Warning: Permanently added '10.128.10.33' (ECDSA) to the list of known hosts. 2023/04/02 09:05:32 ignoring optional flag "sandboxArg"="0" 2023/04/02 09:05:32 parsed 1 programs 2023/04/02 09:05:32 executed programs: 0 [ 49.538608][ T4396] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 49.545900][ T4396] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 49.554169][ T4396] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 49.561926][ T4396] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 49.569985][ T4396] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 49.652259][ T5491] chnl_net:caif_netlink_parms(): no params data found [ 49.686955][ T5491] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.694583][ T5491] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.701813][ T5491] bridge_slave_0: entered allmulticast mode [ 49.708560][ T5491] bridge_slave_0: entered promiscuous mode [ 49.715483][ T5491] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.722903][ T5491] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.730145][ T5491] bridge_slave_1: entered allmulticast mode [ 49.736492][ T5491] bridge_slave_1: entered promiscuous mode [ 49.752534][ T5491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.762780][ T5491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.782607][ T5491] team0: Port device team_slave_0 added [ 49.789448][ T5491] team0: Port device team_slave_1 added [ 49.804549][ T5491] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 49.811816][ T5491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.837859][ T5491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 49.849960][ T5491] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 49.856869][ T5491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.883123][ T5491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 49.901615][ T5491] hsr_slave_0: entered promiscuous mode [ 49.907454][ T5491] hsr_slave_1: entered promiscuous mode [ 50.167289][ T5491] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 50.176635][ T5491] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 50.189199][ T5491] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 50.197121][ T5491] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 50.212242][ T5491] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.219310][ T5491] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.226590][ T5491] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.233675][ T5491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.264022][ T5491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.275821][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.285515][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.293729][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.301611][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 50.312893][ T5491] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.322379][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.331038][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.338151][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.354022][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.362866][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.369957][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.378756][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.393400][ T5491] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 50.406521][ T5491] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 50.419338][ T5087] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.426977][ T5087] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.435535][ T5087] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.443903][ T5087] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.452547][ T5087] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.528223][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 50.535586][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 50.547048][ T5491] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.562420][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.577332][ T5085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.586385][ T5085] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.595108][ T5085] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.604388][ T5491] veth0_vlan: entered promiscuous mode [ 50.614507][ T5491] veth1_vlan: entered promiscuous mode [ 50.628270][ T5085] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 50.636372][ T5085] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 50.647528][ T5491] veth0_macvtap: entered promiscuous mode [ 50.656040][ T5491] veth1_macvtap: entered promiscuous mode [ 50.664404][ T5085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 50.672989][ T5085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.682249][ T5085] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 50.695825][ T5491] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.704794][ T5085] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 50.713046][ T5085] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.722301][ T5085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.732223][ T5491] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.740304][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.749615][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.759011][ T5491] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.767679][ T5491] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.781818][ T5491] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.790707][ T5491] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.832437][ T2447] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.848982][ T2447] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.859608][ T5085] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 50.871974][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.880150][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.890402][ T5085] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 50.927965][ T5601] [ 50.930298][ T5601] ===================================================== [ 50.937206][ T5601] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 50.944637][ T5601] 6.3.0-rc4-syzkaller #0 Not tainted [ 50.949900][ T5601] ----------------------------------------------------- [ 50.956811][ T5601] syz-executor.0/5601 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 50.964796][ T5601] ffff888073e5e018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0xe9/0x370 [ 50.973371][ T5601] [ 50.973371][ T5601] and this task is already holding: [ 50.980800][ T5601] ffff888076404028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xef/0xb10 [ 50.991114][ T5601] which would create a new lock dependency: [ 50.996981][ T5601] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 51.005034][ T5601] [ 51.005034][ T5601] but this new dependency connects a HARDIRQ-irq-safe lock: [ 51.014462][ T5601] (&dev->event_lock#2){-...}-{2:2} [ 51.014474][ T5601] [ 51.014474][ T5601] ... which became HARDIRQ-irq-safe at: [ 51.027333][ T5601] lock_acquire+0x1af/0x520 [ 51.031910][ T5601] _raw_spin_lock_irqsave+0x3d/0x60 [ 51.037171][ T5601] input_event+0x46/0x80 [ 51.041477][ T5601] psmouse_report_standard_buttons+0x1f/0x60 [ 51.047519][ T5601] psmouse_process_byte+0x33e/0x7c0 [ 51.052784][ T5601] psmouse_handle_byte+0x3a/0x500 [ 51.057910][ T5601] psmouse_interrupt+0x22f/0x11c0 [ 51.063004][ T5601] serio_interrupt+0x82/0x110 [ 51.067747][ T5601] i8042_interrupt+0x267/0x780 [ 51.072577][ T5601] __handle_irq_event_percpu+0x1b9/0x540 [ 51.078290][ T5601] handle_irq_event+0xa5/0x1b0 [ 51.083116][ T5601] handle_edge_irq+0x207/0xb50 [ 51.087942][ T5601] __common_interrupt+0xa1/0x220 [ 51.092945][ T5601] common_interrupt+0xa8/0xd0 [ 51.097685][ T5601] asm_common_interrupt+0x26/0x40 [ 51.102774][ T5601] _raw_spin_unlock_irqrestore+0x3c/0x70 [ 51.108471][ T5601] i8042_command+0x8f/0xb0 [ 51.112949][ T5601] i8042_aux_write+0xb5/0x100 [ 51.117696][ T5601] ps2_do_sendbyte+0x220/0x600 [ 51.122533][ T5601] ps2_sendbyte+0x57/0x140 [ 51.127011][ T5601] cypress_ps2_sendbyte+0x21/0x120 [ 51.132191][ T5601] cypress_send_ext_cmd+0x1ae/0x7c0 [ 51.137459][ T5601] cypress_detect+0x70/0x130 [ 51.142115][ T5601] psmouse_try_protocol+0x194/0x3a0 [ 51.147375][ T5601] psmouse_extensions+0x3f8/0x680 [ 51.152462][ T5601] psmouse_switch_protocol+0x4a2/0x690 [ 51.157982][ T5601] psmouse_connect+0x58c/0xde0 [ 51.162811][ T5601] serio_driver_probe+0x71/0xa0 [ 51.167726][ T5601] really_probe+0x1c7/0xb20 [ 51.172293][ T5601] __driver_probe_device+0x186/0x460 [ 51.177640][ T5601] driver_probe_device+0x44/0x110 [ 51.182732][ T5601] __driver_attach+0x1d0/0x490 [ 51.187560][ T5601] bus_for_each_dev+0xef/0x170 [ 51.192387][ T5601] serio_handle_event+0x23d/0x9b0 [ 51.197483][ T5601] process_one_work+0x865/0x1400 [ 51.202490][ T5601] worker_thread+0x59c/0xec0 [ 51.207154][ T5601] kthread+0x298/0x340 [ 51.211285][ T5601] ret_from_fork+0x1f/0x30 [ 51.215764][ T5601] [ 51.215764][ T5601] to a HARDIRQ-irq-unsafe lock: [ 51.222761][ T5601] (tasklist_lock){.+.+}-{2:2} [ 51.222771][ T5601] [ 51.222771][ T5601] ... which became HARDIRQ-irq-unsafe at: [ 51.235364][ T5601] ... [ 51.235367][ T5601] lock_acquire+0x1af/0x520 [ 51.242531][ T5601] _raw_read_lock+0x5f/0x70 [ 51.247101][ T5601] do_wait+0x235/0xa20 [ 51.251244][ T5601] kernel_wait+0x9b/0x130 [ 51.255632][ T5601] call_usermodehelper_exec_work+0xbf/0x140 [ 51.261593][ T5601] process_one_work+0x865/0x1400 [ 51.266607][ T5601] worker_thread+0x59c/0xec0 [ 51.271277][ T5601] kthread+0x298/0x340 [ 51.275416][ T5601] ret_from_fork+0x1f/0x30 [ 51.279909][ T5601] [ 51.279909][ T5601] other info that