Warning: Permanently added '10.128.1.27' (ED25519) to the list of known hosts. 2025/01/12 14:35:35 ignoring optional flag "sandboxArg"="0" 2025/01/12 14:35:35 ignoring optional flag "type"="gce" 2025/01/12 14:35:35 parsed 1 programs [ 81.552689][ T1110] cfg80211: failed to load regulatory.db 2025/01/12 14:35:37 executed programs: 0 [ 83.292809][ T4445] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 83.444559][ T4472] chnl_net:caif_netlink_parms(): no params data found [ 83.489860][ T4472] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.497065][ T4472] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.504995][ T4472] device bridge_slave_0 entered promiscuous mode [ 83.514432][ T4472] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.521706][ T4472] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.529563][ T4472] device bridge_slave_1 entered promiscuous mode [ 83.550869][ T4472] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.562083][ T4472] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.586711][ T4472] team0: Port device team_slave_0 added [ 83.594497][ T4472] team0: Port device team_slave_1 added [ 83.613767][ T4472] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.621538][ T4472] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.647623][ T4472] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.659674][ T4472] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.666832][ T4472] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.692778][ T4472] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.724677][ T4472] device hsr_slave_0 entered promiscuous mode [ 83.731981][ T4472] device hsr_slave_1 entered promiscuous mode [ 84.253813][ T4472] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.265561][ T4472] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.276702][ T4472] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.287111][ T4472] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.312607][ T4472] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.319760][ T4472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.327207][ T4472] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.334384][ T4472] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.394600][ T4472] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.411021][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.419859][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.430001][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.440004][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 84.456912][ T4472] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.468918][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 84.479646][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 84.489018][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.496243][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.516686][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 84.527486][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 84.537602][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.544709][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.556817][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 84.568116][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 84.588442][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 84.600404][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.610334][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 84.623034][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.632589][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 84.643034][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.652345][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 84.663025][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.674382][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 84.686844][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.801492][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.810330][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 84.825060][ T4472] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.849941][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 84.859271][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 84.879863][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 84.890261][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 84.900928][ T4472] device veth0_vlan entered promiscuous mode [ 84.910212][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 84.921407][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 84.934067][ T4472] device veth1_vlan entered promiscuous mode [ 84.957935][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 84.968617][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 84.977071][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 84.988147][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 84.999322][ T4472] device veth0_macvtap entered promiscuous mode [ 85.012303][ T4472] device veth1_macvtap entered promiscuous mode [ 85.030478][ T4472] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.039271][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 85.049173][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 85.059607][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 85.068807][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 85.081997][ T4472] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.090967][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 85.100616][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 85.113094][ T4472] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.123165][ T4472] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.134025][ T4472] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.143444][ T4472] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.214565][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.227731][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.253559][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 85.270784][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.280000][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.293455][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 85.347375][ T4555] [ 85.349744][ T4555] ===================================================== [ 85.356681][ T4555] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 85.364149][ T4555] 5.15.176-syzkaller #0 Not tainted [ 85.369357][ T4555] ----------------------------------------------------- [ 85.376295][ T4555] syz-executor.0/4555 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 85.384286][ T4555] ffff8880786b2db8 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x2f/0x330 [ 85.393134][ T4555] [ 85.393134][ T4555] and this task is already holding: [ 85.400513][ T4555] ffff888019d88018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x16a/0x490 [ 85.409254][ T4555] which would create a new lock dependency: [ 85.415151][ T4555] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){....}-{2:2} [ 85.422931][ T4555] [ 85.422931][ T4555] but this new dependency connects a HARDIRQ-irq-safe lock: [ 85.432395][ T4555] (&dev->event_lock#2){-...