./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3850549876 <...> Warning: Permanently added '10.128.0.72' (ED25519) to the list of known hosts. execve("./syz-executor3850549876", ["./syz-executor3850549876"], 0x7ffd0bf13520 /* 10 vars */) = 0 brk(NULL) = 0x55555b7d2000 brk(0x55555b7d2d40) = 0x55555b7d2d40 arch_prctl(ARCH_SET_FS, 0x55555b7d23c0) = 0 set_tid_address(0x55555b7d2690) = 5768 set_robust_list(0x55555b7d26a0, 24) = 0 rseq(0x55555b7d2ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3850549876", 4096) = 28 getrandom("\xe5\xe5\x30\x47\xc4\xdf\x16\xf8", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555b7d2d40 brk(0x55555b7f3d40) = 0x55555b7f3d40 brk(0x55555b7f4000) = 0x55555b7f4000 mprotect(0x7f8dde36d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b7d2690) = 5769 ./strace-static-x86_64: Process 5769 attached [pid 5769] set_robust_list(0x55555b7d26a0, 24) = 0 [pid 5769] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [pid 5769] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 5769] dup2(4, 202) = 202 [pid 5769] close(4) = 0 [pid 5769] write(202, "\xff\x00", 2) = 2 [pid 5769] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 5769] rt_sigaction(SIGRT_1, {sa_handler=0x7f8dde30eec0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8dde300540}, NULL, 8) = 0 [pid 5769] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5769] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8dddaa3000 [pid 5769] mprotect(0x7f8dddaa4000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 5769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8dde2a3990, parent_tid=0x7f8dde2a3990, exit_signal=0, stack=0x7f8dddaa3000, stack_size=0x800300, tls=0x7f8dde2a36c0}./strace-static-x86_64: Process 5771 attached [pid 5771] rseq(0x7f8dde2a3fe0, 0x20, 0, 0x53053053) = 0 [pid 5769] <... clone3 resumed> => {parent_tid=[2]}, 88) = 2 [pid 5771] set_robust_list(0x7f8dde2a39a0, 24 [pid 5769] rt_sigprocmask(SIG_SETMASK, [], [pid 5771] <... set_robust_list resumed>) = 0 [pid 5769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5769] ioctl(3, HCIDEVUP [pid 5771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5771] read(202, "\x01\x03\x0c\x00", 1024) = 4 [pid 5771] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5771] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 5771] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5771] read(202, "\x01\x01\x10\x00", 1024) = 4 [pid 5771] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5771] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 5771] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 5771] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 5771] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [ 205.766758][ T5770] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 205.785947][ T5770] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 205.801485][ T5770] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [pid 5771] read(202, "\x01\x23\x0c\x00", 1024) = 4 [pid 5771] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5771] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 5771] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5771] read(202, "\x01\x25\x0c\x00", 1024) = 4 [pid 5771] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5771] read(202, "\x01\x38\x0c\x00", 1024) = 4 [pid 5771] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5771] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 5771] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5771] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5771] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5771] read(202, [pid 5769] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 5769] ioctl(3, HCISETSCAN [pid 5771] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5771] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7 [pid 5769] <... ioctl resumed>, 0x7ffe846efa0c) = 0 [pid 5769] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3) = 13 [pid 5769] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3 [pid 5771] rt_sigprocmask(SIG_BLOCK, ~[RT_1], [pid 5769] <... writev resumed>) = 14 [pid 5771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5771] madvise(0x7f8dddaa3000, 8372224, MADV_DONTNEED) = 0 [pid 5771] exit(0 [pid 5769] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3 [pid 5771] <... exit resumed>) = ? [pid 5771] +++ exited with 0 +++ [pid 5769] <... writev resumed>) = 14 [pid 