./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1794888208 <...> Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. execve("./syz-executor1794888208", ["./syz-executor1794888208"], 0x7fffbd192de0 /* 10 vars */) = 0 brk(NULL) = 0x5555568df000 brk(0x5555568dfc40) = 0x5555568dfc40 arch_prctl(ARCH_SET_FS, 0x5555568df300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1794888208", 4096) = 28 brk(0x555556900c40) = 0x555556900c40 brk(0x555556901000) = 0x555556901000 mprotect(0x7fc48f6a0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_UNIX, SOCK_DGRAM, 0) = 3 bind(3, {sa_family=AF_UNIX, sun_path="\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b"}, 110) = 0 ioctl(3, FIOSETOWN, [-1]) = 0 ioctl(3, FIOASYNC, [2]) = 0 socket(AF_UNIX, SOCK_DGRAM, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b"}, 110) = 0 sendmmsg(4, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, ...], 3682232011, MSG_DONTWAIT|MSG_EOR|MSG_FIN|MSG_SYN|MSG_CONFIRM|MSG_RST|MSG_ERRQUEUE) = 11 openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 ioctl(5, FIOASYNC, [233]) = 0 openat(AT_FDCWD, "/dev/input/event0", O_RDWR|O_NOFOLLOW) = 6 [ 42.509634][ T3605] [ 42.511990][ T3605] ===================================================== [ 42.518898][ T3605] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 42.526414][ T3605] 6.0.0-rc5-syzkaller-00097-g38eddeedbbea #0 Not tainted [ 42.533406][ T3605] ----------------------------------------------------- [ 42.540497][ T3605] syz-executor179/3605 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 42.548539][ T3605] ffff8880748a70c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x136/0x470 [ 42.557228][ T3605] [ 42.557228][ T3605] and this task is already holding: [ 42.564745][ T3605] ffff8880179ff028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 42.575172][ T3605] which would create a new lock dependency: [ 42.581127][ T3605] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 42.589196][ T3605] [ 42.589196][ T3605] but this new dependency connects a HARDIRQ-irq-safe lock: [ 42.598621][ T3605] (&dev->event_lock#2){-...}-{2:2} [ 42.598641][ T3605] [ 42.598641][ T3605] ... which became HARDIRQ-irq-safe at: [ 42.611598][ T3605] lock_acquire+0x1ab/0x570 [ 42.616168][ T3605] _raw_spin_lock_irqsave+0x39/0x50 [ 42.621475][ T3605] input_event+0x6c/0xa0 [ 42.625796][ T3605] psmouse_report_standard_buttons+0x2c/0x80 [ 42.631847][ T3605] psmouse_process_byte+0x1e1/0x890 [ 42.637110][ T3605] psmouse_handle_byte+0x41/0x1b0 [ 42.642198][ T3605] psmouse_interrupt+0x304/0xf00 [ 42.647198][ T3605] serio_interrupt+0x88/0x150 [ 42.652043][ T3605] i8042_interrupt+0x27a/0x520 [ 42.656882][ T3605] __handle_irq_event_percpu+0x227/0x870 [ 42.662586][ T3605] handle_irq_event+0xa7/0x1e0 [ 42.667420][ T3605] handle_edge_irq+0x25f/0xd00 [ 42.672258][ T3605] __common_interrupt+0x9d/0x210 [ 42.677263][ T3605] common_interrupt+0xa4/0xc0 [ 42.682041][ T3605] asm_common_interrupt+0x22/0x40 [ 42.687133][ T3605] __sanitizer_cov_trace_pc+0xd/0x60 [ 42.692573][ T3605] do_exit+0x180c/0x29b0 [ 42.696879][ T3605] call_usermodehelper_exec_async+0x418/0x580 [ 42.703098][ T3605] ret_from_fork+0x1f/0x30 [ 42.707582][ T3605] [ 42.707582][ T3605] to a HARDIRQ-irq-unsafe lock: [ 42.714660][ T3605] (tasklist_lock){.+.+}-{2:2} [ 42.714676][ T3605] [ 42.714676][ T3605] ... which became HARDIRQ-irq-unsafe at: [ 42.727440][ T3605] ... [ 42.727447][ T3605] lock_acquire+0x1ab/0x570 [ 42.734602][ T3605] _raw_read_lock+0x5b/0x70 [ 42.739176][ T3605] do_wait+0x27f/0xce0 [ 42.743310][ T3605] kernel_wait+0x9c/0x150 [ 42.747704][ T3605] call_usermodehelper_exec_work+0xf5/0x180 [ 42.753747][ T3605] process_one_work+0x991/0x1610 [ 42.758750][ T3605] worker_thread+0x665/0x1080 [ 42.763497][ T3605] kthread+0x2e4/0x3a0 [ 42.767642][ T3605] ret_from_fork+0x1f/0x30 [ 42.772134][ T3605] [ 42.772134][ T3605] other info that might help us debug this: [ 42.772134][ T3605] [ 42.782359][ T3605] Chain exists of: [ 42.782359][ T3605] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 42.782359][ T3605] [ 42.795897][ T3605] Possible interrupt unsafe locking scenario: [ 42.795897][ T3605] [ 42.804205][ T3605] CPU0 CPU1 [ 42.809552][ T3605] ---- ---- [ 42.814891][ T3605] lock(tasklist_lock); [ 42.819109][ T3605] local_irq_disable(); [ 42.825836][ T3605] lock(&dev->event_lock#2); [ 42.833017][ T3605] lock(&client->buffer_lock); [ 42.840803][ T3605] [ 42.844232][ T3605] lock(&dev->event_lock#2); [ 42.849063][ T3605] [ 42.849063][ T3605] *** DEADLOCK *** [ 42.849063][ T3605] [ 42.857183][ T3605] 7 locks held by syz-executor179/3605: [ 42.862702][ T3605] #0: ffff888147f3a110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 42.871815][ T3605] #1: ffff88801b40f230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0x9b/0x320 [ 42.881888][ T3605] #2: ffffffff8bf89400 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x87/0x320 [ 42.891524][ T3605] #3: ffffffff8bf89400 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 42.901589][ T3605] #4: ffffffff8bf89400 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 [ 42.910700][ T3605] #5: ffff8880179ff028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 42.921546][ T3605] #6: ffffffff8bf89400 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x41/0x470 [ 42.930651][ T3605] [ 42.930651][ T3605] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 42.941102][ T3605] -> (&dev->event_lock#2){-...}-{2:2} { [ 42.946725][ T3605] IN-HARDIRQ-W at: [ 42.950769][ T3605] lock_acquire+0x1ab/0x570 [ 42.957074][ T3605] _raw_spin_lock_irqsave+0x39/0x50 [ 42.964076][ T3605] input_event+0x6c/0xa0 [ 42.970139][ T3605] psmouse_report_standard_buttons+0x2c/0x80 [ 42.977922][ T3605] psmouse_process_byte+0x1e1/0x890 [ 42.984923][ T3605] psmouse_handle_byte+0x41/0x1b0 [ 42.991750][ T3605] psmouse_interrupt+0x304/0xf00 [ 42.998491][ T3605] serio_interrupt+0x88/0x150 [ 43.004971][ T3605] i8042_interrupt+0x27a/0x520 [ 43.011625][ T3605] __handle_irq_event_percpu+0x227/0x870 [ 43.019062][ T3605] handle_irq_event+0xa7/0x1e0 [ 43.025628][ T3605] handle_edge_irq+0x25f/0xd00 [ 43.032194][ T3605] __common_interrupt+0x9d/0x210 [ 43.038938][ T3605] common_interrupt+0xa4/0xc0 [ 43.045434][ T3605] asm_common_interrupt+0x22/0x40 [ 43.052277][ T3605] __sanitizer_cov_trace_pc+0xd/0x60 [ 43.059564][ T3605] do_exit+0x180c/0x29b0 [ 43.065611][ T3605] call_usermodehelper_exec_async+0x418/0x580 [ 43.073488][ T3605] ret_from_fork+0x1f/0x30 [ 43.079717][ T3605] INITIAL USE at: [ 43.083673][ T3605] lock_acquire+0x1ab/0x570 [ 43.089899][ T3605] _raw_spin_lock_irqsave+0x39/0x50 [ 43.096811][ T3605] input_inject_event+0x9b/0x320 [ 43.103467][ T3605] led_set_brightness_nosleep+0xe6/0x1a0 [ 43.110819][ T3605] led_set_brightness+0x134/0x170 [ 43.117560][ T3605] led_trigger_event+0xb0/0x200 [ 43.124127][ T3605] kbd_led_trigger_activate+0xc9/0x100 [ 43.131308][ T3605] led_trigger_set+0x5d7/0xaf0 [ 43.137788][ T3605] led_trigger_set_default+0x1a6/0x230 [ 43.144963][ T3605] led_classdev_register_ext+0x56f/0x760 [ 43.152314][ T3605] input_leds_connect+0x4bd/0x860 [ 43.159059][ T3605] input_attach_handler+0x180/0x1f0 [ 43.165970][ T3605] input_register_device.cold+0xf0/0x2ff [ 43.173319][ T3605] atkbd_connect+0x749/0xa10 [ 43.179678][ T3605] serio_driver_probe+0x72/0xa0 [ 43.186253][ T3605] really_probe+0x249/0xb90 [ 43.192476][ T3605] __driver_probe_device+0x1df/0x4d0 [ 43.199483][ T3605] driver_probe_device+0x4c/0x1a0 [ 43.206239][ T3605] __driver_attach+0x1d0/0x550 [ 43.212719][ T3605] bus_for_each_dev+0x147/0x1d0 [ 43.219286][ T3605] serio_handle_event+0x5f6/0xa30 [ 43.226029][ T3605] process_one_work+0x991/0x1610 [ 43.232776][ T3605] worker_thread+0x665/0x1080 [ 43.239174][ T3605] kthread+0x2e4/0x3a0 [ 43.244959][ T3605] ret_from_fork+0x1f/0x30 [ 43.251097][ T3605] } [ 43.253747][ T3605] ... key at: [] __key.7+0x0/0x40 [ 43.260930][ T3605] -> (&client->buffer_lock){....}-{2:2} { [ 43.266640][ T3605] INITIAL USE at: [ 43.270531][ T3605] lock_acquire+0x1ab/0x570 [ 43.276599][ T3605] _raw_spin_lock+0x2a/0x40 [ 43.282820][ T3605] evdev_pass_values.part.0+0xf6/0x960 [ 43.289844][ T3605] evdev_events+0x359/0x3e0 [ 43.295891][ T3605] input_to_handler+0x2a0/0x4c0 [ 43.302371][ T3605] input_pass_values.part.0+0x230/0x710 [ 43.309553][ T3605] input_event_dispose+0x5cf/0x730 [ 43.316211][ T3605] input_handle_event+0x112/0xda0 [ 43.322776][ T3605] input_inject_event+0x1c4/0x320 [ 43.329344][ T3605] evdev_write+0x430/0x760 [ 43.335300][ T3605] vfs_write+0x2d7/0xdd0 [ 43.341085][ T3605] ksys_write+0x1e8/0x250 [ 43.346973][ T3605] do_syscall_64+0x35/0xb0 [ 43.352934][ T3605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 43.360460][ T3605] } [ 43.362935][ T3605] ... key at: [] __key.3+0x0/0x40 [ 43.370032][ T3605] ... acquired at: [ 43.373812][ T3605] _raw_spin_lock+0x2a/0x40 [ 43.378470][ T3605] evdev_pass_values.part.0+0xf6/0x960 [ 43.384175][ T3605] evdev_events+0x359/0x3e0 [ 43.388830][ T3605] input_to_handler+0x2a0/0x4c0 [ 43.393830][ T3605] input_pass_values.part.0+0x230/0x710 [ 43.399550][ T3605] input_event_dispose+0x5cf/0x730 [ 43.404814][ T3605] input_handle_event+0x112/0xda0 [ 43.409991][ T3605] input_inject_event+0x1c4/0x320 [ 43.415169][ T3605] evdev_write+0x430/0x760 [ 43.419735][ T3605] vfs_write+0x2d7/0xdd0 [ 43.424216][ T3605] ksys_write+0x1e8/0x250 [ 43.428696][ T3605] do_syscall_64+0x35/0xb0 [ 43.433279][ T3605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 43.439324][ T3605] [ 43.441623][ T3605] [ 43.441623][ T3605] the dependencies between the lock to be acquired [ 43.441628][ T3605] and HARDIRQ-irq-unsafe lock: [ 43.455202][ T3605] -> (tasklist_lock){.+.+}-{2:2} { [ 43.460477][ T3605] HARDIRQ-ON-R at: [ 43.464608][ T3605] lock_acquire+0x1ab/0x570 [ 43.471090][ T3605] _raw_read_lock+0x5b/0x70 [ 43.477574][ T3605] do_wait+0x27f/0xce0 [ 43.483618][ T3605] kernel_wait+0x9c/0x150 [ 43.489922][ T3605] call_usermodehelper_exec_work+0xf5/0x180 [ 43.497793][ T3605] process_one_work+0x991/0x1610 [ 43.504706][ T3605] worker_thread+0x665/0x1080 [ 43.511358][ T3605] kthread+0x2e4/0x3a0 [ 43.517401][ T3605] ret_from_fork+0x1f/0x30 [ 43.523809][ T3605] SOFTIRQ-ON-R at: [ 43.527939][ T3605] lock_acquire+0x1ab/0x570 [ 43.534419][ T3605] _raw_read_lock+0x5b/0x70 [ 43.540901][ T3605] do_wait+0x27f/0xce0 [ 43.547034][ T3605] kernel_wait+0x9c/0x150 [ 43.553339][ T3605] call_usermodehelper_exec_work+0xf5/0x180 [ 43.561211][ T3605] process_one_work+0x991/0x1610 [ 43.568128][ T3605] worker_thread+0x665/0x1080 [ 43.574781][ T3605] kthread+0x2e4/0x3a0 [ 43.580826][ T3605] ret_from_fork+0x1f/0x30 [ 43.587217][ T3605] INITIAL USE at: [ 43.591262][ T3605] lock_acquire+0x1ab/0x570 [ 43.597659][ T3605] _raw_write_lock_irq+0x32/0x50 [ 43.604488][ T3605] copy_process+0x449b/0x7090 [ 43.611142][ T3605] kernel_clone+0xe7/0xab0 [ 43.617451][ T3605] user_mode_thread+0xad/0xe0 [ 43.624023][ T3605] rest_init+0x23/0x270 [ 43.630069][ T3605] arch_call_rest_init+0xf/0x14 [ 43.636826][ T3605] start_kernel+0x46e/0x48f [ 43.643220][ T3605] secondary_startup_64_no_verify+0xce/0xdb [ 43.651006][ T3605] INITIAL READ USE at: [ 43.655483][ T3605] lock_acquire+0x1ab/0x570 [ 43.662325][ T3605] _raw_read_lock+0x5b/0x70 [ 43.669169][ T3605] do_wait+0x27f/0xce0 [ 43.675560][ T3605] kernel_wait+0x9c/0x150 [ 43.682214][ T3605] call_usermodehelper_exec_work+0xf5/0x180 [ 43.690435][ T3605] process_one_work+0x991/0x1610 [ 43.697783][ T3605] worker_thread+0x665/0x1080 [ 43.704781][ T3605] kthread+0x2e4/0x3a0 [ 43.711173][ T3605] ret_from_fork+0x1f/0x30 [ 43.717916][ T3605] } [ 43.720562][ T3605] ... key at: [] tasklist_lock+0x18/0x40 [ 43.728439][ T3605] ... acquired at: [ 43.732388][ T3605] _raw_read_lock+0x5b/0x70 [ 43.737040][ T3605] send_sigio+0xab/0x370 [ 43.741437][ T3605] kill_fasync+0x1f8/0x470 [ 43.746006][ T3605] sock_wake_async+0xd2/0x160 [ 43.750837][ T3605] sock_def_readable+0x349/0x4e0 [ 43.755923][ T3605] unix_dgram_sendmsg+0xf88/0x1b50 [ 43.761191][ T3605] sock_sendmsg+0xcf/0x120 [ 43.765758][ T3605] ____sys_sendmsg+0x334/0x810 [ 43.770765][ T3605] ___sys_sendmsg+0x110/0x1b0 [ 43.775614][ T3605] __sys_sendmmsg+0x18b/0x460 [ 43.780443][ T3605] __x64_sys_sendmmsg+0x99/0x100 [ 43.785534][ T3605] do_syscall_64+0x35/0xb0 [ 43.790104][ T3605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 43.796165][ T3605] [ 43.798472][ T3605] -> (&f->f_owner.lock){....}-{2:2} { [ 43.804009][ T3605] INITIAL USE at: [ 43.808051][ T3605] lock_acquire+0x1ab/0x570 [ 43.814270][ T3605] _raw_write_lock_irq+0x32/0x50 [ 43.820922][ T3605] f_modown+0x2a/0x390 [ 43.826704][ T3605] f_setown+0xd7/0x230 [ 43.832487][ T3605] sock_ioctl+0x37e/0x640 [ 43.838621][ T3605] __x64_sys_ioctl+0x193/0x200 [ 43.845123][ T3605] do_syscall_64+0x35/0xb0 [ 43.851258][ T3605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 43.858870][ T3605] INITIAL READ USE at: [ 43.863273][ T3605] lock_acquire+0x1ab/0x570 [ 43.870016][ T3605] _raw_read_lock_irqsave+0x70/0x90 [ 43.877366][ T3605] send_sigio+0x24/0x370 [ 43.883756][ T3605] kill_fasync+0x1f8/0x470 [ 43.890324][ T3605] sock_wake_async+0xd2/0x160 [ 43.897168][ T3605] sock_def_readable+0x349/0x4e0 [ 43.904265][ T3605] unix_dgram_sendmsg+0xf88/0x1b50 [ 43.911530][ T3605] sock_sendmsg+0xcf/0x120 [ 43.918096][ T3605] ____sys_sendmsg+0x334/0x810 [ 43.925007][ T3605] ___sys_sendmsg+0x110/0x1b0 [ 43.931830][ T3605] __sys_sendmmsg+0x18b/0x460 [ 43.938700][ T3605] __x64_sys_sendmmsg+0x99/0x100 [ 43.945786][ T3605] do_syscall_64+0x35/0xb0 [ 43.952356][ T3605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 43.960486][ T3605] } [ 43.963048][ T3605] ... key at: [] __key.5+0x0/0x40 [ 43.970228][ T3605] ... acquired at: [ 43.974094][ T3605] _raw_read_lock_irqsave+0x70/0x90 [ 43.979445][ T3605] send_sigio+0x24/0x370 [ 43.983839][ T3605] kill_fasync+0x1f8/0x470 [ 43.988403][ T3605] sock_wake_async+0xd2/0x160 [ 43.993237][ T3605] sock_def_readable+0x349/0x4e0 [ 43.998327][ T3605] unix_dgram_sendmsg+0xf88/0x1b50 [ 44.003595][ T3605] sock_sendmsg+0xcf/0x120 [ 44.008178][ T3605] ____sys_sendmsg+0x334/0x810 [ 44.013093][ T3605] ___sys_sendmsg+0x110/0x1b0 [ 44.017938][ T3605] __sys_sendmmsg+0x18b/0x460 [ 44.022781][ T3605] __x64_sys_sendmmsg+0x99/0x100 [ 44.027974][ T3605] do_syscall_64+0x35/0xb0 [ 44.032556][ T3605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.038602][ T3605] [ 44.040901][ T3605] -> (&new->fa_lock){....}-{2:2} { [ 44.046019][ T3605] INITIAL READ USE at: [ 44.050323][ T3605] lock_acquire+0x1ab/0x570 [ 44.056807][ T3605] _raw_read_lock_irqsave+0x70/0x90 [ 44.063986][ T3605] kill_fasync+0x136/0x470 [ 44.070377][ T3605] sock_wake_async+0xd2/0x160 [ 44.077029][ T3605] sock_def_readable+0x349/0x4e0 [ 44.083944][ T3605] unix_dgram_sendmsg+0xf88/0x1b50 [ 44.091036][ T3605] sock_sendmsg+0xcf/0x120 [ 44.097435][ T3605] ____sys_sendmsg+0x334/0x810 [ 44.104185][ T3605] ___sys_sendmsg+0x110/0x1b0 [ 44.110837][ T3605] __sys_sendmmsg+0x18b/0x460 [ 44.117491][ T3605] __x64_sys_sendmmsg+0x99/0x100 [ 44.124433][ T3605] do_syscall_64+0x35/0xb0 [ 44.130826][ T3605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.138698][ T3605] } [ 44.141172][ T3605] ... key at: [] __key.0+0x0/0x40 [ 44.148260][ T3605] ... acquired at: [ 44.152038][ T3605] lock_acquire+0x1ab/0x570 [ 44.156693][ T3605] _raw_read_lock_irqsave+0x70/0x90 [ 44.162045][ T3605] kill_fasync+0x136/0x470 [ 44.166611][ T3605] evdev_pass_values.part.0+0x667/0x960 [ 44.172317][ T3605] evdev_events+0x359/0x3e0 [ 44.176975][ T3605] input_to_handler+0x2a0/0x4c0 [ 44.181980][ T3605] input_pass_values.part.0+0x230/0x710 [ 44.187708][ T3605] input_event_dispose+0x5cf/0x730 [ 44.192973][ T3605] input_handle_event+0x112/0xda0 [ 44.198153][ T3605] input_inject_event+0x1c4/0x320 [ 44.203329][ T3605] evdev_write+0x430/0x760 [ 44.207894][ T3605] vfs_write+0x2d7/0xdd0 [ 44.212290][ T3605] ksys_write+0x1e8/0x250 [ 44.216785][ T3605] do_syscall_64+0x35/0xb0 [ 44.221354][ T3605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.227489][ T3605] [ 44.229788][ T3605] [ 44.229788][ T3605] stack backtrace: [ 44.235655][ T3605] CPU: 1 PID: 3605 Comm: syz-executor179 Not tainted 6.0.0-rc5-syzkaller-00097-g38eddeedbbea #0 [ 44.246051][ T3605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 44.256102][ T3605] Call Trace: [ 44.259393][ T3605] [ 44.262309][ T3605] dump_stack_lvl+0xcd/0x134 [ 44.266886][ T3605] check_irq_usage.cold+0x4c1/0x6b0 [ 44.272068][ T3605] ? lock_downgrade+0x6e0/0x6e0 [ 44.276897][ T3605] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 44.283993][ T3605] ? mark_lock.part.0+0xee/0x1910 [ 44.289094][ T3605] ? check_path.constprop.0+0x24/0x50 [ 44.294446][ T3605] ? register_lock_class+0xbe/0x1120 [ 44.299799][ T3605] ? lock_chain_count+0x20/0x20 [ 44.304632][ T3605] ? do_raw_spin_unlock+0x171/0x230 [ 44.309895][ T3605] ? is_dynamic_key.part.0+0x130/0x130 [ 44.315332][ T3605] ? try_to_wake_up+0x100/0x1e60 [ 44.320249][ T3605] __lock_acquire+0x2a5b/0x56d0 [ 44.325082][ T3605] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 44.331041][ T3605] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 44.337002][ T3605] lock_acquire+0x1ab/0x570 [ 44.341485][ T3605] ? kill_fasync+0x136/0x470 [ 44.346053][ T3605] ? lock_release+0x780/0x780 [ 44.350707][ T3605] ? lock_release+0x780/0x780 [ 44.355448][ T3605] ? lock_release+0x780/0x780 [ 44.360102][ T3605] ? __wake_up_common+0x650/0x650 [ 44.365107][ T3605] _raw_read_lock_irqsave+0x70/0x90 [ 44.370292][ T3605] ? kill_fasync+0x136/0x470 [ 44.374861][ T3605] kill_fasync+0x136/0x470 [ 44.379274][ T3605] evdev_pass_values.part.0+0x667/0x960 [ 44.384819][ T3605] ? evdev_free+0x70/0x70 [ 44.389130][ T3605] ? ktime_mono_to_any+0xb5/0x1e0 [ 44.394137][ T3605] evdev_events+0x359/0x3e0 [ 44.398621][ T3605] ? evdev_connect+0x4b0/0x4b0 [ 44.403367][ T3605] input_to_handler+0x2a0/0x4c0 [ 44.408197][ T3605] input_pass_values.part.0+0x230/0x710 [ 44.413722][ T3605] input_event_dispose+0x5cf/0x730 [ 44.418814][ T3605] input_handle_event+0x112/0xda0 [ 44.423839][ T3605] input_inject_event+0x1c4/0x320 [ 44.428861][ T3605] evdev_write+0x430/0x760 [ 44.433260][ T3605] ? evdev_read+0xe30/0xe30 [ 44.437755][ T3605] ? apparmor_file_permission+0x264/0x4e0 [ 44.443454][ T3605] ? bpf_lsm_file_permission+0x5/0x10 [ 44.448810][ T3605] ? security_file_permission+0xab/0xd0 [ 44.454336][ T3605] vfs_write+0x2d7/0xdd0 [ 44.458561][ T3605] ? evdev_read+0xe30/0xe30 [ 44.463042][ T3605] ? vfs_read+0x930/0x930 [ 44.467349][ T3605] ? find_held_lock+0x2d/0x110 [ 44.472091][ T3605] ? ptrace_notify+0xfa/0x140 [ 44.476744][ T3605] ? lock_downgrade+0x6e0/0x6e0 [ 44.481576][ T3605] ? __fget_light+0x20a/0x270 [ 44.486234][ T3605] ksys_write+0x1e8/0x250 [ 44.490542][ T3605] ? __ia32_sys_read+0xb0/0xb0 [ 44.495289][ T3605] ? lockdep_hardirqs_on+0x79/0x100 [ 44.500470][ T3605] ? _raw_spin_unlock_irq+0x2a/0x40 [ 44.505644][ T3605] ? ptrace_notify+0xfa/0x140 [ 44.510300][ T3605] do_syscall_64+0x35/0xb0 [ 44.514694][ T3605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.520566][ T3605] RIP: 0033:0x7fc48f633829 [ 44.524961][ T3605] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 44.544549][ T3605] RSP: 002b:00007fff857777d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 44.552944][ T3605] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc48f633829 write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x10\x27\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 121) = 120 exit_group(0) = ? +++ exited with 0 +++ [ 44.560897][ T3605] RDX: 0000000000000079 RSI: 000000002004d000 RDI: 0000000000000006