./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3743954840 <...> Warning: Permanently added '10.128.0.235' (ED25519) to the list of known hosts. execve("./syz-executor3743954840", ["./syz-executor3743954840"], 0x7ffcfcaf04e0 /* 10 vars */) = 0 brk(NULL) = 0x55558376f000 brk(0x55558376fd40) = 0x55558376fd40 arch_prctl(ARCH_SET_FS, 0x55558376f3c0) = 0 set_tid_address(0x55558376f690) = 5081 set_robust_list(0x55558376f6a0, 24) = 0 rseq(0x55558376fce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3743954840", 4096) = 28 getrandom("\x8d\xeb\x25\xf7\xbc\xf3\xa7\x95", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558376fd40 brk(0x555583790d40) = 0x555583790d40 brk(0x555583791000) = 0x555583791000 mprotect(0x7fd12361b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7fd12362140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fd1235bf9e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd1235b1060}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd123530000 mprotect(0x7fd123531000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd123550990, parent_tid=0x7fd123550990, exit_signal=0, stack=0x7fd123530000, stack_size=0x20300, tls=0x7fd1235506c0}./strace-static-x86_64: Process 5082 attached => {parent_tid=[5082]}, 88) = 5082 [pid 5082] rseq(0x7fd123550fe0, 0x20, 0, 0x53053053) = 0 [pid 5082] set_robust_list(0x7fd1235509a0, 24) = 0 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5082] futex(0x7fd123621408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5081] futex(0x7fd123621408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] futex(0x7fd12362140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 0 [pid 5082] open("./file0", O_RDONLY|O_CREAT|O_LARGEFILE|0x4000000, 000) = 3 [pid 5082] futex(0x7fd12362140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 1 [pid 5081] futex(0x7fd123621408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] gettid( [pid 5081] <... futex resumed>) = 0 [pid 5082] <... gettid resumed>) = 5082 [pid 5081] futex(0x7fd12362140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] futex(0x7fd12362140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... futex resumed>) = 0 [pid 5081] futex(0x7fd123621408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7fd123621408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] futex(0x7fd12362140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] fcntl(3, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=5082}) = 0 [pid 5082] futex(0x7fd12362140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7fd123621408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5082] fcntl(3, F_SETLEASE, F_WRLCK [pid 5081] futex(0x7fd12362140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... fcntl resumed>) = 0 [pid 5082] futex(0x7fd12362140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 1 [pid 5081] futex(0x7fd123621408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] open("./file0", O_RDONLY [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7fd12362140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5081] futex(0x7fd12362141c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd12350f000 [pid 5081] mprotect(0x7fd123510000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd12352f990, parent_tid=0x7fd12352f990, exit_signal=0, stack=0x7fd12350f000, stack_size=0x20300, tls=0x7fd12352f6c0}./strace-static-x86_64: Process 5083 attached => {parent_tid=[5083]}, 88) = 5083 [pid 5083] rseq(0x7fd12352ffe0, 0x20, 0, 0x53053053 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] <... rseq resumed>) = 0 [pid 5081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] set_robust_list(0x7fd12352f9a0, 24 [pid 5081] futex(0x7fd123621418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], [pid 5081] futex(0x7fd12362141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5083] futex(0x7fd12362141c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5081] futex(0x7fd123621418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] ioctl(5, FIOASYNC, [1] [pid 5081] <... futex resumed>) = 0 [pid 5083] <... ioctl resumed>) = 0 [pid 5081] futex(0x7fd12362141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] futex(0x7fd12362141c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7fd123621418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5083] ioctl(-1, HIDIOCSUSAGES [pid 5081] futex(0x7fd12362141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... ioctl resumed>, 0x20001100) = -1 EBADF (Bad file descriptor) [pid 5083] futex(0x7fd12362141c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5083] futex(0x7fd123621418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] futex(0x7fd123621418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] futex(0x7fd12362141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|O_NOATIME|FASYNC|0x800000) = 6 [pid 5083] futex(0x7fd12362141c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5081] futex(0x7fd123621418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] write(6, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xda\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8784 [pid 5081] <... futex resumed>) = 0 [ 59.477182][ T5083] [ 59.479562][ T5083] ===================================================== [ 59.486473][ T5083] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 59.493899][ T5083] 6.9.0-rc6-syzkaller-00227-g3d25a941ea50 #0 Not tainted [ 59.500932][ T5083] ----------------------------------------------------- [ 59.507860][ T5083] syz-executor374/5083 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 59.515926][ T5083] ffff88801e8b60c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x19e/0x4d0 [ 59.524621][ T5083] [pid 5081] futex(0x7fd12362141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 59.524621][ T5083] and this task is already holding: [ 59.531972][ T5083] ffff888029979028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xf2/0xad0 [ 59.541715][ T5083] which would create a new lock dependency: [ 59.547592][ T5083] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 59.555673][ T5083] [ 59.555673][ T5083] but this new dependency connects a HARDIRQ-irq-safe lock: [ 59.565116][ T5083] (&dev->event_lock#2){-...}-{2:2} [ 59.565138][ T5083] [ 59.565138][ T5083] ... which became HARDIRQ-irq-safe at: [ 59.578003][ T5083] lock_acquire+0x1ed/0x550 [ 59.582586][ T5083] _raw_spin_lock_irqsave+0xd5/0x120 [ 59.588070][ T5083] input_event+0x91/0xd0 [ 59.592387][ T5083] psmouse_report_standard_packet+0x54/0x200 [ 59.598467][ T5083] psmouse_process_byte+0x48c/0x680 [ 59.603775][ T5083] psmouse_handle_byte+0x49/0x4c0 [ 59.608875][ T5083] ps2_interrupt+0x17c/0x8e0 [ 59.613538][ T5083] serio_interrupt+0x90/0x140 [ 59.618324][ T5083] i8042_interrupt+0x375/0x770 [ 59.623176][ T5083] __handle_irq_event_percpu+0x29a/0xa80 [ 59.628901][ T5083] handle_irq_event+0x89/0x1f0 [ 59.633747][ T5083] handle_edge_irq+0x25f/0xc20 [ 59.638587][ T5083] __common_interrupt+0x138/0x230 [ 59.643701][ T5083] common_interrupt+0xa5/0xd0 [ 59.648450][ T5083] asm_common_interrupt+0x26/0x40 [ 59.653573][ T5083] account_kernel_stack+0x289/0x3f0 [ 59.658842][ T5083] exit_task_stack_account+0x2a/0x340 [ 59.664314][ T5083] do_exit+0x1cee/0x27e0 [ 59.668633][ T5083] call_usermodehelper_exec_async+0x37a/0x380 [ 59.674771][ T5083] ret_from_fork+0x4b/0x80 [ 59.679264][ T5083] ret_from_fork_asm+0x1a/0x30 [ 59.684117][ T5083] [ 59.684117][ T5083] to a HARDIRQ-irq-unsafe lock: [ 59.691141][ T5083] (tasklist_lock){.+.+}-{2:2} [ 59.691161][ T5083] [ 59.691161][ T5083] ... which became HARDIRQ-irq-unsafe at: [ 59.703763][ T5083] ... [ 59.703769][ T5083] lock_acquire+0x1ed/0x550 [ 59.710918][ T5083] _raw_read_lock+0x36/0x50 [ 59.715517][ T5083] __do_wait+0x12d/0x850 [ 59.719834][ T5083] do_wait+0x1e9/0x560 [ 59.723992][ T5083] kernel_wait+0xe9/0x240 [ 59.728389][ T5083] call_usermodehelper_exec_work+0xbd/0x230 [ 59.734372][ T5083] process_scheduled_works+0xa10/0x17c0 [ 59.739997][ T5083] worker_thread+0x86d/0xd70 [ 59.744674][ T5083] kthread+0x2f0/0x390 [ 59.748833][ T5083] ret_from_fork+0x4b/0x80 [ 59.753322][ T5083] ret_from_fork_asm+0x1a/0x30 [ 59.758159][ T5083] [ 59.758159][ T5083] other info that might help us debug this: [ 59.758159][ T5083] [ 59.768376][ T5083] Chain exists of: [ 59.768376][ T5083] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 59.768376][ T5083] [ 59.781919][ T5083] Possible interrupt unsafe locking scenario: [ 59.781919][ T5083] [ 59.790224][ T5083] CPU0 CPU1 [ 59.795570][ T5083] ---- ---- [ 59.800945][ T5083] lock(tasklist_lock); [ 59.805172][ T5083] local_irq_disable(); [ 59.811918][ T5083] lock(&dev->event_lock#2); [ 59.819117][ T5083] lock(&client->buffer_lock); [ 59.826474][ T5083] [ 59.829913][ T5083] lock(&dev->event_lock#2); [ 59.834752][ T5083] [ 59.834752][ T5083] *** DEADLOCK *** [ 59.834752][ T5083] [ 59.842882][ T5083] 7 locks held by syz-executor374/5083: [ 59.848406][ T5083] #0: ffff8880250bd110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x272/0x7c0 [ 59.857541][ T5083] #1: ffff888019f03230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xc5/0x340 [ 59.867647][ T5083] #2: ffffffff8e334da0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xd5/0x340 [ 59.877322][ T5083] #3: ffffffff8e334da0 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0x9d/0x1200 [ 59.886996][ T5083] #4: ffffffff8e334da0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x6f/0x300 [ 59.896117][ T5083] #5: ffff888029979028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xf2/0xad0 [ 59.906290][ T5083] #6: ffffffff8e334da0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x55/0x4d0 [ 59.915323][ T5083] [ 59.915323][ T5083] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [pid 5081] exit_group(0) = ? [ 59.925733][ T5083] -> (&dev->event_lock#2){-...}-{2:2} { [ 59.931364][ T5083] IN-HARDIRQ-W at: [ 59.935422][ T5083] lock_acquire+0x1ed/0x550 [ 59.941752][ T5083] _raw_spin_lock_irqsave+0xd5/0x120 [ 59.948897][ T5083] input_event+0x91/0xd0 [ 59.954977][ T5083] psmouse_report_standard_packet+0x54/0x200 [ 59.962783][ T5083] psmouse_process_byte+0x48c/0x680 [ 59.969810][ T5083] psmouse_handle_byte+0x49/0x4c0 [pid 5082] <... open resumed>) = ? [pid 5082] +++ exited with 0 +++ [ 59.976672][ T5083] ps2_interrupt+0x17c/0x8e0 [ 59.983083][ T5083] serio_interrupt+0x90/0x140 [ 59.989591][ T5083] i8042_interrupt+0x375/0x770 [ 59.996189][ T5083] __handle_irq_event_percpu+0x29a/0xa80 [ 60.003650][ T5083] handle_irq_event+0x89/0x1f0 [ 60.010224][ T5083] handle_edge_irq+0x25f/0xc20 [ 60.016798][ T5083] __common_interrupt+0x138/0x230 [ 60.023645][ T5083] common_interrupt+0xa5/0xd0 [ 60.030131][ T5083] asm_common_interrupt+0x26/0x40 [ 60.036995][ T5083] account_kernel_stack+0x289/0x3f0 [ 60.044002][ T5083] exit_task_stack_account+0x2a/0x340 [ 60.051193][ T5083] do_exit+0x1cee/0x27e0 [ 60.057254][ T5083] call_usermodehelper_exec_async+0x37a/0x380 [ 60.065158][ T5083] ret_from_fork+0x4b/0x80 [ 60.071385][ T5083] ret_from_fork_asm+0x1a/0x30 [ 60.077959][ T5083] INITIAL USE at: [ 60.081922][ T5083] lock_acquire+0x1ed/0x550 [ 60.088154][ T5083] _raw_spin_lock_irqsave+0xd5/0x120 [ 60.095259][ T5083] input_inject_event+0xc5/0x340 [ 60.101919][ T5083] led_trigger_event+0x11c/0x1e0 [ 60.108589][ T5083] kbd_led_trigger_activate+0xbd/0x100 [ 60.115768][ T5083] led_trigger_set+0x541/0x950 [ 60.122250][ T5083] led_trigger_set_default+0x229/0x260 [ 60.129426][ T5083] led_classdev_register_ext+0x773/0x960 [ 60.136779][ T5083] input_leds_connect+0x497/0x640 [ 60.143549][ T5083] input_register_device+0xcfa/0x1090 [ 60.150675][ T5083] atkbd_connect+0x752/0xa00 [ 60.156987][ T5083] serio_driver_probe+0x7f/0xa0 [ 60.163559][ T5083] really_probe+0x2b8/0xad0 [ 60.169785][ T5083] __driver_probe_device+0x1a2/0x390 [ 60.176790][ T5083] driver_probe_device+0x50/0x430 [ 60.183535][ T5083] __driver_attach+0x45f/0x710 [ 60.190023][ T5083] bus_for_each_dev+0x239/0x2b0 [ 60.196593][ T5083] serio_handle_event+0x1c7/0x920 [ 60.203377][ T5083] process_scheduled_works+0xa10/0x17c0 [ 60.210669][ T5083] worker_thread+0x86d/0xd70 [ 60.216985][ T5083] kthread+0x2f0/0x390 [ 60.222971][ T5083] ret_from_fork+0x4b/0x80 [ 60.229126][ T5083] ret_from_fork_asm+0x1a/0x30 [ 60.235613][ T5083] } [ 60.238182][ T5083] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 60.247274][ T5083] -> (&client->buffer_lock){....}-{2:2} { [ 60.253012][ T5083] INITIAL USE at: [ 60.256982][ T5083] lock_acquire+0x1ed/0x550 [ 60.263050][ T5083] _raw_spin_lock+0x2e/0x40 [ 60.269104][ T5083] evdev_pass_values+0xf2/0xad0 [ 60.275498][ T5083] evdev_events+0x1c2/0x300 [ 60.281550][ T5083] input_pass_values+0x84d/0x1200 [ 60.288126][ T5083] input_event_dispose+0x36c/0x650 [ 60.294796][ T5083] input_handle_event+0xa71/0xbe0 [ 60.301382][ T5083] input_inject_event+0x22f/0x340 [ 60.307953][ T5083] evdev_write+0x672/0x7c0 [ 60.313910][ T5083] vfs_write+0x2a4/0xcb0 [ 60.319696][ T5083] ksys_write+0x1a0/0x2c0 [ 60.325571][ T5083] do_syscall_64+0xf5/0x240 [ 60.331620][ T5083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.339062][ T5083] } [ 60.341542][ T5083] ... key at: [] evdev_open.__key.24+0x0/0x20 [ 60.349680][ T5083] ... acquired at: [ 60.353464][ T5083] lock_acquire+0x1ed/0x550 [ 60.358149][ T5083] _raw_spin_lock+0x2e/0x40 [ 60.362841][ T5083] evdev_pass_values+0xf2/0xad0 [ 60.367867][ T5083] evdev_events+0x1c2/0x300 [ 60.372538][ T5083] input_pass_values+0x84d/0x1200 [ 60.377723][ T5083] input_event_dispose+0x36c/0x650 [ 60.382992][ T5083] input_handle_event+0xa71/0xbe0 [ 60.388228][ T5083] input_inject_event+0x22f/0x340 [ 60.393416][ T5083] evdev_write+0x672/0x7c0 [ 60.397987][ T5083] vfs_write+0x2a4/0xcb0 [ 60.402407][ T5083] ksys_write+0x1a0/0x2c0 [ 60.406913][ T5083] do_syscall_64+0xf5/0x240 [ 60.411593][ T5083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.417734][ T5083] [ 60.420040][ T5083] [ 60.420040][ T5083] the dependencies between the lock to be acquired [ 60.420046][ T5083] and HARDIRQ-irq-unsafe lock: [ 60.433532][ T5083] -> (tasklist_lock){.+.+}-{2:2} { [ 60.438823][ T5083] HARDIRQ-ON-R at: [ 60.442961][ T5083] lock_acquire+0x1ed/0x550 [ 60.449447][ T5083] _raw_read_lock+0x36/0x50 [ 60.455932][ T5083] __do_wait+0x12d/0x850 [ 60.462155][ T5083] do_wait+0x1e9/0x560 [ 60.468204][ T5083] kernel_wait+0xe9/0x240 [ 60.474514][ T5083] call_usermodehelper_exec_work+0xbd/0x230 [ 60.482386][ T5083] process_scheduled_works+0xa10/0x17c0 [ 60.489914][ T5083] worker_thread+0x86d/0xd70 [ 60.496485][ T5083] kthread+0x2f0/0x390 [ 60.502533][ T5083] ret_from_fork+0x4b/0x80 [ 60.508933][ T5083] ret_from_fork_asm+0x1a/0x30 [ 60.515690][ T5083] SOFTIRQ-ON-R at: [ 60.519837][ T5083] lock_acquire+0x1ed/0x550 [ 60.526411][ T5083] _raw_read_lock+0x36/0x50 [ 60.532898][ T5083] __do_wait+0x12d/0x850 [ 60.539143][ T5083] do_wait+0x1e9/0x560 [ 60.545748][ T5083] kernel_wait+0xe9/0x240 [ 60.552116][ T5083] call_usermodehelper_exec_work+0xbd/0x230 [ 60.560025][ T5083] process_scheduled_works+0xa10/0x17c0 [ 60.567570][ T5083] worker_thread+0x86d/0xd70 [ 60.574141][ T5083] kthread+0x2f0/0x390 [ 60.580190][ T5083] ret_from_fork+0x4b/0x80 [ 60.586591][ T5083] ret_from_fork_asm+0x1a/0x30 [ 60.593340][ T5083] INITIAL USE at: [ 60.597391][ T5083] lock_acquire+0x1ed/0x550 [ 60.603789][ T5083] _raw_write_lock_irq+0xd3/0x120 [ 60.610714][ T5083] copy_process+0x228b/0x3df0 [ 60.617283][ T5083] kernel_clone+0x226/0x8f0 [ 60.623683][ T5083] user_mode_thread+0x132/0x1a0 [ 60.630427][ T5083] rest_init+0x23/0x300 [ 60.636635][ T5083] start_kernel+0x47a/0x500 [ 60.643042][ T5083] x86_64_start_reservations+0x2a/0x30 [ 60.650395][ T5083] x86_64_start_kernel+0x99/0xa0 [ 60.657244][ T5083] common_startup_64+0x13e/0x147 [ 60.664100][ T5083] INITIAL READ USE at: [ 60.668590][ T5083] lock_acquire+0x1ed/0x550 [ 60.675454][ T5083] _raw_read_lock+0x36/0x50 [ 60.682315][ T5083] __do_wait+0x12d/0x850 [ 60.688899][ T5083] do_wait+0x1e9/0x560 [ 60.695315][ T5083] kernel_wait+0xe9/0x240 [ 60.701988][ T5083] call_usermodehelper_exec_work+0xbd/0x230 [ 60.710217][ T5083] process_scheduled_works+0xa10/0x17c0 [ 60.718104][ T5083] worker_thread+0x86d/0xd70 [ 60.725033][ T5083] kthread+0x2f0/0x390 [ 60.731431][ T5083] ret_from_fork+0x4b/0x80 [ 60.738203][ T5083] ret_from_fork_asm+0x1a/0x30 [ 60.745297][ T5083] } [ 60.747951][ T5083] ... key at: [] tasklist_lock+0x18/0x40 [ 60.755827][ T5083] ... acquired at: [ 60.759781][ T5083] lock_acquire+0x1ed/0x550 [ 60.764435][ T5083] _raw_read_lock+0x36/0x50 [ 60.769106][ T5083] send_sigio+0xfc/0x360 [ 60.773512][ T5083] kill_fasync+0x23a/0x4d0 [ 60.778082][ T5083] lease_break_callback+0x26/0x30 [ 60.783283][ T5083] __break_lease+0x6d5/0x1820 [ 60.788117][ T5083] do_dentry_open+0x871/0x15a0 [ 60.793049][ T5083] path_openat+0x2860/0x3240 [ 60.797795][ T5083] do_filp_open+0x235/0x490 [ 60.802451][ T5083] do_sys_openat2+0x13e/0x1d0 [ 60.807282][ T5083] __x64_sys_open+0x225/0x270 [ 60.812113][ T5083] do_syscall_64+0xf5/0x240 [ 60.816779][ T5083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.822843][ T5083] [ 60.825161][ T5083] -> (&f->f_owner.lock){....}-{2:2} { [ 60.830624][ T5083] INITIAL USE at: [ 60.834604][ T5083] lock_acquire+0x1ed/0x550 [ 60.840825][ T5083] _raw_write_lock_irq+0xd3/0x120 [ 60.847582][ T5083] f_modown+0x38/0x340 [ 60.853376][ T5083] do_fcntl+0x1359/0x16f0 [ 60.859429][ T5083] __se_sys_fcntl+0xd2/0x1b0 [ 60.865745][ T5083] do_syscall_64+0xf5/0x240 [ 60.871970][ T5083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.879580][ T5083] INITIAL READ USE at: [ 60.883993][ T5083] lock_acquire+0x1ed/0x550 [ 60.890650][ T5083] _raw_read_lock_irqsave+0xdd/0x130 [ 60.898096][ T5083] send_sigio+0x33/0x360 [ 60.904488][ T5083] kill_fasync+0x23a/0x4d0 [ 60.911076][ T5083] lease_break_callback+0x26/0x30 [ 60.918251][ T5083] __break_lease+0x6d5/0x1820 [ 60.925078][ T5083] do_dentry_open+0x871/0x15a0 [ 60.932003][ T5083] path_openat+0x2860/0x3240 [ 60.938746][ T5083] do_filp_open+0x235/0x490 [ 60.945401][ T5083] do_sys_openat2+0x13e/0x1d0 [ 60.952235][ T5083] __x64_sys_open+0x225/0x270 [ 60.959075][ T5083] do_syscall_64+0xf5/0x240 [ 60.965732][ T5083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.973776][ T5083] } [ 60.976344][ T5083] ... key at: [] init_file.__key+0x0/0x20 [ 60.984836][ T5083] ... acquired at: [ 60.988721][ T5083] lock_acquire+0x1ed/0x550 [ 60.993382][ T5083] _raw_read_lock_irqsave+0xdd/0x130 [ 60.998828][ T5083] send_sigio+0x33/0x360 [ 61.003227][ T5083] kill_fasync+0x23a/0x4d0 [ 61.007806][ T5083] lease_break_callback+0x26/0x30 [ 61.012982][ T5083] __break_lease+0x6d5/0x1820 [ 61.017829][ T5083] do_dentry_open+0x871/0x15a0 [ 61.022746][ T5083] path_openat+0x2860/0x3240 [ 61.027491][ T5083] do_filp_open+0x235/0x490 [ 61.032150][ T5083] do_sys_openat2+0x13e/0x1d0 [ 61.036993][ T5083] __x64_sys_open+0x225/0x270 [ 61.041836][ T5083] do_syscall_64+0xf5/0x240 [ 61.046515][ T5083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.052763][ T5083] [ 61.055079][ T5083] -> (&new->fa_lock){....}-{2:2} { [ 61.060185][ T5083] INITIAL READ USE at: [ 61.064506][ T5083] lock_acquire+0x1ed/0x550 [ 61.070995][ T5083] _raw_read_lock_irqsave+0xdd/0x130 [ 61.078350][ T5083] kill_fasync+0x19e/0x4d0 [ 61.084746][ T5083] lease_break_callback+0x26/0x30 [ 61.091774][ T5083] __break_lease+0x6d5/0x1820 [ 61.098565][ T5083] do_dentry_open+0x871/0x15a0 [ 61.105326][ T5083] path_openat+0x2860/0x3240 [ 61.111905][ T5083] do_filp_open+0x235/0x490 [ 61.118391][ T5083] do_sys_openat2+0x13e/0x1d0 [ 61.125048][ T5083] __x64_sys_open+0x225/0x270 [ 61.131717][ T5083] do_syscall_64+0xf5/0x240 [ 61.138205][ T5083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.146101][ T5083] } [ 61.148589][ T5083] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 61.157267][ T5083] ... acquired at: [ 61.161062][ T5083] lock_acquire+0x1ed/0x550 [ 61.165781][ T5083] _raw_read_lock_irqsave+0xdd/0x130 [ 61.171245][ T5083] kill_fasync+0x19e/0x4d0 [ 61.175819][ T5083] evdev_pass_values+0x58a/0xad0 [ 61.180913][ T5083] evdev_events+0x1c2/0x300 [ 61.185571][ T5083] input_pass_values+0x84d/0x1200 [ 61.190766][ T5083] input_event_dispose+0x36c/0x650 [ 61.196034][ T5083] input_handle_event+0xa71/0xbe0 [ 61.201226][ T5083] input_inject_event+0x22f/0x340 [ 61.206408][ T5083] evdev_write+0x672/0x7c0 [ 61.210977][ T5083] vfs_write+0x2a4/0xcb0 [ 61.215376][ T5083] ksys_write+0x1a0/0x2c0 [ 61.219863][ T5083] do_syscall_64+0xf5/0x240 [ 61.224547][ T5083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.230613][ T5083] [ 61.233005][ T5083] [ 61.233005][ T5083] stack backtrace: [ 61.238884][ T5083] CPU: 0 PID: 5083 Comm: syz-executor374 Not tainted 6.9.0-rc6-syzkaller-00227-g3d25a941ea50 #0 [ 61.249278][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 61.259333][ T5083] Call Trace: [ 61.262602][ T5083] [ 61.265515][ T5083] dump_stack_lvl+0x241/0x360 [ 61.270184][ T5083] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.275368][ T5083] ? __pfx__printk+0x10/0x10 [ 61.279945][ T5083] ? print_shortest_lock_dependencies+0xf2/0x160 [ 61.286274][ T5083] validate_chain+0x4dc7/0x58e0 [ 61.291135][ T5083] ? __pfx_validate_chain+0x10/0x10 [ 61.296336][ T5083] ? __pfx_validate_chain+0x10/0x10 [ 61.301540][ T5083] ? register_lock_class+0x102/0x980 [ 61.306824][ T5083] ? __pfx_register_lock_class+0x10/0x10 [ 61.312459][ T5083] ? mark_lock+0x9a/0x350 [ 61.316773][ T5083] __lock_acquire+0x1346/0x1fd0 [ 61.321613][ T5083] lock_acquire+0x1ed/0x550 [ 61.326135][ T5083] ? kill_fasync+0x19e/0x4d0 [ 61.330723][ T5083] ? __pfx_lock_acquire+0x10/0x10 [ 61.335735][ T5083] ? __pfx_lock_acquire+0x10/0x10 [ 61.340770][ T5083] _raw_read_lock_irqsave+0xdd/0x130 [ 61.346057][ T5083] ? kill_fasync+0x19e/0x4d0 [ 61.350631][ T5083] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 61.356525][ T5083] kill_fasync+0x19e/0x4d0 [ 61.360929][ T5083] ? kill_fasync+0x55/0x4d0 [ 61.365415][ T5083] evdev_pass_values+0x58a/0xad0 [ 61.370333][ T5083] ? evdev_pass_values+0x561/0xad0 [ 61.375425][ T5083] evdev_events+0x1c2/0x300 [ 61.379917][ T5083] ? evdev_events+0x6f/0x300 [ 61.384492][ T5083] ? __pfx_evdev_events+0x10/0x10 [ 61.389504][ T5083] input_pass_values+0x84d/0x1200 [ 61.394528][ T5083] ? input_pass_values+0x9d/0x1200 [ 61.399624][ T5083] input_event_dispose+0x36c/0x650 [ 61.404724][ T5083] input_handle_event+0xa71/0xbe0 [ 61.409751][ T5083] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 61.415211][ T5083] ? __pfx_input_handle_event+0x10/0x10 [ 61.420763][ T5083] input_inject_event+0x22f/0x340 [ 61.425782][ T5083] ? input_inject_event+0xd5/0x340 [ 61.430877][ T5083] evdev_write+0x672/0x7c0 [ 61.435275][ T5083] ? __pfx_evdev_write+0x10/0x10 [ 61.440208][ T5083] ? bpf_lsm_file_permission+0x9/0x10 [ 61.445583][ T5083] ? security_file_permission+0x7f/0xa0 [ 61.451134][ T5083] ? rw_verify_area+0x1d2/0x580 [ 61.455974][ T5083] ? __pfx_evdev_write+0x10/0x10 [ 61.460898][ T5083] vfs_write+0x2a4/0xcb0 [ 61.465233][ T5083] ? __pfx_lock_release+0x10/0x10 [ 61.470360][ T5083] ? __pfx_vfs_write+0x10/0x10 [ 61.475139][ T5083] ? __fget_files+0x28/0x470 [ 61.479738][ T5083] ? __fget_files+0x3f4/0x470 [ 61.484411][ T5083] ? __fget_files+0x28/0x470 [ 61.488988][ T5083] ? lockdep_hardirqs_on+0x99/0x150 [ 61.494210][ T5083] ? __fdget_pos+0x1a2/0x320 [ 61.498785][ T5083] ksys_write+0x1a0/0x2c0 [ 61.503214][ T5083] ? __pfx_ksys_write+0x10/0x10 [ 61.508059][ T5083] ? do_syscall_64+0x102/0x240 [ 61.512807][ T5083] do_syscall_64+0xf5/0x240 [ 61.517312][ T5083] ? clear_bhb_loop+0x35/0x90 [ 61.521988][ T5083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.527862][ T5083] RIP: 0033:0x7fd123599b39 [ 61.532261][ T5083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 61.551872][ T5083] RSP: 002b:00007fd12352f228 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 61.560455][ T5083] RAX: ffffffffffffffda RBX: 00007fd123621418 RCX: 00007fd123599b39 [ 61.568443][ T5083] RDX: 0000000000002250 RSI: 0000000020000040 RDI: 0000000000000006 [ 61.576534][ T5083] RBP: 00007fd123621410 R08: 00007fd12352f6c0 R09: 00007fd12352f6c0 [pid 5083] <... write resumed>) = ? [pid 5083] +++ exited with 0 +++ +++ exited with 0 +++ [ 61.584502][ T5083] R10: