syzbot |
sign-in | mailing list | source | docs | 🏰 |
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
syzkaller #0 Tainted: G L
-----------------------------------------------------
syz.3.5416/27979 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff8e40c058 (tasklist_lock){.+.+}-{3:3}, at: send_sigio+0x101/0x370 fs/fcntl.c:932
and this task is already holding:
ffff88807ebf29a0 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x38/0x370 fs/fcntl.c:918
which would create a new lock dependency:
(&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&client->buffer_lock){..-.}-{3:3}
... which became SOFTIRQ-irq-safe at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:341 [inline]
evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x3e5/0x6b0 drivers/input/input.c:353
input_event+0x89/0xe0 drivers/input/input.c:396
hidinput_hid_event+0x14cb/0x1ed0 drivers/hid/hid-input.c:1754
hid_process_event+0x4be/0x620 drivers/hid/hid-core.c:1565
hid_process_report drivers/hid/hid-core.c:1713 [inline]
hid_report_raw_event+0xec2/0x1730 drivers/hid/hid-core.c:2075
__hid_input_report drivers/hid/hid-core.c:2145 [inline]
hid_input_report+0x44b/0x580 drivers/hid/hid-core.c:2167
hid_irq_in+0x47e/0x6d0 drivers/hid/usbhid/hid-core.c:286
__usb_hcd_giveback_urb+0x376/0x540 drivers/usb/core/hcd.c:1657
dummy_timer+0xbbd/0x4650 drivers/usb/gadget/udc/dummy_hcd.c:2005
__run_hrtimer kernel/time/hrtimer.c:1785 [inline]
__hrtimer_run_queues+0x53a/0xcc0 kernel/time/hrtimer.c:1849
hrtimer_run_softirq+0x182/0x5a0 kernel/time/hrtimer.c:1866
handle_softirqs+0x22a/0x870 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
__asan_memset+0x22/0x50 mm/kasan/shadow.c:84
unwind_next_frame+0xeae/0x23c0 arch/x86/kernel/unwind_orc.c:607
__unwind_start+0x5b8/0x760 arch/x86/kernel/unwind_orc.c:773
unwind_start arch/x86/include/asm/unwind.h:64 [inline]
arch_stack_walk+0xe3/0x150 arch/x86/kernel/stacktrace.c:24
stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
save_stack+0x122/0x230 mm/page_owner.c:165
__reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
reset_page_owner include/linux/page_owner.h:25 [inline]
__free_pages_prepare mm/page_alloc.c:1433 [inline]
free_unref_folios+0xed5/0x16d0 mm/page_alloc.c:3040
folios_put_refs+0x789/0x8d0 mm/swap.c:1002
free_pages_and_swap_cache+0x2e7/0x5b0 mm/swap_state.c:423
__tlb_batch_free_encoded_pages mm/mmu_gather.c:138 [inline]
tlb_batch_pages_flush mm/mmu_gather.c:151 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:398 [inline]
tlb_flush_mmu+0x6d3/0xa30 mm/mmu_gather.c:405
tlb_finish_mmu+0xf9/0x230 mm/mmu_gather.c:530
exit_mmap+0x498/0xa10 mm/mmap.c:1315
__mmput+0x118/0x430 kernel/fork.c:1175
exit_mm+0x168/0x220 kernel/exit.c:581
do_exit+0x6a2/0x23c0 kernel/exit.c:964
do_group_exit+0x21b/0x2d0 kernel/exit.c:1118
__do_sys_exit_group kernel/exit.c:1129 [inline]
__se_sys_exit_group kernel/exit.c:1127 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1127
x64_sys_call+0x221a/0x2240 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
to a SOFTIRQ-irq-unsafe lock:
(tasklist_lock){.+.+}-{3:3}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:161 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0xde/0x740 kernel/exit.c:1678
do_wait+0x1e7/0x540 kernel/exit.c:1722
kernel_wait+0xd6/0x1c0 kernel/exit.c:1898
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3288 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3371
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3452
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
other info that might help us debug this:
Chain exists of:
&client->buffer_lock --> &f_owner->lock --> tasklist_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(tasklist_lock);
local_irq_disable();
lock(&client->buffer_lock);
lock(&f_owner->lock);
<Interrupt>
lock(&client->buffer_lock);
*** DEADLOCK ***
5 locks held by syz.3.5416/27979:
#0: ffff88802c9aa420 (sb_writers#5){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 fs/namespace.c:493
#1: ffff888056a0e608 (&type->i_mutex_dir_key#5){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline]
#1: ffff888056a0e608 (&type->i_mutex_dir_key#5){++++}-{4:4}, at: open_last_lookups fs/namei.c:4608 [inline]
#1: ffff888056a0e608 (&type->i_mutex_dir_key#5){++++}-{4:4}, at: path_openat+0xb4c/0x3860 fs/namei.c:4855
#2: ffffffff9a2fe7f8 (&fsnotify_mark_srcu){.+.?}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:187 [inline]
#2: ffffffff9a2fe7f8 (&fsnotify_mark_srcu){.+.?}-{0:0}, at: srcu_read_lock include/linux/srcu.h:294 [inline]
#2: ffffffff9a2fe7f8 (&fsnotify_mark_srcu){.+.?}-{0:0}, at: fsnotify+0x74c/0x1ae0 fs/notify/fsnotify.c:563
#3: ffff888035c83808 (&mark->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:341 [inline]
#3: ffff888035c83808 (&mark->lock){+.+.}-{3:3}, at: dnotify_handle_event+0x62/0x440 fs/notify/dnotify/dnotify.c:105
#4: ffff88807ebf29a0 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x38/0x370 fs/fcntl.c:918
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&client->buffer_lock){..-.}-{3:3} {
IN-SOFTIRQ-W at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:341 [inline]
evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x3e5/0x6b0 drivers/input/input.c:353
input_event+0x89/0xe0 drivers/input/input.c:396
hidinput_hid_event+0x14cb/0x1ed0 drivers/hid/hid-input.c:1754
hid_process_event+0x4be/0x620 drivers/hid/hid-core.c:1565
hid_process_report drivers/hid/hid-core.c:1713 [inline]
hid_report_raw_event+0xec2/0x1730 drivers/hid/hid-core.c:2075
__hid_input_report drivers/hid/hid-core.c:2145 [inline]
hid_input_report+0x44b/0x580 drivers/hid/hid-core.c:2167
hid_irq_in+0x47e/0x6d0 drivers/hid/usbhid/hid-core.c:286
__usb_hcd_giveback_urb+0x376/0x540 drivers/usb/core/hcd.c:1657
dummy_timer+0xbbd/0x4650 drivers/usb/gadget/udc/dummy_hcd.c:2005
__run_hrtimer kernel/time/hrtimer.c:1785 [inline]
__hrtimer_run_queues+0x53a/0xcc0 kernel/time/hrtimer.c:1849
hrtimer_run_softirq+0x182/0x5a0 kernel/time/hrtimer.c:1866
handle_softirqs+0x22a/0x870 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
__asan_memset+0x22/0x50 mm/kasan/shadow.c:84
unwind_next_frame+0xeae/0x23c0 arch/x86/kernel/unwind_orc.c:607
__unwind_start+0x5b8/0x760 arch/x86/kernel/unwind_orc.c:773
unwind_start arch/x86/include/asm/unwind.h:64 [inline]
arch_stack_walk+0xe3/0x150 arch/x86/kernel/stacktrace.c:24
stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
save_stack+0x122/0x230 mm/page_owner.c:165
__reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
reset_page_owner include/linux/page_owner.h:25 [inline]
__free_pages_prepare mm/page_alloc.c:1433 [inline]
free_unref_folios+0xed5/0x16d0 mm/page_alloc.c:3040
folios_put_refs+0x789/0x8d0 mm/swap.c:1002
free_pages_and_swap_cache+0x2e7/0x5b0 mm/swap_state.c:423
__tlb_batch_free_encoded_pages mm/mmu_gather.c:138 [inline]
tlb_batch_pages_flush mm/mmu_gather.c:151 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:398 [inline]
tlb_flush_mmu+0x6d3/0xa30 mm/mmu_gather.c:405
tlb_finish_mmu+0xf9/0x230 mm/mmu_gather.c:530
exit_mmap+0x498/0xa10 mm/mmap.c:1315
__mmput+0x118/0x430 kernel/fork.c:1175
exit_mm+0x168/0x220 kernel/exit.c:581
do_exit+0x6a2/0x23c0 kernel/exit.c:964
do_group_exit+0x21b/0x2d0 kernel/exit.c:1118
__do_sys_exit_group kernel/exit.c:1129 [inline]
__se_sys_exit_group kernel/exit.c:1127 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1127
x64_sys_call+0x221a/0x2240 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:341 [inline]
evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x330/0x6b0 drivers/input/input.c:342
input_inject_event+0x1dd/0x340 drivers/input/input.c:424
evdev_write+0x325/0x4c0 drivers/input/evdev.c:528
vfs_write+0x29a/0xb90 fs/read_write.c:686
ksys_write+0x150/0x270 fs/read_write.c:740
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9a61b000>] evdev_open.__key.27+0x0/0x20
-> (&new->fa_lock){...-}-{3:3} {
IN-SOFTIRQ-R at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:172 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1135 [inline]
kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
sock_wake_async+0x137/0x160 net/socket.c:-1
sk_wake_async_rcu include/net/sock.h:2579 [inline]
sock_def_readable+0x3c1/0x580 net/core/sock.c:3613
tcp_data_queue+0x1e2e/0x5e50 net/ipv4/tcp_input.c:5714
tcp_rcv_established+0xf45/0x2740 net/ipv4/tcp_input.c:6708
tcp_v4_do_rcv+0xa90/0x1430 net/ipv4/tcp_ipv4.c:1884
tcp_v4_rcv+0x2825/0x31f0 net/ipv4/tcp_ipv4.c:2319
ip_protocol_deliver_rcu+0x221/0x440 net/ipv4/ip_input.c:207
ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:241
NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318
NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318
__netif_receive_skb_one_core net/core/dev.c:6181 [inline]
__netif_receive_skb net/core/dev.c:6294 [inline]
process_backlog+0xaa3/0x1950 net/core/dev.c:6645
__napi_poll+0xae/0x340 net/core/dev.c:7709
napi_poll net/core/dev.c:7772 [inline]
net_rx_action+0x627/0xf70 net/core/dev.c:7929
handle_softirqs+0x22a/0x870 kernel/softirq.c:622
do_softirq+0x76/0xd0 kernel/softirq.c:523
__local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450
sk_stream_wait_memory+0x72b/0xf80 net/core/stream.c:149
tcp_sendmsg_locked+0x23ba/0x5490 net/ipv4/tcp.c:1418
tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1465
sock_sendmsg_nosec net/socket.c:792 [inline]
__sock_sendmsg net/socket.c:807 [inline]
__sys_sendto+0x5de/0x710 net/socket.c:2271
__do_sys_sendto net/socket.c:2278 [inline]
__se_sys_sendto net/socket.c:2274 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2274
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_write_lock_irq include/linux/rwlock_api_smp.h:211 [inline]
_raw_write_lock_irq+0x3d/0x50 kernel/locking/spinlock.c:326
fasync_remove_entry+0xf1/0x1c0 fs/fcntl.c:1012
sock_fasync+0x85/0xf0 net/socket.c:1545
__fput+0x8a5/0xa70 fs/file_table.c:466
task_work_run+0x1d9/0x270 kernel/task_work.c:233
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
__exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
exit_to_user_mode_loop+0xed/0x480 kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
do_syscall_64+0x32d/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL READ USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:172 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1135 [inline]
kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
lease_break_callback+0x26/0x30 fs/locks.c:577
__break_lease+0x81c/0x1e80 fs/locks.c:1657
break_deleg include/linux/filelock.h:504 [inline]
try_break_deleg include/linux/filelock.h:523 [inline]
vfs_unlink+0x561/0x6c0 fs/namei.c:5492
filename_unlinkat+0x3cd/0x610 fs/namei.c:5568
__do_sys_unlink fs/namei.c:5603 [inline]
__se_sys_unlink+0x2e/0x140 fs/namei.c:5600
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9a2fb700>] fasync_insert_entry.__key+0x0/0x20
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:172 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1135 [inline]
kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x330/0x6b0 drivers/input/input.c:342
input_inject_event+0x1dd/0x340 drivers/input/input.c:424
evdev_write+0x325/0x4c0 drivers/input/evdev.c:528
vfs_write+0x29a/0xb90 fs/read_write.c:686
ksys_write+0x150/0x270 fs/read_write.c:740
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> (&f_owner->lock){....}-{3:3} {
INITIAL USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_write_lock_irq include/linux/rwlock_api_smp.h:211 [inline]
_raw_write_lock_irq+0x3d/0x50 kernel/locking/spinlock.c:326
__f_setown+0x67/0x370 fs/fcntl.c:136
generic_add_lease fs/locks.c:1908 [inline]
generic_setlease+0xacf/0xff0 fs/locks.c:1984
do_fcntl_add_lease+0x35e/0x470 fs/locks.c:2086
fcntl_setdeleg+0x14c/0x1e0 fs/locks.c:2132
do_fcntl+0xe6d/0x1a20 fs/fcntl.c:564
__do_sys_fcntl fs/fcntl.c:602 [inline]
__se_sys_fcntl+0xc8/0x150 fs/fcntl.c:587
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL READ USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:172 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
send_sigio+0x38/0x370 fs/fcntl.c:918
kill_fasync_rcu fs/fcntl.c:1144 [inline]
kill_fasync+0x24d/0x4d0 fs/fcntl.c:1159
lease_break_callback+0x26/0x30 fs/locks.c:577
__break_lease+0x81c/0x1e80 fs/locks.c:1657
break_deleg include/linux/filelock.h:504 [inline]
try_break_deleg include/linux/filelock.h:523 [inline]
vfs_unlink+0x561/0x6c0 fs/namei.c:5492
filename_unlinkat+0x3cd/0x610 fs/namei.c:5568
__do_sys_unlink fs/namei.c:5603 [inline]
__se_sys_unlink+0x2e/0x140 fs/namei.c:5600
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9a2fb6e0>] file_f_owner_allocate.__key+0x0/0x20
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:172 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
send_sigio+0x38/0x370 fs/fcntl.c:918
kill_fasync_rcu fs/fcntl.c:1144 [inline]
kill_fasync+0x24d/0x4d0 fs/fcntl.c:1159
lease_break_callback+0x26/0x30 fs/locks.c:577
__break_lease+0x81c/0x1e80 fs/locks.c:1657
break_deleg include/linux/filelock.h:504 [inline]
try_break_deleg include/linux/filelock.h:523 [inline]
vfs_unlink+0x561/0x6c0 fs/namei.c:5492
filename_unlinkat+0x3cd/0x610 fs/namei.c:5568
__do_sys_unlink fs/namei.c:5603 [inline]
__se_sys_unlink+0x2e/0x140 fs/namei.c:5600
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{3:3} {
HARDIRQ-ON-R at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:161 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0xde/0x740 kernel/exit.c:1678
do_wait+0x1e7/0x540 kernel/exit.c:1722
kernel_wait+0xd6/0x1c0 kernel/exit.c:1898
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3288 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3371
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3452
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
SOFTIRQ-ON-R at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:161 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0xde/0x740 kernel/exit.c:1678
do_wait+0x1e7/0x540 kernel/exit.c:1722
kernel_wait+0xd6/0x1c0 kernel/exit.c:1898
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3288 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3371
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3452
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INITIAL USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_write_lock_irq include/linux/rwlock_api_smp.h:211 [inline]
_raw_write_lock_irq+0x3d/0x50 kernel/locking/spinlock.c:326
copy_process+0x247a/0x3cd0 kernel/fork.c:2369
kernel_clone+0x248/0x8e0 kernel/fork.c:2653
user_mode_thread+0x110/0x180 kernel/fork.c:2729
rest_init+0x23/0x300 init/main.c:725
start_kernel+0x385/0x3d0 init/main.c:1210
x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291
common_startup_64+0x13e/0x147
INITIAL READ USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:161 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0xde/0x740 kernel/exit.c:1678
do_wait+0x1e7/0x540 kernel/exit.c:1722
kernel_wait+0xd6/0x1c0 kernel/exit.c:1898
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3288 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3371
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3452
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
}
... key at: [<ffffffff8e40c058>] tasklist_lock+0x18/0x40
... acquired at:
__raw_read_lock include/linux/rwlock_api_smp.h:161 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
send_sigio+0x101/0x370 fs/fcntl.c:932
dnotify_handle_event+0x169/0x440 fs/notify/dnotify/dnotify.c:113
fsnotify_handle_event fs/notify/fsnotify.c:327 [inline]
send_to_group fs/notify/fsnotify.c:375 [inline]
fsnotify+0x1831/0x1ae0 fs/notify/fsnotify.c:592
