possible deadlock in fasync_remove

possible deadlock in fasync_remove_entry
Status: upstream: reported on 2021/01/09 13:05
Reported-by: syzbot+5252d2712377e3867125@syzkaller.appspotmail.com
First crash: 19d, last: 1d09h

Sample crash report:

=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
5.11.0-rc4-syzkaller #0 Not tainted
-----------------------------------------------------
syz-executor.2/14438 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffff88801847e638 (&f->f_owner.lock){.+.?}-{2:2}, at: send_sigio+0x2f/0x300 fs/fcntl.c:787

and this task is already holding:
ffff888016a8d168 (&new->fa_lock){....}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1004 [inline]
ffff888016a8d168 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x19b/0x440 fs/fcntl.c:1025
which would create a new lock dependency:
 (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){.+.?}-{2:2}

but this new dependency connects a SOFTIRQ-irq-safe lock:
 (fasync_lock){+.+.}-{2:2}

... which became SOFTIRQ-irq-safe at:
  lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
  spin_lock include/linux/spinlock.h:354 [inline]
  fasync_remove_entry+0x37/0x1d0 fs/fcntl.c:877
  __tty_fasync drivers/tty/tty_io.c:2130 [inline]
  tty_release+0x182/0xef0 drivers/tty/tty_io.c:1668
  __fput+0x34d/0x7a0 fs/file_table.c:280
  task_work_run+0x137/0x1c0 kernel/task_work.c:140
  tracehook_notify_resume include/linux/tracehook.h:189 [inline]
  exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
  exit_to_user_mode_prepare+0x10b/0x1e0 kernel/entry/common.c:201
  __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
  syscall_exit_to_user_mode+0x48/0x190 kernel/entry/common.c:302
  entry_SYSCALL_64_after_hwframe+0x44/0xa9

to a SOFTIRQ-irq-unsafe lock:
 (&f->f_owner.lock){.+.?}-{2:2}

... which became SOFTIRQ-irq-unsafe at:
...
  lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
  __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
  _raw_read_lock_irqsave+0x7b/0xb0 kernel/locking/spinlock.c:231
  send_sigurg+0x25/0x370 fs/fcntl.c:826
  sk_send_sigurg+0x6a/0xb0 net/core/sock.c:2938
  tcp_check_urg net/ipv4/tcp_input.c:5508 [inline]
  tcp_urg+0x26f/0xa90 net/ipv4/tcp_input.c:5549
  tcp_rcv_established+0xbf9/0x23e0 net/ipv4/tcp_input.c:5883
  tcp_v4_do_rcv+0x3a1/0x870 net/ipv4/tcp_ipv4.c:1676
  tcp_v4_rcv+0x3ca0/0x4ab0 net/ipv4/tcp_ipv4.c:2059
  ip_protocol_deliver_rcu+0x3ca/0x790 net/ipv4/ip_input.c:204
  ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
  NF_HOOK include/linux/netfilter.h:301 [inline]
  ip_local_deliver+0x311/0x490 net/ipv4/ip_input.c:252
  __netif_receive_skb_one_core net/core/dev.c:5323 [inline]
  __netif_receive_skb+0x128/0x3b0 net/core/dev.c:5437
  process_backlog+0x478/0x8c0 net/core/dev.c:6327
  napi_poll net/core/dev.c:6805 [inline]
  net_rx_action+0x62f/0x1210 net/core/dev.c:6888
  __do_softirq+0x318/0x714 kernel/softirq.c:343
  run_ksoftirqd+0x63/0xa0 kernel/softirq.c:650
  smpboot_thread_fn+0x572/0x970 kernel/smpboot.c:165
  kthread+0x39a/0x3c0 kernel/kthread.c:292
  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

other info that might help us debug this:

Chain exists of:
  fasync_lock --> &new->fa_lock --> &f->f_owner.lock

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&f->f_owner.lock);
                               local_irq_disable();
                               lock(fasync_lock);
                               lock(&new->fa_lock);
  <Interrupt>
    lock(fasync_lock);

