./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3205870908 <...> forked to background, child pid 3186 no interfaces have a carrier [ 26.049033][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.058727][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.36' (ECDSA) to the list of known hosts. execve("./syz-executor3205870908", ["./syz-executor3205870908"], 0x7ffcb732dee0 /* 10 vars */) = 0 brk(NULL) = 0x555557442000 brk(0x555557442c40) = 0x555557442c40 arch_prctl(ARCH_SET_FS, 0x555557442300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3205870908", 4096) = 28 brk(0x555557463c40) = 0x555557463c40 brk(0x555557464000) = 0x555557464000 mprotect(0x7f8c650a8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_UNIX, SOCK_DGRAM, 0) = 3 bind(3, {sa_family=AF_UNIX, sun_path="\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b"}, 110) = 0 ioctl(3, FIOSETOWN, [-1]) = 0 ioctl(3, FIOASYNC, [2]) = 0 connect(3, {sa_family=AF_UNIX, sun_path="\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b"}, 110) = 0 sendmmsg(3, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, ...], 3682232011, MSG_DONTWAIT|MSG_EOR|MSG_FIN|MSG_SYN|MSG_CONFIRM|MSG_RST|MSG_ERRQUEUE) = 278 ioctl(-1, HIDIOCSUSAGES, 0x20001b00) = -1 EBADF (Bad file descriptor) openat(AT_FDCWD, "/dev/input/event0", O_RDWR|O_APPEND|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC) = 4 openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 ioctl(5, FIOASYNC, [1986356271]) = 0 syzkaller login: [ 46.231015][ T3607] [ 46.233355][ T3607] ===================================================== [ 46.240265][ T3607] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 46.247696][ T3607] 6.0.0-syzkaller-00372-ga5088ee7251e #0 Not tainted [ 46.254340][ T3607] ----------------------------------------------------- [ 46.261244][ T3607] syz-executor320/3607 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 46.269286][ T3607] ffff888020be6018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13b/0x430 [ 46.277976][ T3607] [ 46.277976][ T3607] and this task is already holding: [ 46.285313][ T3607] ffff88814acf3028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xe5/0xb90 [ 46.295023][ T3607] which would create a new lock dependency: [ 46.300885][ T3607] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 46.308952][ T3607] [ 46.308952][ T3607] but this new dependency connects a HARDIRQ-irq-safe lock: [ 46.318376][ T3607] (&dev->event_lock#2){-...}-{2:2} [ 46.318395][ T3607] [ 46.318395][ T3607] ... which became HARDIRQ-irq-safe at: [ 46.331242][ T3607] lock_acquire+0x1a7/0x400 [ 46.335813][ T3607] _raw_spin_lock_irqsave+0xd1/0x120 [ 46.341182][ T3607] input_event+0x89/0xc0 [ 46.345492][ T3607] psmouse_report_standard_packet+0x4f/0x200 [ 46.351537][ T3607] psmouse_process_byte+0x447/0x630 [ 46.356797][ T3607] psmouse_handle_byte+0x44/0x4a0 [ 46.361886][ T3607] psmouse_interrupt+0x68a/0x1080 [ 46.366972][ T3607] serio_interrupt+0x88/0x130 [ 46.371713][ T3607] i8042_interrupt+0x32f/0x720 [ 46.376540][ T3607] __handle_irq_event_percpu+0x200/0x620 [ 46.382236][ T3607] handle_irq_event+0x83/0x1e0 [ 46.387065][ T3607] handle_edge_irq+0x245/0xbe0 [ 46.391893][ T3607] __common_interrupt+0xce/0x1e0 [ 46.396919][ T3607] common_interrupt+0x9f/0xc0 [ 46.401662][ T3607] asm_common_interrupt+0x22/0x40 [ 46.406749][ T3607] _raw_spin_unlock_irq+0x25/0x40 [ 46.411837][ T3607] process_one_work+0x796/0xd10 [ 46.416751][ T3607] worker_thread+0xb14/0x1330 [ 46.421490][ T3607] kthread+0x266/0x300 [ 46.425622][ T3607] ret_from_fork+0x1f/0x30 [ 46.430103][ T3607] [ 46.430103][ T3607] to a HARDIRQ-irq-unsafe lock: [ 46.437092][ T3607] (tasklist_lock){.+.+}-{2:2} [ 46.437109][ T3607] [ 46.437109][ T3607] ... which became HARDIRQ-irq-unsafe at: [ 46.449700][ T3607] ... [ 46.449704][ T3607] lock_acquire+0x1a7/0x400 [ 46.456837][ T3607] _raw_read_lock+0x32/0x40 [ 46.461410][ T3607] do_wait+0x224/0x9d0 [ 46.465541][ T3607] kernel_wait+0xe4/0x230 [ 46.469931][ T3607] call_usermodehelper_exec_work+0xb4/0x220 [ 46.475888][ T3607] process_one_work+0x81c/0xd10 [ 46.480802][ T3607] worker_thread+0xb14/0x1330 [ 46.485543][ T3607] kthread+0x266/0x300 [ 46.489675][ T3607] ret_from_fork+0x1f/0x30 [ 46.494162][ T3607] [ 46.494162][ T3607] other info that might help us debug this: [ 46.494162][ T3607] [ 46.504369][ T3607] Chain exists of: [ 46.504369][ T3607] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 46.504369][ T3607] [ 46.517904][ T3607] Possible interrupt unsafe locking scenario: [ 46.517904][ T3607] [ 46.526202][ T3607] CPU0 CPU1 [ 46.531546][ T3607] ---- ---- [ 46.536886][ T3607] lock(tasklist_lock); [ 46.541108][ T3607] local_irq_disable(); [ 46.547837][ T3607] lock(&dev->event_lock#2); [ 46.555014][ T3607] lock(&client->buffer_lock); [ 46.562359][ T3607] [ 46.565791][ T3607] lock(&dev->event_lock#2); [ 46.570626][ T3607] [ 46.570626][ T3607] *** DEADLOCK *** [ 46.570626][ T3607] [ 46.578745][ T3607] 7 locks held by syz-executor320/3607: [ 46.584262][ T3607] #0: ffff888022fca110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x26c/0x7d0 [ 46.593371][ T3607] #1: ffff8881462c3230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xb4/0x270 [ 46.603437][ T3607] #2: ffffffff8cd20b20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 46.612725][ T3607] #3: ffffffff8cd20b20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 46.622001][ T3607] #4: ffffffff8cd20b20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 46.631276][ T3607] #5: ffff88814acf3028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xe5/0xb90 [ 46.641420][ T3607] #6: ffffffff8cd20b20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 46.650700][ T3607] [ 46.650700][ T3607] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 46.661080][ T3607] -> (&dev->event_lock#2){-...}-{2:2} { [ 46.666703][ T3607] IN-HARDIRQ-W at: [ 46.670746][ T3607] lock_acquire+0x1a7/0x400 [ 46.677051][ T3607] _raw_spin_lock_irqsave+0xd1/0x120 [ 46.684142][ T3607] input_event+0x89/0xc0 [ 46.690184][ T3607] psmouse_report_standard_packet+0x4f/0x200 [ 46.697965][ T3607] psmouse_process_byte+0x447/0x630 [ 46.704963][ T3607] psmouse_handle_byte+0x44/0x4a0 [ 46.711788][ T3607] psmouse_interrupt+0x68a/0x1080 [ 46.718612][ T3607] serio_interrupt+0x88/0x130 [ 46.725090][ T3607] i8042_interrupt+0x32f/0x720 [ 46.731655][ T3607] __handle_irq_event_percpu+0x200/0x620 [ 46.739089][ T3607] handle_irq_event+0x83/0x1e0 [ 46.745650][ T3607] handle_edge_irq+0x245/0xbe0 [ 46.752214][ T3607] __common_interrupt+0xce/0x1e0 [ 46.758951][ T3607] common_interrupt+0x9f/0xc0 [ 46.765429][ T3607] asm_common_interrupt+0x22/0x40 [ 46.772266][ T3607] _raw_spin_unlock_irq+0x25/0x40 [ 46.779099][ T3607] process_one_work+0x796/0xd10 [ 46.785755][ T3607] worker_thread+0xb14/0x1330 [ 46.792236][ T3607] kthread+0x266/0x300 [ 46.798107][ T3607] ret_from_fork+0x1f/0x30 [ 46.804340][ T3607] INITIAL USE at: [ 46.808302][ T3607] lock_acquire+0x1a7/0x400 [ 46.814526][ T3607] _raw_spin_lock_irqsave+0xd1/0x120 [ 46.821529][ T3607] input_inject_event+0xb4/0x270 [ 46.828184][ T3607] led_trigger_event+0xdb/0x190 [ 46.834751][ T3607] kbd_led_trigger_activate+0xb8/0x100 [ 46.841938][ T3607] led_trigger_set+0x53b/0x910 [ 46.848428][ T3607] led_trigger_set_default+0x1d1/0x210 [ 46.855615][ T3607] led_classdev_register_ext+0x600/0x7f0 [ 46.862971][ T3607] input_leds_connect+0x55d/0x780 [ 46.869710][ T3607] input_register_device+0xd90/0x1150 [ 46.876795][ T3607] atkbd_connect+0x796/0xa60 [ 46.883119][ T3607] serio_driver_probe+0x76/0x90 [ 46.889685][ T3607] call_driver_probe+0x96/0x250 [ 46.896249][ T3607] really_probe+0x24c/0x9f0 [ 46.902464][ T3607] __driver_probe_device+0x1f4/0x3f0 [ 46.909465][ T3607] driver_probe_device+0x50/0x240 [ 46.916200][ T3607] __driver_attach+0x364/0x5b0 [ 46.922676][ T3607] bus_for_each_dev+0x188/0x1f0 [ 46.929239][ T3607] serio_handle_event+0x8bc/0x1060 [ 46.936061][ T3607] process_one_work+0x81c/0xd10 [ 46.942632][ T3607] worker_thread+0xb14/0x1330 [ 46.949028][ T3607] kthread+0x266/0x300 [ 46.954811][ T3607] ret_from_fork+0x1f/0x30 [ 46.960942][ T3607] } [ 46.963506][ T3607] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 46.972596][ T3607] -> (&client->buffer_lock){....}-{2:2} { [ 46.978307][ T3607] INITIAL USE at: [ 46.982177][ T3607] lock_acquire+0x1a7/0x400 [ 46.988222][ T3607] _raw_spin_lock+0x2a/0x40 [ 46.994269][ T3607] evdev_pass_values+0xe5/0xb90 [ 47.000660][ T3607] evdev_events+0x195/0x280 [ 47.006701][ T3607] input_pass_values+0x8fc/0x12b0 [ 47.013267][ T3607] input_event_dispose+0x33f/0x620 [ 47.019916][ T3607] input_handle_event+0x3f2/0xa80 [ 47.026479][ T3607] input_inject_event+0x189/0x270 [ 47.033044][ T3607] evdev_write+0x685/0x7d0 [ 47.038997][ T3607] vfs_write+0x2e5/0xbb0 [ 47.044780][ T3607] ksys_write+0x19b/0x2c0 [ 47.050650][ T3607] do_syscall_64+0x2b/0x70 [ 47.056605][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.064129][ T3607] } [ 47.066605][ T3607] ... key at: [] evdev_open.__key.23+0x0/0x20 [ 47.074750][ T3607] ... acquired at: [ 47.078528][ T3607] lock_acquire+0x1a7/0x400 [ 47.083184][ T3607] _raw_spin_lock+0x2a/0x40 [ 47.087839][ T3607] evdev_pass_values+0xe5/0xb90 [ 47.092841][ T3607] evdev_events+0x195/0x280 [ 47.097492][ T3607] input_pass_values+0x8fc/0x12b0 [ 47.102666][ T3607] input_event_dispose+0x33f/0x620 [ 47.107933][ T3607] input_handle_event+0x3f2/0xa80 [ 47.113108][ T3607] input_inject_event+0x189/0x270 [ 47.118283][ T3607] evdev_write+0x685/0x7d0 [ 47.122848][ T3607] vfs_write+0x2e5/0xbb0 [ 47.127240][ T3607] ksys_write+0x19b/0x2c0 [ 47.131718][ T3607] do_syscall_64+0x2b/0x70 [ 47.136286][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.142331][ T3607] [ 47.144634][ T3607] [ 47.144634][ T3607] the dependencies between the lock to be acquired [ 47.144639][ T3607] and HARDIRQ-irq-unsafe lock: [ 47.158113][ T3607] -> (tasklist_lock){.+.+}-{2:2} { [ 47.163389][ T3607] HARDIRQ-ON-R at: [ 47.167520][ T3607] lock_acquire+0x1a7/0x400 [ 47.173998][ T3607] _raw_read_lock+0x32/0x40 [ 47.180476][ T3607] do_wait+0x224/0x9d0 [ 47.186522][ T3607] kernel_wait+0xe4/0x230 [ 47.192826][ T3607] call_usermodehelper_exec_work+0xb4/0x220 [ 47.200695][ T3607] process_one_work+0x81c/0xd10 [ 47.207518][ T3607] worker_thread+0xb14/0x1330 [ 47.214168][ T3607] kthread+0x266/0x300 [ 47.220209][ T3607] ret_from_fork+0x1f/0x30 [ 47.226601][ T3607] SOFTIRQ-ON-R at: [ 47.230734][ T3607] lock_acquire+0x1a7/0x400 [ 47.237213][ T3607] _raw_read_lock+0x32/0x40 [ 47.243695][ T3607] do_wait+0x224/0x9d0 [ 47.249736][ T3607] kernel_wait+0xe4/0x230 [ 47.256038][ T3607] call_usermodehelper_exec_work+0xb4/0x220 [ 47.263906][ T3607] process_one_work+0x81c/0xd10 [ 47.270730][ T3607] worker_thread+0xb14/0x1330 [ 47.277381][ T3607] kthread+0x266/0x300 [ 47.283425][ T3607] ret_from_fork+0x1f/0x30 [ 47.289815][ T3607] INITIAL USE at: [ 47.293861][ T3607] lock_acquire+0x1a7/0x400 [ 47.300253][ T3607] _raw_write_lock_irq+0xcf/0x110 [ 47.307166][ T3607] copy_process+0x2445/0x3f60 [ 47.313729][ T3607] kernel_clone+0x22f/0x7a0 [ 47.320122][ T3607] user_mode_thread+0x12d/0x190 [ 47.326858][ T3607] rest_init+0x21/0x270 [ 47.332899][ T3607] start_kernel+0x0/0x55b [ 47.339118][ T3607] start_kernel+0x4ac/0x55b [ 47.345507][ T3607] secondary_startup_64_no_verify+0xcf/0xdb [ 47.353288][ T3607] INITIAL READ USE at: [ 47.357764][ T3607] lock_acquire+0x1a7/0x400 [ 47.364587][ T3607] _raw_read_lock+0x32/0x40 [ 47.371425][ T3607] do_wait+0x224/0x9d0 [ 47.377814][ T3607] kernel_wait+0xe4/0x230 [ 47.384461][ T3607] call_usermodehelper_exec_work+0xb4/0x220 [ 47.392677][ T3607] process_one_work+0x81c/0xd10 [ 47.399850][ T3607] worker_thread+0xb14/0x1330 [ 47.406848][ T3607] kthread+0x266/0x300 [ 47.413236][ T3607] ret_from_fork+0x1f/0x30 [ 47.419973][ T3607] } [ 47.422626][ T3607] ... key at: [] tasklist_lock+0x18/0x40 [ 47.430495][ T3607] ... acquired at: [ 47.434449][ T3607] lock_acquire+0x1a7/0x400 [ 47.439108][ T3607] _raw_read_lock+0x32/0x40 [ 47.443760][ T3607] send_sigio+0xbe/0x300 [ 47.448153][ T3607] kill_fasync+0x1e4/0x430 [ 47.452716][ T3607] sock_wake_async+0x130/0x150 [ 47.457628][ T3607] sk_wake_async+0x12e/0x200 [ 47.462368][ T3607] sock_def_readable+0x152/0x200 [ 47.467456][ T3607] unix_dgram_sendmsg+0x1551/0x2050 [ 47.472810][ T3607] ____sys_sendmsg+0x597/0x8e0 [ 47.477722][ T3607] __sys_sendmmsg+0x3d7/0x770 [ 47.482549][ T3607] __x64_sys_sendmmsg+0x9c/0xb0 [ 47.487550][ T3607] do_syscall_64+0x2b/0x70 [ 47.492117][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.498162][ T3607] [ 47.500466][ T3607] -> (&f->f_owner.lock){....}-{2:2} { [ 47.505911][ T3607] INITIAL USE at: [ 47.509866][ T3607] lock_acquire+0x1a7/0x400 [ 47.516084][ T3607] _raw_write_lock_irq+0xcf/0x110 [ 47.522821][ T3607] f_modown+0x38/0x340 [ 47.528604][ T3607] f_setown+0x113/0x1a0 [ 47.534471][ T3607] sock_ioctl+0x591/0x770 [ 47.540516][ T3607] __se_sys_ioctl+0xfb/0x170 [ 47.546819][ T3607] do_syscall_64+0x2b/0x70 [ 47.552951][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.560558][ T3607] INITIAL READ USE at: [ 47.564952][ T3607] lock_acquire+0x1a7/0x400 [ 47.571603][ T3607] _raw_read_lock_irqsave+0xd9/0x120 [ 47.579034][ T3607] send_sigio+0x2f/0x300 [ 47.585423][ T3607] kill_fasync+0x1e4/0x430 [ 47.591984][ T3607] sock_wake_async+0x130/0x150 [ 47.598895][ T3607] sk_wake_async+0x12e/0x200 [ 47.605631][ T3607] sock_def_readable+0x152/0x200 [ 47.612713][ T3607] unix_dgram_sendmsg+0x1551/0x2050 [ 47.620061][ T3607] ____sys_sendmsg+0x597/0x8e0 [ 47.626969][ T3607] __sys_sendmmsg+0x3d7/0x770 [ 47.633792][ T3607] __x64_sys_sendmmsg+0x9c/0xb0 [ 47.640789][ T3607] do_syscall_64+0x2b/0x70 [ 47.647351][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.655392][ T3607] } [ 47.657958][ T3607] ... key at: [] __alloc_file.__key+0x0/0x10 [ 47.666089][ T3607] ... acquired at: [ 47.669964][ T3607] lock_acquire+0x1a7/0x400 [ 47.674629][ T3607] _raw_read_lock_irqsave+0xd9/0x120 [ 47.680073][ T3607] send_sigio+0x2f/0x300 [ 47.684476][ T3607] kill_fasync+0x1e4/0x430 [ 47.689051][ T3607] sock_wake_async+0x130/0x150 [ 47.693969][ T3607] sk_wake_async+0x12e/0x200 [ 47.698714][ T3607] sock_def_readable+0x152/0x200 [ 47.703803][ T3607] unix_dgram_sendmsg+0x1551/0x2050 [ 47.709155][ T3607] ____sys_sendmsg+0x597/0x8e0 [ 47.714069][ T3607] __sys_sendmmsg+0x3d7/0x770 [ 47.718894][ T3607] __x64_sys_sendmmsg+0x9c/0xb0 [ 47.723894][ T3607] do_syscall_64+0x2b/0x70 [ 47.728464][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.734511][ T3607] [ 47.736814][ T3607] -> (&new->fa_lock){....}-{2:2} { [ 47.741915][ T3607] INITIAL READ USE at: [ 47.746220][ T3607] lock_acquire+0x1a7/0x400 [ 47.752699][ T3607] _raw_read_lock_irqsave+0xd9/0x120 [ 47.759960][ T3607] kill_fasync+0x13b/0x430 [ 47.766351][ T3607] sock_wake_async+0x130/0x150 [ 47.773089][ T3607] sk_wake_async+0x12e/0x200 [ 47.779652][ T3607] sock_def_readable+0x152/0x200 [ 47.786574][ T3607] unix_dgram_sendmsg+0x1551/0x2050 [ 47.793744][ T3607] ____sys_sendmsg+0x597/0x8e0 [ 47.800484][ T3607] __sys_sendmmsg+0x3d7/0x770 [ 47.807132][ T3607] __x64_sys_sendmmsg+0x9c/0xb0 [ 47.813953][ T3607] do_syscall_64+0x2b/0x70 [ 47.820342][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.828210][ T3607] } [ 47.830686][ T3607] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 47.839337][ T3607] ... acquired at: [ 47.843116][ T3607] lock_acquire+0x1a7/0x400 [ 47.847768][ T3607] _raw_read_lock_irqsave+0xd9/0x120 [ 47.853204][ T3607] kill_fasync+0x13b/0x430 [ 47.857772][ T3607] evdev_pass_values+0x5b1/0xb90 [ 47.862862][ T3607] evdev_events+0x195/0x280 [ 47.867515][ T3607] input_pass_values+0x8fc/0x12b0 [ 47.872691][ T3607] input_event_dispose+0x33f/0x620 [ 47.877954][ T3607] input_handle_event+0x3f2/0xa80 [ 47.883129][ T3607] input_inject_event+0x189/0x270 [ 47.888302][ T3607] evdev_write+0x685/0x7d0 [ 47.892867][ T3607] vfs_write+0x2e5/0xbb0 [ 47.897259][ T3607] ksys_write+0x19b/0x2c0 [ 47.901738][ T3607] do_syscall_64+0x2b/0x70 [ 47.906305][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.912352][ T3607] [ 47.914651][ T3607] [ 47.914651][ T3607] stack backtrace: [ 47.920515][ T3607] CPU: 0 PID: 3607 Comm: syz-executor320 Not tainted 6.0.0-syzkaller-00372-ga5088ee7251e #0 [ 47.930551][ T3607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 47.940583][ T3607] Call Trace: [ 47.943845][ T3607] [ 47.946758][ T3607] dump_stack_lvl+0x1e3/0x2cb [ 47.951416][ T3607] ? io_alloc_page_table+0x110/0x110 [ 47.956677][ T3607] ? panic+0x76b/0x76b [ 47.960727][ T3607] ? print_shortest_lock_dependencies+0x102/0x160 [ 47.967125][ T3607] validate_chain+0x575e/0x6600 [ 47.971962][ T3607] ? reacquire_held_locks+0x680/0x680 [ 47.977311][ T3607] ? rcu_read_lock_sched_held+0x89/0x130 [ 47.982919][ T3607] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 47.988882][ T3607] ? reacquire_held_locks+0x680/0x680 [ 47.994235][ T3607] ? reacquire_held_locks+0x680/0x680 [ 47.999588][ T3607] ? register_lock_class+0xfe/0x9b0 [ 48.004764][ T3607] ? is_dynamic_key+0x1f0/0x1f0 [ 48.009594][ T3607] ? mark_lock+0x9a/0x350 [ 48.013899][ T3607] __lock_acquire+0x1292/0x1f60 [ 48.018732][ T3607] lock_acquire+0x1a7/0x400 [ 48.023215][ T3607] ? kill_fasync+0x13b/0x430 [ 48.027786][ T3607] ? read_lock_is_recursive+0x10/0x10 [ 48.033139][ T3607] ? read_lock_is_recursive+0x10/0x10 [ 48.038488][ T3607] _raw_read_lock_irqsave+0xd9/0x120 [ 48.043752][ T3607] ? kill_fasync+0x13b/0x430 [ 48.048319][ T3607] ? _raw_read_lock+0x40/0x40 [ 48.052977][ T3607] kill_fasync+0x13b/0x430 [ 48.057372][ T3607] evdev_pass_values+0x5b1/0xb90 [ 48.062290][ T3607] ? evdev_pass_values+0x661/0xb90 [ 48.067381][ T3607] evdev_events+0x195/0x280 [ 48.071860][ T3607] ? evdev_event+0x170/0x170 [ 48.076434][ T3607] input_pass_values+0x8fc/0x12b0 [ 48.081442][ T3607] input_event_dispose+0x33f/0x620 [ 48.086537][ T3607] input_handle_event+0x3f2/0xa80 [ 48.091553][ T3607] ? userio_device_write+0x1f0/0x1f0 [ 48.096817][ T3607] input_inject_event+0x189/0x270 [ 48.101820][ T3607] evdev_write+0x685/0x7d0 [ 48.106218][ T3607] ? evdev_read+0xe10/0xe10 [ 48.110701][ T3607] ? bpf_lsm_file_permission+0x5/0x10 [ 48.116049][ T3607] ? security_file_permission+0xe0/0x5c0 [ 48.121659][ T3607] ? vfs_write+0x213/0xbb0 [ 48.126051][ T3607] ? evdev_read+0xe10/0xe10 [ 48.130532][ T3607] vfs_write+0x2e5/0xbb0 [ 48.134754][ T3607] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 48.140713][ T3607] ? file_end_write+0x230/0x230 [ 48.145542][ T3607] ? do_raw_spin_unlock+0x134/0x8a0 [ 48.150719][ T3607] ? _raw_spin_unlock_irq+0x1f/0x40 [ 48.155896][ T3607] ? lockdep_hardirqs_on+0x95/0x140 [ 48.161076][ T3607] ? _raw_spin_unlock_irq+0x2a/0x40 [ 48.166256][ T3607] ? __fdget_pos+0x1d2/0x2e0 [ 48.170830][ T3607] ksys_write+0x19b/0x2c0 [ 48.175139][ T3607] ? print_irqtrace_events+0x220/0x220 [ 48.180587][ T3607] ? __ia32_sys_read+0x80/0x80 [ 48.185331][ T3607] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 48.191298][ T3607] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 48.197257][ T3607] do_syscall_64+0x2b/0x70 [ 48.201652][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.207525][ T3607] RIP: 0033:0x7f8c6503b729 [ 48.211918][ T3607] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 48.231507][ T3607] RSP: 002b:00007ffe0f107378 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 write(4, "\x26\x00\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 14472) = 14472 exit_group(0) = ? +++ exited with 0 +++ [