./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor974517431 <...> [ 29.462088][ T3189] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.475644][ T3189] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 40.808394][ T27] kauditd_printk_skb: 37 callbacks suppressed [ 40.808411][ T27] audit: type=1400 audit(1657668560.070:73): avc: denied { transition } for pid=3443 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 40.864646][ T27] audit: type=1400 audit(1657668560.110:74): avc: denied { write } for pid=3443 comm="sh" path="pipe:[28013]" dev="pipefs" ino=28013 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.83' (ECDSA) to the list of known hosts. execve("./syz-executor974517431", ["./syz-executor974517431"], 0x7ffde8a9b1d0 /* 10 vars */) = 0 brk(NULL) = 0x5555569af000 brk(0x5555569afc40) = 0x5555569afc40 arch_prctl(ARCH_SET_FS, 0x5555569af300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor974517431", 4096) = 27 brk(0x5555569d0c40) = 0x5555569d0c40 brk(0x5555569d1000) = 0x5555569d1000 mprotect(0x7fcf30bdd000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 open(".", O_RDONLY) = 3 open(".", O_RDONLY) = 4 fcntl(4, F_NOTIFY, DN_ACCESS|DN_CREATE) = 0 fcntl(4, F_SETOWN, -1) = 0 fcntl(-1, F_SETOWN, -1) = -1 EBADF (Bad file descriptor) fcntl(-1, F_SETOWN, -1) = -1 EBADF (Bad file descriptor) symlinkat("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 3, "./file0") = 0 openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_CREAT|O_SYNC|O_NOFOLLOW, 000) = 5 ioctl(-1, EVIOCSFF, {type=0 /* FF_??? */, id=0, direction=0, ...}) = -1 EBADF (Bad file descriptor) ioctl(5, FIOASYNC, [4]) = 0 [ 51.415107][ T27] audit: type=1400 audit(1657668570.680:75): avc: denied { execmem } for pid=3616 comm="syz-executor974" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 51.434689][ T3616] [ 51.434698][ T3616] ===================================================== [ 51.434704][ T3616] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 51.434715][ T3616] 5.19.0-rc6-syzkaller-00104-g72a8e05d4f66 #0 Not tainted [ 51.434727][ T3616] ----------------------------------------------------- [ 51.434733][ T3616] syz-executor974/3616 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 51.434759][ T3616] ffff888079392630 (&f->f_owner.lock){....}-{2:2} [ 51.438137][ T27] audit: type=1400 audit(1657668570.700:76): avc: denied { write } for pid=3616 comm="syz-executor974" name="event0" dev="devtmpfs" ino=831 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 51.444006][ T3616] , at: send_sigio+0x24/0x380 [ 51.444030][ T3616] [ 51.444030][ T3616] and this task is already holding: [ 51.444035][ T3616] ffff88807608b9f0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x136/0x470 [ 51.451559][ T27] audit: type=1400 audit(1657668570.700:77): avc: denied { open } for pid=3616 comm="syz-executor974" path="/dev/input/event0" dev="devtmpfs" ino=831 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 51.458593][ T3616] which would create a new lock dependency: [ 51.458601][ T3616] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){....