syzbot

 sign-in | mailing list | source | docs
🐞 Open [828]
🐞 Fixed [84]
🐞 Invalid [1080]
Missing Backports [128]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

possible deadlock in input_event

Status: upstream: reported C repro on 2023/07/17 14:44
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+2f5570a645018de96979@syzkaller.appspotmail.com
First crash: 841d, last: 1h04m
Bug presence (3)
Date Name Commit Repro Result
2023/09/03 linux-5.15.y (ToT) 8f790700c974 C [report] possible deadlock in input_event
2023/07/20 upstream (ToT) bfa3037d8280 C [report] possible deadlock in input_event
2023/09/03 upstream (ToT) 92901222f83d C Didn't crash
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 possible deadlock in input_event origin:upstream missing-backport 4 C done 446 15d 866d 0/3 upstream: reported C repro on 2023/06/23 12:11
upstream possible deadlock in input_event (2) fs 4 C inconclusive 6363 4h04m 1455d 0/29 upstream: reported C repro on 2021/11/10 17:01
upstream possible deadlock in input_event 4 C done 2740 1456d 1761d 0/29 closed as dup on 2021/07/07 07:31
linux-6.6 possible deadlock in input_event 4 45 12d 127d 0/2 upstream: reported on 2025/06/30 21:29
Last patch testing requests (9)
Created Duration User Patch Repo Result
2025/06/08 21:41 11m retest repro linux-5.15.y report log
2025/06/08 21:41 13m retest repro linux-5.15.y report log
2025/06/08 21:41 15m retest repro linux-5.15.y report log
2025/06/08 21:41 14m retest repro linux-5.15.y report log
2025/06/08 21:41 9m retest repro linux-5.15.y report log
2025/01/12 14:15 14m retest repro linux-5.15.y report log
2025/01/12 14:15 9m retest repro linux-5.15.y report log
2025/01/12 14:15 9m retest repro linux-5.15.y report log
2025/01/12 14:15 11m retest repro linux-5.15.y report log
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2024/03/18 02:38 58m bisect fix linux-5.15.y OK (0) job log log
2024/02/12 17:11 1h30m bisect fix linux-5.15.y OK (0) job log log
2024/01/05 22:45 1h53m bisect fix linux-5.15.y OK (0) job log log
2023/09/14 19:19 1h40m fix candidate upstream OK (0) job log log

Sample crash report:
=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
syzkaller #0 Not tainted
-----------------------------------------------------
syz.0.17/4317 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffff888023f3e3b8 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x2f/0x330 fs/fcntl.c:790

and this task is already holding:
ffff888073e99018 (&new->fa_lock){....}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1008 [inline]
ffff888073e99018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x16d/0x490 fs/fcntl.c:1029
which would create a new lock dependency:
 (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){....}-{2:2}

but this new dependency connects a HARDIRQ-irq-safe lock:
 (&dev->event_lock#2){-...}-{2:2}

... which became HARDIRQ-irq-safe at:
  lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
  __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
  _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
  input_event+0x76/0xb0 drivers/input/input.c:456
  input_report_key include/linux/input.h:425 [inline]
  psmouse_report_standard_buttons drivers/input/mouse/psmouse-base.c:123 [inline]
  psmouse_report_standard_packet+0x4f/0x200 drivers/input/mouse/psmouse-base.c:141
  psmouse_process_byte+0x42b/0x620 drivers/input/mouse/psmouse-base.c:232
  psmouse_handle_byte+0x43/0x490 drivers/input/mouse/psmouse-base.c:274
  psmouse_interrupt+0x699/0x1130 drivers/input/mouse/psmouse-base.c:426
  serio_interrupt+0x87/0x130 drivers/input/serio/serio.c:1001
  i8042_interrupt+0x369/0x710 drivers/input/serio/i8042.c:606
  __handle_irq_event_percpu+0x291/0x9b0 kernel/irq/handle.c:156
  handle_irq_event_percpu kernel/irq/handle.c:196 [inline]
  handle_irq_event+0xa5/0x220 kernel/irq/handle.c:213
  handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819
  generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
  handle_irq arch/x86/kernel/irq.c:233 [inline]
  __common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252
  common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242
  asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:667
  __orc_find arch/x86/kernel/unwind_orc.c:52 [inline]
  orc_find arch/x86/kernel/unwind_orc.c:178 [inline]
  unwind_next_frame+0x107f/0x1d90 arch/x86/kernel/unwind_orc.c:448
  __unwind_start+0x5bb/0x740 arch/x86/kernel/unwind_orc.c:704
  unwind_start arch/x86/include/asm/unwind.h:60 [inline]
  arch_stack_walk+0xda/0x140 arch/x86/kernel/stacktrace.c:24
  stack_trace_save+0x98/0xe0 kernel/stacktrace.c:122
  kasan_save_stack mm/kasan/common.c:38 [inline]
  kasan_set_track+0x4b/0x70 mm/kasan/common.c:46
  kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
  ____kasan_slab_free+0xd5/0x110 mm/kasan/common.c:366
  kasan_slab_free include/linux/kasan.h:230 [inline]
  slab_free_hook mm/slub.c:1705 [inline]
  slab_free_freelist_hook+0xea/0x170 mm/slub.c:1731
  slab_free mm/slub.c:3499 [inline]
  kfree+0xef/0x2a0 mm/slub.c:4559
  kobject_uevent_env+0x368/0x890 lib/kobject_uevent.c:640
  driver_register+0x3e2/0x430 drivers/base/driver.c:248
  usb_register_driver+0x202/0x3d0 drivers/usb/core/driver.c:1061
  do_one_initcall+0x1ee/0x680 init/main.c:1302
  do_initcall_level+0x137/0x1f0 init/main.c:1375
  do_initcalls+0x4b/0x90 init/main.c:1391
  kernel_init_freeable+0x3ce/0x560 init/main.c:1615
  kernel_init+0x19/0x1b0 init/main.c:1506
  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287

to a HARDIRQ-irq-unsafe lock:
 (tasklist_lock){.+.+}-{2:2}

... which became HARDIRQ-irq-unsafe at:
...
  lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
  __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
  _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
  do_wait+0x293/0xac0 kernel/exit.c:1579
  kernel_wait+0xa8/0x160 kernel/exit.c:1769
  call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
  call_usermodehelper_exec_work+0xb5/0x220 kernel/umh.c:166
  process_one_work+0x863/0x1000 kernel/workqueue.c:2310
  worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
  kthread+0x436/0x520 kernel/kthread.c:334
  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287

other info that might help us debug this:

Chain exists of:
  &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(tasklist_lock);
                               local_irq_disable();
                               lock(&dev->event_lock#2);
                               lock(&new->fa_lock);
  <Interrupt>
    lock(&dev->event_lock#2);

 *** DEADLOCK ***

8 locks held by syz.0.17/4317:
 #0: ffff888148229110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x177/0x470 drivers/input/evdev.c:513
 #1: ffff8881468be230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0x9e/0x2c0 drivers/input/input.c:482
 #2: ffffffff8c11c460 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #3: ffffffff8c11c460 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #4: ffffffff8c11c460 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #5: ffff88807f289028 (&client->buffer_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
 #5: ffff88807f289028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0 drivers/input/evdev.c:261
 #6: ffffffff8c11c460 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #7: ffff888073e99018 (&new->fa_lock){....}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1008 [inline]
 #7: ffff888073e99018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x16d/0x490 fs/fcntl.c:1029

