./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1180168742

<...>
Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts.
execve("./syz-executor1180168742", ["./syz-executor1180168742"], 0x7ffcca63d0f0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555fa1000
brk(0x555555fa1c40)                     = 0x555555fa1c40
arch_prctl(ARCH_SET_FS, 0x555555fa1300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x555555fa15d0)         = 3616
set_robust_list(0x555555fa15e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f074a526830, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f074a526f00}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f074a5268d0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f074a526f00}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1180168742", 4096) = 28
brk(0x555555fc2c40)                     = 0x555555fc2c40
brk(0x555555fc3000)                     = 0x555555fc3000
mprotect(0x7f074a5e8000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3617 attached
, child_tidptr=0x555555fa15d0) = 3617
[pid  3617] set_robust_list(0x555555fa15e0, 24) = 0
[pid  3617] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3617] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3
[pid  3617] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4
[pid  3617] dup2(4, 202)                = 202
[pid  3617] close(4)                    = 0
[pid  3617] read(202, "\xff\x00\x00\x00", 4) = 4
[pid  3617] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0749d16000
[pid  3617] mprotect(0x7f0749d17000, 8388608, PROT_READ|PROT_WRITE) = 0
[pid  3617] clone(child_stack=0x7f074a5163f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2], tls=0x7f074a516700, child_tidptr=0x7f074a5169d0) = 2
[pid  3617] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 3619 attached
 <unfinished ...>
[pid  3619] set_robust_list(0x7f074a5169e0, 24) = 0
[pid  3619] read(202, "\x01\x03\x0c\x00", 1024) = 4
[pid  3619] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3619] read(202, "\x01\x03\x10\x00", 1024) = 4
[pid  3619] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3619] read(202, "\x01\x01\x10\x00", 1024) = 4
[pid  3619] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3619] read(202, "\x01\x09\x10\x00", 1024) = 4
[pid  3619] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13
[pid  3619] read(202, "\x01\x05\x10\x00", 1024) = 4
[pid  3619] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14
[pid  3619] read(202, "\x01\x23\x0c\x00", 1024) = 4
[pid  3619] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3619] read(202, "\x01\x14\x0c\x00", 1024) = 4
[pid  3619] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3619] read(202, "\x01\x25\x0c\x00", 1024) = 4
[pid  3619] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3619] read(202, "\x01\x38\x0c\x00", 1024) = 4
[pid  3619] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3619] read(202, "\x01\x39\x0c\x00", 1024) = 4
[pid  3619] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3619] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6
[pid  3619] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 <unfinished ...>
[pid  3617] <... ioctl resumed>, 0)     = -1 EALREADY (Operation already in progress)
[pid  3617] ioctl(3, HCISETSCAN <unfinished ...>
[pid  3619] <... writev resumed>)       = 255
[pid  3619] read(202, "\x01\x1a\x0c\x01\x02", 1024) = 5
[pid  3619] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4 <unfinished ...>
[pid  3617] <... ioctl resumed>, 0x7fff55b4cbc4) = 0
[pid  3617] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3) = 13
[pid  3617] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14
[pid  3617] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14
[pid  3617] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22
[pid  3617] futex(0x7f074a5169d0, FUTEX_WAIT, 2, NULL <unfinished ...>
[pid  3619] <... writev resumed>)       = 7
[pid  3619] madvise(0x7f0749d16000, 8372224, MADV_DONTNEED) = 0
[pid  3619] exit(0)                     = ?
