./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1356462806 <...> DUID 00:04:bb:a2:40:ae:48:ac:17:b5:4c:fd:37:63:df:39:12:a9 forked to background, child pid 3186 [ 27.216862][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.231182][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts. execve("./syz-executor1356462806", ["./syz-executor1356462806"], 0x7ffe3944e010 /* 10 vars */) = 0 brk(NULL) = 0x555555e56000 brk(0x555555e56c40) = 0x555555e56c40 arch_prctl(ARCH_SET_FS, 0x555555e56300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1356462806", 4096) = 28 brk(0x555555e77c40) = 0x555555e77c40 brk(0x555555e78000) = 0x555555e78000 mprotect(0x7fa216cf0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_UNIX, SOCK_DGRAM, 0) = 3 bind(3, {sa_family=AF_UNIX, sun_path="\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b"}, 110) = 0 ioctl(3, FIOSETOWN, [-1]) = 0 ioctl(3, FIOASYNC, [2]) = 0 connect(3, {sa_family=AF_UNIX, sun_path="\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b"}, 110) = 0 sendmmsg(3, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, ...], 3682232011, MSG_DONTWAIT|MSG_EOR|MSG_FIN|MSG_SYN|MSG_CONFIRM|MSG_RST|MSG_ERRQUEUE) = 278 ioctl(-1, HIDIOCSUSAGES, 0x20001b00) = -1 EBADF (Bad file descriptor) openat(AT_FDCWD, "/dev/input/event0", O_RDWR|O_APPEND|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_CLOEXEC) = 4 openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 ioctl(5, FIOASYNC, [1986356271]) = 0 syzkaller login: [ 49.837071][ T3609] [ 49.839438][ T3609] ===================================================== [ 49.846363][ T3609] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 49.853818][ T3609] 5.19.0-rc4-syzkaller-00125-ga175eca0f3d7 #0 Not tainted [ 49.861005][ T3609] ----------------------------------------------------- [ 49.867931][ T3609] syz-executor135/3609 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 49.876003][ T3609] ffff8880726ac0c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x136/0x470 [ 49.884742][ T3609] [ 49.884742][ T3609] and this task is already holding: [ 49.892100][ T3609] ffff8880172d7028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 49.902476][ T3609] which would create a new lock dependency: [ 49.908358][ T3609] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 49.916463][ T3609] [ 49.916463][ T3609] but this new dependency connects a HARDIRQ-irq-safe lock: [ 49.925951][ T3609] (&dev->event_lock#2){-...