[ 56.911794][ T50] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.936207][ T50] device veth1_macvtap left promiscuous mode [ 56.942624][ T50] device veth0_macvtap left promiscuous mode [ 56.950485][ T50] device veth1_vlan left promiscuous mode [ 56.956896][ T50] device veth0_vlan left promiscuous mode [ 57.199716][ T50] team0 (unregistering): Port device team_slave_1 removed [ 57.212147][ T50] team0 (unregistering): Port device team_slave_0 removed [ 57.224667][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 57.239764][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 57.289269][ T50] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.1.98' (ECDSA) to the list of known hosts. 2022/10/01 09:45:35 ignoring optional flag "sandboxArg"="0" 2022/10/01 09:45:36 parsed 1 programs 2022/10/01 09:45:36 executed programs: 0 [ 71.138619][ T4009] cgroup: Unknown subsys name 'net' [ 71.151072][ T4009] cgroup: Unknown subsys name 'rlimit' [ 71.198923][ T1240] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.205532][ T1240] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.320496][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.329005][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.337617][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.345816][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.353831][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 72.361361][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.439562][ T4024] chnl_net:caif_netlink_parms(): no params data found [ 72.480280][ T4024] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.488106][ T4024] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.496151][ T4024] device bridge_slave_0 entered promiscuous mode [ 72.505179][ T4024] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.512410][ T4024] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.520181][ T4024] device bridge_slave_1 entered promiscuous mode [ 72.544121][ T4024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.556062][ T4024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.578801][ T4024] team0: Port device team_slave_0 added [ 72.586845][ T4024] team0: Port device team_slave_1 added [ 72.603631][ T4024] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.610706][ T4024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.636784][ T4024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.648744][ T4024] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.656047][ T4024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.684178][ T4024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.710934][ T4024] device hsr_slave_0 entered promiscuous mode [ 72.717974][ T4024] device hsr_slave_1 entered promiscuous mode [ 72.779185][ T4024] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.786537][ T4024] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.793923][ T4024] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.801093][ T4024] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.842835][ T4024] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.859696][ T3328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.868338][ T3328] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.876041][ T3328] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.883822][ T3328] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 72.896399][ T4024] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.907452][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.916286][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.923460][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.946624][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.954943][ T2989] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.962058][ T2989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.970750][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.979562][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.987986][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.000456][ T4024] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.012834][ T4024] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.021897][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.029921][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.046054][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.053489][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.067469][ T4024] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.265895][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.280312][ T4024] device veth0_vlan entered promiscuous mode [ 73.288392][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.304109][ T4024] device veth1_vlan entered promiscuous mode [ 73.311474][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.319589][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.327457][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.348632][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 73.357226][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.368638][ T4024] device veth0_macvtap entered promiscuous mode [ 73.379063][ T4024] device veth1_macvtap entered promiscuous mode [ 73.393905][ T4024] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.401781][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.411724][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.424379][ T4024] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.432453][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.514117][ T4081] [ 73.516465][ T4081] ===================================================== [ 73.523449][ T4081] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 73.530968][ T4081] 6.0.0-rc7-syzkaller-00220-gffb4d94b4314 #0 Not tainted [ 73.538136][ T4081] ----------------------------------------------------- [ 73.545045][ T4081] syz-executor.0/4081 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 73.553007][ T4081] ffff88806e8d20c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x136/0x470 [ 73.561693][ T4081] [ 73.561693][ T4081] and this task is already holding: [ 73.569153][ T4081] ffff888074a56028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 73.579512][ T4081] which would create a new lock dependency: [ 73.585383][ T4081] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 73.593457][ T4081] [ 73.593457][ T4081] but this new dependency connects a HARDIRQ-irq-safe lock: [ 73.602887][ T4081] (&dev->event_lock#2){-.-.}-{2:2} [ 73.602910][ T4081] [ 73.602910][ T4081] ... which became HARDIRQ-irq-safe at: [ 73.615791][ T4081] lock_acquire+0x1ab/0x570 [ 73.620389][ T4081] _raw_spin_lock_irqsave+0x39/0x50 [ 73.625848][ T4081] input_event+0x6c/0xa0 [ 73.630189][ T4081] psmouse_report_standard_buttons+0x2c/0x80 [ 73.636253][ T4081] psmouse_process_byte+0x1e1/0x890 [ 73.641556][ T4081] psmouse_handle_byte+0x41/0x1b0 [ 73.646665][ T4081] psmouse_interrupt+0x304/0xf00 [ 73.651897][ T4081] serio_interrupt+0x88/0x150 [ 73.656660][ T4081] i8042_interrupt+0x27a/0x520 [ 73.661508][ T4081] __handle_irq_event_percpu+0x227/0x870 [ 73.667230][ T4081] handle_irq_event+0xa7/0x1e0 [ 73.672084][ T4081] handle_edge_irq+0x25f/0xd00 [ 73.676939][ T4081] __common_interrupt+0x9d/0x210 [ 73.681970][ T4081] common_interrupt+0x4d/0xc0 [ 73.686742][ T4081] asm_common_interrupt+0x22/0x40 [ 73.691849][ T4081] unwind_get_return_address+0x6a/0x90 [ 73.697395][ T4081] arch_stack_walk+0x93/0xe0 [ 73.702068][ T4081] stack_trace_save+0x8c/0xc0 [ 73.706834][ T4081] kasan_save_stack+0x1e/0x40 [ 73.711597][ T4081] kasan_set_track+0x21/0x30 [ 73.716360][ T4081] kasan_set_free_info+0x20/0x30 [ 73.721493][ T4081] ____kasan_slab_free+0x166/0x1c0 [ 73.726690][ T4081] slab_free_freelist_hook+0x8b/0x1c0 [ 73.732156][ T4081] kmem_cache_free+0xeb/0x5b0 [ 73.736926][ T4081] rcu_core+0x7b5/0x1890 [ 73.741255][ T4081] __do_softirq+0x1d3/0x9c6 [ 73.745841][ T4081] __irq_exit_rcu+0x123/0x180 [ 73.750601][ T4081] irq_exit_rcu+0x5/0x20 [ 73.754925][ T4081] sysvec_apic_timer_interrupt+0x93/0xc0 [ 73.760646][ T4081] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 73.766803][ T4081] acpi_idle_do_entry+0x1fd/0x2a0 [ 73.772189][ T4081] acpi_idle_enter+0x364/0x500 [ 73.777066][ T4081] cpuidle_enter_state+0x1ab/0xd30 [ 73.782369][ T4081] cpuidle_enter+0x4a/0xa0 [ 73.786879][ T4081] do_idle+0x3e8/0x590 [ 73.791043][ T4081] cpu_startup_entry+0x14/0x20 [ 73.795893][ T4081] start_secondary+0x21d/0x2b0 [ 73.800999][ T4081] secondary_startup_64_no_verify+0xce/0xdb [ 73.806987][ T4081] [ 73.806987][ T4081] to a HARDIRQ-irq-unsafe lock: [ 73.813995][ T4081] (tasklist_lock){.+.+}-{2:2} [ 73.814021][ T4081] [ 73.814021][ T4081] ... which became HARDIRQ-irq-unsafe at: [ 73.826637][ T4081] ... [ 73.826644][ T4081] lock_acquire+0x1ab/0x570 [ 73.833999][ T4081] _raw_read_lock+0x5b/0x70 [ 73.838601][ T4081] do_wait+0x27f/0xce0 [ 73.843205][ T4081] kernel_wait+0x9c/0x150 [ 73.847728][ T4081] call_usermodehelper_exec_work+0xf5/0x180 [ 73.854364][ T4081] process_one_work+0x991/0x1610 [ 73.859501][ T4081] worker_thread+0x665/0x1080 [ 73.864635][ T4081] kthread+0x2e4/0x3a0 [ 73.868898][ T4081] ret_from_fork+0x1f/0x30 [ 73.873412][ T4081] [ 73.873412][ T4081] other info that might help us debug this: [ 73.873412][ T4081] [ 73.883662][ T4081] Chain exists of: [ 73.883662][ T4081] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 73.883662][ T4081] [ 73.897229][ T4081] Possible interrupt unsafe locking scenario: [ 73.897229][ T4081] [ 73.905539][ T4081] CPU0 CPU1 [ 73.910923][ T4081] ---- ---- [ 73.916277][ T4081] lock(tasklist_lock); [ 73.920518][ T4081] local_irq_disable(); [ 73.927262][ T4081] lock(&dev->event_lock#2); [ 73.934462][ T4081] lock(&client->buffer_lock); [ 73.941929][ T4081] [ 73.945371][ T4081] lock(&dev->event_lock#2); [ 73.950221][ T4081] [ 73.950221][ T4081] *** DEADLOCK *** [ 73.950221][ T4081] [ 73.958361][ T4081] 7 locks held by syz-executor.0/4081: [ 73.963809][ T4081] #0: ffff8881488fb110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 73.973137][ T4081] #1: ffff88801b1f7230 (&dev->event_lock#2){-.-.}-{2:2}, at: input_inject_event+0x9b/0x320 [ 73.983339][ T4081] #2: ffffffff8bf89400 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x87/0x320 [ 73.993000][ T4081] #3: ffffffff8bf89400 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 74.003095][ T4081] #4: ffffffff8bf89400 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 [ 74.012325][ T4081] #5: ffff888074a56028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 74.023123][ T4081] #6: ffffffff8bf89400 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x41/0x470 [ 74.032176][ T4081] [ 74.032176][ T4081] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 74.042572][ T4081] -> (&dev->event_lock#2){-.