Warning: Permanently added '10.128.0.135' (ED25519) to the list of known hosts.
2024/11/27 08:35:03 ignoring optional flag "sandboxArg"="0"
2024/11/27 08:35:04 parsed 1 programs
[   57.682115][ T5839] cgroup: Unknown subsys name 'net'
[   57.816516][ T5839] cgroup: Unknown subsys name 'cpuset'
[   57.824515][ T5839] cgroup: Unknown subsys name 'rlimit'
[   59.082475][ T5839] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   61.272886][ T5855] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   61.991114][ T2985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.004078][ T2985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.027298][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.035228][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.244676][ T5881] chnl_net:caif_netlink_parms(): no params data found
[   62.309221][ T5881] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.316787][ T5881] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.324170][ T5881] bridge_slave_0: entered allmulticast mode
[   62.330805][ T5881] bridge_slave_0: entered promiscuous mode
[   62.339933][ T5881] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.348725][ T5881] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.356069][ T5881] bridge_slave_1: entered allmulticast mode
[   62.363179][ T5881] bridge_slave_1: entered promiscuous mode
[   62.404437][ T5881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.415020][ T5881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.439283][ T5881] team0: Port device team_slave_0 added
[   62.447730][ T5881] team0: Port device team_slave_1 added
[   62.486179][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.493572][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.520270][ T5881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.533624][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.540582][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.566713][ T5881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.610891][ T5881] hsr_slave_0: entered promiscuous mode
[   62.617174][ T5881] hsr_slave_1: entered promiscuous mode
[   62.714904][ T5881] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   62.725729][ T5881] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   62.735556][ T5881] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   62.745610][ T5881] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   62.767135][ T5881] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.774303][ T5881] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.781969][ T5881] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.789115][ T5881] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.830913][ T5881] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.847696][ T2992] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.858133][ T2992] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.870242][ T5881] 8021q: adding VLAN 0 to HW filter on device team0
[   62.884203][ T2985] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.891268][ T2985] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.906705][ T2985] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.913822][ T2985] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.026392][ T5881] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.057531][ T5881] veth0_vlan: entered promiscuous mode
[   63.067596][ T5881] veth1_vlan: entered promiscuous mode
[   63.089113][ T5881] veth0_macvtap: entered promiscuous mode
[   63.097879][ T5881] veth1_macvtap: entered promiscuous mode
[   63.111044][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.126043][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.137047][ T5881] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.146955][ T5881] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.156053][ T5881] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.165434][ T5881] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.303643][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.319643][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.328810][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.336608][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.345766][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.358400][   T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   63.365999][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   63.379104][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.448223][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.571611][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2024/11/27 08:35:13 executed programs: 0
[   64.725916][ T5154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.737063][ T5154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.746254][ T5154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.754723][ T5154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.764702][ T5154] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   64.772038][ T5154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.917271][ T5931] chnl_net:caif_netlink_parms(): no params data found
[   64.958917][ T5931] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.966255][ T5931] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.973604][ T5931] bridge_slave_0: entered allmulticast mode
[   64.980474][ T5931] bridge_slave_0: entered promiscuous mode
[   64.988766][ T5931] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.996030][ T5931] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.003681][ T5931] bridge_slave_1: entered allmulticast mode
[   65.010252][ T5931] bridge_slave_1: entered promiscuous mode
[   65.029999][ T5931] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.041241][ T5931] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.074393][ T5931] team0: Port device team_slave_0 added
[   65.081814][ T5931] team0: Port device team_slave_1 added
