Warning: Permanently added '10.128.10.29' (ED25519) to the list of known hosts. 2025/06/08 22:33:33 ignoring optional flag "sandboxArg"="0" 2025/06/08 22:33:33 ignoring optional flag "type"="gce" 2025/06/08 22:33:33 parsed 1 programs 2025/06/08 22:33:35 executed programs: 0 [ 83.860075][ T4475] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 84.019938][ T4494] chnl_net:caif_netlink_parms(): no params data found [ 84.063310][ T4494] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.070450][ T4494] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.078494][ T4494] device bridge_slave_0 entered promiscuous mode [ 84.086502][ T4494] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.093839][ T4494] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.102304][ T4494] device bridge_slave_1 entered promiscuous mode [ 84.124147][ T4494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.135076][ T4494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.159766][ T4494] team0: Port device team_slave_0 added [ 84.167635][ T4494] team0: Port device team_slave_1 added [ 84.186288][ T4494] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.193430][ T4494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.219347][ T4494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.232001][ T4494] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.239039][ T4494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.265099][ T4494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.296103][ T4494] device hsr_slave_0 entered promiscuous mode [ 84.303104][ T4494] device hsr_slave_1 entered promiscuous mode [ 84.916392][ T4494] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.926297][ T4494] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.937126][ T4494] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.947534][ T4494] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.971182][ T4494] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.978407][ T4494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.985865][ T4494] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.993030][ T4494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.005072][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.013039][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.067382][ T4494] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.082064][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 85.099319][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.113451][ T4494] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.125032][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 85.134657][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 85.144830][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.151921][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.175095][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 85.185389][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 85.195477][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.202577][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.212951][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.224238][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.234711][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 85.245916][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 85.263403][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 85.272249][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 85.281356][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 85.290583][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 