./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1625044760

<...>
Warning: Permanently added '10.128.0.153' (ECDSA) to the list of known hosts.
execve("./syz-executor1625044760", ["./syz-executor1625044760"], 0x7ffd4021b5b0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555734d000
brk(0x55555734dc40)                     = 0x55555734dc40
arch_prctl(ARCH_SET_FS, 0x55555734d300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x55555734d5d0)         = 3607
set_robust_list(0x55555734d5e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7fe87fc30860, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fe87fc30f30}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7fe87fc30900, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe87fc30f30}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1625044760", 4096) = 28
brk(0x55555736ec40)                     = 0x55555736ec40
brk(0x55555736f000)                     = 0x55555736f000
mprotect(0x7fe87fcf2000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3608 attached
, child_tidptr=0x55555734d5d0) = 3608
[pid  3608] set_robust_list(0x55555734d5e0, 24) = 0
[pid  3608] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3608] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3
[pid  3608] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4
[pid  3608] dup2(4, 202)                = 202
[pid  3608] close(4)                    = 0
[pid  3608] read(202, "\xff\x00\x00\x00", 4) = 4
[pid  3608] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe87f420000
[pid  3608] mprotect(0x7fe87f421000, 8388608, PROT_READ|PROT_WRITE) = 0
[pid  3608] clone(child_stack=0x7fe87fc203f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2], tls=0x7fe87fc20700, child_tidptr=0x7fe87fc209d0) = 2
[pid  3608] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 3612 attached
 <unfinished ...>
[pid  3612] set_robust_list(0x7fe87fc209e0, 24) = 0
[pid  3612] read(202, "\x01\x03\x0c\x00", 1024) = 4
[pid  3612] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3612] read(202, "\x01\x03\x10\x00", 1024) = 4
[pid  3612] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3612] read(202, "\x01\x01\x10\x00", 1024) = 4
[pid  3612] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3612] read(202, "\x01\x09\x10\x00", 1024) = 4
[pid  3612] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13
[pid  3612] read(202, "\x01\x05\x10\x00", 1024) = 4
[pid  3612] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14
[pid  3612] read(202, "\x01\x23\x0c\x00", 1024) = 4
[pid  3612] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3612] read(202, "\x01\x14\x0c\x00", 1024) = 4
[pid  3612] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3612] read(202, "\x01\x25\x0c\x00", 1024) = 4
[pid  3612] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3612] read(202, "\x01\x38\x0c\x00", 1024) = 4
[pid  3612] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
syzkaller login: [   42.604899][ T3610] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   42.613463][ T3610] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   42.622231][ T3610] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   42.632269][ T3610] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   42.640878][ T3610] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[pid  3612] read(202, "\x01\x39\x0c\x00", 1024) = 4
[pid  3612] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3612] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6
[pid  3612] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3612] read(202,  <unfinished ...>
[pid  3608] <... ioctl resumed>, 0)     = -1 EALREADY (Operation already in progress)
[pid  3608] ioctl(3, HCISETSCAN <unfinished ...>
[pid  3612] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5
[pid  3612] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7
[pid  3608] <... ioctl resumed>, 0x7ffcf20046f4) = 0
[pid  3612] madvise(0x7fe87f420000, 8372224, MADV_DONTNEED <unfinished ...>
[pid  3608] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 <unfinished ...>
[pid  3612] <... madvise resumed>)      = 0
[pid  3608] <... writev resumed>)       = 13
[pid  3608] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14
[pid  3608] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14
[pid  3608] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22
[pid  3608] futex(0x7fe87fc209d0, FUTEX_WAIT, 2, NULL <unfinished ...>
[pid  3612] exit(0)                     = ?
[pid  3612] +++ exited with 0 +++
[pid  3608] <... futex resumed>)        = 0
[pid  3608] close(3)                    = 0
[pid  3608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3608] setsid()                    = 1
[pid  3608] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3608] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3608] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3608] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3608] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  3608] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3608] unshare(CLONE_NEWNS)        = 0
[pid  3608] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3608] unshare(CLONE_NEWIPC)       = 0
[pid  3608] unshare(CLONE_NEWCGROUP)    = 0
[pid  3608] unshare(CLONE_NEWUTS)       = 0
[pid  3608] unshare(CLONE_SYSVSEM)      = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "16777216", 8)     = 8
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "536870912", 9)    = 9
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "1024", 4)         = 4
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "8192", 4)         = 4
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "1024", 4)         = 4
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "1024", 4)         = 4
[pid  3608] close(3)                    = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3608] close(3)                    = 0
[pid  3608] getpid()                    = 1
[pid  3608] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3608] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[   42.648571][ T3610] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[pid  3608] unshare(CLONE_NEWNET)       = 0
[pid  3608] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  3608] write(3, "0 65535", 7)      = 7
[pid  3608] close(3)                    = 0
[pid  3608] mkdir("/dev/binderfs", 0777) = 0
[pid  3608] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3608] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3608] write(202, "\x04\x3e\x1f\x0a\x00\x00\x00\x00\x00\xaa\xaa\xaa\xaa\xaa\x00\xaa\xaa\xaa\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 34) = 34
[pid  3608] write(202, "\x04\x3e\x1d\x19\x00\x00\x00\x52\x01\x68\x16\x01\xef\x94\xe8\x0a\x06\x01\xfb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32) = 32
[   42.721606][ T3610] list_add double add: new=ffff88807cd08540, prev=ffff88807cd08540, next=ffff888144a30000.
[   42.732144][ T3610] ------------[ cut here ]------------
[   42.737594][ T3610] kernel BUG at lib/list_debug.c:33!
[   42.742925][ T3610] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   42.748975][ T3610] CPU: 0 PID: 3610 Comm: kworker/u5:2 Not tainted 6.0.0-rc4-syzkaller-00302-gb96fbd602d35 #0
[   42.759123][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[   42.769175][ T3610] Workqueue: hci0 hci_rx_work
[   42.773874][ T3610] RIP: 0010:__list_add_valid.cold+0x42/0x58
[   42.779802][ T3610] Code: e8 73 f6 f0 ff 0f 0b 48 c7 c7 40 f9 48 8a e8 65 f6 f0 ff 0f 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 40 fb 48 8a e8 4e f6 f0 ff <0f> 0b 48 89 f1 48 c7 c7 c0 fa 48 8a 4c 89 e6 e8 3a f6 f0 ff 0f 0b
[   42.799444][ T3610] RSP: 0018:ffffc9000398f800 EFLAGS: 00010282
[   42.805514][ T3610] RAX: 0000000000000058 RBX: ffff8880216bd298 RCX: 0000000000000000
[   42.813480][ T3610] RDX: ffff888076949d80 RSI: ffffffff8161f408 RDI: fffff52000731ef2
[   42.821449][ T3610] RBP: ffff88807cd08540 R08: 0000000000000058 R09: 0000000000000000
[   42.829415][ T3610] R10: 0000000080000001 R11: 0000000000000000 R12: ffff888144a30000
[   42.837383][ T3610] R13: ffff88807cd08550 R14: ffff88807cd08558 R15: ffff88807cd08540
[   42.845349][ T3610] FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   42.854277][ T3610] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.860870][ T3610] CR2: 0000000020000000 CR3: 0000000078c49000 CR4: 00000000003506f0
[   42.868838][ T3610] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   42.876804][ T3610] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   42.884787][ T3610] Call Trace:
[   42.888062][ T3610]  <TASK>
[   42.890989][ T3610]  kobject_add_internal+0x18f/0x8f0
[   42.896188][ T3610]  ? kasan_quarantine_put+0xf5/0x210
[   42.901480][ T3610]  kobject_add+0x150/0x1c0
[   42.905893][ T3610]  ? kset_create_and_add+0x1a0/0x1a0
[   42.911192][ T3610]  ? kfree_const+0x51/0x60
[   42.915626][ T3610]  ? kfree+0xe2/0x580
[   42.919619][ T3610]  ? rcu_read_lock_sched_held+0x3a/0x70
[   42.925187][ T3610]  device_add+0x368/0x1e90
[   42.929628][ T3610]  ? dev_set_name+0xbb/0xf0
[   42.934129][ T3610]  ? device_initialize+0x540/0x540
[   42.939242][ T3610]  ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[   42.945483][ T3610]  ? hci_le_cis_estabilished_evt+0x1ee/0xae0
[   42.951465][ T3610]  ? lock_downgrade+0x6e0/0x6e0
[   42.956329][ T3610]  ? hci_event_packet+0x425/0xfd0
[   42.961359][ T3610]  hci_conn_add_sysfs+0x9b/0x1b0
[   42.966297][ T3610]  hci_le_cis_estabilished_evt+0x57c/0xae0
[   42.972107][ T3610]  ? hci_cc_le_set_random_addr+0x290/0x290
[   42.977913][ T3610]  ? wait_for_completion_io_timeout+0x20/0x20
[   42.983983][ T3610]  hci_le_meta_evt+0x2b8/0x510
[   42.988747][ T3610]  ? hci_cc_le_set_random_addr+0x290/0x290
[   42.994559][ T3610]  hci_event_packet+0x63d/0xfd0
[   42.999413][ T3610]  ? hci_conn_drop+0x2f0/0x2f0
[   43.004195][ T3610]  ? hci_cs_create_conn+0x3a0/0x3a0
[   43.009396][ T3610]  ? kcov_remote_start+0x156/0x7a0
[   43.014514][ T3610]  hci_rx_work+0xae7/0x1230
[   43.019021][ T3610]  process_one_work+0x991/0x1610
[   43.023964][ T3610]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   43.029336][ T3610]  ? rwlock_bug.part.0+0x90/0x90
[   43.034275][ T3610]  ? _raw_spin_lock_irq+0x41/0x50
[   43.039298][ T3610]  worker_thread+0x665/0x1080
[   43.043981][ T3610]  ? __kthread_parkme+0x15f/0x220
[   43.049003][ T3610]  ? process_one_work+0x1610/0x1610
[   43.054257][ T3610]  kthread+0x2e4/0x3a0
[   43.058323][ T3610]  ? kthread_complete_and_exit+0x40/0x40
[   43.063956][ T3610]  ret_from_fork+0x1f/0x30
[   43.068378][ T3610]  </TASK>
[pid  3608] exit_group(1)               = ?
[   43.071407][ T3610] Modules linked in:
[   43.075350][ T3610] ---[ end trace 0000000000000000 ]---
[   43.080826][ T3610] RIP: 0010:__list_add_valid.cold+0x42/0x58
[   43.086739][ T3610] Code: e8 73 f6 f0 ff 0f 0b 48 c7 c7 40 f9 48 8a e8 65 f6 f0 ff 0f 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 40 fb 48 8a e8 4e f6 f0 ff <0f> 0b 48 89 f1 48 c7 c7 c0 fa 48 8a 4c 89 e6 e8 3a f6 f0 ff 0f 0b
[   43.106398][ T3610] RSP: 0018:ffffc9000398f800 EFLAGS: 00010282
[   43.112675][ T3610] RAX: 0000000000000058 RBX: ffff8880216bd298 RCX: 0000000000000000
[   43.120686][ T3610] RDX: ffff888076949d80 RSI: ffffffff8161f408 RDI: fffff52000731ef2
[   43.128677][ T3610] RBP: ffff88807cd08540 R08: 0000000000000058 R09: 0000000000000000
[   43.136677][ T3610] R10: 0000000080000001 R11: 0000000000000000 R12: ffff888144a30000
[   43.144669][ T3610] R13: ffff88807cd08550 R14: ffff88807cd08558 R15: ffff88807cd08540
[   43.152702][ T3610] FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   43.161654][ T3610] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.168228][ T3610] CR2: 0000000020000000 CR3: 000000000bc8e000 CR4: 00000000003506f0
[   43.176213][ T3610] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   43.184213][ T3610] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   43.192223][ T3610] Kernel panic - not syncing: Fatal exception
[   43.198348][ T3610] Kernel Offset: disabled
[   43.202668][ T3610] Rebooting in 86400 seconds..