5769] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [ 205.822863][ T5770] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 205.838468][ T5770] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 205.848902][ T5770] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [pid 5769] close(3) = 0 [pid 5769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5769] getppid() = 0 [pid 5769] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5769] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5769] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5769] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5769] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5769] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5769] unshare(CLONE_NEWNS) = 0 [pid 5769] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5769] unshare(CLONE_NEWIPC) = 0 [pid 5769] unshare(CLONE_NEWCGROUP) = 0 [pid 5769] unshare(CLONE_NEWUTS) = 0 [pid 5769] unshare(CLONE_SYSVSEM) = 0 [pid 5769] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5769] write(3, "16777216", 8) = 8 [pid 5769] close(3) = 0 [pid 5769] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5769] write(3, "536870912", 9) = 9 [pid 5769] close(3) = 0 [pid 5769] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5769] write(3, "1024", 4) = 4 [pid 5769] close(3) = 0 [pid 5769] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5769] write(3, "8192", 4) = 4 [pid 5769] close(3) = 0 [pid 5769] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5769] write(3, "1024", 4) = 4 [pid 5769] close(3) = 0 [pid 5769] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5769] write(3, "1024", 4) = 4 [pid 5769] close(3) = 0 [pid 5769] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5769] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5769] close(3) = 0 [pid 5769] getpid() = 1 [pid 5769] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<) = 0 [ 206.261513][ T5074] ret_from_fork+0x6d/0x90 [ 206.266336][ T5074] ret_from_fork_asm+0x1a/0x30 [ 206.271330][ T5074] [ 206.273999][ T5074] Uninit was created at: [ 206.278554][ T5074] kmem_cache_alloc_node_noprof+0x907/0xe00 [ 206.284973][ T5074] kmalloc_reserve+0x13d/0x4a0 [ 206.289948][ T5074] __alloc_skb+0x363/0x7b0 [ 206.294734][ T5074] vhci_write+0x127/0x900 [ 206.299262][ T5074] vfs_write+0xb2b/0x1540 [ 206.304079][ T5074] ksys_write+0x240/0x4b0 [ 206.308674][ T5074] __x64_sys_write+0x93/0xe0 [pid 5769] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b7d2690) = 4 ./strace-static-x86_64: Process 5775 attached [pid 5775] set_robust_list(0x55555b7d26a0, 24) = 0 [pid 5775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5775] setpgid(0, 0) = 0 [pid 5775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5775] write(3, "1000", 4) = 4 [pid 5775] close(3) = 0 [pid 5775] write(1, "executing program\n", 18executing program ) = 18 [pid 5775] write(202, "\x02\xc8\x00\x04\x00\x00\x00\x02\x00", 9) = 9 [pid 5775] close(3) = -1 EBADF (Bad file descriptor) [ 206.313684][ T5074] x64_sys_call+0x3161/0x3c30 [ 206.318608][ T5074] do_syscall_64+0xcd/0x1e0 [ 206.323557][ T5074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.329734][ T5074] [ 206.332197][ T5074] CPU: 1 UID: 0 PID: 5074 Comm: kworker/u9:1 Not tainted 6.13.0-syzkaller-01222-g9f3ee94e705a #0 [ 206.343297][ T5074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 206.353673][ T5074] Workqueue: hci0 hci_rx_work [ 206.358606][ T5074] ===================================================== [pid 5775] close(4) = -1 EBADF (Bad file descriptor) [pid 5775] close(5) = -1 EBADF (Bad file descriptor) [pid 5775] close(6) = -1 EBADF (Bad file descriptor) [pid 5775] close(7) = -1 EBADF (Bad file descriptor) [pid 5775] close(8) = -1 EBADF (Bad file descriptor) [pid 5775] close(9) = -1 EBADF (Bad file descriptor) [pid 5775] close(10) = -1 EBADF (Bad file descriptor) [pid 5775] close(11) = -1 EBADF (Bad file descriptor) [pid 5775] close(12) = -1 EBADF (Bad file descriptor) [pid 5775] close(13) = -1 EBADF (Bad file descriptor) [pid 5775] close(14) = -1 EBADF (Bad file descriptor) [pid 5775] close(15) = -1 EBADF (Bad file descriptor) [pid 5775] close(16) = -1 EBADF (Bad file descriptor) [pid 5775] close(17) = -1 EBADF (Bad file descriptor) [pid 5775] close(18) = -1 EBADF (Bad file descriptor) [pid 5775] close(19) = -1 EBADF (Bad file descriptor) [pid 5775] close(20) = -1 EBADF (Bad file descriptor) [pid 5775] close(21) = -1 EBADF (Bad file descriptor) [pid 