-.}-{2:2} { [ 74.048222][ T4081] IN-HARDIRQ-W at: [ 74.052280][ T4081] lock_acquire+0x1ab/0x570 [ 74.058694][ T4081] _raw_spin_lock_irqsave+0x39/0x50 [ 74.065714][ T4081] input_event+0x6c/0xa0 [ 74.071857][ T4081] psmouse_report_standard_buttons+0x2c/0x80 [ 74.079661][ T4081] psmouse_process_byte+0x1e1/0x890 [ 74.086679][ T4081] psmouse_handle_byte+0x41/0x1b0 [ 74.093522][ T4081] psmouse_interrupt+0x304/0xf00 [ 74.100284][ T4081] serio_interrupt+0x88/0x150 [ 74.106783][ T4081] i8042_interrupt+0x27a/0x520 [ 74.113372][ T4081] __handle_irq_event_percpu+0x227/0x870 [ 74.121001][ T4081] handle_irq_event+0xa7/0x1e0 [ 74.127738][ T4081] handle_edge_irq+0x25f/0xd00 [ 74.134506][ T4081] __common_interrupt+0x9d/0x210 [ 74.141453][ T4081] common_interrupt+0x4d/0xc0 [ 74.147959][ T4081] asm_common_interrupt+0x22/0x40 [ 74.154806][ T4081] unwind_get_return_address+0x6a/0x90 [ 74.162097][ T4081] arch_stack_walk+0x93/0xe0 [ 74.168516][ T4081] stack_trace_save+0x8c/0xc0 [ 74.175025][ T4081] kasan_save_stack+0x1e/0x40 [ 74.181532][ T4081] kasan_set_track+0x21/0x30 [ 74.188032][ T4081] kasan_set_free_info+0x20/0x30 [ 74.194881][ T4081] ____kasan_slab_free+0x166/0x1c0 [ 74.201818][ T4081] slab_free_freelist_hook+0x8b/0x1c0 [ 74.209020][ T4081] kmem_cache_free+0xeb/0x5b0 [ 74.215521][ T4081] rcu_core+0x7b5/0x1890 [ 74.221602][ T4081] __do_softirq+0x1d3/0x9c6 [ 74.228104][ T4081] __irq_exit_rcu+0x123/0x180 [ 74.234702][ T4081] irq_exit_rcu+0x5/0x20 [ 74.240855][ T4081] sysvec_apic_timer_interrupt+0x93/0xc0 [ 74.248321][ T4081] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 74.256137][ T4081] acpi_idle_do_entry+0x1fd/0x2a0 [ 74.263016][ T4081] acpi_idle_enter+0x364/0x500 [ 74.269606][ T4081] cpuidle_enter_state+0x1ab/0xd30 [ 74.276803][ T4081] cpuidle_enter+0x4a/0xa0 [ 74.283050][ T4081] do_idle+0x3e8/0x590 [ 74.288945][ T4081] cpu_startup_entry+0x14/0x20 [ 74.295536][ T4081] start_secondary+0x21d/0x2b0 [ 74.302240][ T4081] secondary_startup_64_no_verify+0xce/0xdb [ 74.310159][ T4081] IN-SOFTIRQ-W at: [ 74.314223][ T4081] lock_acquire+0x1ab/0x570 [ 74.320951][ T4081] _raw_spin_lock_irqsave+0x39/0x50 [ 74.327968][ T4081] input_event+0x6c/0xa0 [ 74.334220][ T4081] psmouse_report_standard_buttons+0x2c/0x80 [ 74.342049][ T4081] psmouse_process_byte+0x1e1/0x890 [ 74.349164][ T4081] psmouse_handle_byte+0x41/0x1b0 [ 74.356011][ T4081] psmouse_interrupt+0x304/0xf00 [ 74.362767][ T4081] serio_interrupt+0x88/0x150 [ 74.369356][ T4081] i8042_interrupt+0x27a/0x520 [ 74.375941][ T4081] __handle_irq_event_percpu+0x227/0x870 [ 74.383529][ T4081] handle_irq_event+0xa7/0x1e0 [ 74.390130][ T4081] handle_edge_irq+0x25f/0xd00 [ 74.397065][ T4081] __common_interrupt+0x9d/0x210 [ 74.403828][ T4081] common_interrupt+0x4d/0xc0 [ 74.410360][ T4081] asm_common_interrupt+0x22/0x40 [ 74.417319][ T4081] unwind_get_return_address+0x6a/0x90 [ 74.424694][ T4081] arch_stack_walk+0x93/0xe0 [ 74.431137][ T4081] stack_trace_save+0x8c/0xc0 [ 74.437813][ T4081] kasan_save_stack+0x1e/0x40 [ 74.444333][ T4081] kasan_set_track+0x21/0x30 [ 74.450752][ T4081] kasan_set_free_info+0x20/0x30 [ 74.457521][ T4081] ____kasan_slab_free+0x166/0x1c0 [ 74.464454][ T4081] slab_free_freelist_hook+0x8b/0x1c0 [ 74.471652][ T4081] kmem_cache_free+0xeb/0x5b0 [ 74.478150][ T4081] rcu_core+0x7b5/0x1890 [ 74.484214][ T4081] __do_softirq+0x1d3/0x9c6 [ 74.490543][ T4081] __irq_exit_rcu+0x123/0x180 [ 74.497042][ T4081] irq_exit_rcu+0x5/0x20 [ 74.503452][ T4081] sysvec_apic_timer_interrupt+0x93/0xc0 [ 74.511012][ T4081] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 74.518844][ T4081] acpi_idle_do_entry+0x1fd/0x2a0 [ 74.525712][ T4081] acpi_idle_enter+0x364/0x500 [ 74.532651][ T4081] cpuidle_enter_state+0x1ab/0xd30 [ 74.539587][ T4081] cpuidle_enter+0x4a/0xa0 [ 74.545823][ T4081] do_idle+0x3e8/0x590 [ 74.551717][ T4081] cpu_startup_entry+0x14/0x20 [ 74.558319][ T4081] start_secondary+0x21d/0x2b0 [ 74.564915][ T4081] secondary_startup_64_no_verify+0xce/0xdb [ 74.572721][ T4081] INITIAL USE at: [ 74.576697][ T4081] lock_acquire+0x1ab/0x570 [ 74.582953][ T4081] _raw_spin_lock_irqsave+0x39/0x50 [ 74.589888][ T4081] input_inject_event+0x9b/0x320 [ 74.596735][ T4081] led_set_brightness_nosleep+0xe6/0x1a0 [ 74.604132][ T4081] led_set_brightness+0x134/0x170 [ 74.610922][ T4081] led_trigger_event+0xb0/0x200 [ 74.617513][ T4081] kbd_led_trigger_activate+0xc9/0x100 [ 74.624731][ T4081] led_trigger_set+0x5d7/0xaf0 [ 74.631246][ T4081] led_trigger_set_default+0x1a6/0x230 [ 74.638447][ T4081] led_classdev_register_ext+0x56f/0x760 [ 74.645917][ T4081] input_leds_connect+0x4bd/0x860 [ 74.652682][ T4081] input_attach_handler+0x180/0x1f0 [ 74.659616][ T4081] input_register_device.cold+0xf0/0x2ff [ 74.666984][ T4081] atkbd_connect+0x749/0xa10 [ 74.673311][ T4081] serio_driver_probe+0x72/0xa0 [ 74.679992][ T4081] really_probe+0x249/0xb90 [ 74.686248][ T4081] __driver_probe_device+0x1df/0x4d0 [ 74.693282][ T4081] driver_probe_device+0x4c/0x1a0 [ 74.700233][ T4081] __driver_attach+0x1d0/0x550 [ 74.706736][ T4081] bus_for_each_dev+0x147/0x1d0 [ 74.713325][ T4081] serio_handle_event+0x5f6/0xa30 [ 74.720085][ T4081] process_one_work+0x991/0x1610 [ 74.726762][ T4081] worker_thread+0x665/0x1080 [ 74.733175][ T4081] kthread+0x2e4/0x3a0 [ 74.738980][ T4081] ret_from_fork+0x1f/0x30 [ 74.745312][ T4081] } [ 74.747891][ T4081] ... key at: [] __key.7+0x0/0x40 [ 74.755187][ T4081] -> (&client->buffer_lock){....}-{2:2} { [ 74.761007][ T4081] INITIAL USE at: [ 74.764897][ T4081] lock_acquire+0x1ab/0x570 [ 74.771227][ T4081] _raw_spin_lock+0x2a/0x40 [ 74.777294][ T4081] evdev_pass_values.part.0+0xf6/0x960 [ 74.784411][ T4081] evdev_events+0x359/0x3e0 [ 74.790652][ T4081] input_to_handler+0x2a0/0x4c0 [ 74.797062][ T4081] input_pass_values.part.0+0x230/0x710 [ 74.804172][ T4081] input_event_dispose+0x5cf/0x730 [ 74.810846][ T4081] input_handle_event+0x112/0xda0 [ 74.817433][ T4081] input_inject_event+0x1c4/0x320 [ 74.824018][ T4081] evdev_write+0x430/0x760 [ 74.830080][ T4081] vfs_write+0x2d7/0xdd0 [ 74.835882][ T4081] ksys_write+0x1e8/0x250 [ 74.841879][ T4081] do_syscall_64+0x35/0xb0 [ 74.847861][ T4081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 74.855492][ T4081] } [ 74.857983][ T4081] ... key at: [] __key.3+0x0/0x40 [ 74.865117][ T4081] ... acquired at: [ 74.868910][ T4081] _raw_spin_lock+0x2a/0x40 [ 74.873601][ T4081] evdev_pass_values.part.0+0xf6/0x960 [ 74.879245][ T4081] evdev_events+0x359/0x3e0 [ 74.884113][ T4081] input_to_handler+0x2a0/0x4c0 [ 74.889153][ T4081] input_pass_values.part.0+0x230/0x710 [ 74.894905][ T4081] input_event_dispose+0x5cf/0x730 [ 74.900205][ T4081] input_handle_event+0x112/0xda0 [ 74.905401][ T4081] input_inject_event+0x1c4/0x320 [ 74.910619][ T4081] evdev_write+0x430/0x760 [ 74.915230][ T4081] vfs_write+0x2d7/0xdd0 [ 74.919653][ T4081] ksys_write+0x1e8/0x250 [ 74.924156][ T4081] do_syscall_64+0x35/0xb0 [ 74.928745][ T4081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 74.934843][ T4081] [ 74.937162][ T4081] [ 74.937162][ T4081] the dependencies between the lock to be acquired [ 74.937171][ T4081] and HARDIRQ-irq-unsafe lock: [ 74.950854][ T4081] -> (tasklist_lock){.+.+}-{2:2} { [ 74.956431][ T4081] HARDIRQ-ON-R at: [ 74.960576][ T4081] lock_acquire+0x1ab/0x570 [ 74.967195][ T4081] _raw_read_lock+0x5b/0x70 [ 74.973712][ T4081] do_wait+0x27f/0xce0 [ 74.980051][ T4081] kernel_wait+0x9c/0x150 [ 74.986382][ T4081] call_usermodehelper_exec_work+0xf5/0x180 [ 74.994291][ T4081] process_one_work+0x991/0x1610 [ 75.001236][ T4081] worker_thread+0x665/0x1080 [ 75.008082][ T4081] kthread+0x2e4/0x3a0 [ 75.014146][ T4081] ret_from_fork+0x1f/0x30 [ 75.020558][ T4081] SOFTIRQ-ON-R at: [ 75.024711][ T4081] lock_acquire+0x1ab/0x570 [ 75.031244][ T4081] _raw_read_lock+0x5b/0x70 [ 75.037752][ T4081] do_wait+0x27f/0xce0 [ 75.043832][ T4081] kernel_wait+0x9c/0x150 [ 75.050159][ T4081] call_usermodehelper_exec_work+0xf5/0x180 [ 75.058048][ T4081] process_one_work+0x991/0x1610 [ 75.064983][ T4081] worker_thread+0x665/0x1080 [ 75.071659][ T4081] kthread+0x2e4/0x3a0 [ 75.077722][ T4081] ret_from_fork+0x1f/0x30 [ 75.084152][ T4081] INITIAL USE at: [ 75.088224][ T4081] lock_acquire+0x1ab/0x570 [ 75.094634][ T4081] _raw_write_lock_irq+0x32/0x50 [ 75.101480][ T4081] copy_process+0x448a/0x7090 [ 75.108066][ T4081] kernel_clone+0xe7/0xab0 [ 75.114391][ T4081] user_mode_thread+0xad/0xe0 [ 75.120977][ T4081] rest_init+0x23/0x270 [ 75.127040][ T4081] arch_call_rest_init+0xf/0x14 [ 75.133823][ T4081] start_kernel+0x46e/0x48f [ 75.140239][ T4081] secondary_startup_64_no_verify+0xce/0xdb [ 75.148049][ T4081] INITIAL READ USE at: [ 75.152546][ T4081] lock_acquire+0x1ab/0x570 [ 75.159392][ T4081] _raw_read_lock+0x5b/0x70 [ 75.166239][ T4081] do_wait+0x27f/0xce0 [ 75.172650][ T4081] kernel_wait+0x9c/0x150 [ 75.179322][ T4081] call_usermodehelper_exec_work+0xf5/0x180 [ 75.187559][ T4081] process_one_work+0x991/0x1610 [ 75.195017][ T4081] worker_thread+0x665/0x1080 [ 75.202065][ T4081] kthread+0x2e4/0x3a0 [ 75.208478][ T4081] ret_from_fork+0x1f/0x30 [ 75.215251][ T4081] } [ 75.217928][ T4081] ... key at: [] tasklist_lock+0x18/0x40 [ 75.225833][ T4081] ... acquired at: [ 75.229805][ T4081] _raw_read_lock+0x5b/0x70 [ 75.234745][ T4081] send_sigio+0xab/0x370 [ 75.239160][ T4081] kill_fasync+0x1f8/0x470 [ 75.243845][ T4081] sock_wake_async+0xd2/0x160 [ 75.248696][ T4081] sock_def_readable+0x349/0x4e0 [ 75.253802][ T4081] unix_dgram_sendmsg+0xf88/0x1b50 [ 75.259095][ T4081] sock_sendmsg+0xcf/0x120 [ 75.263793][ T4081] ____sys_sendmsg+0x334/0x810 [ 75.268734][ T4081] ___sys_sendmsg+0x110/0x1b0 [ 75.273584][ T4081] __sys_sendmmsg+0x18b/0x460 [ 75.278449][ T4081] __x64_sys_sendmmsg+0x99/0x100 [ 75.283557][ T4081] do_syscall_64+0x35/0xb0 [ 75.288144][ T4081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.294395][ T4081] [ 75.296708][ T4081] -> (&f->f_owner.lock){....