might help us debug this: [ 51.279909][ T5601] [ 51.290123][ T5601] Chain exists of: [ 51.290123][ T5601] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 51.290123][ T5601] [ 51.303738][ T5601] Possible interrupt unsafe locking scenario: [ 51.303738][ T5601] [ 51.312039][ T5601] CPU0 CPU1 [ 51.317384][ T5601] ---- ---- [ 51.322731][ T5601] lock(tasklist_lock); [ 51.326955][ T5601] local_irq_disable(); [ 51.333692][ T5601] lock(&dev->event_lock#2); [ 51.340968][ T5601] lock(&client->buffer_lock); [ 51.348320][ T5601] [ 51.351756][ T5601] lock(&dev->event_lock#2); [ 51.356583][ T5601] [ 51.356583][ T5601] *** DEADLOCK *** [ 51.356583][ T5601] [ 51.364712][ T5601] 7 locks held by syz-executor.0/5601: [ 51.370145][ T5601] #0: ffff888020f5c110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x187/0x6c0 [ 51.379328][ T5601] #1: ffff888144adb230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0x7b/0x240 [ 51.389380][ T5601] #2: ffffffff8b78ac80 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x6c/0x240 [ 51.399001][ T5601] #3: ffffffff8b78ac80 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x580 [ 51.409052][ T5601] #4: ffffffff8b78ac80 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x54/0x310 [ 51.418155][ T5601] #5: ffff888076404028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xef/0xb10 [ 51.428991][ T5601] #6: ffffffff8b78ac80 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3c/0x370 [ 51.438000][ T5601] [ 51.438000][ T5601] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 51.448381][ T5601] -> (&dev->event_lock#2){-...}-{2:2} { [ 51.453998][ T5601] IN-HARDIRQ-W at: [ 51.458049][ T5601] lock_acquire+0x1af/0x520 [ 51.464486][ T5601] _raw_spin_lock_irqsave+0x3d/0x60 [ 51.471488][ T5601] input_event+0x46/0x80 [ 51.477531][ T5601] psmouse_report_standard_buttons+0x1f/0x60 [ 51.485317][ T5601] psmouse_process_byte+0x33e/0x7c0 [ 51.492318][ T5601] psmouse_handle_byte+0x3a/0x500 [ 51.499145][ T5601] psmouse_interrupt+0x22f/0x11c0 [ 51.505970][ T5601] serio_interrupt+0x82/0x110 [ 51.512451][ T5601] i8042_interrupt+0x267/0x780 [ 51.519015][ T5601] __handle_irq_event_percpu+0x1b9/0x540 [ 51.526481][ T5601] handle_irq_event+0xa5/0x1b0 [ 51.533050][ T5601] handle_edge_irq+0x207/0xb50 [ 51.539703][ T5601] __common_interrupt+0xa1/0x220 [ 51.546464][ T5601] common_interrupt+0xa8/0xd0 [ 51.552942][ T5601] asm_common_interrupt+0x26/0x40 [ 51.559767][ T5601] _raw_spin_unlock_irqrestore+0x3c/0x70 [ 51.567205][ T5601] i8042_command+0x8f/0xb0 [ 51.573424][ T5601] i8042_aux_write+0xb5/0x100 [ 51.579900][ T5601] ps2_do_sendbyte+0x220/0x600 [ 51.586485][ T5601] ps2_sendbyte+0x57/0x140 [ 51.592713][ T5601] cypress_ps2_sendbyte+0x21/0x120 [ 51.599623][ T5601] cypress_send_ext_cmd+0x1ae/0x7c0 [ 51.606621][ T5601] cypress_detect+0x70/0x130 [ 51.613011][ T5601] psmouse_try_protocol+0x194/0x3a0 [ 51.620102][ T5601] psmouse_extensions+0x3f8/0x680 [ 51.626930][ T5601] psmouse_switch_protocol+0x4a2/0x690 [ 51.634274][ T5601] psmouse_connect+0x58c/0xde0 [ 51.640837][ T5601] serio_driver_probe+0x71/0xa0 [ 51.647490][ T5601] really_probe+0x1c7/0xb20 [ 51.653804][ T5601] __driver_probe_device+0x186/0x460 [ 51.660911][ T5601] driver_probe_device+0x44/0x110 [ 51.667745][ T5601] __driver_attach+0x1d0/0x490 [ 51.674312][ T5601] bus_for_each_dev+0xef/0x170 [ 51.680964][ T5601] serio_handle_event+0x23d/0x9b0 [ 51.687788][ T5601] process_one_work+0x865/0x1400 [ 51.694529][ T5601] worker_thread+0x59c/0xec0 [ 51.700918][ T5601] kthread+0x298/0x340 [ 51.706786][ T5601] ret_from_fork+0x1f/0x30 [ 51.713003][ T5601] INITIAL USE at: [ 51.717053][ T5601] lock_acquire+0x1af/0x520 [ 51.723272][ T5601] _raw_spin_lock_irqsave+0x3d/0x60 [ 51.730184][ T5601] input_inject_event+0x7b/0x240 [ 51.736840][ T5601] led_trigger_event+0x8e/0x180 [ 51.743408][ T5601] kbd_led_trigger_activate+0xa5/0xe0 [ 51.750498][ T5601] led_trigger_set+0x561/0xb20 [ 51.756976][ T5601] led_trigger_set_default+0x16b/0x200 [ 51.764146][ T5601] led_classdev_register_ext+0x4fa/0x750 [ 51.771490][ T5601] input_leds_connect+0x3c6/0x810 [ 51.778236][ T5601] input_attach_handler+0x10b/0x1c0 [ 51.785150][ T5601] input_register_device+0x8a0/0xe30 [ 51.792155][ T5601] atkbd_connect+0x5d5/0x900 [ 51.798463][ T5601] serio_driver_probe+0x71/0xa0 [ 51.805029][ T5601] really_probe+0x1c7/0xb20 [ 51.811254][ T5601] __driver_probe_device+0x186/0x460 [ 51.818255][ T5601] driver_probe_device+0x44/0x110 [ 51.824994][ T5601] __driver_attach+0x1d0/0x490 [ 51.831473][ T5601] bus_for_each_dev+0xef/0x170 [ 51.837948][ T5601] serio_handle_event+0x23d/0x9b0 [ 51.844686][ T5601] process_one_work+0x865/0x1400 [ 51.851336][ T5601] worker_thread+0x59c/0xec0 [ 51.857638][ T5601] kthread+0x298/0x340 [ 51.863426][ T5601] ret_from_fork+0x1f/0x30 [ 51.869558][ T5601] } [ 51.872125][ T5601] ... key at: [] __key.7+0x0/0x40 [ 51.879300][ T5601] -> (&client->buffer_lock){....}-{2:2} { [ 51.885001][ T5601] INITIAL USE at: [ 51.888869][ T5601] lock_acquire+0x1af/0x520 [ 51.894914][ T5601] _raw_spin_lock+0x2e/0x40 [ 51.900955][ T5601] evdev_pass_values.part.0+0xef/0xb10 [ 51.908042][ T5601] evdev_events+0x293/0x310 [ 51.914098][ T5601] input_to_handler+0x23d/0x4a0 [ 51.920488][ T5601] input_pass_values.part.0+0x1a3/0x580 [ 51.927573][ T5601] input_event_dispose+0x4ef/0x6d0 [ 51.934232][ T5601] input_inject_event+0x183/0x240 [ 51.940800][ T5601] evdev_write+0x359/0x6c0 [ 51.946756][ T5601] vfs_write+0x209/0xd80 [ 51.952542][ T5601] ksys_write+0x16f/0x1c0 [ 51.958504][ T5601] do_syscall_64+0x39/0xb0 [ 51.964471][ T5601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.971907][ T5601] } [ 51.974384][ T5601] ... key at: [] __key.3+0x0/0x40 [ 51.981478][ T5601] ... acquired at: [ 51.985262][ T5601] _raw_spin_lock+0x2e/0x40 [ 51.989922][ T5601] evdev_pass_values.part.0+0xef/0xb10 [ 51.995537][ T5601] evdev_events+0x293/0x310 [ 52.000196][ T5601] input_to_handler+0x23d/0x4a0 [ 52.005202][ T5601] input_pass_values.part.0+0x1a3/0x580 [ 52.010902][ T5601] input_event_dispose+0x4ef/0x6d0 [ 52.016167][ T5601] input_inject_event+0x183/0x240 [ 52.021345][ T5601] evdev_write+0x359/0x6c0 [ 52.025916][ T5601] vfs_write+0x209/0xd80 [ 52.030312][ T5601] ksys_write+0x16f/0x1c0 [ 52.034789][ T5601] do_syscall_64+0x39/0xb0 [ 52.039360][ T5601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.045399][ T5601] [ 52.047703][ T5601] [ 52.047703][ T5601] the dependencies between the lock to be acquired [ 52.047706][ T5601] and HARDIRQ-irq-unsafe lock: [ 52.061177][ T5601] -> (tasklist_lock){.+.+}-{2:2} { [ 52.066458][ T5601] HARDIRQ-ON-R at: [ 52.070586][ T5601] lock_acquire+0x1af/0x520 [ 52.077076][ T5601] _raw_read_lock+0x5f/0x70 [ 52.083562][ T5601] do_wait+0x235/0xa20 [ 52.089613][ T5601] kernel_wait+0x9b/0x130 [ 52.095919][ T5601] call_usermodehelper_exec_work+0xbf/0x140 [ 52.103792][ T5601] process_one_work+0x865/0x1400 [ 52.110707][ T5601] worker_thread+0x59c/0xec0 [ 52.117273][ T5601] kthread+0x298/0x340 [ 52.123315][ T5601] ret_from_fork+0x1f/0x30 [ 52.129709][ T5601] SOFTIRQ-ON-R at: [ 52.133841][ T5601] lock_acquire+0x1af/0x520 [ 52.140317][ T5601] _raw_read_lock+0x5f/0x70 [ 52.146795][ T5601] do_wait+0x235/0xa20 [ 52.152838][ T5601] kernel_wait+0x9b/0x130 [ 52.159141][ T5601] call_usermodehelper_exec_work+0xbf/0x140 [ 52.167006][ T5601] process_one_work+0x865/0x1400 [ 52.173918][ T5601] worker_thread+0x59c/0xec0 [ 52.180481][ T5601] kthread+0x298/0x340 [ 52.186521][ T5601] ret_from_fork+0x1f/0x30 [ 52.192920][ T5601] INITIAL USE at: [ 52.196979][ T5601] lock_acquire+0x1af/0x520 [ 52.203370][ T5601] _raw_write_lock_irq+0x36/0x50 [ 52.210193][ T5601] copy_process+0x4410/0x6b40 [ 52.216756][ T5601] kernel_clone+0xbc/0x5f0 [ 52.223058][ T5601] user_mode_thread+0x9f/0xd0 [ 52.229617][ T5601] rest_init+0x22/0x220 [ 52.235833][ T5601] arch_call_rest_init+0xe/0x20 [ 52.242575][ T5601] start_kernel+0x2c0/0x370 [ 52.248967][ T5601] secondary_startup_64_no_verify+0xce/0xdb [ 52.256749][ T5601] INITIAL READ USE at: [ 52.261229][ T5601] lock_acquire+0x1af/0x520 [ 52.268052][ T5601] _raw_read_lock+0x5f/0x70 [ 52.274878][ T5601] do_wait+0x235/0xa20 [ 52.281275][ T5601] kernel_wait+0x9b/0x130 [ 52.287923][ T5601] call_usermodehelper_exec_work+0xbf/0x140 [ 52.296146][ T5601] process_one_work+0x865/0x1400 [ 52.303409][ T5601] worker_thread+0x59c/0xec0 [ 52.310325][ T5601] kthread+0x298/0x340 [ 52.316715][ T5601] ret_from_fork+0x1f/0x30 [ 52.323454][ T5601] } [ 52.326108][ T5601] ... key at: [] tasklist_lock+0x18/0x40 [ 52.333981][ T5601] ... acquired at: [ 52.337937][ T5601] _raw_read_lock+0x5f/0x70 [ 52.342595][ T5601] send_sigio+0x90/0x2c0 [ 52.347003][ T5601] kill_fasync+0x17a/0x370 [ 52.351582][ T5601] fsnotify_insert_event+0x31d/0x4f0 [ 52.357027][ T5601] inotify_handle_inode_event+0x295/0x580 [ 52.362903][ T5601] fsnotify+0xcc3/0x13a0 [ 52.367302][ T5601] path_openat+0xc1f/0x2280 [ 52.371957][ T5601] do_filp_open+0x1a9/0x3e0 [ 52.376622][ T5601] do_sys_openat2+0x11e/0x3f0 [ 52.381461][ T5601] __x64_sys_openat+0x11f/0x1d0 [ 52.386469][ T5601] do_syscall_64+0x39/0xb0 [ 52.391043][ T5601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.397095][ T5601] [ 52.399405][ T5601] -> (&f->f_owner.lock){....}-{2:2} { [ 52.404855][ T5601] INITIAL USE at: [ 52.408818][ T5601] lock_acquire+0x1af/0x520 [ 52.415098][ T5601] _raw_write_lock_irq+0x36/0x50 [ 52.421842][ T5601] f_modown+0x23/0x320 [ 52.427633][ T5601] f_setown+0x8a/0x180 [ 52.433417][ T5601] do_fcntl+0x2a6/0xd90 [ 52.439289][ T5601] __x64_sys_fcntl+0x118/0x160 [ 52.445777][ T5601] do_syscall_64+0x39/0xb0 [ 52.451922][ T5601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.459546][ T5601] INITIAL READ USE at: [ 52.463950][ T5601] lock_acquire+0x1af/0x520 [ 52.470605][ T5601] _raw_read_lock_irqsave+0x74/0x90 [ 52.477958][ T5601] send_sigio+0x20/0x2c0 [ 52.484353][ T5601] kill_fasync+0x17a/0x370 [ 52.490920][ T5601] fsnotify_insert_event+0x31d/0x4f0 [ 52.498359][ T5601] inotify_handle_inode_event+0x295/0x580 [ 52.506246][ T5601] fsnotify+0xcc3/0x13a0 [ 52.512652][ T5601] path_openat+0xc1f/0x2280 [ 52.519311][ T5601] do_filp_open+0x1a9/0x3e0 [ 52.525967][ T5601] do_sys_openat2+0x11e/0x3f0 [ 52.532798][ T5601] __x64_sys_openat+0x11f/0x1d0 [ 52.539813][ T5601] do_syscall_64+0x39/0xb0 [ 52.546383][ T5601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.554435][ T5601] } [ 52.557021][ T5601] ... key at: [] __key.5+0x0/0x40 [ 52.564203][ T5601] ... acquired at: [ 52.568075][ T5601] _raw_read_lock_irqsave+0x74/0x90 [ 52.573428][ T5601] send_sigio+0x20/0x2c0 [ 52.577821][ T5601] kill_fasync+0x17a/0x370 [ 52.582390][ T5601] fsnotify_insert_event+0x31d/0x4f0 [ 52.587830][ T5601] inotify_handle_inode_event+0x295/0x580 [ 52.593702][ T5601] fsnotify+0xcc3/0x13a0 [ 52.598102][ T5601] path_openat+0xc1f/0x2280 [ 52.602755][ T5601] do_filp_open+0x1a9/0x3e0 [ 52.607410][ T5601] do_sys_openat2+0x11e/0x3f0 [ 52.612249][ T5601] __x64_sys_openat+0x11f/0x1d0 [ 52.617250][ T5601] do_syscall_64+0x39/0xb0 [ 52.621826][ T5601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.627871][ T5601] [ 52.630175][ T5601] -> (&new->fa_lock){....}-{2:2} { [ 52.635271][ T5601] INITIAL READ USE at: [ 52.639576][ T5601] lock_acquire+0x1af/0x520 [ 52.646055][ T5601] _raw_read_lock_irqsave+0x74/0x90 [ 52.653232][ T5601] kill_fasync+0xe9/0x370 [ 52.659538][ T5601] fsnotify_insert_event+0x31d/0x4f0 [ 52.666808][ T5601] inotify_handle_inode_event+0x295/0x580 [ 52.674504][ T5601] fsnotify+0xcc3/0x13a0 [ 52.680725][ T5601] path_openat+0xc1f/0x2280 [ 52.687210][ T5601] do_filp_open+0x1a9/0x3e0 [ 52.693686][ T5601] do_sys_openat2+0x11e/0x3f0 [ 52.700340][ T5601] __x64_sys_openat+0x11f/0x1d0 [ 52.707170][ T5601] do_syscall_64+0x39/0xb0 [ 52.713564][ T5601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.721437][ T5601] } [ 52.723915][ T5601] ... key at: [] __key.0+0x0/0x40 [ 52.731012][ T5601] ... acquired at: [ 52.734896][ T5601] lock_acquire+0x1af/0x520 [ 52.739552][ T5601] _raw_read_lock_irqsave+0x74/0x90 [ 52.744907][ T5601] kill_fasync+0xe9/0x370 [ 52.749391][ T5601] evdev_pass_values.part.0+0x577/0xb10 [ 52.755131][ T5601] evdev_events+0x293/0x310 [ 52.759787][ T5601] input_to_handler+0x23d/0x4a0 [ 52.764795][ T5601] input_pass_values.part.0+0x1a3/0x580 [ 52.770510][ T5601] input_event_dispose+0x4ef/0x6d0 [ 52.775780][ T5601] input_inject_event+0x183/0x240 [ 52.780967][ T5601] evdev_write+0x359/0x6c0 [ 52.785536][ T5601] vfs_write+0x209/0xd80 [ 52.789932][ T5601] ksys_write+0x16f/0x1c0 [ 52.794413][ T5601] do_syscall_64+0x39/0xb0 [ 52.798979][ T5601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.805026][ T5601] [ 52.807330][ T5601] [ 52.807330][ T5601] stack backtrace: [ 52.813195][ T5601] CPU: 1 PID: 5601 Comm: syz-executor.0 Not tainted 6.3.0-rc4-syzkaller #0 [ 52.821760][ T5601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 52.831799][ T5601] Call Trace: [ 52.835074][ T5601] [ 52.837991][ T5601] dump_stack_lvl+0x64/0xb0 [ 52.842474][ T5601] check_irq_usage+0x114e/0x1a40 [ 52.847395][ T5601] ? save_trace+0xb20/0xb20 [ 52.851884][ T5601] ? print_shortest_lock_dependencies_backwards+0x1e0/0x1e0 [ 52.859162][ T5601] ? register_lock_class+0xbe/0x1120 [ 52.864434][ T5601] ? mark_lock.part.0+0xee/0x1970 [ 52.869523][ T5601] ? check_path.constprop.0+0x24/0x50 [ 52.874874][ T5601] ? register_lock_class+0xbe/0x1120 [ 52.880138][ T5601] ? print_circular_bug+0x5c0/0x5c0 [ 52.885312][ T5601] ? is_dynamic_key.part.0+0x190/0x190 [ 52.890749][ T5601] __lock_acquire+0x2edf/0x5d40 [ 52.895578][ T5601] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 52.901532][ T5601] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 52.907488][ T5601] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 52.913441][ T5601] ? __wake_up_common_lock+0xe2/0x140 [ 52.918879][ T5601] ? lock_downgrade+0x690/0x690 [ 52.923706][ T5601] lock_acquire+0x1af/0x520 [ 52.928191][ T5601] ? kill_fasync+0xe9/0x370 [ 52.932673][ T5601] ? lock_release+0x670/0x670 [ 52.937323][ T5601] ? lock_release+0x670/0x670 [ 52.941974][ T5601] ? lock_release+0x670/0x670 [ 52.946629][ T5601] ? __wake_up_common+0x650/0x650 [ 52.951627][ T5601] ? do_raw_spin_lock+0x124/0x2b0 [ 52.956631][ T5601] _raw_read_lock_irqsave+0x74/0x90 [ 52.961806][ T5601] ? kill_fasync+0xe9/0x370 [ 52.966286][ T5601] kill_fasync+0xe9/0x370 [ 52.970595][ T5601] evdev_pass_values.part.0+0x577/0xb10 [ 52.976123][ T5601] ? evdev_free+0x60/0x60 [ 52.980431][ T5601] evdev_events+0x293/0x310 [ 52.984914][ T5601] input_to_handler+0x23d/0x4a0 [ 52.989745][ T5601] input_pass_values.part.0+0x1a3/0x580 [ 52.995271][ T5601] input_event_dispose+0x4ef/0x6d0 [ 53.000361][ T5601] input_inject_event+0x183/0x240 [ 53.005363][ T5601] evdev_write+0x359/0x6c0 [ 53.009757][ T5601] ? evdev_read+0xbc0/0xbc0 [ 53.014240][ T5601] ? apparmor_file_permission+0x152/0x460 [ 53.019936][ T5601] vfs_write+0x209/0xd80 [ 53.024162][ T5601] ? kernel_write+0x5d0/0x5d0 [ 53.028816][ T5601] ? __fget_files+0x1bf/0x3c0 [ 53.033474][ T5601] ? __fget_light+0xb9/0x210 [ 53.038044][ T5601] ksys_write+0x16f/0x1c0 [ 53.042350][ T5601] ? __ia32_sys_read+0xa0/0xa0 [ 53.047094][ T5601] ? syscall_enter_from_user_mode+0x26/0x80 [ 53.052963][ T5601] do_syscall_64+0x39/0xb0 [ 53.057360][ T5601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.063234][ T5601] RIP: 0033:0x7f85f1a8c0c9 [ 53.067631][ T5601] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 53.087213][ T5601] RSP: 002b:00007f85f2875168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 53.095600][ T5601] RAX: ffffffffffffffda RBX: 00007f85f1babf80 RCX: 00007f85f1a8c0c9 [ 53.103549][ T5601] RDX: 0000000000002ad8 RSI: 0000000020000040 RDI: 0000000000000005 [ 53.111500][ T5601] RBP: 00007f85f1ae7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 53.119447][ T5601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.127398][ T5601] R13: 00007ffc9a17c5ef R14: 00007f85f2875300 R15: 0000000000022000 [ 53.135353][ T5601] [ 53.138913][ T5076] Bluetooth: hci0: command 0x0409 tx timeout 2023/04/02 09:05:37 executed programs: 74 [ 55.148193][ T5076] Bluetooth: hci0: command 0x041b tx timeout [ 57.228083][ T5076] Bluetooth: hci0: command 0x040f tx timeout [ 59.308218][ T5076] Bluetooth: hci0: command 0x0419 tx timeout 2023/04/02 09:05:42 executed programs: 804