./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2132881861 <...> Warning: Permanently added '10.128.0.197' (ECDSA) to the list of known hosts. execve("./syz-executor2132881861", ["./syz-executor2132881861"], 0x7fff8f05e790 /* 10 vars */) = 0 brk(NULL) = 0x555556aa0000 brk(0x555556aa0c40) = 0x555556aa0c40 arch_prctl(ARCH_SET_FS, 0x555556aa0300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2132881861", 4096) = 28 brk(0x555556ac1c40) = 0x555556ac1c40 brk(0x555556ac2000) = 0x555556ac2000 mprotect(0x7fe2579db000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 inotify_init1(0) = 3 inotify_add_watch(3, ".", IN_OPEN|IN_MOVED_TO|IN_CREATE|IN_DELETE|IN_MOVE_SELF|IN_ONLYDIR|IN_EXCL_UNLINK|IN_MASK_ADD|IN_ISDIR|IN_ONESHOT) = 1 ioctl(3, FIOASYNC, [1]) = 0 fcntl(3, F_SETOWN, -1) = 0 openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000) = 5 ioctl(-1, HIDIOCGUSAGES, 0x20000080) = -1 EBADF (Bad file descriptor) openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 6 ioctl(6, FIOASYNC, [3]) = 0 [ 83.110018][ T5085] [ 83.112402][ T5085] ===================================================== [ 83.119345][ T5085] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 83.126798][ T5085] 6.2.0-next-20230225-syzkaller #0 Not tainted [ 83.132954][ T5085] ----------------------------------------------------- [ 83.139912][ T5085] syz-executor213/5085 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 83.147981][ T5085] ffff888073c280c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x139/0x4f0 [ 83.156749][ T5085] [ 83.156749][ T5085] and this task is already holding: [ 83.164206][ T5085] ffff888027276028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 83.174664][ T5085] which would create a new lock dependency: [ 83.180549][ T5085] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 83.188664][ T5085] [ 83.188664][ T5085] but this new dependency connects a HARDIRQ-irq-safe lock: [ 83.198137][ T5085] (&dev->event_lock#2){-...}-{2:2} [ 83.198177][ T5085] [ 83.198177][ T5085] ... which became HARDIRQ-irq-safe at: [ 83.211096][ T5085] lock_acquire.part.0+0x11a/0x370 [ 83.216316][ T5085] _raw_spin_lock_irqsave+0x3d/0x60 [ 83.221638][ T5085] input_event+0x70/0xa0 [ 83.226011][ T5085] psmouse_report_standard_buttons+0x30/0x80 [ 83.232121][ T5085] psmouse_process_byte+0x39e/0x8b0 [ 83.237473][ T5085] psmouse_handle_byte+0x41/0x560 [ 83.242614][ T5085] psmouse_interrupt+0x308/0x12a0 [ 83.247752][ T5085] serio_interrupt+0x8c/0x150 [ 83.252536][ T5085] i8042_interrupt+0x3a9/0x820 [ 83.257411][ T5085] __handle_irq_event_percpu+0x264/0x9f0 [ 83.263162][ T5085] handle_irq_event+0xab/0x1e0 [ 83.268045][ T5085] handle_edge_irq+0x263/0xd00 [ 83.272943][ T5085] __common_interrupt+0xa1/0x220 [ 83.278002][ T5085] common_interrupt+0xa8/0xd0 [ 83.282907][ T5085] asm_common_interrupt+0x26/0x40 [ 83.288038][ T5085] _raw_spin_unlock_irqrestore+0x3c/0x70 [ 83.293776][ T5085] debug_check_no_obj_freed+0x210/0x420 [ 83.299429][ T5085] remove_vm_area+0x1b6/0x400 [ 83.304225][ T5085] vfree+0x8f/0x7e0 [ 83.308158][ T5085] delayed_vfree_work+0x57/0x70 [ 83.313130][ T5085] process_one_work+0x9bf/0x1820 [ 83.318182][ T5085] worker_thread+0x669/0x1090 [ 83.322967][ T5085] kthread+0x2e8/0x3a0 [ 83.327139][ T5085] ret_from_fork+0x1f/0x30 [ 83.331667][ T5085] [ 83.331667][ T5085] to a HARDIRQ-irq-unsafe lock: [ 83.338687][ T5085] (tasklist_lock){.+.+}-{2:2} [ 83.338719][ T5085] [ 83.338719][ T5085] ... which became HARDIRQ-irq-unsafe at: [ 83.351370][ T5085] ... [ 83.351378][ T5085] lock_acquire.part.0+0x11a/0x370 [ 83.359179][ T5085] _raw_read_lock+0x5f/0x70 [ 83.363794][ T5085] do_wait+0x2b7/0xd90 [ 83.367966][ T5085] kernel_wait+0xa0/0x150 [ 83.372401][ T5085] call_usermodehelper_exec_work+0xf9/0x180 [ 83.378405][ T5085] process_one_work+0x9bf/0x1820 [ 83.383469][ T5085] worker_thread+0x669/0x1090 [ 83.388253][ T5085] kthread+0x2e8/0x3a0 [ 83.392451][ T5085] ret_from_fork+0x1f/0x30 [ 83.397000][ T5085] [ 83.397000][ T5085] other info that might help us debug this: [ 83.397000][ T5085] [ 83.407229][ T5085] Chain exists of: [ 83.407229][ T5085] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 83.407229][ T5085] [ 83.420828][ T5085] Possible interrupt unsafe locking scenario: [ 83.420828][ T5085] [ 83.429149][ T5085] CPU0 CPU1 [ 83.434526][ T5085] ---- ---- [ 83.439893][ T5085] lock(tasklist_lock); [ 83.444160][ T5085] local_irq_disable(); [ 83.450915][ T5085] lock(&dev->event_lock#2); [ 83.458134][ T5085] lock(&client->buffer_lock); [ 83.465612][ T5085] [ 83.469072][ T5085] lock(&dev->event_lock#2); [ 83.473949][ T5085] [ 83.473949][ T5085] *** DEADLOCK *** [ 83.473949][ T5085] [ 83.482105][ T5085] 7 locks held by syz-executor213/5085: [ 83.487652][ T5085] #0: ffff8881475fa110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d7/0x760 [ 83.496815][ T5085] #1: ffff888146201230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0x9f/0x390 [ 83.506959][ T5085] #2: ffffffff8c797700 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x8b/0x390 [ 83.516669][ T5085] #3: ffffffff8c797700 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x760 [ 83.526811][ T5085] #4: ffffffff8c797700 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x5d/0x430 [ 83.535993][ T5085] #5: ffff888027276028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 83.546825][ T5085] #6: ffffffff8c797700 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x45/0x4f0 [ 83.555923][ T5085] [ 83.555923][ T5085] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 83.566327][ T5085] -> (&dev->event_lock#2){-...