| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] Monthly fs report (May 2023) | 0 (1) | 2023/05/06 14:02 |
| [syzbot] [fs?] possible deadlock in evdev_pass_values (2) | 0 (1) | 2023/04/21 09:42 |
syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [965] ≡ Subsystems 🐞 Fixed [4559] 🐞 Invalid [10500] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] Monthly fs report (May 2023) | 0 (1) | 2023/05/06 14:02 |
| [syzbot] [fs?] possible deadlock in evdev_pass_values (2) | 0 (1) | 2023/04/21 09:42 |
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
6.4.0-rc4-syzkaller-00014-gac2263b588df #0 Not tainted
-----------------------------------------------------
syz-executor.0/25098 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff8c40a098 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xaf/0x3b0 fs/fcntl.c:793
and this task is already holding:
ffff8880288ca130 (&f->f_owner.lock){...-}-{2:2}, at: send_sigio+0x28/0x3b0 fs/fcntl.c:779
which would create a new lock dependency:
(&f->f_owner.lock){...-}-{2:2} -> (tasklist_lock){.+.+}-{2:2}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&client->buffer_lock){..-.}-{2:2}
... which became SOFTIRQ-irq-safe at:
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:350 [inline]
evdev_pass_values.part.0+0xf6/0x960 drivers/input/evdev.c:261
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x3b4/0x430 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:129
input_pass_values.part.0+0x230/0x760 drivers/input/input.c:161
input_pass_values drivers/input/input.c:148 [inline]
input_event_dispose+0x5cf/0x730 drivers/input/input.c:376
input_handle_event+0x120/0xe70 drivers/input/input.c:404
input_event drivers/input/input.c:433 [inline]
input_event+0x83/0xa0 drivers/input/input.c:425
input_sync include/linux/input.h:450 [inline]
hidinput_hid_event+0xa0e/0x2060 drivers/hid/hid-input.c:1715
hid_process_event+0x491/0x5c0 drivers/hid/hid-core.c:1534
hid_process_report drivers/hid/hid-core.c:1682 [inline]
hid_report_raw_event+0x9e5/0x1220 drivers/hid/hid-core.c:2009
hid_input_report+0x341/0x440 drivers/hid/hid-core.c:2083
hid_irq_in+0x35d/0x850 drivers/hid/usbhid/hid-core.c:284
__usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671
usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754
dummy_timer+0x13b6/0x3400 drivers/usb/gadget/udc/dummy_hcd.c:1988
call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700
expire_timers+0x29b/0x4b0 kernel/time/timer.c:1751
__run_timers kernel/time/timer.c:2022 [inline]
__run_timers kernel/time/timer.c:1995 [inline]
run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035
__do_softirq+0x1d4/0x905 kernel/softirq.c:571
invoke_softirq kernel/softirq.c:445 [inline]
__irq_exit_rcu+0x114/0x190 kernel/softirq.c:650
irq_exit_rcu+0x9/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline]
acpi_safe_halt+0x40/0x50 drivers/acpi/processor_idle.c:112
acpi_idle_do_entry+0x53/0x70 drivers/acpi/processor_idle.c:573
acpi_idle_enter+0x173/0x290 drivers/acpi/processor_idle.c:711
cpuidle_enter_state+0xd3/0x6f0 drivers/cpuidle/cpuidle.c:267
cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:388
cpuidle_idle_call kernel/sched/idle.c:215 [inline]
do_idle+0x2fe/0x3c0 kernel/sched/idle.c:282
cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:379
start_secondary+0x221/0x2b0 arch/x86/kernel/smpboot.c:269
secondary_startup_64_no_verify+0xf4/0xfb
to a SOFTIRQ-irq-unsafe lock:
(tasklist_lock){.+.+}-{2:2}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
do_wait+0x283/0xc30 kernel/exit.c:1604
kernel_wait+0xa0/0x150 kernel/exit.c:1794
call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
call_usermodehelper_exec_work+0xf9/0x180 kernel/umh.c:164
process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405
worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552
