./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2049767700 <...> Warning: Permanently added '10.128.1.112' (ECDSA) to the list of known hosts. execve("./syz-executor2049767700", ["./syz-executor2049767700"], 0x7fff48db1000 /* 10 vars */) = 0 brk(NULL) = 0x5555569d6000 brk(0x5555569d6c40) = 0x5555569d6c40 arch_prctl(ARCH_SET_FS, 0x5555569d6300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2049767700", 4096) = 28 brk(0x5555569f7c40) = 0x5555569f7c40 brk(0x5555569f8000) = 0x5555569f8000 mprotect(0x7f8239284000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_UNIX, SOCK_DGRAM, 0) = 3 bind(3, {sa_family=AF_UNIX, sun_path="\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b"}, 110) = 0 ioctl(3, FIOSETOWN, [-1]) = 0 ioctl(3, FIOASYNC, [2]) = 0 socket(AF_UNIX, SOCK_DGRAM, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b"}, 110) = 0 sendmmsg(4, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, ...], 3682232011, MSG_DONTWAIT|MSG_EOR|MSG_FIN|MSG_SYN|MSG_CONFIRM|MSG_RST|MSG_ERRQUEUE) = 11 openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 ioctl(5, FIOASYNC, [233]) = 0 openat(AT_FDCWD, "/dev/input/event0", O_RDWR|O_NOFOLLOW) = 6 syzkaller login: [ 51.626228][ T3637] [ 51.628590][ T3637] ===================================================== [ 51.635504][ T3637] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 51.642939][ T3637] 6.1.0-rc6-syzkaller #0 Not tainted [ 51.648371][ T3637] ----------------------------------------------------- [ 51.655280][ T3637] syz-executor204/3637 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 51.663331][ T3637] ffff888079eb6018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13b/0x430 [ 51.672027][ T3637] [ 51.672027][ T3637] and this task is already holding: [ 51.679366][ T3637] ffff888079682028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xe5/0xb90 [ 51.689094][ T3637] which would create a new lock dependency: [ 51.694956][ T3637] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 51.703122][ T3637] [ 51.703122][ T3637] but this new dependency connects a HARDIRQ-irq-safe lock: [ 51.712547][ T3637] (&dev->event_lock#2){-...}-{2:2} [ 51.712565][ T3637] [ 51.712565][ T3637] ... which became HARDIRQ-irq-safe at: [ 51.726040][ T3637] lock_acquire+0x1a7/0x400 [ 51.730639][ T3637] _raw_spin_lock_irqsave+0xd1/0x120 [ 51.736005][ T3637] input_event+0x89/0xc0 [ 51.740434][ T3637] psmouse_report_standard_packet+0x4f/0x200 [ 51.746485][ T3637] psmouse_process_byte+0x447/0x630 [ 51.751751][ T3637] psmouse_handle_byte+0x44/0x4a0 [ 51.756842][ T3637] psmouse_interrupt+0x68a/0x1080 [ 51.761933][ T3637] serio_interrupt+0x88/0x130 [ 51.766779][ T3637] i8042_interrupt+0x32f/0x720 [ 51.771613][ T3637] __handle_irq_event_percpu+0x200/0x620 [ 51.777404][ T3637] handle_irq_event+0x83/0x1e0 [ 51.782246][ T3637] handle_edge_irq+0x245/0xbe0 [ 51.787096][ T3637] __common_interrupt+0xce/0x1e0 [ 51.792111][ T3637] common_interrupt+0x9f/0xc0 [ 51.796869][ T3637] asm_common_interrupt+0x22/0x40 [ 51.802062][ T3637] acpi_idle_enter+0x43d/0x800 [ 51.806900][ T3637] cpuidle_enter_state+0x50b/0xf50 [ 51.812081][ T3637] cpuidle_enter+0x59/0x90 [ 51.816568][ T3637] do_idle+0x3da/0x680 [ 51.820707][ T3637] cpu_startup_entry+0x15/0x20 [ 51.825542][ T3637] start_secondary+0xe4/0xf0 [ 51.830199][ T3637] secondary_startup_64_no_verify+0xcf/0xdb [ 51.836158][ T3637] [ 51.836158][ T3637] to a HARDIRQ-irq-unsafe lock: [ 51.843172][ T3637] (tasklist_lock){.+.+}-{2:2} [ 51.843189][ T3637] [ 51.843189][ T3637] ... which became HARDIRQ-irq-unsafe at: [ 51.855862][ T3637] ... [ 51.855867][ T3637] lock_acquire+0x1a7/0x400 [ 51.863119][ T3637] _raw_read_lock+0x32/0x40 [ 51.867688][ T3637] do_wait+0x224/0x9d0 [ 51.871827][ T3637] kernel_wait+0xe4/0x230 [ 51.876226][ T3637] call_usermodehelper_exec_work+0xb4/0x220 [ 51.882190][ T3637] process_one_work+0x81c/0xd10 [ 51.887108][ T3637] worker_thread+0xb14/0x1330 [ 51.891849][ T3637] kthread+0x266/0x300 [ 51.895980][ T3637] ret_from_fork+0x1f/0x30 [ 51.900463][ T3637] [ 51.900463][ T3637] other info that might help us debug this: [ 51.900463][ T3637] [ 51.910677][ T3637] Chain exists of: [ 51.910677][ T3637] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 51.910677][ T3637] [ 51.924218][ T3637] Possible interrupt unsafe locking scenario: [ 51.924218][ T3637] [ 51.932518][ T3637] CPU0 CPU1 [ 51.937861][ T3637] ---- ---- [ 51.943202][ T3637] lock(tasklist_lock); [ 51.947424][ T3637] local_irq_disable(); [ 51.954154][ T3637] lock(&dev->event_lock#2); [ 51.961330][ T3637] lock(&client->buffer_lock); [ 51.968677][ T3637] [ 51.972121][ T3637] lock(&dev->event_lock#2); [ 51.976975][ T3637] [ 51.976975][ T3637] *** DEADLOCK *** [ 51.976975][ T3637] [ 51.985106][ T3637] 7 locks held by syz-executor204/3637: [ 51.990627][ T3637] #0: ffff8880234a2110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x26c/0x7d0 [ 51.999749][ T3637] #1: ffff888146b31230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xb4/0x270 [ 52.009813][ T3637] #2: ffffffff8d323e20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 52.019093][ T3637] #3: ffffffff8d323e20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 52.028385][ T3637] #4: ffffffff8d323e20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 52.037668][ T3637] #5: ffff888079682028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xe5/0xb90 [ 52.047818][ T3637] #6: ffffffff8d323e20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 52.057096][ T3637] [ 52.057096][ T3637] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 52.067491][ T3637] -> (&dev->event_lock#2){-...