}-{2:2} [ 51.562231][ T3616] [ 51.562231][ T3616] but this new dependency connects a HARDIRQ-irq-safe lock: [ 51.571670][ T3616] (&dev->event_lock#2){-...}-{2:2} [ 51.571702][ T3616] [ 51.571702][ T3616] ... which became HARDIRQ-irq-safe at: [ 51.584608][ T3616] lock_acquire+0x1ab/0x570 [ 51.589215][ T3616] _raw_spin_lock_irqsave+0x39/0x50 [ 51.594509][ T3616] input_event+0x7b/0xb0 [ 51.598835][ T3616] psmouse_report_standard_buttons+0x2c/0x80 [ 51.604902][ T3616] psmouse_process_byte+0x1e1/0x890 [ 51.610211][ T3616] psmouse_handle_byte+0x41/0x1b0 [ 51.615348][ T3616] psmouse_interrupt+0x304/0xf00 [ 51.620389][ T3616] serio_interrupt+0x88/0x150 [ 51.625151][ T3616] i8042_interrupt+0x27a/0x520 [ 51.630010][ T3616] __handle_irq_event_percpu+0x22b/0x880 [ 51.635739][ T3616] handle_irq_event+0xa7/0x1e0 [ 51.640587][ T3616] handle_edge_irq+0x25f/0xd00 [ 51.645439][ T3616] __common_interrupt+0x9d/0x210 [ 51.650463][ T3616] common_interrupt+0xa4/0xc0 [ 51.655221][ T3616] asm_common_interrupt+0x22/0x40 [ 51.660332][ T3616] lock_acquire+0x1ef/0x570 [ 51.664920][ T3616] fs_reclaim_acquire+0xd2/0x160 [ 51.669943][ T3616] kmem_cache_alloc+0x3d/0x560 [ 51.674798][ T3616] __kernfs_new_node+0xd4/0x8b0 [ 51.679735][ T3616] kernfs_new_node+0x93/0x120 [ 51.684499][ T3616] kernfs_create_link+0xcb/0x230 [ 51.689525][ T3616] sysfs_do_create_link_sd+0x90/0x140 [ 51.694979][ T3616] sysfs_create_link+0x5f/0xc0 [ 51.699823][ T3616] module_add_driver+0x7a/0x370 [ 51.704845][ T3616] bus_add_driver+0x2ff/0x640 [ 51.709609][ T3616] driver_register+0x220/0x3a0 [ 51.714457][ T3616] usb_register_driver+0x249/0x460 [ 51.719654][ T3616] do_one_initcall+0x103/0x650 [ 51.724501][ T3616] kernel_init_freeable+0x6b1/0x73a [ 51.729784][ T3616] kernel_init+0x1a/0x1d0 [ 51.734203][ T3616] ret_from_fork+0x1f/0x30 [ 51.738715][ T3616] [ 51.738715][ T3616] to a HARDIRQ-irq-unsafe lock: [ 51.745744][ T3616] (tasklist_lock){.+.+}-{2:2} [ 51.745773][ T3616] [ 51.745773][ T3616] ... which became HARDIRQ-irq-unsafe at: [ 51.758405][ T3616] ... [ 51.758412][ T3616] lock_acquire+0x1ab/0x570 [ 51.765692][ T3616] _raw_read_lock+0x5b/0x70 [ 51.770281][ T3616] do_wait+0x284/0xce0 [ 51.774437][ T3616] kernel_wait+0x9c/0x150 [ 51.778852][ T3616] call_usermodehelper_exec_work+0xf5/0x180 [ 51.784834][ T3616] process_one_work+0x996/0x1610 [ 51.789859][ T3616] worker_thread+0x665/0x1080 [ 51.794619][ T3616] kthread+0x2e9/0x3a0 [ 51.798769][ T3616] ret_from_fork+0x1f/0x30 [ 51.803278][ T3616] [ 51.803278][ T3616] other info that might help us debug this: [ 51.803278][ T3616] [ 51.813494][ T3616] Chain exists of: [ 51.813494][ T3616] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 51.813494][ T3616] [ 51.826448][ T3616] Possible interrupt unsafe locking scenario: [ 51.826448][ T3616] [ 51.834752][ T3616] CPU0 CPU1 [ 51.840114][ T3616] ---- ---- [ 51.845473][ T3616] lock(tasklist_lock); [ 51.849710][ T3616] local_irq_disable(); [ 51.856455][ T3616] lock(&dev->event_lock#2); [ 51.863652][ T3616] lock(&new->fa_lock); [ 51.870408][ T3616] [ 51.873848][ T3616] lock(&dev->event_lock#2); [ 51.878708][ T3616] [ 51.878708][ T3616] *** DEADLOCK *** [ 51.878708][ T3616] [ 51.886841][ T3616] 8 locks held by syz-executor974/3616: [ 51.892372][ T3616] #0: ffff888147c34110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 51.902037][ T3616] #1: ffff88814681b230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xa6/0x320 [ 51.912143][ T3616] #2: ffffffff8bd845a0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x320 [ 51.921804][ T3616] #3: ffffffff8bd845a0 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 51.931909][ T3616] #4: ffffffff8bd845a0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 [ 51.941048][ T3616] #5: ffff888017521028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 51.951846][ T3616] #6: ffffffff8bd845a0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x41/0x470 [ 51.960904][ T3616] #7: ffff88807608b9f0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x136/0x470 [ 51.970051][ T3616] [ 51.970051][ T3616] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 51.980445][ T3616] -> (&dev->event_lock#2){-...}-{2:2} { [ 51.986183][ T3616] IN-HARDIRQ-W at: [ 51.990330][ T3616] lock_acquire+0x1ab/0x570 [ 51.996841][ T3616] _raw_spin_lock_irqsave+0x39/0x50 [ 52.004038][ T3616] input_event+0x7b/0xb0 [ 52.010272][ T3616] psmouse_report_standard_buttons+0x2c/0x80 [ 52.018248][ T3616] psmouse_process_byte+0x1e1/0x890 [ 52.025451][ T3616] psmouse_handle_byte+0x41/0x1b0 [ 52.032485][ T3616] psmouse_interrupt+0x304/0xf00 [ 52.039418][ T3616] serio_interrupt+0x88/0x150 [ 52.046089][ T3616] i8042_interrupt+0x27a/0x520 [ 52.052860][ T3616] __handle_irq_event_percpu+0x22b/0x880 [ 52.060489][ T3616] handle_irq_event+0xa7/0x1e0 [ 52.067247][ T3616] handle_edge_irq+0x25f/0xd00 [ 52.074103][ T3616] __common_interrupt+0x9d/0x210 [ 52.081129][ T3616] common_interrupt+0xa4/0xc0 [ 52.087885][ T3616] asm_common_interrupt+0x22/0x40 [ 52.094909][ T3616] lock_acquire+0x1ef/0x570 [ 52.101409][ T3616] fs_reclaim_acquire+0xd2/0x160 [ 52.108358][ T3616] kmem_cache_alloc+0x3d/0x560 [ 52.115118][ T3616] __kernfs_new_node+0xd4/0x8b0 [ 52.121966][ T3616] kernfs_new_node+0x93/0x120 [ 52.128638][ T3616] kernfs_create_link+0xcb/0x230 [ 52.135591][ T3616] sysfs_do_create_link_sd+0x90/0x140 [ 52.142971][ T3616] sysfs_create_link+0x5f/0xc0 [ 52.149731][ T3616] module_add_driver+0x7a/0x370 [ 52.156583][ T3616] bus_add_driver+0x2ff/0x640 [ 52.163267][ T3616] driver_register+0x220/0x3a0 [ 52.170039][ T3616] usb_register_driver+0x249/0x460 [ 52.177162][ T3616] do_one_initcall+0x103/0x650 [ 52.183950][ T3616] kernel_init_freeable+0x6b1/0x73a [ 52.191160][ T3616] kernel_init+0x1a/0x1d0 [ 52.197486][ T3616] ret_from_fork+0x1f/0x30 [ 52.203897][ T3616] INITIAL USE at: [ 52.207968][ T3616] lock_acquire+0x1ab/0x570 [ 52.214401][ T3616] _raw_spin_lock_irqsave+0x39/0x50 [ 52.221599][ T3616] input_inject_event+0xa6/0x320 [ 52.228444][ T3616] led_set_brightness_nosleep+0xe6/0x1a0 [ 52.235996][ T3616] led_set_brightness+0x134/0x170 [ 52.242927][ T3616] led_trigger_event+0xb0/0x200 [ 52.249684][ T3616] kbd_led_trigger_activate+0xc9/0x100 [ 52.257062][ T3616] led_trigger_set+0x5d7/0xaf0 [ 52.263736][ T3616] led_trigger_set_default+0x1a6/0x230 [ 52.271191][ T3616] led_classdev_register_ext+0x56f/0x770 [ 52.278730][ T3616] input_leds_connect+0x4bd/0x860 [ 52.285751][ T3616] input_attach_handler+0x180/0x1f0 [ 52.292877][ T3616] input_register_device.cold+0xf0/0x303 [ 52.300423][ T3616] atkbd_connect+0x749/0xa10 [ 52.306922][ T3616] serio_driver_probe+0x72/0xa0 [ 52.313677][ T3616] really_probe+0x23e/0xb90 [ 52.320089][ T3616] __driver_probe_device+0x338/0x4d0 [ 52.327282][ T3616] driver_probe_device+0x4c/0x1a0 [ 52.334321][ T3616] __driver_attach+0x22d/0x550 [ 52.340992][ T3616] bus_for_each_dev+0x147/0x1d0 [ 52.347749][ T3616] serio_handle_event+0x5f6/0xa30 [ 52.354683][ T3616] process_one_work+0x996/0x1610 [ 52.361527][ T3616] worker_thread+0x665/0x1080 [ 52.368115][ T3616] kthread+0x2e9/0x3a0 [ 52.374088][ T3616] ret_from_fork+0x1f/0x30 [ 52.380502][ T3616] } [ 52.383163][ T3616] ... key at: [] __key.7+0x0/0x40 [ 52.390451][ T3616] -> (&client->buffer_lock){....}-{2:2} { [ 52.396283][ T3616] INITIAL USE at: [ 52.400266][ T3616] lock_acquire+0x1ab/0x570 [ 52.406604][ T3616] _raw_spin_lock+0x2a/0x40 [ 52.413021][ T3616] evdev_pass_values.part.0+0xf6/0x970 [ 52.420217][ T3616] evdev_events+0x359/0x3e0 [ 52.426468][ T3616] input_to_handler+0x2a0/0x4c0 [ 52.433055][ T3616] input_pass_values.part.0+0x230/0x710 [ 52.440346][ T3616] input_handle_event+0x373/0x1440 [ 52.447192][ T3616] input_inject_event+0x1bd/0x320 [ 52.453947][ T3616] evdev_write+0x430/0x760 [ 52.460110][ T3616] vfs_write+0x269/0xac0 [ 52.466086][ T3616] ksys_write+0x1e8/0x250 [ 52.472149][ T3616] do_syscall_64+0x35/0xb0 [ 52.478325][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.485970][ T3616] } [ 52.488554][ T3616] ... key at: [] __key.3+0x0/0x40 [ 52.495769][ T3616] ... acquired at: [ 52.499674][ T3616] _raw_spin_lock+0x2a/0x40 [ 52.504355][ T3616] evdev_pass_values.part.0+0xf6/0x970 [ 52.510002][ T3616] evdev_events+0x359/0x3e0 [ 52.514686][ T3616] input_to_handler+0x2a0/0x4c0 [ 52.519716][ T3616] input_pass_values.part.0+0x230/0x710 [ 52.525440][ T3616] input_handle_event+0x373/0x1440 [ 52.530727][ T3616] input_inject_event+0x1bd/0x320 [ 52.535931][ T3616] evdev_write+0x430/0x760 [ 52.540610][ T3616] vfs_write+0x269/0xac0 [ 52.545023][ T3616] ksys_write+0x1e8/0x250 [ 52.549523][ T3616] do_syscall_64+0x35/0xb0 [ 52.554108][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.560190][ T3616] [ 52.562503][ T3616] -> (&new->fa_lock){....