| Title | Replies (including bot) | Last reply |
|---|---|---|
| possible deadlock in fasync_remove_entry | 0 (1) | 2021/01/09 13:05 |
syzbot |
sign-in | mailing list | source | docs |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| possible deadlock in fasync_remove_entry | 0 (1) | 2021/01/09 13:05 |
=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
5.13.0-syzkaller #0 Not tainted
-----------------------------------------------------
syz-executor.0/15052 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffff88802255b7b8 (&f->f_owner.lock){.?.+}-{2:2}, at: send_sigio+0x24/0x370 fs/fcntl.c:795
and this task is already holding:
ffff888012dd0018 (&new->fa_lock){.-..}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1012 [inline]
ffff888012dd0018 (&new->fa_lock){.-..}-{2:2}, at: kill_fasync fs/fcntl.c:1033 [inline]
ffff888012dd0018 (&new->fa_lock){.-..}-{2:2}, at: kill_fasync+0x14b/0x460 fs/fcntl.c:1026
which would create a new lock dependency:
(&new->fa_lock){.-..}-{2:2} -> (&f->f_owner.lock){.?.+}-{2:2}
but this new dependency connects a HARDIRQ-irq-safe lock:
(fasync_lock){+.+.}-{2:2}
... which became HARDIRQ-irq-safe at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
spin_lock include/linux/spinlock.h:354 [inline]
fasync_remove_entry+0x2e/0x1f0 fs/fcntl.c:885
fasync_helper+0x9e/0xb0 fs/fcntl.c:993
__tty_fasync drivers/tty/tty_io.c:2245 [inline]
tty_release+0x16d/0x1210 drivers/tty/tty_io.c:1763
__fput+0x288/0x920 fs/file_table.c:280
task_work_run+0xdd/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
exit_to_user_mode_prepare+0x281/0x290 kernel/entry/common.c:209
__syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:57
entry_SYSCALL_64_after_hwframe+0x44/0xae
to a HARDIRQ-irq-unsafe lock:
(&f->f_owner.lock){.?.+}-{2:2}
... which became HARDIRQ-irq-unsafe at:
...
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x45/0x90 kernel/locking/spinlock.c:231
send_sigio+0x24/0x370 fs/fcntl.c:795
kill_fasync_rcu fs/fcntl.c:1019 [inline]
kill_fasync fs/fcntl.c:1033 [inline]
kill_fasync+0x205/0x460 fs/fcntl.c:1026
perf_event_wakeup kernel/events/core.c:6387 [inline]
perf_pending_event+0x432/0x560 kernel/events/core.c:6470
irq_work_single+0x120/0x1f0 kernel/irq_work.c:155
irq_work_run_list+0x91/0xc0 kernel/irq_work.c:177
irq_work_run+0x54/0xd0 kernel/irq_work.c:186
__sysvec_irq_work+0x95/0x3d0 arch/x86/kernel/irq_work.c:22
sysvec_irq_work+0x40/0xc0 arch/x86/kernel/irq_work.c:17
asm_sysvec_irq_work+0x12/0x20 arch/x86/include/asm/idtentry.h:673
other info that might help us debug this:
Chain exists of:
fasync_lock --> &new->fa_lock --> &f->f_owner.lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&f->f_owner.lock);
local_irq_disable();
lock(fasync_lock);
lock(&new->fa_lock);
<Interrupt>
lock(fasync_lock);
*** DEADLOCK ***
8 locks held by syz-executor.0/15052:
#0: ffff888022740110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 drivers/input/evdev.c:513
#1: ffff888022284230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xa6/0x310 drivers/input/input.c:471
#2: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: is_event_supported drivers/input/input.c:53 [inline]
#2: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: is_event_supported drivers/input/input.c:50 [inline]
#2: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x310 drivers/input/input.c:470
#3: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: input_dev_toggle drivers/input/input.c:1712 [inline]
#3: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x700 drivers/input/input.c:1832
#4: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3f0 drivers/input/evdev.c:296
#5: ffff888030d4f028 (&client->buffer_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline]
#5: ffff888030d4f028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 drivers/input/evdev.c:261
#6: ffffffff8bf79860 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 fs/fcntl.c:1031
#7: ffff888012dd0018 (&new->fa_lock){.-..}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1012 [inline]
#7: ffff888012dd0018 (&new->fa_lock){.-..}-{2:2}, at: kill_fasync fs/fcntl.c:1033 [inline]
#7: ffff888012dd0018 (&new->fa_lock){.-..}-{2:2}, at: kill_fasync+0x14b/0x460 fs/fcntl.c:1026
the dependencies between HARDIRQ-irq-safe lock and the holding lock:
-> (fasync_lock){+.+.}-{2:2} {
HARDIRQ-ON-W at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
spin_lock include/linux/spinlock.h:354 [inline]
fasync_remove_entry+0x2e/0x1f0 fs/fcntl.c:885
fasync_helper+0x9e/0xb0 fs/fcntl.c:993
__tty_fasync drivers/tty/tty_io.c:2245 [inline]
tty_release+0x16d/0x1210 drivers/tty/tty_io.c:1763
__fput+0x288/0x920 fs/file_table.c:280
task_work_run+0xdd/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
exit_to_user_mode_prepare+0x281/0x290 kernel/entry/common.c:209
__syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:57
entry_SYSCALL_64_after_hwframe+0x44/0xae
SOFTIRQ-ON-W at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
spin_lock include/linux/spinlock.h:354 [inline]
fasync_remove_entry+0x2e/0x1f0 fs/fcntl.c:885
fasync_helper+0x9e/0xb0 fs/fcntl.c:993
__tty_fasync drivers/tty/tty_io.c:2245 [inline]
tty_release+0x16d/0x1210 drivers/tty/tty_io.c:1763
__fput+0x288/0x920 fs/file_table.c:280
task_work_run+0xdd/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
exit_to_user_mode_prepare+0x281/0x290 kernel/entry/common.c:209
__syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:57
entry_SYSCALL_64_after_hwframe+0x44/0xae
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
spin_lock include/linux/spinlock.h:354 [inline]
fasync_remove_entry+0x2e/0x1f0 fs/fcntl.c:885
fasync_helper+0x9e/0xb0 fs/fcntl.c:993
__tty_fasync drivers/tty/tty_io.c:2245 [inline]
tty_release+0x16d/0x1210 drivers/tty/tty_io.c:1763
__fput+0x288/0x920 fs/file_table.c:280
task_work_run+0xdd/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
exit_to_user_mode_prepare+0x281/0x290 kernel/entry/common.c:209
__syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:57
entry_SYSCALL_64_after_hwframe+0x44/0xae
}
... key at: [<ffffffff8c0e6178>] fasync_lock+0x18/0x8e0
... acquired at:
__raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:311
fasync_remove_entry+0xb6/0x1f0 fs/fcntl.c:890
fasync_helper+0x9e/0xb0 fs/fcntl.c:993
perf_fasync+0x7e/0xb0 kernel/events/core.c:6347
__fput+0x712/0x920 fs/file_table.c:277
task_work_run+0xdd/0x1a0 kernel/task_work.c:164
exit_task_work include/linux/task_work.h:32 [inline]
do_exit+0xbfc/0x2a60 kernel/exit.c:825
do_group_exit+0x125/0x310 kernel/exit.c:922
__do_sys_exit_group kernel/exit.c:933 [inline]
__se_sys_exit_group kernel/exit.c:931 [inline]
__x64_sys_exit_group+0x3a/0x50 kernel/exit.c:931
do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> (&new->fa_lock){.-..}-{2:2} {
IN-HARDIRQ-R at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x36/0x70 kernel/locking/spinlock.c:223
kill_fasync_rcu fs/fcntl.c:1012 [inline]
kill_fasync fs/fcntl.c:1033 [inline]
kill_fasync+0x14b/0x460 fs/fcntl.c:1026
perf_event_wakeup kernel/events/core.c:6387 [inline]
perf_pending_event+0x432/0x560 kernel/events/core.c:6470
irq_work_single+0x120/0x1f0 kernel/irq_work.c:155
irq_work_run_list+0x91/0xc0 kernel/irq_work.c:177
irq_work_run+0x54/0xd0 kernel/irq_work.c:186
__sysvec_irq_work+0x95/0x3d0 arch/x86/kernel/irq_work.c:22
sysvec_irq_work+0x40/0xc0 arch/x86/kernel/irq_work.c:17
asm_sysvec_irq_work+0x12/0x20 arch/x86/include/asm/idtentry.h:673
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:311
fasync_remove_entry+0xb6/0x1f0 fs/fcntl.c:890
fasync_helper+0x9e/0xb0 fs/fcntl.c:993
perf_fasync+0x7e/0xb0 kernel/events/core.c:6347
__fput+0x712/0x920 fs/file_table.c:277
task_work_run+0xdd/0x1a0 kernel/task_work.c:164
exit_task_work include/linux/task_work.h:32 [inline]
do_exit+0xbfc/0x2a60 kernel/exit.c:825
do_group_exit+0x125/0x310 kernel/exit.c:922
__do_sys_exit_group kernel/exit.c:933 [inline]
__se_sys_exit_group kernel/exit.c:931 [inline]
__x64_sys_exit_group+0x3a/0x50 kernel/exit.c:931
do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x36/0x70 kernel/locking/spinlock.c:223
kill_fasync_rcu fs/fcntl.c:1012 [inline]
kill_fasync fs/fcntl.c:1033 [inline]
kill_fasync+0x14b/0x460 fs/fcntl.c:1026
perf_event_wakeup kernel/events/core.c:6387 [inline]
perf_pending_event+0x432/0x560 kernel/events/core.c:6470
irq_work_single+0x120/0x1f0 kernel/irq_work.c:155
irq_work_run_list+0x91/0xc0 kernel/irq_work.c:177
irq_work_run+0x54/0xd0 kernel/irq_work.c:186
__sysvec_irq_work+0x95/0x3d0 arch/x86/kernel/irq_work.c:22
sysvec_irq_work+0x40/0xc0 arch/x86/kernel/irq_work.c:17
asm_sysvec_irq_work+0x12/0x20 arch/x86/include/asm/idtentry.h:673
}
... key at: [<ffffffff907e5b60>] __key.0+0x0/0x40
... acquired at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:231
send_sigio+0x24/0x370 fs/fcntl.c:795
kill_fasync_rcu fs/fcntl.c:1019 [inline]
kill_fasync fs/fcntl.c:1033 [inline]
kill_fasync+0x205/0x460 fs/fcntl.c:1026
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x28b/0x3f0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x284/0x700 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x2f5/0x310 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xa30 fs/read_write.c:603
ksys_write+0x1ee/0x250 fs/read_write.c:658
do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
the dependencies between the lock to be acquired
and HARDIRQ-irq-unsafe lock:
-> (&f->f_owner.lock){.?.+}-{2:2} {
IN-HARDIRQ-R at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x45/0x90 kernel/locking/spinlock.c:231
send_sigio+0x24/0x370 fs/fcntl.c:795
kill_fasync_rcu fs/fcntl.c:1019 [inline]
kill_fasync fs/fcntl.c:1033 [inline]
kill_fasync+0x205/0x460 fs/fcntl.c:1026
perf_event_wakeup kernel/events/core.c:6387 [inline]
perf_pending_event+0x432/0x560 kernel/events/core.c:6470
irq_work_single+0x120/0x1f0 kernel/irq_work.c:155
irq_work_run_list+0x91/0xc0 kernel/irq_work.c:177
irq_work_run+0x54/0xd0 kernel/irq_work.c:186
__sysvec_irq_work+0x95/0x3d0 arch/x86/kernel/irq_work.c:22
sysvec_irq_work+0x40/0xc0 arch/x86/kernel/irq_work.c:17
asm_sysvec_irq_work+0x12/0x20 arch/x86/include/asm/idtentry.h:673
HARDIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
f_getown_ex fs/fcntl.c:211 [inline]
do_fcntl+0x8b4/0x1200 fs/fcntl.c:395
__do_sys_fcntl fs/fcntl.c:471 [inline]
__se_sys_fcntl fs/fcntl.c:456 [inline]
__x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:456
do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
SOFTIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
f_getown_ex fs/fcntl.c:211 [inline]
do_fcntl+0x8b4/0x1200 fs/fcntl.c:395
__do_sys_fcntl fs/fcntl.c:471 [inline]
__se_sys_fcntl fs/fcntl.c:456 [inline]
__x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:456
do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:311
f_modown+0x2a/0x390 fs/fcntl.c:91
__f_setown fs/fcntl.c:110 [inline]
f_setown+0xf4/0x230 fs/fcntl.c:138
do_fcntl+0x749/0x1200 fs/fcntl.c:392
__do_sys_fcntl fs/fcntl.c:471 [inline]
__se_sys_fcntl fs/fcntl.c:456 [inline]
__x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:456
do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:231
send_sigurg+0x1e/0xac0 fs/fcntl.c:834
sk_send_sigurg+0x76/0x300 net/core/sock.c:2954
tcp_check_urg.isra.0+0x1fb/0x710 net/ipv4/tcp_input.c:5503
tcp_urg net/ipv4/tcp_input.c:5544 [inline]
tcp_rcv_established+0x106c/0x1eb0 net/ipv4/tcp_input.c:5878
tcp_v4_do_rcv+0x5d1/0x870 net/ipv4/tcp_ipv4.c:1694
sk_backlog_rcv include/net/sock.h:1020 [inline]
__release_sock+0x134/0x3b0 net/core/sock.c:2558
release_sock+0x54/0x1b0 net/core/sock.c:3082
sk_stream_wait_memory+0x608/0xed0 net/core/stream.c:145
tcp_sendmsg_locked+0x1072/0x2e40 net/ipv4/tcp.c:1418
tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1458
inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:821
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:674
__sys_sendto+0x21c/0x320 net/socket.c:1964
__do_sys_sendto net/socket.c:1976 [inline]
__se_sys_sendto net/socket.c:1972 [inline]
__x64_sys_sendto+0xdd/0x1b0 net/socket.c:1972
do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
}
... key at: [<ffffffff907e4d80>] __key.5+0x0/0x40
... acquired at:
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:231
send_sigio+0x24/0x370 fs/fcntl.c:795
kill_fasync_rcu fs/fcntl.c:1019 [inline]
kill_fasync fs/fcntl.c:1033 [inline]
kill_fasync+0x205/0x460 fs/fcntl.c:1026
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x28b/0x3f0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x284/0x700 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x2f5/0x310 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xa30 fs/read_write.c:603
ksys_write+0x1ee/0x250 fs/read_write.c:658
do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
stack backtrace:
CPU: 1 PID: 15052 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0x141/0x1d7 lib/dump_stack.c:120
print_bad_irq_dependency kernel/locking/lockdep.c:2464 [inline]
check_irq_usage.cold+0x4d6/0x6c5 kernel/locking/lockdep.c:2693
check_prev_add kernel/locking/lockdep.c:2944 [inline]
check_prevs_add kernel/locking/lockdep.c:3063 [inline]
validate_chain kernel/locking/lockdep.c:3678 [inline]
__lock_acquire+0x2a2f/0x5230 kernel/locking/lockdep.c:4904
lock_acquire kernel/locking/lockdep.c:5514 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5479
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:231
send_sigio+0x24/0x370 fs/fcntl.c:795
kill_fasync_rcu fs/fcntl.c:1019 [inline]
kill_fasync fs/fcntl.c:1033 [inline]
kill_fasync+0x205/0x460 fs/fcntl.c:1026
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x28b/0x3f0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x284/0x700 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x2f5/0x310 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xa30 fs/read_write.c:603
ksys_write+0x1ee/0x250 fs/read_write.c:658
do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665d9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff8eb8d8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
RDX: 00000000000002b8 RSI: 0000000020000040 RDI: 0000000000000003
RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 0000000000a9fb1f R14: 00007ff8eb8d8300 R15: 0000000000022000
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2021/06/28 14:56 | upstream | 62fb9874f5da | 9d2ab5df | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/06/26 06:40 | upstream | b7050b242430 | 9d2ab5df | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in fasync_remove_entry | |||
| 2021/06/25 15:28 | upstream | 44db63d1ad8d | ae6bf8dd | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in fasync_remove_entry | |||
| 2021/06/23 19:00 | upstream | 7266f2030eb0 | aba2b2fb | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/06/21 09:58 | upstream | cba5e97280f5 | aba2b2fb | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/06/15 11:00 | upstream | 009c9aa5be65 | 58636922 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/06/12 20:07 | upstream | ad347abe4a98 | 1ba81399 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/05/29 00:23 | upstream | 5ff2756afde0 | 858ea628 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in fasync_remove_entry | |||
| 2021/05/26 06:31 | upstream | ad9f25d33860 | 93d3a9f6 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in fasync_remove_entry | |||
| 2021/05/23 09:20 | upstream | 4d7620341eda | 3c7fef33 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in fasync_remove_entry | |||
| 2021/05/20 13:37 | upstream | c3d0e3fd41b7 | c560a65d | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/05/19 23:48 | upstream | 293837b9ac8d | a343ba6b | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in fasync_remove_entry | |||
| 2021/05/17 09:27 | upstream | d07f6ca923ea | a2eb125d | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in fasync_remove_entry | |||
| 2021/05/16 16:27 | upstream | 63d1cb53e26a | f54a5c09 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in fasync_remove_entry | |||
| 2021/05/14 08:56 | upstream | 315d99318179 | 8bdd5343 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/05/13 21:34 | upstream | c06a2ba62fc4 | 80f9b418 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in fasync_remove_entry | |||
| 2021/05/13 18:37 | upstream | c06a2ba62fc4 | 80f9b418 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in fasync_remove_entry | |||
| 2021/05/07 05:22 | upstream | d2b6f8a17919 | 06585184 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in fasync_remove_entry | |||
| 2021/05/03 20:24 | upstream | d2b6f8a17919 | ad61f371 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in fasync_remove_entry | |||
| 2021/04/21 18:57 | upstream | 16fc44d6387e | 95777977 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/04/21 01:30 | upstream | 1fe5501ba1ab | c0ced557 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in fasync_remove_entry | |||
| 2021/04/19 08:08 | upstream | bf05bf16c76b | 7e2b734b | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in fasync_remove_entry | |||
| 2021/04/17 20:51 | upstream | 194cf4825638 | 7e2b734b | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/04/16 17:11 | upstream | 2f7b98d1e55c | 7e2b734b | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/04/15 08:41 | upstream | 7f75285ca572 | fcdb12ba | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/04/14 14:48 | upstream | 50987beca096 | 3134b37f | .config | console log | report | info | ci-upstream-kasan-gce-root | possible deadlock in fasync_remove_entry | |||
| 2021/04/11 08:28 | upstream | 52e44129fba5 | bfeda1b1 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/04/10 11:26 | upstream | d4961772226d | bfeda1b1 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in fasync_remove_entry | |||
| 2021/04/10 05:06 | upstream | 17e7124aad76 | 6a81331a | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/04/08 16:10 | upstream | 454859c552da | 6a81331a | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in fasync_remove_entry | |||
| 2021/04/08 13:55 | upstream | 454859c552da | 6a81331a | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in fasync_remove_entry | |||
| 2021/04/06 04:14 | upstream | 0a50438c8436 | 6a81331a | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in fasync_remove_entry | |||
| 2021/04/04 18:39 | upstream | 2023a53bdf41 | 6a81331a | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/04/03 04:00 | upstream | d93a0d43e3d0 | 6a81331a | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in fasync_remove_entry | |||
| 2021/03/31 06:57 | upstream | 2bb25b3a748a | 6a81331a | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in fasync_remove_entry | |||
