./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4257450448 <...> Warning: Permanently added '10.128.0.205' (ED25519) to the list of known hosts. execve("./syz-executor4257450448", ["./syz-executor4257450448"], 0x7ffd23978010 /* 10 vars */) = 0 brk(NULL) = 0x5555555f2000 brk(0x5555555f2d40) = 0x5555555f2d40 arch_prctl(ARCH_SET_FS, 0x5555555f23c0) = 0 set_tid_address(0x5555555f2690) = 5024 set_robust_list(0x5555555f26a0, 24) = 0 rseq(0x5555555f2ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4257450448", 4096) = 28 getrandom("\xf6\xa0\x02\x19\xe0\xf0\x4d\xc0", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555555f2d40 brk(0x555555613d40) = 0x555555613d40 brk(0x555555614000) = 0x555555614000 mprotect(0x7f459baf0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f459baf634c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f459ba95a60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f459ba870e0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f459ba0f000 mprotect(0x7f459ba10000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f459ba2f990, parent_tid=0x7f459ba2f990, exit_signal=0, stack=0x7f459ba0f000, stack_size=0x20300, tls=0x7f459ba2f6c0}./strace-static-x86_64: Process 5025 attached => {parent_tid=[5025]}, 88) = 5025 [pid 5025] rseq(0x7f459ba2ffe0, 0x20, 0, 0x53053053) = 0 [pid 5025] set_robust_list(0x7f459ba2f9a0, 24) = 0 [pid 5025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5025] futex(0x7f459baf6348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5024] futex(0x7f459baf6348, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5025] open("./file0", O_RDONLY|O_CREAT|O_LARGEFILE|0x4000000, 000 [pid 5024] futex(0x7f459baf634c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... open resumed>) = 3 [pid 5025] futex(0x7f459baf634c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7f459baf6348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f459baf634c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] gettid() = 5025 [pid 5025] futex(0x7f459baf634c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7f459baf6348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f459baf634c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] fcntl(3, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=5025}) = 0 [pid 5025] futex(0x7f459baf634c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7f459baf6348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f459baf634c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] fcntl(3, F_SETLEASE, F_RDLCK) = 0 [pid 5025] futex(0x7f459baf634c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7f459baf6348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f459baf634c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] open("./file0", O_WRONLY|O_APPEND|O_NONBLOCK|O_DIRECT) = -1 EAGAIN (Resource temporarily unavailable) [pid 5025] futex(0x7f459baf634c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7f459baf6348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] futex(0x7f459baf6348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7f459baf634c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5025] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 4 [pid 5025] futex(0x7f459baf634c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7f459baf6348, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f459baf634c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] ioctl(4, FIOASYNC, [1]) = 0 [pid 5025] futex(0x7f459baf634c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = 0 [pid 5025] <... futex resumed>) = 1 [pid 5024] futex(0x7f459baf6348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] futex(0x7f459baf6348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] <... futex resumed>) = 0 [pid 5025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5024] futex(0x7f459baf634c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] openat(AT_FDCWD, "/dev/input/event0", O_RDWR|O_NOFOLLOW) = 5 [pid 5025] futex(0x7f459baf634c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] <... futex resumed>) = 0 [pid 5025] futex(0x7f459baf6348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] futex(0x7f459baf6348, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5024] futex(0x7f459baf634c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 40.972626][ T5025] [ 40.974986][ T5025] ===================================================== [ 40.981891][ T5025] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 40.989323][ T5025] 6.5.0-rc1-syzkaller-00248-gb6e6cc1f78c7 #0 Not tainted [ 40.996330][ T5025] ----------------------------------------------------- [ 41.003232][ T5025] syz-executor425/5025 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 41.011269][ T5025] ffff88802c77d0c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13a/0x4f0 [ 41.019954][ T5025] [pid 5025] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x10\x27\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 121 [pid 5024] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 41.019954][ T5025] and this task is already holding: [ 41.027293][ T5025] ffff888015aa7028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 41.037109][ T5025] which would create a new lock dependency: [ 41.043009][ T5025] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 41.051088][ T5025] [ 41.051088][ T5025] but this new dependency connects a HARDIRQ-irq-safe lock: [ 41.060516][ T5025] (&dev->event_lock#2){-...}-{2:2} [ 41.060540][ T5025] [ 41.060540][ T5025] ... which became HARDIRQ-irq-safe at: [ 41.073397][ T5025] lock_acquire+0x1ae/0x510 [ 41.077979][ T5025] _raw_spin_lock_irqsave+0x3a/0x50 [ 41.083257][ T5025] input_event+0x70/0xa0 [ 41.087582][ T5025] psmouse_report_standard_buttons+0x30/0x80 [ 41.093644][ T5025] psmouse_process_byte+0x39c/0x8a0 [ 41.098919][ T5025] psmouse_handle_byte+0x41/0x560 [ 41.104041][ T5025] psmouse_receive_byte+0x243/0xe10 [ 41.109333][ T5025] ps2_interrupt+0x1fe/0x5a0 [ 41.113997][ T5025] serio_interrupt+0x8d/0x150 [ 41.118746][ T5025] i8042_interrupt+0x3f2/0x8a0 [ 41.123580][ T5025] __handle_irq_event_percpu+0x22a/0x740 [ 41.129284][ T5025] handle_irq_event+0xab/0x1e0 [ 41.134118][ T5025] handle_edge_irq+0x261/0xcf0 [ 41.138954][ T5025] __common_interrupt+0x9f/0x220 [ 41.143963][ T5025] common_interrupt+0xa9/0xd0 [ 41.148716][ T5025] asm_common_interrupt+0x26/0x40 [ 41.153815][ T5025] _raw_spin_unlock_irqrestore+0x31/0x70 [ 41.159525][ T5025] i8042_aux_write+0x11a/0x180 [ 41.164365][ T5025] ps2_do_sendbyte+0x264/0x6e0 [ 41.169203][ T5025] ps2_sendbyte+0x59/0x140 [ 41.173695][ T5025] cypress_ps2_sendbyte+0x2e/0x160 [ 41.178879][ T5025] cypress_send_ext_cmd+0x1e3/0x8c0 [ 41.184149][ T5025] cypress_detect+0x8c/0x1a0 [ 41.188813][ T5025] psmouse_try_protocol+0x214/0x370 [ 41.194094][ T5025] psmouse_extensions+0x616/0x960 [ 41.199220][ T5025] psmouse_switch_protocol+0x528/0x740 [ 41.204775][ T5025] psmouse_connect+0x5cc/0xf70 [ 41.209617][ T5025] serio_driver_probe+0x71/0xa0 [ 41.214540][ T5025] really_probe+0x234/0xc90 [ 41.219123][ T5025] __driver_probe_device+0x1de/0x4b0 [ 41.224484][ T5025] driver_probe_device+0x4c/0x1a0 [ 41.229587][ T5025] __driver_attach+0x274/0x570 [ 41.234433][ T5025] bus_for_each_dev+0x13c/0x1d0 [ 41.239450][ T5025] serio_handle_event+0x2b8/0xa90 [ 41.244551][ T5025] process_one_work+0xaa2/0x16f0 [ 41.249568][ T5025] worker_thread+0x687/0x1110 [ 41.254323][ T5025] kthread+0x33a/0x430 [ 41.258466][ T5025] ret_from_fork+0x2c/0x70 [ 41.262966][ T5025] ret_from_fork_asm+0x11/0x20 [ 41.267817][ T5025] [ 41.267817][ T5025] to a HARDIRQ-irq-unsafe lock: [ 41.274838][ T5025] (tasklist_lock){.+.+}-{2:2} [ 41.274859][ T5025] [ 41.274859][ T5025] ... which became HARDIRQ-irq-unsafe at: [ 41.287456][ T5025] ... [ 41.287462][ T5025] lock_acquire+0x1ae/0x510 [ 41.294609][ T5025] _raw_read_lock+0x5f/0x70 [ 41.299221][ T5025] do_wait+0x2a9/0xc70 [ 41.303368][ T5025] kernel_wait+0xa0/0x150 [ 41.307776][ T5025] call_usermodehelper_exec_work+0xf1/0x170 [ 41.313761][ T5025] process_one_work+0xaa2/0x16f0 [ 41.318796][ T5025] worker_thread+0x687/0x1110 [ 41.323547][ T5025] kthread+0x33a/0x430 [ 41.327687][ T5025] ret_from_fork+0x2c/0x70 [ 41.332178][ T5025] ret_from_fork_asm+0x11/0x20 [ 41.337018][ T5025] [ 41.337018][ T5025] other info that might help us debug this: [ 41.337018][ T5025] [ 41.347227][ T5025] Chain exists of: [ 41.347227][ T5025] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 41.347227][ T5025] [ 41.360768][ T5025] Possible interrupt unsafe locking scenario: [ 41.360768][ T5025] [ 41.369067][ T5025] CPU0 CPU1 [ 41.374446][ T5025] ---- ---- [ 41.379793][ T5025] lock(tasklist_lock); [ 41.384016][ T5025] local_irq_disable(); [ 41.390750][ T5025] lock(&dev->event_lock#2); [ 41.397933][ T5025] lock(&client->buffer_lock); [ 41.405287][ T5025] [ 41.408721][ T5025] lock(&dev->event_lock#2); [ 41.413560][ T5025] [ 41.413560][ T5025] *** DEADLOCK *** [ 41.413560][ T5025] [ 41.421690][ T5025] 7 locks held by syz-executor425/5025: [ 41.427217][ T5025] #0: ffff888023623110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x201/0x750 [ 41.436347][ T5025] #1: ffff888013bad230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xa4/0x380 [ 41.446438][ T5025] #2: ffffffff8c9a6440 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x8b/0x380 [ 41.456094][ T5025] #3: ffffffff8c9a6440 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x7a0 [ 41.466184][ T5025] #4: ffffffff8c9a6440 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x390 [ 41.475311][ T5025] #5: ffff888015aa7028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 41.485567][ T5025] #6: ffffffff8c9a6440 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x46/0x4f0 [ 41.494709][ T5025] [ 41.494709][ T5025] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 41.505102][ T5025] -> (&dev->event_lock#2){-...}-{2:2} { [ 41.510743][ T5025] IN-HARDIRQ-W at: [ 41.514794][ T5025] lock_acquire+0x1ae/0x510 [ 41.521123][ T5025] _raw_spin_lock_irqsave+0x3a/0x50 [ 41.528136][ T5025] input_event+0x70/0xa0 [ 41.534198][ T5025] psmouse_report_standard_buttons+0x30/0x80 [ 41.542023][ T5025] psmouse_process_byte+0x39c/0x8a0 [ 41.549068][ T5025] psmouse_handle_byte+0x41/0x560 [ 41.555904][ T5025] psmouse_receive_byte+0x243/0xe10 [ 41.562916][ T5025] ps2_interrupt+0x1fe/0x5a0 [ 41.569409][ T5025] serio_interrupt+0x8d/0x150 [ 41.575912][ T5025] i8042_interrupt+0x3f2/0x8a0 [ 41.582489][ T5025] __handle_irq_event_percpu+0x22a/0x740 [ 41.589930][ T5025] handle_irq_event+0xab/0x1e0 [ 41.596501][ T5025] handle_edge_irq+0x261/0xcf0 [ 41.603075][ T5025] __common_interrupt+0x9f/0x220 [ 41.609822][ T5025] common_interrupt+0xa9/0xd0 [ 41.616308][ T5025] asm_common_interrupt+0x26/0x40 [ 41.623137][ T5025] _raw_spin_unlock_irqrestore+0x31/0x70 [ 41.630583][ T5025] i8042_aux_write+0x11a/0x180 [ 41.637159][ T5025] ps2_do_sendbyte+0x264/0x6e0 [ 41.643760][ T5025] ps2_sendbyte+0x59/0x140 [ 41.649988][ T5025] cypress_ps2_sendbyte+0x2e/0x160 [ 41.656909][ T5025] cypress_send_ext_cmd+0x1e3/0x8c0 [ 41.663915][ T5025] cypress_detect+0x8c/0x1a0 [ 41.670315][ T5025] psmouse_try_protocol+0x214/0x370 [ 41.677350][ T5025] psmouse_extensions+0x616/0x960 [ 41.684234][ T5025] psmouse_switch_protocol+0x528/0x740 [ 41.691505][ T5025] psmouse_connect+0x5cc/0xf70 [ 41.698082][ T5025] serio_driver_probe+0x71/0xa0 [ 41.704747][ T5025] really_probe+0x234/0xc90 [ 41.711067][ T5025] __driver_probe_device+0x1de/0x4b0 [ 41.718165][ T5025] driver_probe_device+0x4c/0x1a0 [ 41.725001][ T5025] __driver_attach+0x274/0x570 [ 41.731600][ T5025] bus_for_each_dev+0x13c/0x1d0 [ 41.738261][ T5025] serio_handle_event+0x2b8/0xa90 [ 41.745094][ T5025] process_one_work+0xaa2/0x16f0 [ 41.751846][ T5025] worker_thread+0x687/0x1110 [ 41.758333][ T5025] kthread+0x33a/0x430 [ 41.764207][ T5025] ret_from_fork+0x2c/0x70 [ 41.770434][ T5025] ret_from_fork_asm+0x11/0x20 [ 41.777009][ T5025] INITIAL USE at: [ 41.780974][ T5025] lock_acquire+0x1ae/0x510 [ 41.787204][ T5025] _raw_spin_lock_irqsave+0x3a/0x50 [ 41.794131][ T5025] input_inject_event+0xa4/0x380 [ 41.800797][ T5025] led_set_brightness+0x208/0x290 [ 41.807542][ T5025] led_trigger_event+0xb4/0x240 [ 41.814119][ T5025] kbd_led_trigger_activate+0xc6/0x100 [ 41.821305][ T5025] led_trigger_set+0x580/0xc00 [ 41.827790][ T5025] led_trigger_set_default+0x1c9/0x220 [ 41.834972][ T5025] led_classdev_register_ext+0x63b/0x8c0 [ 41.842413][ T5025] input_leds_connect+0x54a/0x8d0 [ 41.849161][ T5025] input_attach_handler.isra.0+0x17c/0x250 [ 41.856716][ T5025] input_register_device+0xb1e/0x1130 [ 41.863814][ T5025] atkbd_connect+0x5e2/0xa20 [ 41.870131][ T5025] serio_driver_probe+0x71/0xa0 [ 41.876705][ T5025] really_probe+0x234/0xc90 [ 41.883023][ T5025] __driver_probe_device+0x1de/0x4b0 [ 41.890036][ T5025] driver_probe_device+0x4c/0x1a0 [ 41.896790][ T5025] __driver_attach+0x274/0x570 [ 41.903281][ T5025] bus_for_each_dev+0x13c/0x1d0 [ 41.909857][ T5025] serio_handle_event+0x2b8/0xa90 [ 41.916606][ T5025] process_one_work+0xaa2/0x16f0 [ 41.923268][ T5025] worker_thread+0x687/0x1110 [ 41.929668][ T5025] kthread+0x33a/0x430 [ 41.935464][ T5025] ret_from_fork+0x2c/0x70 [ 41.941603][ T5025] ret_from_fork_asm+0x11/0x20 [ 41.948095][ T5025] } [ 41.950662][ T5025] ... key at: [] __key.6+0x0/0x40 [ 41.957848][ T5025] -> (&client->buffer_lock){....}-{2:2} { [ 41.963566][ T5025] INITIAL USE at: [ 41.967440][ T5025] lock_acquire+0x1ae/0x510 [ 41.973492][ T5025] _raw_spin_lock+0x2e/0x40 [ 41.979548][ T5025] evdev_pass_values+0x10e/0x9b0 [ 41.986036][ T5025] evdev_events+0x1be/0x390 [ 41.992089][ T5025] input_to_handler+0x29e/0x4c0 [ 41.998580][ T5025] input_pass_values.part.0+0x536/0x7a0 [ 42.005696][ T5025] input_event_dispose+0x5ee/0x770 [ 42.012365][ T5025] input_handle_event+0x11c/0xd80 [ 42.018944][ T5025] input_inject_event+0x1c2/0x380 [ 42.025521][ T5025] evdev_write+0x456/0x750 [ 42.031488][ T5025] vfs_write+0x2a4/0xe40 [ 42.037282][ T5025] ksys_write+0x1f0/0x250 [ 42.043163][ T5025] do_syscall_64+0x38/0xb0 [ 42.049126][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.056573][ T5025] } [ 42.059049][ T5025] ... key at: [] __key.3+0x0/0x40 [ 42.066258][ T5025] ... acquired at: [ 42.070051][ T5025] _raw_spin_lock+0x2e/0x40 [ 42.074741][ T5025] evdev_pass_values+0x10e/0x9b0 [ 42.079851][ T5025] evdev_events+0x1be/0x390 [ 42.084522][ T5025] input_to_handler+0x29e/0x4c0 [ 42.089565][ T5025] input_pass_values.part.0+0x536/0x7a0 [ 42.096593][ T5025] input_event_dispose+0x5ee/0x770 [ 42.101873][ T5025] input_handle_event+0x11c/0xd80 [ 42.107066][ T5025] input_inject_event+0x1c2/0x380 [ 42.112348][ T5025] evdev_write+0x456/0x750 [ 42.116925][ T5025] vfs_write+0x2a4/0xe40 [ 42.121334][ T5025] ksys_write+0x1f0/0x250 [ 42.125829][ T5025] do_syscall_64+0x38/0xb0 [ 42.130403][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.136466][ T5025] [ 42.138773][ T5025] [ 42.138773][ T5025] the dependencies between the lock to be acquired [ 42.138780][ T5025] and HARDIRQ-irq-unsafe lock: [ 42.152271][ T5025] -> (tasklist_lock){.+.+}-{2:2} { [ 42.157554][ T5025] HARDIRQ-ON-R at: [ 42.161690][ T5025] lock_acquire+0x1ae/0x510 [ 42.168186][ T5025] _raw_read_lock+0x5f/0x70 [ 42.174677][ T5025] do_wait+0x2a9/0xc70 [ 42.180739][ T5025] kernel_wait+0xa0/0x150 [ 42.187061][ T5025] call_usermodehelper_exec_work+0xf1/0x170 [ 42.194942][ T5025] process_one_work+0xaa2/0x16f0 [ 42.201873][ T5025] worker_thread+0x687/0x1110 [ 42.208542][ T5025] kthread+0x33a/0x430 [ 42.214600][ T5025] ret_from_fork+0x2c/0x70 [ 42.221002][ T5025] ret_from_fork_asm+0x11/0x20 [ 42.227756][ T5025] SOFTIRQ-ON-R at: [ 42.231897][ T5025] lock_acquire+0x1ae/0x510 [ 42.238390][ T5025] _raw_read_lock+0x5f/0x70 [ 42.244887][ T5025] do_wait+0x2a9/0xc70 [ 42.250951][ T5025] kernel_wait+0xa0/0x150 [ 42.257271][ T5025] call_usermodehelper_exec_work+0xf1/0x170 [ 42.265239][ T5025] process_one_work+0xaa2/0x16f0 [ 42.272173][ T5025] worker_thread+0x687/0x1110 [ 42.278838][ T5025] kthread+0x33a/0x430 [ 42.284913][ T5025] ret_from_fork+0x2c/0x70 [ 42.291320][ T5025] ret_from_fork_asm+0x11/0x20 [ 42.298093][ T5025] INITIAL USE at: [ 42.302318][ T5025] lock_acquire+0x1ae/0x510 [ 42.308810][ T5025] _raw_write_lock_irq+0x36/0x50 [ 42.315653][ T5025] copy_process+0x4672/0x7400 [ 42.322229][ T5025] kernel_clone+0xfd/0x8f0 [ 42.328550][ T5025] user_mode_thread+0xb4/0xf0 [ 42.335150][ T5025] rest_init+0x27/0x2b0 [ 42.341223][ T5025] arch_call_rest_init+0x13/0x30 [ 42.348065][ T5025] start_kernel+0x39f/0x480 [ 42.354470][ T5025] x86_64_start_reservations+0x18/0x30 [ 42.361838][ T5025] x86_64_start_kernel+0xb2/0xc0 [ 42.368678][ T5025] secondary_startup_64_no_verify+0x167/0x16b [ 42.376648][ T5025] INITIAL READ USE at: [ 42.381134][ T5025] lock_acquire+0x1ae/0x510 [ 42.387971][ T5025] _raw_read_lock+0x5f/0x70 [ 42.394814][ T5025] do_wait+0x2a9/0xc70 [ 42.401222][ T5025] kernel_wait+0xa0/0x150 [ 42.407888][ T5025] call_usermodehelper_exec_work+0xf1/0x170 [ 42.416109][ T5025] process_one_work+0xaa2/0x16f0 [ 42.423383][ T5025] worker_thread+0x687/0x1110 [ 42.430400][ T5025] kthread+0x33a/0x430 [ 42.436799][ T5025] ret_from_fork+0x2c/0x70 [ 42.443558][ T5025] ret_from_fork_asm+0x11/0x20 [ 42.450663][ T5025] } [ 42.453344][ T5025] ... key at: [] tasklist_lock+0x18/0x40 [ 42.461225][ T5025] ... acquired at: [ 42.465184][ T5025] _raw_read_lock+0x5f/0x70 [ 42.469852][ T5025] send_sigio+0xaf/0x3c0 [ 42.474258][ T5025] kill_fasync+0x1f8/0x4f0 [ 42.478835][ T5025] lease_break_callback+0x23/0x30 [ 42.484145][ T5025] __break_lease+0x70f/0x17f0 [ 42.488981][ T5025] do_dentry_open+0x62c/0x1780 [ 42.493907][ T5025] path_openat+0x19af/0x29c0 [ 42.498656][ T5025] do_filp_open+0x1de/0x430 [ 42.503320][ T5025] do_sys_openat2+0x176/0x1e0 [ 42.508161][ T5025] __x64_sys_open+0x154/0x1e0 [ 42.513006][ T5025] do_syscall_64+0x38/0xb0 [ 42.517582][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.523650][ T5025] [ 42.525962][ T5025] -> (&f->f_owner.lock){....}-{2:2} { [ 42.531433][ T5025] INITIAL USE at: [ 42.535399][ T5025] lock_acquire+0x1ae/0x510 [ 42.541636][ T5025] _raw_write_lock_irq+0x36/0x50 [ 42.548305][ T5025] f_modown+0x2a/0x390 [ 42.554100][ T5025] do_fcntl+0xcf8/0x1290 [ 42.560071][ T5025] __x64_sys_fcntl+0x16c/0x1e0 [ 42.566563][ T5025] do_syscall_64+0x38/0xb0 [ 42.572704][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.580333][ T5025] INITIAL READ USE at: [ 42.584733][ T5025] lock_acquire+0x1ae/0x510 [ 42.591402][ T5025] _raw_read_lock_irqsave+0x70/0x90 [ 42.598765][ T5025] send_sigio+0x28/0x3c0 [ 42.605169][ T5025] kill_fasync+0x1f8/0x4f0 [ 42.611743][ T5025] lease_break_callback+0x23/0x30 [ 42.618925][ T5025] __break_lease+0x70f/0x17f0 [ 42.625846][ T5025] do_dentry_open+0x62c/0x1780 [ 42.632770][ T5025] path_openat+0x19af/0x29c0 [ 42.639517][ T5025] do_filp_open+0x1de/0x430 [ 42.646177][ T5025] do_sys_openat2+0x176/0x1e0 [ 42.653011][ T5025] __x64_sys_open+0x154/0x1e0 [ 42.659845][ T5025] do_syscall_64+0x38/0xb0 [ 42.666412][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.674469][ T5025] } [ 42.677039][ T5025] ... key at: [] __key.5+0x0/0x40 [ 42.684226][ T5025] ... acquired at: [ 42.688098][ T5025] _raw_read_lock_irqsave+0x70/0x90 [ 42.693462][ T5025] send_sigio+0x28/0x3c0 [ 42.697866][ T5025] kill_fasync+0x1f8/0x4f0 [ 42.702439][ T5025] lease_break_callback+0x23/0x30 [ 42.707627][ T5025] __break_lease+0x70f/0x17f0 [ 42.712464][ T5025] do_dentry_open+0x62c/0x1780 [ 42.717388][ T5025] path_openat+0x19af/0x29c0 [ 42.722138][ T5025] do_filp_open+0x1de/0x430 [ 42.726800][ T5025] do_sys_openat2+0x176/0x1e0 [ 42.731637][ T5025] __x64_sys_open+0x154/0x1e0 [ 42.736474][ T5025] do_syscall_64+0x38/0xb0 [ 42.741132][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.747193][ T5025] [ 42.749497][ T5025] -> (&new->fa_lock){....}-{2:2} { [ 42.754607][ T5025] INITIAL READ USE at: [ 42.758917][ T5025] lock_acquire+0x1ae/0x510 [ 42.765409][ T5025] _raw_read_lock_irqsave+0x70/0x90 [ 42.772596][ T5025] kill_fasync+0x13a/0x4f0 [ 42.778996][ T5025] lease_break_callback+0x23/0x30 [ 42.786004][ T5025] __break_lease+0x70f/0x17f0 [ 42.792667][ T5025] do_dentry_open+0x62c/0x1780 [ 42.799423][ T5025] path_openat+0x19af/0x29c0 [ 42.805995][ T5025] do_filp_open+0x1de/0x430 [ 42.812504][ T5025] do_sys_openat2+0x176/0x1e0 [ 42.819169][ T5025] __x64_sys_open+0x154/0x1e0 [ 42.825830][ T5025] do_syscall_64+0x38/0xb0 [ 42.832228][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.840112][ T5025] } [ 42.842593][ T5025] ... key at: [] __key.0+0x0/0x40 [ 42.849695][ T5025] ... acquired at: [ 42.853482][ T5025] lock_acquire+0x1ae/0x510 [ 42.858147][ T5025] _raw_read_lock_irqsave+0x70/0x90 [ 42.863509][ T5025] kill_fasync+0x13a/0x4f0 [ 42.868088][ T5025] evdev_pass_values+0x619/0x9b0 [ 42.873190][ T5025] evdev_events+0x1be/0x390 [ 42.877854][ T5025] input_to_handler+0x29e/0x4c0 [ 42.882870][ T5025] input_pass_values.part.0+0x536/0x7a0 [ 42.888604][ T5025] input_event_dispose+0x5ee/0x770 [ 42.893888][ T5025] input_handle_event+0x11c/0xd80 [ 42.899077][ T5025] input_inject_event+0x1c2/0x380 [ 42.904267][ T5025] evdev_write+0x456/0x750 [ 42.908844][ T5025] vfs_write+0x2a4/0xe40 [ 42.913249][ T5025] ksys_write+0x1f0/0x250 [ 42.917739][ T5025] do_syscall_64+0x38/0xb0 [ 42.922312][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.928376][ T5025] [ 42.930705][ T5025] [ 42.930705][ T5025] stack backtrace: [ 42.936570][ T5025] CPU: 1 PID: 5025 Comm: syz-executor425 Not tainted 6.5.0-rc1-syzkaller-00248-gb6e6cc1f78c7 #0 [ 42.946968][ T5025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 42.957004][ T5025] Call Trace: [ 42.960271][ T5025] [ 42.963188][ T5025] dump_stack_lvl+0xd9/0x1b0 [ 42.967853][ T5025] check_irq_usage+0x10b8/0x1c70 [ 42.972782][ T5025] ? lock_acquire+0x1ae/0x510 [ 42.977452][ T5025] ? print_shortest_lock_dependencies_backwards+0x1b0/0x1b0 [ 42.984724][ T5025] ? hlock_conflict+0x58/0x200 [ 42.989478][ T5025] ? __bfs+0x2f8/0x660 [ 42.993537][ T5025] ? save_trace+0xb30/0xb30 [ 42.998113][ T5025] ? mark_lock+0x105/0x1950 [ 43.002697][ T5025] ? is_dynamic_key+0x1f0/0x1f0 [ 43.007537][ T5025] ? __lock_acquire+0x2e53/0x5de0 [ 43.012550][ T5025] __lock_acquire+0x2e53/0x5de0 [ 43.017393][ T5025] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 43.023362][ T5025] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 43.029333][ T5025] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 43.035301][ T5025] ? __wake_up_common_lock+0xe3/0x140 [ 43.040662][ T5025] lock_acquire+0x1ae/0x510 [ 43.045154][ T5025] ? kill_fasync+0x13a/0x4f0 [ 43.049734][ T5025] ? lock_sync+0x190/0x190 [ 43.054136][ T5025] ? lock_sync+0x190/0x190 [ 43.058539][ T5025] ? lock_sync+0x190/0x190 [ 43.062943][ T5025] ? __wake_up_common+0x5a0/0x5a0 [ 43.068047][ T5025] _raw_read_lock_irqsave+0x70/0x90 [ 43.073240][ T5025] ? kill_fasync+0x13a/0x4f0 [ 43.077834][ T5025] kill_fasync+0x13a/0x4f0 [ 43.082243][ T5025] evdev_pass_values+0x619/0x9b0 [ 43.087177][ T5025] evdev_events+0x1be/0x390 [ 43.091690][ T5025] ? evdev_connect+0x4c0/0x4c0 [ 43.096448][ T5025] input_to_handler+0x29e/0x4c0 [ 43.101294][ T5025] input_pass_values.part.0+0x536/0x7a0 [ 43.106932][ T5025] input_event_dispose+0x5ee/0x770 [ 43.112043][ T5025] input_handle_event+0x11c/0xd80 [ 43.117068][ T5025] input_inject_event+0x1c2/0x380 [ 43.122091][ T5025] evdev_write+0x456/0x750 [ 43.126500][ T5025] ? evdev_read+0xdf0/0xdf0 [ 43.130996][ T5025] ? apparmor_file_permission+0x21f/0x4f0 [ 43.136706][ T5025] ? bpf_lsm_file_permission+0x9/0x10 [ 43.142062][ T5025] ? security_file_permission+0x94/0x100 [ 43.147692][ T5025] vfs_write+0x2a4/0xe40 [ 43.151964][ T5025] ? evdev_read+0xdf0/0xdf0 [ 43.156456][ T5025] ? kernel_write+0x6c0/0x6c0 [ 43.161126][ T5025] ? __fget_files+0x279/0x410 [ 43.165791][ T5025] ? __fget_light+0xe6/0x260 [ 43.170369][ T5025] ksys_write+0x1f0/0x250 [ 43.174689][ T5025] ? __ia32_sys_read+0xb0/0xb0 [ 43.179443][ T5025] ? lockdep_hardirqs_on+0x7d/0x100 [ 43.184650][ T5025] ? _raw_spin_unlock_irq+0x2e/0x50 [ 43.189842][ T5025] ? ptrace_notify+0xf4/0x130 [ 43.194528][ T5025] do_syscall_64+0x38/0xb0 [ 43.198936][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 43.204827][ T5025] RIP: 0033:0x7f459ba6fbb9 [ 43.209226][ T5025] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5025] <... write resumed>) = 120 [pid 5025] futex(0x7f459baf634c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f459baf6348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] exit_group(0) = ? [pid 5025] <... futex resumed>) = ? [pid 5025] +++ exited with 0 +++ +++ exited with 0 +++ [ 43.228821][ T5025] RSP: 002b:00007f459b