./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1154147360 <...> Warning: Permanently added '10.128.10.24' (ED25519) to the list of known hosts. execve("./syz-executor1154147360", ["./syz-executor1154147360"], 0x7fff605d3a40 /* 10 vars */) = 0 brk(NULL) = 0x55555614f000 brk(0x55555614fd40) = 0x55555614fd40 arch_prctl(ARCH_SET_FS, 0x55555614f3c0) = 0 set_tid_address(0x55555614f690) = 5019 set_robust_list(0x55555614f6a0, 24) = 0 rseq(0x55555614fce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1154147360", 4096) = 28 getrandom("\xdf\x14\x99\xa4\x57\x0c\x37\xf4", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555614fd40 brk(0x555556170d40) = 0x555556170d40 brk(0x555556171000) = 0x555556171000 mprotect(0x7fdead12c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5019 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "5019", 4) = 4 close(3) = 0 futex(0x7fdead13240c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fdead0d7c10, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fdead0c9a20}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdead049000 mprotect(0x7fdead04a000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fdead069990, parent_tid=0x7fdead069990, exit_signal=0, stack=0x7fdead049000, stack_size=0x20300, tls=0x7fdead0696c0}./strace-static-x86_64: Process 5020 attached => {parent_tid=[5020]}, 88) = 5020 [pid 5020] rseq(0x7fdead069fe0, 0x20, 0, 0x53053053 [pid 5019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5020] <... rseq resumed>) = 0 [pid 5019] futex(0x7fdead132408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] set_robust_list(0x7fdead0699a0, 24 [pid 5019] futex(0x7fdead13240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... set_robust_list resumed>) = 0 [pid 5020] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5020] open("./file0", O_RDONLY|O_CREAT|O_LARGEFILE|0x4000000, 000) = 3 [pid 5020] futex(0x7fdead13240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7fdead132408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7fdead13240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] gettid() = 5020 [pid 5020] futex(0x7fdead13240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7fdead132408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7fdead13240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] fcntl(3, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=5020}) = 0 [pid 5020] futex(0x7fdead13240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7fdead132408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7fdead13240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] fcntl(3, F_SETLEASE, F_RDLCK) = 0 [pid 5020] futex(0x7fdead13240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7fdead132408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] futex(0x7fdead132408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5019] futex(0x7fdead13240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] open("./file0", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5020] futex(0x7fdead13240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7fdead132408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] ioctl(-1, EVIOCSFF, {type=0 /* FF_??? */, id=0, direction=0, ...