./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2829571573

<...>
DUID 00:04:66:e4:01:83:27:57:c7:2c:b4:77:89:67:fd:32:a2:9b
forked to background, child pid 3180
[   26.329584][ T3181] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.338875][ T3181] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts.
execve("./syz-executor2829571573", ["./syz-executor2829571573"], 0x7ffd7a319ae0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555cc2000
brk(0x555555cc2c40)                     = 0x555555cc2c40
arch_prctl(ARCH_SET_FS, 0x555555cc2300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x555555cc25d0)         = 3601
set_robust_list(0x555555cc25e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f0b40810d10, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f0b408113e0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f0b40810db0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0b408113e0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2829571573", 4096) = 28
brk(0x555555ce3c40)                     = 0x555555ce3c40
brk(0x555555ce4000)                     = 0x555555ce4000
mprotect(0x7f0b408d2000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 3601
mkdir("./syzkaller.bqGkLw", 0700)       = 0
chmod("./syzkaller.bqGkLw", 0777)       = 0
chdir("./syzkaller.bqGkLw")             = 0
mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3
openat(AT_FDCWD, "/dev/vhci", O_RDWR)   = 4
dup2(4, 202)                            = 202
close(4)                                = 0
read(202, "\xff\x00\x00\x00", 4)        = 4
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b3ffff000
mprotect(0x7f0b40000000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f0b407ff3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3604], tls=0x7f0b407ff700, child_tidptr=0x7f0b407ff9d0) = 3604
ioctl(3, HCIDEVUP./strace-static-x86_64: Process 3604 attached
 <unfinished ...>
[pid  3604] set_robust_list(0x7f0b407ff9e0, 24) = 0
[pid  3604] read(202, "\x01\x03\x0c\x00", 1024) = 4
[pid  3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3604] read(202, "\x01\x03\x10\x00", 1024) = 4
[pid  3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3604] read(202, "\x01\x01\x10\x00", 1024) = 4
[pid  3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3604] read(202, "\x01\x09\x10\x00", 1024) = 4
[pid  3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13
[pid  3604] read(202, "\x01\x05\x10\x00", 1024) = 4
[pid  3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14
[pid  3604] read(202, "\x01\x23\x0c\x00", 1024) = 4
[pid  3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3604] read(202, "\x01\x14\x0c\x00", 1024) = 4
[pid  3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3604] read(202, "\x01\x25\x0c\x00", 1024) = 4
[pid  3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3604] read(202, "\x01\x38\x0c\x00", 1024) = 4
[pid  3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
syzkaller login: [   50.082360][ T3605] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   50.090639][ T3605] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   50.100243][ T3605] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   50.111844][ T3605] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   50.121505][ T3605] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[pid  3604] read(202, "\x01\x39\x0c\x00", 1024) = 4
[pid  3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3604] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6
[pid  3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  3604] read(202,  <unfinished ...>
[pid  3601] <... ioctl resumed>, 0)     = -1 EALREADY (Operation already in progress)
[pid  3601] ioctl(3, HCISETSCAN <unfinished ...>
[pid  3604] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5
[pid  3604] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7
[pid  3601] <... ioctl resumed>, 0x7ffc27acfc68) = 0
[pid  3601] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 <unfinished ...>
[pid  3604] madvise(0x7f0b3ffff000, 8372224, MADV_DONTNEED) = 0
[pid  3604] exit(0)                     = ?
[pid  3604] +++ exited with 0 +++
<... writev resumed>)                   = 13
writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14
writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14
writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22
close(3)                                = 0
getuid()                                = 0
getgid()                                = 0
mprotect(0x7f0b40900000, 4096, PROT_NONE) = 0
clone(child_stack=0x7f0b409fffb0, flags=CLONE_NEWUSER|CLONE_NEWPID) = 3607
./strace-static-x86_64: Process 3607 attached
[pid  3607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3607] setsid()                    = 1
[pid  3607] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = -1 EPERM (Operation not permitted)
[pid  3607] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3607] unshare(CLONE_NEWNS)        = 0
[pid  3607] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3607] unshare(CLONE_NEWIPC)       = 0
[pid  3607] unshare(CLONE_NEWCGROUP)    = 0
[pid  3607] unshare(CLONE_NEWUTS)       = 0
[pid  3607] unshare(CLONE_SYSVSEM)      = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "16777216", 8)     = 8
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "536870912", 9)    = 9
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "1024", 4)         = 4
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "8192", 4)         = 4
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "1024", 4)         = 4
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "1024", 4)         = 4
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/self/setgroups", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "deny", 4)         = 4
[pid  3607] close(3)                    = 0
[   50.129553][ T3605] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[pid  3607] openat(AT_FDCWD, "/proc/self/uid_map", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "0 0 1\n", 6)      = 6
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/self/gid_map", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "0 0 1\n", 6)      = 6
[pid  3607] close(3)                    = 0
[pid  3607] unshare(CLONE_NEWNET)       = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "0 65535", 7)      = -1 EINVAL (Invalid argument)
[pid  3607] close(3)                    = 0
[pid  3607] mkdir("./syz-tmp", 0777)    = 0
[pid  3607] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  3607] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  3607] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  3607] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  3607] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  3607] mount(NULL, "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  3607] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  3607] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  3607] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  3607] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  3607] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  3607] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  3607] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  3607] chdir("/")                  = 0
[pid  3607] umount2("./pivot", MNT_DETACH) = 0
[pid  3607] chroot("./newroot")         = 0
[pid  3607] chdir("/")                  = 0
[pid  3607] mkdir("/dev/binderfs", 0777) = 0
[pid  3607] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3607] getpid()                    = 1
[pid  3607] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3607] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3607] futex(0x7f0b408f002c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b40b0c000
[pid  3607] mprotect(0x7f0b40b0d000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3607] clone(child_stack=0x7f0b40b2c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3608 attached
, parent_tid=[2], tls=0x7f0b40b2c700, child_tidptr=0x7f0b40b2c9d0) = 2
[pid  3608] set_robust_list(0x7f0b40b2c9e0, 24 <unfinished ...>
[pid  3607] futex(0x7f0b408f0028, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3608] <... set_robust_list resumed>) = 0
[pid  3607] <... futex resumed>)        = 0
[pid  3607] futex(0x7f0b408f002c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=3, tv_nsec=50000000} <unfinished ...>
[pid  3608] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  3608] ioctl(3, USB_RAW_IOCTL_INIT, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f0b40b2a2b0) = 18
[   50.495513][   T14] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f0b40b2a2b0) = 18
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f0b40b2a2b0) = 9
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f0b40b2a2b0) = 72
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f0b40b2a2b0) = 4
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f0b40b2a2b0) = 8
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f0b40b2a2b0) = 8
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7f0b40b2a2b0) = 8
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0xfa) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f0b40a0004c) = 9
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f0b40a0005c) = 10
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f0b40a0006c) = 12
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f0b40a0007c) = 11
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f0b40a0008c) = 13
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f0b40a0009c) = 14
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 0
[   51.016056][   T14] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   51.025199][   T14] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   51.033900][   T14] usb 1-1: Product: syz
[   51.038371][   T14] usb 1-1: Manufacturer: syz
[   51.042969][   T14] usb 1-1: SerialNumber: syz
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 4096
[   51.098497][   T14] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 4096
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 4096
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 4096
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 4096
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 4096
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 4096
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 4096
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 4096
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 4096
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 4096
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 4096
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 1856
[pid  3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7f0b40b2b2c0) = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7f0b40b2a2b0) = 0
[   51.675799][   T14] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[pid  3608] futex(0x7f0b408f002c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3607] <... futex resumed>)        = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP_WRITE <unfinished ...>
[pid  3607] futex(0x7f0b408f0028, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3608] <... ioctl resumed>, 0x7f0b40b2b2f0) = 16
[pid  3607] <... futex resumed>)        = 0
[pid  3607] futex(0x7f0b408f002c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} <unfinished ...>
[pid  3608] futex(0x7f0b408f002c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3607] <... futex resumed>)        = 0
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP_WRITE <unfinished ...>
[pid  3607] futex(0x7f0b408f0028, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3608] <... ioctl resumed>, 0x7f0b40b2b2f0) = 18
[pid  3607] <... futex resumed>)        = 0
[   52.146087][   T22] Bluetooth: hci0: command 0x0409 tx timeout
[pid  3607] futex(0x7f0b408f002c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000} <unfinished ...>
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP_WRITE, 0x7f0b40b2b2f0) = 18
[pid  3607] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3607] futex(0x7f0b408f003c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b40aeb000
[pid  3607] mprotect(0x7f0b40aec000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3607] clone(child_stack=0x7f0b40b0b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3], tls=0x7f0b40b0b700, child_tidptr=0x7f0b40b0b9d0) = 3
[pid  3607] futex(0x7f0b408f0038, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3607] futex(0x7f0b408f003c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=350000000}./strace-static-x86_64: Process 3609 attached
 <unfinished ...>
[pid  3609] set_robust_list(0x7f0b40b0b9e0, 24) = 0
[pid  3609] ioctl(3, USB_RAW_IOCTL_EP_WRITE, 0x7f0b40b0a2f0) = 18
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP_WRITE, 0x7f0b40b2b2f0) = 18
[pid  3609] futex(0x7f0b408f003c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3607] <... futex resumed>)        = 0
[pid  3609] <... futex resumed>)        = 1
[pid  3609] futex(0x7f0b408f0038, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3608] ioctl(3, USB_RAW_IOCTL_EP_WRITE, 0x7f0b40b2b2f0) = 18
[pid  3607] exit_group(1 <unfinished ...>
[pid  3609] <... futex resumed>)        = ?
[pid  3607] <... exit_group resumed>)   = ?
[pid  3609] +++ exited with 1 +++
[pid  3608] +++ exited with 1 +++
[pid  3607] +++ exited with 1 +++
exit_group(0)                           = ?
[   52.767943][   T22] usb 1-1: USB disconnect, device number 2
[   52.779116][    C0] INFO: trying to register non-static key.
[   52.784954][    C0] The code is fine but needs lockdep annotation, or maybe
[   52.792042][    C0] you didn't initialize this object before use?
[   52.798272][    C0] turning off the locking correctness validator.
[   52.804590][    C0] CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0
[   52.814315][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   52.824353][    C0] Workqueue: netns cleanup_net
[   52.829120][    C0] Call Trace:
[   52.832383][    C0]  <IRQ>
[   52.835211][    C0]  dump_stack_lvl+0xcd/0x134
[   52.839787][    C0]  register_lock_class+0xf30/0x1130
[   52.844968][    C0]  ? mark_lock.part.0+0xee/0x1910
[   52.849972][    C0]  ? mark_lock.part.0+0xee/0x1910
[   52.854988][    C0]  ? kernel_text_address+0xd/0x80
[   52.860000][    C0]  ? is_dynamic_key.part.0+0x130/0x130
[   52.865440][    C0]  ? lock_chain_count+0x20/0x20
[   52.870272][    C0]  ? mark_lock.part.0+0xee/0x1910
[   52.875289][    C0]  ? ret_from_fork+0x1f/0x30
[   52.879867][    C0]  __lock_acquire+0x10a/0x5660
[   52.884632][    C0]  ? stack_trace_save+0x8c/0xc0
[   52.889472][    C0]  ? __lock_acquire+0x163e/0x5660
[   52.894474][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   52.900436][    C0]  lock_acquire+0x1ab/0x570
[   52.904918][    C0]  ? skb_queue_tail+0x21/0x140
[   52.909666][    C0]  ? lock_release+0x780/0x780
[   52.914322][    C0]  ? find_held_lock+0x2d/0x110
[   52.919072][    C0]  ? ath9k_htc_txstatus+0x4c0/0x4c0
[   52.924251][    C0]  _raw_spin_lock_irqsave+0x39/0x50
[   52.929473][    C0]  ? skb_queue_tail+0x21/0x140
[   52.934238][    C0]  skb_queue_tail+0x21/0x140
[   52.938824][    C0]  ath9k_htc_txep+0x287/0x400
[   52.943489][    C0]  ath9k_htc_txcompletion_cb+0x1cd/0x2e0
[   52.949108][    C0]  hif_usb_regout_cb+0x115/0x1c0
[   52.954031][    C0]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   52.959391][    C0]  usb_hcd_giveback_urb+0x367/0x410
[   52.964582][    C0]  dummy_timer+0x11f9/0x32b0
[   52.969165][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   52.975139][    C0]  ? dummy_dequeue+0x500/0x500
[   52.979895][    C0]  ? dummy_dequeue+0x500/0x500
[   52.984639][    C0]  call_timer_fn+0x1a5/0x6b0
[   52.989210][    C0]  ? timer_fixup_activate+0x350/0x350
[   52.994562][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.999740][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[   53.004917][    C0]  ? dummy_dequeue+0x500/0x500
[   53.009662][    C0]  __run_timers.part.0+0x679/0xa80
[   53.014758][    C0]  ? call_timer_fn+0x6b0/0x6b0
[   53.019512][    C0]  ? __wake_up_locked_sync_key+0x20/0x20
[   53.025136][    C0]  run_timer_softirq+0xb3/0x1d0
[   53.029982][    C0]  __do_softirq+0x29b/0x9c2
[   53.034483][    C0]  __irq_exit_rcu+0x123/0x180
[   53.039156][    C0]  irq_exit_rcu+0x5/0x20
[   53.043474][    C0]  sysvec_apic_timer_interrupt+0x93/0xc0
[   53.049092][    C0]  </IRQ>
[   53.052018][    C0]  <TASK>
[   53.054943][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[   53.061089][    C0] RIP: 0010:lock_acquire+0x1ef/0x570
[   53.066386][    C0] Code: d7 a3 7e 83 f8 01 0f 85 e8 02 00 00 9c 58 f6 c4 02 0f 85 fb 02 00 00 48 83 7c 24 08 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24
[   53.085978][    C0] RSP: 0018:ffffc90000107658 EFLAGS: 00000206
[   53.092029][    C0] RAX: dffffc0000000000 RBX: 1ffff92000020ecd RCX: 0000000000000001
[   53.099984][    C0] RDX: 1ffff11027fdb8ae RSI: 0000000000000001 RDI: 0000000000000000
[   53.107935][    C0] RBP: 0000000000000001 R08: 00000000000ba948 R09: 0000000000000001
[   53.115885][    C0] R10: fffffbfff2102ea1 R11: 0000000000000000 R12: 0000000000000000
[   53.123847][    C0] R13: 0000000000000000 R14: ffffffff8bd92038 R15: 0000000000000000
[   53.131809][    C0]  ? lock_release+0x780/0x780
[   53.136474][    C0]  __mutex_lock+0x12f/0x1350
[   53.141047][    C0]  ? synchronize_rcu_expedited+0x24a/0x670
[   53.146842][    C0]  ? synchronize_rcu_expedited+0x24a/0x670
[   53.152629][    C0]  ? mutex_lock_io_nested+0x1190/0x1190
[   53.158162][    C0]  ? synchronize_rcu_expedited+0x215/0x670
[   53.163947][    C0]  ? lock_downgrade+0x6e0/0x6e0
[   53.168778][    C0]  ? do_raw_spin_lock+0x120/0x2a0
[   53.173782][    C0]  ? rwlock_bug.part.0+0x90/0x90
[   53.178710][    C0]  synchronize_rcu_expedited+0x24a/0x670
[   53.184325][    C0]  ? wait_rcu_exp_gp+0x40/0x40
[   53.189158][    C0]  ? lockdep_unlock+0x11b/0x290
[   53.193996][    C0]  ? __lock_acquire+0x257d/0x5660
[   53.199017][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   53.204981][    C0]  synchronize_rcu+0x2c3/0x370
[   53.209727][    C0]  ? synchronize_rcu_expedited+0x670/0x670
[   53.215518][    C0]  ? dev_remove_pack+0x12/0x60
[   53.220264][    C0]  ? lock_downgrade+0x6e0/0x6e0
[   53.225094][    C0]  dev_remove_pack+0x57/0x60
[   53.229664][    C0]  tipc_detach_loopback+0x141/0x350
[   53.234849][    C0]  tipc_exit_net+0x10e/0x560
[   53.239431][    C0]  ? tipc_init_net+0x660/0x660
[   53.244177][    C0]  ops_exit_list+0xb0/0x170
[   53.248669][    C0]  cleanup_net+0x4ea/0xb00
[   53.253068][    C0]  ? lockdep_hardirqs_on+0x79/0x100
[   53.258247][    C0]  ? unregister_pernet_device+0x70/0x70
[   53.263777][    C0]  process_one_work+0x996/0x1610
[   53.268712][    C0]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   53.274068][    C0]  ? rwlock_bug.part.0+0x90/0x90
[   53.278986][    C0]  ? _raw_spin_lock_irq+0x41/0x50
[   53.283998][    C0]  worker_thread+0x665/0x1080
[   53.288663][    C0]  ? process_one_work+0x1610/0x1610
[   53.293859][    C0]  kthread+0x2e9/0x3a0
[   53.297911][    C0]  ? kthread_complete_and_exit+0x40/0x40
[   53.303523][    C0]  ret_from_fork+0x1f/0x30
[   53.307927][    C0]  </TASK>
[   53.310948][    C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[   53.322642][    C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   53.331029][    C0] CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0
[   53.340724][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   53.350780][    C0] Workqueue: netns cleanup_net
[   53.355528][    C0] RIP: 0010:skb_queue_tail+0x9e/0x140
[   53.360885][    C0] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 80 00 00 00 4c 89 e2 4c 89 65 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 48 89 6b 08 <80> 3c 02 00 75 4f 48 8d 7b 10 49 89 2c 24 48 b8 00 00 00 00 00 fc
[   53.380473][    C0] RSP: 0018:ffffc900000079d8 EFLAGS: 00010046
[   53.386533][    C0] RAX: dffffc0000000000 RBX: ffff88801cc0b830 RCX: ffffffff815f1670
[   53.394484][    C0] RDX: 0000000000000000 RSI: 0000000000000046 RDI: ffff88801d19c288
[   53.402452][    C0] RBP: ffff88801d19c280 R08: 0000000000000001 R09: 0000000000000003
[   53.410406][    C0] R10: fffff52000000f29 R11: 3e4b5341542f3c20 R12: 0000000000000000
[   53.418370][    C0] R13: ffff88801cc0b848 R14: 00000000ffff9edf R15: ffffffff853a84c0
[   53.426321][    C0] FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   53.435234][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.441804][    C0] CR2: 00007f0b40b0a2e8 CR3: 00000000253f4000 CR4: 00000000003506f0
[   53.449758][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   53.457726][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   53.465765][    C0] Call Trace:
[   53.469028][    C0]  <IRQ>
[   53.471854][    C0]  ath9k_htc_txep+0x287/0x400
[   53.476517][    C0]  ath9k_htc_txcompletion_cb+0x1cd/0x2e0
[   53.482133][    C0]  hif_usb_regout_cb+0x115/0x1c0
[   53.487051][    C0]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   53.492404][    C0]  usb_hcd_giveback_urb+0x367/0x410
[   53.497583][    C0]  dummy_timer+0x11f9/0x32b0
[   53.502155][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   53.508121][    C0]  ? dummy_dequeue+0x500/0x500
[   53.512867][    C0]  ? dummy_dequeue+0x500/0x500
[   53.517879][    C0]  call_timer_fn+0x1a5/0x6b0
[   53.522452][    C0]  ? timer_fixup_activate+0x350/0x350
[   53.527820][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[   53.533000][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[   53.538178][    C0]  ? dummy_dequeue+0x500/0x500
[   53.542924][    C0]  __run_timers.part.0+0x679/0xa80
[   53.548022][    C0]  ? call_timer_fn+0x6b0/0x6b0
[   53.552778][    C0]  ? __wake_up_locked_sync_key+0x20/0x20
[   53.558395][    C0]  run_timer_softirq+0xb3/0x1d0
[   53.563228][    C0]  __do_softirq+0x29b/0x9c2
[   53.567716][    C0]  __irq_exit_rcu+0x123/0x180
[   53.572373][    C0]  irq_exit_rcu+0x5/0x20
[   53.576602][    C0]  sysvec_apic_timer_interrupt+0x93/0xc0
[   53.582236][    C0]  </IRQ>
[   53.585150][    C0]  <TASK>
[   53.588061][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[   53.594025][    C0] RIP: 0010:lock_acquire+0x1ef/0x570
[   53.599293][    C0] Code: d7 a3 7e 83 f8 01 0f 85 e8 02 00 00 9c 58 f6 c4 02 0f 85 fb 02 00 00 48 83 7c 24 08 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24
[   53.618879][    C0] RSP: 0018:ffffc90000107658 EFLAGS: 00000206
[   53.624925][    C0] RAX: dffffc0000000000 RBX: 1ffff92000020ecd RCX: 0000000000000001
[   53.632876][    C0] RDX: 1ffff11027fdb8ae RSI: 0000000000000001 RDI: 0000000000000000
[   53.640838][    C0] RBP: 0000000000000001 R08: 00000000000ba948 R09: 0000000000000001
[   53.648802][    C0] R10: fffffbfff2102ea1 R11: 0000000000000000 R12: 0000000000000000
[   53.656843][    C0] R13: 0000000000000000 R14: ffffffff8bd92038 R15: 0000000000000000
[   53.664803][    C0]  ? lock_release+0x780/0x780
[   53.669556][    C0]  __mutex_lock+0x12f/0x1350
[   53.674130][    C0]  ? synchronize_rcu_expedited+0x24a/0x670
