./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2469439695

<...>
[   97.308867][  T975] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.96' (ED25519) to the list of known hosts.
execve("./syz-executor2469439695", ["./syz-executor2469439695"], 0x7fff03e46980 /* 10 vars */) = 0
brk(NULL)                               = 0x55558a5dc000
brk(0x55558a5dcd00)                     = 0x55558a5dcd00
arch_prctl(ARCH_SET_FS, 0x55558a5dc380) = 0
set_tid_address(0x55558a5dc650)         = 5833
set_robust_list(0x55558a5dc660, 24)     = 0
rseq(0x55558a5dcca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2469439695", 4096) = 28
getrandom("\xd8\x48\x76\x22\x9c\x5e\xc9\x4b", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558a5dcd00
brk(0x55558a5fdd00)                     = 0x55558a5fdd00
brk(0x55558a5fe000)                     = 0x55558a5fe000
mprotect(0x7f7d8d9e0000, 16384, PROT_READ) = 0
mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000
mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000
mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000
openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
mkdir("./syzkaller.FaHfOI", 0700)       = 0
chmod("./syzkaller.FaHfOI", 0777)       = 0
chdir("./syzkaller.FaHfOI")             = 0
mkdir("./0", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5834 attached
 <unfinished ...>
[pid  5834] set_robust_list(0x55558a5dc660, 24 <unfinished ...>
[pid  5833] <... clone resumed>, child_tidptr=0x55558a5dc650) = 5834
[pid  5834] <... set_robust_list resumed>) = 0
[pid  5834] chdir("./0")                = 0
[pid  5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5834] setpgid(0, 0)               = 0
[pid  5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5834] write(3, "1000", 4)         = 4
[pid  5834] close(3)                    = 0
[pid  5834] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5834] write(1, "executing program\n", 18executing program
) = 18
[pid  5834] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3
[pid  5834] ioctl(3, TIOCSETD, [15])    = 0
[pid  5834] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5834] write(4, "3", 1)            = 1
[   99.040658][ T5834] FAULT_INJECTION: forcing a failure.
[   99.040658][ T5834] name failslab, interval 1, probability 0, space 0, times 1
[   99.053380][ T5834] CPU: 0 UID: 0 PID: 5834 Comm: syz-executor246 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0
[   99.053411][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   99.053422][ T5834] Call Trace:
[   99.053428][ T5834]  <TASK>
[   99.053433][ T5834]  dump_stack_lvl+0x241/0x360
[   99.053469][ T5834]  ? __pfx_dump_stack_lvl+0x10/0x10
[   99.053484][ T5834]  ? __pfx__printk+0x10/0x10
[   99.053499][ T5834]  ? fs_reclaim_acquire+0x93/0x130
[   99.053516][ T5834]  ? __pfx___might_resched+0x10/0x10
[   99.053539][ T5834]  should_fail_ex+0x40a/0x550
[   99.053579][ T5834]  should_failslab+0xac/0x100
[   99.053603][ T5834]  __kmalloc_cache_noprof+0x70/0x390
[   99.053623][ T5834]  ? tomoyo_init_log+0x1c1/0x20d0
[   99.053643][ T5834]  ? stack_depot_save_flags+0x37/0x940
[   99.053661][ T5834]  tomoyo_init_log+0x1c1/0x20d0
[   99.053684][ T5834]  ? string+0x270/0x2b0
[   99.053705][ T5834]  ? vsnprintf+0x1181/0x1220
[   99.053732][ T5834]  ? __pfx_tomoyo_init_log+0x10/0x10
[   99.053762][ T5834]  ? tomoyo_profile+0x11/0x50
[   99.053780][ T5834]  ? tomoyo_profile+0x11/0x50
[   99.053807][ T5834]  tomoyo_supervisor+0x3b2/0x1860
[   99.053838][ T5834]  ? __pfx_tomoyo_supervisor+0x10/0x10
[   99.053869][ T5834]  ? tomoyo_realpath_from_path+0x5a9/0x5e0
[   99.053890][ T5834]  ? tomoyo_print_ulong+0x27/0xa0
[   99.053904][ T5834]  ? __pfx_snprintf+0x10/0x10
[   99.053922][ T5834]  ? tomoyo_check_acl+0x37e/0x3f0
[   99.053943][ T5834]  tomoyo_path_number_perm+0x538/0x770
[   99.053965][ T5834]  ? tomoyo_path_number_perm+0x209/0x770
[   99.053983][ T5834]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   99.054015][ T5834]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   99.054057][ T5834]  ? __pfx_ptrace_notify+0x10/0x10
[   99.054078][ T5834]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   99.054125][ T5834]  security_file_ioctl+0xc6/0x2a0
[   99.054152][ T5834]  __se_sys_ioctl+0x46/0x160
[   99.054183][ T5834]  do_syscall_64+0xf3/0x230
[   99.054204][ T5834]  ? clear_bhb_loop+0x45/0xa0
[   99.054227][ T5834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.054245][ T5834] RIP: 0033:0x7f7d8d974c19
[   99.054261][ T5834] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   99.054272][ T5834] RSP: 002b:00007ffc19740868 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   99.054286][ T5834] RAX: ffffffffffffffda RBX: 00007ffc19740890 RCX: 00007f7d8d974c19
[pid  5834] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = 0
[pid  5834] exit_group(0)               = ?