 *** DEADLOCK ***

8 locks held by syz-executor.2/14438:
 #0: ffff88801dd3b110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1cf/0x6a0 drivers/input/evdev.c:513
 #1: ffff888144cac230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xb3/0x280 drivers/input/input.c:471
 #2: ffffffff8bd11580 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:258
 #3: ffffffff8bd11580 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:258
 #4: ffffffff8bd11580 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:258
 #5: ffff88802a1b7028 (&client->buffer_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline]
 #5: ffff88802a1b7028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xd9/0xaa0 drivers/input/evdev.c:261
 #6: ffffffff8bd11580 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:258
 #7: ffff888016a8d168 (&new->fa_lock){....}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1004 [inline]
 #7: ffff888016a8d168 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x19b/0x440 fs/fcntl.c:1025

the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
 -> (fasync_lock){+.+.}-{2:2} {
    HARDIRQ-ON-W at:
                      lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
                      __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                      _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
                      spin_lock include/linux/spinlock.h:354 [inline]
                      fasync_remove_entry+0x37/0x1d0 fs/fcntl.c:877
                      __tty_fasync drivers/tty/tty_io.c:2130 [inline]
                      tty_release+0x182/0xef0 drivers/tty/tty_io.c:1668
                      __fput+0x34d/0x7a0 fs/file_table.c:280
                      task_work_run+0x137/0x1c0 kernel/task_work.c:140
                      tracehook_notify_resume include/linux/tracehook.h:189 [inline]
                      exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
                      exit_to_user_mode_prepare+0x10b/0x1e0 kernel/entry/common.c:201
                      __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
                      syscall_exit_to_user_mode+0x48/0x190 kernel/entry/common.c:302
                      entry_SYSCALL_64_after_hwframe+0x44/0xa9
    SOFTIRQ-ON-W at:
                      lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
                      __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                      _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
                      spin_lock include/linux/spinlock.h:354 [inline]
                      fasync_remove_entry+0x37/0x1d0 fs/fcntl.c:877
                      __tty_fasync drivers/tty/tty_io.c:2130 [inline]
                      tty_release+0x182/0xef0 drivers/tty/tty_io.c:1668
                      __fput+0x34d/0x7a0 fs/file_table.c:280
                      task_work_run+0x137/0x1c0 kernel/task_work.c:140
                      tracehook_notify_resume include/linux/tracehook.h:189 [inline]
                      exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
                      exit_to_user_mode_prepare+0x10b/0x1e0 kernel/entry/common.c:201
                      __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
                      syscall_exit_to_user_mode+0x48/0x190 kernel/entry/common.c:302
                      entry_SYSCALL_64_after_hwframe+0x44/0xa9
    INITIAL USE at:
                     lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
                     __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
                     _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
                     spin_lock include/linux/spinlock.h:354 [inline]
                     fasync_remove_entry+0x37/0x1d0 fs/fcntl.c:877
                     __tty_fasync drivers/tty/tty_io.c:2130 [inline]
                     tty_release+0x182/0xef0 drivers/tty/tty_io.c:1668
                     __fput+0x34d/0x7a0 fs/file_table.c:280
                     task_work_run+0x137/0x1c0 kernel/task_work.c:140
                     tracehook_notify_resume include/linux/tracehook.h:189 [inline]
                     exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
                     exit_to_user_mode_prepare+0x10b/0x1e0 kernel/entry/common.c:201
                     __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
                     syscall_exit_to_user_mode+0x48/0x190 kernel/entry/common.c:302
                     entry_SYSCALL_64_after_hwframe+0x44/0xa9
  }
  ... key      at: [<ffffffff8bdf9db8>] fasync_lock+0x18/0x80
  ... acquired at:
   lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
   __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
   _raw_write_lock_irq+0x6f/0xa0 kernel/locking/spinlock.c:311
   fasync_remove_entry+0xff/0x1d0 fs/fcntl.c:882
   __fput+0x656/0x7a0 fs/file_table.c:277
   task_work_run+0x137/0x1c0 kernel/task_work.c:140
   tracehook_notify_resume include/linux/tracehook.h:189 [inline]
   exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
   exit_to_user_mode_prepare+0x10b/0x1e0 kernel/entry/common.c:201
   __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
   syscall_exit_to_user_mode+0x48/0x190 kernel/entry/common.c:302
   entry_SYSCALL_64_after_hwframe+0x44/0xa9

-> (&new->fa_lock){....}-{2:2} {
   INITIAL USE at:
                   lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
                   __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
                   _raw_write_lock_irq+0x6f/0xa0 kernel/locking/spinlock.c:311
                   fasync_remove_entry+0xff/0x1d0 fs/fcntl.c:882
                   __fput+0x656/0x7a0 fs/file_table.c:277
                   task_work_run+0x137/0x1c0 kernel/task_work.c:140
                   tracehook_notify_resume include/linux/tracehook.h:189 [inline]
                   exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
                   exit_to_user_mode_prepare+0x10b/0x1e0 kernel/entry/common.c:201
                   __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
                   syscall_exit_to_user_mode+0x48/0x190 kernel/entry/common.c:302
                   entry_SYSCALL_64_after_hwframe+0x44/0xa9
   INITIAL READ USE at:
                        lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
                        __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                        _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:223
                        kill_fasync_rcu fs/fcntl.c:1004 [inline]
                        kill_fasync+0x19b/0x440 fs/fcntl.c:1025
                        __pass_event drivers/input/evdev.c:240 [inline]
                        evdev_pass_values+0x58a/0xaa0 drivers/input/evdev.c:278
                        evdev_events+0x1c5/0x270 drivers/input/evdev.c:306
                        input_to_handler drivers/input/input.c:115 [inline]
                        input_pass_values+0x89c/0x11d0 drivers/input/input.c:145
                        input_handle_event+0xb99/0x1550 drivers/input/input.c:404
                        input_inject_event+0x1e8/0x280 drivers/input/input.c:476
                        evdev_write+0x54d/0x6a0 drivers/input/evdev.c:530
                        vfs_write+0x220/0xab0 fs/read_write.c:603
                        ksys_write+0x11b/0x220 fs/read_write.c:658
                        do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
                        entry_SYSCALL_64_after_hwframe+0x44/0xa9
 }
 ... key      at: [<ffffffff8f5c8e20>] fasync_insert_entry.__key+0x0/0x40
 ... acquired at:
   lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
   _raw_read_lock_irqsave+0x7b/0xb0 kernel/locking/spinlock.c:231
   send_sigio+0x2f/0x300 fs/fcntl.c:787
   kill_fasync_rcu fs/fcntl.c:1011 [inline]
   kill_fasync+0x243/0x440 fs/fcntl.c:1025
   __pass_event drivers/input/evdev.c:240 [inline]
   evdev_pass_values+0x58a/0xaa0 drivers/input/evdev.c:278
   evdev_events+0x1c5/0x270 drivers/input/evdev.c:306
   input_to_handler drivers/input/input.c:115 [inline]
   input_pass_values+0x89c/0x11d0 drivers/input/input.c:145
   input_handle_event+0xb99/0x1550 drivers/input/input.c:404
   input_inject_event+0x1e8/0x280 drivers/input/input.c:476
   evdev_write+0x54d/0x6a0 drivers/input/evdev.c:530
   vfs_write+0x220/0xab0 fs/read_write.c:603
   ksys_write+0x11b/0x220 fs/read_write.c:658
   do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
   entry_SYSCALL_64_after_hwframe+0x44/0xa9


the dependencies between the lock to be acquired
 and SOFTIRQ-irq-unsafe lock:
-> (&f->f_owner.lock){.+.?}-{2:2} {
   HARDIRQ-ON-R at:
                    lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
                    __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                    _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:223
                    f_getown_ex fs/fcntl.c:206 [inline]
                    do_fcntl+0xb0/0x11b0 fs/fcntl.c:387
                    __do_sys_fcntl fs/fcntl.c:463 [inline]
                    __se_sys_fcntl+0xd8/0x1b0 fs/fcntl.c:448
                    do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
                    entry_SYSCALL_64_after_hwframe+0x44/0xa9
   IN-SOFTIRQ-R at:
                    lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
                    __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
                    _raw_read_lock_irqsave+0x7b/0xb0 kernel/locking/spinlock.c:231
                    send_sigurg+0x25/0x370 fs/fcntl.c:826
                    sk_send_sigurg+0x6a/0xb0 net/core/sock.c:2938
                    tcp_check_urg net/ipv4/tcp_input.c:5508 [inline]
                    tcp_urg+0x26f/0xa90 net/ipv4/tcp_input.c:5549
                    tcp_rcv_established+0xbf9/0x23e0 net/ipv4/tcp_input.c:5883
                    tcp_v4_do_rcv+0x3a1/0x870 net/ipv4/tcp_ipv4.c:1676
                    tcp_v4_rcv+0x3ca0/0x4ab0 net/ipv4/tcp_ipv4.c:2059
                    ip_protocol_deliver_rcu+0x3ca/0x790 net/ipv4/ip_input.c:204
                    ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
                    NF_HOOK include/linux/netfilter.h:301 [inline]
                    ip_local_deliver+0x311/0x490 net/ipv4/ip_input.c:252
                    __netif_receive_skb_one_core net/core/dev.c:5323 [inline]
                    __netif_receive_skb+0x128/0x3b0 net/core/dev.c:5437
                    process_backlog+0x478/0x8c0 net/core/dev.c:6327
                    napi_poll net/core/dev.c:6805 [inline]
                    net_rx_action+0x62f/0x1210 net/core/dev.c:6888
                    __do_softirq+0x318/0x714 kernel/softirq.c:343
                    run_ksoftirqd+0x63/0xa0 kernel/softirq.c:650
                    smpboot_thread_fn+0x572/0x970 kernel/smpboot.c:165
                    kthread+0x39a/0x3c0 kernel/kthread.c:292
                    ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
   SOFTIRQ-ON-R at:
                    lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
                    __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                    _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:223
                    f_getown_ex fs/fcntl.c:206 [inline]
                    do_fcntl+0xb0/0x11b0 fs/fcntl.c:387
                    __do_sys_fcntl fs/fcntl.c:463 [inline]
                    __se_sys_fcntl+0xd8/0x1b0 fs/fcntl.c:448
                    do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
                    entry_SYSCALL_64_after_hwframe+0x44/0xa9
   INITIAL USE at:
                   lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
                   __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline]
                   _raw_write_lock_irq+0x6f/0xa0 kernel/locking/spinlock.c:311
                   f_modown+0x38/0x340 fs/fcntl.c:90
                   __f_setown fs/fcntl.c:109 [inline]
                   f_setown+0x113/0x1a0 fs/fcntl.c:137
                   do_fcntl+0x175/0x11b0 fs/fcntl.c:384
                   __do_sys_fcntl fs/fcntl.c:463 [inline]
                   __se_sys_fcntl+0xd8/0x1b0 fs/fcntl.c:448
                   do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
                   entry_SYSCALL_64_after_hwframe+0x44/0xa9
   INITIAL READ USE at:
                        lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
                        __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
                        _raw_read_lock_irqsave+0x7b/0xb0 kernel/locking/spinlock.c:231
                        send_sigurg+0x25/0x370 fs/fcntl.c:826
                        sk_send_sigurg+0x6a/0xb0 net/core/sock.c:2938
                        tcp_check_urg net/ipv4/tcp_input.c:5508 [inline]
                        tcp_urg+0x26f/0xa90 net/ipv4/tcp_input.c:5549
                        tcp_rcv_established+0xbf9/0x23e0 net/ipv4/tcp_input.c:5883
                        tcp_v4_do_rcv+0x3a1/0x870 net/ipv4/tcp_ipv4.c:1676
                        sk_backlog_rcv include/net/sock.h:1016 [inline]
                        __release_sock+0x1db/0x4c0 net/core/sock.c:2542
                        release_sock+0x5d/0x1c0 net/core/sock.c:3066
                        sk_stream_wait_memory+0x684/0xd20 net/core/stream.c:145
                        tcp_sendmsg_locked+0xd65/0x3f40 net/ipv4/tcp.c:1419
                        tcp_sendmsg+0x2c/0x40 net/ipv4/tcp.c:1459
                        sock_sendmsg_nosec net/socket.c:652 [inline]
                        sock_sendmsg net/socket.c:672 [inline]
                        __sys_sendto+0x438/0x5c0 net/socket.c:1975
                        __do_sys_sendto net/socket.c:1987 [inline]
                        __se_sys_sendto net/socket.c:1983 [inline]
                        __x64_sys_sendto+0xda/0xf0 net/socket.c:1983
                        do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
                        entry_SYSCALL_64_after_hwframe+0x44/0xa9
 }
 ... key      at: [<ffffffff8f5c7f60>] __alloc_file.__key+0x0/0x10
 ... acquired at:
   lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
   _raw_read_lock_irqsave+0x7b/0xb0 kernel/locking/spinlock.c:231
   send_sigio+0x2f/0x300 fs/fcntl.c:787
   kill_fasync_rcu fs/fcntl.c:1011 [inline]
   kill_fasync+0x243/0x440 fs/fcntl.c:1025
   __pass_event drivers/input/evdev.c:240 [inline]
   evdev_pass_values+0x58a/0xaa0 drivers/input/evdev.c:278
   evdev_events+0x1c5/0x270 drivers/input/evdev.c:306
   input_to_handler drivers/input/input.c:115 [inline]
   input_pass_values+0x89c/0x11d0 drivers/input/input.c:145
   input_handle_event+0xb99/0x1550 drivers/input/input.c:404
   input_inject_event+0x1e8/0x280 drivers/input/input.c:476
   evdev_write+0x54d/0x6a0 drivers/input/evdev.c:530
   vfs_write+0x220/0xab0 fs/read_write.c:603
   ksys_write+0x11b/0x220 fs/read_write.c:658
   do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
   entry_SYSCALL_64_after_hwframe+0x44/0xa9


stack backtrace:
CPU: 0 PID: 14438 Comm: syz-executor.2 Not tainted 5.11.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x137/0x1be lib/dump_stack.c:120
 print_bad_irq_dependency kernel/locking/lockdep.c:2452 [inline]
 check_irq_usage kernel/locking/lockdep.c:2681 [inline]
 check_prev_add kernel/locking/lockdep.c:2872 [inline]
 check_prevs_add+0x460c/0x5280 kernel/locking/lockdep.c:2993
 validate_chain kernel/locking/lockdep.c:3608 [inline]
 __lock_acquire+0x4227/0x5e90 kernel/locking/lockdep.c:4832
 lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5437
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
 _raw_read_lock_irqsave+0x7b/0xb0 kernel/locking/spinlock.c:231
 send_sigio+0x2f/0x300 fs/fcntl.c:787
 kill_fasync_rcu fs/fcntl.c:1011 [inline]
 kill_fasync+0x243/0x440 fs/fcntl.c:1025
 __pass_event drivers/input/evdev.c:240 [inline]
 evdev_pass_values+0x58a/0xaa0 drivers/input/evdev.c:278
 evdev_events+0x1c5/0x270 drivers/input/evdev.c:306
 input_to_handler drivers/input/input.c:115 [inline]
 input_pass_values+0x89c/0x11d0 drivers/input/input.c:145
 input_handle_event+0xb99/0x1550 drivers/input/input.c:404
 input_inject_event+0x1e8/0x280 drivers/input/input.c:476
 evdev_write+0x54d/0x6a0 drivers/input/evdev.c:530
 vfs_write+0x220/0xab0 fs/read_write.c:603
 ksys_write+0x11b/0x220 fs/read_write.c:658
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45e219
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f9c6f4e6c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e219
RDX: 00000000000000c0 RSI: 0000000020000040 RDI: 0000000000000003
RBP: 000000000119bfc0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c
R13: 00007fff60a0e17f R14: 00007f9c6f4e79c0 R15: 000000000119bf8c

Crashes (24):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Maintainers
ci-upstream-kasan-gce-smack-root	2021/01/23 23:15	upstream	e1ae4b0b	52e37319	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-root	2021/01/22 22:28	upstream	83d09ad4	4080af96	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce	2021/01/22 02:06	upstream	9791581c	d4f4eca5	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce	2021/01/21 11:37	upstream	9791581c	d4f4eca5	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-smack-root	2021/01/20 07:52	upstream	45dfb8a5	63631df1	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-smack-root	2021/01/18 03:08	upstream	a1339d63	fd103621	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce	2021/01/17 17:17	upstream	0da0a8a0	813be542	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-386	2021/01/22 21:04	upstream	83d09ad4	4080af96	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-386	2021/01/19 02:14	upstream	19c329f6	63631df1	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root	2021/01/23 10:38	linux-next	bc085f8f	52e37319	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root	2021/01/21 14:21	linux-next	bc085f8f	d4f4eca5	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-selinux-root	2021/01/16 13:18	upstream	1d94330a	65a7a854	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce	2021/01/09 23:34	upstream	996e435f	2c1f2513	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-root	2021/01/08 14:55	upstream	f5e6c330	c104d4a3	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-selinux-root	2021/01/07 05:46	upstream	9f1abbe9	c104d4a3	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-root	2021/01/05 16:21	upstream	36bbbd0e	a0234d98	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce	2021/01/05 12:57	upstream	36bbbd0e	a0234d98	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-386	2021/01/12 04:29	upstream	a0d54b4f	2c1f2513	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-386	2021/01/09 20:01	upstream	996e435f	2c1f2513	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-386	2021/01/09 17:45	upstream	996e435f	2c1f2513	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-386	2021/01/09 12:29	upstream	996e435f	a6c52263	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-386	2021/01/08 22:42	upstream	6279d812	c104d4a3	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-386	2021/01/05 15:36	upstream	36bbbd0e	a0234d98	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root	2021/01/15 11:10	linux-next	b3a3cbde	65a7a854	.config	log	report	info	bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk