syzbot |
sign-in | mailing list | source | docs | 🏰 |
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
syzkaller #0 Not tainted
-----------------------------------------------------
syz.0.17/6126 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffff8880528a20c0
(&new->fa_lock){....}-{3:3}, at: kill_fasync_rcu fs/fcntl.c:1124 [inline]
(&new->fa_lock){....}-{3:3}, at: kill_fasync fs/fcntl.c:1148 [inline]
(&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 fs/fcntl.c:1141
and this task is already holding:
ffff88805166c028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff88805166c028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 drivers/input/evdev.c:261
which would create a new lock dependency:
(&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&dev->event_lock#2){..-.}-{3:3}
... which became SOFTIRQ-irq-safe at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline]
input_inject_event+0x9f/0x3b0 drivers/input/input.c:418
__led_set_brightness drivers/leds/led-core.c:52 [inline]
led_set_brightness_nopm drivers/leds/led-core.c:335 [inline]
led_set_brightness_nosleep drivers/leds/led-core.c:369 [inline]
led_set_brightness+0x217/0x290 drivers/leds/led-core.c:328
led_trigger_event drivers/leds/led-triggers.c:420 [inline]
led_trigger_event+0xda/0x270 drivers/leds/led-triggers.c:408
kbd_propagate_led_state drivers/tty/vt/keyboard.c:1073 [inline]
kbd_bh+0x21b/0x300 drivers/tty/vt/keyboard.c:1262
tasklet_action_common+0x281/0x400 kernel/softirq.c:829
handle_softirqs+0x219/0x8e0 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_call_function arch/x86/kernel/smp.c:257 [inline]
sysvec_call_function+0xa4/0xc0 arch/x86/kernel/smp.c:257
asm_sysvec_call_function+0x1a/0x20 arch/x86/include/asm/idtentry.h:710
console_flush_all+0x9a2/0xc60 kernel/printk/printk.c:3227
__console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
console_unlock+0xd8/0x210 kernel/printk/printk.c:3325
console_callback+0x27c/0x4c0 drivers/tty/vt/vt.c:3232
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
to a SOFTIRQ-irq-unsafe lock:
(tasklist_lock){.+.+}-{3:3}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
__do_wait+0x105/0x890 kernel/exit.c:1662
do_wait+0x21e/0x5a0 kernel/exit.c:1706
kernel_wait+0x9f/0x160 kernel/exit.c:1882
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
other info that might help us debug this:
Chain exists of:
&dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(tasklist_lock);
local_irq_disable();
lock(&dev->event_lock#2);
lock(&client->buffer_lock);
<Interrupt>
lock(&dev->event_lock#2);
*** DEADLOCK ***
7 locks held by syz.0.17/6126:
#0: ffff888106cd9118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x206/0x750 drivers/input/evdev.c:511
#1: ffff8881006b8230 (&dev->event_lock#2){..-.}-{3:3}, at: class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline]
#1: ffff8881006b8230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 drivers/input/input.c:418
#2: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#2: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#2: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
#2: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 drivers/input/input.c:419
#3: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#3: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#3: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
#3: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 drivers/input/input.c:118
#4: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#4: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#4: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 drivers/input/evdev.c:298
#5: ffff88805166c028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
#5: ffff88805166c028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 drivers/input/evdev.c:261
#6: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#6: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#6: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: kill_fasync fs/fcntl.c:1147 [inline]
#6: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 fs/fcntl.c:1141
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&dev->event_lock#2){..-.}-{3:3} {
IN-SOFTIRQ-W at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline]
