Warning: Permanently added '10.128.1.61' (ECDSA) to the list of known hosts. syzkaller login: [ 72.377853][ T8463] chnl_net:caif_netlink_parms(): no params data found [ 72.430149][ T8463] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.437955][ T8463] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.446794][ T8463] device bridge_slave_0 entered promiscuous mode [ 72.456715][ T8463] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.464903][ T8463] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.472880][ T8463] device bridge_slave_1 entered promiscuous mode [ 72.494574][ T8463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.505694][ T8463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.528038][ T8463] team0: Port device team_slave_0 added [ 72.535628][ T8463] team0: Port device team_slave_1 added [ 72.553927][ T8463] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.561033][ T8463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.587838][ T8463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.600976][ T8463] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.609280][ T8463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.637360][ T8463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.657393][ T8463] device hsr_slave_0 entered promiscuous mode [ 72.665427][ T8463] device hsr_slave_1 entered promiscuous mode [ 72.770664][ T8463] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 72.784350][ T8463] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 72.795413][ T8463] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 72.806417][ T8463] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 72.833421][ T8463] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.841443][ T8463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.849718][ T8463] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.857301][ T8463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.905201][ T8463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.921231][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.936081][ T29] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.946621][ T29] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.956362][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 72.970917][ T8463] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.982776][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.994470][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.001811][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.024208][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.033123][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.041104][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.050501][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.066130][ T3172] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.075546][ T3172] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.088779][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.104080][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.115774][ T8463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.135608][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.144366][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.157386][ T8463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.178480][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.198686][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.208625][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.217680][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.228484][ T8463] device veth0_vlan entered promiscuous mode [ 73.241574][ T8463] device veth1_vlan entered promiscuous mode [ 73.262483][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.270951][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 73.280093][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.293659][ T8463] device veth0_macvtap entered promiscuous mode [ 73.305311][ T8463] device veth1_macvtap entered promiscuous mode [ 73.323934][ T8463] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.331828][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.342073][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.355864][ T8463] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.363929][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready executing program [ 73.372590][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.386669][ T8463] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.395799][ T8463] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.405281][ T8463] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.414798][ T8463] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.458395][ T8463] [ 73.460906][ T8463] ===================================================== [ 73.468370][ T8463] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 73.476635][ T8463] 5.14.0-rc2-syzkaller #0 Not tainted [ 73.483059][ T8463] ----------------------------------------------------- [ 73.490289][ T8463] syz-executor033/8463 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 73.498816][ T8463] ffff888035761018 (&new->fa_lock){.+.+}-{2:2}, at: kill_fasync+0x132/0x460 [ 73.509221][ T8463] [ 73.509221][ T8463] and this task is already holding: [ 73.516755][ T8463] ffff888034e40028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 73.527634][ T8463] which would create a new lock dependency: [ 73.533864][ T8463] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){.+.+}-{2:2} [ 73.542601][ T8463] [ 73.542601][ T8463] but this new dependency connects a HARDIRQ-irq-safe lock: [ 73.552454][ T8463] (&dev->event_lock){-...}-{2:2} [ 73.552476][ T8463] [ 73.552476][ T8463] ... which became HARDIRQ-irq-safe at: [ 73.565677][ T8463] lock_acquire+0x1ab/0x510 [ 73.571102][ T8463] _raw_spin_lock_irqsave+0x39/0x50 [ 73.578935][ T8463] input_event+0x7b/0xb0 [ 73.583561][ T8463] psmouse_report_standard_buttons+0x2c/0x80 [ 73.589807][ T8463] psmouse_process_byte+0x1e1/0x890 [ 73.595143][ T8463] psmouse_handle_byte+0x41/0x1b0 [ 73.600795][ T8463] psmouse_interrupt+0x304/0xf00 [ 73.605928][ T8463] serio_interrupt+0x88/0x150 [ 73.610860][ T8463] i8042_interrupt+0x27a/0x520 [ 73.616082][ T8463] __handle_irq_event_percpu+0x303/0x8f0 [ 73.621968][ T8463] handle_irq_event+0x102/0x280 [ 73.626964][ T8463] handle_edge_irq+0x25f/0xd00 [ 73.631901][ T8463] __common_interrupt+0x9d/0x210 [ 73.636916][ T8463] common_interrupt+0x9f/0xd0 [ 73.642490][ T8463] asm_common_interrupt+0x1e/0x40 [ 73.647683][ T8463] _raw_spin_unlock_irqrestore+0x38/0x70 [ 73.653831][ T8463] i8042_command+0x12e/0x150 [ 73.658804][ T8463] i8042_aux_write+0xd7/0x120 [ 73.664000][ T8463] ps2_do_sendbyte+0x2cf/0x710 [ 73.669200][ T8463] ps2_sendbyte+0x58/0x150 [ 73.673702][ T8463] cypress_ps2_sendbyte+0x2e/0x160 [ 73.679187][ T8463] cypress_send_ext_cmd+0x1d0/0x8e0 [ 73.684844][ T8463] cypress_detect+0x75/0x190 [ 73.689630][ T8463] psmouse_try_protocol+0x211/0x370 [ 73.694951][ T8463] psmouse_extensions+0x557/0x930 [ 73.700245][ T8463] psmouse_switch_protocol+0x52a/0x740 [ 73.705872][ T8463] psmouse_connect+0x5e9/0xfd0 [ 73.710713][ T8463] serio_driver_probe+0x72/0xa0 [ 73.715647][ T8463] really_probe+0x23c/0xcd0 [ 73.720504][ T8463] __driver_probe_device+0x338/0x4d0 [ 73.725865][ T8463] driver_probe_device+0x4c/0x1a0 [ 73.731141][ T8463] __driver_attach+0x22d/0x4e0 [ 73.736055][ T8463] bus_for_each_dev+0x147/0x1d0 [ 73.741345][ T8463] serio_handle_event+0x5f6/0xa30 [ 73.746542][ T8463] process_one_work+0x98d/0x1630 [ 73.751827][ T8463] worker_thread+0x658/0x11f0 [ 73.756605][ T8463] kthread+0x3e5/0x4d0 [ 73.760787][ T8463] ret_from_fork+0x1f/0x30 [ 73.765600][ T8463] [ 73.765600][ T8463] to a HARDIRQ-irq-unsafe lock: [ 73.772705][ T8463] (&new->fa_lock){.+.+}-{2:2} [ 73.772725][ T8463] [ 73.772725][ T8463] ... which became HARDIRQ-irq-unsafe at: [ 73.786524][ T8463] ... [ 73.786531][ T8463] lock_acquire+0x1ab/0x510 [ 73.794482][ T8463] _raw_read_lock+0x5b/0x70 [ 73.799111][ T8463] kill_fasync+0x132/0x460 [ 73.803614][ T8463] sock_wake_async+0xd2/0x160 [ 73.808853][ T8463] sk_wake_async+0x108/0x290 [ 73.813666][ T8463] tcp_rcv_state_process+0x1afe/0x4bd0 [ 73.819310][ T8463] tcp_v4_do_rcv+0x323/0x880 [ 73.824103][ T8463] __release_sock+0x134/0x3b0 [ 73.829044][ T8463] release_sock+0x54/0x1b0 [ 73.833699][ T8463] __inet_stream_connect+0x5db/0xed0 [ 73.839796][ T8463] tcp_sendmsg_locked+0x209e/0x2f10 [ 73.845398][ T8463] tcp_sendmsg+0x2b/0x40 [ 73.849894][ T8463] inet_sendmsg+0x99/0xe0 [ 73.854513][ T8463] sock_sendmsg+0xcf/0x120 [ 73.859302][ T8463] ____sys_sendmsg+0x6e8/0x810 [ 73.864151][ T8463] ___sys_sendmsg+0xf3/0x170 [ 73.869003][ T8463] __sys_sendmsg+0xe5/0x1b0 [ 73.873674][ T8463] do_syscall_64+0x35/0xb0 [ 73.878203][ T8463] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.884315][ T8463] [ 73.884315][ T8463] other info that might help us debug this: [ 73.884315][ T8463] [ 73.895320][ T8463] Chain exists of: [ 73.895320][ T8463] &dev->event_lock --> &client->buffer_lock --> &new->fa_lock [ 73.895320][ T8463] [ 73.909279][ T8463] Possible interrupt unsafe locking scenario: [ 73.909279][ T8463] [ 73.917984][ T8463] CPU0 CPU1 [ 73.923784][ T8463] ---- ---- [ 73.929152][ T8463] lock(&new->fa_lock); [ 73.933386][ T8463] local_irq_disable(); [ 73.940127][ T8463] lock(&dev->event_lock); [ 73.947139][ T8463] lock(&client->buffer_lock); [ 73.955042][ T8463] [ 73.958827][ T8463] lock(&dev->event_lock); [ 73.964282][ T8463] [ 73.964282][ T8463] *** DEADLOCK *** [ 73.964282][ T8463] [ 73.977317][ T8463] 7 locks held by syz-executor033/8463: [ 73.983896][ T8463] #0: ffff888022081110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 73.993664][ T8463] #1: ffff88801c45a230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xa6/0x320 [ 74.004203][ T8463] #2: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x320 [ 74.014439][ T8463] #3: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 74.025397][ T8463] #4: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 [ 74.034637][ T8463] #5: ffff888034e40028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 74.045408][ T8463] #6: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 [ 74.054788][ T8463] [ 74.054788][ T8463] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 74.065475][ T8463] -> (&dev->event_lock){-...}-{2:2} { [ 74.071185][ T8463] IN-HARDIRQ-W at: [ 74.075410][ T8463] lock_acquire+0x1ab/0x510 [ 74.082295][ T8463] _raw_spin_lock_irqsave+0x39/0x50 [ 74.089654][ T8463] input_event+0x7b/0xb0 [ 74.095745][ T8463] psmouse_report_standard_buttons+0x2c/0x80 [ 74.103869][ T8463] psmouse_process_byte+0x1e1/0x890 [ 74.111153][ T8463] psmouse_handle_byte+0x41/0x1b0 [ 74.118122][ T8463] psmouse_interrupt+0x304/0xf00 [ 74.124985][ T8463] serio_interrupt+0x88/0x150 [ 74.132019][ T8463] i8042_interrupt+0x27a/0x520 [ 74.139065][ T8463] __handle_irq_event_percpu+0x303/0x8f0 [ 74.146666][ T8463] handle_irq_event+0x102/0x280 [ 74.153385][ T8463] handle_edge_irq+0x25f/0xd00 [ 74.160544][ T8463] __common_interrupt+0x9d/0x210 [ 74.168289][ T8463] common_interrupt+0x9f/0xd0 [ 74.174792][ T8463] asm_common_interrupt+0x1e/0x40 [ 74.181900][ T8463] _raw_spin_unlock_irqrestore+0x38/0x70 [ 74.189444][ T8463] i8042_command+0x12e/0x150 [ 74.196268][ T8463] i8042_aux_write+0xd7/0x120 [ 74.203130][ T8463] ps2_do_sendbyte+0x2cf/0x710 [ 74.209770][ T8463] ps2_sendbyte+0x58/0x150 [ 74.216403][ T8463] cypress_ps2_sendbyte+0x2e/0x160 [ 74.223342][ T8463] cypress_send_ext_cmd+0x1d0/0x8e0 [ 74.230978][ T8463] cypress_detect+0x75/0x190 [ 74.237506][ T8463] psmouse_try_protocol+0x211/0x370 [ 74.244845][ T8463] psmouse_extensions+0x557/0x930 [ 74.252074][ T8463] psmouse_switch_protocol+0x52a/0x740 [ 74.259743][ T8463] psmouse_connect+0x5e9/0xfd0 [ 74.266455][ T8463] serio_driver_probe+0x72/0xa0 [ 74.273333][ T8463] really_probe+0x23c/0xcd0 [ 74.280030][ T8463] __driver_probe_device+0x338/0x4d0 [ 74.287575][ T8463] driver_probe_device+0x4c/0x1a0 [ 74.294739][ T8463] __driver_attach+0x22d/0x4e0 [ 74.303448][ T8463] bus_for_each_dev+0x147/0x1d0 [ 74.311264][ T8463] serio_handle_event+0x5f6/0xa30 [ 74.318740][ T8463] process_one_work+0x98d/0x1630 [ 74.326218][ T8463] worker_thread+0x658/0x11f0 [ 74.333651][ T8463] kthread+0x3e5/0x4d0 [ 74.339719][ T8463] ret_from_fork+0x1f/0x30 [ 74.346045][ T8463] INITIAL USE at: [ 74.350080][ T8463] lock_acquire+0x1ab/0x510 [ 74.356440][ T8463] _raw_spin_lock_irqsave+0x39/0x50 [ 74.363658][ T8463] input_inject_event+0xa6/0x320 [ 74.370665][ T8463] led_set_brightness_nosleep+0xe6/0x1a0 [ 74.378461][ T8463] led_set_brightness+0x134/0x170 [ 74.385472][ T8463] led_trigger_event+0x75/0xd0 [ 74.392267][ T8463] kbd_led_trigger_activate+0xc9/0x100 [ 74.399456][ T8463] led_trigger_set+0x61e/0xbd0 [ 74.406214][ T8463] led_trigger_set_default+0x1a6/0x230 [ 74.413819][ T8463] led_classdev_register_ext+0x5b1/0x7c0 [ 74.421247][ T8463] input_leds_connect+0x4bd/0x860 [ 74.428114][ T8463] input_attach_handler+0x180/0x1f0 [ 74.435428][ T8463] input_register_device.cold+0xf0/0x304 [ 74.442798][ T8463] atkbd_connect+0x739/0xa00 [ 74.449538][ T8463] serio_driver_probe+0x72/0xa0 [ 74.456598][ T8463] really_probe+0x23c/0xcd0 [ 74.463117][ T8463] __driver_probe_device+0x338/0x4d0 [ 74.470539][ T8463] driver_probe_device+0x4c/0x1a0 [ 74.477308][ T8463] __driver_attach+0x22d/0x4e0 [ 74.484082][ T8463] bus_for_each_dev+0x147/0x1d0 [ 74.490722][ T8463] serio_handle_event+0x5f6/0xa30 [ 74.497621][ T8463] process_one_work+0x98d/0x1630 [ 74.504713][ T8463] worker_thread+0x658/0x11f0 [ 74.512005][ T8463] kthread+0x3e5/0x4d0 [ 74.517938][ T8463] ret_from_fork+0x1f/0x30 [ 74.524130][ T8463] } [ 74.527038][ T8463] ... key at: [] __key.8+0x0/0x40 [ 74.534540][ T8463] -> (&client->buffer_lock){....}-{2:2} { [ 74.540703][ T8463] INITIAL USE at: [ 74.544741][ T8463] lock_acquire+0x1ab/0x510 [ 74.550955][ T8463] _raw_spin_lock+0x2a/0x40 [ 74.557178][ T8463] evdev_pass_values.part.0+0xf6/0x970 [ 74.564541][ T8463] evdev_events+0x359/0x3e0 [ 74.571039][ T8463] input_to_handler+0x2a0/0x4c0 [ 74.577933][ T8463] input_pass_values.part.0+0x230/0x710 [ 74.586044][ T8463] input_handle_event+0x373/0x1440 [ 74.592773][ T8463] input_inject_event+0x1bd/0x320 [ 74.599485][ T8463] evdev_write+0x430/0x760 [ 74.605546][ T8463] vfs_write+0x28e/0xa40 [ 74.611352][ T8463] ksys_write+0x1ee/0x250 [ 74.617451][ T8463] do_syscall_64+0x35/0xb0 [ 74.623564][ T8463] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.631234][ T8463] } [ 74.633729][ T8463] ... key at: [] __key.4+0x0/0x40 [ 74.641185][ T8463] ... acquired at: [ 74.645091][ T8463] _raw_spin_lock+0x2a/0x40 [ 74.649852][ T8463] evdev_pass_values.part.0+0xf6/0x970 [ 74.655680][ T8463] evdev_events+0x359/0x3e0 [ 74.661048][ T8463] input_to_handler+0x2a0/0x4c0 [ 74.666389][ T8463] input_pass_values.part.0+0x230/0x710 [ 74.675161][ T8463] input_handle_event+0x373/0x1440 [ 74.680871][ T8463] input_inject_event+0x1bd/0x320 [ 74.686269][ T8463] evdev_write+0x430/0x760 [ 74.691728][ T8463] vfs_write+0x28e/0xa40 [ 74.696174][ T8463] ksys_write+0x1ee/0x250 [ 74.700903][ T8463] do_syscall_64+0x35/0xb0 [ 74.705504][ T8463] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.711583][ T8463] [ 74.714075][ T8463] [ 74.714075][ T8463] the dependencies between the lock to be acquired [ 74.714083][ T8463] and HARDIRQ-irq-unsafe lock: [ 74.728616][ T8463] -> (&new->fa_lock){.+.+}-{2:2} { [ 74.733727][ T8463] HARDIRQ-ON-R at: [ 74.737692][ T8463] lock_acquire+0x1ab/0x510 [ 74.743841][ T8463] _raw_read_lock+0x5b/0x70 [ 74.749996][ T8463] kill_fasync+0x132/0x460 [ 74.756162][ T8463] sock_wake_async+0xd2/0x160 [ 74.762484][ T8463] sk_wake_async+0x108/0x290 [ 74.768746][ T8463] tcp_rcv_state_process+0x1afe/0x4bd0 [ 74.776113][ T8463] tcp_v4_do_rcv+0x323/0x880 [ 74.782513][ T8463] __release_sock+0x134/0x3b0 [ 74.788919][ T8463] release_sock+0x54/0x1b0 [ 74.795093][ T8463] __inet_stream_connect+0x5db/0xed0 [ 74.802035][ T8463] tcp_sendmsg_locked+0x209e/0x2f10 [ 74.809167][ T8463] tcp_sendmsg+0x2b/0x40 [ 74.815472][ T8463] inet_sendmsg+0x99/0xe0 [ 74.821995][ T8463] sock_sendmsg+0xcf/0x120 [ 74.828056][ T8463] ____sys_sendmsg+0x6e8/0x810 [ 74.834574][ T8463] ___sys_sendmsg+0xf3/0x170 [ 74.840941][ T8463] __sys_sendmsg+0xe5/0x1b0 [ 74.847219][ T8463] do_syscall_64+0x35/0xb0 [ 74.853804][ T8463] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.861939][ T8463] SOFTIRQ-ON-R at: [ 74.865916][ T8463] lock_acquire+0x1ab/0x510 [ 74.872323][ T8463] _raw_read_lock+0x5b/0x70 [ 74.878639][ T8463] kill_fasync+0x132/0x460 [ 74.885088][ T8463] sock_wake_async+0xd2/0x160 [ 74.891419][ T8463] sk_wake_async+0x108/0x290 [ 74.898221][ T8463] tcp_rcv_state_process+0x1afe/0x4bd0 [ 74.906927][ T8463] tcp_v4_do_rcv+0x323/0x880 [ 74.913197][ T8463] __release_sock+0x134/0x3b0 [ 74.920115][ T8463] release_sock+0x54/0x1b0 [ 74.926670][ T8463] __inet_stream_connect+0x5db/0xed0 [ 74.933692][ T8463] tcp_sendmsg_locked+0x209e/0x2f10 [ 74.940851][ T8463] tcp_sendmsg+0x2b/0x40 [ 74.947108][ T8463] inet_sendmsg+0x99/0xe0 [ 74.953704][ T8463] sock_sendmsg+0xcf/0x120 [ 74.960241][ T8463] ____sys_sendmsg+0x6e8/0x810 [ 74.966826][ T8463] ___sys_sendmsg+0xf3/0x170 [ 74.973708][ T8463] __sys_sendmsg+0xe5/0x1b0 [ 74.980211][ T8463] do_syscall_64+0x35/0xb0 [ 74.986659][ T8463] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.995091][ T8463] INITIAL READ USE at: [ 74.999410][ T8463] lock_acquire+0x1ab/0x510 [ 75.005904][ T8463] _raw_read_lock+0x5b/0x70 [ 75.012631][ T8463] kill_fasync+0x132/0x460 [ 75.019121][ T8463] sock_wake_async+0xd2/0x160 [ 75.026020][ T8463] sk_wake_async+0x108/0x290 [ 75.032785][ T8463] tcp_rcv_state_process+0x1afe/0x4bd0 [ 75.040354][ T8463] tcp_v4_do_rcv+0x323/0x880 [ 75.047727][ T8463] __release_sock+0x134/0x3b0 [ 75.054747][ T8463] release_sock+0x54/0x1b0 [ 75.061441][ T8463] __inet_stream_connect+0x5db/0xed0 [ 75.069382][ T8463] tcp_sendmsg_locked+0x209e/0x2f10 [ 75.076974][ T8463] tcp_sendmsg+0x2b/0x40 [ 75.083452][ T8463] inet_sendmsg+0x99/0xe0 [ 75.089982][ T8463] sock_sendmsg+0xcf/0x120 [ 75.096912][ T8463] ____sys_sendmsg+0x6e8/0x810 [ 75.104120][ T8463] ___sys_sendmsg+0xf3/0x170 [ 75.110813][ T8463] __sys_sendmsg+0xe5/0x1b0 [ 75.117429][ T8463] do_syscall_64+0x35/0xb0 [ 75.123951][ T8463] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.132009][ T8463] } [ 75.134576][ T8463] ... key at: [] __key.0+0x0/0x40 [ 75.142197][ T8463] ... acquired at: [ 75.146371][ T8463] lock_acquire+0x1ab/0x510 [ 75.151317][ T8463] _raw_read_lock+0x5b/0x70 [ 75.156385][ T8463] kill_fasync+0x132/0x460 [ 75.161291][ T8463] evdev_pass_values.part.0+0x64e/0x970 [ 75.167696][ T8463] evdev_events+0x359/0x3e0 [ 75.173180][ T8463] input_to_handler+0x2a0/0x4c0 [ 75.179345][ T8463] input_pass_values.part.0+0x230/0x710 [ 75.185159][ T8463] input_handle_event+0x373/0x1440 [ 75.190875][ T8463] input_inject_event+0x1bd/0x320 [ 75.196592][ T8463] evdev_write+0x430/0x760 [ 75.202361][ T8463] vfs_write+0x28e/0xa40 [ 75.206994][ T8463] ksys_write+0x1ee/0x250 [ 75.212231][ T8463] do_syscall_64+0x35/0xb0 [ 75.217029][ T8463] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.224069][ T8463] [ 75.226542][ T8463] [ 75.226542][ T8463] stack backtrace: [ 75.233629][ T8463] CPU: 0 PID: 8463 Comm: syz-executor033 Not tainted 5.14.0-rc2-syzkaller #0 [ 75.243091][ T8463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.254186][ T8463] Call Trace: [ 75.257667][ T8463] dump_stack_lvl+0xcd/0x134 [ 75.262557][ T8463] check_irq_usage.cold+0x4c1/0x6b0 [ 75.268553][ T8463] ? is_bpf_text_address+0x99/0x170 [ 75.274414][ T8463] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 75.282375][ T8463] ? __kernel_text_address+0x9/0x30 [ 75.287849][ T8463] ? unwind_get_return_address+0x51/0x90 [ 75.294049][ T8463] ? check_path.constprop.0+0x24/0x50 [ 75.300480][ T8463] ? register_lock_class+0xb7/0x10c0 [ 75.306309][ T8463] ? stack_trace_save+0x8c/0xc0 [ 75.311439][ T8463] ? stack_trace_consume_entry+0x160/0x160 [ 75.317718][ T8463] ? lockdep_lock+0xc6/0x200 [ 75.322428][ T8463] ? call_rcu_zapped+0xb0/0xb0 [ 75.327450][ T8463] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 75.333948][ T8463] __lock_acquire+0x2a1f/0x54a0 [ 75.338879][ T8463] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 75.345426][ T8463] lock_acquire+0x1ab/0x510 [ 75.350020][ T8463] ? kill_fasync+0x132/0x460 [ 75.354747][ T8463] ? lock_release+0x720/0x720 [ 75.359499][ T8463] ? lock_release+0x720/0x720 [ 75.364360][ T8463] ? lock_release+0x720/0x720 [ 75.369109][ T8463] _raw_read_lock+0x5b/0x70 [ 75.374416][ T8463] ? kill_fasync+0x132/0x460 [ 75.379001][ T8463] kill_fasync+0x132/0x460 [ 75.383705][ T8463] evdev_pass_values.part.0+0x64e/0x970 [ 75.390405][ T8463] ? evdev_release+0x410/0x410 [ 75.395335][ T8463] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 75.401137][ T8463] evdev_events+0x359/0x3e0 [ 75.405721][ T8463] ? evdev_pass_values.part.0+0x970/0x970 [ 75.411961][ T8463] input_to_handler+0x2a0/0x4c0 [ 75.416825][ T8463] input_pass_values.part.0+0x230/0x710 [ 75.422631][ T8463] input_handle_event+0x373/0x1440 [ 75.428062][ T8463] input_inject_event+0x1bd/0x320 [ 75.433642][ T8463] evdev_write+0x430/0x760 [ 75.438259][ T8463] ? evdev_read+0xe40/0xe40 [ 75.442765][ T8463] ? security_file_permission+0x248/0x560 [ 75.448576][ T8463] ? evdev_read+0xe40/0xe40 [ 75.453618][ T8463] vfs_write+0x28e/0xa40 [ 75.458123][ T8463] ksys_write+0x1ee/0x250 [ 75.464028][ T8463] ? __ia32_sys_read+0xb0/0xb0 [ 75.469138][ T8463] ? syscall_enter_from_user_mode+0x21/0x70 [ 75.475245][ T8463] do_syscall_64+0x35/0xb0 [ 75.479796][ T8463] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.486093][ T8463] RIP: 0033:0x447879 [ 75.490206][ T8463] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 75.511562][ T8463] RSP: 002b:00007ffe68b9efd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 75.521178][ T8463] RAX: ffffffffffffffda RBX: 00007ffe68b9efe8 RCX: 0000000000447879 [ 75.529797][ T8463] RDX: 0000000000035000 RSI: 0000000020000040 RDI: 0000000000000004 [ 75.538035][ T8463] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 75.546096][ T8463] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe68b9eff0 [ 75.554253][ T8463] R13: 00007ffe68b9f010 R14: 00000000004b8018 R15: 00000000004004b8