./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2357534694

<...>
Warning: Permanently added '10.128.0.104' (ECDSA) to the list of known hosts.
execve("./syz-executor2357534694", ["./syz-executor2357534694"], 0x7ffe1ddf1c30 /* 10 vars */) = 0
brk(NULL)                               = 0x555555722000
brk(0x555555722c40)                     = 0x555555722c40
arch_prctl(ARCH_SET_FS, 0x555555722300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x5555557225d0)         = 3606
set_robust_list(0x5555557225e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7fbef43f2850, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fbef43f2f20}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7fbef43f28f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbef43f2f20}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2357534694", 4096) = 28
brk(0x555555743c40)                     = 0x555555743c40
brk(0x555555744000)                     = 0x555555744000
mprotect(0x7fbef44b4000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3607 attached
, child_tidptr=0x5555557225d0) = 3607
[pid  3607] set_robust_list(0x5555557225e0, 24) = 0
[pid  3607] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3607] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3
[pid  3607] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4
[pid  3607] dup2(4, 202)                = 202
[pid  3607] close(4)                    = 0
[pid  3607] read(202, "\xff\x00\x00\x00", 4) = 4
[pid  3607] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbef3be2000
[pid  3607] mprotect(0x7fbef3be3000, 8388608, PROT_READ|PROT_WRITE) = 0
[pid  3607] clone(child_stack=0x7fbef43e23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2], tls=0x7fbef43e2700, child_tidptr=0x7fbef43e29d0) = 2
[pid  3607] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 3611 attached
 <unfinished ...>
[pid  3611] set_robust_list(0x7fbef43e29e0, 24) = 0
[pid  3611] read(202, "\x01\x03\x0c\x00", 1024) = 4
[pid  3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3611] read(202, "\x01\x03\x10\x00", 1024) = 4
[pid  3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3611] read(202, "\x01\x01\x10\x00", 1024) = 4
[pid  3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3611] read(202, "\x01\x09\x10\x00", 1024) = 4
[pid  3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13
[pid  3611] read(202, "\x01\x05\x10\x00", 1024) = 4
[pid  3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14
[pid  3611] read(202, "\x01\x23\x0c\x00", 1024) = 4
[pid  3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3611] read(202, "\x01\x14\x0c\x00", 1024) = 4
[pid  3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3611] read(202, "\x01\x25\x0c\x00", 1024) = 4
[pid  3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3611] read(202, "\x01\x38\x0c\x00", 1024) = 4
[pid  3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
syzkaller login: [   51.670734][ T3609] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   51.679390][ T3609] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   51.688042][ T3609] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   51.698084][ T3609] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   51.707305][ T3609] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[pid  3611] read(202, "\x01\x39\x0c\x00", 1024) = 4
[pid  3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3611] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6
[pid  3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3611] read(202,  <unfinished ...>
[pid  3607] <... ioctl resumed>, 0)     = -1 EALREADY (Operation already in progress)
[pid  3607] ioctl(3, HCISETSCAN <unfinished ...>
[pid  3611] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5
[pid  3611] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7
[pid  3611] madvise(0x7fbef3be2000, 8372224, MADV_DONTNEED <unfinished ...>
[pid  3607] <... ioctl resumed>, 0x7ffc6284d4e4) = 0
[pid  3607] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 <unfinished ...>
[pid  3611] <... madvise resumed>)      = 0
[pid  3607] <... writev resumed>)       = 13
[pid  3607] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14
[pid  3607] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14
[pid  3607] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22
[pid  3607] futex(0x7fbef43e29d0, FUTEX_WAIT, 2, NULL <unfinished ...>
[pid  3611] exit(0)                     = ?
[pid  3607] <... futex resumed>)        = 0
[pid  3607] close(3)                    = 0
[pid  3607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3607] setsid()                    = 1
[pid  3607] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3
[pid  3607] dup2(3, 201)                = 201
[pid  3607] close(3)                    = 0
[pid  3607] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3607] unshare(CLONE_NEWNS)        = 0
[pid  3611] +++ exited with 0 +++
[pid  3607] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3607] unshare(CLONE_NEWIPC)       = 0
[pid  3607] unshare(CLONE_NEWCGROUP)    = 0
[pid  3607] unshare(CLONE_NEWUTS)       = 0
[pid  3607] unshare(CLONE_SYSVSEM)      = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "16777216", 8)     = 8
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "536870912", 9)    = 9
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "1024", 4)         = 4
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "8192", 4)         = 4
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "1024", 4)         = 4
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "1024", 4)         = 4
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3607] close(3)                    = 0
[pid  3607] getpid()                    = 1
[pid  3607] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3607] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[   51.715040][ T3609] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[pid  3607] unshare(CLONE_NEWNET)       = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "0 65535", 7)      = 7
[pid  3607] close(3)                    = 0
[pid  3607] mkdir("/dev/binderfs", 0777) = 0
[pid  3607] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3607] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3607] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3
[pid  3607] setns(201, 0)               = 0
[pid  3607] socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_L2CAP) = 4
[pid  3607] setns(3, 0)                 = 0
[pid  3607] close(3)                    = 0
[pid  3607] bind(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(0 /* L2CAP_PSM_??? */), l2_bdaddr=00:00:00:00:00:00, l2_cid=htobs(L2CAP_CID_DYN_START + 2217), l2_bdaddr_type=BDADDR_BREDR}, 14) = 0
[pid  3607] setsockopt(4, SOL_TCP, TCP_CORK, [41], 4) = 0
[   53.733408][    T6] Bluetooth: hci0: command 0x0409 tx timeout
[pid  3607] connect(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(0 /* L2CAP_PSM_??? */), l2_bdaddr=aa:aa:aa:aa:aa:10, l2_cid=htobs(L2CAP_CID_DYN_START + 189), l2_bdaddr_type=BDADDR_BREDR}, 14) = 0
[pid  3607] exit_group(1)               = ?
[   55.759041][ T3607] ------------[ cut here ]------------
[   55.764665][ T3607] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: 0x0
[   55.774534][ T3607] WARNING: CPU: 0 PID: 3607 at lib/debugobjects.c:509 debug_print_object+0x16e/0x250
[   55.784104][ T3607] Modules linked in:
[   55.787986][ T3607] CPU: 0 PID: 3607 Comm: syz-executor235 Not tainted 5.19.0-next-20220809-syzkaller #0
[   55.797600][ T3607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   55.807641][ T3607] RIP: 0010:debug_print_object+0x16e/0x250
[   55.813448][ T3607] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd 60 09 49 8a 4c 89 ee 48 c7 c7 00 fd 48 8a e8 73 ac 38 05 <0f> 0b 83 05 35 41 dd 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
[   55.833043][ T3607] RSP: 0018:ffffc900039ef8a0 EFLAGS: 00010082
[   55.839097][ T3607] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
[   55.847067][ T3607] RDX: ffff88807f355880 RSI: ffffffff8161f1f8 RDI: fffff5200073df06
[   55.855024][ T3607] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
[   55.862987][ T3607] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff89eeff60
[   55.870956][ T3607] R13: ffffffff8a4903c0 R14: ffffffff816b23c0 R15: 1ffff9200073df1f
[   55.878914][ T3607] FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   55.887842][ T3607] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   55.894414][ T3607] CR2: 00007ff196b876a8 CR3: 00000000261c8000 CR4: 00000000003506f0
[   55.902373][ T3607] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   55.910331][ T3607] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   55.918310][ T3607] Call Trace:
[   55.921575][ T3607]  <TASK>
[   55.924498][ T3607]  debug_object_assert_init+0x1f4/0x2e0
[   55.930039][ T3607]  ? mark_lock.part.0+0xee/0x1910
[   55.935070][ T3607]  ? debug_object_init_on_stack+0x20/0x20
[   55.940818][ T3607]  ? find_held_lock+0x2d/0x110
[   55.945584][ T3607]  ? __queue_work+0x665/0x1210
[   55.950358][ T3607]  ? lock_downgrade+0x6e0/0x6e0
[   55.955209][ T3607]  del_timer+0x6d/0x110
[   55.959373][ T3607]  ? detach_if_pending+0x480/0x480
[   55.964478][ T3607]  ? try_to_grab_pending+0xbd/0xd0
[   55.969588][ T3607]  ? lockdep_hardirqs_off+0x90/0xd0
[   55.974783][ T3607]  try_to_grab_pending+0x6d/0xd0
[   55.979821][ T3607]  __cancel_work+0x7c/0x340
[   55.984317][ T3607]  ? queue_delayed_work_on+0xe6/0x120
[   55.989684][ T3607]  ? try_to_grab_pending+0xd0/0xd0
[   55.994788][ T3607]  ? lockdep_hardirqs_on+0x79/0x100
[   55.999979][ T3607]  ? queue_delayed_work_on+0xbb/0x120
[   56.005345][ T3607]  l2cap_chan_del+0x565/0xa60
[   56.010016][ T3607]  l2cap_conn_del+0x3c0/0x7b0
[   56.014687][ T3607]  ? l2cap_conn_del+0x7b0/0x7b0
[   56.019525][ T3607]  l2cap_disconn_cfm+0x8c/0xc0
[   56.024280][ T3607]  hci_conn_hash_flush+0x122/0x260
[   56.029382][ T3607]  hci_dev_close_sync+0x55d/0x1130
[   56.034503][ T3607]  ? hci_dev_open_sync+0x2190/0x2190
[   56.039780][ T3607]  ? kfree+0xe2/0x580
[   56.043757][ T3607]  hci_dev_do_close+0x2d/0x70
[   56.048459][ T3607]  hci_unregister_dev+0x17f/0x4e0
[   56.053489][ T3607]  vhci_release+0x7c/0xf0
[   56.057822][ T3607]  __fput+0x277/0x9d0
[   56.061803][ T3607]  ? vhci_close_dev+0x50/0x50
[   56.066495][ T3607]  task_work_run+0xdd/0x1a0
[   56.070999][ T3607]  do_exit+0xc39/0x2b60
[   56.075163][ T3607]  ? lock_downgrade+0x6e0/0x6e0
[   56.080013][ T3607]  ? do_raw_spin_lock+0x120/0x2a0
[   56.085057][ T3607]  ? mm_update_next_owner+0x7a0/0x7a0
[   56.090703][ T3607]  ? rwlock_bug.part.0+0x90/0x90
[   56.095658][ T3607]  ? _raw_spin_unlock_irq+0x1f/0x40
[   56.100871][ T3607]  ? _raw_spin_unlock_irq+0x1f/0x40
[   56.106090][ T3607]  do_group_exit+0xd0/0x2a0
[   56.110601][ T3607]  __x64_sys_exit_group+0x3a/0x50
[   56.115639][ T3607]  do_syscall_64+0x35/0xb0
[   56.120054][ T3607]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.125954][ T3607] RIP: 0033:0x7fbef442f629
[   56.130372][ T3607] Code: Unable to access opcode bytes at RIP 0x7fbef442f5ff.
[   56.137733][ T3607] RSP: 002b:00007ffc6284d478 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   56.146142][ T3607] RAX: ffffffffffffffda RBX: 00007fbef44ba390 RCX: 00007fbef442f629
[   56.154105][ T3607] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   56.162063][ T3607] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 000000fff44b4e00
[   56.170043][ T3607] R10: 0000000000000004 R11: 0000000000000246 R12: 00007fbef44ba390
[   56.178004][ T3607] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   56.185975][ T3607]  </TASK>
[   56.188984][ T3607] Kernel panic - not syncing: panic_on_warn set ...
[   56.195551][ T3607] CPU: 0 PID: 3607 Comm: syz-executor235 Not tainted 5.19.0-next-20220809-syzkaller #0
[   56.205177][ T3607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   56.215237][ T3607] Call Trace:
[   56.218507][ T3607]  <TASK>
[   56.221428][ T3607]  dump_stack_lvl+0xcd/0x134
[   56.226033][ T3607]  panic+0x2c8/0x627
[   56.229943][ T3607]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   56.235935][ T3607]  ? __warn.cold+0x248/0x2c4
[   56.240537][ T3607]  ? debug_print_object+0x16e/0x250
[   56.245731][ T3607]  __warn.cold+0x259/0x2c4
[   56.250149][ T3607]  ? __wake_up_klogd.part.0+0xcb/0xf0
[   56.255519][ T3607]  ? debug_print_object+0x16e/0x250
[   56.260709][ T3607]  report_bug+0x1bc/0x210
[   56.265036][ T3607]  handle_bug+0x3c/0x60
[   56.269184][ T3607]  exc_invalid_op+0x14/0x40
[   56.273696][ T3607]  asm_exc_invalid_op+0x16/0x20
[   56.278544][ T3607] RIP: 0010:debug_print_object+0x16e/0x250
[   56.284345][ T3607] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd 60 09 49 8a 4c 89 ee 48 c7 c7 00 fd 48 8a e8 73 ac 38 05 <0f> 0b 83 05 35 41 dd 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
[   56.304041][ T3607] RSP: 0018:ffffc900039ef8a0 EFLAGS: 00010082
[   56.310095][ T3607] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
[   56.318052][ T3607] RDX: ffff88807f355880 RSI: ffffffff8161f1f8 RDI: fffff5200073df06
[   56.326010][ T3607] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
[   56.333971][ T3607] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff89eeff60
[   56.341929][ T3607] R13: ffffffff8a4903c0 R14: ffffffff816b23c0 R15: 1ffff9200073df1f
[   56.349889][ T3607]  ? calc_wheel_index+0x3d0/0x3d0
[   56.354911][ T3607]  ? vprintk+0x88/0x90
[   56.358978][ T3607]  debug_object_assert_init+0x1f4/0x2e0
[   56.364519][ T3607]  ? mark_lock.part.0+0xee/0x1910
[   56.369534][ T3607]  ? debug_object_init_on_stack+0x20/0x20
[   56.375245][ T3607]  ? find_held_lock+0x2d/0x110
[   56.379998][ T3607]  ? __queue_work+0x665/0x1210
[   56.384754][ T3607]  ? lock_downgrade+0x6e0/0x6e0
[   56.389596][ T3607]  del_timer+0x6d/0x110
[   56.393742][ T3607]  ? detach_if_pending+0x480/0x480
[   56.398843][ T3607]  ? try_to_grab_pending+0xbd/0xd0
[   56.403948][ T3607]  ? lockdep_hardirqs_off+0x90/0xd0
[   56.409145][ T3607]  try_to_grab_pending+0x6d/0xd0
[   56.414078][ T3607]  __cancel_work+0x7c/0x340
[   56.418572][ T3607]  ? queue_delayed_work_on+0xe6/0x120
[   56.423936][ T3607]  ? try_to_grab_pending+0xd0/0xd0
[   56.429040][ T3607]  ? lockdep_hardirqs_on+0x79/0x100
[   56.434248][ T3607]  ? queue_delayed_work_on+0xbb/0x120
[   56.439615][ T3607]  l2cap_chan_del+0x565/0xa60
[   56.444285][ T3607]  l2cap_conn_del+0x3c0/0x7b0
[   56.448957][ T3607]  ? l2cap_conn_del+0x7b0/0x7b0
[   56.453796][ T3607]  l2cap_disconn_cfm+0x8c/0xc0
[   56.458549][ T3607]  hci_conn_hash_flush+0x122/0x260
[   56.463652][ T3607]  hci_dev_close_sync+0x55d/0x1130
[   56.468758][ T3607]  ? hci_dev_open_sync+0x2190/0x2190
[   56.474035][ T3607]  ? kfree+0xe2/0x580
[   56.478012][ T3607]  hci_dev_do_close+0x2d/0x70
[   56.482684][ T3607]  hci_unregister_dev+0x17f/0x4e0
[   56.487703][ T3607]  vhci_release+0x7c/0xf0
[   56.492027][ T3607]  __fput+0x277/0x9d0
[   56.496005][ T3607]  ? vhci_close_dev+0x50/0x50
[   56.500769][ T3607]  task_work_run+0xdd/0x1a0
[   56.505288][ T3607]  do_exit+0xc39/0x2b60
[   56.509446][ T3607]  ? lock_downgrade+0x6e0/0x6e0
[   56.514294][ T3607]  ? do_raw_spin_lock+0x120/0x2a0
[   56.519316][ T3607]  ? mm_update_next_owner+0x7a0/0x7a0
[   56.524679][ T3607]  ? rwlock_bug.part.0+0x90/0x90
[   56.529610][ T3607]  ? _raw_spin_unlock_irq+0x1f/0x40
[   56.534828][ T3607]  ? _raw_spin_unlock_irq+0x1f/0x40
[   56.540028][ T3607]  do_group_exit+0xd0/0x2a0
[   56.544520][ T3607]  __x64_sys_exit_group+0x3a/0x50
[   56.549533][ T3607]  do_syscall_64+0x35/0xb0
[   56.553940][ T3607]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.559818][ T3607] RIP: 0033:0x7fbef442f629
[   56.564219][ T3607] Code: Unable to access opcode bytes at RIP 0x7fbef442f5ff.
[   56.571565][ T3607] RSP: 002b:00007ffc6284d478 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   56.580003][ T3607] RAX: ffffffffffffffda RBX: 00007fbef44ba390 RCX: 00007fbef442f629
[   56.587976][ T3607] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   56.595940][ T3607] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 000000fff44b4e00
[   56.603898][ T3607] R10: 0000000000000004 R11: 0000000000000246 R12: 00007fbef44ba390
[   56.611854][ T3607] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   56.619826][ T3607]  </TASK>
[   56.623094][ T3607] Kernel Offset: disabled
[   56.627498][ T3607] Rebooting in 86400 seconds..