syzbot

=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
5.15.180-syzkaller #0 Not tainted
-----------------------------------------------------
syz-executor386/4163 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffff888078173cb8 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x2f/0x330 fs/fcntl.c:790

and this task is already holding:
ffff888072588018 (&new->fa_lock){....}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1008 [inline]
ffff888072588018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x16a/0x490 fs/fcntl.c:1029
which would create a new lock dependency:
 (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){....}-{2:2}

but this new dependency connects a HARDIRQ-irq-safe lock:
 (&dev->event_lock#2){-...}-{2:2}

... which became HARDIRQ-irq-safe at:
  lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
  __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
  _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
  input_event+0x8a/0xd0 drivers/input/input.c:456
  input_report_key include/linux/input.h:425 [inline]
  psmouse_report_standard_buttons drivers/input/mouse/psmouse-base.c:123 [inline]
  psmouse_report_standard_packet+0x50/0x200 drivers/input/mouse/psmouse-base.c:141
  psmouse_process_byte+0x45b/0x640 drivers/input/mouse/psmouse-base.c:232
  psmouse_handle_byte+0x46/0x4b0 drivers/input/mouse/psmouse-base.c:274
  psmouse_interrupt+0x697/0x10a0 drivers/input/mouse/psmouse-base.c:426
  serio_interrupt+0x88/0x130 drivers/input/serio/serio.c:1001
  i8042_interrupt+0x355/0x750 drivers/input/serio/i8042.c:606
  __handle_irq_event_percpu+0x292/0xa70 kernel/irq/handle.c:156
  handle_irq_event_percpu kernel/irq/handle.c:196 [inline]
  handle_irq_event+0xff/0x2b0 kernel/irq/handle.c:213
  handle_edge_irq+0x245/0xbf0 kernel/irq/chip.c:819
  generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
  handle_irq arch/x86/kernel/irq.c:233 [inline]
  __common_interrupt+0xd7/0x1f0 arch/x86/kernel/irq.c:252
  common_interrupt+0xae/0xd0 arch/x86/kernel/irq.c:242
  asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:667
  __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
  _raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194
  spin_unlock_irqrestore include/linux/spinlock.h:418 [inline]
  i8042_command drivers/input/serio/i8042.c:356 [inline]
  i8042_aux_write+0x112/0x190 drivers/input/serio/i8042.c:391
  serio_write include/linux/serio.h:125 [inline]
  ps2_do_sendbyte+0x20a/0x720 drivers/input/serio/libps2.c:40
  ps2_sendbyte+0x5c/0x120 drivers/input/serio/libps2.c:92
  cypress_ps2_sendbyte drivers/input/mouse/cypress_ps2.c:42 [inline]
  cypress_ps2_read_cmd_status drivers/input/mouse/cypress_ps2.c:116 [inline]
  cypress_send_ext_cmd+0x21d/0x900 drivers/input/mouse/cypress_ps2.c:189
  cypress_detect+0x8f/0x220 drivers/input/mouse/cypress_ps2.c:205
  psmouse_do_detect drivers/input/mouse/psmouse-base.c:1009 [inline]
  psmouse_try_protocol drivers/input/mouse/psmouse-base.c:1023 [inline]
  psmouse_extensions+0xc2a/0x1550 drivers/input/mouse/psmouse-base.c:1146
  psmouse_switch_protocol+0x308/0x840 drivers/input/mouse/psmouse-base.c:1542
  psmouse_connect+0x94b/0x1430 drivers/input/mouse/psmouse-base.c:1632
  serio_connect_driver drivers/input/serio/serio.c:47 [inline]
  serio_driver_probe+0x74/0x90 drivers/input/serio/serio.c:778
  call_driver_probe drivers/base/dd.c:-1 [inline]
  really_probe+0x24e/0xb60 drivers/base/dd.c:595
  __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755
  driver_probe_device+0x50/0x420 drivers/base/dd.c:785
  __driver_attach+0x479/0x690 drivers/base/dd.c:1164
  bus_for_each_dev+0x17c/0x1f0 drivers/base/bus.c:303
  serio_attach_driver drivers/input/serio/serio.c:807 [inline]
  serio_handle_event+0x56a/0x8f0 drivers/input/serio/serio.c:227
  process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
  worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
  kthread+0x3f6/0x4f0 kernel/kthread.c:334
  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287