85.299501][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.312684][ T4494] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 85.324659][ T4494] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.333569][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 85.347026][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.476519][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 85.485870][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 85.500039][ T4494] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.528362][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 85.537972][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 85.557356][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 85.568135][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 85.577895][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 85.588170][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 85.598789][ T4494] device veth0_vlan entered promiscuous mode [ 85.612608][ T4494] device veth1_vlan entered promiscuous mode [ 85.637029][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 85.645900][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 85.655068][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 85.666093][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 85.678398][ T4494] device veth0_macvtap entered promiscuous mode [ 85.689640][ T4494] device veth1_macvtap entered promiscuous mode [ 85.707860][ T4494] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.717461][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 85.736393][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 85.745297][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 85.755653][ T1172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 85.771094][ T4494] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.778993][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 85.789065][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 85.802478][ T4494] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.812173][ T4494] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.821253][ T4494] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.831902][ T4494] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.906065][ T1172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.923520][ T1172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.935939][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 85.963012][ T1172] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.964193][ T7] Bluetooth: hci0: command 0x0409 tx timeout [ 85.973884][ T1172] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.990355][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.063083][ T4578] [ 86.065463][ T4578] ===================================================== [ 86.072401][ T4578] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 86.079892][ T4578] 5.15.185-syzkaller #0 Not tainted [ 86.085110][ T4578] ----------------------------------------------------- [ 86.092058][ T4578] syz-executor.0/4578 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 86.100059][ T4578] ffffffff8be0a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigurg+0xcb/0x390 [ 86.108715][ T4578] [ 86.108715][ T4578] and this task is already holding: [ 86.116102][ T4578] ffff88802bbba638 (&f->f_owner.lock){....}-{2:2}, at: send_sigurg+0x25/0x390 [ 86.125023][ T4578] which would create a new lock dependency: [ 86.130950][ T4578] (&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2} [ 86.138734][ T4578] [ 86.138734][ T4578] but this new dependency connects a HARDIRQ-irq-safe lock: [ 86.148211][ T4578] (&dev->event_lock#2){-...}-{2:2} [ 86.148247][ T4578] [ 86.148247][ T4578] ... which became HARDIRQ-irq-safe at: [ 86.161163][ T4578] lock_acquire+0x197/0x3f0 [ 86.165793][ T4578] _raw_spin_lock_irqsave+0xa4/0xf0 [ 86.171129][ T4578] input_event+0x76/0xb0 [ 86.175479][ T4578] psmouse_report_standard_packet+0x4f/0x200 [ 86.181588][ T4578] psmouse_process_byte+0x42b/0x620 [ 86.186896][ T4578] psmouse_handle_byte+0x43/0x490 [ 86.192045][ T4578] psmouse_interrupt+0x699/0x1130 [ 86.197174][ T4578] serio_interrupt+0x87/0x130 [ 86.201962][ T4578] i8042_interrupt+0x369/0x710 [ 86.206828][ T4578] __handle_irq_event_percpu+0x291/0x9b0 [ 86.212561][ T4578] handle_irq_event+0xa5/0x220 [ 86.217428][ T4578] handle_edge_irq+0x243/0xb20 [ 86.222308][ T4578] __common_interrupt+0xd7/0x1e0 [ 86.227440][ T4578] common_interrupt+0xb0/0xd0 [ 86.232222][ T4578] asm_common_interrupt+0x22/0x40 [ 86.237355][ T4578] unwind_next_frame+0x9d6/0x1d90 [ 86.242495][ T4578] arch_stack_walk+0x10c/0x140 [ 86.247372][ T4578] stack_trace_save+0x98/0xe0 [ 86.252158][ T4578] __kasan_slab_alloc+0x9c/0xd0 [ 86.257121][ T4578] slab_post_alloc_hook+0x4c/0x380 [ 86.262337][ T4578] kmem_cache_alloc+0x100/0x290 [ 86.267291][ T4578] __kernfs_new_node+0xd6/0x680 [ 86.272382][ T4578] kernfs_new_node+0x148/0x250 [ 86.277256][ T4578] __kernfs_create_file+0x47/0x2e0 [ 86.282565][ T4578] sysfs_add_file_mode_ns+0x2d4/0x3a0 [ 86.288040][ T4578] internal_create_group+0x489/0xcf0 [ 86.293439][ T4578] sysfs_create_groups+0x55/0x120 [ 86.298568][ T4578] bus_add_driver+0x3bd/0x5a0 [ 86.303352][ T4578] driver_register+0x32d/0x430 [ 86.308227][ T4578] __serio_register_driver+0xc3/0x1d0 [ 86.313764][ T4578] do_one_initcall+0x1ee/0x680 [ 86.318643][ T4578] do_initcall_level+0x137/0x1f0 [ 86.323880][ T4578] do_initcalls+0x4b/0x90 [ 86.328331][ T4578] kernel_init_freeable+0x3ce/0x560 [ 86.333816][ T4578] kernel_init+0x19/0x1b0 [ 86.338251][ T4578] ret_from_fork+0x1f/0x30 [ 86.342780][ T4578] [ 86.342780][ T4578] to a HARDIRQ-irq-unsafe lock: [ 86.349810][ T4578] (tasklist_lock){.+.+}-{2:2} [ 86.349839][ T4578] [ 86.349839][ T4578] ... which became HARDIRQ-irq-unsafe at: [ 86.362495][ T4578] ... [ 86.362506][ T4578] lock_acquire+0x197/0x3f0 [ 86.369705][ T4578] _raw_read_lock+0x32/0x40 [ 86.374328][ T4578] do_wait+0x293/0xac0 [ 86.378508][ T4578] kernel_wait+0xa8/0x160 [ 86.383035][ T4578] call_usermodehelper_exec_work+0xb5/0x220 [ 86.389043][ T4578] process_one_work+0x863/0x1000 [ 86.394092][ T4578] worker_thread+0xaa8/0x12a0 [ 86.398878][ T4578] kthread+0x436/0x520 [ 86.403054][ T4578] ret_from_fork+0x1f/0x30 [ 86.407575][ T4578] [ 86.407575][ T4578] other info that might help us debug this: [ 86.407575][ T4578] [ 86.417814][ T4578] Chain exists of: [ 86.417814][ T4578] &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock [ 86.417814][ T4578] [ 86.431049][ T4578] Possible interrupt unsafe locking scenario: [ 86.431049][ T4578] [ 86.439667][ T4578] CPU0 CPU1 [ 86.445054][ T4578] ---- ---- [ 86.450433][ T4578] lock(tasklist_lock); [ 86.455062][ T4578] local_irq_disable(); [ 86.461894][ T4578] lock(&dev->event_lock#2); [ 86.469124][ T4578] lock(&f->f_owner.lock); [ 86.476170][ T4578] [ 86.479643][ T4578] lock(&dev->event_lock#2); [ 86.484529][ T4578] [ 86.484529][ T4578] *** DEADLOCK *** [ 86.484529][ T4578] [ 86.492682][ T4578] 2 locks held by syz-executor.0/4578: [ 86.498242][ T4578] #0: ffff88814c762760 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_sendmsg+0x1d/0x40 [ 86.507505][ T4578] #1: ffff88802bbba638 (&f->f_owner.lock){....