[   65.101142][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.108212][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.134392][ T5931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.146628][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.153737][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.179866][ T5931] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.209564][ T5931] hsr_slave_0: entered promiscuous mode
[   65.215978][ T5931] hsr_slave_1: entered promiscuous mode
[   65.222037][ T5931] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   65.230021][ T5931] Cannot create hsr debugfs directory
[   66.446879][   T11] bridge_slave_1: left allmulticast mode
[   66.454096][   T11] bridge_slave_1: left promiscuous mode
[   66.460579][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.477240][   T11] bridge_slave_0: left allmulticast mode
[   66.484156][   T11] bridge_slave_0: left promiscuous mode
[   66.490690][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.800220][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   66.812007][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   66.815283][ T5154] Bluetooth: hci0: command tx timeout
[   66.829173][   T11] bond0 (unregistering): Released all slaves
[   66.919510][   T11] hsr_slave_0: left promiscuous mode
[   66.932022][   T11] hsr_slave_1: left promiscuous mode
[   66.939106][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   66.950464][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[   66.960665][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   66.974364][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[   66.995715][   T11] veth1_macvtap: left promiscuous mode
[   67.001664][   T11] veth0_macvtap: left promiscuous mode
[   67.007643][   T11] veth1_vlan: left promiscuous mode
[   67.015864][   T11] veth0_vlan: left promiscuous mode
[   67.351967][   T11] team0 (unregistering): Port device team_slave_1 removed
[   67.378633][   T11] team0 (unregistering): Port device team_slave_0 removed
[   67.885330][ T5931] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.899279][ T5931] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.910761][ T5931] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.923573][ T5931] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   68.199046][ T5931] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.224192][ T5931] 8021q: adding VLAN 0 to HW filter on device team0
[   68.235827][ T2992] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.242968][ T2992] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.278046][ T2992] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.285197][ T2992] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.589264][ T5931] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.657651][ T5931] veth0_vlan: entered promiscuous mode
[   68.675505][ T5931] veth1_vlan: entered promiscuous mode
[   68.710145][ T5931] veth0_macvtap: entered promiscuous mode
[   68.720132][ T5931] veth1_macvtap: entered promiscuous mode
[   68.739209][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.752310][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.764530][ T5931] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.774353][ T5931] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.784012][ T5931] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.793539][ T5931] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.872829][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.886084][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.893657][ T5154] Bluetooth: hci0: command tx timeout
[   68.919075][ T2992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.927756][ T2992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.314349][   T95] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   69.489696][   T95] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   69.500238][   T95] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   69.523732][   T95] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   69.540801][   T95] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.549132][   T95] usb 1-1: Product: syz
[   69.554729][   T95] usb 1-1: Manufacturer: syz
[   69.559322][   T95] usb 1-1: SerialNumber: syz
[   69.773980][ T6015] 
[   69.776357][ T6015] =====================================================
[   69.783279][ T6015] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[   69.790741][ T6015] 6.12.0-syzkaller-09567-g7eef7e306d3c #0 Not tainted
[   69.797484][ T6015] -----------------------------------------------------
[   69.804400][ T6015] syz.0.15/6015 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[   69.811841][ T6015] ffff88807770f018 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4f0
[   69.820539][ T6015] 
[   69.820539][ T6015] and this task is already holding:
[   69.827885][ T6015] ffff888032183028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xf2/0xad0
[   69.837641][ T6015] which would create a new lock dependency:
[   69.843514][ T6015]  (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3}
[   69.851607][ T6015] 
[   69.851607][ T6015] but this new dependency connects a SOFTIRQ-irq-safe lock:
[   69.861047][ T6015]  (&dev->event_lock#2){..-.}-{3:3}
[   69.861076][ T6015] 
[   69.861076][ T6015] ... which became SOFTIRQ-irq-safe at:
[   69.873966][ T6015]   lock_acquire+0x1ed/0x550
[   69.878549][ T6015]   _raw_spin_lock_irqsave+0xd5/0x120
[   69.883912][ T6015]   input_inject_event+0xc5/0x340
[   69.888927][ T6015]   led_trigger_event+0x138/0x210
[   69.893940][ T6015]   kbd_bh+0x1b5/0x290
[   69.897994][ T6015]   tasklet_action_common+0x426/0x620
[   69.903357][ T6015]   handle_softirqs+0x2c5/0x980
[   69.908199][ T6015]   run_ksoftirqd+0xca/0x130
[   69.912777][ T6015]   smpboot_thread_fn+0x544/0xa30
[   69.917795][ T6015]   kthread+0x2f0/0x390
[   69.921939][ T6015]   ret_from_fork+0x4b/0x80
[   69.926430][ T6015]   ret_from_fork_asm+0x1a/0x30
[   69.931292][ T6015] 
[   69.931292][ T6015] to a SOFTIRQ-irq-unsafe lock:
[   69.938313][ T6015]  (tasklist_lock){.+.+}-{3:3}
[   69.938341][ T6015] 
[   69.938341][ T6015] ... which became SOFTIRQ-irq-unsafe at:
[   69.950948][ T6015] ...
