./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1073862141 <...> [ 6.179512][ T28] kauditd_printk_skb: 47 callbacks suppressed [ 6.179529][ T28] audit: type=1400 audit(1733042760.486:58): avc: denied { use } for pid=182 comm="ssh-keygen" path="/dev/null" dev="devtmpfs" ino=4 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:system_r:kernel_t tclass=fd permissive=1 [ 6.214719][ T28] audit: type=1400 audit(1733042760.516:59): avc: denied { search } for pid=182 comm="ssh-keygen" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 6.252324][ T28] audit: type=1400 audit(1733042760.556:60): avc: denied { use } for pid=187 comm="sshd" path="/dev/null" dev="devtmpfs" ino=4 scontext=system_u:system_r:sshd_t tcontext=system_u:system_r:kernel_t tclass=fd permissive=1 [ 8.406892][ T107] udevd (107) used greatest stack depth: 22224 bytes left [ 13.128552][ T28] audit: type=1400 audit(1733042767.436:61): avc: denied { transition } for pid=225 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.135728][ T28] audit: type=1400 audit(1733042767.436:62): avc: denied { noatsecure } for pid=225 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.140959][ T28] audit: type=1400 audit(1733042767.436:63): avc: denied { write } for pid=225 comm="sh" path="pipe:[12915]" dev="pipefs" ino=12915 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 13.145868][ T28] audit: type=1400 audit(1733042767.436:64): avc: denied { rlimitinh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.158387][ T28] audit: type=1400 audit(1733042767.436:65): avc: denied { siginh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.72' (ED25519) to the list of known hosts. execve("./syz-executor1073862141", ["./syz-executor1073862141"], 0x7ffce2229370 /* 10 vars */) = 0 brk(NULL) = 0x555561ba5000 brk(0x555561ba5d40) = 0x555561ba5d40 arch_prctl(ARCH_SET_FS, 0x555561ba53c0) = 0 set_tid_address(0x555561ba5690) = 295 set_robust_list(0x555561ba56a0, 24) = 0 rseq(0x555561ba5ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1073862141", 4096) = 28 getrandom("\xb6\xa6\x8b\xdd\x5f\x78\x6c\x62", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555561ba5d40 brk(0x555561bc6d40) = 0x555561bc6d40 brk(0x555561bc7000) = 0x555561bc7000 mprotect(0x7fd51f348000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555561ba5690) = 296 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x555561ba56a0, 24) = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] getppid() = 0 [pid 296] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 296] dup2(3, 201) = 201 [pid 296] close(3) = 0 [pid 296] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 296] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 296] unshare(CLONE_NEWNS) = 0 [pid 296] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 296] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 296] unshare(CLONE_NEWCGROUP) = 0 [pid 296] unshare(CLONE_NEWUTS) = 0 [pid 296] unshare(CLONE_SYSVSEM) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 296] getpid() = 1 [pid 296] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< {parent_tid=[3]}, 88) = 3 [pid 297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x7fd51f2849a0, 24) = 0 [pid 298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 298] setns(201, 0) = 0 [pid 298] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 4 [ 22.588083][ T28] audit: type=1400 audit(1733042776.896:66): avc: denied { execmem } for pid=295 comm="syz-executor107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.607741][ T28] audit: type=1400 audit(1733042776.896:67): avc: denied { read } for pid=296 comm="syz-executor107" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [pid 298] setns(3, 0) = 0 [pid 298] close(3) = 0 [pid 298] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 297] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... futex resumed>) = 1 [pid 298] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY) = 3 [pid 298] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 297] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... futex resumed>) = 1 [pid 298] ioctl(3, TIOCSETD, [15]) = 0 [pid 298] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 297] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... futex resumed>) = 1 [pid 298] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = 0 [pid 298] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 297] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... futex resumed>) = 1 [ 22.629367][ T28] audit: type=1400 audit(1733042776.896:68): avc: denied { open } for pid=296 comm="syz-executor107" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 22.653546][ T28] audit: type=1400 audit(1733042776.896:69): avc: denied { mounton } for pid=296 comm="syz-executor107" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [pid 298] ioctl(4, HCISETLINKPOL [pid 297] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 22.675171][ T28] audit: type=1400 audit(1733042776.926:70): avc: denied { mounton } for pid=296 comm="syz-executor107" path="/root/syz-tmp" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.698433][ T28] audit: type=1400 audit(1733042776.926:71): avc: denied { mount } for pid=296 comm="syz-executor107" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 22.720438][ T28] audit: type=1400 audit(1733042776.926:72): avc: denied { mounton } for pid=296 comm="syz-executor107" path="/root/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 22.744062][ T28] audit: type=1400 audit(1733042776.926:73): avc: denied { mount } for pid=296 comm="syz-executor107" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 22.765868][ T28] audit: type=1400 audit(1733042776.926:74): avc: denied { mounton } for pid=296 comm="syz-executor107" path="/root/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 22.790957][ T28] audit: type=1400 audit(1733042776.926:75): avc: denied { mounton } for pid=296 comm="syz-executor107" path="/root/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=14850 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [pid 297] close(3 [pid 298] <... ioctl resumed>, 0x200003c0) = -1 ETIMEDOUT (Connection timed out) [pid 298] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] futex(0x7fd51f34e328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] <... close resumed>) = 0 [pid 297] close(4) = 0 [pid 297] close(5) = -1 EBADF (Bad file descriptor) [pid 297] close(6) = -1 EBADF (Bad file descriptor) [pid 297] close(7) = -1 EBADF (Bad file descriptor) [pid 297] close(8) = -1 EBADF (Bad file descriptor) [pid 297] close(9) = -1 EBADF (Bad file descriptor) [pid 297] close(10) = -1 EBADF (Bad file descriptor) [pid 297] close(11) = -1 EBADF (Bad file descriptor) [pid 297] close(12) = -1 EBADF (Bad file descriptor) [pid 297] close(13) = -1 EBADF (Bad file descriptor) [pid 297] close(14) = -1 EBADF (Bad file descriptor) [pid 297] close(15) = -1 EBADF (Bad file descriptor) [pid 297] close(16) = -1 EBADF (Bad file descriptor) [pid 297] close(17) = -1 EBADF (Bad file descriptor) [pid 297] close(18) = -1 EBADF (Bad file descriptor) [pid 297] close(19) = -1 EBADF (Bad file descriptor) [pid 297] close(20) = -1 EBADF (Bad file descriptor) [pid 297] close(21) = -1 EBADF (Bad file descriptor) [pid 297] close(22) = -1 EBADF (Bad file descriptor) [pid 297] close(23) = -1 EBADF (Bad file descriptor) [pid 297] close(24) = -1 EBADF (Bad file descriptor) [pid 297] close(25) = -1 EBADF (Bad file descriptor) [pid 297] close(26) = -1 EBADF (Bad file descriptor) [pid 297] close(27) = -1 EBADF (Bad file descriptor) [pid 297] close(28) = -1 EBADF (Bad file descriptor) [pid 297] close(29) = -1 EBADF (Bad file descriptor) [pid 297] exit_group(0) = ? [pid 298] <... futex resumed>) = ? [pid 298] +++ exited with 0 +++ [pid 297] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555561ba5690) = 4 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x555561ba56a0, 24) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 executing program [pid 304] write(1, "executing program\n", 18) = 18 [pid 304] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] rt_sigaction(SIGRT_1, {sa_handler=0x7fd51f2e9a60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd51f2db0e0}, NULL, 8) = 0 [pid 304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd51f264000 [pid 304] mprotect(0x7fd51f265000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd51f284990, parent_tid=0x7fd51f284990, exit_signal=0, stack=0x7fd51f264000, stack_size=0x20300, tls=0x7fd51f2846c0} => {parent_tid=[5]}, 88) = 5 [pid 304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 304] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x7fd51f2849a0, 24) = 0 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 305] setns(201, 0) = 0 [pid 305] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 4 [pid 305] setns(3, 0) = 0 [pid 305] close(3) = 0 [pid 305] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY) = 3 [pid 305] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] ioctl(3, TIOCSETD, [15]) = 0 [pid 305] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = 0 [pid 305] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] ioctl(4, HCISETLINKPOL [pid 304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 304] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 304] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 24.727430][ T298] Bluetooth: hci0: Opcode 0x080f failed: -110 [ 24.751115][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [pid 304] close(3 [pid 305] <... ioctl resumed>, 0x200003c0) = -1 EINVAL (Invalid argument) [pid 304] <... close resumed>) = 0 [pid 304] close(4 [pid 305] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... close resumed>) = 0 [pid 304] close(5) = -1 EBADF (Bad file descriptor) [pid 304] close(6) = -1 EBADF (Bad file descriptor) [pid 304] close(7) = -1 EBADF (Bad file descriptor) [pid 304] close(8) = -1 EBADF (Bad file descriptor) [pid 304] close(9) = -1 EBADF (Bad file descriptor) [pid 304] close(10) = -1 EBADF (Bad file descriptor) [pid 304] close(11) = -1 EBADF (Bad file descriptor) [pid 304] close(12) = -1 EBADF (Bad file descriptor) [pid 304] close(13) = -1 EBADF (Bad file descriptor) [pid 304] close(14) = -1 EBADF (Bad file descriptor) [pid 304] close(15) = -1 EBADF (Bad file descriptor) [pid 304] close(16) = -1 EBADF (Bad file descriptor) [pid 304] close(17) = -1 EBADF (Bad file descriptor) [pid 304] close(18) = -1 EBADF (Bad file descriptor) [pid 304] close(19) = -1 EBADF (Bad file descriptor) [pid 304] close(20) = -1 EBADF (Bad file descriptor) [pid 304] close(21) = -1 EBADF (Bad file descriptor) [pid 304] close(22) = -1 EBADF (Bad file descriptor) [pid 304] close(23) = -1 EBADF (Bad file descriptor) [pid 304] close(24) = -1 EBADF (Bad file descriptor) [pid 304] close(25) = -1 EBADF (Bad file descriptor) [pid 304] close(26) = -1 EBADF (Bad file descriptor) [pid 304] close(27) = -1 EBADF (Bad file descriptor) [pid 304] close(28) = -1 EBADF (Bad file descriptor) [pid 304] close(29) = -1 EBADF (Bad file descriptor) [pid 304] exit_group(0) = ? [pid 305] <... futex resumed>) = ? [pid 305] +++ exited with 0 +++ [pid 304] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555561ba5690) = 6 ./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x555561ba56a0, 24) = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 308] write(3, "1000", 4) = 4 [pid 308] close(3executing program ) = 0 [pid 308] write(1, "executing program\n", 18) = 18 [pid 308] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] rt_sigaction(SIGRT_1, {sa_handler=0x7fd51f2e9a60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd51f2db0e0}, NULL, 8) = 0 [pid 308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd51f264000 [pid 308] mprotect(0x7fd51f265000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd51f284990, parent_tid=0x7fd51f284990, exit_signal=0, stack=0x7fd51f264000, stack_size=0x20300, tls=0x7fd51f2846c0} => {parent_tid=[7]}, 88) = 7 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x7fd51f2849a0, 24) = 0 [pid 309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 309] setns(201, 0) = 0 [pid 309] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 4 [pid 309] setns(3, 0) = 0 [pid 309] close(3) = 0 [pid 309] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 309] <... futex resumed>) = 1 [pid 308] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY) = 3 [pid 309] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] ioctl(3, TIOCSETD, [15]) = 0 [pid 309] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 1 [pid 309] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = 0 [pid 309] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 1 [ 26.807355][ T301] Bluetooth: hci0: command 0x1003 tx timeout [ 26.807349][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 26.819198][ T305] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 26.838075][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [pid 309] ioctl(4, HCISETLINKPOL [pid 308] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 308] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 308] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 308] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 308] close(3 [pid 309] <... ioctl resumed>, 0x200003c0) = -1 EINVAL (Invalid argument) [pid 308] <... close resumed>) = 0 [pid 308] close(4 [pid 309] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] <... close resumed>) = 0 [pid 308] close(5) = -1 EBADF (Bad file descriptor) [pid 308] close(6) = -1 EBADF (Bad file descriptor) [pid 308] close(7) = -1 EBADF (Bad file descriptor) [pid 308] close(8) = -1 EBADF (Bad file descriptor) [pid 308] close(9) = -1 EBADF (Bad file descriptor) [pid 308] close(10) = -1 EBADF (Bad file descriptor) [pid 308] close(11) = -1 EBADF (Bad file descriptor) [pid 308] close(12) = -1 EBADF (Bad file descriptor) [pid 308] close(13) = -1 EBADF (Bad file descriptor) [pid 308] close(14) = -1 EBADF (Bad file descriptor) [pid 308] close(15) = -1 EBADF (Bad file descriptor) [pid 308] close(16) = -1 EBADF (Bad file descriptor) [pid 308] close(17) = -1 EBADF (Bad file descriptor) [pid 308] close(18) = -1 EBADF (Bad file descriptor) [pid 308] close(19) = -1 EBADF (Bad file descriptor) [pid 308] close(20) = -1 EBADF (Bad file descriptor) [pid 308] close(21) = -1 EBADF (Bad file descriptor) [pid 308] close(22) = -1 EBADF (Bad file descriptor) [pid 308] close(23 [pid 309] futex(0x7fd51f34e328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 308] close(24) = -1 EBADF (Bad file descriptor) [pid 308] close(25) = -1 EBADF (Bad file descriptor) [pid 308] close(26) = -1 EBADF (Bad file descriptor) [pid 308] close(27) = -1 EBADF (Bad file descriptor) [pid 308] close(28) = -1 EBADF (Bad file descriptor) [pid 308] close(29) = -1 EBADF (Bad file descriptor) [pid 308] exit_group(0) = ? [pid 309] <... futex resumed>) = ? [pid 309] +++ exited with 0 +++ [pid 308] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555561ba5690) = 8 ./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x555561ba56a0, 24) = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 312] setpgid(0, 0) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3executing program ) = 0 [pid 312] write(1, "executing program\n", 18) = 18 [pid 312] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] rt_sigaction(SIGRT_1, {sa_handler=0x7fd51f2e9a60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd51f2db0e0}, NULL, 8) = 0 [pid 312] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd51f264000 [pid 312] mprotect(0x7fd51f265000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd51f284990, parent_tid=0x7fd51f284990, exit_signal=0, stack=0x7fd51f264000, stack_size=0x20300, tls=0x7fd51f2846c0}./strace-static-x86_64: Process 313 attached => {parent_tid=[9]}, 88) = 9 [pid 312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 312] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] set_robust_list(0x7fd51f2849a0, 24) = 0 [pid 313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 313] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 313] setns(201, 0) = 0 [pid 313] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 4 [pid 313] setns(3, 0) = 0 [pid 313] close(3) = 0 [pid 313] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] <... futex resumed>) = 1 [pid 313] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY) = 3 [pid 313] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] ioctl(3, TIOCSETD, [15] [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] <... ioctl resumed>) = 0 [pid 313] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] <... futex resumed>) = 1 [pid 313] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = 0 [pid 313] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 313] futex(0x7fd51f34e328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] <... futex resumed>) = 0 [ 28.887363][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 28.887373][ T299] Bluetooth: hci0: command 0x1003 tx timeout [ 28.899186][ T309] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 28.921415][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [pid 313] ioctl(4, HCISETLINKPOL [pid 312] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 312] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 312] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 312] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 312] close(3 [pid 313] <... ioctl resumed>, 0x200003c0) = -1 EINVAL (Invalid argument) [pid 313] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7fd51f34e328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] <... close resumed>) = 0 [pid 312] close(4) = 0 [pid 312] close(5) = -1 EBADF (Bad file descriptor) [pid 312] close(6) = -1 EBADF (Bad file descriptor) [pid 312] close(7) = -1 EBADF (Bad file descriptor) [pid 312] close(8) = -1 EBADF (Bad file descriptor) [pid 312] close(9) = -1 EBADF (Bad file descriptor) [pid 312] close(10) = -1 EBADF (Bad file descriptor) [pid 312] close(11) = -1 EBADF (Bad file descriptor) [pid 312] close(12) = -1 EBADF (Bad file descriptor) [pid 312] close(13) = -1 EBADF (Bad file descriptor) [pid 312] close(14) = -1 EBADF (Bad file descriptor) [pid 312] close(15) = -1 EBADF (Bad file descriptor) [pid 312] close(16) = -1 EBADF (Bad file descriptor) [pid 312] close(17) = -1 EBADF (Bad file descriptor) [pid 312] close(18) = -1 EBADF (Bad file descriptor) [pid 312] close(19) = -1 EBADF (Bad file descriptor) [pid 312] close(20) = -1 EBADF (Bad file descriptor) [pid 312] close(21) = -1 EBADF (Bad file descriptor) [pid 312] close(22) = -1 EBADF (Bad file descriptor) [pid 312] close(23) = -1 EBADF (Bad file descriptor) [pid 312] close(24) = -1 EBADF (Bad file descriptor) [pid 312] close(25) = -1 EBADF (Bad file descriptor) [pid 312] close(26) = -1 EBADF (Bad file descriptor) [pid 312] close(27) = -1 EBADF (Bad file descriptor) [pid 312] close(28) = -1 EBADF (Bad file descriptor) [pid 312] close(29) = -1 EBADF (Bad file descriptor) [pid 312] exit_group(0) = ? [pid 313] <... futex resumed>) = ? [pid 313] +++ exited with 0 +++ [pid 312] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 316 attached , child_tidptr=0x555561ba5690) = 10 [pid 316] set_robust_list(0x555561ba56a0, 24) = 0 [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 316] setpgid(0, 0) = 0 [pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 316] write(3, "1000", 4) = 4 [pid 316] close(3) = 0 executing program [pid 316] write(1, "executing program\n", 18) = 18 [pid 316] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] rt_sigaction(SIGRT_1, {sa_handler=0x7fd51f2e9a60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd51f2db0e0}, NULL, 8) = 0 [pid 316] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd51f264000 [pid 316] mprotect(0x7fd51f265000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd51f284990, parent_tid=0x7fd51f284990, exit_signal=0, stack=0x7fd51f264000, stack_size=0x20300, tls=0x7fd51f2846c0} => {parent_tid=[11]}, 88) = 11 [pid 316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 316] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x7fd51f2849a0, 24) = 0 [pid 317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 317] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 317] setns(201, 0) = 0 [pid 317] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 4 [pid 317] setns(3, 0) = 0 [pid 317] close(3) = 0 [pid 317] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 0 [pid 316] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY) = 3 [pid 317] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 0 [pid 316] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] ioctl(3, TIOCSETD, [15]) = 0 [pid 317] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 317] futex(0x7fd51f34e328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] <... futex resumed>) = 0 [pid 316] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 316] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 0 [pid 317] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = 0 [ 30.967369][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 30.967365][ T301] Bluetooth: hci0: command 0x1003 tx timeout [ 30.979309][ T313] Bluetooth: hci0: Opcode 0x080f failed: -22 [pid 317] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 317] futex(0x7fd51f34e328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] <... futex resumed>) = 0 [pid 316] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 316] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 0 [pid 317] ioctl(4, HCISETLINKPOL [pid 316] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 31.008530][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [pid 316] close(3 [pid 317] <... ioctl resumed>, 0x200003c0) = -1 EINVAL (Invalid argument) [pid 317] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7fd51f34e328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] <... close resumed>) = 0 [pid 316] close(4) = 0 [pid 316] close(5) = -1 EBADF (Bad file descriptor) [pid 316] close(6) = -1 EBADF (Bad file descriptor) [pid 316] close(7) = -1 EBADF (Bad file descriptor) [pid 316] close(8) = -1 EBADF (Bad file descriptor) [pid 316] close(9) = -1 EBADF (Bad file descriptor) [pid 316] close(10) = -1 EBADF (Bad file descriptor) [pid 316] close(11) = -1 EBADF (Bad file descriptor) [pid 316] close(12) = -1 EBADF (Bad file descriptor) [pid 316] close(13) = -1 EBADF (Bad file descriptor) [pid 316] close(14) = -1 EBADF (Bad file descriptor) [pid 316] close(15) = -1 EBADF (Bad file descriptor) [pid 316] close(16) = -1 EBADF (Bad file descriptor) [pid 316] close(17) = -1 EBADF (Bad file descriptor) [pid 316] close(18) = -1 EBADF (Bad file descriptor) [pid 316] close(19) = -1 EBADF (Bad file descriptor) [pid 316] close(20) = -1 EBADF (Bad file descriptor) [pid 316] close(21) = -1 EBADF (Bad file descriptor) [pid 316] close(22) = -1 EBADF (Bad file descriptor) [pid 316] close(23) = -1 EBADF (Bad file descriptor) [pid 316] close(24) = -1 EBADF (Bad file descriptor) [pid 316] close(25) = -1 EBADF (Bad file descriptor) [pid 316] close(26) = -1 EBADF (Bad file descriptor) [pid 316] close(27) = -1 EBADF (Bad file descriptor) [pid 316] close(28) = -1 EBADF (Bad file descriptor) [pid 316] close(29) = -1 EBADF (Bad file descriptor) [pid 316] exit_group(0) = ? [pid 317] <... futex resumed>) = ? [pid 317] +++ exited with 0 +++ [pid 316] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555561ba5690) = 12 ./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x555561ba56a0, 24) = 0 [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 321] setpgid(0, 0) = 0 [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 321] write(3, "1000", 4) = 4 [pid 321] close(3) = 0 executing program [pid 321] write(1, "executing program\n", 18) = 18 [pid 321] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] rt_sigaction(SIGRT_1, {sa_handler=0x7fd51f2e9a60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd51f2db0e0}, NULL, 8) = 0 [pid 321] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd51f264000 [pid 321] mprotect(0x7fd51f265000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd51f284990, parent_tid=0x7fd51f284990, exit_signal=0, stack=0x7fd51f264000, stack_size=0x20300, tls=0x7fd51f2846c0} => {parent_tid=[13]}, 88) = 13 [pid 321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 321] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x7fd51f2849a0, 24) = 0 [pid 322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 322] setns(201, 0) = 0 [pid 322] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 4 [pid 322] setns(3, 0) = 0 [pid 322] close(3) = 0 [pid 322] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... futex resumed>) = 1 [pid 322] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY) = 3 [pid 322] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 321] <... futex resumed>) = 0 [pid 322] ioctl(3, TIOCSETD, [15] [pid 321] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... ioctl resumed>) = 0 [pid 322] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... futex resumed>) = 1 [pid 322] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = 0 [pid 322] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... futex resumed>) = 1 [ 33.047367][ T299] Bluetooth: hci0: command 0x1003 tx timeout [ 33.047361][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 33.059303][ T317] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 33.082449][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [pid 322] ioctl(4, HCISETLINKPOL [pid 321] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 321] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 321] close(3) = 0 [pid 321] close(4) = 0 [pid 321] close(5) = -1 EBADF (Bad file descriptor) [pid 321] close(6) = -1 EBADF (Bad file descriptor) [pid 321] close(7) = -1 EBADF (Bad file descriptor) [pid 321] close(8) = -1 EBADF (Bad file descriptor) [pid 321] close(9) = -1 EBADF (Bad file descriptor) [pid 321] close(10) = -1 EBADF (Bad file descriptor) [pid 321] close(11) = -1 EBADF (Bad file descriptor) [pid 321] close(12) = -1 EBADF (Bad file descriptor) [pid 321] close(13) = -1 EBADF (Bad file descriptor) [pid 321] close(14) = -1 EBADF (Bad file descriptor) [pid 321] close(15) = -1 EBADF (Bad file descriptor) [pid 321] close(16) = -1 EBADF (Bad file descriptor) [pid 321] close(17) = -1 EBADF (Bad file descriptor) [pid 321] close(18) = -1 EBADF (Bad file descriptor) [pid 321] close(19) = -1 EBADF (Bad file descriptor) [pid 321] close(20) = -1 EBADF (Bad file descriptor) [pid 321] close(21) = -1 EBADF (Bad file descriptor) [pid 321] close(22) = -1 EBADF (Bad file descriptor) [pid 321] close(23) = -1 EBADF (Bad file descriptor) [pid 321] close(24) = -1 EBADF (Bad file descriptor) [pid 321] close(25) = -1 EBADF (Bad file descriptor) [pid 321] close(26) = -1 EBADF (Bad file descriptor) [pid 321] close(27) = -1 EBADF (Bad file descriptor) [pid 321] close(28) = -1 EBADF (Bad file descriptor) [pid 321] close(29) = -1 EBADF (Bad file descriptor) [pid 321] exit_group(0) = ? [pid 322] <... ioctl resumed> ) = ? [pid 322] +++ exited with 0 +++ [pid 321] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555561ba5690) = 14 ./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x555561ba56a0, 24) = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] write(1, "executing program\n", 18executing program ) = 18 [pid 325] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] rt_sigaction(SIGRT_1, {sa_handler=0x7fd51f2e9a60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd51f2db0e0}, NULL, 8) = 0 [pid 325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd51f264000 [pid 325] mprotect(0x7fd51f265000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd51f284990, parent_tid=0x7fd51f284990, exit_signal=0, stack=0x7fd51f264000, stack_size=0x20300, tls=0x7fd51f2846c0} => {parent_tid=[15]}, 88) = 15 [pid 325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 325] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x7fd51f2849a0, 24) = 0 [pid 326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 326] setns(201, 0) = 0 [pid 326] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 4 [pid 326] setns(3, 0) = 0 [pid 326] close(3) = 0 [pid 326] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... futex resumed>) = 1 [pid 326] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY) = 3 [pid 326] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] ioctl(3, TIOCSETD, [15]) = 0 [pid 326] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7fd51f34e328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7fd51f34e32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... futex resumed>) = 1 [ 35.127363][ T301] Bluetooth: hci0: command 0x1003 tx timeout [ 35.127364][ T320] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 35.139230][ T322] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 35.163693][ T320] ================================================================== [ 35.171570][ T320] BUG: KASAN: use-after-free in enqueue_timer+0xa6/0x480 [ 35.178422][ T320] Write of size 8 at addr ffff888111a2ca00 by task kworker/u5:3/320 [ 35.186237][ T320] [ 35.188418][ T320] CPU: 0 PID: 320 Comm: kworker/u5:3 Not tainted 6.1.115-syzkaller-00041-ga887a44ace2a #0 [ 35.198124][ T320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 35.208025][ T320] Workqueue: hci0 hci_power_on [ 35.212621][ T320] Call Trace: [ 35.215761][ T320] [ 35.218522][ T320] dump_stack_lvl+0x151/0x1b7 [ 35.223049][ T320] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 35.228326][ T320] ? _printk+0xd1/0x111 [ 35.232323][ T320] ? __virt_addr_valid+0x242/0x2f0 [ 35.237270][ T320] print_report+0x158/0x4e0 [ 35.241614][ T320] ? __virt_addr_valid+0x242/0x2f0 [ 35.246555][ T320] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 35.252628][ T320] ? enqueue_timer+0xa6/0x480 [ 35.257143][ T320] kasan_report+0x13c/0x170 [ 35.261499][ T320] ? enqueue_timer+0xa6/0x480 [ 35.265997][ T320] __asan_report_store8_noabort+0x17/0x20 [ 35.271637][ T320] enqueue_timer+0xa6/0x480 [ 35.275978][ T320] __mod_timer+0x8d3/0xcf0 [ 35.280231][ T320] ? mod_timer_pending+0x30/0x30 [ 35.285004][ T320] ? insert_work+0x283/0x310 [ 35.289436][ T320] ? __kasan_check_write+0x14/0x20 [ 35.294377][ T320] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 35.299672][ T320] schedule_timeout+0x187/0x380 [ 35.304373][ T320] ? console_conditional_schedule+0x10/0x10 [ 35.310088][ T320] ? queue_work_on+0x135/0x170 [ 35.314685][ T320] ? update_process_times+0x1b0/0x1b0 [ 35.319895][ T320] ? prepare_to_wait_event+0x3e6/0x420 [ 35.325189][ T320] __hci_cmd_sync_sk+0x2ad/0xf70 [ 35.329962][ T320] ? eir_get_service_data+0x2e0/0x2e0 [ 35.335171][ T320] ? wake_bit_function+0x230/0x230 [ 35.340134][ T320] ? __kasan_check_read+0x11/0x20 [ 35.344980][ T320] hci_dev_open_sync+0x1314/0x30a0 [ 35.349940][ T320] ? update_load_avg+0x513/0x1530 [ 35.354785][ T320] ? hci_reset_sync+0x100/0x100 [ 35.359469][ T320] ? __switch_to+0x62c/0x1190 [ 35.363987][ T320] ? __kasan_check_write+0x14/0x20 [ 35.368938][ T320] ? mutex_lock+0xb1/0x1e0 [ 35.373184][ T320] ? bit_wait_io_timeout+0x120/0x120 [ 35.378305][ T320] ? kthread_data+0x53/0xc0 [ 35.382646][ T320] hci_power_on+0x1a7/0x5e0 [ 35.386984][ T320] ? hci_tx_work+0x3790/0x3790 [ 35.391584][ T320] ? __schedule+0xcbd/0x1560 [ 35.396011][ T320] process_one_work+0x73d/0xcb0 [ 35.400700][ T320] worker_thread+0xa60/0x1260 [ 35.405301][ T320] ? __kasan_check_read+0x11/0x20 [ 35.410160][ T320] kthread+0x26d/0x300 [ 35.414063][ T320] ? worker_clr_flags+0x1a0/0x1a0 [ 35.418926][ T320] ? kthread_blkcg+0xd0/0xd0 [ 35.423352][ T320] ret_from_fork+0x1f/0x30 [ 35.427606][ T320] [ 35.430473][ T320] [ 35.432635][ T320] Allocated by task 322: [ 35.436718][ T320] kasan_set_track+0x4b/0x70 [ 35.441144][ T320] kasan_save_alloc_info+0x1f/0x30 [ 35.446089][ T320] __kasan_kmalloc+0x9c/0xb0 [ 35.450514][ T320] __kmalloc+0xb4/0x1e0 [ 35.454509][ T320] hci_alloc_dev_priv+0x27/0x1c00 [ 35.459369][ T320] hci_uart_tty_ioctl+0x401/0xa70 [ 35.464228][ T320] tty_ioctl+0x903/0xc50 [ 35.468395][ T320] __se_sys_ioctl+0x114/0x190 [ 35.472909][ T320] __x64_sys_ioctl+0x7b/0x90 [ 35.477335][ T320] x64_sys_call+0x98/0x9a0 [ 35.481588][ T320] do_syscall_64+0x3b/0xb0 [ 35.485843][ T320] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 35.491568][ T320] [ 35.494519][ T320] Freed by task 322: [ 35.498251][ T320] kasan_set_track+0x4b/0x70 [ 35.502677][ T320] kasan_save_free_info+0x2b/0x40 [ 35.507563][ T320] ____kasan_slab_free+0x131/0x180 [ 35.512493][ T320] __kasan_slab_free+0x11/0x20 [ 35.517084][ T320] __kmem_cache_free+0x21d/0x410 [ 35.521861][ T320] kfree+0x7a/0xf0 [ 35.525416][ T320] hci_release_dev+0x14d3/0x1640 [ 35.530191][ T320] bt_host_release+0x83/0xa0 [ 35.534617][ T320] device_release+0x95/0x1c0 [ 35.539044][ T320] kobject_put+0x178/0x260 [ 35.543296][ T320] put_device+0x1f/0x30 [ 35.547288][ T320] hci_dev_cmd+0x2be/0x9b0 [ 35.551544][ T320] hci_sock_ioctl+0x415/0x7f0 [ 35.556059][ T320] sock_do_ioctl+0x152/0x450 [ 35.560481][ T320] sock_ioctl+0x455/0x740 [ 35.564647][ T320] __se_sys_ioctl+0x114/0x190 [ 35.569161][ T320] __x64_sys_ioctl+0x7b/0x90 [ 35.573588][ T320] x64_sys_call+0x98/0x9a0 [ 35.577840][ T320] do_syscall_64+0x3b/0xb0 [ 35.582091][ T320] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 35.587823][ T320] [ 35.589991][ T320] Last potentially related work creation: [ 35.595546][ T320] kasan_save_stack+0x3b/0x60 [ 35.600061][ T320] __kasan_record_aux_stack+0xb4/0xc0 [ 35.605273][ T320] kasan_record_aux_stack_noalloc+0xb/0x10 [ 35.610910][ T320] insert_work+0x56/0x310 [ 35.615074][ T320] __queue_work+0x9b6/0xd70 [ 35.619421][ T320] queue_work_on+0x105/0x170 [ 35.623847][ T320] __hci_cmd_sync_sk+0xc2a/0xf70 [ 35.628699][ T320] hci_cmd_sync_status+0x52/0x130 [ 35.633561][ T320] hci_dev_cmd+0x771/0x9b0 [ 35.637813][ T320] hci_sock_ioctl+0x415/0x7f0 [ 35.642326][ T320] sock_do_ioctl+0x152/0x450 [ 35.646753][ T320] sock_ioctl+0x455/0x740 [ 35.650918][ T320] __se_sys_ioctl+0x114/0x190 [ 35.655434][ T320] __x64_sys_ioctl+0x7b/0x90 [ 35.659860][ T320] x64_sys_call+0x98/0x9a0 [ 35.664117][ T320] do_syscall_64+0x3b/0xb0 [ 35.668363][ T320] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 35.674093][ T320] [ 35.676264][ T320] Second to last potentially related work creation: [ 35.682793][ T320] kasan_save_stack+0x3b/0x60 [ 35.687308][ T320] __kasan_record_aux_stack+0xb4/0xc0 [ 35.692513][ T320] kasan_record_aux_stack_noalloc+0xb/0x10 [ 35.698156][ T320] insert_work+0x56/0x310 [ 35.702318][ T320] __queue_work+0x9b6/0xd70 [ 35.706656][ T320] queue_work_on+0x105/0x170 [ 35.711084][ T320] hci_cmd_timeout+0x199/0x200 [ 35.715695][ T320] process_one_work+0x73d/0xcb0 [ 35.720370][ T320] worker_thread+0xa60/0x1260 [ 35.724884][ T320] kthread+0x26d/0x300 [ 35.728793][ T320] ret_from_fork+0x1f/0x30 [ 35.733047][ T320] [ 35.735211][ T320] The buggy address belongs to the object at ffff888111a2c000 [ 35.735211][ T320] which belongs to the cache kmalloc-8k of size 8192 [ 35.749098][ T320] The buggy address is located 2560 bytes inside of [ 35.749098][ T320] 8192-byte region [ffff888111a2c000, ffff888111a2e000) [ 35.762378][ T320] [ 35.764547][ T320] The buggy address belongs to the physical page: [ 35.770801][ T320] page:ffffea0004468a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x111a28 [ 35.780865][ T320] head:ffffea0004468a00 order:3 compound_mapcount:0 compound_pincount:0 [ 35.789024][ T320] flags: 0x4000000000010200(slab|head|zone=1) [ 35.794932][ T320] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500 [ 35.803466][ T320] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 35.811875][ T320] page dumped because: kasan: bad access detected [ 35.818130][ T320] page_owner tracks the page as allocated [ 35.823676][ T320] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 322, tgid 321 (syz-executor107), ts 33081397990, free_ts 30989214752 [ 35.844943][ T320] post_alloc_hook+0x213/0x220 [ 35.849540][ T320] prep_new_page+0x1b/0x110 [ 35.853891][ T320] get_page_from_freelist+0x2980/0x2a10 [ 35.859260][ T320] __alloc_pages+0x234/0x610 [ 35.863689][ T320] alloc_slab_page+0x6c/0xf0 [ 35.868113][ T320] new_slab+0x90/0x3e0 [ 35.872023][ T320] ___slab_alloc+0x6f9/0xb80 [ 35.876453][ T320] __slab_alloc+0x5d/0xa0 [ 35.880612][ T320] __kmem_cache_alloc_node+0x207/0x2a0 [ 35.885907][ T320] __kmalloc+0xa3/0x1e0 [ 35.889898][ T320] hci_alloc_dev_priv+0x27/0x1c00 [ 35.894759][ T320] hci_uart_tty_ioctl+0x401/0xa70 [ 35.899619][ T320] tty_ioctl+0x903/0xc50 [ 35.903701][ T320] __se_sys_ioctl+0x114/0x190 [ 35.908212][ T320] __x64_sys_ioctl+0x7b/0x90 [ 35.912637][ T320] x64_sys_call+0x98/0x9a0 [ 35.916893][ T320] page last free stack trace: [ 35.921416][ T320] free_unref_page_prepare+0x83d/0x850 [ 35.926698][ T320] free_unref_page+0xb2/0x5c0 [ 35.931213][ T320] __free_pages+0x61/0xf0 [ 35.935379][ T320] __free_slab+0xce/0x1a0 [ 35.939547][ T320] __unfreeze_partials+0x165/0x1a0 [ 35.944492][ T320] put_cpu_partial+0xa9/0x100 [ 35.949002][ T320] __slab_free+0x1c8/0x280 [ 35.953256][ T320] ___cache_free+0xc6/0xd0 [ 35.957510][ T320] qlist_free_all+0xc5/0x140 [ 35.961938][ T320] kasan_quarantine_reduce+0x15a/0x180 [ 35.967240][ T320] __kasan_slab_alloc+0x24/0x80 [ 35.971917][ T320] slab_post_alloc_hook+0x53/0x2c0 [ 35.976864][ T320] kmem_cache_alloc_node+0x188/0x330 [ 35.981988][ T320] __alloc_skb+0xcc/0x2d0 [ 35.986150][ T320] tcp_stream_alloc_skb+0x46/0x340 [ 35.991100][ T320] tcp_sendmsg_locked+0xda6/0x4000 [ 35.996048][ T320] [ 35.998215][ T320] Memory state around the buggy address: [ 36.003689][ T320] ffff888111a2c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.011586][ T320] ffff888111a2c980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.019484][ T320] >ffff888111a2ca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.027387][ T320] ^ [pid 326] ioctl(3, _IOC(_IOC_WRITE, 0x55, 0xc8, 0x4), 0) = 0 [pid 325] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 325] futex(0x7fd51f34e33c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd51f243000 [pid 325] mprotect(0x7fd51f244000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd51f263990, parent_tid=0x7fd51f263990, exit_signal=0, stack=0x7fd51f243000, stack_size=0x20300, tls=0x7fd51f2636c0} => {parent_tid=[16]}, 88) = 16 [pid 325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 325] futex(0x7fd51f34e338, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7fd51f34e33c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] futex(0x7fd51f34e32c, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x7fd51f2639a0, 24 [pid 326] <... futex resumed>) = 0 [pid 328] <... set_robust_list resumed>) = 0 [pid 328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 328] ioctl(4, HCISETLINKPOL [ 36.031285][ T320] ffff888111a2ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.039185][ T320] ffff888111a2cb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.047078][ T320] ================================================================== [ 36.055077][ T320] Disabling lock debugging due to kernel taint [ 36.061600][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [pid 326] futex(0x7fd51f34e328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 325] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 325] futex(0x7fd51f34e33c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 37.207506][ T320] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 37.207519][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 37.224955][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 37.233199][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 6.1.115-syzkaller-00041-ga887a44ace2a #0 [ 37.243961][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 37.253871][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 37.258974][ C0] Code: 39 03 0f 84 40 01 00 00 e8 0c 6c 2a 00 4c 89 e7 e8 d4 73 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 d0 da 71 00 49 8b 3e e8 88 6c d6 [ 37.278416][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046 [ 37.284320][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701d4c0 [ 37.292129][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 37.299940][ C0] RBP: ffffc90000007d00 R08: ffffffff814b185b R09: 0000000000000007 [ 37.307752][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff888111a2c9c8 [ 37.315589][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888111a2c9e0 [ 37.323374][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 37.332140][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.338563][ C0] CR2: 000055759b355038 CR3: 0000000121186000 CR4: 00000000003506b0 [ 37.346395][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.354184][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.361997][ C0] Call Trace: [ 37.365120][ C0] [ 37.367815][ C0] ? __die_body+0x62/0xb0 [ 37.371977][ C0] ? die_addr+0x9f/0xd0 [ 37.375970][ C0] ? exc_general_protection+0x317/0x4c0 [ 37.381356][ C0] ? asm_exc_general_protection+0x27/0x30 [ 37.386909][ C0] ? __queue_work+0x28b/0xd70 [ 37.391420][ C0] ? __queue_work+0x4f1/0xd70 [ 37.395932][ C0] ? __queue_work+0x29c/0xd70 [ 37.400448][ C0] delayed_work_timer_fn+0x61/0x80 [ 37.405392][ C0] ? queue_work_node+0x1d0/0x1d0 [ 37.410170][ C0] call_timer_fn+0x3b/0x2d0 [ 37.414507][ C0] ? queue_work_node+0x1d0/0x1d0 [ 37.419280][ C0] __run_timers+0x756/0xa10 [ 37.423622][ C0] ? calc_index+0x270/0x270 [ 37.427961][ C0] ? sched_clock+0x9/0x10 [ 37.432132][ C0] ? sched_clock_cpu+0x71/0x2b0 [ 37.436814][ C0] run_timer_softirq+0x69/0xf0 [ 37.441413][ C0] handle_softirqs+0x1db/0x650 [ 37.446013][ C0] ? irqtime_account_irq+0xdc/0x260 [ 37.451049][ C0] __irq_exit_rcu+0x52/0xf0 [ 37.455387][ C0] irq_exit_rcu+0x9/0x10 [ 37.459468][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 37.464933][ C0] [ 37.467717][ C0] [ 37.470488][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 37.476304][ C0] RIP: 0010:acpi_idle_enter+0x416/0x760 [ 37.481686][ C0] Code: 89 de 48 83 e6 08 31 ff e8 27 1c 54 fc 48 83 e3 08 0f 85 b1 00 00 00 0f 1f 44 00 00 e8 d3 17 54 fc 0f 00 2d 7c e8 ce 00 fb f4 e9 e3 00 00 00 49 83 c7 04 4c 89 f8 48 c1 e8 03 42 0f b6 04 30 [ 37.501123][ C0] RSP: 0018:ffffffff87007bd0 EFLAGS: 000002d3 [ 37.507027][ C0] RAX: ffffffff85216edd RBX: 0000000000000000 RCX: ffffffff8701d4c0 [ 37.514839][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 37.522649][ C0] RBP: ffffffff87007c10 R08: ffffffff85216ec9 R09: fffffbfff0e03a99 [ 37.530463][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 37.538271][ C0] R13: ffff888109b05004 R14: dffffc0000000000 R15: ffff8881098eb864 [ 37.546086][ C0] ? acpi_idle_enter+0x3f9/0x760 [ 37.551010][ C0] ? acpi_idle_enter+0x40d/0x760 [ 37.555745][ C0] ? intel_idle_xstate+0xa0/0xa0 [ 37.560521][ C0] cpuidle_enter_state+0x5eb/0x17f0 [ 37.565554][ C0] ? cpuidle_enter_s2idle+0x600/0x600 [ 37.570760][ C0] ? menu_enable_device+0x380/0x380 [ 37.575795][ C0] ? __sched_text_start+0x8/0x8 [ 37.580482][ C0] cpuidle_enter+0x5f/0xa0 [ 37.584735][ C0] do_idle+0x3d1/0x580 [ 37.588641][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 37.593673][ C0] ? radix_tree_lookup+0x23a/0x290 [ 37.598620][ C0] ? debug_smp_processor_id+0x17/0x20 [ 37.603827][ C0] cpu_startup_entry+0x44/0x60 [ 37.608428][ C0] rest_init+0x10b/0x130 [ 37.612512][ C0] ? time_init+0x38/0x38 [ 37.616588][ C0] arch_call_rest_init+0xe/0xe [ 37.621196][ C0] start_kernel+0x46c/0x4d8 [ 37.625532][ C0] x86_64_start_reservations+0x2a/0x2c [ 37.630822][ C0] x86_64_start_kernel+0x7c/0x81 [ 37.635597][ C0] secondary_startup_64_no_verify+0xce/0xdb [ 37.641326][ C0] [ 37.644186][ C0] Modules linked in: [ 37.647927][ C0] ---[ end trace 0000000000000000 ]--- [ 37.653214][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 37.658339][ C0] Code: 39 03 0f 84 40 01 00 00 e8 0c 6c 2a 00 4c 89 e7 e8 d4 73 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 d0 da 71 00 49 8b 3e e8 88 6c d6 [ 37.677778][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046 [ 37.683679][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701d4c0 [ 37.691487][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 37.699299][ C0] RBP: ffffc90000007d00 R08: ffffffff814b185b R09: 0000000000000007 [ 37.707114][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff888111a2c9c8 [ 37.714926][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888111a2c9e0 [ 37.722907][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 37.731677][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.738110][ C0] CR2: 000055759b355038 CR3: 0000000121186000 CR4: 00000000003506b0 [ 37.746041][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.753848][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.761663][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 37.768980][ C0] Kernel Offset: disabled [ 37.773104][ C0] Rebooting in 86400 seconds..