[ 81.441595][ T13] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.69' (ED25519) to the list of known hosts. 2025/06/08 21:50:21 ignoring optional flag "sandboxArg"="0" 2025/06/08 21:50:21 ignoring optional flag "type"="gce" 2025/06/08 21:50:21 parsed 1 programs 2025/06/08 21:50:23 executed programs: 0 [ 84.823453][ T4425] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 84.974548][ T4489] chnl_net:caif_netlink_parms(): no params data found [ 85.019748][ T4489] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.026882][ T4489] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.034850][ T4489] device bridge_slave_0 entered promiscuous mode [ 85.043477][ T4489] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.050691][ T4489] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.058448][ T4489] device bridge_slave_1 entered promiscuous mode [ 85.084298][ T4489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.095647][ T4489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.120481][ T4489] team0: Port device team_slave_0 added [ 85.128087][ T4489] team0: Port device team_slave_1 added [ 85.147633][ T4489] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.154828][ T4489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.180785][ T4489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.192678][ T4489] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.199728][ T4489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.226153][ T4489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.256251][ T4489] device hsr_slave_0 entered promiscuous mode [ 85.263212][ T4489] device hsr_slave_1 entered promiscuous mode [ 85.787621][ T4489] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.798074][ T4489] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.810698][ T4489] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.820986][ T4489] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.845716][ T4489] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.852859][ T4489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.860359][ T4489] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.867467][ T4489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.924273][ T4489] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.940670][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.952728][ T3074] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.961842][ T3074] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.972312][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 85.988894][ T4489] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.000042][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.008790][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.019304][ T3074] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.026385][ T3074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.043140][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.052733][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.061823][ T3074] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.068909][ T3074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.078526][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 86.100951][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 86.110543][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 86.120644][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.129335][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 