[   99.054296][ T5834] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003
[   99.054304][ T5834] RBP: 0000000000000001 R08: 00007ffc19740607 R09: 00007f7d8d9301a8
[   99.054312][ T5834] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[   99.054320][ T5834] R13: 00007ffc19740c28 R14: 00007ffc197408b0 R15: 0000000000000000
[   99.054345][ T5834]  </TASK>
[pid  5834] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[  101.386343][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5dd6f0 /* 3 entries */, 32768) = 80
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs")                  = 0
getdents64(3, 0x55558a5dd6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached
, child_tidptr=0x55558a5dc650) = 5836
[pid  5836] set_robust_list(0x55558a5dc660, 24) = 0
[pid  5836] chdir("./1")                = 0
[pid  5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5836] setpgid(0, 0)               = 0
[pid  5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5836] write(3, "1000", 4)         = 4
[pid  5836] close(3)                    = 0
[pid  5836] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5836] write(1, "executing program\n", 18executing program
) = 18
[pid  5836] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3
[pid  5836] ioctl(3, TIOCSETD, [15])    = 0
[pid  5836] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5836] write(4, "3", 1)            = 1
[pid  5836] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = 0
[  101.735814][ T5836] FAULT_INJECTION: forcing a failure.
[  101.735814][ T5836] name failslab, interval 1, probability 0, space 0, times 0
[  101.748627][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: syz-executor246 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0
[  101.748646][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  101.748655][ T5836] Call Trace:
[  101.748661][ T5836]  <TASK>
[  101.748667][ T5836]  dump_stack_lvl+0x241/0x360
[  101.748692][ T5836]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.748710][ T5836]  ? __pfx__printk+0x10/0x10
[  101.748728][ T5836]  ? fs_reclaim_acquire+0x93/0x130
[  101.748747][ T5836]  ? __pfx___might_resched+0x10/0x10
[  101.748775][ T5836]  should_fail_ex+0x40a/0x550
[  101.748797][ T5836]  should_failslab+0xac/0x100
[  101.748823][ T5836]  __kmalloc_cache_noprof+0x70/0x390
[  101.748845][ T5836]  ? tomoyo_init_log+0x1c1/0x20d0
[  101.748867][ T5836]  ? stack_depot_save_flags+0x37/0x940
[  101.748887][ T5836]  tomoyo_init_log+0x1c1/0x20d0
[  101.748912][ T5836]  ? string+0x270/0x2b0
[  101.748932][ T5836]  ? vsnprintf+0x1181/0x1220
[  101.748970][ T5836]  ? __pfx_tomoyo_init_log+0x10/0x10
[  101.748991][ T5836]  ? tomoyo_profile+0x11/0x50
[  101.749013][ T5836]  ? tomoyo_profile+0x11/0x50
[  101.749045][ T5836]  tomoyo_supervisor+0x3b2/0x1860
[  101.749082][ T5836]  ? __pfx_tomoyo_supervisor+0x10/0x10
[  101.749130][ T5836]  ? tomoyo_realpath_from_path+0x5a9/0x5e0
[  101.749154][ T5836]  ? tomoyo_print_ulong+0x27/0xa0
[  101.749171][ T5836]  ? __pfx_snprintf+0x10/0x10
[  101.749211][ T5836]  ? tomoyo_check_acl+0x37e/0x3f0
[  101.749236][ T5836]  tomoyo_path_number_perm+0x538/0x770
[  101.749261][ T5836]  ? tomoyo_path_number_perm+0x209/0x770
[  101.749283][ T5836]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  101.749321][ T5836]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  101.749370][ T5836]  ? __pfx_ptrace_notify+0x10/0x10
[  101.749395][ T5836]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  101.749422][ T5836]  security_file_ioctl+0xc6/0x2a0
[  101.749443][ T5836]  __se_sys_ioctl+0x46/0x160
[  101.749465][ T5836]  do_syscall_64+0xf3/0x230
[  101.749488][ T5836]  ? clear_bhb_loop+0x45/0xa0
[  101.749512][ T5836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.749532][ T5836] RIP: 0033:0x7f7d8d974c19
[  101.749546][ T5836] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  101.749558][ T5836] RSP: 002b:00007ffc19740868 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[pid  5836] exit_group(0)               = ?