[   53.679922][    C0]  ? synchronize_rcu_expedited+0x24a/0x670
[   53.685715][    C0]  ? mutex_lock_io_nested+0x1190/0x1190
[   53.691245][    C0]  ? synchronize_rcu_expedited+0x215/0x670
[   53.697033][    C0]  ? lock_downgrade+0x6e0/0x6e0
[   53.701869][    C0]  ? do_raw_spin_lock+0x120/0x2a0
[   53.706872][    C0]  ? rwlock_bug.part.0+0x90/0x90
[   53.711792][    C0]  synchronize_rcu_expedited+0x24a/0x670
[   53.717406][    C0]  ? wait_rcu_exp_gp+0x40/0x40
[   53.722152][    C0]  ? lockdep_unlock+0x11b/0x290
[   53.726984][    C0]  ? __lock_acquire+0x257d/0x5660
[   53.732009][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   53.737982][    C0]  synchronize_rcu+0x2c3/0x370
[   53.742731][    C0]  ? synchronize_rcu_expedited+0x670/0x670
[   53.748520][    C0]  ? dev_remove_pack+0x12/0x60
[   53.753267][    C0]  ? lock_downgrade+0x6e0/0x6e0
[   53.758100][    C0]  dev_remove_pack+0x57/0x60
[   53.762678][    C0]  tipc_detach_loopback+0x141/0x350
[   53.767859][    C0]  tipc_exit_net+0x10e/0x560
[   53.772441][    C0]  ? tipc_init_net+0x660/0x660
[   53.777197][    C0]  ops_exit_list+0xb0/0x170
[   53.781700][    C0]  cleanup_net+0x4ea/0xb00
[   53.786111][    C0]  ? lockdep_hardirqs_on+0x79/0x100
[   53.791323][    C0]  ? unregister_pernet_device+0x70/0x70
[   53.796873][    C0]  process_one_work+0x996/0x1610
[   53.801803][    C0]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[   53.807213][    C0]  ? rwlock_bug.part.0+0x90/0x90
[   53.812154][    C0]  ? _raw_spin_lock_irq+0x41/0x50
[   53.817164][    C0]  worker_thread+0x665/0x1080
[   53.821829][    C0]  ? process_one_work+0x1610/0x1610
[   53.827013][    C0]  kthread+0x2e9/0x3a0
[   53.831066][    C0]  ? kthread_complete_and_exit+0x40/0x40
[   53.836703][    C0]  ret_from_fork+0x1f/0x30
[   53.841116][    C0]  </TASK>
[   53.844121][    C0] Modules linked in:
[   53.847999][    C0] ---[ end trace 0000000000000000 ]---
[   53.853429][    C0] RIP: 0010:skb_queue_tail+0x9e/0x140
[   53.858788][    C0] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 80 00 00 00 4c 89 e2 4c 89 65 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 48 89 6b 08 <80> 3c 02 00 75 4f 48 8d 7b 10 49 89 2c 24 48 b8 00 00 00 00 00 fc
[   53.878376][    C0] RSP: 0018:ffffc900000079d8 EFLAGS: 00010046
[   53.884421][    C0] RAX: dffffc0000000000 RBX: ffff88801cc0b830 RCX: ffffffff815f1670
[   53.892372][    C0] RDX: 0000000000000000 RSI: 0000000000000046 RDI: ffff88801d19c288
[   53.900333][    C0] RBP: ffff88801d19c280 R08: 0000000000000001 R09: 0000000000000003
[   53.908300][    C0] R10: fffff52000000f29 R11: 3e4b5341542f3c20 R12: 0000000000000000
[   53.916273][    C0] R13: ffff88801cc0b848 R14: 00000000ffff9edf R15: ffffffff853a84c0
[   53.924225][    C0] FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   53.933137][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.939703][    C0] CR2: 00007f0b40b0a2e8 CR3: 00000000253f4000 CR4: 00000000003506f0
[   53.947663][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   53.955614][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   53.963575][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[   53.970942][    C0] Kernel Offset: disabled
[   53.975258][    C0] Rebooting in 86400 seconds..