fsnotify_name include/linux/fsnotify.h:55 [inline]
fsnotify_dirent include/linux/fsnotify.h:61 [inline]
fsnotify_create include/linux/fsnotify.h:323 [inline]
open_last_lookups fs/namei.c:4614 [inline]
path_openat+0x15c2/0x3860 fs/namei.c:4855
do_file_open+0x23e/0x4a0 fs/namei.c:4887
do_sys_openat2+0x113/0x200 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_open fs/open.c:1380 [inline]
__se_sys_open fs/open.c:1376 [inline]
__x64_sys_open+0x11e/0x150 fs/open.c:1376
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
stack backtrace:
CPU: 1 UID: 0 PID: 27979 Comm: syz.3.5416 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
print_bad_irq_dependency kernel/locking/lockdep.c:2616 [inline]
check_irq_usage kernel/locking/lockdep.c:2857 [inline]
check_prev_add kernel/locking/lockdep.c:3169 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x2a94/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:161 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
send_sigio+0x101/0x370 fs/fcntl.c:932
dnotify_handle_event+0x169/0x440 fs/notify/dnotify/dnotify.c:113
fsnotify_handle_event fs/notify/fsnotify.c:327 [inline]
send_to_group fs/notify/fsnotify.c:375 [inline]
fsnotify+0x1831/0x1ae0 fs/notify/fsnotify.c:592
fsnotify_name include/linux/fsnotify.h:55 [inline]
fsnotify_dirent include/linux/fsnotify.h:61 [inline]
fsnotify_create include/linux/fsnotify.h:323 [inline]
open_last_lookups fs/namei.c:4614 [inline]
path_openat+0x15c2/0x3860 fs/namei.c:4855
do_file_open+0x23e/0x4a0 fs/namei.c:4887
do_sys_openat2+0x113/0x200 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_open fs/open.c:1380 [inline]
__se_sys_open fs/open.c:1376 [inline]
__x64_sys_open+0x11e/0x150 fs/open.c:1376
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2207b9c819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2208b34028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007f2207e15fa0 RCX: 00007f2207b9c819
RDX: 0000000000000000 RSI: 000000000004e142 RDI: 0000200000000040
RBP: 00007f2207c32c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2207e16038 R14: 00007f2207e15fa0 R15: 00007f2207f3fa48
</TASK>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/04/14 01:44 | upstream | 0f0013213293 | 1a086e7c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/13 22:46 | upstream | 0f0013213293 | 1a086e7c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/13 21:33 | upstream | 0f0013213293 | 9530ccf9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/13 10:27 | upstream | 028ef9c96e96 | 9530ccf9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/13 00:14 | upstream | f5459048c38a | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/12 05:22 | upstream | e753c16cb3dd | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/11 21:51 | upstream | e774d5f1bc27 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/10 04:30 | upstream | 8b02520ec5f7 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/10 02:09 | upstream | 8b02520ec5f7 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/09 19:58 | upstream | 8b02520ec5f7 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/09 16:18 | upstream | 7f87a5ea75f0 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/08 11:15 | upstream | 3036cd0d3328 | 2c961e87 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/07 22:49 | upstream | 3036cd0d3328 | 2c961e87 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/07 21:30 | upstream | 3036cd0d3328 | 628666c6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/07 17:00 | upstream | bfe62a454542 | 628666c6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/07 05:31 | upstream | bfe62a454542 | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/07 00:55 | upstream | bfe62a454542 | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/06 20:51 | upstream | 591cd656a1bf | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/06 09:34 | upstream | 591cd656a1bf | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/06 07:51 | upstream | 1791c390149f | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/06 05:57 | upstream | 1791c390149f | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/06 01:31 | upstream | 1791c390149f | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in evdev_pass_values | ||
| 2026/04/05 23:34 | upstream | 1791c390149f | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/05 19:42 | upstream | 1791c390149f | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/05 18:25 | upstream | 3aae9383f42f | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/05 14:20 | upstream | 3aae9383f42f | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/04 22:55 | upstream | 7ca6d1cfec80 | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/04 07:37 | upstream | 631919fb12fe | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/03 05:47 | upstream | d8a9a4b11a13 | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/02 23:53 | upstream | 5619b098e2fb | 8b15d4ae | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/02 19:09 | upstream | 5619b098e2fb | 8b15d4ae | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/02 12:56 | upstream | 9147566d8016 | 0cb124d5 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/02 01:24 | upstream | 9147566d8016 | 0285fe54 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/01 15:55 | upstream | 9147566d8016 | 0285fe54 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/01 05:17 | upstream | dbf00d8d23b4 | fb8b2c26 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/01 01:50 | upstream | dbf00d8d23b4 | fb8b2c26 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/04/01 00:20 | upstream | dbf00d8d23b4 | aeea1c72 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/03/31 23:17 | upstream | d0c3bcd5b897 | aeea1c72 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/03/31 22:13 | upstream | d0c3bcd5b897 | aeea1c72 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/03/31 13:46 | upstream | d0c3bcd5b897 | aeea1c72 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/25 12:52 | upstream | 7dff99b35460 | df2e85d4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/13 21:55 | upstream | cd7a5651db26 | 1e62d198 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2026/01/04 21:27 | upstream | 54e82e93ca93 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in evdev_pass_values | ||
| 2025/08/23 14:33 | upstream | 038d61fd6422 | bf27483f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in evdev_pass_values | ||
| 2026/04/11 11:22 | upstream | e774d5f1bc27 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/04/07 15:28 | upstream | bfe62a454542 | 628666c6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/04/07 10:47 | upstream | bfe62a454542 | 628666c6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/04/04 12:08 | upstream | 7ca6d1cfec80 | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/04/03 22:43 | upstream | 631919fb12fe | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/04/02 08:40 | upstream | 9147566d8016 | 0cb124d5 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/02/03 22:16 | upstream | de0674d9bc69 | 42b01fab | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in evdev_pass_values | ||
| 2026/03/22 15:44 | upstream | 113ae7b4decc | 5b92003d | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | possible deadlock in evdev_pass_values | ||
| 2023/04/19 19:50 | upstream | 789b4a41c247 | a219f34e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/04/16 17:07 | upstream | 3e7bb4f24617 | ec410564 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/03/23 11:19 | linux-next | 785f0eb2f85d | 5b92003d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/13 02:58 | linux-next | f417b7ffcbef | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in evdev_pass_values |