to a HARDIRQ-irq-unsafe lock:
 (tasklist_lock){.+.+}-{2:2}

... which became HARDIRQ-irq-unsafe at:
...
  lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
  __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
  _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
  do_wait+0x2a7/0xaf0 kernel/exit.c:1578
  kernel_wait+0xe5/0x230 kernel/exit.c:1768
  call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
  call_usermodehelper_exec_work+0xb5/0x220 kernel/umh.c:166
  process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
  worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
  kthread+0x3f6/0x4f0 kernel/kthread.c:334
  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287

other info that might help us debug this:

Chain exists of:
  &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(tasklist_lock);
                               local_irq_disable();
                               lock(&dev->event_lock#2);
                               lock(&new->fa_lock);
  <Interrupt>
    lock(&dev->event_lock#2);

 *** DEADLOCK ***

8 locks held by syz-executor386/4163:
 #0: ffff888025b32110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x26d/0x7c0 drivers/input/evdev.c:513
 #1: ffff88801f1e0230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xc0/0x300 drivers/input/input.c:482
 #2: ffffffff8cb1f560 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #3: ffffffff8cb1f560 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #4: ffffffff8cb1f560 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #5: ffff888147d3a028 (&client->buffer_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
 #5: ffff888147d3a028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xe7/0xb60 drivers/input/evdev.c:261
 #6: ffffffff8cb1f560 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #7: ffff888072588018 (&new->fa_lock){....}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1008 [inline]
 #7: ffff888072588018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x16a/0x490 fs/fcntl.c:1029

