./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor300149064 <...> DUID 00:04:98:96:05:40:f2:aa:0a:66:7a:29:c2:20:2e:76:e0:ec forked to background, child pid 3179 [ 27.060970][ T3180] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.072396][ T3180] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.210' (ECDSA) to the list of known hosts. execve("./syz-executor300149064", ["./syz-executor300149064"], 0x7ffd08695960 /* 10 vars */) = 0 brk(NULL) = 0x555555dfb000 brk(0x555555dfbc40) = 0x555555dfbc40 arch_prctl(ARCH_SET_FS, 0x555555dfb300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor300149064", 4096) = 27 brk(0x555555e1cc40) = 0x555555e1cc40 brk(0x555555e1d000) = 0x555555e1d000 mprotect(0x7f025761c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_CREAT|O_SYNC|O_NOFOLLOW, 000) = 3 fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK|O_NOATIME|FASYNC) = 0 ioctl(-1, EVIOCSFF, {type=0 /* FF_??? */, id=0, direction=0, ...}) = -1 EBADF (Bad file descriptor) write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 883) = 864 open("./file0", O_RDONLY|O_CREAT|O_EXCL|O_LARGEFILE|FASYNC|0x4000000, 000) = 4 gettid() = 3601 fcntl(4, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=3601}) = 0 fcntl(4, F_SETLEASE, F_RDLCK) = 0 syzkaller login: [ 49.616191][ T3601] [ 49.618542][ T3601] ===================================================== [ 49.625477][ T3601] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 49.632931][ T3601] 5.19.0-syzkaller-02972-g200e340f2196 #0 Not tainted [ 49.639673][ T3601] ----------------------------------------------------- [ 49.646582][ T3601] syz-executor300/3601 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 49.654636][ T3601] ffffffff8ba0a098 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xab/0x370 [ 49.663149][ T3601] [ 49.663149][ T3601] and this task is already holding: [ 49.670500][ T3601] ffff888020578db0 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x24/0x370 [ 49.679269][ T3601] which would create a new lock dependency: [ 49.685141][ T3601] (&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2} [ 49.692882][ T3601] [ 49.692882][ T3601] but this new dependency connects a HARDIRQ-irq-safe lock: [ 49.702330][ T3601] (&dev->event_lock#2){-.-.}-{2:2} [ 49.702352][ T3601] [ 49.702352][ T3601] ... which became HARDIRQ-irq-safe at: [ 49.715246][ T3601] lock_acquire+0x1ab/0x570 [ 49.719844][ T3601] _raw_spin_lock_irqsave+0x39/0x50 [ 49.725126][ T3601] input_event+0x7b/0xb0 [ 49.729451][ T3601] psmouse_report_standard_buttons+0x2c/0x80 [ 49.735515][ T3601] psmouse_process_byte+0x1e1/0x890 [ 49.740786][ T3601] psmouse_handle_byte+0x41/0x1b0 [ 49.745883][ T3601] psmouse_interrupt+0x304/0xf00 [ 49.750905][ T3601] serio_interrupt+0x88/0x150 [ 