possible deadlock in fasync_remove

possible deadlock in fasync_remove_entry
Status: upstream: reported on 2021/01/09 13:05
Reported-by: syzbot+5252d2712377e3867125@syzkaller.appspotmail.com
First crash: 204d, last: 28d

Sample crash report:

=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
5.13.0-syzkaller #0 Not tainted
-----------------------------------------------------
syz-executor.0/15052 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffff88802255b7b8 (&f->f_owner.lock){.?.+}-{2:2}, at: send_sigio+0x24/0x370 fs/fcntl.c:795

and this task is already holding:
ffff888012dd0018 (&new->fa_lock){.-..}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1012 [inline]
ffff888012dd0018 (&new->fa_lock){.-..}-{2:2}, at: kill_fasync fs/fcntl.c:1033 [inline]
ffff888012dd0018 (&new->fa_lock){.-..}-{2:2}, at: kill_fasync+0x14b/0x460 fs/fcntl.c:1026
which would create a new lock dependency:
 (&new->fa_lock){.-..}-{2:2} -> (&f->f_owner.lock){.?.+}-{2:2}

but this new dependency connects a HARDIRQ-irq-safe lock:
 (fasync_lock){+.+.}-{2:2}

... which became HARDIRQ-irq-safe at:
  lock_acquire kernel/locking/lockdep.c:5514 [inline]
  lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
  spin_lock include/linux/spinlock.h:354 [inline]
  fasync_remove_entry+0x2e/0x1f0 fs/fcntl.c:885
  fasync_helper+0x9e/0xb0 fs/fcntl.c:993
  __tty_fasync drivers/tty/tty_io.c:2245 [inline]
  tty_release+0x16d/0x1210 drivers/tty/tty_io.c:1763
  __fput+0x288/0x920 fs/file_table.c:280
  task_work_run+0xdd/0x1a0 kernel/task_work.c:164
  tracehook_notify_resume include/linux/tracehook.h:189 [inline]
  exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
  exit_to_user_mode_prepare+0x281/0x290 kernel/entry/common.c:209
  __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
  syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302
  do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:57
  entry_SYSCALL_64_after_hwframe+0x44/0xae

to a HARDIRQ-irq-unsafe lock:
 (&f->f_owner.lock){.?.+}-{2:2}

... which became HARDIRQ-irq-unsafe at:
...
  lock_acquire kernel/locking/lockdep.c:5514 [inline]
  lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
  __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
  _raw_read_lock_irqsave+0x45/0x90 kernel/locking/spinlock.c:231
  send_sigio+0x24/0x370 fs/fcntl.c:795
  kill_fasync_rcu fs/fcntl.c:1019 [inline]
  kill_fasync fs/fcntl.c:1033 [inline]
  kill_fasync+0x205/0x460 fs/fcntl.c:1026
  perf_event_wakeup kernel/events/core.c:6387 [inline]
  perf_pending_event+0x432/0x560 kernel/events/core.c:6470
  irq_work_single+0x120/0x1f0 kernel/irq_work.c:155
  irq_work_run_list+0x91/0xc0 kernel/irq_work.c:177
  irq_work_run+0x54/0xd0 kernel/irq_work.c:186
  __sysvec_irq_work+0x95/0x3d0 arch/x86/kernel/irq_work.c:22
  sysvec_irq_work+0x40/0xc0 arch/x86/kernel/irq_work.c:17
  asm_sysvec_irq_work+0x12/0x20 arch/x86/include/asm/idtentry.h:673

other info that might help us debug this:

Chain exists of:
  fasync_lock --> &new->fa_lock --> &f->f_owner.lock

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&f->f_owner.lock);
                               local_irq_disable();
                               lock(fasync_lock);
                               lock(&new->fa_lock);
  <Interrupt>
    lock(fasync_lock);

