./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4214630053 <...> Warning: Permanently added '10.128.1.50' (ED25519) to the list of known hosts. execve("./syz-executor4214630053", ["./syz-executor4214630053"], 0x7ffd1e976f30 /* 10 vars */) = 0 brk(NULL) = 0x55555a05a000 brk(0x55555a05ad00) = 0x55555a05ad00 arch_prctl(ARCH_SET_FS, 0x55555a05a380) = 0 set_tid_address(0x55555a05a650) = 5067 set_robust_list(0x55555a05a660, 24) = 0 rseq(0x55555a05aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4214630053", 4096) = 28 getrandom("\x06\x4f\x33\xca\x38\x2e\x0b\xab", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555a05ad00 brk(0x55555a07bd00) = 0x55555a07bd00 brk(0x55555a07c000) = 0x55555a07c000 mprotect(0x7f23eabae000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 3 ioctl(3, FIOASYNC, [1]) = 0 ioctl(-1, HIDIOCSUSAGES, 0x20001100) = -1 EBADF (Bad file descriptor) openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|O_NOATIME|FASYNC|0x800000) = 4 write(4, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8784) = 8784 socket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 5 bind(5, {sa_family=AF_INET6, sin6_port=htons(2), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 sendto(5, NULL, 30, MSG_OOB|MSG_PROBE|MSG_DONTWAIT|MSG_CONFIRM|MSG_NOSIGNAL|MSG_MORE|MSG_FASTOPEN|0x2000000, {sa_family=AF_INET6, sin6_port=htons(2), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = -1 EINPROGRESS (Operation now in progress) fcntl(5, F_SETOWN, -1) = 0 [ 63.940434][ T5067] [ 63.942787][ T5067] ===================================================== [ 63.949973][ T5067] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 63.957423][ T5067] 6.8.0-syzkaller-08073-g480e035fc4c7 #0 Not tainted [ 63.964196][ T5067] ----------------------------------------------------- [ 63.971201][ T5067] syz-executor421/5067 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 63.979249][ T5067] ffffffff8de0a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigurg+0xee/0x3c0 [ 63.987955][ T5067] [ 63.987955][ T5067] and this task is already holding: [ 63.995364][ T5067] ffff88802bb71298 (&f->f_owner.lock){....}-{2:2}, at: send_sigurg+0x29/0x3c0 [ 64.004398][ T5067] which would create a new lock dependency: [ 64.010394][ T5067] (&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2} [ 64.018211][ T5067] [ 64.018211][ T5067] but this new dependency connects a HARDIRQ-irq-safe lock: [ 64.028086][ T5067] (&dev->event_lock#2){-...}-{2:2} [ 64.028111][ T5067] [ 64.028111][ T5067] ... which became HARDIRQ-irq-safe at: [ 64.041267][ T5067] lock_acquire+0x1e4/0x530 [ 64.045852][ T5067] _raw_spin_lock_irqsave+0xd5/0x120 [ 64.051249][ T5067] input_event+0x91/0xd0 [ 64.055607][ T5067] psmouse_report_standard_packet+0x54/0x200 [ 64.062454][ T5067] psmouse_process_byte+0x48c/0x680 [ 64.067902][ T5067] psmouse_handle_byte+0x49/0x4c0 [ 64.073010][ T5067] ps2_interrupt+0x17c/0x8e0 [ 64.077777][ T5067] serio_interrupt+0x90/0x140 [ 64.082609][ T5067] i8042_interrupt+0x375/0x770 [ 64.087724][ T5067] __handle_irq_event_percpu+0x28a/0xa30 [ 64.093549][ T5067] handle_irq_event+0x89/0x1f0 [ 64.098838][ T5067] handle_edge_irq+0x25f/0xc20 [ 64.103683][ T5067] __common_interrupt+0x138/0x230 [ 64.108954][ T5067] common_interrupt+0xa5/0xd0 [ 64.114356][ T5067] asm_common_interrupt+0x26/0x40 [ 64.119647][ T5067] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 64.125473][ T5067] i8042_aux_write+0x116/0x1a0 [ 64.130322][ T5067] ps2_do_sendbyte+0x20f/0x730 [ 64.135160][ T5067] ps2_sendbyte+0x60/0x120 [ 64.139852][ T5067] cypress_send_ext_cmd+0x221/0x910 [ 64.145269][ T5067] cypress_detect+0x93/0x230 [ 64.149945][ T5067] psmouse_extensions+0xc2e/0x1560 [ 64.155131][ T5067] psmouse_switch_protocol+0x308/0x7d0 [ 64.160662][ T5067] psmouse_connect+0x8e4/0x14b0 [ 64.165669][ T5067] serio_driver_probe+0x7f/0xa0 [ 64.170588][ T5067] really_probe+0x29e/0xc50 [ 64.176621][ T5067] __driver_probe_device+0x1a2/0x3e0 [ 64.182018][ T5067] driver_probe_device+0x50/0x430 [ 64.187130][ T5067] __driver_attach+0x45f/0x710 [ 64.191990][ T5067] bus_for_each_dev+0x239/0x2b0 [ 64.196923][ T5067] serio_handle_event+0x1c7/0x920 [ 64.202055][ T5067] process_scheduled_works+0xa00/0x1770 [ 64.207953][ T5067] worker_thread+0x86d/0xd70 [ 64.212639][ T5067] kthread+0x2f0/0x390 [ 64.216785][ T5067] ret_from_fork+0x4b/0x80 [ 64.221450][ T5067] ret_from_fork_asm+0x1a/0x30 [ 64.226309][ T5067] [ 64.226309][ T5067] to a HARDIRQ-irq-unsafe lock: [ 64.233411][ T5067] (tasklist_lock){.+.+}-{2:2} [ 64.233432][ T5067] [ 64.233432][ T5067] ... which became HARDIRQ-irq-unsafe at: [ 64.246253][ T5067] ... [ 64.246262][ T5067] lock_acquire+0x1e4/0x530 [ 64.254514][ T5067] _raw_read_lock+0x36/0x50 [ 64.259716][ T5067] __do_wait+0x12d/0x850 [ 64.264939][ T5067] do_wait+0x1d9/0x540 [ 64.269467][ T5067] kernel_wait+0xe9/0x240 [ 64.274159][ T5067] call_usermodehelper_exec_work+0xbd/0x230 [ 64.280266][ T5067] process_scheduled_works+0xa00/0x1770 [ 64.286361][ T5067] worker_thread+0x86d/0xd70 [ 64.291715][ T5067] kthread+0x2f0/0x390 [ 64.296106][ T5067] ret_from_fork+0x4b/0x80 [ 64.300710][ T5067] ret_from_fork_asm+0x1a/0x30 [ 64.306018][ T5067] [ 64.306018][ T5067] other info that might help us debug this: [ 64.306018][ T5067] [ 64.317031][ T5067] Chain exists of: [ 64.317031][ T5067] &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock [ 64.317031][ T5067] [ 64.330613][ T5067] Possible interrupt unsafe locking scenario: [ 64.330613][ T5067] [ 64.339017][ T5067] CPU0 CPU1 [ 64.344434][ T5067] ---- ---- [ 64.349807][ T5067] lock(tasklist_lock); [ 64.355361][ T5067] local_irq_disable(); [ 64.362225][ T5067] lock(&dev->event_lock#2); [ 64.369546][ T5067] lock(&f->f_owner.lock); [ 64.376563][ T5067] [ 64.380115][ T5067] lock(&dev->event_lock#2); [ 64.385048][ T5067] [ 64.385048][ T5067] *** DEADLOCK *** [ 64.385048][ T5067] [ 64.393176][ T5067] 2 locks held by syz-executor421/5067: [ 64.398903][ T5067] #0: ffff88802a879c58 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_sendmsg+0x22/0x50 [ 64.408133][ T5067] #1: ffff88802bb71298 (&f->f_owner.lock){....}-{2:2}, at: send_sigurg+0x29/0x3c0 [ 64.417694][ T5067] [ 64.417694][ T5067] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 64.428443][ T5067] -> (&dev->event_lock#2){-...}-{2:2} { [ 64.434346][ T5067] IN-HARDIRQ-W at: [ 64.438611][ T5067] lock_acquire+0x1e4/0x530 [ 64.445307][ T5067] _raw_spin_lock_irqsave+0xd5/0x120 [ 64.452791][ T5067] input_event+0x91/0xd0 [ 64.459214][ T5067] psmouse_report_standard_packet+0x54/0x200 [ 64.467771][ T5067] psmouse_process_byte+0x48c/0x680 [ 64.475169][ T5067] psmouse_handle_byte+0x49/0x4c0 [ 64.482374][ T5067] ps2_interrupt+0x17c/0x8e0 [ 64.489333][ T5067] serio_interrupt+0x90/0x140 [ 64.496537][ T5067] i8042_interrupt+0x375/0x770 [ 64.503474][ T5067] __handle_irq_event_percpu+0x28a/0xa30 [ 64.512078][ T5067] handle_irq_event+0x89/0x1f0 [ 64.519040][ T5067] handle_edge_irq+0x25f/0xc20 [ 64.526036][ T5067] __common_interrupt+0x138/0x230 [ 64.533784][ T5067] common_interrupt+0xa5/0xd0 [ 64.540809][ T5067] asm_common_interrupt+0x26/0x40 [ 64.548023][ T5067] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 64.558814][ T5067] i8042_aux_write+0x116/0x1a0 [ 64.565842][ T5067] ps2_do_sendbyte+0x20f/0x730 [ 64.572776][ T5067] ps2_sendbyte+0x60/0x120 [ 64.579648][ T5067] cypress_send_ext_cmd+0x221/0x910 [ 64.587033][ T5067] cypress_detect+0x93/0x230 [ 64.593810][ T5067] psmouse_extensions+0xc2e/0x1560 [ 64.601192][ T5067] psmouse_switch_protocol+0x308/0x7d0 [ 64.609096][ T5067] psmouse_connect+0x8e4/0x14b0 [ 64.616198][ T5067] serio_driver_probe+0x7f/0xa0 [ 64.623297][ T5067] really_probe+0x29e/0xc50 [ 64.630163][ T5067] __driver_probe_device+0x1a2/0x3e0 [ 64.637736][ T5067] driver_probe_device+0x50/0x430 [ 64.645196][ T5067] __driver_attach+0x45f/0x710 [ 64.652335][ T5067] bus_for_each_dev+0x239/0x2b0 [ 64.659440][ T5067] serio_handle_event+0x1c7/0x920 [ 64.666783][ T5067] process_scheduled_works+0xa00/0x1770 [ 64.674844][ T5067] worker_thread+0x86d/0xd70 [ 64.681857][ T5067] kthread+0x2f0/0x390 [ 64.688176][ T5067] ret_from_fork+0x4b/0x80 [ 64.694759][ T5067] ret_from_fork_asm+0x1a/0x30 [ 64.701779][ T5067] INITIAL USE at: [ 64.706015][ T5067] lock_acquire+0x1e4/0x530 [ 64.712598][ T5067] _raw_spin_lock_irqsave+0xd5/0x120 [ 64.720055][ T5067] input_inject_event+0xc5/0x340 [ 64.727173][ T5067] led_trigger_event+0x11c/0x1e0 [ 64.734362][ T5067] kbd_led_trigger_activate+0xbd/0x100 [ 64.742156][ T5067] led_trigger_set+0x541/0x950 [ 64.749258][ T5067] led_trigger_set_default+0x1ca/0x200 [ 64.756803][ T5067] led_classdev_register_ext+0x6df/0x8f0 [ 64.764610][ T5067] input_leds_connect+0x497/0x640 [ 64.771727][ T5067] input_register_device+0xcfa/0x1090 [ 64.779170][ T5067] atkbd_connect+0x752/0xa00 [ 64.785861][ T5067] serio_driver_probe+0x7f/0xa0 [ 64.792877][ T5067] really_probe+0x29e/0xc50 [ 64.799638][ T5067] __driver_probe_device+0x1a2/0x3e0 [ 64.807103][ T5067] driver_probe_device+0x50/0x430 [ 64.814478][ T5067] __driver_attach+0x45f/0x710 [ 64.821775][ T5067] bus_for_each_dev+0x239/0x2b0 [ 64.828993][ T5067] serio_handle_event+0x1c7/0x920 [ 64.836194][ T5067] process_scheduled_works+0xa00/0x1770 [ 64.843958][ T5067] worker_thread+0x86d/0xd70 [ 64.850827][ T5067] kthread+0x2f0/0x390 [ 64.857081][ T5067] ret_from_fork+0x4b/0x80 [ 64.864359][ T5067] ret_from_fork_asm+0x1a/0x30 [ 64.871199][ T5067] } [ 64.873947][ T5067] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 64.883255][ T5067] -> (&client->buffer_lock){....}-{2:2} { [ 64.889153][ T5067] INITIAL USE at: [ 64.893207][ T5067] lock_acquire+0x1e4/0x530 [ 64.899698][ T5067] _raw_spin_lock+0x2e/0x40 [ 64.906140][ T5067] evdev_pass_values+0xf2/0xad0 [ 64.912898][ T5067] evdev_events+0x1c2/0x300 [ 64.919305][ T5067] input_pass_values+0x84d/0x1200 [ 64.926415][ T5067] input_event_dispose+0x36c/0x650 [ 64.933426][ T5067] input_handle_event+0xa71/0xbe0 [ 64.940374][ T5067] input_inject_event+0x22f/0x340 [ 64.947303][ T5067] evdev_write+0x672/0x7c0 [ 64.953795][ T5067] vfs_write+0x2a4/0xcb0 [ 64.959942][ T5067] ksys_write+0x1a0/0x2c0 [ 64.966170][ T5067] do_syscall_64+0xfb/0x240 [ 64.972576][ T5067] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 64.980372][ T5067] } [ 64.983049][ T5067] ... key at: [] evdev_open.__key.24+0x0/0x20 [ 64.991477][ T5067] ... acquired at: [ 64.995440][ T5067] lock_acquire+0x1e4/0x530 [ 65.000105][ T5067] _raw_spin_lock+0x2e/0x40 [ 65.004990][ T5067] evdev_pass_values+0xf2/0xad0 [ 65.010096][ T5067] evdev_events+0x1c2/0x300 [ 65.015143][ T5067] input_pass_values+0x84d/0x1200 [ 65.020611][ T5067] input_event_dispose+0x36c/0x650 [ 65.026014][ T5067] input_handle_event+0xa71/0xbe0 [ 65.031332][ T5067] input_inject_event+0x22f/0x340 [ 65.036646][ T5067] evdev_write+0x672/0x7c0 [ 65.041301][ T5067] vfs_write+0x2a4/0xcb0 [ 65.045894][ T5067] ksys_write+0x1a0/0x2c0 [ 65.050406][ T5067] do_syscall_64+0xfb/0x240 [ 65.055083][ T5067] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 65.061416][ T5067] [ 65.063910][ T5067] -> (&new->fa_lock){....}-{2:2} { [ 65.069361][ T5067] INITIAL READ USE at: [ 65.073804][ T5067] lock_acquire+0x1e4/0x530 [ 65.080576][ T5067] _raw_read_lock_irqsave+0xdd/0x130 [ 65.088225][ T5067] kill_fasync+0x19e/0x4d0 [ 65.095071][ T5067] evdev_pass_values+0x58a/0xad0 [ 65.102719][ T5067] evdev_events+0x1c2/0x300 [ 65.109803][ T5067] input_pass_values+0x84d/0x1200 [ 65.118408][ T5067] input_event_dispose+0x36c/0x650 [ 65.126668][ T5067] input_handle_event+0xa71/0xbe0 [ 65.134159][ T5067] input_inject_event+0x22f/0x340 [ 65.141737][ T5067] evdev_write+0x672/0x7c0 [ 65.148714][ T5067] vfs_write+0x2a4/0xcb0 [ 65.155305][ T5067] ksys_write+0x1a0/0x2c0 [ 65.161914][ T5067] do_syscall_64+0xfb/0x240 [ 65.168703][ T5067] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 65.176858][ T5067] } [ 65.179519][ T5067] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 65.188553][ T5067] ... acquired at: [ 65.192642][ T5067] lock_acquire+0x1e4/0x530 [ 65.197323][ T5067] _raw_read_lock_irqsave+0xdd/0x130 [ 65.202921][ T5067] kill_fasync+0x19e/0x4d0 [ 65.207499][ T5067] evdev_pass_values+0x58a/0xad0 [ 65.212611][ T5067] evdev_events+0x1c2/0x300 [ 65.217391][ T5067] input_pass_values+0x84d/0x1200 [ 65.222691][ T5067] input_event_dispose+0x36c/0x650 [ 65.228186][ T5067] input_handle_event+0xa71/0xbe0 [ 65.234710][ T5067] input_inject_event+0x22f/0x340 [ 65.240487][ T5067] evdev_write+0x672/0x7c0 [ 65.245626][ T5067] vfs_write+0x2a4/0xcb0 [ 65.250318][ T5067] ksys_write+0x1a0/0x2c0 [ 65.255100][ T5067] do_syscall_64+0xfb/0x240 [ 65.260216][ T5067] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 65.267220][ T5067] [ 65.269596][ T5067] -> (&f->f_owner.lock){....}-{2:2} { [ 65.275215][ T5067] INITIAL USE at: [ 65.279315][ T5067] lock_acquire+0x1e4/0x530 [ 65.285575][ T5067] _raw_write_lock_irq+0xd3/0x120 [ 65.292401][ T5067] f_modown+0x38/0x340 [ 65.298044][ T5067] f_setown+0x14f/0x200 [ 65.303877][ T5067] do_fcntl+0x8b1/0x16f0 [ 65.310423][ T5067] __se_sys_fcntl+0xd2/0x1b0 [ 65.316773][ T5067] do_syscall_64+0xfb/0x240 [ 65.322937][ T5067] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 65.330559][ T5067] INITIAL READ USE at: [ 65.334905][ T5067] lock_acquire+0x1e4/0x530 [ 65.341411][ T5067] _raw_read_lock_irqsave+0xdd/0x130 [ 65.348783][ T5067] send_sigio+0x33/0x360 [ 65.355382][ T5067] kill_fasync+0x23a/0x4d0 [ 65.362067][ T5067] evdev_pass_values+0x58a/0xad0 [ 65.368998][ T5067] evdev_events+0x1c2/0x300 [ 65.375498][ T5067] input_pass_values+0x84d/0x1200 [ 65.382505][ T5067] input_event_dispose+0x36c/0x650 [ 65.389969][ T5067] input_handle_event+0xa71/0xbe0 [ 65.396983][ T5067] input_inject_event+0x22f/0x340 [ 65.404173][ T5067] evdev_write+0x672/0x7c0 [ 65.410712][ T5067] vfs_write+0x2a4/0xcb0 [ 65.417171][ T5067] ksys_write+0x1a0/0x2c0 [ 65.423556][ T5067] do_syscall_64+0xfb/0x240 [ 65.430413][ T5067] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 65.438735][ T5067] } [ 65.441352][ T5067] ... key at: [] init_file.__key+0x0/0x20 [ 65.449776][ T5067] ... acquired at: [ 65.453568][ T5067] lock_acquire+0x1e4/0x530 [ 65.458234][ T5067] _raw_read_lock_irqsave+0xdd/0x130 [ 65.463685][ T5067] send_sigio+0x33/0x360 [ 65.468181][ T5067] kill_fasync+0x23a/0x4d0 [ 65.472759][ T5067] evdev_pass_values+0x58a/0xad0 [ 65.478031][ T5067] evdev_events+0x1c2/0x300 [ 65.482781][ T5067] input_pass_values+0x84d/0x1200 [ 65.488057][ T5067] input_event_dispose+0x36c/0x650 [ 65.493432][ T5067] input_handle_event+0xa71/0xbe0 [ 65.498619][ T5067] input_inject_event+0x22f/0x340 [ 65.503824][ T5067] evdev_write+0x672/0x7c0 [ 65.508862][ T5067] vfs_write+0x2a4/0xcb0 [ 65.513283][ T5067] ksys_write+0x1a0/0x2c0 [ 65.517778][ T5067] do_syscall_64+0xfb/0x240 [ 65.522450][ T5067] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 65.528560][ T5067] [ 65.530880][ T5067] [ 65.530880][ T5067] the dependencies between the lock to be acquired [ 65.530888][ T5067] and HARDIRQ-irq-unsafe lock: [ 65.544525][ T5067] -> (tasklist_lock){.+.