[   69.950956][ T6015]   lock_acquire+0x1ed/0x550
[   69.958104][ T6015]   _raw_read_lock+0x36/0x50
[   69.962682][ T6015]   __do_wait+0x12d/0x850
[   69.966998][ T6015]   do_wait+0x1e9/0x560
[   69.971147][ T6015]   kernel_wait+0xe9/0x240
[   69.975555][ T6015]   call_usermodehelper_exec_work+0xbd/0x230
[   69.981527][ T6015]   process_scheduled_works+0xa63/0x1850
[   69.987151][ T6015]   worker_thread+0x870/0xd30
[   69.991813][ T6015]   kthread+0x2f0/0x390
[   69.995985][ T6015]   ret_from_fork+0x4b/0x80
[   70.000490][ T6015]   ret_from_fork_asm+0x1a/0x30
[   70.005345][ T6015] 
[   70.005345][ T6015] other info that might help us debug this:
[   70.005345][ T6015] 
[   70.015593][ T6015] Chain exists of:
[   70.015593][ T6015]   &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock
[   70.015593][ T6015] 
[   70.029239][ T6015]  Possible interrupt unsafe locking scenario:
[   70.029239][ T6015] 
[   70.037546][ T6015]        CPU0                    CPU1
[   70.042897][ T6015]        ----                    ----
[   70.048251][ T6015]   lock(tasklist_lock);
[   70.052486][ T6015]                                local_irq_disable();
[   70.059247][ T6015]                                lock(&dev->event_lock#2);
[   70.066470][ T6015]                                lock(&client->buffer_lock);
[   70.073841][ T6015]   <Interrupt>
[   70.077285][ T6015]     lock(&dev->event_lock#2);
[   70.082129][ T6015] 
[   70.082129][ T6015]  *** DEADLOCK ***
[   70.082129][ T6015] 
[   70.090259][ T6015] 7 locks held by syz.0.15/6015:
[   70.095181][ T6015]  #0: ffff88802a001118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x25e/0x790
[   70.104312][ T6015]  #1: ffff888020738230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xc5/0x340
[   70.114403][ T6015]  #2: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xd6/0x340
[   70.124073][ T6015]  #3: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8e/0x890
[   70.133665][ T6015]  #4: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x6f/0x300
[   70.142807][ T6015]  #5: ffff888032183028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xf2/0xad0
[   70.153028][ T6015]  #6: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x54/0x4f0
[   70.162079][ T6015] 
[   70.162079][ T6015] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[   70.172469][ T6015]  -> (&dev->event_lock#2){..-.}-{3:3} {
[   70.178297][ T6015]     IN-SOFTIRQ-W at:
[   70.182349][ T6015]                       lock_acquire+0x1ed/0x550
[   70.188664][ T6015]                       _raw_spin_lock_irqsave+0xd5/0x120
[   70.195763][ T6015]                       input_inject_event+0xc5/0x340
[   70.202536][ T6015]                       led_trigger_event+0x138/0x210
[   70.209289][ T6015]                       kbd_bh+0x1b5/0x290
[   70.215107][ T6015]                       tasklet_action_common+0x426/0x620
[   70.222206][ T6015]                       handle_softirqs+0x2c5/0x980
[   70.228787][ T6015]                       run_ksoftirqd+0xca/0x130
[   70.235098][ T6015]                       smpboot_thread_fn+0x544/0xa30
[   70.241850][ T6015]                       kthread+0x2f0/0x390
[   70.247726][ T6015]                       ret_from_fork+0x4b/0x80
[   70.253952][ T6015]                       ret_from_fork_asm+0x1a/0x30
[   70.260527][ T6015]     INITIAL USE at:
[   70.264496][ T6015]                      lock_acquire+0x1ed/0x550
[   70.270724][ T6015]                      _raw_spin_lock_irqsave+0xd5/0x120
