Warning: Permanently added '10.128.1.86' (ED25519) to the list of known hosts.
2026/02/07 21:59:08 parsed 1 programs
[   92.294334][ T4805] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   94.140539][ T4832] chnl_net:caif_netlink_parms(): no params data found
[   94.195719][ T4832] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.204787][ T4832] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.213181][ T4832] device bridge_slave_0 entered promiscuous mode
[   94.222757][ T4832] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.230019][ T4832] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.240054][ T4832] device bridge_slave_1 entered promiscuous mode
[   94.268260][ T4832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.280016][ T4832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.312635][ T4832] team0: Port device team_slave_0 added
[   94.320544][ T4832] team0: Port device team_slave_1 added
[   94.344065][ T4832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.351556][ T4832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.377859][ T4832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.390629][ T4832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.397611][ T4832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.424529][ T4832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.460581][ T4832] device hsr_slave_0 entered promiscuous mode
[   94.467986][ T4832] device hsr_slave_1 entered promiscuous mode
[   94.979684][ T4832] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   95.007432][ T4832] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   95.027555][ T4832] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   95.047264][ T4832] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   95.165938][ T4832] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.201686][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   95.219458][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   95.242949][ T4832] 8021q: adding VLAN 0 to HW filter on device team0
[   95.259703][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   95.278340][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   95.289674][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.296794][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.318593][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   95.327691][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   95.338019][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   95.347447][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.354703][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.365049][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   95.374061][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   95.384532][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   95.394867][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   95.406148][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   95.414372][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   95.423411][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   95.440301][ T4832] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   95.451825][ T4832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   95.494372][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   95.523223][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   95.541007][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   95.550638][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   95.559487][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   95.631878][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   95.642053][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   95.656026][ T4832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.685422][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   95.695129][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   95.716396][ T4832] device veth0_vlan entered promiscuous mode
[   95.724473][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   95.734134][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   95.749863][ T4832] device veth1_vlan entered promiscuous mode
[   95.769137][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   95.778205][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   95.787876][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   95.810503][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   95.820014][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   95.831564][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   95.844902][ T4832] device veth0_macvtap entered promiscuous mode
[   95.864566][ T4832] device veth1_macvtap entered promiscuous mode
[   95.883985][ T4832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.893589][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   95.903597][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   95.913699][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   95.922754][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   95.944603][ T4832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.953788][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   95.962524][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   95.973749][ T4832] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.983846][ T4832] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.992708][ T4832] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.001708][ T4832] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.698711][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.715266][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.740095][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   97.750758][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.762342][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.779776][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   98.334198][ T4232] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/02/07 21:59:17 executed programs: 0
[   98.968159][ T5032] chnl_net:caif_netlink_parms(): no params data found
[   99.029860][ T5032] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.039244][ T5032] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.047752][ T5032] device bridge_slave_0 entered promiscuous mode
[   99.056257][ T5032] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.066373][ T5032] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.074543][ T5032] device bridge_slave_1 entered promiscuous mode
[   99.106225][ T5032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.118618][ T5032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.154478][ T5032] team0: Port device team_slave_0 added
[   99.163438][ T5032] team0: Port device team_slave_1 added
[   99.194220][ T5032] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.201611][ T5032] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.230573][ T5032] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.243736][ T5032] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.251202][ T5032] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.277911][ T5032] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.316500][ T5032] device hsr_slave_0 entered promiscuous mode
[   99.323789][ T5032] device hsr_slave_1 entered promiscuous mode
[   99.332077][ T5032] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   99.348485][ T5032] Cannot create hsr debugfs directory
[  100.867324][ T4394] Bluetooth: hci0: command 0x0409 tx timeout
[  101.491950][ T4232] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.582075][ T4232] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.651567][ T4232] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.423031][ T5032] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.434387][ T5032] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.443613][ T5032] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.475343][ T5032] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.546285][ T5032] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.560154][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  102.568714][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  102.586162][ T5032] 8021q: adding VLAN 0 to HW filter on device team0
