid 5184] rseq(0x7fba0212cfe0, 0x20, 0, 0x53053053) = 0
[pid 5184] set_robust_list(0x7fba0212c9a0, 24) = 0
[pid 5184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 5184] openat(AT_FDCWD, "/dev/virtual_nci", O_RDWR) = 3
[pid 5184] futex(0x7fba021fb36c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 5183] <... futex resumed>) = 0
[pid 5184] futex(0x7fba021fb368, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 5183] futex(0x7fba021fb368, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable)
[pid 5184] ioctl(3, _IOC(_IOC_NONE, 0, 0, 0) <unfinished ...>
[pid 5183] <... futex resumed>) = 0
[pid 5184] <... ioctl resumed>, 0x200000c0) = 0
[pid 5183] futex(0x7fba021fb36c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5184] futex(0x7fba021fb36c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 5183] <... futex resumed>) = 0
[pid 5183] futex(0x7fba021fb368, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5184] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC <unfinished ...>
[pid 5183] futex(0x7fba021fb36c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5184] <... socket resumed>) = 4
[pid 5184] futex(0x7fba021fb36c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 5183] <... futex resumed>) = 0
[pid 5184] sendto(4, [{nlmsg_len=28, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x08\x00\x02\x00\x6e\x66\x63\x00"], 28, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12 <unfinished ...>
[pid 5183] futex(0x7fba021fb368, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 5184] <... sendto resumed>) = 28
[pid 5183] <... futex resumed>) = 0
[pid 5183] futex(0x7fba021fb36c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5184] recvfrom(4, [{nlmsg_len=472, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5183}, "\x01\x02\x00\x00\x08\x00\x02\x00\x6e\x66\x63\x00\x06\x00\x01\x00\x1e\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1f\x00\x00\x00\x80\x01\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0b\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00\x03\x00\x00\x00"...], 4096, 0, NULL, NULL) = 472
[pid 5184] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5183}, {error=0, msg={nlmsg_len=28, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5184] futex(0x7fba021fb36c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid 5183] <... futex resumed>) = 0
[pid 5183] futex(0x7fba021fb368, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 5184] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x1c\x00\x00\x00\x1e\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x08\x00\x01\x00\x02\x00\x00\x00", iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 <unfinished ...>
[pid 5183] <... futex resumed>) = 0
[pid 5183] futex(0x7fba021fb36c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid 5183] futex(0x7fba021fb37c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba020eb000
[pid 5183] mprotect(0x7fba020ec000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fba0210b990, parent_tid=0x7fba0210b990, exit_signal=0, stack=0x7fba020eb000, stack_size=0x20300, tls=0x7fba0210b6c0}./strace-static-x86_64: Process 5189 attached
<unfinished ...>
[pid 5189] rseq(0x7fba0210bfe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid 5183] <... clone3 resumed> => {parent_tid=[5189]}, 88) = 5189
[pid 5189] <... rseq resumed>) = 0
[pid 5183] rt_sigprocmask(SIG_SETMASK, [], <unfinished ...>
[pid 5189] set_robust_list(0x7fba0210b9a0, 24) = 0
[pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid 5189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 5183] futex(0x7fba021fb378, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 5189] write(3, "\x61\x03\x01\xfd\x71\xe6\xe5\xb1\xd1\x0b\xc4\x51\xb4\xe1\x78\xb6\xff\xd6", 18) = 18
[pid 5183] <... futex resumed>) = 0
[pid 5183] futex(0x7fba021fb37c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 5189] futex(0x7fba021fb37c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 5183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable)
[pid 5189] <... futex resumed>) = 0
[ 158.524139][ T2937] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0xe6
[ 158.532618][ T2937] =====================================================
[ 158.540066][ T2937] BUG: KMSAN: uninit-value in nci_ntf_packet+0x2ac6/0x39c0
[ 158.547482][ T2937] nci_ntf_packet+0x2ac6/0x39c0
[ 158.552669][ T2937] nci_rx_work+0x408/0x6f0
[ 158.557277][ T2937] process_scheduled_works+0xae0/0x1c40
[ 158.563065][ T2937] worker_thread+0xea7/0x14f0
[ 158.567917][ T2937] kthread+0x3e2/0x540
[ 158.572322][ T2937] ret_from_fork+0x6d/0x90
[ 158.576861][ T2937] ret_from_fork_asm+0x1a/0x30
[ 158.581911][ T2937]
[ 158.584307][ T2937] Uninit was created at:
[ 158.588769][ T2937] kmem_cache_alloc_node_noprof+0x6bf/0xb80
[ 158.594964][ T2937] kmalloc_reserve+0x13d/0x4a0
[ 158.600078][ T2937] __alloc_skb+0x363/0x7b0
[ 158.604644][ T2937] virtual_ncidev_write+0x67/0x380
[ 158.609990][ T2937] vfs_write+0x487/0x1540
[ 158.614483][ T2937] ksys_write+0x24f/0x4c0
[ 158.618952][ T2937] __x64_sys_write+0x93/0xe0
[ 158.623927][ T2937] x64_sys_call+0x306a/0x3ba0
[ 158.628782][ T2937] do_syscall_64+0xcd/0x1e0
[ 158.633688][ T2937] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 158.639873][ T2937]
[ 158.642284][ T2937] CPU: 1 UID: 0 PID: 2937 Comm: kworker/u8:9 Not tainted 6.12.0-rc1-syzkaller-00349-g8f602276d390 #0
[ 158.653464][ T2937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 158.663809][ T2937] Workqueue: nfc2_nci_rx_wq nci_rx_work
[pid 5189] futex(0x7fba021fb378, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid 5183] exit_group(0 <unfinished ...>
[pid 5189] <... futex resumed>) = ?
