syzbot |
sign-in | mailing list | source | docs | 🏰 |
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
syzkaller #0 Tainted: G L
-----------------------------------------------------
syz.2.19886/16173 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffff888075cf29a0 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x38/0x370 fs/fcntl.c:918
and this task is already holding:
ffff8880565f3408 (&new->fa_lock){....}-{3:3}, at: kill_fasync_rcu fs/fcntl.c:1135 [inline]
ffff8880565f3408 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
which would create a new lock dependency:
(&new->fa_lock){....}-{3:3} -> (&f_owner->lock){....}-{3:3}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&client->buffer_lock){..-.}-{3:3}
... which became SOFTIRQ-irq-safe at:
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:158
spin_lock include/linux/spinlock.h:342 [inline]
evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x330/0x6b0 drivers/input/input.c:342
input_event+0x84/0xc0 drivers/input/input.c:396
input_sync include/linux/input.h:464 [inline]
xpad360_process_packet+0x641/0xdc0 drivers/input/joystick/xpad.c:933
xpad_irq_in+0x14e/0x25c0 drivers/input/joystick/xpad.c:1226
__usb_hcd_giveback_urb+0x376/0x540 drivers/usb/core/hcd.c:1657
dummy_timer+0xbc0/0x4650 drivers/usb/gadget/udc/dummy_hcd.c:2005
__run_hrtimer kernel/time/hrtimer.c:1930 [inline]
__hrtimer_run_queues+0x3c0/0xa20 kernel/time/hrtimer.c:1994
hrtimer_run_softirq+0x17a/0x240 kernel/time/hrtimer.c:2011
handle_softirqs+0x22a/0x840 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0xca/0x220 kernel/softirq.c:735
irq_exit_rcu+0x9/0x30 kernel/softirq.c:752
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
_raw_spin_unlock_irqrestore+0x47/0x80 kernel/locking/spinlock.c:198
spin_unlock_irqrestore include/linux/spinlock.h:408 [inline]
dummy_queue+0x6e4/0x8d0 drivers/usb/gadget/udc/dummy_hcd.c:749
usb_ep_queue+0xf1/0x3c0 drivers/usb/gadget/udc/core.c:303
raw_process_ep_io+0x5e4/0xd90 drivers/usb/gadget/legacy/raw_gadget.c:1114
raw_ioctl_ep_write drivers/usb/gadget/legacy/raw_gadget.c:1153 [inline]
raw_ioctl+0x252c/0x41c0 drivers/usb/gadget/legacy/raw_gadget.c:1325
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
to a SOFTIRQ-irq-unsafe lock:
(tasklist_lock){.+.+}-{3:3}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:163 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:232
__do_wait+0xde/0x740 kernel/exit.c:1677
do_wait+0x1e7/0x510 kernel/exit.c:1721
kernel_wait+0xd6/0x1c0 kernel/exit.c:1897
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3302 [inline]
process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3385
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3466
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
other info that might help us debug this:
Chain exists of:
&client->buffer_lock --> &new->fa_lock --> tasklist_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(tasklist_lock);
local_irq_disable();
lock(&client->buffer_lock);
lock(&new->fa_lock);
<Interrupt>
lock(&client->buffer_lock);
*** DEADLOCK ***
4 locks held by syz.2.19886/16173:
#0: ffff88805a5a2c40 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1029 [inline]
#0: ffff88805a5a2c40 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release net/socket.c:721 [inline]
#0: ffff88805a5a2c40 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240 net/socket.c:1514
#1: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:836 [inline]
#1: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: sk_wake_async+0x7f/0x280 include/net/sock.h:2584
#2: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#2: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
#2: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 fs/fcntl.c:1158
#3: ffff8880565f3408 (&new->fa_lock){....}-{3:3}, at: kill_fasync_rcu fs/fcntl.c:1135 [inline]
#3: ffff8880565f3408 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&client->buffer_lock){..-.}-{3:3} {
IN-SOFTIRQ-W at:
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:158
spin_lock include/linux/spinlock.h:342 [inline]
evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x330/0x6b0 drivers/input/input.c:342
input_event+0x84/0xc0 drivers/input/input.c:396
input_sync include/linux/input.h:464 [inline]
xpad360_process_packet+0x641/0xdc0 drivers/input/joystick/xpad.c:933
xpad_irq_in+0x14e/0x25c0 drivers/input/joystick/xpad.c:1226
__usb_hcd_giveback_urb+0x376/0x540 drivers/usb/core/hcd.c:1657
dummy_timer+0xbc0/0x4650 drivers/usb/gadget/udc/dummy_hcd.c:2005
__run_hrtimer kernel/time/hrtimer.c:1930 [inline]
__hrtimer_run_queues+0x3c0/0xa20 kernel/time/hrtimer.c:1994
hrtimer_run_softirq+0x17a/0x240 kernel/time/hrtimer.c:2011
handle_softirqs+0x22a/0x840 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0xca/0x220 kernel/softirq.c:735
irq_exit_rcu+0x9/0x30 kernel/softirq.c:752
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