[  102.595473][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  102.604616][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  102.613537][ T4976] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.620617][ T4976] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.629306][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  102.653418][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  102.662361][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  102.672054][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.679228][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.689807][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  102.723139][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  102.736070][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  102.748036][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  102.757153][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  102.769905][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  102.779258][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  102.812962][ T5032] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  102.824074][ T5032] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  102.835724][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  102.844924][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  102.855456][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  102.863983][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  102.872638][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  102.947404][ T4392] Bluetooth: hci0: command 0x041b tx timeout
[  102.973884][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  102.981818][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  102.994315][ T5032] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.019978][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  103.029047][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  103.054264][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  103.062815][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  103.072621][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  103.081154][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  103.098817][ T5032] device veth0_vlan entered promiscuous mode
[  103.109854][ T5032] device veth1_vlan entered promiscuous mode
[  103.125062][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  103.135215][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  103.143589][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  103.153618][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  103.166534][ T5032] device veth0_macvtap entered promiscuous mode
[  103.188853][ T4232] device hsr_slave_0 left promiscuous mode
[  103.195429][ T4232] device hsr_slave_1 left promiscuous mode
[  103.203848][ T4232] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.211653][ T4232] batman_adv: batadv0: Removing interface: batadv_slave_0
[  103.220008][ T4232] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.227800][ T4232] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.235500][ T4232] device bridge_slave_1 left promiscuous mode
[  103.242647][ T4232] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.251308][ T4232] device bridge_slave_0 left promiscuous mode
[  103.257820][ T4232] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.269547][ T4232] device veth1_macvtap left promiscuous mode
[  103.275675][ T4232] device veth0_macvtap left promiscuous mode
[  103.282593][ T4232] device veth1_vlan left promiscuous mode
[  103.288842][ T4232] device veth0_vlan left promiscuous mode
[  103.419350][ T4232] team0 (unregistering): Port device team_slave_1 removed
[  103.431569][ T4232] team0 (unregistering): Port device team_slave_0 removed
[  103.443552][ T4232] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  103.456074][ T4232] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.510656][ T4232] bond0 (unregistering): Released all slaves
[  103.584050][ T5032] device veth1_macvtap entered promiscuous mode
[  103.592612][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  103.600673][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  103.617060][ T5032] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.624911][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  103.634260][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  103.647037][ T5032] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.657274][ T5032] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.665991][ T5032] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.675230][ T5032] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.684224][ T5032] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.695004][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  103.704115][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  103.763021][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.773485][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.781984][ T4976] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2026/02/07 21:59:22 executed programs: 2
[  103.809838][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.819377][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.830311][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  103.919337][ T5287] 
[  103.921707][ T5287] =====================================================
[  103.928657][ T5287] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
[  103.936241][ T5287] syzkaller #0 Not tainted
[  103.940641][ T5287] -----------------------------------------------------
[  103.947768][ T5287] syz.0.16/5287 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  103.955399][ T5287] ffff88807f07cdb8 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x2f/0x330
[  103.964666][ T5287] 
[  103.964666][ T5287] and this task is already holding:
[  103.973465][ T5287] ffff888024854018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x16d/0x490
[  103.982865][ T5287] which would create a new lock dependency:
[  103.988829][ T5287]  (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){....}-{2:2}
[  103.996740][ T5287] 
[  103.996740][ T5287] but this new dependency connects a HARDIRQ-irq-safe lock:
[  104.006490][ T5287]  (&dev->event_lock#2){-.-.}-{2:2}
[  104.006512][ T5287] 
[  104.006512][ T5287] ... which became HARDIRQ-irq-safe at:
[  104.020301][ T5287]   lock_acquire+0x19e/0x400
[  104.024971][ T5287]   _raw_spin_lock_irqsave+0xb0/0x100
[  104.030421][ T5287]   input_event+0x76/0xb0
[  104.034827][ T5287]   psmouse_report_standard_packet+0x4f/0x200
[  104.041064][ T5287]   psmouse_process_byte+0x42b/0x620
[  104.046339][ T5287]   psmouse_handle_byte+0x43/0x490
[  104.051438][ T5287]   psmouse_interrupt+0x699/0x1130
[  104.056637][ T5287]   serio_interrupt+0x87/0x130
[  104.061856][ T5287]   i8042_interrupt+0x363/0x710
[  104.066785][ T5287]   __handle_irq_event_percpu+0x299/0x9d0
[  104.072815][ T5287]   handle_irq_event+0xa5/0x220
[  104.077655][ T5287]   handle_edge_irq+0x243/0xb20
[  104.082833][ T5287]   __common_interrupt+0xd7/0x1e0
[  104.088067][ T5287]   common_interrupt+0x59/0xd0
[  104.092828][ T5287]   asm_common_interrupt+0x22/0x40
[  104.097924][ T5287]   memset_erms+0xb/0x10
[  104.102237][ T5287]   unwind_next_frame+0xa3d/0x1d90
[  104.107330][ T5287]   arch_stack_walk+0x10c/0x140
[  104.112352][ T5287]   stack_trace_save+0xa6/0xf0
[  104.117103][ T5287]   kasan_set_track+0x4b/0x70
[  104.121773][ T5287]   kasan_set_free_info+0x1f/0x40
[  104.126777][ T5287]   ____kasan_slab_free+0xd5/0x110
[  104.131870][ T5287]   slab_free_freelist_hook+0xea/0x170
[  104.137314][ T5287]   kfree+0xef/0x2a0
[  104.141205][ T5287]   security_cred_free+0xbc/0xf0
[  104.146125][ T5287]   put_cred_rcu+0xdd/0x3e0
[  104.150607][ T5287]   rcu_core+0x9d2/0x1670
[  104.154912][ T5287]   handle_softirqs+0x339/0x830
[  104.159738][ T5287]   __irq_exit_rcu+0x13b/0x230
[  104.164482][ T5287]   irq_exit_rcu+0x5/0x20
[  104.168888][ T5287]   sysvec_apic_timer_interrupt+0xa0/0xc0
[  104.174773][ T5287]   asm_sysvec_apic_timer_interrupt+0x16/0x20
[  104.180821][ T5287]   sched_clock_cpu+0x7/0x3c0
[  104.185480][ T5287]   __set_page_owner+0x174/0x2d0
[  104.190408][ T5287]   get_page_from_freelist+0x1bbd/0x1ca0
[  104.196023][ T5287]   __alloc_pages+0x1ee/0x480
[  104.201145][ T5287]   new_slab+0xc0/0x4b0
[  104.205369][ T5287]   ___slab_alloc+0x80a/0xdd0
[  104.210391][ T5287]   kmem_cache_alloc+0x195/0x290
[  104.215490][ T5287]   getname_kernel+0x56/0x2e0
[  104.220245][ T5287]   kernel_execve+0x24/0x900
[  104.224953][ T5287]   call_usermodehelper_exec_async+0x207/0x350
[  104.231090][ T5287]   ret_from_fork+0x1f/0x30
[  104.235966][ T5287] 
[  104.235966][ T5287] to a HARDIRQ-irq-unsafe lock:
[  104.243074][ T5287]  (tasklist_lock){.+.+}-{2:2}
[  104.243094][ T5287] 
[  104.243094][ T5287] ... which became HARDIRQ-irq-unsafe at:
[  104.256701][ T5287] ...
[  104.256711][ T5287]   lock_acquire+0x19e/0x400
[  104.263860][ T5287]   _raw_read_lock+0x32/0x40
[  104.268428][ T5287]   do_wait+0x293/0xac0
[  104.272767][ T5287]   kernel_wait+0xd3/0x1c0
[  104.277170][ T5287]   call_usermodehelper_exec_work+0xb5/0x220
[  104.283220][ T5287]   process_one_work+0x85f/0x1010
[  104.288318][ T5287]   worker_thread+0xaa6/0x1290
[  104.293237][ T5287]   kthread+0x436/0x520
[  104.297469][ T5287]   ret_from_fork+0x1f/0x30
[  104.302092][ T5287] 
[  104.302092][ T5287] other info that might help us debug this:
[  104.302092][ T5287] 
[  104.313026][ T5287] Chain exists of:
[  104.313026][ T5287]   &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock
[  104.313026][ T5287] 
[  104.326256][ T5287]  Possible interrupt unsafe locking scenario:
[  104.326256][ T5287] 
[  104.334734][ T5287]        CPU0                    CPU1
[  104.340172][ T5287]        ----                    ----
[  104.345978][ T5287]   lock(tasklist_lock);
[  104.350462][ T5287]                                local_irq_disable();
[  104.357559][ T5287]                                lock(&dev->event_lock#2);
[  104.364920][ T5287]                                lock(&new->fa_lock);
[  104.371862][ T5287]   <Interrupt>
[  104.375306][ T5287]     lock(&dev->event_lock#2);
[  104.380740][ T5287] 
[  104.380740][ T5287]  *** DEADLOCK ***
[  104.380740][ T5287] 
[  104.388867][ T5287] 8 locks held by syz.0.16/5287:
[  104.393887][ T5287]  #0: ffff8881488c8110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x17c/0x490
[  104.403182][ T5287]  #1: ffff888146e80230 (&dev->event_lock#2){-.-.}-{2:2}, at: input_inject_event+0x9e/0x2c0
[  104.413364][ T5287]  #2: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30
[  104.422653][ T5287]  #3: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30
[  104.431941][ T5287]  #4: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30
[  104.441350][ T5287]  #5: ffff88805ce62028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0
[  104.451731][ T5287]  #6: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30
[  104.461578][ T5287]  #7: ffff888024854018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x16d/0x490
[  104.470724][ T5287] 
[  104.470724][ T5287] the dependencies between HARDIRQ-irq-safe lock and the holding lock:
[  104.481411][ T5287]   -> (&dev->event_lock#2){-.-.}-{2:2} {
[  104.487393][ T5287]      IN-HARDIRQ-W at:
[  104.491725][ T5287]                         lock_acquire+0x19e/0x400
[  104.498301][ T5287]                         _raw_spin_lock_irqsave+0xb0/0x100
[  104.505948][ T5287]                         input_event+0x76/0xb0
[  104.512437][ T5287]                         psmouse_report_standard_packet+0x4f/0x200
[  104.520426][ T5287]                         psmouse_process_byte+0x42b/0x620
[  104.527617][ T5287]                         psmouse_handle_byte+0x43/0x490
[  104.534639][ T5287]                         psmouse_interrupt+0x699/0x1130
[  104.541771][ T5287]                         serio_interrupt+0x87/0x130
[  104.548640][ T5287]                         i8042_interrupt+0x363/0x710
[  104.555600][ T5287]                         __handle_irq_event_percpu+0x299/0x9d0
[  104.563505][ T5287]                         handle_irq_event+0xa5/0x220
[  104.570342][ T5287]                         handle_edge_irq+0x243/0xb20
[  104.577287][ T5287]                         __common_interrupt+0xd7/0x1e0
[  104.584300][ T5287]                         common_interrupt+0x59/0xd0
[  104.591238][ T5287]                         asm_common_interrupt+0x22/0x40
[  104.598330][ T5287]                         memset_erms+0xb/0x10
[  104.604551][ T5287]                         unwind_next_frame+0xa3d/0x1d90
[  104.612246][ T5287]                         arch_stack_walk+0x10c/0x140
[  104.619284][ T5287]                         stack_trace_save+0xa6/0xf0
[  104.626072][ T5287]                         kasan_set_track+0x4b/0x70
[  104.632743][ T5287]                         kasan_set_free_info+0x1f/0x40
[  104.639964][ T5287]                         ____kasan_slab_free+0xd5/0x110
[  104.647406][ T5287]                         slab_free_freelist_hook+0xea/0x170
[  104.654940][ T5287]                         kfree+0xef/0x2a0
[  104.661247][ T5287]                         security_cred_free+0xbc/0xf0
[  104.668078][ T5287]                         put_cred_rcu+0xdd/0x3e0
[  104.674542][ T5287]                         rcu_core+0x9d2/0x1670
[  104.681111][ T5287]                         handle_softirqs+0x339/0x830
[  104.687861][ T5287]                         __irq_exit_rcu+0x13b/0x230
[  104.694688][ T5287]                         irq_exit_rcu+0x5/0x20
[  104.701083][ T5287]                         sysvec_apic_timer_interrupt+0xa0/0xc0
[  104.708700][ T5287]                         asm_sysvec_apic_timer_interrupt+0x16/0x20
[  104.716845][ T5287]                         sched_clock_cpu+0x7/0x3c0
[  104.723522][ T5287]                         __set_page_owner+0x174/0x2d0
[  104.730411][ T5287]                         get_page_from_freelist+0x1bbd/0x1ca0
[  104.738206][ T5287]                         __alloc_pages+0x1ee/0x480
[  104.744894][ T5287]                         new_slab+0xc0/0x4b0
[  104.751150][ T5287]                         ___slab_alloc+0x80a/0xdd0
[  104.757807][ T5287]                         kmem_cache_alloc+0x195/0x290
[  104.764734][ T5287]                         getname_kernel+0x56/0x2e0
[  104.771390][ T5287]                         kernel_execve+0x24/0x900
[  104.777977][ T5287]                         call_usermodehelper_exec_async+0x207/0x350
[  104.786136][ T5287]                         ret_from_fork+0x1f/0x30
[  104.792712][ T5287]      IN-SOFTIRQ-W at:
[  104.797037][ T5287]                         lock_acquire+0x19e/0x400
[  104.803624][ T5287]                         _raw_spin_lock_irqsave+0xb0/0x100
[  104.811011][ T5287]                         input_event+0x76/0xb0
[  104.817245][ T5287]                         psmouse_report_standard_packet+0x4f/0x200
[  104.825405][ T5287]                         psmouse_process_byte+0x42b/0x620
[  104.832818][ T5287]                         psmouse_handle_byte+0x43/0x490
[  104.840100][ T5287]                         psmouse_interrupt+0x699/0x1130
[  104.847935][ T5287]                         serio_interrupt+0x87/0x130
[  104.854720][ T5287]                         i8042_interrupt+0x363/0x710
[  104.861561][ T5287]                         __handle_irq_event_percpu+0x299/0x9d0
[  104.869193][ T5287]                         handle_irq_event+0xa5/0x220
[  104.876179][ T5287]                         handle_edge_irq+0x243/0xb20
[  104.883092][ T5287]                         __common_interrupt+0xd7/0x1e0
[  104.890266][ T5287]                         common_interrupt+0x59/0xd0
[  104.896932][ T5287]                         asm_common_interrupt+0x22/0x40
[  104.904052][ T5287]                         memset_erms+0xb/0x10
[  104.910420][ T5287]                         unwind_next_frame+0xa3d/0x1d90
[  104.917557][ T5287]                         arch_stack_walk+0x10c/0x140
[  104.924299][ T5287]                         stack_trace_save+0xa6/0xf0
[  104.931042][ T5287]                         kasan_set_track+0x4b/0x70
[  104.937703][ T5287]                         kasan_set_free_info+0x1f/0x40
[  104.944639][ T5287]                         ____kasan_slab_free+0xd5/0x110
[  104.951920][ T5287]                         slab_free_freelist_hook+0xea/0x170
[  104.959534][ T5287]                         kfree+0xef/0x2a0
[  104.965622][ T5287]                         security_cred_free+0xbc/0xf0
[  104.972653][ T5287]                         put_cred_rcu+0xdd/0x3e0
[  104.979410][ T5287]                         rcu_core+0x9d2/0x1670
[  104.985670][ T5287]                         handle_softirqs+0x339/0x830
[  104.992503][ T5287]                         __irq_exit_rcu+0x13b/0x230
[  104.999397][ T5287]                         irq_exit_rcu+0x5/0x20
[  105.005828][ T5287]                         sysvec_apic_timer_interrupt+0xa0/0xc0
[  105.013545][ T5287]                         asm_sysvec_apic_timer_interrupt+0x16/0x20
[  105.016840][ T4394] Bluetooth: hci0: command 0x040f tx timeout
[  105.021526][ T5287]                         sched_clock_cpu+0x7/0x3c0
[  105.034266][ T5287]                         __set_page_owner+0x174/0x2d0
[  105.041279][ T5287]                         get_page_from_freelist+0x1bbd/0x1ca0
[  105.048918][ T5287]                         __alloc_pages+0x1ee/0x480
[  105.055900][ T5287]                         new_slab+0xc0/0x4b0
[  105.062141][ T5287]                         ___slab_alloc+0x80a/0xdd0
[  105.068978][ T5287]                         kmem_cache_alloc+0x195/0x290
[  105.076048][ T5287]                         getname_kernel+0x56/0x2e0
[  105.082710][ T5287]                         kernel_execve+0x24/0x900
[  105.089315][ T5287]                         call_usermodehelper_exec_async+0x207/0x350
[  105.097362][ T5287]                         ret_from_fork+0x1f/0x30
[  105.103772][ T5287]      INITIAL USE at:
[  105.107927][ T5287]                        lock_acquire+0x19e/0x400
[  105.114416][ T5287]                        _raw_spin_lock_irqsave+0xb0/0x100
[  105.121677][ T5287]                        input_inject_event+0x9e/0x2c0
[  105.128506][ T5287]                        led_trigger_event+0x10a/0x1e0
[  105.135335][ T5287]                        kbd_led_trigger_activate+0xb9/0x100
[  105.142685][ T5287]                        led_trigger_set+0x50c/0x910
[  105.149453][ T5287]                        led_trigger_set_default+0x19c/0x1e0
[  105.156906][ T5287]                        led_classdev_register_ext+0x6df/0x8c0
[  105.164519][ T5287]                        input_leds_connect+0x51d/0x750
[  105.171431][ T5287]                        input_register_device+0xda7/0x1140
[  105.178957][ T5287]                        atkbd_connect+0x766/0xa20
[  105.185446][ T5287]                        serio_driver_probe+0x76/0x90
[  105.192188][ T5287]                        really_probe+0x284/0xc80
[  105.198867][ T5287]                        __driver_probe_device+0x18c/0x330
[  105.206218][ T5287]                        driver_probe_device+0x4f/0x420
[  105.213233][ T5287]                        __driver_attach+0x46b/0x670
[  105.220067][ T5287]                        bus_for_each_dev+0x182/0x1f0
[  105.226906][ T5287]                        serio_handle_event+0x29c/0x840
[  105.234045][ T5287]                        process_one_work+0x85f/0x1010
[  105.241056][ T5287]                        worker_thread+0xaa6/0x1290
[  105.247634][ T5287]                        kthread+0x436/0x520
[  105.253620][ T5287]                        ret_from_fork+0x1f/0x30
[  105.260065][ T5287]    }
[  105.262839][ T5287]    ... key      at: [<ffffffff9663c020>] input_allocate_device.__key.6+0x0/0x20
[  105.272198][ T5287]  -> (&client->buffer_lock){....}-{2:2} {
[  105.278012][ T5287]     INITIAL USE at:
[  105.282236][ T5287]                      lock_acquire+0x19e/0x400
[  105.288464][ T5287]                      _raw_spin_lock+0x2a/0x40
[  105.294784][ T5287]                      evdev_pass_values+0xcb/0xab0
[  105.301504][ T5287]                      evdev_events+0x1c0/0x2f0
[  105.307976][ T5287]                      input_pass_values+0x87e/0x1210
[  105.314847][ T5287]                      input_handle_event+0xb3f/0x1490
[  105.321780][ T5287]                      input_inject_event+0x1b9/0x2c0
[  105.328632][ T5287]                      evdev_write+0x35b/0x490
[  105.334795][ T5287]                      vfs_write+0x30b/0xd60
[  105.340772][ T5287]                      ksys_write+0x152/0x260
[  105.346831][ T5287]                      do_syscall_64+0x4c/0xa0
[  105.353120][ T5287]                      entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  105.360816][ T5287]   }
[  105.363379][ T5287]   ... key      at: [<ffffffff9663c2e0>] evdev_open.__key.22+0x0/0x20
[  105.371777][ T5287]   ... acquired at:
[  105.375645][ T5287]    _raw_spin_lock+0x2a/0x40
[  105.380307][ T5287]    evdev_pass_values+0xcb/0xab0
[  105.385438][ T5287]    evdev_events+0x1c0/0x2f0
[  105.390096][ T5287]    input_pass_values+0x87e/0x1210
[  105.395279][ T5287]    input_handle_event+0xb3f/0x1490
[  105.400545][ T5287]    input_inject_event+0x1b9/0x2c0
[  105.405730][ T5287]    evdev_write+0x35b/0x490
[  105.410490][ T5287]    vfs_write+0x30b/0xd60
[  105.414886][ T5287]    ksys_write+0x152/0x260
[  105.419371][ T5287]    do_syscall_64+0x4c/0xa0
[  105.423942][ T5287]    entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  105.430169][ T5287] 
[  105.432560][ T5287] -> (&new->fa_lock){....}-{2:2} {
[  105.437721][ T5287]    INITIAL READ USE at:
[  105.442023][ T5287]                         lock_acquire+0x19e/0x400
[  105.448524][ T5287]                         _raw_read_lock_irqsave+0xb8/0x100
[  105.455786][ T5287]                         kill_fasync+0x16d/0x490
[  105.462443][ T5287]                         evdev_pass_values+0x54b/0xab0
[  105.469392][ T5287]                         evdev_events+0x1c0/0x2f0
[  105.475978][ T5287]                         input_pass_values+0x87e/0x1210
[  105.482982][ T5287]                         input_handle_event+0xb3f/0x1490
[  105.490279][ T5287]                         input_inject_event+0x1b9/0x2c0
[  105.497811][ T5287]                         evdev_write+0x35b/0x490
[  105.504294][ T5287]                         vfs_write+0x30b/0xd60
[  105.511064][ T5287]                         ksys_write+0x152/0x260
[  105.517376][ T5287]                         do_syscall_64+0x4c/0xa0
[  105.523964][ T5287]                         entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  105.531919][ T5287]  }
[  105.534400][ T5287]  ... key      at: [<ffffffff96340780>] fasync_insert_entry.__key+0x0/0x20
[  105.543342][ T5287]  ... acquired at:
[  105.547222][ T5287]    _raw_read_lock_irqsave+0xb8/0x100
[  105.552672][ T5287]    kill_fasync+0x16d/0x490
[  105.557452][ T5287]    evdev_pass_values+0x54b/0xab0
[  105.562545][ T5287]    evdev_events+0x1c0/0x2f0
[  105.567207][ T5287]    input_pass_values+0x87e/0x1210
[  105.572619][ T5287]    input_handle_event+0xb3f/0x1490
[  105.578073][ T5287]    input_inject_event+0x1b9/0x2c0
[  105.583369][ T5287]    evdev_write+0x35b/0x490
[  105.587942][ T5287]    vfs_write+0x30b/0xd60
[  105.592336][ T5287]    ksys_write+0x152/0x260
[  105.597112][ T5287]    do_syscall_64+0x4c/0xa0
[  105.601687][ T5287]    entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  105.607839][ T5287] 
[  105.610139][ T5287] 
[  105.610139][ T5287] the dependencies between the lock to be acquired
[  105.610144][ T5287]  and HARDIRQ-irq-unsafe lock:
[  105.623864][ T5287]  -> (tasklist_lock){.+.+}-{2:2} {
[  105.629210][ T5287]     HARDIRQ-ON-R at:
[  105.633542][ T5287]                       lock_acquire+0x19e/0x400
[  105.639918][ T5287]                       _raw_read_lock+0x32/0x40
[  105.646335][ T5287]                       do_wait+0x293/0xac0
[  105.652484][ T5287]                       kernel_wait+0xd3/0x1c0
[  105.658716][ T5287]                       call_usermodehelper_exec_work+0xb5/0x220
[  105.666423][ T5287]                       process_one_work+0x85f/0x1010
[  105.673180][ T5287]                       worker_thread+0xaa6/0x1290
[  105.679763][ T5287]                       kthread+0x436/0x520
[  105.685727][ T5287]                       ret_from_fork+0x1f/0x30
[  105.692033][ T5287]     SOFTIRQ-ON-R at:
[  105.696162][ T5287]                       lock_acquire+0x19e/0x400
[  105.702567][ T5287]                       _raw_read_lock+0x32/0x40
[  105.709188][ T5287]                       do_wait+0x293/0xac0
[  105.715074][ T5287]                       kernel_wait+0xd3/0x1c0
[  105.721344][ T5287]                       call_usermodehelper_exec_work+0xb5/0x220
[  105.729135][ T5287]                       process_one_work+0x85f/0x1010
[  105.735881][ T5287]                       worker_thread+0xaa6/0x1290
[  105.742364][ T5287]                       kthread+0x436/0x520
[  105.748245][ T5287]                       ret_from_fork+0x1f/0x30
[  105.754555][ T5287]     INITIAL USE at:
[  105.758603][ T5287]                      lock_acquire+0x19e/0x400
[  105.764828][ T5287]                      _raw_write_lock_irq+0xab/0xf0
[  105.771573][ T5287]                      copy_process+0x236f/0x3e20
[  105.778066][ T5287]                      kernel_clone+0x23f/0x990
[  105.784464][ T5287]                      kernel_thread+0xfa/0x160
[  105.790946][ T5287]                      rest_init+0x21/0x330
[  105.797036][ T5287]                      start_kernel+0x489/0x540
[  105.803436][ T5287]                      secondary_startup_64_no_verify+0xb1/0xbb
[  105.811633][ T5287]     INITIAL READ USE at:
[  105.816127][ T5287]                           lock_acquire+0x19e/0x400
[  105.822966][ T5287]                           _raw_read_lock+0x32/0x40
[  105.829997][ T5287]                           do_wait+0x293/0xac0
[  105.836633][ T5287]                           kernel_wait+0xd3/0x1c0
[  105.843333][ T5287]                           call_usermodehelper_exec_work+0xb5/0x220
[  105.851402][ T5287]                           process_one_work+0x85f/0x1010
[  105.858612][ T5287]                           worker_thread+0xaa6/0x1290
[  105.865798][ T5287]                           kthread+0x436/0x520
[  105.872230][ T5287]                           ret_from_fork+0x1f/0x30
[  105.878819][ T5287]   }
[  105.881387][ T5287]   ... key      at: [<ffffffff8c00a058>] tasklist_lock+0x18/0x40
[  105.889318][ T5287]   ... acquired at:
[  105.893281][ T5287]    _raw_read_lock+0x32/0x40
[  105.898044][ T5287]    send_sigurg+0xcb/0x390
[  105.902755][ T5287]    sk_send_sigurg+0x6b/0xc0
[  105.907871][ T5287]    tcp_urg+0x2bc/0xb20
[  105.912100][ T5287]    tcp_rcv_established+0xac2/0x1ce0
[  105.917988][ T5287]    tcp_v6_do_rcv+0x539/0x1180
[  105.922830][ T5287]    __release_sock+0x1e1/0x450
[  105.927837][ T5287]    release_sock+0x5b/0x1b0
[  105.932411][ T5287]    sk_stream_wait_memory+0x6e5/0xe60
[  105.937938][ T5287]    tcp_sendmsg_locked+0x1cc6/0x35f0
[  105.943391][ T5287]    tcp_sendmsg+0x2b/0x40
[  105.948047][ T5287]    __sys_sendto+0x46d/0x620
[  105.952793][ T5287]    __x64_sys_sendto+0xda/0xf0
[  105.958158][ T5287]    do_syscall_64+0x4c/0xa0
[  105.962833][ T5287]    entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  105.969095][ T5287] 
[  105.971404][ T5287] -> (&f->f_owner.lock){....}-{2:2} {
[  105.976778][ T5287]    INITIAL USE at:
[  105.980876][ T5287]                    lock_acquire+0x19e/0x400
[  105.986951][ T5287]                    _raw_write_lock_irq+0xab/0xf0
[  105.993788][ T5287]                    __f_setown+0x37/0x330
[  105.999766][ T5287]                    f_setown+0x120/0x1c0
[  106.005763][ T5287]                    do_fcntl+0x1b7/0x1360
[  106.011652][ T5287]                    __se_sys_fcntl+0xcc/0x190
[  106.017914][ T5287]                    do_syscall_64+0x4c/0xa0
[  106.023991][ T5287]                    entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  106.031532][ T5287]    INITIAL READ USE at:
[  106.035935][ T5287]                         lock_acquire+0x19e/0x400
[  106.042427][ T5287]                         _raw_read_lock_irqsave+0xb8/0x100
[  106.049793][ T5287]                         send_sigurg+0x25/0x390
[  106.056237][ T5287]                         sk_send_sigurg+0x6b/0xc0
[  106.063074][ T5287]                         tcp_urg+0x2bc/0xb20
[  106.069511][ T5287]                         tcp_rcv_established+0xac2/0x1ce0
[  106.076781][ T5287]                         tcp_v6_do_rcv+0x539/0x1180
[  106.083439][ T5287]                         __release_sock+0x1e1/0x450
[  106.090289][ T5287]                         release_sock+0x5b/0x1b0
[  106.096779][ T5287]                         sk_stream_wait_memory+0x6e5/0xe60
[  106.104304][ T5287]                         tcp_sendmsg_locked+0x1cc6/0x35f0
[  106.111741][ T5287]                         tcp_sendmsg+0x2b/0x40
[  106.118118][ T5287]                         __sys_sendto+0x46d/0x620
[  106.124819][ T5287]                         __x64_sys_sendto+0xda/0xf0
[  106.131652][ T5287]                         do_syscall_64+0x4c/0xa0
[  106.138323][ T5287]                         entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  106.146282][ T5287]  }
[  106.148857][ T5287]  ... key      at: [<ffffffff9633fb00>] __alloc_file.__key+0x0/0x10
[  106.156988][ T5287]  ... acquired at:
[  106.160769][ T5287]    _raw_read_lock_irqsave+0xb8/0x100
[  106.166301][ T5287]    send_sigio+0x2f/0x330
[  106.170710][ T5287]    kill_fasync+0x20a/0x490
[  106.175282][ T5287]    evdev_pass_values+0x54b/0xab0
[  106.180459][ T5287]    evdev_events+0x1c0/0x2f0
[  106.185114][ T5287]    input_pass_values+0x87e/0x1210
[  106.190295][ T5287]    input_handle_event+0xb3f/0x1490
[  106.195798][ T5287]    input_inject_event+0x1b9/0x2c0
[  106.201076][ T5287]    evdev_write+0x35b/0x490
[  106.205831][ T5287]    vfs_write+0x30b/0xd60
[  106.210348][ T5287]    ksys_write+0x152/0x260
[  106.214924][ T5287]    do_syscall_64+0x4c/0xa0
[  106.219594][ T5287]    entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  106.225915][ T5287] 
[  106.228224][ T5287] 
[  106.228224][ T5287] stack backtrace:
[  106.234348][ T5287] CPU: 0 PID: 5287 Comm: syz.0.16 Not tainted syzkaller #0
[  106.241953][ T5287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  106.252092][ T5287] Call Trace:
[  106.255361][ T5287]  <TASK>
[  106.258278][ T5287]  dump_stack_lvl+0x188/0x250
[  106.262943][ T5287]  ? load_image+0x400/0x400
[  106.267432][ T5287]  ? show_regs_print_info+0x20/0x20
[  106.272623][ T5287]  ? load_image+0x400/0x400
[  106.277129][ T5287]  ? print_shortest_lock_dependencies+0xf0/0x160
[  106.283775][ T5287]  __lock_acquire+0x6688/0x7d10
[  106.288638][ T5287]  ? verify_lock_unused+0x140/0x140
[  106.293846][ T5287]  lock_acquire+0x19e/0x400
[  106.298430][ T5287]  ? send_sigio+0x2f/0x330
[  106.302848][ T5287]  ? read_lock_is_recursive+0x10/0x10
[  106.308516][ T5287]  ? read_lock_is_recursive+0x10/0x10
[  106.314059][ T5287]  _raw_read_lock_irqsave+0xb8/0x100
[  106.319461][ T5287]  ? send_sigio+0x2f/0x330
[  106.323920][ T5287]  ? _raw_read_lock+0x40/0x40
[  106.328582][ T5287]  ? _raw_read_lock_irqsave+0xc4/0x100
[  106.334125][ T5287]  ? _raw_read_lock+0x40/0x40
[  106.338791][ T5287]  ? do_raw_spin_lock+0x128/0x2f0
[  106.343799][ T5287]  send_sigio+0x2f/0x330
[  106.348149][ T5287]  kill_fasync+0x20a/0x490
[  106.352554][ T5287]  evdev_pass_values+0x54b/0xab0
[  106.357744][ T5287]  ? evdev_pass_values+0x521/0xab0
[  106.363014][ T5287]  evdev_events+0x1c0/0x2f0
[  106.367517][ T5287]  ? evdev_event+0xe0/0xe0
[  106.372435][ T5287]  input_pass_values+0x87e/0x1210
[  106.377524][ T5287]  ? read_lock_is_recursive+0x10/0x10
[  106.383094][ T5287]  input_handle_event+0xb3f/0x1490
[  106.388186][ T5287]  input_inject_event+0x1b9/0x2c0
[  106.393193][ T5287]  evdev_write+0x35b/0x490
[  106.397690][ T5287]  ? evdev_read+0xb90/0xb90
[  106.402168][ T5287]  ? end_current_label_crit_section+0x14b/0x170
[  106.408630][ T5287]  ? common_file_perm+0x171/0x1c0
[  106.413647][ T5287]  ? fsnotify_perm+0x5d/0x560
[  106.418517][ T5287]  ? security_file_permission+0x75/0xa0
[  106.424354][ T5287]  ? evdev_read+0xb90/0xb90
[  106.428854][ T5287]  vfs_write+0x30b/0xd60
[  106.433173][ T5287]  ? file_end_write+0x250/0x250
[  106.438433][ T5287]  ? __fget_files+0x40f/0x480
[  106.443097][ T5287]  ? __fdget_pos+0x1e2/0x370
[  106.447783][ T5287]  ? ksys_write+0x71/0x260
[  106.452217][ T5287]  ksys_write+0x152/0x260
[  106.456628][ T5287]  ? __ia32_sys_read+0x80/0x80
[  106.461755][ T5287]  ? lockdep_hardirqs_on+0x94/0x140
[  106.467109][ T5287]  do_syscall_64+0x4c/0xa0
[  106.471611][ T5287]  ? clear_bhb_loop+0x30/0x80
[  106.476407][ T5287]  ? clear_bhb_loop+0x30/0x80
[  106.481541][ T5287]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  106.487615][ T5287] RIP: 0033:0x7faa2f6858f9
[  106.492124][ T5287] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  106.511923][ T5287] RSP: 002b:00007faa2e8ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  106.520497][ T5287] RAX: ffffffffffffffda RBX: 00007faa2f8b3080 RCX: 00007faa2f6858f9
[  106.528460][ T5287] RDX: 0000000000002ad8 RSI: 0000200000000040 RDI: 0000000000000004
[  106.536604][ T5287] RBP: 00007faa2f7178ac R08: 0000000000000000 R09: 0000000000000000
[  106.544780][ T5287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  106.552746][ T5287] R13: 0000000000000000 R14: 00007faa2f8b3080 R15: 00007ffe86fd1a78
[  106.560713][ T5287]  </TASK>
[  107.096561][ T4393] Bluetooth: hci0: command 0x0419 tx timeout
2026/02/07 21:59:27 executed programs: 6