Warning: Permanently added '10.128.0.134' (ED25519) to the list of known hosts. 2025/06/08 22:20:10 ignoring optional flag "sandboxArg"="0" 2025/06/08 22:20:10 ignoring optional flag "type"="gce" 2025/06/08 22:20:10 parsed 1 programs 2025/06/08 22:20:12 executed programs: 0 [ 85.644202][ T4447] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 85.802774][ T4489] chnl_net:caif_netlink_parms(): no params data found [ 85.846381][ T4489] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.853572][ T4489] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.861587][ T4489] device bridge_slave_0 entered promiscuous mode [ 85.870486][ T4489] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.877663][ T4489] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.885496][ T4489] device bridge_slave_1 entered promiscuous mode [ 85.908349][ T4489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.919266][ T4489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.943113][ T4489] team0: Port device team_slave_0 added [ 85.950556][ T4489] team0: Port device team_slave_1 added [ 85.970420][ T4489] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.977502][ T4489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.003957][ T4489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.016572][ T4489] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.023716][ T4489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.049930][ T4489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.080811][ T4489] device hsr_slave_0 entered promiscuous mode [ 86.088586][ T4489] device hsr_slave_1 entered promiscuous mode [ 86.590366][ T13] cfg80211: failed to load regulatory.db [ 86.646891][ T4489] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.657190][ T4489] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.667838][ T4489] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.678128][ T4489] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.702325][ T4489] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.709471][ T4489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.716918][ T4489] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.724052][ T4489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.786527][ T4489] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.803869][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.813276][ T155] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.821740][ T155] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.831304][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 86.845997][ T4489] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.856954][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.866264][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.876439][ T155] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.883597][ T155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.897661][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.906383][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.915385][ T155] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.922520][ T155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.935405][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 86.951190][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 86.970404][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 86.982658][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.992350][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 87.003206][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 