[  101.749573][ T5836] RAX: ffffffffffffffda RBX: 00007ffc19740890 RCX: 00007f7d8d974c19
[  101.749585][ T5836] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003
[  101.749594][ T5836] RBP: 0000000000000001 R08: 00007ffc19740607 R09: 00007f7d8d9301a8
[  101.749603][ T5836] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc1974088c
[  101.749613][ T5836] R13: 00007ffc197408d0 R14: 00007ffc197408b0 R15: 0000000000000001
[  101.749640][ T5836]  </TASK>
[pid  5836] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} ---
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[  103.786369][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  103.787691][ T5143] Bluetooth: hci0: command 0x1003 tx timeout
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5dd6f0 /* 3 entries */, 32768) = 80
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs")                  = 0
getdents64(3, 0x55558a5dd6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5837 attached
, child_tidptr=0x55558a5dc650) = 5837
[pid  5837] set_robust_list(0x55558a5dc660, 24) = 0
[pid  5837] chdir("./2")                = 0
[pid  5837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5837] setpgid(0, 0)               = 0
[pid  5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5837] write(3, "1000", 4)         = 4
[pid  5837] close(3)                    = 0
[pid  5837] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5837] write(1, "executing program\n", 18executing program
) = 18
[pid  5837] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3
[pid  5837] ioctl(3, TIOCSETD, [15])    = 0
[pid  5837] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5837] write(4, "3", 1)            = 1
[pid  5837] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = 0
[  104.057093][ T5837] FAULT_INJECTION: forcing a failure.
[  104.057093][ T5837] name failslab, interval 1, probability 0, space 0, times 0
[  104.069818][ T5837] CPU: 0 UID: 0 PID: 5837 Comm: syz-executor246 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0
[  104.069834][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  104.069841][ T5837] Call Trace:
[  104.069846][ T5837]  <TASK>
[  104.069852][ T5837]  dump_stack_lvl+0x241/0x360
[  104.069873][ T5837]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.069888][ T5837]  ? __pfx__printk+0x10/0x10
[  104.069903][ T5837]  ? fs_reclaim_acquire+0x93/0x130
[  104.069920][ T5837]  ? __pfx___might_resched+0x10/0x10
[  104.069944][ T5837]  should_fail_ex+0x40a/0x550
[  104.069963][ T5837]  should_failslab+0xac/0x100
[  104.069984][ T5837]  __kmalloc_cache_noprof+0x70/0x390
[  104.070003][ T5837]  ? tomoyo_init_log+0x1c1/0x20d0
[  104.070022][ T5837]  ? stack_depot_save_flags+0x37/0x940
[  104.070039][ T5837]  tomoyo_init_log+0x1c1/0x20d0
[  104.070060][ T5837]  ? string+0x270/0x2b0
[  104.070077][ T5837]  ? vsnprintf+0x1181/0x1220
[  104.070102][ T5837]  ? __pfx_tomoyo_init_log+0x10/0x10
[  104.070121][ T5837]  ? tomoyo_profile+0x11/0x50
[  104.070139][ T5837]  ? tomoyo_profile+0x11/0x50
[  104.070166][ T5837]  tomoyo_supervisor+0x3b2/0x1860
[  104.070198][ T5837]  ? __pfx_tomoyo_supervisor+0x10/0x10
[  104.070248][ T5837]  ? tomoyo_realpath_from_path+0x5a9/0x5e0
[  104.070270][ T5837]  ? tomoyo_print_ulong+0x27/0xa0
[  104.070286][ T5837]  ? __pfx_snprintf+0x10/0x10
[  104.070305][ T5837]  ? tomoyo_check_acl+0x37e/0x3f0
[  104.070328][ T5837]  tomoyo_path_number_perm+0x538/0x770
[  104.070350][ T5837]  ? tomoyo_path_number_perm+0x209/0x770
[  104.070370][ T5837]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  104.070404][ T5837]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  104.070448][ T5837]  ? __pfx_ptrace_notify+0x10/0x10
[  104.070471][ T5837]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  104.070495][ T5837]  security_file_ioctl+0xc6/0x2a0
[  104.070514][ T5837]  __se_sys_ioctl+0x46/0x160
[  104.070534][ T5837]  do_syscall_64+0xf3/0x230
[  104.070554][ T5837]  ? clear_bhb_loop+0x45/0xa0
[  104.070576][ T5837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.070594][ T5837] RIP: 0033:0x7f7d8d974c19
[  104.070607][ T5837] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  104.070618][ T5837] RSP: 002b:00007ffc19740868 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[pid  5837] exit_group(0)               = ?
[  104.070632][ T5837] RAX: ffffffffffffffda RBX: 00007ffc19740890 RCX: 00007f7d8d974c19
[  104.070641][ T5837] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003
[  104.070655][ T5837] RBP: 0000000000000001 R08: 00007ffc19740607 R09: 00007f7d8d9301a8
[  104.070663][ T5837] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc1974088c
[  104.070671][ T5837] R13: 00007ffc197408d0 R14: 00007ffc197408b0 R15: 0000000000000002
[  104.070696][ T5837]  </TASK>
[pid  5837] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[  106.106224][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5dd6f0 /* 3 entries */, 32768) = 80
umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs")                  = 0
getdents64(3, 0x55558a5dd6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached
, child_tidptr=0x55558a5dc650) = 5838
[pid  5838] set_robust_list(0x55558a5dc660, 24) = 0
[pid  5838] chdir("./3")                = 0
[pid  5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5838] setpgid(0, 0)               = 0
[pid  5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5838] write(3, "1000", 4)         = 4
[pid  5838] close(3)                    = 0
[pid  5838] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid  5838] write(1, "executing program\n", 18) = 18
[pid  5838] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3
[pid  5838] ioctl(3, TIOCSETD, [15])    = 0
[pid  5838] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5838] write(4, "3", 1)            = 1
[pid  5838] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = 0
[pid  5838] exit_group(0)               = ?
[  106.398012][ T5838] FAULT_INJECTION: forcing a failure.
[  106.398012][ T5838] name failslab, interval 1, probability 0, space 0, times 0
[  106.410895][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: syz-executor246 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0
[  106.410913][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  106.410922][ T5838] Call Trace:
[  106.410927][ T5838]  <TASK>
[  106.410933][ T5838]  dump_stack_lvl+0x241/0x360
[  106.410958][ T5838]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.410975][ T5838]  ? __pfx__printk+0x10/0x10
[  106.410993][ T5838]  ? fs_reclaim_acquire+0x93/0x130
[  106.411012][ T5838]  ? __pfx___might_resched+0x10/0x10
[  106.411039][ T5838]  should_fail_ex+0x40a/0x550
[  106.411060][ T5838]  should_failslab+0xac/0x100
[  106.411085][ T5838]  __kmalloc_cache_noprof+0x70/0x390
[  106.411107][ T5838]  ? tomoyo_init_log+0x1c1/0x20d0
[  106.411128][ T5838]  ? stack_depot_save_flags+0x37/0x940
[  106.411148][ T5838]  tomoyo_init_log+0x1c1/0x20d0
[  106.411172][ T5838]  ? string+0x270/0x2b0
[  106.411191][ T5838]  ? vsnprintf+0x1181/0x1220
[  106.411220][ T5838]  ? __pfx_tomoyo_init_log+0x10/0x10
[  106.411240][ T5838]  ? tomoyo_profile+0x11/0x50
[  106.411261][ T5838]  ? tomoyo_profile+0x11/0x50
[  106.411292][ T5838]  tomoyo_supervisor+0x3b2/0x1860
[  106.411328][ T5838]  ? __pfx_tomoyo_supervisor+0x10/0x10
[  106.411363][ T5838]  ? tomoyo_realpath_from_path+0x5a9/0x5e0
[  106.411386][ T5838]  ? tomoyo_print_ulong+0x27/0xa0
[  106.411403][ T5838]  ? __pfx_snprintf+0x10/0x10
[  106.411424][ T5838]  ? tomoyo_check_acl+0x37e/0x3f0
[  106.411448][ T5838]  tomoyo_path_number_perm+0x538/0x770
[  106.411472][ T5838]  ? tomoyo_path_number_perm+0x209/0x770
[  106.411500][ T5838]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  106.411556][ T5838]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  106.411605][ T5838]  ? __pfx_ptrace_notify+0x10/0x10
[  106.411630][ T5838]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  106.411657][ T5838]  security_file_ioctl+0xc6/0x2a0
[  106.411678][ T5838]  __se_sys_ioctl+0x46/0x160
[  106.411700][ T5838]  do_syscall_64+0xf3/0x230
[  106.411723][ T5838]  ? clear_bhb_loop+0x45/0xa0
[  106.411748][ T5838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.411768][ T5838] RIP: 0033:0x7f7d8d974c19
[  106.411781][ T5838] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  106.411793][ T5838] RSP: 002b:00007ffc19740868 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  106.411809][ T5838] RAX: ffffffffffffffda RBX: 00007ffc19740890 RCX: 00007f7d8d974c19
[  106.411820][ T5838] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003
[  106.411829][ T5838] RBP: 0000000000000001 R08: 00007ffc19740607 R09: 00007f7d8d9301a8
[  106.411838][ T5838] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc1974088c
[  106.411847][ T5838] R13: 00007ffc197408d0 R14: 00007ffc197408b0 R15: 0000000000000003
[  106.411875][ T5838]  </TASK>
[pid  5838] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[  108.426200][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
getdents64(3, 0x55558a5dd6f0 /* 3 entries */, 32768) = 80
umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs")                  = 0
getdents64(3, 0x55558a5dd6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./3")                            = 0
mkdir("./4", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached
, child_tidptr=0x55558a5dc650) = 5839
[pid  5839] set_robust_list(0x55558a5dc660, 24) = 0
[pid  5839] chdir("./4")                = 0
[pid  5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5839] setpgid(0, 0)               = 0
[pid  5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5839] write(3, "1000", 4)         = 4
[pid  5839] close(3)                    = 0
[pid  5839] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5839] write(1, "executing program\n", 18) = 18
[pid  5839] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3
[pid  5839] ioctl(3, TIOCSETD, [15])    = 0
[pid  5839] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5839] write(4, "3", 1)            = 1
[  108.736823][ T5839] FAULT_INJECTION: forcing a failure.