86.138156][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.149600][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 86.158176][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 86.173044][ T4489] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 86.184304][ T4489] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 86.192882][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 86.203335][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 86.213179][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 86.343448][ T4489] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.351761][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 86.359217][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 86.382075][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 86.391296][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 86.413728][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 86.423579][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 86.434344][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 86.443631][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 86.454825][ T4489] device veth0_vlan entered promiscuous mode [ 86.469782][ T4489] device veth1_vlan entered promiscuous mode [ 86.495514][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 86.505417][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 86.515569][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 86.524705][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 86.537827][ T4489] device veth0_macvtap entered promiscuous mode [ 86.549740][ T4489] device veth1_macvtap entered promiscuous mode [ 86.571379][ T4489] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.578746][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 86.589164][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 86.597508][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 86.606720][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 86.619044][ T4489] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.629831][ T4489] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.638549][ T4489] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.647665][ T4489] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.657910][ T4489] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.668450][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 86.678633][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 86.747612][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.760452][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.772255][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 86.786086][ T3074] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.795787][ T3074] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.805327][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.844759][ T4561] [ 86.847137][ T4561] ===================================================== [ 86.854090][ T4561] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 86.861572][ T4561] 5.15.185-syzkaller #0 Not tainted [ 86.866790][ T4561] ----------------------------------------------------- [ 86.873737][ T4561] syz-executor.0/4561 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 86.881737][ T4561] ffff88801e9a00c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x16d/0x490 [ 86.890480][ T4561] [ 86.890480][ T4561] and this task is already holding: [ 86.897852][ T4561] ffff8880676dd028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0 [ 86.907627][ T4561] which would create a new lock dependency: [ 86.913630][ T4561] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 86.921754][ T4561] [ 86.921754][ T4561] but this new dependency connects a HARDIRQ-irq-safe lock: [ 86.931212][ T4561] (&dev->event_lock#2){-...}-{2:2} [ 86.931248][ T4561] [ 86.931248][ T4561] ... which became HARDIRQ-irq-safe at: [ 86.944171][ T4561] lock_acquire+0x197/0x3f0 [ 86.948802][ T4561] _raw_spin_lock_irqsave+0xa4/0xf0 [ 86.954125][ T4561] input_event+0x76/0xb0 [ 86.958470][ T4561] psmouse_report_standard_packet+0x4f/0x200 [ 86.959824][ T13] Bluetooth: hci0: command 0x0409 tx timeout [ 86.964577][ T4561] psmouse_process_byte+0x42b/0x620 [ 86.975830][ T4561] psmouse_handle_byte+0x43/0x490 [ 86.980955][ T4561] psmouse_interrupt+0x699/0x1130 [ 86.986086][ T4561] serio_interrupt+0x87/0x130 [ 86.990871][ T4561] i8042_interrupt+0x369/0x710 [ 86.995742][ T4561] __handle_irq_event_percpu+0x291/0x9b0 [ 87.001481][ T4561] handle_irq_event+0xa5/0x220 [ 87.006351][ T4561] handle_edge_irq+0x243/0xb20 [ 87.011230][ T4561] __common_interrupt+0xd7/0x1e0 [ 87.016278][ T4561] common_interrupt+0xb0/0xd0 [ 87.021192][ T4561] asm_common_interrupt+0x22/0x40 [ 87.026325][ T4561] _raw_spin_unlock_irqrestore+0xa5/0x100 [ 87.032159][ T4561] klist_next+0x272/0x2f0 [ 87.036595][ T4561] bus_for_each_dev+0x146/0x1e0 [ 87.041555][ T4561] bus_add_driver+0x30a/0x5a0 [ 87.046341][ T4561] driver_register+0x32d/0x430 [ 87.051212][ T4561] usb_register_driver+0x202/0x3d0 [ 87.056424][ T4561] do_one_initcall+0x1ee/0x680 [ 87.061397][ T4561] do_initcall_level+0x137/0x1f0 [ 87.066436][ T4561] do_initcalls+0x4b/0x90 [ 87.070888][ T4561] kernel_init_freeable+0x3ce/0x560 [ 87.076197][ T4561] kernel_init+0x19/0x1b0 [ 87.080637][ T4561] ret_from_fork+0x1f/0x30 [ 87.085155][ T4561] [ 87.085155][ T4561] to a HARDIRQ-irq-unsafe lock: [ 87.092186][ T4561] (tasklist_lock){.+.+}-{2:2} [ 87.092216][ T4561] [ 87.092216][ T4561] ... which became HARDIRQ-irq-unsafe at: [ 87.104894][ T4561] ... [ 87.104903][ T4561] lock_acquire+0x197/0x3f0 [ 87.112105][ T4561] _raw_read_lock+0x32/0x40 [ 87.116715][ T4561] do_wait+0x293/0xac0 [ 87.120890][ T4561] kernel_wait+0xa8/0x160 [ 87.125321][ T4561] call_usermodehelper_exec_work+0xb5/0x220 [ 87.131326][ T4561] process_one_work+0x863/0x1000 [ 87.136371][ T4561] worker_thread+0xaa8/0x12a0 [ 87.141146][ T4561] kthread+0x436/0x520 [ 87.145331][ T4561] ret_from_fork+0x1f/0x30 [ 87.149870][ T4561] [ 87.149870][ T4561] other info that might help us debug this: [ 87.149870][ T4561] [ 87.160124][ T4561] Chain exists of: [ 87.160124][ T4561] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 87.160124][ T4561] [ 87.173707][ T4561] Possible interrupt unsafe locking scenario: [ 87.173707][ T4561] [ 87.182039][ T4561] CPU0 CPU1 [ 87.187427][ T4561] ---- ---- [ 87.192812][ T4561] lock(tasklist_lock); [ 87.197073][ T4561] local_irq_disable(); [ 87.203834][ T4561] lock(&dev->event_lock#2); [ 87.211053][ T4561] lock(&client->buffer_lock); [ 87.218438][ T4561] [ 87.221903][ T4561] lock(&dev->event_lock#2); [ 87.226766][ T4561] [ 87.226766][ T4561] *** DEADLOCK *** [ 87.226766][ T4561] [ 87.235199][ T4561] 7 locks held by syz-executor.0/4561: [ 87.240664][ T4561] #0: ffff8881487cb110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x177/0x470 [ 87.249831][ T4561] #1: ffff888146758230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0x9e/0x2c0 [ 87.259943][ T4561] #2: ffffffff8c11bfa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 87.269292][ T4561] #3: ffffffff8c11bfa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 87.278717][ T4561] #4: ffffffff8c11bfa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 87.288059][ T4561] #5: ffff8880676dd028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0 [ 87.298271][ T4561] #6: ffffffff8c11bfa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 87.307621][ T4561] [ 87.307621][ T4561] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 87.318046][ T4561] -> (&dev->event_lock#2){-...}-{2:2} { [ 87.323865][ T4561] IN-HARDIRQ-W at: [ 87.327942][ T4561] lock_acquire+0x197/0x3f0 [ 87.334294][ T4561] _raw_spin_lock_irqsave+0xa4/0xf0 [ 87.341340][ T4561] input_event+0x76/0xb0 [ 87.347425][ T4561] psmouse_report_standard_packet+0x4f/0x200 [ 87.355331][ T4561] psmouse_process_byte+0x42b/0x620 [ 87.362369][ T4561] psmouse_handle_byte+0x43/0x490 [ 87.369236][ T4561] psmouse_interrupt+0x699/0x1130 [ 87.376194][ T4561] serio_interrupt+0x87/0x130 [ 87.382731][ T4561] i8042_interrupt+0x369/0x710 [ 87.389341][ T4561] __handle_irq_event_percpu+0x291/0x9b0 [ 87.396811][ T4561] handle_irq_event+0xa5/0x220 [ 87.403531][ T4561] handle_edge_irq+0x243/0xb20 [ 87.410135][ T4561] __common_interrupt+0xd7/0x1e0 [ 87.416919][ T4561] common_interrupt+0xb0/0xd0 [ 87.423436][ T4561] asm_common_interrupt+0x22/0x40 [ 87.430303][ T4561] _raw_spin_unlock_irqrestore+0xa5/0x100 [ 87.437875][ T4561] klist_next+0x272/0x2f0 [ 87.444050][ T4561] bus_for_each_dev+0x146/0x1e0 [ 87.451030][ T4561] bus_add_driver+0x30a/0x5a0 [ 87.457645][ T4561] driver_register+0x32d/0x430 [ 87.464258][ T4561] usb_register_driver+0x202/0x3d0 [ 87.471213][ T4561] do_one_initcall+0x1ee/0x680 [ 87.477909][ T4561] do_initcall_level+0x137/0x1f0 [ 87.484693][ T4561] do_initcalls+0x4b/0x90 [ 87.490954][ T4561] kernel_init_freeable+0x3ce/0x560 [ 87.498001][ T4561] kernel_init+0x19/0x1b0 [ 87.504182][ T4561] ret_from_fork+0x1f/0x30 [ 87.510441][ T4561] INITIAL USE at: [ 87.514524][ T4561] lock_acquire+0x197/0x3f0 [ 87.520791][ T4561] _raw_spin_lock_irqsave+0xa4/0xf0 [ 87.527747][ T4561] input_inject_event+0x9e/0x2c0 [ 87.534448][ T4561] led_trigger_event+0x10a/0x1e0 [ 87.541148][ T4561] kbd_led_trigger_activate+0xb9/0x100 [ 87.548377][ T4561] led_trigger_set+0x504/0x900 [ 87.555190][ T4561] led_trigger_set_default+0x19c/0x1e0 [ 87.562410][ T4561] led_classdev_register_ext+0x68f/0x870 [ 87.569801][ T4561] input_leds_connect+0x51d/0x750 [ 87.576588][ T4561] input_register_device+0xda7/0x1140 [ 87.583721][ T4561] atkbd_connect+0x759/0xa10 [ 87.590086][ T4561] serio_driver_probe+0x76/0x90 [ 87.596693][ T4561] really_probe+0x284/0xc80 [ 87.602955][ T4561] __driver_probe_device+0x18c/0x330 [ 87.609998][ T4561] driver_probe_device+0x4f/0x420 [ 87.616773][ T4561] __driver_attach+0x46b/0x670 [ 87.623290][ T4561] bus_for_each_dev+0x175/0x1e0 [ 87.629995][ T4561] serio_handle_event+0x29c/0x840 [ 87.636781][ T4561] process_one_work+0x863/0x1000 [ 87.643473][ T4561] worker_thread+0xaa8/0x12a0 [ 87.649932][ T4561] kthread+0x436/0x520 [ 87.655771][ T4561] ret_from_fork+0x1f/0x30 [ 87.661949][ T4561] } [ 87.664542][ T4561] ... key at: [] input_allocate_device.__key.6+0x0/0x20 [ 87.673823][ T4561] -> (&client->buffer_lock){....}-{2:2} { [ 87.679575][ T4561] INITIAL USE at: [ 87.683479][ T4561] lock_acquire+0x197/0x3f0 [ 87.689566][ T4561] _raw_spin_lock+0x2a/0x40 [ 87.695796][ T4561] evdev_pass_values+0xcb/0xab0 [ 87.702239][ T4561] evdev_events+0x1c0/0x2f0 [ 87.708323][ T4561] input_pass_values+0x880/0x1220 [ 87.715029][ T4561] input_handle_event+0xb3f/0x1490 [ 87.721719][ T4561] input_inject_event+0x1b9/0x2c0 [ 87.728333][ T4561] evdev_write+0x326/0x470 [ 87.734330][ T4561] vfs_write+0x300/0xd00 [ 87.740163][ T4561] ksys_write+0x14d/0x250 [ 87.746084][ T4561] do_syscall_64+0x4c/0xa0 [ 87.752076][ T4561] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.759548][ T4561] } [ 87.762049][ T4561] ... key at: [] evdev_open.__key.22+0x0/0x20 [ 87.770224][ T4561] ... acquired at: [ 87.774032][ T4561] _raw_spin_lock+0x2a/0x40 [ 87.778737][ T4561] evdev_pass_values+0xcb/0xab0 [ 87.783780][ T4561] evdev_events+0x1c0/0x2f0 [ 87.788478][ T4561] input_pass_values+0x880/0x1220 [ 87.793694][ T4561] input_handle_event+0xb3f/0x1490 [ 87.798991][ T4561] input_inject_event+0x1b9/0x2c0 [ 87.804211][ T4561] evdev_write+0x326/0x470 [ 87.808821][ T4561] vfs_write+0x300/0xd00 [ 87.813251][ T4561] ksys_write+0x14d/0x250 [ 87.817767][ T4561] do_syscall_64+0x4c/0xa0 [ 87.822376][ T4561] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.828472][ T4561] [ 87.830873][ T4561] [ 87.830873][ T4561] the dependencies between the lock to be acquired [ 87.830883][ T4561] and HARDIRQ-irq-unsafe lock: [ 87.844410][ T4561] -> (tasklist_lock){.+.+}-{2:2} { [ 87.849727][ T4561] HARDIRQ-ON-R at: [ 87.853895][ T4561] lock_acquire+0x197/0x3f0 [ 87.860414][ T4561] _raw_read_lock+0x32/0x40 [ 87.866924][ T4561] do_wait+0x293/0xac0 [ 87.873029][ T4561] kernel_wait+0xa8/0x160 [ 87.879385][ T4561] call_usermodehelper_exec_work+0xb5/0x220 [ 87.887296][ T4561] process_one_work+0x863/0x1000 [ 87.894251][ T4561] worker_thread+0xaa8/0x12a0 [ 87.900948][ T4561] kthread+0x436/0x520 [ 87.907029][ T4561] ret_from_fork+0x1f/0x30 [ 87.913462][ T4561] SOFTIRQ-ON-R at: [ 87.917628][ T4561] lock_acquire+0x197/0x3f0 [ 87.924169][ T4561] _raw_read_lock+0x32/0x40 [ 87.930789][ T4561] do_wait+0x293/0xac0 [ 87.936876][ T4561] kernel_wait+0xa8/0x160 [ 87.943223][ T4561] call_usermodehelper_exec_work+0xb5/0x220 [ 87.951251][ T4561] process_one_work+0x863/0x1000 [ 87.958206][ T4561] worker_thread+0xaa8/0x12a0 [ 87.964984][ T4561] kthread+0x436/0x520 [ 87.971068][ T4561] ret_from_fork+0x1f/0x30 [ 87.977508][ T4561] INITIAL USE at: [ 87.981590][ T4561] lock_acquire+0x197/0x3f0 [ 87.988024][ T4561] _raw_write_lock_irq+0x9f/0xe0 [ 87.994904][ T4561] copy_process+0x234a/0x3e00 [ 88.001513][ T4561] kernel_clone+0x219/0x930 [ 88.007945][ T4561] kernel_thread+0xc8/0x120 [ 88.014377][ T4561] rest_init+0x21/0x330 [ 88.020459][ T4561] start_kernel+0x486/0x530 [ 88.026885][ T4561] secondary_startup_64_no_verify+0xb1/0xbb [ 88.034724][ T4561] INITIAL READ USE at: [ 88.039243][ T4561] lock_acquire+0x197/0x3f0 [ 88.046115][ T4561] _raw_read_lock+0x32/0x40 [ 88.053073][ T4561] do_wait+0x293/0xac0 [ 88.059519][ T4561] kernel_wait+0xa8/0x160 [ 88.066217][ T4561] call_usermodehelper_exec_work+0xb5/0x220 [ 88.074479][ T4561] process_one_work+0x863/0x1000 [ 88.081866][ T4561] worker_thread+0xaa8/0x12a0 [ 88.088921][ T4561] kthread+0x436/0x520 [ 88.095357][ T4561] ret_from_fork+0x1f/0x30 [ 88.102224][ T4561] } [ 88.104908][ T4561] ... key at: [] tasklist_lock+0x18/0x40 [ 88.112821][ T4561] ... acquired at: [ 88.116808][ T4561] _raw_read_lock+0x32/0x40 [ 88.121498][ T4561] send_sigio+0xd2/0x330 [ 88.125925][ T4561] kill_fasync+0x20a/0x490 [ 88.130536][ T4561] lease_break_callback+0x22/0x30 [ 88.135749][ T4561] __break_lease+0x4a3/0x12b0 [ 88.140615][ T4561] do_dentry_open+0x771/0xf80 [ 88.145476][ T4561] path_openat+0x2682/0x2f30 [ 88.150260][ T4561] do_filp_open+0x1b3/0x3e0 [ 88.154954][ T4561] do_sys_openat2+0x142/0x4a0 [ 88.159815][ T4561] __x64_sys_open+0x11b/0x140 [ 88.164689][ T4561] do_syscall_64+0x4c/0xa0 [ 88.171211][ T4561] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.177304][ T4561] [ 88.179639][ T4561] -> (&f->f_owner.lock){....}-{2:2} { [ 88.185134][ T4561] INITIAL USE at: [ 88.189127][ T4561] lock_acquire+0x197/0x3f0 [ 88.195400][ T4561] _raw_write_lock_irq+0x9f/0xe0 [ 88.202100][ T4561] __f_setown+0x37/0x330 [ 88.208103][ T4561] do_fcntl+0x103c/0x12d0 [ 88.214194][ T4561] __se_sys_fcntl+0xcc/0x190 [ 88.220543][ T4561] do_syscall_64+0x4c/0xa0 [ 88.226710][ T4561] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.234368][ T4561] INITIAL READ USE at: [ 88.238821][ T4561] lock_acquire+0x197/0x3f0 [ 88.245520][ T4561] _raw_read_lock_irqsave+0xac/0xf0 [ 88.252908][ T4561] send_sigio+0x2f/0x330 [ 88.259356][ T4561] kill_fasync+0x20a/0x490 [ 88.265960][ T4561] lease_break_callback+0x22/0x30 [ 88.273178][ T4561] __break_lease+0x4a3/0x12b0 [ 88.280068][ T4561] do_dentry_open+0x771/0xf80 [ 88.286947][ T4561] path_openat+0x2682/0x2f30 [ 88.293728][ T4561] do_filp_open+0x1b3/0x3e0 [ 88.300421][ T4561] do_sys_openat2+0x142/0x4a0 [ 88.307288][ T4561] __x64_sys_open+0x11b/0x140 [ 88.314155][ T4561] do_syscall_64+0x4c/0xa0 [ 88.320766][ T4561] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.328851][ T4561] } [ 88.331451][ T4561] ... key at: [] __alloc_file.__key+0x0/0x10 [ 88.339625][ T4561] ... acquired at: [ 88.343615][ T4561] _raw_read_lock_irqsave+0xac/0xf0 [ 88.349005][ T4561] send_sigio+0x2f/0x330 [ 88.353437][ T4561] kill_fasync+0x20a/0x490 [ 88.358043][ T4561] lease_break_callback+0x22/0x30 [ 88.363261][ T4561] __break_lease+0x4a3/0x12b0 [ 88.368132][ T4561] do_dentry_open+0x771/0xf80 [ 88.373002][ T4561] path_openat+0x2682/0x2f30 [ 88.377785][ T4561] do_filp_open+0x1b3/0x3e0 [ 88.382582][ T4561] do_sys_openat2+0x142/0x4a0 [ 88.387452][ T4561] __x64_sys_open+0x11b/0x140 [ 88.392318][ T4561] do_syscall_64+0x4c/0xa0 [ 88.396928][ T4561] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.403019][ T4561] [ 88.405370][ T4561] -> (&new->fa_lock){....}-{2:2} { [ 88.410504][ T4561] INITIAL READ USE at: [ 88.414844][ T4561] lock_acquire+0x197/0x3f0 [ 88.421369][ T4561] _raw_read_lock_irqsave+0xac/0xf0 [ 88.428575][ T4561] kill_fasync+0x16d/0x490 [ 88.435013][ T4561] lease_break_callback+0x22/0x30 [ 88.442165][ T4561] __break_lease+0x4a3/0x12b0 [ 88.448913][ T4561] do_dentry_open+0x771/0xf80 [ 88.455601][ T4561] path_openat+0x2682/0x2f30 [ 88.462219][ T4561] do_filp_open+0x1b3/0x3e0 [ 88.468826][ T4561] do_sys_openat2+0x142/0x4a0 [ 88.475626][ T4561] __x64_sys_open+0x11b/0x140 [ 88.482372][ T4561] do_syscall_64+0x4c/0xa0 [ 88.488863][ T4561] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.496795][ T4561] } [ 88.499309][ T4561] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 88.508044][ T4561] ... acquired at: [ 88.511866][ T4561] _raw_read_lock_irqsave+0xac/0xf0 [ 88.517266][ T4561] kill_fasync+0x16d/0x490 [ 88.521883][ T4561] evdev_pass_values+0x54b/0xab0 [ 88.527012][ T4561] evdev_events+0x1c0/0x2f0 [ 88.531719][ T4561] input_pass_values+0x880/0x1220 [ 88.536936][ T4561] input_handle_event+0xb3f/0x1490 [ 88.542236][ T4561] input_inject_event+0x1b9/0x2c0 [ 88.547483][ T4561] evdev_write+0x326/0x470 [ 88.552180][ T4561] vfs_write+0x300/0xd00 [ 88.556614][ T4561] ksys_write+0x14d/0x250 [ 88.561136][ T4561] do_syscall_64+0x4c/0xa0 [ 88.565741][ T4561] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.571833][ T4561] [ 88.574164][ T4561] [ 88.574164][ T4561] stack backtrace: [ 88.580069][ T4561] CPU: 1 PID: 4561 Comm: syz-executor.0 Not tainted 5.15.185-syzkaller #0 [ 88.588589][ T4561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 88.598672][ T4561] Call Trace: [ 88.601968][ T4561] [ 88.604911][ T4561] dump_stack_lvl+0x168/0x230 [ 88.609605][ T4561] ? load_image+0x3b0/0x3b0 [ 88.614120][ T4561] ? show_regs_print_info+0x20/0x20 [ 88.620311][ T4561] ? load_image+0x3b0/0x3b0 [ 88.624834][ T4561] ? print_shortest_lock_dependencies+0xf0/0x160 [ 88.631190][ T4561] __lock_acquire+0x65dd/0x7c60 [ 88.636064][ T4561] ? cpufreq_update_util+0x91/0x230 [ 88.641295][ T4561] ? verify_lock_unused+0x140/0x140 [ 88.646518][ T4561] ? verify_lock_unused+0x140/0x140 [ 88.651739][ T4561] ? do_raw_spin_unlock+0x11d/0x230 [ 88.656967][ T4561] lock_acquire+0x197/0x3f0 [ 88.661653][ T4561] ? kill_fasync+0x16d/0x490 [ 88.666270][ T4561] ? read_lock_is_recursive+0x10/0x10 [ 88.671692][ T4561] _raw_read_lock_irqsave+0xac/0xf0 [ 88.676920][ T4561] ? kill_fasync+0x16d/0x490 [ 88.681528][ T4561] ? _raw_read_lock+0x40/0x40 [ 88.686227][ T4561] ? do_raw_spin_lock+0x11d/0x280 [ 88.691280][ T4561] kill_fasync+0x16d/0x490 [ 88.695718][ T4561] evdev_pass_values+0x54b/0xab0 [ 88.700685][ T4561] ? evdev_pass_values+0x571/0xab0 [ 88.705819][ T4561] evdev_events+0x1c0/0x2f0 [ 88.710348][ T4561] ? evdev_event+0xd0/0xd0 [ 88.714788][ T4561] input_pass_values+0x880/0x1220 [ 88.719975][ T4561] ? read_lock_is_recursive+0x10/0x10 [ 88.725384][ T4561] input_handle_event+0xb3f/0x1490 [ 88.730518][ T4561] input_inject_event+0x1b9/0x2c0 [ 88.735569][ T4561] evdev_write+0x326/0x470 [ 88.740011][ T4561] ? evdev_read+0xb50/0xb50 [ 88.744536][ T4561] ? end_current_label_crit_section+0x14b/0x170 [ 88.750797][ T4561] ? common_file_perm+0x171/0x1c0 [ 88.755844][ T4561] ? fsnotify_perm+0x5d/0x560 [ 88.760546][ T4561] ? security_file_permission+0x75/0xa0 [ 88.766111][ T4561] ? evdev_read+0xb50/0xb50 [ 88.770637][ T4561] vfs_write+0x300/0xd00 [ 88.774907][ T4561] ? file_end_write+0x250/0x250 [ 88.779779][ T4561] ? __fget_files+0x40f/0x480 [ 88.784482][ T4561] ? __fdget_pos+0x1e2/0x370 [ 88.789107][ T4561] ? ksys_write+0x71/0x250 [ 88.793545][ T4561] ksys_write+0x14d/0x250 [ 88.797891][ T4561] ? __ia32_sys_read+0x80/0x80 [ 88.802672][ T4561] ? lockdep_hardirqs_on+0x94/0x140 [ 88.807890][ T4561] do_syscall_64+0x4c/0xa0 [ 88.812323][ T4561] ? clear_bhb_loop+0x30/0x80 [ 88.817008][ T4561] ? clear_bhb_loop+0x30/0x80 [ 88.821693][ T4561] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.827612][ T4561] RIP: 0033:0x7f0574613b29 [ 88.832040][ T4561] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 88.851666][ T4561] RSP: 002b:00007f05739950c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 88.860096][ T4561] RAX: ffffffffffffffda RBX: 00007f0574732f80 RCX: 00007f0574613b29 [ 88.868102][ T4561] RDX: 0000000000000079 RSI: 000000002004d000 RDI: 0000000000000005 [ 88.876094][ T4561] RBP: 00007f057465f47a R08: 0000000000000000 R09: 0000000000000000 [ 88.884092][ T4561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 88.892098][ T4561] R13: 000000000000000b R14: 00007f0574732f80 R15: 00007ffd04077d28 [ 88.900095][ T4561] [ 89.039332][ T13] Bluetooth: hci0: command 0x041b tx timeout 2025/06/08 21:50:28 executed programs: 44 [ 91.119374][ T1326] Bluetooth: hci0: command 0x040f tx timeout [ 93.199459][ T13] Bluetooth: hci0: command 0x0419 tx timeout 2025/06/08 21:50:33 executed programs: 333