syzbot


possible deadlock in evdev_pass_values (2)

Status: upstream: reported on 2023/04/21 09:42
Subsystems: input
[Documentation on labels]
Reported-by: syzbot+13d3cb2a3dc61e6092f5@syzkaller.appspotmail.com
First crash: 575d, last: 5h33m
Discussions (17)
Title Replies (including bot) Last reply
[syzbot] Monthly input report (Nov 2024) 0 (1) 2024/11/04 08:58
[syzbot] Monthly input report (Oct 2024) 0 (1) 2024/10/03 09:03
[syzbot] Monthly input report (Sep 2024) 0 (1) 2024/09/02 08:17
[syzbot] Monthly input report (Aug 2024) 0 (1) 2024/08/02 07:26
[syzbot] Monthly input report (Jul 2024) 0 (1) 2024/07/01 10:27
[syzbot] Monthly input report (May 2024) 0 (1) 2024/05/31 06:48
[syzbot] Monthly input report (Apr 2024) 0 (1) 2024/04/29 12:34
[syzbot] Monthly input report (Mar 2024) 0 (1) 2024/03/19 12:48
[syzbot] Monthly input report (Feb 2024) 0 (1) 2024/02/17 20:23
[syzbot] Monthly input report (Jan 2024) 0 (1) 2024/01/17 09:21
[syzbot] Monthly input report (Dec 2023) 0 (1) 2023/12/16 23:58
[syzbot] Monthly input report (Nov 2023) 0 (1) 2023/11/16 04:11
[syzbot] Monthly input report (Oct 2023) 0 (1) 2023/10/16 08:53
[syzbot] Monthly fs report (Aug 2023) 0 (1) 2023/08/08 12:55
[syzbot] Monthly fs report (Jul 2023) 0 (1) 2023/07/10 09:36
[syzbot] Monthly fs report (May 2023) 0 (1) 2023/05/06 14:02
[syzbot] [fs?] possible deadlock in evdev_pass_values (2) 0 (1) 2023/04/21 09:42
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in evdev_pass_values fuse kernfs 351 579d 1402d 0/28 closed as dup on 2021/07/02 09:55
linux-5.15 possible deadlock in evdev_pass_values (3) 11 75d 109d 0/3 auto-obsoleted due to no activity on 2024/11/05 23:17
linux-6.1 possible deadlock in evdev_pass_values (3) 17 161d 227d 0/3 auto-obsoleted due to no activity on 2024/08/12 15:10
linux-6.1 possible deadlock in evdev_pass_values 1 498d 498d 0/3 auto-obsoleted due to no activity on 2023/10/09 19:52
linux-5.15 possible deadlock in evdev_pass_values 6 376d 479d 0/3 auto-obsoleted due to no activity on 2024/02/09 07:09
linux-5.15 possible deadlock in evdev_pass_values (2) 22 194d 272d 0/3 auto-obsoleted due to no activity on 2024/07/10 03:27
linux-6.1 possible deadlock in evdev_pass_values (2) 1 359d 359d 0/3 auto-obsoleted due to no activity on 2024/02/25 22:49

Sample crash report:
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
6.12.0-rc7-syzkaller #0 Not tainted
-----------------------------------------------------
syz.9.4009/29931 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff8e60a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigurg+0x144/0x430 fs/fcntl.c:970

and this task is already holding:
ffff888028b14e20 (&f_owner->lock){....}-{2:2}, at: send_sigurg+0x58/0x430 fs/fcntl.c:954
which would create a new lock dependency:
 (&f_owner->lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2}

but this new dependency connects a SOFTIRQ-irq-safe lock:
 (&client->buffer_lock){..-.}-{2:2}