}-{2:2} [ 85.432437][ T4555] [ 85.432437][ T4555] ... which became HARDIRQ-irq-safe at: [ 85.445524][ T4555] lock_acquire+0x1db/0x4f0 [ 85.450232][ T4555] _raw_spin_lock_irqsave+0xd1/0x120 [ 85.455635][ T4555] input_event+0x8a/0xd0 [ 85.460097][ T4555] psmouse_report_standard_packet+0x50/0x200 [ 85.466177][ T4555] psmouse_process_byte+0x45b/0x640 [ 85.471462][ T4555] psmouse_handle_byte+0x46/0x4b0 [ 85.476566][ T4555] psmouse_interrupt+0x697/0x10a0 [ 85.481669][ T4555] serio_interrupt+0x88/0x130 [ 85.486428][ T4555] i8042_interrupt+0x355/0x750 [ 85.491306][ T4555] __handle_irq_event_percpu+0x292/0xa70 [ 85.497018][ T4555] handle_irq_event+0xff/0x2b0 [ 85.501884][ T4555] handle_edge_irq+0x245/0xbf0 [ 85.506747][ T4555] __common_interrupt+0xd7/0x1f0 [ 85.511767][ T4555] common_interrupt+0xae/0xd0 [ 85.516554][ T4555] asm_common_interrupt+0x22/0x40 [ 85.521660][ T4555] deref_stack_reg+0x76/0x110 [ 85.526633][ T4555] unwind_next_frame+0x12f1/0x1fa0 [ 85.531825][ T4555] arch_stack_walk+0x10d/0x140 [ 85.536668][ T4555] stack_trace_save+0x113/0x1c0 [ 85.541607][ T4555] kasan_set_track+0x4b/0x80 [ 85.546271][ T4555] kasan_set_free_info+0x1f/0x40 [ 85.551286][ T4555] ____kasan_slab_free+0xd8/0x120 [ 85.556386][ T4555] slab_free_freelist_hook+0xdd/0x160 [ 85.561851][ T4555] kmem_cache_free+0x91/0x1f0 [ 85.566614][ T4555] kernel_execve+0x3c5/0x9b0 [ 85.571282][ T4555] call_usermodehelper_exec_async+0x22f/0x370 [ 85.577426][ T4555] ret_from_fork+0x1f/0x30 [ 85.581919][ T4555] [ 85.581919][ T4555] to a HARDIRQ-irq-unsafe lock: [ 85.589027][ T4555] (tasklist_lock){.+.+}-{2:2} [ 85.589050][ T4555] [ 85.589050][ T4555] ... which became HARDIRQ-irq-unsafe at: [ 85.601688][ T4555] ... [ 85.601694][ T4555] lock_acquire+0x1db/0x4f0 [ 85.608849][ T4555] _raw_read_lock+0x32/0x40 [ 85.613439][ T4555] do_wait+0x2a7/0xaf0 [ 85.617588][ T4555] kernel_wait+0xe5/0x230 [ 85.621992][ T4555] call_usermodehelper_exec_work+0xb5/0x220 [ 85.627962][ T4555] process_one_work+0x8a1/0x10c0 [ 85.632986][ T4555] worker_thread+0xaca/0x1280 [ 85.637744][ T4555] kthread+0x3f6/0x4f0 [ 85.641901][ T4555] ret_from_fork+0x1f/0x30 [ 85.646399][ T4555] [ 85.646399][ T4555] other info that might help us debug this: [ 85.646399][ T4555] [ 85.656614][ T4555] Chain exists of: [ 85.656614][ T4555] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 85.656614][ T4555] [ 85.669557][ T4555] Possible interrupt unsafe locking scenario: [ 85.669557][ T4555] [ 85.677862][ T4555] CPU0 CPU1 [ 85.683214][ T4555] ---- ---- [ 85.688673][ T4555] lock(tasklist_lock); [ 85.692909][ T4555] local_irq_disable(); [ 85.699666][ T4555] lock(&dev->event_lock#2); [ 85.706854][ T4555] lock(&new->fa_lock); [ 85.713606][ T4555] [ 85.717062][ T4555] lock(&dev->event_lock#2); [ 85.721905][ T4555] [ 85.721905][ T4555] *** DEADLOCK *** [ 85.721905][ T4555] [ 85.730032][ T4555] 8 locks held by syz-executor.0/4555: [ 85.735479][ T4555] #0: ffff888148975110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x26d/0x7c0 [ 85.744624][ T4555] #1: ffff888025bc8230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xc0/0x300 [ 85.754829][ T4555] #2: ffffffff8cb1fce0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 85.764228][ T4555] #3: ffffffff8cb1fce0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 85.773560][ T4555] #4: ffffffff8cb1fce0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 85.782883][ T4555] #5: ffff888025d9b028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xe7/0xb60 [ 85.793069][ T4555] #6: ffffffff8cb1fce0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 85.802411][ T4555] #7: ffff888019d88018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x16a/0x490 [ 85.811543][ T4555] [ 85.811543][ T4555] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 85.821937][ T4555] -> (&dev->event_lock#2){-...}-{2:2} { [ 85.828267][ T4555] IN-HARDIRQ-W at: [ 85.832418][ T4555] lock_acquire+0x1db/0x4f0 [ 85.839010][ T4555] _raw_spin_lock_irqsave+0xd1/0x120 [ 85.846376][ T4555] input_event+0x8a/0xd0 [ 85.852699][ T4555] psmouse_report_standard_packet+0x50/0x200 [ 85.860676][ T4555] psmouse_process_byte+0x45b/0x640 [ 85.867862][ T4555] psmouse_handle_byte+0x46/0x4b0 [ 85.874876][ T4555] psmouse_interrupt+0x697/0x10a0 [ 85.881890][ T4555] serio_interrupt+0x88/0x130 [ 85.888566][ T4555] i8042_interrupt+0x355/0x750 [ 85.895331][ T4555] __handle_irq_event_percpu+0x292/0xa70 [ 85.902967][ T4555] handle_irq_event+0xff/0x2b0 [ 85.909730][ T4555] handle_edge_irq+0x245/0xbf0 [ 85.916668][ T4555] __common_interrupt+0xd7/0x1f0 [ 85.924167][ T4555] common_interrupt+0xae/0xd0 [ 85.930854][ T4555] asm_common_interrupt+0x22/0x40 [ 85.937875][ T4555] deref_stack_reg+0x76/0x110 [ 85.944549][ T4555] unwind_next_frame+0x12f1/0x1fa0 [ 85.951684][ T4555] arch_stack_walk+0x10d/0x140 [ 85.958444][ T4555] stack_trace_save+0x113/0x1c0 [ 85.965391][ T4555] kasan_set_track+0x4b/0x80 [ 85.972057][ T4555] kasan_set_free_info+0x1f/0x40 [ 85.979014][ T4555] ____kasan_slab_free+0xd8/0x120 [ 85.986030][ T4555] slab_free_freelist_hook+0xdd/0x160 [ 85.993424][ T4555] kmem_cache_free+0x91/0x1f0 [ 86.000092][ T4555] kernel_execve+0x3c5/0x9b0 [ 86.006896][ T4555] call_usermodehelper_exec_async+0x22f/0x370 [ 86.014977][ T4555] ret_from_fork+0x1f/0x30 [ 86.021497][ T4555] INITIAL USE at: [ 86.025576][ T4555] lock_acquire+0x1db/0x4f0 [ 86.032012][ T4555] _raw_spin_lock_irqsave+0xd1/0x120 [ 86.039208][ T4555] input_inject_event+0xc0/0x300 [ 86.046140][ T4555] led_trigger_event+0x109/0x1e0 [ 86.052984][ T4555] kbd_led_trigger_activate+0xb9/0x100 [ 86.060442][ T4555] led_trigger_set+0x55a/0x970 [ 86.067106][ T4555] led_trigger_set_default+0x1c2/0x200 [ 86.074475][ T4555] led_classdev_register_ext+0x6cf/0x8d0 [ 86.082111][ T4555] input_leds_connect+0x503/0x740 [ 86.089128][ T4555] input_register_device+0xdae/0x1150 [ 86.096407][ T4555] atkbd_connect+0x7a7/0xa70 [ 86.102902][ T4555] serio_driver_probe+0x74/0x90 [ 86.109655][ T4555] really_probe+0x24e/0xb60 [ 86.116061][ T4555] __driver_probe_device+0x1a2/0x3d0 [ 86.123259][ T4555] driver_probe_device+0x50/0x420 [ 86.130202][ T4555] __driver_attach+0x479/0x690 [ 86.136960][ T4555] bus_for_each_dev+0x17c/0x1f0 [ 86.143716][ T4555] serio_handle_event+0x56a/0x8f0 [ 86.150651][ T4555] process_one_work+0x8a1/0x10c0 [ 86.157498][ T4555] worker_thread+0xaca/0x1280 [ 86.164201][ T4555] kthread+0x3f6/0x4f0 [ 86.170172][ T4555] ret_from_fork+0x1f/0x30 [ 86.176497][ T4555] } [ 86.179160][ T4555] ... key at: [] input_allocate_device.__key.6+0x0/0x20 [ 86.188350][ T4555] -> (&client->buffer_lock){....}-{2:2} { [ 86.194213][ T4555] INITIAL USE at: [ 86.198187][ T4555] lock_acquire+0x1db/0x4f0 [ 86.204441][ T4555] _raw_spin_lock+0x2a/0x40 [ 86.210682][ T4555] evdev_pass_values+0xe7/0xb60 [ 86.217270][ T4555] evdev_events+0x198/0x2c0 [ 86.223510][ T4555] input_pass_values+0x873/0x1200 [ 86.230270][ T4555] input_handle_event+0xc9b/0x1600 [ 86.237122][ T4555] input_inject_event+0x1fc/0x300 [ 86.243877][ T4555] evdev_write+0x668/0x7c0 [ 86.250029][ T4555] vfs_write+0x30c/0xe50 [ 86.256004][ T4555] ksys_write+0x1a2/0x2c0 [ 86.262070][ T4555] do_syscall_64+0x3b/0xb0 [ 86.268216][ T4555] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.275846][ T4555] } [ 86.278423][ T4555] ... key at: [] evdev_open.