./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor64754287

<...>
DUID 00:04:ab:86:5b:51:31:5e:ac:a3:74:55:84:ab:cd:90:ff:3d
forked to background, child pid 4691
[   31.000831][ T4692] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.011063][ T4692] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.247' (ECDSA) to the list of known hosts.
execve("./syz-executor64754287", ["./syz-executor64754287"], 0x7fff4e7cbd00 /* 10 vars */) = 0
brk(NULL)                               = 0x555555d7f000
brk(0x555555d7fc40)                     = 0x555555d7fc40
arch_prctl(ARCH_SET_FS, 0x555555d7f300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x555555d7f5d0)         = 5023
set_robust_list(0x555555d7f5e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f802b1cf760, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f802b1cfe30}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f802b1cf800, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f802b1cfe30}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor64754287", 4096) = 26
brk(0x555555da0c40)                     = 0x555555da0c40
brk(0x555555da1000)                     = 0x555555da1000
mprotect(0x7f802b290000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5024 attached
, child_tidptr=0x555555d7f5d0) = 5024
[pid  5024] set_robust_list(0x555555d7f5e0, 24) = 0
[pid  5024] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5024] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3
[pid  5024] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4
[pid  5024] dup2(4, 202)                = 202
[pid  5024] close(4)                    = 0
[pid  5024] write(202, "\xff\x00", 2)   = 2
[pid  5024] read(202, "\xff\x00\x00\x00", 4) = 4
[pid  5024] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f802a9bf000
[pid  5024] mprotect(0x7f802a9c0000, 8388608, PROT_READ|PROT_WRITE) = 0
[pid  5024] clone(child_stack=0x7f802b1bf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2], tls=0x7f802b1bf700, child_tidptr=0x7f802b1bf9d0) = 2
[pid  5024] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 5026 attached
 <unfinished ...>
[pid  5026] set_robust_list(0x7f802b1bf9e0, 24) = 0
[pid  5026] read(202, "\x01\x03\x0c\x00", 1024) = 4
[pid  5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5026] read(202, "\x01\x03\x10\x00", 1024) = 4
[pid  5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5026] read(202, "\x01\x01\x10\x00", 1024) = 4
[pid  5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5026] read(202, "\x01\x09\x10\x00", 1024) = 4
[pid  5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13
[pid  5026] read(202, "\x01\x05\x10\x00", 1024) = 4
[pid  5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14
[pid  5026] read(202, "\x01\x23\x0c\x00", 1024) = 4
[pid  5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5026] read(202, "\x01\x14\x0c\x00", 1024) = 4
[pid  5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5026] read(202, "\x01\x25\x0c\x00", 1024) = 4
[pid  5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5026] read(202, "\x01\x38\x0c\x00", 1024) = 4
syzkaller login: [   54.871298][ T5025] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.879874][ T5025] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.889132][ T5025] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.899330][ T5025] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.909024][ T5025] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[pid  5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5026] read(202, "\x01\x39\x0c\x00", 1024) = 4
[pid  5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5026] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6
[pid  5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5026] read(202,  <unfinished ...>
[pid  5024] <... ioctl resumed>, 0)     = -1 EALREADY (Operation already in progress)
[pid  5024] ioctl(3, HCISETSCAN <unfinished ...>
[pid  5026] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5
[pid  5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7
[pid  5026] madvise(0x7f802a9bf000, 8372224, MADV_DONTNEED <unfinished ...>
[pid  5024] <... ioctl resumed>, 0x7ffcde222f34) = 0
[pid  5024] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 <unfinished ...>
[pid  5026] <... madvise resumed>)      = 0
[pid  5024] <... writev resumed>)       = 13
[pid  5024] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14
[pid  5024] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14
[pid  5024] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22
[pid  5024] futex(0x7f802b1bf9d0, FUTEX_WAIT, 2, NULL <unfinished ...>
[pid  5026] exit(0)                     = ?
[pid  5024] <... futex resumed>)        = 0
[pid  5024] close(3)                    = 0
[pid  5024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5024] setsid()                    = 1
[pid  5026] +++ exited with 0 +++
[pid  5024] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5024] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5024] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5024] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5024] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5024] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5024] unshare(CLONE_NEWNS)        = 0
[pid  5024] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5024] unshare(CLONE_NEWIPC)       = 0
[pid  5024] unshare(CLONE_NEWCGROUP)    = 0
[pid  5024] unshare(CLONE_NEWUTS)       = 0
[pid  5024] unshare(CLONE_SYSVSEM)      = 0
[pid  5024] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5024] write(3, "16777216", 8)     = 8
[pid  5024] close(3)                    = 0
[pid  5024] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5024] write(3, "536870912", 9)    = 9
[pid  5024] close(3)                    = 0
[   54.917343][ T5025] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[pid  5024] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5024] write(3, "1024", 4)         = 4
[pid  5024] close(3)                    = 0
[pid  5024] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5024] write(3, "8192", 4)         = 4
[pid  5024] close(3)                    = 0
[pid  5024] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5024] write(3, "1024", 4)         = 4
[pid  5024] close(3)                    = 0
[pid  5024] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5024] write(3, "1024", 4)         = 4
[pid  5024] close(3)                    = 0
[pid  5024] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5024] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5024] close(3)                    = 0
[pid  5024] getpid()                    = 1
[pid  5024] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5024] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5024] unshare(CLONE_NEWNET)       = 0
[pid  5024] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5024] write(3, "0 65535", 7)      = 7
[pid  5024] close(3)                    = 0
[pid  5024] mkdir("/dev/binderfs", 0777) = 0
[pid  5024] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5024] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5024] write(202, "\x04\x3e\x1d\x1b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 34) = 34
[pid  5024] exit_group(1)               = ?
[   55.009504][ T4430] BUG: sleeping function called from invalid context at net/bluetooth/hci_sync.c:166
[   55.019252][ T4430] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4430, name: kworker/u5:1
[   55.028516][ T4430] preempt_count: 0, expected: 0
[   55.033377][ T4430] RCU nest depth: 1, expected: 0
[   55.038379][ T4430] 4 locks held by kworker/u5:1/4430:
[   55.043684][ T4430]  #0: ffff888020183138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x8fd/0x16f0
[   55.054650][ T4430]  #1: ffffc900057a7db0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x930/0x16f0
