./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1291004190 <...> Warning: Permanently added '10.128.1.49' (ED25519) to the list of known hosts. execve("./syz-executor1291004190", ["./syz-executor1291004190"], 0x7ffe78de3860 /* 10 vars */) = 0 brk(NULL) = 0x555555f44000 brk(0x555555f44d40) = 0x555555f44d40 arch_prctl(ARCH_SET_FS, 0x555555f443c0) = 0 set_tid_address(0x555555f44690) = 5019 set_robust_list(0x555555f446a0, 24) = 0 rseq(0x555555f44ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1291004190", 4096) = 28 getrandom("\x9d\xbf\xbc\x52\x4a\x3f\xf7\x18", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555f44d40 brk(0x555555f65d40) = 0x555555f65d40 brk(0x555555f66000) = 0x555555f66000 mprotect(0x7f7a2749c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f7a274a240c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f7a27440e20, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f7a274324a0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7a273ba000 mprotect(0x7f7a273bb000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f7a273da990, parent_tid=0x7f7a273da990, exit_signal=0, stack=0x7f7a273ba000, stack_size=0x20300, tls=0x7f7a273da6c0}./strace-static-x86_64: Process 5020 attached => {parent_tid=[5020]}, 88) = 5020 [pid 5020] rseq(0x7f7a273dafe0, 0x20, 0, 0x53053053 [pid 5019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5019] futex(0x7f7a274a2408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7f7a274a240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... rseq resumed>) = 0 [pid 5020] set_robust_list(0x7f7a273da9a0, 24) = 0 [pid 5020] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5020] open("./file0", O_RDONLY|O_CREAT|O_LARGEFILE|0x4000000, 000) = 3 [pid 5020] futex(0x7f7a274a240c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] futex(0x7f7a274a2408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5019] <... futex resumed>) = 0 [pid 5019] futex(0x7f7a274a2408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] <... futex resumed>) = 0 [pid 5019] futex(0x7f7a274a240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] gettid() = 5020 [pid 5020] futex(0x7f7a274a240c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5019] <... futex resumed>) = 0 [pid 5020] futex(0x7f7a274a2408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5019] futex(0x7f7a274a2408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7f7a274a240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5020] fcntl(3, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=5020}) = 0 [pid 5020] futex(0x7f7a274a240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7f7a274a2408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] fcntl(3, F_SETLEASE, F_RDLCK [pid 5019] futex(0x7f7a274a240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... fcntl resumed>) = 0 [pid 5020] futex(0x7f7a274a240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7f7a274a2408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] open("./file0", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5019] futex(0x7f7a274a240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... open resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5020] futex(0x7f7a274a240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7f7a274a2408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] ioctl(-1, EVIOCSFF, {type=0 /* FF_??? */, id=0, direction=0, ...} [pid 5019] futex(0x7f7a274a240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5020] futex(0x7f7a274a240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7f7a274a2408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000 [pid 5019] futex(0x7f7a274a240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... openat resumed>) = 4 [pid 5020] futex(0x7f7a274a240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7f7a274a2408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY [pid 5019] futex(0x7f7a274a240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... openat resumed>) = 5 [pid 5020] futex(0x7f7a274a240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7f7a274a2408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY [pid 5019] futex(0x7f7a274a240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... openat resumed>) = 6 [pid 5020] futex(0x7f7a274a240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7f7a274a2408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] ioctl(6, FIOASYNC, [1986356271] [pid 5019] futex(0x7f7a274a240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... ioctl resumed>) = 0 [pid 5020] futex(0x7f7a274a240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7f7a274a2408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] write(4, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x9c\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 10968 [ 43.845953][ T5020] [ 43.848312][ T5020] ===================================================== [ 43.855219][ T5020] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 43.862647][ T5020] 6.5.0-rc1-syzkaller-00276-g20edcec23f92 #0 Not tainted [ 43.869815][ T5020] ----------------------------------------------------- [ 43.876720][ T5020] syz-executor129/5020 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 43.884780][ T5020] ffff88807a7b90c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13a/0x4f0 [ 43.893462][ T5020] [ 43.893462][ T5020] and this task is already holding: [ 43.900799][ T5020] ffff8880156b5028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 43.910604][ T5020] which would create a new lock dependency: [ 43.916462][ T5020] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 43.924523][ T5020] [ 43.924523][ T5020] but this new dependency connects a HARDIRQ-irq-safe lock: [ 43.933947][ T5020] (&dev->event_lock#2){-...}-{2:2} [ 43.933965][ T5020] [ 43.933965][ T5020] ... which became HARDIRQ-irq-safe at: [ 43.946812][ T5020] lock_acquire+0x1ae/0x510 [ 43.951387][ T5020] _raw_spin_lock_irqsave+0x3a/0x50 [ 43.956765][ T5020] input_event+0x70/0xa0 [ 43.961077][ T5020] psmouse_report_standard_buttons+0x30/0x80 [ 43.967124][ T5020] psmouse_process_byte+0x39c/0x8a0 [ 43.972391][ T5020] psmouse_handle_byte+0x41/0x560 [ 43.977482][ T5020] psmouse_receive_byte+0x243/0xe10 [ 43.982746][ T5020] ps2_interrupt+0x1fe/0x5a0 [ 43.987400][ T5020] serio_interrupt+0x8d/0x150 [ 43.992141][ T5020] i8042_interrupt+0x3f2/0x8a0 [ 43.996967][ T5020] __handle_irq_event_percpu+0x22a/0x740 [ 44.002663][ T5020] handle_irq_event+0xab/0x1e0 [ 44.007491][ T5020] handle_edge_irq+0x261/0xcf0 [ 44.012318][ T5020] __common_interrupt+0x9f/0x220 [ 44.017341][ T5020] common_interrupt+0xa9/0xd0 [ 44.022084][ T5020] asm_common_interrupt+0x26/0x40 [ 44.027171][ T5020] _raw_spin_unlock_irqrestore+0x31/0x70 [ 44.032871][ T5020] i8042_aux_write+0x11a/0x180 [ 44.037706][ T5020] ps2_do_sendbyte+0x264/0x6e0 [ 44.042534][ T5020] ps2_sendbyte+0x59/0x140 [ 44.047014][ T5020] cypress_ps2_sendbyte+0x2e/0x160 [ 44.052189][ T5020] cypress_send_ext_cmd+0x1e3/0x8c0 [ 44.057456][ T5020] cypress_detect+0x8c/0x1a0 [ 44.062110][ T5020] psmouse_try_protocol+0x214/0x370 [ 44.067378][ T5020] psmouse_extensions+0x616/0x960 [ 44.072471][ T5020] psmouse_switch_protocol+0x528/0x740 [ 44.077995][ T5020] psmouse_connect+0x5cc/0xf70 [ 44.082830][ T5020] serio_driver_probe+0x71/0xa0 [ 44.087760][ T5020] really_probe+0x234/0xc90 [ 44.092329][ T5020] __driver_probe_device+0x1de/0x4b0 [ 44.097768][ T5020] driver_probe_device+0x4c/0x1a0 [ 44.102860][ T5020] __driver_attach+0x274/0x570 [ 44.108126][ T5020] bus_for_each_dev+0x13c/0x1d0 [ 44.113041][ T5020] serio_handle_event+0x2b8/0xa90 [ 44.118128][ T5020] process_one_work+0xaa2/0x16f0 [ 44.123150][ T5020] worker_thread+0x687/0x1110 [ 44.127887][ T5020] kthread+0x33a/0x430 [ 44.132019][ T5020] ret_from_fork+0x2c/0x70 [ 44.136499][ T5020] ret_from_fork_asm+0x11/0x20 [ 44.141343][ T5020] [ 44.141343][ T5020] to a HARDIRQ-irq-unsafe lock: [ 44.148338][ T5020] (tasklist_lock){.+.+}-{2:2} [ 44.148353][ T5020] [ 44.148353][ T5020] ... which became HARDIRQ-irq-unsafe at: [ 44.160941][ T5020] ... [ 44.160946][ T5020] lock_acquire+0x1ae/0x510 [ 44.168065][ T5020] _raw_read_lock+0x5f/0x70 [ 44.172632][ T5020] do_wait+0x2a9/0xc70 [ 44.176768][ T5020] kernel_wait+0xa0/0x150 [ 44.181186][ T5020] call_usermodehelper_exec_work+0xf1/0x170 [ 44.187167][ T5020] process_one_work+0xaa2/0x16f0 [ 44.192167][ T5020] worker_thread+0x687/0x1110 [ 44.196909][ T5020] kthread+0x33a/0x430 [ 44.201044][ T5020] ret_from_fork+0x2c/0x70 [ 44.205528][ T5020] ret_from_fork_asm+0x11/0x20 [ 44.210443][ T5020] [ 44.210443][ T5020] other info that might help us debug this: [ 44.210443][ T5020] [ 44.220729][ T5020] Chain exists of: [ 44.220729][ T5020] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 44.220729][ T5020] [ 44.234344][ T5020] Possible interrupt unsafe locking scenario: [ 44.234344][ T5020] [ 44.242639][ T5020] CPU0 CPU1 [ 44.247976][ T5020] ---- ---- [ 44.253313][ T5020] lock(tasklist_lock); [ 44.257529][ T5020] local_irq_disable(); [ 44.264256][ T5020] lock(&dev->event_lock#2); [ 44.271426][ T5020] lock(&client->buffer_lock); [ 44.278767][ T5020] [ 44.282216][ T5020] lock(&dev->event_lock#2); [ 44.287040][ T5020] [ 44.287040][ T5020] *** DEADLOCK *** [ 44.287040][ T5020] [ 44.295154][ T5020] 7 locks held by syz-executor129/5020: [ 44.300671][ T5020] #0: ffff8880236cf110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x201/0x750 [ 44.309777][ T5020] #1: ffff888141ab3230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xa4/0x380 [ 44.319842][ T5020] #2: ffffffff8c9a6440 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x8b/0x380 [ 44.329469][ T5020] #3: ffffffff8c9a6440 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x7a0 [ 44.339556][ T5020] #4: ffffffff8c9a6440 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x390 [ 44.348659][ T5020] #5: ffff8880156b5028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 44.358888][ T5020] #6: ffffffff8c9a6440 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x46/0x4f0 [ 44.367926][ T5020] [ 44.367926][ T5020] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 44.378310][ T5020] -> (&dev->event_lock#2){-...}-{2:2} { [ 44.383939][ T5020] IN-HARDIRQ-W at: [ 44.387978][ T5020] lock_acquire+0x1ae/0x510 [ 44.394289][ T5020] _raw_spin_lock_irqsave+0x3a/0x50 [ 44.401316][ T5020] input_event+0x70/0xa0 [ 44.407365][ T5020] psmouse_report_standard_buttons+0x30/0x80 [ 44.415151][ T5020] psmouse_process_byte+0x39c/0x8a0 [ 44.422153][ T5020] psmouse_handle_byte+0x41/0x560 [ 44.428985][ T5020] psmouse_receive_byte+0x243/0xe10 [ 44.435985][ T5020] ps2_interrupt+0x1fe/0x5a0 [ 44.442464][ T5020] serio_interrupt+0x8d/0x150 [ 44.448940][ T5020] i8042_interrupt+0x3f2/0x8a0 [ 44.455510][ T5020] __handle_irq_event_percpu+0x22a/0x740 [ 44.462962][ T5020] handle_irq_event+0xab/0x1e0 [ 44.469526][ T5020] handle_edge_irq+0x261/0xcf0 [ 44.476090][ T5020] __common_interrupt+0x9f/0x220 [ 44.482828][ T5020] common_interrupt+0xa9/0xd0 [ 44.489301][ T5020] asm_common_interrupt+0x26/0x40 [ 44.496140][ T5020] _raw_spin_unlock_irqrestore+0x31/0x70 [ 44.503577][ T5020] i8042_aux_write+0x11a/0x180 [ 44.510145][ T5020] ps2_do_sendbyte+0x264/0x6e0 [ 44.516711][ T5020] ps2_sendbyte+0x59/0x140 [ 44.522929][ T5020] cypress_ps2_sendbyte+0x2e/0x160 [ 44.529840][ T5020] cypress_send_ext_cmd+0x1e3/0x8c0 [ 44.536842][ T5020] cypress_detect+0x8c/0x1a0 [ 44.543231][ T5020] psmouse_try_protocol+0x214/0x370 [ 44.550235][ T5020] psmouse_extensions+0x616/0x960 [ 44.557063][ T5020] psmouse_switch_protocol+0x528/0x740 [ 44.564326][ T5020] psmouse_connect+0x5cc/0xf70 [ 44.570891][ T5020] serio_driver_probe+0x71/0xa0 [ 44.577540][ T5020] really_probe+0x234/0xc90 [ 44.583844][ T5020] __driver_probe_device+0x1de/0x4b0 [ 44.590931][ T5020] driver_probe_device+0x4c/0x1a0 [ 44.597756][ T5020] __driver_attach+0x274/0x570 [ 44.604321][ T5020] bus_for_each_dev+0x13c/0x1d0 [ 44.610974][ T5020] serio_handle_event+0x2b8/0xa90 [ 44.617793][ T5020] process_one_work+0xaa2/0x16f0 [ 44.624530][ T5020] worker_thread+0x687/0x1110 [ 44.631006][ T5020] kthread+0x33a/0x430 [ 44.636873][ T5020] ret_from_fork+0x2c/0x70 [ 44.643090][ T5020] ret_from_fork_asm+0x11/0x20 [ 44.649659][ T5020] INITIAL USE at: [ 44.653612][ T5020] lock_acquire+0x1ae/0x510 [ 44.659829][ T5020] _raw_spin_lock_irqsave+0x3a/0x50 [ 44.666741][ T5020] input_inject_event+0xa4/0x380 [ 44.673482][ T5020] led_set_brightness+0x208/0x290 [ 44.680219][ T5020] led_trigger_event+0xb4/0x240 [ 44.686782][ T5020] kbd_led_trigger_activate+0xc6/0x100 [ 44.693954][ T5020] led_trigger_set+0x580/0xc00 [ 44.700517][ T5020] led_trigger_set_default+0x1c9/0x220 [ 44.707688][ T5020] led_classdev_register_ext+0x63b/0x8c0 [ 44.715033][ T5020] input_leds_connect+0x54a/0x8d0 [ 44.721773][ T5020] input_attach_handler.isra.0+0x17c/0x250 [ 44.729297][ T5020] input_register_device+0xb1e/0x1130 [ 44.736386][ T5020] atkbd_connect+0x5e2/0xa20 [ 44.742692][ T5020] serio_driver_probe+0x71/0xa0 [ 44.749253][ T5020] really_probe+0x234/0xc90 [ 44.755472][ T5020] __driver_probe_device+0x1de/0x4b0 [ 44.762477][ T5020] driver_probe_device+0x4c/0x1a0 [ 44.769218][ T5020] __driver_attach+0x274/0x570 [ 44.775695][ T5020] bus_for_each_dev+0x13c/0x1d0 [ 44.782261][ T5020] serio_handle_event+0x2b8/0xa90 [ 44.789021][ T5020] process_one_work+0xaa2/0x16f0 [ 44.795672][ T5020] worker_thread+0x687/0x1110 [ 44.802071][ T5020] kthread+0x33a/0x430 [ 44.807852][ T5020] ret_from_fork+0x2c/0x70 [ 44.813987][ T5020] ret_from_fork_asm+0x11/0x20 [ 44.820477][ T5020] } [ 44.823063][ T5020] ... key at: [] __key.6+0x0/0x40 [ 44.830239][ T5020] -> (&client->buffer_lock){....}-{2:2} { [ 44.835944][ T5020] INITIAL USE at: [ 44.839814][ T5020] lock_acquire+0x1ae/0x510 [ 44.845859][ T5020] _raw_spin_lock+0x2e/0x40 [ 44.851906][ T5020] evdev_pass_values+0x10e/0x9b0 [ 44.858482][ T5020] evdev_events+0x1be/0x390 [ 44.864528][ T5020] input_to_handler+0x29e/0x4c0 [ 44.870924][ T5020] input_pass_values.part.0+0x536/0x7a0 [ 44.878027][ T5020] input_event_dispose+0x5ee/0x770 [ 44.884706][ T5020] input_handle_event+0x11c/0xd80 [ 44.891278][ T5020] input_inject_event+0x1c2/0x380 [ 44.897853][ T5020] evdev_write+0x456/0x750 [ 44.903812][ T5020] vfs_write+0x2a4/0xe40 [ 44.909598][ T5020] ksys_write+0x1f0/0x250 [ 44.915491][ T5020] do_syscall_64+0x38/0xb0 [ 44.921443][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.928904][ T5020] } [ 44.931377][ T5020] ... key at: [] __key.3+0x0/0x40 [ 44.938476][ T5020] ... acquired at: [ 44.942253][ T5020] _raw_spin_lock+0x2e/0x40 [ 44.946924][ T5020] evdev_pass_values+0x10e/0x9b0 [ 44.952014][ T5020] evdev_events+0x1be/0x390 [ 44.956669][ T5020] input_to_handler+0x29e/0x4c0 [ 44.961675][ T5020] input_pass_values.part.0+0x536/0x7a0 [ 44.967399][ T5020] input_event_dispose+0x5ee/0x770 [ 44.972667][ T5020] input_handle_event+0x11c/0xd80 [ 44.977865][ T5020] input_inject_event+0x1c2/0x380 [ 44.983042][ T5020] evdev_write+0x456/0x750 [ 44.987613][ T5020] vfs_write+0x2a4/0xe40 [ 44.992008][ T5020] ksys_write+0x1f0/0x250 [ 44.996488][ T5020] do_syscall_64+0x38/0xb0 [ 45.001083][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.007154][ T5020] [ 45.009459][ T5020] [ 45.009459][ T5020] the dependencies between the lock to be acquired [ 45.009464][ T5020] and HARDIRQ-irq-unsafe lock: [ 45.022964][ T5020] -> (tasklist_lock){.+.+}-{2:2} { [ 45.028236][ T5020] HARDIRQ-ON-R at: [ 45.032364][ T5020] lock_acquire+0x1ae/0x510 [ 45.038869][ T5020] _raw_read_lock+0x5f/0x70 [ 45.045350][ T5020] do_wait+0x2a9/0xc70 [ 45.051399][ T5020] kernel_wait+0xa0/0x150 [ 45.057707][ T5020] call_usermodehelper_exec_work+0xf1/0x170 [ 45.065593][ T5020] process_one_work+0xaa2/0x16f0 [ 45.072507][ T5020] worker_thread+0x687/0x1110 [ 45.079157][ T5020] kthread+0x33a/0x430 [ 45.085307][ T5020] ret_from_fork+0x2c/0x70 [ 45.091698][ T5020] ret_from_fork_asm+0x11/0x20 [ 45.098437][ T5020] SOFTIRQ-ON-R at: [ 45.102568][ T5020] lock_acquire+0x1ae/0x510 [ 45.109066][ T5020] _raw_read_lock+0x5f/0x70 [ 45.115548][ T5020] do_wait+0x2a9/0xc70 [ 45.121597][ T5020] kernel_wait+0xa0/0x150 [ 45.127903][ T5020] call_usermodehelper_exec_work+0xf1/0x170 [ 45.135774][ T5020] process_one_work+0xaa2/0x16f0 [ 45.142690][ T5020] worker_thread+0x687/0x1110 [ 45.149340][ T5020] kthread+0x33a/0x430 [ 45.155416][ T5020] ret_from_fork+0x2c/0x70 [ 45.161830][ T5020] ret_from_fork_asm+0x11/0x20 [ 45.168569][ T5020] INITIAL USE at: [ 45.172617][ T5020] lock_acquire+0x1ae/0x510 [ 45.179011][ T5020] _raw_write_lock_irq+0x36/0x50 [ 45.185841][ T5020] copy_process+0x4672/0x7400 [ 45.192404][ T5020] kernel_clone+0xfd/0x8f0 [ 45.198793][ T5020] user_mode_thread+0xb4/0xf0 [ 45.205361][ T5020] rest_init+0x27/0x2b0 [ 45.211411][ T5020] arch_call_rest_init+0x13/0x30 [ 45.218324][ T5020] start_kernel+0x39f/0x480 [ 45.224716][ T5020] x86_64_start_reservations+0x18/0x30 [ 45.232071][ T5020] x86_64_start_kernel+0xb2/0xc0 [ 45.238901][ T5020] secondary_startup_64_no_verify+0x167/0x16b [ 45.246862][ T5020] INITIAL READ USE at: [ 45.251341][ T5020] lock_acquire+0x1ae/0x510 [ 45.258172][ T5020] _raw_read_lock+0x5f/0x70 [ 45.265020][ T5020] do_wait+0x2a9/0xc70 [ 45.271441][ T5020] kernel_wait+0xa0/0x150 [ 45.278103][ T5020] call_usermodehelper_exec_work+0xf1/0x170 [ 45.286320][ T5020] process_one_work+0xaa2/0x16f0 [ 45.293587][ T5020] worker_thread+0x687/0x1110 [ 45.300615][ T5020] kthread+0x33a/0x430 [ 45.307033][ T5020] ret_from_fork+0x2c/0x70 [ 45.313803][ T5020] ret_from_fork_asm+0x11/0x20 [ 45.320900][ T5020] } [ 45.323565][ T5020] ... key at: [] tasklist_lock+0x18/0x40 [ 45.331434][ T5020] ... acquired at: [ 45.335387][ T5020] _raw_read_lock+0x5f/0x70 [ 45.340046][ T5020] send_sigio+0xaf/0x3c0 [ 45.344436][ T5020] kill_fasync+0x1f8/0x4f0 [ 45.348999][ T5020] lease_break_callback+0x23/0x30 [ 45.354175][ T5020] __break_lease+0x70f/0x17f0 [ 45.359001][ T5020] do_dentry_open+0x62c/0x1780 [ 45.363913][ T5020] path_openat+0x19af/0x29c0 [ 45.368649][ T5020] do_filp_open+0x1de/0x430 [ 45.373299][ T5020] do_sys_openat2+0x176/0x1e0 [ 45.378128][ T5020] __x64_sys_open+0x154/0x1e0 [ 45.382975][ T5020] do_syscall_64+0x38/0xb0 [ 45.387538][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.393586][ T5020] [ 45.395901][ T5020] -> (&f->f_owner.lock){....}-{2:2} { [ 45.401344][ T5020] INITIAL USE at: [ 45.405297][ T5020] lock_acquire+0x1ae/0x510 [ 45.411517][ T5020] _raw_write_lock_irq+0x36/0x50 [ 45.418173][ T5020] f_modown+0x2a/0x390 [ 45.423953][ T5020] do_fcntl+0xcf8/0x1290 [ 45.429914][ T5020] __x64_sys_fcntl+0x16c/0x1e0 [ 45.436395][ T5020] do_syscall_64+0x38/0xb0 [ 45.442526][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.450143][ T5020] INITIAL READ USE at: [ 45.454537][ T5020] lock_acquire+0x1ae/0x510 [ 45.461222][ T5020] _raw_read_lock_irqsave+0x70/0x90 [ 45.468575][ T5020] send_sigio+0x28/0x3c0 [ 45.474978][ T5020] kill_fasync+0x1f8/0x4f0 [ 45.481550][ T5020] lease_break_callback+0x23/0x30 [ 45.488748][ T5020] __break_lease+0x70f/0x17f0 [ 45.495582][ T5020] do_dentry_open+0x62c/0x1780 [ 45.502503][ T5020] path_openat+0x19af/0x29c0 [ 45.509247][ T5020] do_filp_open+0x1de/0x430 [ 45.516001][ T5020] do_sys_openat2+0x176/0x1e0 [ 45.522846][ T5020] __x64_sys_open+0x154/0x1e0 [ 45.529681][ T5020] do_syscall_64+0x38/0xb0 [ 45.536331][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.544375][ T5020] } [ 45.546936][ T5020] ... key at: [] __key.5+0x0/0x40 [ 45.554114][ T5020] ... acquired at: [ 45.557993][ T5020] _raw_read_lock_irqsave+0x70/0x90 [ 45.563348][ T5020] send_sigio+0x28/0x3c0 [ 45.567740][ T5020] kill_fasync+0x1f8/0x4f0 [ 45.572308][ T5020] lease_break_callback+0x23/0x30 [ 45.577485][ T5020] __break_lease+0x70f/0x17f0 [ 45.582315][ T5020] do_dentry_open+0x62c/0x1780 [ 45.587229][ T5020] path_openat+0x19af/0x29c0 [ 45.591965][ T5020] do_filp_open+0x1de/0x430 [ 45.596613][ T5020] do_sys_openat2+0x176/0x1e0 [ 45.601441][ T5020] __x64_sys_open+0x154/0x1e0 [ 45.606270][ T5020] do_syscall_64+0x38/0xb0 [ 45.610833][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.616905][ T5020] [ 45.619204][ T5020] -> (&new->fa_lock){....}-{2:2} { [ 45.624297][ T5020] INITIAL READ USE at: [ 45.628595][ T5020] lock_acquire+0x1ae/0x510 [ 45.635083][ T5020] _raw_read_lock_irqsave+0x70/0x90 [ 45.642264][ T5020] kill_fasync+0x13a/0x4f0 [ 45.648656][ T5020] lease_break_callback+0x23/0x30 [ 45.655656][ T5020] __break_lease+0x70f/0x17f0 [ 45.662311][ T5020] do_dentry_open+0x62c/0x1780 [ 45.669047][ T5020] path_openat+0x19af/0x29c0 [ 45.675609][ T5020] do_filp_open+0x1de/0x430 [ 45.682087][ T5020] do_sys_openat2+0x176/0x1e0 [ 45.688738][ T5020] __x64_sys_open+0x154/0x1e0 [ 45.695389][ T5020] do_syscall_64+0x38/0xb0 [ 45.701779][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.709668][ T5020] } [ 45.712140][ T5020] ... key at: [] __key.0+0x0/0x40 [ 45.719232][ T5020] ... acquired at: [ 45.723025][ T5020] lock_acquire+0x1ae/0x510 [ 45.727684][ T5020] _raw_read_lock_irqsave+0x70/0x90 [ 45.733036][ T5020] kill_fasync+0x13a/0x4f0 [ 45.737602][ T5020] evdev_pass_values+0x619/0x9b0 [ 45.742690][ T5020] evdev_events+0x1be/0x390 [ 45.747344][ T5020] input_to_handler+0x29e/0x4c0 [ 45.752347][ T5020] input_pass_values.part.0+0x536/0x7a0 [ 45.758046][ T5020] input_event_dispose+0x5ee/0x770 [ 45.763308][ T5020] input_handle_event+0x11c/0xd80 [ 45.768486][ T5020] input_inject_event+0x1c2/0x380 [ 45.773667][ T5020] evdev_write+0x456/0x750 [ 45.778238][ T5020] vfs_write+0x2a4/0xe40 [ 45.782641][ T5020] ksys_write+0x1f0/0x250 [ 45.787125][ T5020] do_syscall_64+0x38/0xb0 [ 45.791689][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.797739][ T5020] [ 45.800041][ T5020] [ 45.800041][ T5020] stack backtrace: [ 45.805915][ T5020] CPU: 0 PID: 5020 Comm: syz-executor129 Not tainted 6.5.0-rc1-syzkaller-00276-g20edcec23f92 #0 [ 45.816308][ T5020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 45.826339][ T5020] Call Trace: [ 45.829598][ T5020] [ 45.832527][ T5020] dump_stack_lvl+0xd9/0x1b0 [ 45.837099][ T5020] check_irq_usage+0x10b8/0x1c70 [ 45.842021][ T5020] ? lock_acquire+0x1ae/0x510 [ 45.846678][ T5020] ? print_shortest_lock_dependencies_backwards+0x1b0/0x1b0 [ 45.853943][ T5020] ? hlock_conflict+0x58/0x200 [ 45.858685][ T5020] ? __bfs+0x2f8/0x660 [ 45.862733][ T5020] ? save_trace+0xb30/0xb30 [ 45.867212][ T5020] ? mark_lock+0x105/0x1950 [ 45.871696][ T5020] ? is_dynamic_key+0x1f0/0x1f0 [ 45.876524][ T5020] ? __lock_acquire+0x2e53/0x5de0 [ 45.881530][ T5020] __lock_acquire+0x2e53/0x5de0 [ 45.886381][ T5020] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 45.892339][ T5020] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 45.898297][ T5020] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 45.904263][ T5020] ? __wake_up_common_lock+0xe3/0x140 [ 45.909617][ T5020] lock_acquire+0x1ae/0x510 [ 45.914101][ T5020] ? kill_fasync+0x13a/0x4f0 [ 45.918672][ T5020] ? lock_sync+0x190/0x190 [ 45.923068][ T5020] ? lock_sync+0x190/0x190 [ 45.927468][ T5020] ? lock_sync+0x190/0x190 [ 45.931884][ T5020] ? __wake_up_common+0x5a0/0x5a0 [ 45.936886][ T5020] _raw_read_lock_irqsave+0x70/0x90 [ 45.942065][ T5020] ? kill_fasync+0x13a/0x4f0 [ 45.946635][ T5020] kill_fasync+0x13a/0x4f0 [ 45.951034][ T5020] evdev_pass_values+0x619/0x9b0 [ 45.955951][ T5020] evdev_events+0x1be/0x390 [ 45.960430][ T5020] ? evdev_connect+0x4c0/0x4c0 [ 45.965176][ T5020] input_to_handler+0x29e/0x4c0 [ 45.970028][ T5020] input_pass_values.part.0+0x536/0x7a0 [ 45.975573][ T5020] input_event_dispose+0x5ee/0x770 [ 45.980672][ T5020] input_handle_event+0x11c/0xd80 [ 45.985679][ T5020] input_inject_event+0x1c2/0x380 [ 45.990685][ T5020] evdev_write+0x456/0x750 [ 45.995079][ T5020] ? evdev_read+0xdf0/0xdf0 [ 45.999563][ T5020] ? apparmor_file_permission+0x21f/0x4f0 [ 46.005276][ T5020] ? bpf_lsm_file_permission+0x9/0x10 [ 46.010628][ T5020] ? security_file_permission+0x94/0x100 [ 46.016244][ T5020] vfs_write+0x2a4/0xe40 [ 46.020491][ T5020] ? evdev_read+0xdf0/0xdf0 [ 46.024973][ T5020] ? kernel_write+0x6c0/0x6c0 [ 46.029634][ T5020] ? __fget_files+0x279/0x410 [ 46.034292][ T5020] ? __fget_light+0xe6/0x260 [ 46.038860][ T5020] ksys_write+0x1f0/0x250 [ 46.043172][ T5020] ? __ia32_sys_read+0xb0/0xb0 [ 46.047918][ T5020] ? lockdep_hardirqs_on+0x7d/0x100 [ 46.053100][ T5020] ? _raw_spin_unlock_irq+0x2e/0x50 [ 46.058283][ T5020] ? ptrace_notify+0xf4/0x130 [ 46.062936][ T5020] do_syscall_64+0x38/0xb0 [ 46.067327][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.073205][ T5020] RIP: 0033:0x7f7a2741af79 [ 46.077606][ T5020] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 46.097196][ T5020] RSP: 002b:00007f7a273da228 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5019] futex(0x7f7a274a240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5020] <... write resumed>) = 10968 [pid 5020] futex(0x7f7a274a240c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] futex(0x7f7a274a2408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5019] exit_group(0) = ? [pid 5020] <... futex resumed>) = ? [pid 5020] +++ exited with 0 +++ +++ exited with 0 +++ [ 46.