./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3782113939 <...> Warning: Permanently added '10.128.1.107' (ED25519) to the list of known hosts. execve("./syz-executor3782113939", ["./syz-executor3782113939"], 0x7fffcc9c1e80 /* 10 vars */) = 0 brk(NULL) = 0x55558b9d3000 brk(0x55558b9d3d40) = 0x55558b9d3d40 arch_prctl(ARCH_SET_FS, 0x55558b9d33c0) = 0 set_tid_address(0x55558b9d3690) = 5082 set_robust_list(0x55558b9d36a0, 24) = 0 rseq(0x55558b9d3ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3782113939", 4096) = 28 getrandom("\x44\xdd\xc8\xee\x76\x39\xbe\xe5", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558b9d3d40 brk(0x55558b9f4d40) = 0x55558b9f4d40 brk(0x55558b9f5000) = 0x55558b9f5000 mprotect(0x7f234662f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f234663540c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f23465d39e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f23465c5060}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2346544000 mprotect(0x7f2346545000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2346564990, parent_tid=0x7f2346564990, exit_signal=0, stack=0x7f2346544000, stack_size=0x20300, tls=0x7f23465646c0}./strace-static-x86_64: Process 5083 attached [pid 5083] rseq(0x7f2346564fe0, 0x20, 0, 0x53053053 [pid 5082] <... clone3 resumed> => {parent_tid=[5083]}, 88) = 5083 [pid 5083] <... rseq resumed>) = 0 [pid 5083] set_robust_list(0x7f23465649a0, 24) = 0 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5083] futex(0x7f2346635408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5082] futex(0x7f2346635408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5082] futex(0x7f234663540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] open("./file0", O_RDONLY|O_CREAT|O_LARGEFILE|0x4000000, 000) = 3 [pid 5083] futex(0x7f234663540c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5082] futex(0x7f2346635408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] gettid( [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f234663540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... gettid resumed>) = 5083 [pid 5083] futex(0x7f234663540c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5082] futex(0x7f2346635408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] fcntl(3, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=5083} [pid 5082] futex(0x7f234663540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... fcntl resumed>) = 0 [pid 5083] futex(0x7f234663540c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5082] futex(0x7f2346635408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] fcntl(3, F_SETLEASE, F_WRLCK [pid 5082] <... futex resumed>) = 0 [pid 5083] <... fcntl resumed>) = 0 [pid 5082] futex(0x7f234663540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] futex(0x7f234663540c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f2346635408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5083] open("./file0", O_RDONLY [pid 5082] futex(0x7f234663540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5082] futex(0x7f234663541c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2346523000 [pid 5082] mprotect(0x7f2346524000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2346543990, parent_tid=0x7f2346543990, exit_signal=0, stack=0x7f2346523000, stack_size=0x20300, tls=0x7f23465436c0}./strace-static-x86_64: Process 5084 attached => {parent_tid=[5084]}, 88) = 5084 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5084] rseq(0x7f2346543fe0, 0x20, 0, 0x53053053 [pid 5082] futex(0x7f2346635418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... rseq resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f234663541c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] set_robust_list(0x7f23465439a0, 24) = 0 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5084] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5084] futex(0x7f234663541c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5082] futex(0x7f2346635418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] ioctl(5, FIOASYNC, [1] [pid 5082] futex(0x7f234663541c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... ioctl resumed>) = 0 [pid 5084] futex(0x7f234663541c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f2346635418, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f234663541c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] ioctl(-1, HIDIOCSUSAGES, 0x20001100) = -1 EBADF (Bad file descriptor) [pid 5084] futex(0x7f234663541c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5084] futex(0x7f2346635418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7f2346635418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] futex(0x7f234663541c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|O_NOATIME|FASYNC|0x800000) = 6 [pid 5084] futex(0x7f234663541c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] futex(0x7f2346635418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f2346635418, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5082] futex(0x7f234663541c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 73.818976][ T5084] [ 73.821335][ T5084] ===================================================== [ 73.828246][ T5084] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 73.835678][ T5084] 6.9.0-rc6-syzkaller-00234-g7367539ad4b0 #0 Not tainted [ 73.842679][ T5084] ----------------------------------------------------- [ 73.849674][ T5084] syz-executor378/5084 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 73.857724][ T5084] ffff88801cad2018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x19e/0x4d0 [ 73.866451][ T5084] [ 73.866451][ T5084] and this task is already holding: [ 73.873816][ T5084] ffff88801bee7028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xf2/0xad0 [ 73.883649][ T5084] which would create a new lock dependency: [ 73.889513][ T5084] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 73.897613][ T5084] [ 73.897613][ T5084] but this new dependency connects a HARDIRQ-irq-safe lock: [ 73.907040][ T5084] (&dev->event_lock#2){-...}-{2:2} [ 73.907076][ T5084] [ 73.907076][ T5084] ... which became HARDIRQ-irq-safe at: [ 73.920104][ T5084] lock_acquire+0x1ed/0x550 [ 73.924682][ T5084] _raw_spin_lock_irqsave+0xd5/0x120 [ 73.930056][ T5084] input_event+0x91/0xd0 [ 73.934374][ T5084] psmouse_report_standard_packet+0x54/0x200 [ 73.940433][ T5084] psmouse_process_byte+0x48c/0x680 [ 73.945708][ T5084] psmouse_handle_byte+0x4b/0x4c0 [ 73.950898][ T5084] ps2_interrupt+0x17e/0x8e0 [ 73.955564][ T5084] serio_interrupt+0x92/0x140 [ 73.960322][ T5084] i8042_interrupt+0x375/0x770 [ 73.965155][ T5084] __handle_irq_event_percpu+0x29c/0xa80 [ 73.970870][ T5084] handle_irq_event+0x89/0x1f0 [ 73.975717][ T5084] handle_edge_irq+0x25f/0xc20 [ 73.980555][ T5084] __common_interrupt+0x13a/0x230 [ 73.985658][ T5084] common_interrupt+0xa5/0xd0 [ 73.990406][ T5084] asm_common_interrupt+0x26/0x40 [ 73.995503][ T5084] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 74.001303][ T5084] i8042_aux_write+0x116/0x1a0 [ 74.006141][ T5084] ps2_do_sendbyte+0x211/0x730 [ 74.010980][ T5084] ps2_sendbyte+0x60/0x120 [ 74.015467][ T5084] cypress_send_ext_cmd+0x221/0x910 [ 74.020748][ T5084] cypress_detect+0x93/0x230 [ 74.025432][ T5084] psmouse_extensions+0xc2e/0x1560 [ 74.030623][ T5084] psmouse_switch_protocol+0x308/0x7d0 [ 74.036159][ T5084] psmouse_connect+0x8e4/0x14b0 [ 74.041117][ T5084] serio_driver_probe+0x81/0xa0 [ 74.046047][ T5084] really_probe+0x2ba/0xad0 [ 74.050631][ T5084] __driver_probe_device+0x1a2/0x390 [ 74.055994][ T5084] driver_probe_device+0x50/0x430 [ 74.061102][ T5084] __driver_attach+0x45f/0x710 [ 74.065947][ T5084] bus_for_each_dev+0x23b/0x2b0 [ 74.070869][ T5084] serio_handle_event+0x1c7/0x920 [ 74.075963][ T5084] process_scheduled_works+0xa12/0x17c0 [ 74.081667][ T5084] worker_thread+0x86d/0xd70 [ 74.086416][ T5084] kthread+0x2f2/0x390 [ 74.090648][ T5084] ret_from_fork+0x4d/0x80 [ 74.095242][ T5084] ret_from_fork_asm+0x1a/0x30 [ 74.100102][ T5084] [ 74.100102][ T5084] to a HARDIRQ-irq-unsafe lock: [ 74.107096][ T5084] (tasklist_lock){.+.+}-{2:2} [ 74.107126][ T5084] [ 74.107126][ T5084] ... which became HARDIRQ-irq-unsafe at: [ 74.119890][ T5084] ... [ 74.119898][ T5084] lock_acquire+0x1ed/0x550 [ 74.127029][ T5084] _raw_read_lock+0x36/0x50 [ 74.131614][ T5084] __do_wait+0x12d/0x850 [ 74.135935][ T5084] do_wait+0x1e9/0x560 [ 74.140092][ T5084] kernel_wait+0xe9/0x240 [ 74.144500][ T5084] call_usermodehelper_exec_work+0xbd/0x230 [ 74.150465][ T5084] process_scheduled_works+0xa12/0x17c0 [ 74.156082][ T5084] worker_thread+0x86d/0xd70 [ 74.160743][ T5084] kthread+0x2f2/0x390 [ 74.164900][ T5084] ret_from_fork+0x4d/0x80 [ 74.169412][ T5084] ret_from_fork_asm+0x1a/0x30 [ 74.174255][ T5084] [ 74.174255][ T5084] other info that might help us debug this: [ 74.174255][ T5084] [ 74.184459][ T5084] Chain exists of: [ 74.184459][ T5084] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 74.184459][ T5084] [ 74.198019][ T5084] Possible interrupt unsafe locking scenario: [ 74.198019][ T5084] [ 74.206315][ T5084] CPU0 CPU1 [ 74.211656][ T5084] ---- ---- [ 74.217012][ T5084] lock(tasklist_lock); [ 74.221241][ T5084] local_irq_disable(); [ 74.227972][ T5084] lock(&dev->event_lock#2); [ 74.235164][ T5084] lock(&client->buffer_lock); [ 74.242525][ T5084] [ 74.245958][ T5084] lock(&dev->event_lock#2); [ 74.250809][ T5084] [ 74.250809][ T5084] *** DEADLOCK *** [ 74.250809][ T5084] [ 74.258928][ T5084] 7 locks held by syz-executor378/5084: [ 74.264452][ T5084] #0: ffff88802483b110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x272/0x7c0 [ 74.273589][ T5084] #1: ffff88801a37c230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xc5/0x340 [ 74.283781][ T5084] #2: ffffffff8e334da0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xd5/0x340 [ 74.293442][ T5084] #3: ffffffff8e334da0 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0x9d/0x1200 [ 74.303108][ T5084] #4: ffffffff8e334da0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x6f/0x300 [ 74.312255][ T5084] #5: ffff88801bee7028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xf2/0xad0 [ 74.322432][ T5084] #6: ffffffff8e334da0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x55/0x4d0 [ 74.331507][ T5084] [ 74.331507][ T5084] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 74.341899][ T5084] -> (&dev->event_lock#2){-...