[   55.066194][ T4430]  #2: ffff88802b78c078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xe9/0xab0
[   55.076826][ T4430]  #3: ffffffff8c9a2840 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xcc/0xab0
[   55.087601][ T4430] CPU: 0 PID: 4430 Comm: kworker/u5:1 Not tainted 6.4.0-rc6-next-20230613-syzkaller #0
[   55.097241][ T4430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   55.107285][ T4430] Workqueue: hci0 hci_rx_work
[   55.111971][ T4430] Call Trace:
[   55.115241][ T4430]  <TASK>
[   55.118165][ T4430]  dump_stack_lvl+0x136/0x150
[   55.122837][ T4430]  __might_resched+0x358/0x580
[   55.127594][ T4430]  ? queue_work_on+0xb7/0x110
[   55.132269][ T4430]  __hci_cmd_sync_sk+0x359/0xe30
[   55.137370][ T4430]  ? hci_cmd_sync_work+0x3e0/0x3e0
[   55.142577][ T4430]  ? perf_trace_mptcp_dump_mpext+0x140/0x940
[   55.148645][ T4430]  __hci_cmd_sync_status_sk+0x45/0x160
[   55.154118][ T4430]  hci_le_terminate_big_sync+0xa4/0xd0
[   55.159571][ T4430]  ? hci_remove_ext_adv_instance+0x70/0x70
[   55.165375][ T4430]  ? hci_le_create_big_complete_evt+0xcc/0xab0
[   55.171521][ T4430]  ? lock_acquire+0x32/0xc0
[   55.176018][ T4430]  ? hci_le_create_big_complete_evt+0xcc/0xab0
[   55.182169][ T4430]  hci_le_create_big_complete_evt+0x741/0xab0
[   55.188231][ T4430]  ? hci_link_key_notify_evt+0x9f0/0x9f0
[   55.193894][ T4430]  ? wait_for_completion_io_timeout+0x20/0x20
[   55.199954][ T4430]  ? rcu_is_watching+0x12/0xb0
[   55.204708][ T4430]  hci_le_meta_evt+0x2bc/0x510
[   55.209469][ T4430]  ? hci_link_key_notify_evt+0x9f0/0x9f0
[   55.215093][ T4430]  hci_event_packet+0x641/0xfd0
[   55.219939][ T4430]  ? hci_le_pa_sync_estabilished_evt+0x2d0/0x2d0
[   55.226266][ T4430]  ? hci_conn_request_evt+0x9c0/0x9c0
[   55.231627][ T4430]  ? mark_held_locks+0x90/0xe0
[   55.236402][ T4430]  hci_rx_work+0xaeb/0x1340
[   55.240912][ T4430]  ? process_one_work+0x930/0x16f0
[   55.246018][ T4430]  process_one_work+0xa34/0x16f0
[   55.250955][ T4430]  ? lock_sync+0x190/0x190
[   55.255366][ T4430]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   55.260735][ T4430]  ? rcu_is_watching+0x12/0xb0
[   55.265495][ T4430]  ? spin_bug+0x1c0/0x1c0
[   55.269834][ T4430]  ? lock_acquire+0x32/0xc0
[   55.274332][ T4430]  ? worker_thread+0x16d/0x10c0
[   55.279193][ T4430]  worker_thread+0x67d/0x10c0
[   55.283872][ T4430]  ? process_one_work+0x16f0/0x16f0
[   55.289066][ T4430]  kthread+0x344/0x440
[   55.293128][ T4430]  ? kthread_complete_and_exit+0x40/0x40
[   55.298754][ T4430]  ret_from_fork+0x1f/0x30
[   55.303171][ T4430]  </TASK>
[   55.306829][ T4430] ------------[ cut here ]------------
[   55.312341][ T4430] Voluntary context switch within RCU read-side critical section!
[   55.312425][ T4430] WARNING: CPU: 0 PID: 4430 at kernel/rcu/tree_plugin.h:320 rcu_note_context_switch+0xbb9/0x1800
[   55.330819][ T4430] Modules linked in:
[   55.334714][ T4430] CPU: 0 PID: 4430 Comm: kworker/u5:1 Tainted: G        W          6.4.0-rc6-next-20230613-syzkaller #0
[   55.345823][ T4430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   55.355883][ T4430] Workqueue: hci0 hci_rx_work
[   55.360604][ T4430] RIP: 0010:rcu_note_context_switch+0xbb9/0x1800