87.022193][ T4489] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 87.032688][ T4489] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.047480][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 87.056144][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 87.069650][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 87.080874][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 87.089945][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 87.107128][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 87.229703][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 87.238957][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 87.253699][ T4489] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.278723][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 87.289518][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 87.312903][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 87.323310][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 87.334422][ T4489] device veth0_vlan entered promiscuous mode [ 87.343831][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 87.352128][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 87.366517][ T4489] device veth1_vlan entered promiscuous mode [ 87.392704][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 87.401912][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 87.410370][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 87.419924][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 87.431152][ T4489] device veth0_macvtap entered promiscuous mode [ 87.442815][ T4489] device veth1_macvtap entered promiscuous mode [ 87.461169][ T4489] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.469186][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 87.478386][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 87.486516][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 87.496182][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 87.509125][ T4489] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.519912][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 87.529388][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 87.542114][ T4489] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.552366][ T4489] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.561506][ T4489] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.571089][ T4489] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.629765][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.644092][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.663357][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 87.680375][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.690090][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.701208][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 87.759642][ T4568] [ 87.762022][ T4568] ===================================================== [ 87.769016][ T4568] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 87.776506][ T4568] 5.15.185-syzkaller #0 Not tainted [ 87.781719][ T4568] ----------------------------------------------------- [ 87.788762][ T4568] syz-executor.0/4568 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 87.796751][ T4568] ffff8880769f4638 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x2f/0x330 [ 87.805625][ T4568] [ 87.805625][ T4568] and this task is already holding: [ 87.812996][ T4568] ffff888071e87018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x16d/0x490 [ 87.821696][ T4568] which would create a new lock dependency: [ 87.827576][ T4568] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){....}-{2:2} [ 87.835320][ T4568] [ 87.835320][ T4568] but this new dependency connects a HARDIRQ-irq-safe lock: [ 87.844938][ T4568] (&dev->event_lock#2){-.-.}-{2:2} [ 87.844963][ T4568] [ 87.844963][ T4568] ... which became HARDIRQ-irq-safe at: [ 87.857854][ T4568] lock_acquire+0x197/0x3f0 [ 87.862446][ T4568] _raw_spin_lock_irqsave+0xa4/0xf0 [ 87.867832][ T4568] input_event+0x76/0xb0 [ 87.872159][ T4568] psmouse_report_standard_packet+0x4f/0x200 [ 87.878232][ T4568] psmouse_process_byte+0x42b/0x620 [ 87.883530][ T4568] psmouse_handle_byte+0x43/0x490 [ 87.888735][ T4568] psmouse_interrupt+0x699/0x1130 [ 87.893874][ T4568] serio_interrupt+0x87/0x130 [ 87.898639][ T4568] i8042_interrupt+0x369/0x710 [ 87.903489][ T4568] __handle_irq_event_percpu+0x291/0x9b0 [ 87.909218][ T4568] handle_irq_event+0xa5/0x220 [ 87.914095][ T4568] handle_edge_irq+0x243/0xb20 [ 87.918950][ T4568] __common_interrupt+0xd7/0x1e0 [ 87.923974][ T4568] common_interrupt+0x59/0xd0 [ 87.928759][ T4568] asm_common_interrupt+0x22/0x40 [ 87.933871][ T4568] unwind_get_return_address+0x5/0x80 [ 87.939416][ T4568] arch_stack_walk+0xf2/0x140 [ 87.944181][ T4568] stack_trace_save+0x98/0xe0 [ 87.948976][ T4568] kasan_set_track+0x4b/0x70 [ 87.953676][ T4568] kasan_set_free_info+0x1f/0x40 [ 87.958700][ T4568] ____kasan_slab_free+0xd5/0x110 [ 87.963808][ T4568] slab_free_freelist_hook+0xea/0x170 [ 87.969271][ T4568] kmem_cache_free+0x8f/0x210 [ 87.974058][ T4568] __put_task_struct+0x2c1/0x480 [ 87.979077][ T4568] rcu_core+0x962/0x15d0 [ 87.983399][ T4568] handle_softirqs+0x328/0x820 [ 87.988244][ T4568] __irq_exit_rcu+0x12f/0x220 [ 87.993006][ T4568] irq_exit_rcu+0x5/0x20 [ 87.997355][ T4568] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 88.003073][ T4568] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 88.009251][ T4568] console_unlock+0xd90/0x1200 [ 88.014206][ T4568] vprintk_emit+0xc0/0x150 [ 88.018714][ T4568] _printk+0xcc/0x110 [ 88.022778][ T4568] usb_register_driver+0x2cd/0x3d0 [ 88.028067][ T4568] do_one_initcall+0x1ee/0x680 [ 88.032920][ T4568] do_initcall_level+0x137/0x1f0 [ 88.037940][ T4568] do_initcalls+0x4b/0x90 [ 88.042353][ T4568] kernel_init_freeable+0x3ce/0x560 [ 88.047636][ T4568] kernel_init+0x19/0x1b0 [ 88.052223][ T4568] ret_from_fork+0x1f/0x30 [ 88.056739][ T4568] [ 88.056739][ T4568] to a HARDIRQ-irq-unsafe lock: [ 88.063849][ T4568] (tasklist_lock){.+.+}-{2:2} [ 88.063876][ T4568] [ 88.063876][ T4568] ... which became HARDIRQ-irq-unsafe at: [ 88.076617][ T4568] ... [ 88.076624][ T4568] lock_acquire+0x197/0x3f0 [ 88.083801][ T4568] _raw_read_lock+0x32/0x40 [ 88.088396][ T4568] do_wait+0x293/0xac0 [ 88.092551][ T4568] kernel_wait+0xa8/0x160 [ 88.096971][ T4568] call_usermodehelper_exec_work+0xb5/0x220 [ 88.102974][ T4568] process_one_work+0x863/0x1000 [ 88.107998][ T4568] worker_thread+0xaa8/0x12a0 [ 88.113014][ T4568] kthread+0x436/0x520 [ 88.117170][ T4568] ret_from_fork+0x1f/0x30 [ 88.121676][ T4568] [ 88.121676][ T4568] other info that might help us debug this: [ 88.121676][ T4568] [ 88.131900][ T4568] Chain exists of: [ 88.131900][ T4568] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 88.131900][ T4568] [ 88.145031][ T4568] Possible interrupt unsafe locking scenario: [ 88.145031][ T4568] [ 88.153347][ T4568] CPU0 CPU1 [ 88.158708][ T4568] ---- ---- [ 88.164067][ T4568] lock(tasklist_lock); [ 88.168318][ T4568] local_irq_disable(); [ 88.175068][ T4568] lock(&dev->event_lock#2); [ 88.182268][ T4568] lock(&new->fa_lock); [ 88.189034][ T4568] [ 88.192483][ T4568] lock(&dev->event_lock#2); [ 88.197373][ T4568] [ 88.197373][ T4568] *** DEADLOCK *** [ 88.197373][ T4568] [ 88.205518][ T4568] 8 locks held by syz-executor.0/4568: [ 88.211064][ T4568] #0: ffff888025599110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x177/0x470 [ 88.220211][ T4568] #1: ffff88802528e230 (&dev->event_lock#2){-.-.}-{2:2}, at: input_inject_event+0x9e/0x2c0 [ 88.230307][ T4568] #2: ffffffff8c11bfa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 88.239712][ T4568] #3: ffffffff8c11bfa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 88.249148][ T4568] #4: ffffffff8c11bfa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 88.258470][ T4568] #5: ffff8880185a3028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0 [ 88.268658][ T4568] #6: ffffffff8c11bfa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 88.278064][ T4568] #7: ffff888071e87018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x16d/0x490 [ 88.287210][ T4568] [ 88.287210][ T4568] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 88.297626][ T4568] -> (&dev->event_lock#2){-.-.}-{2:2} { [ 88.303361][ T4568] IN-HARDIRQ-W at: [ 88.307511][ T4568] lock_acquire+0x197/0x3f0 [ 88.314194][ T4568] _raw_spin_lock_irqsave+0xa4/0xf0 [ 88.321416][ T4568] input_event+0x76/0xb0 [ 88.327656][ T4568] psmouse_report_standard_packet+0x4f/0x200 [ 88.335632][ T4568] psmouse_process_byte+0x42b/0x620 [ 88.342822][ T4568] psmouse_handle_byte+0x43/0x490 [ 88.349843][ T4568] psmouse_interrupt+0x699/0x1130 [ 88.356976][ T4568] serio_interrupt+0x87/0x130 [ 88.363649][ T4568] i8042_interrupt+0x369/0x710 [ 88.370496][ T4568] __handle_irq_event_percpu+0x291/0x9b0 [ 88.378124][ T4568] handle_irq_event+0xa5/0x220 [ 88.384879][ T4568] handle_edge_irq+0x243/0xb20 [ 88.391645][ T4568] __common_interrupt+0xd7/0x1e0 [ 88.398600][ T4568] common_interrupt+0x59/0xd0 [ 88.405286][ T4568] asm_common_interrupt+0x22/0x40 [ 88.412309][ T4568] unwind_get_return_address+0x5/0x80 [ 88.419688][ T4568] arch_stack_walk+0xf2/0x140 [ 88.426363][ T4568] stack_trace_save+0x98/0xe0 [ 88.433035][ T4568] kasan_set_track+0x4b/0x70 [ 88.439624][ T4568] kasan_set_free_info+0x1f/0x40 [ 88.446556][ T4568] ____kasan_slab_free+0xd5/0x110 [ 88.453581][ T4568] slab_free_freelist_hook+0xea/0x170 [ 88.460969][ T4568] kmem_cache_free+0x8f/0x210 [ 88.467902][ T4568] __put_task_struct+0x2c1/0x480 [ 88.474839][ T4568] rcu_core+0x962/0x15d0 [ 88.481102][ T4568] handle_softirqs+0x328/0x820 [ 88.487886][ T4568] __irq_exit_rcu+0x12f/0x220 [ 88.494563][ T4568] irq_exit_rcu+0x5/0x20 [ 88.500800][ T4568] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 88.508433][ T4568] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 88.516457][ T4568] console_unlock+0xd90/0x1200 [ 88.523223][ T4568] vprintk_emit+0xc0/0x150 [ 88.529635][ T4568] _printk+0xcc/0x110 [ 88.535611][ T4568] usb_register_driver+0x2cd/0x3d0 [ 88.542720][ T4568] do_one_initcall+0x1ee/0x680 [ 88.549485][ T4568] do_initcall_level+0x137/0x1f0 [ 88.556440][ T4568] do_initcalls+0x4b/0x90 [ 88.562764][ T4568] kernel_init_freeable+0x3ce/0x560 [ 88.569965][ T4568] kernel_init+0x19/0x1b0 [ 88.576290][ T4568] ret_from_fork+0x1f/0x30 [ 88.582705][ T4568] IN-SOFTIRQ-W at: [ 88.586858][ T4568] lock_acquire+0x197/0x3f0 [ 88.593362][ T4568] _raw_spin_lock_irqsave+0xa4/0xf0 [ 88.600732][ T4568] input_event+0x76/0xb0 [ 88.606970][ T4568] psmouse_report_standard_packet+0x4f/0x200 [ 88.614950][ T4568] psmouse_process_byte+0x42b/0x620 [ 88.622161][ T4568] psmouse_handle_byte+0x43/0x490 [ 88.629184][ T4568] psmouse_interrupt+0x699/0x1130 [ 88.636204][ T4568] serio_interrupt+0x87/0x130 [ 88.642887][ T4568] i8042_interrupt+0x369/0x710 [ 88.649650][ T4568] __handle_irq_event_percpu+0x291/0x9b0 [ 88.657282][ T4568] handle_irq_event+0xa5/0x220 [ 88.664167][ T4568] handle_edge_irq+0x243/0xb20 [ 88.670925][ T4568] __common_interrupt+0xd7/0x1e0 [ 88.677878][ T4568] common_interrupt+0x59/0xd0 [ 88.684554][ T4568] asm_common_interrupt+0x22/0x40 [ 88.691574][ T4568] unwind_get_return_address+0x5/0x80 [ 88.698958][ T4568] arch_stack_walk+0xf2/0x140 [ 88.705632][ T4568] stack_trace_save+0x98/0xe0 [ 88.712429][ T4568] kasan_set_track+0x4b/0x70 [ 88.719021][ T4568] kasan_set_free_info+0x1f/0x40 [ 88.725962][ T4568] ____kasan_slab_free+0xd5/0x110 [ 88.732983][ T4568] slab_free_freelist_hook+0xea/0x170 [ 88.740441][ T4568] kmem_cache_free+0x8f/0x210 [ 88.747204][ T4568] __put_task_struct+0x2c1/0x480 [ 88.754140][ T4568] rcu_core+0x962/0x15d0 [ 88.760464][ T4568] handle_softirqs+0x328/0x820 [ 88.767227][ T4568] __irq_exit_rcu+0x12f/0x220 [ 88.773914][ T4568] irq_exit_rcu+0x5/0x20 [ 88.780183][ T4568] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 88.787811][ T4568] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 88.795800][ T4568] console_unlock+0xd90/0x1200 [ 88.802565][ T4568] vprintk_emit+0xc0/0x150 [ 88.808981][ T4568] _printk+0xcc/0x110 [ 88.814967][ T4568] usb_register_driver+0x2cd/0x3d0 [ 88.822118][ T4568] do_one_initcall+0x1ee/0x680 [ 88.828897][ T4568] do_initcall_level+0x137/0x1f0 [ 88.836121][ T4568] do_initcalls+0x4b/0x90 [ 88.842467][ T4568] kernel_init_freeable+0x3ce/0x560 [ 88.849666][ T4568] kernel_init+0x19/0x1b0 [ 88.855999][ T4568] ret_from_fork+0x1f/0x30 [ 88.862529][ T4568] INITIAL USE at: [ 88.866612][ T4568] lock_acquire+0x197/0x3f0 [ 88.873153][ T4568] _raw_spin_lock_irqsave+0xa4/0xf0 [ 88.880267][ T4568] input_inject_event+0x9e/0x2c0 [ 88.887113][ T4568] led_trigger_event+0x10a/0x1e0 [ 88.893964][ T4568] kbd_led_trigger_activate+0xb9/0x100 [ 88.901773][ T4568] led_trigger_set+0x504/0x900 [ 88.908447][ T4568] led_trigger_set_default+0x19c/0x1e0 [ 88.915816][ T4568] led_classdev_register_ext+0x68f/0x870 [ 88.923368][ T4568] input_leds_connect+0x51d/0x750 [ 88.930304][ T4568] input_register_device+0xda7/0x1140 [ 88.937611][ T4568] atkbd_connect+0x759/0xa10 [ 88.944109][ T4568] serio_driver_probe+0x76/0x90 [ 88.950869][ T4568] really_probe+0x284/0xc80 [ 88.957287][ T4568] __driver_probe_device+0x18c/0x330 [ 88.964493][ T4568] driver_probe_device+0x4f/0x420 [ 88.971511][ T4568] __driver_attach+0x46b/0x670 [ 88.978291][ T4568] bus_for_each_dev+0x175/0x1e0 [ 88.985084][ T4568] serio_handle_event+0x29c/0x840 [ 88.992031][ T4568] process_one_work+0x863/0x1000 [ 88.999040][ T4568] worker_thread+0xaa8/0x12a0 [ 89.005630][ T4568] kthread+0x436/0x520 [ 89.011609][ T4568] ret_from_fork+0x1f/0x30 [ 89.017938][ T4568] } [ 89.020606][ T4568] ... key at: [] input_allocate_device.__key.6+0x0/0x20 [ 89.029887][ T4568] -> (&client->buffer_lock){....}-{2:2} { [ 89.035705][ T4568] INITIAL USE at: [ 89.039681][ T4568] lock_acquire+0x197/0x3f0 [ 89.046102][ T4568] _raw_spin_lock+0x2a/0x40 [ 89.052361][ T4568] evdev_pass_values+0xcb/0xab0 [ 89.058957][ T4568] evdev_events+0x1c0/0x2f0 [ 89.065207][ T4568] input_pass_values+0x880/0x1220 [ 89.072053][ T4568] input_handle_event+0xb3f/0x1490 [ 89.078908][ T4568] input_inject_event+0x1b9/0x2c0 [ 89.085682][ T4568] evdev_write+0x326/0x470 [ 89.091971][ T4568] vfs_write+0x300/0xd00 [ 89.097955][ T4568] ksys_write+0x14d/0x250 [ 89.104123][ T4568] do_syscall_64+0x4c/0xa0 [ 89.110275][ T4568] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.118030][ T4568] } [ 89.120614][ T4568] ... key at: [] evdev_open.__key.22+0x0/0x20 [ 89.128859][ T4568] ... acquired at: [ 89.132752][ T4568] _raw_spin_lock+0x2a/0x40 [ 89.137425][ T4568] evdev_pass_values+0xcb/0xab0 [ 89.142466][ T4568] evdev_events+0x1c0/0x2f0 [ 89.147141][ T4568] input_pass_values+0x880/0x1220 [ 89.152336][ T4568] input_handle_event+0xb3f/0x1490 [ 89.157705][ T4568] input_inject_event+0x1b9/0x2c0 [ 89.162903][ T4568] evdev_write+0x326/0x470 [ 89.167499][ T4568] vfs_write+0x300/0xd00 [ 89.172001][ T4568] ksys_write+0x14d/0x250 [ 89.176592][ T4568] do_syscall_64+0x4c/0xa0 [ 89.181221][ T4568] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.187288][ T4568] [ 89.189628][ T4568] -> (&new->fa_lock){....}-{2:2} { [ 89.194860][ T4568] INITIAL READ USE at: [ 89.199191][ T4568] lock_acquire+0x197/0x3f0 [ 89.205830][ T4568] _raw_read_lock_irqsave+0xac/0xf0 [ 89.213046][ T4568] kill_fasync+0x16d/0x490 [ 89.219990][ T4568] evdev_pass_values+0x54b/0xab0 [ 89.226939][ T4568] evdev_events+0x1c0/0x2f0 [ 89.233533][ T4568] input_pass_values+0x880/0x1220 [ 89.240560][ T4568] input_handle_event+0xb3f/0x1490 [ 89.247681][ T4568] input_inject_event+0x1b9/0x2c0 [ 89.254709][ T4568] evdev_write+0x326/0x470 [ 89.261122][ T4568] vfs_write+0x300/0xd00 [ 89.267359][ T4568] ksys_write+0x14d/0x250 [ 89.273688][ T4568] do_syscall_64+0x4c/0xa0 [ 89.280115][ T4568] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.288009][ T4568] } [ 89.290504][ T4568] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 89.299197][ T4568] ... acquired at: [ 89.303003][ T4568] _raw_read_lock_irqsave+0xac/0xf0 [ 89.308378][ T4568] kill_fasync+0x16d/0x490 [ 89.312969][ T4568] evdev_pass_values+0x54b/0xab0 [ 89.318085][ T4568] evdev_events+0x1c0/0x2f0 [ 89.322761][ T4568] input_pass_values+0x880/0x1220 [ 89.327960][ T4568] input_handle_event+0xb3f/0x1490 [ 89.333245][ T4568] input_inject_event+0x1b9/0x2c0 [ 89.338453][ T4568] evdev_write+0x326/0x470 [ 89.343047][ T4568] vfs_write+0x300/0xd00 [ 89.347458][ T4568] ksys_write+0x14d/0x250 [ 89.351959][ T4568] do_syscall_64+0x4c/0xa0 [ 89.356544][ T4568] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.362615][ T4568] [ 89.364933][ T4568] [ 89.364933][ T4568] the dependencies between the lock to be acquired [ 89.364940][ T4568] and HARDIRQ-irq-unsafe lock: [ 89.378484][ T4568] -> (tasklist_lock){.+.+}-{2:2} { [ 89.383783][ T4568] HARDIRQ-ON-R at: [ 89.387849][ T4568] lock_acquire+0x197/0x3f0 [ 89.394177][ T4568] _raw_read_lock+0x32/0x40 [ 89.400505][ T4568] do_wait+0x293/0xac0 [ 89.406403][ T4568] kernel_wait+0xa8/0x160 [ 89.412557][ T4568] call_usermodehelper_exec_work+0xb5/0x220 [ 89.420278][ T4568] process_one_work+0x863/0x1000 [ 89.427044][ T4568] worker_thread+0xaa8/0x12a0 [ 89.433631][ T4568] kthread+0x436/0x520 [ 89.439528][ T4568] ret_from_fork+0x1f/0x30 [ 89.445768][ T4568] SOFTIRQ-ON-R at: [ 89.449844][ T4568] lock_acquire+0x197/0x3f0 [ 89.456174][ T4568] _raw_read_lock+0x32/0x40 [ 89.462503][ T4568] do_wait+0x293/0xac0 [ 89.468400][ T4568] kernel_wait+0xa8/0x160 [ 89.474557][ T4568] call_usermodehelper_exec_work+0xb5/0x220 [ 89.482300][ T4568] process_one_work+0x863/0x1000 [ 89.489064][ T4568] worker_thread+0xaa8/0x12a0 [ 89.495566][ T4568] kthread+0x436/0x520 [ 89.501456][ T4568] ret_from_fork+0x1f/0x30 [ 89.507698][ T4568] INITIAL USE at: [ 89.511692][ T4568] lock_acquire+0x197/0x3f0 [ 89.517938][ T4568] _raw_write_lock_irq+0x9f/0xe0 [ 89.524615][ T4568] copy_process+0x234a/0x3e00 [ 89.531055][ T4568] kernel_clone+0x219/0x930 [ 89.537294][ T4568] kernel_thread+0xc8/0x120 [ 89.543533][ T4568] rest_init+0x21/0x330 [ 89.549424][ T4568] start_kernel+0x486/0x530 [ 89.555754][ T4568] secondary_startup_64_no_verify+0xb1/0xbb [ 89.563388][ T4568] INITIAL READ USE at: [ 89.567822][ T4568] lock_acquire+0x197/0x3f0 [ 89.574495][ T4568] _raw_read_lock+0x32/0x40 [ 89.581170][ T4568] do_wait+0x293/0xac0 [ 89.587419][ T4568] kernel_wait+0xa8/0x160 [ 89.593920][ T4568] call_usermodehelper_exec_work+0xb5/0x220 [ 89.601984][ T4568] process_one_work+0x863/0x1000 [ 89.609196][ T4568] worker_thread+0xaa8/0x12a0 [ 89.616044][ T4568] kthread+0x436/0x520 [ 89.622282][ T4568] ret_from_fork+0x1f/0x30 [ 89.628873][ T4568] } [ 89.631456][ T4568] ... key at: [] tasklist_lock+0x18/0x40 [ 89.639263][ T4568] ... acquired at: [ 89.643146][ T4568] _raw_read_lock+0x32/0x40 [ 89.647823][ T4568] send_sigurg+0xcb/0x390 [ 89.652324][ T4568] sk_send_sigurg+0x6b/0xc0 [ 89.656999][ T4568] queue_oob+0x620/0x800 [ 89.661414][ T4568] unix_stream_sendmsg+0xb5d/0xc80 [ 89.666708][ T4568] ____sys_sendmsg+0x5a2/0x8c0 [ 89.671648][ T4568] ___sys_sendmsg+0x1f0/0x260 [ 89.676497][ T4568] __se_sys_sendmsg+0x190/0x250 [ 89.681524][ T4568] do_syscall_64+0x4c/0xa0 [ 89.686110][ T4568] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.692178][ T4568] [ 89.694493][ T4568] -> (&f->f_owner.lock){....}-{2:2} { [ 89.699883][ T4568] INITIAL USE at: [ 89.703772][ T4568] lock_acquire+0x197/0x3f0 [ 89.709843][ T4568] _raw_write_lock_irq+0x9f/0xe0 [ 89.716444][ T4568] __f_setown+0x37/0x330 [ 89.722256][ T4568] f_setown+0x120/0x1c0 [ 89.727983][ T4568] do_fcntl+0x192/0x12d0 [ 89.733875][ T4568] __se_sys_fcntl+0xcc/0x190 [ 89.740125][ T4568] do_syscall_64+0x4c/0xa0 [ 89.746105][ T4568] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.753566][ T4568] INITIAL READ USE at: [ 89.757889][ T4568] lock_acquire+0x197/0x3f0 [ 89.764388][ T4568] _raw_read_lock_irqsave+0xac/0xf0 [ 89.771587][ T4568] send_sigurg+0x25/0x390 [ 89.777912][ T4568] sk_send_sigurg+0x6b/0xc0 [ 89.784500][ T4568] queue_oob+0x620/0x800 [ 89.790740][ T4568] unix_stream_sendmsg+0xb5d/0xc80 [ 89.797847][ T4568] ____sys_sendmsg+0x5a2/0x8c0 [ 89.804612][ T4568] ___sys_sendmsg+0x1f0/0x260 [ 89.811288][ T4568] __se_sys_sendmsg+0x190/0x250 [ 89.818141][ T4568] do_syscall_64+0x4c/0xa0 [ 89.824553][ T4568] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.832443][ T4568] } [ 89.834940][ T4568] ... key at: [] __alloc_file.__key+0x0/0x10 [ 89.843004][ T4568] ... acquired at: [ 89.846798][ T4568] _raw_read_lock_irqsave+0xac/0xf0 [ 89.852169][ T4568] send_sigio+0x2f/0x330 [ 89.856587][ T4568] kill_fasync+0x20a/0x490 [ 89.861179][ T4568] evdev_pass_values+0x54b/0xab0 [ 89.866321][ T4568] evdev_events+0x1c0/0x2f0 [ 89.870996][ T4568] input_pass_values+0x880/0x1220 [ 89.876312][ T4568] input_handle_event+0xb3f/0x1490 [ 89.881596][ T4568] input_inject_event+0x1b9/0x2c0 [ 89.886805][ T4568] evdev_write+0x326/0x470 [ 89.891397][ T4568] vfs_write+0x300/0xd00 [ 89.895812][ T4568] ksys_write+0x14d/0x250 [ 89.900316][ T4568] do_syscall_64+0x4c/0xa0 [ 89.904904][ T4568] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.910973][ T4568] [ 89.913311][ T4568] [ 89.913311][ T4568] stack backtrace: [ 89.919204][ T4568] CPU: 0 PID: 4568 Comm: syz-executor.0 Not tainted 5.15.185-syzkaller #0 [ 89.927710][ T4568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 89.937785][ T4568] Call Trace: [ 89.941070][ T4568] [ 89.944000][ T4568] dump_stack_lvl+0x168/0x230 [ 89.948825][ T4568] ? load_image+0x3b0/0x3b0 [ 89.953328][ T4568] ? show_regs_print_info+0x20/0x20 [ 89.958548][ T4568] ? load_image+0x3b0/0x3b0 [ 89.963061][ T4568] ? print_shortest_lock_dependencies+0xf0/0x160 [ 89.969395][ T4568] __lock_acquire+0x65dd/0x7c60 [ 89.974264][ T4568] ? verify_lock_unused+0x140/0x140 [ 89.979571][ T4568] lock_acquire+0x197/0x3f0 [ 89.984076][ T4568] ? send_sigio+0x2f/0x330 [ 89.988499][ T4568] ? read_lock_is_recursive+0x10/0x10 [ 89.993883][ T4568] ? read_lock_is_recursive+0x10/0x10 [ 89.999270][ T4568] _raw_read_lock_irqsave+0xac/0xf0 [ 90.004495][ T4568] ? send_sigio+0x2f/0x330 [ 90.008910][ T4568] ? _raw_read_lock+0x40/0x40 [ 90.013587][ T4568] ? _raw_read_lock_irqsave+0xb8/0xf0 [ 90.019052][ T4568] ? _raw_read_lock+0x40/0x40 [ 90.023726][ T4568] ? do_raw_spin_lock+0x11d/0x280 [ 90.028759][ T4568] send_sigio+0x2f/0x330 [ 90.033068][ T4568] kill_fasync+0x20a/0x490 [ 90.037514][ T4568] evdev_pass_values+0x54b/0xab0 [ 90.042479][ T4568] ? evdev_pass_values+0x571/0xab0 [ 90.047630][ T4568] evdev_events+0x1c0/0x2f0 [ 90.052142][ T4568] ? evdev_event+0xd0/0xd0 [ 90.056564][ T4568] input_pass_values+0x880/0x1220 [ 90.061593][ T4568] ? read_lock_is_recursive+0x10/0x10 [ 90.066973][ T4568] input_handle_event+0xb3f/0x1490 [ 90.072155][ T4568] input_inject_event+0x1b9/0x2c0 [ 90.077200][ T4568] evdev_write+0x326/0x470 [ 90.081619][ T4568] ? evdev_read+0xb50/0xb50 [ 90.086128][ T4568] ? end_current_label_crit_section+0x14b/0x170 [ 90.092392][ T4568] ? common_file_perm+0x171/0x1c0 [ 90.097414][ T4568] ? fsnotify_perm+0x5d/0x560 [ 90.102119][ T4568] ? security_file_permission+0x75/0xa0 [ 90.107674][ T4568] ? evdev_read+0xb50/0xb50 [ 90.112181][ T4568] vfs_write+0x300/0xd00 [ 90.116429][ T4568] ? file_end_write+0x250/0x250 [ 90.121280][ T4568] ? __fget_files+0x40f/0x480 [ 90.125961][ T4568] ? __fdget_pos+0x1e2/0x370 [ 90.130548][ T4568] ? ksys_write+0x71/0x250 [ 90.134961][ T4568] ksys_write+0x14d/0x250 [ 90.139304][ T4568] ? __ia32_sys_read+0x80/0x80 [ 90.144072][ T4568] ? lockdep_hardirqs_on+0x94/0x140 [ 90.149284][ T4568] do_syscall_64+0x4c/0xa0 [ 90.153707][ T4568] ? clear_bhb_loop+0x30/0x80 [ 90.158412][ T4568] ? clear_bhb_loop+0x30/0x80 [ 90.163194][ T4568] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 90.169103][ T4568] RIP: 0033:0x7fccfc9ddca9 [ 90.173521][ T4568] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 90.193211][ T4568] RSP: 002b:00007fccfbd5e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 90.201627][ T4568] RAX: ffffffffffffffda RBX: 00007fccfcb0bf80 RCX: 00007fccfc9ddca9 [ 90.209603][ T4568] RDX: 0000000000002778 RSI: 0000000020000040 RDI: 0000000000000006 [ 90.217602][ T4568] RBP: 00007fccfca2947e R08: 0000000000000000 R09: 0000000000000000 [ 90.225582][ T4568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 90.233604][ T4568] R13: 000000000000000b R14: 00007fccfcb0bf80 R15: 00007ffd13dddeb8 [ 90.241599][ T4568] [ 90.245356][ T4191] Bluetooth: hci0: command 0x0409 tx timeout 2025/06/08 22:20:17 executed programs: 16 [ 92.278098][ T4189] Bluetooth: hci0: command 0x041b tx timeout [ 94.349233][ T4191] Bluetooth: hci0: command 0x040f tx timeout 2025/06/08 22:20:22 executed programs: 221 [ 96.426664][ T4191] Bluetooth: hci0: command 0x0419 tx timeout