}-{2:2} [ 49.925986][ T3609] [ 49.925986][ T3609] ... which became HARDIRQ-irq-safe at: [ 49.938882][ T3609] lock_acquire+0x1ab/0x570 [ 49.943487][ T3609] _raw_spin_lock_irqsave+0x39/0x50 [ 49.948782][ T3609] input_event+0x7b/0xb0 [ 49.953114][ T3609] psmouse_report_standard_buttons+0x2c/0x80 [ 49.959184][ T3609] psmouse_process_byte+0x1e1/0x890 [ 49.964556][ T3609] psmouse_handle_byte+0x41/0x1b0 [ 49.969667][ T3609] psmouse_interrupt+0x304/0xf00 [ 49.974790][ T3609] serio_interrupt+0x88/0x150 [ 49.979581][ T3609] i8042_interrupt+0x27a/0x520 [ 49.984438][ T3609] __handle_irq_event_percpu+0x22b/0x880 [ 49.990161][ T3609] handle_irq_event+0xa7/0x1e0 [ 49.995012][ T3609] handle_edge_irq+0x25f/0xd00 [ 49.999874][ T3609] __common_interrupt+0x9d/0x210 [ 50.004908][ T3609] common_interrupt+0xa4/0xc0 [ 50.009778][ T3609] asm_common_interrupt+0x27/0x40 [ 50.014981][ T3609] kset_find_obj+0x6a/0x110 [ 50.019576][ T3609] module_add_driver+0x208/0x370 [ 50.024697][ T3609] bus_add_driver+0x2ff/0x640 [ 50.029465][ T3609] driver_register+0x220/0x3a0 [ 50.034357][ T3609] usb_register_driver+0x249/0x460 [ 50.039562][ T3609] do_one_initcall+0x103/0x650 [ 50.044423][ T3609] kernel_init_freeable+0x6b1/0x73a [ 50.049711][ T3609] kernel_init+0x1a/0x1d0 [ 50.054128][ T3609] ret_from_fork+0x1f/0x30 [ 50.058635][ T3609] [ 50.058635][ T3609] to a HARDIRQ-irq-unsafe lock: [ 50.065646][ T3609] (tasklist_lock){.+.+}-{2:2} [ 50.065674][ T3609] [ 50.065674][ T3609] ... which became HARDIRQ-irq-unsafe at: [ 50.078292][ T3609] ... [ 50.078299][ T3609] lock_acquire+0x1ab/0x570 [ 50.085467][ T3609] _raw_read_lock+0x5b/0x70 [ 50.090065][ T3609] do_wait+0x284/0xce0 [ 50.094227][ T3609] kernel_wait+0x9c/0x150 [ 50.098648][ T3609] call_usermodehelper_exec_work+0xf5/0x180 [ 50.104632][ T3609] process_one_work+0x996/0x1610 [ 50.109750][ T3609] worker_thread+0x665/0x1080 [ 50.114519][ T3609] kthread+0x2e9/0x3a0 [ 50.118674][ T3609] ret_from_fork+0x1f/0x30 [ 50.123183][ T3609] [ 50.123183][ T3609] other info that might help us debug this: [ 50.123183][ T3609] [ 50.133403][ T3609] Chain exists of: [ 50.133403][ T3609] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 50.133403][ T3609] [ 50.146968][ T3609] Possible interrupt unsafe locking scenario: [ 50.146968][ T3609] [ 50.155278][ T3609] CPU0 CPU1 [ 50.160645][ T3609] ---- ---- [ 50.166002][ T3609] lock(tasklist_lock); [ 50.170249][ T3609] local_irq_disable(); [ 50.177009][ T3609] lock(&dev->event_lock#2); [ 50.184220][ T3609] lock(&client->buffer_lock); [ 50.191591][ T3609] [ 50.195042][ T3609] lock(&dev->event_lock#2); [ 50.199898][ T3609] [ 50.199898][ T3609] *** DEADLOCK *** [ 50.199898][ T3609] [ 50.208036][ T3609] 7 locks held by syz-executor135/3609: [ 50.213577][ T3609] #0: ffff8880214bf110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 50.222732][ T3609] #1: ffff8881465de230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xa6/0x320 [ 50.232847][ T3609] #2: ffffffff8bd86660 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x320 [ 50.242517][ T3609] #3: ffffffff8bd86660 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 50.252621][ T3609] #4: ffffffff8bd86660 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 [ 50.261773][ T3609] #5: ffff8880172d7028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 50.272577][ T3609] #6: ffffffff8bd86660 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x41/0x470 [ 50.281645][ T3609] [ 50.281645][ T3609] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 50.292042][ T3609] -> (&dev->event_lock#2){-...}-{2:2} { [ 50.297711][ T3609] IN-HARDIRQ-W at: [ 50.301776][ T3609] lock_acquire+0x1ab/0x570 [ 50.308123][ T3609] _raw_spin_lock_irqsave+0x39/0x50 [ 50.315236][ T3609] input_event+0x7b/0xb0 [ 50.321307][ T3609] psmouse_report_standard_buttons+0x2c/0x80 [ 50.329135][ T3609] psmouse_process_byte+0x1e1/0x890 [ 50.336158][ T3609] psmouse_handle_byte+0x41/0x1b0 [ 50.343020][ T3609] psmouse_interrupt+0x304/0xf00 [ 50.349780][ T3609] serio_interrupt+0x88/0x150 [ 50.356289][ T3609] i8042_interrupt+0x27a/0x520 [ 50.362884][ T3609] __handle_irq_event_percpu+0x22b/0x880 [ 50.370433][ T3609] handle_irq_event+0xa7/0x1e0 [ 50.377025][ T3609] handle_edge_irq+0x25f/0xd00 [ 50.383619][ T3609] __common_interrupt+0x9d/0x210 [ 50.390394][ T3609] common_interrupt+0xa4/0xc0 [ 50.396908][ T3609] asm_common_interrupt+0x27/0x40 [ 50.403789][ T3609] kset_find_obj+0x6a/0x110 [ 50.410153][ T3609] module_add_driver+0x208/0x370 [ 50.416939][ T3609] bus_add_driver+0x2ff/0x640 [ 50.423469][ T3609] driver_register+0x220/0x3a0 [ 50.430078][ T3609] usb_register_driver+0x249/0x460 [ 50.437063][ T3609] do_one_initcall+0x103/0x650 [ 50.443673][ T3609] kernel_init_freeable+0x6b1/0x73a [ 50.450704][ T3609] kernel_init+0x1a/0x1d0 [ 50.456862][ T3609] ret_from_fork+0x1f/0x30 [ 50.463115][ T3609] INITIAL USE at: [ 50.467095][ T3609] lock_acquire+0x1ab/0x570 [ 50.473354][ T3609] _raw_spin_lock_irqsave+0x39/0x50 [ 50.480296][ T3609] input_inject_event+0xa6/0x320 [ 50.486977][ T3609] led_set_brightness_nosleep+0xe6/0x1a0 [ 50.494351][ T3609] led_set_brightness+0x134/0x170 [ 50.501117][ T3609] led_trigger_event+0xb0/0x200 [ 50.507717][ T3609] kbd_led_trigger_activate+0xc9/0x100 [ 50.514915][ T3609] led_trigger_set+0x5d7/0xaf0 [ 50.521423][ T3609] led_trigger_set_default+0x1a6/0x230 [ 50.528627][ T3609] led_classdev_register_ext+0x56f/0x770 [ 50.536001][ T3609] input_leds_connect+0x4bd/0x860 [ 50.542787][ T3609] input_attach_handler+0x180/0x1f0 [ 50.549723][ T3609] input_register_device.cold+0xf0/0x304 [ 50.557112][ T3609] atkbd_connect+0x749/0xa10 [ 50.563448][ T3609] serio_driver_probe+0x72/0xa0 [ 50.570044][ T3609] really_probe+0x23e/0xb90 [ 50.576300][ T3609] __driver_probe_device+0x338/0x4d0 [ 50.583330][ T3609] driver_probe_device+0x4c/0x1a0 [ 50.590273][ T3609] __driver_attach+0x22d/0x550 [ 50.596785][ T3609] bus_for_each_dev+0x147/0x1d0 [ 50.603382][ T3609] serio_handle_event+0x5f6/0xa30 [ 50.610150][ T3609] process_one_work+0x996/0x1610 [ 50.616851][ T3609] worker_thread+0x665/0x1080 [ 50.623277][ T3609] kthread+0x2e9/0x3a0 [ 50.629093][ T3609] ret_from_fork+0x1f/0x30 [ 50.635256][ T3609] } [ 50.637837][ T3609] ... key at: [] __key.7+0x0/0x40 [ 50.645046][ T3609] -> (&client->buffer_lock){....