Warning: Permanently added '10.128.0.112' (ED25519) to the list of known hosts. 2025/11/21 04:52:15 parsed 1 programs syzkaller login: [ 81.127648][ T5795] cgroup: Unknown subsys name 'net' [ 81.292628][ T5795] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.189270][ T5795] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.681406][ T2962] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.693880][ T2962] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.736531][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.744436][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.180335][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.188876][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.197105][ T5830] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.205690][ T5830] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.213705][ T5830] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.221050][ T5830] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.780132][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 86.861857][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.869618][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.876904][ T5842] bridge_slave_0: entered allmulticast mode [ 86.886447][ T5842] bridge_slave_0: entered promiscuous mode [ 86.921261][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.928663][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.936124][ T5842] bridge_slave_1: entered allmulticast mode [ 86.943388][ T5842] bridge_slave_1: entered promiscuous mode [ 86.983353][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.012061][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.086310][ T5842] team0: Port device team_slave_0 added [ 87.096232][ T5842] team0: Port device team_slave_1 added [ 87.125926][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.133455][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.159708][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.184182][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.191243][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.218112][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.304262][ T5842] hsr_slave_0: entered promiscuous mode [ 87.312374][ T5842] hsr_slave_1: entered promiscuous mode [ 87.573962][ T5842] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.585465][ T5842] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.601993][ T5842] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.613127][ T5842] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.643687][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.651130][ T5842] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.659063][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.666239][ T5842] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.729465][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.756445][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.764709][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.784706][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.802495][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.809701][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.823735][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.830884][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.040753][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.088295][ T5842] veth0_vlan: entered promiscuous mode [ 88.099927][ T5842] veth1_vlan: entered promiscuous mode [ 88.129658][ T5842] veth0_macvtap: entered promiscuous mode [ 88.146791][ T5842] veth1_macvtap: entered promiscuous mode [ 