./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3585372656 <...> no interfaces have a carrier [ 23.289154][ T4643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.297851][ T4643] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: [ 23.904976][ T4743] sshd (4743) used greatest stack depth: 22344 bytes left OK syzkaller Warning: Permanently added '10.128.1.6' (ECDSA) to the list of known hosts. execve("./syz-executor3585372656", ["./syz-executor3585372656"], 0x7ffe8d946e10 /* 10 vars */) = 0 brk(NULL) = 0x5555555d4000 brk(0x5555555d4c40) = 0x5555555d4c40 arch_prctl(ARCH_SET_FS, 0x5555555d4300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3585372656", 4096) = 28 brk(0x5555555f5c40) = 0x5555555f5c40 brk(0x5555555f6000) = 0x5555555f6000 mprotect(0x7f714b1a4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 inotify_init1(0) = 3 inotify_add_watch(3, ".", IN_OPEN|IN_MOVED_TO|IN_CREATE|IN_DELETE|IN_MOVE_SELF|IN_ONLYDIR|IN_EXCL_UNLINK|IN_MASK_ADD|IN_ISDIR|IN_ONESHOT) = 1 ioctl(3, FIOASYNC, [1]) = 0 fcntl(3, F_SETOWN, -1) = 0 openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000) = 5 ioctl(-1, HIDIOCGUSAGES, 0x20000080) = -1 EBADF (Bad file descriptor) openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 6 ioctl(6, FIOASYNC, [3]) = 0 syzkaller login: [ 44.654936][ T5065] [ 44.657295][ T5065] ===================================================== [ 44.664202][ T5065] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 44.671643][ T5065] 6.2.0-rc6-syzkaller-00050-g9f266ccaa2f5 #0 Not tainted [ 44.678642][ T5065] ----------------------------------------------------- [ 44.685624][ T5065] syz-executor358/5065 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 44.693670][ T5065] ffff88802aa8e0c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13a/0x480 [ 44.702372][ T5065] [ 44.702372][ T5065] and this task is already holding: [ 44.709749][ T5065] ffff888027778028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 44.720079][ T5065] which would create a new lock dependency: [ 44.725944][ T5065] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 44.734012][ T5065] [ 44.734012][ T5065] but this new dependency connects a HARDIRQ-irq-safe lock: [ 44.743446][ T5065] (&dev->event_lock#2){-...}-{2:2} [ 44.743465][ T5065] [ 44.743465][ T5065] ... which became HARDIRQ-irq-safe at: [ 44.756328][ T5065] lock_acquire+0x1e3/0x630 [ 44.760906][ T5065] _raw_spin_lock_irqsave+0x3d/0x60 [ 44.766182][ T5065] input_event+0x70/0xa0 [ 44.770493][ T5065] psmouse_report_standard_buttons+0x30/0x80 [ 44.776537][ T5065] psmouse_process_byte+0x39e/0x8b0 [ 44.781798][ T5065] psmouse_handle_byte+0x41/0x1b0 [ 44.786885][ T5065] psmouse_interrupt+0x308/0xf00 [ 44.791886][ T5065] serio_interrupt+0x8c/0x150 [ 44.796636][ T5065] i8042_interrupt+0x27e/0x520 [ 44.801486][ T5065] __handle_irq_event_percpu+0x264/0x970 [ 44.807196][ T5065] handle_irq_event+0xab/0x1e0 [ 44.812037][ T5065] handle_edge_irq+0x263/0xd00 [ 44.816879][ T5065] __common_interrupt+0xa1/0x210 [ 44.821894][ T5065] common_interrupt+0xa8/0xd0 [ 44.826654][ T5065] asm_common_interrupt+0x26/0x40 [ 44.831764][ T5065] _raw_spin_unlock_irqrestore+0x3c/0x70 [ 44.837478][ T5065] free_percpu+0x7d2/0x10f0 [ 44.842062][ T5065] percpu_counter_destroy.part.0+0x176/0x200 [ 44.848130][ T5065] percpu_counter_destroy+0x3c/0x50 [ 44.853411][ T5065] __mmdrop+0x270/0x470 [ 44.857644][ T5065] __mmput+0x3fd/0x4c0 [ 44.861791][ T5065] mmput+0x60/0x70 [ 44.865599][ T5065] free_bprm+0x144/0x3e0 [ 44.869926][ T5065] kernel_execve+0x3fe/0x500 [ 44.874603][ T5065] call_usermodehelper_exec_async+0x2e7/0x580 [ 44.880762][ T5065] ret_from_fork+0x1f/0x30 [ 44.885263][ T5065] [ 44.885263][ T5065] to a HARDIRQ-irq-unsafe lock: [ 44.892265][ T5065] (tasklist_lock){.+.+}-{2:2} [ 44.892286][ T5065] [ 44.892286][ T5065] ... which became HARDIRQ-irq-unsafe at: [ 44.904896][ T5065] ... [ 44.904902][ T5065] lock_acquire+0x1e3/0x630 [ 44.912049][ T5065] _raw_read_lock+0x5f/0x70 [ 44.916634][ T5065] do_wait+0x2b7/0xd70 [ 44.920784][ T5065] kernel_wait+0xa0/0x150 [ 44.925202][ T5065] call_usermodehelper_exec_work+0xf9/0x180 [ 44.931193][ T5065] process_one_work+0x9bf/0x1710 [ 44.936220][ T5065] worker_thread+0x669/0x1090 [ 44.940978][ T5065] kthread+0x2e8/0x3a0 [ 44.945118][ T5065] ret_from_fork+0x1f/0x30 [ 44.949618][ T5065] [ 44.949618][ T5065] other info that might help us debug this: [ 44.949618][ T5065] [ 44.959827][ T5065] Chain exists of: [ 44.959827][ T5065] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 44.959827][ T5065] [ 44.973490][ T5065] Possible interrupt unsafe locking scenario: [ 44.973490][ T5065] [ 44.981790][ T5065] CPU0 CPU1 [ 44.987135][ T5065] ---- ---- [ 44.992482][ T5065] lock(tasklist_lock); [ 44.996717][ T5065] local_irq_disable(); [ 45.003453][ T5065] lock(&dev->event_lock#2); [ 45.010640][ T5065] lock(&client->buffer_lock); [ 45.017999][ T5065] [ 45.021433][ T5065] lock(&dev->event_lock#2); [ 45.026279][ T5065] [ 45.026279][ T5065] *** DEADLOCK *** [ 45.026279][ T5065] [ 45.034404][ T5065] 7 locks held by syz-executor358/5065: [ 45.039952][ T5065] #0: ffff8880222a0110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d7/0x760 [ 45.049091][ T5065] #1: ffff88801c1e0230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0x9f/0x330 [ 45.059183][ T5065] #2: ffffffff8c790300 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x8b/0x330 [ 45.068834][ T5065] #3: ffffffff8c790300 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 45.078947][ T5065] #4: ffffffff8c790300 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x5d/0x3e0 [ 45.088078][ T5065] #5: ffff888027778028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 45.098860][ T5065] #6: ffffffff8c790300 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x45/0x480 [ 45.108080][ T5065] [ 45.108080][ T5065] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 45.118474][ T5065] -> (&dev->event_lock#2){-...}-{2:2} { [ 45.124137][ T5065] IN-HARDIRQ-W at: [ 45.128190][ T5065] lock_acquire+0x1e3/0x630 [ 45.134509][ T5065] _raw_spin_lock_irqsave+0x3d/0x60 [ 45.141521][ T5065] input_event+0x70/0xa0 [ 45.147578][ T5065] psmouse_report_standard_buttons+0x30/0x80 [ 45.155397][ T5065] psmouse_process_byte+0x39e/0x8b0 [ 45.162406][ T5065] psmouse_handle_byte+0x41/0x1b0 [ 45.169243][ T5065] psmouse_interrupt+0x308/0xf00 [ 45.176013][ T5065] serio_interrupt+0x8c/0x150 [ 45.182516][ T5065] i8042_interrupt+0x27e/0x520 [ 45.189099][ T5065] __handle_irq_event_percpu+0x264/0x970 [ 45.196553][ T5065] handle_irq_event+0xab/0x1e0 [ 45.203143][ T5065] handle_edge_irq+0x263/0xd00 [ 45.209744][ T5065] __common_interrupt+0xa1/0x210 [ 45.216515][ T5065] common_interrupt+0xa8/0xd0 [ 45.223019][ T5065] asm_common_interrupt+0x26/0x40 [ 45.229869][ T5065] _raw_spin_unlock_irqrestore+0x3c/0x70 [ 45.237320][ T5065] free_percpu+0x7d2/0x10f0 [ 45.243639][ T5065] percpu_counter_destroy.part.0+0x176/0x200 [ 45.251446][ T5065] percpu_counter_destroy+0x3c/0x50 [ 45.258466][ T5065] __mmdrop+0x270/0x470 [ 45.264435][ T5065] __mmput+0x3fd/0x4c0 [ 45.270317][ T5065] mmput+0x60/0x70 [ 45.275846][ T5065] free_bprm+0x144/0x3e0 [ 45.281902][ T5065] kernel_execve+0x3fe/0x500 [ 45.288308][ T5065] call_usermodehelper_exec_async+0x2e7/0x580 [ 45.296198][ T5065] ret_from_fork+0x1f/0x30 [ 45.302441][ T5065] INITIAL USE at: [ 45.306409][ T5065] lock_acquire+0x1e3/0x630 [ 45.312641][ T5065] _raw_spin_lock_irqsave+0x3d/0x60 [ 45.319594][ T5065] input_inject_event+0x9f/0x330 [ 45.326266][ T5065] led_set_brightness_nosleep+0xea/0x1a0 [ 45.333721][ T5065] led_set_brightness+0x138/0x180 [ 45.340511][ T5065] led_trigger_event+0xb4/0x200 [ 45.347105][ T5065] kbd_led_trigger_activate+0xcd/0x110 [ 45.354290][ T5065] led_trigger_set+0x5db/0xaf0 [ 45.360784][ T5065] led_trigger_set_default+0x1aa/0x230 [ 45.367973][ T5065] led_classdev_register_ext+0x573/0x770 [ 45.375339][ T5065] input_leds_connect+0x4c1/0x860 [ 45.382093][ T5065] input_attach_handler+0x180/0x1f0 [ 45.389018][ T5065] input_register_device.cold+0xf0/0x2fd [ 45.396385][ T5065] atkbd_connect+0x5ca/0x9d0 [ 45.402709][ T5065] serio_driver_probe+0x76/0xa0 [ 45.409293][ T5065] really_probe+0x249/0xb90 [ 45.415526][ T5065] __driver_probe_device+0x1df/0x4d0 [ 45.422542][ T5065] driver_probe_device+0x4c/0x1a0 [ 45.429295][ T5065] __driver_attach+0x271/0x570 [ 45.435789][ T5065] bus_for_each_dev+0x14b/0x1d0 [ 45.442381][ T5065] serio_handle_event+0x2c3/0xa40 [ 45.449144][ T5065] process_one_work+0x9bf/0x1710 [ 45.455817][ T5065] worker_thread+0x669/0x1090 [ 45.462221][ T5065] kthread+0x2e8/0x3a0 [ 45.468020][ T5065] ret_from_fork+0x1f/0x30 [ 45.474172][ T5065] } [ 45.476744][ T5065] ... key at: [] __key.7+0x0/0x40 [ 45.483932][ T5065] -> (&client->buffer_lock){....}-{2:2} { [ 45.489661][ T5065] INITIAL USE at: [ 45.493576][ T5065] lock_acquire+0x1e3/0x630 [ 45.499633][ T5065] _raw_spin_lock+0x2e/0x40 [ 45.505690][ T5065] evdev_pass_values.part.0+0xf6/0x960 [ 45.512707][ T5065] evdev_events+0x35d/0x3e0 [ 45.518791][ T5065] input_to_handler+0x2a0/0x4c0 [ 45.525203][ T5065] input_pass_values.part.0+0x230/0x710 [ 45.532303][ T5065] input_event_dispose+0x5cf/0x730 [ 45.538970][ T5065] input_handle_event+0x120/0xe70 [ 45.545554][ T5065] input_inject_event+0x1c8/0x330 [ 45.552132][ T5065] evdev_write+0x434/0x760 [ 45.558114][ T5065] vfs_write+0x2db/0xdd0 [ 45.563916][ T5065] ksys_write+0x1ec/0x250 [ 45.569802][ T5065] do_syscall_64+0x39/0xb0 [ 45.575776][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.583230][ T5065] } [ 45.585717][ T5065] ... key at: [] __key.3+0x0/0x40 [ 45.592819][ T5065] ... acquired at: [ 45.596610][ T5065] _raw_spin_lock+0x2e/0x40 [ 45.601277][ T5065] evdev_pass_values.part.0+0xf6/0x960 [ 45.606907][ T5065] evdev_events+0x35d/0x3e0 [ 45.611583][ T5065] input_to_handler+0x2a0/0x4c0 [ 45.616632][ T5065] input_pass_values.part.0+0x230/0x710 [ 45.622374][ T5065] input_event_dispose+0x5cf/0x730 [ 45.627648][ T5065] input_handle_event+0x120/0xe70 [ 45.632839][ T5065] input_inject_event+0x1c8/0x330 [ 45.638028][ T5065] evdev_write+0x434/0x760 [ 45.642609][ T5065] vfs_write+0x2db/0xdd0 [ 45.647015][ T5065] ksys_write+0x1ec/0x250 [ 45.651510][ T5065] do_syscall_64+0x39/0xb0 [ 45.656094][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.662160][ T5065] [ 45.664480][ T5065] [ 45.664480][ T5065] the dependencies between the lock to be acquired [ 45.664487][ T5065] and HARDIRQ-irq-unsafe lock: [ 45.677978][ T5065] -> (tasklist_lock){.+.+}-{2:2} { [ 45.683266][ T5065] HARDIRQ-ON-R at: [ 45.687404][ T5065] lock_acquire+0x1e3/0x630 [ 45.693900][ T5065] _raw_read_lock+0x5f/0x70 [ 45.700392][ T5065] do_wait+0x2b7/0xd70 [ 45.706495][ T5065] kernel_wait+0xa0/0x150 [ 45.712817][ T5065] call_usermodehelper_exec_work+0xf9/0x180 [ 45.720708][ T5065] process_one_work+0x9bf/0x1710 [ 45.727641][ T5065] worker_thread+0x669/0x1090 [ 45.734305][ T5065] kthread+0x2e8/0x3a0 [ 45.740362][ T5065] ret_from_fork+0x1f/0x30 [ 45.746772][ T5065] SOFTIRQ-ON-R at: [ 45.750915][ T5065] lock_acquire+0x1e3/0x630 [ 45.757413][ T5065] _raw_read_lock+0x5f/0x70 [ 45.763901][ T5065] do_wait+0x2b7/0xd70 [ 45.769965][ T5065] kernel_wait+0xa0/0x150 [ 45.776288][ T5065] call_usermodehelper_exec_work+0xf9/0x180 [ 45.784175][ T5065] process_one_work+0x9bf/0x1710 [ 45.791112][ T5065] worker_thread+0x669/0x1090 [ 45.797789][ T5065] kthread+0x2e8/0x3a0 [ 45.803850][ T5065] ret_from_fork+0x1f/0x30 [ 45.810260][ T5065] INITIAL USE at: [ 45.814316][ T5065] lock_acquire+0x1e3/0x630 [ 45.820722][ T5065] _raw_write_lock_irq+0x36/0x50 [ 45.827566][ T5065] copy_process+0x4efb/0x7520 [ 45.834145][ T5065] kernel_clone+0xeb/0x990 [ 45.840465][ T5065] user_mode_thread+0xb1/0xf0 [ 45.847044][ T5065] rest_init+0x27/0x270 [ 45.853157][ T5065] arch_call_rest_init+0x13/0x1c [ 45.860007][ T5065] start_kernel+0x44f/0x470 [ 45.866418][ T5065] secondary_startup_64_no_verify+0xce/0xdb [ 45.874219][ T5065] INITIAL READ USE at: [ 45.878708][ T5065] lock_acquire+0x1e3/0x630 [ 45.885551][ T5065] _raw_read_lock+0x5f/0x70 [ 45.892405][ T5065] do_wait+0x2b7/0xd70 [ 45.898827][ T5065] kernel_wait+0xa0/0x150 [ 45.905517][ T5065] call_usermodehelper_exec_work+0xf9/0x180 [ 45.913762][ T5065] process_one_work+0x9bf/0x1710 [ 45.921046][ T5065] worker_thread+0x669/0x1090 [ 45.928065][ T5065] kthread+0x2e8/0x3a0 [ 45.934470][ T5065] ret_from_fork+0x1f/0x30 [ 45.941229][ T5065] } [ 45.943886][ T5065] ... key at: [] tasklist_lock+0x18/0x40 [ 45.951792][ T5065] ... acquired at: [ 45.955759][ T5065] _raw_read_lock+0x5f/0x70 [ 45.960431][ T5065] send_sigio+0xaf/0x370 [ 45.964840][ T5065] kill_fasync+0x1fc/0x480 [ 45.969426][ T5065] fsnotify_insert_event+0x3b9/0x500 [ 45.974876][ T5065] inotify_handle_inode_event+0x31a/0x5d0 [ 45.980765][ T5065] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 45.987346][ T5065] fsnotify+0x1178/0x16a0 [ 45.991842][ T5065] path_openat+0x1200/0x2a50 [ 45.996601][ T5065] do_filp_open+0x1ba/0x410 [ 46.001277][ T5065] do_sys_openat2+0x16d/0x4c0 [ 46.006123][ T5065] __x64_sys_openat+0x143/0x1f0 [ 46.011147][ T5065] do_syscall_64+0x39/0xb0 [ 46.015732][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.021796][ T5065] [ 46.024103][ T5065] -> (&f->f_owner.lock){....}-{2:2} { [ 46.029565][ T5065] INITIAL USE at: [ 46.033536][ T5065] lock_acquire+0x1e3/0x630 [ 46.039784][ T5065] _raw_write_lock_irq+0x36/0x50 [ 46.046459][ T5065] f_modown+0x2a/0x390 [ 46.052267][ T5065] f_setown+0xdb/0x230 [ 46.058069][ T5065] do_fcntl+0x34e/0x11a0 [ 46.064046][ T5065] __x64_sys_fcntl+0x163/0x1d0 [ 46.070551][ T5065] do_syscall_64+0x39/0xb0 [ 46.076699][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.084327][ T5065] INITIAL READ USE at: [ 46.088729][ T5065] lock_acquire+0x1e3/0x630 [ 46.095403][ T5065] _raw_read_lock_irqsave+0x74/0x90 [ 46.102768][ T5065] send_sigio+0x28/0x370 [ 46.109183][ T5065] kill_fasync+0x1fc/0x480 [ 46.115771][ T5065] fsnotify_insert_event+0x3b9/0x500 [ 46.123220][ T5065] inotify_handle_inode_event+0x31a/0x5d0 [ 46.131108][ T5065] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 46.139696][ T5065] fsnotify+0x1178/0x16a0 [ 46.146189][ T5065] path_openat+0x1200/0x2a50 [ 46.152951][ T5065] do_filp_open+0x1ba/0x410 [ 46.159631][ T5065] do_sys_openat2+0x16d/0x4c0 [ 46.166485][ T5065] __x64_sys_openat+0x143/0x1f0 [ 46.173542][ T5065] do_syscall_64+0x39/0xb0 [ 46.180123][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.188195][ T5065] } [ 46.190768][ T5065] ... key at: [] __key.5+0x0/0x40 [ 46.197962][ T5065] ... acquired at: [ 46.201839][ T5065] _raw_read_lock_irqsave+0x74/0x90 [ 46.207204][ T5065] send_sigio+0x28/0x370 [ 46.211617][ T5065] kill_fasync+0x1fc/0x480 [ 46.216209][ T5065] fsnotify_insert_event+0x3b9/0x500 [ 46.221662][ T5065] inotify_handle_inode_event+0x31a/0x5d0 [ 46.227549][ T5065] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 46.234130][ T5065] fsnotify+0x1178/0x16a0 [ 46.238627][ T5065] path_openat+0x1200/0x2a50 [ 46.243381][ T5065] do_filp_open+0x1ba/0x410 [ 46.248053][ T5065] do_sys_openat2+0x16d/0x4c0 [ 46.252899][ T5065] __x64_sys_openat+0x143/0x1f0 [ 46.257924][ T5065] do_syscall_64+0x39/0xb0 [ 46.262510][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.268577][ T5065] [ 46.270884][ T5065] -> (&new->fa_lock){....}-{2:2} { [ 46.276002][ T5065] INITIAL READ USE at: [ 46.280313][ T5065] lock_acquire+0x1e3/0x630 [ 46.286804][ T5065] _raw_read_lock_irqsave+0x74/0x90 [ 46.293994][ T5065] kill_fasync+0x13a/0x480 [ 46.300405][ T5065] fsnotify_insert_event+0x3b9/0x500 [ 46.307688][ T5065] inotify_handle_inode_event+0x31a/0x5d0 [ 46.315406][ T5065] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 46.323807][ T5065] fsnotify+0x1178/0x16a0 [ 46.330125][ T5065] path_openat+0x1200/0x2a50 [ 46.336708][ T5065] do_filp_open+0x1ba/0x410 [ 46.343201][ T5065] do_sys_openat2+0x16d/0x4c0 [ 46.349876][ T5065] __x64_sys_openat+0x143/0x1f0 [ 46.356750][ T5065] do_syscall_64+0x39/0xb0 [ 46.363160][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.371048][ T5065] } [ 46.373529][ T5065] ... key at: [] __key.0+0x0/0x40 [ 46.380628][ T5065] ... acquired at: [ 46.384414][ T5065] lock_acquire+0x1e3/0x630 [ 46.389079][ T5065] _raw_read_lock_irqsave+0x74/0x90 [ 46.394442][ T5065] kill_fasync+0x13a/0x480 [ 46.399051][ T5065] evdev_pass_values.part.0+0x667/0x960 [ 46.404771][ T5065] evdev_events+0x35d/0x3e0 [ 46.409445][ T5065] input_to_handler+0x2a0/0x4c0 [ 46.414466][ T5065] input_pass_values.part.0+0x230/0x710 [ 46.420178][ T5065] input_event_dispose+0x5cf/0x730 [ 46.425455][ T5065] input_handle_event+0x120/0xe70 [ 46.430641][ T5065] input_inject_event+0x1c8/0x330 [ 46.435854][ T5065] evdev_write+0x434/0x760 [ 46.440441][ T5065] vfs_write+0x2db/0xdd0 [ 46.444848][ T5065] ksys_write+0x1ec/0x250 [ 46.449340][ T5065] do_syscall_64+0x39/0xb0 [ 46.453922][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.459985][ T5065] [ 46.462291][ T5065] [ 46.462291][ T5065] stack backtrace: [ 46.468189][ T5065] CPU: 0 PID: 5065 Comm: syz-executor358 Not tainted 6.2.0-rc6-syzkaller-00050-g9f266ccaa2f5 #0 [ 46.478590][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 46.488633][ T5065] Call Trace: [ 46.491901][ T5065] [ 46.494819][ T5065] dump_stack_lvl+0xd1/0x138 [ 46.499412][ T5065] check_irq_usage.cold+0x4e4/0x761 [ 46.504615][ T5065] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 46.511734][ T5065] ? mark_lock.part.0+0xee/0x1910 [ 46.516764][ T5065] ? check_path.constprop.0+0x24/0x50 [ 46.522138][ T5065] ? register_lock_class+0xbe/0x1120 [ 46.527419][ T5065] ? lock_chain_count+0x20/0x20 [ 46.532276][ T5065] ? is_dynamic_key.part.0+0x130/0x130 [ 46.537729][ T5065] __lock_acquire+0x2a5b/0x56d0 [ 46.542590][ T5065] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 46.548574][ T5065] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 46.554557][ T5065] lock_acquire+0x1e3/0x630 [ 46.559050][ T5065] ? kill_fasync+0x13a/0x480 [ 46.563639][ T5065] ? lock_release+0x810/0x810 [ 46.568322][ T5065] ? lock_release+0x810/0x810 [ 46.573001][ T5065] ? lock_release+0x810/0x810 [ 46.577675][ T5065] ? __wake_up_common+0x650/0x650 [ 46.582702][ T5065] _raw_read_lock_irqsave+0x74/0x90 [ 46.587896][ T5065] ? kill_fasync+0x13a/0x480 [ 46.592496][ T5065] kill_fasync+0x13a/0x480 [ 46.596916][ T5065] evdev_pass_values.part.0+0x667/0x960 [ 46.602494][ T5065] ? evdev_free+0x70/0x70 [ 46.606818][ T5065] ? ktime_mono_to_any+0xb9/0x1e0 [ 46.611843][ T5065] evdev_events+0x35d/0x3e0 [ 46.616346][ T5065] ? evdev_connect+0x4b0/0x4b0 [ 46.621109][ T5065] input_to_handler+0x2a0/0x4c0 [ 46.625968][ T5065] input_pass_values.part.0+0x230/0x710 [ 46.631508][ T5065] input_event_dispose+0x5cf/0x730 [ 46.636615][ T5065] input_handle_event+0x120/0xe70 [ 46.641660][ T5065] input_inject_event+0x1c8/0x330 [ 46.646680][ T5065] evdev_write+0x434/0x760 [ 46.651190][ T5065] ? evdev_read+0xe40/0xe40 [ 46.655691][ T5065] ? apparmor_file_permission+0x268/0x4e0 [ 46.661410][ T5065] ? bpf_lsm_file_permission+0x9/0x10 [ 46.666778][ T5065] ? security_file_permission+0xaf/0xd0 [ 46.672325][ T5065] vfs_write+0x2db/0xdd0 [ 46.676565][ T5065] ? evdev_read+0xe40/0xe40 [ 46.681066][ T5065] ? kernel_write+0x630/0x630 [ 46.685732][ T5065] ? find_held_lock+0x2d/0x110 [ 46.690497][ T5065] ? ptrace_notify+0xfe/0x140 [ 46.695171][ T5065] ? lock_downgrade+0x6e0/0x6e0 [ 46.700030][ T5065] ? __fget_light+0x20a/0x270 [ 46.704701][ T5065] ksys_write+0x1ec/0x250 [ 46.709025][ T5065] ? __ia32_sys_read+0xb0/0xb0 [ 46.713867][ T5065] ? lockdep_hardirqs_on+0x7d/0x100 [ 46.719067][ T5065] ? _raw_spin_unlock_irq+0x2e/0x50 [ 46.724263][ T5065] ? ptrace_notify+0xfe/0x140 [ 46.728934][ T5065] do_syscall_64+0x39/0xb0 [ 46.733345][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.739241][ T5065] RIP: 0033:0x7f714b137679 [ 46.743645][ T5065] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 46.763252][ T5065] RSP: 002b:00007ffcde328768 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 46.771660][ T5065] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f714b137679 [ 46.779662][ T5065] RDX: 0000000000002ad8 RSI: 0000000020000040 RDI: 0000000000000005 [ 46.787624][ T5065] RBP: 00007f714b0f6ef0 R08: 0000000000000000 R09: 0000000000000000 [ 46.795586][ T5065] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f714b0f6f80 [ 46.803587][ T5065] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 46.811564][ T5065] write(5, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 10968) = 10968 exit_group(0) = ? +++ exited with 0 +++