./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3063547679 <...> Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts. execve("./syz-executor3063547679", ["./syz-executor3063547679"], 0x7ffcef274730 /* 10 vars */) = 0 brk(NULL) = 0x555556df5000 brk(0x555556df5c40) = 0x555556df5c40 arch_prctl(ARCH_SET_FS, 0x555556df5300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3063547679", 4096) = 28 brk(0x555556e16c40) = 0x555556e16c40 brk(0x555556e17000) = 0x555556e17000 mprotect(0x7f4c04577000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 inotify_init1(0) = 3 inotify_add_watch(3, ".", IN_OPEN|IN_MOVED_TO|IN_CREATE|IN_DELETE|IN_MOVE_SELF|IN_ONLYDIR|IN_EXCL_UNLINK|IN_MASK_ADD|IN_ISDIR|IN_ONESHOT) = 1 ioctl(3, FIOASYNC, [1]) = 0 fcntl(3, F_SETOWN, -1) = 0 openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000) = 5 ioctl(-1, HIDIOCGUSAGES, 0x20000080) = -1 EBADF (Bad file descriptor) openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 6 ioctl(6, FIOASYNC, [3]) = 0 [ 61.185144][ T5080] [ 61.187634][ T5080] ===================================================== [ 61.195090][ T5080] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 61.202532][ T5080] 6.1.0-syzkaller-14446-g8395ae05cb5a #0 Not tainted [ 61.209275][ T5080] ----------------------------------------------------- [ 61.216305][ T5080] syz-executor306/5080 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 61.224388][ T5080] ffff88802a53c018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13a/0x480 [ 61.233105][ T5080] [ 61.233105][ T5080] and this task is already holding: [ 61.240451][ T5080] ffff88801ef9c028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 61.250808][ T5080] which would create a new lock dependency: [ 61.256775][ T5080] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 61.265062][ T5080] [ 61.265062][ T5080] but this new dependency connects a HARDIRQ-irq-safe lock: [ 61.274507][ T5080] (&dev->event_lock#2){-...}-{2:2} [ 61.274545][ T5080] [ 61.274545][ T5080] ... which became HARDIRQ-irq-safe at: [ 61.287429][ T5080] lock_acquire+0x1e3/0x630 [ 61.292028][ T5080] _raw_spin_lock_irqsave+0x3d/0x60 [ 61.297322][ T5080] input_event+0x70/0xa0 [ 61.301744][ T5080] psmouse_report_standard_buttons+0x30/0x80 [ 61.307825][ T5080] psmouse_process_byte+0x39e/0x8b0 [ 61.313115][ T5080] psmouse_handle_byte+0x41/0x1b0 [ 61.318237][ T5080] psmouse_interrupt+0x308/0xf00 [ 61.323267][ T5080] serio_interrupt+0x8c/0x150 [ 61.328044][ T5080] i8042_interrupt+0x27e/0x520 [ 61.332908][ T5080] __handle_irq_event_percpu+0x264/0x970 [ 61.338642][ T5080] handle_irq_event+0xab/0x1e0 [ 61.343500][ T5080] handle_edge_irq+0x263/0xd00 [ 61.348362][ T5080] __common_interrupt+0xa1/0x210 [ 61.353400][ T5080] common_interrupt+0xa8/0xd0 [ 61.358180][ T5080] asm_common_interrupt+0x26/0x40 [ 61.363301][ T5080] unwind_next_frame+0x514/0x1d00 [ 61.368420][ T5080] arch_stack_walk+0x81/0xf0 [ 61.373103][ T5080] stack_trace_save+0x90/0xc0 [ 61.377884][ T5080] kasan_save_stack+0x22/0x40 [ 61.382655][ T5080] kasan_set_track+0x25/0x30 [ 61.387336][ T5080] __kasan_kmalloc+0xa5/0xb0 [ 61.392016][ T5080] __kmalloc+0x5a/0xd0 [ 61.396185][ T5080] security_prepare_creds+0x112/0x190 [ 61.401662][ T5080] prepare_creds+0x572/0x7b0 [ 61.406351][ T5080] copy_creds+0xa7/0xd50 [ 61.410691][ T5080] copy_process+0xd60/0x7520 [ 61.415374][ T5080] kernel_clone+0xeb/0x990 [ 61.419883][ T5080] user_mode_thread+0xb1/0xf0 [ 61.424655][ T5080] call_usermodehelper_exec_work+0xd0/0x180 [ 61.430639][ T5080] process_one_work+0x9bf/0x1710 [ 61.435672][ T5080] worker_thread+0x669/0x1090 [ 61.440442][ T5080] kthread+0x2e8/0x3a0 [ 61.444603][ T5080] ret_from_fork+0x1f/0x30 [ 61.449119][ T5080] [ 61.449119][ T5080] to a HARDIRQ-irq-unsafe lock: [ 61.456133][ T5080] (tasklist_lock){.+.+}-{2:2} [ 61.456170][ T5080] [ 61.456170][ T5080] ... which became HARDIRQ-irq-unsafe at: [ 61.468797][ T5080] ... [ 61.468804][ T5080] lock_acquire+0x1e3/0x630 [ 61.475968][ T5080] _raw_read_lock+0x5f/0x70 [ 61.480566][ T5080] do_wait+0x2b7/0xd70 [ 61.484736][ T5080] kernel_wait+0xa0/0x150 [ 61.489169][ T5080] call_usermodehelper_exec_work+0xf9/0x180 [ 61.495326][ T5080] process_one_work+0x9bf/0x1710 [ 61.500363][ T5080] worker_thread+0x669/0x1090 [ 61.505133][ T5080] kthread+0x2e8/0x3a0 [ 61.509297][ T5080] ret_from_fork+0x1f/0x30 [ 61.513812][ T5080] [ 61.513812][ T5080] other info that might help us debug this: [ 61.513812][ T5080] [ 61.524064][ T5080] Chain exists of: [ 61.524064][ T5080] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 61.524064][ T5080] [ 61.537638][ T5080] Possible interrupt unsafe locking scenario: [ 61.537638][ T5080] [ 61.545953][ T5080] CPU0 CPU1 [ 61.551584][ T5080] ---- ---- [ 61.556982][ T5080] lock(tasklist_lock); [ 61.561247][ T5080] local_irq_disable(); [ 61.568028][ T5080] lock(&dev->event_lock#2); [ 61.575235][ T5080] lock(&client->buffer_lock); [ 61.582608][ T5080] [ 61.586055][ T5080] lock(&dev->event_lock#2); [ 61.590916][ T5080] [ 61.590916][ T5080] *** DEADLOCK *** [ 61.590916][ T5080] [ 61.599053][ T5080] 7 locks held by syz-executor306/5080: [ 61.604769][ T5080] #0: ffff888023148110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d7/0x760 [ 61.613939][ T5080] #1: ffff888019609230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0x9f/0x330 [ 61.624078][ T5080] #2: ffffffff8c7917c0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x8b/0x330 [ 61.633786][ T5080] #3: ffffffff8c7917c0 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 61.643938][ T5080] #4: ffffffff8c7917c0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x5d/0x3e0 [ 61.653197][ T5080] #5: ffff88801ef9c028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 61.664024][ T5080] #6: ffffffff8c7917c0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x45/0x480 [ 61.673158][ T5080] [ 61.673158][ T5080] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 61.683567][ T5080] -> (&dev->event_lock#2){-...