[   55.366946][ T4430] Code: 1d 44 68 00 4c 8b 4c 24 30 8b 4c 24 28 48 8b 54 24 20 e9 8f 03 00 00 48 c7 c7 c0 32 6e 8a c6 05 10 41 24 0d 01 e8 87 83 dc ff <0f> 0b e9 4c f5 ff ff 81 e5 ff ff ff 7f 0f 84 d7 f6 ff ff 65 48 8b
[   55.386563][ T4430] RSP: 0018:ffffc900057a74c0 EFLAGS: 00010086
[   55.392634][ T4430] RAX: 0000000000000000 RBX: ffff8880b983d340 RCX: 0000000000000000
[   55.400605][ T4430] RDX: ffff88802c40bb80 RSI: ffffffff814bf5f7 RDI: 0000000000000001
[   55.408587][ T4430] RBP: ffff88802c40bb80 R08: 0000000000000001 R09: 0000000000000000
[   55.416561][ T4430] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[   55.424531][ T4430] R13: ffff88802c40bb80 R14: ffffffff8ea9aff0 R15: ffff8880b983c440
[   55.432506][ T4430] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   55.441457][ T4430] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   55.448047][ T4430] CR2: 00007f802b262fc8 CR3: 000000002812e000 CR4: 00000000003506f0
[   55.456226][ T4430] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   55.464255][ T4430] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   55.472435][ T4430] Call Trace:
[   55.475721][ T4430]  <TASK>
[   55.478813][ T4430]  ? __warn+0xe6/0x390
[   55.482921][ T4430]  ? rcu_note_context_switch+0xbb9/0x1800
[   55.488687][ T4430]  ? report_bug+0x2da/0x500
[   55.493206][ T4430]  ? handle_bug+0x3c/0x70
[   55.497545][ T4430]  ? exc_invalid_op+0x18/0x50
[   55.502271][ T4430]  ? asm_exc_invalid_op+0x1a/0x20
[   55.507328][ T4430]  ? __warn_printk+0x187/0x310
[   55.512120][ T4430]  ? rcu_note_context_switch+0xbb9/0x1800
[   55.517854][ T4430]  ? do_raw_spin_unlock+0x175/0x230
[   55.523158][ T4430]  ? schedule+0xde/0x1a0
[   55.527430][ T4430]  ? schedule+0xde/0x1a0
[   55.531683][ T4430]  __schedule+0x276/0x5790
[   55.536116][ T4430]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[   55.541955][ T4430]  ? lockdep_hardirqs_on+0x7d/0x100
[   55.547303][ T4430]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[   55.553153][ T4430]  ? io_schedule_timeout+0x150/0x150
[   55.558467][ T4430]  ? add_timer_on+0x4e0/0x4e0
[   55.563152][ T4430]  ? __debug_object_init+0x8c/0x2a0
[   55.568378][ T4430]  ? kthread_data+0x53/0xc0
[   55.572907][ T4430]  schedule+0xde/0x1a0
[   55.577031][ T4430]  schedule_timeout+0x14e/0x2b0
[   55.581887][ T4430]  ? usleep_range_state+0x1b0/0x1b0
[   55.587114][ T4430]  ? __next_timer_interrupt+0x2a0/0x2a0
[   55.592694][ T4430]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[   55.598518][ T4430]  ? prepare_to_wait_event+0xd0/0x6a0
[   55.603942][ T4430]  ? __might_resched+0x358/0x580
[   55.608972][ T4430]  ? queue_work_on+0xb7/0x110
[   55.613682][ T4430]  __hci_cmd_sync_sk+0xc1d/0xe30
[   55.618641][ T4430]  ? hci_cmd_sync_work+0x3e0/0x3e0
[   55.623765][ T4430]  ? prepare_to_swait_exclusive+0x240/0x240
[   55.629685][ T4430]  ? perf_trace_mptcp_dump_mpext+0x140/0x940
[   55.635688][ T4430]  __hci_cmd_sync_status_sk+0x45/0x160
[   55.641165][ T4430]  hci_le_terminate_big_sync+0xa4/0xd0
[   55.646730][ T4430]  ? hci_remove_ext_adv_instance+0x70/0x70
[   55.652552][ T4430]  ? hci_le_create_big_complete_evt+0xcc/0xab0
[   55.658726][ T4430]  ? lock_acquire+0x32/0xc0