the dependencies between HARDIRQ-irq-safe lock and the holding lock:
  -> (&dev->event_lock#2){-...}-{2:2} {
     IN-HARDIRQ-W at:
                        lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
                        __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                        _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
                        input_event+0x76/0xb0 drivers/input/input.c:456
                        input_report_key include/linux/input.h:425 [inline]
                        psmouse_report_standard_buttons drivers/input/mouse/psmouse-base.c:123 [inline]
                        psmouse_report_standard_packet+0x4f/0x200 drivers/input/mouse/psmouse-base.c:141
                        psmouse_process_byte+0x42b/0x620 drivers/input/mouse/psmouse-base.c:232
                        psmouse_handle_byte+0x43/0x490 drivers/input/mouse/psmouse-base.c:274
                        psmouse_interrupt+0x699/0x1130 drivers/input/mouse/psmouse-base.c:426
                        serio_interrupt+0x87/0x130 drivers/input/serio/serio.c:1001
                        i8042_interrupt+0x369/0x710 drivers/input/serio/i8042.c:606
                        __handle_irq_event_percpu+0x291/0x9b0 kernel/irq/handle.c:156
                        handle_irq_event_percpu kernel/irq/handle.c:196 [inline]
                        handle_irq_event+0xa5/0x220 kernel/irq/handle.c:213
                        handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819
                        generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
                        handle_irq arch/x86/kernel/irq.c:233 [inline]
                        __common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252
                        common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242
                        asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:667
                        __orc_find arch/x86/kernel/unwind_orc.c:52 [inline]
                        orc_find arch/x86/kernel/unwind_orc.c:178 [inline]
                        unwind_next_frame+0x107f/0x1d90 arch/x86/kernel/unwind_orc.c:448
                        __unwind_start+0x5bb/0x740 arch/x86/kernel/unwind_orc.c:704
                        unwind_start arch/x86/include/asm/unwind.h:60 [inline]
                        arch_stack_walk+0xda/0x140 arch/x86/kernel/stacktrace.c:24
                        stack_trace_save+0x98/0xe0 kernel/stacktrace.c:122
                        kasan_save_stack mm/kasan/common.c:38 [inline]
                        kasan_set_track+0x4b/0x70 mm/kasan/common.c:46
                        kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
                        ____kasan_slab_free+0xd5/0x110 mm/kasan/common.c:366
                        kasan_slab_free include/linux/kasan.h:230 [inline]
                        slab_free_hook mm/slub.c:1705 [inline]
                        slab_free_freelist_hook+0xea/0x170 mm/slub.c:1731
                        slab_free mm/slub.c:3499 [inline]
                        kfree+0xef/0x2a0 mm/slub.c:4559
                        kobject_uevent_env+0x368/0x890 lib/kobject_uevent.c:640
                        driver_register+0x3e2/0x430 drivers/base/driver.c:248
                        usb_register_driver+0x202/0x3d0 drivers/usb/core/driver.c:1061
                        do_one_initcall+0x1ee/0x680 init/main.c:1302
                        do_initcall_level+0x137/0x1f0 init/main.c:1375
                        do_initcalls+0x4b/0x90 init/main.c:1391
                        kernel_init_freeable+0x3ce/0x560 init/main.c:1615
                        kernel_init+0x19/0x1b0 init/main.c:1506
                        ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
     INITIAL USE at:
                       lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
                       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                       _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
                       input_inject_event+0x9e/0x2c0 drivers/input/input.c:482
                       led_trigger_event+0x10a/0x1e0 drivers/leds/led-triggers.c:392
                       kbd_led_trigger_activate+0xb9/0x100 drivers/tty/vt/keyboard.c:1029
                       led_trigger_set+0x504/0x900 drivers/leds/led-triggers.c:211
                       led_trigger_set_default+0x19c/0x1e0 drivers/leds/led-triggers.c:275
                       led_classdev_register_ext+0x68f/0x870 drivers/leds/led-class.c:428
                       led_classdev_register include/linux/leds.h:196 [inline]
                       input_leds_connect+0x51d/0x750 drivers/input/input-leds.c:139
                       input_attach_handler drivers/input/input.c:1046 [inline]
                       input_register_device+0xda7/0x1140 drivers/input/input.c:2429
                       atkbd_connect+0x759/0xa10 drivers/input/keyboard/atkbd.c:1337
                       serio_connect_driver drivers/input/serio/serio.c:47 [inline]
                       serio_driver_probe+0x76/0x90 drivers/input/serio/serio.c:778
                       call_driver_probe drivers/base/dd.c:-1 [inline]
                       really_probe+0x284/0xc80 drivers/base/dd.c:595
                       __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
                       driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
                       __driver_attach+0x46b/0x670 drivers/base/dd.c:1164
                       bus_for_each_dev+0x175/0x1e0 drivers/base/bus.c:303
                       serio_attach_driver drivers/input/serio/serio.c:807 [inline]
                       serio_handle_event+0x29c/0x840 drivers/input/serio/serio.c:227
                       process_one_work+0x863/0x1000 kernel/workqueue.c:2310
                       worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
                       kthread+0x436/0x520 kernel/kthread.c:334
                       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
   }
   ... key      at: [<ffffffff96424aa0>] input_allocate_device.__key.6+0x0/0x20
 -> (&client->buffer_lock){....}-{2:2} {
    INITIAL USE at:
                     lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
                     __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                     _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
                     spin_lock include/linux/spinlock.h:363 [inline]
                     evdev_pass_values+0xcb/0xab0 drivers/input/evdev.c:261
                     evdev_events+0x1c0/0x2f0 drivers/input/evdev.c:306
                     input_to_handler drivers/input/input.c:126 [inline]
                     input_pass_values+0x880/0x1220 drivers/input/input.c:156
                     input_handle_event+0xb3f/0x1490 drivers/input/input.c:415
                     input_inject_event+0x1b9/0x2c0 drivers/input/input.c:487
                     evdev_write+0x326/0x470 drivers/input/evdev.c:530
                     vfs_write+0x300/0xd00 fs/read_write.c:592
                     ksys_write+0x14d/0x250 fs/read_write.c:647
                     do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                     do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
                     entry_SYSCALL_64_after_hwframe+0x66/0xd0
  }
  ... key      at: [<ffffffff96424d60>] evdev_open.__key.22+0x0/0x20
  ... acquired at:
   __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
   _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
   spin_lock include/linux/spinlock.h:363 [inline]
   evdev_pass_values+0xcb/0xab0 drivers/input/evdev.c:261
   evdev_events+0x1c0/0x2f0 drivers/input/evdev.c:306
   input_to_handler drivers/input/input.c:126 [inline]
   input_pass_values+0x880/0x1220 drivers/input/input.c:156
   input_handle_event+0xb3f/0x1490 drivers/input/input.c:415
   input_inject_event+0x1b9/0x2c0 drivers/input/input.c:487
   evdev_write+0x326/0x470 drivers/input/evdev.c:530
   vfs_write+0x300/0xd00 fs/read_write.c:592
   ksys_write+0x14d/0x250 fs/read_write.c:647
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> (&new->fa_lock){....}-{2:2} {
   INITIAL READ USE at:
                        lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
                        __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
                        _raw_read_lock_irqsave+0xac/0xf0 kernel/locking/spinlock.c:236
                        kill_fasync_rcu fs/fcntl.c:1008 [inline]
                        kill_fasync+0x16d/0x490 fs/fcntl.c:1029
                        __pass_event drivers/input/evdev.c:240 [inline]
                        evdev_pass_values+0x54b/0xab0 drivers/input/evdev.c:278
                        evdev_events+0x1c0/0x2f0 drivers/input/evdev.c:306
                        input_to_handler drivers/input/input.c:126 [inline]
                        input_pass_values+0x880/0x1220 drivers/input/input.c:156
                        input_handle_event+0xb3f/0x1490 drivers/input/input.c:415
                        input_inject_event+0x1b9/0x2c0 drivers/input/input.c:487
                        evdev_write+0x326/0x470 drivers/input/evdev.c:530
                        vfs_write+0x300/0xd00 fs/read_write.c:592
                        ksys_write+0x14d/0x250 fs/read_write.c:647
                        do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                        do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
                        entry_SYSCALL_64_after_hwframe+0x66/0xd0
 }
 ... key      at: [<ffffffff96129740>] fasync_insert_entry.__key+0x0/0x20
 ... acquired at:
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
   _raw_read_lock_irqsave+0xac/0xf0 kernel/locking/spinlock.c:236
   kill_fasync_rcu fs/fcntl.c:1008 [inline]
   kill_fasync+0x16d/0x490 fs/fcntl.c:1029
   __pass_event drivers/input/evdev.c:240 [inline]
   evdev_pass_values+0x54b/0xab0 drivers/input/evdev.c:278
   evdev_events+0x1c0/0x2f0 drivers/input/evdev.c:306
   input_to_handler drivers/input/input.c:126 [inline]
   input_pass_values+0x880/0x1220 drivers/input/input.c:156
   input_handle_event+0xb3f/0x1490 drivers/input/input.c:415
   input_inject_event+0x1b9/0x2c0 drivers/input/input.c:487
   evdev_write+0x326/0x470 drivers/input/evdev.c:530
   vfs_write+0x300/0xd00 fs/read_write.c:592
   ksys_write+0x14d/0x250 fs/read_write.c:647
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x66/0xd0


the dependencies between the lock to be acquired
 and HARDIRQ-irq-unsafe lock:
 -> (tasklist_lock){.+.+}-{2:2} {
    HARDIRQ-ON-R at:
                      lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
                      __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                      _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
                      do_wait+0x293/0xac0 kernel/exit.c:1579
                      kernel_wait+0xa8/0x160 kernel/exit.c:1769
                      call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
                      call_usermodehelper_exec_work+0xb5/0x220 kernel/umh.c:166
                      process_one_work+0x863/0x1000 kernel/workqueue.c:2310
                      worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
                      kthread+0x436/0x520 kernel/kthread.c:334
                      ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
    SOFTIRQ-ON-R at:
                      lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
                      __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                      _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
                      do_wait+0x293/0xac0 kernel/exit.c:1579
                      kernel_wait+0xa8/0x160 kernel/exit.c:1769
                      call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
                      call_usermodehelper_exec_work+0xb5/0x220 kernel/umh.c:166
                      process_one_work+0x863/0x1000 kernel/workqueue.c:2310
                      worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
                      kthread+0x436/0x520 kernel/kthread.c:334
                      ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
    INITIAL USE at:
                     lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
                     __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
                     _raw_write_lock_irq+0x9f/0xe0 kernel/locking/spinlock.c:316
                     copy_process+0x234a/0x3e00 kernel/fork.c:2412
                     kernel_clone+0x219/0x930 kernel/fork.c:2679
                     kernel_thread+0xc8/0x120 kernel/fork.c:2731
                     rest_init+0x21/0x330 init/main.c:706
                     start_kernel+0x486/0x530 init/main.c:1140
                     secondary_startup_64_no_verify+0xb1/0xbb
    INITIAL READ USE at:
                          lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
                          __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                          _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
                          do_wait+0x293/0xac0 kernel/exit.c:1579
                          kernel_wait+0xa8/0x160 kernel/exit.c:1769
                          call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
                          call_usermodehelper_exec_work+0xb5/0x220 kernel/umh.c:166
                          process_one_work+0x863/0x1000 kernel/workqueue.c:2310
                          worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
                          kthread+0x436/0x520 kernel/kthread.c:334
                          ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
  }
  ... key      at: [<ffffffff8be0a058>] tasklist_lock+0x18/0x40
  ... acquired at:
   __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
   _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
   send_sigurg+0xcb/0x390 fs/fcntl.c:845
   sk_send_sigurg+0x6b/0xc0 net/core/sock.c:3129
   tcp_check_urg net/ipv4/tcp_input.c:5688 [inline]
   tcp_urg+0x2bc/0xb10 net/ipv4/tcp_input.c:5729
   tcp_rcv_established+0xac5/0x1cb0 net/ipv4/tcp_input.c:6063
   tcp_v6_do_rcv+0x539/0x1180 net/ipv6/tcp_ipv6.c:1526
   sk_backlog_rcv include/net/sock.h:1061 [inline]
   __release_sock+0x1b9/0x420 net/core/sock.c:2725
   release_sock+0x5b/0x1b0 net/core/sock.c:3266
   sk_stream_wait_memory+0x6d8/0xe50 net/core/stream.c:145
   tcp_sendmsg_locked+0x1c9f/0x3590 net/ipv4/tcp.c:1419
   tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1457
   sock_sendmsg_nosec net/socket.c:704 [inline]
   __sock_sendmsg net/socket.c:716 [inline]
   __sys_sendto+0x423/0x580 net/socket.c:2063
   __do_sys_sendto net/socket.c:2075 [inline]
   __se_sys_sendto net/socket.c:2071 [inline]
   __x64_sys_sendto+0xda/0xf0 net/socket.c:2071
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> (&f->f_owner.lock){....}-{2:2} {
   INITIAL USE at:
                   lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
                   __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
                   _raw_write_lock_irq+0x9f/0xe0 kernel/locking/spinlock.c:316
                   __f_setown+0x37/0x330 fs/fcntl.c:91
                   f_setown+0x120/0x1c0 fs/fcntl.c:132
                   do_fcntl+0x192/0x12d0 fs/fcntl.c:387
                   __do_sys_fcntl fs/fcntl.c:466 [inline]
                   __se_sys_fcntl+0xcc/0x190 fs/fcntl.c:451
                   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                   do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
                   entry_SYSCALL_64_after_hwframe+0x66/0xd0
   INITIAL READ USE at:
                        lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
                        __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
                        _raw_read_lock_irqsave+0xac/0xf0 kernel/locking/spinlock.c:236
                        send_sigurg+0x25/0x390 fs/fcntl.c:829
                        sk_send_sigurg+0x6b/0xc0 net/core/sock.c:3129
                        tcp_check_urg net/ipv4/tcp_input.c:5688 [inline]
                        tcp_urg+0x2bc/0xb10 net/ipv4/tcp_input.c:5729
                        tcp_rcv_established+0xac5/0x1cb0 net/ipv4/tcp_input.c:6063
                        tcp_v6_do_rcv+0x539/0x1180 net/ipv6/tcp_ipv6.c:1526
                        sk_backlog_rcv include/net/sock.h:1061 [inline]
                        __release_sock+0x1b9/0x420 net/core/sock.c:2725
                        release_sock+0x5b/0x1b0 net/core/sock.c:3266
                        sk_stream_wait_memory+0x6d8/0xe50 net/core/stream.c:145
                        tcp_sendmsg_locked+0x1c9f/0x3590 net/ipv4/tcp.c:1419
                        tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1457
                        sock_sendmsg_nosec net/socket.c:704 [inline]
                        __sock_sendmsg net/socket.c:716 [inline]
                        __sys_sendto+0x423/0x580 net/socket.c:2063
                        __do_sys_sendto net/socket.c:2075 [inline]
                        __se_sys_sendto net/socket.c:2071 [inline]
                        __x64_sys_sendto+0xda/0xf0 net/socket.c:2071
                        do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                        do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
                        entry_SYSCALL_64_after_hwframe+0x66/0xd0
 }
 ... key      at: [<ffffffff96128ac0>] __alloc_file.__key+0x0/0x10
 ... acquired at:
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
   _raw_read_lock_irqsave+0xac/0xf0 kernel/locking/spinlock.c:236
   send_sigio+0x2f/0x330 fs/fcntl.c:790
   kill_fasync_rcu fs/fcntl.c:1015 [inline]
   kill_fasync+0x20a/0x490 fs/fcntl.c:1029
   __pass_event drivers/input/evdev.c:240 [inline]
   evdev_pass_values+0x54b/0xab0 drivers/input/evdev.c:278
   evdev_events+0x1c0/0x2f0 drivers/input/evdev.c:306
   input_to_handler drivers/input/input.c:126 [inline]
   input_pass_values+0x880/0x1220 drivers/input/input.c:156
   input_handle_event+0xb3f/0x1490 drivers/input/input.c:415
   input_inject_event+0x1b9/0x2c0 drivers/input/input.c:487
   evdev_write+0x326/0x470 drivers/input/evdev.c:530
   vfs_write+0x300/0xd00 fs/read_write.c:592
   ksys_write+0x14d/0x250 fs/read_write.c:647
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x66/0xd0


stack backtrace:
CPU: 0 PID: 4317 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 print_bad_irq_dependency kernel/locking/lockdep.c:2567 [inline]
 check_irq_usage kernel/locking/lockdep.c:2806 [inline]
 check_prev_add kernel/locking/lockdep.c:3057 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire+0x65dd/0x7c60 kernel/locking/lockdep.c:5012
 lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
 _raw_read_lock_irqsave+0xac/0xf0 kernel/locking/spinlock.c:236
 send_sigio+0x2f/0x330 fs/fcntl.c:790
 kill_fasync_rcu fs/fcntl.c:1015 [inline]
 kill_fasync+0x20a/0x490 fs/fcntl.c:1029
 __pass_event drivers/input/evdev.c:240 [inline]
 evdev_pass_values+0x54b/0xab0 drivers/input/evdev.c:278
 evdev_events+0x1c0/0x2f0 drivers/input/evdev.c:306
 input_to_handler drivers/input/input.c:126 [inline]
 input_pass_values+0x880/0x1220 drivers/input/input.c:156
 input_handle_event+0xb3f/0x1490 drivers/input/input.c:415
 input_inject_event+0x1b9/0x2c0 drivers/input/input.c:487
 evdev_write+0x326/0x470 drivers/input/evdev.c:530
 vfs_write+0x300/0xd00 fs/read_write.c:592
 ksys_write+0x14d/0x250 fs/read_write.c:647
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fb33a123be9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb339772038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fb33a35b090 RCX: 00007fb33a123be9
RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000005
RBP: 00007fb33a1a6e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fb33a35b128 R14: 00007fb33a35b090 R15: 00007ffe2137a7d8
 </TASK>

Crashes (446):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/09 13:17 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/04/15 07:59 linux-5.15.y f7347f400572 0bd6db41 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/05/06 04:12 linux-5.15.y 284087d4f7d5 610f2a54 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/11 08:09 linux-5.15.y cdfd0a7f0139 33b9e058 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/10 23:08 linux-5.15.y cdfd0a7f0139 4320ec32 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2023/07/19 08:21 linux-5.15.y d54cfc420586 022df2bb .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/11/05 11:38 linux-5.15.y cc5ec8769306 a6c9c731 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/10/27 17:05 linux-5.15.y ac56c046adf4 fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/10/27 17:05 linux-5.15.y ac56c046adf4 fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/10/22 07:18 linux-5.15.y ac56c046adf4 252fbbad .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/10/19 19:35 linux-5.15.y ac56c046adf4 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/10/13 15:15 linux-5.15.y 29e53a5b1c4f b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/09/29 14:54 linux-5.15.y 43bb85222e53 86341da6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/09/24 08:41 linux-5.15.y 43bb85222e53 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/09/23 21:13 linux-5.15.y 43bb85222e53 e667a34f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/09/22 14:58 linux-5.15.y 43bb85222e53 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/09/04 06:26 linux-5.15.y 01879f56bdde d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/09/02 12:29 linux-5.15.y 01879f56bdde 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/30 03:42 linux-5.15.y 01879f56bdde 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/30 02:16 linux-5.15.y 01879f56bdde 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/26 20:15 linux-5.15.y c79648372d02 e12e5ba4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/24 15:23 linux-5.15.y c79648372d02 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/22 07:57 linux-5.15.y c79648372d02 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/21 17:27 linux-5.15.y c79648372d02 3e79b825 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/20 03:59 linux-5.15.y c79648372d02 79512909 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/19 17:46 linux-5.15.y c79648372d02 254a27c1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/19 06:11 linux-5.15.y c79648372d02 523f460e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/15 05:31 linux-5.15.y c79648372d02 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/14 17:18 linux-5.15.y c79648372d02 5d8c2ac2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/13 19:06 linux-5.15.y c79648372d02 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/12 21:57 linux-5.15.y c79648372d02 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/12 00:15 linux-5.15.y c79648372d02 c06e8995 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/11 22:19 linux-5.15.y c79648372d02 c06e8995 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/11 22:18 linux-5.15.y c79648372d02 c06e8995 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/10 20:42 linux-5.15.y c79648372d02 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/09 16:26 linux-5.15.y c79648372d02 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/08/07 01:57 linux-5.15.y c79648372d02 9a42d6b1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/07/20 03:32 linux-5.15.y c79648372d02 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/07/19 19:41 linux-5.15.y c79648372d02 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/07/17 15:04 linux-5.15.y 89950c454265 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/07/09 11:19 linux-5.15.y 3dea0e7f549e f4e5e155 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/06/26 12:55 linux-5.15.y 1c700860e8bc 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/06/25 22:18 linux-5.15.y 1c700860e8bc 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/06/22 17:57 linux-5.15.y 1c700860e8bc d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/06/20 09:29 linux-5.15.y 1c700860e8bc ed3e87f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/06/19 01:53 linux-5.15.y 1c700860e8bc ed3e87f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/06/14 19:34 linux-5.15.y 1c700860e8bc 5f4b362d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/06/14 02:17 linux-5.15.y 1c700860e8bc 0e8da31f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2025/06/11 15:08 linux-5.15.y 1c700860e8bc 5d7e17ca .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
2024/04/11 07:28 linux-5.15.y cdfd0a7f0139 33b9e058 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in input_event
2023/07/17 14:43 linux-5.15.y d54cfc420586 20f8b3c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in input_event
* Struck through repros no longer work on HEAD.