./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor281309856 <...> Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. execve("./syz-executor281309856", ["./syz-executor281309856"], 0x7ffc52c7a1c0 /* 10 vars */) = 0 brk(NULL) = 0x555555ef1000 brk(0x555555ef1c40) = 0x555555ef1c40 arch_prctl(ARCH_SET_FS, 0x555555ef1300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor281309856", 4096) = 27 brk(0x555555f12c40) = 0x555555f12c40 brk(0x555555f13000) = 0x555555f13000 mprotect(0x7f1c30412000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 open(".", O_RDONLY) = 3 open(".", O_RDONLY) = 4 fcntl(4, F_NOTIFY, DN_ACCESS|DN_CREATE) = 0 fcntl(4, F_SETOWN, -1) = 0 symlinkat("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 3, "./file0") = 0 openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_CREAT|O_SYNC|O_NOFOLLOW, 000) = 5 ioctl(-1, EVIOCSFF, {type=0 /* FF_??? */, id=0, direction=0, ...}) = -1 EBADF (Bad file descriptor) ioctl(5, FIOASYNC, [4]) = 0 [ 56.826047][ T26] audit: type=1400 audit(1668613593.084:75): avc: denied { execmem } for pid=3633 comm="syz-executor281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 56.843226][ T3633] [ 56.846067][ T26] audit: type=1400 audit(1668613593.104:76): avc: denied { write } for pid=3633 comm="syz-executor281" name="event0" dev="devtmpfs" ino=834 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 56.848142][ T3633] ===================================================== [ 56.848149][ T3633] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 56.848161][ T3633] 6.1.0-rc5-syzkaller-00015-g81e7cfa3a9eb #0 Not tainted [ 56.848173][ T3633] ----------------------------------------------------- [ 56.848180][ T3633] syz-executor281/3633 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 56.848206][ T3633] ffff888023bf5670 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x28/0x390 [ 56.872215][ T26] audit: type=1400 audit(1668613593.104:77): avc: denied { open } for pid=3633 comm="syz-executor281" path="/dev/input/event0" dev="devtmpfs" ino=834 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 56.878564][ T3633] [ 56.878564][ T3633] and this task is already holding: [ 56.878571][ T3633] ffff888022b3f9f0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13a/0x480 [ 56.957061][ T3633] which would create a new lock dependency: [ 56.963113][ T3633] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){....}-{2:2} [ 56.970848][ T3633] [ 56.970848][ T3633] but this new dependency connects a HARDIRQ-irq-safe lock: [ 56.980628][ T3633] (&dev->event_lock#2){-...}-{2:2} [ 56.980651][ T3633] [ 56.980651][ T3633] ... which became HARDIRQ-irq-safe at: [ 56.993599][ T3633] lock_acquire+0x1e3/0x630 [ 56.998190][ T3633] _raw_spin_lock_irqsave+0x3d/0x60 [ 57.003473][ T3633] input_event+0x70/0xa0 [ 57.007787][ T3633] psmouse_report_standard_buttons+0x30/0x80 [ 57.013847][ T3633] psmouse_process_byte+0x39e/0x8b0 [ 57.019121][ T3633] psmouse_handle_byte+0x41/0x1b0 [ 57.024310][ T3633] psmouse_interrupt+0x308/0xf00 [ 57.029324][ T3633] serio_interrupt+0x8c/0x150 [ 57.034085][ T3633] i8042_interrupt+0x27e/0x520 [ 57.038923][ T3633] __handle_irq_event_percpu+0x264/0x970 [ 57.044648][ T3633] handle_irq_event+0xab/0x1e0 [ 57.049482][ T3633] handle_edge_irq+0x263/0xd00 [ 57.054325][ T3633] __common_interrupt+0xa1/0x210 [ 57.059337][ T3633] common_interrupt+0xa8/0xd0 [ 57.064105][ T3633] asm_common_interrupt+0x26/0x40 [ 57.069196][ T3633] acpi_idle_do_entry+0x1fd/0x2a0 [ 57.074299][ T3633] acpi_idle_enter+0x368/0x510 [ 57.079138][ T3633] cpuidle_enter_state+0x1af/0xd40 [ 57.084331][ T3633] cpuidle_enter+0x4e/0xa0 [ 57.088838][ T3633] do_idle+0x3f7/0x590 [ 57.092977][ T3633] cpu_startup_entry+0x18/0x20 [ 57.097987][ T3633] start_secondary+0x256/0x300 [ 57.102824][ T3633] secondary_startup_64_no_verify+0xce/0xdb [ 57.108795][ T3633] [ 57.108795][ T3633] to a HARDIRQ-irq-unsafe lock: [ 57.115801][ T3633] (tasklist_lock){.+.+}-{2:2} [ 57.115820][ T3633] [ 57.115820][ T3633] ... which became HARDIRQ-irq-unsafe at: [ 57.128434][ T3633] ... [ 57.128438][ T3633] lock_acquire+0x1e3/0x630 [ 57.135574][ T3633] _raw_read_lock+0x5f/0x70 [ 57.140155][ T3633] do_wait+0x2b7/0xd70 [ 57.144301][ T3633] kernel_wait+0xa0/0x150 [ 57.148711][ T3633] call_usermodehelper_exec_work+0xf9/0x180 [ 57.154701][ T3633] process_one_work+0x9bf/0x1710 [ 57.159718][ T3633] worker_thread+0x669/0x1090 [ 57.164465][ T3633] kthread+0x2e8/0x3a0 [ 57.168612][ T3633] ret_from_fork+0x1f/0x30 [ 57.173102][ T3633] [ 57.173102][ T3633] other info that might help us debug this: [ 57.173102][ T3633] [ 57.183310][ T3633] Chain exists of: [ 57.183310][ T3633] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 57.183310][ T3633] [ 57.196498][ T3633] Possible interrupt unsafe locking scenario: [ 57.196498][ T3633] [ 57.204805][ T3633] CPU0 CPU1 [ 57.210265][ T3633] ---- ---- [ 57.215613][ T3633] lock(tasklist_lock); [ 57.219838][ T3633] local_irq_disable(); [ 57.226570][ T3633] lock(&dev->event_lock#2); [ 57.233753][ T3633] lock(&new->fa_lock); [ 57.240494][ T3633] [ 57.243928][ T3633] lock(&dev->event_lock#2); [ 57.248771][ T3633] [ 57.248771][ T3633] *** DEADLOCK *** [ 57.248771][ T3633] [ 57.256894][ T3633] 8 locks held by syz-executor281/3633: [ 57.262428][ T3633] #0: ffff88802352f110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d7/0x760 [ 57.271551][ T3633] #1: ffff888146948230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0x9f/0x330 [ 57.281637][ T3633] #2: ffffffff8c58ce40 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x8b/0x330 [ 57.291274][ T3633] #3: ffffffff8c58ce40 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 57.301442][ T3633] #4: ffffffff8c58ce40 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x5d/0x3e0 [ 57.310584][ T3633] #5: ffff888073c69028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 57.321371][ T3633] #6: ffffffff8c58ce40 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x45/0x480 [ 57.330419][ T3633] #7: ffff888022b3f9f0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13a/0x480 [ 57.339554][ T3633] [ 57.339554][ T3633] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 57.349962][ T3633] -> (&dev->event_lock#2){-...}-{2:2} { [ 57.355700][ T3633] IN-HARDIRQ-W at: [ 57.359850][ T3633] lock_acquire+0x1e3/0x630 [ 57.366957][ T3633] _raw_spin_lock_irqsave+0x3d/0x60 [ 57.374254][ T3633] input_event+0x70/0xa0 [ 57.380482][ T3633] psmouse_report_standard_buttons+0x30/0x80 [ 57.388453][ T3633] psmouse_process_byte+0x39e/0x8b0 [ 57.395642][ T3633] psmouse_handle_byte+0x41/0x1b0 [ 57.402659][ T3633] psmouse_interrupt+0x308/0xf00 [ 57.409673][ T3633] serio_interrupt+0x8c/0x150 [ 57.416512][ T3633] i8042_interrupt+0x27e/0x520 [ 57.423272][ T3633] __handle_irq_event_percpu+0x264/0x970 [ 57.430900][ T3633] handle_irq_event+0xab/0x1e0 [ 57.437752][ T3633] handle_edge_irq+0x263/0xd00 [ 57.444514][ T3633] __common_interrupt+0xa1/0x210 [ 57.451444][ T3633] common_interrupt+0xa8/0xd0 [ 57.458110][ T3633] asm_common_interrupt+0x26/0x40 [ 57.465124][ T3633] acpi_idle_do_entry+0x1fd/0x2a0 [ 57.472137][ T3633] acpi_idle_enter+0x368/0x510 [ 57.478900][ T3633] cpuidle_enter_state+0x1af/0xd40 [ 57.486020][ T3633] cpuidle_enter+0x4e/0xa0 [ 57.492422][ T3633] do_idle+0x3f7/0x590 [ 57.498491][ T3633] cpu_startup_entry+0x18/0x20 [ 57.505332][ T3633] start_secondary+0x256/0x300 [ 57.512083][ T3633] secondary_startup_64_no_verify+0xce/0xdb [ 57.519964][ T3633] INITIAL USE at: [ 57.524070][ T3633] lock_acquire+0x1e3/0x630 [ 57.530498][ T3633] _raw_spin_lock_irqsave+0x3d/0x60 [ 57.537613][ T3633] input_inject_event+0x9f/0x330 [ 57.544541][ T3633] led_set_brightness_nosleep+0xea/0x1a0 [ 57.552075][ T3633] led_set_brightness+0x138/0x180 [ 57.559007][ T3633] led_trigger_event+0xb4/0x200 [ 57.565759][ T3633] kbd_led_trigger_activate+0xcd/0x110 [ 57.573113][ T3633] led_trigger_set+0x5db/0xaf0 [ 57.579773][ T3633] led_trigger_set_default+0x1aa/0x230 [ 57.587127][ T3633] led_classdev_register_ext+0x573/0x770 [ 57.594653][ T3633] input_leds_connect+0x4c1/0x860 [ 57.602008][ T3633] input_attach_handler+0x180/0x1f0 [ 57.609108][ T3633] input_register_device.cold+0xf0/0x2fd [ 57.616634][ T3633] atkbd_connect+0x5ca/0x9d0 [ 57.623219][ T3633] serio_driver_probe+0x76/0xa0 [ 57.629964][ T3633] really_probe+0x249/0xb90 [ 57.636454][ T3633] __driver_probe_device+0x1df/0x4d0 [ 57.643733][ T3633] driver_probe_device+0x4c/0x1a0 [ 57.650665][ T3633] __driver_attach+0x1d4/0x550 [ 57.657329][ T3633] bus_for_each_dev+0x14b/0x1d0 [ 57.664084][ T3633] serio_handle_event+0x2c3/0xa40 [ 57.671098][ T3633] process_one_work+0x9bf/0x1710 [ 57.677930][ T3633] worker_thread+0x669/0x1090 [ 57.684506][ T3633] kthread+0x2e8/0x3a0 [ 57.690649][ T3633] ret_from_fork+0x1f/0x30 [ 57.697056][ T3633] } [ 57.699714][ T3633] ... key at: [] __key.7+0x0/0x40 [ 57.707000][ T3633] -> (&client->buffer_lock){....}-{2:2} { [ 57.712890][ T3633] INITIAL USE at: [ 57.716851][ T3633] lock_acquire+0x1e3/0x630 [ 57.723086][ T3633] _raw_spin_lock+0x2e/0x40 [ 57.729318][ T3633] evdev_pass_values.part.0+0xf6/0x960 [ 57.736506][ T3633] evdev_events+0x35d/0x3e0 [ 57.742732][ T3633] input_to_handler+0x2a0/0x4c0 [ 57.749317][ T3633] input_pass_values.part.0+0x230/0x710 [ 57.756581][ T3633] input_event_dispose+0x5cf/0x730 [ 57.763411][ T3633] input_handle_event+0x120/0xe70 [ 57.770154][ T3633] input_inject_event+0x1c8/0x330 [ 57.776896][ T3633] evdev_write+0x434/0x760 [ 57.783054][ T3633] vfs_write+0x2db/0xdd0 [ 57.789297][ T3633] ksys_write+0x1ec/0x250 [ 57.795452][ T3633] do_syscall_64+0x39/0xb0 [ 57.801601][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.809399][ T3633] } [ 57.811966][ T3633] ... key at: [] __key.3+0x0/0x40 [ 57.819154][ T3633] ... acquired at: [ 57.823030][ T3633] _raw_spin_lock+0x2e/0x40 [ 57.827709][ T3633] evdev_pass_values.part.0+0xf6/0x960 [ 57.833342][ T3633] evdev_events+0x35d/0x3e0 [ 57.838031][ T3633] input_to_handler+0x2a0/0x4c0 [ 57.843062][ T3633] input_pass_values.part.0+0x230/0x710 [ 57.848768][ T3633] input_event_dispose+0x5cf/0x730 [ 57.854039][ T3633] input_handle_event+0x120/0xe70 [ 57.859220][ T3633] input_inject_event+0x1c8/0x330 [ 57.864400][ T3633] evdev_write+0x434/0x760 [ 57.868979][ T3633] vfs_write+0x2db/0xdd0 [ 57.873402][ T3633] ksys_write+0x1ec/0x250 [ 57.877908][ T3633] do_syscall_64+0x39/0xb0 [ 57.882493][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.888561][ T3633] [ 57.890867][ T3633] -> (&new->fa_lock){....}-{2:2} { [ 57.895983][ T3633] INITIAL READ USE at: [ 57.900301][ T3633] lock_acquire+0x1e3/0x630 [ 57.906797][ T3633] _raw_read_lock_irqsave+0x74/0x90 [ 57.913998][ T3633] kill_fasync+0x13a/0x480 [ 57.920413][ T3633] evdev_pass_values.part.0+0x667/0x960 [ 57.927945][ T3633] evdev_events+0x35d/0x3e0 [ 57.934520][ T3633] input_to_handler+0x2a0/0x4c0 [ 57.941530][ T3633] input_pass_values.part.0+0x230/0x710 [ 57.949060][ T3633] input_event_dispose+0x5cf/0x730 [ 57.956173][ T3633] input_handle_event+0x120/0xe70 [ 57.963183][ T3633] input_inject_event+0x1c8/0x330 [ 57.970193][ T3633] evdev_write+0x434/0x760 [ 57.976593][ T3633] vfs_write+0x2db/0xdd0 [ 57.982825][ T3633] ksys_write+0x1ec/0x250 [ 57.989148][ T3633] do_syscall_64+0x39/0xb0 [ 57.995544][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.003426][ T3633] } [ 58.005905][ T3633] ... key at: [] __key.0+0x0/0x40 [ 58.013006][ T3633] ... acquired at: [ 58.016788][ T3633] _raw_read_lock_irqsave+0x74/0x90 [ 58.022161][ T3633] kill_fasync+0x13a/0x480 [ 58.026754][ T3633] evdev_pass_values.part.0+0x667/0x960 [ 58.032556][ T3633] evdev_events+0x35d/0x3e0 [ 58.037225][ T3633] input_to_handler+0x2a0/0x4c0 [ 58.042249][ T3633] input_pass_values.part.0+0x230/0x710 [ 58.047951][ T3633] input_event_dispose+0x5cf/0x730 [ 58.053312][ T3633] input_handle_event+0x120/0xe70 [ 58.058492][ T3633] input_inject_event+0x1c8/0x330 [ 58.063673][ T3633] evdev_write+0x434/0x760 [ 58.068252][ T3633] vfs_write+0x2db/0xdd0 [ 58.072657][ T3633] ksys_write+0x1ec/0x250 [ 58.077153][ T3633] do_syscall_64+0x39/0xb0 [ 58.081732][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.087788][ T3633] [ 58.090105][ T3633] [ 58.090105][ T3633] the dependencies between the lock to be acquired [ 58.090112][ T3633] and HARDIRQ-irq-unsafe lock: [ 58.103593][ T3633] -> (tasklist_lock){.+.+}-{2:2} { [ 58.108787][ T3633] HARDIRQ-ON-R at: [ 58.112834][ T3633] lock_acquire+0x1e3/0x630 [ 58.119178][ T3633] _raw_read_lock+0x5f/0x70 [ 58.125494][ T3633] do_wait+0x2b7/0xd70 [ 58.131380][ T3633] kernel_wait+0xa0/0x150 [ 58.137521][ T3633] call_usermodehelper_exec_work+0xf9/0x180 [ 58.145228][ T3633] process_one_work+0x9bf/0x1710 [ 58.151993][ T3633] worker_thread+0x669/0x1090 [ 58.158504][ T3633] kthread+0x2e8/0x3a0 [ 58.164396][ T3633] ret_from_fork+0x1f/0x30 [ 58.171481][ T3633] SOFTIRQ-ON-R at: [ 58.176572][ T3633] lock_acquire+0x1e3/0x630 [ 58.182895][ T3633] _raw_read_lock+0x5f/0x70 [ 58.189306][ T3633] do_wait+0x2b7/0xd70 [ 58.195194][ T3633] kernel_wait+0xa0/0x150 [ 58.201337][ T3633] call_usermodehelper_exec_work+0xf9/0x180 [ 58.209089][ T3633] process_one_work+0x9bf/0x1710 [ 58.215849][ T3633] worker_thread+0x669/0x1090 [ 58.222331][ T3633] kthread+0x2e8/0x3a0 [ 58.228221][ T3633] ret_from_fork+0x1f/0x30 [ 58.234455][ T3633] INITIAL USE at: [ 58.238433][ T3633] lock_acquire+0x1e3/0x630 [ 58.244671][ T3633] _raw_write_lock_irq+0x36/0x50 [ 58.251340][ T3633] copy_process+0x43c5/0x7190 [ 58.257739][ T3633] kernel_clone+0xeb/0x980 [ 58.263881][ T3633] user_mode_thread+0xb1/0xf0 [ 58.270285][ T3633] rest_init+0x27/0x270 [ 58.276173][ T3633] arch_call_rest_init+0x13/0x1c [ 58.282836][ T3633] start_kernel+0x477/0x498 [ 58.289060][ T3633] secondary_startup_64_no_verify+0xce/0xdb [ 58.296775][ T3633] INITIAL READ USE at: [ 58.301173][ T3633] lock_acquire+0x1e3/0x630 [ 58.307837][ T3633] _raw_read_lock+0x5f/0x70 [ 58.314501][ T3633] do_wait+0x2b7/0xd70 [ 58.320728][ T3633] kernel_wait+0xa0/0x150 [ 58.327228][ T3633] call_usermodehelper_exec_work+0xf9/0x180 [ 58.335396][ T3633] process_one_work+0x9bf/0x1710 [ 58.342498][ T3633] worker_thread+0x669/0x1090 [ 58.349335][ T3633] kthread+0x2e8/0x3a0 [ 58.356525][ T3633] ret_from_fork+0x1f/0x30 [ 58.363105][ T3633] } [ 58.365676][ T3633] ... key at: [] tasklist_lock+0x18/0x40 [ 58.373574][ T3633] ... acquired at: [ 58.377448][ T3633] _raw_read_lock+0x5f/0x70 [ 58.382119][ T3633] send_sigio+0xaf/0x390 [ 