5775] close(22) = -1 EBADF (Bad file descriptor) [pid 5775] close(23) = -1 EBADF (Bad file descriptor) [pid 5775] close(24) = -1 EBADF (Bad file descriptor) [pid 5775] close(25) = -1 EBADF (Bad file descriptor) [pid 5775] close(26) = -1 EBADF (Bad file descriptor) [pid 5775] close(27) = -1 EBADF (Bad file descriptor) [pid 5775] close(28) = -1 EBADF (Bad file descriptor) [ 206.366003][ T5074] Disabling lock debugging due to kernel taint [ 206.372319][ T5074] Kernel panic - not syncing: kmsan.panic set ... [ 206.378911][ T5074] CPU: 1 UID: 0 PID: 5074 Comm: kworker/u9:1 Tainted: G B 6.13.0-syzkaller-01222-g9f3ee94e705a #0 [ 206.391157][ T5074] Tainted: [B]=BAD_PAGE [ 206.395436][ T5074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 206.405669][ T5074] Workqueue: hci0 hci_rx_work [ 206.410590][ T5074] Call Trace: [pid 5775] close(29) = -1 EBADF (Bad file descriptor) [pid 5775] exit_group(0) = ? [pid 5775] +++ exited with 0 +++ [pid 5769] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5769] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5769] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b7d2690) = 5 ./strace-static-x86_64: Process 5776 attached [pid 5776] set_robust_list(0x55555b7d26a0, 24) = 0 [pid 5776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5776] setpgid(0, 0) = 0 [ 206.413992][ T5074] [ 206.417043][ T5074] dump_stack_lvl+0x216/0x2d0 [ 206.422046][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 206.428090][ T5074] dump_stack+0x1e/0x24 [ 206.432467][ T5074] panic+0x4e2/0xcf0 [ 206.436598][ T5074] ? kmsan_get_metadata+0xa1/0x1c0 [ 206.441933][ T5074] kmsan_report+0x2c7/0x2d0 [ 206.446682][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 206.452724][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 206.458139][ T5074] ? __msan_warning+0x95/0x120 [pid 5776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5776] write(3, "1000", 4executing program ) = 4 [pid 5776] close(3) = 0 [pid 5776] write(1, "executing program\n", 18) = 18 [pid 5776] write(202, "\x02\xc8\x00\x04\x00\x00\x00\x02\x00", 9) = 9 [pid 5776] close(3) = -1 EBADF (Bad file descriptor) [pid 5776] close(4) = -1 EBADF (Bad file descriptor) [pid 5776] close(5) = -1 EBADF (Bad file descriptor) [pid 5776] close(6) = -1 EBADF (Bad file descriptor) [pid 5776] close(7) = -1 EBADF (Bad file descriptor) [pid 5776] close(8) = -1 EBADF (Bad file descriptor) [pid 5776] close(9) = -1 EBADF (Bad file descriptor) [pid 5776] close(10) = -1 EBADF (Bad file descriptor) [pid 5776] close(11) = -1 EBADF (Bad file descriptor) [pid 5776] close(12) = -1 EBADF (Bad file descriptor) [pid 5776] close(13) = -1 EBADF (Bad file descriptor) [pid 5776] close(14) = -1 EBADF (Bad file descriptor) [pid 5776] close(15) = -1 EBADF (Bad file descriptor) [pid 5776] close(16) = -1 EBADF (Bad file descriptor) [pid 5776] close(17) = -1 EBADF (Bad file descriptor) [pid 5776] close(18) = -1 EBADF (Bad file descriptor) [pid 5776] close(19) = -1 EBADF (Bad file descriptor) [pid 5776] close(20) = -1 EBADF (Bad file descriptor) [ 206.463092][ T5074] ? l2cap_recv_frame+0xccb7/0x18c10 [ 206.468591][ T5074] ? l2cap_recv_acldata+0xdd9/0x2ac0 [ 206.474079][ T5074] ? hci_rx_work+0xb58/0x1260 [ 206.478965][ T5074] ? process_scheduled_works+0xae0/0x1c40 [ 206.484950][ T5074] ? worker_thread+0xea7/0x14f0 [ 206.489992][ T5074] ? kthread+0x3e2/0x540 [ 206.494449][ T5074] ? ret_from_fork+0x6d/0x90 [ 206.499269][ T5074] ? ret_from_fork_asm+0x1a/0x30 [ 206.504465][ T5074] ? rb_insert_color+0x8e/0xf70 [ 206.509512][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [pid 5776] close(21) = -1 EBADF (Bad file descriptor) [pid 5776] close(22) = -1 EBADF (Bad file descriptor) [pid 5776] close(23) = -1 EBADF (Bad file descriptor) [pid 5776] close(24) = -1 EBADF (Bad file descriptor) [pid 5776] close(25) = -1 EBADF (Bad file descriptor) [pid 5776] close(26) = -1 EBADF (Bad file descriptor) [pid 5776] close(27) = -1 EBADF (Bad file descriptor) [pid 5776] close(28) = -1 EBADF (Bad file descriptor) [pid 5776] close(29) = -1 EBADF (Bad file descriptor) [pid 5776] exit_group(0) = ? [pid 5776] +++ exited with 0 +++ [pid 5769] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5769] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 206.515532][ T5074] ? timerqueue_add+0x397/0x3d0 [ 206.520622][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 206.526070][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 