_raw_spin_unlock_irqrestore+0x47/0x80 kernel/locking/spinlock.c:198
spin_unlock_irqrestore include/linux/spinlock.h:408 [inline]
dummy_queue+0x6e4/0x8d0 drivers/usb/gadget/udc/dummy_hcd.c:749
usb_ep_queue+0xf1/0x3c0 drivers/usb/gadget/udc/core.c:303
raw_process_ep_io+0x5e4/0xd90 drivers/usb/gadget/legacy/raw_gadget.c:1114
raw_ioctl_ep_write drivers/usb/gadget/legacy/raw_gadget.c:1153 [inline]
raw_ioctl+0x252c/0x41c0 drivers/usb/gadget/legacy/raw_gadget.c:1325
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL USE at:
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:158
spin_lock include/linux/spinlock.h:342 [inline]
evdev_handle_get_val+0x70/0x9f0 drivers/input/evdev.c:898
evdev_do_ioctl drivers/input/evdev.c:-1 [inline]
evdev_ioctl_handler+0x127b/0x1fe0 drivers/input/evdev.c:1270
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9a7dd7e0>] evdev_open.__key.27+0x0/0x20
-> (&new->fa_lock){....}-{3:3} {
INITIAL USE at:
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_write_lock_irq include/linux/rwlock_api_smp.h:213 [inline]
_raw_write_lock_irq+0x3d/0x50 kernel/locking/spinlock.c:330
fasync_remove_entry+0xf1/0x1c0 fs/fcntl.c:1012
__fput+0x890/0xa60 fs/file_table.c:507
task_work_run+0x1d9/0x270 kernel/task_work.c:233
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
__exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
exit_to_user_mode_loop+0xed/0x480 kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
do_syscall_64+0x33e/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL READ USE at:
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:174 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:240
kill_fasync_rcu fs/fcntl.c:1135 [inline]
kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x330/0x6b0 drivers/input/input.c:342
input_inject_event+0x1dc/0x330 drivers/input/input.c:424
evdev_write+0x325/0x4c0 drivers/input/evdev.c:528
vfs_write+0x29a/0xb90 fs/read_write.c:686
ksys_write+0x150/0x270 fs/read_write.c:740
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9a4bc8a0>] fasync_insert_entry.__key+0x0/0x20
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:174 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:240
kill_fasync_rcu fs/fcntl.c:1135 [inline]
kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x330/0x6b0 drivers/input/input.c:342
input_inject_event+0x1dc/0x330 drivers/input/input.c:424
evdev_write+0x325/0x4c0 drivers/input/evdev.c:528
vfs_write+0x29a/0xb90 fs/read_write.c:686
ksys_write+0x150/0x270 fs/read_write.c:740
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{3:3} {
HARDIRQ-ON-R at:
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:163 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:232
__do_wait+0xde/0x740 kernel/exit.c:1677
do_wait+0x1e7/0x510 kernel/exit.c:1721
kernel_wait+0xd6/0x1c0 kernel/exit.c:1897
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3302 [inline]
process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3385
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3466
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
SOFTIRQ-ON-R at:
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:163 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:232
__do_wait+0xde/0x740 kernel/exit.c:1677
do_wait+0x1e7/0x510 kernel/exit.c:1721
kernel_wait+0xd6/0x1c0 kernel/exit.c:1897
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3302 [inline]
process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3385
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3466
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INITIAL USE at:
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_write_lock_irq include/linux/rwlock_api_smp.h:213 [inline]
_raw_write_lock_irq+0x3d/0x50 kernel/locking/spinlock.c:330
copy_process+0x2b4c/0x4440 kernel/fork.c:2411
kernel_clone+0x284/0x8f0 kernel/fork.c:2721
user_mode_thread+0x110/0x180 kernel/fork.c:2797
rest_init+0x23/0x300 init/main.c:727
start_kernel+0x38a/0x3e0 init/main.c:1220
x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291
common_startup_64+0x13e/0x147
INITIAL READ USE at:
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:163 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:232
__do_wait+0xde/0x740 kernel/exit.c:1677
do_wait+0x1e7/0x510 kernel/exit.c:1721
kernel_wait+0xd6/0x1c0 kernel/exit.c:1897
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3302 [inline]
process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3385
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3466
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
}
... key at: [<ffffffff8e60a058>] tasklist_lock+0x18/0x40
... acquired at:
__raw_read_lock include/linux/rwlock_api_smp.h:163 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:232
send_sigurg+0x12b/0x420 fs/fcntl.c:978
sk_send_sigurg+0x6c/0x2e0 net/core/sock.c:3672
queue_oob+0x42c/0x4f0 net/unix/af_unix.c:2368
