./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3718125365

<...>
Warning: Permanently added '10.128.0.252' (ED25519) to the list of known hosts.
execve("./syz-executor3718125365", ["./syz-executor3718125365"], 0x7ffc35507b70 /* 10 vars */) = 0
brk(NULL)                               = 0x5555574b7000
brk(0x5555574b7d40)                     = 0x5555574b7d40
arch_prctl(ARCH_SET_FS, 0x5555574b73c0) = 0
set_tid_address(0x5555574b7690)         = 5035
set_robust_list(0x5555574b76a0, 24)     = 0
rseq(0x5555574b7ce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3718125365", 4096) = 28
getrandom("\x45\xd9\x55\x2c\x74\x41\xbb\xe0", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555574b7d40
brk(0x5555574d8d40)                     = 0x5555574d8d40
brk(0x5555574d9000)                     = 0x5555574d9000
mprotect(0x7f0d9f6af000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574b7690) = 5036
./strace-static-x86_64: Process 5036 attached
[pid  5036] set_robust_list(0x5555574b76a0, 24) = 0
[pid  5036] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5036] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3
[pid  5036] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4
[pid  5036] dup2(4, 202)                = 202
[pid  5036] close(4)                    = 0
[pid  5036] write(202, "\xff\x00", 2)   = 2
[pid  5036] read(202, "\xff\x00\x00\x00", 4) = 4
[pid  5036] rt_sigaction(SIGRT_1, {sa_handler=0x7f0d9f651400, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0d9f642a80}, NULL, 8) = 0
[pid  5036] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5036] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9edec000
[pid  5036] mprotect(0x7f0d9eded000, 8388608, PROT_READ|PROT_WRITE) = 0
[pid  5036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0d9f5ec990, parent_tid=0x7f0d9f5ec990, exit_signal=0, stack=0x7f0d9edec000, stack_size=0x800300, tls=0x7f0d9f5ec6c0} => {parent_tid=[2]}, 88) = 2
[pid  5036] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5040 attached
 <unfinished ...>
[pid  5040] rseq(0x7f0d9f5ecfe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5036] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5040] <... rseq resumed>)         = 0
[pid  5036] ioctl(3, HCIDEVUP <unfinished ...>
[pid  5040] set_robust_list(0x7f0d9f5ec9a0, 24) = 0
[pid  5040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5040] read(202, "\x01\x03\x0c\x00", 1024) = 4
[pid  5040] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5040] read(202, "\x01\x03\x10\x00", 1024) = 4
[pid  5040] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5040] read(202, "\x01\x01\x10\x00", 1024) = 4
[pid  5040] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5040] read(202, "\x01\x09\x10\x00", 1024) = 4
[pid  5040] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13
[pid  5040] read(202, "\x01\x05\x10\x00", 1024) = 4
[pid  5040] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14
[pid  5040] read(202, "\x01\x23\x0c\x00", 1024) = 4
[pid  5040] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5040] read(202, "\x01\x14\x0c\x00", 1024) = 4
[pid  5040] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5040] read(202, "\x01\x25\x0c\x00", 1024) = 4
[pid  5040] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5040] read(202, "\x01\x38\x0c\x00", 1024) = 4
[   55.271432][   T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   55.279719][   T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   55.288257][   T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.300130][   T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.309800][   T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[pid  5040] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5040] read(202, "\x01\x39\x0c\x00", 1024) = 4
[pid  5040] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5040] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6
[pid  5040] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5040] read(202,  <unfinished ...>
[pid  5036] <... ioctl resumed>, 0)     = -1 EALREADY (Operation already in progress)
[pid  5036] ioctl(3, HCISETSCAN <unfinished ...>
[pid  5040] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5
[pid  5040] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7
[pid  5036] <... ioctl resumed>, 0x7ffdbf3474f4) = 0
[pid  5040] rt_sigprocmask(SIG_BLOCK, ~[RT_1],  <unfinished ...>
[pid  5036] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 <unfinished ...>
[pid  5040] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5040] madvise(0x7f0d9edec000, 8372224, MADV_DONTNEED) = 0
[pid  5040] exit(0)                     = ?
[pid  5040] +++ exited with 0 +++
[pid  5036] <... writev resumed>)       = 13
[pid  5036] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14
[pid  5036] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14
[pid  5036] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22
[pid  5036] close(3)                    = 0
[pid  5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5036] setsid()                    = 1
[pid  5036] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5036] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5036] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5036] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5036] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5036] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5036] unshare(CLONE_NEWNS)        = 0
[pid  5036] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5036] unshare(CLONE_NEWIPC)       = 0
[pid  5036] unshare(CLONE_NEWCGROUP)    = 0
[pid  5036] unshare(CLONE_NEWUTS)       = 0
[pid  5036] unshare(CLONE_SYSVSEM)      = 0
[pid  5036] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5036] write(3, "16777216", 8)     = 8
[pid  5036] close(3)                    = 0
[pid  5036] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5036] write(3, "536870912", 9)    = 9
[pid  5036] close(3)                    = 0
[pid  5036] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5036] write(3, "1024", 4)         = 4
[pid  5036] close(3)                    = 0
[pid  5036] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5036] write(3, "8192", 4)         = 4
[pid  5036] close(3)                    = 0
[pid  5036] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5036] write(3, "1024", 4)         = 4
[pid  5036] close(3)                    = 0
[pid  5036] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5036] write(3, "1024", 4)         = 4
[pid  5036] close(3)                    = 0
[pid  5036] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[   55.318592][   T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[pid  5036] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5036] close(3)                    = 0
[pid  5036] getpid()                    = 1
[pid  5036] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5036] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5036] unshare(CLONE_NEWNET)       = 0
[pid  5036] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5036] write(3, "0 65535", 7)      = 7
[pid  5036] close(3)                    = 0
[pid  5036] mkdir("/dev/binderfs", 0777) = 0
[pid  5036] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5036] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5036] write(202, "\x04\x3e\x1d\x1b\x00\x00\x00\x9b\x19\xde\x4b\x96\x28\xbf\xd8\x64\x89\xaf\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32) = 32
[pid  5036] exit_group(1)               = ?
[   55.412827][ T4442] BUG: sleeping function called from invalid context at net/bluetooth/hci_sync.c:167
[   55.423086][ T4442] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4442, name: kworker/u5:1
[   55.432483][ T4442] preempt_count: 0, expected: 0
[   55.437396][ T4442] RCU nest depth: 1, expected: 0
[   55.442349][ T4442] 4 locks held by kworker/u5:1/4442:
[   55.447992][ T4442]  #0: ffff8880293b1938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x787/0x15c0
[   55.458482][ T4442]  #1: ffffc9000e7afd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7e9/0x15c0
[   55.469989][ T4442]  #2: ffff88807c5a8078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xab0
[   55.480575][ T4442]  #3: ffffffff8cbab2a0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xab0
[   55.491449][ T4442] CPU: 0 PID: 4442 Comm: kworker/u5:1 Not tainted 6.6.0-rc2-syzkaller-00386-g3aba70aed91f #0
[   55.501603][ T4442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   55.511642][ T4442] Workqueue: hci0 hci_rx_work
[   55.516320][ T4442] Call Trace:
[   55.519602][ T4442]  <TASK>
[   55.522515][ T4442]  dump_stack_lvl+0x125/0x1b0
[   55.527192][ T4442]  __might_resched+0x3c3/0x5e0
[   55.532049][ T4442]  ? preempt_count_sub+0x150/0x150
[   55.537150][ T4442]  ? queue_work_on+0x97/0x110
[   55.541810][ T4442]  __hci_cmd_sync_sk+0x374/0xe70
[   55.546733][ T4442]  ? hci_read_local_codecs_sync+0xf0/0xf0
[   55.552460][ T4442]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   55.558437][ T4442]  __hci_cmd_sync_status_sk+0x48/0x160
[   55.563901][ T4442]  hci_le_terminate_big_sync+0xb2/0xe0
[   55.569344][ T4442]  ? hci_remove_ext_adv_instance+0x70/0x70
[   55.575127][ T4442]  ? reacquire_held_locks+0x4b0/0x4b0
[   55.580493][ T4442]  hci_le_create_big_complete_evt+0x765/0xab0
[   55.586546][ T4442]  ? __mutex_unlock_slowpath+0x165/0x640
[   55.592253][ T4442]  ? hci_cc_le_set_ext_adv_enable+0xa70/0xa70
[   55.598306][ T4442]  ? bit_wait_io_timeout+0x160/0x160
[   55.603594][ T4442]  ? skb_pull_data+0xfc/0x160
[   55.608256][ T4442]  hci_le_meta_evt+0x2bc/0x510
[   55.613023][ T4442]  ? hci_cc_le_set_ext_adv_enable+0xa70/0xa70
[   55.619255][ T4442]  ? skb_pull_data+0xfc/0x160
[   55.623923][ T4442]  hci_event_packet+0x642/0xfd0
[   55.628773][ T4442]  ? hci_inquiry_result_evt+0x500/0x500
[   55.634302][ T4442]  ? hci_key_refresh_complete_evt+0x1090/0x1090
[   55.640545][ T4442]  ? mark_held_locks+0x9f/0xe0
[   55.645302][ T4442]  ? kcov_remote_start+0x3e8/0x6c0
[   55.650402][ T4442]  ? lockdep_hardirqs_on+0x7d/0x100
[   55.655608][ T4442]  hci_rx_work+0x2c4/0x13e0
[   55.660098][ T4442]  process_one_work+0x884/0x15c0
[   55.665046][ T4442]  ? lock_sync+0x190/0x190
[   55.669451][ T4442]  ? init_worker_pool+0x770/0x770
[   55.674462][ T4442]  ? assign_work+0x1a0/0x240
[   55.679123][ T4442]  worker_thread+0x8b9/0x1290
[   55.683836][ T4442]  ? __kthread_parkme+0x14b/0x220
[   55.688851][ T4442]  ? process_one_work+0x15c0/0x15c0
[   55.694061][ T4442]  kthread+0x33c/0x440
[   55.698118][ T4442]  ? _raw_spin_unlock_irq+0x23/0x50
[   55.703302][ T4442]  ? kthread_complete_and_exit+0x40/0x40
[   55.708925][ T4442]  ret_from_fork+0x45/0x80
[   55.713327][ T4442]  ? kthread_complete_and_exit+0x40/0x40
[   55.718939][ T4442]  ret_from_fork_asm+0x11/0x20
[   55.723701][ T4442]  </TASK>
[   55.727603][ T4442] ------------[ cut here ]------------
[   55.733063][ T4442] Voluntary context switch within RCU read-side critical section!
[   55.733121][ T4442] WARNING: CPU: 0 PID: 4442 at kernel/rcu/tree_plugin.h:320 rcu_note_context_switch+0xbfc/0x1ac0
[   55.751407][ T4442] Modules linked in:
[   55.755292][ T4442] CPU: 0 PID: 4442 Comm: kworker/u5:1 Tainted: G        W          6.6.0-rc2-syzkaller-00386-g3aba70aed91f #0