}-{2:2} { [ 52.073148][ T3637] IN-HARDIRQ-W at: [ 52.077202][ T3637] lock_acquire+0x1a7/0x400 [ 52.083518][ T3637] _raw_spin_lock_irqsave+0xd1/0x120 [ 52.090610][ T3637] input_event+0x89/0xc0 [ 52.096721][ T3637] psmouse_report_standard_packet+0x4f/0x200 [ 52.104593][ T3637] psmouse_process_byte+0x447/0x630 [ 52.111604][ T3637] psmouse_handle_byte+0x44/0x4a0 [ 52.118450][ T3637] psmouse_interrupt+0x68a/0x1080 [ 52.125283][ T3637] serio_interrupt+0x88/0x130 [ 52.131781][ T3637] i8042_interrupt+0x32f/0x720 [ 52.138352][ T3637] __handle_irq_event_percpu+0x200/0x620 [ 52.145789][ T3637] handle_irq_event+0x83/0x1e0 [ 52.152357][ T3637] handle_edge_irq+0x245/0xbe0 [ 52.158920][ T3637] __common_interrupt+0xce/0x1e0 [ 52.165666][ T3637] common_interrupt+0x9f/0xc0 [ 52.172152][ T3637] asm_common_interrupt+0x22/0x40 [ 52.178977][ T3637] acpi_idle_enter+0x43d/0x800 [ 52.185650][ T3637] cpuidle_enter_state+0x50b/0xf50 [ 52.192564][ T3637] cpuidle_enter+0x59/0x90 [ 52.198782][ T3637] do_idle+0x3da/0x680 [ 52.204656][ T3637] cpu_startup_entry+0x15/0x20 [ 52.211294][ T3637] start_secondary+0xe4/0xf0 [ 52.217696][ T3637] secondary_startup_64_no_verify+0xcf/0xdb [ 52.225424][ T3637] INITIAL USE at: [ 52.229384][ T3637] lock_acquire+0x1a7/0x400 [ 52.235608][ T3637] _raw_spin_lock_irqsave+0xd1/0x120 [ 52.242611][ T3637] input_inject_event+0xb4/0x270 [ 52.250151][ T3637] led_trigger_event+0xdb/0x190 [ 52.256731][ T3637] kbd_led_trigger_activate+0xb8/0x100 [ 52.263915][ T3637] led_trigger_set+0x53b/0x910 [ 52.270400][ T3637] led_trigger_set_default+0x1d1/0x210 [ 52.277577][ T3637] led_classdev_register_ext+0x600/0x7f0 [ 52.284932][ T3637] input_leds_connect+0x4f2/0x6d0 [ 52.291672][ T3637] input_register_device+0xce0/0x1070 [ 52.298758][ T3637] atkbd_connect+0x78c/0x9e0 [ 52.305063][ T3637] serio_driver_probe+0x76/0x90 [ 52.311633][ T3637] call_driver_probe+0x96/0x250 [ 52.318215][ T3637] really_probe+0x24c/0x9f0 [ 52.324452][ T3637] __driver_probe_device+0x1f4/0x3f0 [ 52.331465][ T3637] driver_probe_device+0x50/0x240 [ 52.338223][ T3637] __driver_attach+0x364/0x5b0 [ 52.344705][ T3637] bus_for_each_dev+0x188/0x1f0 [ 52.351271][ T3637] serio_handle_event+0x8bc/0x1060 [ 52.358535][ T3637] process_one_work+0x81c/0xd10 [ 52.365101][ T3637] worker_thread+0xb14/0x1330 [ 52.371496][ T3637] kthread+0x266/0x300 [ 52.377279][ T3637] ret_from_fork+0x1f/0x30 [ 52.383415][ T3637] } [ 52.385982][ T3637] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 52.395163][ T3637] -> (&client->buffer_lock){....}-{2:2} { [ 52.400873][ T3637] INITIAL USE at: [ 52.404745][ T3637] lock_acquire+0x1a7/0x400 [ 52.410803][ T3637] _raw_spin_lock+0x2a/0x40 [ 52.416853][ T3637] evdev_pass_values+0xe5/0xb90 [ 52.423253][ T3637] evdev_events+0x195/0x280 [ 52.429317][ T3637] input_pass_values+0x8fc/0x12b0 [ 52.435901][ T3637] input_event_dispose+0x33f/0x620 [ 52.442570][ T3637] input_handle_event+0x3f2/0xa80 [ 52.449145][ T3637] input_inject_event+0x189/0x270 [ 52.455719][ T3637] evdev_write+0x685/0x7d0 [ 52.461782][ T3637] vfs_write+0x2e5/0xbb0 [ 52.467571][ T3637] ksys_write+0x19b/0x2c0 [ 52.473445][ T3637] do_syscall_64+0x2b/0x70 [ 52.479413][ T3637] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.486853][ T3637] } [ 52.489333][ T3637] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 52.497561][ T3637] ... acquired at: [ 52.501429][ T3637] lock_acquire+0x1a7/0x400 [ 52.506085][ T3637] _raw_spin_lock+0x2a/0x40 [ 52.510744][ T3637] evdev_pass_values+0xe5/0xb90 [ 52.515755][ T3637] evdev_events+0x195/0x280 [ 52.520416][ T3637] input_pass_values+0x8fc/0x12b0 [ 52.525619][ T3637] input_event_dispose+0x33f/0x620 [ 52.530882][ T3637] input_handle_event+0x3f2/0xa80 [ 52.536061][ T3637] input_inject_event+0x189/0x270 [ 52.541238][ T3637] evdev_write+0x685/0x7d0 [ 52.545811][ T3637] vfs_write+0x2e5/0xbb0 [ 52.550207][ T3637] ksys_write+0x19b/0x2c0 [ 52.554692][ T3637] do_syscall_64+0x2b/0x70 [ 52.559262][ T3637] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.565325][ T3637] [ 52.567640][ T3637] [ 52.567640][ T3637] the dependencies between the lock to be acquired [ 52.567646][ T3637] and HARDIRQ-irq-unsafe lock: [ 52.581128][ T3637] -> (tasklist_lock){.+.+}-{2:2} { [ 52.586410][ T3637] HARDIRQ-ON-R at: [ 52.590550][ T3637] lock_acquire+0x1a7/0x400 [ 52.597035][ T3637] _raw_read_lock+0x32/0x40 [ 52.603521][ T3637] do_wait+0x224/0x9d0 [ 52.609572][ T3637] kernel_wait+0xe4/0x230 [ 52.615884][ T3637] call_usermodehelper_exec_work+0xb4/0x220 [ 52.623762][ T3637] process_one_work+0x81c/0xd10 [ 52.630590][ T3637] worker_thread+0xb14/0x1330 [ 52.637243][ T3637] kthread+0x266/0x300 [ 52.643289][ T3637] ret_from_fork+0x1f/0x30 [ 52.649686][ T3637] SOFTIRQ-ON-R at: [ 52.653825][ T3637] lock_acquire+0x1a7/0x400 [ 52.660305][ T3637] _raw_read_lock+0x32/0x40 [ 52.666791][ T3637] do_wait+0x224/0x9d0 [ 52.672927][ T3637] kernel_wait+0xe4/0x230 [ 52.679238][ T3637] call_usermodehelper_exec_work+0xb4/0x220 [ 52.687804][ T3637] process_one_work+0x81c/0xd10 [ 52.694632][ T3637] worker_thread+0xb14/0x1330 [ 52.701288][ T3637] kthread+0x266/0x300 [ 52.707333][ T3637] ret_from_fork+0x1f/0x30 [ 52.713815][ T3637] INITIAL USE at: [ 52.717866][ T3637] lock_acquire+0x1a7/0x400 [ 52.724264][ T3637] _raw_write_lock_irq+0xcf/0x110 [ 52.731182][ T3637] copy_process+0x2442/0x3fc0 [ 52.737751][ T3637] kernel_clone+0x227/0x640 [ 52.744146][ T3637] user_mode_thread+0x12d/0x190 [ 52.750974][ T3637] rest_init+0x21/0x270 [ 52.757022][ T3637] start_kernel+0x0/0x560 [ 52.763258][ T3637] start_kernel+0x4b1/0x560 [ 52.770630][ T3637] secondary_startup_64_no_verify+0xcf/0xdb [ 52.778419][ T3637] INITIAL READ USE at: [ 52.782901][ T3637] lock_acquire+0x1a7/0x400 [ 52.789736][ T3637] _raw_read_lock+0x32/0x40 [ 52.796590][ T3637] do_wait+0x224/0x9d0 [ 52.803001][ T3637] kernel_wait+0xe4/0x230 [ 52.810019][ T3637] call_usermodehelper_exec_work+0xb4/0x220 [ 52.818355][ T3637] process_one_work+0x81c/0xd10 [ 52.825639][ T3637] worker_thread+0xb14/0x1330 [ 52.832747][ T3637] kthread+0x266/0x300 [ 52.839585][ T3637] ret_from_fork+0x1f/0x30 [ 52.846419][ T3637] } [ 52.849076][ T3637] ... key at: [] tasklist_lock+0x18/0x40 [ 52.857049][ T3637] ... acquired at: [ 52.861018][ T3637] lock_acquire+0x1a7/0x400 [ 52.865699][ T3637] _raw_read_lock+0x32/0x40 [ 52.870729][ T3637] send_sigio+0xbe/0x300 [ 52.875144][ T3637] kill_fasync+0x1e4/0x430 [ 52.879742][ T3637] sock_wake_async+0x130/0x150 [ 52.884706][ T3637] sk_wake_async+0x12e/0x200 [ 52.889471][ T3637] sock_def_readable+0x152/0x200 [ 52.896215][ T3637] unix_dgram_sendmsg+0x1551/0x2050 [ 52.901656][ T3637] ____sys_sendmsg+0x597/0x8e0 [ 52.906582][ T3637] __sys_sendmmsg+0x3d7/0x770 [ 52.911512][ T3637] __x64_sys_sendmmsg+0x9c/0xb0 [ 52.916537][ T3637] do_syscall_64+0x2b/0x70 [ 52.921117][ T3637] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.927229][ T3637] [ 52.929542][ T3637] -> (&f->f_owner.lock){....}-{2:2} { [ 52.935002][ T3637] INITIAL USE at: [ 52.938971][ T3637] lock_acquire+0x1a7/0x400 [ 52.945199][ T3637] _raw_write_lock_irq+0xcf/0x110 [ 52.951942][ T3637] f_modown+0x38/0x340 [ 52.957739][ T3637] f_setown+0x113/0x1a0 [ 52.963645][ T3637] sock_ioctl+0x591/0x770 [ 52.969691][ T3637] __se_sys_ioctl+0xfb/0x170 [ 52.976009][ T3637] do_syscall_64+0x2b/0x70 [ 52.982150][ T3637] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.989766][ T3637] INITIAL READ USE at: [ 52.994161][ T3637] lock_acquire+0x1a7/0x400 [ 53.000826][ T3637] _raw_read_lock_irqsave+0xd9/0x120 [ 53.008277][ T3637] send_sigio+0x2f/0x300 [ 53.014681][ T3637] kill_fasync+0x1e4/0x430 [ 53.021269][ T3637] sock_wake_async+0x130/0x150 [ 53.028192][ T3637] sk_wake_async+0x12e/0x200 [ 53.034934][ T3637] sock_def_readable+0x152/0x200 [ 53.042026][ T3637] unix_dgram_sendmsg+0x1551/0x2050 [ 53.049393][ T3637] ____sys_sendmsg+0x597/0x8e0 [ 53.056319][ T3637] __sys_sendmmsg+0x3d7/0x770 [ 53.063168][ T3637] __x64_sys_sendmmsg+0x9c/0xb0 [ 53.070187][ T3637] do_syscall_64+0x2b/0x70 [ 53.076765][ T3637] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.084815][ T3637] } [ 53.087383][ T3637] ... key at: [] __alloc_file.__key+0x0/0x10 [ 53.095517][ T3637] ... acquired at: [ 53.099399][ T3637] lock_acquire+0x1a7/0x400 [ 53.104145][ T3637] _raw_read_lock_irqsave+0xd9/0x120 [ 53.109584][ T3637] send_sigio+0x2f/0x300 [ 53.113983][ T3637] kill_fasync+0x1e4/0x430 [ 53.118583][ T3637] sock_wake_async+0x130/0x150 [ 53.123518][ T3637] sk_wake_async+0x12e/0x200 [ 53.128281][ T3637] sock_def_readable+0x152/0x200 [ 53.133383][ T3637] unix_dgram_sendmsg+0x1551/0x2050 [ 53.138998][ T3637] ____sys_sendmsg+0x597/0x8e0 [ 53.143916][ T3637] __sys_sendmmsg+0x3d7/0x770 [ 53.148745][ T3637] __x64_sys_sendmmsg+0x9c/0xb0 [ 53.153749][ T3637] do_syscall_64+0x2b/0x70 [ 53.158320][ T3637] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.164366][ T3637] [ 53.166670][ T3637] -> (&new->fa_lock){....}-{2:2} { [ 53.171779][ T3637] INITIAL READ USE at: [ 53.176088][ T3637] lock_acquire+0x1a7/0x400 [ 53.182574][ T3637] _raw_read_lock_irqsave+0xd9/0x120 [ 53.189835][ T3637] kill_fasync+0x13b/0x430 [ 53.196235][ T3637] sock_wake_async+0x130/0x150 [ 53.202988][ T3637] sk_wake_async+0x12e/0x200 [ 53.209558][ T3637] sock_def_readable+0x152/0x200 [ 53.216473][ T3637] unix_dgram_sendmsg+0x1551/0x2050 [ 53.223705][ T3637] ____sys_sendmsg+0x597/0x8e0 [ 53.230485][ T3637] __sys_sendmmsg+0x3d7/0x770 [ 53.237172][ T3637] __x64_sys_sendmmsg+0x9c/0xb0 [ 53.244011][ T3637] do_syscall_64+0x2b/0x70 [ 53.250409][ T3637] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.258284][ T3637] } [ 53.260764][ T3637] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 53.269434][ T3637] ... acquired at: [ 53.273218][ T3637] lock_acquire+0x1a7/0x400 [ 53.277878][ T3637] _raw_read_lock_irqsave+0xd9/0x120 [ 53.283325][ T3637] kill_fasync+0x13b/0x430 [ 53.287899][ T3637] evdev_pass_values+0x5b1/0xb90 [ 53.292994][ T3637] evdev_events+0x195/0x280 [ 53.297653][ T3637] input_pass_values+0x8fc/0x12b0 [ 53.302919][ T3637] input_event_dispose+0x33f/0x620 [ 53.308182][ T3637] input_handle_event+0x3f2/0xa80 [ 53.313362][ T3637] input_inject_event+0x189/0x270 [ 53.318537][ T3637] evdev_write+0x685/0x7d0 [ 53.323138][ T3637] vfs_write+0x2e5/0xbb0 [ 53.327537][ T3637] ksys_write+0x19b/0x2c0 [ 53.332020][ T3637] do_syscall_64+0x2b/0x70 [ 53.336595][ T3637] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.342642][ T3637] [ 53.344948][ T3637] [ 53.344948][ T3637] stack backtrace: [ 53.350822][ T3637] CPU: 1 PID: 3637 Comm: syz-executor204 Not tainted 6.1.0-rc6-syzkaller #0 [ 53.359481][ T3637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 53.370297][ T3637] Call Trace: [ 53.373564][ T3637] [ 53.376481][ T3637] dump_stack_lvl+0x1e3/0x2cb [ 53.381147][ T3637] ? nf_tcp_handle_invalid+0x62e/0x62e [ 53.386589][ T3637] ? panic+0x766/0x766 [ 53.390640][ T3637] ? print_shortest_lock_dependencies+0x102/0x160 [ 53.397036][ T3637] validate_chain+0x55d4/0x6470 [ 53.401960][ T3637] ? reacquire_held_locks+0x680/0x680 [ 53.407315][ T3637] ? rcu_read_lock_sched_held+0x89/0x130 [ 53.412929][ T3637] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 53.418903][ T3637] ? reacquire_held_locks+0x680/0x680 [ 53.424345][ T3637] ? trace_lock_release+0x95/0x220 [ 53.429439][ T3637] ? reacquire_held_locks+0x680/0x680 [ 53.434799][ T3637] ? register_lock_class+0xfe/0x9b0 [ 53.440080][ T3637] ? is_dynamic_key+0x1f0/0x1f0 [ 53.444916][ T3637] ? mark_lock+0x9a/0x350 [ 53.449229][ T3637] __lock_acquire+0x1292/0x1f60 [ 53.454499][ T3637] lock_acquire+0x1a7/0x400 [ 53.458983][ T3637] ? kill_fasync+0x13b/0x430 [ 53.463556][ T3637] ? read_lock_is_recursive+0x10/0x10 [ 53.469010][ T3637] ? read_lock_is_recursive+0x10/0x10 [ 53.474463][ T3637] _raw_read_lock_irqsave+0xd9/0x120 [ 53.479736][ T3637] ? kill_fasync+0x13b/0x430 [ 53.484342][ T3637] ? _raw_read_lock+0x40/0x40 [ 53.489024][ T3637] kill_fasync+0x13b/0x430 [ 53.493511][ T3637] evdev_pass_values+0x5b1/0xb90 [ 53.498446][ T3637] ? evdev_pass_values+0x631/0xb90 [ 53.503541][ T3637] evdev_events+0x195/0x280 [ 53.508051][ T3637] ? evdev_event+0x170/0x170 [ 53.512622][ T3637] input_pass_values+0x8fc/0x12b0 [ 53.517629][ T3637] input_event_dispose+0x33f/0x620 [ 53.522724][ T3637] input_handle_event+0x3f2/0xa80 [ 53.527731][ T3637] ? userio_device_write+0x1f0/0x1f0 [ 53.533000][ T3637] input_inject_event+0x189/0x270 [ 53.538011][ T3637] evdev_write+0x685/0x7d0 [ 53.542415][ T3637] ? evdev_read+0xe10/0xe10 [ 53.546906][ T3637] ? trace_lock_release+0x95/0x220 [ 53.551999][ T3637] ? bpf_lsm_file_permission+0x5/0x10 [ 53.557353][ T3637] ? security_file_permission+0xe0/0x5c0 [ 53.562969][ T3637] ? vfs_write+0x213/0xbb0 [ 53.567384][ T3637] ? evdev_read+0xe10/0xe10 [ 53.571877][ T3637] vfs_write+0x2e5/0xbb0 [ 53.576116][ T3637] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 53.582079][ T3637] ? file_end_write+0x230/0x230 [ 53.586910][ T3637] ? ptrace_stop+0x74d/0x970 [ 53.591484][ T3637] ? do_raw_spin_unlock+0x134/0x8a0 [ 53.596666][ T3637] ? _raw_spin_unlock_irq+0x1f/0x40 [ 53.601847][ T3637] ? lockdep_hardirqs_on+0x95/0x140 [ 53.607028][ T3637] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.612208][ T3637] ? __fdget_pos+0x1d2/0x2e0 [ 53.616869][ T3637] ksys_write+0x19b/0x2c0 [ 53.621186][ T3637] ? print_irqtrace_events+0x220/0x220 [ 53.626627][ T3637] ? __ia32_sys_read+0x80/0x80 [ 53.631373][ T3637] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 53.637339][ T3637] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 53.643300][ T3637] do_syscall_64+0x2b/0x70 [ 53.647700][ T3637] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.653576][ T3637] RIP: 0033:0x7f8239217829 [ 53.657972][ T3637] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x10\x27\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 121) = 120 exit_group(0) = ? +++ exited with 0 +++ [ 53.677733][ T3637] RSP: 002b:00007ffd639b27d8 EFLAGS: 00000246 ORIG_RAX: 000000000000