}-{2:2} { [ 50.650801][ T3609] INITIAL USE at: [ 50.654715][ T3609] lock_acquire+0x1ab/0x570 [ 50.660831][ T3609] _raw_spin_lock+0x2a/0x40 [ 50.666906][ T3609] evdev_pass_values.part.0+0xf6/0x970 [ 50.673959][ T3609] evdev_events+0x359/0x3e0 [ 50.680056][ T3609] input_to_handler+0x2a0/0x4c0 [ 50.686495][ T3609] input_pass_values.part.0+0x230/0x710 [ 50.693618][ T3609] input_handle_event+0x373/0x1440 [ 50.700316][ T3609] input_inject_event+0x1bd/0x320 [ 50.706920][ T3609] evdev_write+0x430/0x760 [ 50.712923][ T3609] vfs_write+0x269/0xac0 [ 50.718761][ T3609] ksys_write+0x1e8/0x250 [ 50.724662][ T3609] do_syscall_64+0x35/0xb0 [ 50.730669][ T3609] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 50.738145][ T3609] } [ 50.740647][ T3609] ... key at: [] __key.3+0x0/0x40 [ 50.747775][ T3609] ... acquired at: [ 50.751587][ T3609] _raw_spin_lock+0x2a/0x40 [ 50.756284][ T3609] evdev_pass_values.part.0+0xf6/0x970 [ 50.761927][ T3609] evdev_events+0x359/0x3e0 [ 50.766623][ T3609] input_to_handler+0x2a0/0x4c0 [ 50.771661][ T3609] input_pass_values.part.0+0x230/0x710 [ 50.777834][ T3609] input_handle_event+0x373/0x1440 [ 50.783125][ T3609] input_inject_event+0x1bd/0x320 [ 50.788326][ T3609] evdev_write+0x430/0x760 [ 50.792921][ T3609] vfs_write+0x269/0xac0 [ 50.797345][ T3609] ksys_write+0x1e8/0x250 [ 50.801854][ T3609] do_syscall_64+0x35/0xb0 [ 50.806455][ T3609] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 50.812532][ T3609] [ 50.814851][ T3609] [ 50.814851][ T3609] the dependencies between the lock to be acquired [ 50.814859][ T3609] and HARDIRQ-irq-unsafe lock: [ 50.828373][ T3609] -> (tasklist_lock){.+.+}-{2:2} { [ 50.833680][ T3609] HARDIRQ-ON-R at: [ 50.837833][ T3609] lock_acquire+0x1ab/0x570 [ 50.844345][ T3609] _raw_read_lock+0x5b/0x70 [ 50.850851][ T3609] do_wait+0x284/0xce0 [ 50.856926][ T3609] kernel_wait+0x9c/0x150 [ 50.863260][ T3609] call_usermodehelper_exec_work+0xf5/0x180 [ 50.871156][ T3609] process_one_work+0x996/0x1610 [ 50.878158][ T3609] worker_thread+0x665/0x1080 [ 50.884833][ T3609] kthread+0x2e9/0x3a0 [ 50.890901][ T3609] ret_from_fork+0x1f/0x30 [ 50.897323][ T3609] SOFTIRQ-ON-R at: [ 50.901474][ T3609] lock_acquire+0x1ab/0x570 [ 50.907986][ T3609] _raw_read_lock+0x5b/0x70 [ 50.914491][ T3609] do_wait+0x284/0xce0 [ 50.920568][ T3609] kernel_wait+0x9c/0x150 [ 50.926912][ T3609] call_usermodehelper_exec_work+0xf5/0x180 [ 50.934807][ T3609] process_one_work+0x996/0x1610 [ 50.941747][ T3609] worker_thread+0x665/0x1080 [ 50.948423][ T3609] kthread+0x2e9/0x3a0 [ 50.954492][ T3609] ret_from_fork+0x1f/0x30 [ 50.960922][ T3609] INITIAL USE at: [ 50.964991][ T3609] lock_acquire+0x1ab/0x570 [ 50.971415][ T3609] _raw_write_lock_irq+0x32/0x50 [ 50.978269][ T3609] copy_process+0x445e/0x7020 [ 50.984947][ T3609] kernel_clone+0xe7/0xab0 [ 50.991360][ T3609] user_mode_thread+0xad/0xe0 [ 50.997955][ T3609] rest_init+0x23/0x270 [ 51.004211][ T3609] arch_call_rest_init+0xf/0x14 [ 51.010980][ T3609] start_kernel+0x46e/0x48f [ 51.017394][ T3609] secondary_startup_64_no_verify+0xce/0xdb [ 51.025204][ T3609] INITIAL READ USE at: [ 51.029706][ T3609] lock_acquire+0x1ab/0x570 [ 51.036562][ T3609] _raw_read_lock+0x5b/0x70 [ 51.043412][ T3609] do_wait+0x284/0xce0 [ 51.049837][ T3609] kernel_wait+0x9c/0x150 [ 51.056522][ T3609] call_usermodehelper_exec_work+0xf5/0x180 [ 51.064762][ T3609] process_one_work+0x996/0x1610 [ 51.072048][ T3609] worker_thread+0x665/0x1080 [ 51.079071][ T3609] kthread+0x2e9/0x3a0 [ 51.085491][ T3609] ret_from_fork+0x1f/0x30 [ 51.092278][ T3609] } [ 51.094950][ T3609] ... key at: [] tasklist_lock+0x18/0x40 [ 51.102857][ T3609] ... acquired at: [ 51.106833][ T3609] _raw_read_lock+0x5b/0x70 [ 51.111518][ T3609] send_sigio+0xab/0x380 [ 51.115940][ T3609] kill_fasync+0x1f8/0x470 [ 51.120535][ T3609] sock_wake_async+0xd2/0x160 [ 51.125394][ T3609] sock_def_readable+0x349/0x4e0 [ 51.130515][ T3609] unix_dgram_sendmsg+0xf69/0x1ad0 [ 51.135804][ T3609] sock_sendmsg+0xcf/0x120 [ 51.140393][ T3609] ____sys_sendmsg+0x334/0x810 [ 51.145332][ T3609] ___sys_sendmsg+0xf3/0x170 [ 51.150097][ T3609] __sys_sendmmsg+0x195/0x470 [ 51.154950][ T3609] __x64_sys_sendmmsg+0x99/0x100 [ 51.160075][ T3609] do_syscall_64+0x35/0xb0 [ 51.164674][ T3609] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.170750][ T3609] [ 51.173078][ T3609] -> (&f->f_owner.lock){....}-{2:2} { [ 51.178558][ T3609] INITIAL USE at: [ 51.182640][ T3609] lock_acquire+0x1ab/0x570 [ 51.188887][ T3609] _raw_write_lock_irq+0x32/0x50 [ 51.195565][ T3609] f_modown+0x2a/0x390 [ 51.201379][ T3609] f_setown+0xd7/0x230 [ 51.207187][ T3609] sock_ioctl+0x37e/0x640 [ 51.213257][ T3609] __x64_sys_ioctl+0x193/0x200 [ 51.219763][ T3609] do_syscall_64+0x35/0xb0 [ 51.225925][ T3609] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.233562][ T3609] INITIAL READ USE at: [ 51.237973][ T3609] lock_acquire+0x1ab/0x570 [ 51.244656][ T3609] _raw_read_lock_irqsave+0x70/0x90 [ 51.252032][ T3609] send_sigio+0x24/0x380 [ 51.258451][ T3609] kill_fasync+0x1f8/0x470 [ 51.265046][ T3609] sock_wake_async+0xd2/0x160 [ 51.271904][ T3609] sock_def_readable+0x349/0x4e0 [ 51.279021][ T3609] unix_dgram_sendmsg+0xf69/0x1ad0 [ 51.286309][ T3609] sock_sendmsg+0xcf/0x120 [ 51.292895][ T3609] ____sys_sendmsg+0x334/0x810 [ 51.299915][ T3609] ___sys_sendmsg+0xf3/0x170 [ 51.306695][ T3609] __sys_sendmmsg+0x195/0x470 [ 51.313543][ T3609] __x64_sys_sendmmsg+0x99/0x100 [ 51.320659][ T3609] do_syscall_64+0x35/0xb0 [ 51.327259][ T3609] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.335418][ T3609] } [ 51.338004][ T3609] ... key at: [] __key.5+0x0/0x40 [ 51.345209][ T3609] ... acquired at: [ 51.349091][ T3609] _raw_read_lock_irqsave+0x70/0x90 [ 51.354480][ T3609] send_sigio+0x24/0x380 [ 51.358927][ T3609] kill_fasync+0x1f8/0x470 [ 51.363557][ T3609] sock_wake_async+0xd2/0x160 [ 51.368417][ T3609] sock_def_readable+0x349/0x4e0 [ 51.373534][ T3609] unix_dgram_sendmsg+0xf69/0x1ad0 [ 51.378843][ T3609] sock_sendmsg+0xcf/0x120 [ 51.383442][ T3609] ____sys_sendmsg+0x334/0x810 [ 51.388386][ T3609] ___sys_sendmsg+0xf3/0x170 [ 51.393157][ T3609] __sys_sendmmsg+0x195/0x470 [ 51.398023][ T3609] __x64_sys_sendmmsg+0x99/0x100 [ 51.403162][ T3609] do_syscall_64+0x35/0xb0 [ 51.407770][ T3609] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.413868][ T3609] [ 51.416197][ T3609] -> (&new->fa_lock){....}-{2:2} { [ 51.421885][ T3609] INITIAL READ USE at: [ 51.426216][ T3609] lock_acquire+0x1ab/0x570 [ 51.432735][ T3609] _raw_read_lock_irqsave+0x70/0x90 [ 51.439951][ T3609] kill_fasync+0x136/0x470 [ 51.446390][ T3609] sock_wake_async+0xd2/0x160 [ 51.453089][ T3609] sock_def_readable+0x349/0x4e0 [ 51.460047][ T3609] unix_dgram_sendmsg+0xf69/0x1ad0 [ 51.467181][ T3609] sock_sendmsg+0xcf/0x120 [ 51.473628][ T3609] ____sys_sendmsg+0x334/0x810 [ 51.480404][ T3609] ___sys_sendmsg+0xf3/0x170 [ 51.486997][ T3609] __sys_sendmmsg+0x195/0x470 [ 51.493674][ T3609] __x64_sys_sendmmsg+0x99/0x100 [ 51.500628][ T3609] do_syscall_64+0x35/0xb0 [ 51.507053][ T3609] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.515123][ T3609] } [ 51.517626][ T3609] ... key at: [] __key.0+0x0/0x40 [ 51.524743][ T3609] ... acquired at: [ 51.528537][ T3609] lock_acquire+0x1ab/0x570 [ 51.533481][ T3609] _raw_read_lock_irqsave+0x70/0x90 [ 51.538860][ T3609] kill_fasync+0x136/0x470 [ 51.543453][ T3609] evdev_pass_values.part.0+0x64e/0x970 [ 51.549194][ T3609] evdev_events+0x359/0x3e0 [ 51.553886][ T3609] input_to_handler+0x2a0/0x4c0 [ 51.558937][ T3609] input_pass_values.part.0+0x230/0x710 [ 51.564669][ T3609] input_handle_event+0x373/0x1440 [ 51.570050][ T3609] input_inject_event+0x1bd/0x320 [ 51.575348][ T3609] evdev_write+0x430/0x760 [ 51.579969][ T3609] vfs_write+0x269/0xac0 [ 51.584482][ T3609] ksys_write+0x1e8/0x250 [ 51.588992][ T3609] do_syscall_64+0x35/0xb0 [ 51.593592][ T3609] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.599666][ T3609] [ 51.601986][ T3609] [ 51.601986][ T3609] stack backtrace: [ 51.607868][ T3609] CPU: 0 PID: 3609 Comm: syz-executor135 Not tainted 5.19.0-rc4-syzkaller-00125-ga175eca0f3d7 #0 [ 51.618386][ T3609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 