}-{2:2} { [ 61.689235][ T5080] IN-HARDIRQ-W at: [ 61.693299][ T5080] lock_acquire+0x1e3/0x630 [ 61.699644][ T5080] _raw_spin_lock_irqsave+0x3d/0x60 [ 61.706769][ T5080] input_event+0x70/0xa0 [ 61.712840][ T5080] psmouse_report_standard_buttons+0x30/0x80 [ 61.720652][ T5080] psmouse_process_byte+0x39e/0x8b0 [ 61.727688][ T5080] psmouse_handle_byte+0x41/0x1b0 [ 61.734559][ T5080] psmouse_interrupt+0x308/0xf00 [ 61.741358][ T5080] serio_interrupt+0x8c/0x150 [ 61.747884][ T5080] i8042_interrupt+0x27e/0x520 [ 61.754487][ T5080] __handle_irq_event_percpu+0x264/0x970 [ 61.761955][ T5080] handle_irq_event+0xab/0x1e0 [ 61.768551][ T5080] handle_edge_irq+0x263/0xd00 [ 61.775157][ T5080] __common_interrupt+0xa1/0x210 [ 61.781936][ T5080] common_interrupt+0xa8/0xd0 [ 61.788453][ T5080] asm_common_interrupt+0x26/0x40 [ 61.795309][ T5080] unwind_next_frame+0x514/0x1d00 [ 61.802166][ T5080] arch_stack_walk+0x81/0xf0 [ 61.808588][ T5080] stack_trace_save+0x90/0xc0 [ 61.815111][ T5080] kasan_save_stack+0x22/0x40 [ 61.821622][ T5080] kasan_set_track+0x25/0x30 [ 61.828041][ T5080] __kasan_kmalloc+0xa5/0xb0 [ 61.834463][ T5080] __kmalloc+0x5a/0xd0 [ 61.840368][ T5080] security_prepare_creds+0x112/0x190 [ 61.847579][ T5080] prepare_creds+0x572/0x7b0 [ 61.854011][ T5080] copy_creds+0xa7/0xd50 [ 61.860092][ T5080] copy_process+0xd60/0x7520 [ 61.866516][ T5080] kernel_clone+0xeb/0x990 [ 61.872796][ T5080] user_mode_thread+0xb1/0xf0 [ 61.879940][ T5080] call_usermodehelper_exec_work+0xd0/0x180 [ 61.887673][ T5080] process_one_work+0x9bf/0x1710 [ 61.894554][ T5080] worker_thread+0x669/0x1090 [ 61.901074][ T5080] kthread+0x2e8/0x3a0 [ 61.906968][ T5080] ret_from_fork+0x1f/0x30 [ 61.913225][ T5080] INITIAL USE at: [ 61.917204][ T5080] lock_acquire+0x1e3/0x630 [ 61.923449][ T5080] _raw_spin_lock_irqsave+0x3d/0x60 [ 61.930392][ T5080] input_inject_event+0x9f/0x330 [ 61.937072][ T5080] led_set_brightness_nosleep+0xea/0x1a0 [ 61.944448][ T5080] led_set_brightness+0x138/0x180 [ 61.951220][ T5080] led_trigger_event+0xb4/0x200 [ 61.957815][ T5080] kbd_led_trigger_activate+0xcd/0x110 [ 61.965027][ T5080] led_trigger_set+0x5db/0xaf0 [ 61.971539][ T5080] led_trigger_set_default+0x1aa/0x230 [ 61.978746][ T5080] led_classdev_register_ext+0x573/0x770 [ 61.986126][ T5080] input_leds_connect+0x4c1/0x860 [ 61.992897][ T5080] input_attach_handler+0x180/0x1f0 [ 61.999836][ T5080] input_register_device.cold+0xf0/0x2fd [ 62.007243][ T5080] atkbd_connect+0x5ca/0x9d0 [ 62.013615][ T5080] serio_driver_probe+0x76/0xa0 [ 62.020221][ T5080] really_probe+0x249/0xb90 [ 62.026471][ T5080] __driver_probe_device+0x1df/0x4d0 [ 62.033525][ T5080] driver_probe_device+0x4c/0x1a0 [ 62.040500][ T5080] __driver_attach+0x271/0x570 [ 62.047062][ T5080] bus_for_each_dev+0x14b/0x1d0 [ 62.053678][ T5080] serio_handle_event+0x2c3/0xa40 [ 62.060630][ T5080] process_one_work+0x9bf/0x1710 [ 62.067386][ T5080] worker_thread+0x669/0x1090 [ 62.073867][ T5080] kthread+0x2e8/0x3a0 [ 62.080216][ T5080] ret_from_fork+0x1f/0x30 [ 62.086393][ T5080] } [ 62.089077][ T5080] ... key at: [] __key.7+0x0/0x40 [ 62.096478][ T5080] -> (&client->buffer_lock){....}-{2:2} { [ 62.102239][ T5080] INITIAL USE at: [ 62.106151][ T5080] lock_acquire+0x1e3/0x630 [ 62.112228][ T5080] _raw_spin_lock+0x2e/0x40 [ 62.118311][ T5080] evdev_pass_values.part.0+0xf6/0x960 [ 62.125874][ T5080] evdev_events+0x35d/0x3e0 [ 62.131965][ T5080] input_to_handler+0x2a0/0x4c0 [ 62.138421][ T5080] input_pass_values.part.0+0x230/0x710 [ 62.145557][ T5080] input_event_dispose+0x5cf/0x730 [ 62.152338][ T5080] input_handle_event+0x120/0xe70 [ 62.158951][ T5080] input_inject_event+0x1c8/0x330 [ 62.165560][ T5080] evdev_write+0x434/0x760 [ 62.171571][ T5080] vfs_write+0x2db/0xdd0 [ 62.177395][ T5080] ksys_write+0x1ec/0x250 [ 62.183304][ T5080] do_syscall_64+0x39/0xb0 [ 62.189562][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.197028][ T5080] } [ 62.199526][ T5080] ... key at: [] __key.3+0x0/0x40 [ 62.206733][ T5080] ... acquired at: [ 62.210530][ T5080] _raw_spin_lock+0x2e/0x40 [ 62.215216][ T5080] evdev_pass_values.part.0+0xf6/0x960 [ 62.220868][ T5080] evdev_events+0x35d/0x3e0 [ 62.225557][ T5080] input_to_handler+0x2a0/0x4c0 [ 62.230595][ T5080] input_pass_values.part.0+0x230/0x710 [ 62.236405][ T5080] input_event_dispose+0x5cf/0x730 [ 62.241696][ T5080] input_handle_event+0x120/0xe70 [ 62.247071][ T5080] input_inject_event+0x1c8/0x330 [ 62.252292][ T5080] evdev_write+0x434/0x760 [ 62.256900][ T5080] vfs_write+0x2db/0xdd0 [ 62.261321][ T5080] ksys_write+0x1ec/0x250 [ 62.265827][ T5080] do_syscall_64+0x39/0xb0 [ 62.270427][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.276500][ T5080] [ 62.278817][ T5080] [ 62.278817][ T5080] the dependencies between the lock to be acquired [ 62.278827][ T5080] and HARDIRQ-irq-unsafe lock: [ 62.292328][ T5080] -> (tasklist_lock){.+.+}-{2:2} { [ 62.297637][ T5080] HARDIRQ-ON-R at: [ 62.301790][ T5080] lock_acquire+0x1e3/0x630 [ 62.308301][ T5080] _raw_read_lock+0x5f/0x70 [ 62.314811][ T5080] do_wait+0x2b7/0xd70 [ 62.320891][ T5080] kernel_wait+0xa0/0x150 [ 62.327231][ T5080] call_usermodehelper_exec_work+0xf9/0x180 [ 62.335128][ T5080] process_one_work+0x9bf/0x1710 [ 62.342080][ T5080] worker_thread+0x669/0x1090 [ 62.348760][ T5080] kthread+0x2e8/0x3a0 [ 62.354982][ T5080] ret_from_fork+0x1f/0x30 [ 62.361727][ T5080] SOFTIRQ-ON-R at: [ 62.366085][ T5080] lock_acquire+0x1e3/0x630 [ 62.372612][ T5080] _raw_read_lock+0x5f/0x70 [ 62.379143][ T5080] do_wait+0x2b7/0xd70 [ 62.385234][ T5080] kernel_wait+0xa0/0x150 [ 62.391585][ T5080] call_usermodehelper_exec_work+0xf9/0x180 [ 62.399478][ T5080] process_one_work+0x9bf/0x1710 [ 62.406428][ T5080] worker_thread+0x669/0x1090 [ 62.413107][ T5080] kthread+0x2e8/0x3a0 [ 62.419179][ T5080] ret_from_fork+0x1f/0x30 [ 62.425605][ T5080] INITIAL USE at: [ 62.429673][ T5080] lock_acquire+0x1e3/0x630 [ 62.436088][ T5080] _raw_write_lock_irq+0x36/0x50 [ 62.442948][ T5080] copy_process+0x4efb/0x7520 [ 62.449543][ T5080] kernel_clone+0xeb/0x990 [ 62.455891][ T5080] user_mode_thread+0xb1/0xf0 [ 62.462492][ T5080] rest_init+0x27/0x270 [ 62.468563][ T5080] arch_call_rest_init+0x13/0x1c [ 62.475427][ T5080] start_kernel+0x44f/0x470 [ 62.481870][ T5080] secondary_startup_64_no_verify+0xce/0xdb [ 62.489684][ T5080] INITIAL READ USE at: [ 62.494189][ T5080] lock_acquire+0x1e3/0x630 [ 62.501040][ T5080] _raw_read_lock+0x5f/0x70 [ 62.507893][ T5080] do_wait+0x2b7/0xd70 [ 62.514319][ T5080] kernel_wait+0xa0/0x150 [ 62.521007][ T5080] call_usermodehelper_exec_work+0xf9/0x180 [ 62.529250][ T5080] process_one_work+0x9bf/0x1710 [ 62.536538][ T5080] worker_thread+0x669/0x1090 [ 62.543566][ T5080] kthread+0x2e8/0x3a0 [ 62.549981][ T5080] ret_from_fork+0x1f/0x30 [ 62.556752][ T5080] } [ 62.559421][ T5080] ... key at: [] tasklist_lock+0x18/0x40 [ 62.567334][ T5080] ... acquired at: [ 62.571312][ T5080] _raw_read_lock+0x5f/0x70 [ 62.575999][ T5080] send_sigio+0xaf/0x370 [ 62.580448][ T5080] kill_fasync+0x1fc/0x480 [ 62.585066][ T5080] fsnotify_insert_event+0x3b9/0x500 [ 62.590540][ T5080] inotify_handle_inode_event+0x31a/0x5d0 [ 62.596474][ T5080] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 62.603070][ T5080] fsnotify+0x1178/0x16a0 [ 62.607579][ T5080] path_openat+0x1200/0x2a50 [ 62.612351][ T5080] do_filp_open+0x1ba/0x410 [ 62.617039][ T5080] do_sys_openat2+0x16d/0x4c0 [ 62.621890][ T5080] __x64_sys_openat+0x143/0x1f0 [ 62.626918][ T5080] do_syscall_64+0x39/0xb0 [ 62.631519][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.637594][ T5080] [ 62.639916][ T5080] -> (&f->f_owner.lock){....}-{2:2} { [ 62.645400][ T5080] INITIAL USE at: [ 62.649468][ T5080] lock_acquire+0x1e3/0x630 [ 62.655709][ T5080] _raw_write_lock_irq+0x36/0x50 [ 62.662825][ T5080] f_modown+0x2a/0x390 [ 62.668648][ T5080] f_setown+0xdb/0x230 [ 62.674474][ T5080] do_fcntl+0x34e/0x11a0 [ 62.680470][ T5080] __x64_sys_fcntl+0x163/0x1d0 [ 62.686984][ T5080] do_syscall_64+0x39/0xb0 [ 62.693145][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.700811][ T5080] INITIAL READ USE at: [ 62.705226][ T5080] lock_acquire+0x1e3/0x630 [ 62.711906][ T5080] _raw_read_lock_irqsave+0x74/0x90 [ 62.719373][ T5080] send_sigio+0x28/0x370 [ 62.725799][ T5080] kill_fasync+0x1fc/0x480 [ 62.732399][ T5080] fsnotify_insert_event+0x3b9/0x500 [ 62.739863][ T5080] inotify_handle_inode_event+0x31a/0x5d0 [ 62.747797][ T5080] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 62.756393][ T5080] fsnotify+0x1178/0x16a0 [ 62.762899][ T5080] path_openat+0x1200/0x2a50 [ 62.769670][ T5080] do_filp_open+0x1ba/0x410 [ 62.776362][ T5080] do_sys_openat2+0x16d/0x4c0 [ 62.783210][ T5080] __x64_sys_openat+0x143/0x1f0 [ 62.790239][ T5080] do_syscall_64+0x39/0xb0 [ 62.796861][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.804928][ T5080] } [ 62.807512][ T5080] ... key at: [] __key.5+0x0/0x40 [ 62.814721][ T5080] ... acquired at: [ 62.818604][ T5080] _raw_read_lock_irqsave+0x74/0x90 [ 62.823996][ T5080] send_sigio+0x28/0x370 [ 62.828427][ T5080] kill_fasync+0x1fc/0x480 [ 62.833036][ T5080] fsnotify_insert_event+0x3b9/0x500 [ 62.838525][ T5080] inotify_handle_inode_event+0x31a/0x5d0 [ 62.844442][ T5080] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 62.851054][ T5080] fsnotify+0x1178/0x16a0 [ 62.855564][ T5080] path_openat+0x1200/0x2a50 [ 62.860339][ T5080] do_filp_open+0x1ba/0x410 [ 62.865036][ T5080] do_sys_openat2+0x16d/0x4c0 [ 62.869890][ T5080] __x64_sys_openat+0x143/0x1f0 [ 62.874919][ T5080] do_syscall_64+0x39/0xb0 [ 62.879717][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.885832][ T5080] [ 62.888333][ T5080] -> (&new->fa_lock){....}-{2:2} { [ 62.893490][ T5080] INITIAL READ USE at: [ 62.897911][ T5080] lock_acquire+0x1e3/0x630 [ 62.904530][ T5080] _raw_read_lock_irqsave+0x74/0x90 [ 62.911745][ T5080] kill_fasync+0x13a/0x480 [ 62.918177][ T5080] fsnotify_insert_event+0x3b9/0x500 [ 62.925477][ T5080] inotify_handle_inode_event+0x31a/0x5d0 [ 62.933212][ T5080] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 62.941651][ T5080] fsnotify+0x1178/0x16a0 [ 62.947985][ T5080] path_openat+0x1200/0x2a50 [ 62.954684][ T5080] do_filp_open+0x1ba/0x410 [ 62.961199][ T5080] do_sys_openat2+0x16d/0x4c0 [ 62.967878][ T5080] __x64_sys_openat+0x143/0x1f0 [ 62.974764][ T5080] do_syscall_64+0x39/0xb0 [ 62.981210][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.989143][ T5080] } [ 62.991662][ T5080] ... key at: [] __key.0+0x0/0x40 [ 62.998811][ T5080] ... acquired at: [ 63.002623][ T5080] lock_acquire+0x1e3/0x630 [ 63.007309][ T5080] _raw_read_lock_irqsave+0x74/0x90 [ 63.012714][ T5080] kill_fasync+0x13a/0x480 [ 63.017324][ T5080] evdev_pass_values.part.0+0x667/0x960 [ 63.023058][ T5080] evdev_events+0x35d/0x3e0 [ 63.027770][ T5080] input_to_handler+0x2a0/0x4c0 [ 63.032836][ T5080] input_pass_values.part.0+0x230/0x710 [ 63.038571][ T5080] input_event_dispose+0x5cf/0x730 [ 63.043907][ T5080] input_handle_event+0x120/0xe70 [ 63.049113][ T5080] input_inject_event+0x1c8/0x330 [ 63.054319][ T5080] evdev_write+0x434/0x760 [ 63.058929][ T5080] vfs_write+0x2db/0xdd0 [ 63.063349][ T5080] ksys_write+0x1ec/0x250 [ 63.067858][ T5080] do_syscall_64+0x39/0xb0 [ 63.072462][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.078533][ T5080] [ 63.080866][ T5080] [ 63.080866][ T5080] stack backtrace: [ 63.086747][ T5080] CPU: 0 PID: 5080 Comm: syz-executor306 Not tainted 6.1.0-syzkaller-14446-g8395ae05cb5a #0 [ 63.096818][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 63.106871][ T5080] Call Trace: [ 63.110151][ T5080] [ 63.113080][ T5080] dump_stack_lvl+0xd1/0x138 [ 63.117684][ T5080] check_irq_usage.cold+0x4e4/0x761 [ 63.122899][ T5080] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 63.130020][ T5080] ? mark_lock.part.0+0xee/0x1910 [ 63.135051][ T5080] ? check_path.constprop.0+0x24/0x50 [ 63.140444][ T5080] ? register_lock_class+0xbe/0x1120 [ 63.145734][ T5080] ? lock_chain_count+0x20/0x20 [ 63.150596][ T5080] ? is_dynamic_key.part.0+0x130/0x130 [ 63.156064][ T5080] __lock_acquire+0x2a5b/0x56d0 [ 63.160928][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 63.166917][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 63.172906][ T5080] lock_acquire+0x1e3/0x630 [ 63.177413][ T5080] ? kill_fasync+0x13a/0x480 [ 63.182023][ T5080] ? lock_release+0x810/0x810 [ 63.186708][ T5080] ? lock_release+0x810/0x810 [ 63.191389][ T5080] ? lock_release+0x810/0x810 [ 63.196070][ T5080] ? __wake_up_common+0x650/0x650 [ 63.201103][ T5080] _raw_read_lock_irqsave+0x74/0x90 [ 63.206312][ T5080] ? kill_fasync+0x13a/0x480 [ 63.210919][ T5080] kill_fasync+0x13a/0x480 [ 63.215357][ T5080] evdev_pass_values.part.0+0x667/0x960 [ 63.220935][ T5080] ? evdev_free+0x70/0x70 [ 63.225277][ T5080] ? ktime_mono_to_any+0xb9/0x1e0 [ 63.230325][ T5080] evdev_events+0x35d/0x3e0 [ 63.234842][ T5080] ? evdev_connect+0x4b0/0x4b0 [ 63.239622][ T5080] input_to_handler+0x2a0/0x4c0 [ 63.244494][ T5080] input_pass_values.part.0+0x230/0x710 [ 63.250056][ T5080] input_event_dispose+0x5cf/0x730 [ 63.255179][ T5080] input_handle_event+0x120/0xe70 [ 63.260218][ T5080] input_inject_event+0x1c8/0x330 [ 63.265252][ T5080] evdev_write+0x434/0x760 [ 63.269688][ T5080] ? evdev_read+0xe40/0xe40 [ 63.274226][ T5080] ? apparmor_file_permission+0x268/0x4e0 [ 63.279986][ T5080] ? bpf_lsm_file_permission+0x9/0x10 [ 63.285379][ T5080] ? security_file_permission+0xaf/0xd0 [ 63.290945][ T5080] vfs_write+0x2db/0xdd0 [ 63.295199][ T5080] ? evdev_read+0xe40/0xe40 [ 63.299717][ T5080] ? kernel_write+0x630/0x630 [ 63.304406][ T5080] ? find_held_lock+0x2d/0x110 [ 63.309189][ T5080] ? ptrace_notify+0xfe/0x140 [ 63.313876][ T5080] ? lock_downgrade+0x6e0/0x6e0 [ 63.318731][ T5080] ? __fget_light+0x20a/0x270 [ 63.323416][ T5080] ksys_write+0x1ec/0x250 [ 63.327757][ T5080] ? __ia32_sys_read+0xb0/0xb0 [ 63.332529][ T5080] ? lockdep_hardirqs_on+0x7d/0x100 [ 63.337734][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50 [ 63.342943][ T5080] ? ptrace_notify+0xfe/0x140 [ 63.347627][ T5080] do_syscall_64+0x39/0xb0 [ 63.352059][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.357961][ T5080] RIP: 0033:0x7f4c0450a679 [ 63.362384][ T5080] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 63.381994][ T5080] RSP: 002b:00007fff82304c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 write(5, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 10968) = 10968 exit_group(0) = ? +++ exited with 0 +++ [ 63.390419][ T5080] RAX: ffffffffffffffda RBX: 0000