}-{2:2} { [ 74.347552][ T5084] IN-HARDIRQ-W at: [ 74.351604][ T5084] lock_acquire+0x1ed/0x550 [ 74.357921][ T5084] _raw_spin_lock_irqsave+0xd5/0x120 [ 74.365026][ T5084] input_event+0x91/0xd0 [ 74.371175][ T5084] psmouse_report_standard_packet+0x54/0x200 [ 74.378980][ T5084] psmouse_process_byte+0x48c/0x680 [ 74.386018][ T5084] psmouse_handle_byte+0x4b/0x4c0 [ 74.392871][ T5084] ps2_interrupt+0x17e/0x8e0 [ 74.399287][ T5084] serio_interrupt+0x92/0x140 [ 74.405785][ T5084] i8042_interrupt+0x375/0x770 [ 74.412357][ T5084] __handle_irq_event_percpu+0x29c/0xa80 [ 74.419805][ T5084] handle_irq_event+0x89/0x1f0 [ 74.426382][ T5084] handle_edge_irq+0x25f/0xc20 [ 74.432984][ T5084] __common_interrupt+0x13a/0x230 [ 74.439825][ T5084] common_interrupt+0xa5/0xd0 [ 74.446311][ T5084] asm_common_interrupt+0x26/0x40 [ 74.453151][ T5084] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 74.460705][ T5084] i8042_aux_write+0x116/0x1a0 [ 74.467281][ T5084] ps2_do_sendbyte+0x211/0x730 [ 74.473855][ T5084] ps2_sendbyte+0x60/0x120 [ 74.480081][ T5084] cypress_send_ext_cmd+0x221/0x910 [ 74.487097][ T5084] cypress_detect+0x93/0x230 [ 74.493510][ T5084] psmouse_extensions+0xc2e/0x1560 [ 74.500439][ T5084] psmouse_switch_protocol+0x308/0x7d0 [ 74.507714][ T5084] psmouse_connect+0x8e4/0x14b0 [ 74.514401][ T5084] serio_driver_probe+0x81/0xa0 [ 74.521070][ T5084] really_probe+0x2ba/0xad0 [ 74.527463][ T5084] __driver_probe_device+0x1a2/0x390 [ 74.534584][ T5084] driver_probe_device+0x50/0x430 [ 74.541439][ T5084] __driver_attach+0x45f/0x710 [ 74.548017][ T5084] bus_for_each_dev+0x23b/0x2b0 [ 74.554676][ T5084] serio_handle_event+0x1c7/0x920 [ 74.561508][ T5084] process_scheduled_works+0xa12/0x17c0 [ 74.568864][ T5084] worker_thread+0x86d/0xd70 [ 74.575285][ T5084] kthread+0x2f2/0x390 [ 74.581177][ T5084] ret_from_fork+0x4d/0x80 [ 74.587414][ T5084] ret_from_fork_asm+0x1a/0x30 [ 74.593995][ T5084] INITIAL USE at: [ 74.597976][ T5084] lock_acquire+0x1ed/0x550 [ 74.604202][ T5084] _raw_spin_lock_irqsave+0xd5/0x120 [ 74.611220][ T5084] input_inject_event+0xc5/0x340 [ 74.617994][ T5084] led_trigger_event+0x11c/0x1e0 [ 74.624669][ T5084] kbd_led_trigger_activate+0xbd/0x100 [ 74.631864][ T5084] led_trigger_set+0x543/0x950 [ 74.638454][ T5084] led_trigger_set_default+0x229/0x260 [ 74.645665][ T5084] led_classdev_register_ext+0x773/0x960 [ 74.653034][ T5084] input_leds_connect+0x497/0x640 [ 74.659787][ T5084] input_register_device+0xcfc/0x1090 [ 74.666887][ T5084] atkbd_connect+0x752/0xa00 [ 74.673195][ T5084] serio_driver_probe+0x81/0xa0 [ 74.679863][ T5084] really_probe+0x2ba/0xad0 [ 74.686096][ T5084] __driver_probe_device+0x1a2/0x390 [ 74.693110][ T5084] driver_probe_device+0x50/0x430 [ 74.699869][ T5084] __driver_attach+0x45f/0x710 [ 74.706359][ T5084] bus_for_each_dev+0x23b/0x2b0 [ 74.712929][ T5084] serio_handle_event+0x1c7/0x920 [ 74.719673][ T5084] process_scheduled_works+0xa12/0x17c0 [ 74.726941][ T5084] worker_thread+0x86d/0xd70 [ 74.733427][ T5084] kthread+0x2f2/0x390 [ 74.739221][ T5084] ret_from_fork+0x4d/0x80 [ 74.745369][ T5084] ret_from_fork_asm+0x1a/0x30 [ 74.751860][ T5084] } [ 74.754424][ T5084] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 74.763517][ T5084] -> (&client->buffer_lock){....