[pid 5183] <... exit_group resumed>) = ?
[pid 5189] +++ exited with 0 +++
[pid 5184] <... sendmsg resumed>) = ?
[ 158.669544][ T2937] =====================================================
[ 158.676794][ T2937] Disabling lock debugging due to kernel taint
[ 158.683240][ T2937] Kernel panic - not syncing: kmsan.panic set ...
[ 158.689770][ T2937] CPU: 1 UID: 0 PID: 2937 Comm: kworker/u8:9 Tainted: G B 6.12.0-rc1-syzkaller-00349-g8f602276d390 #0
[ 158.702217][ T2937] Tainted: [B]=BAD_PAGE
[ 158.706462][ T2937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 158.716691][ T2937] Workqueue: nfc2_nci_rx_wq nci_rx_work
[ 158.722486][ T2937] Call Trace:
[ 158.725886][ T2937] <TASK>
[ 158.728924][ T2937] dump_stack_lvl+0x216/0x2d0
[ 158.733802][ T2937] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 158.739797][ T2937] dump_stack+0x1e/0x30
[ 158.744108][ T2937] panic+0x4e2/0xcf0
[ 158.748104][ T2937] ? kmsan_get_metadata+0x101/0x1c0
[ 158.753404][ T2937] kmsan_report+0x2c7/0x2d0
[ 158.758041][ T2937] ? irq_work_queue+0x18d/0x260
[ 158.763009][ T2937] ? __msan_warning+0x95/0x120
[ 158.767907][ T2937] ? nci_ntf_packet+0x2ac6/0x39c0
[ 158.773126][ T2937] ? nci_rx_work+0x408/0x6f0
[ 158.777827][ T2937] ? process_scheduled_works+0xae0/0x1c40
[ 158.783690][ T2937] ? worker_thread+0xea7/0x14f0
[ 158.788648][ T2937] ? kthread+0x3e2/0x540
[ 158.793014][ T2937] ? ret_from_fork+0x6d/0x90
[ 158.797700][ T2937] ? ret_from_fork_asm+0x1a/0x30
[ 158.802814][ T2937] ? vprintk_emit+0xd5c/0xea0
[ 158.807616][ T2937] ? vprintk_default+0x3e/0x50
[ 158.812475][ T2937] ? vprintk+0xee/0xf0
[ 158.816665][ T2937] ? _printk+0x157/0x190
[ 158.821013][ T2937] ? kmsan_get_metadata+0x13e/0x1c0
[ 158.826327][ T2937] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 158.832237][ T2937] __msan_warning+0x95/0x120
[ 158.836959][ T2937] nci_ntf_packet+0x2ac6/0x39c0
[ 158.841934][ T2937] ? kmsan_get_metadata+0x13e/0x1c0
[ 158.847260][ T2937] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 158.853523][ T2937] ? sk_skb_reason_drop+0x140/0x480
[ 158.858870][ T2937] nci_rx_work+0x408/0x6f0
[ 158.863482][ T2937] ? __pfx_nci_rx_work+0x10/0x10
[ 158.868528][ T2937] process_scheduled_works+0xae0/0x1c40
[ 158.874214][ T2937] worker_thread+0xea7/0x14f0
[ 158.879015][ T2937] kthread+0x3e2/0x540
[ 158.883213][ T2937] ? __pfx_worker_thread+0x10/0x10
[ 158.888439][ T2937] ? __pfx_kthread+0x10/0x10
[ 158.893162][ T2937] ret_from_fork+0x6d/0x90
[ 158.897672][ T2937] ? __pfx_kthread+0x10/0x10
[ 158.902378][ T2937] ret_from_fork_asm+0x1a/0x30
[ 158.907265][ T2937] </TASK>
[ 158.910605][ T2937] Kernel Offset: disabled
[ 158.914995][ T2937] Rebooting in 86400 seconds..