unix_stream_sendmsg+0xcb1/0xe80 net/unix/af_unix.c:2502
sock_sendmsg_nosec net/socket.c:787 [inline]
__sock_sendmsg net/socket.c:802 [inline]
____sys_sendmsg+0x972/0x9f0 net/socket.c:2698
___sys_sendmsg+0x2a5/0x360 net/socket.c:2752
__sys_sendmsg net/socket.c:2784 [inline]
__do_sys_sendmsg net/socket.c:2789 [inline]
__se_sys_sendmsg net/socket.c:2787 [inline]
__x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2787
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> (&f_owner->lock){....}-{3:3} {
INITIAL USE at:
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_write_lock_irq include/linux/rwlock_api_smp.h:213 [inline]
_raw_write_lock_irq+0x3d/0x50 kernel/locking/spinlock.c:330
__f_setown+0x67/0x370 fs/fcntl.c:136
f_setown+0x23a/0x300 fs/fcntl.c:183
sock_ioctl+0x615/0x7f0 net/socket.c:1375
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL READ USE at:
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:174 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:240
send_sigio+0x38/0x370 fs/fcntl.c:918
dnotify_handle_event+0x169/0x440 fs/notify/dnotify/dnotify.c:113
fsnotify_handle_event fs/notify/fsnotify.c:327 [inline]
send_to_group fs/notify/fsnotify.c:375 [inline]
fsnotify+0x1831/0x1ae0 fs/notify/fsnotify.c:592
fsnotify_name include/linux/fsnotify.h:55 [inline]
fsnotify_dirent include/linux/fsnotify.h:61 [inline]
fsnotify_create+0x121/0x180 include/linux/fsnotify.h:323
vfs_create+0x300/0x460 fs/namei.c:4206
filename_mknodat+0x3e8/0x660 fs/namei.c:5170
__do_sys_mknod fs/namei.c:5207 [inline]
__se_sys_mknod+0x3a/0x150 fs/namei.c:5204
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9a4bc880>] file_f_owner_allocate.__key+0x0/0x20
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:174 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:240
send_sigio+0x38/0x370 fs/fcntl.c:918
kill_fasync_rcu fs/fcntl.c:1144 [inline]
kill_fasync+0x24d/0x4d0 fs/fcntl.c:1159
sock_wake_async+0x137/0x160 net/socket.c:-1
sk_wake_async+0x184/0x280 include/net/sock.h:2585
unix_release_sock+0x74f/0xc80 net/unix/af_unix.c:712
unix_release+0x92/0xd0 net/unix/af_unix.c:1184
__sock_release net/socket.c:722 [inline]
sock_close+0xc3/0x240 net/socket.c:1514
__fput+0x44f/0xa60 fs/file_table.c:510
task_work_run+0x1d9/0x270 kernel/task_work.c:233
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
__exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
exit_to_user_mode_loop+0xed/0x480 kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
do_syscall_64+0x33e/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
stack backtrace:
CPU: 1 UID: 0 PID: 16173 Comm: syz.2.19886 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
print_bad_irq_dependency kernel/locking/lockdep.c:2616 [inline]
check_irq_usage kernel/locking/lockdep.c:2857 [inline]
check_prev_add kernel/locking/lockdep.c:3169 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x2a94/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:174 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:240
send_sigio+0x38/0x370 fs/fcntl.c:918
kill_fasync_rcu fs/fcntl.c:1144 [inline]
kill_fasync+0x24d/0x4d0 fs/fcntl.c:1159
sock_wake_async+0x137/0x160 net/socket.c:-1
sk_wake_async+0x184/0x280 include/net/sock.h:2585
unix_release_sock+0x74f/0xc80 net/unix/af_unix.c:712
unix_release+0x92/0xd0 net/unix/af_unix.c:1184
__sock_release net/socket.c:722 [inline]
sock_close+0xc3/0x240 net/socket.c:1514
__fput+0x44f/0xa60 fs/file_table.c:510
task_work_run+0x1d9/0x270 kernel/task_work.c:233
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
__exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
exit_to_user_mode_loop+0xed/0x480 kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
do_syscall_64+0x33e/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f81b039cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f81b117f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000021
RAX: 0000000000000004 RBX: 00007f81b0615fa0 RCX: 00007f81b039cdd9
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
RBP: 00007f81b0432d69 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f81b0616038 R14: 00007f81b0615fa0 R15: 00007f81b073fa48
</TASK>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/05/03 18:27 | upstream | f377d0025eb0 | a0d91488 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/05/03 12:13 | upstream | 66edb901bf87 | a0d91488 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/05/03 10:31 | upstream | 66edb901bf87 | a0d91488 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/05/03 09:14 | upstream | 66edb901bf87 | a0d91488 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/05/02 11:00 | upstream | f1a5e78a55eb | a0d91488 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/05/02 06:00 | upstream | ef5f46b63023 | 753c55b9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/05/01 22:01 | upstream | ef5f46b63023 | 753c55b9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/05/01 08:29 | upstream | 26fd6bff2c05 | 753c55b9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/30 13:41 | upstream | e75a43c7cec4 | a7464baf | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/30 00:27 | upstream | 57b8e2d666a3 | 005438fc | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/29 11:30 | upstream | dca922e019dd | 804ea88f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/29 11:21 | upstream | dca922e019dd | 804ea88f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/28 10:07 | upstream | 3b3bea6d4b9c | b4209743 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/27 21:25 | upstream | 254f49634ee1 | ce741359 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/27 07:25 | upstream | 20b64cf8705a | 9c2d0995 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/27 00:56 | upstream | 20b64cf8705a | 9c2d0995 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/26 17:12 | upstream | 897d54018cc9 | 9c2d0995 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/26 15:56 | upstream | 897d54018cc9 | 9c2d0995 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/26 10:54 | upstream | 897d54018cc9 | 9c2d0995 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2026/04/24 13:24 | upstream | dd6c438c3e64 | 1c2b9291 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/23 04:18 | upstream | 2a4c0c11c019 | b10da5ec | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/21 16:31 | upstream | b4e07588e743 | 0b6ab7ec | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/21 02:45 | upstream | a5d1079c28a5 | e65da4ee | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/20 20:33 | upstream | a5d1079c28a5 | e65da4ee | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/20 12:19 | upstream | c1f49dea2b8f | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/17 03:51 | upstream | 3cd8b194bf34 | de0a551d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/16 16:04 | upstream | 1d51b370a0f8 | 321ae225 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/15 14:20 | upstream | 1f5ffc672165 | c441f497 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2026/04/15 01:18 | upstream | 508fed679541 | e2e976a8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/14 01:44 | upstream | 0f0013213293 | 1a086e7c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/13 22:46 | upstream | 0f0013213293 | 1a086e7c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/13 21:33 | upstream | 0f0013213293 | 9530ccf9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/13 10:27 | upstream | 028ef9c96e96 | 9530ccf9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/13 00:14 | upstream | f5459048c38a | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/12 05:22 | upstream | e753c16cb3dd | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/11 21:51 | upstream | e774d5f1bc27 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/06 01:31 | upstream | 1791c390149f | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in evdev_pass_values | ||
| 2026/02/25 12:52 | upstream | 7dff99b35460 | df2e85d4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/04 21:27 | upstream | 54e82e93ca93 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in evdev_pass_values | ||
| 2025/08/23 14:33 | upstream | 038d61fd6422 | bf27483f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in evdev_pass_values | ||
| 2026/04/25 08:42 | upstream | 27d128c1cff6 | 9c2d0995 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/04/22 10:39 | upstream | 6596a02b2078 | 4595e353 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/04/22 04:09 | upstream | 4ee64205ffaa | 0b6ab7ec | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/04/19 11:57 | upstream | faeab166167f | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/04/18 22:17 | upstream | eb5249b12507 | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/04/18 01:12 | upstream | 43cfbdda5af6 | 24ecfc1e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/04/17 18:58 | upstream | 43cfbdda5af6 | 24ecfc1e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/04/15 10:56 | upstream | 508fed679541 | e2e976a8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/02/03 22:16 | upstream | de0674d9bc69 | 42b01fab | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in evdev_pass_values | ||
| 2026/03/22 15:44 | upstream | 113ae7b4decc | 5b92003d | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | possible deadlock in evdev_pass_values | ||
| 2023/04/19 19:50 | upstream | 789b4a41c247 | a219f34e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/04/16 17:07 | upstream | 3e7bb4f24617 | ec410564 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/03/23 11:19 | linux-next | 785f0eb2f85d | 5b92003d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/13 02:58 | linux-next | f417b7ffcbef | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in evdev_pass_values |