88.166657][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.185081][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.199414][ T5842] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.209587][ T5842] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.219366][ T5842] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.228458][ T5842] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.405488][ T39] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/11/21 04:52:27 executed programs: 0 [ 90.945353][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.956831][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.964711][ T5830] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.974095][ T5830] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.981831][ T5830] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 90.989786][ T5830] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.147917][ T5905] chnl_net:caif_netlink_parms(): no params data found [ 91.182476][ T39] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.244258][ T5905] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.251537][ T5905] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.258980][ T5905] bridge_slave_0: entered allmulticast mode [ 91.266548][ T5905] bridge_slave_0: entered promiscuous mode [ 91.274513][ T5905] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.281619][ T5905] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.289556][ T5905] bridge_slave_1: entered allmulticast mode [ 91.296618][ T5905] bridge_slave_1: entered promiscuous mode [ 91.329179][ T5905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.341018][ T5905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.377274][ T5905] team0: Port device team_slave_0 added [ 91.386318][ T5905] team0: Port device team_slave_1 added [ 91.416070][ T5905] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.423410][ T5905] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.450099][ T5905] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.463331][ T5905] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.470308][ T5905] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.497021][ T5905] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.539433][ T5905] hsr_slave_0: entered promiscuous mode [ 91.546126][ T5905] hsr_slave_1: entered promiscuous mode [ 91.552524][ T5905] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.560510][ T5905] Cannot create hsr debugfs directory [ 92.075036][ T27] cfg80211: failed to load regulatory.db [ 93.033994][ T5105] Bluetooth: hci0: command tx timeout [ 93.616015][ T39] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.668139][ T39] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.541123][ T5905] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.564872][ T39] hsr_slave_0: left promiscuous mode [ 94.571376][ T39] hsr_slave_1: left promiscuous mode [ 94.578301][ T39] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 94.586328][ T39] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 94.596113][ T39] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 94.603846][ T39] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 94.611817][ T39] bridge_slave_1: left allmulticast mode [ 94.618617][ T39] bridge_slave_1: left promiscuous mode [ 94.627703][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.640819][ T39] bridge_slave_0: left allmulticast mode [ 94.648186][ T39] bridge_slave_0: left promiscuous mode [ 94.654433][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.687758][ T39] veth1_macvtap: left promiscuous mode [ 94.693785][ T39] veth0_macvtap: left promiscuous mode [ 94.699483][ T39] veth1_vlan: left promiscuous mode [ 94.705578][ T39] veth0_vlan: left promiscuous mode [ 95.119437][ T39] team0 (unregistering): Port device team_slave_1 removed [ 95.127225][ T5105] Bluetooth: hci0: command tx timeout [ 95.156833][ T39] team0 (unregistering): Port device team_slave_0 removed [ 95.186466][ T39] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 95.218042][ T39] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 95.508215][ T39] bond0 (unregistering): Released all slaves [ 95.594162][ T5905] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.605157][ T5905] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.619189][ T5905] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.719485][ T5905] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.739869][ T5905] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.759196][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.766435][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.784074][ T2962] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.791232][ T2962] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.019729][ T5905] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.072397][ T5905] veth0_vlan: entered promiscuous mode [ 96.101095][ T5905] veth1_vlan: entered promiscuous mode [ 96.164147][ T5905] veth0_macvtap: entered promiscuous mode [ 96.184259][ T5905] veth1_macvtap: entered promiscuous mode [ 96.220504][ T5905] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.238198][ T5905] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.263028][ T5905] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.271815][ T5905] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.280887][ T5905] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.289881][ T5905] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.356448][ T3483] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.368384][ T3483] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.396235][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 2025/11/21 04:52:32 executed programs: 2 [ 96.404586][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.463517][ T5952] [ 96.465895][ T5952] ===================================================== [ 96.472823][ T5952] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 96.480277][ T5952] syzkaller #0 Not tainted [ 96.484697][ T5952] ----------------------------------------------------- [ 96.491758][ T5952] syz.0.17/5952 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 96.499215][ T5952] ffff88802f513a18 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x33/0x360 [ 96.508016][ T5952] [ 96.508016][ T5952] and this task is already holding: [ 96.515396][ T5952] ffff888024652018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x192/0x4b0 [ 96.524110][ T5952] which would create a new lock dependency: [ 96.529998][ T5952] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){....}-{2:2} [ 96.537750][ T5952] [ 96.537750][ T5952] but this new dependency connects a HARDIRQ-irq-safe lock: [ 96.547202][ T5952] (&dev->event_lock#2){-...}-{2:2} [ 96.547234][ T5952] [ 96.547234][ T5952] ... which became HARDIRQ-irq-safe at: [ 96.560138][ T5952] lock_acquire+0x197/0x410 [ 96.564742][ T5952] _raw_spin_lock_irqsave+0xa8/0xf0 [ 96.570037][ T5952] input_event+0x7a/0xc0 [ 96.574382][ T5952] psmouse_report_standard_packet+0x53/0x200 [ 96.580567][ T5952] psmouse_process_byte+0x478/0x670 [ 96.585875][ T5952] psmouse_handle_byte+0x43/0x490 [ 96.591009][ T5952] ps2_interrupt+0x164/0x980 [ 96.595702][ T5952] serio_interrupt+0x8b/0x130 [ 96.600475][ T5952] i8042_interrupt+0x394/0x730 [ 96.605336][ T5952] __handle_irq_event_percpu+0x276/0x930 [ 96.611071][ T5952] handle_irq_event+0x8b/0x1e0 [ 96.615938][ T5952] handle_edge_irq+0x247/0xb30 [ 96.620809][ T5952] __common_interrupt+0x13b/0x230 [ 96.625926][ T5952] common_interrupt+0xb4/0xd0 [ 96.630705][ T5952] asm_common_interrupt+0x26/0x40 [ 96.635821][ T5952] _raw_spin_unlock_irqrestore+0xa9/0x110 [ 96.641653][ T5952] i8042_aux_write+0x109/0x170 [ 96.646546][ T5952] ps2_do_sendbyte+0x1ff/0x6d0 [ 96.651416][ T5952] ps2_sendbyte+0x5f/0x120 [ 96.655939][ T5952] cypress_send_ext_cmd+0x23d/0x920 [ 96.661231][ T5952] cypress_detect+0x8d/0x190 [ 96.665920][ T5952] psmouse_extensions+0x467/0xbe0 [ 96.671075][ T5952] psmouse_switch_protocol+0xdc/0x610 [ 96.676558][ T5952] psmouse_connect+0x89f/0x1470 [ 96.681512][ T5952] serio_driver_probe+0x7a/0xa0 [ 96.686460][ T5952] really_probe+0x25b/0xb40 [ 96.691064][ T5952] __driver_probe_device+0x18c/0x330 [ 96.696451][ T5952] driver_probe_device+0x4f/0x420 [ 96.701573][ T5952] __driver_attach+0x44e/0x6f0 [ 96.706437][ T5952] bus_for_each_dev+0x22d/0x2a0 [ 96.711400][ T5952] serio_handle_event+0x1a2/0x860 [ 96.716519][ T5952] process_scheduled_works+0xa45/0x15b0 [ 96.722165][ T5952] worker_thread+0xa55/0xfc0 [ 96.726848][ T5952] kthread+0x2fa/0x390 [ 96.731006][ T5952] ret_from_fork+0x48/0x80 [ 96.735523][ T5952] ret_from_fork_asm+0x11/0x20 [ 96.740391][ T5952] [ 96.740391][ T5952] to a HARDIRQ-irq-unsafe lock: [ 96.747421][ T5952] (tasklist_lock){.+.+}-{2:2} [ 96.747446][ T5952] [ 96.747446][ T5952] ... which became HARDIRQ-irq-unsafe at: [ 96.760090][ T5952] ... [ 96.760097][ T5952] lock_acquire+0x197/0x410 [ 96.767291][ T5952] _raw_read_lock+0x36/0x50 [ 96.771893][ T5952] do_wait+0x294/0xaf0 [ 96.776086][ T5952] kernel_wait+0xac/0x170 [ 96.780521][ T5952] call_usermodehelper_exec_work+0xb9/0x220 [ 96.786524][ T5952] process_scheduled_works+0xa45/0x15b0 [ 96.792175][ T5952] worker_thread+0xa55/0xfc0 [ 96.796862][ T5952] kthread+0x2fa/0x390 [ 96.801022][ T5952] ret_from_fork+0x48/0x80 [ 96.805537][ T5952] ret_from_fork_asm+0x11/0x20 [ 96.810404][ T5952] [ 96.810404][ T5952] other info that might help us debug this: [ 96.810404][ T5952] [ 96.820689][ T5952] Chain exists of: [ 96.820689][ T5952] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 96.820689][ T5952] [ 96.833664][ T5952] Possible interrupt unsafe locking scenario: [ 96.833664][ T5952] [ 96.841993][ T5952] CPU0 CPU1 [ 96.847383][ T5952] ---- ---- [ 96.852746][ T5952] lock(tasklist_lock); [ 96.856993][ T5952] local_irq_disable(); [ 96.863750][ T5952] lock(&dev->event_lock#2); [ 96.870964][ T5952] lock(&new->fa_lock); [ 96.877728][ T5952] [ 96.881182][ T5952] lock(&dev->event_lock#2); [ 96.886046][ T5952] [ 96.886046][ T5952] *** DEADLOCK *** [ 96.886046][ T5952] [ 96.894189][ T5952] 8 locks held by syz.0.17/5952: [ 96.899124][ T5952] #0: ffff888025fe2110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x17b/0x470 [ 96.908285][ T5952] #1: ffff888142afc230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xab/0x320 [ 96.918397][ T5952] #2: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xbc/0x320 [ 96.928145][ T5952] #3: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0xa3/0x1300 [ 96.937806][ T5952] #4: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x79/0x330 [ 96.946948][ T5952] #5: ffff88802c574028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0 [ 96.957137][ T5952] #6: ffffffff8cd2fee0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x53/0x4b0 [ 96.966297][ T5952] #7: ffff888024652018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x192/0x4b0 [ 96.975448][ T5952] [ 96.975448][ T5952] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 96.985847][ T5952] -> (&dev->event_lock#2){-...