}-{2:2} { [ 52.567637][ T3616] INITIAL READ USE at: [ 52.571980][ T3616] lock_acquire+0x1ab/0x570 [ 52.578578][ T3616] _raw_read_lock_irqsave+0x70/0x90 [ 52.585787][ T3616] kill_fasync+0x136/0x470 [ 52.592216][ T3616] evdev_pass_values.part.0+0x64e/0x970 [ 52.599772][ T3616] evdev_events+0x359/0x3e0 [ 52.606275][ T3616] input_to_handler+0x2a0/0x4c0 [ 52.613127][ T3616] input_pass_values.part.0+0x230/0x710 [ 52.620666][ T3616] input_handle_event+0x373/0x1440 [ 52.627795][ T3616] input_inject_event+0x1bd/0x320 [ 52.634822][ T3616] evdev_write+0x430/0x760 [ 52.641244][ T3616] vfs_write+0x269/0xac0 [ 52.647511][ T3616] ksys_write+0x1e8/0x250 [ 52.653847][ T3616] do_syscall_64+0x35/0xb0 [ 52.660272][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.668177][ T3616] } [ 52.670675][ T3616] ... key at: [] __key.0+0x0/0x40 [ 52.677801][ T3616] ... acquired at: [ 52.681594][ T3616] _raw_read_lock_irqsave+0x70/0x90 [ 52.686966][ T3616] kill_fasync+0x136/0x470 [ 52.691559][ T3616] evdev_pass_values.part.0+0x64e/0x970 [ 52.697281][ T3616] evdev_events+0x359/0x3e0 [ 52.701953][ T3616] input_to_handler+0x2a0/0x4c0 [ 52.707000][ T3616] input_pass_values.part.0+0x230/0x710 [ 52.712715][ T3616] input_handle_event+0x373/0x1440 [ 52.717995][ T3616] input_inject_event+0x1bd/0x320 [ 52.723188][ T3616] evdev_write+0x430/0x760 [ 52.727778][ T3616] vfs_write+0x269/0xac0 [ 52.732207][ T3616] ksys_write+0x1e8/0x250 [ 52.736718][ T3616] do_syscall_64+0x35/0xb0 [ 52.741303][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.747370][ T3616] [ 52.749684][ T3616] [ 52.749684][ T3616] the dependencies between the lock to be acquired [ 52.749692][ T3616] and HARDIRQ-irq-unsafe lock: [ 52.763204][ T3616] -> (tasklist_lock){.+.+}-{2:2} { [ 52.768420][ T3616] HARDIRQ-ON-R at: [ 52.772499][ T3616] lock_acquire+0x1ab/0x570 [ 52.778840][ T3616] _raw_read_lock+0x5b/0x70 [ 52.785181][ T3616] do_wait+0x284/0xce0 [ 52.791080][ T3616] kernel_wait+0x9c/0x150 [ 52.797235][ T3616] call_usermodehelper_exec_work+0xf5/0x180 [ 52.804954][ T3616] process_one_work+0x996/0x1610 [ 52.811716][ T3616] worker_thread+0x665/0x1080 [ 52.818212][ T3616] kthread+0x2e9/0x3a0 [ 52.824099][ T3616] ret_from_fork+0x1f/0x30 [ 52.830338][ T3616] SOFTIRQ-ON-R at: [ 52.834398][ T3616] lock_acquire+0x1ab/0x570 [ 52.840743][ T3616] _raw_read_lock+0x5b/0x70 [ 52.847074][ T3616] do_wait+0x284/0xce0 [ 52.852973][ T3616] kernel_wait+0x9c/0x150 [ 52.859142][ T3616] call_usermodehelper_exec_work+0xf5/0x180 [ 52.866887][ T3616] process_one_work+0x996/0x1610 [ 52.873644][ T3616] worker_thread+0x665/0x1080 [ 52.880142][ T3616] kthread+0x2e9/0x3a0 [ 52.886031][ T3616] ret_from_fork+0x1f/0x30 [ 52.892277][ T3616] INITIAL USE at: [ 52.896252][ T3616] lock_acquire+0x1ab/0x570 [ 52.902496][ T3616] _raw_write_lock_irq+0x32/0x50 [ 52.909171][ T3616] copy_process+0x445e/0x7020 [ 52.915582][ T3616] kernel_clone+0xe7/0xab0 [ 52.921731][ T3616] user_mode_thread+0xad/0xe0 [ 52.928142][ T3616] rest_init+0x23/0x270 [ 52.934041][ T3616] arch_call_rest_init+0xf/0x14 [ 52.940627][ T3616] start_kernel+0x46e/0x48f [ 52.946884][ T3616] secondary_startup_64_no_verify+0xce/0xdb [ 52.954515][ T3616] INITIAL READ USE at: [ 52.958936][ T3616] lock_acquire+0x1ab/0x570 [ 52.965612][ T3616] _raw_read_lock+0x5b/0x70 [ 52.972288][ T3616] do_wait+0x284/0xce0 [ 52.978612][ T3616] kernel_wait+0x9c/0x150 [ 52.985116][ T3616] call_usermodehelper_exec_work+0xf5/0x180 [ 52.993192][ T3616] process_one_work+0x996/0x1610 [ 53.000384][ T3616] worker_thread+0x665/0x1080 [ 53.007231][ T3616] kthread+0x2e9/0x3a0 [ 53.013467][ T3616] ret_from_fork+0x1f/0x30 [ 53.020056][ T3616] } [ 53.022634][ T3616] ... key at: [] tasklist_lock+0x18/0x40 [ 53.030453][ T3616] ... acquired at: [ 53.034335][ T3616] _raw_read_lock+0x5b/0x70 [ 53.039014][ T3616] send_sigio+0xab/0x380 [ 53.043430][ T3616] dnotify_handle_event+0x148/0x280 [ 53.048808][ T3616] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 53.055399][ T3616] fsnotify+0xec5/0x13a0 [ 53.059813][ T3616] vfs_symlink+0x242/0x2c0 [ 53.064404][ T3616] do_symlinkat+0x261/0x2e0 [ 53.069078][ T3616] __x64_sys_symlinkat+0x93/0xc0 [ 53.074187][ T3616] do_syscall_64+0x35/0xb0 [ 53.078780][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.085979][ T3616] [ 53.088295][ T3616] -> (&f->f_owner.lock){....}-{2:2} { [ 53.093683][ T3616] INITIAL USE at: [ 53.097585][ T3616] lock_acquire+0x1ab/0x570 [ 53.103652][ T3616] _raw_write_lock_irq+0x32/0x50 [ 53.110154][ T3616] f_modown+0x2a/0x390 [ 53.115784][ T3616] fcntl_dirnotify+0x9f3/0xf30 [ 53.122111][ T3616] do_fcntl+0x24c/0x1040 [ 53.127931][ T3616] __x64_sys_fcntl+0x15f/0x1d0 [ 53.134256][ T3616] do_syscall_64+0x35/0xb0 [ 53.140235][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.147695][ T3616] INITIAL READ USE at: [ 53.152024][ T3616] lock_acquire+0x1ab/0x570 [ 53.158531][ T3616] _raw_read_lock_irqsave+0x70/0x90 [ 53.165812][ T3616] send_sigio+0x24/0x380 [ 53.172052][ T3616] dnotify_handle_event+0x148/0x280 [ 53.179249][ T3616] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 53.187662][ T3616] fsnotify+0xec5/0x13a0 [ 53.193901][ T3616] vfs_symlink+0x242/0x2c0 [ 53.200315][ T3616] do_symlinkat+0x261/0x2e0 [ 53.206812][ T3616] __x64_sys_symlinkat+0x93/0xc0 [ 53.213744][ T3616] do_syscall_64+0x35/0xb0 [ 53.220170][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.228063][ T3616] } [ 53.230559][ T3616] ... key at: [] __key.5+0x0/0x40 [ 53.237667][ T3616] ... acquired at: [ 53.241459][ T3616] lock_acquire+0x1ab/0x570 [ 53.246141][ T3616] _raw_read_lock_irqsave+0x70/0x90 [ 53.251512][ T3616] send_sigio+0x24/0x380 [ 53.255948][ T3616] kill_fasync+0x1f8/0x470 [ 53.260534][ T3616] evdev_pass_values.part.0+0x64e/0x970 [ 53.266253][ T3616] evdev_events+0x359/0x3e0 [ 53.270928][ T3616] input_to_handler+0x2a0/0x4c0 [ 53.275969][ T3616] input_pass_values.part.0+0x230/0x710 [ 53.281691][ T3616] input_handle_event+0x373/0x1440 [ 53.286987][ T3616] input_inject_event+0x1bd/0x320 [ 53.292187][ T3616] evdev_write+0x430/0x760 [ 53.296782][ T3616] vfs_write+0x269/0xac0 [ 53.301210][ T3616] ksys_write+0x1e8/0x250 [ 53.305714][ T3616] do_syscall_64+0x35/0xb0 [ 53.310312][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.316407][ T3616] [ 53.318729][ T3616] [ 53.318729][ T3616] stack backtrace: [ 53.324607][ T3616] CPU: 0 PID: 3616 Comm: syz-executor974 Not tainted 5.19.0-rc6-syzkaller-00104-g72a8e05d4f66 #0 [ 53.335120][ T3616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 53.345193][ T3616] Call Trace: [ 53.348503][ T3616] [ 53.351442][ T3616] dump_stack_lvl+0xcd/0x134 [ 53.356055][ T3616] check_irq_usage.cold+0x4c1/0x6b0 [ 53.361351][ T3616] ? __module_text_address+0xc7/0x1a0 [ 53.366724][ T3616] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 53.373839][ T3616] ? unwind_get_return_address+0x51/0x90 [ 53.379478][ T3616] ? create_prof_cpu_mask+0x20/0x20 [ 53.384680][ T3616] ? check_path.constprop.0+0x24/0x50 [ 53.390063][ T3616] ? register_lock_class+0xbe/0x1130 [ 53.395352][ T3616] ? filter_irq_stacks+0x90/0x90 [ 53.400294][ T3616] __lock_acquire+0x2ad6/0x5660 [ 53.405149][ T3616] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 53.411134][ T3616] lock_acquire+0x1ab/0x570 [ 53.415643][ T3616] ? send_sigio+0x24/0x380 [ 53.420057][ T3616] ? lock_release+0x780/0x780 [ 53.424736][ T3616] ? lock_release+0x780/0x780 [ 53.429415][ T3616] ? lock_release+0x780/0x780 [ 53.434094][ T3616] _raw_read_lock_irqsave+0x70/0x90 [ 53.439294][ T3616] ? send_sigio+0x24/0x380 [ 53.443707][ T3616] send_sigio+0x24/0x380 [ 53.447950][ T3616] kill_fasync+0x1f8/0x470 [ 53.452380][ T3616] evdev_pass_values.part.0+0x64e/0x970 [ 53.457932][ T3616] ? evdev_free+0x70/0x70 [ 53.462270][ T3616] ? ktime_mono_to_any+0xb5/0x1e0 [ 53.467312][ T3616] evdev_events+0x359/0x3e0 [ 53.471836][ T3616] ? evdev_connect+0x4b0/0x4b0 [ 53.476622][ T3616] input_to_handler+0x2a0/0x4c0 [ 53.481487][ T3616] input_pass_values.part.0+0x230/0x710 [ 53.487050][ T3616] input_handle_event+0x373/0x1440 [ 53.492172][ T3616] input_inject_event+0x1bd/0x320 [ 53.497234][ T3616] evdev_write+0x430/0x760 [ 53.501750][ T3616] ? evdev_read+0xe30/0xe30 [ 53.506277][ T3616] ? security_file_permission+0xab/0xd0 [ 53.511839][ T3616] ? evdev_read+0xe30/0xe30 [ 53.516357][ T3616] vfs_write+0x269/0xac0 [ 53.520612][ T3616] ksys_write+0x1e8/0x250 [ 53.524944][ T3616] ? __ia32_sys_read+0xb0/0xb0 [ 53.529713][ T3616] ? lockdep_hardirqs_on+0x79/0x100 [ 53.534914][ T3616] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.540202][ T3616] ? ptrace_notify+0xfa/0x140 [ 53.544881][ T3616] do_syscall_64+0x35/0xb0 [ 53.549295][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.555192][ T3616] RIP: 0033:0x7fcf30b707f9 [ 53.559609][ T3616] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.579219][ T3616] RSP: 002b:00007fff75a22c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 53.587629][ T3616] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcf30b707f9 [ 53.595643][ T3616] RDX: 0000000000000373 RSI: 0000000020000040 RDI: 0000000000000005 [ 53.603609][ T3616] RBP: 00007fcf30b30300 R08: 0000000000000000 R09: 0000000000000000 [ 53.611576][ T3616] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcf30b30390 write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 883) = 864 exit_group(0) = ? +++ exited with 0 +++ [ 53.619634][ T3616] R13: 0000000000000000 R14: 0000000000000000