| 2021/03/29 14:22 | upstream | a5e13c6df0e4 | a8529b82 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in fasync_remove_entry | |||
| 2021/03/28 20:36 | upstream | 36a14638f7c0 | a8529b82 | .config | console log | report | info | ci-qemu-upstream | possible deadlock in fasync_remove_entry | |||
| 2021/06/25 20:11 | upstream | 44db63d1ad8d | ae6bf8dd | .config | console log | report | info | ci-upstream-kasan-gce-386 | possible deadlock in fasync_remove_entry | |||
| 2021/05/20 03:22 | upstream | c3d0e3fd41b7 | a343ba6b | .config | console log | report | info | ci-upstream-kasan-gce-386 | possible deadlock in fasync_remove_entry | |||
| 2021/05/16 14:24 | upstream | 63d1cb53e26a | f54a5c09 | .config | console log | report | info | ci-upstream-kasan-gce-386 | possible deadlock in fasync_remove_entry | |||
| 2021/05/14 16:50 | upstream | 315d99318179 | 8bdd5343 | .config | console log | report | info | ci-upstream-kasan-gce-386 | possible deadlock in fasync_remove_entry | |||
| 2021/05/13 01:11 | upstream | dbb5afad100a | ed7d41c5 | .config | console log | report | info | ci-upstream-kasan-gce-386 | possible deadlock in fasync_remove_entry | |||
| 2021/05/10 22:01 | upstream | 0aa099a312b6 | ca873091 | .config | console log | report | info | ci-upstream-kasan-gce-386 | possible deadlock in fasync_remove_entry | |||
| 2021/05/10 02:54 | upstream | 6efb943b8616 | bc5434be | .config | console log | report | info | ci-upstream-kasan-gce-386 | possible deadlock in fasync_remove_entry | |||
| 2021/04/16 20:18 | upstream | 2f7b98d1e55c | 7e2b734b | .config | console log | report | info | ci-upstream-kasan-gce-386 | possible deadlock in fasync_remove_entry | |||
| 2021/04/14 02:57 | upstream | eebe426d32e1 | a184b83e | .config | console log | report | info | ci-upstream-kasan-gce-386 | possible deadlock in fasync_remove_entry | |||
| 2021/04/11 03:27 | upstream | 52e44129fba5 | bfeda1b1 | .config | console log | report | info | ci-upstream-kasan-gce-386 | possible deadlock in fasync_remove_entry | |||
| 2021/04/05 21:59 | upstream | 0a50438c8436 | 6a81331a | .config | console log | report | info | ci-upstream-kasan-gce-386 | possible deadlock in fasync_remove_entry | |||
| 2021/04/02 13:31 | upstream | 1678e493d530 | 6a81331a | .config | console log | report | info | ci-upstream-kasan-gce-386 | possible deadlock in fasync_remove_entry | |||
| 2021/06/30 09:33 | linux-next | a1f92694393a | 84fd4c77 | .config | console log | report | info | ci-upstream-linux-next-kasan-gce-root | possible deadlock in fasync_remove_entry | |||
| 2021/05/29 18:20 | linux-next | a1f92694393a | 325a8dab | .config | console log | report | info | ci-upstream-linux-next-kasan-gce-root | possible deadlock in fasync_remove_entry | |||
| 2021/05/21 03:05 | linux-next | a1f92694393a | 3c7fef33 | .config | console log | report | info | ci-upstream-linux-next-kasan-gce-root | possible deadlock in fasync_remove_entry | |||
| 2021/05/15 11:02 | linux-next | cd557f1c605f | 93f844de | .config | console log | report | info | ci-upstream-linux-next-kasan-gce-root | possible deadlock in fasync_remove_entry | |||
| 2021/04/02 09:27 | linux-next | 454c576c3f5e | 6a81331a | .config | console log | report | info | ci-upstream-linux-next-kasan-gce-root | possible deadlock in fasync_remove_entry | |||
| 2021/01/16 13:18 | upstream | 1d94330a437a | 65a7a854 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | ||||
| 2021/01/08 14:55 | upstream | f5e6c330254a | c104d4a3 | .config | console log | report | info | ci-upstream-kasan-gce-root | ||||
| 2021/01/05 12:57 | upstream | 36bbbd0e234d | a0234d98 | .config | console log | report | info | ci-upstream-kasan-gce |