}-{2:2} { [ 74.769246][ T5084] INITIAL USE at: [ 74.773123][ T5084] lock_acquire+0x1ed/0x550 [ 74.779175][ T5084] _raw_spin_lock+0x2e/0x40 [ 74.785232][ T5084] evdev_pass_values+0xf2/0xad0 [ 74.791631][ T5084] evdev_events+0x1c2/0x300 [ 74.797691][ T5084] input_pass_values+0x84f/0x1200 [ 74.804270][ T5084] input_event_dispose+0x36c/0x650 [ 74.810931][ T5084] input_handle_event+0xa71/0xbe0 [ 74.817521][ T5084] input_inject_event+0x22f/0x340 [ 74.824097][ T5084] evdev_write+0x672/0x7c0 [ 74.830058][ T5084] vfs_write+0x2a6/0xcb0 [ 74.835855][ T5084] ksys_write+0x1a0/0x2c0 [ 74.841738][ T5084] do_syscall_64+0xf5/0x240 [ 74.847798][ T5084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.855246][ T5084] } [ 74.857731][ T5084] ... key at: [] evdev_open.__key.24+0x0/0x20 [ 74.865871][ T5084] ... acquired at: [ 74.869666][ T5084] lock_acquire+0x1ed/0x550 [ 74.874414][ T5084] _raw_spin_lock+0x2e/0x40 [ 74.879084][ T5084] evdev_pass_values+0xf2/0xad0 [ 74.884092][ T5084] evdev_events+0x1c2/0x300 [ 74.888764][ T5084] input_pass_values+0x84f/0x1200 [ 74.893961][ T5084] input_event_dispose+0x36c/0x650 [ 74.899261][ T5084] input_handle_event+0xa71/0xbe0 [ 74.904466][ T5084] input_inject_event+0x22f/0x340 [ 74.909682][ T5084] evdev_write+0x672/0x7c0 [ 74.914258][ T5084] vfs_write+0x2a6/0xcb0 [ 74.918667][ T5084] ksys_write+0x1a0/0x2c0 [ 74.923158][ T5084] do_syscall_64+0xf5/0x240 [ 74.927829][ T5084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.933883][ T5084] [ 74.936254][ T5084] [ 74.936254][ T5084] the dependencies between the lock to be acquired [ 74.936264][ T5084] and HARDIRQ-irq-unsafe lock: [ 74.949745][ T5084] -> (tasklist_lock){.+.+}-{2:2} { [ 74.955044][ T5084] HARDIRQ-ON-R at: [ 74.959207][ T5084] lock_acquire+0x1ed/0x550 [ 74.965697][ T5084] _raw_read_lock+0x36/0x50 [ 74.972200][ T5084] __do_wait+0x12d/0x850 [ 74.978431][ T5084] do_wait+0x1e9/0x560 [ 74.984490][ T5084] kernel_wait+0xe9/0x240 [ 74.990811][ T5084] call_usermodehelper_exec_work+0xbd/0x230 [ 74.998684][ T5084] process_scheduled_works+0xa12/0x17c0 [ 75.006209][ T5084] worker_thread+0x86d/0xd70 [ 75.012824][ T5084] kthread+0x2f2/0x390 [ 75.019002][ T5084] ret_from_fork+0x4d/0x80 [ 75.025509][ T5084] ret_from_fork_asm+0x1a/0x30 [ 75.032363][ T5084] SOFTIRQ-ON-R at: [ 75.036503][ T5084] lock_acquire+0x1ed/0x550 [ 75.043014][ T5084] _raw_read_lock+0x36/0x50 [ 75.049696][ T5084] __do_wait+0x12d/0x850 [ 75.055940][ T5084] do_wait+0x1e9/0x560 [ 75.061999][ T5084] kernel_wait+0xe9/0x240 [ 75.068320][ T5084] call_usermodehelper_exec_work+0xbd/0x230 [ 75.076389][ T5084] process_scheduled_works+0xa12/0x17c0 [ 75.083932][ T5084] worker_thread+0x86d/0xd70 [ 75.090510][ T5084] kthread+0x2f2/0x390 [ 75.096567][ T5084] ret_from_fork+0x4d/0x80 [ 75.102975][ T5084] ret_from_fork_asm+0x1a/0x30 [ 75.109729][ T5084] INITIAL USE at: [ 75.113783][ T5084] lock_acquire+0x1ed/0x550 [ 75.120193][ T5084] _raw_write_lock_irq+0xd3/0x120 [ 75.127124][ T5084] copy_process+0x228b/0x3df0 [ 75.133724][ T5084] kernel_clone+0x226/0x8f0 [ 75.140148][ T5084] user_mode_thread+0x132/0x1a0 [ 75.146913][ T5084] rest_init+0x23/0x300 [ 75.152965][ T5084] start_kernel+0x47a/0x500 [ 75.159393][ T5084] x86_64_start_reservations+0x2a/0x30 [ 75.166773][ T5084] x86_64_start_kernel+0x99/0xa0 [ 75.173615][ T5084] common_startup_64+0x13e/0x147 [ 75.180452][ T5084] INITIAL READ USE at: [ 75.184960][ T5084] lock_acquire+0x1ed/0x550 [ 75.191794][ T5084] _raw_read_lock+0x36/0x50 [ 75.198652][ T5084] __do_wait+0x12d/0x850 [ 75.205229][ T5084] do_wait+0x1e9/0x560 [ 75.211642][ T5084] kernel_wait+0xe9/0x240 [ 75.218308][ T5084] call_usermodehelper_exec_work+0xbd/0x230 [ 75.226531][ T5084] process_scheduled_works+0xa12/0x17c0 [ 75.234404][ T5084] worker_thread+0x86d/0xd70 [ 75.241426][ T5084] kthread+0x2f2/0x390 [ 75.247831][ T5084] ret_from_fork+0x4d/0x80 [ 75.254587][ T5084] ret_from_fork_asm+0x1a/0x30 [ 75.261690][ T5084] } [ 75.264342][ T5084] ... key at: [] tasklist_lock+0x18/0x40 [ 75.272221][ T5084] ... acquired at: [ 75.276183][ T5084] lock_acquire+0x1ed/0x550 [ 75.280845][ T5084] _raw_read_lock+0x36/0x50 [ 75.285514][ T5084] send_sigio+0xfc/0x360 [ 75.289920][ T5084] kill_fasync+0x23a/0x4d0 [ 75.294501][ T5084] lease_break_callback+0x26/0x30 [ 75.299787][ T5084] __break_lease+0x6d7/0x1820 [ 75.304629][ T5084] do_dentry_open+0x871/0x15a0 [ 75.309566][ T5084] path_openat+0x2860/0x3240 [ 75.314321][ T5084] do_filp_open+0x235/0x490 [ 75.318987][ T5084] do_sys_openat2+0x13e/0x1d0 [ 75.323822][ T5084] __x64_sys_open+0x225/0x270 [ 75.328657][ T5084] do_syscall_64+0xf5/0x240 [ 75.333327][ T5084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.339380][ T5084] [ 75.341683][ T5084] -> (&f->f_owner.lock){....}-{2:2} { [ 75.347163][ T5084] INITIAL USE at: [ 75.351131][ T5084] lock_acquire+0x1ed/0x550 [ 75.357356][ T5084] _raw_write_lock_irq+0xd3/0x120 [ 75.364111][ T5084] f_modown+0x38/0x340 [ 75.369923][ T5084] do_fcntl+0x1359/0x16f0 [ 75.375979][ T5084] __se_sys_fcntl+0xd2/0x1b0 [ 75.382295][ T5084] do_syscall_64+0xf5/0x240 [ 75.388528][ T5084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.396143][ T5084] INITIAL READ USE at: [ 75.400559][ T5084] lock_acquire+0x1ed/0x550 [ 75.407217][ T5084] _raw_read_lock_irqsave+0xdd/0x130 [ 75.414666][ T5084] send_sigio+0x33/0x360 [ 75.421084][ T5084] kill_fasync+0x23a/0x4d0 [ 75.427659][ T5084] lease_break_callback+0x26/0x30 [ 75.434853][ T5084] __break_lease+0x6d7/0x1820 [ 75.441883][ T5084] do_dentry_open+0x871/0x15a0 [ 75.448824][ T5084] path_openat+0x2860/0x3240 [ 75.455577][ T5084] do_filp_open+0x235/0x490 [ 75.462241][ T5084] do_sys_openat2+0x13e/0x1d0 [ 75.469074][ T5084] __x64_sys_open+0x225/0x270 [ 75.475930][ T5084] do_syscall_64+0xf5/0x240 [ 75.482595][ T5084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.490748][ T5084] } [ 75.493312][ T5084] ... key at: [] init_file.__key+0x0/0x20 [ 75.501200][ T5084] ... acquired at: [ 75.505069][ T5084] lock_acquire+0x1ed/0x550 [ 75.509731][ T5084] _raw_read_lock_irqsave+0xdd/0x130 [ 75.515214][ T5084] send_sigio+0x33/0x360 [ 75.519704][ T5084] kill_fasync+0x23a/0x4d0 [ 75.524281][ T5084] lease_break_callback+0x26/0x30 [ 75.529466][ T5084] __break_lease+0x6d7/0x1820 [ 75.534307][ T5084] do_dentry_open+0x871/0x15a0 [ 75.539233][ T5084] path_openat+0x2860/0x3240 [ 75.543985][ T5084] do_filp_open+0x235/0x490 [ 75.548652][ T5084] do_sys_openat2+0x13e/0x1d0 [ 75.553491][ T5084] __x64_sys_open+0x225/0x270 [ 75.558505][ T5084] do_syscall_64+0xf5/0x240 [ 75.563190][ T5084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.569283][ T5084] [ 75.571586][ T5084] -> (&new->fa_lock){....}-{2:2} { [ 75.576703][ T5084] INITIAL READ USE at: [ 75.581015][ T5084] lock_acquire+0x1ed/0x550 [ 75.587499][ T5084] _raw_read_lock_irqsave+0xdd/0x130 [ 75.594863][ T5084] kill_fasync+0x19e/0x4d0 [ 75.601265][ T5084] lease_break_callback+0x26/0x30 [ 75.608312][ T5084] __break_lease+0x6d7/0x1820 [ 75.614980][ T5084] do_dentry_open+0x871/0x15a0 [ 75.621726][ T5084] path_openat+0x2860/0x3240 [ 75.628302][ T5084] do_filp_open+0x235/0x490 [ 75.634790][ T5084] do_sys_openat2+0x13e/0x1d0 [ 75.641464][ T5084] __x64_sys_open+0x225/0x270 [ 75.648128][ T5084] do_syscall_64+0xf5/0x240 [ 75.654639][ T5084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.662604][ T5084] } [ 75.665082][ T5084] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 75.673748][ T5084] ... acquired at: [ 75.677550][ T5084] lock_acquire+0x1ed/0x550 [ 75.682214][ T5084] _raw_read_lock_irqsave+0xdd/0x130 [ 75.687665][ T5084] kill_fasync+0x19e/0x4d0 [ 75.692242][ T5084] evdev_pass_values+0x58a/0xad0 [ 75.697338][ T5084] evdev_events+0x1c2/0x300 [ 75.702010][ T5084] input_pass_values+0x84f/0x1200 [ 75.707218][ T5084] input_event_dispose+0x36c/0x650 [ 75.712509][ T5084] input_handle_event+0xa71/0xbe0 [ 75.717695][ T5084] input_inject_event+0x22f/0x340 [ 75.722883][ T5084] evdev_write+0x672/0x7c0 [ 75.727464][ T5084] vfs_write+0x2a6/0xcb0 [ 75.731880][ T5084] ksys_write+0x1a0/0x2c0 [ 75.736374][ T5084] do_syscall_64+0xf5/0x240 [ 75.741129][ T5084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.747273][ T5084] [ 75.749580][ T5084] [ 75.749580][ T5084] stack backtrace: [ 75.755450][ T5084] CPU: 0 PID: 5084 Comm: syz-executor378 Not tainted 6.9.0-rc6-syzkaller-00234-g7367539ad4b0 #0 [ 75.765858][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 75.776074][ T5084] Call Trace: [ 75.779342][ T5084] [ 75.782259][ T5084] dump_stack_lvl+0x241/0x360 [ 75.786935][ T5084] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.792128][ T5084] ? __pfx__printk+0x10/0x10 [ 75.796734][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 75.802451][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 75.808093][ T5084] ? print_shortest_lock_dependencies+0xf2/0x160 [ 75.814494][ T5084] validate_chain+0x4dc7/0x58e0 [ 75.819351][ T5084] ? __pfx_validate_chain+0x10/0x10 [ 75.824540][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 75.830170][ T5084] ? __pfx_validate_chain+0x10/0x10 [ 75.835369][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 75.841019][ T5084] ? register_lock_class+0x102/0x980 [ 75.846561][ T5084] ? __pfx_register_lock_class+0x10/0x10 [ 75.852183][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 75.857804][ T5084] ? mark_lock+0x9a/0x350 [ 75.862123][ T5084] __lock_acquire+0x1346/0x1fd0 [ 75.866969][ T5084] lock_acquire+0x1ed/0x550 [ 75.871459][ T5084] ? kill_fasync+0x19e/0x4d0 [ 75.876044][ T5084] ? __pfx_lock_acquire+0x10/0x10 [ 75.881054][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 75.886679][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 75.892305][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 75.897932][ T5084] ? __pfx_lock_acquire+0x10/0x10 [ 75.902968][ T5084] _raw_read_lock_irqsave+0xdd/0x130 [ 75.908248][ T5084] ? kill_fasync+0x19e/0x4d0 [ 75.912829][ T5084] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 75.918718][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 75.924344][ T5084] kill_fasync+0x19e/0x4d0 [ 75.928750][ T5084] ? kill_fasync+0x55/0x4d0 [ 75.933242][ T5084] evdev_pass_values+0x58a/0xad0 [ 75.938172][ T5084] ? evdev_pass_values+0x561/0xad0 [ 75.943271][ T5084] evdev_events+0x1c2/0x300 [ 75.947767][ T5084] ? evdev_events+0x6f/0x300 [ 75.952352][ T5084] ? __pfx_evdev_events+0x10/0x10 [ 75.957390][ T5084] input_pass_values+0x84f/0x1200 [ 75.962412][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 75.968035][ T5084] ? input_pass_values+0x9d/0x1200 [ 75.973140][ T5084] input_event_dispose+0x36c/0x650 [ 75.978265][ T5084] input_handle_event+0xa71/0xbe0 [ 75.983376][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 75.989002][ T5084] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 75.994457][ T5084] ? __pfx_input_handle_event+0x10/0x10 [ 75.999998][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.005626][ T5084] input_inject_event+0x22f/0x340 [ 76.010642][ T5084] ? input_inject_event+0xd5/0x340 [ 76.015747][ T5084] evdev_write+0x672/0x7c0 [ 76.020153][ T5084] ? __pfx_evdev_write+0x10/0x10 [ 76.025087][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.030730][ T5084] ? security_file_permission+0x7f/0xa0 [ 76.036271][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.041898][ T5084] ? rw_verify_area+0x1d2/0x580 [ 76.046773][ T5084] ? __pfx_evdev_write+0x10/0x10 [ 76.051750][ T5084] vfs_write+0x2a6/0xcb0 [ 76.055992][ T5084] ? __pfx_lock_release+0x10/0x10 [ 76.061014][ T5084] ? __pfx_vfs_write+0x10/0x10 [ 76.065792][ T5084] ? __fget_files+0x28/0x470 [ 76.070385][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.076009][ T5084] ? __fget_files+0x3f4/0x470 [ 76.080682][ T5084] ? __fget_files+0x28/0x470 [ 76.085355][ T5084] ? lockdep_hardirqs_on+0x99/0x150 [ 76.090548][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.096321][ T5084] ? __fdget_pos+0x1a2/0x320 [ 76.100960][ T5084] ksys_write+0x1a0/0x2c0 [ 76.105293][ T5084] ? __pfx_ksys_write+0x10/0x10 [ 76.110141][ T5084] ? do_syscall_64+0x102/0x240 [ 76.114926][ T5084] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.120585][ T5084] do_syscall_64+0xf5/0x240 [ 76.125104][ T5084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.131079][ T5084] RIP: 0033:0x7f23465adb39 [ 76.135495][ T5084] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 76.155103][ T5084] RSP: 002b:00007f2346543228 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 76.163518][ T5084] RAX: ffffffffffffffda RBX: 00007f2346635418 RCX: 00007f23465adb39 [ 76.171479][ T5084] RDX: 0000000000002250 RSI: 0000000020000040 RDI: 0000000000000006 [pid 5084] write(6, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xdb\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8784 [pid 5082] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] <... write resumed>) = 8784 [pid 5084] futex(0x7f234663541c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.179452][ T5084] RBP: 00007f2346635410 R08: 00007f23465436c0 R09: 00007f23465436c0 [ 76.187412][ T5084] R10: 00007f23465436c0 R11: 0000000000000246 R12: 00007f234663541c [ 76.195367][ T5084] R13: 00007f2346602018 R14: 0030656c69662f2e R15: 00007fffb66e6e38 [ 76.203349][ T5084] [pid 5084] futex(0x7f2346635418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] exit_group(0 [pid 5084] <... futex resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5083] <... open resumed>) = ? [pid 5082] <... exit_group resumed>) = ? [pid 5083] +++ exited with 0 +++ +++ exited with 0 +++