}-{2:2}, at: send_sigurg+0x25/0x390 [ 86.516901][ T4578] [ 86.516901][ T4578] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 86.527351][ T4578] -> (&dev->event_lock#2){-...}-{2:2} { [ 86.533209][ T4578] IN-HARDIRQ-W at: [ 86.537488][ T4578] lock_acquire+0x197/0x3f0 [ 86.544194][ T4578] _raw_spin_lock_irqsave+0xa4/0xf0 [ 86.551596][ T4578] input_event+0x76/0xb0 [ 86.558125][ T4578] psmouse_report_standard_packet+0x4f/0x200 [ 86.566302][ T4578] psmouse_process_byte+0x42b/0x620 [ 86.573700][ T4578] psmouse_handle_byte+0x43/0x490 [ 86.580922][ T4578] psmouse_interrupt+0x699/0x1130 [ 86.588148][ T4578] serio_interrupt+0x87/0x130 [ 86.595026][ T4578] i8042_interrupt+0x369/0x710 [ 86.602008][ T4578] __handle_irq_event_percpu+0x291/0x9b0 [ 86.609838][ T4578] handle_irq_event+0xa5/0x220 [ 86.616793][ T4578] handle_edge_irq+0x243/0xb20 [ 86.623756][ T4578] __common_interrupt+0xd7/0x1e0 [ 86.630985][ T4578] common_interrupt+0xb0/0xd0 [ 86.637861][ T4578] asm_common_interrupt+0x22/0x40 [ 86.645090][ T4578] unwind_next_frame+0x9d6/0x1d90 [ 86.652315][ T4578] arch_stack_walk+0x10c/0x140 [ 86.659627][ T4578] stack_trace_save+0x98/0xe0 [ 86.666505][ T4578] __kasan_slab_alloc+0x9c/0xd0 [ 86.673558][ T4578] slab_post_alloc_hook+0x4c/0x380 [ 86.681183][ T4578] kmem_cache_alloc+0x100/0x290 [ 86.688269][ T4578] __kernfs_new_node+0xd6/0x680 [ 86.695317][ T4578] kernfs_new_node+0x148/0x250 [ 86.702281][ T4578] __kernfs_create_file+0x47/0x2e0 [ 86.709724][ T4578] sysfs_add_file_mode_ns+0x2d4/0x3a0 [ 86.717390][ T4578] internal_create_group+0x489/0xcf0 [ 86.724884][ T4578] sysfs_create_groups+0x55/0x120 [ 86.732108][ T4578] bus_add_driver+0x3bd/0x5a0 [ 86.738980][ T4578] driver_register+0x32d/0x430 [ 86.745953][ T4578] __serio_register_driver+0xc3/0x1d0 [ 86.753537][ T4578] do_one_initcall+0x1ee/0x680 [ 86.760509][ T4578] do_initcall_level+0x137/0x1f0 [ 86.767750][ T4578] do_initcalls+0x4b/0x90 [ 86.774281][ T4578] kernel_init_freeable+0x3ce/0x560 [ 86.781703][ T4578] kernel_init+0x19/0x1b0 [ 86.788236][ T4578] ret_from_fork+0x1f/0x30 [ 86.794900][ T4578] INITIAL USE at: [ 86.799078][ T4578] lock_acquire+0x197/0x3f0 [ 86.805735][ T4578] _raw_spin_lock_irqsave+0xa4/0xf0 [ 86.813079][ T4578] input_inject_event+0x9e/0x2c0 [ 86.820133][ T4578] led_trigger_event+0x10a/0x1e0 [ 86.827193][ T4578] kbd_led_trigger_activate+0xb9/0x100 [ 86.834765][ T4578] led_trigger_set+0x504/0x900 [ 86.841649][ T4578] led_trigger_set_default+0x19c/0x1e0 [ 86.849224][ T4578] led_classdev_register_ext+0x68f/0x870 [ 86.856968][ T4578] input_leds_connect+0x51d/0x750 [ 86.864116][ T4578] input_register_device+0xda7/0x1140 [ 86.871602][ T4578] atkbd_connect+0x759/0xa10 [ 86.878308][ T4578] serio_driver_probe+0x76/0x90 [ 86.885274][ T4578] really_probe+0x284/0xc80 [ 86.891890][ T4578] __driver_probe_device+0x18c/0x330 [ 86.899288][ T4578] driver_probe_device+0x4f/0x420 [ 86.906425][ T4578] __driver_attach+0x46b/0x670 [ 86.913293][ T4578] bus_for_each_dev+0x175/0x1e0 [ 86.920248][ T4578] serio_handle_event+0x29c/0x840 [ 86.927380][ T4578] process_one_work+0x863/0x1000 [ 86.934424][ T4578] worker_thread+0xaa8/0x12a0 [ 86.941212][ T4578] kthread+0x436/0x520 [ 86.947390][ T4578] ret_from_fork+0x1f/0x30 [ 86.953936][ T4578] } [ 86.956714][ T4578] ... key at: [] input_allocate_device.__key.6+0x0/0x20 [ 86.966021][ T4578] -> (&client->buffer_lock){....