Warning: Permanently added '10.128.1.70' (ECDSA) to the list of known hosts.
[   46.453566][   T27] audit: type=1400 audit(1650438294.800:75): avc:  denied  { execmem } for  pid=3588 comm="syz-executor197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   46.476912][   T27] audit: type=1400 audit(1650438294.830:76): avc:  denied  { mounton } for  pid=3589 comm="syz-executor197" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   46.501099][   T27] audit: type=1400 audit(1650438294.840:77): avc:  denied  { mount } for  pid=3589 comm="syz-executor197" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   46.523930][   T27] audit: type=1400 audit(1650438294.840:78): avc:  denied  { create } for  pid=3589 comm="syz-executor197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   46.544587][   T27] audit: type=1400 audit(1650438294.840:79): avc:  denied  { read write } for  pid=3589 comm="syz-executor197" name="vhci" dev="devtmpfs" ino=1072 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   46.568512][   T27] audit: type=1400 audit(1650438294.840:80): avc:  denied  { open } for  pid=3589 comm="syz-executor197" path="/dev/vhci" dev="devtmpfs" ino=1072 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   47.562232][   T27] audit: type=1400 audit(1650438295.910:81): avc:  denied  { ioctl } for  pid=3589 comm="syz-executor197" path="socket:[27360]" dev="sockfs" ino=27360 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   47.573624][ T3590] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   47.596112][ T3590] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   47.603567][ T3590] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   47.612027][ T3593] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   47.619784][ T3593] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   47.627691][ T3593] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   47.644512][   T27] audit: type=1400 audit(1650438295.990:82): avc:  denied  { mounton } for  pid=3589 comm="syz-executor197" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
executing program
[   47.689929][   T27] audit: type=1400 audit(1650438296.040:83): avc:  denied  { mounton } for  pid=3589 comm="syz-executor197" path="/dev/binderfs" dev="devtmpfs" ino=2312 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   47.713163][   T27] audit: type=1400 audit(1650438296.040:84): avc:  denied  { mount } for  pid=3589 comm="syz-executor197" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   47.954447][  T141] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   48.234767][  T141] usb 1-1: too many configurations: 85, using maximum allowed: 8
[   49.034598][  T141] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   49.043672][  T141] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   49.052240][  T141] usb 1-1: Product: syz
[   49.057046][  T141] usb 1-1: Manufacturer: syz
[   49.061635][  T141] usb 1-1: SerialNumber: syz
[   49.117317][  T141] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   49.694440][  T141] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   49.714668][   T14] Bluetooth: hci0: command 0x0409 tx timeout
[   50.725286][   T14] usb 1-1: USB disconnect, device number 2
[   50.739985][    C0] INFO: trying to register non-static key.
[   50.745816][    C0] The code is fine but needs lockdep annotation, or maybe
[   50.752898][    C0] you didn't initialize this object before use?
[   50.759202][    C0] turning off the locking correctness validator.
[   50.765505][    C0] CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 5.18.0-rc3-syzkaller-00007-g559089e0a93d #0
[   50.775467][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.785507][    C0] Workqueue: usb_hub_wq hub_event
[   50.790539][    C0] Call Trace:
[   50.793796][    C0]  <IRQ>
[   50.796620][    C0]  dump_stack_lvl+0xcd/0x134
[   50.801190][    C0]  register_lock_class+0xf04/0x11b0
[   50.806374][    C0]  ? mark_lock.part.0+0xee/0x1910
[   50.811381][    C0]  ? mark_lock.part.0+0xee/0x1910
[   50.816386][    C0]  ? is_dynamic_key.part.0+0x130/0x130
[   50.821829][    C0]  ? lock_chain_count+0x20/0x20
[   50.826661][    C0]  ? ret_from_fork+0x1f/0x30
[   50.831230][    C0]  ? mark_lock.part.0+0xee/0x1910
[   50.836236][    C0]  __lock_acquire+0x10a/0x56c0
[   50.840997][    C0]  ? __lock_acquire+0x163e/0x56c0
[   50.846027][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   50.852003][    C0]  lock_acquire+0x1ab/0x510
[   50.856505][    C0]  ? skb_queue_tail+0x21/0x140
[   50.861264][    C0]  ? lock_release+0x720/0x720
[   50.865937][    C0]  ? find_held_lock+0x2d/0x110
[   50.870694][    C0]  ? ath9k_htc_txstatus+0x4c0/0x4c0
[   50.875889][    C0]  _raw_spin_lock_irqsave+0x39/0x50
[   50.881082][    C0]  ? skb_queue_tail+0x21/0x140
[   50.885837][    C0]  skb_queue_tail+0x21/0x140
[   50.890420][    C0]  ath9k_htc_txep+0x287/0x400
[   50.895089][    C0]  ath9k_htc_txcompletion_cb+0x1cd/0x2e0
[   50.900717][    C0]  hif_usb_regout_cb+0x115/0x1c0
[   50.905645][    C0]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   50.911014][    C0]  usb_hcd_giveback_urb+0x367/0x410
[   50.916213][    C0]  dummy_timer+0x11f9/0x32b0
[   50.920797][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   50.926774][    C0]  ? dummy_dequeue+0x500/0x500
[   50.931625][    C0]  ? dummy_dequeue+0x500/0x500
[   50.936380][    C0]  call_timer_fn+0x1a5/0x6b0
[   50.940966][    C0]  ? timer_fixup_activate+0x350/0x350
[   50.946332][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[   50.951523][    C0]  ? dummy_dequeue+0x500/0x500
[   50.956290][    C0]  __run_timers.part.0+0x679/0xa80
[   50.961398][    C0]  ? call_timer_fn+0x6b0/0x6b0
[   50.966153][    C0]  run_timer_softirq+0xb3/0x1d0
[   50.970993][    C0]  __do_softirq+0x29b/0x9c2
[   50.975489][    C0]  __irq_exit_rcu+0x123/0x180
[   50.980160][    C0]  irq_exit_rcu+0x5/0x20
[   50.984400][    C0]  sysvec_apic_timer_interrupt+0x93/0xc0
[   50.990143][    C0]  </IRQ>
[   50.993069][    C0]  <TASK>
[   50.996007][    C0]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   51.002263][    C0] RIP: 0010:kasan_check_range+0xde/0x180
[   51.007895][    C0] Code: 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 48 85 d2 74 5e 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 50 80 38 00 <74> f2 eb d4 41 bc 08 00 00 00 48 89 ea 45 29 dc 4d 8d 1c 2c eb 0c
[   51.027578][    C0] RSP: 0018:ffffc90000f4f710 EFLAGS: 00000246
[   51.033633][    C0] RAX: ffffed100ebc78f0 RBX: ffffed100ebc78f1 RCX: ffffffff81fda003
[   51.041592][    C0] RDX: ffffed100ebc78f1 RSI: 0000000000000004 RDI: ffff888075e3c784
[   51.049636][    C0] RBP: ffffed100ebc78f0 R08: 0000000000000000 R09: ffff888075e3c787
[   51.057597][    C0] R10: ffffed100ebc78f0 R11: 0000000000000001 R12: ffff888075e3c784
[   51.065556][    C0] R13: 0000000000000100 R14: dffffc0000000000 R15: ffff888140091400
[   51.073520][    C0]  ? __kernfs_remove+0x8f3/0xb20
[   51.078462][    C0]  __kernfs_remove+0x8f3/0xb20
[   51.083218][    C0]  ? kernfs_remove_by_name_ns+0xa8/0x110
[   51.088848][    C0]  ? kernfs_next_descendant_post+0x2f0/0x2f0
[   51.094826][    C0]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   51.101065][    C0]  ? kernfs_name_hash+0xf1/0x120
[   51.105997][    C0]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   51.112677][    C0]  ? kernfs_find_ns+0x2c6/0x3e0
[   51.117524][    C0]  kernfs_remove_by_name_ns+0xa8/0x110
[   51.122985][    C0]  sysfs_unmerge_group+0xe3/0x160
[   51.127997][    C0]  dpm_sysfs_remove+0x79/0xb0
[   51.132672][    C0]  device_del+0x20b/0xc80
[   51.136996][    C0]  ? __device_link_del+0x380/0x380
[   51.142104][    C0]  ? kfree_const+0x51/0x60
[   51.146513][    C0]  device_unregister+0x1f/0xc0
[   51.151283][    C0]  usb_remove_ep_devs+0x3e/0x80
[   51.156129][    C0]  usb_disable_device+0x306/0x7b0
[   51.161144][    C0]  usb_disconnect.cold+0x278/0x6ec
[   51.166248][    C0]  hub_event+0x1e74/0x4680
[   51.170659][    C0]  ? hub_port_debounce+0x3c0/0x3c0
[   51.175763][    C0]  ? lock_release+0x720/0x720
[   51.180433][    C0]  ? lock_downgrade+0x6e0/0x6e0
[   51.185274][    C0]  ? do_raw_spin_lock+0x120/0x2a0
[   51.190296][    C0]  process_one_work+0x996/0x1610
[   51.195225][    C0]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   51.200590][    C0]  ? rwlock_bug.part.0+0x90/0x90
[   51.205521][    C0]  ? _raw_spin_lock_irq+0x41/0x50
[   51.210550][    C0]  worker_thread+0x665/0x1080
[   51.215220][    C0]  ? __kthread_parkme+0x15f/0x220
[   51.220243][    C0]  ? process_one_work+0x1610/0x1610
[   51.225435][    C0]  kthread+0x2e9/0x3a0
[   51.229498][    C0]  ? kthread_complete_and_exit+0x40/0x40
[   51.235130][    C0]  ret_from_fork+0x1f/0x30
[   51.239540][    C0]  </TASK>
[   51.242567][    C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[   51.254527][    C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   51.262919][    C0] CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 5.18.0-rc3-syzkaller-00007-g559089e0a93d #0
[   51.272883][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.282930][    C0] Workqueue: usb_hub_wq hub_event
[   51.287965][    C0] RIP: 0010:skb_queue_tail+0x9e/0x140
[   51.293332][    C0] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 80 00 00 00 4c 89 e2 4c 89 65 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 48 89 6b 08 <80> 3c 02 00 75 4f 48 8d 7b 10 49 89 2c 24 48 b8 00 00 00 00 00 fc
[   51.312926][    C0] RSP: 0018:ffffc900000079d8 EFLAGS: 00010046
[   51.318979][    C0] RAX: dffffc0000000000 RBX: ffff88806f533838 RCX: ffffffff815d4820
[   51.326953][    C0] RDX: 0000000000000000 RSI: 0000000000000046 RDI: ffff88801677d408
[   51.334913][    C0] RBP: ffff88801677d400 R08: 0000000000000001 R09: 0000000000000003
[   51.342870][    C0] R10: fffff52000000f29 R11: 0000000000000000 R12: 0000000000000000
[   51.350916][    C0] R13: ffff88806f533850 R14: 00000000ffff9e06 R15: ffffffff8527c940
[   51.358874][    C0] FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[   51.367798][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   51.374372][    C0] CR2: 00007fec2d37e158 CR3: 000000000ba8e000 CR4: 00000000003506f0
[   51.382334][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   51.390294][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   51.398251][    C0] Call Trace:
[   51.401520][    C0]  <IRQ>
[   51.404350][    C0]  ath9k_htc_txep+0x287/0x400
[   51.409028][    C0]  ath9k_htc_txcompletion_cb+0x1cd/0x2e0
[   51.414652][    C0]  hif_usb_regout_cb+0x115/0x1c0
[   51.419583][    C0]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   51.424974][    C0]  usb_hcd_giveback_urb+0x367/0x410
[   51.430191][    C0]  dummy_timer+0x11f9/0x32b0
[   51.434789][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   51.440771][    C0]  ? dummy_dequeue+0x500/0x500
[   51.445528][    C0]  ? dummy_dequeue+0x500/0x500
[   51.450287][    C0]  call_timer_fn+0x1a5/0x6b0
[   51.454876][    C0]  ? timer_fixup_activate+0x350/0x350
[   51.460241][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[   51.465435][    C0]  ? dummy_dequeue+0x500/0x500
[   51.470190][    C0]  __run_timers.part.0+0x679/0xa80
[   51.475305][    C0]  ? call_timer_fn+0x6b0/0x6b0
[   51.480077][    C0]  run_timer_softirq+0xb3/0x1d0
[   51.484937][    C0]  __do_softirq+0x29b/0x9c2
[   51.489453][    C0]  __irq_exit_rcu+0x123/0x180
[   51.494134][    C0]  irq_exit_rcu+0x5/0x20
[   51.498375][    C0]  sysvec_apic_timer_interrupt+0x93/0xc0
[   51.504013][    C0]  </IRQ>
[   51.506935][    C0]  <TASK>
[   51.509861][    C0]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   51.515926][    C0] RIP: 0010:kasan_check_range+0xde/0x180
