./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1583605920 <...> Warning: Permanently added '10.128.0.152' (ECDSA) to the list of known hosts. execve("./syz-executor1583605920", ["./syz-executor1583605920"], 0x7ffc38547df0 /* 10 vars */) = 0 brk(NULL) = 0x5555560c9000 brk(0x5555560c9c40) = 0x5555560c9c40 arch_prctl(ARCH_SET_FS, 0x5555560c9300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1583605920", 4096) = 28 brk(0x5555560eac40) = 0x5555560eac40 brk(0x5555560eb000) = 0x5555560eb000 mprotect(0x7f5632a8e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_UNIX, SOCK_DGRAM, 0) = 3 bind(3, {sa_family=AF_UNIX, sun_path="\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b"}, 110) = 0 ioctl(3, FIOSETOWN, [-1]) = 0 ioctl(3, FIOASYNC, [2]) = 0 socket(AF_UNIX, SOCK_DGRAM, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b"}, 110) = 0 sendmmsg(4, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, ...], 3682232011, MSG_DONTWAIT|MSG_EOR|MSG_FIN|MSG_SYN|MSG_CONFIRM|MSG_RST|MSG_ERRQUEUE) = 11 openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 ioctl(5, FIOASYNC, [233]) = 0 openat(AT_FDCWD, "/dev/input/event0", O_RDWR|O_NOFOLLOW) = 6 syzkaller login: [ 45.375001][ T3606] [ 45.377355][ T3606] ===================================================== [ 45.384270][ T3606] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 45.391713][ T3606] 6.0.0-rc5-syzkaller-00097-g38eddeedbbea #0 Not tainted [ 45.398723][ T3606] ----------------------------------------------------- [ 45.405646][ T3606] syz-executor158/3606 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 45.413697][ T3606] ffff88807a72a0c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x136/0x470 [ 45.422396][ T3606] [ 45.422396][ T3606] and this task is already holding: [ 45.429740][ T3606] ffff888017a75028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 45.440075][ T3606] which would create a new lock dependency: [ 45.445943][ T3606] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 45.454028][ T3606] [ 45.454028][ T3606] but this new dependency connects a HARDIRQ-irq-safe lock: [ 45.463553][ T3606] (&dev->event_lock#2){-...}-{2:2} [ 45.463584][ T3606] [ 45.463584][ T3606] ... which became HARDIRQ-irq-safe at: [ 45.476478][ T3606] lock_acquire+0x1ab/0x570 [ 45.481067][ T3606] _raw_spin_lock_irqsave+0x39/0x50 [ 45.486367][ T3606] input_event+0x6c/0xa0 [ 45.490709][ T3606] psmouse_report_standard_buttons+0x2c/0x80 [ 45.496772][ T3606] psmouse_process_byte+0x1e1/0x890 [ 45.502050][ T3606] psmouse_handle_byte+0x41/0x1b0 [ 45.507174][ T3606] psmouse_interrupt+0x304/0xf00 [ 45.512195][ T3606] serio_interrupt+0x88/0x150 [ 45.516958][ T3606] i8042_interrupt+0x27a/0x520 [ 45.521808][ T3606] __handle_irq_event_percpu+0x227/0x870 [ 45.527529][ T3606] handle_irq_event+0xa7/0x1e0 [ 45.532396][ T3606] handle_edge_irq+0x25f/0xd00 [ 45.537240][ T3606] __common_interrupt+0x9d/0x210 [ 45.542263][ T3606] common_interrupt+0xa4/0xc0 [ 45.547024][ T3606] asm_common_interrupt+0x22/0x40 [ 45.552133][ T3606] acpi_safe_halt+0x6f/0xb0 [ 45.556716][ T3606] acpi_idle_enter+0x524/0x6a0 [ 45.561576][ T3606] cpuidle_enter_state+0x1ab/0xd30 [ 45.566778][ T3606] cpuidle_enter+0x4a/0xa0 [ 45.571293][ T3606] do_idle+0x3e8/0x590 [ 45.575445][ T3606] cpu_startup_entry+0x14/0x20 [ 45.580303][ T3606] start_secondary+0x21d/0x2b0 [ 45.585164][ T3606] secondary_startup_64_no_verify+0xce/0xdb [ 45.591144][ T3606] [ 45.591144][ T3606] to a HARDIRQ-irq-unsafe lock: [ 45.598149][ T3606] (tasklist_lock){.+.+}-{2:2} [ 45.598174][ T3606] [ 45.598174][ T3606] ... which became HARDIRQ-irq-unsafe at: [ 45.610809][ T3606] ... [ 45.610816][ T3606] lock_acquire+0x1ab/0x570 [ 45.617991][ T3606] _raw_read_lock+0x5b/0x70 [ 45.622588][ T3606] do_wait+0x27f/0xce0 [ 45.626745][ T3606] kernel_wait+0x9c/0x150 [ 45.631158][ T3606] call_usermodehelper_exec_work+0xf5/0x180 [ 45.637133][ T3606] process_one_work+0x991/0x1610 [ 45.642240][ T3606] worker_thread+0x665/0x1080 [ 45.647000][ T3606] kthread+0x2e4/0x3a0 [ 45.651154][ T3606] ret_from_fork+0x1f/0x30 [ 45.655655][ T3606] [ 45.655655][ T3606] other info that might help us debug this: [ 45.655655][ T3606] [ 45.665871][ T3606] Chain exists of: [ 45.665871][ T3606] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 45.665871][ T3606] [ 45.679450][ T3606] Possible interrupt unsafe locking scenario: [ 45.679450][ T3606] [ 45.687755][ T3606] CPU0 CPU1 [ 45.693109][ T3606] ---- ---- [ 45.698460][ T3606] lock(tasklist_lock); [ 45.702695][ T3606] local_irq_disable(); [ 45.709437][ T3606] lock(&dev->event_lock#2); [ 45.716635][ T3606] lock(&client->buffer_lock); [ 45.723997][ T3606] [ 45.727439][ T3606] lock(&dev->event_lock#2); [ 45.732305][ T3606] [ 45.732305][ T3606] *** DEADLOCK *** [ 45.732305][ T3606] [ 45.740455][ T3606] 7 locks held by syz-executor158/3606: [ 45.745994][ T3606] #0: ffff888022192110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 45.755150][ T3606] #1: ffff88801be81230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0x9b/0x320 [ 45.765258][ T3606] #2: ffffffff8bf89400 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x87/0x320 [ 45.774918][ T3606] #3: ffffffff8bf89400 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 45.785025][ T3606] #4: ffffffff8bf89400 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 [ 45.794193][ T3606] #5: ffff888017a75028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 45.805097][ T3606] #6: ffffffff8bf89400 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x41/0x470 [ 45.814186][ T3606] [ 45.814186][ T3606] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 45.824594][ T3606] -> (&dev->event_lock#2){-...}-{2:2} { [ 45.830245][ T3606] IN-HARDIRQ-W at: [ 45.834319][ T3606] lock_acquire+0x1ab/0x570 [ 45.840646][ T3606] _raw_spin_lock_irqsave+0x39/0x50 [ 45.847679][ T3606] input_event+0x6c/0xa0 [ 45.853755][ T3606] psmouse_report_standard_buttons+0x2c/0x80 [ 45.861561][ T3606] psmouse_process_byte+0x1e1/0x890 [ 45.868581][ T3606] psmouse_handle_byte+0x41/0x1b0 [ 45.875437][ T3606] psmouse_interrupt+0x304/0xf00 [ 45.882194][ T3606] serio_interrupt+0x88/0x150 [ 45.888709][ T3606] i8042_interrupt+0x27a/0x520 [ 45.895296][ T3606] __handle_irq_event_percpu+0x227/0x870 [ 45.902765][ T3606] handle_irq_event+0xa7/0x1e0 [ 45.909351][ T3606] handle_edge_irq+0x25f/0xd00 [ 45.915936][ T3606] __common_interrupt+0x9d/0x210 [ 45.923128][ T3606] common_interrupt+0xa4/0xc0 [ 45.929624][ T3606] asm_common_interrupt+0x22/0x40 [ 45.936482][ T3606] acpi_safe_halt+0x6f/0xb0 [ 45.942804][ T3606] acpi_idle_enter+0x524/0x6a0 [ 45.949386][ T3606] cpuidle_enter_state+0x1ab/0xd30 [ 45.956321][ T3606] cpuidle_enter+0x4a/0xa0 [ 45.962558][ T3606] do_idle+0x3e8/0x590 [ 45.968449][ T3606] cpu_startup_entry+0x14/0x20 [ 45.975039][ T3606] start_secondary+0x21d/0x2b0 [ 45.981621][ T3606] secondary_startup_64_no_verify+0xce/0xdb [ 45.989341][ T3606] INITIAL USE at: [ 45.993328][ T3606] lock_acquire+0x1ab/0x570 [ 45.999566][ T3606] _raw_spin_lock_irqsave+0x39/0x50 [ 46.006510][ T3606] input_inject_event+0x9b/0x320 [ 46.013183][ T3606] led_set_brightness_nosleep+0xe6/0x1a0 [ 46.020553][ T3606] led_set_brightness+0x134/0x170 [ 46.027311][ T3606] led_trigger_event+0xb0/0x200 [ 46.033898][ T3606] kbd_led_trigger_activate+0xc9/0x100 [ 46.041106][ T3606] led_trigger_set+0x5d7/0xaf0 [ 46.047620][ T3606] led_trigger_set_default+0x1a6/0x230 [ 46.054816][ T3606] led_classdev_register_ext+0x56f/0x760 [ 46.062187][ T3606] input_leds_connect+0x4bd/0x860 [ 46.068949][ T3606] input_attach_handler+0x180/0x1f0 [ 46.075994][ T3606] input_register_device.cold+0xf0/0x2ff [ 46.083362][ T3606] atkbd_connect+0x749/0xa10 [ 46.089689][ T3606] serio_driver_probe+0x72/0xa0 [ 46.096294][ T3606] really_probe+0x249/0xb90 [ 46.102606][ T3606] __driver_probe_device+0x1df/0x4d0 [ 46.109627][ T3606] driver_probe_device+0x4c/0x1a0 [ 46.116386][ T3606] __driver_attach+0x1d0/0x550 [ 46.122884][ T3606] bus_for_each_dev+0x147/0x1d0 [ 46.129467][ T3606] serio_handle_event+0x5f6/0xa30 [ 46.136226][ T3606] process_one_work+0x991/0x1610 [ 46.142910][ T3606] worker_thread+0x665/0x1080 [ 46.149326][ T3606] kthread+0x2e4/0x3a0 [ 46.155130][ T3606] ret_from_fork+0x1f/0x30 [ 46.161296][ T3606] } [ 46.163882][ T3606] ... key at: [] __key.7+0x0/0x40 [ 46.171104][ T3606] -> (&client->buffer_lock){....}-{2:2} { [ 46.176840][ T3606] INITIAL USE at: [ 46.180725][ T3606] lock_acquire+0x1ab/0x570 [ 46.186792][ T3606] _raw_spin_lock+0x2a/0x40 [ 46.192855][ T3606] evdev_pass_values.part.0+0xf6/0x960 [ 46.199890][ T3606] evdev_events+0x359/0x3e0 [ 46.205958][ T3606] input_to_handler+0x2a0/0x4c0 [ 46.212368][ T3606] input_pass_values.part.0+0x230/0x710 [ 46.219475][ T3606] input_event_dispose+0x5cf/0x730 [ 46.226161][ T3606] input_handle_event+0x112/0xda0 [ 46.232767][ T3606] input_inject_event+0x1c4/0x320 [ 46.239378][ T3606] evdev_write+0x430/0x760 [ 46.245380][ T3606] vfs_write+0x2d7/0xdd0 [ 46.251197][ T3606] ksys_write+0x1e8/0x250 [ 46.257100][ T3606] do_syscall_64+0x35/0xb0 [ 46.263083][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.270713][ T3606] } [ 46.273213][ T3606] ... key at: [] __key.3+0x0/0x40 [ 46.280334][ T3606] ... acquired at: [ 46.284124][ T3606] _raw_spin_lock+0x2a/0x40 [ 46.288798][ T3606] evdev_pass_values.part.0+0xf6/0x960 [ 46.294445][ T3606] evdev_events+0x359/0x3e0 [ 46.299120][ T3606] input_to_handler+0x2a0/0x4c0 [ 46.304150][ T3606] input_pass_values.part.0+0x230/0x710 [ 46.309868][ T3606] input_event_dispose+0x5cf/0x730 [ 46.315150][ T3606] input_handle_event+0x112/0xda0 [ 46.320346][ T3606] input_inject_event+0x1c4/0x320 [ 46.325713][ T3606] evdev_write+0x430/0x760 [ 46.330299][ T3606] vfs_write+0x2d7/0xdd0 [ 46.334723][ T3606] ksys_write+0x1e8/0x250 [ 46.339224][ T3606] do_syscall_64+0x35/0xb0 [ 46.343811][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.349873][ T3606] [ 46.352183][ T3606] [ 46.352183][ T3606] the dependencies between the lock to be acquired [ 46.352192][ T3606] and HARDIRQ-irq-unsafe lock: [ 46.365697][ T3606] -> (tasklist_lock){.+.+}-{2:2} { [ 46.370996][ T3606] HARDIRQ-ON-R at: [ 46.375144][ T3606] lock_acquire+0x1ab/0x570 [ 46.381643][ T3606] _raw_read_lock+0x5b/0x70 [ 46.388136][ T3606] do_wait+0x27f/0xce0 [ 46.394295][ T3606] kernel_wait+0x9c/0x150 [ 46.400614][ T3606] call_usermodehelper_exec_work+0xf5/0x180 [ 46.408501][ T3606] process_one_work+0x991/0x1610 [ 46.415534][ T3606] worker_thread+0x665/0x1080 [ 46.422205][ T3606] kthread+0x2e4/0x3a0 [ 46.428268][ T3606] ret_from_fork+0x1f/0x30 [ 46.434679][ T3606] SOFTIRQ-ON-R at: [ 46.438823][ T3606] lock_acquire+0x1ab/0x570 [ 46.445333][ T3606] _raw_read_lock+0x5b/0x70 [ 46.451828][ T3606] do_wait+0x27f/0xce0 [ 46.457890][ T3606] kernel_wait+0x9c/0x150 [ 46.464214][ T3606] call_usermodehelper_exec_work+0xf5/0x180 [ 46.472099][ T3606] process_one_work+0x991/0x1610 [ 46.479047][ T3606] worker_thread+0x665/0x1080 [ 46.485722][ T3606] kthread+0x2e4/0x3a0 [ 46.491790][ T3606] ret_from_fork+0x1f/0x30 [ 46.498210][ T3606] INITIAL USE at: [ 46.502271][ T3606] lock_acquire+0x1ab/0x570 [ 46.508683][ T3606] _raw_write_lock_irq+0x32/0x50 [ 46.515549][ T3606] copy_process+0x449b/0x7090 [ 46.522148][ T3606] kernel_clone+0xe7/0xab0 [ 46.528471][ T3606] user_mode_thread+0xad/0xe0 [ 46.535060][ T3606] rest_init+0x23/0x270 [ 46.541124][ T3606] arch_call_rest_init+0xf/0x14 [ 46.547898][ T3606] start_kernel+0x46e/0x48f [ 46.554307][ T3606] secondary_startup_64_no_verify+0xce/0xdb [ 46.562209][ T3606] INITIAL READ USE at: [ 46.566702][ T3606] lock_acquire+0x1ab/0x570 [ 46.573548][ T3606] _raw_read_lock+0x5b/0x70 [ 46.580393][ T3606] do_wait+0x27f/0xce0 [ 46.586805][ T3606] kernel_wait+0x9c/0x150 [ 46.593496][ T3606] call_usermodehelper_exec_work+0xf5/0x180 [ 46.601732][ T3606] process_one_work+0x991/0x1610 [ 46.609012][ T3606] worker_thread+0x665/0x1080 [ 46.616037][ T3606] kthread+0x2e4/0x3a0 [ 46.622455][ T3606] ret_from_fork+0x1f/0x30 [ 46.629215][ T3606] } [ 46.631885][ T3606] ... key at: [] tasklist_lock+0x18/0x40 [ 46.639778][ T3606] ... acquired at: [ 46.643741][ T3606] _raw_read_lock+0x5b/0x70 [ 46.648428][ T3606] send_sigio+0xab/0x370 [ 46.652925][ T3606] kill_fasync+0x1f8/0x470 [ 46.657510][ T3606] sock_wake_async+0xd2/0x160 [ 46.662355][ T3606] sock_def_readable+0x349/0x4e0 [ 46.667459][ T3606] unix_dgram_sendmsg+0xf88/0x1b50 [ 46.672746][ T3606] sock_sendmsg+0xcf/0x120 [ 46.677331][ T3606] ____sys_sendmsg+0x334/0x810 [ 46.682264][ T3606] ___sys_sendmsg+0x110/0x1b0 [ 46.687114][ T3606] __sys_sendmmsg+0x18b/0x460 [ 46.691970][ T3606] __x64_sys_sendmmsg+0x99/0x100 [ 46.697100][ T3606] do_syscall_64+0x35/0xb0 [ 46.701693][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.707787][ T3606] [ 46.710100][ T3606] -> (&f->f_owner.lock){....}-{2:2} { [ 46.715570][ T3606] INITIAL USE at: [ 46.719544][ T3606] lock_acquire+0x1ab/0x570 [ 46.725780][ T3606] _raw_write_lock_irq+0x32/0x50 [ 46.732479][ T3606] f_modown+0x2a/0x390 [ 46.738280][ T3606] f_setown+0xd7/0x230 [ 46.744083][ T3606] sock_ioctl+0x37e/0x640 [ 46.750147][ T3606] __x64_sys_ioctl+0x193/0x200 [ 46.756643][ T3606] do_syscall_64+0x35/0xb0 [ 46.762819][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.770533][ T3606] INITIAL READ USE at: [ 46.774963][ T3606] lock_acquire+0x1ab/0x570 [ 46.781630][ T3606] _raw_read_lock_irqsave+0x70/0x90 [ 46.788994][ T3606] send_sigio+0x24/0x370 [ 46.795407][ T3606] kill_fasync+0x1f8/0x470 [ 46.802001][ T3606] sock_wake_async+0xd2/0x160 [ 46.808850][ T3606] sock_def_readable+0x349/0x4e0 [ 46.815953][ T3606] unix_dgram_sendmsg+0xf88/0x1b50 [ 46.823249][ T3606] sock_sendmsg+0xcf/0x120 [ 46.829831][ T3606] ____sys_sendmsg+0x334/0x810 [ 46.836767][ T3606] ___sys_sendmsg+0x110/0x1b0 [ 46.843611][ T3606] __sys_sendmmsg+0x18b/0x460 [ 46.850457][ T3606] __x64_sys_sendmmsg+0x99/0x100 [ 46.857566][ T3606] do_syscall_64+0x35/0xb0 [ 46.864153][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.872220][ T3606] } [ 46.874800][ T3606] ... key at: [] __key.5+0x0/0x40 [ 46.881995][ T3606] ... acquired at: [ 46.885875][ T3606] _raw_read_lock_irqsave+0x70/0x90 [ 46.891245][ T3606] send_sigio+0x24/0x370 [ 46.895656][ T3606] kill_fasync+0x1f8/0x470 [ 46.900237][ T3606] sock_wake_async+0xd2/0x160 [ 46.905173][ T3606] sock_def_readable+0x349/0x4e0 [ 46.910281][ T3606] unix_dgram_sendmsg+0xf88/0x1b50 [ 46.915656][ T3606] sock_sendmsg+0xcf/0x120 [ 46.920243][ T3606] ____sys_sendmsg+0x334/0x810 [ 46.925187][ T3606] ___sys_sendmsg+0x110/0x1b0 [ 46.930051][ T3606] __sys_sendmmsg+0x18b/0x460 [ 46.934923][ T3606] __x64_sys_sendmmsg+0x99/0x100 [ 46.940047][ T3606] do_syscall_64+0x35/0xb0 [ 46.944641][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.950712][ T3606] [ 46.953027][ T3606] -> (&new->fa_lock){....}-{2:2} { [ 46.958152][ T3606] INITIAL READ USE at: [ 46.962471][ T3606] lock_acquire+0x1ab/0x570 [ 46.968986][ T3606] _raw_read_lock_irqsave+0x70/0x90 [ 46.976176][ T3606] kill_fasync+0x136/0x470 [ 46.982583][ T3606] sock_wake_async+0xd2/0x160 [ 46.989255][ T3606] sock_def_readable+0x349/0x4e0 [ 46.996186][ T3606] unix_dgram_sendmsg+0xf88/0x1b50 [ 47.003297][ T3606] sock_sendmsg+0xcf/0x120 [ 47.009708][ T3606] ____sys_sendmsg+0x334/0x810 [ 47.016465][ T3606] ___sys_sendmsg+0x110/0x1b0 [ 47.023152][ T3606] __sys_sendmmsg+0x18b/0x460 [ 47.029831][ T3606] __x64_sys_sendmmsg+0x99/0x100 [ 47.036762][ T3606] do_syscall_64+0x35/0xb0 [ 47.043175][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.051088][ T3606] } [ 47.053577][ T3606] ... key at: [] __key.0+0x0/0x40 [ 47.060686][ T3606] ... acquired at: [ 47.064739][ T3606] lock_acquire+0x1ab/0x570 [ 47.069408][ T3606] _raw_read_lock_irqsave+0x70/0x90 [ 47.074780][ T3606] kill_fasync+0x136/0x470 [ 47.079363][ T3606] evdev_pass_values.part.0+0x667/0x960 [ 47.085084][ T3606] evdev_events+0x359/0x3e0 [ 47.089769][ T3606] input_to_handler+0x2a0/0x4c0 [ 47.094881][ T3606] input_pass_values.part.0+0x230/0x710 [ 47.100600][ T3606] input_event_dispose+0x5cf/0x730 [ 47.105883][ T3606] input_handle_event+0x112/0xda0 [ 47.111085][ T3606] input_inject_event+0x1c4/0x320 [ 47.116282][ T3606] evdev_write+0x430/0x760 [ 47.120885][ T3606] vfs_write+0x2d7/0xdd0 [ 47.125406][ T3606] ksys_write+0x1e8/0x250 [ 47.129924][ T3606] do_syscall_64+0x35/0xb0 [ 47.134540][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.140625][ T3606] [ 47.142962][ T3606] [ 47.142962][ T3606] stack backtrace: [ 47.148841][ T3606] CPU: 1 PID: 3606 Comm: syz-executor158 Not tainted 6.0.0-rc5-syzkaller-00097-g38eddeedbbea #0 [ 47.159251][ T3606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 47.169387][ T3606] Call Trace: [ 47.172660][ T3606] [ 47.175590][ T3606] dump_stack_lvl+0xcd/0x134 [ 47.180190][ T3606] check_irq_usage.cold+0x4c1/0x6b0 [ 47.185419][ T3606] ? lock_downgrade+0x6e0/0x6e0 [ 47.190271][ T3606] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 47.197383][ T3606] ? mark_lock.part.0+0xee/0x1910 [ 47.202415][ T3606] ? check_path.constprop.0+0x24/0x50 [ 47.207790][ T3606] ? register_lock_class+0xbe/0x1120 [ 47.213083][ T3606] ? lock_chain_count+0x20/0x20 [ 47.217937][ T3606] ? do_raw_spin_unlock+0x171/0x230 [ 47.223227][ T3606] ? is_dynamic_key.part.0+0x130/0x130 [ 47.228688][ T3606] ? try_to_wake_up+0x100/0x1e60 [ 47.233633][ T3606] __lock_acquire+0x2a5b/0x56d0 [ 47.238491][ T3606] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 47.244561][ T3606] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 47.250545][ T3606] lock_acquire+0x1ab/0x570 [ 47.255050][ T3606] ? kill_fasync+0x136/0x470 [ 47.259640][ T3606] ? lock_release+0x780/0x780 [ 47.264413][ T3606] ? lock_release+0x780/0x780 [ 47.269177][ T3606] ? lock_release+0x780/0x780 [ 47.273941][ T3606] ? __wake_up_common+0x650/0x650 [ 47.278964][ T3606] _raw_read_lock_irqsave+0x70/0x90 [ 47.284162][ T3606] ? kill_fasync+0x136/0x470 [ 47.288834][ T3606] kill_fasync+0x136/0x470 [ 47.293249][ T3606] evdev_pass_values.part.0+0x667/0x960 [ 47.298809][ T3606] ? evdev_free+0x70/0x70 [ 47.303150][ T3606] ? ktime_mono_to_any+0xb5/0x1e0 [ 47.308188][ T3606] evdev_events+0x359/0x3e0 [ 47.312691][ T3606] ? evdev_connect+0x4b0/0x4b0 [ 47.317455][ T3606] input_to_handler+0x2a0/0x4c0 [ 47.322304][ T3606] input_pass_values.part.0+0x230/0x710 [ 47.327850][ T3606] input_event_dispose+0x5cf/0x730 [ 47.332975][ T3606] input_handle_event+0x112/0xda0 [ 47.338002][ T3606] input_inject_event+0x1c4/0x320 [ 47.343025][ T3606] evdev_write+0x430/0x760 [ 47.347439][ T3606] ? evdev_read+0xe30/0xe30 [ 47.351941][ T3606] ? apparmor_file_permission+0x264/0x4e0 [ 47.357658][ T3606] ? bpf_lsm_file_permission+0x5/0x10 [ 47.363041][ T3606] ? security_file_permission+0xab/0xd0 [ 47.368587][ T3606] vfs_write+0x2d7/0xdd0 [ 47.372925][ T3606] ? evdev_read+0xe30/0xe30 [ 47.377432][ T3606] ? vfs_read+0x930/0x930 [ 47.381772][ T3606] ? find_held_lock+0x2d/0x110 [ 47.386536][ T3606] ? ptrace_notify+0xfa/0x140 [ 47.391220][ T3606] ? lock_downgrade+0x6e0/0x6e0 [ 47.396154][ T3606] ? __fget_light+0x20a/0x270 [ 47.400830][ T3606] ksys_write+0x1e8/0x250 [ 47.405158][ T3606] ? __ia32_sys_read+0xb0/0xb0 [ 47.409919][ T3606] ? lockdep_hardirqs_on+0x79/0x100 [ 47.415218][ T3606] ? _raw_spin_unlock_irq+0x2a/0x40 [ 47.420418][ T3606] ? ptrace_notify+0xfa/0x140 [ 47.425095][ T3606] do_syscall_64+0x35/0xb0 [ 47.429522][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.435411][ T3606] RIP: 0033:0x7f5632a21829 [ 47.439830][ T3606] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 47.459552][ T3606] RSP: 002b:00007ffeb7407cf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 47.467977][ T3606] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5632a21829 [ 47.475944][ T3606] RDX: 0000000000000079 RSI: 000000002004d000 RDI: 0000000000000006 write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x10\x27\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 121) = 120 exit_group(0) = ? +++ exited with 0 +++ [