}-{2:2} { [ 86.971958][ T4578] INITIAL USE at: [ 86.976057][ T4578] lock_acquire+0x197/0x3f0 [ 86.982498][ T4578] _raw_spin_lock+0x2a/0x40 [ 86.988937][ T4578] evdev_pass_values+0xcb/0xab0 [ 86.995731][ T4578] evdev_events+0x1c0/0x2f0 [ 87.002168][ T4578] input_pass_values+0x880/0x1220 [ 87.009129][ T4578] input_handle_event+0xb3f/0x1490 [ 87.016173][ T4578] input_inject_event+0x1b9/0x2c0 [ 87.023134][ T4578] evdev_write+0x326/0x470 [ 87.029486][ T4578] vfs_write+0x300/0xd00 [ 87.035659][ T4578] ksys_write+0x14d/0x250 [ 87.041921][ T4578] do_syscall_64+0x4c/0xa0 [ 87.048280][ T4578] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.056120][ T4578] } [ 87.058816][ T4578] ... key at: [] evdev_open.__key.22+0x0/0x20 [ 87.067165][ T4578] ... acquired at: [ 87.071157][ T4578] _raw_spin_lock+0x2a/0x40 [ 87.075862][ T4578] evdev_pass_values+0xcb/0xab0 [ 87.080924][ T4578] evdev_events+0x1c0/0x2f0 [ 87.085629][ T4578] input_pass_values+0x880/0x1220 [ 87.090848][ T4578] input_handle_event+0xb3f/0x1490 [ 87.096175][ T4578] input_inject_event+0x1b9/0x2c0 [ 87.101394][ T4578] evdev_write+0x326/0x470 [ 87.106009][ T4578] vfs_write+0x300/0xd00 [ 87.110561][ T4578] ksys_write+0x14d/0x250 [ 87.115091][ T4578] do_syscall_64+0x4c/0xa0 [ 87.119704][ T4578] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.125799][ T4578] [ 87.128138][ T4578] -> (&new->fa_lock){....}-{2:2} { [ 87.133371][ T4578] INITIAL READ USE at: [ 87.137804][ T4578] lock_acquire+0x197/0x3f0 [ 87.144501][ T4578] _raw_read_lock_irqsave+0xac/0xf0 [ 87.151896][ T4578] kill_fasync+0x16d/0x490 [ 87.158522][ T4578] evdev_pass_values+0x54b/0xab0 [ 87.165694][ T4578] evdev_events+0x1c0/0x2f0 [ 87.172391][ T4578] input_pass_values+0x880/0x1220 [ 87.179611][ T4578] input_handle_event+0xb3f/0x1490 [ 87.186914][ T4578] input_inject_event+0x1b9/0x2c0 [ 87.194134][ T4578] evdev_write+0x326/0x470 [ 87.200749][ T4578] vfs_write+0x300/0xd00 [ 87.207195][ T4578] ksys_write+0x14d/0x250 [ 87.213718][ T4578] do_syscall_64+0x4c/0xa0 [ 87.220328][ T4578] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.228419][ T4578] } [ 87.231014][ T4578] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 87.239883][ T4578] ... acquired at: [ 87.243788][ T4578] _raw_read_lock_irqsave+0xac/0xf0 [ 87.249190][ T4578] kill_fasync+0x16d/0x490 [ 87.253890][ T4578] evdev_pass_values+0x54b/0xab0 [ 87.259031][ T4578] evdev_events+0x1c0/0x2f0 [ 87.263747][ T4578] input_pass_values+0x880/0x1220 [ 87.268970][ T4578] input_handle_event+0xb3f/0x1490 [ 87.274276][ T4578] input_inject_event+0x1b9/0x2c0 [ 87.279494][ T4578] evdev_write+0x326/0x470 [ 87.284102][ T4578] vfs_write+0x300/0xd00 [ 87.288625][ T4578] ksys_write+0x14d/0x250 [ 87.293151][ T4578] do_syscall_64+0x4c/0xa0 [ 87.297765][ T4578] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.303857][ T4578] [ 87.306227][ T4578] -> (&f->f_owner.lock){....}-{2:2} { [ 87.311640][ T4578] INITIAL USE at: [ 87.315552][ T4578] lock_acquire+0x197/0x3f0 [ 87.321733][ T4578] _raw_write_lock_irq+0x9f/0xe0 [ 87.328257][ T4578] __f_setown+0x37/0x330 [ 87.334080][ T4578] f_setown+0x120/0x1c0 [ 87.339819][ T4578] do_fcntl+0x192/0x12d0 [ 87.345646][ T4578] __se_sys_fcntl+0xcc/0x190 [ 87.351823][ T4578] do_syscall_64+0x4c/0xa0 [ 87.357823][ T4578] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.365307][ T4578] INITIAL READ USE at: [ 87.369648][ T4578] lock_acquire+0x197/0x3f0 [ 87.376169][ T4578] _raw_read_lock_irqsave+0xac/0xf0 [ 87.383399][ T4578] send_sigio+0x2f/0x330 [ 87.389660][ T4578] kill_fasync+0x20a/0x490 [ 87.396087][ T4578] evdev_pass_values+0x54b/0xab0 [ 87.403046][ T4578] evdev_events+0x1c0/0x2f0 [ 87.409568][ T4578] input_pass_values+0x880/0x1220 [ 87.416651][ T4578] input_handle_event+0xb3f/0x1490 [ 87.423781][ T4578] input_inject_event+0x1b9/0x2c0 [ 87.430827][ T4578] evdev_write+0x326/0x470 [ 87.437260][ T4578] vfs_write+0x300/0xd00 [ 87.443520][ T4578] ksys_write+0x14d/0x250 [ 87.449878][ T4578] do_syscall_64+0x4c/0xa0 [ 87.456319][ T4578] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.464234][ T4578] } [ 87.466757][ T4578] ... key at: [] __alloc_file.