[   55.766910][ T4442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   55.776954][ T4442] Workqueue: hci0 hci_rx_work
[   55.781625][ T4442] RIP: 0010:rcu_note_context_switch+0xbfc/0x1ac0
[   55.787951][ T4442] Code: da 56 6b 00 4c 8b 54 24 30 48 8b 44 24 28 8b 4c 24 10 e9 24 04 00 00 48 c7 c7 a0 71 8e 8a c6 05 56 3f 46 0d 01 e8 24 cb db ff <0f> 0b e9 0c f5 ff ff 81 e5 ff ff ff 7f 0f 84 ab f6 ff ff 65 48 8b
[   55.807552][ T4442] RSP: 0018:ffffc9000e7af490 EFLAGS: 00010082
[   55.813610][ T4442] RAX: 0000000000000000 RBX: ffff8880b983d600 RCX: 0000000000000000
[   55.821567][ T4442] RDX: ffff888029d80000 RSI: ffffffff814df0c6 RDI: 0000000000000001
[   55.829527][ T4442] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[   55.837488][ T4442] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888029d80000
[   55.845447][ T4442] R13: ffff888029d80000 R14: ffff888029d80000 R15: ffff8880b983c700
[   55.853409][ T4442] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   55.862331][ T4442] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   55.868903][ T4442] CR2: 00007f0d9f681e48 CR3: 000000000c976000 CR4: 0000000000350ef0
[   55.876866][ T4442] Call Trace:
[   55.880134][ T4442]  <TASK>
[   55.883058][ T4442]  ? show_regs+0x8f/0xa0
[   55.887296][ T4442]  ? __warn+0xe6/0x380
[   55.891354][ T4442]  ? __wake_up_klogd.part.0+0x99/0xf0
[   55.896719][ T4442]  ? rcu_note_context_switch+0xbfc/0x1ac0
[   55.902432][ T4442]  ? report_bug+0x3bc/0x580
[   55.906927][ T4442]  ? handle_bug+0x3c/0x70
[   55.911248][ T4442]  ? exc_invalid_op+0x17/0x40
[   55.915922][ T4442]  ? asm_exc_invalid_op+0x1a/0x20
[   55.920946][ T4442]  ? __warn_printk+0x1a6/0x350
[   55.925701][ T4442]  ? rcu_note_context_switch+0xbfc/0x1ac0
[   55.931422][ T4442]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[   55.937218][ T4442]  ? find_held_lock+0x2d/0x110
[   55.941973][ T4442]  ? __schedule+0x26bf/0x5a10
[   55.946645][ T4442]  ? schedule+0xe7/0x1b0
[   55.950877][ T4442]  __schedule+0x293/0x5a10
[   55.955334][ T4442]  ? lockdep_hardirqs_on+0x7d/0x100
[   55.960544][ T4442]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[   55.966351][ T4442]  ? io_schedule_timeout+0x150/0x150
[   55.971631][ T4442]  ? timer_fixup_activate+0x2b0/0x2b0
[   55.976999][ T4442]  ? mark_held_locks+0x9f/0xe0
[   55.981761][ T4442]  schedule+0xe7/0x1b0
[   55.985823][ T4442]  schedule_timeout+0x157/0x2c0
[   55.990671][ T4442]  ? usleep_range_state+0x1a0/0x1a0
[   55.995863][ T4442]  ? destroy_timer_on_stack+0x20/0x20
[   56.001229][ T4442]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[   56.007028][ T4442]  ? prepare_to_wait_event+0xce/0x690
[   56.012480][ T4442]  ? queue_work_on+0x97/0x110
[   56.017148][ T4442]  __hci_cmd_sync_sk+0x58b/0xe70
[   56.022087][ T4442]  ? hci_read_local_codecs_sync+0xf0/0xf0
[   56.027802][ T4442]  ? cpuacct_percpu_seq_show+0x10/0x10
[   56.033340][ T4442]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   56.039325][ T4442]  __hci_cmd_sync_status_sk+0x48/0x160
[   56.044779][ T4442]  hci_le_terminate_big_sync+0xb2/0xe0
[   56.050230][ T4442]  ? hci_remove_ext_adv_instance+0x70/0x70
[   56.056110][ T4442]  ? reacquire_held_locks+0x4b0/0x4b0
[   56.061480][ T4442]  hci_le_create_big_complete_evt+0x765/0xab0
[   56.067546][ T4442]  ? __mutex_unlock_slowpath+0x165/0x640
[   56.073170][ T4442]  ? hci_cc_le_set_ext_adv_enable+0xa70/0xa70
[   56.079227][ T4442]  ? bit_wait_io_timeout+0x160/0x160
[   56.084527][ T4442]  ? skb_pull_data+0xfc/0x160
[   56.089209][ T4442]  hci_le_meta_evt+0x2bc/0x510
[   56.094048][ T4442]  ? hci_cc_le_set_ext_adv_enable+0xa70/0xa70
[   56.100109][ T4442]  ? skb_pull_data+0xfc/0x160
[   56.104786][ T4442]  hci_event_packet+0x642/0xfd0
[   56.109634][ T4442]  ? hci_inquiry_result_evt+0x500/0x500
[   56.115259][ T4442]  ? hci_key_refresh_complete_evt+0x1090/0x1090
[   56.121610][ T4442]  ? mark_held_locks+0x9f/0xe0
[   56.126388][ T4442]  ? kcov_remote_start+0x3e8/0x6c0
[   56.131675][ T4442]  ? lockdep_hardirqs_on+0x7d/0x100
[   56.136878][ T4442]  hci_rx_work+0x2c4/0x13e0
[   56.141380][ T4442]  process_one_work+0x884/0x15c0
[   56.146320][ T4442]  ? lock_sync+0x190/0x190
[   56.150730][ T4442]  ? init_worker_pool+0x770/0x770
[   56.155750][ T4442]  ? assign_work+0x1a0/0x240
[   56.160340][ T4442]  worker_thread+0x8b9/0x1290
[   56.165041][ T4442]  ? __kthread_parkme+0x14b/0x220
[   56.170146][ T4442]  ? process_one_work+0x15c0/0x15c0
[   56.175337][ T4442]  kthread+0x33c/0x440
[   56.179393][ T4442]  ? _raw_spin_unlock_irq+0x23/0x50
[   56.184581][ T4442]  ? kthread_complete_and_exit+0x40/0x40
[   56.190206][ T4442]  ret_from_fork+0x45/0x80
[   56.194614][ T4442]  ? kthread_complete_and_exit+0x40/0x40
[   56.200237][ T4442]  ret_from_fork_asm+0x11/0x20
[   56.205025][ T4442]  </TASK>
[   56.208039][ T4442] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   56.215297][ T4442] CPU: 0 PID: 4442 Comm: kworker/u5:1 Tainted: G        W          6.6.0-rc2-syzkaller-00386-g3aba70aed91f #0
[   56.226912][ T4442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   56.236979][ T4442] Workqueue: hci0 hci_rx_work
[   56.241673][ T4442] Call Trace:
[   56.245034][ T4442]  <TASK>
[   56.247964][ T4442]  dump_stack_lvl+0xd9/0x1b0
[   56.252549][ T4442]  panic+0x6a6/0x750
[   56.256439][ T4442]  ? panic_smp_self_stop+0xa0/0xa0
[   56.261552][ T4442]  ? rcu_note_context_switch+0xbfc/0x1ac0
[   56.267267][ T4442]  check_panic_on_warn+0xab/0xb0
[   56.272197][ T4442]  __warn+0xf2/0x380
[   56.276086][ T4442]  ? __wake_up_klogd.part.0+0x99/0xf0
[   56.281467][ T4442]  ? rcu_note_context_switch+0xbfc/0x1ac0
[   56.287185][ T4442]  report_bug+0x3bc/0x580
[   56.291527][ T4442]  handle_bug+0x3c/0x70
[   56.295673][ T4442]  exc_invalid_op+0x17/0x40
[   56.300172][ T4442]  asm_exc_invalid_op+0x1a/0x20
[   56.305016][ T4442] RIP: 0010:rcu_note_context_switch+0xbfc/0x1ac0
[   56.311338][ T4442] Code: da 56 6b 00 4c 8b 54 24 30 48 8b 44 24 28 8b 4c 24 10 e9 24 04 00 00 48 c7 c7 a0 71 8e 8a c6 05 56 3f 46 0d 01 e8 24 cb db ff <0f> 0b e9 0c f5 ff ff 81 e5 ff ff ff 7f 0f 84 ab f6 ff ff 65 48 8b
[   56.330939][ T4442] RSP: 0018:ffffc9000e7af490 EFLAGS: 00010082
[   56.337011][ T4442] RAX: 0000000000000000 RBX: ffff8880b983d600 RCX: 0000000000000000
[   56.344970][ T4442] RDX: ffff888029d80000 RSI: ffffffff814df0c6 RDI: 0000000000000001
[   56.352926][ T4442] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[   56.360888][ T4442] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888029d80000
[   56.368846][ T4442] R13: ffff888029d80000 R14: ffff888029d80000 R15: ffff8880b983c700
[   56.376811][ T4442]  ? __warn_printk+0x1a6/0x350
[   56.381575][ T4442]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[   56.387477][ T4442]  ? find_held_lock+0x2d/0x110
[   56.392338][ T4442]  ? __schedule+0x26bf/0x5a10
[   56.397012][ T4442]  ? schedule+0xe7/0x1b0
[   56.401334][ T4442]  __schedule+0x293/0x5a10
[   56.405752][ T4442]  ? lockdep_hardirqs_on+0x7d/0x100
[   56.410952][ T4442]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[   56.416761][ T4442]  ? io_schedule_timeout+0x150/0x150
[   56.422042][ T4442]  ? timer_fixup_activate+0x2b0/0x2b0
[   56.427411][ T4442]  ? mark_held_locks+0x9f/0xe0
[   56.432169][ T4442]  schedule+0xe7/0x1b0
[   56.436229][ T4442]  schedule_timeout+0x157/0x2c0
[   56.441076][ T4442]  ? usleep_range_state+0x1a0/0x1a0
[   56.446271][ T4442]  ? destroy_timer_on_stack+0x20/0x20
[   56.451635][ T4442]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[   56.457444][ T4442]  ? prepare_to_wait_event+0xce/0x690
[   56.462813][ T4442]  ? queue_work_on+0x97/0x110
[   56.467483][ T4442]  __hci_cmd_sync_sk+0x58b/0xe70
[   56.472507][ T4442]  ? hci_read_local_codecs_sync+0xf0/0xf0
[   56.478223][ T4442]  ? cpuacct_percpu_seq_show+0x10/0x10
[   56.483692][ T4442]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   56.489679][ T4442]  __hci_cmd_sync_status_sk+0x48/0x160
[   56.495156][ T4442]  hci_le_terminate_big_sync+0xb2/0xe0
[   56.500607][ T4442]  ? hci_remove_ext_adv_instance+0x70/0x70
[   56.506402][ T4442]  ? reacquire_held_locks+0x4b0/0x4b0
[   56.511777][ T4442]  hci_le_create_big_complete_evt+0x765/0xab0
[   56.517845][ T4442]  ? __mutex_unlock_slowpath+0x165/0x640
[   56.523474][ T4442]  ? hci_cc_le_set_ext_adv_enable+0xa70/0xa70
[   56.529537][ T4442]  ? bit_wait_io_timeout+0x160/0x160
[   56.534817][ T4442]  ? skb_pull_data+0xfc/0x160
[   56.539497][ T4442]  hci_le_meta_evt+0x2bc/0x510
[   56.544253][ T4442]  ? hci_cc_le_set_ext_adv_enable+0xa70/0xa70
[   56.550314][ T4442]  ? skb_pull_data+0xfc/0x160
[   56.555076][ T4442]  hci_event_packet+0x642/0xfd0
[   56.559922][ T4442]  ? hci_inquiry_result_evt+0x500/0x500
[   56.565480][ T4442]  ? hci_key_refresh_complete_evt+0x1090/0x1090
[   56.571715][ T4442]  ? mark_held_locks+0x9f/0xe0
[   56.576473][ T4442]  ? kcov_remote_start+0x3e8/0x6c0
[   56.581580][ T4442]  ? lockdep_hardirqs_on+0x7d/0x100
[   56.586775][ T4442]  hci_rx_work+0x2c4/0x13e0
[   56.591275][ T4442]  process_one_work+0x884/0x15c0
[   56.596213][ T4442]  ? lock_sync+0x190/0x190
[   56.600708][ T4442]  ? init_worker_pool+0x770/0x770
[   56.605728][ T4442]  ? assign_work+0x1a0/0x240
[   56.610309][ T4442]  worker_thread+0x8b9/0x1290
[   56.615072][ T4442]  ? __kthread_parkme+0x14b/0x220
[   56.620090][ T4442]  ? process_one_work+0x15c0/0x15c0
[   56.625388][ T4442]  kthread+0x33c/0x440
[   56.629445][ T4442]  ? _raw_spin_unlock_irq+0x23/0x50
[   56.634637][ T4442]  ? kthread_complete_and_exit+0x40/0x40
[   56.640261][ T4442]  ret_from_fork+0x45/0x80
[   56.644676][ T4442]  ? kthread_complete_and_exit+0x40/0x40
[   56.650385][ T4442]  ret_from_fork_asm+0x11/0x20
[   56.655154][ T4442]  </TASK>
[   56.659165][ T4442] Kernel Offset: disabled
[   56.663539][ T4442] Rebooting in 86400 seconds..