[   55.663242][ T4430]  ? hci_le_create_big_complete_evt+0xcc/0xab0
[   55.669497][ T4430]  hci_le_create_big_complete_evt+0x741/0xab0
[   55.675577][ T4430]  ? hci_link_key_notify_evt+0x9f0/0x9f0
[   55.681226][ T4430]  ? wait_for_completion_io_timeout+0x20/0x20
[   55.687313][ T4430]  ? rcu_is_watching+0x12/0xb0
[   55.692089][ T4430]  hci_le_meta_evt+0x2bc/0x510
[   55.696869][ T4430]  ? hci_link_key_notify_evt+0x9f0/0x9f0
[   55.702604][ T4430]  hci_event_packet+0x641/0xfd0
[   55.707467][ T4430]  ? hci_le_pa_sync_estabilished_evt+0x2d0/0x2d0
[   55.713815][ T4430]  ? hci_conn_request_evt+0x9c0/0x9c0
[   55.719194][ T4430]  ? mark_held_locks+0x90/0xe0
[   55.723986][ T4430]  hci_rx_work+0xaeb/0x1340
[   55.728595][ T4430]  ? process_one_work+0x930/0x16f0
[   55.733723][ T4430]  process_one_work+0xa34/0x16f0
[   55.738679][ T4430]  ? lock_sync+0x190/0x190
[   55.743121][ T4430]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   55.748513][ T4430]  ? rcu_is_watching+0x12/0xb0
[   55.753287][ T4430]  ? spin_bug+0x1c0/0x1c0
[   55.757631][ T4430]  ? lock_acquire+0x32/0xc0
[   55.762159][ T4430]  ? worker_thread+0x16d/0x10c0
[   55.767055][ T4430]  worker_thread+0x67d/0x10c0
[   55.771786][ T4430]  ? process_one_work+0x16f0/0x16f0
[   55.777013][ T4430]  kthread+0x344/0x440
[   55.781184][ T4430]  ? kthread_complete_and_exit+0x40/0x40
[   55.786840][ T4430]  ret_from_fork+0x1f/0x30
[   55.791280][ T4430]  </TASK>
[   55.794301][ T4430] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   55.801586][ T4430] CPU: 0 PID: 4430 Comm: kworker/u5:1 Tainted: G        W          6.4.0-rc6-next-20230613-syzkaller #0
[   55.812697][ T4430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   55.822760][ T4430] Workqueue: hci0 hci_rx_work
[   55.827478][ T4430] Call Trace:
[   55.830768][ T4430]  <TASK>
[   55.833706][ T4430]  dump_stack_lvl+0xd9/0x150
[   55.838331][ T4430]  panic+0x686/0x730
[   55.842243][ T4430]  ? panic_smp_self_stop+0xa0/0xa0
[   55.847371][ T4430]  ? show_trace_log_lvl+0x284/0x390
[   55.852862][ T4430]  ? rcu_note_context_switch+0xbb9/0x1800
[   55.858603][ T4430]  check_panic_on_warn+0xb1/0xc0
[   55.863736][ T4430]  __warn+0xf2/0x390
[   55.867650][ T4430]  ? rcu_note_context_switch+0xbb9/0x1800
[   55.873557][ T4430]  report_bug+0x2da/0x500
[   55.877904][ T4430]  handle_bug+0x3c/0x70
[   55.882504][ T4430]  exc_invalid_op+0x18/0x50
[   55.887020][ T4430]  asm_exc_invalid_op+0x1a/0x20
[   55.891886][ T4430] RIP: 0010:rcu_note_context_switch+0xbb9/0x1800
[   55.898315][ T4430] Code: 1d 44 68 00 4c 8b 4c 24 30 8b 4c 24 28 48 8b 54 24 20 e9 8f 03 00 00 48 c7 c7 c0 32 6e 8a c6 05 10 41 24 0d 01 e8 87 83 dc ff <0f> 0b e9 4c f5 ff ff 81 e5 ff ff ff 7f 0f 84 d7 f6 ff ff 65 48 8b
[   55.917929][ T4430] RSP: 0018:ffffc900057a74c0 EFLAGS: 00010086
[   55.924003][ T4430] RAX: 0000000000000000 RBX: ffff8880b983d340 RCX: 0000000000000000
[   55.931975][ T4430] RDX: ffff88802c40bb80 RSI: ffffffff814bf5f7 RDI: 0000000000000001
[   55.939951][ T4430] RBP: ffff88802c40bb80 R08: 0000000000000001 R09: 0000000000000000
[   55.947929][ T4430] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[   55.955904][ T4430] R13: ffff88802c40bb80 R14: ffffffff8ea9aff0 R15: ffff8880b983c440
[   55.963914][ T4430]  ? __warn_printk+0x187/0x310
[   55.968718][ T4430]  ? do_raw_spin_unlock+0x175/0x230
[   55.973963][ T4430]  ? schedule+0xde/0x1a0
[   55.978220][ T4430]  ? schedule+0xde/0x1a0
[   55.982474][ T4430]  __schedule+0x276/0x5790
[   55.986909][ T4430]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[   55.992811][ T4430]  ? lockdep_hardirqs_on+0x7d/0x100
[   55.998021][ T4430]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[   56.003836][ T4430]  ? io_schedule_timeout+0x150/0x150
[   56.009134][ T4430]  ? add_timer_on+0x4e0/0x4e0
[   56.013819][ T4430]  ? __debug_object_init+0x8c/0x2a0
[   56.019034][ T4430]  ? kthread_data+0x53/0xc0
[   56.023549][ T4430]  schedule+0xde/0x1a0
[   56.027631][ T4430]  schedule_timeout+0x14e/0x2b0
[   56.032488][ T4430]  ? usleep_range_state+0x1b0/0x1b0
[   56.037697][ T4430]  ? __next_timer_interrupt+0x2a0/0x2a0
[   56.043290][ T4430]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[   56.049114][ T4430]  ? prepare_to_wait_event+0xd0/0x6a0
[   56.054496][ T4430]  ? __might_resched+0x358/0x580
[   56.059447][ T4430]  ? queue_work_on+0xb7/0x110
[   56.064158][ T4430]  __hci_cmd_sync_sk+0xc1d/0xe30
[   56.069110][ T4430]  ? hci_cmd_sync_work+0x3e0/0x3e0
[   56.074232][ T4430]  ? prepare_to_swait_exclusive+0x240/0x240
[   56.080148][ T4430]  ? perf_trace_mptcp_dump_mpext+0x140/0x940
[   56.086148][ T4430]  __hci_cmd_sync_status_sk+0x45/0x160
[   56.091661][ T4430]  hci_le_terminate_big_sync+0xa4/0xd0
[   56.097157][ T4430]  ? hci_remove_ext_adv_instance+0x70/0x70
[   56.102987][ T4430]  ? hci_le_create_big_complete_evt+0xcc/0xab0
[   56.109150][ T4430]  ? lock_acquire+0x32/0xc0
[   56.113662][ T4430]  ? hci_le_create_big_complete_evt+0xcc/0xab0
[   56.119824][ T4430]  hci_le_create_big_complete_evt+0x741/0xab0
[   56.125913][ T4430]  ? hci_link_key_notify_evt+0x9f0/0x9f0
[   56.131555][ T4430]  ? wait_for_completion_io_timeout+0x20/0x20
[   56.137636][ T4430]  ? rcu_is_watching+0x12/0xb0
[   56.142434][ T4430]  hci_le_meta_evt+0x2bc/0x510
[   56.147232][ T4430]  ? hci_link_key_notify_evt+0x9f0/0x9f0
[   56.152886][ T4430]  hci_event_packet+0x641/0xfd0
[   56.157768][ T4430]  ? hci_le_pa_sync_estabilished_evt+0x2d0/0x2d0
[   56.164127][ T4430]  ? hci_conn_request_evt+0x9c0/0x9c0
[   56.169505][ T4430]  ? mark_held_locks+0x90/0xe0
[   56.174298][ T4430]  hci_rx_work+0xaeb/0x1340
[   56.178844][ T4430]  ? process_one_work+0x930/0x16f0
[   56.184059][ T4430]  process_one_work+0xa34/0x16f0
[   56.189016][ T4430]  ? lock_sync+0x190/0x190
[   56.193442][ T4430]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   56.198833][ T4430]  ? rcu_is_watching+0x12/0xb0
[   56.203694][ T4430]  ? spin_bug+0x1c0/0x1c0
[   56.208037][ T4430]  ? lock_acquire+0x32/0xc0
[   56.212550][ T4430]  ? worker_thread+0x16d/0x10c0
[   56.217430][ T4430]  worker_thread+0x67d/0x10c0
[   56.222134][ T4430]  ? process_one_work+0x16f0/0x16f0
[   56.227348][ T4430]  kthread+0x344/0x440
[   56.231423][ T4430]  ? kthread_complete_and_exit+0x40/0x40
[   56.237068][ T4430]  ret_from_fork+0x1f/0x30
[   56.241510][ T4430]  </TASK>
[   56.244696][ T4430] Kernel Offset: disabled
[   56.249111][ T4430] Rebooting in 86400 seconds..