Warning: Permanently added '10.128.1.218' (ED25519) to the list of known hosts. 2025/12/01 12:33:24 parsed 1 programs [ 108.406569][ T30] audit: type=1400 audit(1764592406.595:115): avc: denied { unlink } for pid=6124 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 109.726126][ T6124] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 111.432552][ T5135] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 111.441630][ T5135] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 111.449143][ T5135] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 111.457544][ T5135] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 111.465826][ T5135] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 111.525199][ T30] audit: type=1400 audit(1764592409.715:116): avc: denied { mount } for pid=6134 comm="syz-executor" name="/" dev="gadgetfs" ino=7661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 112.272758][ T6153] chnl_net:caif_netlink_parms(): no params data found [ 112.339698][ T6153] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.346958][ T6153] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.354700][ T6153] bridge_slave_0: entered allmulticast mode [ 112.361492][ T6153] bridge_slave_0: entered promiscuous mode [ 112.372129][ T6153] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.379550][ T6153] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.386730][ T6153] bridge_slave_1: entered allmulticast mode [ 112.393597][ T6153] bridge_slave_1: entered promiscuous mode [ 112.419399][ T6153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.431363][ T6153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.461084][ T6153] team0: Port device team_slave_0 added [ 112.468774][ T6153] team0: Port device team_slave_1 added [ 112.489682][ T6153] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.496969][ T6153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 112.522894][ T6153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.534826][ T6153] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.541766][ T6153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 112.568769][ T6153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.601833][ T6153] hsr_slave_0: entered promiscuous mode [ 112.607978][ T6153] hsr_slave_1: entered promiscuous mode [ 113.010845][ T6153] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 113.021896][ T6153] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 113.033336][ T6153] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 113.044060][ T6153] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 113.076177][ T6153] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.083411][ T6153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.091493][ T6153] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.098678][ T6153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.159663][ T6153] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.178090][ T3573] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.186353][ T3573] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.209784][ T6153] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.228300][ T3573] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.235456][ T3573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.258457][ T3573] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.265615][ T3573] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.311865][ T6153] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 113.493886][ T6153] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 113.538344][ T6153] veth0_vlan: entered promiscuous mode [ 113.550317][ T6153] veth1_vlan: entered promiscuous mode [ 113.582311][ T6153] veth0_macvtap: entered promiscuous mode [ 113.593045][ T6153] veth1_macvtap: entered promiscuous mode [ 113.616150][ T6153] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 113.627925][ T6153] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 113.649741][ T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.672824][ T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.682057][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.694562][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.834774][ T37] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.901870][ T37] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.962165][ T37] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.076822][ T37] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.693484][ T30] audit: type=1401 audit(1764592413.875:117): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 116.017385][ T37] bridge_slave_1: left allmulticast mode [ 116.023057][ T37] bridge_slave_1: left promiscuous mode [ 116.030466][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.040202][ T37] bridge_slave_0: left allmulticast mode [ 116.045939][ T37] bridge_slave_0: left promiscuous mode [ 116.051681][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.330579][ T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 116.343750][ T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 116.354653][ T37] bond0 (unregistering): Released all slaves [ 116.470727][ T37] hsr_slave_0: left promiscuous mode [ 116.477704][ T37] hsr_slave_1: left promiscuous mode [ 116.486183][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.493575][ T37] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 116.501822][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 116.509530][ T37] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 116.525371][ T37] veth1_macvtap: left promiscuous mode [ 116.530918][ T37] veth0_macvtap: left promiscuous mode [ 116.536895][ T37] veth1_vlan: left promiscuous mode [ 116.542200][ T37] veth0_vlan: left promiscuous mode [ 116.932158][ T37] team0 (unregistering): Port device team_slave_1 removed [ 116.966943][ T37] team0 (unregistering): Port device team_slave_0 removed [ 117.218414][ T3573] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.226991][ T3573] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.268824][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.286250][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/12/01 12:33:36 executed programs: 0 [ 118.496975][ T5135] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 118.508848][ T5135] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 118.522027][ T5135] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 118.534708][ T5135] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 118.542903][ T5135] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 118.862556][ T6382] chnl_net:caif_netlink_parms(): no params data found [ 119.029065][ T6382] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.039660][ T6382] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.048554][ T6382] bridge_slave_0: entered allmulticast mode [ 119.056667][ T6382] bridge_slave_0: entered promiscuous mode [ 119.067145][ T6382] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.076340][ T6382] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.083520][ T6382] bridge_slave_1: entered allmulticast mode [ 119.091479][ T6382] bridge_slave_1: entered promiscuous mode [ 119.171892][ T6382] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 119.196143][ T6382] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 119.247648][ T6382] team0: Port device team_slave_0 added [ 119.256062][ T6382] team0: Port device team_slave_1 added [ 119.293751][ T6382] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 119.301005][ T6382] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 119.327253][ T6382] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 119.345323][ T6382] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 119.352270][ T6382] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 119.378202][ T6382] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 119.422902][ T6382] hsr_slave_0: entered promiscuous mode [ 119.429210][ T6382] hsr_slave_1: entered promiscuous mode [ 119.848949][ T6382] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 119.860414][ T6382] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 119.872224][ T6382] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 119.885667][ T6382] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 119.983238][ T6382] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.007869][ T6382] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.020623][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.027822][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.055132][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.062285][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.267925][ T6382] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.318092][ T6382] veth0_vlan: entered promiscuous mode [ 120.332624][ T6382] veth1_vlan: entered promiscuous mode [ 120.365897][ T6382] veth0_macvtap: entered promiscuous mode [ 120.377047][ T6382] veth1_macvtap: entered promiscuous mode [ 120.398723][ T6382] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.415917][ T6382] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.431893][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.449074][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.469541][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.484678][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.540555][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.557598][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.590983][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.601809][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.614909][ T5135] Bluetooth: hci0: command tx timeout [ 120.657458][ T30] audit: type=1400 audit(1764592418.845:118): avc: denied { read write } for pid=6462 comm="syz.0.16" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 120.680910][ T30] audit: type=1400 audit(1764592418.845:119): avc: denied { open } for pid=6462 comm="syz.0.16" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 120.705462][ T30] audit: type=1400 audit(1764592418.845:120): avc: denied { ioctl } for pid=6462 comm="syz.0.16" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 120.914671][ T6459] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 121.076689][ T6459] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.087804][ T6459] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 121.097315][ T6459] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.109566][ T6459] usb 1-1: config 0 descriptor?? [ 121.523439][ T6459] keytouch 0003:0926:3333.0001: fixing up Keytouch IEC report descriptor [ 121.535643][ T6459] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0001/input/input5 [ 121.617506][ T30] audit: type=1400 audit(1764592419.805:121): avc: denied { read } for pid=5169 comm="acpid" name="event4" dev="devtmpfs" ino=2791 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 121.623235][ T6459] keytouch 0003:0926:3333.0001: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 121.663391][ T30] audit: type=1400 audit(1764592419.805:122): avc: denied { open } for pid=5169 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2791 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 121.689089][ T30] audit: type=1400 audit(1764592419.805:123): avc: denied { ioctl } for pid=5169 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2791 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 121.734867][ T6459] [ 121.734876][ T6459] ====================================================== [ 121.734881][ T6459] WARNING: possible circular locking dependency detected [ 121.734896][ T6459] syzkaller #0 Not tainted [ 121.734905][ T6459] ------------------------------------------------------ [ 121.734911][ T6459] kworker/1:4/6459 is trying to acquire lock: [ 121.734919][ T6459] ffff8880297d12e8 (&tty->termios_rwsem){++++}-{4:4}, at: n_tty_flush_buffer+0x25/0x1b0 [ 121.734970][ T6459] [ 121.734970][ T6459] but task is already holding lock: [ 121.734975][ T6459] ffff88813ff390b8 (&buf->lock){+.+.}-{4:4}, at: tty_buffer_flush+0x72/0x310 [ 121.735020][ T6459] [ 121.735020][ T6459] which lock already depends on the new lock. [ 121.735020][ T6459] [ 121.735026][ T6459] [ 121.735026][ T6459] the existing dependency chain (in reverse order) is: [ 121.735032][ T6459] [ 121.735032][ T6459] -> #3 (&buf->lock){+.+.}-{4:4}: [ 121.735055][ T6459] __mutex_lock+0x193/0x1060 [ 121.735075][ T6459] tty_buffer_flush+0x72/0x310 [ 121.735096][ T6459] tty_ldisc_flush+0x64/0xe0 [ 121.735115][ T6459] __do_SAK+0x713/0x880 [ 121.735138][ T6459] vc_SAK+0x7f/0x320 [ 121.735156][ T6459] process_one_work+0x9cf/0x1b70 [ 121.735176][ T6459] worker_thread+0x6c8/0xf10 [ 121.735193][ T6459] kthread+0x3c5/0x780 [ 121.735208][ T6459] ret_from_fork+0x675/0x7d0 [ 121.735225][ T6459] ret_from_fork_asm+0x1a/0x30 [ 121.735248][ T6459] [ 121.735248][ T6459] -> #2 (console_lock){+.+.}-{0:0}: [ 121.735274][ T6459] console_lock+0x7a/0xa0 [ 121.735297][ T6459] serial_core_register_port+0xec4/0x25d0 [ 121.735325][ T6459] serial8250_register_8250_port+0x15a3/0x23e0 [ 121.735346][ T6459] serial_pnp_probe+0x431/0x910 [ 121.735366][ T6459] pnp_device_probe+0x2a8/0x4d0 [ 121.735383][ T6459] really_probe+0x241/0xa90 [ 121.735400][ T6459] __driver_probe_device+0x1de/0x440 [ 121.735417][ T6459] driver_probe_device+0x4c/0x1b0 [ 121.735434][ T6459] __driver_attach+0x283/0x580 [ 121.735451][ T6459] bus_for_each_dev+0x13e/0x1d0 [ 121.735474][ T6459] bus_add_driver+0x2e9/0x690 [ 121.735498][ T6459] driver_register+0x15c/0x4b0 [ 121.735515][ T6459] serial8250_init+0xc9/0x1e0 [ 121.735530][ T6459] do_one_initcall+0x123/0x6e0 [ 121.735549][ T6459] kernel_init_freeable+0x5c8/0x920 [ 121.735574][ T6459] kernel_init+0x1c/0x2b0 [ 121.735594][ T6459] ret_from_fork+0x675/0x7d0 [ 121.735607][ T6459] ret_from_fork_asm+0x1a/0x30 [ 121.735626][ T6459] [ 121.735626][ T6459] -> #1 (&port->mutex){+.+.}-{4:4}: [ 121.735647][ T6459] __mutex_lock+0x193/0x1060 [ 121.735663][ T6459] uart_set_termios+0x8e/0x6b0 [ 121.735686][ T6459] tty_set_termios+0x64b/0x980 [ 121.735704][ T6459] set_termios+0x5c6/0x880 [ 121.735723][ T6459] tty_mode_ioctl+0x57e/0xd30 [ 121.735742][ T6459] n_tty_ioctl_helper+0x4b/0x2b0 [ 121.735762][ T6459] n_tty_ioctl+0x7f/0x370 [ 121.735777][ T6459] tty_ioctl+0x700/0x1680 [ 121.735799][ T6459] __x64_sys_ioctl+0x18e/0x210 [ 121.735822][ T6459] do_syscall_64+0xcd/0xfa0 [ 121.735838][ T6459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.735855][ T6459] [ 121.735855][ T6459] -> #0 (&tty->termios_rwsem){++++}-{4:4}: [ 121.735879][ T6459] __lock_acquire+0x126f/0x1c90 [ 121.735895][ T6459] lock_acquire+0x179/0x350 [ 121.735910][ T6459] down_write+0x92/0x200 [ 121.735927][ T6459] n_tty_flush_buffer+0x25/0x1b0 [ 121.735943][ T6459] tty_buffer_flush+0x239/0x310 [ 121.735965][ T6459] tty_ldisc_flush+0x64/0xe0 [ 121.735985][ T6459] __do_SAK+0x713/0x880 [ 121.736008][ T6459] vc_SAK+0x7f/0x320 [ 121.736025][ T6459] process_one_work+0x9cf/0x1b70 [ 121.736044][ T6459] worker_thread+0x6c8/0xf10 [ 121.736061][ T6459] kthread+0x3c5/0x780 [ 121.736077][ T6459] ret_from_fork+0x675/0x7d0 [ 121.736092][ T6459] ret_from_fork_asm+0x1a/0x30 [ 121.736114][ T6459] [ 121.736114][ T6459] other info that might help us debug this: [ 121.736114][ T6459] [ 121.736120][ T6459] Chain exists of: [ 121.736120][ T6459] &tty->termios_rwsem --> console_lock --> &buf->lock [ 121.736120][ T6459] [ 121.736148][ T6459] Possible unsafe locking scenario: [ 121.736148][ T6459] [ 121.736153][ T6459] CPU0 CPU1 [ 121.736158][ T6459] ---- ---- [ 121.736162][ T6459] lock(&buf->lock); [ 121.736174][ T6459] lock(console_lock); [ 121.736187][ T6459] lock(&buf->lock); [ 121.736201][ T6459] lock(&tty->termios_rwsem); [ 121.736214][ T6459] [ 121.736214][ T6459] *** DEADLOCK *** [ 121.736214][ T6459] [ 121.736218][ T6459] 5 locks held by kworker/1:4/6459: [ 121.736229][ T6459] #0: ffff88813ff11948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 121.736277][ T6459] #1: ffffc900030b7d00 ((work_completion)(&vc_cons[currcons].SAK_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 121.736329][ T6459] #2: ffffffff8e3b1de0 (console_lock){+.+.}-{0:0}, at: vc_SAK+0x13/0x320 [ 121.736371][ T6459] #3: ffff8880297d10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_flush+0x1c/0xe0 [ 121.736418][ T6459] #4: ffff88813ff390b8 (&buf->lock){+.+.}-{4:4}, at: tty_buffer_flush+0x72/0x310 [ 121.736467][ T6459] [ 121.736467][ T6459] stack backtrace: [ 121.736482][ T6459] CPU: 1 UID: 0 PID: 6459 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT(full) [ 121.736504][ T6459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 121.736516][ T6459] Workqueue: events vc_SAK [ 121.736537][ T6459] Call Trace: [ 121.736543][ T6459] [ 121.736550][ T6459] dump_stack_lvl+0x116/0x1f0 [ 121.736572][ T6459] print_circular_bug+0x275/0x350 [ 121.736600][ T6459] check_noncircular+0x14c/0x170 [ 121.736630][ T6459] __lock_acquire+0x126f/0x1c90 [ 121.736651][ T6459] lock_acquire+0x179/0x350 [ 121.736667][ T6459] ? n_tty_flush_buffer+0x25/0x1b0 [ 121.736686][ T6459] ? __pfx___might_resched+0x10/0x10 [ 121.736712][ T6459] down_write+0x92/0x200 [ 121.736731][ T6459] ? n_tty_flush_buffer+0x25/0x1b0 [ 121.736749][ T6459] ? __pfx_down_write+0x10/0x10 [ 121.736769][ T6459] ? __pfx_tty_buffer_free+0x10/0x10 [ 121.736793][ T6459] ? __pfx_n_tty_flush_buffer+0x10/0x10 [ 121.736812][ T6459] n_tty_flush_buffer+0x25/0x1b0 [ 121.736830][ T6459] ? __pfx_n_tty_flush_buffer+0x10/0x10 [ 121.736849][ T6459] tty_buffer_flush+0x239/0x310 [ 121.736875][ T6459] tty_ldisc_flush+0x64/0xe0 [ 121.736897][ T6459] __do_SAK+0x713/0x880 [ 121.736921][ T6459] ? mark_held_locks+0x49/0x80 [ 121.736939][ T6459] vc_SAK+0x7f/0x320 [ 121.736957][ T6459] process_one_work+0x9cf/0x1b70 [ 121.736978][ T6459] ? __pfx_console_callback+0x10/0x10 [ 121.737005][ T6459] ? __pfx_process_one_work+0x10/0x10 [ 121.737027][ T6459] ? assign_work+0x1a0/0x250 [ 121.737045][ T6459] worker_thread+0x6c8/0xf10 [ 121.737067][ T6459] ? __kthread_parkme+0x19e/0x250 [ 121.737092][ T6459] ? __pfx_worker_thread+0x10/0x10 [ 121.737110][ T6459] kthread+0x3c5/0x780 [ 121.737127][ T6459] ? __pfx_kthread+0x10/0x10 [ 121.737145][ T6459] ? rcu_is_watching+0x12/0xc0 [ 121.737167][ T6459] ? __pfx_kthread+0x10/0x10 [ 121.737185][ T6459] ret_from_fork+0x675/0x7d0 [ 121.737201][ T6459] ? __pfx_kthread+0x10/0x10 [ 121.737219][ T6459] ret_from_fork_asm+0x1a/0x30 [ 121.737249][ T6459] [ 121.738545][ T6459] tty tty1: SAK: killed process 6462 (syz.0.16): by fd#3 [ 121.738598][ T6459] tty tty1: SAK: killed process 6463 (syz.0.16): by fd#3 [ 121.742249][ T979] usb 1-1: USB disconnect, device number 2 [ 122.694856][ T5135] Bluetooth: hci0: command tx timeout [ 122.794248][ T979] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 122.945217][ T979] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.956124][ T979] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 122.965443][ T979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.974386][ T979] usb 1-1: config 0 descriptor?? [ 123.381776][ T979] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor [ 123.391556][ T979] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0002/input/input6 [ 123.472630][ T979] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 123.586862][ T10] tty tty1: SAK: killed process 6465 (syz.0.17): by fd#3 [ 123.587003][ T10] tty tty1: SAK: killed process 6466 (syz.0.17): by fd#3 [ 123.596709][ T6459] usb 1-1: USB disconnect, device number 3 2025/12/01 12:33:41 executed programs: 4 [ 123.924420][ T6459] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 124.075288][ T6459] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.086194][ T6459] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 124.095215][ T6459] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.104518][ T6459] usb 1-1: config 0 descriptor?? [ 124.511546][ T6459] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor [ 124.521290][ T6459] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0003/input/input7 [ 124.601872][ T6459] keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 124.720419][ T6459] tty tty1: SAK: killed process 6469 (syz.0.18): by fd#3 [ 124.720622][ T6459] tty tty1: SAK: killed process 6470 (syz.0.18): by fd#3 [ 124.729024][ T10] usb 1-1: USB disconnect, device number 4 [ 124.777306][ T5135] Bluetooth: hci0: command tx timeout [ 125.044302][ T10] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 125.195333][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.206268][ T10] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 125.215288][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.224061][ T10] usb 1-1: config 0 descriptor?? [ 125.631743][ T10] keytouch 0003:0926:3333.0004: fixing up Keytouch IEC report descriptor [ 125.641479][ T10] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0004/input/input8 [ 125.710470][ T10] keytouch 0003:0926:3333.0004: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 125.840769][ T10] tty tty1: SAK: killed process 6472 (syz.0.19): by fd#3 [ 125.840811][ T10] tty tty1: SAK: killed process 6473 (syz.0.19): by fd#3 [ 125.851980][ T43] usb 1-1: USB disconnect, device number 5 [ 126.204275][ T43] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 126.355349][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 126.366274][ T43] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 126.375316][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.384027][ T43] usb 1-1: config 0 descriptor?? [ 126.791009][ T43] keytouch 0003:0926:3333.0005: fixing up Keytouch IEC report descriptor [ 126.800753][ T43] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0005/input/input9 [ 126.854207][ T5135] Bluetooth: hci0: command tx timeout [ 126.870684][ T43] keytouch 0003:0926:3333.0005: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 126.996175][ T43] tty tty1: SAK: killed process 6476 (syz.0.20): by fd#3 [ 126.996225][ T43] tty tty1: SAK: killed process 6477 (syz.0.20): by fd#3 [ 127.004868][ T10] usb 1-1: USB disconnect, device number 6 [ 127.334278][ T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 127.485383][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.496302][ T10] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 127.505347][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.514191][ T10] usb 1-1: config 0 descriptor?? [ 127.922230][ T10] keytouch 0003:0926:3333.0006: fixing up Keytouch IEC report descriptor [ 127.932242][ T10] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0006/input/input10 [ 128.000711][ T10] keytouch 0003:0926:3333.0006: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 128.128091][ T10] tty tty1: SAK: killed process 6479 (syz.0.21): by fd#3 [ 128.128135][ T10] tty tty1: SAK: killed process 6480 (syz.0.21): by fd#3 [ 128.145263][ T5833] usb 1-1: USB disconnect, device number 7 [ 128.494280][ T5833] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 128.645341][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.656261][ T5833] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 128.665297][ T5833] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.674012][ T5833] usb 1-1: config 0 descriptor?? [ 129.082072][ T5833] keytouch 0003:0926:3333.0007: fixing up Keytouch IEC report descriptor [ 129.091888][ T5833] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0007/input/input11 [ 129.161624][ T5833] keytouch 0003:0926:3333.0007: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 129.287147][ T5833] tty tty1: SAK: killed process 6482 (syz.0.22): by fd#3 [ 129.287347][ T5833] tty tty1: SAK: killed process 6483 (syz.0.22): by fd#3 [ 129.296106][ T43] usb 1-1: USB disconnect, device number 8 2025/12/01 12:33:47 executed programs: 9 [ 129.654410][ T43] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 129.805362][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.816287][ T43] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 129.825514][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.835460][ T43] usb 1-1: config 0 descriptor?? [ 130.243115][ T43] keytouch 0003:0926:3333.0008: fixing up Keytouch IEC report descriptor [ 130.253230][ T43] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0008/input/input12 [ 130.338677][ T43] keytouch 0003:0926:3333.0008: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 130.447279][ T43] tty tty1: SAK: killed process 6485 (syz.0.23): by fd#3 [ 130.447306][ T43] tty tty1: SAK: killed process 6486 (syz.0.23): by fd#3 [ 130.456809][ T5833] usb 1-1: USB disconnect, device number 9 [ 130.824256][ T5833] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 130.975483][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.986542][ T5833] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 130.995742][ T5833] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.004801][ T5833] usb 1-1: config 0 descriptor?? [ 131.412084][ T5833] keytouch 0003:0926:3333.0009: fixing up Keytouch IEC report descriptor [ 131.421896][ T5833] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0009/input/input13 [ 131.491686][ T5833] keytouch 0003:0926:3333.0009: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 131.617422][ T5833] tty tty1: SAK: killed process 6488 (syz.0.24): by fd#3 [ 131.617617][ T5833] tty tty1: SAK: killed process 6489 (syz.0.24): by fd#3 [ 131.627426][ T43] usb 1-1: USB disconnect, device number 10