syzbot


possible deadlock in input_event

Status: upstream: reported C repro on 2023/07/17 14:44
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+2f5570a645018de96979@syzkaller.appspotmail.com
First crash: 277d, last: 1d07h
Bug presence (3)
Date Name Commit Repro Result
2023/09/03 linux-5.15.y (ToT) 8f790700c974 C [report] possible deadlock in input_event
2023/07/20 upstream (ToT) bfa3037d8280 C [report] possible deadlock in input_event
2023/09/03 upstream (ToT) 92901222f83d C Didn't crash
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 possible deadlock in input_event origin:upstream C 74 10h43m 301d 0/3 upstream: reported C repro on 2023/06/23 12:11
upstream possible deadlock in input_event (2) fs C inconclusive 2093 4d02h 891d 0/26 upstream: reported C repro on 2021/11/10 17:01
upstream possible deadlock in input_event C done 2740 892d 1196d 0/26 closed as dup on 2021/07/07 07:31
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2024/03/18 02:38 58m bisect fix linux-5.15.y job log (0) log
2024/02/12 17:11 1h30m bisect fix linux-5.15.y job log (0) log
2024/01/05 22:45 1h53m bisect fix linux-5.15.y job log (0) log
2023/09/14 19:19 1h40m fix candidate upstream job log (0) log

Sample crash report:
=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
5.15.154-syzkaller #0 Not tainted
-----------------------------------------------------
syz-executor116/3498 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff8c60a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigurg+0xc8/0x380 fs/fcntl.c:851

and this task is already holding:
ffff8880761dfcb8 (&f->f_owner.lock){....}-{2:2}, at: send_sigurg+0x25/0x380 fs/fcntl.c:835
which would create a new lock dependency:
 (&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2}

but this new dependency connects a HARDIRQ-irq-safe lock:
 (&dev->event_lock#2){-...}-{2:2}

... which became HARDIRQ-irq-safe at:
  lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
  __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
  _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
  input_event+0x8a/0xd0 drivers/input/input.c:456
  input_report_key include/linux/input.h:425 [inline]
  psmouse_report_standard_buttons drivers/input/mouse/psmouse-base.c:123 [inline]
  psmouse_report_standard_packet+0x50/0x200 drivers/input/mouse/psmouse-base.c:141
  psmouse_process_byte+0x45b/0x640 drivers/input/mouse/psmouse-base.c:232
  psmouse_handle_byte+0x46/0x4b0 drivers/input/mouse/psmouse-base.c:274
  psmouse_interrupt+0x697/0x10a0 drivers/input/mouse/psmouse-base.c:426
  serio_interrupt+0x88/0x130 drivers/input/serio/serio.c:1001
  i8042_interrupt+0x355/0x750 drivers/input/serio/i8042.c:606
  __handle_irq_event_percpu+0x292/0xa70 kernel/irq/handle.c:156
  handle_irq_event_percpu kernel/irq/handle.c:196 [inline]
  handle_irq_event+0xff/0x2b0 kernel/irq/handle.c:213
  handle_edge_irq+0x245/0xbf0 kernel/irq/chip.c:822
  generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
  handle_irq arch/x86/kernel/irq.c:231 [inline]
  __common_interrupt+0xd7/0x1f0 arch/x86/kernel/irq.c:250
  common_interrupt+0x9f/0xc0 arch/x86/kernel/irq.c:240
  asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:629
  preempt_schedule_irq+0xf2/0x1c0 kernel/sched/core.c:6780
  irqentry_exit+0x53/0x80 kernel/entry/common.c:432
  asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:629
  arch_test_and_set_bit arch/x86/include/asm/bitops.h:138 [inline]
  test_and_set_bit include/asm-generic/bitops/instrumented-atomic.h:71 [inline]
  queue_work_on+0x1f4/0x250 kernel/workqueue.c:1558
  queue_work include/linux/workqueue.h:512 [inline]
  call_usermodehelper_exec+0x269/0x450 kernel/umh.c:435
  kobject_uevent_env+0x69e/0x8d0 lib/kobject_uevent.c:618
  driver_register+0x35b/0x3a0 drivers/base/driver.c:248
  usb_register_driver+0x206/0x3d0 drivers/usb/core/driver.c:1061
  do_one_initcall+0x22b/0x7a0 init/main.c:1300
  do_initcall_level+0x157/0x210 init/main.c:1373
  do_initcalls+0x49/0x90 init/main.c:1389
  kernel_init_freeable+0x425/0x5c0 init/main.c:1613
  kernel_init+0x19/0x290 init/main.c:1504
  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:300

to a HARDIRQ-irq-unsafe lock:
 (tasklist_lock){.+.+}-{2:2}

... which became HARDIRQ-irq-unsafe at:
...
  lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
  __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
  _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
  do_wait+0x2a7/0xaf0 kernel/exit.c:1576
  kernel_wait+0xe5/0x230 kernel/exit.c:1766
  call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
  call_usermodehelper_exec_work+0xb5/0x220 kernel/umh.c:166
  process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
  worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
  kthread+0x3f6/0x4f0 kernel/kthread.c:334
  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:300

other info that might help us debug this:

Chain exists of:
  &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(tasklist_lock);
                               local_irq_disable();
                               lock(&dev->event_lock#2);
                               lock(&f->f_owner.lock);
  <Interrupt>
    lock(&dev->event_lock#2);

 *** DEADLOCK ***

2 locks held by syz-executor116/3498:
 #0: ffff888073ad8120 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1668 [inline]
 #0: ffff888073ad8120 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_sendmsg+0x1e/0x40 net/ipv4/tcp.c:1455
 #1: ffff8880761dfcb8 (&f->f_owner.lock){....}-{2:2}, at: send_sigurg+0x25/0x380 fs/fcntl.c:835

the dependencies between HARDIRQ-irq-safe lock and the holding lock:
   -> (&dev->event_lock#2){-...}-{2:2} {
      IN-HARDIRQ-W at:
                          lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                          __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                          _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
                          input_event+0x8a/0xd0 drivers/input/input.c:456
                          input_report_key include/linux/input.h:425 [inline]
                          psmouse_report_standard_buttons drivers/input/mouse/psmouse-base.c:123 [inline]
                          psmouse_report_standard_packet+0x50/0x200 drivers/input/mouse/psmouse-base.c:141
                          psmouse_process_byte+0x45b/0x640 drivers/input/mouse/psmouse-base.c:232
                          psmouse_handle_byte+0x46/0x4b0 drivers/input/mouse/psmouse-base.c:274
                          psmouse_interrupt+0x697/0x10a0 drivers/input/mouse/psmouse-base.c:426
                          serio_interrupt+0x88/0x130 drivers/input/serio/serio.c:1001
                          i8042_interrupt+0x355/0x750 drivers/input/serio/i8042.c:606
                          __handle_irq_event_percpu+0x292/0xa70 kernel/irq/handle.c:156
                          handle_irq_event_percpu kernel/irq/handle.c:196 [inline]
                          handle_irq_event+0xff/0x2b0 kernel/irq/handle.c:213
                          handle_edge_irq+0x245/0xbf0 kernel/irq/chip.c:822
                          generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
                          handle_irq arch/x86/kernel/irq.c:231 [inline]
                          __common_interrupt+0xd7/0x1f0 arch/x86/kernel/irq.c:250
                          common_interrupt+0x9f/0xc0 arch/x86/kernel/irq.c:240
                          asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:629
                          preempt_schedule_irq+0xf2/0x1c0 kernel/sched/core.c:6780
                          irqentry_exit+0x53/0x80 kernel/entry/common.c:432
                          asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:629
                          arch_test_and_set_bit arch/x86/include/asm/bitops.h:138 [inline]
                          test_and_set_bit include/asm-generic/bitops/instrumented-atomic.h:71 [inline]
                          queue_work_on+0x1f4/0x250 kernel/workqueue.c:1558
                          queue_work include/linux/workqueue.h:512 [inline]
                          call_usermodehelper_exec+0x269/0x450 kernel/umh.c:435
                          kobject_uevent_env+0x69e/0x8d0 lib/kobject_uevent.c:618
                          driver_register+0x35b/0x3a0 drivers/base/driver.c:248
                          usb_register_driver+0x206/0x3d0 drivers/usb/core/driver.c:1061
                          do_one_initcall+0x22b/0x7a0 init/main.c:1300
                          do_initcall_level+0x157/0x210 init/main.c:1373
                          do_initcalls+0x49/0x90 init/main.c:1389
                          kernel_init_freeable+0x425/0x5c0 init/main.c:1613
                          kernel_init+0x19/0x290 init/main.c:1504
                          ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:300
      INITIAL USE at:
                         lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                         __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                         _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
                         input_inject_event+0xc0/0x300 drivers/input/input.c:482
                         led_trigger_event+0x64/0xc0 drivers/leds/led-triggers.c:388
                         kbd_led_trigger_activate+0xb9/0x100 drivers/tty/vt/keyboard.c:1029
                         led_trigger_set+0x513/0x930 drivers/leds/led-triggers.c:195
                         led_trigger_set_default+0x1c2/0x200 drivers/leds/led-triggers.c:259
                         led_classdev_register_ext+0x6cf/0x8d0 drivers/leds/led-class.c:421
                         led_classdev_register include/linux/leds.h:196 [inline]
                         input_leds_connect+0x503/0x740 drivers/input/input-leds.c:139
                         input_attach_handler drivers/input/input.c:1046 [inline]
                         input_register_device+0xdae/0x1150 drivers/input/input.c:2354
                         atkbd_connect+0x7a7/0xa70 drivers/input/keyboard/atkbd.c:1336
                         serio_connect_driver drivers/input/serio/serio.c:47 [inline]
                         serio_driver_probe+0x74/0x90 drivers/input/serio/serio.c:778
                         really_probe+0x24e/0xb60 drivers/base/dd.c:595
                         __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755
                         driver_probe_device+0x50/0x420 drivers/base/dd.c:785
                         __driver_attach+0x479/0x690 drivers/base/dd.c:1164
                         bus_for_each_dev+0x17c/0x1f0 drivers/base/bus.c:301
                         serio_attach_driver drivers/input/serio/serio.c:807 [inline]
                         serio_handle_event+0x56a/0x8f0 drivers/input/serio/serio.c:227
                         process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
                         worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
                         kthread+0x3f6/0x4f0 kernel/kthread.c:334
                         ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:300
    }
    ... key      at: [<ffffffff91751a00>] input_allocate_device.__key.6+0x0/0x20
  -> (&client->buffer_lock){....}-{2:2} {
     INITIAL USE at:
                       lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                       __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                       _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
                       spin_lock include/linux/spinlock.h:363 [inline]
                       evdev_pass_values+0xe7/0xb60 drivers/input/evdev.c:261
                       evdev_events+0x198/0x2c0 drivers/input/evdev.c:306
                       input_to_handler drivers/input/input.c:126 [inline]
                       input_pass_values+0x873/0x1200 drivers/input/input.c:156
                       input_handle_event+0xc9b/0x1600 drivers/input/input.c:415
                       input_inject_event+0x1fc/0x300 drivers/input/input.c:487
                       evdev_write+0x668/0x7c0 drivers/input/evdev.c:530
                       vfs_write+0x30c/0xe50 fs/read_write.c:592
                       ksys_write+0x1a2/0x2c0 fs/read_write.c:647
                       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                       do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
                       entry_SYSCALL_64_after_hwframe+0x66/0xd0
   }
   ... key      at: [<ffffffff91751cc0>] evdev_open.__key.23+0x0/0x20
   ... acquired at:
   lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
   __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
   _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
   spin_lock include/linux/spinlock.h:363 [inline]
   evdev_pass_values+0xe7/0xb60 drivers/input/evdev.c:261
   evdev_events+0x198/0x2c0 drivers/input/evdev.c:306
   input_to_handler drivers/input/input.c:126 [inline]
   input_pass_values+0x873/0x1200 drivers/input/input.c:156
   input_handle_event+0xc9b/0x1600 drivers/input/input.c:415
   input_inject_event+0x1fc/0x300 drivers/input/input.c:487
   evdev_write+0x668/0x7c0 drivers/input/evdev.c:530
   vfs_write+0x30c/0xe50 fs/read_write.c:592
   ksys_write+0x1a2/0x2c0 fs/read_write.c:647
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x66/0xd0

 -> (&new->fa_lock){....}-{2:2} {
    INITIAL READ USE at:
                          lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                          __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
                          _raw_read_lock_irqsave+0xd9/0x120 kernel/locking/spinlock.c:236
                          kill_fasync_rcu fs/fcntl.c:1014 [inline]
                          kill_fasync+0x16a/0x490 fs/fcntl.c:1035
                          __pass_event drivers/input/evdev.c:240 [inline]
                          evdev_pass_values+0x5ad/0xb60 drivers/input/evdev.c:278
                          evdev_events+0x198/0x2c0 drivers/input/evdev.c:306
                          input_to_handler drivers/input/input.c:126 [inline]
                          input_pass_values+0x873/0x1200 drivers/input/input.c:156
                          input_handle_event+0xc9b/0x1600 drivers/input/input.c:415
                          input_inject_event+0x1fc/0x300 drivers/input/input.c:487
                          evdev_write+0x668/0x7c0 drivers/input/evdev.c:530
                          vfs_write+0x30c/0xe50 fs/read_write.c:592
                          ksys_write+0x1a2/0x2c0 fs/read_write.c:647
                          do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                          do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
                          entry_SYSCALL_64_after_hwframe+0x66/0xd0
  }
  ... key      at: [<ffffffff91455940>] fasync_insert_entry.__key+0x0/0x20
  ... acquired at:
   lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
   _raw_read_lock_irqsave+0xd9/0x120 kernel/locking/spinlock.c:236
   kill_fasync_rcu fs/fcntl.c:1014 [inline]
   kill_fasync+0x16a/0x490 fs/fcntl.c:1035
   __pass_event drivers/input/evdev.c:240 [inline]
   evdev_pass_values+0x5ad/0xb60 drivers/input/evdev.c:278
   evdev_events+0x198/0x2c0 drivers/input/evdev.c:306
   input_to_handler drivers/input/input.c:126 [inline]
   input_pass_values+0x873/0x1200 drivers/input/input.c:156
   input_handle_event+0xc9b/0x1600 drivers/input/input.c:415
   input_inject_event+0x1fc/0x300 drivers/input/input.c:487
   evdev_write+0x668/0x7c0 drivers/input/evdev.c:530
   vfs_write+0x30c/0xe50 fs/read_write.c:592
   ksys_write+0x1a2/0x2c0 fs/read_write.c:647
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> (&f->f_owner.lock){....}-{2:2} {
   INITIAL USE at:
                   lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                   __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
                   _raw_write_lock_irq+0xcf/0x110 kernel/locking/spinlock.c:316
                   f_modown+0x38/0x340 fs/fcntl.c:91
                   __f_setown fs/fcntl.c:110 [inline]
                   f_setown+0x127/0x1d0 fs/fcntl.c:138
                   do_fcntl+0x1b7/0x1600 fs/fcntl.c:393
                   __do_sys_fcntl fs/fcntl.c:472 [inline]
                   __se_sys_fcntl+0xd8/0x1b0 fs/fcntl.c:457
                   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                   do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
                   entry_SYSCALL_64_after_hwframe+0x66/0xd0
   INITIAL READ USE at:
                        lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                        __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
                        _raw_read_lock_irqsave+0xd9/0x120 kernel/locking/spinlock.c:236
                        send_sigio+0x2f/0x330 fs/fcntl.c:796
                        kill_fasync_rcu fs/fcntl.c:1021 [inline]
                        kill_fasync+0x20c/0x490 fs/fcntl.c:1035
                        __pass_event drivers/input/evdev.c:240 [inline]
                        evdev_pass_values+0x5ad/0xb60 drivers/input/evdev.c:278
                        evdev_events+0x198/0x2c0 drivers/input/evdev.c:306
                        input_to_handler drivers/input/input.c:126 [inline]
                        input_pass_values+0x873/0x1200 drivers/input/input.c:156
                        input_handle_event+0xc9b/0x1600 drivers/input/input.c:415
                        input_inject_event+0x1fc/0x300 drivers/input/input.c:487
                        evdev_write+0x668/0x7c0 drivers/input/evdev.c:530
                        vfs_write+0x30c/0xe50 fs/read_write.c:592
                        ksys_write+0x1a2/0x2c0 fs/read_write.c:647
                        do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                        do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
                        entry_SYSCALL_64_after_hwframe+0x66/0xd0
 }
 ... key      at: [<ffffffff91454cc0>] __alloc_file.__key+0x0/0x10
 ... acquired at:
   lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
   _raw_read_lock_irqsave+0xd9/0x120 kernel/locking/spinlock.c:236
   send_sigio+0x2f/0x330 fs/fcntl.c:796
   kill_fasync_rcu fs/fcntl.c:1021 [inline]
   kill_fasync+0x20c/0x490 fs/fcntl.c:1035
   __pass_event drivers/input/evdev.c:240 [inline]
   evdev_pass_values+0x5ad/0xb60 drivers/input/evdev.c:278
   evdev_events+0x198/0x2c0 drivers/input/evdev.c:306
   input_to_handler drivers/input/input.c:126 [inline]
   input_pass_values+0x873/0x1200 drivers/input/input.c:156
   input_handle_event+0xc9b/0x1600 drivers/input/input.c:415
   input_inject_event+0x1fc/0x300 drivers/input/input.c:487
   evdev_write+0x668/0x7c0 drivers/input/evdev.c:530
   vfs_write+0x30c/0xe50 fs/read_write.c:592
   ksys_write+0x1a2/0x2c0 fs/read_write.c:647
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x66/0xd0


the dependencies between the lock to be acquired
 and HARDIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{2:2} {
   HARDIRQ-ON-R at:
                    lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                    __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                    _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
                    do_wait+0x2a7/0xaf0 kernel/exit.c:1576
                    kernel_wait+0xe5/0x230 kernel/exit.c:1766
                    call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
                    call_usermodehelper_exec_work+0xb5/0x220 kernel/umh.c:166
                    process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
                    worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
                    kthread+0x3f6/0x4f0 kernel/kthread.c:334
                    ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:300
   SOFTIRQ-ON-R at:
                    lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                    __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                    _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
                    do_wait+0x2a7/0xaf0 kernel/exit.c:1576
                    kernel_wait+0xe5/0x230 kernel/exit.c:1766
                    call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
                    call_usermodehelper_exec_work+0xb5/0x220 kernel/umh.c:166
                    process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
                    worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
                    kthread+0x3f6/0x4f0 kernel/kthread.c:334
                    ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:300
   INITIAL USE at:
                   lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                   __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
                   _raw_write_lock_irq+0xcf/0x110 kernel/locking/spinlock.c:316
                   copy_process+0x22be/0x3ef0 kernel/fork.c:2337
                   kernel_clone+0x210/0x960 kernel/fork.c:2604
                   kernel_thread+0x168/0x1e0 kernel/fork.c:2656
                   rest_init+0x21/0x330 init/main.c:704
                   start_kernel+0x48c/0x540 init/main.c:1138
                   secondary_startup_64_no_verify+0xb1/0xbb
   INITIAL READ USE at:
                        lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
                        __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                        _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
                        do_wait+0x2a7/0xaf0 kernel/exit.c:1576
                        kernel_wait+0xe5/0x230 kernel/exit.c:1766
                        call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
                        call_usermodehelper_exec_work+0xb5/0x220 kernel/umh.c:166
                        process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
                        worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
                        kthread+0x3f6/0x4f0 kernel/kthread.c:334
                        ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:300
 }
 ... key      at: [<ffffffff8c60a058>] tasklist_lock+0x18/0x40
 ... acquired at:
   lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
   __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
   _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
   send_sigurg+0xc8/0x380 fs/fcntl.c:851
   sk_send_sigurg+0x6a/0xb0 net/core/sock.c:3128
   tcp_check_urg net/ipv4/tcp_input.c:5609 [inline]
   tcp_urg+0x2b8/0xb40 net/ipv4/tcp_input.c:5650
   tcp_rcv_established+0xe33/0x1e20 net/ipv4/tcp_input.c:5984
   tcp_v6_do_rcv+0x4f2/0x10f0 net/ipv6/tcp_ipv6.c:1526
   sk_backlog_rcv include/net/sock.h:1059 [inline]
   __release_sock+0x198/0x4b0 net/core/sock.c:2724
   release_sock+0x5d/0x1c0 net/core/sock.c:3265
   tcp_sendmsg+0x36/0x40 net/ipv4/tcp.c:1457
   sock_sendmsg_nosec net/socket.c:704 [inline]
   __sock_sendmsg net/socket.c:716 [inline]
   __sys_sendto+0x564/0x720 net/socket.c:2058
   __do_sys_sendto net/socket.c:2070 [inline]
   __se_sys_sendto net/socket.c:2066 [inline]
   __x64_sys_sendto+0xda/0xf0 net/socket.c:2066
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x66/0xd0


stack backtrace:
CPU: 1 PID: 3498 Comm: syz-executor116 Not tainted 5.15.154-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 print_bad_irq_dependency kernel/locking/lockdep.c:2567 [inline]
 check_irq_usage kernel/locking/lockdep.c:2806 [inline]
 check_prev_add kernel/locking/lockdep.c:3057 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain+0x4d01/0x5930 kernel/locking/lockdep.c:3788
 __lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5012
 lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
 _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
 send_sigurg+0xc8/0x380 fs/fcntl.c:851
 sk_send_sigurg+0x6a/0xb0 net/core/sock.c:3128
 tcp_check_urg net/ipv4/tcp_input.c:5609 [inline]
 tcp_urg+0x2b8/0xb40 net/ipv4/tcp_input.c:5650
 tcp_rcv_established+0xe33/0x1e20 net/ipv4/tcp_input.c:5984
 tcp_v6_do_rcv+0x4f2/0x10f0 net/ipv6/tcp_ipv6.c:1526
 sk_backlog_rcv include/net/sock.h:1059 [inline]
 __release_sock+0x198/0x4b0 net/core/sock.c:2724
 release_sock+0x5d/0x1c0 net/core/sock.c:3265
 tcp_sendmsg+0x36/0x40 net/ipv4/tcp.c:1457
 sock_sendmsg_nosec net/socket.c:704 [inline]
 __sock_sendmsg net/socket.c:716 [inline]
 __sys_sendto+0x564/0x720 net/socket.c:2058
 __do_sys_sendto net/socket.c:2070 [inline]
 __se_sys_sendto net/socket.c:2066 [inline]
 __x64_sys_sendto+0xda/0xf0 net/socket.c:2066
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f23fbb0f229
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
R

Crashes (87):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/11 08:09 linux-5.15.y cdfd0a7f0139 33b9e058 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/10 23:08 linux-5.15.y cdfd0a7f0139 4320ec32 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/07/19 08:21 linux-5.15.y d54cfc420586 022df2bb .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/18 10:40 linux-5.15.y c52b9710c83d af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/17 17:51 linux-5.15.y c52b9710c83d acc528cb .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/17 12:49 linux-5.15.y c52b9710c83d 18f6e127 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/17 11:19 linux-5.15.y c52b9710c83d 18f6e127 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/16 18:23 linux-5.15.y fa3df276cd36 18f6e127 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/16 13:48 linux-5.15.y fa3df276cd36 0d592ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/16 03:27 linux-5.15.y fa3df276cd36 0d592ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/15 14:50 linux-5.15.y fa3df276cd36 b9af7e61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/14 06:47 linux-5.15.y fa3df276cd36 c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/14 04:44 linux-5.15.y fa3df276cd36 c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/13 22:23 linux-5.15.y fa3df276cd36 c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/13 13:24 linux-5.15.y fa3df276cd36 c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/12 03:56 linux-5.15.y cdfd0a7f0139 27de0a5c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/11 13:52 linux-5.15.y cdfd0a7f0139 95ed9ece .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/11 01:57 linux-5.15.y cdfd0a7f0139 33b9e058 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/10 16:35 linux-5.15.y cdfd0a7f0139 4320ec32 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/10 11:57 linux-5.15.y 9465fef4ae35 4320ec32 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/10 11:53 linux-5.15.y 9465fef4ae35 4320ec32 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/10 04:21 linux-5.15.y 9465fef4ae35 171ec371 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/09 18:41 linux-5.15.y 9465fef4ae35 f3234354 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/09 03:23 linux-5.15.y 9465fef4ae35 f3234354 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/07 04:52 linux-5.15.y 9465fef4ae35 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/06 05:39 linux-5.15.y 9465fef4ae35 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/06 03:07 linux-5.15.y 9465fef4ae35 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/06 00:09 linux-5.15.y 9465fef4ae35 77230c29 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/05 13:43 linux-5.15.y 9465fef4ae35 77230c29 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/04 18:17 linux-5.15.y 9465fef4ae35 0ee3535e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/04 13:04 linux-5.15.y 9465fef4ae35 0ee3535e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/04 10:41 linux-5.15.y 9465fef4ae35 0ee3535e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/03/29 06:19 linux-5.15.y 9465fef4ae35 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/02/14 20:06 linux-5.15.y 6139f2a02fe0 d9b1cdd5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/02/14 09:42 linux-5.15.y 6139f2a02fe0 d902085f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/12/06 18:25 linux-5.15.y 9b91d36ba301 e3299f55 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/11/29 17:47 linux-5.15.y a78d278e01b1 6e78f9ce .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/11/29 16:01 linux-5.15.y a78d278e01b1 6e78f9ce .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/11/29 00:42 linux-5.15.y a78d278e01b1 1adfb6f6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/11/28 13:17 linux-5.15.y 2a910f4af54d 9fe51b7c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/11/27 23:55 linux-5.15.y 2a910f4af54d 7ec6c044 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/11/27 18:03 linux-5.15.y 2a910f4af54d 7ec6c044 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/11/22 16:29 linux-5.15.y 2a910f4af54d 03e12510 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/11/08 23:57 linux-5.15.y 80529b4968a8 b93f63e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/11/04 00:35 linux-5.15.y 12952a23a5da 500bfdc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/11/03 01:45 linux-5.15.y 12952a23a5da c4ac074c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/10/31 17:09 linux-5.15.y 12952a23a5da 58499c95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/10/13 16:13 linux-5.15.y 02e21884dcf2 f757a323 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/10/02 20:43 linux-5.15.y b911329317b4 50b20e75 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/11 07:28 linux-5.15.y cdfd0a7f0139 33b9e058 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in input_event
2023/07/22 11:26 linux-5.15.y d54cfc420586 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/07/21 16:28 linux-5.15.y d54cfc420586 abdf9bae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/07/21 07:43 linux-5.15.y d54cfc420586 28847498 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/07/20 18:49 linux-5.15.y d54cfc420586 f49af159 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/07/20 02:25 linux-5.15.y d54cfc420586 4547cdf9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/07/19 23:26 linux-5.15.y d54cfc420586 4547cdf9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/07/17 14:43 linux-5.15.y d54cfc420586 20f8b3c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
* Struck through repros no longer work on HEAD.