the dependencies between HARDIRQ-irq-safe lock and the holding lock:
  -> (&dev->event_lock#2){-...}-{2:2} {
     IN-HARDIRQ-W at:
                        lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                        __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                        _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
                        input_event+0x8a/0xd0 drivers/input/input.c:456
                        input_report_key include/linux/input.h:425 [inline]
                        psmouse_report_standard_buttons drivers/input/mouse/psmouse-base.c:123 [inline]
                        psmouse_report_standard_packet+0x50/0x200 drivers/input/mouse/psmouse-base.c:141
                        psmouse_process_byte+0x45b/0x640 drivers/input/mouse/psmouse-base.c:232
                        psmouse_handle_byte+0x46/0x4b0 drivers/input/mouse/psmouse-base.c:274
                        psmouse_interrupt+0x697/0x10a0 drivers/input/mouse/psmouse-base.c:426
                        serio_interrupt+0x88/0x130 drivers/input/serio/serio.c:1001
                        i8042_interrupt+0x355/0x750 drivers/input/serio/i8042.c:606
                        __handle_irq_event_percpu+0x292/0xa70 kernel/irq/handle.c:156
                        handle_irq_event_percpu kernel/irq/handle.c:196 [inline]
                        handle_irq_event+0xff/0x2b0 kernel/irq/handle.c:213
                        handle_edge_irq+0x245/0xbf0 kernel/irq/chip.c:819
                        generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
                        handle_irq arch/x86/kernel/irq.c:233 [inline]
                        __common_interrupt+0xd7/0x1f0 arch/x86/kernel/irq.c:252
                        common_interrupt+0xae/0xd0 arch/x86/kernel/irq.c:242
                        asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:667
                        __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
                        _raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194
                        spin_unlock_irqrestore include/linux/spinlock.h:418 [inline]
                        i8042_command drivers/input/serio/i8042.c:356 [inline]
                        i8042_aux_write+0x112/0x190 drivers/input/serio/i8042.c:391
                        serio_write include/linux/serio.h:125 [inline]
                        ps2_do_sendbyte+0x20a/0x720 drivers/input/serio/libps2.c:40
                        ps2_sendbyte+0x5c/0x120 drivers/input/serio/libps2.c:92
                        cypress_ps2_sendbyte drivers/input/mouse/cypress_ps2.c:42 [inline]
                        cypress_ps2_read_cmd_status drivers/input/mouse/cypress_ps2.c:116 [inline]
                        cypress_send_ext_cmd+0x21d/0x900 drivers/input/mouse/cypress_ps2.c:189
                        cypress_detect+0x8f/0x220 drivers/input/mouse/cypress_ps2.c:205
                        psmouse_do_detect drivers/input/mouse/psmouse-base.c:1009 [inline]
                        psmouse_try_protocol drivers/input/mouse/psmouse-base.c:1023 [inline]
                        psmouse_extensions+0xc2a/0x1550 drivers/input/mouse/psmouse-base.c:1146
                        psmouse_switch_protocol+0x308/0x840 drivers/input/mouse/psmouse-base.c:1542
                        psmouse_connect+0x94b/0x1430 drivers/input/mouse/psmouse-base.c:1632
                        serio_connect_driver drivers/input/serio/serio.c:47 [inline]
                        serio_driver_probe+0x74/0x90 drivers/input/serio/serio.c:778
                        call_driver_probe drivers/base/dd.c:-1 [inline]
                        really_probe+0x24e/0xb60 drivers/base/dd.c:595
                        __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755
                        driver_probe_device+0x50/0x420 drivers/base/dd.c:785
                        __driver_attach+0x479/0x690 drivers/base/dd.c:1164
                        bus_for_each_dev+0x17c/0x1f0 drivers/base/bus.c:303
                        serio_attach_driver drivers/input/serio/serio.c:807 [inline]
                        serio_handle_event+0x56a/0x8f0 drivers/input/serio/serio.c:227
                        process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
                        worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
                        kthread+0x3f6/0x4f0 kernel/kthread.c:334
                        ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
     INITIAL USE at:
                       lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                       _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
                       input_inject_event+0xc0/0x300 drivers/input/input.c:482
                       led_trigger_event+0x109/0x1e0 drivers/leds/led-triggers.c:392
                       kbd_led_trigger_activate+0xb9/0x100 drivers/tty/vt/keyboard.c:1029
                       led_trigger_set+0x55a/0x970 drivers/leds/led-triggers.c:211
                       led_trigger_set_default+0x1c2/0x200 drivers/leds/led-triggers.c:275
                       led_classdev_register_ext+0x6cf/0x8d0 drivers/leds/led-class.c:428
                       led_classdev_register include/linux/leds.h:196 [inline]
                       input_leds_connect+0x503/0x740 drivers/input/input-leds.c:139
                       input_attach_handler drivers/input/input.c:1046 [inline]
                       input_register_device+0xdae/0x1150 drivers/input/input.c:2429
                       atkbd_connect+0x7a7/0xa70 drivers/input/keyboard/atkbd.c:1336
                       serio_connect_driver drivers/input/serio/serio.c:47 [inline]
                       serio_driver_probe+0x74/0x90 drivers/input/serio/serio.c:778
                       call_driver_probe drivers/base/dd.c:-1 [inline]
                       really_probe+0x24e/0xb60 drivers/base/dd.c:595
                       __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755
                       driver_probe_device+0x50/0x420 drivers/base/dd.c:785
                       __driver_attach+0x479/0x690 drivers/base/dd.c:1164
                       bus_for_each_dev+0x17c/0x1f0 drivers/base/bus.c:303
                       serio_attach_driver drivers/input/serio/serio.c:807 [inline]
                       serio_handle_event+0x56a/0x8f0 drivers/input/serio/serio.c:227
                       process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
                       worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
                       kthread+0x3f6/0x4f0 kernel/kthread.c:334
                       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
   }
   ... key      at: [<ffffffff96dfac60>] input_allocate_device.__key.6+0x0/0x20
 -> (&client->buffer_lock){....}-{2:2} {
    INITIAL USE at:
                     lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                     __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                     _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
                     spin_lock include/linux/spinlock.h:363 [inline]
                     evdev_pass_values+0xe7/0xb60 drivers/input/evdev.c:261
                     evdev_events+0x198/0x2c0 drivers/input/evdev.c:306
                     input_to_handler drivers/input/input.c:126 [inline]
                     input_pass_values+0x873/0x1200 drivers/input/input.c:156
                     input_handle_event+0xc9b/0x1600 drivers/input/input.c:415
                     input_inject_event+0x1fc/0x300 drivers/input/input.c:487
                     evdev_write+0x668/0x7c0 drivers/input/evdev.c:530
                     vfs_write+0x30c/0xe50 fs/read_write.c:592
                     ksys_write+0x1a2/0x2c0 fs/read_write.c:647
                     do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                     do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
                     entry_SYSCALL_64_after_hwframe+0x66/0xd0
  }
  ... key      at: [<ffffffff96dfaf20>] evdev_open.__key.23+0x0/0x20
  ... acquired at:
   lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
   __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
   _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
   spin_lock include/linux/spinlock.h:363 [inline]
   evdev_pass_values+0xe7/0xb60 drivers/input/evdev.c:261
   evdev_events+0x198/0x2c0 drivers/input/evdev.c:306
   input_to_handler drivers/input/input.c:126 [inline]
   input_pass_values+0x873/0x1200 drivers/input/input.c:156
   input_handle_event+0xc9b/0x1600 drivers/input/input.c:415
   input_inject_event+0x1fc/0x300 drivers/input/input.c:487
   evdev_write+0x668/0x7c0 drivers/input/evdev.c:530
   vfs_write+0x30c/0xe50 fs/read_write.c:592
   ksys_write+0x1a2/0x2c0 fs/read_write.c:647
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> (&new->fa_lock){....}-{2:2} {
   INITIAL READ USE at:
                        lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                        __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
                        _raw_read_lock_irqsave+0xd9/0x120 kernel/locking/spinlock.c:236
                        kill_fasync_rcu fs/fcntl.c:1008 [inline]
                        kill_fasync+0x16a/0x490 fs/fcntl.c:1029
                        __pass_event drivers/input/evdev.c:240 [inline]
                        evdev_pass_values+0x5ad/0xb60 drivers/input/evdev.c:278
                        evdev_events+0x198/0x2c0 drivers/input/evdev.c:306
                        input_to_handler drivers/input/input.c:126 [inline]
                        input_pass_values+0x873/0x1200 drivers/input/input.c:156
                        input_handle_event+0xc9b/0x1600 drivers/input/input.c:415
                        input_inject_event+0x1fc/0x300 drivers/input/input.c:487
                        evdev_write+0x668/0x7c0 drivers/input/evdev.c:530
                        vfs_write+0x30c/0xe50 fs/read_write.c:592
                        ksys_write+0x1a2/0x2c0 fs/read_write.c:647
                        do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                        do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
                        entry_SYSCALL_64_after_hwframe+0x66/0xd0
 }
 ... key      at: [<ffffffff96aff940>] fasync_insert_entry.__key+0x0/0x20
 ... acquired at:
   lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
   _raw_read_lock_irqsave+0xd9/0x120 kernel/locking/spinlock.c:236
   kill_fasync_rcu fs/fcntl.c:1008 [inline]
   kill_fasync+0x16a/0x490 fs/fcntl.c:1029
   __pass_event drivers/input/evdev.c:240 [inline]
   evdev_pass_values+0x5ad/0xb60 drivers/input/evdev.c:278
   evdev_events+0x198/0x2c0 drivers/input/evdev.c:306
   input_to_handler drivers/input/input.c:126 [inline]
   input_pass_values+0x873/0x1200 drivers/input/input.c:156
   input_handle_event+0xc9b/0x1600 drivers/input/input.c:415
   input_inject_event+0x1fc/0x300 drivers/input/input.c:487
   evdev_write+0x668/0x7c0 drivers/input/evdev.c:530
   vfs_write+0x30c/0xe50 fs/read_write.c:592
   ksys_write+0x1a2/0x2c0 fs/read_write.c:647
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x66/0xd0


the dependencies between the lock to be acquired
 and HARDIRQ-irq-unsafe lock:
 -> (tasklist_lock){.+.+}-{2:2} {
    HARDIRQ-ON-R at:
                      lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                      __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                      _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
                      do_wait+0x2a7/0xaf0 kernel/exit.c:1578
                      kernel_wait+0xe5/0x230 kernel/exit.c:1768
                      call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
                      call_usermodehelper_exec_work+0xb5/0x220 kernel/umh.c:166
                      process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
                      worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
                      kthread+0x3f6/0x4f0 kernel/kthread.c:334
                      ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
    SOFTIRQ-ON-R at:
                      lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                      __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                      _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
                      do_wait+0x2a7/0xaf0 kernel/exit.c:1578
                      kernel_wait+0xe5/0x230 kernel/exit.c:1768
                      call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
                      call_usermodehelper_exec_work+0xb5/0x220 kernel/umh.c:166
                      process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
                      worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
                      kthread+0x3f6/0x4f0 kernel/kthread.c:334
                      ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
    INITIAL USE at:
                     lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                     __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
                     _raw_write_lock_irq+0xcf/0x110 kernel/locking/spinlock.c:316
                     copy_process+0x22be/0x3ef0 kernel/fork.c:2336
                     kernel_clone+0x210/0x960 kernel/fork.c:2603
                     kernel_thread+0x12e/0x1a0 kernel/fork.c:2655
                     rest_init+0x21/0x330 init/main.c:706
                     start_kernel+0x48c/0x540 init/main.c:1140
                     secondary_startup_64_no_verify+0xb1/0xbb
    INITIAL READ USE at:
                          lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                          __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                          _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
                          do_wait+0x2a7/0xaf0 kernel/exit.c:1578
                          kernel_wait+0xe5/0x230 kernel/exit.c:1768
                          call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
                          call_usermodehelper_exec_work+0xb5/0x220 kernel/umh.c:166
                          process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
                          worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
                          kthread+0x3f6/0x4f0 kernel/kthread.c:334
                          ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
  }
  ... key      at: [<ffffffff8c80a058>] tasklist_lock+0x18/0x40
  ... acquired at:
   lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
   __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
   _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
   send_sigurg+0xc8/0x380 fs/fcntl.c:845
   sk_send_sigurg+0x6a/0xb0 net/core/sock.c:3131
   tcp_check_urg net/ipv4/tcp_input.c:5672 [inline]
   tcp_urg+0x2be/0xb50 net/ipv4/tcp_input.c:5713
   tcp_rcv_established+0xe42/0x1e30 net/ipv4/tcp_input.c:6047
   tcp_v6_do_rcv+0x528/0x1130 net/ipv6/tcp_ipv6.c:1526
   sk_backlog_rcv include/net/sock.h:1061 [inline]
   __release_sock+0x198/0x4b0 net/core/sock.c:2727
   release_sock+0x5d/0x1c0 net/core/sock.c:3268
   sk_stream_wait_memory+0x709/0xe80 net/core/stream.c:145
   tcp_sendmsg_locked+0x1468/0x3a90 net/ipv4/tcp.c:1419
   tcp_sendmsg+0x2c/0x40 net/ipv4/tcp.c:1457
   sock_sendmsg_nosec net/socket.c:704 [inline]
   __sock_sendmsg net/socket.c:716 [inline]
   __sys_sendto+0x564/0x720 net/socket.c:2063
   __do_sys_sendto net/socket.c:2075 [inline]
   __se_sys_sendto net/socket.c:2071 [inline]
   __x64_sys_sendto+0xda/0xf0 net/socket.c:2071
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> (&f->f_owner.lock){....}-{2:2} {
   INITIAL USE at:
                   lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                   __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
                   _raw_write_lock_irq+0xcf/0x110 kernel/locking/spinlock.c:316
                   __f_setown+0x38/0x350 fs/fcntl.c:91
                   f_setown+0x11f/0x1c0 fs/fcntl.c:132
                   do_fcntl+0x1b7/0x1600 fs/fcntl.c:387
                   __do_sys_fcntl fs/fcntl.c:466 [inline]
                   __se_sys_fcntl+0xd8/0x1b0 fs/fcntl.c:451
                   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                   do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
                   entry_SYSCALL_64_after_hwframe+0x66/0xd0
   INITIAL READ USE at:
                        lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                        __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
                        _raw_read_lock_irqsave+0xd9/0x120 kernel/locking/spinlock.c:236
                        send_sigurg+0x25/0x380 fs/fcntl.c:829
                        sk_send_sigurg+0x6a/0xb0 net/core/sock.c:3131
                        tcp_check_urg net/ipv4/tcp_input.c:5672 [inline]
                        tcp_urg+0x2be/0xb50 net/ipv4/tcp_input.c:5713
                        tcp_rcv_established+0xe42/0x1e30 net/ipv4/tcp_input.c:6047
                        tcp_v6_do_rcv+0x528/0x1130 net/ipv6/tcp_ipv6.c:1526
                        sk_backlog_rcv include/net/sock.h:1061 [inline]
                        __release_sock+0x198/0x4b0 net/core/sock.c:2727
                        release_sock+0x5d/0x1c0 net/core/sock.c:3268
                        sk_stream_wait_memory+0x709/0xe80 net/core/stream.c:145
                        tcp_sendmsg_locked+0x1468/0x3a90 net/ipv4/tcp.c:1419
                        tcp_sendmsg+0x2c/0x40 net/ipv4/tcp.c:1457
                        sock_sendmsg_nosec net/socket.c:704 [inline]
                        __sock_sendmsg net/socket.c:716 [inline]
                        __sys_sendto+0x564/0x720 net/socket.c:2063
                        __do_sys_sendto net/socket.c:2075 [inline]
                        __se_sys_sendto net/socket.c:2071 [inline]
                        __x64_sys_sendto+0xda/0xf0 net/socket.c:2071
                        do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                        do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
                        entry_SYSCALL_64_after_hwframe+0x66/0xd0
 }
 ... key      at: [<ffffffff96afecc0>] __alloc_file.__key+0x0/0x10
 ... acquired at:
   lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
   _raw_read_lock_irqsave+0xd9/0x120 kernel/locking/spinlock.c:236
   send_sigio+0x2f/0x330 fs/fcntl.c:790
   kill_fasync_rcu fs/fcntl.c:1015 [inline]
   kill_fasync+0x20c/0x490 fs/fcntl.c:1029
   __pass_event drivers/input/evdev.c:240 [inline]
   evdev_pass_values+0x5ad/0xb60 drivers/input/evdev.c:278
   evdev_events+0x198/0x2c0 drivers/input/evdev.c:306
   input_to_handler drivers/input/input.c:126 [inline]
   input_pass_values+0x873/0x1200 drivers/input/input.c:156
   input_handle_event+0xc9b/0x1600 drivers/input/input.c:415
   input_inject_event+0x1fc/0x300 drivers/input/input.c:487
   evdev_write+0x668/0x7c0 drivers/input/evdev.c:530
   vfs_write+0x30c/0xe50 fs/read_write.c:592
   ksys_write+0x1a2/0x2c0 fs/read_write.c:647
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x66/0xd0