input_inject_event+0x9f/0x3b0 drivers/input/input.c:418
__led_set_brightness drivers/leds/led-core.c:52 [inline]
led_set_brightness_nopm drivers/leds/led-core.c:335 [inline]
led_set_brightness_nosleep drivers/leds/led-core.c:369 [inline]
led_set_brightness+0x217/0x290 drivers/leds/led-core.c:328
led_trigger_event drivers/leds/led-triggers.c:420 [inline]
led_trigger_event+0xda/0x270 drivers/leds/led-triggers.c:408
kbd_propagate_led_state drivers/tty/vt/keyboard.c:1073 [inline]
kbd_bh+0x21b/0x300 drivers/tty/vt/keyboard.c:1262
tasklet_action_common+0x281/0x400 kernel/softirq.c:829
handle_softirqs+0x219/0x8e0 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_call_function arch/x86/kernel/smp.c:257 [inline]
sysvec_call_function+0xa4/0xc0 arch/x86/kernel/smp.c:257
asm_sysvec_call_function+0x1a/0x20 arch/x86/include/asm/idtentry.h:710
console_flush_all+0x9a2/0xc60 kernel/printk/printk.c:3227
__console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
console_unlock+0xd8/0x210 kernel/printk/printk.c:3325
console_callback+0x27c/0x4c0 drivers/tty/vt/vt.c:3232
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline]
input_inject_event+0x9f/0x3b0 drivers/input/input.c:418
__led_set_brightness drivers/leds/led-core.c:52 [inline]
led_set_brightness_nopm drivers/leds/led-core.c:335 [inline]
led_set_brightness_nosleep drivers/leds/led-core.c:369 [inline]
led_set_brightness+0x217/0x290 drivers/leds/led-core.c:328
kbd_led_trigger_activate+0xcb/0x110 drivers/tty/vt/keyboard.c:1029
led_trigger_set+0x59a/0xc50 drivers/leds/led-triggers.c:220
led_match_default_trigger drivers/leds/led-triggers.c:277 [inline]
led_match_default_trigger drivers/leds/led-triggers.c:271 [inline]
led_trigger_set_default drivers/leds/led-triggers.c:300 [inline]
led_trigger_set_default+0x1e0/0x2e0 drivers/leds/led-triggers.c:284
led_classdev_register_ext+0x7b8/0xa10 drivers/leds/led-class.c:565
led_classdev_register include/linux/leds.h:274 [inline]
input_leds_connect+0x552/0x8e0 drivers/input/input-leds.c:145
input_attach_handler.isra.0+0x176/0x250 drivers/input/input.c:993
input_register_device+0xab9/0x1180 drivers/input/input.c:2412
atkbd_connect+0x5f8/0xa40 drivers/input/keyboard/atkbd.c:1340
serio_connect_driver drivers/input/serio/serio.c:43 [inline]
serio_driver_probe+0x7c/0xd0 drivers/input/serio/serio.c:747
call_driver_probe drivers/base/dd.c:581 [inline]
really_probe+0x241/0xa90 drivers/base/dd.c:659
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:801
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:831
__driver_attach+0x283/0x580 drivers/base/dd.c:1217
bus_for_each_dev+0x13e/0x1d0 drivers/base/bus.c:370
serio_attach_driver drivers/input/serio/serio.c:776 [inline]
serio_handle_event+0x335/0xc30 drivers/input/serio/serio.c:213
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
}
... key at: [<ffffffff9b162f60>] __key.7+0x0/0x40
-> (&client->buffer_lock){....}-{3:3} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
evdev_pass_values+0x10e/0x9b0 drivers/input/evdev.c:261
evdev_events+0x1bb/0x390 drivers/input/evdev.c:306
input_pass_values+0x74e/0x880 drivers/input/input.c:127
input_event_dispose drivers/input/input.c:341 [inline]
input_handle_event+0xf00/0x14d0 drivers/input/input.c:369
input_inject_event+0x1e8/0x3b0 drivers/input/input.c:423
evdev_write+0x457/0x750 drivers/input/evdev.c:528
vfs_write+0x29d/0x11d0 fs/read_write.c:684
ksys_write+0x1f8/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9b1633e0>] __key.1+0x0/0x40
... acquired at:
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
evdev_pass_values+0x10e/0x9b0 drivers/input/evdev.c:261
evdev_events+0x1bb/0x390 drivers/input/evdev.c:306
input_pass_values+0x74e/0x880 drivers/input/input.c:127
input_event_dispose drivers/input/input.c:341 [inline]
input_handle_event+0xf00/0x14d0 drivers/input/input.c:369
input_inject_event+0x1e8/0x3b0 drivers/input/input.c:423
evdev_write+0x457/0x750 drivers/input/evdev.c:528
vfs_write+0x29d/0x11d0 fs/read_write.c:684
ksys_write+0x1f8/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{3:3} {
HARDIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
__do_wait+0x105/0x890 kernel/exit.c:1662
do_wait+0x21e/0x5a0 kernel/exit.c:1706
