syzbot |
sign-in | mailing list | source | docs |
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
syzkaller #0 Tainted: G L
-----------------------------------------------------
syz.7.5942/30219 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffff88806c3148a0 (&new->fa_lock){....}-{3:3}, at: kill_fasync_rcu fs/fcntl.c:1135 [inline]
ffff88806c3148a0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
and this task is already holding:
ffff888048c0e028 (&client->buffer_lock){..-.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff888048c0e028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261
which would create a new lock dependency:
(&client->buffer_lock){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&client->buffer_lock){..-.}-{3:3}
... which became SOFTIRQ-irq-safe at:
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x3e5/0x6b0 drivers/input/input.c:353
input_event+0x89/0xe0 drivers/input/input.c:396
hidinput_hid_event+0x145e/0x1e50 drivers/hid/hid-input.c:1747
hid_process_event+0x4be/0x620 drivers/hid/hid-core.c:1565
hid_process_report drivers/hid/hid-core.c:1713 [inline]
hid_report_raw_event+0xe91/0x1720 drivers/hid/hid-core.c:2074
__hid_input_report drivers/hid/hid-core.c:2144 [inline]
hid_input_report+0x44b/0x580 drivers/hid/hid-core.c:2166
hid_irq_in+0x47e/0x6d0 drivers/hid/usbhid/hid-core.c:286
__usb_hcd_giveback_urb+0x376/0x540 drivers/usb/core/hcd.c:1661
dummy_timer+0x85f/0x45b0 drivers/usb/gadget/udc/dummy_hcd.c:1995
__run_hrtimer kernel/time/hrtimer.c:1777 [inline]
__hrtimer_run_queues+0x51c/0xc30 kernel/time/hrtimer.c:1841
hrtimer_run_softirq+0x187/0x2b0 kernel/time/hrtimer.c:1858
handle_softirqs+0x22b/0x7c0 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x60/0x150 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:81
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x73/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:191 [inline]
do_idle+0x1be/0x4d0 kernel/sched/idle.c:332
cpu_startup_entry+0x44/0x60 kernel/sched/idle.c:430
rest_init+0x2de/0x300 init/main.c:757
start_kernel+0x381/0x3d0 init/main.c:1206
x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291
common_startup_64+0x13e/0x147
to a SOFTIRQ-irq-unsafe lock:
(tasklist_lock){.+.+}-{3:3}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0xde/0x740 kernel/exit.c:1672
do_wait+0x1e8/0x4f0 kernel/exit.c:1716
kernel_wait+0xab/0x170 kernel/exit.c:1892
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
other info that might help us debug this:
Chain exists of:
&client->buffer_lock --> &new->fa_lock --> tasklist_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(tasklist_lock);
local_irq_disable();
lock(&client->buffer_lock);
lock(&new->fa_lock);
<Interrupt>
lock(&client->buffer_lock);
*** DEADLOCK ***
7 locks held by syz.7.5942/30219:
#0: ffff88814574c118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 drivers/input/evdev.c:511
#1: ffff88801cbc3230 (&dev->event_lock#2){..-.}-{3:3}, at: class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline]
#1: ffff88801cbc3230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340 drivers/input/input.c:419
#2: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#2: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#2: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1195 [inline]
#2: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340 drivers/input/input.c:420
#3: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#3: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#3: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1195 [inline]
#3: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 drivers/input/input.c:119
#4: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#4: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#4: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 drivers/input/evdev.c:298
#5: ffff888048c0e028 (&client->buffer_lock){..-.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
#5: ffff888048c0e028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261
#6: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#6: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#6: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 fs/fcntl.c:1158
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&client->buffer_lock){..-.}-{3:3} {
IN-SOFTIRQ-W at:
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x3e5/0x6b0 drivers/input/input.c:353
input_event+0x89/0xe0 drivers/input/input.c:396
hidinput_hid_event+0x145e/0x1e50 drivers/hid/hid-input.c:1747
hid_process_event+0x4be/0x620 drivers/hid/hid-core.c:1565
hid_process_report drivers/hid/hid-core.c:1713 [inline]
hid_report_raw_event+0xe91/0x1720 drivers/hid/hid-core.c:2074
__hid_input_report drivers/hid/hid-core.c:2144 [inline]
hid_input_report+0x44b/0x580 drivers/hid/hid-core.c:2166
hid_irq_in+0x47e/0x6d0 drivers/hid/usbhid/hid-core.c:286
__usb_hcd_giveback_urb+0x376/0x540 drivers/usb/core/hcd.c:1661
dummy_timer+0x85f/0x45b0 drivers/usb/gadget/udc/dummy_hcd.c:1995
__run_hrtimer kernel/time/hrtimer.c:1777 [inline]
__hrtimer_run_queues+0x51c/0xc30 kernel/time/hrtimer.c:1841
hrtimer_run_softirq+0x187/0x2b0 kernel/time/hrtimer.c:1858
handle_softirqs+0x22b/0x7c0 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x60/0x150 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:81
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x73/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:191 [inline]
do_idle+0x1be/0x4d0 kernel/sched/idle.c:332
cpu_startup_entry+0x44/0x60 kernel/sched/idle.c:430
rest_init+0x2de/0x300 init/main.c:757
start_kernel+0x381/0x3d0 init/main.c:1206
x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291
common_startup_64+0x13e/0x147
INITIAL USE at:
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261
evdev_events+0x1aa/0x340 drivers/input/evdev.c:303
input_pass_values+0x1c2/0x890 drivers/input/input.c:122
input_event_dispose+0x330/0x6b0 drivers/input/input.c:342
input_inject_event+0x1dd/0x340 drivers/input/input.c:424
evdev_write+0x2fc/0x480 drivers/input/evdev.c:528
vfs_write+0x27e/0xb30 fs/read_write.c:684
ksys_write+0x145/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff99c46860>] evdev_open.__key.26+0x0/0x20
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{3:3} {
HARDIRQ-ON-R at:
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0xde/0x740 kernel/exit.c:1672
do_wait+0x1e8/0x4f0 kernel/exit.c:1716
kernel_wait+0xab/0x170 kernel/exit.c:1892
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
SOFTIRQ-ON-R at:
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0xde/0x740 kernel/exit.c:1672
do_wait+0x1e8/0x4f0 kernel/exit.c:1716
kernel_wait+0xab/0x170 kernel/exit.c:1892
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
INITIAL USE at:
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x3d/0x50 kernel/locking/spinlock.c:326
copy_process+0x2185/0x3950 kernel/fork.c:2367
kernel_clone+0x21e/0x820 kernel/fork.c:2651
user_mode_thread+0xdd/0x140 kernel/fork.c:2727
rest_init+0x23/0x300 init/main.c:722
start_kernel+0x381/0x3d0 init/main.c:1206
x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291
common_startup_64+0x13e/0x147
INITIAL READ USE at:
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0xde/0x740 kernel/exit.c:1672
do_wait+0x1e8/0x4f0 kernel/exit.c:1716
kernel_wait+0xab/0x170 kernel/exit.c:1892
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
}
... key at: [<ffffffff8dc0c058>] tasklist_lock+0x18/0x40
... acquired at:
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
send_sigurg+0x12b/0x420 fs/fcntl.c:978
sk_send_sigurg+0x6c/0x2e0 net/core/sock.c:3669
queue_oob+0x420/0x4f0 net/unix/af_unix.c:2357
unix_stream_sendmsg+0xc32/0xde0 net/unix/af_unix.c:2491
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg+0x21c/0x270 net/socket.c:742
____sys_sendmsg+0x52d/0x820 net/socket.c:2592
___sys_sendmsg+0x21f/0x2a0 net/socket.c:2646
__sys_sendmmsg+0x227/0x430 net/socket.c:2735
__do_sys_sendmmsg net/socket.c:2762 [inline]
__se_sys_sendmmsg net/socket.c:2759 [inline]
__x64_sys_sendmmsg+0xa0/0xc0 net/socket.c:2759
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> (&f_owner->lock){....}-{3:3} {
INITIAL USE at:
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x3d/0x50 kernel/locking/spinlock.c:326
__f_setown+0x67/0x370 fs/fcntl.c:136
generic_add_lease fs/locks.c:1895 [inline]
generic_setlease+0xe1e/0x1280 fs/locks.c:1971
do_fcntl_add_lease+0x34d/0x460 fs/locks.c:2074
fcntl_setdeleg+0x14c/0x1e0 fs/locks.c:2120
do_fcntl+0xd9f/0x1a50 fs/fcntl.c:564
__do_sys_fcntl fs/fcntl.c:602 [inline]
__se_sys_fcntl+0xc8/0x150 fs/fcntl.c:587
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL READ USE at:
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
send_sigio+0x38/0x370 fs/fcntl.c:918
kill_fasync_rcu fs/fcntl.c:1144 [inline]
kill_fasync+0x24d/0x4d0 fs/fcntl.c:1159
lease_break_callback+0x26/0x30 fs/locks.c:558
__break_lease+0x730/0x1620 fs/locks.c:1598
break_deleg include/linux/filelock.h:496 [inline]
try_break_deleg include/linux/filelock.h:515 [inline]
lookup_open fs/namei.c:4429 [inline]
open_last_lookups fs/namei.c:4540 [inline]
path_openat+0x17a8/0x3dd0 fs/namei.c:4784
do_filp_open+0x1fa/0x410 fs/namei.c:4814
do_sys_openat2+0x121/0x200 fs/open.c:1430
do_sys_open fs/open.c:1436 [inline]
__do_sys_openat fs/open.c:1452 [inline]
__se_sys_openat fs/open.c:1447 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1447
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff99928c60>] file_f_owner_allocate.__key+0x0/0x20
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
send_sigio+0x38/0x370 fs/fcntl.c:918
kill_fasync_rcu fs/fcntl.c:1144 [inline]
kill_fasync+0x24d/0x4d0 fs/fcntl.c:1159
lease_break_callback+0x26/0x30 fs/locks.c:558
__break_lease+0x730/0x1620 fs/locks.c:1598
break_deleg include/linux/filelock.h:496 [inline]
try_break_deleg include/linux/filelock.h:515 [inline]
lookup_open fs/namei.c:4429 [inline]
open_last_lookups fs/namei.c:4540 [inline]
path_openat+0x17a8/0x3dd0 fs/namei.c:4784
do_filp_open+0x1fa/0x410 fs/namei.c:4814
do_sys_openat2+0x121/0x200 fs/open.c:1430
do_sys_open fs/open.c:1436 [inline]
__do_sys_openat fs/open.c:1452 [inline]
__se_sys_openat fs/open.c:1447 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1447
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> (&new->fa_lock){....}-{3:3} {
INITIAL USE at:
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x3d/0x50 kernel/locking/spinlock.c:326
fasync_remove_entry+0xf1/0x1c0 fs/fcntl.c:1012
lease_modify+0x1ca/0x3c0 fs/locks.c:1455
locks_remove_lease fs/locks.c:2734 [inline]
locks_remove_file+0x4bf/0xea0 fs/locks.c:2759
__fput+0x3ab/0xa70 fs/file_table.c:460
task_work_run+0x1d4/0x260 kernel/task_work.c:233
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
__exit_to_user_mode_loop kernel/entry/common.c:44 [inline]
exit_to_user_mode_loop+0xef/0x4e0 kernel/entry/common.c:75
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
do_syscall_64+0x2c1/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL READ USE at:
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1135 [inline]
kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
lease_break_callback+0x26/0x30 fs/locks.c:558
__break_lease+0x730/0x1620 fs/locks.c:1598
break_deleg include/linux/filelock.h:496 [inline]
try_break_deleg include/linux/filelock.h:515 [inline]
lookup_open fs/namei.c:4429 [inline]
open_last_lookups fs/namei.c:4540 [inline]
path_openat+0x17a8/0x3dd0 fs/namei.c:4784
do_filp_open+0x1fa/0x410 fs/namei.c:4814
do_sys_openat2+0x121/0x200 fs/open.c:1430
do_sys_open fs/open.c:1436 [inline]
__do_sys_openat fs/open.c:1452 [inline]
__se_sys_openat fs/open.c:1447 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1447
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff99928c80>] fasync_insert_entry.__key+0x0/0x20
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1135 [inline]
kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x330/0x6b0 drivers/input/input.c:342
input_inject_event+0x1dd/0x340 drivers/input/input.c:424
evdev_write+0x2fc/0x480 drivers/input/evdev.c:528
vfs_write+0x27e/0xb30 fs/read_write.c:684
ksys_write+0x145/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
stack backtrace:
CPU: 1 UID: 0 PID: 30219 Comm: syz.7.5942 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
print_bad_irq_dependency kernel/locking/lockdep.c:2616 [inline]
check_irq_usage kernel/locking/lockdep.c:2857 [inline]
check_prev_add kernel/locking/lockdep.c:3169 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x2a95/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0x107/0x340 kernel/locking/lockdep.c:5868
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1135 [inline]
kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x330/0x6b0 drivers/input/input.c:342
input_inject_event+0x1dd/0x340 drivers/input/input.c:424
evdev_write+0x2fc/0x480 drivers/input/evdev.c:528
vfs_write+0x27e/0xb30 fs/read_write.c:684
ksys_write+0x145/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0d8278f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0d8361d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f0d829e5fa0 RCX: 00007f0d8278f749
RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000007
RBP: 00007f0d82813f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0d829e6038 R14: 00007f0d829e5fa0 R15: 00007f0d82b0fa28
</TASK>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/01/05 22:29 | upstream | 3609fa95fb0f | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/05 19:37 | upstream | 3609fa95fb0f | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/05 18:24 | upstream | 3609fa95fb0f | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/05 15:11 | upstream | 3609fa95fb0f | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/05 10:35 | upstream | 3609fa95fb0f | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/04 21:27 | upstream | 54e82e93ca93 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in evdev_pass_values | ||
| 2026/01/04 18:16 | upstream | 54e82e93ca93 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/04 14:44 | upstream | aacb0a6d604a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/04 11:58 | upstream | aacb0a6d604a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/04 09:39 | upstream | aacb0a6d604a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/04 05:22 | upstream | aacb0a6d604a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/12/12 12:43 | upstream | 187d0801404f | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in evdev_pass_values | ||
| 2025/12/12 08:03 | upstream | d358e5254674 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/12/12 05:20 | upstream | d358e5254674 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/12/12 00:34 | upstream | d358e5254674 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/12/11 14:17 | upstream | d358e5254674 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in evdev_pass_values | ||
| 2025/12/11 07:41 | upstream | d358e5254674 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in evdev_pass_values | ||
| 2025/12/10 06:29 | upstream | c9b47175e913 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in evdev_pass_values | ||
| 2025/12/07 16:12 | upstream | 37bb2e7217b0 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in evdev_pass_values | ||
| 2025/12/06 16:35 | upstream | 416f99c3b16f | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in evdev_pass_values | ||
| 2025/12/06 05:51 | upstream | 51d90a15fedf | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/12/05 23:53 | upstream | d1d36025a617 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in evdev_pass_values | ||
| 2025/12/03 03:58 | upstream | 619f4edc8d4f | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2025/12/02 17:09 | upstream | 4a26e7032d7d | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/08/23 14:33 | upstream | 038d61fd6422 | bf27483f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in evdev_pass_values | ||
| 2026/01/16 12:05 | upstream | 983d014aafb1 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/15 00:29 | upstream | 944aacb68baf | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/14 11:06 | upstream | c537e12daeec | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/13 21:15 | upstream | b54345928fa1 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/12 22:23 | upstream | b71e635feefc | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/12 06:45 | upstream | 0f61b1860cc3 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/10 13:47 | upstream | b6151c4e60e5 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/10 00:01 | upstream | 372800cb95a3 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/07 23:37 | upstream | f0b9d8eb98df | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/07 17:34 | upstream | f0b9d8eb98df | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/06 19:50 | upstream | f0b9d8eb98df | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/06 01:00 | upstream | 7f98ab9da046 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2025/12/17 07:07 | upstream | ea1013c15392 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2025/12/16 10:26 | upstream | 40fbbd64bba6 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2025/12/15 09:48 | upstream | 8f0b4cce4481 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2025/12/14 09:59 | upstream | 8f0b4cce4481 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2025/12/13 06:43 | upstream | 9551a26f17d9 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2025/12/12 09:43 | upstream | d358e5254674 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2025/12/04 21:34 | upstream | fa5ef105618a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2025/12/04 07:42 | upstream | 559e608c4655 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2025/12/03 18:03 | upstream | 3f9f0252130e | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2025/11/13 19:04 | upstream | 2ccec5944606 | 07e030de | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in evdev_pass_values | ||
| 2025/10/22 22:28 | upstream | dd72c8fcf6d3 | c0460fcd | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | possible deadlock in evdev_pass_values | ||
| 2023/04/19 19:50 | upstream | 789b4a41c247 | a219f34e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/04/16 17:07 | upstream | 3e7bb4f24617 | ec410564 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/13 02:58 | linux-next | f417b7ffcbef | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2026/01/09 18:20 | linux-next | f417b7ffcbef | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2025/12/14 05:45 | linux-next | d9771d0dbe18 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2025/12/11 03:39 | linux-next | 5ce74bc1b7cb | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2025/12/10 04:54 | linux-next | 008d3547aae5 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2025/12/09 03:47 | linux-next | c75caf76ed86 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2025/12/03 07:02 | linux-next | b2c27842ba85 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2025/10/23 23:03 | linux-next | aaa9c3550b60 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | possible deadlock in evdev_pass_values |