stack backtrace:
CPU: 1 PID: 4163 Comm: syz-executor386 Not tainted 5.15.180-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 print_bad_irq_dependency kernel/locking/lockdep.c:2567 [inline]
 check_irq_usage kernel/locking/lockdep.c:2806 [inline]
 check_prev_add kernel/locking/lockdep.c:3057 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain+0x4d01/0x5930 kernel/locking/lockdep.c:3788
 __lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
 lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
 _raw_read_lock_irqsave+0xd9/0x120 kernel/locking/spinlock.c:236
 send_sigio+0x2f/0x330 fs/fcntl.c:790
 kill_fasync_rcu fs/fcntl.c:1015 [inline]
 kill_fasync+0x20c/0x490 fs/fcntl.c:1029
 __pass_event drivers/input/evdev.c:240 [inline]
 evdev_pass_values+0x5ad/0xb60 drivers/input/evdev.c:278
 evdev_events+0x198/0x2c0 drivers/input/evdev.c:306
 input_to_handler drivers/input/input.c:126 [inline]
 input_pass_values+0x873/0x1200 drivers/input/input.c:156
 input_handle_event+0xc9b/0x1600 drivers/input/input.c:415
 input_inject_event+0x1fc/0x300 drivers/input/input.c:487
 evdev_write+0x668/0x7c0 drivers/input/evdev.c:530
 vfs_write+0x30c/0xe50 fs/read_write.c:592
 ksys_write+0x1a2/0x2c0 fs/read_write.c:647
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fd65d958079
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd65d8f6218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fd65