[ 69.259879][ T1241] veth1_macvtap: left promiscuous mode [ 69.266612][ T1241] veth0_macvtap: left promiscuous mode [ 69.272762][ T1241] veth1_vlan: left promiscuous mode [ 69.278270][ T1241] veth0_vlan: left promiscuous mode [ 69.420080][ T1241] team0 (unregistering): Port device team_slave_1 removed [ 69.435224][ T1241] team0 (unregistering): Port device team_slave_0 removed [ 69.447514][ T1241] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 69.460928][ T1241] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 69.510055][ T1241] bond0 (unregistering): Released all slaves [ 81.883264][ T760] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.93' (ECDSA) to the list of known hosts. 2023/06/30 22:57:40 ignoring optional flag "sandboxArg"="0" 2023/06/30 22:57:40 parsed 1 programs 2023/06/30 22:57:41 executed programs: 0 [ 87.664577][ T5344] cgroup: Unknown subsys name 'net' [ 87.674615][ T5344] cgroup: Unknown subsys name 'rlimit' [ 88.771453][ T4413] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.780609][ T4413] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.790150][ T4413] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.799011][ T4413] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.807636][ T4413] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 88.815716][ T4413] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.905368][ T5351] chnl_net:caif_netlink_parms(): no params data found [ 88.957350][ T5351] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.965132][ T5351] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.972886][ T5351] bridge_slave_0: entered allmulticast mode [ 88.979908][ T5351] bridge_slave_0: entered promiscuous mode [ 88.987932][ T5351] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.996015][ T5351] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.004110][ T5351] bridge_slave_1: entered allmulticast mode [ 89.010821][ T5351] bridge_slave_1: entered promiscuous mode [ 89.035055][ T5351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.046631][ T5351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.073741][ T5351] team0: Port device team_slave_0 added [ 89.081609][ T5351] team0: Port device team_slave_1 added [ 89.102101][ T5351] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.109455][ T5351] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.136985][ T5351] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.150261][ T5351] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.157703][ T5351] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.184611][ T5351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.215569][ T5351] hsr_slave_0: entered promiscuous mode [ 89.222200][ T5351] hsr_slave_1: entered promiscuous mode [ 89.292376][ T5351] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.299547][ T5351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.307395][ T5351] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.314845][ T5351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.365891][ T5351] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.380292][ T760] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.388951][ T760] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.404345][ T5351] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.416365][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.423706][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.443577][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.450786][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.489761][ T5351] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.800642][ T5351] veth0_vlan: entered promiscuous mode [ 89.811250][ T5351] veth1_vlan: entered promiscuous mode [ 89.836751][ T5351] veth0_macvtap: entered promiscuous mode [ 89.845545][ T5351] veth1_macvtap: entered promiscuous mode [ 89.863839][ T5351] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.877717][ T5351] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.935506][ T5021] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.944435][ T5021] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.976130][ T5021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.985434][ T5021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.037666][ T5372] [ 90.040121][ T5372] ===================================================== [ 90.047329][ T5372] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 90.055682][ T5372] 6.4.0-syzkaller-gb25f62ccb490 #0 Not tainted [ 90.061917][ T5372] ----------------------------------------------------- [ 90.069113][ T5372] syz-executor.0/5372 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 90.077179][ T5372] ffff888022c2d0c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x139/0x4f0 [ 90.085971][ T5372] [ 90.085971][ T5372] and this task is already holding: [ 90.093347][ T5372] ffff888023a20028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 90.104228][ T5372] which would create a new lock dependency: [ 90.110294][ T5372] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 90.118517][ T5372] [ 90.118517][ T5372] but this new dependency connects a HARDIRQ-irq-safe lock: [ 90.128396][ T5372] (&dev->event_lock#2){-...}-{2:2} [ 90.128430][ T5372] [ 90.128430][ T5372] ... which became HARDIRQ-irq-safe at: [ 90.142040][ T5372] lock_acquire+0x1b1/0x520 [ 90.146777][ T5372] _raw_spin_lock_irqsave+0x3d/0x60 [ 90.152247][ T5372] input_event+0x70/0xa0 [ 90.163115][ T5372] psmouse_report_standard_buttons+0x30/0x80 [ 90.169387][ T5372] psmouse_process_byte+0x39e/0x8b0 [ 90.174783][ T5372] psmouse_handle_byte+0x41/0x560 [ 90.180085][ T5372] psmouse_receive_byte+0x1ee/0xd70 [ 90.185384][ T5372] ps2_interrupt+0x1ed/0x5e0 [ 90.190089][ T5372] serio_interrupt+0x8c/0x150 [ 90.194853][ T5372] i8042_interrupt+0x3a9/0x820 [ 90.199822][ T5372] __handle_irq_event_percpu+0x22b/0x730 [ 90.205829][ T5372] handle_irq_event+0xab/0x1e0 [ 90.211051][ T5372] handle_edge_irq+0x263/0xd00 [ 90.216532][ T5372] __common_interrupt+0xa1/0x220 [ 90.221648][ T5372] common_interrupt+0xa8/0xd0 [ 90.226443][ T5372] asm_common_interrupt+0x26/0x40 [ 90.231757][ T5372] _raw_spin_unlock_irqrestore+0x3c/0x70 [ 90.237650][ T5372] i8042_command+0x132/0x160 [ 90.242508][ T5372] i8042_aux_write+0xdb/0x120 [ 90.247447][ T5372] ps2_do_sendbyte+0x2cd/0x710 [ 90.252392][ T5372] ps2_sendbyte+0x5c/0x150 [ 90.256946][ T5372] cypress_ps2_sendbyte+0x2e/0x160 [ 90.262239][ T5372] cypress_send_ext_cmd+0x1d0/0x8d0 [ 90.267524][ T5372] cypress_detect+0x79/0x190 [ 90.272288][ T5372] psmouse_try_protocol+0x211/0x370 [ 90.277668][ T5372] psmouse_extensions+0x557/0x930 [ 90.282790][ T5372] psmouse_switch_protocol+0x52a/0x740 [ 90.288454][ T5372] psmouse_connect+0x5cf/0xe90 [ 90.293337][ T5372] serio_driver_probe+0x76/0xa0 [ 90.298637][ T5372] really_probe+0x240/0xca0 [ 90.303236][ T5372] __driver_probe_device+0x1df/0x4b0 [ 90.308738][ T5372] driver_probe_device+0x4c/0x1a0 [ 90.313873][ T5372] __driver_attach+0x271/0x570 [ 90.318759][ T5372] bus_for_each_dev+0x12a/0x1c0 [ 90.323709][ T5372] serio_handle_event+0x2bf/0xba0 [ 90.328999][ T5372] process_one_work+0xa34/0x16f0 [ 90.334292][ T5372] worker_thread+0x67d/0x10c0 [ 90.339056][ T5372] kthread+0x344/0x440 [ 90.343211][ T5372] ret_from_fork+0x1f/0x30 [ 90.347719][ T5372] [ 90.347719][ T5372] to a HARDIRQ-irq-unsafe lock: [ 90.358781][ T5372] (tasklist_lock){.+.+}-{2:2} [ 90.358810][ T5372] [ 90.358810][ T5372] ... which became HARDIRQ-irq-unsafe at: [ 90.371869][ T5372] ... [ 90.371877][ T5372] lock_acquire+0x1b1/0x520 [ 90.379216][ T5372] _raw_read_lock+0x5f/0x70 [ 90.383840][ T5372] do_wait+0x283/0xc30 [ 90.388271][ T5372] kernel_wait+0xa0/0x150 [ 90.392872][ T5372] call_usermodehelper_exec_work+0xf9/0x180 [ 90.398939][ T5372] process_one_work+0xa34/0x16f0 [ 90.404055][ T5372] worker_thread+0x67d/0x10c0 [ 90.409264][ T5372] kthread+0x344/0x440 [ 90.413521][ T5372] ret_from_fork+0x1f/0x30 [ 90.418054][ T5372] [ 90.418054][ T5372] other info that might help us debug this: [ 90.418054][ T5372] [ 90.428543][ T5372] Chain exists of: [ 90.428543][ T5372] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 90.428543][ T5372] [ 90.442109][ T5372] Possible interrupt unsafe locking scenario: [ 90.442109][ T5372] [ 90.450512][ T5372] CPU0 CPU1 [ 90.455899][ T5372] ---- ---- [ 90.461344][ T5372] lock(tasklist_lock); [ 90.465583][ T5372] local_irq_disable(); [ 90.474678][ T5372] lock(&dev->event_lock#2); [ 90.481893][ T5372] lock(&client->buffer_lock); [ 90.489319][ T5372] [ 90.492953][ T5372] lock(&dev->event_lock#2); [ 90.497812][ T5372] [ 90.497812][ T5372] *** DEADLOCK *** [ 90.497812][ T5372] [ 90.506381][ T5372] 7 locks held by syz-executor.0/5372: [ 90.511850][ T5372] #0: ffff888023623110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d7/0x760 [ 90.522330][ T5372] #1: ffff8881426b0230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0x9f/0x390 [ 90.532711][ T5372] #2: ffffffff8c9a2700 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x8b/0x390 [ 90.542644][ T5372] #3: ffffffff8c9a2700 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x760 [ 90.552838][ T5372] #4: ffffffff8c9a2700 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x5d/0x430 [ 90.562421][ T5372] #5: ffff888023a20028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 90.573588][ T5372] #6: ffffffff8c9a2700 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x45/0x4f0 [ 90.583039][ T5372] [ 90.583039][ T5372] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 90.593627][ T5372] -> (&dev->event_lock#2){-...