./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2073706962 <...> Warning: Permanently added '10.128.1.158' (ED25519) to the list of known hosts. execve("./syz-executor2073706962", ["./syz-executor2073706962"], 0x7ffd7fe3b3d0 /* 10 vars */) = 0 brk(NULL) = 0x55555606d000 brk(0x55555606dd40) = 0x55555606dd40 arch_prctl(ARCH_SET_FS, 0x55555606d3c0) = 0 set_tid_address(0x55555606d690) = 5054 set_robust_list(0x55555606d6a0, 24) = 0 rseq(0x55555606dce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2073706962", 4096) = 28 getrandom("\x2a\xde\xdc\x69\xab\x5c\x95\xe3", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555606dd40 brk(0x55555608ed40) = 0x55555608ed40 brk(0x55555608f000) = 0x55555608f000 mprotect(0x7f06f768b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f06f769140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f06f762fe20, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f06f76214a0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f06f75a9000 mprotect(0x7f06f75aa000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f06f75c9990, parent_tid=0x7f06f75c9990, exit_signal=0, stack=0x7f06f75a9000, stack_size=0x20300, tls=0x7f06f75c96c0}./strace-static-x86_64: Process 5055 attached [pid 5055] rseq(0x7f06f75c9fe0, 0x20, 0, 0x53053053 [pid 5054] <... clone3 resumed> => {parent_tid=[5055]}, 88) = 5055 [pid 5055] <... rseq resumed>) = 0 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], [pid 5055] set_robust_list(0x7f06f75c99a0, 24 [pid 5054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5055] <... set_robust_list resumed>) = 0 [pid 5054] futex(0x7f06f7691408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], [pid 5054] <... futex resumed>) = 0 [pid 5055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5054] futex(0x7f06f769140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] open("./file0", O_RDONLY|O_CREAT|O_LARGEFILE|0x4000000, 000) = 3 [pid 5055] futex(0x7f06f769140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5055] <... futex resumed>) = 1 [pid 5054] futex(0x7f06f7691408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] gettid( [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f06f769140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... gettid resumed>) = 5055 [pid 5055] futex(0x7f06f769140c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] futex(0x7f06f7691408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] futex(0x7f06f7691408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] futex(0x7f06f769140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] fcntl(3, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=5055}) = 0 [pid 5055] futex(0x7f06f769140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5055] <... futex resumed>) = 1 [pid 5054] futex(0x7f06f7691408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] fcntl(3, F_SETLEASE, F_RDLCK [pid 5054] <... futex resumed>) = 0 [pid 5055] <... fcntl resumed>) = 0 [pid 5054] futex(0x7f06f769140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] futex(0x7f06f769140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f06f7691408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] open("./file0", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5054] futex(0x7f06f769140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... open resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5055] futex(0x7f06f769140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5055] <... futex resumed>) = 1 [pid 5054] futex(0x7f06f7691408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] futex(0x7f06f7691408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... futex resumed>) = 0 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] futex(0x7f06f769140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] ioctl(-1, EVIOCSFF, {type=0 /* FF_??? */, id=0, direction=0, ...}) = -1 EBADF (Bad file descriptor) [pid 5055] futex(0x7f06f769140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f06f7691408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000 [pid 5054] futex(0x7f06f769140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... openat resumed>) = 4 [pid 5055] futex(0x7f06f769140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5055] <... futex resumed>) = 1 [pid 5054] futex(0x7f06f7691408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY [pid 5054] <... futex resumed>) = 0 [pid 5055] <... openat resumed>) = 5 [pid 5054] futex(0x7f06f769140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] futex(0x7f06f769140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5055] <... futex resumed>) = 0 [pid 5054] futex(0x7f06f7691408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] futex(0x7f06f7691408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... futex resumed>) = 0 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] futex(0x7f06f769140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 6 [pid 5055] futex(0x7f06f769140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5055] <... futex resumed>) = 1 [pid 5054] futex(0x7f06f7691408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] ioctl(6, FIOASYNC, [1986356271] [pid 5054] futex(0x7f06f769140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... ioctl resumed>) = 0 [pid 5055] futex(0x7f06f769140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f06f7691408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] write(4, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xbf\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 10968 [pid 5054] futex(0x7f06f769140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 55.412708][ T5055] [ 55.415064][ T5055] ===================================================== [ 55.421967][ T5055] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 55.429396][ T5055] 6.7.0-rc6-syzkaller-00010-g2cf4f94d8e86 #0 Not tainted [ 55.436391][ T5055] ----------------------------------------------------- [ 55.443300][ T5055] syz-executor207/5055 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 55.451340][ T5055] ffff88807ad150c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x19a/0x4d0 [ 55.460040][ T5055] [ 55.460040][ T5055] and this task is already holding: [ 55.467385][ T5055] ffff888144fc8028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xee/0xad0 [ 55.477104][ T5055] which would create a new lock dependency: [ 55.482969][ T5055] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 55.491036][ T5055] [ 55.491036][ T5055] but this new dependency connects a HARDIRQ-irq-safe lock: [ 55.500460][ T5055] (&dev->event_lock#2){-...}-{2:2} [ 55.500480][ T5055] [ 55.500480][ T5055] ... which became HARDIRQ-irq-safe at: [ 55.513336][ T5055] lock_acquire+0x1e3/0x530 [ 55.517909][ T5055] _raw_spin_lock_irqsave+0xd5/0x120 [ 55.523276][ T5055] input_event+0x91/0xd0 [ 55.527592][ T5055] psmouse_report_standard_packet+0x54/0x200 [ 55.533642][ T5055] psmouse_process_byte+0x48c/0x670 [ 55.538914][ T5055] psmouse_handle_byte+0x46/0x4b0 [ 55.544012][ T5055] ps2_interrupt+0x174/0x8d0 [ 55.548668][ T5055] serio_interrupt+0x8c/0x130 [ 55.553430][ T5055] i8042_interrupt+0x372/0x770 [ 55.558266][ T5055] __handle_irq_event_percpu+0x286/0xa30 [ 55.563967][ T5055] handle_irq_event+0x89/0x1f0 [ 55.568797][ T5055] handle_edge_irq+0x249/0xbf0 [ 55.573627][ T5055] __common_interrupt+0x134/0x220 [ 55.578718][ T5055] common_interrupt+0xa5/0xd0 [ 55.583465][ T5055] asm_common_interrupt+0x26/0x40 [ 55.588553][ T5055] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 55.594340][ T5055] i8042_aux_write+0x116/0x190 [ 55.599170][ T5055] ps2_do_sendbyte+0x20e/0x720 [ 55.603999][ T5055] ps2_sendbyte+0x60/0x120 [ 55.608485][ T5055] cypress_send_ext_cmd+0x221/0x910 [ 55.613752][ T5055] cypress_detect+0x93/0x220 [ 55.618406][ T5055] psmouse_extensions+0xc2e/0x1560 [ 55.623584][ T5055] psmouse_switch_protocol+0x305/0x7c0 [ 55.629110][ T5055] psmouse_connect+0x8b5/0x1440 [ 55.634029][ T5055] serio_driver_probe+0x78/0x90 [ 55.638942][ T5055] really_probe+0x294/0xc30 [ 55.643507][ T5055] __driver_probe_device+0x1a2/0x3d0 [ 55.648863][ T5055] driver_probe_device+0x50/0x420 [ 55.653954][ T5055] __driver_attach+0x45c/0x710 [ 55.658786][ T5055] bus_for_each_dev+0x236/0x2b0 [ 55.663705][ T5055] serio_handle_event+0x1c7/0x910 [ 55.668796][ T5055] process_scheduled_works+0x90f/0x1420 [ 55.674410][ T5055] worker_thread+0xa5f/0x1000 [ 55.679153][ T5055] kthread+0x2d3/0x370 [ 55.683290][ T5055] ret_from_fork+0x48/0x80 [ 55.687798][ T5055] ret_from_fork_asm+0x11/0x20 [ 55.692644][ T5055] [ 55.692644][ T5055] to a HARDIRQ-irq-unsafe lock: [ 55.699640][ T5055] (tasklist_lock){.+.+}-{2:2} [ 55.699658][ T5055] [ 55.699658][ T5055] ... which became HARDIRQ-irq-unsafe at: [ 55.712253][ T5055] ... [ 55.712259][ T5055] lock_acquire+0x1e3/0x530 [ 55.719387][ T5055] _raw_read_lock+0x36/0x50 [ 55.723970][ T5055] __do_wait+0x12d/0x840 [ 55.728284][ T5055] do_wait+0x1d8/0x540 [ 55.732423][ T5055] kernel_wait+0xe9/0x240 [ 55.736821][ T5055] call_usermodehelper_exec_work+0xb9/0x220 [ 55.742783][ T5055] process_scheduled_works+0x90f/0x1420 [ 55.748392][ T5055] worker_thread+0xa5f/0x1000 [ 55.753135][ T5055] kthread+0x2d3/0x370 [ 55.757271][ T5055] ret_from_fork+0x48/0x80 [pid 5054] exit_group(0) = ? [ 55.761750][ T5055] ret_from_fork_asm+0x11/0x20 [ 55.766582][ T5055] [ 55.766582][ T5055] other info that might help us debug this: [ 55.766582][ T5055] [ 55.776787][ T5055] Chain exists of: [ 55.776787][ T5055] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 55.776787][ T5055] [ 55.790327][ T5055] Possible interrupt unsafe locking scenario: [ 55.790327][ T5055] [ 55.798621][ T5055] CPU0 CPU1 [ 55.803963][ T5055] ---- ---- [ 55.809301][ T5055] lock(tasklist_lock); [ 55.813526][ T5055] local_irq_disable(); [ 55.820259][ T5055] lock(&dev->event_lock#2); [ 55.827433][ T5055] lock(&client->buffer_lock); [ 55.834780][ T5055] [ 55.838210][ T5055] lock(&dev->event_lock#2); [ 55.843039][ T5055] [ 55.843039][ T5055] *** DEADLOCK *** [ 55.843039][ T5055] [ 55.851156][ T5055] 7 locks held by syz-executor207/5055: [ 55.856675][ T5055] #0: ffff88814438b110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x271/0x7c0 [ 55.865784][ T5055] #1: ffff888013f67230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xc5/0x340 [ 55.875852][ T5055] #2: ffffffff8d92dae0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xd5/0x340 [ 55.885478][ T5055] #3: ffffffff8d92dae0 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0xa3/0x12b0 [ 55.895105][ T5055] #4: ffffffff8d92dae0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x6f/0x300 [ 55.904208][ T5055] #5: ffff888144fc8028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xee/0xad0 [ 55.914362][ T5055] #6: ffffffff8d92dae0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x55/0x4d0 [ 55.923383][ T5055] [ 55.923383][ T5055] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 55.933760][ T5055] -> (&dev->event_lock#2){-...}-{2:2} { [ 55.939390][ T5055] IN-HARDIRQ-W at: [ 55.943432][ T5055] lock_acquire+0x1e3/0x530 [ 55.949752][ T5055] _raw_spin_lock_irqsave+0xd5/0x120 [ 55.956837][ T5055] input_event+0x91/0xd0 [ 55.962883][ T5055] psmouse_report_standard_packet+0x54/0x200 [ 55.970664][ T5055] psmouse_process_byte+0x48c/0x670 [ 55.977666][ T5055] psmouse_handle_byte+0x46/0x4b0 [ 55.984498][ T5055] ps2_interrupt+0x174/0x8d0 [ 55.990890][ T5055] serio_interrupt+0x8c/0x130 [ 55.997365][ T5055] i8042_interrupt+0x372/0x770 [ 56.003928][ T5055] __handle_irq_event_percpu+0x286/0xa30 [ 56.011359][ T5055] handle_irq_event+0x89/0x1f0 [ 56.017920][ T5055] handle_edge_irq+0x249/0xbf0 [ 56.024487][ T5055] __common_interrupt+0x134/0x220 [ 56.031313][ T5055] common_interrupt+0xa5/0xd0 [ 56.037791][ T5055] asm_common_interrupt+0x26/0x40 [ 56.044613][ T5055] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 56.052131][ T5055] i8042_aux_write+0x116/0x190 [ 56.058693][ T5055] ps2_do_sendbyte+0x20e/0x720 [ 56.065260][ T5055] ps2_sendbyte+0x60/0x120 [ 56.071478][ T5055] cypress_send_ext_cmd+0x221/0x910 [ 56.078474][ T5055] cypress_detect+0x93/0x220 [ 56.084863][ T5055] psmouse_extensions+0xc2e/0x1560 [ 56.091777][ T5055] psmouse_switch_protocol+0x305/0x7c0 [ 56.099035][ T5055] psmouse_connect+0x8b5/0x1440 [ 56.105691][ T5055] serio_driver_probe+0x78/0x90 [ 56.112340][ T5055] really_probe+0x294/0xc30 [ 56.118640][ T5055] __driver_probe_device+0x1a2/0x3d0 [ 56.125742][ T5055] driver_probe_device+0x50/0x420 [ 56.132563][ T5055] __driver_attach+0x45c/0x710 [ 56.139126][ T5055] bus_for_each_dev+0x236/0x2b0 [ 56.145780][ T5055] serio_handle_event+0x1c7/0x910 [ 56.152609][ T5055] process_scheduled_works+0x90f/0x1420 [ 56.159958][ T5055] worker_thread+0xa5f/0x1000 [ 56.166437][ T5055] kthread+0x2d3/0x370 [ 56.172305][ T5055] ret_from_fork+0x48/0x80 [ 56.178520][ T5055] ret_from_fork_asm+0x11/0x20 [ 56.185087][ T5055] INITIAL USE at: [ 56.189041][ T5055] lock_acquire+0x1e3/0x530 [ 56.195260][ T5055] _raw_spin_lock_irqsave+0xd5/0x120 [ 56.202263][ T5055] input_inject_event+0xc5/0x340 [ 56.208913][ T5055] led_trigger_event+0x118/0x1e0 [ 56.215566][ T5055] kbd_led_trigger_activate+0xbd/0x100 [ 56.222738][ T5055] led_trigger_set+0x53a/0x940 [ 56.229219][ T5055] led_trigger_set_default+0x1c6/0x200 [ 56.236407][ T5055] led_classdev_register_ext+0x6df/0x8e0 [ 56.243749][ T5055] input_leds_connect+0x493/0x640 [ 56.250485][ T5055] input_register_device+0xcf0/0x1090 [ 56.257574][ T5055] atkbd_connect+0x752/0xa00 [ 56.263879][ T5055] serio_driver_probe+0x78/0x90 [ 56.270439][ T5055] really_probe+0x294/0xc30 [ 56.276653][ T5055] __driver_probe_device+0x1a2/0x3d0 [ 56.283655][ T5055] driver_probe_device+0x50/0x420 [ 56.290386][ T5055] __driver_attach+0x45c/0x710 [ 56.296865][ T5055] bus_for_each_dev+0x236/0x2b0 [ 56.303430][ T5055] serio_handle_event+0x1c7/0x910 [ 56.310167][ T5055] process_scheduled_works+0x90f/0x1420 [ 56.317426][ T5055] worker_thread+0xa5f/0x1000 [ 56.323833][ T5055] kthread+0x2d3/0x370 [ 56.329611][ T5055] ret_from_fork+0x48/0x80 [ 56.335740][ T5055] ret_from_fork_asm+0x11/0x20 [ 56.342221][ T5055] } [ 56.344780][ T5055] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 56.353867][ T5055] -> (&client->buffer_lock){....}-{2:2} { [ 56.359572][ T5055] INITIAL USE at: [ 56.363441][ T5055] lock_acquire+0x1e3/0x530 [ 56.369482][ T5055] _raw_spin_lock+0x2e/0x40 [ 56.375526][ T5055] evdev_pass_values+0xee/0xad0 [ 56.381915][ T5055] evdev_events+0x1c2/0x300 [ 56.387959][ T5055] input_pass_values+0x8e0/0x12b0 [ 56.394527][ T5055] input_event_dispose+0x366/0x650 [ 56.401177][ T5055] input_handle_event+0xa6d/0xbe0 [ 56.407742][ T5055] input_inject_event+0x228/0x340 [ 56.414308][ T5055] evdev_write+0x66c/0x7c0 [ 56.420263][ T5055] vfs_write+0x290/0xb20 [ 56.426067][ T5055] ksys_write+0x1a0/0x2c0 [ 56.431941][ T5055] do_syscall_64+0x45/0x110 [ 56.437990][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.445427][ T5055] } [ 56.447901][ T5055] ... key at: [] evdev_open.__key.24+0x0/0x20 [ 56.456032][ T5055] ... acquired at: [ 56.459809][ T5055] lock_acquire+0x1e3/0x530 [ 56.464462][ T5055] _raw_spin_lock+0x2e/0x40 [ 56.469116][ T5055] evdev_pass_values+0xee/0xad0 [ 56.474119][ T5055] evdev_events+0x1c2/0x300 [ 56.478771][ T5055] input_pass_values+0x8e0/0x12b0 [ 56.483950][ T5055] input_event_dispose+0x366/0x650 [ 56.489211][ T5055] input_handle_event+0xa6d/0xbe0 [ 56.494386][ T5055] input_inject_event+0x228/0x340 [ 56.499559][ T5055] evdev_write+0x66c/0x7c0 [ 56.504125][ T5055] vfs_write+0x290/0xb20 [ 56.508520][ T5055] ksys_write+0x1a0/0x2c0 [ 56.513000][ T5055] do_syscall_64+0x45/0x110 [ 56.517654][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.523702][ T5055] [ 56.526019][ T5055] [ 56.526019][ T5055] the dependencies between the lock to be acquired [ 56.526025][ T5055] and HARDIRQ-irq-unsafe lock: [ 56.539497][ T5055] -> (tasklist_lock){.+.+}-{2:2} { [ 56.544771][ T5055] HARDIRQ-ON-R at: [ 56.548899][ T5055] lock_acquire+0x1e3/0x530 [ 56.555379][ T5055] _raw_read_lock+0x36/0x50 [ 56.561858][ T5055] __do_wait+0x12d/0x840 [ 56.568079][ T5055] do_wait+0x1d8/0x540 [ 56.574127][ T5055] kernel_wait+0xe9/0x240 [ 56.580432][ T5055] call_usermodehelper_exec_work+0xb9/0x220 [ 56.588303][ T5055] process_scheduled_works+0x90f/0x1420 [ 56.595825][ T5055] worker_thread+0xa5f/0x1000 [ 56.602475][ T5055] kthread+0x2d3/0x370 [ 56.608512][ T5055] ret_from_fork+0x48/0x80 [ 56.614908][ T5055] ret_from_fork_asm+0x11/0x20 [ 56.621645][ T5055] SOFTIRQ-ON-R at: [ 56.625773][ T5055] lock_acquire+0x1e3/0x530 [ 56.632248][ T5055] _raw_read_lock+0x36/0x50 [ 56.638728][ T5055] __do_wait+0x12d/0x840 [ 56.644952][ T5055] do_wait+0x1d8/0x540 [ 56.650995][ T5055] kernel_wait+0xe9/0x240 [ 56.657302][ T5055] call_usermodehelper_exec_work+0xb9/0x220 [ 56.665183][ T5055] process_scheduled_works+0x90f/0x1420 [ 56.672705][ T5055] worker_thread+0xa5f/0x1000 [ 56.679354][ T5055] kthread+0x2d3/0x370 [ 56.685392][ T5055] ret_from_fork+0x48/0x80 [ 56.691782][ T5055] ret_from_fork_asm+0x11/0x20 [ 56.698523][ T5055] INITIAL USE at: [ 56.702564][ T5055] lock_acquire+0x1e3/0x530 [ 56.708953][ T5055] _raw_write_lock_irq+0xd3/0x120 [ 56.715865][ T5055] copy_process+0x2833/0x3fb0 [ 56.722427][ T5055] kernel_clone+0x222/0x840 [ 56.728815][ T5055] user_mode_thread+0x132/0x190 [ 56.735551][ T5055] rest_init+0x27/0x300 [ 56.741593][ T5055] arch_call_rest_init+0xe/0x10 [ 56.748328][ T5055] start_kernel+0x46e/0x4f0 [ 56.754717][ T5055] x86_64_start_reservations+0x2a/0x30 [ 56.762087][ T5055] x86_64_start_kernel+0x99/0xa0 [ 56.768927][ T5055] secondary_startup_64_no_verify+0x167/0x16b [ 56.776900][ T5055] INITIAL READ USE at: [ 56.781406][ T5055] lock_acquire+0x1e3/0x530 [ 56.788235][ T5055] _raw_read_lock+0x36/0x50 [ 56.795065][ T5055] __do_wait+0x12d/0x840 [ 56.801637][ T5055] do_wait+0x1d8/0x540 [ 56.808031][ T5055] kernel_wait+0xe9/0x240 [ 56.814689][ T5055] call_usermodehelper_exec_work+0xb9/0x220 [ 56.822907][ T5055] process_scheduled_works+0x90f/0x1420 [ 56.830775][ T5055] worker_thread+0xa5f/0x1000 [ 56.837776][ T5055] kthread+0x2d3/0x370 [ 56.844163][ T5055] ret_from_fork+0x48/0x80 [ 56.850909][ T5055] ret_from_fork_asm+0x11/0x20 [ 56.857996][ T5055] } [ 56.860644][ T5055] ... key at: [] tasklist_lock+0x18/0x40 [ 56.868510][ T5055] ... acquired at: [ 56.872480][ T5055] lock_acquire+0x1e3/0x530 [ 56.877134][ T5055] _raw_read_lock+0x36/0x50 [ 56.881801][ T5055] send_sigio+0xfc/0x360 [ 56.886193][ T5055] kill_fasync+0x236/0x4d0 [ 56.890853][ T5055] lease_break_callback+0x26/0x30 [ 56.896031][ T5055] __break_lease+0x4d7/0x13f0 [ 56.900861][ T5055] do_dentry_open+0x86d/0x1590 [ 56.905773][ T5055] path_openat+0x2849/0x3290 [ 56.910511][ T5055] do_filp_open+0x234/0x490 [ 56.915162][ T5055] do_sys_openat2+0x13e/0x1d0 [ 56.919989][ T5055] __x64_sys_open+0x225/0x270 [ 56.924814][ T5055] do_syscall_64+0x45/0x110 [ 56.929469][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.935518][ T5055] [ 56.937817][ T5055] -> (&f->f_owner.lock){....}-{2:2} { [ 56.943261][ T5055] INITIAL USE at: [ 56.947258][ T5055] lock_acquire+0x1e3/0x530 [ 56.953482][ T5055] _raw_write_lock_irq+0xd3/0x120 [ 56.960221][ T5055] f_modown+0x38/0x340 [ 56.966006][ T5055] do_fcntl+0x12bc/0x1690 [ 56.972047][ T5055] __se_sys_fcntl+0xd2/0x1b0 [ 56.978372][ T5055] do_syscall_64+0x45/0x110 [ 56.984655][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.992292][ T5055] INITIAL READ USE at: [ 56.996697][ T5055] lock_acquire+0x1e3/0x530 [ 57.003356][ T5055] _raw_read_lock_irqsave+0xdd/0x120 [ 57.010790][ T5055] send_sigio+0x33/0x360 [ 57.017183][ T5055] kill_fasync+0x236/0x4d0 [ 57.023747][ T5055] lease_break_callback+0x26/0x30 [ 57.030923][ T5055] __break_lease+0x4d7/0x13f0 [ 57.037753][ T5055] do_dentry_open+0x86d/0x1590 [ 57.044671][ T5055] path_openat+0x2849/0x3290 [ 57.051405][ T5055] do_filp_open+0x234/0x490 [ 57.058052][ T5055] do_sys_openat2+0x13e/0x1d0 [ 57.064876][ T5055] __x64_sys_open+0x225/0x270 [ 57.071700][ T5055] do_syscall_64+0x45/0x110 [ 57.078353][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 57.086428][ T5055] } [ 57.088995][ T5055] ... key at: [] init_file.__key+0x0/0x20 [ 57.096874][ T5055] ... acquired at: [ 57.100743][ T5055] lock_acquire+0x1e3/0x530 [ 57.105413][ T5055] _raw_read_lock_irqsave+0xdd/0x120 [ 57.110850][ T5055] send_sigio+0x33/0x360 [ 57.115260][ T5055] kill_fasync+0x236/0x4d0 [ 57.119828][ T5055] lease_break_callback+0x26/0x30 [ 57.125005][ T5055] __break_lease+0x4d7/0x13f0 [ 57.129833][ T5055] do_dentry_open+0x86d/0x1590 [ 57.134755][ T5055] path_openat+0x2849/0x3290 [ 57.139498][ T5055] do_filp_open+0x234/0x490 [ 57.144181][ T5055] do_sys_openat2+0x13e/0x1d0 [ 57.149017][ T5055] __x64_sys_open+0x225/0x270 [ 57.153850][ T5055] do_syscall_64+0x45/0x110 [ 57.158506][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 57.164557][ T5055] [ 57.166858][ T5055] -> (&new->fa_lock){....}-{2:2} { [ 57.171960][ T5055] INITIAL READ USE at: [ 57.176265][ T5055] lock_acquire+0x1e3/0x530 [ 57.182747][ T5055] _raw_read_lock_irqsave+0xdd/0x120 [ 57.190007][ T5055] kill_fasync+0x19a/0x4d0 [ 57.196401][ T5055] lease_break_callback+0x26/0x30 [ 57.203404][ T5055] __break_lease+0x4d7/0x13f0 [ 57.210055][ T5055] do_dentry_open+0x86d/0x1590 [ 57.216807][ T5055] path_openat+0x2849/0x3290 [ 57.223383][ T5055] do_filp_open+0x234/0x490 [ 57.229866][ T5055] do_sys_openat2+0x13e/0x1d0 [ 57.236523][ T5055] __x64_sys_open+0x225/0x270 [ 57.243175][ T5055] do_syscall_64+0x45/0x110 [ 57.249655][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 57.257526][ T5055] } [ 57.260003][ T5055] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 57.268661][ T5055] ... acquired at: [ 57.272467][ T5055] lock_acquire+0x1e3/0x530 [ 57.277128][ T5055] _raw_read_lock_irqsave+0xdd/0x120 [ 57.282567][ T5055] kill_fasync+0x19a/0x4d0 [ 57.287137][ T5055] evdev_pass_values+0x586/0xad0 [ 57.292237][ T5055] evdev_events+0x1c2/0x300 [ 57.296901][ T5055] input_pass_values+0x8e0/0x12b0 [ 57.302082][ T5055] input_event_dispose+0x366/0x650 [ 57.307344][ T5055] input_handle_event+0xa6d/0xbe0 [ 57.312527][ T5055] input_inject_event+0x228/0x340 [ 57.317703][ T5055] evdev_write+0x66c/0x7c0 [ 57.322270][ T5055] vfs_write+0x290/0xb20 [ 57.326663][ T5055] ksys_write+0x1a0/0x2c0 [ 57.331143][ T5055] do_syscall_64+0x45/0x110 [ 57.335801][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 57.341847][ T5055] [ 57.344148][ T5055] [ 57.344148][ T5055] stack backtrace: [ 57.350008][ T5055] CPU: 1 PID: 5055 Comm: syz-executor207 Not tainted 6.7.0-rc6-syzkaller-00010-g2cf4f94d8e86 #0 [ 57.360396][ T5055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 57.370429][ T5055] Call Trace: [ 57.373689][ T5055] [ 57.376601][ T5055] dump_stack_lvl+0x1e7/0x2d0 [ 57.381260][ T5055] ? nf_tcp_handle_invalid+0x650/0x650 [ 57.386697][ T5055] ? panic+0x850/0x850 [ 57.390743][ T5055] ? print_shortest_lock_dependencies+0xf2/0x150 [ 57.397051][ T5055] validate_chain+0x4f7f/0x5ab0 [ 57.401881][ T5055] ? mark_lock+0x9a/0x350 [ 57.406192][ T5055] ? reacquire_held_locks+0x690/0x690 [ 57.411540][ T5055] ? __update_load_avg_se+0x6a0/0xaf0 [ 57.416896][ T5055] ? reacquire_held_locks+0x690/0x690 [ 57.422247][ T5055] ? register_lock_class+0x102/0x970 [ 57.427508][ T5055] ? is_dynamic_key+0x260/0x260 [ 57.432335][ T5055] ? look_up_lock_class+0x77/0x160 [ 57.437426][ T5055] ? mark_lock+0x9a/0x350 [ 57.441733][ T5055] __lock_acquire+0x1345/0x1fd0 [ 57.446570][ T5055] lock_acquire+0x1e3/0x530 [ 57.451052][ T5055] ? kill_fasync+0x19a/0x4d0 [ 57.455623][ T5055] ? read_lock_is_recursive+0x20/0x20 [ 57.460974][ T5055] ? read_lock_is_recursive+0x20/0x20 [ 57.466323][ T5055] _raw_read_lock_irqsave+0xdd/0x120 [ 57.471586][ T5055] ? kill_fasync+0x19a/0x4d0 [ 57.476156][ T5055] ? _raw_read_lock+0x50/0x50 [ 57.480810][ T5055] kill_fasync+0x19a/0x4d0 [ 57.485221][ T5055] ? kill_fasync+0x55/0x4d0 [ 57.489702][ T5055] evdev_pass_values+0x586/0xad0 [ 57.494622][ T5055] ? evdev_pass_values+0x5f1/0xad0 [ 57.499713][ T5055] evdev_events+0x1c2/0x300 [ 57.504195][ T5055] ? evdev_events+0x6f/0x300 [ 57.508760][ T5055] ? evdev_event+0x170/0x170 [ 57.513346][ T5055] ? kd_nosound+0x30/0x30 [ 57.517675][ T5055] input_pass_values+0x8e0/0x12b0 [ 57.522693][ T5055] ? input_pass_values+0xa3/0x12b0 [ 57.527793][ T5055] input_event_dispose+0x366/0x650 [ 57.532891][ T5055] input_handle_event+0xa6d/0xbe0 [ 57.537899][ T5055] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 57.543339][ T5055] ? userio_device_write+0x1f0/0x1f0 [ 57.548606][ T5055] input_inject_event+0x228/0x340 [ 57.553612][ T5055] ? input_inject_event+0xd5/0x340 [ 57.558700][ T5055] evdev_write+0x66c/0x7c0 [ 57.563099][ T5055] ? evdev_read+0xe00/0xe00 [ 57.567581][ T5055] ? fsnotify_perm+0x67/0x5a0 [ 57.572234][ T5055] ? bpf_lsm_file_permission+0x9/0x10 [ 57.577587][ T5055] ? evdev_read+0xe00/0xe00 [ 57.582067][ T5055] vfs_write+0x290/0xb20 [ 57.586296][ T5055] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 57.592254][ T5055] ? file_end_write+0x250/0x250 [ 57.597086][ T5055] ? __fget_files+0x29/0x480 [ 57.601653][ T5055] ? __fget_files+0x3fe/0x480 [ 57.606309][ T5055] ? __fget_files+0x29/0x480 [ 57.610876][ T5055] ? __fdget_pos+0x1df/0x340 [ 57.615441][ T5055] ? ksys_write+0x7b/0x2c0 [ 57.619835][ T5055] ksys_write+0x1a0/0x2c0 [ 57.624146][ T5055] ? print_irqtrace_events+0x220/0x220 [ 57.629585][ T5055] ? __ia32_sys_read+0x90/0x90 [ 57.634328][ T5055] ? syscall_enter_from_user_mode+0xa4/0x2d0 [ 57.640285][ T5055] ? syscall_enter_from_user_mode+0xf5/0x2d0 [ 57.646242][ T5055] do_syscall_64+0x45/0x110 [ 57.650724][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 57.656597][ T5055] RIP: 0033:0x7f06f7609f79 [ 57.660988][ T5055] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 57.680585][ T5055] RSP: 002b:00007f06f75c9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.688987][ T5055] RAX: ffffffffffffffda RBX: 00007f06f7691408 RCX: 00007f06f7609f79 [ 57.696940][ T5055] RDX: 0000000000002ad8 RSI: 0000000020000040 RDI: 0000000000000004 [ 57.704893][ T5055] RBP: 00007f06f7691400 R08: 00007f06f75c96c0 R09: 00007f06f75c96c0 [ 57.712843][ T5055] R10: 00007f06f75c96c0 R11: 0000000000000246 R12: 00007f06f769140c [pid 5055] <... write resumed>) = ? [pid 5055] +++ exited with 0 +++ +++ exited with 0 +++ [ 57.720791][ T5055] R13: