./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2606917198 <...> Warning: Permanently added '10.128.0.29' (ED25519) to the list of known hosts. execve("./syz-executor2606917198", ["./syz-executor2606917198"], 0x7fff578ff710 /* 10 vars */) = 0 brk(NULL) = 0x555563574000 brk(0x555563574d00) = 0x555563574d00 arch_prctl(ARCH_SET_FS, 0x555563574380) = 0 set_tid_address(0x555563574650) = 5830 set_robust_list(0x555563574660, 24) = 0 rseq(0x555563574ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2606917198", 4096) = 28 getrandom("\xdf\x2b\xfc\x37\x9f\xde\x14\x31", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555563574d00 brk(0x555563595d00) = 0x555563595d00 brk(0x555563596000) = 0x555563596000 mprotect(0x7f480fb8c000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 mkdir("./syzkaller.UplQwj", 0700) = 0 chmod("./syzkaller.UplQwj", 0777) = 0 chdir("./syzkaller.UplQwj") = 0 mkdir("./0", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5831 attached [pid 5831] set_robust_list(0x555563574660, 24 [pid 5830] <... clone resumed>, child_tidptr=0x555563574650) = 5831 [pid 5831] <... set_robust_list resumed>) = 0 [pid 5831] chdir("./0") = 0 [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] setpgid(0, 0) = 0 [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "1000", 4) = 4 [pid 5831] close(3) = 0 [pid 5831] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5831] write(1, "executing program\n", 18) = 18 [pid 5831] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3 [pid 5831] ioctl(3, TIOCSETD, [15]) = 0 [pid 5831] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 5831] write(4, "3", 1) = 1 [ 96.280158][ T5831] FAULT_INJECTION: forcing a failure. [ 96.280158][ T5831] name failslab, interval 1, probability 0, space 0, times 1 [ 96.293092][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: syz-executor260 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 96.293114][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 96.293126][ T5831] Call Trace: [ 96.293133][ T5831] [ 96.293139][ T5831] dump_stack_lvl+0x241/0x360 [ 96.293181][ T5831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.293198][ T5831] ? __pfx__printk+0x10/0x10 [ 96.293217][ T5831] ? fs_reclaim_acquire+0x93/0x130 [ 96.293236][ T5831] ? __pfx___might_resched+0x10/0x10 [ 96.293264][ T5831] should_fail_ex+0x40a/0x550 [ 96.293289][ T5831] should_failslab+0xac/0x100 [ 96.293315][ T5831] __kmalloc_cache_noprof+0x70/0x390 [ 96.293338][ T5831] ? tomoyo_init_log+0x1c1/0x20d0 [ 96.293359][ T5831] ? stack_depot_save_flags+0x37/0x940 [ 96.293380][ T5831] tomoyo_init_log+0x1c1/0x20d0 [ 96.293404][ T5831] ? string+0x270/0x2b0 [ 96.293427][ T5831] ? vsnprintf+0x1181/0x1220 [ 96.293457][ T5831] ? __pfx_tomoyo_init_log+0x10/0x10 [ 96.293478][ T5831] ? tomoyo_profile+0x11/0x50 [ 96.293499][ T5831] ? tomoyo_profile+0x11/0x50 [ 96.293532][ T5831] tomoyo_supervisor+0x3b2/0x1860 [ 96.293569][ T5831] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 96.293606][ T5831] ? tomoyo_realpath_from_path+0x5a9/0x5e0 [ 96.293630][ T5831] ? tomoyo_print_ulong+0x27/0xa0 [ 96.293648][ T5831] ? __pfx_snprintf+0x10/0x10 [ 96.293669][ T5831] ? tomoyo_check_acl+0x37e/0x3f0 [ 96.293694][ T5831] tomoyo_path_number_perm+0x538/0x770 [ 96.293719][ T5831] ? tomoyo_path_number_perm+0x209/0x770 [ 96.293741][ T5831] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 96.293779][ T5831] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 96.293828][ T5831] ? __pfx_ptrace_notify+0x10/0x10 [ 96.293854][ T5831] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 96.293881][ T5831] security_file_ioctl+0xc6/0x2a0 [ 96.293901][ T5831] __se_sys_ioctl+0x46/0x160 [ 96.293924][ T5831] do_syscall_64+0xf3/0x230 [ 96.293947][ T5831] ? clear_bhb_loop+0x45/0xa0 [ 96.293972][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.293998][ T5831] RIP: 0033:0x7f480fb20c19 [ 96.294017][ T5831] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 96.294029][ T5831] RSP: 002b:00007ffc7edb3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [pid 5831] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = 0 [pid 5831] exit_group(0) = ? [ 96.294045][ T5831] RAX: ffffffffffffffda RBX: 00007ffc7edb31b0 RCX: 00007f480fb20c19 [ 96.294056][ T5831] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 96.294065][ T5831] RBP: 0000000000000001 R08: 00007ffc7edb2f27 R09: 00007f480fadc1a8 [ 96.294074][ T5831] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 96.294083][ T5831] R13: 00007ffc7edb3548 R14: 00007ffc7edb31d0 R15: 0000000000000000 [ 96.294110][ T5831] [ 97.290027][ T46] cfg80211: failed to load regulatory.db [pid 5831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5831, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 98.638624][ T5833] Bluetooth: hci0: command 0x1003 tx timeout [ 98.645547][ T5142] Bluetooth: hci0: Opcode 0x1003 failed: -110 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555635756f0 /* 3 entries */, 32768) = 80 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555635756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5835 attached , child_tidptr=0x555563574650) = 5835 [pid 5835] set_robust_list(0x555563574660, 24) = 0 [pid 5835] chdir("./1") = 0 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5835] setpgid(0, 0) = 0 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "1000", 4) = 4 [pid 5835] close(3) = 0 [pid 5835] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5835] write(1, "executing program\n", 18) = 18 [pid 5835] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3 [pid 5835] ioctl(3, TIOCSETD, [15]) = 0 [pid 5835] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 5835] write(4, "3", 1) = 1 [ 98.931915][ T5835] FAULT_INJECTION: forcing a failure. [ 98.931915][ T5835] name failslab, interval 1, probability 0, space 0, times 0 [ 98.945068][ T5835] CPU: 0 UID: 0 PID: 5835 Comm: syz-executor260 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 98.945094][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 98.945107][ T5835] Call Trace: [ 98.945115][ T5835] [ 98.945124][ T5835] dump_stack_lvl+0x241/0x360 [ 98.945160][ T5835] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.945186][ T5835] ? __pfx__printk+0x10/0x10 [ 98.945213][ T5835] ? fs_reclaim_acquire+0x93/0x130 [ 98.945242][ T5835] ? __pfx___might_resched+0x10/0x10 [ 98.945283][ T5835] should_fail_ex+0x40a/0x550 [ 98.945315][ T5835] should_failslab+0xac/0x100 [ 98.945348][ T5835] __kmalloc_cache_noprof+0x70/0x390 [ 98.945380][ T5835] ? tomoyo_init_log+0x1c1/0x20d0 [ 98.945410][ T5835] ? stack_depot_save_flags+0x37/0x940 [ 98.945440][ T5835] tomoyo_init_log+0x1c1/0x20d0 [ 98.945474][ T5835] ? string+0x270/0x2b0 [ 98.945503][ T5835] ? vsnprintf+0x1181/0x1220 [ 98.945547][ T5835] ? __pfx_tomoyo_init_log+0x10/0x10 [ 98.945578][ T5835] ? tomoyo_profile+0x11/0x50 [ 98.945609][ T5835] ? tomoyo_profile+0x11/0x50 [ 98.945655][ T5835] tomoyo_supervisor+0x3b2/0x1860 [ 98.945700][ T5835] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 98.945739][ T5835] ? tomoyo_realpath_from_path+0x5a9/0x5e0 [ 98.945763][ T5835] ? tomoyo_print_ulong+0x27/0xa0 [ 98.945781][ T5835] ? __pfx_snprintf+0x10/0x10 [ 98.945802][ T5835] ? tomoyo_check_acl+0x37e/0x3f0 [ 98.945828][ T5835] tomoyo_path_number_perm+0x538/0x770 [ 98.945853][ T5835] ? tomoyo_path_number_perm+0x209/0x770 [ 98.945875][ T5835] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 98.945913][ T5835] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 98.945970][ T5835] ? __pfx_ptrace_notify+0x10/0x10 [ 98.945995][ T5835] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 98.946022][ T5835] security_file_ioctl+0xc6/0x2a0 [ 98.946044][ T5835] __se_sys_ioctl+0x46/0x160 [ 98.946067][ T5835] do_syscall_64+0xf3/0x230 [ 98.946089][ T5835] ? clear_bhb_loop+0x45/0xa0 [ 98.946114][ T5835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.946134][ T5835] RIP: 0033:0x7f480fb20c19 [ 98.946148][ T5835] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 98.946161][ T5835] RSP: 002b:00007ffc7edb3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [pid 5835] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = 0 [pid 5835] exit_group(0) = ? [ 98.946177][ T5835] RAX: ffffffffffffffda RBX: 00007ffc7edb31b0 RCX: 00007f480fb20c19 [ 98.946187][ T5835] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 98.946196][ T5835] RBP: 0000000000000001 R08: 00007ffc7edb2f27 R09: 00007f480fadc1a8 [ 98.946206][ T5835] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc7edb31ac [ 98.946215][ T5835] R13: 00007ffc7edb31f0 R14: 00007ffc7edb31d0 R15: 0000000000000001 [ 98.946243][ T5835] [pid 5835] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 101.277675][ T5142] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 101.277706][ T5833] Bluetooth: hci0: command 0x1003 tx timeout umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555635756f0 /* 3 entries */, 32768) = 80 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555635756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached , child_tidptr=0x555563574650) = 5836 [pid 5836] set_robust_list(0x555563574660, 24) = 0 [pid 5836] chdir("./2") = 0 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5836] setpgid(0, 0) = 0 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5836] write(1, "executing program\n", 18executing program ) = 18 [pid 5836] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3 [pid 5836] ioctl(3, TIOCSETD, [15]) = 0 [pid 5836] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 5836] write(4, "3", 1) = 1 [pid 5836] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = 0 [pid 5836] exit_group(0) = ? [ 101.585134][ T5836] FAULT_INJECTION: forcing a failure. [ 101.585134][ T5836] name failslab, interval 1, probability 0, space 0, times 0 [ 101.597920][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: syz-executor260 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 101.597947][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 101.597959][ T5836] Call Trace: [ 101.597967][ T5836] [ 101.597976][ T5836] dump_stack_lvl+0x241/0x360 [ 101.598011][ T5836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 101.598035][ T5836] ? __pfx__printk+0x10/0x10 [ 101.598062][ T5836] ? fs_reclaim_acquire+0x93/0x130 [ 101.598089][ T5836] ? __pfx___might_resched+0x10/0x10 [ 101.598130][ T5836] should_fail_ex+0x40a/0x550 [ 101.598162][ T5836] should_failslab+0xac/0x100 [ 101.598200][ T5836] __kmalloc_cache_noprof+0x70/0x390 [ 101.598227][ T5836] ? tomoyo_init_log+0x1c1/0x20d0 [ 101.598248][ T5836] ? stack_depot_save_flags+0x37/0x940 [ 101.598269][ T5836] tomoyo_init_log+0x1c1/0x20d0 [ 101.598294][ T5836] ? string+0x270/0x2b0 [ 101.598314][ T5836] ? vsnprintf+0x1181/0x1220 [ 101.598344][ T5836] ? __pfx_tomoyo_init_log+0x10/0x10 [ 101.598365][ T5836] ? tomoyo_profile+0x11/0x50 [ 101.598387][ T5836] ? tomoyo_profile+0x11/0x50 [ 101.598419][ T5836] tomoyo_supervisor+0x3b2/0x1860 [ 101.598459][ T5836] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 101.598496][ T5836] ? tomoyo_realpath_from_path+0x5a9/0x5e0 [ 101.598520][ T5836] ? tomoyo_print_ulong+0x27/0xa0 [ 101.598538][ T5836] ? __pfx_snprintf+0x10/0x10 [ 101.598559][ T5836] ? tomoyo_check_acl+0x37e/0x3f0 [ 101.598585][ T5836] tomoyo_path_number_perm+0x538/0x770 [ 101.598610][ T5836] ? tomoyo_path_number_perm+0x209/0x770 [ 101.598633][ T5836] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 101.598671][ T5836] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 101.598726][ T5836] ? __pfx_ptrace_notify+0x10/0x10 [ 101.598751][ T5836] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 101.598778][ T5836] security_file_ioctl+0xc6/0x2a0 [ 101.598800][ T5836] __se_sys_ioctl+0x46/0x160 [ 101.598822][ T5836] do_syscall_64+0xf3/0x230 [ 101.598845][ T5836] ? clear_bhb_loop+0x45/0xa0 [ 101.598871][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.598891][ T5836] RIP: 0033:0x7f480fb20c19 [ 101.598905][ T5836] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 101.598917][ T5836] RSP: 002b:00007ffc7edb3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 101.598933][ T5836] RAX: ffffffffffffffda RBX: 00007ffc7edb31b0 RCX: 00007f480fb20c19 [ 101.598944][ T5836] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 101.598952][ T5836] RBP: 0000000000000001 R08: 00007ffc7edb2f27 R09: 00007f480fadc1a8 [ 101.598962][ T5836] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc7edb31ac [ 101.598971][ T5836] R13: 00007ffc7edb31f0 R14: 00007ffc7edb31d0 R15: 0000000000000002 [ 101.598999][ T5836] [pid 5836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 103.678096][ T5142] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 103.678181][ T5833] Bluetooth: hci0: command 0x1003 tx timeout newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555635756f0 /* 3 entries */, 32768) = 80 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555635756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached , child_tidptr=0x555563574650) = 5838 [pid 5838] set_robust_list(0x555563574660, 24) = 0 [pid 5838] chdir("./3") = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5838] write(3, "1000", 4) = 4 [pid 5838] close(3) = 0 [pid 5838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5838] write(1, "executing program\n", 18executing program ) = 18 [pid 5838] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3 [pid 5838] ioctl(3, TIOCSETD, [15]) = 0 [pid 5838] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 5838] write(4, "3", 1) = 1 [ 103.924541][ T5838] FAULT_INJECTION: forcing a failure. [ 103.924541][ T5838] name failslab, interval 1, probability 0, space 0, times 0 [ 103.937368][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: syz-executor260 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 103.937394][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 103.937407][ T5838] Call Trace: [ 103.937415][ T5838] [ 103.937424][ T5838] dump_stack_lvl+0x241/0x360 [ 103.937458][ T5838] ? __pfx_dump_stack_lvl+0x10/0x10 [ 103.937489][ T5838] ? __pfx__printk+0x10/0x10 [ 103.937516][ T5838] ? fs_reclaim_acquire+0x93/0x130 [ 103.937542][ T5838] ? __pfx___might_resched+0x10/0x10 [ 103.937580][ T5838] should_fail_ex+0x40a/0x550 [ 103.937612][ T5838] should_failslab+0xac/0x100 [ 103.937648][ T5838] __kmalloc_cache_noprof+0x70/0x390 [ 103.937680][ T5838] ? tomoyo_init_log+0x1c1/0x20d0 [ 103.937711][ T5838] ? stack_depot_save_flags+0x37/0x940 [ 103.937741][ T5838] tomoyo_init_log+0x1c1/0x20d0 [ 103.937771][ T5838] ? string+0x270/0x2b0 [ 103.937791][ T5838] ? vsnprintf+0x1181/0x1220 [ 103.937820][ T5838] ? __pfx_tomoyo_init_log+0x10/0x10 [ 103.937841][ T5838] ? tomoyo_profile+0x11/0x50 [ 103.937863][ T5838] ? tomoyo_profile+0x11/0x50 [ 103.937895][ T5838] tomoyo_supervisor+0x3b2/0x1860 [ 103.937933][ T5838] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 103.937969][ T5838] ? tomoyo_realpath_from_path+0x5a9/0x5e0 [ 103.937993][ T5838] ? tomoyo_print_ulong+0x27/0xa0 [ 103.938011][ T5838] ? __pfx_snprintf+0x10/0x10 [ 103.938032][ T5838] ? tomoyo_check_acl+0x37e/0x3f0 [ 103.938057][ T5838] tomoyo_path_number_perm+0x538/0x770 [ 103.938083][ T5838] ? tomoyo_path_number_perm+0x209/0x770 [ 103.938105][ T5838] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 103.938142][ T5838] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 103.938198][ T5838] ? __pfx_ptrace_notify+0x10/0x10 [ 103.938223][ T5838] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 103.938250][ T5838] security_file_ioctl+0xc6/0x2a0 [ 103.938271][ T5838] __se_sys_ioctl+0x46/0x160 [ 103.938294][ T5838] do_syscall_64+0xf3/0x230 [ 103.938316][ T5838] ? clear_bhb_loop+0x45/0xa0 [ 103.938341][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.938361][ T5838] RIP: 0033:0x7f480fb20c19 [ 103.938376][ T5838] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 103.938388][ T5838] RSP: 002b:00007ffc7edb3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 103.938404][ T5838] RAX: ffffffffffffffda RBX: 00007ffc7edb31b0 RCX: 00007f480fb20c19 [pid 5838] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = 0 [pid 5838] exit_group(0) = ? [ 103.938415][ T5838] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 103.938424][ T5838] RBP: 0000000000000001 R08: 00007ffc7edb2f27 R09: 00007f480fadc1a8 [ 103.938434][ T5838] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc7edb31ac [ 103.938443][ T5838] R13: 00007ffc7edb31f0 R14: 00007ffc7edb31d0 R15: 0000000000000003 [ 103.938470][ T5838] [pid 5838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 106.238048][ T5142] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 106.238108][ T5833] Bluetooth: hci0: command 0x1003 tx timeout getdents64(3, 0x5555635756f0 /* 3 entries */, 32768) = 80 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555635756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached , child_tidptr=0x555563574650) = 5839 [pid 5839] set_robust_list(0x555563574660, 24) = 0 [pid 5839] chdir("./4") = 0 [pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5839] setpgid(0, 0) = 0 [pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5839] write(3, "1000", 4) = 4 [pid 5839] close(3) = 0 [pid 5839] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5839] write(1, "executing program\n", 18) = 18 [pid 5839] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3 [pid 5839] ioctl(3, TIOCSETD, [15]) = 0 [pid 5839] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 5839] write(4, "3", 1) = 1 [ 106.520033][ T5839] FAULT_INJECTION: forcing a failure. [ 106.520033][ T5839] name failslab, interval 1, probability 0, space 0, times 0 [ 106.532918][ T5839] CPU: 1 UID: 0 PID: 5839 Comm: syz-executor260 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 106.532937][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 106.532946][ T5839] Call Trace: [ 106.532952][ T5839] [ 106.532957][ T5839] dump_stack_lvl+0x241/0x360 [ 106.532983][ T5839] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.533000][ T5839] ? __pfx__printk+0x10/0x10 [ 106.533017][ T5839] ? fs_reclaim_acquire+0x93/0x130 [ 106.533036][ T5839] ? __pfx___might_resched+0x10/0x10 [ 106.533063][ T5839] should_fail_ex+0x40a/0x550 [ 106.533084][ T5839] should_failslab+0xac/0x100 [ 106.533108][ T5839] __kmalloc_cache_noprof+0x70/0x390 [ 106.533131][ T5839] ? tomoyo_init_log+0x1c1/0x20d0 [ 106.533151][ T5839] ? stack_depot_save_flags+0x37/0x940 [ 106.533171][ T5839] tomoyo_init_log+0x1c1/0x20d0 [ 106.533195][ T5839] ? string+0x270/0x2b0 [ 106.533214][ T5839] ? vsnprintf+0x1181/0x1220 [ 106.533243][ T5839] ? __pfx_tomoyo_init_log+0x10/0x10 [ 106.533263][ T5839] ? tomoyo_profile+0x11/0x50 [ 106.533284][ T5839] ? tomoyo_profile+0x11/0x50 [ 106.533315][ T5839] tomoyo_supervisor+0x3b2/0x1860 [ 106.533351][ T5839] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 106.533386][ T5839] ? tomoyo_realpath_from_path+0x5a9/0x5e0 [ 106.533410][ T5839] ? tomoyo_print_ulong+0x27/0xa0 [ 106.533427][ T5839] ? __pfx_snprintf+0x10/0x10 [ 106.533448][ T5839] ? tomoyo_check_acl+0x37e/0x3f0 [ 106.533472][ T5839] tomoyo_path_number_perm+0x538/0x770 [ 106.533497][ T5839] ? tomoyo_path_number_perm+0x209/0x770 [ 106.533518][ T5839] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 106.533554][ T5839] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 106.533602][ T5839] ? __pfx_ptrace_notify+0x10/0x10 [ 106.533627][ T5839] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 106.533653][ T5839] security_file_ioctl+0xc6/0x2a0 [ 106.533673][ T5839] __se_sys_ioctl+0x46/0x160 [ 106.533695][ T5839] do_syscall_64+0xf3/0x230 [ 106.533717][ T5839] ? clear_bhb_loop+0x45/0xa0 [ 106.533741][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.533760][ T5839] RIP: 0033:0x7f480fb20c19 [ 106.533774][ T5839] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 106.533785][ T5839] RSP: 002b:00007ffc7edb3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [pid 5839] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = 0 [pid 5839] exit_group(0) = ? [ 106.533800][ T5839] RAX: ffffffffffffffda RBX: 00007ffc7edb31b0 RCX: 00007f480fb20c19 [ 106.533811][ T5839] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 106.533819][ T5839] RBP: 0000000000000001 R08: 00007ffc7edb2f27 R09: 00007f480fadc1a8 [ 106.533828][ T5839] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc7edb31ac [ 106.533837][ T5839] R13: 00007ffc7edb31f0 R14: 00007ffc7edb31d0 R15: 0000000000000004 [ 106.533869][ T5839] [ 106.798982][ T1130] Bluetooth: Error in BCSP hdr checksum [pid 5839] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5839, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 108.557765][ T5833] Bluetooth: hci0: command 0x1003 tx timeout [ 108.557783][ T5142] Bluetooth: hci0: Opcode 0x1003 failed: -110 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555635756f0 /* 3 entries */, 32768) = 80 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555635756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5840 attached , child_tidptr=0x555563574650) = 5840 [pid 5840] set_robust_list(0x555563574660, 24) = 0 [pid 5840] chdir("./5") = 0 [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] setpgid(0, 0) = 0 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5840] write(3, "1000", 4) = 4 [pid 5840] close(3) = 0 [pid 5840] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5840] write(1, "executing program\n", 18) = 18 [pid 5840] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3 [pid 5840] ioctl(3, TIOCSETD, [15]) = 0 [pid 5840] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 5840] write(4, "3", 1) = 1 [pid 5840] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = 0 [ 108.846902][ T5840] FAULT_INJECTION: forcing a failure. [ 108.846902][ T5840] name failslab, interval 1, probability 0, space 0, times 0 [ 108.859901][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor260 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 108.859920][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 108.859929][ T5840] Call Trace: [ 108.859935][ T5840] [ 108.859941][ T5840] dump_stack_lvl+0x241/0x360 [ 108.859966][ T5840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 108.859984][ T5840] ? __pfx__printk+0x10/0x10 [ 108.860002][ T5840] ? fs_reclaim_acquire+0x93/0x130 [ 108.860022][ T5840] ? __pfx___might_resched+0x10/0x10 [ 108.860049][ T5840] should_fail_ex+0x40a/0x550 [ 108.860071][ T5840] should_failslab+0xac/0x100 [ 108.860097][ T5840] __kmalloc_cache_noprof+0x70/0x390 [ 108.860119][ T5840] ? tomoyo_init_log+0x1c1/0x20d0 [ 108.860141][ T5840] ? stack_depot_save_flags+0x37/0x940 [ 108.860161][ T5840] tomoyo_init_log+0x1c1/0x20d0 [ 108.860186][ T5840] ? string+0x270/0x2b0 [ 108.860206][ T5840] ? vsnprintf+0x1181/0x1220 [ 108.860236][ T5840] ? __pfx_tomoyo_init_log+0x10/0x10 [ 108.860257][ T5840] ? tomoyo_profile+0x11/0x50 [ 108.860278][ T5840] ? tomoyo_profile+0x11/0x50 [ 108.860310][ T5840] tomoyo_supervisor+0x3b2/0x1860 [ 108.860348][ T5840] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 108.860384][ T5840] ? tomoyo_realpath_from_path+0x5a9/0x5e0 [ 108.860408][ T5840] ? tomoyo_print_ulong+0x27/0xa0 [ 108.860426][ T5840] ? __pfx_snprintf+0x10/0x10 [ 108.860447][ T5840] ? tomoyo_check_acl+0x37e/0x3f0 [ 108.860473][ T5840] tomoyo_path_number_perm+0x538/0x770 [ 108.860498][ T5840] ? tomoyo_path_number_perm+0x209/0x770 [ 108.860520][ T5840] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 108.860558][ T5840] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 108.860614][ T5840] ? __pfx_ptrace_notify+0x10/0x10 [ 108.860640][ T5840] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 108.860667][ T5840] security_file_ioctl+0xc6/0x2a0 [ 108.860688][ T5840] __se_sys_ioctl+0x46/0x160 [ 108.860711][ T5840] do_syscall_64+0xf3/0x230 [ 108.860733][ T5840] ? clear_bhb_loop+0x45/0xa0 [ 108.860758][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.860778][ T5840] RIP: 0033:0x7f480fb20c19 [ 108.860792][ T5840] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 108.860804][ T5840] RSP: 002b:00007ffc7edb3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 108.860819][ T5840] RAX: ffffffffffffffda RBX: 00007ffc7edb31b0 RCX: 00007f480fb20c19 [ 108.860830][ T5840] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 108.860839][ T5840] RBP: 0000000000000001 R08: 00007ffc7edb2f27 R09: 00007f480fadc1a8 [ 108.860849][ T5840] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc7edb31ac [ 108.860858][ T5840] R13: 00007ffc7edb31f0 R14: 00007ffc7edb31d0 R15: 0000000000000005 [ 108.860885][ T5840] [pid 5840] exit_group(0) = ? [ 109.143935][ T11] Bluetooth: Error in BCSP hdr checksum [pid 5840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 110.877815][ T5833] Bluetooth: hci0: command 0x1003 tx timeout [ 110.877834][ T5142] Bluetooth: hci0: Opcode 0x1003 failed: -110 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555635756f0 /* 3 entries */, 32768) = 80 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555635756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5841 attached , child_tidptr=0x555563574650) = 5841 [pid 5841] set_robust_list(0x555563574660, 24) = 0 [pid 5841] chdir("./6") = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] setpgid(0, 0) = 0 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] write(3, "1000", 4) = 4 [pid 5841] close(3) = 0 [pid 5841] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5841] write(1, "executing program\n", 18) = 18 [pid 5841] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3 [pid 5841] ioctl(3, TIOCSETD, [15]) = 0 [pid 5841] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 5841] write(4, "3", 1) = 1 [ 111.231426][ T5841] FAULT_INJECTION: forcing a failure. [ 111.231426][ T5841] name failslab, interval 1, probability 0, space 0, times 0 [ 111.244359][ T5841] CPU: 1 UID: 0 PID: 5841 Comm: syz-executor260 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 111.244379][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 111.244388][ T5841] Call Trace: [ 111.244394][ T5841] [ 111.244400][ T5841] dump_stack_lvl+0x241/0x360 [ 111.244425][ T5841] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.244442][ T5841] ? __pfx__printk+0x10/0x10 [ 111.244461][ T5841] ? __kmalloc_noprof+0xb5/0x4c0 [ 111.244485][ T5841] ? __pfx___might_resched+0x10/0x10 [ 111.244513][ T5841] should_fail_ex+0x40a/0x550 [ 111.244535][ T5841] should_failslab+0xac/0x100 [ 111.244560][ T5841] __kmalloc_noprof+0xdd/0x4c0 [ 111.244582][ T5841] ? hci_alloc_dev_priv+0x27/0x2030 [ 111.244605][ T5841] hci_alloc_dev_priv+0x27/0x2030 [ 111.244624][ T5841] hci_uart_tty_ioctl+0x3f5/0xa00 [ 111.244650][ T5841] ? __pfx_hci_uart_tty_ioctl+0x10/0x10 [ 111.244676][ T5841] tty_ioctl+0x998/0xdc0 [ 111.244695][ T5841] ? __pfx_tty_ioctl+0x10/0x10 [ 111.244717][ T5841] __se_sys_ioctl+0xf1/0x160 [ 111.244739][ T5841] do_syscall_64+0xf3/0x230 [ 111.244762][ T5841] ? clear_bhb_loop+0x45/0xa0 [ 111.244787][ T5841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.244808][ T5841] RIP: 0033:0x7f480fb20c19 [ 111.244822][ T5841] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 111.244834][ T5841] RSP: 002b:00007ffc7edb3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 111.244850][ T5841] RAX: ffffffffffffffda RBX: 00007ffc7edb31b0 RCX: 00007f480fb20c19 [ 111.244860][ T5841] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 111.244869][ T5841] RBP: 0000000000000001 R08: 00007ffc7edb2f27 R09: 00007f480fadc1a8 [ 111.244879][ T5841] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc7edb31ac [pid 5841] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = -1 ENOMEM (Cannot allocate memory) [pid 5841] exit_group(0) = ? [ 111.244888][ T5841] R13: 00007ffc7edb31f0 R14: 00007ffc7edb31d0 R15: 0000000000000006 [ 111.244915][ T5841] [ 111.244923][ T5841] Bluetooth: Can't allocate HCI device [ 111.456097][ T5841] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000029: 0000 [#1] PREEMPT SMP KASAN PTI [ 111.468714][ T5841] KASAN: null-ptr-deref in range [0x0000000000000148-0x000000000000014f] [ 111.477146][ T5841] CPU: 1 UID: 0 PID: 5841 Comm: syz-executor260 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 111.487739][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 111.497793][ T5841] RIP: 0010:__lock_acquire+0x6a/0x2100 [ 111.503263][ T5841] Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d 2b c3 a0 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 58 6c 8c 00 48 be 00 00 00 00 00 fc [ 111.522877][ T5841] RSP: 0018:ffffc900042bf6d0 EFLAGS: 00010002 [ 111.528945][ T5841] RAX: 0000000000000029 RBX: 0000000000000000 RCX: 0000000000000000 [ 111.536913][ T5841] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000148 [ 111.544893][ T5841] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001 [ 111.552876][ T5841] R10: dffffc0000000000 R11: fffffbfff207b48f R12: ffff88805040bc00 [ 111.560943][ T5841] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000148 [ 111.568920][ T5841] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 111.577862][ T5841] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.584448][ T5841] CR2: 00007f480fb76243 CR3: 000000000e938000 CR4: 00000000003526f0 [ 111.592431][ T5841] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 111.600419][ T5841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 111.608407][ T5841] Call Trace: [ 111.611690][ T5841] [ 111.614623][ T5841] ? __die_body+0x5f/0xb0 [ 111.618968][ T5841] ? die_addr+0xb0/0xe0 [ 111.623135][ T5841] ? exc_general_protection+0x3dd/0x5d0 [ 111.628693][ T5841] ? asm_exc_general_protection+0x26/0x30 [ 111.634426][ T5841] ? __lock_acquire+0x6a/0x2100 [ 111.639295][ T5841] ? __pfx_lock_release+0x10/0x10 [ 111.644362][ T5841] ? rcu_read_lock_any_held+0x8d/0x160 [ 111.649845][ T5841] lock_acquire+0x1ed/0x550 [ 111.654362][ T5841] ? __timer_delete_sync+0x12f/0x310 [ 111.659659][ T5841] ? rcu_is_watching+0x15/0xb0 [ 111.664430][ T5841] ? __pfx_lock_acquire+0x10/0x10 [ 111.669461][ T5841] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 111.675452][ T5841] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 111.681793][ T5841] ? __timer_delete_sync+0x12f/0x310 [ 111.687086][ T5841] __timer_delete_sync+0x148/0x310 [ 111.692214][ T5841] ? __timer_delete_sync+0x12f/0x310 [ 111.697518][ T5841] ? __pfx___timer_delete_sync+0x10/0x10 [ 111.703165][ T5841] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 111.709156][ T5841] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 111.715517][ T5841] bcsp_close+0x4c/0x130 [ 111.719804][ T5841] hci_uart_tty_close+0x205/0x290 [ 111.724858][ T5841] tty_ldisc_kill+0xa3/0x1a0 [ 111.729468][ T5841] tty_ldisc_release+0x1a1/0x200 [ 111.734425][ T5841] tty_release_struct+0x2b/0xe0 [ 111.739287][ T5841] tty_release+0xd06/0x12c0 [ 111.743804][ T5841] ? __pfx_tty_release+0x10/0x10 [ 111.748750][ T5841] __fput+0x3e9/0x9f0 [ 111.752743][ T5841] task_work_run+0x24f/0x310 [ 111.757363][ T5841] ? __pfx_task_work_run+0x10/0x10 [ 111.762495][ T5841] ? switch_task_namespaces+0xe4/0x110 [ 111.767984][ T5841] do_exit+0xa2a/0x28e0 [ 111.772174][ T5841] ? __pfx_do_exit+0x10/0x10 [ 111.776785][ T5841] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 111.782783][ T5841] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 111.789229][ T5841] ? _raw_spin_unlock_irq+0x23/0x50 [ 111.794447][ T5841] ? lockdep_hardirqs_on+0x99/0x150 [ 111.799654][ T5841] do_group_exit+0x207/0x2c0 [ 111.804260][ T5841] __x64_sys_exit_group+0x3f/0x40 [ 111.809310][ T5841] x64_sys_call+0x26c3/0x26d0 [ 111.814000][ T5841] do_syscall_64+0xf3/0x230 [ 111.818513][ T5841] ? clear_bhb_loop+0x45/0xa0 [ 111.823204][ T5841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.829106][ T5841] RIP: 0033:0x7f480fb1eb79 [ 111.833520][ T5841] Code: Unable to access opcode bytes at 0x7f480fb1eb4f. [ 111.840534][ T5841] RSP: 002b:00007ffc7edb3128 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 111.848952][ T5841] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f480fb1eb79 [ 111.856927][ T5841] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 111.864900][ T5841] RBP: 00007f480fb92350 R08: ffffffffffffffb8 R09: 00007f480fadc1a8 [ 111.872874][ T5841] R10: 0000000000000001 R11: 0000000000000246 R12: 00007f480fb92350 [ 111.880849][ T5841] R13: 0000000000000000 R14: 00007f480fb92da0 R15: 00007f480fae8220 [ 111.888840][ T5841] [ 111.891858][ T5841] Modules linked in: [ 111.895774][ T5841] ---[ end trace 0000000000000000 ]--- [ 111.901231][ T5841] RIP: 0010:__lock_acquire+0x6a/0x2100 [ 111.906708][ T5841] Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d 2b c3 a0 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 58 6c 8c 00 48 be 00 00 00 00 00 fc [ 111.926314][ T5841] RSP: 0018:ffffc900042bf6d0 EFLAGS: 00010002 [ 111.932382][ T5841] RAX: 0000000000000029 RBX: 0000000000000000 RCX: 0000000000000000 [ 111.940352][ T5841] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000148 [ 111.948323][ T5841] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001 [ 111.956295][ T5841] R10: dffffc0000000000 R11: fffffbfff207b48f R12: ffff88805040bc00 [ 111.964273][ T5841] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000148 [ 111.972241][ T5841] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 111.981175][ T5841] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.987761][ T5841] CR2: 00007f480fb76243 CR3: 000000000e938000 CR4: 00000000003526f0 [ 111.995735][ T5841] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 112.003706][ T5841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 112.011688][ T5841] Kernel panic - not syncing: Fatal exception [ 112.018029][ T5841] Kernel Offset: disabled [ 112.022351][ T5841] Rebooting in 86400 seconds..