}-{2:2} { [ 83.571988][ T5085] IN-HARDIRQ-W at: [ 83.576056][ T5085] lock_acquire.part.0+0x11a/0x370 [ 83.583005][ T5085] _raw_spin_lock_irqsave+0x3d/0x60 [ 83.590041][ T5085] input_event+0x70/0xa0 [ 83.596140][ T5085] psmouse_report_standard_buttons+0x30/0x80 [ 83.603966][ T5085] psmouse_process_byte+0x39e/0x8b0 [ 83.611020][ T5085] psmouse_handle_byte+0x41/0x560 [ 83.617910][ T5085] psmouse_interrupt+0x308/0x12a0 [ 83.624812][ T5085] serio_interrupt+0x8c/0x150 [ 83.631331][ T5085] i8042_interrupt+0x3a9/0x820 [ 83.637935][ T5085] __handle_irq_event_percpu+0x264/0x9f0 [ 83.645416][ T5085] handle_irq_event+0xab/0x1e0 [ 83.652030][ T5085] handle_edge_irq+0x263/0xd00 [ 83.658666][ T5085] __common_interrupt+0xa1/0x220 [ 83.665452][ T5085] common_interrupt+0xa8/0xd0 [ 83.671974][ T5085] asm_common_interrupt+0x26/0x40 [ 83.678848][ T5085] _raw_spin_unlock_irqrestore+0x3c/0x70 [ 83.686333][ T5085] debug_check_no_obj_freed+0x210/0x420 [ 83.693718][ T5085] remove_vm_area+0x1b6/0x400 [ 83.700253][ T5085] vfree+0x8f/0x7e0 [ 83.705914][ T5085] delayed_vfree_work+0x57/0x70 [ 83.712645][ T5085] process_one_work+0x9bf/0x1820 [ 83.719437][ T5085] worker_thread+0x669/0x1090 [ 83.725971][ T5085] kthread+0x2e8/0x3a0 [ 83.731881][ T5085] ret_from_fork+0x1f/0x30 [ 83.738147][ T5085] INITIAL USE at: [ 83.742242][ T5085] lock_acquire.part.0+0x11a/0x370 [ 83.749200][ T5085] _raw_spin_lock_irqsave+0x3d/0x60 [ 83.756172][ T5085] input_inject_event+0x9f/0x390 [ 83.762884][ T5085] led_set_brightness_nosleep+0xea/0x1a0 [ 83.770283][ T5085] led_set_brightness+0x138/0x180 [ 83.777069][ T5085] led_trigger_event+0xb4/0x240 [ 83.783683][ T5085] kbd_led_trigger_activate+0xcd/0x110 [ 83.790915][ T5085] led_trigger_set+0x5d6/0xbb0 [ 83.797442][ T5085] led_trigger_set_default+0x1aa/0x230 [ 83.804675][ T5085] led_classdev_register_ext+0x5dd/0x840 [ 83.812113][ T5085] input_leds_connect+0x4b0/0x8f0 [ 83.818907][ T5085] input_attach_handler+0x184/0x260 [ 83.825898][ T5085] input_register_device+0xafd/0x10f0 [ 83.833050][ T5085] atkbd_connect+0x5ca/0xa20 [ 83.839410][ T5085] serio_driver_probe+0x76/0xa0 [ 83.846045][ T5085] really_probe+0x240/0xca0 [ 83.852331][ T5085] __driver_probe_device+0x1df/0x4d0 [ 83.859386][ T5085] driver_probe_device+0x4c/0x1a0 [ 83.866190][ T5085] __driver_attach+0x271/0x570 [ 83.872744][ T5085] bus_for_each_dev+0x12a/0x1c0 [ 83.879369][ T5085] serio_handle_event+0x2bf/0xba0 [ 83.886160][ T5085] process_one_work+0x9bf/0x1820 [ 83.892871][ T5085] worker_thread+0x669/0x1090 [ 83.899319][ T5085] kthread+0x2e8/0x3a0 [ 83.905146][ T5085] ret_from_fork+0x1f/0x30 [ 83.911419][ T5085] } [ 83.914021][ T5085] ... key at: [] __key.7+0x0/0x40 [ 83.921255][ T5085] -> (&client->buffer_lock){....}-{2:2} { [ 83.927013][ T5085] INITIAL USE at: [ 83.930915][ T5085] lock_acquire.part.0+0x11a/0x370 [ 83.937634][ T5085] _raw_spin_lock+0x2e/0x40 [ 83.943724][ T5085] evdev_pass_values.part.0+0xf6/0x960 [ 83.950766][ T5085] evdev_events+0x3b4/0x430 [ 83.956848][ T5085] input_to_handler+0x2a0/0x4c0 [ 83.963279][ T5085] input_pass_values.part.0+0x230/0x760 [ 83.970413][ T5085] input_event_dispose+0x5cf/0x730 [ 83.977128][ T5085] input_handle_event+0x120/0xe70 [ 83.983736][ T5085] input_inject_event+0x1c7/0x390 [ 83.990443][ T5085] evdev_write+0x434/0x760 [ 83.996463][ T5085] vfs_write+0x2db/0xe10 [ 84.002287][ T5085] ksys_write+0x1ec/0x250 [ 84.008196][ T5085] do_syscall_64+0x39/0xb0 [ 84.014200][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.021677][ T5085] } [ 84.024182][ T5085] ... key at: [] __key.3+0x0/0x40 [ 84.031328][ T5085] ... acquired at: [ 84.035153][ T5085] _raw_spin_lock+0x2e/0x40 [ 84.039850][ T5085] evdev_pass_values.part.0+0xf6/0x960 [ 84.045506][ T5085] evdev_events+0x3b4/0x430 [ 84.050211][ T5085] input_to_handler+0x2a0/0x4c0 [ 84.055263][ T5085] input_pass_values.part.0+0x230/0x760 [ 84.061018][ T5085] input_event_dispose+0x5cf/0x730 [ 84.066411][ T5085] input_handle_event+0x120/0xe70 [ 84.071653][ T5085] input_inject_event+0x1c7/0x390 [ 84.076887][ T5085] evdev_write+0x434/0x760 [ 84.081509][ T5085] vfs_write+0x2db/0xe10 [ 84.085953][ T5085] ksys_write+0x1ec/0x250 [ 84.090496][ T5085] do_syscall_64+0x39/0xb0 [ 84.095115][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.101381][ T5085] [ 84.103715][ T5085] [ 84.103715][ T5085] the dependencies between the lock to be acquired [ 84.103726][ T5085] and HARDIRQ-irq-unsafe lock: [ 84.117603][ T5085] -> (tasklist_lock){.+.+}-{2:2} { [ 84.122936][ T5085] HARDIRQ-ON-R at: [ 84.127103][ T5085] lock_acquire.part.0+0x11a/0x370 [ 84.134242][ T5085] _raw_read_lock+0x5f/0x70 [ 84.140761][ T5085] do_wait+0x2b7/0xd90 [ 84.146840][ T5085] kernel_wait+0xa0/0x150 [ 84.153183][ T5085] call_usermodehelper_exec_work+0xf9/0x180 [ 84.161097][ T5085] process_one_work+0x9bf/0x1820 [ 84.168060][ T5085] worker_thread+0x669/0x1090 [ 84.174796][ T5085] kthread+0x2e8/0x3a0 [ 84.180899][ T5085] ret_from_fork+0x1f/0x30 [ 84.187351][ T5085] SOFTIRQ-ON-R at: [ 84.191603][ T5085] lock_acquire.part.0+0x11a/0x370 [ 84.198768][ T5085] _raw_read_lock+0x5f/0x70 [ 84.205290][ T5085] do_wait+0x2b7/0xd90 [ 84.211368][ T5085] kernel_wait+0xa0/0x150 [ 84.217710][ T5085] call_usermodehelper_exec_work+0xf9/0x180 [ 84.225626][ T5085] process_one_work+0x9bf/0x1820 [ 84.232592][ T5085] worker_thread+0x669/0x1090 [ 84.239301][ T5085] kthread+0x2e8/0x3a0 [ 84.245388][ T5085] ret_from_fork+0x1f/0x30 [ 84.251864][ T5085] INITIAL USE at: [ 84.255945][ T5085] lock_acquire.part.0+0x11a/0x370 [ 84.262992][ T5085] _raw_write_lock_irq+0x36/0x50 [ 84.269865][ T5085] copy_process+0x47e5/0x76c0 [ 84.276481][ T5085] kernel_clone+0xeb/0xa10 [ 84.282831][ T5085] user_mode_thread+0xb1/0xf0 [ 84.289445][ T5085] rest_init+0x27/0x2b0 [ 84.295532][ T5085] arch_call_rest_init+0x13/0x30 [ 84.302400][ T5085] start_kernel+0x35a/0x4d0 [ 84.308830][ T5085] secondary_startup_64_no_verify+0xce/0xdb [ 84.316663][ T5085] INITIAL READ USE at: [ 84.321174][ T5085] lock_acquire.part.0+0x11a/0x370 [ 84.328654][ T5085] _raw_read_lock+0x5f/0x70 [ 84.335522][ T5085] do_wait+0x2b7/0xd90 [ 84.341966][ T5085] kernel_wait+0xa0/0x150 [ 84.348657][ T5085] call_usermodehelper_exec_work+0xf9/0x180 [ 84.357004][ T5085] process_one_work+0x9bf/0x1820 [ 84.364314][ T5085] worker_thread+0x669/0x1090 [ 84.371363][ T5085] kthread+0x2e8/0x3a0 [ 84.377799][ T5085] ret_from_fork+0x1f/0x30 [ 84.384594][ T5085] } [ 84.387280][ T5085] ... key at: [] tasklist_lock+0x18/0x40 [ 84.395212][ T5085] ... acquired at: [ 84.399196][ T5085] _raw_read_lock+0x5f/0x70 [ 84.403892][ T5085] send_sigio+0xaf/0x3b0 [ 84.408340][ T5085] kill_fasync+0x1fb/0x4f0 [ 84.412969][ T5085] fsnotify_insert_event+0x3b9/0x500 [ 84.418807][ T5085] inotify_handle_inode_event+0x31a/0x5d0 [ 84.424747][ T5085] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 84.431372][ T5085] fsnotify+0x11cc/0x16e0 [ 84.435896][ T5085] path_openat+0x11ea/0x2750 [ 84.440685][ T5085] do_filp_open+0x1ba/0x410 [ 84.445388][ T5085] do_sys_openat2+0x16d/0x4c0 [ 84.450251][ T5085] __x64_sys_openat+0x143/0x1f0 [ 84.455288][ T5085] do_syscall_64+0x39/0xb0 [ 84.459908][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.465995][ T5085] [ 84.468325][ T5085] -> (&f->f_owner.lock){....}-{2:2} { [ 84.473823][ T5085] INITIAL USE at: [ 84.477810][ T5085] lock_acquire.part.0+0x11a/0x370 [ 84.484686][ T5085] _raw_write_lock_irq+0x36/0x50 [ 84.491397][ T5085] f_modown+0x2a/0x390 [ 84.497230][ T5085] f_setown+0xdb/0x270 [ 84.503070][ T5085] do_fcntl+0x34e/0x1240 [ 84.509096][ T5085] __x64_sys_fcntl+0x163/0x1d0 [ 84.515627][ T5085] do_syscall_64+0x39/0xb0 [ 84.521801][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.529453][ T5085] INITIAL READ USE at: [ 84.533878][ T5085] lock_acquire.part.0+0x11a/0x370 [ 84.541181][ T5085] _raw_read_lock_irqsave+0x74/0x90 [ 84.548574][ T5085] send_sigio+0x28/0x3b0 [ 84.555041][ T5085] kill_fasync+0x1fb/0x4f0 [ 84.561658][ T5085] fsnotify_insert_event+0x3b9/0x500 [ 84.569155][ T5085] inotify_handle_inode_event+0x31a/0x5d0 [ 84.577087][ T5085] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 84.585698][ T5085] fsnotify+0x11cc/0x16e0 [ 84.592223][ T5085] path_openat+0x11ea/0x2750 [ 84.599012][ T5085] do_filp_open+0x1ba/0x410 [ 84.605712][ T5085] do_sys_openat2+0x16d/0x4c0 [ 84.612574][ T5085] __x64_sys_openat+0x143/0x1f0 [ 84.619618][ T5085] do_syscall_64+0x39/0xb0 [ 84.626239][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.634325][ T5085] } [ 84.636914][ T5085] ... key at: [] __key.5+0x0/0x40 [ 84.644149][ T5085] ... acquired at: [ 84.648131][ T5085] _raw_read_lock_irqsave+0x74/0x90 [ 84.653521][ T5085] send_sigio+0x28/0x3b0 [ 84.657968][ T5085] kill_fasync+0x1fb/0x4f0 [ 84.662598][ T5085] fsnotify_insert_event+0x3b9/0x500 [ 84.668083][ T5085] inotify_handle_inode_event+0x31a/0x5d0 [ 84.674005][ T5085] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 84.680616][ T5085] fsnotify+0x11cc/0x16e0 [ 84.685227][ T5085] path_openat+0x11ea/0x2750 [ 84.690022][ T5085] do_filp_open+0x1ba/0x410 [ 84.694725][ T5085] do_sys_openat2+0x16d/0x4c0 [ 84.699605][ T5085] __x64_sys_openat+0x143/0x1f0 [ 84.704645][ T5085] do_syscall_64+0x39/0xb0 [ 84.709256][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.715350][ T5085] [ 84.717680][ T5085] -> (&new->fa_lock){....}-{2:2} { [ 84.722828][ T5085] INITIAL READ USE at: [ 84.727164][ T5085] lock_acquire.part.0+0x11a/0x370 [ 84.734288][ T5085] _raw_read_lock_irqsave+0x74/0x90 [ 84.741500][ T5085] kill_fasync+0x139/0x4f0 [ 84.748729][ T5085] fsnotify_insert_event+0x3b9/0x500 [ 84.756043][ T5085] inotify_handle_inode_event+0x31a/0x5d0 [ 84.763804][ T5085] fsnotify_handle_inode_event.isra.0+0x22e/0x370 [ 84.772337][ T5085] fsnotify+0x11cc/0x16e0 [ 84.778797][ T5085] path_openat+0x11ea/0x2750 [ 84.785416][ T5085] do_filp_open+0x1ba/0x410 [ 84.791948][ T5085] do_sys_openat2+0x16d/0x4c0 [ 84.798656][ T5085] __x64_sys_openat+0x143/0x1f0 [ 84.805519][ T5085] do_syscall_64+0x39/0xb0 [ 84.811973][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.819889][ T5085] } [ 84.822398][ T5085] ... key at: [] __key.0+0x0/0x40 [ 84.829531][ T5085] ... acquired at: [ 84.833356][ T5085] lock_acquire.part.0+0x11a/0x370 [ 84.838680][ T5085] _raw_read_lock_irqsave+0x74/0x90 [ 84.844087][ T5085] kill_fasync+0x139/0x4f0 [ 84.848718][ T5085] evdev_pass_values.part.0+0x667/0x960 [ 84.854500][ T5085] evdev_events+0x3b4/0x430 [ 84.859204][ T5085] input_to_handler+0x2a0/0x4c0 [ 84.864254][ T5085] input_pass_values.part.0+0x230/0x760 [ 84.870010][ T5085] input_event_dispose+0x5cf/0x730 [ 84.875329][ T5085] input_handle_event+0x120/0xe70 [ 84.880608][ T5085] input_inject_event+0x1c7/0x390 [ 84.885853][ T5085] evdev_write+0x434/0x760 [ 84.890478][ T5085] vfs_write+0x2db/0xe10 [ 84.894922][ T5085] ksys_write+0x1ec/0x250 [ 84.899479][ T5085] do_syscall_64+0x39/0xb0 [ 84.904113][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.912373][ T5085] [ 84.914741][ T5085] [ 84.914741][ T5085] stack backtrace: [ 84.920653][ T5085] CPU: 1 PID: 5085 Comm: syz-executor213 Not tainted 6.2.0-next-20230225-syzkaller #0 [ 84.930225][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 84.940316][ T5085] Call Trace: [ 84.943612][ T5085] [ 84.946579][ T5085] dump_stack_lvl+0xd9/0x150 [ 84.951208][ T5085] check_irq_usage+0x114e/0x1a20 [ 84.956177][ T5085] ? save_trace+0xb20/0xb20 [ 84.960702][ T5085] ? print_shortest_lock_dependencies_backwards+0x1e0/0x1e0 [ 84.968023][ T5085] ? mark_lock.part.0+0xee/0x1970 [ 84.973073][ T5085] ? check_path.constprop.0+0x24/0x50 [ 84.978473][ T5085] ? register_lock_class+0xbe/0x1120 [ 84.983782][ T5085] ? print_circular_bug+0x5c0/0x5c0 [ 84.988999][ T5085] ? print_usage_bug.part.0+0x660/0x660 [ 84.994577][ T5085] ? is_dynamic_key.part.0+0x1f0/0x1f0 [ 85.000085][ T5085] __lock_acquire+0x2edf/0x5d40 [ 85.004966][ T5085] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 85.010974][ T5085] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 85.016986][ T5085] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 85.023010][ T5085] ? lock_downgrade+0x690/0x690 [ 85.027888][ T5085] lock_acquire.part.0+0x11a/0x370 [ 85.033028][ T5085] ? kill_fasync+0x139/0x4f0 [ 85.037653][ T5085] ? lock_release+0x780/0x780 [ 85.042343][ T5085] ? kill_fasync+0x139/0x4f0 [ 85.046960][ T5085] ? rcu_read_lock_sched_held+0x3e/0x70 [ 85.052531][ T5085] ? trace_lock_acquire+0x1f1/0x2b0 [ 85.057748][ T5085] ? rcu_read_lock_sched_held+0x3e/0x70 [ 85.063314][ T5085] ? kill_fasync+0x139/0x4f0 [ 85.067935][ T5085] ? lock_acquire+0x32/0xc0 [ 85.072464][ T5085] ? kill_fasync+0x139/0x4f0 [ 85.077091][ T5085] _raw_read_lock_irqsave+0x74/0x90 [ 85.082311][ T5085] ? kill_fasync+0x139/0x4f0 [ 85.086946][ T5085] kill_fasync+0x139/0x4f0 [ 85.091405][ T5085] evdev_pass_values.part.0+0x667/0x960 [ 85.096997][ T5085] ? add_chain_block+0x120/0x740 [ 85.101956][ T5085] ? evdev_free+0x70/0x70 [ 85.106313][ T5085] evdev_events+0x3b4/0x430 [ 85.110844][ T5085] ? evdev_connect+0x4c0/0x4c0 [ 85.115633][ T5085] input_to_handler+0x2a0/0x4c0 [ 85.120515][ T5085] input_pass_values.part.0+0x230/0x760 [ 85.126619][ T5085] input_event_dispose+0x5cf/0x730 [ 85.131765][ T5085] input_handle_event+0x120/0xe70 [ 85.136830][ T5085] input_inject_event+0x1c7/0x390 [ 85.141889][ T5085] evdev_write+0x434/0x760 [ 85.146328][ T5085] ? evdev_read+0xe40/0xe40 [ 85.150850][ T5085] ? apparmor_file_permission+0x272/0x4e0 [ 85.156607][ T5085] ? bpf_lsm_file_permission+0x9/0x10 [ 85.162014][ T5085] ? security_file_permission+0xaf/0xd0 [ 85.167599][ T5085] vfs_write+0x2db/0xe10 [ 85.171861][ T5085] ? evdev_read+0xe40/0xe40 [ 85.176392][ T5085] ? kernel_write+0x670/0x670 [ 85.181094][ T5085] ? find_held_lock+0x2d/0x110 [ 85.185875][ T5085] ? ptrace_notify+0xfe/0x140 [ 85.190585][ T5085] ? __fget_light+0x20a/0x270 [ 85.195283][ T5085] ksys_write+0x1ec/0x250 [ 85.199635][ T5085] ? __ia32_sys_read+0xb0/0xb0 [ 85.204419][ T5085] ? lockdep_hardirqs_on+0x7d/0x100 [ 85.209652][ T5085] ? _raw_spin_unlock_irq+0x2e/0x50 [ 85.214869][ T5085] ? ptrace_notify+0xfe/0x140 [ 85.219573][ T5085] do_syscall_64+0x39/0xb0 [ 85.224022][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.229936][ T5085] RIP: 0033:0x7fe25796e679 [ 85.234368][ T5085] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 85.254019][ T5085] RSP: 002b:00007ffe5ba3ee48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 write(5, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 10968) = 10968 exit_group(0) = ? +++ exited with 0 +++ [ 85.262470][ T5085] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe25796e