206.532110][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 206.537529][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 206.543565][ T5074] __msan_warning+0x95/0x120 [ 206.548354][ T5074] l2cap_recv_frame+0xccb7/0x18c10 [ 206.553689][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 206.559758][ T5074] ? sched_balance_newidle+0x83/0x1290 [pid 5769] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b7d2690) = 6 ./strace-static-x86_64: Process 5777 attached [pid 5777] set_robust_list(0x55555b7d26a0, 24) = 0 [pid 5777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5777] setpgid(0, 0) = 0 [pid 5777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5777] write(3, "1000", 4) = 4 [pid 5777] close(3) = 0 executing program [pid 5777] write(1, "executing program\n", 18) = 18 [pid 5777] write(202, "\x02\xc8\x00\x04\x00\x00\x00\x02\x00", 9) = 9 [pid 5777] close(3) = -1 EBADF (Bad file descriptor) [pid 5777] close(4) = -1 EBADF (Bad file descriptor) [pid 5777] close(5) = -1 EBADF (Bad file descriptor) [pid 5777] close(6) = -1 EBADF (Bad file descriptor) [pid 5777] close(7) = -1 EBADF (Bad file descriptor) [pid 5777] close(8) = -1 EBADF (Bad file descriptor) [pid 5777] close(9) = -1 EBADF (Bad file descriptor) [pid 5777] close(10) = -1 EBADF (Bad file descriptor) [ 206.565517][ T5074] ? stack_depot_save_flags+0x2c/0x750 [ 206.571234][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 206.576653][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 206.582223][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 206.587633][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 206.593698][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 206.599140][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 206.605188][ T5074] ? filter_irq_stacks+0x60/0x1a0 [ 206.610475][ T5074] ? stack_depot_save_flags+0x2c/0x750 [pid 5777] close(11) = -1 EBADF (Bad file descriptor) [pid 5777] close(12) = -1 EBADF (Bad file descriptor) [pid 5777] close(13) = -1 EBADF (Bad file descriptor) [pid 5777] close(14) = -1 EBADF (Bad file descriptor) [pid 5777] close(15) = -1 EBADF (Bad file descriptor) [pid 5777] close(16) = -1 EBADF (Bad file descriptor) [pid 5777] close(17) = -1 EBADF (Bad file descriptor) [pid 5777] close(18) = -1 EBADF (Bad file descriptor) [pid 5777] close(19) = -1 EBADF (Bad file descriptor) [pid 5777] close(20) = -1 EBADF (Bad file descriptor) [pid 5777] close(21) = -1 EBADF (Bad file descriptor) [pid 5777] close(22) = -1 EBADF (Bad file descriptor) [pid 5777] close(23) = -1 EBADF (Bad file descriptor) [pid 5777] close(24) = -1 EBADF (Bad file descriptor) [pid 5777] close(25) = -1 EBADF (Bad file descriptor) [pid 5777] close(26) = -1 EBADF (Bad file descriptor) [pid 5777] close(27) = -1 EBADF (Bad file descriptor) [pid 5777] close(28) = -1 EBADF (Bad file descriptor) [pid 5777] close(29) = -1 EBADF (Bad file descriptor) [pid 5777] exit_group(0) = ? [pid 5777] +++ exited with 0 +++ [pid 5769] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 206.616160][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 206.621584][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 206.626999][ T5074] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 206.633609][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 206.639039][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 206.645109][ T5074] l2cap_recv_acldata+0xdd9/0x2ac0 [ 206.650478][ T5074] hci_rx_work+0xb58/0x1260 [ 206.655237][ T5074] ? __pfx_hci_rx_work+0x10/0x10 [ 206.660418][ T5074] process_scheduled_works+0xae0/0x1c40 [pid 5769] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5769] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555b7d2690) = 7 ./strace-static-x86_64: Process 5778 attached [pid 5778] set_robust_list(0x55555b7d26a0, 24) = 0 [pid 5778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5778] setpgid(0, 0) = 0 [pid 5778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 206.666300][ T5074] worker_thread+0xea7/0x14f0 [ 206.671180][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 206.677256][ T5074] kthread+0x3e2/0x540 [ 206.681518][ T5074] ? __pfx_worker_thread+0x10/0x10 [ 206.686866][ T5074] ? __pfx_kthread+0x10/0x10 [ 206.691693][ T5074] ret_from_fork+0x6d/0x90 [ 206.696336][ T5074] ? __pfx_kthread+0x10/0x10 [ 206.701169][ T5074] ret_from_fork_asm+0x1a/0x30 [ 206.706185][ T5074] [ 206.709778][ T5074] Kernel Offset: disabled [ 206.714186][ T5074] Rebooting in 86400 seconds..