}-{2:2} { [ 75.302197][ T4081] INITIAL USE at: [ 75.306271][ T4081] lock_acquire+0x1ab/0x570 [ 75.312601][ T4081] _raw_write_lock_irq+0x32/0x50 [ 75.319276][ T4081] f_modown+0x2a/0x390 [ 75.325338][ T4081] f_setown+0xd7/0x230 [ 75.331140][ T4081] sock_ioctl+0x37e/0x640 [ 75.337210][ T4081] __x64_sys_ioctl+0x193/0x200 [ 75.343735][ T4081] do_syscall_64+0x35/0xb0 [ 75.349977][ T4081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.357608][ T4081] INITIAL READ USE at: [ 75.362023][ T4081] lock_acquire+0x1ab/0x570 [ 75.368699][ T4081] _raw_read_lock_irqsave+0x70/0x90 [ 75.376069][ T4081] send_sigio+0x24/0x370 [ 75.382569][ T4081] kill_fasync+0x1f8/0x470 [ 75.389155][ T4081] sock_wake_async+0xd2/0x160 [ 75.396001][ T4081] sock_def_readable+0x349/0x4e0 [ 75.403107][ T4081] unix_dgram_sendmsg+0xf88/0x1b50 [ 75.410398][ T4081] sock_sendmsg+0xcf/0x120 [ 75.417765][ T4081] ____sys_sendmsg+0x334/0x810 [ 75.424709][ T4081] ___sys_sendmsg+0x110/0x1b0 [ 75.431558][ T4081] __sys_sendmmsg+0x18b/0x460 [ 75.438406][ T4081] __x64_sys_sendmmsg+0x99/0x100 [ 75.445520][ T4081] do_syscall_64+0x35/0xb0 [ 75.452132][ T4081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.460198][ T4081] } [ 75.462780][ T4081] ... key at: [] __key.5+0x0/0x40 [ 75.470079][ T4081] ... acquired at: [ 75.473959][ T4081] _raw_read_lock_irqsave+0x70/0x90 [ 75.479339][ T4081] send_sigio+0x24/0x370 [ 75.483757][ T4081] kill_fasync+0x1f8/0x470 [ 75.488350][ T4081] sock_wake_async+0xd2/0x160 [ 75.493208][ T4081] sock_def_readable+0x349/0x4e0 [ 75.498323][ T4081] unix_dgram_sendmsg+0xf88/0x1b50 [ 75.504049][ T4081] sock_sendmsg+0xcf/0x120 [ 75.508638][ T4081] ____sys_sendmsg+0x334/0x810 [ 75.513580][ T4081] ___sys_sendmsg+0x110/0x1b0 [ 75.518437][ T4081] __sys_sendmmsg+0x18b/0x460 [ 75.523288][ T4081] __x64_sys_sendmmsg+0x99/0x100 [ 75.528404][ T4081] do_syscall_64+0x35/0xb0 [ 75.532996][ T4081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.539066][ T4081] [ 75.541381][ T4081] -> (&new->fa_lock){....}-{2:2} { [ 75.546506][ T4081] INITIAL READ USE at: [ 75.550917][ T4081] lock_acquire+0x1ab/0x570 [ 75.557421][ T4081] _raw_read_lock_irqsave+0x70/0x90 [ 75.564619][ T4081] kill_fasync+0x136/0x470 [ 75.571030][ T4081] sock_wake_async+0xd2/0x160 [ 75.577707][ T4081] sock_def_readable+0x349/0x4e0 [ 75.584642][ T4081] unix_dgram_sendmsg+0xf88/0x1b50 [ 75.591760][ T4081] sock_sendmsg+0xcf/0x120 [ 75.598438][ T4081] ____sys_sendmsg+0x334/0x810 [ 75.605203][ T4081] ___sys_sendmsg+0x110/0x1b0 [ 75.611877][ T4081] __sys_sendmmsg+0x18b/0x460 [ 75.618554][ T4081] __x64_sys_sendmmsg+0x99/0x100 [ 75.625576][ T4081] do_syscall_64+0x35/0xb0 [ 75.631994][ T4081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.639888][ T4081] } [ 75.642381][ T4081] ... key at: [] __key.0+0x0/0x40 [ 75.649491][ T4081] ... acquired at: [ 75.653285][ T4081] lock_acquire+0x1ab/0x570 [ 75.657963][ T4081] _raw_read_lock_irqsave+0x70/0x90 [ 75.663333][ T4081] kill_fasync+0x136/0x470 [ 75.667922][ T4081] evdev_pass_values.part.0+0x667/0x960 [ 75.673646][ T4081] evdev_events+0x359/0x3e0 [ 75.678325][ T4081] input_to_handler+0x2a0/0x4c0 [ 75.683350][ T4081] input_pass_values.part.0+0x230/0x710 [ 75.689068][ T4081] input_event_dispose+0x5cf/0x730 [ 75.694353][ T4081] input_handle_event+0x112/0xda0 [ 75.699552][ T4081] input_inject_event+0x1c4/0x320 [ 75.704749][ T4081] evdev_write+0x430/0x760 [ 75.709341][ T4081] vfs_write+0x2d7/0xdd0 [ 75.713758][ T4081] ksys_write+0x1e8/0x250 [ 75.718265][ T4081] do_syscall_64+0x35/0xb0 [ 75.722939][ T4081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.729092][ T4081] [ 75.731416][ T4081] [ 75.731416][ T4081] stack backtrace: [ 75.737295][ T4081] CPU: 0 PID: 4081 Comm: syz-executor.0 Not tainted 6.0.0-rc7-syzkaller-00220-gffb4d94b4314 #0 [ 75.747617][ T4081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 75.757667][ T4081] Call Trace: [ 75.760944][ T4081] [ 75.763876][ T4081] dump_stack_lvl+0xcd/0x134 [ 75.768475][ T4081] check_irq_usage.cold+0x4c1/0x6b0 [ 75.773679][ T4081] ? update_load_avg+0x1361/0x1c80 [ 75.778797][ T4081] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 75.785913][ T4081] ? mark_lock.part.0+0xee/0x1910 [ 75.791029][ T4081] ? check_path.constprop.0+0x24/0x50 [ 75.796541][ T4081] ? register_lock_class+0xbe/0x1120 [ 75.801828][ T4081] ? lock_chain_count+0x20/0x20 [ 75.806682][ T4081] ? do_raw_spin_unlock+0x171/0x230 [ 75.811883][ T4081] ? is_dynamic_key.part.0+0x130/0x130 [ 75.817430][ T4081] ? try_to_wake_up+0x100/0x1e60 [ 75.822384][ T4081] __lock_acquire+0x2a5b/0x56d0 [ 75.827326][ T4081] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 75.833575][ T4081] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 75.839647][ T4081] lock_acquire+0x1ab/0x570 [ 75.844149][ T4081] ? kill_fasync+0x136/0x470 [ 75.848824][ T4081] ? lock_release+0x780/0x780 [ 75.853503][ T4081] ? lock_release+0x780/0x780 [ 75.858178][ T4081] ? lock_release+0x780/0x780 [ 75.862889][ T4081] ? __wake_up_common+0x650/0x650 [ 75.867948][ T4081] _raw_read_lock_irqsave+0x70/0x90 [ 75.873160][ T4081] ? kill_fasync+0x136/0x470 [ 75.877763][ T4081] kill_fasync+0x136/0x470 [ 75.882180][ T4081] evdev_pass_values.part.0+0x667/0x960 [ 75.887819][ T4081] ? evdev_free+0x70/0x70 [ 75.892155][ T4081] ? ktime_mono_to_any+0xb5/0x1e0 [ 75.897243][ T4081] evdev_events+0x359/0x3e0 [ 75.901750][ T4081] ? evdev_connect+0x4b0/0x4b0 [ 75.906517][ T4081] input_to_handler+0x2a0/0x4c0 [ 75.911372][ T4081] input_pass_values.part.0+0x230/0x710 [ 75.916924][ T4081] input_event_dispose+0x5cf/0x730 [ 75.922040][ T4081] input_handle_event+0x112/0xda0 [ 75.927071][ T4081] input_inject_event+0x1c4/0x320 [ 75.932096][ T4081] evdev_write+0x430/0x760 [ 75.936512][ T4081] ? evdev_read+0xe30/0xe30 [ 75.941015][ T4081] ? apparmor_file_permission+0x264/0x4e0 [ 75.946736][ T4081] ? bpf_lsm_file_permission+0x5/0x10 [ 75.952108][ T4081] ? security_file_permission+0xab/0xd0 [ 75.957660][ T4081] vfs_write+0x2d7/0xdd0 [ 75.961903][ T4081] ? evdev_read+0xe30/0xe30 [ 75.966403][ T4081] ? kernel_write+0x630/0x630 [ 75.971089][ T4081] ? __fget_files+0x26a/0x440 [ 75.975767][ T4081] ? __fget_light+0xe5/0x270 [ 75.980374][ T4081] ksys_write+0x1e8/0x250 [ 75.984705][ T4081] ? __ia32_sys_read+0xb0/0xb0 [ 75.989575][ T4081] ? syscall_enter_from_user_mode+0x22/0xb0 [ 75.995533][ T4081] ? syscall_enter_from_user_mode+0x22/0xb0 [ 76.001446][ T4081] do_syscall_64+0x35/0xb0 [ 76.005866][ T4081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.011767][ T4081] RIP: 0033:0x7f7aade89109 [ 76.016179][ T4081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 76.035792][ T4081] RSP: 002b:00007f7aaef01168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 76.044205][ T4081] RAX: ffffffffffffffda RBX: 00007f7aadf9bf60 RCX: 00007f7aade89109 [ 76.052172][ T4081] RDX: 0000000000003888 RSI: 0000000020000080 RDI: 0000000000000005 [ 76.060166][ T4081] RBP: 00007f7aadee308d R08: 0000000000000000 R09: 0000000000000000 [ 76.068130][ T4081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.076095][ T4081] R13: 00007ffffb7bda7f R14: 00007f7aaef01300 R15: 0000000000022000 [ 76.084071][ T4081] [ 76.088765][ T3620] Bluetooth: hci0: command 0x0409 tx timeout 2022/10/01 09:45:41 executed programs: 4 [ 76.315709][ T15] cfg80211: failed to load regulatory.db [ 78.155518][ T15] Bluetooth: hci0: command 0x041b tx timeout [ 80.235796][ T3620] Bluetooth: hci0: command 0x040f tx timeout 2022/10/01 09:45:46 executed programs: 246 [ 82.315440][ T15] Bluetooth: hci0: command 0x0419 tx timeout