./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1483619004 <...> Warning: Permanently added '10.128.1.130' (ED25519) to the list of known hosts. execve("./syz-executor1483619004", ["./syz-executor1483619004"], 0x7ffed6036c40 /* 10 vars */) = 0 brk(NULL) = 0x555557101000 brk(0x555557101d40) = 0x555557101d40 arch_prctl(ARCH_SET_FS, 0x5555571013c0) = 0 set_tid_address(0x555557101690) = 5000 set_robust_list(0x5555571016a0, 24) = 0 rseq(0x555557101ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1483619004", 4096) = 28 getrandom("\xf3\x62\x20\x27\x95\x9e\x14\xd2", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557101d40 brk(0x555557122d40) = 0x555557122d40 brk(0x555557123000) = 0x555557123000 mprotect(0x7f4d7451b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5001 attached , child_tidptr=0x555557101690) = 5001 [pid 5001] set_robust_list(0x5555571016a0, 24) = 0 [pid 5001] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5001] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [pid 5001] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 5001] dup2(4, 202) = 202 [pid 5001] close(4) = 0 [pid 5001] write(202, "\xff\x00", 2) = 2 [pid 5001] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 5001] rt_sigaction(SIGRT_1, {sa_handler=0x7f4d744bcb10, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4d744ae190}, NULL, 8) = 0 [pid 5001] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5001] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4d73c57000 [pid 5001] mprotect(0x7f4d73c58000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 5001] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5001] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4d74457990, parent_tid=0x7f4d74457990, exit_signal=0, stack=0x7f4d73c57000, stack_size=0x800300, tls=0x7f4d744576c0} => {parent_tid=[2]}, 88) = 2 [pid 5001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5003 attached [pid 5003] rseq(0x7f4d74457fe0, 0x20, 0, 0x53053053 [pid 5001] ioctl(3, HCIDEVUP [pid 5003] <... rseq resumed>) = 0 [pid 5003] set_robust_list(0x7f4d744579a0, 24) = 0 [pid 5003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5003] read(202, "\x01\x03\x0c\x00", 1024) = 4 [pid 5003] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5003] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 5003] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5003] read(202, "\x01\x01\x10\x00", 1024) = 4 [pid 5003] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5003] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 5003] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 5003] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 5003] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [ 159.783746][ T5002] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 159.794812][ T5002] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 159.810953][ T5002] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [pid 5003] read(202, "\x01\x23\x0c\x00", 1024) = 4 [pid 5003] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5003] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 5003] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5003] read(202, "\x01\x25\x0c\x00", 1024) = 4 [pid 5003] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5003] read(202, "\x01\x38\x0c\x00", 1024) = 4 [pid 5003] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5003] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 5003] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5003] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5003] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5003] read(202, [pid 5001] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 5001] ioctl(3, HCISETSCAN [pid 5003] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5003] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7 [pid 5003] rt_sigprocmask(SIG_BLOCK, ~[RT_1], NULL, 8) = 0 [pid 5003] madvise(0x7f4d73c57000, 8372224, MADV_DONTNEED) = 0 [pid 5003] exit(0) = ? [pid 5003] +++ exited with 0 +++ [pid 5001] <... ioctl resumed>, 0x7ffd91828f3c) = 0 [pid 5001] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3) = 13 [pid 5001] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14 [pid 5001] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14 [pid 5001] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [pid 5001] close(3) = 0 [ 159.837984][ T5002] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 159.853135][ T5002] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 159.865404][ T5002] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5001] setsid() = 1 [pid 5001] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5001] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5001] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5001] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5001] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5001] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5001] unshare(CLONE_NEWNS) = 0 [pid 5001] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5001] unshare(CLONE_NEWIPC) = 0 [pid 5001] unshare(CLONE_NEWCGROUP) = 0 [pid 5001] unshare(CLONE_NEWUTS) = 0 [pid 5001] unshare(CLONE_SYSVSEM) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "16777216", 8) = 8 [pid 5001] close(3) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "536870912", 9) = 9 [pid 5001] close(3) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1024", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "8192", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1024", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1024", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5001] close(3) = 0 [pid 5001] getpid() = 1 [pid 5001] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5006] set_robust_list(0x5555571016a0, 24 [pid 5001] <... clone resumed>, child_tidptr=0x555557101690) = 3 [pid 5006] <... set_robust_list resumed>) = 0 [pid 5006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5006] setpgid(0, 0) = 0 [pid 5006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5006] write(3, "1000", 4) = 4 [pid 5006] close(3) = 0 [pid 5006] write(202, "\x04\x3e\x21\x0f\x1f\x88\x74\x89\xaf\x00\xff\x01\x64\x69\x14\x9d\x7b\xe5\xde\xfc", 20) = 20 [pid 5006] close(3) = -1 EBADF (Bad file descriptor) [pid 5006] close(4) = -1 EBADF (Bad file descriptor) [pid 5006] close(5) = -1 EBADF (Bad file descriptor) [pid 5006] close(6) = -1 EBADF (Bad file descriptor) [pid 5006] close(7) = -1 EBADF (Bad file descriptor) [pid 5006] close(8) = -1 EBADF (Bad file descriptor) [pid 5006] close(9) = -1 EBADF (Bad file descriptor) [pid 5006] close(10) = -1 EBADF (Bad file descriptor) [pid 5006] close(11) = -1 EBADF (Bad file descriptor) [pid 5006] close(12) = -1 EBADF (Bad file descriptor) [pid 5006] close(13) = -1 EBADF (Bad file descriptor) [pid 5006] close(14) = -1 EBADF (Bad file descriptor) [ 160.128222][ T4386] ===================================================== [ 160.135746][ T4386] BUG: KMSAN: uninit-value in eir_get_service_data+0x25c/0x570 [ 160.143770][ T4386] eir_get_service_data+0x25c/0x570 [ 160.149181][ T4386] iso_connect_ind+0x2004/0x2330 [ 160.154502][ T4386] hci_le_per_adv_report_evt+0xc0/0x1e0 [ 160.160320][ T4386] hci_le_meta_evt+0x608/0x860 [ 160.165466][ T4386] hci_event_packet+0x1183/0x1be0 [ 160.170712][ T4386] hci_rx_work+0x687/0x1120 [pid 5006] close(15) = -1 EBADF (Bad file descriptor) [pid 5006] close(16) = -1 EBADF (Bad file descriptor) [pid 5006] close(17) = -1 EBADF (Bad file descriptor) [pid 5006] close(18) = -1 EBADF (Bad file descriptor) [pid 5006] close(19) = -1 EBADF (Bad file descriptor) [pid 5006] close(20) = -1 EBADF (Bad file descriptor) [pid 5006] close(21) = -1 EBADF (Bad file descriptor) [pid 5006] close(22) = -1 EBADF (Bad file descriptor) [pid 5006] close(23) = -1 EBADF (Bad file descriptor) [pid 5006] close(24) = -1 EBADF (Bad file descriptor) [ 160.175589][ T4386] process_scheduled_works+0x104e/0x1e70 [ 160.181450][ T4386] worker_thread+0xf45/0x1490 [ 160.186805][ T4386] kthread+0x3ed/0x540 [ 160.191126][ T4386] ret_from_fork+0x66/0x80 [ 160.195980][ T4386] ret_from_fork_asm+0x11/0x20 [ 160.201023][ T4386] [ 160.203581][ T4386] Uninit was created at: [ 160.208086][ T4386] slab_post_alloc_hook+0x129/0xa70 [ 160.213667][ T4386] kmem_cache_alloc_node+0x5e9/0xb10 [ 160.219154][ T4386] kmalloc_reserve+0x13d/0x4a0 [ 160.224331][ T4386] __alloc_skb+0x318/0x740 [pid 5006] close(25) = -1 EBADF (Bad file descriptor) [pid 5006] close(26) = -1 EBADF (Bad file descriptor) [pid 5006] close(27) = -1 EBADF (Bad file descriptor) [pid 5006] close(28) = -1 EBADF (Bad file descriptor) [pid 5006] close(29) = -1 EBADF (Bad file descriptor) [pid 5006] exit_group(0) = ? [pid 5006] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557101690) = 4 [ 160.228978][ T4386] vhci_write+0x126/0x8f0 [ 160.233592][ T4386] vfs_write+0x8ef/0x1490 [ 160.238123][ T4386] ksys_write+0x20f/0x4c0 [ 160.242916][ T4386] __x64_sys_write+0x93/0xd0 [ 160.247698][ T4386] do_syscall_64+0x44/0x110 [ 160.252395][ T4386] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 160.258665][ T4386] [ 160.261105][ T4386] CPU: 1 PID: 4386 Comm: kworker/u5:1 Not tainted 6.7.0-rc1-syzkaller-00019-gc42d9eeef8e5 #0 ./strace-static-x86_64: Process 5007 attached [pid 5007] set_robust_list(0x5555571016a0, 24) = 0 [pid 5007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5007] setpgid(0, 0) = 0 [pid 5007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5007] write(3, "1000", 4) = 4 [pid 5007] close(3) = 0 [pid 5007] write(202, "\x04\x3e\x21\x0f\x1f\x88\x74\x89\xaf\x00\xff\x01\x64\x69\x14\x9d\x7b\xe5\xde\xfc", 20) = 20 [pid 5007] close(3) = -1 EBADF (Bad file descriptor) [pid 5007] close(4) = -1 EBADF (Bad file descriptor) [pid 5007] close(5) = -1 EBADF (Bad file descriptor) [pid 5007] close(6) = -1 EBADF (Bad file descriptor) [ 160.272002][ T4386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 160.282515][ T4386] Workqueue: hci0 hci_rx_work [ 160.287630][ T4386] ===================================================== [ 160.295411][ T4386] Disabling lock debugging due to kernel taint [ 160.301711][ T4386] Kernel panic - not syncing: kmsan.panic set ... [ 160.308274][ T4386] CPU: 1 PID: 4386 Comm: kworker/u5:1 Tainted: G B 6.7.0-rc1-syzkaller-00019-gc42d9eeef8e5 #0 [pid 5007] close(7) = -1 EBADF (Bad file descriptor) [pid 5007] close(8) = -1 EBADF (Bad file descriptor) [pid 5007] close(9) = -1 EBADF (Bad file descriptor) [pid 5007] close(10) = -1 EBADF (Bad file descriptor) [pid 5007] close(11) = -1 EBADF (Bad file descriptor) [pid 5007] close(12) = -1 EBADF (Bad file descriptor) [pid 5007] close(13) = -1 EBADF (Bad file descriptor) [pid 5007] close(14) = -1 EBADF (Bad file descriptor) [pid 5007] close(15) = -1 EBADF (Bad file descriptor) [pid 5007] close(16) = -1 EBADF (Bad file descriptor) [pid 5007] close(17) = -1 EBADF (Bad file descriptor) [pid 5007] close(18) = -1 EBADF (Bad file descriptor) [pid 5007] close(19) = -1 EBADF (Bad file descriptor) [pid 5007] close(20) = -1 EBADF (Bad file descriptor) [pid 5007] close(21) = -1 EBADF (Bad file descriptor) [pid 5007] close(22) = -1 EBADF (Bad file descriptor) [pid 5007] close(23) = -1 EBADF (Bad file descriptor) [pid 5007] close(24) = -1 EBADF (Bad file descriptor) [pid 5007] close(25) = -1 EBADF (Bad file descriptor) [pid 5007] close(26) = -1 EBADF (Bad file descriptor) [pid 5007] close(27) = -1 EBADF (Bad file descriptor) [pid 5007] close(28) = -1 EBADF (Bad file descriptor) [pid 5007] close(29) = -1 EBADF (Bad file descriptor) [pid 5007] exit_group(0) = ? [ 160.320310][ T4386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 160.330558][ T4386] Workqueue: hci0 hci_rx_work [ 160.335508][ T4386] Call Trace: [ 160.338932][ T4386] [ 160.341997][ T4386] dump_stack_lvl+0x1bf/0x240 [ 160.346904][ T4386] dump_stack+0x1e/0x20 [ 160.351261][ T4386] panic+0x4de/0xc90 [ 160.355496][ T4386] ? add_taint+0x108/0x1a0 [ 160.360122][ T4386] kmsan_report+0x2d0/0x2d0 [ 160.364892][ T4386] ? __msan_warning+0x96/0x110 [ 160.369890][ T4386] ? eir_get_service_data+0x25c/0x570 [pid 5007] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557101690) = 5 ./strace-static-x86_64: Process 5008 attached [pid 5008] set_robust_list(0x5555571016a0, 24) = 0 [pid 5008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5008] setpgid(0, 0) = 0 [pid 5008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5008] write(3, "1000", 4) = 4 [ 160.375462][ T4386] ? iso_connect_ind+0x2004/0x2330 [ 160.380811][ T4386] ? hci_le_per_adv_report_evt+0xc0/0x1e0 [ 160.386871][ T4386] ? hci_le_meta_evt+0x608/0x860 [ 160.392019][ T4386] ? hci_event_packet+0x1183/0x1be0 [ 160.397399][ T4386] ? hci_rx_work+0x687/0x1120 [ 160.402313][ T4386] ? process_scheduled_works+0x104e/0x1e70 [ 160.408423][ T4386] ? worker_thread+0xf45/0x1490 [ 160.413483][ T4386] ? kthread+0x3ed/0x540 [ 160.417956][ T4386] ? ret_from_fork+0x66/0x80 [ 160.422867][ T4386] ? ret_from_fork_asm+0x11/0x20 [pid 5008] close(3) = 0 [pid 5008] write(202, "\x04\x3e\x21\x0f\x1f\x88\x74\x89\xaf\x00\xff\x01\x64\x69\x14\x9d\x7b\xe5\xde\xfc", 20) = 20 [pid 5008] close(3) = -1 EBADF (Bad file descriptor) [pid 5008] close(4) = -1 EBADF (Bad file descriptor) [pid 5008] close(5) = -1 EBADF (Bad file descriptor) [pid 5008] close(6) = -1 EBADF (Bad file descriptor) [pid 5008] close(7) = -1 EBADF (Bad file descriptor) [pid 5008] close(8) = -1 EBADF (Bad file descriptor) [pid 5008] close(9) = -1 EBADF (Bad file descriptor) [pid 5008] close(10) = -1 EBADF (Bad file descriptor) [pid 5008] close(11) = -1 EBADF (Bad file descriptor) [pid 5008] close(12) = -1 EBADF (Bad file descriptor) [pid 5008] close(13) = -1 EBADF (Bad file descriptor) [pid 5008] close(14) = -1 EBADF (Bad file descriptor) [pid 5008] close(15) = -1 EBADF (Bad file descriptor) [pid 5008] close(16) = -1 EBADF (Bad file descriptor) [pid 5008] close(17) = -1 EBADF (Bad file descriptor) [pid 5008] close(18) = -1 EBADF (Bad file descriptor) [pid 5008] close(19) = -1 EBADF (Bad file descriptor) [pid 5008] close(20) = -1 EBADF (Bad file descriptor) [pid 5008] close(21) = -1 EBADF (Bad file descriptor) [pid 5008] close(22) = -1 EBADF (Bad file descriptor) [pid 5008] close(23) = -1 EBADF (Bad file descriptor) [ 160.428044][ T4386] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 160.434129][ T4386] ? filter_irq_stacks+0x60/0x1a0 [ 160.439424][ T4386] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 160.445948][ T4386] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 160.452026][ T4386] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 160.458101][ T4386] __msan_warning+0x96/0x110 [ 160.463029][ T4386] eir_get_service_data+0x25c/0x570 [ 160.468462][ T4386] iso_connect_ind+0x2004/0x2330 [ 160.473656][ T4386] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [pid 5008] close(24) = -1 EBADF (Bad file descriptor) [pid 5008] close(25) = -1 EBADF (Bad file descriptor) [pid 5008] close(26) = -1 EBADF (Bad file descriptor) [pid 5008] close(27) = -1 EBADF (Bad file descriptor) [pid 5008] close(28) = -1 EBADF (Bad file descriptor) [pid 5008] close(29) = -1 EBADF (Bad file descriptor) [pid 5008] exit_group(0) = ? [pid 5008] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557101690) = 6 ./strace-static-x86_64: Process 5009 attached [pid 5009] set_robust_list(0x5555571016a0, 24) = 0 [ 160.480173][ T4386] hci_le_per_adv_report_evt+0xc0/0x1e0 [ 160.486007][ T4386] hci_le_meta_evt+0x608/0x860 [ 160.491001][ T4386] ? hci_le_pa_sync_estabilished_evt+0x5b0/0x5b0 [ 160.497720][ T4386] hci_event_packet+0x1183/0x1be0 [ 160.502967][ T4386] ? hci_remote_host_features_evt+0x3c0/0x3c0 [ 160.509296][ T4386] hci_rx_work+0x687/0x1120 [ 160.514049][ T4386] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 160.520205][ T4386] ? hci_alloc_dev_priv+0x2d50/0x2d50 [pid 5009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5009] setpgid(0, 0) = 0 [pid 5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5009] write(3, "1000", 4) = 4 [pid 5009] close(3) = 0 [pid 5009] write(202, "\x04\x3e\x21\x0f\x1f\x88\x74\x89\xaf\x00\xff\x01\x64\x69\x14\x9d\x7b\xe5\xde\xfc", 20) = 20 [pid 5009] close(3) = -1 EBADF (Bad file descriptor) [pid 5009] close(4) = -1 EBADF (Bad file descriptor) [pid 5009] close(5) = -1 EBADF (Bad file descriptor) [pid 5009] close(6) = -1 EBADF (Bad file descriptor) [pid 5009] close(7) = -1 EBADF (Bad file descriptor) [pid 5009] close(8) = -1 EBADF (Bad file descriptor) [pid 5009] close(9) = -1 EBADF (Bad file descriptor) [pid 5009] close(10) = -1 EBADF (Bad file descriptor) [pid 5009] close(11) = -1 EBADF (Bad file descriptor) [ 160.525826][ T4386] ? hci_alloc_dev_priv+0x2d50/0x2d50 [ 160.531445][ T4386] process_scheduled_works+0x104e/0x1e70 [ 160.537341][ T4386] worker_thread+0xf45/0x1490 [ 160.542257][ T4386] kthread+0x3ed/0x540 [ 160.546563][ T4386] ? pr_cont_work+0xce0/0xce0 [ 160.551489][ T4386] ? kthread_blkcg+0x120/0x120 [ 160.556585][ T4386] ret_from_fork+0x66/0x80 [ 160.561244][ T4386] ? kthread_blkcg+0x120/0x120 [ 160.566260][ T4386] ret_from_fork_asm+0x11/0x20 [ 160.571277][ T4386] [ 160.574888][ T4386] Kernel Offset: disabled [ 160.579358][ T4386] Rebooting in 86400 seconds..