__key+0x0/0x10 [ 87.474848][ T4578] ... acquired at: [ 87.478665][ T4578] _raw_read_lock_irqsave+0xac/0xf0 [ 87.484065][ T4578] send_sigio+0x2f/0x330 [ 87.488502][ T4578] kill_fasync+0x20a/0x490 [ 87.493112][ T4578] evdev_pass_values+0x54b/0xab0 [ 87.498249][ T4578] evdev_events+0x1c0/0x2f0 [ 87.502952][ T4578] input_pass_values+0x880/0x1220 [ 87.508177][ T4578] input_handle_event+0xb3f/0x1490 [ 87.513480][ T4578] input_inject_event+0x1b9/0x2c0 [ 87.518699][ T4578] evdev_write+0x326/0x470 [ 87.523312][ T4578] vfs_write+0x300/0xd00 [ 87.527750][ T4578] ksys_write+0x14d/0x250 [ 87.532275][ T4578] do_syscall_64+0x4c/0xa0 [ 87.536891][ T4578] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.543018][ T4578] [ 87.545449][ T4578] [ 87.545449][ T4578] the dependencies between the lock to be acquired [ 87.545461][ T4578] and HARDIRQ-irq-unsafe lock: [ 87.559006][ T4578] -> (tasklist_lock){.+.+}-{2:2} { [ 87.564253][ T4578] HARDIRQ-ON-R at: [ 87.568254][ T4578] lock_acquire+0x197/0x3f0 [ 87.574435][ T4578] _raw_read_lock+0x32/0x40 [ 87.580616][ T4578] do_wait+0x293/0xac0 [ 87.586368][ T4578] kernel_wait+0xa8/0x160 [ 87.592475][ T4578] call_usermodehelper_exec_work+0xb5/0x220 [ 87.600045][ T4578] process_one_work+0x863/0x1000 [ 87.606667][ T4578] worker_thread+0xaa8/0x12a0 [ 87.613018][ T4578] kthread+0x436/0x520 [ 87.618756][ T4578] ret_from_fork+0x1f/0x30 [ 87.624845][ T4578] SOFTIRQ-ON-R at: [ 87.628843][ T4578] lock_acquire+0x197/0x3f0 [ 87.635034][ T4578] _raw_read_lock+0x32/0x40 [ 87.641218][ T4578] do_wait+0x293/0xac0 [ 87.646964][ T4578] kernel_wait+0xa8/0x160 [ 87.652973][ T4578] call_usermodehelper_exec_work+0xb5/0x220 [ 87.660550][ T4578] process_one_work+0x863/0x1000 [ 87.667212][ T4578] worker_thread+0xaa8/0x12a0 [ 87.673566][ T4578] kthread+0x436/0x520 [ 87.679311][ T4578] ret_from_fork+0x1f/0x30 [ 87.685402][ T4578] INITIAL USE at: [ 87.689312][ T4578] lock_acquire+0x197/0x3f0 [ 87.695402][ T4578] _raw_write_lock_irq+0x9f/0xe0 [ 87.701925][ T4578] copy_process+0x234a/0x3e00 [ 87.708197][ T4578] kernel_clone+0x219/0x930 [ 87.714294][ T4578] kernel_thread+0xc8/0x120 [ 87.720379][ T4578] rest_init+0x21/0x330 [ 87.726122][ T4578] start_kernel+0x486/0x530 [ 87.732209][ T4578] secondary_startup_64_no_verify+0xb1/0xbb [ 87.739692][ T4578] INITIAL READ USE at: [ 87.744039][ T4578] lock_acquire+0x197/0x3f0 [ 87.750602][ T4578] _raw_read_lock+0x32/0x40 [ 87.757138][ T4578] do_wait+0x293/0xac0 [ 87.763227][ T4578] kernel_wait+0xa8/0x160 [ 87.769594][ T4578] call_usermodehelper_exec_work+0xb5/0x220 [ 87.777518][ T4578] process_one_work+0x863/0x1000 [ 87.784486][ T4578] worker_thread+0xaa8/0x12a0 [ 87.791184][ T4578] kthread+0x436/0x520 [ 87.797273][ T4578] ret_from_fork+0x1f/0x30 [ 87.803815][ T4578] } [ 87.806332][ T4578] ... key at: [] tasklist_lock+0x18/0x40 [ 87.814081][ T4578] ... acquired at: [ 87.817894][ T4578] _raw_read_lock+0x32/0x40 [ 87.822604][ T4578] send_sigurg+0xcb/0x390 [ 87.827125][ T4578] sk_send_sigurg+0x6b/0xc0 [ 87.831825][ T4578] tcp_urg+0x2bc/0xb10 [ 87.836090][ T4578] tcp_rcv_established+0xa9c/0x1c80 [ 87.841481][ T4578] tcp_v6_do_rcv+0x539/0x1180 [ 87.846353][ T4578] __release_sock+0x1b9/0x420 [ 87.851223][ T4578] release_sock+0x5b/0x1b0 [ 87.855834][ T4578] tcp_sendmsg+0x35/0x40 [ 87.860270][ T4578] __sys_sendto+0x423/0x580 [ 87.864968][ T4578] __x64_sys_sendto+0xda/0xf0 [ 87.869849][ T4578] do_syscall_64+0x4c/0xa0 [ 87.874462][ T4578] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 87.880644][ T4578] [ 87.882983][ T4578] [ 87.882983][ T4578] stack backtrace: [ 87.888897][ T4578] CPU: 1 PID: 4578 Comm: syz-executor.0 Not tainted 5.15.185-syzkaller #0 [ 87.897419][ T4578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 87.907512][ T4578] Call Trace: [ 87.910821][ T4578] [ 87.913852][ T4578] dump_stack_lvl+0x168/0x230 [ 87.918549][ T4578] ? load_image+0x3b0/0x3b0 [ 87.923088][ T4578] ? show_regs_print_info+0x20/0x20 [ 87.928313][ T4578] ? load_image+0x3b0/0x3b0 [ 87.932845][ T4578] ? print_shortest_lock_dependencies+0xf0/0x160 [ 87.939198][ T4578] __lock_acquire+0x65dd/0x7c60 [ 87.944092][ T4578] ? verify_lock_unused+0x140/0x140 [ 87.949334][ T4578] ? enqueue_timer+0x225/0x520 [ 87.954119][ T4578] ? cubictcp_acked+0xc2/0xe30 [ 87.959098][ T4578] lock_acquire+0x197/0x3f0 [ 87.963845][ T4578] ? send_sigurg+0xcb/0x390 [ 87.968375][ T4578] ? _raw_read_lock_irqsave+0x7f/0xf0 [ 87.973780][ T4578] ? lockdep_hardirqs_off+0x70/0x100 [ 87.979098][ T4578] ? read_lock_is_recursive+0x10/0x10 [ 87.984498][ T4578] ? do_raw_read_lock+0x39/0x80 [ 87.989375][ T4578] ? _raw_read_lock_irqsave+0xb8/0xf0 [ 87.994783][ T4578] ? _raw_read_lock+0x40/0x40 [ 87.999612][ T4578] _raw_read_lock+0x32/0x40 [ 88.004148][ T4578] ? send_sigurg+0xcb/0x390 [ 88.008678][ T4578] send_sigurg+0xcb/0x390 [ 88.013041][ T4578] sk_send_sigurg+0x6b/0xc0 [ 88.017572][ T4578] tcp_urg+0x2bc/0xb10 [ 88.021681][ T4578] ? tcp_validate_incoming+0x23e0/0x23e0 [ 88.027337][ T4578] ? ktime_get+0x247/0x270 [ 88.031788][ T4578] ? inet6_sk_rx_dst_set+0x1ea/0x2a0 [ 88.037102][ T4578] tcp_rcv_established+0xa9c/0x1c80 [ 88.042422][ T4578] ? mark_lock+0x94/0x320 [ 88.046782][ T4578] ? tcp_check_space+0x960/0x960 [ 88.051749][ T4578] tcp_v6_do_rcv+0x539/0x1180 [ 88.056559][ T4578] __release_sock+0x1b9/0x420 [ 88.061278][ T4578] release_sock+0x5b/0x1b0 [ 88.065742][ T4578] tcp_sendmsg+0x35/0x40 [ 88.070022][ T4578] __sys_sendto+0x423/0x580 [ 88.074636][ T4578] ? __ia32_sys_getpeername+0x80/0x80 [ 88.080043][ T4578] ? __lock_acquire+0x7c60/0x7c60 [ 88.085115][ T4578] ? lock_chain_count+0x20/0x20 [ 88.090001][ T4578] ? vtime_user_exit+0x2dc/0x400 [ 88.095049][ T4578] __x64_sys_sendto+0xda/0xf0 [ 88.099751][ T4578] do_syscall_64+0x4c/0xa0 [ 88.104191][ T4578] ? clear_bhb_loop+0x30/0x80 [ 88.108889][ T4578] ? clear_bhb_loop+0x30/0x80 [ 88.113596][ T4578] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 88.119529][ T4578] RIP: 0033:0x7fee9e794e69 [ 88.123963][ T4578] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 88.143597][ T4578] RSP: 002b:00007fee9db150c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 88.152312][ T4578] RAX: ffffffffffffffda RBX: 00007fee9e8c2f80 RCX: 00007fee9e794e69 [ 88.160307][ T4578] RDX: 0000000000000002 RSI: 0000000020000080 RDI: 0000000000000005 [ 88.168300][ T4578] RBP: 00007fee9e7e147a R08: 0000000000000000 R09: 0000000000000000 [ 88.176305][ T4578] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 88.184298][ T4578] R13: 000000000000000b R14: 00007fee9e8c2f80 R15: 00007ffff3ddf198 [ 88.192296][ T4578] [ 88.198971][ T4191] Bluetooth: hci0: command 0x041b tx timeout [ 88.205752][ T21] cfg80211: failed to load regulatory.db 2025/06/08 22:33:40 executed programs: 24 [ 90.284040][ T4174] Bluetooth: hci0: command 0x040f tx timeout [ 92.363553][ T4174] Bluetooth: hci0: command 0x0419 tx timeout 2025/06/08 22:33:45 executed programs: 274