./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2798578992

<...>
Warning: Permanently added '10.128.0.253' (ED25519) to the list of known hosts.
execve("./syz-executor2798578992", ["./syz-executor2798578992"], 0x7ffd7a39c650 /* 10 vars */) = 0
brk(NULL)                               = 0x555555f67000
brk(0x555555f67d40)                     = 0x555555f67d40
arch_prctl(ARCH_SET_FS, 0x555555f673c0) = 0
set_tid_address(0x555555f67690)         = 5041
set_robust_list(0x555555f676a0, 24)     = 0
rseq(0x555555f67ce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2798578992", 4096) = 28
getrandom("\xc7\xb6\x39\x3d\xba\xf6\x62\x20", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555555f67d40
brk(0x555555f88d40)                     = 0x555555f88d40
brk(0x555555f89000)                     = 0x555555f89000
mprotect(0x7f39f5fdd000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f67690) = 5042
./strace-static-x86_64: Process 5042 attached
[pid  5042] set_robust_list(0x555555f676a0, 24) = 0
[pid  5042] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5042] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3
[pid  5042] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4
[pid  5042] dup2(4, 202)                = 202
[pid  5042] close(4)                    = 0
[pid  5042] write(202, "\xff\x00", 2)   = 2
[pid  5042] read(202, "\xff\x00\x00\x00", 4) = 4
[pid  5042] rt_sigaction(SIGRT_1, {sa_handler=0x7f39f5f7f400, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f39f5f70a80}, NULL, 8) = 0
[pid  5042] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5042] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f39f571a000
[pid  5042] mprotect(0x7f39f571b000, 8388608, PROT_READ|PROT_WRITE) = 0
[pid  5042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f39f5f1a990, parent_tid=0x7f39f5f1a990, exit_signal=0, stack=0x7f39f571a000, stack_size=0x800300, tls=0x7f39f5f1a6c0}./strace-static-x86_64: Process 5045 attached
 <unfinished ...>
[pid  5045] rseq(0x7f39f5f1afe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5042] <... clone3 resumed> => {parent_tid=[2]}, 88) = 2
[pid  5045] <... rseq resumed>)         = 0
[pid  5042] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5045] set_robust_list(0x7f39f5f1a9a0, 24 <unfinished ...>
[pid  5042] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5045] <... set_robust_list resumed>) = 0
[pid  5042] ioctl(3, HCIDEVUP <unfinished ...>
[pid  5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5045] read(202, "\x01\x03\x0c\x00", 1024) = 4
[pid  5045] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5045] read(202, "\x01\x03\x10\x00", 1024) = 4
[pid  5045] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5045] read(202, "\x01\x01\x10\x00", 1024) = 4
[pid  5045] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5045] read(202, "\x01\x09\x10\x00", 1024) = 4
[pid  5045] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13
[pid  5045] read(202, "\x01\x05\x10\x00", 1024) = 4
[pid  5045] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14
[pid  5045] read(202, "\x01\x23\x0c\x00", 1024) = 4
[pid  5045] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5045] read(202, "\x01\x14\x0c\x00", 1024) = 4
[pid  5045] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5045] read(202, "\x01\x25\x0c\x00", 1024) = 4
[pid  5045] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5045] read(202, "\x01\x38\x0c\x00", 1024) = 4
[pid  5045] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[   77.836594][ T5044] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.845140][ T5044] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.853457][ T5044] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.864235][ T5044] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.873542][ T5044] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[pid  5045] read(202, "\x01\x39\x0c\x00", 1024) = 4
[pid  5045] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5045] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6
[pid  5045] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5045] read(202,  <unfinished ...>
[pid  5042] <... ioctl resumed>, 0)     = -1 EALREADY (Operation already in progress)
[pid  5042] ioctl(3, HCISETSCAN <unfinished ...>
[pid  5045] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5
[pid  5045] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7
[pid  5045] rt_sigprocmask(SIG_BLOCK, ~[RT_1],  <unfinished ...>
[pid  5042] <... ioctl resumed>, 0x7fff63190b44) = 0
[pid  5045] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5042] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 <unfinished ...>
[pid  5045] madvise(0x7f39f571a000, 8372224, MADV_DONTNEED) = 0
[pid  5042] <... writev resumed>)       = 13
[pid  5045] exit(0 <unfinished ...>
[pid  5042] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3 <unfinished ...>
[pid  5045] <... exit resumed>)         = ?
[pid  5045] +++ exited with 0 +++
[pid  5042] <... writev resumed>)       = 14
[pid  5042] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14
[pid  5042] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22
[pid  5042] close(3)                    = 0
[pid  5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5042] setsid()                    = 1
[pid  5042] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5042] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5042] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5042] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5042] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5042] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5042] unshare(CLONE_NEWNS)        = 0
[pid  5042] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5042] unshare(CLONE_NEWIPC)       = 0
[pid  5042] unshare(CLONE_NEWCGROUP)    = 0
[pid  5042] unshare(CLONE_NEWUTS)       = 0
[pid  5042] unshare(CLONE_SYSVSEM)      = 0
[pid  5042] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5042] write(3, "16777216", 8)     = 8
[pid  5042] close(3)                    = 0
[pid  5042] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5042] write(3, "536870912", 9)    = 9
[pid  5042] close(3)                    = 0
[pid  5042] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5042] write(3, "1024", 4)         = 4
[pid  5042] close(3)                    = 0
[pid  5042] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5042] write(3, "8192", 4)         = 4
[pid  5042] close(3)                    = 0
[pid  5042] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5042] write(3, "1024", 4)         = 4
[pid  5042] close(3)                    = 0
[pid  5042] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5042] write(3, "1024", 4)         = 4
[pid  5042] close(3)                    = 0
[pid  5042] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5042] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5042] close(3)                    = 0
[pid  5042] getpid()                    = 1
[pid  5042] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5042] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[   77.881700][ T5044] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[pid  5042] unshare(CLONE_NEWNET)       = 0
[pid  5042] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5042] write(3, "0 65535", 7)      = 7
[pid  5042] close(3)                    = 0
[pid  5042] mkdir("/dev/binderfs", 0777) = 0
[pid  5042] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5042] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5042] write(202, "\x04\x3e\x1d\x1b\x00\x00\x00\x9b\x19\xde\x4b\x96\x28\xbf\xd8\x64\x89\xaf\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32) = 32
[pid  5042] exit_group(1)               = ?
[   77.988435][ T4449] BUG: sleeping function called from invalid context at net/bluetooth/hci_sync.c:167
[   77.998211][ T4449] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4449, name: kworker/u5:1
[   78.007798][ T4449] preempt_count: 0, expected: 0
[   78.012642][ T4449] RCU nest depth: 1, expected: 0
[   78.017711][ T4449] 4 locks held by kworker/u5:1/4449:
[   78.022988][ T4449]  #0: ffff8880291ecd38 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x787/0x15c0
[   78.033525][ T4449]  #1: ffffc9000e58fd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7e9/0x15c0
[   78.045013][ T4449]  #2: ffff888074ef8078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xab0
[   78.055634][ T4449]  #3: ffffffff8cbab2a0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xab0
[   78.066530][ T4449] CPU: 0 PID: 4449 Comm: kworker/u5:1 Not tainted 6.6.0-rc2-syzkaller-00386-g3aba70aed91f #0
[   78.076697][ T4449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   78.086760][ T4449] Workqueue: hci0 hci_rx_work
[   78.091455][ T4449] Call Trace:
[   78.094745][ T4449]  <TASK>
[   78.097684][ T4449]  dump_stack_lvl+0x125/0x1b0
[   78.102381][ T4449]  __might_resched+0x3c3/0x5e0
[   78.107177][ T4449]  ? preempt_count_sub+0x150/0x150
[   78.112316][ T4449]  ? queue_work_on+0x97/0x110
[   78.117016][ T4449]  __hci_cmd_sync_sk+0x374/0xe70
[   78.121985][ T4449]  ? hci_read_local_codecs_sync+0xf0/0xf0
[   78.127741][ T4449]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   78.133772][ T4449]  __hci_cmd_sync_status_sk+0x48/0x160
[   78.139262][ T4449]  hci_le_terminate_big_sync+0xb2/0xe0
[   78.144740][ T4449]  ? hci_remove_ext_adv_instance+0x70/0x70
[   78.150584][ T4449]  ? reacquire_held_locks+0x4b0/0x4b0
[   78.155992][ T4449]  hci_le_create_big_complete_evt+0x765/0xab0
[   78.162086][ T4449]  ? __mutex_unlock_slowpath+0x165/0x640
[   78.167746][ T4449]  ? hci_cc_le_set_ext_adv_enable+0xa70/0xa70
[   78.173833][ T4449]  ? bit_wait_io_timeout+0x160/0x160
[   78.179142][ T4449]  ? skb_pull_data+0xfc/0x160
[   78.183851][ T4449]  hci_le_meta_evt+0x2bc/0x510
[   78.188632][ T4449]  ? hci_cc_le_set_ext_adv_enable+0xa70/0xa70
[   78.194734][ T4449]  ? skb_pull_data+0xfc/0x160
[   78.199440][ T4449]  hci_event_packet+0x642/0xfd0
[   78.204312][ T4449]  ? hci_inquiry_result_evt+0x500/0x500
[   78.209873][ T4449]  ? hci_key_refresh_complete_evt+0x1090/0x1090
[   78.216136][ T4449]  ? mark_held_locks+0x9f/0xe0
[   78.220926][ T4449]  ? kcov_remote_start+0x3e8/0x6c0
[   78.226070][ T4449]  ? lockdep_hardirqs_on+0x7d/0x100
[   78.231302][ T4449]  hci_rx_work+0x2c4/0x13e0
[   78.235829][ T4449]  process_one_work+0x884/0x15c0
[   78.240795][ T4449]  ? lock_sync+0x190/0x190
[   78.245232][ T4449]  ? init_worker_pool+0x770/0x770
[   78.250286][ T4449]  ? assign_work+0x1a0/0x240
[   78.254897][ T4449]  worker_thread+0x8b9/0x1290
[   78.259608][ T4449]  ? __kthread_parkme+0x14b/0x220
[   78.264650][ T4449]  ? process_one_work+0x15c0/0x15c0
[   78.269867][ T4449]  kthread+0x33c/0x440
[   78.273955][ T4449]  ? _raw_spin_unlock_irq+0x23/0x50
[   78.279167][ T4449]  ? kthread_complete_and_exit+0x40/0x40
[   78.284819][ T4449]  ret_from_fork+0x45/0x80
[   78.289254][ T4449]  ? kthread_complete_and_exit+0x40/0x40
[   78.294906][ T4449]  ret_from_fork_asm+0x11/0x20
[   78.299714][ T4449]  </TASK>
[   78.303346][ T4449] ------------[ cut here ]------------
[   78.308821][ T4449] Voluntary context switch within RCU read-side critical section!
[   78.308927][ T4449] WARNING: CPU: 0 PID: 4449 at kernel/rcu/tree_plugin.h:320 rcu_note_context_switch+0xbfc/0x1ac0
[   78.327264][ T4449] Modules linked in:
[   78.331164][ T4449] CPU: 0 PID: 4449 Comm: kworker/u5:1 Tainted: G        W          6.6.0-rc2-syzkaller-00386-g3aba70aed91f #0
[   78.342805][ T4449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   78.352870][ T4449] Workqueue: hci0 hci_rx_work
[   78.357563][ T4449] RIP: 0010:rcu_note_context_switch+0xbfc/0x1ac0
[   78.363915][ T4449] Code: da 56 6b 00 4c 8b 54 24 30 48 8b 44 24 28 8b 4c 24 10 e9 24 04 00 00 48 c7 c7 a0 71 8e 8a c6 05 56 3f 46 0d 01 e8 24 cb db ff <0f> 0b e9 0c f5 ff ff 81 e5 ff ff ff 7f 0f 84 ab f6 ff ff 65 48 8b
[   78.383541][ T4449] RSP: 0018:ffffc9000e58f490 EFLAGS: 00010082
[   78.389621][ T4449] RAX: 0000000000000000 RBX: ffff8880b983d600 RCX: 0000000000000000
[   78.397601][ T4449] RDX: ffff888029651dc0 RSI: ffffffff814df0c6 RDI: 0000000000000001
[   78.405584][ T4449] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[   78.413566][ T4449] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888029651dc0
[   78.421546][ T4449] R13: ffff888029651dc0 R14: ffff888029651dc0 R15: ffff8880b983c700
[   78.429528][ T4449] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   78.438472][ T4449] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   78.445070][ T4449] CR2: 0000000020000050 CR3: 000000007354d000 CR4: 00000000003506f0
[   78.453064][ T4449] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   78.461047][ T4449] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   78.469028][ T4449] Call Trace:
[   78.472312][ T4449]  <TASK>
[   78.475338][ T4449]  ? show_regs+0x8f/0xa0
[   78.479602][ T4449]  ? __warn+0xe6/0x380
[   78.483687][ T4449]  ? __wake_up_klogd.part.0+0x99/0xf0
[   78.489095][ T4449]  ? rcu_note_context_switch+0xbfc/0x1ac0
[   78.494840][ T4449]  ? report_bug+0x3bc/0x580
[   78.499362][ T4449]  ? handle_bug+0x3c/0x70
[   78.503712][ T4449]  ? exc_invalid_op+0x17/0x40
[   78.508408][ T4449]  ? asm_exc_invalid_op+0x1a/0x20
[   78.513459][ T4449]  ? __warn_printk+0x1a6/0x350
[   78.518241][ T4449]  ? rcu_note_context_switch+0xbfc/0x1ac0
[   78.523989][ T4449]  ? mark_held_locks+0x9f/0xe0
[   78.528779][ T4449]  ? __schedule+0x26bf/0x5a10
[   78.533477][ T4449]  ? schedule+0xe7/0x1b0
[   78.537744][ T4449]  __schedule+0x293/0x5a10
[   78.542196][ T4449]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[   78.548020][ T4449]  ? io_schedule_timeout+0x150/0x150
[   78.553331][ T4449]  ? timer_fixup_activate+0x2b0/0x2b0
[   78.558731][ T4449]  ? mark_held_locks+0x9f/0xe0
[   78.563520][ T4449]  schedule+0xe7/0x1b0
[   78.567614][ T4449]  schedule_timeout+0x157/0x2c0
[   78.572493][ T4449]  ? usleep_range_state+0x1a0/0x1a0
[   78.577719][ T4449]  ? destroy_timer_on_stack+0x20/0x20
[   78.583116][ T4449]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[   78.588941][ T4449]  ? prepare_to_wait_event+0xce/0x690
[   78.594338][ T4449]  ? queue_work_on+0x97/0x110
[   78.599037][ T4449]  __hci_cmd_sync_sk+0x58b/0xe70
[   78.604003][ T4449]  ? hci_read_local_codecs_sync+0xf0/0xf0
[   78.609750][ T4449]  ? cpuacct_percpu_seq_show+0x10/0x10
[   78.615237][ T4449]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   78.621264][ T4449]  __hci_cmd_sync_status_sk+0x48/0x160
[   78.626752][ T4449]  hci_le_terminate_big_sync+0xb2/0xe0
[   78.632231][ T4449]  ? hci_remove_ext_adv_instance+0x70/0x70
[   78.638052][ T4449]  ? reacquire_held_locks+0x4b0/0x4b0
[   78.643464][ T4449]  hci_le_create_big_complete_evt+0x765/0xab0
[   78.649574][ T4449]  ? __mutex_unlock_slowpath+0x165/0x640
[   78.655241][ T4449]  ? hci_cc_le_set_ext_adv_enable+0xa70/0xa70
[   78.661341][ T4449]  ? bit_wait_io_timeout+0x160/0x160
[   78.666660][ T4449]  ? skb_pull_data+0xfc/0x160
[   78.671368][ T4449]  hci_le_meta_evt+0x2bc/0x510
[   78.676153][ T4449]  ? hci_cc_le_set_ext_adv_enable+0xa70/0xa70
[   78.682242][ T4449]  ? skb_pull_data+0xfc/0x160
[   78.686949][ T4449]  hci_event_packet+0x642/0xfd0
[   78.691824][ T4449]  ? hci_inquiry_result_evt+0x500/0x500
[   78.697393][ T4449]  ? hci_key_refresh_complete_evt+0x1090/0x1090
[   78.703659][ T4449]  ? mark_held_locks+0x9f/0xe0
[   78.708450][ T4449]  ? kcov_remote_start+0x3e8/0x6c0
[   78.713590][ T4449]  ? lockdep_hardirqs_on+0x7d/0x100
[   78.718824][ T4449]  hci_rx_work+0x2c4/0x13e0
[   78.723354][ T4449]  process_one_work+0x884/0x15c0
[   78.728324][ T4449]  ? lock_sync+0x190/0x190
[   78.732769][ T4449]  ? init_worker_pool+0x770/0x770
[   78.737827][ T4449]  ? assign_work+0x1a0/0x240
[   78.742440][ T4449]  worker_thread+0x8b9/0x1290
[   78.747153][ T4449]  ? __kthread_parkme+0x14b/0x220
[   78.752195][ T4449]  ? process_one_work+0x15c0/0x15c0
[   78.757414][ T4449]  kthread+0x33c/0x440
[   78.761500][ T4449]  ? _raw_spin_unlock_irq+0x23/0x50
[   78.766715][ T4449]  ? kthread_complete_and_exit+0x40/0x40
[   78.772417][ T4449]  ret_from_fork+0x45/0x80
[   78.776892][ T4449]  ? kthread_complete_and_exit+0x40/0x40
[   78.782551][ T4449]  ret_from_fork_asm+0x11/0x20
[   78.787357][ T4449]  </TASK>
[   78.790387][ T4449] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   78.797674][ T4449] CPU: 0 PID: 4449 Comm: kworker/u5:1 Tainted: G        W          6.6.0-rc2-syzkaller-00386-g3aba70aed91f #0
[   78.809315][ T4449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   78.819379][ T4449] Workqueue: hci0 hci_rx_work
[   78.824078][ T4449] Call Trace:
[   78.827367][ T4449]  <TASK>
[   78.830309][ T4449]  dump_stack_lvl+0xd9/0x1b0
[   78.834921][ T4449]  panic+0x6a6/0x750
[   78.838837][ T4449]  ? panic_smp_self_stop+0xa0/0xa0
[   78.843985][ T4449]  ? rcu_note_context_switch+0xbfc/0x1ac0
[   78.849730][ T4449]  check_panic_on_warn+0xab/0xb0
[   78.854690][ T4449]  __warn+0xf2/0x380
[   78.858602][ T4449]  ? __wake_up_klogd.part.0+0x99/0xf0
[   78.863999][ T4449]  ? rcu_note_context_switch+0xbfc/0x1ac0
[   78.869745][ T4449]  report_bug+0x3bc/0x580
[   78.874097][ T4449]  handle_bug+0x3c/0x70
[   78.878271][ T4449]  exc_invalid_op+0x17/0x40
[   78.882796][ T4449]  asm_exc_invalid_op+0x1a/0x20
[   78.887665][ T4449] RIP: 0010:rcu_note_context_switch+0xbfc/0x1ac0
[   78.894018][ T4449] Code: da 56 6b 00 4c 8b 54 24 30 48 8b 44 24 28 8b 4c 24 10 e9 24 04 00 00 48 c7 c7 a0 71 8e 8a c6 05 56 3f 46 0d 01 e8 24 cb db ff <0f> 0b e9 0c f5 ff ff 81 e5 ff ff ff 7f 0f 84 ab f6 ff ff 65 48 8b
[   78.913642][ T4449] RSP: 0018:ffffc9000e58f490 EFLAGS: 00010082
[   78.919728][ T4449] RAX: 0000000000000000 RBX: ffff8880b983d600 RCX: 0000000000000000
[   78.927709][ T4449] RDX: ffff888029651dc0 RSI: ffffffff814df0c6 RDI: 0000000000000001
[   78.935692][ T4449] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[   78.943676][ T4449] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888029651dc0
[   78.951657][ T4449] R13: ffff888029651dc0 R14: ffff888029651dc0 R15: ffff8880b983c700
[   78.959659][ T4449]  ? __warn_printk+0x1a6/0x350
[   78.964450][ T4449]  ? mark_held_locks+0x9f/0xe0
[   78.969237][ T4449]  ? __schedule+0x26bf/0x5a10
[   78.973938][ T4449]  ? schedule+0xe7/0x1b0
[   78.978205][ T4449]  __schedule+0x293/0x5a10
[   78.982658][ T4449]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[   78.988481][ T4449]  ? io_schedule_timeout+0x150/0x150
[   78.993792][ T4449]  ? timer_fixup_activate+0x2b0/0x2b0
[   78.999193][ T4449]  ? mark_held_locks+0x9f/0xe0
[   79.003984][ T4449]  schedule+0xe7/0x1b0
[   79.008078][ T4449]  schedule_timeout+0x157/0x2c0
[   79.012956][ T4449]  ? usleep_range_state+0x1a0/0x1a0
[   79.018184][ T4449]  ? destroy_timer_on_stack+0x20/0x20
[   79.023581][ T4449]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[   79.029403][ T4449]  ? prepare_to_wait_event+0xce/0x690
[   79.034802][ T4449]  ? queue_work_on+0x97/0x110
[   79.039513][ T4449]  __hci_cmd_sync_sk+0x58b/0xe70
[   79.044480][ T4449]  ? hci_read_local_codecs_sync+0xf0/0xf0
[   79.050226][ T4449]  ? cpuacct_percpu_seq_show+0x10/0x10
[   79.055715][ T4449]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   79.061741][ T4449]  __hci_cmd_sync_status_sk+0x48/0x160
[   79.067234][ T4449]  hci_le_terminate_big_sync+0xb2/0xe0
[   79.072714][ T4449]  ? hci_remove_ext_adv_instance+0x70/0x70
[   79.078533][ T4449]  ? reacquire_held_locks+0x4b0/0x4b0
[   79.083936][ T4449]  hci_le_create_big_complete_evt+0x765/0xab0
[   79.090031][ T4449]  ? __mutex_unlock_slowpath+0x165/0x640
[   79.095688][ T4449]  ? hci_cc_le_set_ext_adv_enable+0xa70/0xa70
[   79.101778][ T4449]  ? bit_wait_io_timeout+0x160/0x160
[   79.107089][ T4449]  ? skb_pull_data+0xfc/0x160
[   79.111796][ T4449]  hci_le_meta_evt+0x2bc/0x510
[   79.116573][ T4449]  ? hci_cc_le_set_ext_adv_enable+0xa70/0xa70
[   79.122659][ T4449]  ? skb_pull_data+0xfc/0x160
[   79.127368][ T4449]  hci_event_packet+0x642/0xfd0
[   79.132243][ T4449]  ? hci_inquiry_result_evt+0x500/0x500
[   79.137805][ T4449]  ? hci_key_refresh_complete_evt+0x1090/0x1090
[   79.144071][ T4449]  ? mark_held_locks+0x9f/0xe0
[   79.148863][ T4449]  ? kcov_remote_start+0x3e8/0x6c0
[   79.154003][ T4449]  ? lockdep_hardirqs_on+0x7d/0x100
[   79.159232][ T4449]  hci_rx_work+0x2c4/0x13e0
[   79.163761][ T4449]  process_one_work+0x884/0x15c0
[   79.168725][ T4449]  ? lock_sync+0x190/0x190
[   79.173164][ T4449]  ? init_worker_pool+0x770/0x770
[   79.178221][ T4449]  ? assign_work+0x1a0/0x240
[   79.182836][ T4449]  worker_thread+0x8b9/0x1290
[   79.187545][ T4449]  ? __kthread_parkme+0x14b/0x220
[   79.192588][ T4449]  ? process_one_work+0x15c0/0x15c0
[   79.197813][ T4449]  kthread+0x33c/0x440
[   79.201896][ T4449]  ? _raw_spin_unlock_irq+0x23/0x50
[   79.207107][ T4449]  ? kthread_complete_and_exit+0x40/0x40
[   79.212758][ T4449]  ret_from_fork+0x45/0x80
[   79.217193][ T4449]  ? kthread_complete_and_exit+0x40/0x40
[   79.222849][ T4449]  ret_from_fork_asm+0x11/0x20
[   79.227655][ T4449]  </TASK>
[   79.230868][ T4449] Kernel Offset: disabled
[   79.235266][ T4449] Rebooting in 86400 seconds..