} [pid 5019] futex(0x7fdead13240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5020] futex(0x7fdead13240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7fdead132408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000 [pid 5019] futex(0x7fdead13240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... openat resumed>) = 4 [pid 5020] futex(0x7fdead13240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7fdead132408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY [pid 5019] futex(0x7fdead13240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... openat resumed>) = 5 [pid 5020] futex(0x7fdead13240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7fdead132408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY [pid 5019] futex(0x7fdead13240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... openat resumed>) = 6 [pid 5020] futex(0x7fdead13240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7fdead132408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] ioctl(6, FIOASYNC, [1986356271] [pid 5019] futex(0x7fdead13240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... ioctl resumed>) = 0 [pid 5020] futex(0x7fdead13240c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7fdead132408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] write(4, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x9c\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 10968 [pid 5019] futex(0x7fdead13240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5019] futex(0x7fdead13240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5019] futex(0x7fdead13240c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 47.216208][ T5020] [ 47.218568][ T5020] ===================================================== [ 47.225504][ T5020] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 47.232939][ T5020] 6.5.0-rc7-syzkaller-00104-g4f9e7fabf864 #0 Not tainted [ 47.239932][ T5020] ----------------------------------------------------- [ 47.247012][ T5020] syz-executor115/5020 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 47.255053][ T5020] ffff88802d0aa018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13a/0x4f0 [ 47.263747][ T5020] [ 47.263747][ T5020] and this task is already holding: [ 47.271112][ T5020] ffff888015688028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 47.280936][ T5020] which would create a new lock dependency: [ 47.286805][ T5020] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 47.295023][ T5020] [ 47.295023][ T5020] but this new dependency connects a HARDIRQ-irq-safe lock: [ 47.304495][ T5020] (&dev->event_lock#2){-...}-{2:2} [ 47.304528][ T5020] [ 47.304528][ T5020] ... which became HARDIRQ-irq-safe at: [ 47.317413][ T5020] lock_acquire+0x1ae/0x510 [ 47.322016][ T5020] _raw_spin_lock_irqsave+0x3a/0x50 [ 47.327333][ T5020] input_event+0x70/0xa0 [ 47.331657][ T5020] psmouse_report_standard_buttons+0x30/0x80 [ 47.337730][ T5020] psmouse_process_byte+0x39c/0x8a0 [ 47.343012][ T5020] psmouse_handle_byte+0x41/0x560 [ 47.348118][ T5020] psmouse_receive_byte+0x243/0xe10 [ 47.353392][ T5020] ps2_interrupt+0x1fe/0x5a0 [ 47.358150][ T5020] serio_interrupt+0x8d/0x150 [pid 5019] exit_group(0) = ? [ 47.362911][ T5020] i8042_interrupt+0x3f2/0x8a0 [ 47.367763][ T5020] __handle_irq_event_percpu+0x22a/0x740 [ 47.373474][ T5020] handle_irq_event+0xab/0x1e0 [ 47.378348][ T5020] handle_edge_irq+0x261/0xcf0 [ 47.383231][ T5020] __common_interrupt+0x9f/0x220 [ 47.388272][ T5020] common_interrupt+0xa9/0xd0 [ 47.393117][ T5020] asm_common_interrupt+0x26/0x40 [ 47.398210][ T5020] unwind_get_return_address+0x6e/0xa0 [ 47.403744][ T5020] arch_stack_walk+0x9d/0xf0 [ 47.408492][ T5020] stack_trace_save+0x96/0xd0 [ 47.413235][ T5020] save_stack+0x160/0x1f0 [ 47.417654][ T5020] __reset_page_owner+0x5a/0x190 [ 47.422673][ T5020] free_unref_page_prepare+0x508/0xb90 [ 47.428204][ T5020] free_unref_page_list+0xe6/0xb30 [ 47.433404][ T5020] release_pages+0x32a/0x14e0 [ 47.438147][ T5020] tlb_batch_pages_flush+0x9a/0x190 [ 47.443413][ T5020] tlb_finish_mmu+0x14b/0x7e0 [ 47.448175][ T5020] exit_mmap+0x2db/0x960 [ 47.452496][ T5020] __mmput+0x12a/0x4d0 [ 47.456628][ T5020] mmput+0x62/0x70 [ 47.460419][ T5020] free_bprm+0x144/0x3f0 [ 47.464739][ T5020] kernel_execve+0x3e7/0x4e0 [ 47.469405][ T5020] call_usermodehelper_exec_async+0x256/0x4c0 [ 47.475540][ T5020] ret_from_fork+0x2c/0x70 [ 47.480022][ T5020] ret_from_fork_asm+0x11/0x20 [ 47.484855][ T5020] [ 47.484855][ T5020] to a HARDIRQ-irq-unsafe lock: [ 47.491853][ T5020] (tasklist_lock){.+.+}-{2:2} [ 47.491869][ T5020] [ 47.491869][ T5020] ... which became HARDIRQ-irq-unsafe at: [ 47.504464][ T5020] ... [ 47.504468][ T5020] lock_acquire+0x1ae/0x510 [ 47.511598][ T5020] _raw_read_lock+0x5f/0x70 [ 47.516171][ T5020] do_wait+0x2a9/0xc70 [ 47.520312][ T5020] kernel_wait+0xa0/0x150 [ 47.524726][ T5020] call_usermodehelper_exec_work+0xf1/0x170 [ 47.530722][ T5020] process_one_work+0xaa2/0x16f0 [ 47.535737][ T5020] worker_thread+0x687/0x1110 [ 47.540488][ T5020] kthread+0x33a/0x430 [ 47.544620][ T5020] ret_from_fork+0x2c/0x70 [ 47.549110][ T5020] ret_from_fork_asm+0x11/0x20 [ 47.553942][ T5020] [ 47.553942][ T5020] other info that might help us debug this: [ 47.553942][ T5020] [ 47.564155][ T5020] Chain exists of: [ 47.564155][ T5020] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 47.564155][ T5020] [ 47.577696][ T5020] Possible interrupt unsafe locking scenario: [ 47.577696][ T5020] [ 47.586006][ T5020] CPU0 CPU1 [ 47.591357][ T5020] ---- ---- [ 47.596700][ T5020] lock(tasklist_lock); [ 47.600922][ T5020] local_irq_disable(); [ 47.607664][ T5020] lock(&dev->event_lock#2); [ 47.614860][ T5020] lock(&client->buffer_lock); [ 47.622211][ T5020] [ 47.625668][ T5020] lock(&dev->event_lock#2); [ 47.630501][ T5020] [ 47.630501][ T5020] *** DEADLOCK *** [ 47.630501][ T5020] [ 47.638631][ T5020] 7 locks held by syz-executor115/5020: [ 47.644151][ T5020] #0: ffff8880233f5110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x201/0x750 [ 47.653363][ T5020] #1: ffff888013b81230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xa4/0x380 [ 47.663440][ T5020] #2: ffffffff8c9a7400 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x8b/0x380 [ 47.673075][ T5020] #3: ffffffff8c9a7400 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x7a0 [ 47.683151][ T5020] #4: ffffffff8c9a7400 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x390 [ 47.692362][ T5020] #5: ffff888015688028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 47.702628][ T5020] #6: ffffffff8c9a7400 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x46/0x4f0 [ 47.711653][ T5020] [ 47.711653][ T5020] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 47.722038][ T5020] -> (&dev->event_lock#2){-...}-{2:2} { [ 47.727669][ T5020] IN-HARDIRQ-W at: [ 47.731807][ T5020] lock_acquire+0x1ae/0x510 [ 47.738119][ T5020] _raw_spin_lock_irqsave+0x3a/0x50 [ 47.745131][ T5020] input_event+0x70/0xa0 [ 47.751196][ T5020] psmouse_report_standard_buttons+0x30/0x80 [ 47.758985][ T5020] psmouse_process_byte+0x39c/0x8a0 [ 47.765988][ T5020] psmouse_handle_byte+0x41/0x560 [ 47.772820][ T5020] psmouse_receive_byte+0x243/0xe10 [ 47.779826][ T5020] ps2_interrupt+0x1fe/0x5a0 [ 47.786244][ T5020] serio_interrupt+0x8d/0x150 [ 47.792732][ T5020] i8042_interrupt+0x3f2/0x8a0 [ 47.799314][ T5020] __handle_irq_event_percpu+0x22a/0x740 [ 47.806872][ T5020] handle_irq_event+0xab/0x1e0 [ 47.813536][ T5020] handle_edge_irq+0x261/0xcf0 [ 47.820114][ T5020] __common_interrupt+0x9f/0x220 [ 47.826860][ T5020] common_interrupt+0xa9/0xd0 [ 47.833352][ T5020] asm_common_interrupt+0x26/0x40 [ 47.840186][ T5020] unwind_get_return_address+0x6e/0xa0 [ 47.847456][ T5020] arch_stack_walk+0x9d/0xf0 [ 47.853864][ T5020] stack_trace_save+0x96/0xd0 [ 47.860358][ T5020] save_stack+0x160/0x1f0 [ 47.866502][ T5020] __reset_page_owner+0x5a/0x190 [ 47.873250][ T5020] free_unref_page_prepare+0x508/0xb90 [ 47.880606][ T5020] free_unref_page_list+0xe6/0xb30 [ 47.887529][ T5020] release_pages+0x32a/0x14e0 [ 47.894008][ T5020] tlb_batch_pages_flush+0x9a/0x190 [ 47.901016][ T5020] tlb_finish_mmu+0x14b/0x7e0 [ 47.907501][ T5020] exit_mmap+0x2db/0x960 [ 47.913559][ T5020] __mmput+0x12a/0x4d0 [ 47.919435][ T5020] mmput+0x62/0x70 [ 47.924965][ T5020] free_bprm+0x144/0x3f0 [ 47.931016][ T5020] kernel_execve+0x3e7/0x4e0 [ 47.937417][ T5020] call_usermodehelper_exec_async+0x256/0x4c0 [ 47.945299][ T5020] ret_from_fork+0x2c/0x70 [ 47.951552][ T5020] ret_from_fork_asm+0x11/0x20 [ 47.958156][ T5020] INITIAL USE at: [ 47.962113][ T5020] lock_acquire+0x1ae/0x510 [ 47.968361][ T5020] _raw_spin_lock_irqsave+0x3a/0x50 [ 47.975286][ T5020] input_inject_event+0xa4/0x380 [ 47.981952][ T5020] led_set_brightness+0x208/0x290 [ 47.988702][ T5020] led_trigger_event+0xb4/0x240 [ 47.995274][ T5020] kbd_led_trigger_activate+0xc6/0x100 [ 48.002489][ T5020] led_trigger_set+0x580/0xc00 [ 48.008977][ T5020] led_trigger_set_default+0x1c9/0x220 [ 48.016163][ T5020] led_classdev_register_ext+0x63b/0x8c0 [ 48.023523][ T5020] input_leds_connect+0x54a/0x8d0 [ 48.030274][ T5020] input_attach_handler.isra.0+0x17c/0x250 [ 48.037900][ T5020] input_register_device+0xb1e/0x1130 [ 48.044990][ T5020] atkbd_connect+0x5e2/0xa20 [ 48.051392][ T5020] serio_driver_probe+0x71/0xa0 [ 48.058052][ T5020] really_probe+0x234/0xc90 [ 48.064284][ T5020] __driver_probe_device+0x1de/0x4b0 [ 48.071488][ T5020] driver_probe_device+0x4c/0x1a0 [ 48.078262][ T5020] __driver_attach+0x274/0x570 [ 48.084753][ T5020] bus_for_each_dev+0x13c/0x1d0 [ 48.091360][ T5020] serio_handle_event+0x2b8/0xa90 [ 48.098117][ T5020] process_one_work+0xaa2/0x16f0 [ 48.104781][ T5020] worker_thread+0x687/0x1110 [ 48.111247][ T5020] kthread+0x33a/0x430 [ 48.117038][ T5020] ret_from_fork+0x2c/0x70 [ 48.123191][ T5020] ret_from_fork_asm+0x11/0x20 [ 48.129684][ T5020] } [ 48.132246][ T5020] ... key at: [] __key.6+0x0/0x40 [ 48.139430][ T5020] -> (&client->buffer_lock){....}-{2:2} { [ 48.145136][ T5020] INITIAL USE at: [ 48.149007][ T5020] lock_acquire+0x1ae/0x510 [ 48.155063][ T5020] _raw_spin_lock+0x2e/0x40 [ 48.161127][ T5020] evdev_pass_values+0x10e/0x9b0 [ 48.167624][ T5020] evdev_events+0x1be/0x390 [ 48.173691][ T5020] input_to_handler+0x29e/0x4c0 [ 48.180094][ T5020] input_pass_values.part.0+0x536/0x7a0 [ 48.187185][ T5020] input_event_dispose+0x5ee/0x770 [ 48.193867][ T5020] input_handle_event+0x11c/0xd80 [ 48.200442][ T5020] input_inject_event+0x1c2/0x380 [ 48.207014][ T5020] evdev_write+0x456/0x750 [ 48.212980][ T5020] vfs_write+0x2a4/0xe40 [ 48.218777][ T5020] ksys_write+0x1f0/0x250 [ 48.224793][ T5020] do_syscall_64+0x38/0xb0 [ 48.230762][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.238207][ T5020] } [ 48.240682][ T5020] ... key at: [] __key.3+0x0/0x40 [ 48.247777][ T5020] ... acquired at: [ 48.251643][ T5020] _raw_spin_lock+0x2e/0x40 [ 48.256396][ T5020] evdev_pass_values+0x10e/0x9b0 [ 48.261496][ T5020] evdev_events+0x1be/0x390 [ 48.266158][ T5020] input_to_handler+0x29e/0x4c0 [ 48.271171][ T5020] input_pass_values.part.0+0x536/0x7a0 [ 48.276872][ T5020] input_event_dispose+0x5ee/0x770 [ 48.282144][ T5020] input_handle_event+0x11c/0xd80 [ 48.287355][ T5020] input_inject_event+0x1c2/0x380 [ 48.292541][ T5020] evdev_write+0x456/0x750 [ 48.297132][ T5020] vfs_write+0x2a4/0xe40 [ 48.301542][ T5020] ksys_write+0x1f0/0x250 [ 48.306030][ T5020] do_syscall_64+0x38/0xb0 [ 48.310599][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.316644][ T5020] [ 48.318949][ T5020] [ 48.318949][ T5020] the dependencies between the lock to be acquired [ 48.318954][ T5020] and HARDIRQ-irq-unsafe lock: [ 48.332425][ T5020] -> (tasklist_lock){.+.+}-{2:2} { [ 48.337708][ T5020] HARDIRQ-ON-R at: [ 48.341847][ T5020] lock_acquire+0x1ae/0x510 [ 48.348333][ T5020] _raw_read_lock+0x5f/0x70 [ 48.354908][ T5020] do_wait+0x2a9/0xc70 [ 48.360982][ T5020] kernel_wait+0xa0/0x150 [ 48.367297][ T5020] call_usermodehelper_exec_work+0xf1/0x170 [ 48.375192][ T5020] process_one_work+0xaa2/0x16f0 [ 48.382142][ T5020] worker_thread+0x687/0x1110 [ 48.388803][ T5020] kthread+0x33a/0x430 [ 48.394957][ T5020] ret_from_fork+0x2c/0x70 [ 48.401365][ T5020] ret_from_fork_asm+0x11/0x20 [ 48.408113][ T5020] SOFTIRQ-ON-R at: [ 48.412245][ T5020] lock_acquire+0x1ae/0x510 [ 48.418729][ T5020] _raw_read_lock+0x5f/0x70 [ 48.425213][ T5020] do_wait+0x2a9/0xc70 [ 48.431267][ T5020] kernel_wait+0xa0/0x150 [ 48.437577][ T5020] call_usermodehelper_exec_work+0xf1/0x170 [ 48.445448][ T5020] process_one_work+0xaa2/0x16f0 [ 48.452368][ T5020] worker_thread+0x687/0x1110 [ 48.459022][ T5020] kthread+0x33a/0x430 [ 48.465088][ T5020] ret_from_fork+0x2c/0x70 [ 48.471483][ T5020] ret_from_fork_asm+0x11/0x20 [ 48.478250][ T5020] INITIAL USE at: [ 48.482316][ T5020] lock_acquire+0x1ae/0x510 [ 48.488714][ T5020] _raw_write_lock_irq+0x36/0x50 [ 48.495548][ T5020] copy_process+0x4672/0x7400 [ 48.502118][ T5020] kernel_clone+0xfd/0x8f0 [ 48.508424][ T5020] user_mode_thread+0xb4/0xf0 [ 48.514995][ T5020] rest_init+0x27/0x2b0 [ 48.521044][ T5020] arch_call_rest_init+0x13/0x30 [ 48.527875][ T5020] start_kernel+0x39f/0x480 [ 48.534358][ T5020] x86_64_start_reservations+0x18/0x30 [ 48.541720][ T5020] x86_64_start_kernel+0xb2/0xc0 [ 48.548554][ T5020] secondary_startup_64_no_verify+0x167/0x16b [ 48.556641][ T5020] INITIAL READ USE at: [ 48.561132][ T5020] lock_acquire+0x1ae/0x510 [ 48.567972][ T5020] _raw_read_lock+0x5f/0x70 [ 48.574805][ T5020] do_wait+0x2a9/0xc70 [ 48.581211][ T5020] kernel_wait+0xa0/0x150 [ 48.587872][ T5020] call_usermodehelper_exec_work+0xf1/0x170 [ 48.596090][ T5020] process_one_work+0xaa2/0x16f0 [ 48.603357][ T5020] worker_thread+0x687/0x1110 [ 48.610365][ T5020] kthread+0x33a/0x430 [ 48.616760][ T5020] ret_from_fork+0x2c/0x70 [ 48.623510][ T5020] ret_from_fork_asm+0x11/0x20 [ 48.630606][ T5020] } [ 48.633257][ T5020] ... key at: [] tasklist_lock+0x18/0x40 [ 48.641157][ T5020] ... acquired at: [ 48.645110][ T5020] _raw_read_lock+0x5f/0x70 [ 48.649774][ T5020] send_sigio+0xaf/0x3c0 [ 48.654180][ T5020] kill_fasync+0x1f8/0x4f0 [ 48.658748][ T5020] lease_break_callback+0x23/0x30 [ 48.663946][ T5020] __break_lease+0x70f/0x17f0 [ 48.668780][ T5020] do_dentry_open+0x62c/0x1780 [ 48.673870][ T5020] path_openat+0x19af/0x29c0 [ 48.678617][ T5020] do_filp_open+0x1de/0x430 [ 48.683267][ T5020] do_sys_openat2+0x176/0x1e0 [ 48.688097][ T5020] __x64_sys_open+0x154/0x1e0 [ 48.692926][ T5020] do_syscall_64+0x38/0xb0 [ 48.697490][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.703537][ T5020] [ 48.705841][ T5020] -> (&f->f_owner.lock){....}-{2:2} { [ 48.711287][ T5020] INITIAL USE at: [ 48.715243][ T5020] lock_acquire+0x1ae/0x510 [ 48.721473][ T5020] _raw_write_lock_irq+0x36/0x50 [ 48.728137][ T5020] f_modown+0x2a/0x390 [ 48.733951][ T5020] do_fcntl+0xcf8/0x1290 [ 48.739910][ T5020] __x64_sys_fcntl+0x16c/0x1e0 [ 48.746415][ T5020] do_syscall_64+0x38/0xb0 [ 48.752602][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.760239][ T5020] INITIAL READ USE at: [ 48.764628][ T5020] lock_acquire+0x1ae/0x510 [ 48.771376][ T5020] _raw_read_lock_irqsave+0x70/0x90 [ 48.778758][ T5020] send_sigio+0x28/0x3c0 [ 48.785156][ T5020] kill_fasync+0x1f8/0x4f0 [ 48.791724][ T5020] lease_break_callback+0x23/0x30 [ 48.798902][ T5020] __break_lease+0x70f/0x17f0 [ 48.805730][ T5020] do_dentry_open+0x62c/0x1780 [ 48.812661][ T5020] path_openat+0x19af/0x29c0 [ 48.819421][ T5020] do_filp_open+0x1de/0x430 [ 48.826074][ T5020] do_sys_openat2+0x176/0x1e0 [ 48.832993][ T5020] __x64_sys_open+0x154/0x1e0 [ 48.839826][ T5020] do_syscall_64+0x38/0xb0 [ 48.846398][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.854442][ T5020] } [ 48.857002][ T5020] ... key at: [] __key.5+0x0/0x40 [ 48.864198][ T5020] ... acquired at: [ 48.868074][ T5020] _raw_read_lock_irqsave+0x70/0x90 [ 48.873437][ T5020] send_sigio+0x28/0x3c0 [ 48.877843][ T5020] kill_fasync+0x1f8/0x4f0 [ 48.882420][ T5020] lease_break_callback+0x23/0x30 [ 48.887596][ T5020] __break_lease+0x70f/0x17f0 [ 48.892439][ T5020] do_dentry_open+0x62c/0x1780 [ 48.897464][ T5020] path_openat+0x19af/0x29c0 [ 48.902298][ T5020] do_filp_open+0x1de/0x430 [ 48.906994][ T5020] do_sys_openat2+0x176/0x1e0 [ 48.911839][ T5020] __x64_sys_open+0x154/0x1e0 [ 48.916678][ T5020] do_syscall_64+0x38/0xb0 [ 48.921252][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.927320][ T5020] [ 48.929626][ T5020] -> (&new->fa_lock){....}-{2:2} { [ 48.934722][ T5020] INITIAL READ USE at: [ 48.939140][ T5020] lock_acquire+0x1ae/0x510 [ 48.945628][ T5020] _raw_read_lock_irqsave+0x70/0x90 [ 48.952816][ T5020] kill_fasync+0x13a/0x4f0 [ 48.959219][ T5020] lease_break_callback+0x23/0x30 [ 48.966275][ T5020] __break_lease+0x70f/0x17f0 [ 48.972932][ T5020] do_dentry_open+0x62c/0x1780 [ 48.979681][ T5020] path_openat+0x19af/0x29c0 [ 48.986273][ T5020] do_filp_open+0x1de/0x430 [ 48.992772][ T5020] do_sys_openat2+0x176/0x1e0 [ 48.999453][ T5020] __x64_sys_open+0x154/0x1e0 [ 49.006107][ T5020] do_syscall_64+0x38/0xb0 [ 49.012516][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.020396][ T5020] } [ 49.022871][ T5020] ... key at: [] __key.0+0x0/0x40 [ 49.029958][ T5020] ... acquired at: [ 49.033735][ T5020] lock_acquire+0x1ae/0x510 [ 49.038397][ T5020] _raw_read_lock_irqsave+0x70/0x90 [ 49.043751][ T5020] kill_fasync+0x13a/0x4f0 [ 49.048331][ T5020] evdev_pass_values+0x619/0x9b0 [ 49.053425][ T5020] evdev_events+0x1be/0x390 [ 49.058084][ T5020] input_to_handler+0x29e/0x4c0 [ 49.063092][ T5020] input_pass_values.part.0+0x536/0x7a0 [ 49.068790][ T5020] input_event_dispose+0x5ee/0x770 [ 49.074050][ T5020] input_handle_event+0x11c/0xd80 [ 49.079229][ T5020] input_inject_event+0x1c2/0x380 [ 49.084407][ T5020] evdev_write+0x456/0x750 [ 49.088977][ T5020] vfs_write+0x2a4/0xe40 [ 49.093373][ T5020] ksys_write+0x1f0/0x250 [ 49.097859][ T5020] do_syscall_64+0x38/0xb0 [ 49.102424][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.108465][ T5020] [ 49.110765][ T5020] [ 49.110765][ T5020] stack backtrace: [ 49.116710][ T5020] CPU: 1 PID: 5020 Comm: syz-executor115 Not tainted 6.5.0-rc7-syzkaller-00104-g4f9e7fabf864 #0 [ 49.127123][ T5020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 49.137178][ T5020] Call Trace: [ 49.140440][ T5020] [ 49.143352][ T5020] dump_stack_lvl+0xd9/0x1b0 [ 49.147926][ T5020] check_irq_usage+0x10b8/0x1c70 [ 49.152844][ T5020] ? lock_acquire+0x1ae/0x510 [ 49.157525][ T5020] ? print_shortest_lock_dependencies_backwards+0x1b0/0x1b0 [ 49.164796][ T5020] ? hlock_conflict+0x58/0x200 [ 49.169547][ T5020] ? __bfs+0x2f8/0x660 [ 49.173601][ T5020] ? save_trace+0xb30/0xb30 [ 49.178106][ T5020] ? mark_lock+0x105/0x1950 [ 49.182608][ T5020] ? is_dynamic_key+0x1f0/0x1f0 [ 49.187451][ T5020] ? __lock_acquire+0x2e53/0x5de0 [ 49.192469][ T5020] __lock_acquire+0x2e53/0x5de0 [ 49.197353][ T5020] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 49.203329][ T5020] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 49.209387][ T5020] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 49.215428][ T5020] ? __wake_up_common_lock+0xe3/0x140 [ 49.220796][ T5020] lock_acquire+0x1ae/0x510 [ 49.225287][ T5020] ? kill_fasync+0x13a/0x4f0 [ 49.229863][ T5020] ? lock_sync+0x190/0x190 [ 49.234267][ T5020] ? lock_sync+0x190/0x190 [ 49.238668][ T5020] ? lock_sync+0x190/0x190 [ 49.243068][ T5020] ? __wake_up_common+0x5a0/0x5a0 [ 49.248080][ T5020] _raw_read_lock_irqsave+0x70/0x90 [ 49.253273][ T5020] ? kill_fasync+0x13a/0x4f0 [ 49.257852][ T5020] kill_fasync+0x13a/0x4f0 [ 49.262256][ T5020] evdev_pass_values+0x619/0x9b0 [ 49.267266][ T5020] evdev_events+0x1be/0x390 [ 49.271761][ T5020] ? evdev_connect+0x4c0/0x4c0 [ 49.276508][ T5020] input_to_handler+0x29e/0x4c0 [ 49.281364][ T5020] input_pass_values.part.0+0x536/0x7a0 [ 49.286925][ T5020] input_event_dispose+0x5ee/0x770 [ 49.292018][ T5020] input_handle_event+0x11c/0xd80 [ 49.297023][ T5020] input_inject_event+0x1c2/0x380 [ 49.302052][ T5020] evdev_write+0x456/0x750 [ 49.306537][ T5020] ? evdev_read+0xdf0/0xdf0 [ 49.311025][ T5020] ? apparmor_file_permission+0x21f/0x4f0 [ 49.316727][ T5020] ? bpf_lsm_file_permission+0x9/0x10 [ 49.322086][ T5020] ? security_file_permission+0x94/0x100 [ 49.327721][ T5020] vfs_write+0x2a4/0xe40 [ 49.331952][ T5020] ? evdev_read+0xdf0/0xdf0 [ 49.336443][ T5020] ? kernel_write+0x6c0/0x6c0 [ 49.341106][ T5020] ? __fget_files+0x279/0x410 [ 49.345789][ T5020] ? __fget_light+0xe6/0x260 [ 49.350363][ T5020] ksys_write+0x1f0/0x250 [ 49.354678][ T5020] ? __ia32_sys_read+0xb0/0xb0 [ 49.359423][ T5020] ? lockdep_hardirqs_on+0x7d/0x100 [ 49.364602][ T5020] ? _raw_spin_unlock_irq+0x2e/0x50 [ 49.369786][ T5020] ? ptrace_notify+0xf4/0x130 [ 49.374463][ T5020] do_syscall_64+0x38/0xb0 [ 49.378868][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.384745][ T5020] RIP: 0033:0x7fdead0b2079 [ 49.389158][ T5020] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 49.408755][ T5020] RSP: 002b:00007fdead069228 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 49.417150][ T5020] RAX: ffffffffffffffda RBX: 00007fdead132408 RCX: 00007fdead0b2079 [pid 5020] <... write resumed>) = ? [pid 5020] +++ exited with 0 +++ +++ exited with 0 +++ [ 49.425112