__key.23+0x0/0x20 [ 86.286660][ T4555] ... acquired at: [ 86.290540][ T4555] lock_acquire+0x1db/0x4f0 [ 86.295213][ T4555] _raw_spin_lock+0x2a/0x40 [ 86.299900][ T4555] evdev_pass_values+0xe7/0xb60 [ 86.305010][ T4555] evdev_events+0x198/0x2c0 [ 86.309681][ T4555] input_pass_values+0x873/0x1200 [ 86.314870][ T4555] input_handle_event+0xc9b/0x1600 [ 86.320243][ T4555] input_inject_event+0x1fc/0x300 [ 86.325447][ T4555] evdev_write+0x668/0x7c0 [ 86.330033][ T4555] vfs_write+0x30c/0xe50 [ 86.334471][ T4555] ksys_write+0x1a2/0x2c0 [ 86.339070][ T4555] do_syscall_64+0x3b/0xb0 [ 86.343660][ T4555] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.349719][ T4555] [ 86.352029][ T4555] -> (&new->fa_lock){....}-{2:2} { [ 86.357235][ T4555] INITIAL READ USE at: [ 86.361570][ T4555] lock_acquire+0x1db/0x4f0 [ 86.368061][ T4555] _raw_read_lock_irqsave+0xd9/0x120 [ 86.375338][ T4555] kill_fasync+0x16a/0x490 [ 86.381743][ T4555] evdev_pass_values+0x5ad/0xb60 [ 86.388671][ T4555] evdev_events+0x198/0x2c0 [ 86.395162][ T4555] input_pass_values+0x873/0x1200 [ 86.402195][ T4555] input_handle_event+0xc9b/0x1600 [ 86.409296][ T4555] input_inject_event+0x1fc/0x300 [ 86.416326][ T4555] evdev_write+0x668/0x7c0 [ 86.422730][ T4555] vfs_write+0x30c/0xe50 [ 86.428963][ T4555] ksys_write+0x1a2/0x2c0 [ 86.435286][ T4555] do_syscall_64+0x3b/0xb0 [ 86.441701][ T4555] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.449589][ T4555] } [ 86.452087][ T4555] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 86.460932][ T4555] ... acquired at: [ 86.464724][ T4555] lock_acquire+0x1db/0x4f0 [ 86.469412][ T4555] _raw_read_lock_irqsave+0xd9/0x120 [ 86.474865][ T4555] kill_fasync+0x16a/0x490 [ 86.479476][ T4555] evdev_pass_values+0x5ad/0xb60 [ 86.484585][ T4555] evdev_events+0x198/0x2c0 [ 86.489265][ T4555] input_pass_values+0x873/0x1200 [ 86.494478][ T4555] input_handle_event+0xc9b/0x1600 [ 86.499758][ T4555] input_inject_event+0x1fc/0x300 [ 86.504951][ T4555] evdev_write+0x668/0x7c0 [ 86.509534][ T4555] vfs_write+0x30c/0xe50 [ 86.513941][ T4555] ksys_write+0x1a2/0x2c0 [ 86.518436][ T4555] do_syscall_64+0x3b/0xb0 [ 86.523015][ T4555] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.529075][ T4555] [ 86.531390][ T4555] [ 86.531390][ T4555] the dependencies between the lock to be acquired [ 86.531397][ T4555] and HARDIRQ-irq-unsafe lock: [ 86.544890][ T4555] -> (tasklist_lock){.+.+}-{2:2} { [ 86.550103][ T4555] HARDIRQ-ON-R at: [ 86.554174][ T4555] lock_acquire+0x1db/0x4f0 [ 86.560489][ T4555] _raw_read_lock+0x32/0x40 [ 86.566895][ T4555] do_wait+0x2a7/0xaf0 [ 86.572798][ T4555] kernel_wait+0xe5/0x230 [ 86.579029][ T4555] call_usermodehelper_exec_work+0xb5/0x220 [ 86.586845][ T4555] process_one_work+0x8a1/0x10c0 [ 86.593599][ T4555] worker_thread+0xaca/0x1280 [ 86.600091][ T4555] kthread+0x3f6/0x4f0 [ 86.605973][ T4555] ret_from_fork+0x1f/0x30 [ 86.612208][ T4555] SOFTIRQ-ON-R at: [ 86.616266][ T4555] lock_acquire+0x1db/0x4f0 [ 86.622607][ T4555] _raw_read_lock+0x32/0x40 [ 86.628924][ T4555] do_wait+0x2a7/0xaf0 [ 86.634831][ T4555] kernel_wait+0xe5/0x230 [ 86.640982][ T4555] call_usermodehelper_exec_work+0xb5/0x220 [ 86.648706][ T4555] process_one_work+0x8a1/0x10c0 [ 86.655549][ T4555] worker_thread+0xaca/0x1280 [ 86.662042][ T4555] kthread+0x3f6/0x4f0 [ 86.667922][ T4555] ret_from_fork+0x1f/0x30 [ 86.674151][ T4555] INITIAL USE at: [ 86.678117][ T4555] lock_acquire+0x1db/0x4f0 [ 86.684367][ T4555] _raw_write_lock_irq+0xcf/0x110 [ 86.691119][ T4555] copy_process+0x22be/0x3ef0 [ 86.697523][ T4555] kernel_clone+0x210/0x960 [ 86.703753][ T4555] kernel_thread+0x168/0x1e0 [ 86.710075][ T4555] rest_init+0x21/0x330 [ 86.715978][ T4555] start_kernel+0x48c/0x540 [ 86.722218][ T4555] secondary_startup_64_no_verify+0xb1/0xbb [ 86.729855][ T4555] INITIAL READ USE at: [ 86.734298][ T4555] lock_acquire+0x1db/0x4f0 [ 86.740967][ T4555] _raw_read_lock+0x32/0x40 [ 86.747646][ T4555] do_wait+0x2a7/0xaf0 [ 86.753890][ T4555] kernel_wait+0xe5/0x230 [ 86.760387][ T4555] call_usermodehelper_exec_work+0xb5/0x220 [ 86.768452][ T4555] process_one_work+0x8a1/0x10c0 [ 86.775646][ T4555] worker_thread+0xaca/0x1280 [ 86.782498][ T4555] kthread+0x3f6/0x4f0 [ 86.788753][ T4555] ret_from_fork+0x1f/0x30 [ 86.795356][ T4555] } [ 86.797941][ T4555] ... key at: [] tasklist_lock+0x18/0x40 [ 86.805744][ T4555] ... acquired at: [ 86.809630][ T4555] lock_acquire+0x1db/0x4f0 [ 86.814300][ T4555] _raw_read_lock+0x32/0x40 [ 86.818974][ T4555] send_sigurg+0xc8/0x380 [ 86.823479][ T4555] sk_send_sigurg+0x6a/0xb0 [ 86.828184][ T4555] queue_oob+0x7fe/0xad0 [ 86.832619][ T4555] unix_stream_sendmsg+0xe0a/0x1070 [ 86.837997][ T4555] ____sys_sendmsg+0x59e/0x8f0 [ 86.842944][ T4555] ___sys_sendmsg+0x252/0x2e0 [ 86.847836][ T4555] __se_sys_sendmsg+0x19a/0x260 [ 86.852946][ T4555] do_syscall_64+0x3b/0xb0 [ 86.857529][ T4555] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.863593][ T4555] [ 86.865933][ T4555] -> (&f->f_owner.lock){....}-{2:2} { [ 86.871351][ T4555] INITIAL USE at: [ 86.875235][ T4555] lock_acquire+0x1db/0x4f0 [ 86.881302][ T4555] _raw_write_lock_irq+0xcf/0x110 [ 86.888071][ T4555] __f_setown+0x38/0x350 [ 86.893869][ T4555] f_setown+0x11f/0x1c0 [ 86.899578][ T4555] do_fcntl+0x1b7/0x1600 [ 86.905374][ T4555] __se_sys_fcntl+0xd8/0x1b0 [ 86.911582][ T4555] do_syscall_64+0x3b/0xb0 [ 86.917594][ T4555] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.925068][ T4555] INITIAL READ USE at: [ 86.929394][ T4555] lock_acquire+0x1db/0x4f0 [ 86.935892][ T4555] _raw_read_lock_irqsave+0xd9/0x120 [ 86.943170][ T4555] send_sigurg+0x25/0x380 [ 86.949509][ T4555] sk_send_sigurg+0x6a/0xb0 [ 86.956004][ T4555] queue_oob+0x7fe/0xad0 [ 86.962242][ T4555] unix_stream_sendmsg+0xe0a/0x1070 [ 86.969427][ T4555] ____sys_sendmsg+0x59e/0x8f0 [ 86.976186][ T4555] ___sys_sendmsg+0x252/0x2e0 [ 86.982854][ T4555] __se_sys_sendmsg+0x19a/0x260 [ 86.989691][ T4555] do_syscall_64+0x3b/0xb0 [ 86.996098][ T4555] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.003985][ T4555] } [ 87.006496][ T4555] ... key at: [] __alloc_file.__key+0x0/0x10 [ 87.014564][ T4555] ... acquired at: [ 87.018387][ T4555] lock_acquire+0x1db/0x4f0 [ 87.023061][ T4555] _raw_read_lock_irqsave+0xd9/0x120 [ 87.028788][ T4555] send_sigio+0x2f/0x330 [ 87.033195][ T4555] kill_fasync+0x20c/0x490 [ 87.037774][ T4555] evdev_pass_values+0x5ad/0xb60 [ 87.042961][ T4555] evdev_events+0x198/0x2c0 [ 87.047630][ T4555] input_pass_values+0x873/0x1200 [ 87.052902][ T4555] input_handle_event+0xc9b/0x1600 [ 87.058180][ T4555] input_inject_event+0x1fc/0x300 [ 87.063370][ T4555] evdev_write+0x668/0x7c0 [ 87.067950][ T4555] vfs_write+0x30c/0xe50 [ 87.072380][ T4555] ksys_write+0x1a2/0x2c0 [ 87.076875][ T4555] do_syscall_64+0x3b/0xb0 [ 87.081464][ T4555] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.087530][ T4555] [ 87.089868][ T4555] [ 87.089868][ T4555] stack backtrace: [ 87.095846][ T4555] CPU: 0 PID: 4555 Comm: syz-executor.0 Not tainted 5.15.176-syzkaller #0 [ 87.104338][ T4555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 87.114390][ T4555] Call Trace: [ 87.117660][ T4555] [ 87.120584][ T4555] dump_stack_lvl+0x1e3/0x2d0 [ 87.125256][ T4555] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 87.130880][ T4555] ? panic+0x860/0x860 [ 87.134949][ T4555] ? print_shortest_lock_dependencies+0xee/0x150 [ 87.141270][ T4555] validate_chain+0x4d01/0x5930 [ 87.146128][ T4555] ? reacquire_held_locks+0x660/0x660 [ 87.151496][ T4555] ? stack_trace_save+0x113/0x1c0 [ 87.156511][ T4555] ? reacquire_held_locks+0x660/0x660 [ 87.161876][ T4555] ? register_lock_class+0x100/0x9a0 [ 87.167158][ T4555] ? is_dynamic_key+0x1f0/0x1f0 [ 87.171997][ T4555] ? lockdep_unlock+0x166/0x300 [ 87.176839][ T4555] ? mark_lock+0x98/0x340 [ 87.181188][ T4555] __lock_acquire+0x1295/0x1ff0 [ 87.186036][ T4555] lock_acquire+0x1db/0x4f0 [ 87.190532][ T4555] ? send_sigio+0x2f/0x330 [ 87.194947][ T4555] ? read_lock_is_recursive+0x10/0x10 [ 87.200315][ T4555] ? read_lock_is_recursive+0x10/0x10 [ 87.205683][ T4555] _raw_read_lock_irqsave+0xd9/0x120 [ 87.210971][ T4555] ? send_sigio+0x2f/0x330 [ 87.215380][ T4555] ? _raw_read_lock+0x40/0x40 [ 87.220051][ T4555] ? _raw_read_lock_irqsave+0xe5/0x120 [ 87.225515][ T4555] ? _raw_read_lock+0x40/0x40 [ 87.230185][ T4555] send_sigio+0x2f/0x330 [ 87.234425][ T4555] kill_fasync+0x20c/0x490 [ 87.238920][ T4555] evdev_pass_values+0x5ad/0xb60 [ 87.243859][ T4555] ? evdev_pass_values+0x541/0xb60 [ 87.248974][ T4555] evdev_events+0x198/0x2c0 [ 87.253471][ T4555] ? evdev_event+0x170/0x170 [ 87.258059][ T4555] input_pass_values+0x873/0x1200 [ 87.263104][ T4555] input_handle_event+0xc9b/0x1600 [ 87.268238][ T4555] input_inject_event+0x1fc/0x300 [ 87.273276][ T4555] evdev_write+0x668/0x7c0 [ 87.277691][ T4555] ? evdev_read+0xe00/0xe00 [ 87.282216][ T4555] ? end_current_label_crit_section+0x147/0x170 [ 87.288463][ T4555] ? common_file_perm+0x17d/0x1d0 [ 87.293500][ T4555] ? fsnotify_perm+0x64/0x590 [ 87.298169][ T4555] ? security_file_permission+0x75/0xa0 [ 87.303799][ T4555] ? evdev_read+0xe00/0xe00 [ 87.308316][ T4555] vfs_write+0x30c/0xe50 [ 87.312584][ T4555] ? file_end_write+0x250/0x250 [ 87.317468][ T4555] ? __fget_files+0x413/0x480 [ 87.322158][ T4555] ? __fdget_pos+0x1e9/0x380 [ 87.326746][ T4555] ? ksys_write+0x77/0x2c0 [ 87.331171][ T4555] ksys_write+0x1a2/0x2c0 [ 87.335526][ T4555] ? print_irqtrace_events+0x210/0x210 [ 87.340984][ T4555] ? __ia32_sys_read+0x80/0x80 [ 87.345747][ T4555] ? syscall_enter_from_user_mode+0x2e/0x240 [ 87.351725][ T4555] ? lockdep_hardirqs_on+0x94/0x130 [ 87.356916][ T4555] ? syscall_enter_from_user_mode+0x2e/0x240 [ 87.362907][ T4555] do_syscall_64+0x3b/0xb0 [ 87.367341][ T4555] ? clear_bhb_loop+0x15/0x70 [ 87.372016][ T4555] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.377910][ T4555] RIP: 0033:0x7fccaf3baca9 [ 87.382323][ T4555] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 87.401920][ T4555] RSP: 002b:00007fccae73b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 87.410332][ T4555] RAX: ffffffffffffffda RBX: 00007fccaf4e8f80 RCX: 00007fccaf3baca9 [ 87.418295][ T4555] RDX: 0000000000002778 RSI: 0000000020000040 RDI: 0000000000000006 [ 87.426261][ T4555] RBP: 00007fccaf40647e R08: 0000000000000000 R09: 0000000000000000 [ 87.434508][ T4555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.442469][ T4555] R13: 000000000000000b R14: 00007fccaf4e8f80 R15: 00007ffc2e279498 [ 87.450452][ T4555] [ 87.455157][ T1325] Bluetooth: hci0: command 0x0409 tx timeout 2025/01/12 14:35:42 executed programs: 34 [ 89.465949][ T13] Bluetooth: hci0: command 0x041b tx timeout [ 91.550689][ T1325] Bluetooth: hci0: command 0x040f tx timeout 2025/01/12 14:35:47 executed programs: 275 [ 93.625831][ T7] Bluetooth: hci0: command 0x0419 tx timeout