49.755659][ T3601] i8042_interrupt+0x27a/0x520 [ 49.760514][ T3601] __handle_irq_event_percpu+0x22c/0x880 [ 49.766222][ T3601] handle_irq_event+0xa7/0x1e0 [ 49.771058][ T3601] handle_edge_irq+0x25f/0xd00 [ 49.775896][ T3601] __common_interrupt+0x9d/0x210 [ 49.780925][ T3601] common_interrupt+0xa4/0xc0 [ 49.785676][ T3601] asm_common_interrupt+0x22/0x40 [ 49.790771][ T3601] unwind_next_frame+0x1fc/0x1cc0 [ 49.795869][ T3601] arch_stack_walk+0x7d/0xe0 [ 49.800546][ T3601] stack_trace_save+0x8c/0xc0 [ 49.805296][ T3601] kasan_save_stack+0x1e/0x40 [ 49.810045][ T3601] kasan_set_track+0x21/0x30 [ 49.814708][ T3601] kasan_set_free_info+0x20/0x30 [ 49.819718][ T3601] ____kasan_slab_free+0x166/0x1a0 [ 49.824898][ T3601] slab_free_freelist_hook+0x8b/0x1c0 [ 49.830362][ T3601] kfree+0xe2/0x4d0 [ 49.834241][ T3601] security_cred_free+0xc3/0x130 [ 49.839267][ T3601] put_cred_rcu+0x122/0x520 [ 49.843857][ T3601] rcu_core+0x7b5/0x18a0 [ 49.848173][ T3601] __do_softirq+0x29b/0x9c2 [ 49.852749][ T3601] run_ksoftirqd+0x2d/0x60 [ 49.857270][ T3601] smpboot_thread_fn+0x645/0x9c0 [ 49.862300][ T3601] kthread+0x2e9/0x3a0 [ 49.866438][ T3601] ret_from_fork+0x1f/0x30 [ 49.870932][ T3601] [ 49.870932][ T3601] to a HARDIRQ-irq-unsafe lock: [ 49.877931][ T3601] (tasklist_lock){.+.+}-{2:2} [ 49.877949][ T3601] [ 49.877949][ T3601] ... which became HARDIRQ-irq-unsafe at: [ 49.890572][ T3601] ... [ 49.890578][ T3601] lock_acquire+0x1ab/0x570 [ 49.897737][ T3601] _raw_read_lock+0x5b/0x70 [ 49.902328][ T3601] do_wait+0x284/0xce0 [ 49.906488][ T3601] kernel_wait+0x9c/0x150 [ 49.910976][ T3601] call_usermodehelper_exec_work+0xf5/0x180 [ 49.916946][ T3601] process_one_work+0x996/0x1610 [ 49.921958][ T3601] worker_thread+0x665/0x1080 [ 49.926732][ T3601] kthread+0x2e9/0x3a0 [ 49.930873][ T3601] ret_from_fork+0x1f/0x30 [ 49.935362][ T3601] [ 49.935362][ T3601] other info that might help us debug this: [ 49.935362][ T3601] [ 49.945575][ T3601] Chain exists of: [ 49.945575][ T3601] &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock [ 49.945575][ T3601] [ 49.958769][ T3601] Possible interrupt unsafe locking scenario: [ 49.958769][ T3601] [ 49.967087][ T3601] CPU0 CPU1 [ 49.972436][ T3601] ---- ---- [ 49.977785][ T3601] lock(tasklist_lock); [ 49.982032][ T3601] local_irq_disable(); [ 49.988790][ T3601] lock(&dev->event_lock#2); [ 49.995984][ T3601] lock(&f->f_owner.lock); [ 50.002995][ T3601] [ 50.006450][ T3601] lock(&dev->event_lock#2); [ 50.011294][ T3601] [ 50.011294][ T3601] *** DEADLOCK *** [ 50.011294][ T3601] [ 50.019423][ T3601] 6 locks held by syz-executor300/3601: [ 50.024981][ T3601] #0: ffff88807ee24460 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1b5d/0x28f0 [ 50.034199][ T3601] #1: ffffffff8bf4d1d0 (file_rwsem){.+.+}-{0:0}, at: do_dentry_open+0x432/0x12d0 [ 50.043404][ T3601] #2: ffff8880746766f8 (&ctx->flc_lock){+.+.}-{2:2}, at: __break_lease+0x208/0x1420 [ 50.052868][ T3601] #3: ffffffff8bd873c0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x41/0x470 [ 50.061900][ T3601] #4: ffff88801f699018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x136/0x470 [ 50.071017][ T3601] #5: ffff888020578db0 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x24/0x370 [ 50.080219][ T3601] [ 50.080219][ T3601] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 50.090606][ T3601] -> (&dev->event_lock#2){-.-.}-{2:2} { [ 50.096413][ T3601] IN-HARDIRQ-W at: [ 50.100640][ T3601] lock_acquire+0x1ab/0x570 [ 50.107302][ T3601] _raw_spin_lock_irqsave+0x39/0x50 [ 50.114656][ T3601] input_event+0x7b/0xb0 [ 50.121076][ T3601] psmouse_report_standard_buttons+0x2c/0x80 [ 50.129215][ T3601] psmouse_process_byte+0x1e1/0x890 [ 50.136572][ T3601] psmouse_handle_byte+0x41/0x1b0 [ 50.143752][ T3601] psmouse_interrupt+0x304/0xf00 [ 50.150848][ T3601] serio_interrupt+0x88/0x150 [ 50.157681][ T3601] i8042_interrupt+0x27a/0x520 [ 50.164601][ T3601] __handle_irq_event_percpu+0x22c/0x880 [ 50.172409][ T3601] handle_irq_event+0xa7/0x1e0 [ 50.179346][ T3601] handle_edge_irq+0x25f/0xd00 [ 50.186268][ T3601] __common_interrupt+0x9d/0x210 [ 50.193375][ T3601] common_interrupt+0xa4/0xc0 [ 50.200273][ T3601] asm_common_interrupt+0x22/0x40 [ 50.207470][ T3601] unwind_next_frame+0x1fc/0x1cc0 [ 50.214672][ T3601] arch_stack_walk+0x7d/0xe0 [ 50.221435][ T3601] stack_trace_save+0x8c/0xc0 [ 50.229320][ T3601] kasan_save_stack+0x1e/0x40 [ 50.236164][ T3601] kasan_set_track+0x21/0x30 [ 50.242910][ T3601] kasan_set_free_info+0x20/0x30 [ 50.250005][ T3601] ____kasan_slab_free+0x166/0x1a0 [ 50.257288][ T3601] slab_free_freelist_hook+0x8b/0x1c0 [ 50.264826][ T3601] kfree+0xe2/0x4d0 [ 50.270806][ T3601] security_cred_free+0xc3/0x130 [ 50.277901][ T3601] put_cred_rcu+0x122/0x520 [ 50.284581][ T3601] rcu_core+0x7b5/0x18a0 [ 50.290979][ T3601] __do_softirq+0x29b/0x9c2 [ 50.297639][ T3601] run_ksoftirqd+0x2d/0x60 [ 50.304211][ T3601] smpboot_thread_fn+0x645/0x9c0 [ 50.311306][ T3601] kthread+0x2e9/0x3a0 [ 50.317553][ T3601] ret_from_fork+0x1f/0x30 [ 50.324128][ T3601] IN-SOFTIRQ-W at: [ 50.328356][ T3601] lock_acquire+0x1ab/0x570 [ 50.335015][ T3601] _raw_spin_lock_irqsave+0x39/0x50 [ 50.342369][ T3601] input_event+0x7b/0xb0 [ 50.348774][ T3601] psmouse_report_standard_buttons+0x2c/0x80 [ 50.356917][ T3601] psmouse_process_byte+0x1e1/0x890 [ 50.364273][ T3601] psmouse_handle_byte+0x41/0x1b0 [ 50.371461][ T3601] psmouse_interrupt+0x304/0xf00 [ 50.378572][ T3601] serio_interrupt+0x88/0x150 [ 50.385411][ T3601] i8042_interrupt+0x27a/0x520 [ 50.392349][ T3601] __handle_irq_event_percpu+0x22c/0x880 [ 50.400144][ T3601] handle_irq_event+0xa7/0x1e0 [ 50.407071][ T3601] handle_edge_irq+0x25f/0xd00 [ 50.414000][ T3601] __common_interrupt+0x9d/0x210 [ 50.421095][ T3601] common_interrupt+0xa4/0xc0 [ 50.427932][ T3601] asm_common_interrupt+0x22/0x40 [ 50.435114][ T3601] unwind_next_frame+0x1fc/0x1cc0 [ 50.442319][ T3601] arch_stack_walk+0x7d/0xe0 [ 50.449095][ T3601] stack_trace_save+0x8c/0xc0 [ 50.455950][ T3601] kasan_save_stack+0x1e/0x40 [ 50.462786][ T3601] kasan_set_track+0x21/0x30 [ 50.469537][ T3601] kasan_set_free_info+0x20/0x30 [ 50.476636][ T3601] ____kasan_slab_free+0x166/0x1a0 [ 50.483904][ T3601] slab_free_freelist_hook+0x8b/0x1c0 [ 50.491453][ T3601] kfree+0xe2/0x4d0 [ 50.497421][ T3601] security_cred_free+0xc3/0x130 [ 50.504521][ T3601] put_cred_rcu+0x122/0x520 [ 50.511184][ T3601] rcu_core+0x7b5/0x18a0 [ 50.517587][ T3601] __do_softirq+0x29b/0x9c2 [ 50.524252][ T3601] run_ksoftirqd+0x2d/0x60 [ 50.530826][ T3601] smpboot_thread_fn+0x645/0x9c0 [ 50.537926][ T3601] kthread+0x2e9/0x3a0 [ 50.544154][ T3601] ret_from_fork+0x1f/0x30 [ 50.550727][ T3601] INITIAL USE at: [ 50.554864][ T3601] lock_acquire+0x1ab/0x570 [ 50.561436][ T3601] _raw_spin_lock_irqsave+0x39/0x50 [ 50.569589][ T3601] input_inject_event+0xa6/0x320 [ 50.576598][ T3601] led_set_brightness_nosleep+0xe6/0x1a0 [ 50.584302][ T3601] led_set_brightness+0x134/0x170 [ 50.591395][ T3601] led_trigger_event+0xb0/0x200 [ 50.598318][ T3601] kbd_led_trigger_activate+0xc9/0x100 [ 50.605868][ T3601] led_trigger_set+0x5d7/0xaf0 [ 50.612700][ T3601] led_trigger_set_default+0x1a6/0x230 [ 50.620227][ T3601] led_classdev_register_ext+0x56f/0x770 [ 50.627928][ T3601] input_leds_connect+0x4bd/0x860 [ 50.635018][ T3601] input_attach_handler+0x180/0x1f0 [ 50.642295][ T3601] input_register_device.cold+0xf0/0x304 [ 50.649999][ T3601] atkbd_connect+0x749/0xa10 [ 50.656661][ T3601] serio_driver_probe+0x72/0xa0 [ 50.663582][ T3601] really_probe+0x23e/0xb90 [ 50.670166][ T3601] __driver_probe_device+0x338/0x4d0 [ 50.677518][ T3601] driver_probe_device+0x4c/0x1a0 [ 50.684624][ T3601] __driver_attach+0x22d/0x550 [ 50.691457][ T3601] bus_for_each_dev+0x147/0x1d0 [ 50.698378][ T3601] serio_handle_event+0x5f6/0xa30 [ 50.705470][ T3601] process_one_work+0x996/0x1610 [ 50.712480][ T3601] worker_thread+0x665/0x1080 [ 50.719229][ T3601] kthread+0x2e9/0x3a0 [ 50.725369][ T3601] ret_from_fork+0x1f/0x30 [ 50.731861][ T3601] } [ 50.734601][ T3601] ... key at: [] __key.7+0x0/0x40 [ 50.741960][ T3601] -> (&client->buffer_lock){....}-{2:2} { [ 50.747849][ T3601] INITIAL USE at: [ 50.751896][ T3601] lock_acquire+0x1ab/0x570 [ 50.758296][ T3601] _raw_spin_lock+0x2a/0x40 [ 50.764697][ T3601] evdev_pass_values.part.0+0xf6/0x970 [ 50.772051][ T3601] evdev_events+0x359/0x3e0 [ 50.778448][ T3601] input_to_handler+0x2a0/0x4c0 [ 50.785196][ T3601] input_pass_values.part.0+0x230/0x710 [ 50.792644][ T3601] input_handle_event+0x373/0x1440 [ 50.799655][ T3601] input_inject_event+0x1bd/0x320 [ 50.806576][ T3601] evdev_write+0x430/0x760 [ 50.812886][ T3601] vfs_write+0x269/0xac0 [ 50.819028][ T3601] ksys_write+0x1e8/0x250 [ 50.825251][ T3601] do_syscall_64+0x35/0xb0 [ 50.831568][ T3601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.839359][ T3601] } [ 50.842037][ T3601] ... key at: [] __key.3+0x0/0x40 [ 50.849306][ T3601] ... acquired at: [ 50.853283][ T3601] _raw_spin_lock+0x2a/0x40 [ 50.857950][ T3601] evdev_pass_values.part.0+0xf6/0x970 [ 50.863567][ T3601] evdev_events+0x359/0x3e0 [ 50.868229][ T3601] input_to_handler+0x2a0/0x4c0 [ 50.873241][ T3601] input_pass_values.part.0+0x230/0x710 [ 50.878951][ T3601] input_handle_event+0x373/0x1440 [ 50.884222][ T3601] input_inject_event+0x1bd/0x320 [ 50.889407][ T3601] evdev_write+0x430/0x760 [ 50.893979][ T3601] vfs_write+0x269/0xac0 [ 50.898381][ T3601] ksys_write+0x1e8/0x250 [ 50.902870][ T3601] do_syscall_64+0x35/0xb0 [ 50.907525][ T3601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.913602][ T3601] [ 50.915921][ T3601] -> (&new->fa_lock){....}-{2:2} { [ 50.921118][ T3601] INITIAL READ USE at: [ 50.925515][ T3601] lock_acquire+0x1ab/0x570 [ 50.932178][ T3601] _raw_read_lock_irqsave+0x70/0x90 [ 50.939545][ T3601] kill_fasync+0x136/0x470 [ 50.946148][ T3601] evdev_pass_values.part.0+0x64e/0x970 [ 50.953856][ T3601] evdev_events+0x359/0x3e0 [ 50.960521][ T3601] input_to_handler+0x2a0/0x4c0 [ 50.967531][ T3601] input_pass_values.part.0+0x230/0x710 [ 50.975233][ T3601] input_handle_event+0x373/0x1440 [ 50.982505][ T3601] input_inject_event+0x1bd/0x320 [ 50.989709][ T3601] evdev_write+0x430/0x760 [ 50.996280][ T3601] vfs_write+0x269/0xac0 [ 51.002679][ T3601] ksys_write+0x1e8/0x250 [ 51.009280][ T3601] do_syscall_64+0x35/0xb0 [ 51.015875][ T3601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.023929][ T3601] } [ 51.026497][ T3601] ... key at: [] __key.0+0x0/0x40 [ 51.033700][ T3601] ... acquired at: [ 51.037569][ T3601] _raw_read_lock_irqsave+0x70/0x90 [ 51.042945][ T3601] kill_fasync+0x136/0x470 [ 51.047527][ T3601] evdev_pass_values.part.0+0x64e/0x970 [ 51.053258][ T3601] evdev_events+0x359/0x3e0 [ 51.057922][ T3601] input_to_handler+0x2a0/0x4c0 [ 51.062934][ T3601] input_pass_values.part.0+0x230/0x710 [ 51.068639][ T3601] input_handle_event+0x373/0x1440 [ 51.073909][ T3601] input_inject_event+0x1bd/0x320 [ 51.079093][ T3601] evdev_write+0x430/0x760 [ 51.083669][ T3601] vfs_write+0x269/0xac0 [ 51.088141][ T3601] ksys_write+0x1e8/0x250 [ 51.092657][ T3601] do_syscall_64+0x35/0xb0 [ 51.097257][ T3601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.103328][ T3601] [ 51.105652][ T3601] -> (&f->f_owner.lock){....}-{2:2} { [ 51.111053][ T3601] INITIAL USE at: [ 51.114940][ T3601] lock_acquire+0x1ab/0x570 [ 51.121003][ T3601] _raw_write_lock_irq+0x32/0x50 [ 51.127496][ T3601] f_modown+0x2a/0x390 [ 51.133116][ T3601] do_fcntl+0x923/0x1040 [ 51.138906][ T3601] __x64_sys_fcntl+0x15f/0x1d0 [ 51.145219][ T3601] do_syscall_64+0x35/0xb0 [ 51.151184][ T3601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.158633][ T3601] INITIAL READ USE at: [ 51.162943][ T3601] lock_acquire+0x1ab/0x570 [ 51.169429][ T3601] _raw_read_lock_irqsave+0x70/0x90 [ 51.176612][ T3601] send_sigio+0x24/0x370 [ 51.182838][ T3601] kill_fasync+0x1f8/0x470 [ 51.189244][ T3601] evdev_pass_values.part.0+0x64e/0x970 [ 51.196780][ T3601] evdev_events+0x359/0x3e0 [ 51.203266][ T3601] input_to_handler+0x2a0/0x4c0 [ 51.210112][ T3601] input_pass_values.part.0+0x230/0x710 [ 51.217645][ T3601] input_handle_event+0x373/0x1440 [ 51.224758][ T3601] input_inject_event+0x1bd/0x320 [ 51.231768][ T3601] evdev_write+0x430/0x760 [ 51.238183][ T3601] vfs_write+0x269/0xac0 [ 51.244428][ T3601] ksys_write+0x1e8/0x250 [ 51.250743][ T3601] do_syscall_64+0x35/0xb0 [ 51.257165][ T3601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.265060][ T3601] } [ 51.267542][ T3601] ... key at: [] __key.5+0x0/0x40 [ 51.274637][ T3601] ... acquired at: [ 51.278440][ T3601] _raw_read_lock_irqsave+0x70/0x90 [ 51.283883][ T3601] send_sigio+0x24/0x370 [ 51.288293][ T3601] kill_fasync+0x1f8/0x470 [ 51.292872][ T3601] evdev_pass_values.part.0+0x64e/0x970 [ 51.298581][ T3601] evdev_events+0x359/0x3e0 [ 51.303246][ T3601] input_to_handler+0x2a0/0x4c0 [ 51.308283][ T3601] input_pass_values.part.0+0x230/0x710 [ 51.313994][ T3601] input_handle_event+0x373/0x1440 [ 51.319271][ T3601] input_inject_event+0x1bd/0x320 [ 51.324456][ T3601] evdev_write+0x430/0x760 [ 51.329030][ T3601] vfs_write+0x269/0xac0 [ 51.333432][ T3601] ksys_write+0x1e8/0x250 [ 51.337924][ T3601] do_syscall_64+0x35/0xb0 [ 51.342503][ T3601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.348557][ T3601] [ 51.350864][ T3601] [ 51.350864][ T3601] the dependencies between the lock to be acquired [ 51.350870][ T3601] and HARDIRQ-irq-unsafe lock: [ 51.364365][ T3601] -> (tasklist_lock){.+.+}-{2:2} { [ 51.369479][ T3601] HARDIRQ-ON-R at: [ 51.373457][ T3601] lock_acquire+0x1ab/0x570 [ 51.379612][ T3601] _raw_read_lock+0x5b/0x70 [ 51.385765][ T3601] do_wait+0x284/0xce0 [ 51.391479][ T3601] kernel_wait+0x9c/0x150 [ 51.397458][ T3601] call_usermodehelper_exec_work+0xf5/0x180 [ 51.404989][ T3601] process_one_work+0x996/0x1610 [ 51.411565][ T3601] worker_thread+0x665/0x1080 [ 51.417889][ T3601] kthread+0x2e9/0x3a0 [ 51.423606][ T3601] ret_from_fork+0x1f/0x30 [ 51.429685][ T3601] SOFTIRQ-ON-R at: [ 51.433681][ T3601] lock_acquire+0x1ab/0x570 [ 51.439829][ T3601] _raw_read_lock+0x5b/0x70 [ 51.445968][ T3601] do_wait+0x284/0xce0 [ 51.451674][ T3601] kernel_wait+0x9c/0x150 [ 51.457635][ T3601] call_usermodehelper_exec_work+0xf5/0x180 [ 51.465162][ T3601] process_one_work+0x996/0x1610 [ 51.471758][ T3601] worker_thread+0x665/0x1080 [ 51.478074][ T3601] kthread+0x2e9/0x3a0 [ 51.483791][ T3601] ret_from_fork+0x1f/0x30 [ 51.489843][ T3601] INITIAL USE at: [ 51.493735][ T3601] lock_acquire+0x1ab/0x570 [ 51.499809][ T3601] _raw_write_lock_irq+0x32/0x50 [ 51.506301][ T3601] copy_process+0x449d/0x70a0 [ 51.512545][ T3601] kernel_clone+0xe7/0xab0 [ 51.518508][ T3601] user_mode_thread+0xad/0xe0 [ 51.524732][ T3601] rest_init+0x23/0x270 [ 51.530433][ T3601] arch_call_rest_init+0xf/0x14 [ 51.536853][ T3601] start_kernel+0x46e/0x48f [ 51.542902][ T3601] secondary_startup_64_no_verify+0xce/0xdb [ 51.550362][ T3601] INITIAL READ USE at: [ 51.554676][ T3601] lock_acquire+0x1ab/0x570 [ 51.561182][ T3601] _raw_read_lock+0x5b/0x70 [ 51.567668][ T3601] do_wait+0x284/0xce0 [ 51.573736][ T3601] kernel_wait+0x9c/0x150 [ 51.580050][ T3601] call_usermodehelper_exec_work+0xf5/0x180 [ 51.587926][ T3601] process_one_work+0x996/0x1610 [ 51.594846][ T3601] worker_thread+0x665/0x1080 [ 51.601508][ T3601] kthread+0x2e9/0x3a0 [ 51.607559][ T3601] ret_from_fork+0x1f/0x30 [ 51.613964][ T3601] } [ 51.616461][ T3601] ... key at: [] tasklist_lock+0x18/0x40 [ 51.624169][ T3601] ... acquired at: [ 51.627972][ T3601] lock_acquire+0x1ab/0x570 [ 51.632634][ T3601] _raw_read_lock+0x5b/0x70 [ 51.637385][ T3601] send_sigio+0xab/0x370 [ 51.641788][ T3601] kill_fasync+0x1f8/0x470 [ 51.646363][ T3601] lease_break_callback+0x1f/0x30 [ 51.651558][ T3601] __break_lease+0x3d7/0x1420 [ 51.656395][ T3601] do_dentry_open+0x432/0x12d0 [ 51.661318][ T3601] path_openat+0x1c92/0x28f0 [ 51.667137][ T3601] do_filp_open+0x1b6/0x400 [ 51.671798][ T3601] do_sys_openat2+0x16d/0x4c0 [ 51.676637][ T3601] __x64_sys_creat+0xc9/0x120 [ 51.681476][ T3601] do_syscall_64+0x35/0xb0 [ 51.686052][ T3601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.692106][ T3601] [ 51.694411][ T3601] [ 51.694411][ T3601] stack backtrace: [ 51.700281][ T3601] CPU: 0 PID: 3601 Comm: syz-executor300 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 [ 51.710414][ T3601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.720455][ T3601] Call Trace: [ 51.723719][ T3601] [ 51.726636][ T3601] dump_stack_lvl+0xcd/0x134 [ 51.731216][ T3601] check_irq_usage.cold+0x4c1/0x6b0 [ 51.736405][ T3601] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 51.743507][ T3601] ? create_prof_cpu_mask+0x20/0x20 [ 51.748713][ T3601] ? check_path.constprop.0+0x24/0x50 [ 51.754073][ T3601] ? stack_trace_save+0x8c/0xc0 [ 51.758915][ T3601] __lock_acquire+0x2ad2/0x5660 [ 51.763756][ T3601] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.769730][ T3601] lock_acquire+0x1ab/0x570 [ 51.774217][ T3601] ? send_sigio+0xab/0x370 [ 51.778623][ T3601] ? lock_release+0x780/0x780 [ 51.783302][ T3601] ? lock_release+0x780/0x780 [ 51.787999][ T3601] ? lock_release+0x780/0x780 [ 51.792661][ T3601] _raw_read_lock+0x5b/0x70 [ 51.797155][ T3601] ? send_sigio+0xab/0x370 [ 51.801555][ T3601] send_sigio+0xab/0x370 [ 51.805786][ T3601] kill_fasync+0x1f8/0x470 [ 51.810190][ T3601] lease_break_callback+0x1f/0x30 [ 51.815198][ T3601] __break_lease+0x3d7/0x1420 [ 51.819860][ T3601] ? locks_remove_posix+0x580/0x580 [ 51.825040][ T3601] ? check_access_path_dual.part.0+0x3470/0x3470 [ 51.831357][ T3601] ? apparmor_path_chmod+0x20/0x20 [ 51.836455][ T3601] ? fsnotify_perm.part.0+0x221/0x610 [ 51.841828][ T3601] do_dentry_open+0x432/0x12d0 [ 51.846578][ T3601] path_openat+0x1c92/0x28f0 [ 51.851157][ T3601] ? path_lookupat+0x840/0x840 [ 51.855907][ T3601] do_filp_open+0x1b6/0x400 [ 51.860392][ T3601] ? may_open_dev+0xf0/0xf0 [ 51.864879][ T3601] ? find_held_lock+0x2d/0x110 [ 51.869629][ T3601] ? do_raw_spin_lock+0x120/0x2a0 [ 51.874638][ T3601] ? rwlock_bug.part.0+0x90/0x90 [ 51.879558][ T3601] ? _find_next_bit+0x1e3/0x260 [ 51.884412][ T3601] ? _raw_spin_unlock+0x24/0x40 [ 51.889250][ T3601] ? alloc_fd+0x2f0/0x670 [ 51.893569][ T3601] do_sys_openat2+0x16d/0x4c0 [ 51.898236][ T3601] ? find_held_lock+0x2d/0x110 [ 51.902992][ T3601] ? build_open_flags+0x6f0/0x6f0 [ 51.908002][ T3601] ? ptrace_notify+0xfa/0x140 [ 51.912666][ T3601] ? lock_downgrade+0x6e0/0x6e0 [ 51.917502][ T3601] __x64_sys_creat+0xc9/0x120 [ 51.922184][ T3601] ? __x64_compat_sys_openat+0x1f0/0x1f0 [ 51.927805][ T3601] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.932988][ T3601] ? ptrace_notify+0xfa/0x140 [ 51.937646][ T3601] ? syscall_trace_enter.constprop.0+0xb0/0x240 [ 51.943870][ T3601] do_syscall_64+0x35/0xb0 [ 51.948306][ T3601] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.954182][ T3601] RIP: 0033:0x7f02575af749 [ 51.958581][ T3601] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.978178][ T3601] RSP: 002b:00007ffe535b0f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 51.986573][ T3601] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f02575af749 [ 51.994527][ T3601] RDX: 00007f02575af749 RSI: 0000000000000000 RDI: 0000000020001440 [ 52.002484][ T3601] RBP: 00007f025756f250 R08: 0000000000000000 R09: 0000000000000000 [ 52.010438][ T3601] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f025756f2e0 [ 52.018395][ T3601] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 52.026360][ T3601]