kthread+0x344/0x440 kernel/kthread.c:379
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
other info that might help us debug this:
Chain exists of:
&client->buffer_lock --> &f->f_owner.lock --> tasklist_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(tasklist_lock);
local_irq_disable();
lock(&client->buffer_lock);
lock(&f->f_owner.lock);
<Interrupt>
lock(&client->buffer_lock);
*** DEADLOCK ***
5 locks held by syz-executor.0/25098:
#0: ffff88804e68c460 (sb_writers#5){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3549 [inline]
#0: ffff88804e68c460 (sb_writers#5){.+.+}-{0:0}, at: path_openat+0x2716/0x2750 fs/namei.c:3788
#1: ffff88802629cde8 (&type->i_mutex_dir_key#5){++++}-{3:3}, at: inode_lock include/linux/fs.h:775 [inline]
#1: ffff88802629cde8 (&type->i_mutex_dir_key#5){++++}-{3:3}, at: open_last_lookups fs/namei.c:3557 [inline]
#1: ffff88802629cde8 (&type->i_mutex_dir_key#5){++++}-{3:3}, at: path_openat+0x90f/0x2750 fs/namei.c:3788
#2: ffffffff91e70bf0 (&fsnotify_mark_srcu){.+.+}-{0:0}, at: fsnotify+0x2f8/0x16e0 fs/notify/fsnotify.c:544
#3: ffff88804ba3d038 (&mark->lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline]
#3: ffff88804ba3d038 (&mark->lock){+.+.}-{2:2}, at: dnotify_handle_event+0x4b/0x280 fs/notify/dnotify/dnotify.c:107
#4: ffff8880288ca130 (&f->f_owner.lock){...-}-{2:2}, at: send_sigio+0x28/0x3b0 fs/fcntl.c:779
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&client->buffer_lock){..-.}-{2:2} {
IN-SOFTIRQ-W at:
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:350 [inline]
evdev_pass_values.part.0+0xf6/0x960 drivers/input/evdev.c:261
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x3b4/0x430 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:129
input_pass_values.part.0+0x230/0x760 drivers/input/input.c:161
input_pass_values drivers/input/input.c:148 [inline]
input_event_dispose+0x5cf/0x730 drivers/input/input.c:376
input_handle_event+0x120/0xe70 drivers/input/input.c:404
input_event drivers/input/input.c:433 [inline]
input_event+0x83/0xa0 drivers/input/input.c:425
input_sync include/linux/input.h:450 [inline]
hidinput_hid_event+0xa0e/0x2060 drivers/hid/hid-input.c:1715
hid_process_event+0x491/0x5c0 drivers/hid/hid-core.c:1534
hid_process_report drivers/hid/hid-core.c:1682 [inline]
hid_report_raw_event+0x9e5/0x1220 drivers/hid/hid-core.c:2009
hid_input_report+0x341/0x440 drivers/hid/hid-core.c:2083
hid_irq_in+0x35d/0x850 drivers/hid/usbhid/hid-core.c:284
__usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671
usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754
dummy_timer+0x13b6/0x3400 drivers/usb/gadget/udc/dummy_hcd.c:1988
call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700
expire_timers+0x29b/0x4b0 kernel/time/timer.c:1751
__run_timers kernel/time/timer.c:2022 [inline]
__run_timers kernel/time/timer.c:1995 [inline]
run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035
__do_softirq+0x1d4/0x905 kernel/softirq.c:571
invoke_softirq kernel/softirq.c:445 [inline]
__irq_exit_rcu+0x114/0x190 kernel/softirq.c:650
irq_exit_rcu+0x9/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline]
acpi_safe_halt+0x40/0x50 drivers/acpi/processor_idle.c:112
acpi_idle_do_entry+0x53/0x70 drivers/acpi/processor_idle.c:573
acpi_idle_enter+0x173/0x290 drivers/acpi/processor_idle.c:711
cpuidle_enter_state+0xd3/0x6f0 drivers/cpuidle/cpuidle.c:267
cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:388
cpuidle_idle_call kernel/sched/idle.c:215 [inline]
do_idle+0x2fe/0x3c0 kernel/sched/idle.c:282
cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:379
start_secondary+0x221/0x2b0 arch/x86/kernel/smpboot.c:269
secondary_startup_64_no_verify+0xf4/0xfb
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:350 [inline]
evdev_pass_values.part.0+0xf6/0x960 drivers/input/evdev.c:261
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x3b4/0x430 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:129
input_pass_values.part.0+0x230/0x760 drivers/input/input.c:161
input_pass_values drivers/input/input.c:148 [inline]
input_event_dispose+0x5cf/0x730 drivers/input/input.c:376
input_handle_event+0x120/0xe70 drivers/input/input.c:404
input_event drivers/input/input.c:433 [inline]
input_event+0x83/0xa0 drivers/input/input.c:425
input_sync include/linux/input.h:450 [inline]
hidinput_hid_event+0xa0e/0x2060 drivers/hid/hid-input.c:1715
hid_process_event+0x491/0x5c0 drivers/hid/hid-core.c:1534
hid_process_report drivers/hid/hid-core.c:1682 [inline]
hid_report_raw_event+0x9e5/0x1220 drivers/hid/hid-core.c:2009
hid_input_report+0x341/0x440 drivers/hid/hid-core.c:2083
hid_irq_in+0x35d/0x850 drivers/hid/usbhid/hid-core.c:284
__usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671
usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754
dummy_timer+0x13b6/0x3400 drivers/usb/gadget/udc/dummy_hcd.c:1988
call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700
expire_timers+0x29b/0x4b0 kernel/time/timer.c:1751
__run_timers kernel/time/timer.c:2022 [inline]
__run_timers kernel/time/timer.c:1995 [inline]
run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035
__do_softirq+0x1d4/0x905 kernel/softirq.c:571
invoke_softirq kernel/softirq.c:445 [inline]
__irq_exit_rcu+0x114/0x190 kernel/softirq.c:650
irq_exit_rcu+0x9/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline]
acpi_safe_halt+0x40/0x50 drivers/acpi/processor_idle.c:112
acpi_idle_do_entry+0x53/0x70 drivers/acpi/processor_idle.c:573
acpi_idle_enter+0x173/0x290 drivers/acpi/processor_idle.c:711
cpuidle_enter_state+0xd3/0x6f0 drivers/cpuidle/cpuidle.c:267
cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:388
cpuidle_idle_call kernel/sched/idle.c:215 [inline]
do_idle+0x2fe/0x3c0 kernel/sched/idle.c:282
cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:379
start_secondary+0x221/0x2b0 arch/x86/kernel/smpboot.c:269
secondary_startup_64_no_verify+0xf4/0xfb
}
... key at: [<ffffffff92114ca0>] __key.3+0x0/0x40
-> (&new->fa_lock){....}-{2:2} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326
fasync_remove_entry+0xba/0x1f0 fs/fcntl.c:874
fasync_helper+0xa2/0xb0 fs/fcntl.c:977
lease_modify fs/locks.c:1387 [inline]
lease_modify+0x28e/0x3c0 fs/locks.c:1374
locks_remove_lease fs/locks.c:2601 [inline]
locks_remove_file+0x2a0/0x5b0 fs/locks.c:2626
__fput+0x1b5/0xa90 fs/file_table.c:313
task_work_run+0x16f/0x270 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:297
do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:997 [inline]
kill_fasync fs/fcntl.c:1018 [inline]
kill_fasync+0x139/0x4f0 fs/fcntl.c:1011
fsnotify_insert_event+0x3b9/0x500 fs/notify/notification.c:128
fsnotify_add_event include/linux/fsnotify_backend.h:627 [inline]
inotify_handle_inode_event+0x39b/0x5f0 fs/notify/inotify/inotify_fsnotify.c:126
inotify_ignored_and_remove_idr+0x28/0x70 fs/notify/inotify/inotify_user.c:527
fsnotify_free_mark+0xe9/0x140 fs/notify/mark.c:490
fsnotify_destroy_mark fs/notify/mark.c:499 [inline]
fsnotify_destroy_marks+0x33e/0x4b0 fs/notify/mark.c:854
fsnotify_inoderemove include/linux/fsnotify.h:193 [inline]
dentry_unlink_inode+0x3aa/0x460 fs/dcache.c:397
d_delete fs/dcache.c:2565 [inline]
d_delete+0x16f/0x1c0 fs/dcache.c:2554
d_delete_notify include/linux/fsnotify.h:259 [inline]
vfs_rmdir.part.0+0x3a9/0x5a0 fs/namei.c:4211
vfs_rmdir fs/namei.c:4183 [inline]
do_rmdir+0x3ae/0x430 fs/namei.c:4257
__do_sys_rmdir fs/namei.c:4276 [inline]
__se_sys_rmdir fs/namei.c:4274 [inline]
__x64_sys_rmdir+0xca/0x110 fs/namei.c:4274
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
}
... key at: [<ffffffff91e6dd20>] __key.0+0x0/0x40
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:997 [inline]
kill_fasync fs/fcntl.c:1018 [inline]