[   70.277736][ T6015]                      input_inject_event+0xc5/0x340
[   70.284403][ T6015]                      kbd_led_trigger_activate+0xb8/0x100
[   70.291584][ T6015]                      led_trigger_set+0x582/0x9c0
[   70.298075][ T6015]                      led_trigger_set_default+0x229/0x260
[   70.305255][ T6015]                      led_classdev_register_ext+0x732/0x8e0
[   70.312614][ T6015]                      input_leds_connect+0x489/0x630
[   70.319369][ T6015]                      input_register_device+0xd3b/0x1110
[   70.326468][ T6015]                      atkbd_connect+0x762/0xa20
[   70.332780][ T6015]                      serio_driver_probe+0x7f/0xa0
[   70.339358][ T6015]                      really_probe+0x2b8/0xad0
[   70.345590][ T6015]                      __driver_probe_device+0x1a2/0x390
[   70.352601][ T6015]                      driver_probe_device+0x50/0x430
[   70.359353][ T6015]                      __driver_attach+0x45f/0x710
[   70.365843][ T6015]                      bus_for_each_dev+0x239/0x2b0
[   70.373033][ T6015]                      serio_handle_event+0x1c7/0x920
[   70.379786][ T6015]                      process_scheduled_works+0xa63/0x1850
[   70.387059][ T6015]                      worker_thread+0x870/0xd30
[   70.393381][ T6015]                      kthread+0x2f0/0x390
[   70.399170][ T6015]                      ret_from_fork+0x4b/0x80
[   70.405310][ T6015]                      ret_from_fork_asm+0x1a/0x30
[   70.411802][ T6015]   }
[   70.414381][ T6015]   ... key      at: [<ffffffff9a771300>] input_allocate_device.__key.5+0x0/0x20
[   70.423483][ T6015] -> (&client->buffer_lock){....}-{3:3} {
[   70.429207][ T6015]    INITIAL USE at:
[   70.433088][ T6015]                    lock_acquire+0x1ed/0x550
[   70.439141][ T6015]                    _raw_spin_lock+0x2e/0x40
[   70.445196][ T6015]                    evdev_pass_values+0xf2/0xad0
[   70.451593][ T6015]                    evdev_events+0x1c2/0x300
[   70.457642][ T6015]                    input_pass_values+0x268/0x890
[   70.464133][ T6015]                    input_event_dispose+0x30f/0x600
[   70.470796][ T6015]                    input_handle_event+0xa71/0xbe0
[   70.477375][ T6015]                    input_inject_event+0x22f/0x340
[   70.483954][ T6015]                    evdev_write+0x5fd/0x790
[   70.489933][ T6015]                    vfs_write+0x2a3/0xd30
[   70.495733][ T6015]                    ksys_write+0x18f/0x2b0
[   70.501620][ T6015]                    do_syscall_64+0xf3/0x230
[   70.507676][ T6015]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.515126][ T6015]  }
[   70.517611][ T6015]  ... key      at: [<ffffffff9a7715a0>] evdev_open.__key.24+0x0/0x20
[   70.525843][ T6015]  ... acquired at:
[   70.529629][ T6015]    lock_acquire+0x1ed/0x550
[   70.534291][ T6015]    _raw_spin_lock+0x2e/0x40
[   70.538955][ T6015]    evdev_pass_values+0xf2/0xad0
[   70.543963][ T6015]    evdev_events+0x1c2/0x300
[   70.548628][ T6015]    input_pass_values+0x268/0x890
[   70.553732][ T6015]    input_event_dispose+0x30f/0x600
[   70.559008][ T6015]    input_handle_event+0xa71/0xbe0
[   70.564194][ T6015]    input_inject_event+0x22f/0x340
[   70.569379][ T6015]    evdev_write+0x5fd/0x790
[   70.573953][ T6015]    vfs_write+0x2a3/0xd30
[   70.578363][ T6015]    ksys_write+0x18f/0x2b0
[   70.582857][ T6015]    do_syscall_64+0xf3/0x230
[   70.587523][ T6015]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.593578][ T6015] 
[   70.595890][ T6015] 
[   70.595890][ T6015] the dependencies between the lock to be acquired