... which became SOFTIRQ-irq-safe at:
  lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
  __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
  _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
  spin_lock include/linux/spinlock.h:351 [inline]
  evdev_pass_values+0xf2/0xad0 drivers/input/evdev.c:261
  evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
  input_pass_values+0x268/0x890 drivers/input/input.c:126
  input_event_dispose+0x30f/0x600 drivers/input/input.c:341
  input_handle_event+0xa71/0xbe0 drivers/input/input.c:369
  input_event+0xa4/0xd0 drivers/input/input.c:398
  input_sync include/linux/input.h:459 [inline]
  xpad360_process_packet+0x627/0xb20 drivers/input/joystick/xpad.c:904
  xpad_irq_in+0x170/0x2510 drivers/input/joystick/xpad.c:1182
  __usb_hcd_giveback_urb+0x42c/0x6e0 drivers/usb/core/hcd.c:1650
  dummy_timer+0x856/0x4620 drivers/usb/gadget/udc/dummy_hcd.c:1993
  __run_hrtimer kernel/time/hrtimer.c:1691 [inline]
  __hrtimer_run_queues+0x59b/0xd50 kernel/time/hrtimer.c:1755
  hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1772
  handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
  __do_softirq kernel/softirq.c:588 [inline]
  invoke_softirq kernel/softirq.c:428 [inline]
  __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
  irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
  instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
  sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
  asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
  kasan_check_range+0x1bf/0x290 mm/kasan/generic.c:189
  instrument_atomic_read include/linux/instrumented.h:68 [inline]
  _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
  tomoyo_check_acl+0x2d2/0x3f0 security/tomoyo/domain.c:184
  tomoyo_path_permission+0x1af/0x360 security/tomoyo/file.c:586
  tomoyo_path_perm+0x480/0x740 security/tomoyo/file.c:838
  security_inode_getattr+0x130/0x330 security/security.c:2373
  vfs_getattr+0x45/0x430 fs/stat.c:204
  vfs_statx_path fs/stat.c:251 [inline]
  vfs_statx+0x199/0x490 fs/stat.c:315
  vfs_fstatat+0x145/0x190 fs/stat.c:341
  __do_sys_newfstatat fs/stat.c:505 [inline]
  __se_sys_newfstatat fs/stat.c:499 [inline]
  __x64_sys_newfstatat+0x11d/0x1a0 fs/stat.c:499
  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
  entry_SYSCALL_64_after_hwframe+0x77/0x7f

to a SOFTIRQ-irq-unsafe lock:
 (tasklist_lock){.+.+}-{2:2}

... which became SOFTIRQ-irq-unsafe at:
...
  lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
  __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
  _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
  __do_wait+0x12d/0x850 kernel/exit.c:1648
  do_wait+0x1e9/0x560 kernel/exit.c:1692
  kernel_wait+0xe9/0x240 kernel/exit.c:1868
  call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
  call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:164
  process_one_work kernel/workqueue.c:3229 [inline]
  process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
  worker_thread+0x870/0xd30 kernel/workqueue.c:3391
  kthread+0x2f0/0x390 kernel/kthread.c:389
  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

other info that might help us debug this:

Chain exists of:
  &client->buffer_lock --> &f_owner->lock --> tasklist_lock

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(tasklist_lock);
                               local_irq_disable();
                               lock(&client->buffer_lock);
                               lock(&f_owner->lock);
  <Interrupt>
    lock(&client->buffer_lock);

 *** DEADLOCK ***

2 locks held by syz.9.4009/29931:
 #0: ffff888011914078 (&u->lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #0: ffff888011914078 (&u->lock){+.+.}-{2:2}, at: queue_oob+0x2a0/0x680 net/unix/af_unix.c:2216
 #1: ffff888028b14e20 (&f_owner->lock){....}-{2:2}, at: send_sigurg+0x58/0x430 fs/fcntl.c:954

the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
  -> (&client->buffer_lock){..-.}-{2:2} {
     IN-SOFTIRQ-W at:
                        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
                        __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
                        _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
                        spin_lock include/linux/spinlock.h:351 [inline]
                        evdev_pass_values+0xf2/0xad0 drivers/input/evdev.c:261
                        evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
                        input_pass_values+0x268/0x890 drivers/input/input.c:126
                        input_event_dispose+0x30f/0x600 drivers/input/input.c:341
                        input_handle_event+0xa71/0xbe0 drivers/input/input.c:369
                        input_event+0xa4/0xd0 drivers/input/input.c:398
                        input_sync include/linux/input.h:459 [inline]
                        xpad360_process_packet+0x627/0xb20 drivers/input/joystick/xpad.c:904
                        xpad_irq_in+0x170/0x2510 drivers/input/joystick/xpad.c:1182
                        __usb_hcd_giveback_urb+0x42c/0x6e0 drivers/usb/core/hcd.c:1650
                        dummy_timer+0x856/0x4620 drivers/usb/gadget/udc/dummy_hcd.c:1993
                        __run_hrtimer kernel/time/hrtimer.c:1691 [inline]
                        __hrtimer_run_queues+0x59b/0xd50 kernel/time/hrtimer.c:1755
                        hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1772
                        handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
                        __do_softirq kernel/softirq.c:588 [inline]
                        invoke_softirq kernel/softirq.c:428 [inline]
                        __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
                        irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
                        instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
                        sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
                        asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
                        kasan_check_range+0x1bf/0x290 mm/kasan/generic.c:189
                        instrument_atomic_read include/linux/instrumented.h:68 [inline]
                        _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
                        tomoyo_check_acl+0x2d2/0x3f0 security/tomoyo/domain.c:184
                        tomoyo_path_permission+0x1af/0x360 security/tomoyo/file.c:586
                        tomoyo_path_perm+0x480/0x740 security/tomoyo/file.c:838
                        security_inode_getattr+0x130/0x330 security/security.c:2373
                        vfs_getattr+0x45/0x430 fs/stat.c:204
                        vfs_statx_path fs/stat.c:251 [inline]
                        vfs_statx+0x199/0x490 fs/stat.c:315
                        vfs_fstatat+0x145/0x190 fs/stat.c:341
                        __do_sys_newfstatat fs/stat.c:505 [inline]
                        __se_sys_newfstatat fs/stat.c:499 [inline]
                        __x64_sys_newfstatat+0x11d/0x1a0 fs/stat.c:499
                        do_syscall_x64 arch/x86/entry/common.c:52 [inline]
                        do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
                        entry_SYSCALL_64_after_hwframe+0x77/0x7f
     INITIAL USE at:
                       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
                       __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
                       _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
                       spin_lock include/linux/spinlock.h:351 [inline]
                       evdev_pass_values+0xf2/0xad0 drivers/input/evdev.c:261
                       evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
                       input_pass_values+0x268/0x890 drivers/input/input.c:126
                       input_event_dispose+0x30f/0x600 drivers/input/input.c:341
                       input_handle_event+0xa71/0xbe0 drivers/input/input.c:369
                       input_inject_event+0x22f/0x340 drivers/input/input.c:428
                       evdev_write+0x5fd/0x790 drivers/input/evdev.c:528
                       vfs_write+0x2a3/0xd30 fs/read_write.c:681
                       ksys_write+0x183/0x2b0 fs/read_write.c:736
                       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
                       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
                       entry_SYSCALL_64_after_hwframe+0x77/0x7f
   }
   ... key      at: [<ffffffff9a755ba0>] evdev_open.__key.24+0x0/0x20
 -> (&new->fa_lock){....}-{2:2} {
    INITIAL USE at:
                     lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
                     __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
                     _raw_write_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:326
                     fasync_remove_entry+0xff/0x1d0 fs/fcntl.c:1004
                     sock_fasync+0x87/0x100 net/socket.c:1451
                     __fput+0x71b/0x880 fs/file_table.c:428
                     task_work_run+0x24f/0x310 kernel/task_work.c:239
                     resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
                     exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
                     exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
                     __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
                     syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218
                     do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
    INITIAL READ USE at:
                          lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
                          __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
                          _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236
                          kill_fasync_rcu fs/fcntl.c:1127 [inline]
                          kill_fasync+0x199/0x4f0 fs/fcntl.c:1151
                          sock_wake_async+0x147/0x170
                          sk_wake_async+0x183/0x280 include/net/sock.h:2444
                          unix_release_sock+0x727/0xd00 net/unix/af_unix.c:710
                          unix_release+0x91/0xc0 net/unix/af_unix.c:1109
                          __sock_release net/socket.c:658 [inline]
                          sock_close+0xbc/0x240 net/socket.c:1426
                          __fput+0x23f/0x880 fs/file_table.c:431
                          task_work_run+0x24f/0x310 kernel/task_work.c:239
                          get_signal+0x15e8/0x1740 kernel/signal.c:2691
                          arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
                          exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
                          exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
                          __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
                          syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
                          do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
                          entry_SYSCALL_64_after_hwframe+0x77/0x7f
  }
  ... key      at: [<ffffffff9a445f00>] fasync_insert_entry.__key+0x0/0x20
  ... acquired at:
   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
   _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236
   kill_fasync_rcu fs/fcntl.c:1127 [inline]
   kill_fasync+0x199/0x4f0 fs/fcntl.c:1151
   __pass_event drivers/input/evdev.c:240 [inline]
   evdev_pass_values+0x58a/0xad0 drivers/input/evdev.c:278
   evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
   input_pass_values+0x268/0x890 drivers/input/input.c:126
   input_event_dispose+0x30f/0x600 drivers/input/input.c:341
   input_handle_event+0xa71/0xbe0 drivers/input/input.c:369
   input_inject_event+0x22f/0x340 drivers/input/input.c:428
   evdev_write+0x5fd/0x790 drivers/input/evdev.c:528
   vfs_write+0x2a3/0xd30 fs/read_write.c:681
   ksys_write+0x183/0x2b0 fs/read_write.c:736
   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
   do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
   entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> (&f_owner->lock){....}-{2:2} {
   INITIAL USE at:
                   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
                   __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
                   _raw_write_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:326
                   __f_setown+0x6b/0x380 fs/fcntl.c:137
                   f_setown+0x243/0x310 fs/fcntl.c:184
                   do_fcntl+0x115/0x1a60 fs/fcntl.c:510
                   __do_sys_fcntl fs/fcntl.c:586 [inline]
                   __se_sys_fcntl+0xd2/0x1e0 fs/fcntl.c:571
                   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
                   do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
                   entry_SYSCALL_64_after_hwframe+0x77/0x7f
   INITIAL READ USE at:
                        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
                        __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
                        _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236
                        send_sigio+0x37/0x390 fs/fcntl.c:910
                        kill_fasync_rcu fs/fcntl.c:1136 [inline]
                        kill_fasync+0x256/0x4f0 fs/fcntl.c:1151
                        sock_wake_async+0x147/0x170
                        sk_wake_async+0x183/0x280 include/net/sock.h:2444
                        unix_release_sock+0x727/0xd00 net/unix/af_unix.c:710
                        unix_release+0x91/0xc0 net/unix/af_unix.c:1109
                        __sock_release net/socket.c:658 [inline]
                        sock_close+0xbc/0x240 net/socket.c:1426
                        __fput+0x23f/0x880 fs/file_table.c:431
                        task_work_run+0x24f/0x310 kernel/task_work.c:239
                        get_signal+0x15e8/0x1740 kernel/signal.c:2691
                        arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
                        exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
                        exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
                        __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
                        syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
                        do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
                        entry_SYSCALL_64_after_hwframe+0x77/0x7f
 }
 ... key      at: [<ffffffff9a445ee0>] file_f_owner_allocate.__key+0x0/0x20
 ... acquired at:
   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
   _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236
   send_sigio+0x37/0x390 fs/fcntl.c:910
   kill_fasync_rcu fs/fcntl.c:1136 [inline]
   kill_fasync+0x256/0x4f0 fs/fcntl.c:1151
   sock_wake_async+0x147/0x170
   sk_wake_async+0x183/0x280 include/net/sock.h:2444
   unix_release_sock+0x727/0xd00 net/unix/af_unix.c:710
   unix_release+0x91/0xc0 net/unix/af_unix.c:1109
   __sock_release net/socket.c:658 [inline]
   sock_close+0xbc/0x240 net/socket.c:1426
   __fput+0x23f/0x880 fs/file_table.c:431
   task_work_run+0x24f/0x310 kernel/task_work.c:239
   get_signal+0x15e8/0x1740 kernel/signal.c:2691
   arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
   exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
   exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
   __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
   syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
   do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
   entry_SYSCALL_64_after_hwframe+0x77/0x7f