+}-{2:2} { [ 65.549761][ T5067] HARDIRQ-ON-R at: [ 65.553743][ T5067] lock_acquire+0x1e4/0x530 [ 65.559894][ T5067] _raw_read_lock+0x36/0x50 [ 65.566052][ T5067] __do_wait+0x12d/0x850 [ 65.572194][ T5067] do_wait+0x1d9/0x540 [ 65.578014][ T5067] kernel_wait+0xe9/0x240 [ 65.584084][ T5067] call_usermodehelper_exec_work+0xbd/0x230 [ 65.591730][ T5067] process_scheduled_works+0xa00/0x1770 [ 65.598918][ T5067] worker_thread+0x86d/0xd70 [ 65.605407][ T5067] kthread+0x2f0/0x390 [ 65.611118][ T5067] ret_from_fork+0x4b/0x80 [ 65.617706][ T5067] ret_from_fork_asm+0x1a/0x30 [ 65.624130][ T5067] SOFTIRQ-ON-R at: [ 65.628110][ T5067] lock_acquire+0x1e4/0x530 [ 65.634621][ T5067] _raw_read_lock+0x36/0x50 [ 65.640767][ T5067] __do_wait+0x12d/0x850 [ 65.646845][ T5067] do_wait+0x1d9/0x540 [ 65.653930][ T5067] kernel_wait+0xe9/0x240 [ 65.660025][ T5067] call_usermodehelper_exec_work+0xbd/0x230 [ 65.667561][ T5067] process_scheduled_works+0xa00/0x1770 [ 65.674891][ T5067] worker_thread+0x86d/0xd70 [ 65.681146][ T5067] kthread+0x2f0/0x390 [ 65.686967][ T5067] ret_from_fork+0x4b/0x80 [ 65.693053][ T5067] ret_from_fork_asm+0x1a/0x30 [ 65.699560][ T5067] INITIAL USE at: [ 65.703457][ T5067] lock_acquire+0x1e4/0x530 [ 65.709524][ T5067] _raw_write_lock_irq+0xd3/0x120 [ 65.716200][ T5067] copy_process+0x228b/0x3df0 [ 65.722615][ T5067] kernel_clone+0x21e/0x8d0 [ 65.728739][ T5067] user_mode_thread+0x132/0x1a0 [ 65.735317][ T5067] rest_init+0x27/0x300 [ 65.741110][ T5067] arch_call_rest_init+0xe/0x10 [ 65.747514][ T5067] start_kernel+0x47a/0x500 [ 65.753745][ T5067] x86_64_start_reservations+0x2a/0x30 [ 65.760782][ T5067] x86_64_start_kernel+0x99/0xa0 [ 65.767300][ T5067] common_startup_64+0x13e/0x147 [ 65.773906][ T5067] INITIAL READ USE at: [ 65.778248][ T5067] lock_acquire+0x1e4/0x530 [ 65.784928][ T5067] _raw_read_lock+0x36/0x50 [ 65.791431][ T5067] __do_wait+0x12d/0x850 [ 65.797664][ T5067] do_wait+0x1d9/0x540 [ 65.803722][ T5067] kernel_wait+0xe9/0x240 [ 65.810042][ T5067] call_usermodehelper_exec_work+0xbd/0x230 [ 65.818716][ T5067] process_scheduled_works+0xa00/0x1770 [ 65.826422][ T5067] worker_thread+0x86d/0xd70 [ 65.833084][ T5067] kthread+0x2f0/0x390 [ 65.839316][ T5067] ret_from_fork+0x4b/0x80 [ 65.845841][ T5067] ret_from_fork_asm+0x1a/0x30 [ 65.852681][ T5067] } [ 65.855286][ T5067] ... key at: [] tasklist_lock+0x18/0x40 [ 65.863019][ T5067] ... acquired at: [ 65.867085][ T5067] lock_acquire+0x1e4/0x530 [ 65.871765][ T5067] _raw_read_lock+0x36/0x50 [ 65.876431][ T5067] send_sigurg+0xee/0x3c0 [ 65.880944][ T5067] sk_send_sigurg+0x6e/0xc0 [ 65.885633][ T5067] tcp_check_urg+0x207/0x740 [ 65.890502][ T5067] tcp_urg+0x15c/0x450 [ 65.894751][ T5067] tcp_rcv_established+0xf88/0x1fd0 [ 65.900156][ T5067] tcp_v6_do_rcv+0xa09/0x1300 [ 65.905279][ T5067] __release_sock+0x1c8/0x350 [ 65.910211][ T5067] release_sock+0x61/0x1f0 [ 65.914822][ T5067] tcp_sendmsg+0x3a/0x50 [ 65.919226][ T5067] __sock_sendmsg+0xef/0x270 [ 65.923990][ T5067] __sys_sendto+0x3a4/0x4f0 [ 65.928673][ T5067] __x64_sys_sendto+0xde/0x100 [ 65.934204][ T5067] do_syscall_64+0xfb/0x240 [ 65.939053][ T5067] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 65.945192][ T5067] [ 65.947506][ T5067] [ 65.947506][ T5067] stack backtrace: [ 65.953380][ T5067] CPU: 0 PID: 5067 Comm: syz-executor421 Not tainted 6.8.0-syzkaller-08073-g480e035fc4c7 #0 [ 65.963605][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 65.973649][ T5067] Call Trace: [ 65.976917][ T5067] [ 65.979851][ T5067] dump_stack_lvl+0x241/0x360 [ 65.984634][ T5067] ? __pfx_dump_stack_lvl+0x10/0x10 [ 65.990696][ T5067] ? __pfx__printk+0x10/0x10 [ 65.995456][ T5067] ? print_shortest_lock_dependencies+0xf2/0x160 [ 66.002231][ T5067] validate_chain+0x4dc7/0x58e0 [ 66.007117][ T5067] ? __pfx_validate_chain+0x10/0x10 [ 66.012589][ T5067] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 66.019117][ T5067] ? __pfx_debug_object_assert_init+0x10/0x10 [ 66.025767][ T5067] ? __lock_acquire+0x1346/0x1fd0 [ 66.030877][ T5067] ? mark_lock+0x9a/0x350 [ 66.035224][ T5067] __lock_acquire+0x1346/0x1fd0 [ 66.040179][ T5067] lock_acquire+0x1e4/0x530 [ 66.044851][ T5067] ? send_sigurg+0xee/0x3c0 [ 66.049629][ T5067] ? __pfx_lock_acquire+0x10/0x10 [ 66.054667][ T5067] ? do_raw_read_lock+0x3c/0x90 [ 66.059536][ T5067] ? _raw_read_lock_irqsave+0xe9/0x130 [ 66.065221][ T5067] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 66.071204][ T5067] _raw_read_lock+0x36/0x50 [ 66.075789][ T5067] ? send_sigurg+0xee/0x3c0 [ 66.080281][ T5067] send_sigurg+0xee/0x3c0 [ 66.084639][ T5067] sk_send_sigurg+0x6e/0xc0 [ 66.089242][ T5067] tcp_check_urg+0x207/0x740 [ 66.094143][ T5067] tcp_urg+0x15c/0x450 [ 66.099366][ T5067] ? __pfx_tcp_urg+0x10/0x10 [ 66.104554][ T5067] ? ktime_get+0x24c/0x280 [ 66.109072][ T5067] ? inet6_sk_rx_dst_set+0x1a8/0x250 [ 66.114610][ T5067] tcp_rcv_established+0xf88/0x1fd0 [ 66.119814][ T5067] ? __pfx_tcp_rcv_established+0x10/0x10 [ 66.125583][ T5067] tcp_v6_do_rcv+0xa09/0x1300 [ 66.130481][ T5067] ? do_raw_spin_unlock+0x13c/0x8b0 [ 66.135765][ T5067] ? __pfx_tcp_v6_do_rcv+0x10/0x10 [ 66.140955][ T5067] __release_sock+0x1c8/0x350 [ 66.145884][ T5067] release_sock+0x61/0x1f0 [ 66.150297][ T5067] tcp_sendmsg+0x3a/0x50 [ 66.154563][ T5067] __sock_sendmsg+0xef/0x270 [ 66.159233][ T5067] __sys_sendto+0x3a4/0x4f0 [ 66.164027][ T5067] ? __pfx___sys_sendto+0x10/0x10 [ 66.169199][ T5067] ? lockdep_hardirqs_on+0x99/0x150 [ 66.174479][ T5067] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 66.181181][ T5067] __x64_sys_sendto+0xde/0x100 [ 66.186053][ T5067] do_syscall_64+0xfb/0x240 [ 66.191537][ T5067] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 66.198311][ T5067] RIP: 0033:0x7f23eab3b1e9 [ 66.204039][ T5067] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 66.224563][ T5067] RSP: 002b:00007fff1f417d88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 66.233622][ T5067] RAX: ffffffffffffffda RBX: 00007fff1f417f68 RCX: 00007f23eab3b1e9 [ 66.241783][ T5067] RDX: 0000000000000002 RSI: 0000000020000080 RDI: 0000000000000005 sendto(5, "\x44\xf9", 2, MSG_OOB, NULL, 0) = 2 exit_group(0) = ? +++ exited with 0 +++ [ 66.250110][ T