kill_fasync+0x139/0x4f0 fs/fcntl.c:1011
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x667/0x960 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x3b4/0x430 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:129
input_pass_values.part.0+0x230/0x760 drivers/input/input.c:161
input_pass_values drivers/input/input.c:148 [inline]
input_event_dispose+0x5cf/0x730 drivers/input/input.c:376
input_handle_event+0x120/0xe70 drivers/input/input.c:404
input_inject_event+0x1c7/0x390 drivers/input/input.c:463
evdev_write+0x434/0x760 drivers/input/evdev.c:530
vfs_write+0x2ae/0xd50 fs/read_write.c:582
ksys_write+0x1ec/0x250 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
-> (&f->f_owner.lock){...-}-{2:2} {
IN-SOFTIRQ-R at:
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x49/0x90 kernel/locking/spinlock.c:236
send_sigurg+0x22/0xbd0 fs/fcntl.c:818
sk_send_sigurg+0x7a/0x370 net/core/sock.c:3346
tcp_check_urg net/ipv4/tcp_input.c:5626 [inline]
tcp_urg+0x38e/0xb40 net/ipv4/tcp_input.c:5667
tcp_rcv_established+0x817/0x1f90 net/ipv4/tcp_input.c:6016
tcp_v4_do_rcv+0x65a/0x9c0 net/ipv4/tcp_ipv4.c:1722
tcp_v4_rcv+0x30ed/0x3300 net/ipv4/tcp_ipv4.c:2144
ip_protocol_deliver_rcu+0x9f/0x480 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x2ec/0x520 net/ipv4/ip_input.c:233
NF_HOOK include/linux/netfilter.h:303 [inline]
NF_HOOK include/linux/netfilter.h:297 [inline]
ip_local_deliver+0x1ae/0x200 net/ipv4/ip_input.c:254
dst_input include/net/dst.h:468 [inline]
ip_rcv_finish+0x1cf/0x2f0 net/ipv4/ip_input.c:449
NF_HOOK include/linux/netfilter.h:303 [inline]
NF_HOOK include/linux/netfilter.h:297 [inline]
ip_rcv+0xae/0xd0 net/ipv4/ip_input.c:569
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5491
__netif_receive_skb+0x1f/0x1c0 net/core/dev.c:5605
process_backlog+0x101/0x670 net/core/dev.c:5933
__napi_poll+0xb7/0x6f0 net/core/dev.c:6496
napi_poll net/core/dev.c:6563 [inline]
net_rx_action+0x8a9/0xcb0 net/core/dev.c:6696
__do_softirq+0x1d4/0x905 kernel/softirq.c:571
invoke_softirq kernel/softirq.c:445 [inline]
__irq_exit_rcu+0x114/0x190 kernel/softirq.c:650
irq_exit_rcu+0x9/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
get_current arch/x86/include/asm/current.h:41 [inline]
finish_task_switch.isra.0+0x2bf/0xc80 kernel/sched/core.c:5215
context_switch kernel/sched/core.c:5346 [inline]
__schedule+0xca2/0x5880 kernel/sched/core.c:6669
schedule+0xde/0x1a0 kernel/sched/core.c:6745
do_nanosleep+0x154/0x4f0 kernel/time/hrtimer.c:2044
hrtimer_nanosleep+0x19b/0x430 kernel/time/hrtimer.c:2097
common_nsleep+0xa6/0xd0 kernel/time/posix-timers.c:1240
__do_sys_clock_nanosleep kernel/time/posix-timers.c:1281 [inline]
__se_sys_clock_nanosleep kernel/time/posix-timers.c:1258 [inline]
__x64_sys_clock_nanosleep+0x32e/0x480 kernel/time/posix-timers.c:1258
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326
f_modown+0x2a/0x390 fs/fcntl.c:92
generic_add_lease fs/locks.c:1807 [inline]
generic_setlease+0x11ae/0x16f0 fs/locks.c:1887
vfs_setlease+0x101/0x130 fs/locks.c:1952
do_fcntl_add_lease fs/locks.c:1973 [inline]
fcntl_setlease+0x138/0x2c0 fs/locks.c:1995
do_fcntl+0xd52/0x1240 fs/fcntl.c:404
__do_sys_fcntl fs/fcntl.c:455 [inline]
__se_sys_fcntl fs/fcntl.c:440 [inline]
__x64_sys_fcntl+0x163/0x1d0 fs/fcntl.c:440
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
send_sigurg+0x22/0xbd0 fs/fcntl.c:818
sk_send_sigurg+0x7a/0x370 net/core/sock.c:3346
tcp_check_urg net/ipv4/tcp_input.c:5626 [inline]
tcp_urg+0x38e/0xb40 net/ipv4/tcp_input.c:5667
tcp_rcv_established+0x817/0x1f90 net/ipv4/tcp_input.c:6016
tcp_v4_do_rcv+0x65a/0x9c0 net/ipv4/tcp_ipv4.c:1722
sk_backlog_rcv include/net/sock.h:1113 [inline]
__release_sock+0x133/0x3b0 net/core/sock.c:2917
release_sock+0x58/0x1b0 net/core/sock.c:3484
sk_stream_wait_memory+0x72f/0xf30 net/core/stream.c:145
tcp_sendmsg_locked+0x944/0x2960 net/ipv4/tcp.c:1449
tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1487
inet_sendmsg+0x9d/0xe0 net/ipv4/af_inet.c:825
sock_sendmsg_nosec net/socket.c:724 [inline]
sock_sendmsg+0xde/0x190 net/socket.c:747
__sys_sendto+0x23a/0x340 net/socket.c:2144
__do_sys_sendto net/socket.c:2156 [inline]
__se_sys_sendto net/socket.c:2152 [inline]
__x64_sys_sendto+0xe1/0x1b0 net/socket.c:2152
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
}
... key at: [<ffffffff91e6cf40>] __key.5+0x0/0x40
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
send_sigio+0x28/0x3b0 fs/fcntl.c:779
kill_fasync_rcu fs/fcntl.c:1004 [inline]
kill_fasync fs/fcntl.c:1018 [inline]
kill_fasync+0x1fb/0x4f0 fs/fcntl.c:1011
fsnotify_insert_event+0x3b9/0x500 fs/notify/notification.c:128
fsnotify_add_event include/linux/fsnotify_backend.h:627 [inline]
inotify_handle_inode_event+0x39b/0x5f0 fs/notify/inotify/inotify_fsnotify.c:126
inotify_ignored_and_remove_idr+0x28/0x70 fs/notify/inotify/inotify_user.c:527
fsnotify_free_mark+0xe9/0x140 fs/notify/mark.c:490
fsnotify_destroy_mark fs/notify/mark.c:499 [inline]
fsnotify_destroy_marks+0x33e/0x4b0 fs/notify/mark.c:854
fsnotify_inoderemove include/linux/fsnotify.h:193 [inline]
dentry_unlink_inode+0x3aa/0x460 fs/dcache.c:397
d_delete fs/dcache.c:2565 [inline]
d_delete+0x16f/0x1c0 fs/dcache.c:2554
d_delete_notify include/linux/fsnotify.h:259 [inline]
vfs_rmdir.part.0+0x3a9/0x5a0 fs/namei.c:4211
vfs_rmdir fs/namei.c:4183 [inline]
do_rmdir+0x3ae/0x430 fs/namei.c:4257
__do_sys_rmdir fs/namei.c:4276 [inline]
__se_sys_rmdir fs/namei.c:4274 [inline]
__x64_sys_rmdir+0xca/0x110 fs/namei.c:4274
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{2:2} {
HARDIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
do_wait+0x283/0xc30 kernel/exit.c:1604
kernel_wait+0xa0/0x150 kernel/exit.c:1794
call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
call_usermodehelper_exec_work+0xf9/0x180 kernel/umh.c:164
process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405
worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552
kthread+0x344/0x440 kernel/kthread.c:379
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
SOFTIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
do_wait+0x283/0xc30 kernel/exit.c:1604
kernel_wait+0xa0/0x150 kernel/exit.c:1794
call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
call_usermodehelper_exec_work+0xf9/0x180 kernel/umh.c:164
process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405
worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552
kthread+0x344/0x440 kernel/kthread.c:379
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326
copy_process+0x4bfe/0x7600 kernel/fork.c:2635
kernel_clone+0xeb/0x890 kernel/fork.c:2918
user_mode_thread+0xb1/0xf0 kernel/fork.c:2996
rest_init+0x27/0x2b0 init/main.c:700
arch_call_rest_init+0x13/0x30 init/main.c:834
start_kernel+0x3b6/0x490 init/main.c:1088
x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:556
x86_64_start_kernel+0xb3/0xc0 arch/x86/kernel/head64.c:537
secondary_startup_64_no_verify+0xf4/0xfb
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
do_wait+0x283/0xc30 kernel/exit.c:1604
kernel_wait+0xa0/0x150 kernel/exit.c:1794
call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
call_usermodehelper_exec_work+0xf9/0x180 kernel/umh.c:164
process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405
worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552
kthread+0x344/0x440 kernel/kthread.c:379
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
}
... key at: [<ffffffff8c40a098>] tasklist_lock+0x18/0x40
... acquired at:
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
send_sigio+0xaf/0x3b0 fs/fcntl.c:793
dnotify_handle_event+0x14c/0x280 fs/notify/dnotify/dnotify.c:115
fsnotify_handle_inode_event.isra.0+0x22e/0x370 fs/notify/fsnotify.c:264
fsnotify_handle_event fs/notify/fsnotify.c:316 [inline]
send_to_group fs/notify/fsnotify.c:364 [inline]
fsnotify+0x11cf/0x16e0 fs/notify/fsnotify.c:570
fsnotify_name include/linux/fsnotify.h:36 [inline]
fsnotify_name include/linux/fsnotify.h:29 [inline]
fsnotify_dirent include/linux/fsnotify.h:42 [inline]
fsnotify_create include/linux/fsnotify.h:207 [inline]
open_last_lookups fs/namei.c:3562 [inline]
path_openat+0x11ea/0x2750 fs/namei.c:3788
do_filp_open+0x1ba/0x410 fs/namei.c:3818
do_sys_openat2+0x16d/0x4c0 fs/open.c:1356
do_sys_open fs/open.c:1372 [inline]
__do_sys_creat fs/open.c:1448 [inline]
__se_sys_creat fs/open.c:1442 [inline]
__x64_sys_creat+0xcd/0x120 fs/open.c:1442
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
stack backtrace:
CPU: 0 PID: 25098 Comm: syz-executor.0 Not tainted 6.4.0-rc4-syzkaller-00014-gac2263b588df #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
print_bad_irq_dependency kernel/locking/lockdep.c:2627 [inline]
check_irq_usage+0x114e/0x1a40 kernel/locking/lockdep.c:2866
check_prev_add kernel/locking/lockdep.c:3117 [inline]
check_prevs_add kernel/locking/lockdep.c:3232 [inline]
validate_chain kernel/locking/lockdep.c:3847 [inline]
__lock_acquire+0x2fe5/0x5f30 kernel/locking/lockdep.c:5088
lock_acquire kernel/locking/lockdep.c:5705 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
send_sigio+0xaf/0x3b0 fs/fcntl.c:793
dnotify_handle_event+0x14c/0x280 fs/notify/dnotify/dnotify.c:115
fsnotify_handle_inode_event.isra.0+0x22e/0x370 fs/notify/fsnotify.c:264
fsnotify_handle_event fs/notify/fsnotify.c:316 [inline]
send_to_group fs/notify/fsnotify.c:364 [inline]
fsnotify+0x11cf/0x16e0 fs/notify/fsnotify.c:570
fsnotify_name include/linux/fsnotify.h:36 [inline]
fsnotify_name include/linux/fsnotify.h:29 [inline]
fsnotify_dirent include/linux/fsnotify.h:42 [inline]
fsnotify_create include/linux/fsnotify.h:207 [inline]
open_last_lookups fs/namei.c:3562 [inline]
path_openat+0x11ea/0x2750 fs/namei.c:3788
do_filp_open+0x1ba/0x410 fs/namei.c:3818
do_sys_openat2+0x16d/0x4c0 fs/open.c:1356
do_sys_open fs/open.c:1372 [inline]
__do_sys_creat fs/open.c:1448 [inline]
__se_sys_creat fs/open.c:1442 [inline]
__x64_sys_creat+0xcd/0x120 fs/open.c:1442
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fe72e48c169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe72cffe168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007fe72e5abf80 RCX: 00007fe72e48c169
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
RBP: 00007fe72e4e7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fe72e6cfb1f R14: 00007fe72cffe300 R15: 0000000000022000
</TASK>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023/05/29 13:05 | upstream | ac2263b588df | cf184559 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/05/20 14:36 | upstream | d635f6cc934b | 4bce1a3e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/05/18 02:29 | upstream | 1b66c114d161 | 3bb7af1d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/05/15 01:22 | upstream | f1fcbaa18b28 | 2b9ba477 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/05/13 19:12 | upstream | d4d58949a6ea | 2b9ba477 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/05/10 16:23 | upstream | ad2fd53a7870 | 0fbd49f4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/05/05 03:49 | upstream | 3c4aa4434377 | 518a39a6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/05/02 00:05 | upstream | c8c655c34e33 | 62df2017 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/04/26 03:51 | upstream | 4173cf6fb6b7 | 7560799c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/04/19 19:50 | upstream | 789b4a41c247 | a219f34e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/04/16 17:07 | upstream | 3e7bb4f24617 | ec410564 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values |