51.628466][ T3609] Call Trace: [ 51.631759][ T3609] [ 51.634711][ T3609] dump_stack_lvl+0xcd/0x134 [ 51.639325][ T3609] check_irq_usage.cold+0x4c1/0x6b0 [ 51.644577][ T3609] ? lock_chain_count+0x20/0x20 [ 51.649446][ T3609] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 51.656571][ T3609] ? mark_lock.part.0+0xee/0x1910 [ 51.661610][ T3609] ? check_path.constprop.0+0x24/0x50 [ 51.666994][ T3609] ? register_lock_class+0xbe/0x1130 [ 51.672288][ T3609] ? lock_chain_count+0x20/0x20 [ 51.677167][ T3609] ? is_dynamic_key.part.0+0x130/0x130 [ 51.682670][ T3609] __lock_acquire+0x2ad6/0x5660 [ 51.687548][ T3609] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.693541][ T3609] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.699545][ T3609] lock_acquire+0x1ab/0x570 [ 51.704062][ T3609] ? kill_fasync+0x136/0x470 [ 51.708673][ T3609] ? lock_release+0x780/0x780 [ 51.713359][ T3609] ? lock_release+0x780/0x780 [ 51.718049][ T3609] ? lock_release+0x780/0x780 [ 51.722734][ T3609] ? __wake_up_common+0x650/0x650 [ 51.727786][ T3609] _raw_read_lock_irqsave+0x70/0x90 [ 51.732999][ T3609] ? kill_fasync+0x136/0x470 [ 51.737625][ T3609] kill_fasync+0x136/0x470 [ 51.742069][ T3609] evdev_pass_values.part.0+0x64e/0x970 [ 51.747663][ T3609] ? evdev_free+0x70/0x70 [ 51.752012][ T3609] ? ktime_mono_to_any+0xb5/0x1e0 [ 51.757058][ T3609] evdev_events+0x359/0x3e0 [ 51.761584][ T3609] ? evdev_connect+0x4b0/0x4b0 [ 51.766374][ T3609] input_to_handler+0x2a0/0x4c0 [ 51.771249][ T3609] input_pass_values.part.0+0x230/0x710 [ 51.776820][ T3609] input_handle_event+0x373/0x1440 [ 51.781950][ T3609] input_inject_event+0x1bd/0x320 [ 51.786999][ T3609] evdev_write+0x430/0x760 [ 51.791436][ T3609] ? evdev_read+0xe30/0xe30 [ 51.795948][ T3609] ? apparmor_file_permission+0x264/0x4e0 [ 51.801691][ T3609] ? bpf_lsm_file_permission+0x5/0x10 [ 51.807074][ T3609] ? security_file_permission+0xab/0xd0 [ 51.812633][ T3609] ? evdev_read+0xe30/0xe30 [ 51.817144][ T3609] vfs_write+0x269/0xac0 [ 51.821405][ T3609] ksys_write+0x1e8/0x250 [ 51.825758][ T3609] ? __ia32_sys_read+0xb0/0xb0 [ 51.830529][ T3609] ? lockdep_hardirqs_on+0x79/0x100 [ 51.835731][ T3609] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.840937][ T3609] ? ptrace_notify+0xfa/0x140 [ 51.845624][ T3609] do_syscall_64+0x35/0xb0 [ 51.850051][ T3609] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.855957][ T3609] RIP: 0033:0x7fa216c83729 [ 51.860382][ T3609] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.880000][ T3609] RSP: 002b:00007ffe1ccf71a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 write(4, "\x26\x00\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 14472) = 14472 exit_group(0) = ? +++ exited with 0 +++ [ 51.888501][ T3609] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa216c8372