kernel_wait+0x9f/0x160 kernel/exit.c:1882
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
SOFTIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
__do_wait+0x105/0x890 kernel/exit.c:1662
do_wait+0x21e/0x5a0 kernel/exit.c:1706
kernel_wait+0x9f/0x160 kernel/exit.c:1882
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326
copy_process+0x4caf/0x7690 kernel/fork.c:2321
kernel_clone+0xfc/0x930 kernel/fork.c:2605
user_mode_thread+0xc7/0x110 kernel/fork.c:2683
rest_init+0x23/0x2b0 init/main.c:709
start_kernel+0x3ee/0x4d0 init/main.c:1097
x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:307
x86_64_start_kernel+0x130/0x190 arch/x86/kernel/head64.c:288
common_startup_64+0x13e/0x148
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
__do_wait+0x105/0x890 kernel/exit.c:1662
do_wait+0x21e/0x5a0 kernel/exit.c:1706
kernel_wait+0x9f/0x160 kernel/exit.c:1882
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
}
... key at: [<ffffffff8e20c098>] tasklist_lock+0x18/0x40
... acquired at:
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
send_sigio+0xb8/0x3e0 fs/fcntl.c:921
kill_fasync_rcu fs/fcntl.c:1133 [inline]
kill_fasync fs/fcntl.c:1148 [inline]
kill_fasync+0x214/0x510 fs/fcntl.c:1141
lease_break_callback+0x23/0x30 fs/locks.c:558
__break_lease+0x674/0x1810 fs/locks.c:1592
break_lease include/linux/filelock.h:446 [inline]
vfs_truncate+0x4d3/0x6e0 fs/open.c:112
do_sys_truncate fs/open.c:141 [inline]
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x172/0x1e0 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> (&f_owner->lock){....}-{3:3} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326
__f_setown+0x61/0x3c0 fs/fcntl.c:136
generic_add_lease fs/locks.c:1874 [inline]
generic_setlease fs/locks.c:1942 [inline]
generic_setlease+0xef2/0x1300 fs/locks.c:1929
kernel_setlease+0x106/0x140 fs/locks.c:1991
vfs_setlease+0x258/0x2d0 fs/locks.c:2026
do_fcntl_add_lease fs/locks.c:2047 [inline]
fcntl_setlease+0x3ed/0x5a0 fs/locks.c:2069
do_fcntl+0x751/0x15a0 fs/fcntl.c:536
__do_sys_fcntl fs/fcntl.c:591 [inline]
__se_sys_fcntl fs/fcntl.c:576 [inline]
__x64_sys_fcntl+0x163/0x200 fs/fcntl.c:576
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock_irq include/linux/rwlock_api_smp.h:169 [inline]
_raw_read_lock_irq+0x67/0x80 kernel/locking/spinlock.c:244
f_getown+0x57/0x300 fs/fcntl.c:204
sock_ioctl+0x1f2/0x6b0 net/socket.c:1304
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:598 [inline]
__se_sys_ioctl fs/ioctl.c:584 [inline]
__x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:584
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9ae93360>] __key.1+0x0/0x40
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
send_sigio+0x31/0x3e0 fs/fcntl.c:907
kill_fasync_rcu fs/fcntl.c:1133 [inline]
kill_fasync fs/fcntl.c:1148 [inline]
kill_fasync+0x214/0x510 fs/fcntl.c:1141
lease_break_callback+0x23/0x30 fs/locks.c:558
__break_lease+0x674/0x1810 fs/locks.c:1592
break_lease include/linux/filelock.h:446 [inline]
vfs_truncate+0x4d3/0x6e0 fs/open.c:112
do_sys_truncate fs/open.c:141 [inline]
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x172/0x1e0 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> (&new->fa_lock){....}-{3:3} {
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1124 [inline]
kill_fasync fs/fcntl.c:1148 [inline]
kill_fasync+0x138/0x510 fs/fcntl.c:1141
lease_break_callback+0x23/0x30 fs/locks.c:558
__break_lease+0x674/0x1810 fs/locks.c:1592
break_lease include/linux/filelock.h:446 [inline]
vfs_truncate+0x4d3/0x6e0 fs/open.c:112
do_sys_truncate fs/open.c:141 [inline]
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x172/0x1e0 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9ae93320>] __key.0+0x0/0x40
... acquired at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1124 [inline]
kill_fasync fs/fcntl.c:1148 [inline]
kill_fasync+0x138/0x510 fs/fcntl.c:1141
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x619/0x9b0 drivers/input/evdev.c:278
evdev_events+0x1bb/0x390 drivers/input/evdev.c:306
input_pass_values+0x74e/0x880 drivers/input/input.c:127
input_event_dispose drivers/input/input.c:341 [inline]
input_handle_event+0xf00/0x14d0 drivers/input/input.c:369
input_inject_event+0x1e8/0x3b0 drivers/input/input.c:423
evdev_write+0x457/0x750 drivers/input/evdev.c:528
vfs_write+0x29d/0x11d0 fs/read_write.c:684
ksys_write+0x1f8/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
stack backtrace:
CPU: 1 UID: 0 PID: 6126 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_bad_irq_dependency kernel/locking/lockdep.c:2616 [inline]
check_irq_usage+0x7dc/0x920 kernel/locking/lockdep.c:2857
check_prev_add kernel/locking/lockdep.c:3169 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x12bc/0x1ce0 kernel/locking/lockdep.c:5237
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1124 [inline]
kill_fasync fs/fcntl.c:1148 [inline]
kill_fasync+0x138/0x510 fs/fcntl.c:1141
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x619/0x9b0 drivers/input/evdev.c:278
evdev_events+0x1bb/0x390 drivers/input/evdev.c:306
input_pass_values+0x74e/0x880 drivers/input/input.c:127
input_event_dispose drivers/input/input.c:341 [inline]
input_handle_event+0xf00/0x14d0 drivers/input/input.c:369
input_inject_event+0x1e8/0x3b0 drivers/input/input.c:423
evdev_write+0x457/0x750 drivers/input/evdev.c:528
vfs_write+0x29d/0x11d0 fs/read_write.c:684
ksys_write+0x1f8/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f445578ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f445664e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f44559c6090 RCX: 00007f445578ebe9
RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000009
RBP: 00007f4455811e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f44559c6128 R14: 00007f44559c6090 R15: 00007ffc20cd8298
</TASK>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/09/08 18:01 | upstream | 76eeb9b8de98 | d291dd2d | .config | console log | report | syz / log | C | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in input_inject_event | |
| 2025/05/24 20:37 | upstream | 4856ebd99715 | ed351ea7 | .config | console log | report | syz / log | C | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-snapshot-upstream-root | possible deadlock in input_inject_event | |
| 2024/11/27 08:40 | upstream | 7eef7e306d3c | 52b38cc1 | .config | console log | report | syz / log | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in input_inject_event | ||
| 2025/09/11 17:10 | upstream | 02ffd6f89c50 | e2beed91 | .config | console log | report | syz / log | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in input_inject_event | ||
| 2025/05/07 13:12 | upstream | 0d8d44db295c | 350f4ffc | .config | console log | report | syz / log | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-snapshot-upstream-root | possible deadlock in input_inject_event | ||
| 2026/04/20 21:39 | upstream | a5d1079c28a5 | e65da4ee | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2026/04/20 20:34 | upstream | a5d1079c28a5 | e65da4ee | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/20 18:44 | upstream | c1f49dea2b8f | e65da4ee | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/20 15:31 | upstream | c1f49dea2b8f | e65da4ee | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/20 14:31 | upstream | c1f49dea2b8f | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/20 12:22 | upstream | c1f49dea2b8f | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/20 10:57 | upstream | c1f49dea2b8f | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/20 09:04 | upstream | c1f49dea2b8f | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/20 04:23 | upstream | c1f49dea2b8f | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/20 02:24 | upstream | c1f49dea2b8f | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2026/04/19 22:36 | upstream | faeab166167f | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/19 19:06 | upstream | faeab166167f | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/19 13:08 | upstream | faeab166167f | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2026/04/19 11:52 | upstream | faeab166167f | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/19 09:15 | upstream | eb5249b12507 | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/18 22:37 | upstream | eb5249b12507 | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/18 21:12 | upstream | 8541d8f725c6 | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/18 19:35 | upstream | 8541d8f725c6 | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2026/04/18 