[  108.736823][ T5839] name failslab, interval 1, probability 0, space 0, times 0
[  108.749559][ T5839] CPU: 0 UID: 0 PID: 5839 Comm: syz-executor246 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0
[  108.749580][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  108.749595][ T5839] Call Trace:
[  108.749602][ T5839]  <TASK>
[  108.749609][ T5839]  dump_stack_lvl+0x241/0x360
[  108.749639][ T5839]  ? __pfx_dump_stack_lvl+0x10/0x10
[  108.749659][ T5839]  ? __pfx__printk+0x10/0x10
[  108.749681][ T5839]  ? fs_reclaim_acquire+0x93/0x130
[  108.749704][ T5839]  ? __pfx___might_resched+0x10/0x10
[  108.749735][ T5839]  should_fail_ex+0x40a/0x550
[  108.749763][ T5839]  should_failslab+0xac/0x100
[  108.749795][ T5839]  __kmalloc_noprof+0xdd/0x4c0
[  108.749820][ T5839]  ? tomoyo_encode+0x26f/0x540
[  108.749854][ T5839]  tomoyo_encode+0x26f/0x540
[  108.749880][ T5839]  tomoyo_realpath_from_path+0x59e/0x5e0
[  108.749911][ T5839]  tomoyo_path_number_perm+0x239/0x770
[  108.749933][ T5839]  ? tomoyo_path_number_perm+0x209/0x770
[  108.749952][ T5839]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  108.749983][ T5839]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  108.750025][ T5839]  ? __pfx_ptrace_notify+0x10/0x10
[  108.750046][ T5839]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  108.750069][ T5839]  security_file_ioctl+0xc6/0x2a0
[  108.750086][ T5839]  __se_sys_ioctl+0x46/0x160
[  108.750105][ T5839]  do_syscall_64+0xf3/0x230
[  108.750124][ T5839]  ? clear_bhb_loop+0x45/0xa0
[  108.750146][ T5839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.750164][ T5839] RIP: 0033:0x7f7d8d974c19
[  108.750177][ T5839] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  108.750187][ T5839] RSP: 002b:00007ffc19740868 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  108.750200][ T5839] RAX: ffffffffffffffda RBX: 00007ffc19740890 RCX: 00007f7d8d974c19
[pid  5839] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = 0
[pid  5839] exit_group(0)               = ?
[  108.750210][ T5839] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003
[  108.750217][ T5839] RBP: 0000000000000001 R08: 00007ffc19740607 R09: 00007f7d8d9301a8
[  108.750225][ T5839] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc1974088c
[  108.750233][ T5839] R13: 00007ffc197408d0 R14: 00007ffc197408b0 R15: 0000000000000004
[  108.750256][ T5839]  </TASK>
[  108.750272][ T5839] ERROR: Out of memory at tomoyo_realpath_from_path.
[pid  5839] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5839, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} ---
umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[  110.996602][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  110.996620][ T5143] Bluetooth: hci0: command 0x1003 tx timeout
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5dd6f0 /* 3 entries */, 32768) = 80
umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs")                  = 0
getdents64(3, 0x55558a5dd6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./4")                            = 0
mkdir("./5", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5840 attached
, child_tidptr=0x55558a5dc650) = 5840
[pid  5840] set_robust_list(0x55558a5dc660, 24) = 0
[pid  5840] chdir("./5")                = 0
[pid  5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5840] setpgid(0, 0)               = 0
[pid  5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5840] write(3, "1000", 4)         = 4
[pid  5840] close(3)                    = 0
[pid  5840] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5840] write(1, "executing program\n", 18) = 18
[pid  5840] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3
[pid  5840] ioctl(3, TIOCSETD, [15])    = 0
[pid  5840] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5840] write(4, "3", 1)            = 1
[  111.262196][ T5840] FAULT_INJECTION: forcing a failure.