[   51.521553][    C0] Code: 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 48 85 d2 74 5e 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 50 80 38 00 <74> f2 eb d4 41 bc 08 00 00 00 48 89 ea 45 29 dc 4d 8d 1c 2c eb 0c
[   51.541149][    C0] RSP: 0018:ffffc90000f4f710 EFLAGS: 00000246
[   51.547220][    C0] RAX: ffffed100ebc78f0 RBX: ffffed100ebc78f1 RCX: ffffffff81fda003
[   51.555183][    C0] RDX: ffffed100ebc78f1 RSI: 0000000000000004 RDI: ffff888075e3c784
[   51.563144][    C0] RBP: ffffed100ebc78f0 R08: 0000000000000000 R09: ffff888075e3c787
[   51.571103][    C0] R10: ffffed100ebc78f0 R11: 0000000000000001 R12: ffff888075e3c784
[   51.579062][    C0] R13: 0000000000000100 R14: dffffc0000000000 R15: ffff888140091400
[   51.587020][    C0]  ? __kernfs_remove+0x8f3/0xb20
[   51.591955][    C0]  __kernfs_remove+0x8f3/0xb20
[   51.596714][    C0]  ? kernfs_remove_by_name_ns+0xa8/0x110
[   51.602345][    C0]  ? kernfs_next_descendant_post+0x2f0/0x2f0
[   51.608754][    C0]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   51.614991][    C0]  ? kernfs_name_hash+0xf1/0x120
[   51.619938][    C0]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   51.626201][    C0]  ? kernfs_find_ns+0x2c6/0x3e0
[   51.631068][    C0]  kernfs_remove_by_name_ns+0xa8/0x110
[   51.636531][    C0]  sysfs_unmerge_group+0xe3/0x160
[   51.641550][    C0]  dpm_sysfs_remove+0x79/0xb0
[   51.646225][    C0]  device_del+0x20b/0xc80
[   51.650553][    C0]  ? __device_link_del+0x380/0x380
[   51.655663][    C0]  ? kfree_const+0x51/0x60
[   51.660072][    C0]  device_unregister+0x1f/0xc0
[   51.664830][    C0]  usb_remove_ep_devs+0x3e/0x80
[   51.669678][    C0]  usb_disable_device+0x306/0x7b0
[   51.674708][    C0]  usb_disconnect.cold+0x278/0x6ec
[   51.679814][    C0]  hub_event+0x1e74/0x4680
[   51.684230][    C0]  ? hub_port_debounce+0x3c0/0x3c0
[   51.689336][    C0]  ? lock_release+0x720/0x720
[   51.694012][    C0]  ? lock_downgrade+0x6e0/0x6e0
[   51.698910][    C0]  ? do_raw_spin_lock+0x120/0x2a0
[   51.703930][    C0]  process_one_work+0x996/0x1610
[   51.708858][    C0]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   51.714220][    C0]  ? rwlock_bug.part.0+0x90/0x90
[   51.719152][    C0]  ? _raw_spin_lock_irq+0x41/0x50
[   51.724169][    C0]  worker_thread+0x665/0x1080
[   51.728840][    C0]  ? __kthread_parkme+0x15f/0x220
[   51.733866][    C0]  ? process_one_work+0x1610/0x1610
[   51.739055][    C0]  kthread+0x2e9/0x3a0
[   51.743117][    C0]  ? kthread_complete_and_exit+0x40/0x40
[   51.748749][    C0]  ret_from_fork+0x1f/0x30
[   51.753167][    C0]  </TASK>
[   51.756173][    C0] Modules linked in:
[   51.760079][    C0] ---[ end trace 0000000000000000 ]---
[   51.765514][    C0] RIP: 0010:skb_queue_tail+0x9e/0x140
[   51.770883][    C0] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 80 00 00 00 4c 89 e2 4c 89 65 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 48 89 6b 08 <80> 3c 02 00 75 4f 48 8d 7b 10 49 89 2c 24 48 b8 00 00 00 00 00 fc
[   51.790478][    C0] RSP: 0018:ffffc900000079d8 EFLAGS: 00010046
[   51.796536][    C0] RAX: dffffc0000000000 RBX: ffff88806f533838 RCX: ffffffff815d4820
[   51.804496][    C0] RDX: 0000000000000000 RSI: 0000000000000046 RDI: ffff88801677d408
[   51.812457][    C0] RBP: ffff88801677d400 R08: 0000000000000001 R09: 0000000000000003
[   51.820417][    C0] R10: fffff52000000f29 R11: 0000000000000000 R12: 0000000000000000
[   51.828373][    C0] R13: ffff88806f533850 R14: 00000000ffff9e06 R15: ffffffff8527c940
[   51.836334][    C0] FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[   51.845252][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   51.851824][    C0] CR2: 00007fec2d37e158 CR3: 000000000ba8e000 CR4: 00000000003506f0
[   51.859783][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   51.867745][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   51.875706][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[   51.883045][    C0] Kernel Offset: disabled
[   51.887356][    C0] Rebooting in 86400 seconds..