}-{2:2} { [ 96.991619][ T5952] IN-HARDIRQ-W at: [ 96.995778][ T5952] lock_acquire+0x197/0x410 [ 97.002288][ T5952] _raw_spin_lock_irqsave+0xa8/0xf0 [ 97.009486][ T5952] input_event+0x7a/0xc0 [ 97.015732][ T5952] psmouse_report_standard_packet+0x53/0x200 [ 97.023716][ T5952] psmouse_process_byte+0x478/0x670 [ 97.030915][ T5952] psmouse_handle_byte+0x43/0x490 [ 97.037943][ T5952] ps2_interrupt+0x164/0x980 [ 97.044535][ T5952] serio_interrupt+0x8b/0x130 [ 97.051226][ T5952] i8042_interrupt+0x394/0x730 [ 97.057987][ T5952] __handle_irq_event_percpu+0x276/0x930 [ 97.065625][ T5952] handle_irq_event+0x8b/0x1e0 [ 97.072397][ T5952] handle_edge_irq+0x247/0xb30 [ 97.079163][ T5952] __common_interrupt+0x13b/0x230 [ 97.086188][ T5952] common_interrupt+0xb4/0xd0 [ 97.092877][ T5952] asm_common_interrupt+0x26/0x40 [ 97.099999][ T5952] _raw_spin_unlock_irqrestore+0xa9/0x110 [ 97.107730][ T5952] i8042_aux_write+0x109/0x170 [ 97.114506][ T5952] ps2_do_sendbyte+0x1ff/0x6d0 [ 97.121303][ T5952] ps2_sendbyte+0x5f/0x120 [ 97.127727][ T5952] cypress_send_ext_cmd+0x23d/0x920 [ 97.134945][ T5952] cypress_detect+0x8d/0x190 [ 97.141558][ T5952] psmouse_extensions+0x467/0xbe0 [ 97.148588][ T5952] psmouse_switch_protocol+0xdc/0x610 [ 97.155966][ T5952] psmouse_connect+0x89f/0x1470 [ 97.162829][ T5952] serio_driver_probe+0x7a/0xa0 [ 97.169680][ T5952] really_probe+0x25b/0xb40 [ 97.176182][ T5952] __driver_probe_device+0x18c/0x330 [ 97.183463][ T5952] driver_probe_device+0x4f/0x420 [ 97.190484][ T5952] __driver_attach+0x44e/0x6f0 [ 97.197252][ T5952] bus_for_each_dev+0x22d/0x2a0 [ 97.204101][ T5952] serio_handle_event+0x1a2/0x860 [ 97.211131][ T5952] process_scheduled_works+0xa45/0x15b0 [ 97.218694][ T5952] worker_thread+0xa55/0xfc0 [ 97.225731][ T5952] kthread+0x2fa/0x390 [ 97.231801][ T5952] ret_from_fork+0x48/0x80 [ 97.238226][ T5952] ret_from_fork_asm+0x11/0x20 [ 97.245021][ T5952] INITIAL USE at: [ 97.249093][ T5952] lock_acquire+0x197/0x410 [ 97.255508][ T5952] _raw_spin_lock_irqsave+0xa8/0xf0 [ 97.262618][ T5952] input_inject_event+0xab/0x320 [ 97.269483][ T5952] led_trigger_event+0x133/0x210 [ 97.276337][ T5952] kbd_led_trigger_activate+0xbd/0x100 [ 97.283730][ T5952] led_trigger_set+0x524/0x940 [ 97.290407][ T5952] led_trigger_set_default+0x1a0/0x1e0 [ 97.297783][ T5952] led_classdev_register_ext+0x6e9/0x940 [ 97.305329][ T5952] input_leds_connect+0x4eb/0x6b0 [ 97.312268][ T5952] input_register_device+0xcdc/0x1070 [ 97.319563][ T5952] atkbd_connect+0x6fb/0x9a0 [ 97.326067][ T5952] serio_driver_probe+0x7a/0xa0 [ 97.332830][ T5952] really_probe+0x25b/0xb40 [ 97.339244][ T5952] __driver_probe_device+0x18c/0x330 [ 97.346438][ T5952] driver_probe_device+0x4f/0x420 [ 97.353381][ T5952] __driver_attach+0x44e/0x6f0 [ 97.360063][ T5952] bus_for_each_dev+0x22d/0x2a0 [ 97.366824][ T5952] serio_handle_event+0x1a2/0x860 [ 97.373762][ T5952] process_scheduled_works+0xa45/0x15b0 [ 97.381221][ T5952] worker_thread+0xa55/0xfc0 [ 97.387722][ T5952] kthread+0x2fa/0x390 [ 97.393717][ T5952] ret_from_fork+0x48/0x80 [ 97.400047][ T5952] ret_from_fork_asm+0x11/0x20 [ 97.406730][ T5952] } [ 97.409401][ T5952] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 97.418602][ T5952] -> (&client->buffer_lock){....