 *** DEADLOCK ***

8 locks held by syz-executor.0/15052:
 #0: ffff888022740110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 drivers/input/evdev.c:513
 #1: ffff888022284230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xa6/0x310 drivers/input/input.c:471
 #2: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: is_event_supported drivers/input/input.c:53 [inline]
 #2: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: is_event_supported drivers/input/input.c:50 [inline]
 #2: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x310 drivers/input/input.c:470
 #3: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: input_dev_toggle drivers/input/input.c:1712 [inline]
 #3: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x700 drivers/input/input.c:1832
 #4: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3f0 drivers/input/evdev.c:296
 #5: ffff888030d4f028 (&client->buffer_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline]
 #5: ffff888030d4f028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 drivers/input/evdev.c:261
 #6: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 fs/fcntl.c:1031
 #7: ffff888012dd0018 (&new->fa_lock){.-..}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1012 [inline]
 #7: ffff888012dd0018 (&new->fa_lock){.-..}-{2:2}, at: kill_fasync fs/fcntl.c:1033 [inline]
 #7: ffff888012dd0018 (&new->fa_lock){.-..}-{2:2}, at: kill_fasync+0x14b/0x460 fs/fcntl.c:1026

the dependencies between HARDIRQ-irq-safe lock and the holding lock:
 -> (fasync_lock){+.+.}-{2:2} {
    HARDIRQ-ON-W at:
                      lock_acquire kernel/locking/lockdep.c:5514 [inline]
                      lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
                      __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                      _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
                      spin_lock include/linux/spinlock.h:354 [inline]
                      fasync_remove_entry+0x2e/0x1f0 fs/fcntl.c:885
                      fasync_helper+0x9e/0xb0 fs/fcntl.c:993
                      __tty_fasync drivers/tty/tty_io.c:2245 [inline]
                      tty_release+0x16d/0x1210 drivers/tty/tty_io.c:1763
                      __fput+0x288/0x920 fs/file_table.c:280
                      task_work_run+0xdd/0x1a0 kernel/task_work.c:164
                      tracehook_notify_resume include/linux/tracehook.h:189 [inline]
                      exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
                      exit_to_user_mode_prepare+0x281/0x290 kernel/entry/common.c:209
                      __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
                      syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302
                      do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:57
                      entry_SYSCALL_64_after_hwframe+0x44/0xae
    SOFTIRQ-ON-W at:
                      lock_acquire kernel/locking/lockdep.c:5514 [inline]
                      lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
                      __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                      _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
                      spin_lock include/linux/spinlock.h:354 [inline]
                      fasync_remove_entry+0x2e/0x1f0 fs/fcntl.c:885
                      fasync_helper+0x9e/0xb0 fs/fcntl.c:993
                      __tty_fasync drivers/tty/tty_io.c:2245 [inline]
                      tty_release+0x16d/0x1210 drivers/tty/tty_io.c:1763
                      __fput+0x288/0x920 fs/file_table.c:280
                      task_work_run+0xdd/0x1a0 kernel/task_work.c:164
                      tracehook_notify_resume include/linux/tracehook.h:189 [inline]
                      exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
                      exit_to_user_mode_prepare+0x281/0x290 kernel/entry/common.c:209
                      __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
                      syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302
                      do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:57
                      entry_SYSCALL_64_after_hwframe+0x44/0xae
    INITIAL USE at:
                     lock_acquire kernel/locking/lockdep.c:5514 [inline]
                     lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
                     __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                     _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
                     spin_lock include/linux/spinlock.h:354 [inline]
                     fasync_remove_entry+0x2e/0x1f0 fs/fcntl.c:885
                     fasync_helper+0x9e/0xb0 fs/fcntl.c:993
                     __tty_fasync drivers/tty/tty_io.c:2245 [inline]
                     tty_release+0x16d/0x1210 drivers/tty/tty_io.c:1763
                     __fput+0x288/0x920 fs/file_table.c:280
                     task_work_run+0xdd/0x1a0 kernel/task_work.c:164
                     tracehook_notify_resume include/linux/tracehook.h:189 [inline]
                     exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
                     exit_to_user_mode_prepare+0x281/0x290 kernel/entry/common.c:209
                     __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
                     syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302
                     do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:57
                     entry_SYSCALL_64_after_hwframe+0x44/0xae
  }
  ... key      at: [<ffffffff8c0e6178>] fasync_lock+0x18/0x8e0
  ... acquired at:
   __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
   _raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:311
   fasync_remove_entry+0xb6/0x1f0 fs/fcntl.c:890
   fasync_helper+0x9e/0xb0 fs/fcntl.c:993
   perf_fasync+0x7e/0xb0 kernel/events/core.c:6347
   __fput+0x712/0x920 fs/file_table.c:277
   task_work_run+0xdd/0x1a0 kernel/task_work.c:164
   exit_task_work include/linux/task_work.h:32 [inline]
   do_exit+0xbfc/0x2a60 kernel/exit.c:825
   do_group_exit+0x125/0x310 kernel/exit.c:922
   __do_sys_exit_group kernel/exit.c:933 [inline]
   __se_sys_exit_group kernel/exit.c:931 [inline]
   __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:931
   do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
   entry_SYSCALL_64_after_hwframe+0x44/0xae

-> (&new->fa_lock){.-..}-{2:2} {
   IN-HARDIRQ-R at:
                    lock_acquire kernel/locking/lockdep.c:5514 [inline]
                    lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
                    __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                    _raw_read_lock+0x36/0x70 kernel/locking/spinlock.c:223
                    kill_fasync_rcu fs/fcntl.c:1012 [inline]
                    kill_fasync fs/fcntl.c:1033 [inline]
                    kill_fasync+0x14b/0x460 fs/fcntl.c:1026
                    perf_event_wakeup kernel/events/core.c:6387 [inline]
                    perf_pending_event+0x432/0x560 kernel/events/core.c:6470
                    irq_work_single+0x120/0x1f0 kernel/irq_work.c:155
                    irq_work_run_list+0x91/0xc0 kernel/irq_work.c:177
                    irq_work_run+0x54/0xd0 kernel/irq_work.c:186
                    __sysvec_irq_work+0x95/0x3d0 arch/x86/kernel/irq_work.c:22
                    sysvec_irq_work+0x40/0xc0 arch/x86/kernel/irq_work.c:17
                    asm_sysvec_irq_work+0x12/0x20 arch/x86/include/asm/idtentry.h:673
   INITIAL USE at:
                   lock_acquire kernel/locking/lockdep.c:5514 [inline]
                   lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
                   __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
                   _raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:311
                   fasync_remove_entry+0xb6/0x1f0 fs/fcntl.c:890
                   fasync_helper+0x9e/0xb0 fs/fcntl.c:993
                   perf_fasync+0x7e/0xb0 kernel/events/core.c:6347
                   __fput+0x712/0x920 fs/file_table.c:277
                   task_work_run+0xdd/0x1a0 kernel/task_work.c:164
                   exit_task_work include/linux/task_work.h:32 [inline]
                   do_exit+0xbfc/0x2a60 kernel/exit.c:825
                   do_group_exit+0x125/0x310 kernel/exit.c:922
                   __do_sys_exit_group kernel/exit.c:933 [inline]
                   __se_sys_exit_group kernel/exit.c:931 [inline]
                   __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:931
                   do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
                   entry_SYSCALL_64_after_hwframe+0x44/0xae
   INITIAL READ USE at:
                        lock_acquire kernel/locking/lockdep.c:5514 [inline]
                        lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
                        __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                        _raw_read_lock+0x36/0x70 kernel/locking/spinlock.c:223
                        kill_fasync_rcu fs/fcntl.c:1012 [inline]
                        kill_fasync fs/fcntl.c:1033 [inline]
                        kill_fasync+0x14b/0x460 fs/fcntl.c:1026
                        perf_event_wakeup kernel/events/core.c:6387 [inline]
                        perf_pending_event+0x432/0x560 kernel/events/core.c:6470
                        irq_work_single+0x120/0x1f0 kernel/irq_work.c:155
                        irq_work_run_list+0x91/0xc0 kernel/irq_work.c:177
                        irq_work_run+0x54/0xd0 kernel/irq_work.c:186
                        __sysvec_irq_work+0x95/0x3d0 arch/x86/kernel/irq_work.c:22
                        sysvec_irq_work+0x40/0xc0 arch/x86/kernel/irq_work.c:17
                        asm_sysvec_irq_work+0x12/0x20 arch/x86/include/asm/idtentry.h:673
 }
 ... key      at: [<ffffffff907e5b60>] __key.0+0x0/0x40
 ... acquired at:
   lock_acquire kernel/locking/lockdep.c:5514 [inline]
   lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
   _raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:231
   send_sigio+0x24/0x370 fs/fcntl.c:795
   kill_fasync_rcu fs/fcntl.c:1019 [inline]
   kill_fasync fs/fcntl.c:1033 [inline]
   kill_fasync+0x205/0x460 fs/fcntl.c:1026
   __pass_event drivers/input/evdev.c:240 [inline]
   evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
   evdev_pass_values drivers/input/evdev.c:253 [inline]
   evdev_events+0x28b/0x3f0 drivers/input/evdev.c:306
   input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
   input_pass_values.part.0+0x284/0x700 drivers/input/input.c:145
   input_pass_values drivers/input/input.c:134 [inline]
   input_handle_event+0x373/0x1440 drivers/input/input.c:404
   input_inject_event+0x2f5/0x310 drivers/input/input.c:476
   evdev_write+0x430/0x760 drivers/input/evdev.c:530
   vfs_write+0x28e/0xa30 fs/read_write.c:603
   ksys_write+0x1ee/0x250 fs/read_write.c:658
   do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
   entry_SYSCALL_64_after_hwframe+0x44/0xae


the dependencies between the lock to be acquired
 and HARDIRQ-irq-unsafe lock:
-> (&f->f_owner.lock){.?.+}-{2:2} {
   IN-HARDIRQ-R at:
                    lock_acquire kernel/locking/lockdep.c:5514 [inline]
                    lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
                    __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
                    _raw_read_lock_irqsave+0x45/0x90 kernel/locking/spinlock.c:231
                    send_sigio+0x24/0x370 fs/fcntl.c:795
                    kill_fasync_rcu fs/fcntl.c:1019 [inline]
                    kill_fasync fs/fcntl.c:1033 [inline]
                    kill_fasync+0x205/0x460 fs/fcntl.c:1026
                    perf_event_wakeup kernel/events/core.c:6387 [inline]
                    perf_pending_event+0x432/0x560 kernel/events/core.c:6470
                    irq_work_single+0x120/0x1f0 kernel/irq_work.c:155
                    irq_work_run_list+0x91/0xc0 kernel/irq_work.c:177
                    irq_work_run+0x54/0xd0 kernel/irq_work.c:186
                    __sysvec_irq_work+0x95/0x3d0 arch/x86/kernel/irq_work.c:22
                    sysvec_irq_work+0x40/0xc0 arch/x86/kernel/irq_work.c:17
                    asm_sysvec_irq_work+0x12/0x20 arch/x86/include/asm/idtentry.h:673
   HARDIRQ-ON-R at:
                    lock_acquire kernel/locking/lockdep.c:5514 [inline]
                    lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
                    __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                    _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
                    f_getown_ex fs/fcntl.c:211 [inline]
                    do_fcntl+0x8b4/0x1200 fs/fcntl.c:395
                    __do_sys_fcntl fs/fcntl.c:471 [inline]
                    __se_sys_fcntl fs/fcntl.c:456 [inline]
                    __x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:456
                    do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
                    entry_SYSCALL_64_after_hwframe+0x44/0xae
   SOFTIRQ-ON-R at:
                    lock_acquire kernel/locking/lockdep.c:5514 [inline]
                    lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
                    __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                    _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
                    f_getown_ex fs/fcntl.c:211 [inline]
                    do_fcntl+0x8b4/0x1200 fs/fcntl.c:395
                    __do_sys_fcntl fs/fcntl.c:471 [inline]
                    __se_sys_fcntl fs/fcntl.c:456 [inline]
                    __x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:456
                    do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
                    entry_SYSCALL_64_after_hwframe+0x44/0xae
   INITIAL USE at:
                   lock_acquire kernel/locking/lockdep.c:5514 [inline]
                   lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
                   __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
                   _raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:311
                   f_modown+0x2a/0x390 fs/fcntl.c:91
                   __f_setown fs/fcntl.c:110 [inline]
                   f_setown+0xf4/0x230 fs/fcntl.c:138
                   do_fcntl+0x749/0x1200 fs/fcntl.c:392
                   __do_sys_fcntl fs/fcntl.c:471 [inline]
                   __se_sys_fcntl fs/fcntl.c:456 [inline]
                   __x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:456
                   do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
                   entry_SYSCALL_64_after_hwframe+0x44/0xae
   INITIAL READ USE at:
                        lock_acquire kernel/locking/lockdep.c:5514 [inline]
                        lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
                        __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
                        _raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:231
                        send_sigurg+0x1e/0xac0 fs/fcntl.c:834
                        sk_send_sigurg+0x76/0x300 net/core/sock.c:2954
                        tcp_check_urg.isra.0+0x1fb/0x710 net/ipv4/tcp_input.c:5503
                        tcp_urg net/ipv4/tcp_input.c:5544 [inline]
                        tcp_rcv_established+0x106c/0x1eb0 net/ipv4/tcp_input.c:5878
                        tcp_v4_do_rcv+0x5d1/0x870 net/ipv4/tcp_ipv4.c:1694
                        sk_backlog_rcv include/net/sock.h:1020 [inline]
                        __release_sock+0x134/0x3b0 net/core/sock.c:2558
                        release_sock+0x54/0x1b0 net/core/sock.c:3082
                        sk_stream_wait_memory+0x608/0xed0 net/core/stream.c:145
                        tcp_sendmsg_locked+0x1072/0x2e40 net/ipv4/tcp.c:1418
                        tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1458
                        inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:821
                        sock_sendmsg_nosec net/socket.c:654 [inline]
                        sock_sendmsg+0xcf/0x120 net/socket.c:674
                        __sys_sendto+0x21c/0x320 net/socket.c:1964
                        __do_sys_sendto net/socket.c:1976 [inline]
                        __se_sys_sendto net/socket.c:1972 [inline]
                        __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1972
                        do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
                        entry_SYSCALL_64_after_hwframe+0x44/0xae
 }
 ... key      at: [<ffffffff907e4d80>] __key.5+0x0/0x40
 ... acquired at:
   lock_acquire kernel/locking/lockdep.c:5514 [inline]
   lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
   _raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:231
   send_sigio+0x24/0x370 fs/fcntl.c:795
   kill_fasync_rcu fs/fcntl.c:1019 [inline]
   kill_fasync fs/fcntl.c:1033 [inline]
   kill_fasync+0x205/0x460 fs/fcntl.c:1026
   __pass_event drivers/input/evdev.c:240 [inline]
   evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
   evdev_pass_values drivers/input/evdev.c:253 [inline]
   evdev_events+0x28b/0x3f0 drivers/input/evdev.c:306
   input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
   input_pass_values.part.0+0x284/0x700 drivers/input/input.c:145
   input_pass_values drivers/input/input.c:134 [inline]
   input_handle_event+0x373/0x1440 drivers/input/input.c:404
   input_inject_event+0x2f5/0x310 drivers/input/input.c:476
   evdev_write+0x430/0x760 drivers/input/evdev.c:530
   vfs_write+0x28e/0xa30 fs/read_write.c:603
   ksys_write+0x1ee/0x250 fs/read_write.c:658
   do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
   entry_SYSCALL_64_after_hwframe+0x44/0xae


stack backtrace:
CPU: 1 PID: 15052 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x141/0x1d7 lib/dump_stack.c:120
 print_bad_irq_dependency kernel/locking/lockdep.c:2464 [inline]
 check_irq_usage.cold+0x4d6/0x6c5 kernel/locking/lockdep.c:2693
 check_prev_add kernel/locking/lockdep.c:2944 [inline]
 check_prevs_add kernel/locking/lockdep.c:3063 [inline]
 validate_chain kernel/locking/lockdep.c:3678 [inline]
 __lock_acquire+0x2a2f/0x5230 kernel/locking/lockdep.c:4904
 lock_acquire kernel/locking/lockdep.c:5514 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
 _raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:231
 send_sigio+0x24/0x370 fs/fcntl.c:795
 kill_fasync_rcu fs/fcntl.c:1019 [inline]
 kill_fasync fs/fcntl.c:1033 [inline]
 kill_fasync+0x205/0x460 fs/fcntl.c:1026
 __pass_event drivers/input/evdev.c:240 [inline]
 evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
 evdev_pass_values drivers/input/evdev.c:253 [inline]
 evdev_events+0x28b/0x3f0 drivers/input/evdev.c:306
 input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
 input_pass_values.part.0+0x284/0x700 drivers/input/input.c:145
 input_pass_values drivers/input/input.c:134 [inline]
 input_handle_event+0x373/0x1440 drivers/input/input.c:404
 input_inject_event+0x2f5/0x310 drivers/input/input.c:476
 evdev_write+0x430/0x760 drivers/input/evdev.c:530
 vfs_write+0x28e/0xa30 fs/read_write.c:603
 ksys_write+0x1ee/0x250 fs/read_write.c:658
 do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665d9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff8eb8d8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
RDX: 00000000000002b8 RSI: 0000000020000040 RDI: 0000000000000003
RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 0000000000a9fb1f R14: 00007ff8eb8d8300 R15: 0000000000022000

Crashes (107):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Title
ci-upstream-kasan-gce	2021/06/28 14:56	upstream	62fb9874f5da	9d2ab5df	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-smack-root	2021/06/26 06:40	upstream	b7050b242430	9d2ab5df	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-selinux-root	2021/06/25 15:28	upstream	44db63d1ad8d	ae6bf8dd	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/06/23 19:00	upstream	7266f2030eb0	aba2b2fb	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/06/21 09:58	upstream	cba5e97280f5	aba2b2fb	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/06/15 11:00	upstream	009c9aa5be65	58636922	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/06/12 20:07	upstream	ad347abe4a98	1ba81399	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-smack-root	2021/05/29 00:23	upstream	5ff2756afde0	858ea628	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-smack-root	2021/05/26 06:31	upstream	ad9f25d33860	93d3a9f6	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-selinux-root	2021/05/23 09:20	upstream	4d7620341eda	3c7fef33	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/05/20 13:37	upstream	c3d0e3fd41b7	c560a65d	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-selinux-root	2021/05/19 23:48	upstream	293837b9ac8d	a343ba6b	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-smack-root	2021/05/17 09:27	upstream	d07f6ca923ea	a2eb125d	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-smack-root	2021/05/16 16:27	upstream	63d1cb53e26a	f54a5c09	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/05/14 08:56	upstream	315d99318179	8bdd5343	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-smack-root	2021/05/13 21:34	upstream	c06a2ba62fc4	80f9b418	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-smack-root	2021/05/13 18:37	upstream	c06a2ba62fc4	80f9b418	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-selinux-root	2021/05/07 05:22	upstream	d2b6f8a17919	06585184	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-selinux-root	2021/05/03 20:24	upstream	d2b6f8a17919	ad61f371	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/04/21 18:57	upstream	16fc44d6387e	95777977	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-selinux-root	2021/04/21 01:30	upstream	1fe5501ba1ab	c0ced557	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-selinux-root	2021/04/19 08:08	upstream	bf05bf16c76b	7e2b734b	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/04/17 20:51	upstream	194cf4825638	7e2b734b	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/04/16 17:11	upstream	2f7b98d1e55c	7e2b734b	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/04/15 08:41	upstream	7f75285ca572	fcdb12ba	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-root	2021/04/14 14:48	upstream	50987beca096	3134b37f	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/04/11 08:28	upstream	52e44129fba5	bfeda1b1	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-selinux-root	2021/04/10 11:26	upstream	d4961772226d	bfeda1b1	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/04/10 05:06	upstream	17e7124aad76	6a81331a	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-smack-root	2021/04/08 16:10	upstream	454859c552da	6a81331a	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-selinux-root	2021/04/08 13:55	upstream	454859c552da	6a81331a	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-smack-root	2021/04/06 04:14	upstream	0a50438c8436	6a81331a	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/04/04 18:39	upstream	2023a53bdf41	6a81331a	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-smack-root	2021/04/03 04:00	upstream	d93a0d43e3d0	6a81331a	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce	2021/03/31 06:57	upstream	2bb25b3a748a	6a81331a	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-selinux-root	2021/03/29 14:22	upstream	a5e13c6df0e4	a8529b82	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-qemu-upstream	2021/03/28 20:36	upstream	36a14638f7c0	a8529b82	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-386	2021/06/25 20:11	upstream	44db63d1ad8d	ae6bf8dd	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-386	2021/05/20 03:22	upstream	c3d0e3fd41b7	a343ba6b	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-386	2021/05/16 14:24	upstream	63d1cb53e26a	f54a5c09	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-386	2021/05/14 16:50	upstream	315d99318179	8bdd5343	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-386	2021/05/13 01:11	upstream	dbb5afad100a	ed7d41c5	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-386	2021/05/10 22:01	upstream	0aa099a312b6	ca873091	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-386	2021/05/10 02:54	upstream	6efb943b8616	bc5434be	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-386	2021/04/16 20:18	upstream	2f7b98d1e55c	7e2b734b	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-386	2021/04/14 02:57	upstream	eebe426d32e1	a184b83e	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-386	2021/04/11 03:27	upstream	52e44129fba5	bfeda1b1	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-386	2021/04/05 21:59	upstream	0a50438c8436	6a81331a	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-386	2021/04/02 13:31	upstream	1678e493d530	6a81331a	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-linux-next-kasan-gce-root	2021/06/30 09:33	linux-next	a1f92694393a	84fd4c77	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-linux-next-kasan-gce-root	2021/05/29 18:20	linux-next	a1f92694393a	325a8dab	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-linux-next-kasan-gce-root	2021/05/21 03:05	linux-next	a1f92694393a	3c7fef33	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-linux-next-kasan-gce-root	2021/05/15 11:02	linux-next	cd557f1c605f	93f844de	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-linux-next-kasan-gce-root	2021/04/02 09:27	linux-next	454c576c3f5e	6a81331a	.config	log	report	info	possible deadlock in fasync_remove_entry
ci-upstream-kasan-gce-selinux-root	2021/01/16 13:18	upstream	1d94330a437a	65a7a854	.config	log	report	info
ci-upstream-kasan-gce-root	2021/01/08 14:55	upstream	f5e6c330254a	c104d4a3	.config	log	report	info
ci-upstream-kasan-gce	2021/01/05 12:57	upstream	36bbbd0e234d	a0234d98	.config	log	report	info