17:51 | upstream | 8541d8f725c6 | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/18 08:06 | upstream | 8541d8f725c6 | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2026/04/18 07:25 | upstream | 8541d8f725c6 | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/18 05:49 | upstream | 8541d8f725c6 | 5be7a9de | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/17 21:18 | upstream | 43cfbdda5af6 | 24ecfc1e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/17 18:26 | upstream | 43cfbdda5af6 | 24ecfc1e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2026/04/17 17:18 | upstream | 43cfbdda5af6 | 24ecfc1e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/17 11:21 | upstream | 3cd8b194bf34 | de0a551d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2026/04/17 09:23 | upstream | 3cd8b194bf34 | de0a551d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/17 04:59 | upstream | 3cd8b194bf34 | de0a551d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2026/04/17 03:50 | upstream | 3cd8b194bf34 | de0a551d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/17 00:19 | upstream | 1d51b370a0f8 | 321ae225 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/16 22:08 | upstream | 1d51b370a0f8 | 321ae225 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/16 20:48 | upstream | 1d51b370a0f8 | 321ae225 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/16 19:37 | upstream | 1d51b370a0f8 | 321ae225 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/16 16:04 | upstream | 1d51b370a0f8 | 321ae225 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/16 09:46 | upstream | aec2f682d47c | df15c5f3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/16 04:41 | upstream | aec2f682d47c | df15c5f3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/16 04:27 | upstream | aec2f682d47c | df15c5f3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/15 23:43 | upstream | 1f5ffc672165 | c441f497 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/15 22:24 | upstream | 1f5ffc672165 | c441f497 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/15 19:15 | upstream | 1f5ffc672165 | c441f497 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/15 14:20 | upstream | 1f5ffc672165 | c441f497 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2026/04/15 09:37 | upstream | 508fed679541 | e2e976a8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/15 08:31 | upstream | 508fed679541 | e2e976a8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/03/22 15:36 | upstream | 113ae7b4decc | 5b92003d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in input_inject_event | ||
| 2026/03/18 15:28 | upstream | a989fde763f4 | 0199f9a1 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in input_inject_event | ||
| 2025/08/23 09:27 | upstream | 038d61fd6422 | bf27483f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in input_inject_event | ||
| 2024/09/19 15:26 | upstream | 2a17bb8c204f | 6f888b75 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2024/09/03 22:43 | upstream | 88fac17500f4 | 9d47f20a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in input_inject_event | ||
| 2024/08/31 06:52 | upstream | 1934261d8974 | 1eda0d14 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in input_inject_event | ||
| 2026/04/20 15:48 | upstream | c1f49dea2b8f | e65da4ee | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/20 01:08 | upstream | c1f49dea2b8f | 303e2802 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/17 05:50 | upstream | 3cd8b194bf34 | de0a551d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/15 11:03 | upstream | 508fed679541 | e2e976a8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/14 15:22 | upstream | d60bc1401583 | 362d1323 | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in input_inject_event | ||
| 2026/03/12 02:23 | upstream | b29fb8829bff | 2d88ab01 | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | possible deadlock in input_inject_event | ||
| 2026/04/06 01:30 | linux-next | cc13002a9f98 | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2026/03/23 10:31 | linux-next | 785f0eb2f85d | 5b92003d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | possible deadlock in input_inject_event |