[  111.262196][ T5840] name failslab, interval 1, probability 0, space 0, times 0
[  111.275062][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor246 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0
[  111.275080][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  111.275089][ T5840] Call Trace:
[  111.275094][ T5840]  <TASK>
[  111.275101][ T5840]  dump_stack_lvl+0x241/0x360
[  111.275124][ T5840]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.275151][ T5840]  ? __pfx__printk+0x10/0x10
[  111.275173][ T5840]  ? fs_reclaim_acquire+0x93/0x130
[  111.275190][ T5840]  ? __pfx___might_resched+0x10/0x10
[  111.275214][ T5840]  should_fail_ex+0x40a/0x550
[  111.275232][ T5840]  should_failslab+0xac/0x100
[  111.275254][ T5840]  __kmalloc_cache_noprof+0x70/0x390
[  111.275273][ T5840]  ? tomoyo_init_log+0x1c1/0x20d0
[  111.275291][ T5840]  ? stack_depot_save_flags+0x37/0x940
[  111.275308][ T5840]  tomoyo_init_log+0x1c1/0x20d0
[  111.275330][ T5840]  ? string+0x270/0x2b0
[  111.275347][ T5840]  ? vsnprintf+0x1181/0x1220
[  111.275372][ T5840]  ? __pfx_tomoyo_init_log+0x10/0x10
[  111.275390][ T5840]  ? tomoyo_profile+0x11/0x50
[  111.275408][ T5840]  ? tomoyo_profile+0x11/0x50
[  111.275435][ T5840]  tomoyo_supervisor+0x3b2/0x1860
[  111.275466][ T5840]  ? __pfx_tomoyo_supervisor+0x10/0x10
[  111.275497][ T5840]  ? tomoyo_realpath_from_path+0x5a9/0x5e0
[  111.275518][ T5840]  ? tomoyo_print_ulong+0x27/0xa0
[  111.275532][ T5840]  ? __pfx_snprintf+0x10/0x10
[  111.275550][ T5840]  ? tomoyo_check_acl+0x37e/0x3f0
[  111.275571][ T5840]  tomoyo_path_number_perm+0x538/0x770
[  111.275593][ T5840]  ? tomoyo_path_number_perm+0x209/0x770
[  111.275611][ T5840]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  111.275643][ T5840]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  111.275684][ T5840]  ? __pfx_ptrace_notify+0x10/0x10
[  111.275723][ T5840]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  111.275760][ T5840]  security_file_ioctl+0xc6/0x2a0
[  111.275777][ T5840]  __se_sys_ioctl+0x46/0x160
[  111.275805][ T5840]  do_syscall_64+0xf3/0x230
[  111.275824][ T5840]  ? clear_bhb_loop+0x45/0xa0
[  111.275846][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.275863][ T5840] RIP: 0033:0x7f7d8d974c19
[  111.275875][ T5840] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  111.275884][ T5840] RSP: 002b:00007ffc19740868 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  111.275898][ T5840] RAX: ffffffffffffffda RBX: 00007ffc19740890 RCX: 00007f7d8d974c19
[pid  5840] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = 0
[pid  5840] exit_group(0)               = ?
[  111.275907][ T5840] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003
[  111.275916][ T5840] RBP: 0000000000000001 R08: 00007ffc19740607 R09: 00007f7d8d9301a8
[  111.275924][ T5840] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc1974088c
[  111.275931][ T5840] R13: 00007ffc197408d0 R14: 00007ffc197408b0 R15: 0000000000000005
[  111.275955][ T5840]  </TASK>
[pid  5840] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[  113.626296][ T5143] Bluetooth: hci0: command 0x1003 tx timeout
[  113.626314][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5dd6f0 /* 3 entries */, 32768) = 80
umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs")                  = 0
getdents64(3, 0x55558a5dd6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./5")                            = 0
mkdir("./6", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5841 attached
, child_tidptr=0x55558a5dc650) = 5841
[pid  5841] set_robust_list(0x55558a5dc660, 24) = 0
[pid  5841] chdir("./6")                = 0
[pid  5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5841] setpgid(0, 0)               = 0
[pid  5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5841] write(3, "1000", 4)         = 4
[pid  5841] close(3)                    = 0
[pid  5841] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5841] write(1, "executing program\n", 18) = 18
[pid  5841] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY|O_EXCL|O_CLOEXEC) = 3
[pid  5841] ioctl(3, TIOCSETD, [15])    = 0
[pid  5841] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5841] write(4, "3", 1)            = 1
[  113.933336][ T5841] FAULT_INJECTION: forcing a failure.