the dependencies between the lock to be acquired
 and SOFTIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{2:2} {
   HARDIRQ-ON-R at:
                    lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
                    __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
                    _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
                    __do_wait+0x12d/0x850 kernel/exit.c:1648
                    do_wait+0x1e9/0x560 kernel/exit.c:1692
                    kernel_wait+0xe9/0x240 kernel/exit.c:1868
                    call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
                    call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:164
                    process_one_work kernel/workqueue.c:3229 [inline]
                    process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
                    worker_thread+0x870/0xd30 kernel/workqueue.c:3391
                    kthread+0x2f0/0x390 kernel/kthread.c:389
                    ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
                    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
   SOFTIRQ-ON-R at:
                    lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
                    __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
                    _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
                    __do_wait+0x12d/0x850 kernel/exit.c:1648
                    do_wait+0x1e9/0x560 kernel/exit.c:1692
                    kernel_wait+0xe9/0x240 kernel/exit.c:1868
                    call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
                    call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:164
                    process_one_work kernel/workqueue.c:3229 [inline]
                    process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
                    worker_thread+0x870/0xd30 kernel/workqueue.c:3391
                    kthread+0x2f0/0x390 kernel/kthread.c:389
                    ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
                    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
   INITIAL USE at:
                   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
                   __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
                   _raw_write_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:326
                   copy_process+0x2267/0x3d50 kernel/fork.c:2502
                   kernel_clone+0x226/0x8f0 kernel/fork.c:2786
                   user_mode_thread+0x132/0x1a0 kernel/fork.c:2864
                   rest_init+0x23/0x300 init/main.c:712
                   start_kernel+0x47f/0x500 init/main.c:1105
                   x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:507
                   x86_64_start_kernel+0x9f/0xa0 arch/x86/kernel/head64.c:488
                   common_startup_64+0x13e/0x147
   INITIAL READ USE at:
                        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
                        __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
                        _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
                        __do_wait+0x12d/0x850 kernel/exit.c:1648
                        do_wait+0x1e9/0x560 kernel/exit.c:1692
                        kernel_wait+0xe9/0x240 kernel/exit.c:1868
                        call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
                        call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:164
                        process_one_work kernel/workqueue.c:3229 [inline]
                        process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
                        worker_thread+0x870/0xd30 kernel/workqueue.c:3391
                        kthread+0x2f0/0x390 kernel/kthread.c:389
                        ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
                        ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 }
 ... key      at: [<ffffffff8e60a058>] tasklist_lock+0x18/0x40
 ... acquired at:
   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
   __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
   _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
   send_sigurg+0x144/0x430 fs/fcntl.c:970
   sk_send_sigurg+0x6e/0x2f0 net/core/sock.c:3500
   queue_oob+0x4e3/0x680 net/unix/af_unix.c:2233
   unix_stream_sendmsg+0xd24/0xf80 net/unix/af_unix.c:2351
   sock_sendmsg_nosec net/socket.c:729 [inline]
   __sock_sendmsg+0x221/0x270 net/socket.c:744
   ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607
   ___sys_sendmsg net/socket.c:2661 [inline]
   __sys_sendmmsg+0x3ab/0x730 net/socket.c:2747
   __do_sys_sendmmsg net/socket.c:2776 [inline]
   __se_sys_sendmmsg net/socket.c:2773 [inline]
   __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2773
   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
   do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
   entry_SYSCALL_64_after_hwframe+0x77/0x7f


stack backtrace:
CPU: 1 UID: 0 PID: 29931 Comm: syz.9.4009 Not tainted 6.12.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_bad_irq_dependency kernel/locking/lockdep.c:2647 [inline]
 check_irq_usage kernel/locking/lockdep.c:2888 [inline]
 check_prev_add kernel/locking/lockdep.c:3165 [inline]
 check_prevs_add kernel/locking/lockdep.c:3280 [inline]
 validate_chain+0x4ebd/0x5920 kernel/locking/lockdep.c:3904
 __lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
 _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
 send_sigurg+0x144/0x430 fs/fcntl.c:970
 sk_send_sigurg+0x6e/0x2f0 net/core/sock.c:3500
 queue_oob+0x4e3/0x680 net/unix/af_unix.c:2233
 unix_stream_sendmsg+0xd24/0xf80 net/unix/af_unix.c:2351
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:744
 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607
 ___sys_sendmsg net/socket.c:2661 [inline]
 __sys_sendmmsg+0x3ab/0x730 net/socket.c:2747
 __do_sys_sendmmsg net/socket.c:2776 [inline]
 __se_sys_sendmmsg net/socket.c:2773 [inline]
 __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2773
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6d2197e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6d1fdd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f6d21b36058 RCX: 00007f6d2197e719
RDX: 0000000000000001 RSI: 0000000020006c40 RDI: 0000000000000004
RBP: 00007f6d219f139e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000040015 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f6d21b36058 R15: 00007f6d21c5fa28
 </TASK>

Crashes (860):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/11 12:53 upstream 2d5404caa8c7 97fe5517 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/11/09 14:11 upstream da4373fbcf00 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/08 23:29 upstream 50643bbc9eb6 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/08 21:23 upstream 50643bbc9eb6 179b040e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/08 11:37 upstream 906bd684e4b1 179b040e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/11/08 04:48 upstream 906bd684e4b1 c069283c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/08 04:45 upstream 906bd684e4b1 c069283c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/07 14:21 upstream ff7afaeca1a1 c069283c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/07 12:35 upstream ff7afaeca1a1 df3dc63b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/06 21:40 upstream 7758b206117d df3dc63b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/06 18:02 upstream 2e1b3cc9d7f7 3a465482 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/05 21:11 upstream 2e1b3cc9d7f7 3a465482 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/05 10:47 upstream 2e1b3cc9d7f7 509da429 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/05 01:51 upstream 557329bcecc2 509da429 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/11/05 00:29 upstream 557329bcecc2 509da429 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/11/04 21:10 upstream 557329bcecc2 509da429 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/04 21:09 upstream 557329bcecc2 509da429 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/04 19:00 upstream 59b723cd2adb 509da429 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in evdev_pass_values
2024/11/03 22:37 upstream b9021de3ec2f f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in evdev_pass_values
2024/11/03 07:34 upstream 3e5e6c9900c3 f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in evdev_pass_values
2024/11/01 10:03 upstream 6c52d4da1c74 96eb609f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in evdev_pass_values
2024/11/01 08:02 upstream 6c52d4da1c74 96eb609f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/11/01 00:28 upstream 0fc810ae3ae1 96eb609f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/10/31 17:19 upstream 0fc810ae3ae1 96eb609f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in evdev_pass_values
2024/10/31 11:33 upstream 0fc810ae3ae1 fb888278 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in evdev_pass_values
2024/10/31 07:08 upstream 4236f913808c fb888278 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in evdev_pass_values
2024/10/31 02:28 upstream 4236f913808c fb888278 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/10/18 11:15 upstream 4d939780b705 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/10/17 22:35 upstream 6efbea77b390 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/10/17 09:53 upstream c964ced77262 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/10/17 02:13 upstream c964ced77262 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/10/17 00:21 upstream c964ced77262 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/10/16 18:54 upstream 2f87d0916ce0 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/10/16 01:34 upstream 2f87d0916ce0 bde2d81c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/10/14 22:23 upstream eca631b8fe80 b01b6661 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in evdev_pass_values
2024/10/14 21:13 upstream eca631b8fe80 b01b6661 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/10/13 21:17 upstream cfea70e835b9 084d8178 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in evdev_pass_values
2024/10/12 02:08 upstream 9e4c6c1ad9a1 084d8178 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in evdev_pass_values
2024/10/09 12:41 upstream 75b607fab38d 402f1df0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/11/10 06:25 upstream de2f378f2b77 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/11/09 22:47 upstream da4373fbcf00 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/11/09 16:21 upstream da4373fbcf00 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/11/09 05:39 upstream 50643bbc9eb6 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/11/08 16:43 upstream 906bd684e4b1 179b040e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/10/22 05:01 upstream c2ee9f594da8 a93682b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/10/21 09:29 upstream c55228220dd3 cd6fc0a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/10/20 22:25 upstream c55228220dd3 cd6fc0a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/10/20 15:17 upstream 715ca9dd687f cd6fc0a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/10/19 19:16 upstream 9197b73fd7bb cd6fc0a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/10/18 09:38 upstream 4d939780b705 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/10/17 20:25 upstream 6efbea77b390 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/10/17 11:54 upstream c964ced77262 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/10/17 00:55 upstream c964ced77262 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/10/15 10:06 upstream eca631b8fe80 14943bb8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/10/13 20:02 upstream ba01565ced22 084d8178 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/10/11 07:47 upstream 1d227fcc7222 cd942402 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/10/11 04:41 upstream 1d227fcc7222 8fbfc0c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in evdev_pass_values
2024/08/16 14:52 upstream d7a5aa4b3c00 e1c76ab2 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in evdev_pass_values
2024/07/21 01:19 upstream f557af081de6 b88348e9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in evdev_pass_values
2023/04/19 19:50 upstream 789b4a41c247 a219f34e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2023/04/16 17:07 upstream 3e7bb4f24617 ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in evdev_pass_values
2024/10/31 08:49 linux-next f9f24ca362a4 fb888278 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in evdev_pass_values
* Struck through repros no longer work on HEAD.