}-{2:2} { [ 97.424437][ T5952] INITIAL USE at: [ 97.428432][ T5952] lock_acquire+0x197/0x410 [ 97.434678][ T5952] _raw_spin_lock+0x2e/0x40 [ 97.440929][ T5952] evdev_pass_values+0xcb/0xab0 [ 97.447525][ T5952] evdev_events+0x1d8/0x330 [ 97.453773][ T5952] input_pass_values+0x907/0x1300 [ 97.460547][ T5952] input_event_dispose+0x346/0x6c0 [ 97.467415][ T5952] input_inject_event+0x1f9/0x320 [ 97.474193][ T5952] evdev_write+0x32a/0x470 [ 97.480348][ T5952] vfs_write+0x288/0x940 [ 97.486329][ T5952] ksys_write+0x147/0x250 [ 97.492403][ T5952] do_syscall_64+0x55/0xb0 [ 97.498568][ T5952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 97.506213][ T5952] } [ 97.508808][ T5952] ... key at: [] evdev_open.__key.28+0x0/0x20 [ 97.517063][ T5952] ... acquired at: [ 97.520956][ T5952] _raw_spin_lock+0x2e/0x40 [ 97.525640][ T5952] evdev_pass_values+0xcb/0xab0 [ 97.530671][ T5952] evdev_events+0x1d8/0x330 [ 97.535350][ T5952] input_pass_values+0x907/0x1300 [ 97.540567][ T5952] input_event_dispose+0x346/0x6c0 [ 97.545868][ T5952] input_inject_event+0x1f9/0x320 [ 97.551079][ T5952] evdev_write+0x32a/0x470 [ 97.555700][ T5952] vfs_write+0x288/0x940 [ 97.560134][ T5952] ksys_write+0x147/0x250 [ 97.564657][ T5952] do_syscall_64+0x55/0xb0 [ 97.569281][ T5952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 97.575364][ T5952] [ 97.577692][ T5952] -> (&new->fa_lock){....}-{2:2} { [ 97.582826][ T5952] INITIAL READ USE at: [ 97.587170][ T5952] lock_acquire+0x197/0x410 [ 97.593679][ T5952] _raw_read_lock_irqsave+0xb0/0x100 [ 97.601001][ T5952] kill_fasync+0x192/0x4b0 [ 97.607420][ T5952] evdev_pass_values+0x54b/0xab0 [ 97.614363][ T5952] evdev_events+0x1d8/0x330 [ 97.620873][ T5952] input_pass_values+0x907/0x1300 [ 97.627994][ T5952] input_event_dispose+0x346/0x6c0 [ 97.635108][ T5952] input_inject_event+0x1f9/0x320 [ 97.642159][ T5952] evdev_write+0x32a/0x470 [ 97.648591][ T5952] vfs_write+0x288/0x940 [ 97.654848][ T5952] ksys_write+0x147/0x250 [ 97.661186][ T5952] do_syscall_64+0x55/0xb0 [ 97.667605][ T5952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 97.675505][ T5952] } [ 97.678007][ T5952] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 97.686712][ T5952] ... acquired at: [ 97.690521][ T5952] _raw_read_lock_irqsave+0xb0/0x100 [ 97.696010][ T5952] kill_fasync+0x192/0x4b0 [ 97.700645][ T5952] evdev_pass_values+0x54b/0xab0 [ 97.705767][ T5952] evdev_events+0x1d8/0x330 [ 97.710452][ T5952] input_pass_values+0x907/0x1300 [ 97.715668][ T5952] input_event_dispose+0x346/0x6c0 [ 97.720966][ T5952] input_inject_event+0x1f9/0x320 [ 97.726178][ T5952] evdev_write+0x32a/0x470 [ 97.730777][ T5952] vfs_write+0x288/0x940 [ 97.735200][ T5952] ksys_write+0x147/0x250 [ 97.739708][ T5952] do_syscall_64+0x55/0xb0 [ 97.744305][ T5952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 97.750373][ T5952] [ 97.752695][ T5952] [ 97.752695][ T5952] the dependencies between the lock to be acquired [ 97.752703][ T5952] and HARDIRQ-irq-unsafe lock: [ 97.766217][ T5952] -> (tasklist_lock){.+.+}-{2:2} { [ 97.771433][ T5952] HARDIRQ-ON-R at: [ 97.775510][ T5952] lock_acquire+0x197/0x410 [ 97.781839][ T5952] _raw_read_lock+0x36/0x50 [ 97.788166][ T5952] do_wait+0x294/0xaf0 [ 97.794074][ T5952] kernel_wait+0xac/0x170 [ 97.800236][ T5952] call_usermodehelper_exec_work+0xb9/0x220 [ 97.807964][ T5952] process_scheduled_works+0xa45/0x15b0 [ 97.815344][ T5952] worker_thread+0xa55/0xfc0 [ 97.821774][ T5952] kthread+0x2fa/0x390 [ 97.827661][ T5952] ret_from_fork+0x48/0x80 [ 97.833902][ T5952] ret_from_fork_asm+0x11/0x20 [ 97.840511][ T5952] SOFTIRQ-ON-R at: [ 97.844576][ T5952] lock_acquire+0x197/0x410 [ 97.850907][ T5952] _raw_read_lock+0x36/0x50 [ 97.857236][ T5952] do_wait+0x294/0xaf0 [ 97.863149][ T5952] kernel_wait+0xac/0x170 [ 97.869335][ T5952] call_usermodehelper_exec_work+0xb9/0x220 [ 97.877067][ T5952] process_scheduled_works+0xa45/0x15b0 [ 97.884444][ T5952] worker_thread+0xa55/0xfc0 [ 97.890892][ T5952] kthread+0x2fa/0x390 [ 97.896814][ T5952] ret_from_fork+0x48/0x80 [ 97.903075][ T5952] ret_from_fork_asm+0x11/0x20 [ 97.909688][ T5952] INITIAL USE at: [ 97.913762][ T5952] lock_acquire+0x197/0x410 [ 97.920007][ T5952] _raw_write_lock_irq+0xa3/0xe0 [ 97.926685][ T5952] copy_process+0x225d/0x3d70 [ 97.933110][ T5952] kernel_clone+0x21b/0x840 [ 97.939358][ T5952] user_mode_thread+0xde/0x130 [ 97.945862][ T5952] rest_init+0x27/0x300 [ 97.951761][ T5952] arch_call_rest_init+0xe/0x10 [ 97.958352][ T5952] start_kernel+0x459/0x4e0 [ 97.964601][ T5952] x86_64_start_reservations+0x2a/0x30 [ 97.971803][ T5952] copy_bootdata+0x0/0xe0 [ 97.977876][ T5952] secondary_startup_64_no_verify+0x179/0x17b [ 97.985694][ T5952] INITIAL READ USE at: [ 97.990107][ T5952] lock_acquire+0x197/0x410 [ 97.996789][ T5952] _raw_read_lock+0x36/0x50 [ 98.003465][ T5952] do_wait+0x294/0xaf0 [ 98.009710][ T5952] kernel_wait+0xac/0x170 [ 98.016218][ T5952] call_usermodehelper_exec_work+0xb9/0x220 [ 98.024288][ T5952] process_scheduled_works+0xa45/0x15b0 [ 98.032047][ T5952] worker_thread+0xa55/0xfc0 [ 98.038818][ T5952] kthread+0x2fa/0x390 [ 98.045058][ T5952] ret_from_fork+0x48/0x80 [ 98.051646][ T5952] ret_from_fork_asm+0x11/0x20 [ 98.058587][ T5952] } [ 98.061168][ T5952] ... key at: [] tasklist_lock+0x18/0x40 [ 98.068975][ T5952] ... acquired at: [ 98.072864][ T5952] _raw_read_lock+0x36/0x50 [ 98.077550][ T5952] send_sigurg+0xf0/0x3c0 [ 98.082070][ T5952] sk_send_sigurg+0x6f/0xc0 [ 98.086755][ T5952] queue_oob+0x3d7/0x4e0 [ 98.091181][ T5952] unix_stream_sendmsg+0xaa2/0xba0 [ 98.096475][ T5952] ____sys_sendmsg+0x5bf/0x950 [ 98.101421][ T5952] ___sys_sendmsg+0x220/0x290 [ 98.106282][ T5952] __sys_sendmmsg+0x275/0x4a0 [ 98.111228][ T5952] __x64_sys_sendmmsg+0xa0/0xb0 [ 98.116274][ T5952] do_syscall_64+0x55/0xb0 [ 98.120872][ T5952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 98.126958][ T5952] [ 98.129294][ T5952] -> (&f->f_owner.lock){....}-{2:2} { [ 98.134707][ T5952] INITIAL USE at: [ 98.138600][ T5952] lock_acquire+0x197/0x410 [ 98.144672][ T5952] _raw_write_lock_irq+0xa3/0xe0 [ 98.151175][ T5952] __f_setown+0x3b/0x330 [ 98.156983][ T5952] do_fcntl+0x10df/0x1380 [ 98.162880][ T5952] __se_sys_fcntl+0xc9/0x1a0 [ 98.169046][ T5952] do_syscall_64+0x55/0xb0 [ 98.175037][ T5952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 98.182501][ T5952] INITIAL READ USE at: [ 98.186837][ T5952] lock_acquire+0x197/0x410 [ 98.193353][ T5952] _raw_read_lock_irqsave+0xb0/0x100 [ 98.200640][ T5952] send_sigurg+0x29/0x3c0 [ 98.206972][ T5952] sk_send_sigurg+0x6f/0xc0 [ 98.213484][ T5952] queue_oob+0x3d7/0x4e0 [ 98.219729][ T5952] unix_stream_sendmsg+0xaa2/0xba0 [ 98.226859][ T5952] ____sys_sendmsg+0x5bf/0x950 [ 98.233655][ T5952] ___sys_sendmsg+0x220/0x290 [ 98.240340][ T5952] __sys_sendmmsg+0x275/0x4a0 [ 98.247023][ T5952] __x64_sys_sendmmsg+0xa0/0xb0 [ 98.253888][ T5952] do_syscall_64+0x55/0xb0 [ 98.260308][ T5952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 98.268234][ T5952] } [ 98.270743][ T5952] ... key at: [] init_file.__key+0x0/0x20 [ 98.278556][ T5952] ... acquired at: [ 98.282445][ T5952] _raw_read_lock_irqsave+0xb0/0x100 [ 98.287931][ T5952] send_sigio+0x33/0x360 [ 98.292354][ T5952] kill_fasync+0x228/0x4b0 [ 98.296949][ T5952] evdev_pass_values+0x54b/0xab0 [ 98.302066][ T5952] evdev_events+0x1d8/0x330 [ 98.306746][ T5952] input_pass_values+0x907/0x1300 [ 98.311952][ T5952] input_event_dispose+0x346/0x6c0 [ 98.317299][ T5952] input_inject_event+0x1f9/0x320 [ 98.322587][ T5952] evdev_write+0x32a/0x470 [ 98.327188][ T5952] vfs_write+0x288/0x940 [ 98.331615][ T5952] ksys_write+0x147/0x250 [ 98.336124][ T5952] do_syscall_64+0x55/0xb0 [ 98.340718][ T5952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 98.346786][ T5952] [ 98.349110][ T5952] [ 98.349110][ T5952] stack backtrace: [ 98.355013][ T5952] CPU: 1 PID: 5952 Comm: syz.0.17 Not tainted syzkaller #0 [ 98.362226][ T5952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 98.372296][ T5952] Call Trace: [ 98.375586][ T5952] [ 98.378530][ T5952] dump_stack_lvl+0x16c/0x230 [ 98.383239][ T5952] ? load_image+0x3b0/0x3b0 [ 98.387755][ T5952] ? show_regs_print_info+0x20/0x20 [ 98.392964][ T5952] ? load_image+0x3b0/0x3b0 [ 98.397475][ T5952] ? print_shortest_lock_dependencies+0xf4/0x160 [ 98.403826][ T5952] __lock_acquire+0x678f/0x7c80 [ 98.408696][ T5952] ? verify_lock_unused+0x140/0x140 [ 98.413904][ T5952] ? verify_lock_unused+0x140/0x140 [ 98.419114][ T5952] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 98.425013][ T5952] lock_acquire+0x197/0x410 [ 98.429525][ T5952] ? send_sigio+0x33/0x360 [ 98.434009][ T5952] ? read_lock_is_recursive+0x20/0x20 [ 98.439394][ T5952] ? read_lock_is_recursive+0x20/0x20 [ 98.444774][ T5952] _raw_read_lock_irqsave+0xb0/0x100 [ 98.450068][ T5952] ? send_sigio+0x33/0x360 [ 98.454497][ T5952] ? _raw_read_lock+0x50/0x50 [ 98.459181][ T5952] ? do_raw_read_lock+0x3d/0x90 [ 98.464038][ T5952] ? _raw_read_lock_irqsave+0xbc/0x100 [ 98.469518][ T5952] ? _raw_read_lock+0x50/0x50 [ 98.474201][ T5952] send_sigio+0x33/0x360 [ 98.478454][ T5952] kill_fasync+0x228/0x4b0 [ 98.482882][ T5952] ? kill_fasync+0x53/0x4b0 [ 98.487479][ T5952] evdev_pass_values+0x54b/0xab0 [ 98.492429][ T5952] ? evdev_pass_values+0x561/0xab0 [ 98.497565][ T5952] evdev_events+0x1d8/0x330 [ 98.502084][ T5952] ? evdev_events+0x79/0x330 [ 98.506682][ T5952] ? evdev_event+0xe0/0xe0 [ 98.511102][ T5952] input_pass_values+0x907/0x1300 [ 98.516141][ T5952] ? input_pass_values+0xa3/0x1300 [ 98.521267][ T5952] input_event_dispose+0x346/0x6c0 [ 98.526409][ T5952] input_inject_event+0x1f9/0x320 [ 98.531451][ T5952] ? input_inject_event+0xbc/0x320 [ 98.536589][ T5952] evdev_write+0x32a/0x470 [ 98.541018][ T5952] ? evdev_read+0xb50/0xb50 [ 98.545533][ T5952] ? common_file_perm+0x198/0x1f0 [ 98.550570][ T5952] ? fsnotify_perm+0x5d/0x5e0 [ 98.555253][ T5952] ? security_file_permission+0x79/0xa0 [ 98.560814][ T5952] ? evdev_read+0xb50/0xb50 [ 98.565325][ T5952] vfs_write+0x288/0x940 [ 98.569588][ T5952] ? file_end_write+0x250/0x250 [ 98.574471][ T5952] ? __ia32_sys_get_robust_list+0x90/0x90 [ 98.580205][ T5952] ? __fdget_pos+0x1d8/0x330 [ 98.584801][ T5952] ksys_write+0x147/0x250 [ 98.589232][ T5952] ? __ia32_sys_read+0x90/0x90 [ 98.594066][ T5952] ? lockdep_hardirqs_on+0x98/0x150 [ 98.599276][ T5952] do_syscall_64+0x55/0xb0 [ 98.603703][ T5952] ? clear_bhb_loop+0x40/0x90 [ 98.608388][ T5952] ? clear_bhb_loop+0x40/0x90 [ 98.613076][ T5952] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 98.618973][ T5952] RIP: 0033:0x7f7e0978f749 [ 98.623401][ T5952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.643014][ T5952] RSP: 002b:00007ffe3d7ce5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 98.651435][ T5952] RAX: ffffffffffffffda RBX: 00007f7e099e5fa0 RCX: 00007f7e0978f749 [ 98.659434][ T5952] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000006 [ 98.667416][ T5952] RBP: 00007f7e09813f91 R08: 0000000000000000 R09: 0000000000000000 [ 98.675414][ T5952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.683398][ T5952] R13: 00007f7e099e5fa0 R14: 00007f7e099e5fa0 R15: 0000000000000003 [ 98.691390][ T5952] [ 98.711271][ T5105] Bluetooth: hci0: command tx timeout [ 100.797050][ T5105] Bluetooth: hci0: command tx timeout 2025/11/21 04:52:38 executed programs: 8