syzbot


possible deadlock in input_inject_event

Status: upstream: reported syz repro on 2024/09/27 15:01
Subsystems: fuse usb
[Documentation on labels]
Reported-by: syzbot+79c403850e6816dc39cf@syzkaller.appspotmail.com
First crash: 162d, last: 9h50m
Cause bisection: introduced by (bisect log) :
commit fb09d0ac07725b442b32dbf53f0ab0bea54804e9
Author: lianzhi chang <changlianzhi@uniontech.com>
Date: Wed Dec 15 12:51:25 2021 +0000

  tty: Fix the keyboard led light display problem

Crash: possible deadlock in input_inject_event (log)
Repro: syz .config
  
Discussions (4)
Title Replies (including bot) Last reply
[syzbot] [fs?] possible deadlock in input_inject_event 0 (3) 2024/12/15 02:25
[syzbot] Monthly kernfs report (Nov 2024) 0 (1) 2024/11/15 11:25
[syzbot] Monthly kernfs report (Oct 2024) 0 (1) 2024/10/15 10:07
[syzbot] Monthly input report (Oct 2024) 0 (1) 2024/10/03 09:03

Sample crash report:
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
6.12.0-syzkaller-09567-g7eef7e306d3c #0 Not tainted
-----------------------------------------------------
syz.0.15/6015 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffff88807770f018 (&new->fa_lock){....}-{3:3}, at: kill_fasync_rcu fs/fcntl.c:1121 [inline]
ffff88807770f018 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4f0 fs/fcntl.c:1145

and this task is already holding:
ffff888032183028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff888032183028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xf2/0xad0 drivers/input/evdev.c:261
which would create a new lock dependency:
 (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3}

but this new dependency connects a SOFTIRQ-irq-safe lock:
 (&dev->event_lock#2){..-.}-{3:3}

... which became SOFTIRQ-irq-safe at:
  lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
  __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
  _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
  input_inject_event+0xc5/0x340 drivers/input/input.c:423
  led_trigger_event+0x138/0x210 drivers/leds/led-triggers.c:407
  kbd_propagate_led_state drivers/tty/vt/keyboard.c:1080 [inline]
  kbd_bh+0x1b5/0x290 drivers/tty/vt/keyboard.c:1269
  tasklet_action_common+0x426/0x620 kernel/softirq.c:804
  handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
  run_ksoftirqd+0xca/0x130 kernel/softirq.c:943
  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164
  kthread+0x2f0/0x390 kernel/kthread.c:389
  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

to a SOFTIRQ-irq-unsafe lock:
 (tasklist_lock){.+.+}-{3:3}

... which became SOFTIRQ-irq-unsafe at:
...
  lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
  __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
  _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
  __do_wait+0x12d/0x850 kernel/exit.c:1647
  do_wait+0x1e9/0x560 kernel/exit.c:1691
  kernel_wait+0xe9/0x240 kernel/exit.c:1867
  call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
  call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:163
  process_one_work kernel/workqueue.c:3229 [inline]
  process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
  worker_thread+0x870/0xd30 kernel/workqueue.c:3391
  kthread+0x2f0/0x390 kernel/kthread.c:389
  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

other info that might help us debug this:

Chain exists of:
  &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(tasklist_lock);
                               local_irq_disable();
                               lock(&dev->event_lock#2);
                               lock(&client->buffer_lock);
  <Interrupt>
    lock(&dev->event_lock#2);

 *** DEADLOCK ***

7 locks held by syz.0.15/6015:
 #0: ffff88802a001118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x25e/0x790 drivers/input/evdev.c:511
 #1: ffff888020738230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xc5/0x340 drivers/input/input.c:423
 #2: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #2: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #2: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xd6/0x340 drivers/input/input.c:425
 #3: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #3: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #3: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8e/0x890 drivers/input/input.c:118
 #4: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #4: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #4: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x6f/0x300 drivers/input/evdev.c:298
 #5: ffff888032183028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #5: ffff888032183028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xf2/0xad0 drivers/input/evdev.c:261
 #6: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #6: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #6: ffffffff8e93c520 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x54/0x4f0 fs/fcntl.c:1144

the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
 -> (&dev->event_lock#2){..-.}-{3:3} {
    IN-SOFTIRQ-W at:
                      lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
                      __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                      _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
                      input_inject_event+0xc5/0x340 drivers/input/input.c:423
                      led_trigger_event+0x138/0x210 drivers/leds/led-triggers.c:407
                      kbd_propagate_led_state drivers/tty/vt/keyboard.c:1080 [inline]
                      kbd_bh+0x1b5/0x290 drivers/tty/vt/keyboard.c:1269
                      tasklet_action_common+0x426/0x620 kernel/softirq.c:804
                      handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
                      run_ksoftirqd+0xca/0x130 kernel/softirq.c:943
                      smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164
                      kthread+0x2f0/0x390 kernel/kthread.c:389
                      ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
                      ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
    INITIAL USE at:
                     lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
                     __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                     _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
                     input_inject_event+0xc5/0x340 drivers/input/input.c:423
                     kbd_led_trigger_activate+0xb8/0x100 drivers/tty/vt/keyboard.c:1036
                     led_trigger_set+0x582/0x9c0 drivers/leds/led-triggers.c:212
                     led_match_default_trigger drivers/leds/led-triggers.c:269 [inline]
                     led_trigger_set_default+0x229/0x260 drivers/leds/led-triggers.c:287
                     led_classdev_register_ext+0x732/0x8e0 drivers/leds/led-class.c:566
                     led_classdev_register include/linux/leds.h:274 [inline]
                     input_leds_connect+0x489/0x630 drivers/input/input-leds.c:145
                     input_attach_handler drivers/input/input.c:1032 [inline]
                     input_register_device+0xd3b/0x1110 drivers/input/input.c:2475
                     atkbd_connect+0x762/0xa20 drivers/input/keyboard/atkbd.c:1340
                     serio_connect_driver drivers/input/serio/serio.c:43 [inline]
                     serio_driver_probe+0x7f/0xa0 drivers/input/serio/serio.c:747
                     really_probe+0x2b8/0xad0 drivers/base/dd.c:658
                     __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800
                     driver_probe_device+0x50/0x430 drivers/base/dd.c:830
                     __driver_attach+0x45f/0x710 drivers/base/dd.c:1216
                     bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:370
                     serio_attach_driver drivers/input/serio/serio.c:776 [inline]
                     serio_handle_event+0x1c7/0x920 drivers/input/serio/serio.c:213
                     process_one_work kernel/workqueue.c:3229 [inline]
                     process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
                     worker_thread+0x870/0xd30 kernel/workqueue.c:3391
                     kthread+0x2f0/0x390 kernel/kthread.c:389
                     ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
                     ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
  }
  ... key      at: [<ffffffff9a771300>] input_allocate_device.__key.5+0x0/0x20
-> (&client->buffer_lock){....}-{3:3} {
   INITIAL USE at:
                   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
                   __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
                   _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
                   spin_lock include/linux/spinlock.h:351 [inline]
                   evdev_pass_values+0xf2/0xad0 drivers/input/evdev.c:261
                   evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
                   input_pass_values+0x268/0x890 drivers/input/input.c:126
                   input_event_dispose+0x30f/0x600 drivers/input/input.c:341
                   input_handle_event+0xa71/0xbe0 drivers/input/input.c:369
                   input_inject_event+0x22f/0x340 drivers/input/input.c:428
                   evdev_write+0x5fd/0x790 drivers/input/evdev.c:528
                   vfs_write+0x2a3/0xd30 fs/read_write.c:677
                   ksys_write+0x18f/0x2b0 fs/read_write.c:731
                   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
                   do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
                   entry_SYSCALL_64_after_hwframe+0x77/0x7f
 }
 ... key      at: [<ffffffff9a7715a0>] evdev_open.__key.24+0x0/0x20
 ... acquired at:
   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
   __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
   _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
   spin_lock include/linux/spinlock.h:351 [inline]
   evdev_pass_values+0xf2/0xad0 drivers/input/evdev.c:261
   evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
   input_pass_values+0x268/0x890 drivers/input/input.c:126
   input_event_dispose+0x30f/0x600 drivers/input/input.c:341
   input_handle_event+0xa71/0xbe0 drivers/input/input.c:369
   input_inject_event+0x22f/0x340 drivers/input/input.c:428
   evdev_write+0x5fd/0x790 drivers/input/evdev.c:528
   vfs_write+0x2a3/0xd30 fs/read_write.c:677
   ksys_write+0x18f/0x2b0 fs/read_write.c:731
   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
   do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
   entry_SYSCALL_64_after_hwframe+0x77/0x7f


the dependencies between the lock to be acquired
 and SOFTIRQ-irq-unsafe lock:
  -> (tasklist_lock){.+.+}-{3:3} {
     HARDIRQ-ON-R at:
                        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
                        __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
                        _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
                        __do_wait+0x12d/0x850 kernel/exit.c:1647
                        do_wait+0x1e9/0x560 kernel/exit.c:1691
                        kernel_wait+0xe9/0x240 kernel/exit.c:1867
                        call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
                        call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:163
                        process_one_work kernel/workqueue.c:3229 [inline]
                        process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
                        worker_thread+0x870/0xd30 kernel/workqueue.c:3391
                        kthread+0x2f0/0x390 kernel/kthread.c:389
                        ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
                        ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
     SOFTIRQ-ON-R at:
                        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
                        __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
                        _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
                        __do_wait+0x12d/0x850 kernel/exit.c:1647
                        do_wait+0x1e9/0x560 kernel/exit.c:1691
                        kernel_wait+0xe9/0x240 kernel/exit.c:1867
                        call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
                        call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:163
                        process_one_work kernel/workqueue.c:3229 [inline]
                        process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
                        worker_thread+0x870/0xd30 kernel/workqueue.c:3391
                        kthread+0x2f0/0x390 kernel/kthread.c:389
                        ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
                        ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
     INITIAL USE at:
                       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
                       __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
                       _raw_write_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:326
                       copy_process+0x2267/0x3d50 kernel/fork.c:2503
                       kernel_clone+0x223/0x880 kernel/fork.c:2787
                       user_mode_thread+0x132/0x1a0 kernel/fork.c:2865
                       rest_init+0x23/0x300 init/main.c:712
                       start_kernel+0x47f/0x500 init/main.c:1102
                       x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:507
                       x86_64_start_kernel+0x9f/0xa0 arch/x86/kernel/head64.c:488
                       common_startup_64+0x13e/0x147
     INITIAL READ USE at:
                            lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
                            __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
                            _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
                            __do_wait+0x12d/0x850 kernel/exit.c:1647
                            do_wait+0x1e9/0x560 kernel/exit.c:1691
                            kernel_wait+0xe9/0x240 kernel/exit.c:1867
                            call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
                            call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:163
                            process_one_work kernel/workqueue.c:3229 [inline]
                            process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
                            worker_thread+0x870/0xd30 kernel/workqueue.c:3391
                            kthread+0x2f0/0x390 kernel/kthread.c:389
                            ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
                            ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
   }
   ... key      at: [<ffffffff8e60b058>] tasklist_lock+0x18/0x40
   ... acquired at:
   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
   __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
   _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
   send_sigio+0x108/0x390 fs/fcntl.c:918
   kill_fasync_rcu fs/fcntl.c:1130 [inline]
   kill_fasync+0x256/0x4f0 fs/fcntl.c:1145
   lease_break_callback+0x26/0x30 fs/locks.c:558
   __break_lease+0x6d5/0x1820 fs/locks.c:1592
   vfs_truncate+0x26b/0x3b0 fs/open.c:105
   do_sys_truncate+0xdb/0x190 fs/open.c:134
   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
   do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
   entry_SYSCALL_64_after_hwframe+0x77/0x7f

 -> (&f_owner->lock){....}-{3:3} {
    INITIAL USE at:
                     lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
                     __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
                     _raw_write_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:326
                     __f_setown+0x6b/0x380 fs/fcntl.c:136
                     generic_add_lease fs/locks.c:1874 [inline]
                     generic_setlease+0xc74/0x1550 fs/locks.c:1942
                     do_fcntl_add_lease fs/locks.c:2047 [inline]
                     fcntl_setlease+0x404/0x540 fs/locks.c:2069
                     do_fcntl+0x6c6/0x1a80 fs/fcntl.c:533
                     __do_sys_fcntl fs/fcntl.c:588 [inline]
                     __se_sys_fcntl+0xd2/0x1e0 fs/fcntl.c:573
                     do_syscall_x64 arch/x86/entry/common.c:52 [inline]
                     do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
    INITIAL READ USE at:
                          lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
                          __raw_read_lock_irq include/linux/rwlock_api_smp.h:169 [inline]
                          _raw_read_lock_irq+0xda/0x120 kernel/locking/spinlock.c:244
                          f_getown+0x55/0x2a0 fs/fcntl.c:204
                          sock_ioctl+0x498/0x8e0 net/socket.c:1275
                          vfs_ioctl fs/ioctl.c:51 [inline]
                          __do_sys_ioctl fs/ioctl.c:906 [inline]
                          __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
                          do_syscall_x64 arch/x86/entry/common.c:52 [inline]
                          do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
                          entry_SYSCALL_64_after_hwframe+0x77/0x7f
  }
  ... key      at: [<ffffffff9a461fc0>] file_f_owner_allocate.__key+0x0/0x20
  ... acquired at:
   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
   _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236
   send_sigio+0x37/0x390 fs/fcntl.c:904
   kill_fasync_rcu fs/fcntl.c:1130 [inline]
   kill_fasync+0x256/0x4f0 fs/fcntl.c:1145
   lease_break_callback+0x26/0x30 fs/locks.c:558
   __break_lease+0x6d5/0x1820 fs/locks.c:1592
   vfs_truncate+0x26b/0x3b0 fs/open.c:105
   do_sys_truncate+0xdb/0x190 fs/open.c:134
   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
   do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
   entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> (&new->fa_lock){....}-{3:3} {
   INITIAL READ USE at:
                        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
                        __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
                        _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236
                        kill_fasync_rcu fs/fcntl.c:1121 [inline]
                        kill_fasync+0x199/0x4f0 fs/fcntl.c:1145
                        lease_break_callback+0x26/0x30 fs/locks.c:558
                        __break_lease+0x6d5/0x1820 fs/locks.c:1592
                        vfs_truncate+0x26b/0x3b0 fs/open.c:105
                        do_sys_truncate+0xdb/0x190 fs/open.c:134
                        do_syscall_x64 arch/x86/entry/common.c:52 [inline]
                        do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
                        entry_SYSCALL_64_after_hwframe+0x77/0x7f
 }
 ... key      at: [<ffffffff9a461fe0>] fasync_insert_entry.__key+0x0/0x20
 ... acquired at:
   lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
   _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236
   kill_fasync_rcu fs/fcntl.c:1121 [inline]
   kill_fasync+0x199/0x4f0 fs/fcntl.c:1145
   __pass_event drivers/input/evdev.c:240 [inline]
   evdev_pass_values+0x58a/0xad0 drivers/input/evdev.c:278
   evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
   input_pass_values+0x268/0x890 drivers/input/input.c:126
   input_event_dispose+0x30f/0x600 drivers/input/input.c:341
   input_handle_event+0xa71/0xbe0 drivers/input/input.c:369
   input_inject_event+0x22f/0x340 drivers/input/input.c:428
   evdev_write+0x5fd/0x790 drivers/input/evdev.c:528
   vfs_write+0x2a3/0xd30 fs/read_write.c:677
   ksys_write+0x18f/0x2b0 fs/read_write.c:731
   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
   do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
   entry_SYSCALL_64_after_hwframe+0x77/0x7f


stack backtrace:
CPU: 0 UID: 0 PID: 6015 Comm: syz.0.15 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_bad_irq_dependency kernel/locking/lockdep.c:2647 [inline]
 check_irq_usage kernel/locking/lockdep.c:2888 [inline]
 check_prev_add kernel/locking/lockdep.c:3165 [inline]
 check_prevs_add kernel/locking/lockdep.c:3280 [inline]
 validate_chain+0x4ebd/0x5920 kernel/locking/lockdep.c:3904
 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
 _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236
 kill_fasync_rcu fs/fcntl.c:1121 [inline]
 kill_fasync+0x199/0x4f0 fs/fcntl.c:1145
 __pass_event drivers/input/evdev.c:240 [inline]
 evdev_pass_values+0x58a/0xad0 drivers/input/evdev.c:278
 evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
 input_pass_values+0x268/0x890 drivers/input/input.c:126
 input_event_dispose+0x30f/0x600 drivers/input/input.c:341
 input_handle_event+0xa71/0xbe0 drivers/input/input.c:369
 input_inject_event+0x22f/0x340 drivers/input/input.c:428
 evdev_write+0x5fd/0x790 drivers/input/evdev.c:528
 vfs_write+0x2a3/0xd30 fs/read_write.c:677
 ksys_write+0x18f/0x2b0 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f773f380809
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f77401d2058 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f773f546080 RCX: 00007f773f380809
RDX: 0000000000001068 RSI: 0000000020000040 RDI: 0000000000000009
RBP: 00007f773f3f393e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f773f546080 R15: 00007ffc372f3228
 </TASK>

Crashes (569):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/27 08:40 upstream 7eef7e306d3c 52b38cc1 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in input_inject_event
2025/01/19 01:24 upstream fda5e3f28400 f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in input_inject_event
2025/01/16 23:43 upstream ce69b4019001 f9e07a6e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in input_inject_event
2025/01/16 15:50 upstream 619f0b6fad52 968edaf4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in input_inject_event
2025/01/12 06:29 upstream b62cef9a5c67 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in input_inject_event
2025/01/11 18:56 upstream 77a903cd8e5a 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in input_inject_event
2025/01/11 17:39 upstream 77a903cd8e5a 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/11 13:26 upstream e0daef7de1ac 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in input_inject_event
2025/01/11 03:52 upstream e0daef7de1ac 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in input_inject_event
2025/01/11 01:59 upstream f8c6263347e1 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/10 23:38 upstream f8c6263347e1 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in input_inject_event
2025/01/10 18:35 upstream 2144da25584e 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/10 16:28 upstream 2144da25584e 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/10 15:47 upstream 2144da25584e 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/10 14:32 upstream 2144da25584e 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/10 03:39 upstream eea6e4b4dfb8 40f46913 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/10 00:55 upstream eea6e4b4dfb8 40f46913 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/09 21:51 upstream 643e2e259c2b 40f46913 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in input_inject_event
2025/01/09 17:20 upstream eea6e4b4dfb8 40f46913 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in input_inject_event
2025/01/09 16:06 upstream eea6e4b4dfb8 40f46913 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in input_inject_event
2025/01/09 08:45 upstream eea6e4b4dfb8 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in input_inject_event
2025/01/09 06:22 upstream 0b7958fa05d5 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in input_inject_event
2025/01/09 01:37 upstream 0b7958fa05d5 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/08 21:07 upstream 0b7958fa05d5 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/08 19:21 upstream 0b7958fa05d5 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in input_inject_event
2025/01/08 16:16 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/08 11:52 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/08 10:03 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/07 20:14 upstream fbfd64d25c7a f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/07 17:29 upstream fbfd64d25c7a f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in input_inject_event
2025/01/07 16:10 upstream fbfd64d25c7a f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/07 15:04 upstream fbfd64d25c7a f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/07 11:17 upstream fbfd64d25c7a f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2025/01/07 07:34 upstream fbfd64d25c7a f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in input_inject_event
2025/01/07 04:30 upstream 5428dc1906dd f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce possible deadlock in input_inject_event
2024/09/19 15:26 upstream 2a17bb8c204f 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in input_inject_event
2024/09/03 22:43 upstream 88fac17500f4 9d47f20a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in input_inject_event
2024/08/31 06:52 upstream 1934261d8974 1eda0d14 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in input_inject_event
2025/02/04 22:48 upstream d009de7d5428 4baca3d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2025/02/04 19:03 upstream 0de63bb7d919 4baca3d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2025/02/04 06:24 upstream 0de63bb7d919 8f267cef .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2025/02/04 04:01 upstream 0de63bb7d919 a21a8419 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2025/02/03 14:07 upstream 2014c95afece a21a8419 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2025/02/02 14:42 upstream 69e858e0b8b2 568559e4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2025/02/02 08:59 upstream 69e858e0b8b2 568559e4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2025/02/02 08:58 upstream 69e858e0b8b2 568559e4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2025/01/08 14:44 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2025/01/08 09:00 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2025/01/08 05:06 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2025/01/08 02:02 upstream fbfd64d25c7a f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2025/01/07 05:58 upstream fbfd64d25c7a f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2025/01/07 01:27 upstream 5428dc1906dd f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 possible deadlock in input_inject_event
2024/11/26 12:02 upstream 7eef7e306d3c e9a9a9f2 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in input_inject_event
2025/02/02 10:54 upstream 69e858e0b8b2 568559e4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in input_inject_event
2025/02/09 20:54 linux-next ed58d103e6da ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in input_inject_event
2025/02/09 18:28 linux-next ed58d103e6da ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in input_inject_event
2025/02/06 22:06 linux-next 808eb958781e 53657d1b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in input_inject_event
2025/02/05 20:47 linux-next ed88b8b82c53 577d049b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in input_inject_event
2025/02/04 19:06 linux-next 40b8e93e17bf 4baca3d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in input_inject_event
* Struck through repros no longer work on HEAD.