[  113.933336][ T5841] name failslab, interval 1, probability 0, space 0, times 0
[  113.946537][ T5841] CPU: 1 UID: 0 PID: 5841 Comm: syz-executor246 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0
[  113.946560][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  113.946571][ T5841] Call Trace:
[  113.946579][ T5841]  <TASK>
[  113.946587][ T5841]  dump_stack_lvl+0x241/0x360
[  113.946621][ T5841]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.946650][ T5841]  ? __pfx__printk+0x10/0x10
[  113.946668][ T5841]  ? __kmalloc_noprof+0xb5/0x4c0
[  113.946692][ T5841]  ? __pfx___might_resched+0x10/0x10
[  113.946719][ T5841]  should_fail_ex+0x40a/0x550
[  113.946740][ T5841]  should_failslab+0xac/0x100
[  113.946764][ T5841]  __kmalloc_noprof+0xdd/0x4c0
[  113.946786][ T5841]  ? hci_alloc_dev_priv+0x27/0x2030
[  113.946807][ T5841]  hci_alloc_dev_priv+0x27/0x2030
[  113.946826][ T5841]  hci_uart_tty_ioctl+0x3f5/0xa00
[  113.946863][ T5841]  ? __pfx_hci_uart_tty_ioctl+0x10/0x10
[  113.946885][ T5841]  tty_ioctl+0x998/0xdc0
[  113.946903][ T5841]  ? __pfx_tty_ioctl+0x10/0x10
[  113.946922][ T5841]  __se_sys_ioctl+0xf1/0x160
[  113.946942][ T5841]  do_syscall_64+0xf3/0x230
[  113.946963][ T5841]  ? clear_bhb_loop+0x45/0xa0
[  113.946986][ T5841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.947005][ T5841] RIP: 0033:0x7f7d8d974c19
[  113.947017][ T5841] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  113.947027][ T5841] RSP: 002b:00007ffc19740868 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  113.947042][ T5841] RAX: ffffffffffffffda RBX: 00007ffc19740890 RCX: 00007f7d8d974c19
[  113.947051][ T5841] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003
[  113.947059][ T5841] RBP: 0000000000000001 R08: 00007ffc19740607 R09: 00007f7d8d9301a8
[  113.947068][ T5841] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc1974088c
[pid  5841] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0x1) = -1 ENOMEM (Cannot allocate memory)
[pid  5841] exit_group(0)               = ?
[  113.947076][ T5841] R13: 00007ffc197408d0 R14: 00007ffc197408b0 R15: 0000000000000006
[  113.947101][ T5841]  </TASK>
[  113.947107][ T5841] Bluetooth: Can't allocate HCI device
[  114.156334][ T5841] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000029: 0000 [#1] PREEMPT SMP KASAN PTI
[  114.168921][ T5841] KASAN: null-ptr-deref in range [0x0000000000000148-0x000000000000014f]
[  114.177324][ T5841] CPU: 1 UID: 0 PID: 5841 Comm: syz-executor246 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0
[  114.187899][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  114.197949][ T5841] RIP: 0010:__lock_acquire+0x6a/0x2100
[  114.203416][ T5841] Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d 2b c3 a0 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 58 6c 8c 00 48 be 00 00 00 00 00 fc
[  114.223016][ T5841] RSP: 0018:ffffc90003e2f6d0 EFLAGS: 00010002
[  114.229076][ T5841] RAX: 0000000000000029 RBX: 0000000000000000 RCX: 0000000000000000
[  114.237038][ T5841] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000148
[  114.245011][ T5841] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
[  114.252967][ T5841] R10: dffffc0000000000 R11: fffffbfff207b48f R12: ffff88803482da00
[  114.260932][ T5841] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000148
[  114.268899][ T5841] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  114.277824][ T5841] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  114.284405][ T5841] CR2: 00007f7d8d9ca243 CR3: 000000000e938000 CR4: 00000000003526f0
[  114.292386][ T5841] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  114.300363][ T5841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  114.308334][ T5841] Call Trace:
[  114.311613][ T5841]  <TASK>
[  114.314552][ T5841]  ? __die_body+0x5f/0xb0
[  114.318906][ T5841]  ? die_addr+0xb0/0xe0
[  114.323078][ T5841]  ? exc_general_protection+0x3dd/0x5d0
[  114.328639][ T5841]  ? asm_exc_general_protection+0x26/0x30
[  114.334369][ T5841]  ? __lock_acquire+0x6a/0x2100
[  114.339234][ T5841]  ? __pfx_lock_release+0x10/0x10
[  114.344257][ T5841]  ? rcu_read_lock_any_held+0x8d/0x160
[  114.349717][ T5841]  lock_acquire+0x1ed/0x550
[  114.354223][ T5841]  ? __timer_delete_sync+0x12f/0x310
[  114.359516][ T5841]  ? rcu_is_watching+0x15/0xb0
[  114.364281][ T5841]  ? __pfx_lock_acquire+0x10/0x10
[  114.369327][ T5841]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  114.375317][ T5841]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  114.381663][ T5841]  ? __timer_delete_sync+0x12f/0x310
[  114.386956][ T5841]  __timer_delete_sync+0x148/0x310
[  114.392071][ T5841]  ? __timer_delete_sync+0x12f/0x310
[  114.397358][ T5841]  ? __pfx___timer_delete_sync+0x10/0x10
[  114.402997][ T5841]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  114.408986][ T5841]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  114.415317][ T5841]  bcsp_close+0x4c/0x130
[  114.419557][ T5841]  hci_uart_tty_close+0x205/0x290
[  114.424586][ T5841]  tty_ldisc_kill+0xa3/0x1a0
[  114.429180][ T5841]  tty_ldisc_release+0x1a1/0x200
[  114.434117][ T5841]  tty_release_struct+0x2b/0xe0
[  114.438976][ T5841]  tty_release+0xd06/0x12c0
[  114.443477][ T5841]  ? __pfx_tty_release+0x10/0x10
[  114.448410][ T5841]  __fput+0x3e9/0x9f0
[  114.452397][ T5841]  task_work_run+0x24f/0x310
[  114.456987][ T5841]  ? __pfx_task_work_run+0x10/0x10
[  114.462098][ T5841]  ? switch_task_namespaces+0xe4/0x110
[  114.467557][ T5841]  do_exit+0xa2a/0x28e0
[  114.471720][ T5841]  ? __pfx_do_exit+0x10/0x10
[  114.476331][ T5841]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  114.482313][ T5841]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  114.488641][ T5841]  ? _raw_spin_unlock_irq+0x23/0x50
[  114.493849][ T5841]  ? lockdep_hardirqs_on+0x99/0x150
[  114.499060][ T5841]  do_group_exit+0x207/0x2c0
[  114.503650][ T5841]  __x64_sys_exit_group+0x3f/0x40
[  114.508680][ T5841]  x64_sys_call+0x26c3/0x26d0
[  114.513354][ T5841]  do_syscall_64+0xf3/0x230
[  114.517854][ T5841]  ? clear_bhb_loop+0x45/0xa0
[  114.522535][ T5841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.528431][ T5841] RIP: 0033:0x7f7d8d972b79
[  114.532860][ T5841] Code: Unable to access opcode bytes at 0x7f7d8d972b4f.
[  114.539879][ T5841] RSP: 002b:00007ffc19740808 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  114.548288][ T5841] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7d8d972b79
[  114.556253][ T5841] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[  114.564213][ T5841] RBP: 00007f7d8d9e6350 R08: ffffffffffffffb8 R09: 00007f7d8d9301a8
[  114.572176][ T5841] R10: 0000000000000001 R11: 0000000000000246 R12: 00007f7d8d9e6350
[  114.580137][ T5841] R13: 0000000000000000 R14: 00007f7d8d9e6da0 R15: 00007f7d8d93c220
[  114.588111][ T5841]  </TASK>
[  114.591124][ T5841] Modules linked in:
[  114.595028][ T5841] ---[ end trace 0000000000000000 ]---
[  114.600479][ T5841] RIP: 0010:__lock_acquire+0x6a/0x2100
[  114.605942][ T5841] Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d 2b c3 a0 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 58 6c 8c 00 48 be 00 00 00 00 00 fc
[  114.625544][ T5841] RSP: 0018:ffffc90003e2f6d0 EFLAGS: 00010002
[  114.631626][ T5841] RAX: 0000000000000029 RBX: 0000000000000000 RCX: 0000000000000000
[  114.639593][ T5841] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000148
[  114.647560][ T5841] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
[  114.655532][ T5841] R10: dffffc0000000000 R11: fffffbfff207b48f R12: ffff88803482da00
[  114.663503][ T5841] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000148
[  114.671474][ T5841] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  114.680400][ T5841] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  114.686991][ T5841] CR2: 00007f7d8d9ca243 CR3: 000000000e938000 CR4: 00000000003526f0
[  114.694959][ T5841] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  114.702922][ T5841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  114.710908][ T5841] Kernel panic - not syncing: Fatal exception
[  114.717290][ T5841] Kernel Offset: disabled
[  114.721627][ T5841] Rebooting in 86400 seconds..