58.386528][ T3633] dnotify_handle_event+0x14c/0x280 [ 58.391885][ T3633] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 58.398456][ T3633] fsnotify+0x115b/0x1690 [ 58.403059][ T3633] vfs_symlink+0x494/0x5c0 [ 58.407647][ T3633] do_symlinkat+0x265/0x2e0 [ 58.412311][ T3633] __x64_sys_symlinkat+0x97/0xc0 [ 58.417410][ T3633] do_syscall_64+0x39/0xb0 [ 58.422764][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.428825][ T3633] [ 58.431134][ T3633] -> (&f->f_owner.lock){....}-{2:2} { [ 58.436503][ T3633] INITIAL USE at: [ 58.440387][ T3633] lock_acquire+0x1e3/0x630 [ 58.446531][ T3633] _raw_write_lock_irq+0x36/0x50 [ 58.453024][ T3633] f_modown+0x2a/0x390 [ 58.458650][ T3633] fcntl_dirnotify+0x9f7/0xf30 [ 58.464971][ T3633] do_fcntl+0xd76/0x11c0 [ 58.470769][ T3633] __x64_sys_fcntl+0x163/0x1d0 [ 58.477083][ T3633] do_syscall_64+0x39/0xb0 [ 58.483046][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.490499][ T3633] INITIAL READ USE at: [ 58.494813][ T3633] lock_acquire+0x1e3/0x630 [ 58.501481][ T3633] _raw_read_lock_irqsave+0x74/0x90 [ 58.508672][ T3633] send_sigio+0x28/0x390 [ 58.514902][ T3633] dnotify_handle_event+0x14c/0x280 [ 58.522088][ T3633] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 58.530482][ T3633] fsnotify+0x115b/0x1690 [ 58.536799][ T3633] vfs_symlink+0x494/0x5c0 [ 58.543201][ T3633] do_symlinkat+0x265/0x2e0 [ 58.549691][ T3633] __x64_sys_symlinkat+0x97/0xc0 [ 58.556713][ T3633] do_syscall_64+0x39/0xb0 [ 58.563197][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.571079][ T3633] } [ 58.573558][ T3633] ... key at: [] __key.5+0x0/0x40 [ 58.580652][ T3633] ... acquired at: [ 58.584435][ T3633] lock_acquire+0x1e3/0x630 [ 58.589104][ T3633] _raw_read_lock_irqsave+0x74/0x90 [ 58.594467][ T3633] send_sigio+0x28/0x390 [ 58.598884][ T3633] kill_fasync+0x1fc/0x480 [ 58.603646][ T3633] evdev_pass_values.part.0+0x667/0x960 [ 58.609442][ T3633] evdev_events+0x35d/0x3e0 [ 58.614109][ T3633] input_to_handler+0x2a0/0x4c0 [ 58.619395][ T3633] input_pass_values.part.0+0x230/0x710 [ 58.625128][ T3633] input_event_dispose+0x5cf/0x730 [ 58.630405][ T3633] input_handle_event+0x120/0xe70 [ 58.635600][ T3633] input_inject_event+0x1c8/0x330 [ 58.640960][ T3633] evdev_write+0x434/0x760 [ 58.645544][ T3633] vfs_write+0x2db/0xdd0 [ 58.649959][ T3633] ksys_write+0x1ec/0x250 [ 58.654544][ T3633] do_syscall_64+0x39/0xb0 [ 58.659128][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.665188][ T3633] [ 58.667493][ T3633] [ 58.667493][ T3633] stack backtrace: [ 58.673368][ T3633] CPU: 0 PID: 3633 Comm: syz-executor281 Not tainted 6.1.0-rc5-syzkaller-00015-g81e7cfa3a9eb #0 [ 58.683770][ T3633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 58.693813][ T3633] Call Trace: [ 58.697091][ T3633] [ 58.700010][ T3633] dump_stack_lvl+0xd1/0x138 [ 58.704597][ T3633] check_irq_usage.cold+0x4e4/0x761 [ 58.709791][ T3633] ? __module_text_address+0xcb/0x1a0 [ 58.715159][ T3633] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 58.722267][ T3633] ? unwind_get_return_address+0x55/0xa0 [ 58.727888][ T3633] ? write_profile+0x410/0x410 [ 58.732645][ T3633] ? check_path.constprop.0+0x24/0x50 [ 58.738007][ T3633] ? register_lock_class+0xbe/0x1120 [ 58.743284][ T3633] ? filter_irq_stacks+0x90/0x90 [ 58.748216][ T3633] __lock_acquire+0x2a5b/0x56d0 [ 58.753233][ T3633] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 58.759205][ T3633] lock_acquire+0x1e3/0x630 [ 58.763698][ T3633] ? send_sigio+0x28/0x390 [ 58.768104][ T3633] ? lock_release+0x810/0x810 [ 58.772781][ T3633] ? lock_release+0x810/0x810 [ 58.777459][ T3633] ? lock_release+0x810/0x810 [ 58.782129][ T3633] _raw_read_lock_irqsave+0x74/0x90 [ 58.787317][ T3633] ? send_sigio+0x28/0x390 [ 58.791761][ T3633] send_sigio+0x28/0x390 [ 58.796026][ T3633] kill_fasync+0x1fc/0x480 [ 58.800450][ T3633] evdev_pass_values.part.0+0x667/0x960 [ 58.806089][ T3633] ? evdev_free+0x70/0x70 [ 58.810410][ T3633] ? ktime_mono_to_any+0xb9/0x1e0 [ 58.815471][ T3633] evdev_events+0x35d/0x3e0 [ 58.819974][ T3633] ? evdev_connect+0x4b0/0x4b0 [ 58.824823][ T3633] input_to_handler+0x2a0/0x4c0 [ 58.829669][ T3633] input_pass_values.part.0+0x230/0x710 [ 58.835203][ T3633] input_event_dispose+0x5cf/0x730 [ 58.840310][ T3633] input_handle_event+0x120/0xe70 [ 58.845341][ T3633] input_inject_event+0x1c8/0x330 [ 58.850352][ T3633] evdev_write+0x434/0x760 [ 58.854850][ T3633] ? evdev_read+0xe40/0xe40 [ 58.859346][ T3633] ? security_file_permission+0xaf/0xd0 [ 58.864882][ T3633] vfs_write+0x2db/0xdd0 [ 58.869212][ T3633] ? evdev_read+0xe40/0xe40 [ 58.873798][ T3633] ? kernel_write+0x630/0x630 [ 58.878470][ T3633] ? find_held_lock+0x2d/0x110 [ 58.883226][ T3633] ? ptrace_notify+0xfe/0x140 [ 58.887898][ T3633] ? lock_downgrade+0x6e0/0x6e0 [ 58.892744][ T3633] ? __fget_light+0x20a/0x270 [ 58.897416][ T3633] ksys_write+0x1ec/0x250 [ 58.901737][ T3633] ? __ia32_sys_read+0xb0/0xb0 [ 58.906492][ T3633] ? lockdep_hardirqs_on+0x7d/0x100 [ 58.911764][ T3633] ? _raw_spin_unlock_irq+0x2e/0x50 [ 58.916953][ T3633] ? ptrace_notify+0xfe/0x140 [ 58.921630][ T3633] do_syscall_64+0x39/0xb0 [ 58.926032][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.931917][ T3633] RIP: 0033:0x7f1c303a57c9 [ 58.936318][ T3633] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 58.955996][ T3633] RSP: 002b:00007ffc4da97b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 58.964392][ T3633] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1c303a57c9 [ 58.972348][ T3633] RDX: 0000000000000373 RSI: 0000000020000040 RDI: 0000000000000005 write(5, "\x04\x00\x00\x00\x00\x00\x00\x00\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 883) = 864 exit_group(0) = ? +++ exited with 0 +++ [ 58.980300][ T3633] RBP: 00007f1c303652d0 R08: 00000000000000