}-{2:2} { [ 90.599377][ T5372] IN-HARDIRQ-W at: [ 90.603450][ T5372] lock_acquire+0x1b1/0x520 [ 90.609893][ T5372] _raw_spin_lock_irqsave+0x3d/0x60 [ 90.617036][ T5372] input_event+0x70/0xa0 [ 90.623210][ T5372] psmouse_report_standard_buttons+0x30/0x80 [ 90.631035][ T5372] psmouse_process_byte+0x39e/0x8b0 [ 90.638185][ T5372] psmouse_handle_byte+0x41/0x560 [ 90.645041][ T5372] psmouse_receive_byte+0x1ee/0xd70 [ 90.652166][ T5372] ps2_interrupt+0x1ed/0x5e0 [ 90.659018][ T5372] serio_interrupt+0x8c/0x150 [ 90.665978][ T5372] i8042_interrupt+0x3a9/0x820 [ 90.672948][ T5372] __handle_irq_event_percpu+0x22b/0x730 [ 90.680888][ T5372] handle_irq_event+0xab/0x1e0 [ 90.687739][ T5372] handle_edge_irq+0x263/0xd00 [ 90.694518][ T5372] __common_interrupt+0xa1/0x220 [ 90.701279][ T5372] common_interrupt+0xa8/0xd0 [ 90.707798][ T5372] asm_common_interrupt+0x26/0x40 [ 90.714825][ T5372] _raw_spin_unlock_irqrestore+0x3c/0x70 [ 90.723261][ T5372] i8042_command+0x132/0x160 [ 90.729896][ T5372] i8042_aux_write+0xdb/0x120 [ 90.736726][ T5372] ps2_do_sendbyte+0x2cd/0x710 [ 90.743428][ T5372] ps2_sendbyte+0x5c/0x150 [ 90.749865][ T5372] cypress_ps2_sendbyte+0x2e/0x160 [ 90.757163][ T5372] cypress_send_ext_cmd+0x1d0/0x8d0 [ 90.764381][ T5372] cypress_detect+0x79/0x190 [ 90.770998][ T5372] psmouse_try_protocol+0x211/0x370 [ 90.778400][ T5372] psmouse_extensions+0x557/0x930 [ 90.785779][ T5372] psmouse_switch_protocol+0x52a/0x740 [ 90.793643][ T5372] psmouse_connect+0x5cf/0xe90 [ 90.800423][ T5372] serio_driver_probe+0x76/0xa0 [ 90.807805][ T5372] really_probe+0x240/0xca0 [ 90.814174][ T5372] __driver_probe_device+0x1df/0x4b0 [ 90.821955][ T5372] driver_probe_device+0x4c/0x1a0 [ 90.829000][ T5372] __driver_attach+0x271/0x570 [ 90.835809][ T5372] bus_for_each_dev+0x12a/0x1c0 [ 90.842835][ T5372] serio_handle_event+0x2bf/0xba0 [ 90.850212][ T5372] process_one_work+0xa34/0x16f0 [ 90.857082][ T5372] worker_thread+0x67d/0x10c0 [ 90.863803][ T5372] kthread+0x344/0x440 [ 90.869848][ T5372] ret_from_fork+0x1f/0x30 [ 90.876194][ T5372] INITIAL USE at: [ 90.880433][ T5372] lock_acquire+0x1b1/0x520 [ 90.886770][ T5372] _raw_spin_lock_irqsave+0x3d/0x60 [ 90.894051][ T5372] input_inject_event+0x9f/0x390 [ 90.900734][ T5372] led_set_brightness_nosleep+0xea/0x1a0 [ 90.908209][ T5372] led_set_brightness+0x138/0x180 [ 90.915102][ T5372] led_trigger_event+0xb4/0x240 [ 90.922676][ T5372] kbd_led_trigger_activate+0xcd/0x110 [ 90.930366][ T5372] led_trigger_set+0x5d6/0xbb0 [ 90.937243][ T5372] led_trigger_set_default+0x1aa/0x230 [ 90.944808][ T5372] led_classdev_register_ext+0x5dd/0x840 [ 90.953467][ T5372] input_leds_connect+0x4b0/0x8f0 [ 90.960433][ T5372] input_attach_handler+0x184/0x260 [ 90.967483][ T5372] input_register_device+0xafd/0x10f0 [ 90.974889][ T5372] atkbd_connect+0x5d8/0xa30 [ 90.981352][ T5372] serio_driver_probe+0x76/0xa0 [ 90.988375][ T5372] really_probe+0x240/0xca0 [ 90.994892][ T5372] __driver_probe_device+0x1df/0x4b0 [ 91.001930][ T5372] driver_probe_device+0x4c/0x1a0 [ 91.008990][ T5372] __driver_attach+0x271/0x570 [ 91.015507][ T5372] bus_for_each_dev+0x12a/0x1c0 [ 91.022200][ T5372] serio_handle_event+0x2bf/0xba0 [ 91.029136][ T5372] process_one_work+0xa34/0x16f0 [ 91.035993][ T5372] worker_thread+0x67d/0x10c0 [ 91.042825][ T5372] kthread+0x344/0x440 [ 91.048900][ T5372] ret_from_fork+0x1f/0x30 [ 91.055525][ T5372] } [ 91.058211][ T5372] ... key at: [] __key.6+0x0/0x40 [ 91.065861][ T5372] -> (&client->buffer_lock){....}-{2:2} { [ 91.071984][ T5372] INITIAL USE at: [ 91.075868][ T5372] lock_acquire+0x1b1/0x520 [ 91.082118][ T5372] _raw_spin_lock+0x2e/0x40 [ 91.088363][ T5372] evdev_pass_values.part.0+0xf6/0x960 [ 91.095474][ T5372] evdev_events+0x3b4/0x430 [ 91.101720][ T5372] input_to_handler+0x2a0/0x4c0 [ 91.108417][ T5372] input_pass_values.part.0+0x230/0x760 [ 91.115534][ T5372] input_event_dispose+0x5cf/0x730 [ 91.122304][ T5372] input_handle_event+0x122/0xdc0 [ 91.128898][ T5372] input_inject_event+0x1c7/0x390 [ 91.135580][ T5372] evdev_write+0x434/0x760 [ 91.143576][ T5372] vfs_write+0x2af/0xda0 [ 91.149393][ T5372] ksys_write+0x1e3/0x250 [ 91.155546][ T5372] do_syscall_64+0x39/0xb0 [ 91.161793][ T5372] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.169430][ T5372] } [ 91.171980][ T5372] ... key at: [] __key.3+0x0/0x40 [ 91.179558][ T5372] ... acquired at: [ 91.183780][ T5372] _raw_spin_lock+0x2e/0x40 [ 91.188589][ T5372] evdev_pass_values.part.0+0xf6/0x960 [ 91.194411][ T5372] evdev_events+0x3b4/0x430 [ 91.199092][ T5372] input_to_handler+0x2a0/0x4c0 [ 91.204128][ T5372] input_pass_values.part.0+0x230/0x760 [ 91.210213][ T5372] input_event_dispose+0x5cf/0x730 [ 91.216392][ T5372] input_handle_event+0x122/0xdc0 [ 91.221960][ T5372] input_inject_event+0x1c7/0x390 [ 91.227272][ T5372] evdev_write+0x434/0x760 [ 91.231951][ T5372] vfs_write+0x2af/0xda0 [ 91.236462][ T5372] ksys_write+0x1e3/0x250 [ 91.241067][ T5372] do_syscall_64+0x39/0xb0 [ 91.246021][ T5372] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.252364][ T5372] [ 91.254679][ T5372] [ 91.254679][ T5372] the dependencies between the lock to be acquired [ 91.254687][ T5372] and HARDIRQ-irq-unsafe lock: [ 91.269050][ T5372] -> (tasklist_lock){.+.+}-{2:2} { [ 91.274358][ T5372] HARDIRQ-ON-R at: [ 91.278505][ T5372] lock_acquire+0x1b1/0x520 [ 91.285269][ T5372] _raw_read_lock+0x5f/0x70 [ 91.291769][ T5372] do_wait+0x283/0xc30 [ 91.297941][ T5372] kernel_wait+0xa0/0x150 [ 91.304280][ T5372] call_usermodehelper_exec_work+0xf9/0x180 [ 91.312731][ T5372] process_one_work+0xa34/0x16f0 [ 91.319968][ T5372] worker_thread+0x67d/0x10c0 [ 91.326698][ T5372] kthread+0x344/0x440 [ 91.333221][ T5372] ret_from_fork+0x1f/0x30 [ 91.340008][ T5372] SOFTIRQ-ON-R at: [ 91.344178][ T5372] lock_acquire+0x1b1/0x520 [ 91.350971][ T5372] _raw_read_lock+0x5f/0x70 [ 91.357631][ T5372] do_wait+0x283/0xc30 [ 91.363814][ T5372] kernel_wait+0xa0/0x150 [ 91.370257][ T5372] call_usermodehelper_exec_work+0xf9/0x180 [ 91.378433][ T5372] process_one_work+0xa34/0x16f0 [ 91.385383][ T5372] worker_thread+0x67d/0x10c0 [ 91.392135][ T5372] kthread+0x344/0x440 [ 91.398933][ T5372] ret_from_fork+0x1f/0x30 [ 91.405555][ T5372] INITIAL USE at: [ 91.409839][ T5372] lock_acquire+0x1b1/0x520 [ 91.417052][ T5372] _raw_write_lock_irq+0x36/0x50 [ 91.423923][ T5372] copy_process+0x4bad/0x75c0 [ 91.430606][ T5372] kernel_clone+0xeb/0x890 [ 91.437106][ T5372] user_mode_thread+0xb1/0xf0 [ 91.443951][ T5372] rest_init+0x27/0x2b0 [ 91.450107][ T5372] arch_call_rest_init+0x13/0x30 [ 91.457224][ T5372] start_kernel+0x3b1/0x490 [ 91.463641][ T5372] x86_64_start_reservations+0x18/0x30 [ 91.471192][ T5372] x86_64_start_kernel+0xb3/0xc0 [ 91.478220][ T5372] secondary_startup_64_no_verify+0x167/0x16b [ 91.486303][ T5372] INITIAL READ USE at: [ 91.491096][ T5372] lock_acquire+0x1b1/0x520 [ 91.498210][ T5372] _raw_read_lock+0x5f/0x70 [ 91.505237][ T5372] do_wait+0x283/0xc30 [ 91.512090][ T5372] kernel_wait+0xa0/0x150 [ 91.518861][ T5372] call_usermodehelper_exec_work+0xf9/0x180 [ 91.527185][ T5372] process_one_work+0xa34/0x16f0 [ 91.534605][ T5372] worker_thread+0x67d/0x10c0 [ 91.541719][ T5372] kthread+0x344/0x440 [ 91.548572][ T5372] ret_from_fork+0x1f/0x30 [ 91.555360][ T5372] } [ 91.558046][ T5372] ... key at: [] tasklist_lock+0x18/0x40 [ 91.566410][ T5372] ... acquired at: [ 91.570481][ T5372] _raw_read_lock+0x5f/0x70 [ 91.575268][ T5372] send_sigio+0xaf/0x3b0 [ 91.579815][ T5372] kill_fasync+0x1fb/0x4f0 [ 91.585047][ T5372] sock_wake_async+0xd6/0x160 [ 91.590195][ T5372] sock_def_readable+0x481/0x760 [ 91.595537][ T5372] unix_dgram_sendmsg+0xf69/0x1b70 [ 91.601196][ T5372] sock_sendmsg+0xde/0x190 [ 91.605819][ T5372] ____sys_sendmsg+0x34a/0x920 [ 91.610860][ T5372] ___sys_sendmsg+0x110/0x1b0 [ 91.615772][ T5372] __sys_sendmmsg+0x18f/0x460 [ 91.620714][ T5372] __x64_sys_sendmmsg+0x9d/0x100 [ 91.625830][ T5372] do_syscall_64+0x39/0xb0 [ 91.630596][ T5372] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.636664][ T5372] [ 91.638986][ T5372] -> (&f->f_owner.lock){....}-{2:2} { [ 91.644567][ T5372] INITIAL USE at: [ 91.648554][ T5372] lock_acquire+0x1b1/0x520 [ 91.655063][ T5372] _raw_write_lock_irq+0x36/0x50 [ 91.668983][ T5372] f_modown+0x2a/0x390 [ 91.675621][ T5372] f_setown+0xdb/0x270 [ 91.681716][ T5372] sock_ioctl+0x450/0x680 [ 91.688516][ T5372] __x64_sys_ioctl+0x19d/0x210 [ 91.695039][ T5372] do_syscall_64+0x39/0xb0 [ 91.701492][ T5372] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.709418][ T5372] INITIAL READ USE at: [ 91.713943][ T5372] lock_acquire+0x1b1/0x520 [ 91.721081][ T5372] _raw_read_lock_irqsave+0x74/0x90 [ 91.728668][ T5372] send_sigio+0x28/0x3b0 [ 91.735270][ T5372] kill_fasync+0x1fb/0x4f0 [ 91.741916][ T5372] sock_wake_async+0xd6/0x160 [ 91.749860][ T5372] sock_def_readable+0x481/0x760 [ 91.757268][ T5372] unix_dgram_sendmsg+0xf69/0x1b70 [ 91.764935][ T5372] sock_sendmsg+0xde/0x190 [ 91.772328][ T5372] ____sys_sendmsg+0x34a/0x920 [ 91.780335][ T5372] ___sys_sendmsg+0x110/0x1b0 [ 91.787679][ T5372] __sys_sendmmsg+0x18f/0x460 [ 91.795239][ T5372] __x64_sys_sendmmsg+0x9d/0x100 [ 91.802810][ T5372] do_syscall_64+0x39/0xb0 [ 91.809585][ T5372] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.817876][ T5372] } [ 91.820460][ T5372] ... key at: [] __key.5+0x0/0x40 [ 91.828446][ T5372] ... acquired at: [ 91.832415][ T5372] _raw_read_lock_irqsave+0x74/0x90 [ 91.838134][ T5372] send_sigio+0x28/0x3b0 [ 91.842641][ T5372] kill_fasync+0x1fb/0x4f0 [ 91.847498][ T5372] sock_wake_async+0xd6/0x160 [ 91.852352][ T5372] sock_def_readable+0x481/0x760 [ 91.857730][ T5372] unix_dgram_sendmsg+0xf69/0x1b70 [ 91.863125][ T5372] sock_sendmsg+0xde/0x190 [ 91.868232][ T5372] ____sys_sendmsg+0x34a/0x920 [ 91.873168][ T5372] ___sys_sendmsg+0x110/0x1b0 [ 91.878282][ T5372] __sys_sendmmsg+0x18f/0x460 [ 91.883396][ T5372] __x64_sys_sendmmsg+0x9d/0x100 [ 91.888645][ T5372] do_syscall_64+0x39/0xb0 [ 91.893249][ T5372] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.899406][ T5372] [ 91.901721][ T5372] -> (&new->fa_lock){....}-{2:2} { [ 91.907383][ T5372] INITIAL READ USE at: [ 91.911888][ T5372] lock_acquire+0x1b1/0x520 [ 91.918479][ T5372] _raw_read_lock_irqsave+0x74/0x90 [ 91.926633][ T5372] kill_fasync+0x139/0x4f0 [ 91.933317][ T5372] sock_wake_async+0xd6/0x160 [ 91.940100][ T5372] sock_def_readable+0x481/0x760 [ 91.947682][ T5372] unix_dgram_sendmsg+0xf69/0x1b70 [ 91.954889][ T5372] sock_sendmsg+0xde/0x190 [ 91.961573][ T5372] ____sys_sendmsg+0x34a/0x920 [ 91.968353][ T5372] ___sys_sendmsg+0x110/0x1b0 [ 91.975218][ T5372] __sys_sendmmsg+0x18f/0x460 [ 91.982006][ T5372] __x64_sys_sendmmsg+0x9d/0x100 [ 91.989603][ T5372] do_syscall_64+0x39/0xb0 [ 91.996131][ T5372] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 92.004109][ T5372] } [ 92.006686][ T5372] ... key at: [] __key.0+0x0/0x40 [ 92.013903][ T5372] ... acquired at: [ 92.018420][ T5372] lock_acquire+0x1b1/0x520 [ 92.023148][ T5372] _raw_read_lock_irqsave+0x74/0x90 [ 92.028785][ T5372] kill_fasync+0x139/0x4f0 [ 92.034024][ T5372] evdev_pass_values.part.0+0x667/0x960 [ 92.039965][ T5372] evdev_events+0x3b4/0x430 [ 92.044765][ T5372] input_to_handler+0x2a0/0x4c0 [ 92.049989][ T5372] input_pass_values.part.0+0x230/0x760 [ 92.055833][ T5372] input_event_dispose+0x5cf/0x730 [ 92.061418][ T5372] input_handle_event+0x122/0xdc0 [ 92.067002][ T5372] input_inject_event+0x1c7/0x390 [ 92.072414][ T5372] evdev_write+0x434/0x760 [ 92.077136][ T5372] vfs_write+0x2af/0xda0 [ 92.081606][ T5372] ksys_write+0x1e3/0x250 [ 92.086178][ T5372] do_syscall_64+0x39/0xb0 [ 92.090940][ T5372] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 92.097397][ T5372] [ 92.099824][ T5372] [ 92.099824][ T5372] stack backtrace: [ 92.105811][ T5372] CPU: 0 PID: 5372 Comm: syz-executor.0 Not tainted 6.4.0-syzkaller-gb25f62ccb490 #0 [ 92.115450][ T5372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 92.125872][ T5372] Call Trace: [ 92.129165][ T5372] [ 92.132116][ T5372] dump_stack_lvl+0xd9/0x150 [ 92.136826][ T5372] check_irq_usage+0x10fa/0x1a50 [ 92.141997][ T5372] ? print_shortest_lock_dependencies_backwards+0x1e0/0x1e0 [ 92.149529][ T5372] ? __lockdep_reset_lock+0x1a0/0x1a0 [ 92.160221][ T5372] ? mark_lock.part.0+0xee/0x1960 [ 92.165260][ T5372] ? check_path.constprop.0+0x24/0x50 [ 92.170820][ T5372] ? register_lock_class+0xbe/0x1120 [ 92.176482][ T5372] ? print_circular_bug+0x740/0x740 [ 92.182068][ T5372] ? print_usage_bug.part.0+0x670/0x670 [ 92.188117][ T5372] ? try_to_wake_up+0x10b0/0x1df0 [ 92.194028][ T5372] ? is_dynamic_key.part.0+0x190/0x190 [ 92.199699][ T5372] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 92.205613][ T5372] __lock_acquire+0x2eb5/0x5e20 [ 92.210688][ T5372] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 92.217584][ T5372] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 92.223930][ T5372] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 92.230088][ T5372] ? __wake_up_common_lock+0xe2/0x140 [ 92.235742][ T5372] lock_acquire+0x1b1/0x520 [ 92.240518][ T5372] ? kill_fasync+0x139/0x4f0 [ 92.245127][ T5372] ? lock_sync+0x190/0x190 [ 92.249556][ T5372] ? lock_sync+0x190/0x190 [ 92.254159][ T5372] ? lock_sync+0x190/0x190 [ 92.258865][ T5372] ? __wake_up_common+0x650/0x650 [ 92.263900][ T5372] _raw_read_lock_irqsave+0x74/0x90 [ 92.269366][ T5372] ? kill_fasync+0x139/0x4f0 [ 92.274220][ T5372] kill_fasync+0x139/0x4f0 [ 92.278669][ T5372] evdev_pass_values.part.0+0x667/0x960 [ 92.284229][ T5372] ? evdev_free+0x70/0x70 [ 92.291776][ T5372] ? ktime_mono_to_any+0xb9/0x1e0 [ 92.296988][ T5372] evdev_events+0x3b4/0x430 [ 92.301804][ T5372] ? evdev_connect+0x4c0/0x4c0 [ 92.306865][ T5372] input_to_handler+0x2a0/0x4c0 [ 92.312261][ T5372] input_pass_values.part.0+0x230/0x760 [ 92.318208][ T5372] input_event_dispose+0x5cf/0x730 [ 92.323977][ T5372] input_handle_event+0x122/0xdc0 [ 92.329300][ T5372] input_inject_event+0x1c7/0x390 [ 92.334598][ T5372] evdev_write+0x434/0x760 [ 92.339032][ T5372] ? evdev_read+0xe40/0xe40 [ 92.343582][ T5372] ? apparmor_file_permission+0x278/0x4f0 [ 92.349660][ T5372] ? bpf_lsm_file_permission+0x9/0x10 [ 92.355425][ T5372] ? security_file_permission+0xaf/0xd0 [ 92.361103][ T5372] vfs_write+0x2af/0xda0 [ 92.365458][ T5372] ? evdev_read+0xe40/0xe40 [ 92.370344][ T5372] ? kernel_write+0x680/0x680 [ 92.375153][ T5372] ? __fget_files+0x261/0x470 [ 92.379853][ T5372] ? __fget_light+0xe5/0x270 [ 92.384626][ T5372] ksys_write+0x1e3/0x250 [ 92.389049][ T5372] ? __ia32_sys_read+0xb0/0xb0 [ 92.393867][ T5372] ? syscall_enter_from_user_mode+0x26/0x80 [ 92.399959][ T5372] do_syscall_64+0x39/0xb0 [ 92.404467][ T5372] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 92.410644][ T5372] RIP: 0033:0x7fe38de89109 [ 92.415152][ T5372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 92.435458][ T5372] RSP: 002b:00007fe38f091168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 92.444130][ T5372] RAX: ffffffffffffffda RBX: 00007fe38df9bf60 RCX: 00007fe38de89109 [ 92.452451][ T5372] RDX: 0000000000003888 RSI: 0000000020000080 RDI: 0000000000000005 [ 92.460827][ T5372] RBP: 00007fe38dee308d R08: 0000000000000000 R09: 0000000000000000 [ 92.468884][ T5372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 92.477056][ T5372] R13: 00007ffc5908ad3f R14: 00007fe38f091300 R15: 0000000000022000 [ 92.485488][ T5372] [ 92.489445][ T4413] Bluetooth: hci0: command 0x0409 tx timeout 2023/06/30 22:57:46 executed programs: 9 [ 94.532312][ T4413] Bluetooth: hci0: command 0x041b tx timeout [ 96.602165][ T4413] Bluetooth: hci0: command 0x040f tx timeout 2023/06/30 22:57:51 executed programs: 222 [ 98.682028][ T4413] Bluetooth: hci0: command 0x0419 tx timeout