[pid  3617] <... futex resumed>)        = 0
[pid  3617] close(3)                    = 0
[pid  3617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3617] setsid()                    = 1
[pid  3617] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3
[pid  3617] dup2(3, 201)                = 201
[pid  3617] close(3)                    = 0
[pid  3617] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3617] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3617] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3617] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3619] +++ exited with 0 +++
[pid  3617] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  3617] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3617] unshare(CLONE_NEWNS)        = 0
[pid  3617] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3617] unshare(CLONE_NEWIPC)       = 0
[pid  3617] unshare(CLONE_NEWCGROUP)    = 0
[pid  3617] unshare(CLONE_NEWUTS)       = 0
[pid  3617] unshare(CLONE_SYSVSEM)      = 0
[pid  3617] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3617] write(3, "16777216", 8)     = 8
[pid  3617] close(3)                    = 0
[pid  3617] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3617] write(3, "536870912", 9)    = 9
[pid  3617] close(3)                    = 0
[pid  3617] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3617] write(3, "1024", 4)         = 4
[pid  3617] close(3)                    = 0
[pid  3617] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3617] write(3, "8192", 4)         = 4
[pid  3617] close(3)                    = 0
[pid  3617] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3617] write(3, "1024", 4)         = 4
syzkaller login: [   50.653256][ T3620] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   50.655618][ T3620] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   50.658376][ T3620] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   50.662967][ T3620] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   50.666174][ T3620] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[pid  3617] close(3)                    = 0
[pid  3617] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3617] write(3, "1024", 4)         = 4
[pid  3617] close(3)                    = 0
[pid  3617] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3617] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3617] close(3)                    = 0
[pid  3617] getpid()                    = 1
[pid  3617] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3617] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3617] unshare(CLONE_NEWNET)       = 0
[pid  3617] mkdir("/dev/binderfs", 0777) = 0
[pid  3617] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3617] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3617] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3
[   50.668134][ T3620] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[pid  3617] setns(201, 0)               = 0
[pid  3617] socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_L2CAP) = 4
[pid  3617] setns(3, 0)                 = 0
[pid  3617] close(3)                    = 0
[pid  3617] setsockopt(4, SOL_TCP, TCP_CORK, [51], 4) = 0
[pid  3617] bind(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(0 /* L2CAP_PSM_??? */), l2_bdaddr=00:00:00:00:00:00, l2_cid=htobs(L2CAP_CID_DYN_START + 2217), l2_bdaddr_type=BDADDR_BREDR}, 14) = 0
[   52.720879][ T1596] Bluetooth: hci0: command 0x0409 tx timeout
[pid  3617] connect(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(0 /* L2CAP_PSM_??? */), l2_bdaddr=aa:aa:aa:aa:aa:10, l2_cid=htobs(L2CAP_CID_DYN_START + 186), l2_bdaddr_type=BDADDR_BREDR}, 14) = 0
[pid  3617] exit_group(1)               = ?
[   54.742379][ T3617] ------------[ cut here ]------------
[   54.742389][ T3617] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: 0x0
[   54.742792][ T3617] WARNING: CPU: 1 PID: 3617 at lib/debugobjects.c:502 debug_print_object+0x16e/0x250
[   54.767491][ T3617] Modules linked in:
[   54.771397][ T3617] CPU: 1 PID: 3617 Comm: syz-executor118 Not tainted 5.19.0-rc1-next-20220610-syzkaller #0
[   54.781365][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.791413][ T3617] RIP: 0010:debug_print_object+0x16e/0x250
[   54.797217][ T3617] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd a0 62 28 8a 4c 89 ee 48 c7 c7 80 56 28 8a e8 53 1e 36 05 <0f> 0b 83 05 15 a8 bc 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
[   54.816818][ T3617] RSP: 0018:ffffc9000302f898 EFLAGS: 00010086
[   54.822893][ T3617] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
[   54.830869][ T3617] RDX: ffff888022fbba80 RSI: ffffffff81614258 RDI: fffff52000605f05
[   54.838853][ T3617] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
[   54.846813][ T3617] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff89ced9c0
[   54.854783][ T3617] R13: ffffffff8a285d00 R14: ffffffff816a3470 R15: 1ffff92000605f1e
[   54.862763][ T3617] FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[   54.871693][ T3617] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   54.878280][ T3617] CR2: 00007f074a5ba0c8 CR3: 000000000ba8e000 CR4: 00000000003506e0
[   54.886260][ T3617] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   54.894232][ T3617] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   54.902233][ T3617] Call Trace:
[   54.905514][ T3617]  <TASK>
[   54.908452][ T3617]  debug_object_assert_init+0x1f4/0x2e0
[   54.914021][ T3617]  ? mark_lock.part.0+0xee/0x1910
[   54.919067][ T3617]  ? debug_object_init_on_stack+0x20/0x20
[   54.924798][ T3617]  ? find_held_lock+0x2d/0x110
[   54.929596][ T3617]  ? __queue_work+0x66f/0x1150
[   54.934381][ T3617]  ? lock_downgrade+0x6e0/0x6e0
[   54.939243][ T3617]  del_timer+0x6d/0x110
[   54.943404][ T3617]  ? detach_if_pending+0x470/0x470
[   54.948518][ T3617]  ? try_to_grab_pending+0xbd/0xd0
[   54.953639][ T3617]  ? lockdep_hardirqs_off+0x90/0xd0
[   54.958852][ T3617]  try_to_grab_pending+0x6d/0xd0
[   54.963817][ T3617]  cancel_delayed_work+0x79/0x340
[   54.968845][ T3617]  ? queue_delayed_work_on+0xe6/0x120
[   54.974222][ T3617]  ? cancel_delayed_work_sync+0x20/0x20
[   54.979780][ T3617]  ? lockdep_hardirqs_on+0x79/0x100
[   54.984987][ T3617]  ? queue_delayed_work_on+0xbb/0x120
[   54.990366][ T3617]  l2cap_chan_del+0x517/0xa80
[   54.995048][ T3617]  l2cap_conn_del+0x3c5/0x7c0
[   54.999736][ T3617]  ? l2cap_conn_del+0x7c0/0x7c0
[   55.004587][ T3617]  l2cap_disconn_cfm+0x95/0xd0
[   55.009357][ T3617]  hci_conn_hash_flush+0x127/0x260
[   55.014494][ T3617]  hci_dev_close_sync+0x573/0x1150
[   55.019623][ T3617]  ? hci_dev_open_sync+0x2160/0x2160
[   55.024927][ T3617]  hci_dev_do_close+0x32/0x70
[   55.029616][ T3617]  hci_unregister_dev+0x1c4/0x550
[   55.034655][ T3617]  vhci_release+0x7c/0xf0
[   55.038990][ T3617]  __fput+0x277/0x9d0
[   55.042977][ T3617]  ? vhci_close_dev+0x50/0x50
[   55.047669][ T3617]  task_work_run+0xdd/0x1a0
[   55.052276][ T3617]  do_exit+0xb05/0x2a00
[   55.056444][ T3617]  ? lock_downgrade+0x6e0/0x6e0
[   55.061294][ T3617]  ? mm_update_next_owner+0x7b0/0x7b0
[   55.066674][ T3617]  ? _raw_spin_unlock_irq+0x1f/0x40
[   55.071877][ T3617]  ? _raw_spin_unlock_irq+0x1f/0x40
[   55.077082][ T3617]  do_group_exit+0xd2/0x2f0
[   55.081597][ T3617]  __x64_sys_exit_group+0x3a/0x50
[   55.086631][ T3617]  do_syscall_64+0x35/0xb0
[   55.091069][ T3617]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   55.096986][ T3617] RIP: 0033:0x7f074a563609
[   55.101407][ T3617] Code: Unable to access opcode bytes at RIP 0x7f074a5635df.
[   55.108771][ T3617] RSP: 002b:00007fff55b4cb58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   55.117206][ T3617] RAX: ffffffffffffffda RBX: 00007f074a5ee390 RCX: 00007f074a563609
[   55.125181][ T3617] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   55.133153][ T3617] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 000000ff4a5e8e00
[   55.141127][ T3617] R10: 000000ff4a5e8e00 R11: 0000000000000246 R12: 00007f074a5ee390
[   55.149095][ T3617] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   55.157082][ T3617]  </TASK>
[   55.160098][ T3617] Kernel panic - not syncing: panic_on_warn set ...
[   55.166678][ T3617] CPU: 1 PID: 3617 Comm: syz-executor118 Not tainted 5.19.0-rc1-next-20220610-syzkaller #0
[   55.176648][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.186709][ T3617] Call Trace:
[   55.189994][ T3617]  <TASK>
[   55.192930][ T3617]  dump_stack_lvl+0xcd/0x134
[   55.197530][ T3617]  panic+0x2d7/0x636
[   55.201436][ T3617]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   55.207440][ T3617]  ? __warn.cold+0x1d9/0x2cd
[   55.212043][ T3617]  ? debug_print_object+0x16e/0x250
[   55.217245][ T3617]  __warn.cold+0x1ea/0x2cd
[   55.221686][ T3617]  ? debug_print_object+0x16e/0x250
[   55.226903][ T3617]  report_bug+0x1bc/0x210
[   55.231240][ T3617]  handle_bug+0x3c/0x60
[   55.235415][ T3617]  exc_invalid_op+0x14/0x40
[   55.239936][ T3617]  asm_exc_invalid_op+0x1b/0x20
[   55.244799][ T3617] RIP: 0010:debug_print_object+0x16e/0x250
[   55.250610][ T3617] Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd a0 62 28 8a 4c 89 ee 48 c7 c7 80 56 28 8a e8 53 1e 36 05 <0f> 0b 83 05 15 a8 bc 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
[   55.270219][ T3617] RSP: 0018:ffffc9000302f898 EFLAGS: 00010086
[   55.276288][ T3617] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
[   55.284266][ T3617] RDX: ffff888022fbba80 RSI: ffffffff81614258 RDI: fffff52000605f05
[   55.292247][ T3617] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
[   55.300224][ T3617] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff89ced9c0
[   55.308211][ T3617] R13: ffffffff8a285d00 R14: ffffffff816a3470 R15: 1ffff92000605f1e
[   55.316188][ T3617]  ? calc_wheel_index+0x3d0/0x3d0
[   55.321228][ T3617]  ? vprintk+0x88/0x90
[   55.325307][ T3617]  ? debug_print_object+0x16e/0x250
[   55.330515][ T3617]  debug_object_assert_init+0x1f4/0x2e0
[   55.336080][ T3617]  ? mark_lock.part.0+0xee/0x1910
[   55.341120][ T3617]  ? debug_object_init_on_stack+0x20/0x20
[   55.346851][ T3617]  ? find_held_lock+0x2d/0x110
[   55.351626][ T3617]  ? __queue_work+0x66f/0x1150
[   55.356397][ T3617]  ? lock_downgrade+0x6e0/0x6e0
[   55.361252][ T3617]  del_timer+0x6d/0x110
[   55.365425][ T3617]  ? detach_if_pending+0x470/0x470
[   55.370549][ T3617]  ? try_to_grab_pending+0xbd/0xd0
[   55.375680][ T3617]  ? lockdep_hardirqs_off+0x90/0xd0
[   55.380897][ T3617]  try_to_grab_pending+0x6d/0xd0
[   55.385862][ T3617]  cancel_delayed_work+0x79/0x340
[   55.390895][ T3617]  ? queue_delayed_work_on+0xe6/0x120
[   55.396270][ T3617]  ? cancel_delayed_work_sync+0x20/0x20
[   55.401823][ T3617]  ? lockdep_hardirqs_on+0x79/0x100
[   55.407037][ T3617]  ? queue_delayed_work_on+0xbb/0x120
[   55.412413][ T3617]  l2cap_chan_del+0x517/0xa80
[   55.417098][ T3617]  l2cap_conn_del+0x3c5/0x7c0
[   55.421780][ T3617]  ? l2cap_conn_del+0x7c0/0x7c0
[   55.426627][ T3617]  l2cap_disconn_cfm+0x95/0xd0
[   55.431390][ T3617]  hci_conn_hash_flush+0x127/0x260
[   55.436505][ T3617]  hci_dev_close_sync+0x573/0x1150
[   55.441629][ T3617]  ? hci_dev_open_sync+0x2160/0x2160
[   55.446927][ T3617]  hci_dev_do_close+0x32/0x70
[   55.451612][ T3617]  hci_unregister_dev+0x1c4/0x550
[   55.456646][ T3617]  vhci_release+0x7c/0xf0
[   55.460979][ T3617]  __fput+0x277/0x9d0
[   55.464966][ T3617]  ? vhci_close_dev+0x50/0x50
[   55.469651][ T3617]  task_work_run+0xdd/0x1a0
[   55.474163][ T3617]  do_exit+0xb05/0x2a00
[   55.478332][ T3617]  ? lock_downgrade+0x6e0/0x6e0
[   55.483182][ T3617]  ? mm_update_next_owner+0x7b0/0x7b0
[   55.488562][ T3617]  ? _raw_spin_unlock_irq+0x1f/0x40
[   55.493762][ T3617]  ? _raw_spin_unlock_irq+0x1f/0x40
[   55.498965][ T3617]  do_group_exit+0xd2/0x2f0
[   55.503483][ T3617]  __x64_sys_exit_group+0x3a/0x50
[   55.508517][ T3617]  do_syscall_64+0x35/0xb0
[   55.512939][ T3617]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   55.518837][ T3617] RIP: 0033:0x7f074a563609
[   55.523252][ T3617] Code: Unable to access opcode bytes at RIP 0x7f074a5635df.
[   55.530607][ T3617] RSP: 002b:00007fff55b4cb58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   55.539040][ T3617] RAX: ffffffffffffffda RBX: 00007f074a5ee390 RCX: 00007f074a563609
[   55.547015][ T3617] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   55.554981][ T3617] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 000000ff4a5e8e00
[   55.562952][ T3617] R10: 000000ff4a5e8e00 R11: 0000000000000246 R12: 00007f074a5ee390
[   55.570918][ T3617] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   55.578899][ T3617]  </TASK>
[   55.582193][ T3617] Kernel Offset: disabled
[   55.586556][ T3617] Rebooting in 86400 seconds..