[   70.595898][ T6015]  and SOFTIRQ-irq-unsafe lock:
[   70.609385][ T6015]   -> (tasklist_lock){.+.+}-{3:3} {
[   70.614678][ T6015]      HARDIRQ-ON-R at:
[   70.618818][ T6015]                         lock_acquire+0x1ed/0x550
[   70.625306][ T6015]                         _raw_read_lock+0x36/0x50
[   70.631799][ T6015]                         __do_wait+0x12d/0x850
[   70.638028][ T6015]                         do_wait+0x1e9/0x560
[   70.644080][ T6015]                         kernel_wait+0xe9/0x240
[   70.650393][ T6015]                         call_usermodehelper_exec_work+0xbd/0x230
[   70.658296][ T6015]                         process_scheduled_works+0xa63/0x1850
[   70.665832][ T6015]                         worker_thread+0x870/0xd30
[   70.672404][ T6015]                         kthread+0x2f0/0x390
[   70.678557][ T6015]                         ret_from_fork+0x4b/0x80
[   70.684961][ T6015]                         ret_from_fork_asm+0x1a/0x30
[   70.691722][ T6015]      SOFTIRQ-ON-R at:
[   70.695868][ T6015]                         lock_acquire+0x1ed/0x550
[   70.702355][ T6015]                         _raw_read_lock+0x36/0x50
[   70.708843][ T6015]                         __do_wait+0x12d/0x850
[   70.715070][ T6015]                         do_wait+0x1e9/0x560
[   70.721120][ T6015]                         kernel_wait+0xe9/0x240
[   70.727435][ T6015]                         call_usermodehelper_exec_work+0xbd/0x230
[   70.735318][ T6015]                         process_scheduled_works+0xa63/0x1850
[   70.742849][ T6015]                         worker_thread+0x870/0xd30
[   70.749419][ T6015]                         kthread+0x2f0/0x390
[   70.755469][ T6015]                         ret_from_fork+0x4b/0x80
[   70.761872][ T6015]                         ret_from_fork_asm+0x1a/0x30
[   70.768624][ T6015]      INITIAL USE at:
[   70.772681][ T6015]                        lock_acquire+0x1ed/0x550
[   70.779083][ T6015]                        _raw_write_lock_irq+0xd3/0x120
[   70.786007][ T6015]                        copy_process+0x2267/0x3d50
[   70.792586][ T6015]                        kernel_clone+0x223/0x880
[   70.798988][ T6015]                        user_mode_thread+0x132/0x1a0
[   70.805736][ T6015]                        rest_init+0x23/0x300
[   70.811795][ T6015]                        start_kernel+0x47f/0x500
[   70.818201][ T6015]                        x86_64_start_reservations+0x2a/0x30
[   70.825558][ T6015]                        x86_64_start_kernel+0x9f/0xa0
[   70.832396][ T6015]                        common_startup_64+0x13e/0x147
[   70.839239][ T6015]      INITIAL READ USE at:
[   70.843731][ T6015]                             lock_acquire+0x1ed/0x550
[   70.850568][ T6015]                             _raw_read_lock+0x36/0x50
[   70.857405][ T6015]                             __do_wait+0x12d/0x850
[   70.863981][ T6015]                             do_wait+0x1e9/0x560
[   70.870383][ T6015]                             kernel_wait+0xe9/0x240
[   70.877393][ T6015]                             call_usermodehelper_exec_work+0xbd/0x230
[   70.885622][ T6015]                             process_scheduled_works+0xa63/0x1850
[   70.893504][ T6015]                             worker_thread+0x870/0xd30
[   70.900426][ T6015]                             kthread+0x2f0/0x390
[   70.906834][ T6015]                             ret_from_fork+0x4b/0x80
[   70.913685][ T6015]                             ret_from_fork_asm+0x1a/0x30
[   70.920790][ T6015]    }
[   70.923451][ T6015]    ... key      at: [<ffffffff8e60b058>] tasklist_lock+0x18/0x40
[   70.931331][ T6015]    ... acquired at:
[   70.935300][ T6015]    lock_acquire+0x1ed/0x550
[   70.939966][ T6015]    _raw_read_lock+0x36/0x50
[   70.944631][ T6015]    send_sigio+0x108/0x390
[   70.949122][ T6015]    kill_fasync+0x256/0x4f0
[   70.953720][ T6015]    lease_break_callback+0x26/0x30
[   70.958934][ T6015]    __break_lease+0x6d5/0x1820
[   70.963793][ T6015]    vfs_truncate+0x26b/0x3b0
[   70.968466][ T6015]    do_sys_truncate+0xdb/0x190
[   70.973310][ T6015]    do_syscall_64+0xf3/0x230
[   70.977980][ T6015]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.984042][ T6015] 
[   70.986353][ T6015]  -> (&f_owner->lock){....}-{3:3} {
[   70.991647][ T6015]     INITIAL USE at:
[   70.995612][ T6015]                      lock_acquire+0x1ed/0x550
[   71.001842][ T6015]                      _raw_write_lock_irq+0xd3/0x120
[   71.008594][ T6015]                      __f_setown+0x6b/0x380
[   71.014562][ T6015]                      generic_setlease+0xc74/0x1550
[   71.021225][ T6015]                      fcntl_setlease+0x404/0x540
[   71.027635][ T6015]                      do_fcntl+0x6c6/0x1a80
[   71.033601][ T6015]                      __se_sys_fcntl+0xd2/0x1e0
[   71.039916][ T6015]                      do_syscall_64+0xf3/0x230
[   71.046147][ T6015]                      entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.053771][ T6015]     INITIAL READ USE at:
[   71.058173][ T6015]                           lock_acquire+0x1ed/0x550
[   71.064836][ T6015]                           _raw_read_lock_irq+0xda/0x120
[   71.072310][ T6015]                           f_getown+0x55/0x2a0
[   71.078538][ T6015]                           sock_ioctl+0x498/0x8e0
[   71.085044][ T6015]                           __se_sys_ioctl+0xf5/0x170
[   71.091824][ T6015]                           do_syscall_64+0xf3/0x230
[   71.098502][ T6015]                           entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.106585][ T6015]   }
[   71.109157][ T6015]   ... key      at: [<ffffffff9a461fc0>] file_f_owner_allocate.__key+0x0/0x20
[   71.118082][ T6015]   ... acquired at:
[   71.121956][ T6015]    lock_acquire+0x1ed/0x550
[   71.126619][ T6015]    _raw_read_lock_irqsave+0xdd/0x130
[   71.132067][ T6015]    send_sigio+0x37/0x390
[   71.136483][ T6015]    kill_fasync+0x256/0x4f0
[   71.141065][ T6015]    lease_break_callback+0x26/0x30
[   71.146271][ T6015]    __break_lease+0x6d5/0x1820
[   71.151140][ T6015]    vfs_truncate+0x26b/0x3b0
[   71.155825][ T6015]    do_sys_truncate+0xdb/0x190
[   71.160679][ T6015]    do_syscall_64+0xf3/0x230
[   71.165353][ T6015]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.171411][ T6015] 
[   71.173728][ T6015] -> (&new->fa_lock){....}-{3:3} {
[   71.178848][ T6015]    INITIAL READ USE at:
[   71.183164][ T6015]                         lock_acquire+0x1ed/0x550
[   71.189679][ T6015]                         _raw_read_lock_irqsave+0xdd/0x130
[   71.196974][ T6015]                         kill_fasync+0x199/0x4f0
[   71.203385][ T6015]                         lease_break_callback+0x26/0x30
[   71.210399][ T6015]                         __break_lease+0x6d5/0x1820
[   71.217062][ T6015]                         vfs_truncate+0x26b/0x3b0
[   71.223553][ T6015]                         do_sys_truncate+0xdb/0x190
[   71.230218][ T6015]                         do_syscall_64+0xf3/0x230
[   71.236710][ T6015]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.244592][ T6015]  }
[   71.247080][ T6015]  ... key      at: [<ffffffff9a461fe0>] fasync_insert_entry.__key+0x0/0x20
[   71.255748][ T6015]  ... acquired at:
[   71.259536][ T6015]    lock_acquire+0x1ed/0x550
[   71.264204][ T6015]    _raw_read_lock_irqsave+0xdd/0x130
[   71.269688][ T6015]    kill_fasync+0x199/0x4f0
[   71.274280][ T6015]    evdev_pass_values+0x58a/0xad0
[   71.279378][ T6015]    evdev_events+0x1c2/0x300
[   71.284040][ T6015]    input_pass_values+0x268/0x890
[   71.289144][ T6015]    input_event_dispose+0x30f/0x600
[   71.294417][ T6015]    input_handle_event+0xa71/0xbe0
[   71.299601][ T6015]    input_inject_event+0x22f/0x340
[   71.304789][ T6015]    evdev_write+0x5fd/0x790
[   71.309364][ T6015]    vfs_write+0x2a3/0xd30
[   71.313772][ T6015]    ksys_write+0x18f/0x2b0
[   71.318265][ T6015]    do_syscall_64+0xf3/0x230
[   71.322931][ T6015]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.328986][ T6015] 
[   71.331297][ T6015] 
[   71.331297][ T6015] stack backtrace:
[   71.337184][ T6015] CPU: 0 UID: 0 PID: 6015 Comm: syz.0.15 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
[   71.347322][ T6015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   71.357376][ T6015] Call Trace:
[   71.360662][ T6015]  <TASK>
[   71.363581][ T6015]  dump_stack_lvl+0x241/0x360
[   71.368261][ T6015]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.373450][ T6015]  ? __pfx__printk+0x10/0x10
[   71.378029][ T6015]  ? print_shortest_lock_dependencies+0xf2/0x160
[   71.384348][ T6015]  validate_chain+0x4ebd/0x5920
[   71.389194][ T6015]  ? __pfx_validate_chain+0x10/0x10
[   71.394388][ T6015]  ? __pfx_validate_chain+0x10/0x10
[   71.399578][ T6015]  ? register_lock_class+0x102/0x980
[   71.404855][ T6015]  ? __pfx_register_lock_class+0x10/0x10
[   71.410481][ T6015]  ? mark_lock+0x9a/0x360
[   71.414802][ T6015]  __lock_acquire+0x1397/0x2100
[   71.419644][ T6015]  lock_acquire+0x1ed/0x550
[   71.424136][ T6015]  ? kill_fasync+0x199/0x4f0
[   71.428720][ T6015]  ? __pfx_lock_acquire+0x10/0x10
[   71.433735][ T6015]  ? __pfx_lock_acquire+0x10/0x10
[   71.438746][ T6015]  _raw_read_lock_irqsave+0xdd/0x130
[   71.444021][ T6015]  ? kill_fasync+0x199/0x4f0
[   71.448599][ T6015]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[   71.454480][ T6015]  ? do_raw_spin_lock+0x14f/0x370
[   71.459497][ T6015]  kill_fasync+0x199/0x4f0
[   71.463904][ T6015]  ? kill_fasync+0x54/0x4f0
[   71.468397][ T6015]  evdev_pass_values+0x58a/0xad0
[   71.473325][ T6015]  ? evdev_pass_values+0x591/0xad0
[   71.478424][ T6015]  evdev_events+0x1c2/0x300
[   71.482916][ T6015]  ? evdev_events+0x6f/0x300
[   71.487495][ T6015]  input_pass_values+0x268/0x890
[   71.492427][ T6015]  ? input_pass_values+0x8e/0x890
[   71.497450][ T6015]  input_event_dispose+0x30f/0x600
[   71.502551][ T6015]  input_handle_event+0xa71/0xbe0
[   71.507564][ T6015]  ? _raw_spin_lock_irqsave+0xe1/0x120
[   71.513012][ T6015]  ? __pfx_input_handle_event+0x10/0x10
[   71.518552][ T6015]  input_inject_event+0x22f/0x340
[   71.523568][ T6015]  ? input_inject_event+0xd6/0x340
[   71.528692][ T6015]  evdev_write+0x5fd/0x790
[   71.533117][ T6015]  ? __pfx_evdev_write+0x10/0x10
[   71.538056][ T6015]  ? bpf_lsm_file_permission+0x9/0x10
[   71.543431][ T6015]  ? security_file_permission+0x74/0x280
[   71.549081][ T6015]  ? rw_verify_area+0x1c3/0x6f0
[   71.553938][ T6015]  ? __pfx_evdev_write+0x10/0x10
[   71.558868][ T6015]  vfs_write+0x2a3/0xd30
[   71.563111][ T6015]  ? __pfx_vfs_write+0x10/0x10
[   71.567871][ T6015]  ? __fget_files+0x2a/0x410
[   71.572456][ T6015]  ? __fget_files+0x395/0x410
[   71.577124][ T6015]  ? __fget_files+0x2a/0x410
[   71.581709][ T6015]  ksys_write+0x18f/0x2b0
[   71.586037][ T6015]  ? __pfx_ksys_write+0x10/0x10
[   71.590881][ T6015]  ? do_syscall_64+0x100/0x230
[   71.595644][ T6015]  ? do_syscall_64+0xb6/0x230
[   71.600313][ T6015]  do_syscall_64+0xf3/0x230
[   71.604811][ T6015]  ? clear_bhb_loop+0x35/0x90
[   71.609481][ T6015]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.615365][ T6015] RIP: 0033:0x7f773f380809
[   71.619794][ T6015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   71.639387][ T6015] RSP: 002b:00007f77401d2058 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   71.647797][ T6015] RAX: ffffffffffffffda RBX: 00007f773f546080 RCX: 00007f773f380809
[   71.655754][ T6015] RDX: 0000000000001068 RSI: 0000000020000040 RDI: 0000000000000009
[   71.663712][ T6015] RBP: 00007f773f3f393e R08: 0000000000000000 R09: 0000000000000000
[   71.671669][ T6015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   71.679625][ T6015] R13: 0000000000000000 R14: 00007f773f546080 R15: 00007ffc372f3228
[   71.687639][ T6015]  </TASK>
[   71.690741][    C0] vkms_vblank_simulate: vblank timer overrun
[   71.701075][ T5154] Bluetooth: hci0: command tx timeout
[   71.706811][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[   71.713142][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
2024/11/27 08:35:21 executed programs: 3
[   72.744761][   T95] usb 1-1: 0:2 : does not exist
[   72.761719][   T95] usb 1-1: USB disconnect, device number 2
[   73.132739][   T95] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   73.294180][   T95] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   73.304341][   T95] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   73.314851][   T95] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   73.324239][   T95] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.332231][   T95] usb 1-1: Product: syz
[   73.336476][   T95] usb 1-1: Manufacturer: syz
[   73.341062][   T95] usb 1-1: SerialNumber: syz
[   73.782528][ T5154] Bluetooth: hci0: command tx timeout
[   75.768784][   T95] usb 1-1: 0:2 : does not exist
[   75.791317][   T95] usb 1-1: USB disconnect, device number 3
[   76.122526][   T95] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   76.273901][   T95] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   76.284044][   T95] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   76.295236][   T95] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   76.304325][   T95] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.312315][   T95] usb 1-1: Product: syz
[   76.316488][   T95] usb 1-1: Manufacturer: syz
[   76.321264][   T95] usb 1-1: SerialNumber: syz
2024/11/27 08:35:27 executed programs: 5
[   78.793000][   T95] usb 1-1: 0:2 : does not exist
[   78.801166][   T95] usb 1-1: USB disconnect, device number 4
[   79.142540][   T95] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   79.293831][   T95] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   79.304041][   T95] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   79.314502][   T95] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   79.323570][   T95] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.331550][   T95] usb 1-1: Product: syz
[   79.335787][   T95] usb 1-1: Manufacturer: syz
[   79.340467][   T95] usb 1-1: SerialNumber: syz