./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2714222809 <...> Warning: Permanently added '10.128.1.29' (ED25519) to the list of known hosts. execve("./syz-executor2714222809", ["./syz-executor2714222809"], 0x7fffc397b430 /* 10 vars */) = 0 brk(NULL) = 0x555556e1d000 brk(0x555556e1dd00) = 0x555556e1dd00 arch_prctl(ARCH_SET_FS, 0x555556e1d380) = 0 set_tid_address(0x555556e1d650) = 5067 set_robust_list(0x555556e1d660, 24) = 0 rseq(0x555556e1dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2714222809", 4096) = 28 getrandom("\x38\x55\x86\x8b\x26\xe5\x47\x38", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556e1dd00 brk(0x555556e3ed00) = 0x555556e3ed00 brk(0x555556e3f000) = 0x555556e3f000 mprotect(0x7f35ad68f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0 fcntl(3, F_SETOWN, -1) = 0 sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="<", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_OOB|MSG_DONTROUTE|MSG_PROBE|MSG_NOSIGNAL|MSG_BATCH|MSG_ZEROCOPY|MSG_FASTOPEN) = 1 ioctl(-1, EVIOCSFF, {type=0 /* FF_??? */, id=0, direction=0, ...}) = -1 EBADF (Bad file descriptor) openat(AT_FDCWD, "/dev/input/event2", O_RDONLY) = 5 ioctl(5, FIOASYNC, [2047]) = 0 openat(AT_FDCWD, "/dev/input/event2", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000) = 6 [ 54.864153][ T5067] [ 54.866510][ T5067] ===================================================== [ 54.873420][ T5067] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 54.880853][ T5067] 6.7.0-rc1-syzkaller-00125-g7475e51b8796 #0 Not tainted [ 54.887848][ T5067] ----------------------------------------------------- [ 54.894752][ T5067] syz-executor271/5067 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 54.902791][ T5067] ffff88801c73a618 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x28/0x3c0 [ 54.911578][ T5067] [ 54.911578][ T5067] and this task is already holding: [ 54.918921][ T5067] ffff888073d6e018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x138/0x4f0 [ 54.927613][ T5067] which would create a new lock dependency: [ 54.933482][ T5067] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){....}-{2:2} [ 54.941209][ T5067] [ 54.941209][ T5067] but this new dependency connects a HARDIRQ-irq-safe lock: [ 54.950637][ T5067] (&dev->event_lock#2){-...}-{2:2} [ 54.950660][ T5067] [ 54.950660][ T5067] ... which became HARDIRQ-irq-safe at: [ 54.963530][ T5067] lock_acquire+0x1ae/0x520 [ 54.968117][ T5067] _raw_spin_lock_irqsave+0x3a/0x50 [ 54.973403][ T5067] input_event+0x70/0xa0 [ 54.977723][ T5067] psmouse_report_standard_buttons+0x30/0x80 [ 54.983775][ T5067] psmouse_process_byte+0x39c/0x8a0 [ 54.989048][ T5067] psmouse_handle_byte+0x41/0x560 [ 54.994143][ T5067] psmouse_receive_byte+0x243/0xe10 [ 54.999409][ T5067] ps2_interrupt+0x1fe/0x5a0 [ 55.004079][ T5067] serio_interrupt+0x8d/0x150 [ 55.008834][ T5067] i8042_interrupt+0x3f2/0x8a0 [ 55.013674][ T5067] __handle_irq_event_percpu+0x22a/0x750 [ 55.019384][ T5067] handle_irq_event+0xab/0x1e0 [ 55.024221][ T5067] handle_edge_irq+0x261/0xcf0 [ 55.029092][ T5067] __common_interrupt+0xdb/0x240 [ 55.034107][ T5067] common_interrupt+0xab/0xd0 [ 55.038858][ T5067] asm_common_interrupt+0x26/0x40 [ 55.043961][ T5067] _raw_spin_unlock_irqrestore+0x31/0x70 [ 55.049662][ T5067] kthread+0x1fd/0x3a0 [ 55.053801][ T5067] ret_from_fork+0x45/0x80 [ 55.058291][ T5067] ret_from_fork_asm+0x11/0x20 [ 55.063132][ T5067] [ 55.063132][ T5067] to a HARDIRQ-irq-unsafe lock: [ 55.070125][ T5067] (tasklist_lock){.+.+}-{2:2} [ 55.070144][ T5067] [ 55.070144][ T5067] ... which became HARDIRQ-irq-unsafe at: [ 55.082757][ T5067] ... [ 55.082761][ T5067] lock_acquire+0x1ae/0x520 [ 55.089901][ T5067] _raw_read_lock+0x5f/0x70 [ 55.094476][ T5067] __do_wait+0x105/0x890 [ 55.098786][ T5067] do_wait+0x212/0x530 [ 55.102923][ T5067] kernel_wait+0xa0/0x150 [ 55.107323][ T5067] call_usermodehelper_exec_work+0xf1/0x170 [ 55.113288][ T5067] process_one_work+0x886/0x15d0 [ 55.118299][ T5067] worker_thread+0x8b9/0x1290 [ 55.123053][ T5067] kthread+0x2c6/0x3a0 [ 55.127192][ T5067] ret_from_fork+0x45/0x80 [ 55.131683][ T5067] ret_from_fork_asm+0x11/0x20 [ 55.136519][ T5067] [ 55.136519][ T5067] other info that might help us debug this: [ 55.136519][ T5067] [ 55.146728][ T5067] Chain exists of: [ 55.146728][ T5067] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 55.146728][ T5067] [ 55.159661][ T5067] Possible interrupt unsafe locking scenario: [ 55.159661][ T5067] [ 55.167957][ T5067] CPU0 CPU1 [ 55.173299][ T5067] ---- ---- [ 55.178663][ T5067] lock(tasklist_lock); [ 55.182887][ T5067] local_irq_disable(); [ 55.189617][ T5067] lock(&dev->event_lock#2); [ 55.196796][ T5067] lock(&new->fa_lock); [ 55.203539][ T5067] [ 55.206972][ T5067] lock(&dev->event_lock#2); [ 55.211807][ T5067] [ 55.211807][ T5067] *** DEADLOCK *** [ 55.211807][ T5067] [ 55.219930][ T5067] 8 locks held by syz-executor271/5067: [ 55.225597][ T5067] #0: ffff888021418110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x201/0x750 [ 55.234761][ T5067] #1: ffff888021101230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xa4/0x370 [ 55.244849][ T5067] #2: ffffffff8cfabce0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xca/0x370 [ 55.254495][ T5067] #3: ffffffff8cfabce0 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0xb2/0x840 [ 55.264053][ T5067] #4: ffffffff8cfabce0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x87/0x390 [ 55.273184][ T5067] #5: ffff888079dc4028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 55.283444][ T5067] #6: ffffffff8cfabce0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x6d/0x4f0 [ 55.292483][ T5067] #7: ffff888073d6e018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x138/0x4f0 [ 55.301608][ T5067] [ 55.301608][ T5067] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 55.311992][ T5067] -> (&dev->event_lock#2){-...}-{2:2} { [ 55.317711][ T5067] IN-HARDIRQ-W at: [ 55.321852][ T5067] lock_acquire+0x1ae/0x520 [ 55.328351][ T5067] _raw_spin_lock_irqsave+0x3a/0x50 [ 55.335532][ T5067] input_event+0x70/0xa0 [ 55.341758][ T5067] psmouse_report_standard_buttons+0x30/0x80 [ 55.349738][ T5067] psmouse_process_byte+0x39c/0x8a0 [ 55.356919][ T5067] psmouse_handle_byte+0x41/0x560 [ 55.363926][ T5067] psmouse_receive_byte+0x243/0xe10 [ 55.371108][ T5067] ps2_interrupt+0x1fe/0x5a0 [ 55.377690][ T5067] serio_interrupt+0x8d/0x150 [ 55.384355][ T5067] i8042_interrupt+0x3f2/0x8a0 [ 55.391112][ T5067] __handle_irq_event_percpu+0x22a/0x750 [ 55.398735][ T5067] handle_irq_event+0xab/0x1e0 [ 55.405498][ T5067] handle_edge_irq+0x261/0xcf0 [ 55.412251][ T5067] __common_interrupt+0xdb/0x240 [ 55.419176][ T5067] common_interrupt+0xab/0xd0 [ 55.425842][ T5067] asm_common_interrupt+0x26/0x40 [ 55.432858][ T5067] _raw_spin_unlock_irqrestore+0x31/0x70 [ 55.440476][ T5067] kthread+0x1fd/0x3a0 [ 55.446550][ T5067] ret_from_fork+0x45/0x80 [ 55.452954][ T5067] ret_from_fork_asm+0x11/0x20 [ 55.459723][ T5067] INITIAL USE at: [ 55.463782][ T5067] lock_acquire+0x1ae/0x520 [ 55.470197][ T5067] _raw_spin_lock_irqsave+0x3a/0x50 [ 55.477293][ T5067] input_inject_event+0xa4/0x370 [ 55.484147][ T5067] led_set_brightness+0x211/0x290 [ 55.491089][ T5067] led_trigger_event+0xb2/0x240 [ 55.497857][ T5067] kbd_led_trigger_activate+0xc6/0x100 [ 55.505225][ T5067] led_trigger_set+0x589/0xc00 [ 55.511912][ T5067] led_trigger_set_default+0x1d2/0x230 [ 55.519295][ T5067] led_classdev_register_ext+0x78d/0xa10 [ 55.526841][ T5067] input_leds_connect+0x54a/0x8d0 [ 55.533769][ T5067] input_attach_handler.isra.0+0x17c/0x250 [ 55.541478][ T5067] input_register_device+0xb1e/0x1130 [ 55.548767][ T5067] atkbd_connect+0x5e2/0xa20 [ 55.555274][ T5067] serio_driver_probe+0x71/0xa0 [ 55.562033][ T5067] really_probe+0x234/0xc90 [ 55.568439][ T5067] __driver_probe_device+0x1de/0x4b0 [ 55.575627][ T5067] driver_probe_device+0x4c/0x1a0 [ 55.582558][ T5067] __driver_attach+0x274/0x570 [ 55.589227][ T5067] bus_for_each_dev+0x13c/0x1d0 [ 55.595980][ T5067] serio_handle_event+0x2b8/0xa90 [ 55.602906][ T5067] process_one_work+0x886/0x15d0 [ 55.609767][ T5067] worker_thread+0x8b9/0x1290 [ 55.616387][ T5067] kthread+0x2c6/0x3a0 [ 55.622383][ T5067] ret_from_fork+0x45/0x80 [ 55.628698][ T5067] ret_from_fork_asm+0x11/0x20 [ 55.635364][ T5067] } [ 55.638018][ T5067] ... key at: [] __key.6+0x0/0x40 [ 55.645287][ T5067] -> (&client->buffer_lock){....}-{2:2} { [ 55.651096][ T5067] INITIAL USE at: [ 55.655061][ T5067] lock_acquire+0x1ae/0x520 [ 55.661299][ T5067] _raw_spin_lock+0x2e/0x40 [ 55.667527][ T5067] evdev_pass_values+0x10e/0x9b0 [ 55.674194][ T5067] evdev_events+0x1b7/0x390 [ 55.680428][ T5067] input_to_handler+0x29e/0x4c0 [ 55.686999][ T5067] input_pass_values+0x5c9/0x840 [ 55.693658][ T5067] input_event_dispose+0x377/0x630 [ 55.700512][ T5067] input_handle_event+0x11c/0xd80 [ 55.707257][ T5067] input_inject_event+0x1bb/0x370 [ 55.714005][ T5067] evdev_write+0x456/0x750 [ 55.720147][ T5067] vfs_write+0x2a4/0xdf0 [ 55.726123][ T5067] ksys_write+0x1f0/0x250 [ 55.732173][ T5067] do_syscall_64+0x40/0x110 [ 55.738402][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.746027][ T5067] } [ 55.748592][ T5067] ... key at: [] __key.3+0x0/0x40 [ 55.755778][ T5067] ... acquired at: [ 55.759647][ T5067] _raw_spin_lock+0x2e/0x40 [ 55.764311][ T5067] evdev_pass_values+0x10e/0x9b0 [ 55.769414][ T5067] evdev_events+0x1b7/0x390 [ 55.774079][ T5067] input_to_handler+0x29e/0x4c0 [ 55.779083][ T5067] input_pass_values+0x5c9/0x840 [ 55.784177][ T5067] input_event_dispose+0x377/0x630 [ 55.789447][ T5067] input_handle_event+0x11c/0xd80 [ 55.794628][ T5067] input_inject_event+0x1bb/0x370 [ 55.799809][ T5067] evdev_write+0x456/0x750 [ 55.804389][ T5067] vfs_write+0x2a4/0xdf0 [ 55.808788][ T5067] ksys_write+0x1f0/0x250 [ 55.813273][ T5067] do_syscall_64+0x40/0x110 [ 55.817958][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.824017][ T5067] [ 55.826322][ T5067] -> (&new->fa_lock){....}-{2:2} { [ 55.831435][ T5067] INITIAL READ USE at: [ 55.835743][ T5067] lock_acquire+0x1ae/0x520 [ 55.842240][ T5067] _raw_read_lock_irqsave+0x70/0x90 [ 55.849421][ T5067] kill_fasync+0x138/0x4f0 [ 55.855823][ T5067] evdev_pass_values+0x619/0x9b0 [ 55.862759][ T5067] evdev_events+0x1b7/0x390 [ 55.869252][ T5067] input_to_handler+0x29e/0x4c0 [ 55.876085][ T5067] input_pass_values+0x5c9/0x840 [ 55.883006][ T5067] input_event_dispose+0x377/0x630 [ 55.890102][ T5067] input_handle_event+0x11c/0xd80 [ 55.897109][ T5067] input_inject_event+0x1bb/0x370 [ 55.904287][ T5067] evdev_write+0x456/0x750 [ 55.910693][ T5067] vfs_write+0x2a4/0xdf0 [ 55.916916][ T5067] ksys_write+0x1f0/0x250 [ 55.923228][ T5067] do_syscall_64+0x40/0x110 [ 55.929718][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.937598][ T5067] } [ 55.940077][ T5067] ... key at: [] __key.0+0x0/0x40 [ 55.947173][ T5067] ... acquired at: [ 55.950954][ T5067] _raw_read_lock_irqsave+0x70/0x90 [ 55.956312][ T5067] kill_fasync+0x138/0x4f0 [ 55.960898][ T5067] evdev_pass_values+0x619/0x9b0 [ 55.965998][ T5067] evdev_events+0x1b7/0x390 [ 55.970664][ T5067] input_to_handler+0x29e/0x4c0 [ 55.975671][ T5067] input_pass_values+0x5c9/0x840 [ 55.980766][ T5067] input_event_dispose+0x377/0x630 [ 55.986046][ T5067] input_handle_event+0x11c/0xd80 [ 55.991229][ T5067] input_inject_event+0x1bb/0x370 [ 55.996413][ T5067] evdev_write+0x456/0x750 [ 56.000994][ T5067] vfs_write+0x2a4/0xdf0 [ 56.005395][ T5067] ksys_write+0x1f0/0x250 [ 56.009882][ T5067] do_syscall_64+0x40/0x110 [ 56.014546][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.020607][ T5067] [ 56.022913][ T5067] [ 56.022913][ T5067] the dependencies between the lock to be acquired [ 56.022919][ T5067] and HARDIRQ-irq-unsafe lock: [ 56.036405][ T5067] -> (tasklist_lock){.+.+}-{2:2} { [ 56.041604][ T5067] HARDIRQ-ON-R at: [ 56.045650][ T5067] lock_acquire+0x1ae/0x520 [ 56.051971][ T5067] _raw_read_lock+0x5f/0x70 [ 56.058284][ T5067] __do_wait+0x105/0x890 [ 56.064342][ T5067] do_wait+0x212/0x530 [ 56.070216][ T5067] kernel_wait+0xa0/0x150 [ 56.076373][ T5067] call_usermodehelper_exec_work+0xf1/0x170 [ 56.084077][ T5067] process_one_work+0x886/0x15d0 [ 56.090831][ T5067] worker_thread+0x8b9/0x1290 [ 56.097317][ T5067] kthread+0x2c6/0x3a0 [ 56.103221][ T5067] ret_from_fork+0x45/0x80 [ 56.109453][ T5067] ret_from_fork_asm+0x11/0x20 [ 56.116031][ T5067] SOFTIRQ-ON-R at: [ 56.120078][ T5067] lock_acquire+0x1ae/0x520 [ 56.126397][ T5067] _raw_read_lock+0x5f/0x70 [ 56.132707][ T5067] __do_wait+0x105/0x890 [ 56.138755][ T5067] do_wait+0x212/0x530 [ 56.144633][ T5067] kernel_wait+0xa0/0x150 [ 56.150768][ T5067] call_usermodehelper_exec_work+0xf1/0x170 [ 56.158474][ T5067] process_one_work+0x886/0x15d0 [ 56.165229][ T5067] worker_thread+0x8b9/0x1290 [ 56.171716][ T5067] kthread+0x2c6/0x3a0 [ 56.177593][ T5067] ret_from_fork+0x45/0x80 [ 56.183822][ T5067] ret_from_fork_asm+0x11/0x20 [ 56.190421][ T5067] INITIAL USE at: [ 56.194387][ T5067] lock_acquire+0x1ae/0x520 [ 56.200626][ T5067] _raw_write_lock_irq+0x36/0x50 [ 56.207293][ T5067] copy_process+0x4cfa/0x73f0 [ 56.213701][ T5067] kernel_clone+0xfd/0x930 [ 56.219843][ T5067] user_mode_thread+0xb4/0xf0 [ 56.226244][ T5067] rest_init+0x27/0x2b0 [ 56.232297][ T5067] arch_call_rest_init+0x13/0x30 [ 56.238958][ T5067] start_kernel+0x39f/0x480 [ 56.245181][ T5067] x86_64_start_reservations+0x18/0x30 [ 56.252375][ T5067] x86_64_start_kernel+0xb2/0xc0 [ 56.259053][ T5067] secondary_startup_64_no_verify+0x166/0x16b [ 56.266849][ T5067] INITIAL READ USE at: [ 56.271249][ T5067] lock_acquire+0x1ae/0x520 [ 56.277917][ T5067] _raw_read_lock+0x5f/0x70 [ 56.284593][ T5067] __do_wait+0x105/0x890 [ 56.290989][ T5067] do_wait+0x212/0x530 [ 56.297211][ T5067] kernel_wait+0xa0/0x150 [ 56.303695][ T5067] call_usermodehelper_exec_work+0xf1/0x170 [ 56.311745][ T5067] process_one_work+0x886/0x15d0 [ 56.318840][ T5067] worker_thread+0x8b9/0x1290 [ 56.325674][ T5067] kthread+0x2c6/0x3a0 [ 56.331901][ T5067] ret_from_fork+0x45/0x80 [ 56.338495][ T5067] ret_from_fork_asm+0x11/0x20 [ 56.345419][ T5067] } [ 56.347985][ T5067] ... key at: [] tasklist_lock+0x18/0x40 [ 56.355790][ T5067] ... acquired at: [ 56.359659][ T5067] _raw_read_lock+0x5f/0x70 [ 56.364319][ T5067] send_sigurg+0xb0/0xc50 [ 56.368815][ T5067] sk_send_sigurg+0x7a/0x370 [ 56.373563][ T5067] unix_stream_sendmsg+0xdba/0x10a0 [ 56.378919][ T5067] __sock_sendmsg+0xd5/0x180 [ 56.383667][ T5067] ____sys_sendmsg+0x6ac/0x940 [ 56.388593][ T5067] ___sys_sendmsg+0x135/0x1d0 [ 56.393434][ T5067] __sys_sendmsg+0x117/0x1e0 [ 56.398184][ T5067] do_syscall_64+0x40/0x110 [ 56.402848][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.408905][ T5067] [ 56.411209][ T5067] -> (&f->f_owner.lock){....}-{2:2} { [ 56.416574][ T5067] INITIAL USE at: [ 56.420445][ T5067] lock_acquire+0x1ae/0x520 [ 56.426502][ T5067] _raw_write_lock_irq+0x36/0x50 [ 56.433075][ T5067] f_modown+0x2a/0x390 [ 56.438698][ T5067] f_setown+0xd4/0x2a0 [ 56.444321][ T5067] do_fcntl+0x11e8/0x1270 [ 56.450201][ T5067] __x64_sys_fcntl+0x16c/0x1e0 [ 56.456543][ T5067] do_syscall_64+0x40/0x110 [ 56.462594][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.470043][ T5067] INITIAL READ USE at: [ 56.474353][ T5067] lock_acquire+0x1ae/0x520 [ 56.480845][ T5067] _raw_read_lock_irqsave+0x70/0x90 [ 56.488022][ T5067] send_sigurg+0x22/0xc50 [ 56.494339][ T5067] sk_send_sigurg+0x7a/0x370 [ 56.500912][ T5067] unix_stream_sendmsg+0xdba/0x10a0 [ 56.508092][ T5067] __sock_sendmsg+0xd5/0x180 [ 56.514667][ T5067] ____sys_sendmsg+0x6ac/0x940 [ 56.521414][ T5067] ___sys_sendmsg+0x135/0x1d0 [ 56.528078][ T5067] __sys_sendmsg+0x117/0x1e0 [ 56.534651][ T5067] do_syscall_64+0x40/0x110 [ 56.541139][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.549019][ T5067] } [ 56.551499][ T5067] ... key at: [] __key.5+0x0/0x40 [ 56.558590][ T5067] ... acquired at: [ 56.562374][ T5067] lock_acquire+0x1ae/0x520 [ 56.567042][ T5067] _raw_read_lock_irqsave+0x70/0x90 [ 56.572395][ T5067] send_sigio+0x28/0x3c0 [ 56.576802][ T5067] kill_fasync+0x1f6/0x4f0 [ 56.581379][ T5067] evdev_pass_values+0x619/0x9b0 [ 56.586477][ T5067] evdev_events+0x1b7/0x390 [ 56.591140][ T5067] input_to_handler+0x29e/0x4c0 [ 56.596147][ T5067] input_pass_values+0x5c9/0x840 [ 56.601238][ T5067] input_event_dispose+0x377/0x630 [ 56.606507][ T5067] input_handle_event+0x11c/0xd80 [ 56.611689][ T5067] input_inject_event+0x1bb/0x370 [ 56.616868][ T5067] evdev_write+0x456/0x750 [ 56.621448][ T5067] vfs_write+0x2a4/0xdf0 [ 56.625846][ T5067] ksys_write+0x1f0/0x250 [ 56.630331][ T5067] do_syscall_64+0x40/0x110 [ 56.635003][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.641067][ T5067] [ 56.643375][ T5067] [ 56.643375][ T5067] stack backtrace: [ 56.649242][ T5067] CPU: 0 PID: 5067 Comm: syz-executor271 Not tainted 6.7.0-rc1-syzkaller-00125-g7475e51b8796 #0 [ 56.659643][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 56.669684][ T5067] Call Trace: [ 56.672948][ T5067] [ 56.675862][ T5067] dump_stack_lvl+0xd9/0x1b0 [ 56.680442][ T5067] check_irq_usage+0xe18/0x1470 [ 56.685310][ T5067] ? unwind_next_frame+0x51/0x2390 [ 56.690407][ T5067] ? __orc_find+0x104/0x130 [ 56.694892][ T5067] ? stack_access_ok+0xf9/0x270 [ 56.699729][ T5067] ? print_shortest_lock_dependencies_backwards+0x1b0/0x1b0 [ 56.707003][ T5067] ? hlock_conflict+0x58/0x200 [ 56.711758][ T5067] ? __bfs+0x2f8/0x660 [ 56.715819][ T5067] ? check_path.constprop.0+0x50/0x50 [ 56.721188][ T5067] ? lockdep_lock+0xc6/0x200 [ 56.725766][ T5067] ? hlock_class+0x130/0x130 [ 56.730351][ T5067] ? __lock_acquire+0x247a/0x3b10 [ 56.735368][ T5067] __lock_acquire+0x247a/0x3b10 [ 56.740214][ T5067] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 56.746187][ T5067] lock_acquire+0x1ae/0x520 [ 56.750682][ T5067] ? send_sigio+0x28/0x3c0 [ 56.755089][ T5067] ? lock_sync+0x190/0x190 [ 56.759500][ T5067] ? lock_sync+0x190/0x190 [ 56.763906][ T5067] ? lock_sync+0x190/0x190 [ 56.768316][ T5067] _raw_read_lock_irqsave+0x70/0x90 [ 56.773503][ T5067] ? send_sigio+0x28/0x3c0 [ 56.777910][ T5067] send_sigio+0x28/0x3c0 [ 56.782148][ T5067] kill_fasync+0x1f6/0x4f0 [ 56.786558][ T5067] evdev_pass_values+0x619/0x9b0 [ 56.791490][ T5067] evdev_events+0x1b7/0x390 [ 56.795985][ T5067] ? evdev_connect+0x4c0/0x4c0 [ 56.800757][ T5067] input_to_handler+0x29e/0x4c0 [ 56.805598][ T5067] input_pass_values+0x5c9/0x840 [ 56.810542][ T5067] input_event_dispose+0x377/0x630 [ 56.815640][ T5067] input_handle_event+0x11c/0xd80 [ 56.820656][ T5067] input_inject_event+0x1bb/0x370 [ 56.825688][ T5067] evdev_write+0x456/0x750 [ 56.830101][ T5067] ? evdev_read+0xdf0/0xdf0 [ 56.834592][ T5067] ? bpf_lsm_file_permission+0x9/0x10 [ 56.839950][ T5067] ? security_file_permission+0x94/0x100 [ 56.845571][ T5067] vfs_write+0x2a4/0xdf0 [ 56.849803][ T5067] ? evdev_read+0xdf0/0xdf0 [ 56.854298][ T5067] ? recalc_sigpending_tsk+0x187/0x1d0 [ 56.859740][ T5067] ? kernel_write+0x6c0/0x6c0 [ 56.864402][ T5067] ? find_held_lock+0x2d/0x110 [ 56.869159][ T5067] ? ptrace_notify+0xf4/0x130 [ 56.873821][ T5067] ? reacquire_held_locks+0x4c0/0x4c0 [ 56.879185][ T5067] ? __fget_light+0x1fc/0x260 [ 56.883847][ T5067] ksys_write+0x1f0/0x250 [ 56.888161][ T5067] ? __ia32_sys_read+0xb0/0xb0 [ 56.892914][ T5067] ? syscall_trace_enter.constprop.0+0xaf/0x1e0 [ 56.899158][ T5067] do_syscall_64+0x40/0x110 [ 56.903653][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.909545][ T5067] RIP: 0033:0x7f35ad61c329 [ 56.913946][ T5067] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 56.933541][ T5067] RSP: 002b:00007ffea7e2fab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.941940][ T5067] RAX: ffffffffffffffda RBX: 00007ffea7e2fc88 RCX: 00007f35ad61c329 [ 56.949895][ T5067] RDX: 0000000000002778 RSI: 0000000020000040 RDI: 0000000000000006 [ 56.957845][ T5067] RBP: 00007f35ad68f610 R08: 00007ffea7e2fc88 R09: 00007ffea7e2fc88 write(6, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 10104) = 10104 exit_group(0) = ? +++ exited with 0 +++ [ 56.965799][ T5067] R10: 000000000000001f R11: 0000000000000246 R12: 0000000000000001