./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor684957845 <...> Warning: Permanently added '10.128.1.166' (ED25519) to the list of known hosts. execve("./syz-executor684957845", ["./syz-executor684957845"], 0x7ffee713e680 /* 10 vars */) = 0 brk(NULL) = 0x555556b44000 brk(0x555556b44d40) = 0x555556b44d40 arch_prctl(ARCH_SET_FS, 0x555556b443c0) = 0 set_tid_address(0x555556b44690) = 5030 set_robust_list(0x555556b446a0, 24) = 0 rseq(0x555556b44ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor684957845", 4096) = 27 getrandom("\x74\x36\xea\x93\x9c\x43\x63\x91", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556b44d40 brk(0x555556b65d40) = 0x555556b65d40 brk(0x555556b66000) = 0x555556b66000 mprotect(0x7f1e455c5000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f1e455cb40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f1e45569e20, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f1e4555b4a0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1e454e3000 mprotect(0x7f1e454e4000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f1e45503990, parent_tid=0x7f1e45503990, exit_signal=0, stack=0x7f1e454e3000, stack_size=0x20300, tls=0x7f1e455036c0} => {parent_tid=[5031]}, 88) = 5031 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0x7f1e455cb408, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7f1e455cb40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5031 attached [pid 5031] rseq(0x7f1e45503fe0, 0x20, 0, 0x53053053) = 0 [pid 5031] set_robust_list(0x7f1e455039a0, 24) = 0 [pid 5031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5031] open("./file0", O_RDONLY|O_CREAT|O_LARGEFILE|0x4000000, 000) = 3 [pid 5031] futex(0x7f1e455cb40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f1e455cb408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f1e455cb40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 1 [pid 5031] gettid() = 5031 [pid 5031] futex(0x7f1e455cb40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f1e455cb408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f1e455cb40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 1 [pid 5031] fcntl(3, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=5031}) = 0 [pid 5031] futex(0x7f1e455cb40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f1e455cb408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f1e455cb40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 1 [pid 5031] fcntl(3, F_SETLEASE, F_RDLCK) = 0 [pid 5031] futex(0x7f1e455cb40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f1e455cb408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f1e455cb40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 1 [pid 5031] open("./file0", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5031] futex(0x7f1e455cb40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f1e455cb408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f1e455cb40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 1 [pid 5031] ioctl(-1, EVIOCSFF, {type=0 /* FF_??? */, id=0, direction=0, ...}) = -1 EBADF (Bad file descriptor) [pid 5031] futex(0x7f1e455cb40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f1e455cb408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f1e455cb40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 1 [pid 5031] openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000) = 4 [pid 5031] futex(0x7f1e455cb40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f1e455cb408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f1e455cb40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 1 [pid 5031] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5031] futex(0x7f1e455cb40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f1e455cb408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f1e455cb40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 1 [pid 5031] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 6 [pid 5031] futex(0x7f1e455cb40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f1e455cb408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f1e455cb40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 1 [pid 5031] ioctl(6, FIOASYNC, [1986356271]) = 0 [pid 5031] futex(0x7f1e455cb40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7f1e455cb408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f1e455cb40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 1 [ 74.294679][ T5031] [ 74.297054][ T5031] ===================================================== [ 74.303984][ T5031] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 74.311443][ T5031] 6.5.0-rc1-syzkaller-00006-g3f01e9fed845 #0 Not tainted [ 74.318476][ T5031] ----------------------------------------------------- [ 74.325411][ T5031] syz-executor684/5031 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 74.333496][ T5031] ffff8880774810c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x139/0x4f0 [ 74.342240][ T5031] [ 74.342240][ T5031] and this task is already holding: [ 74.349609][ T5031] ffff88807cfc1028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 74.360020][ T5031] which would create a new lock dependency: [ 74.365912][ T5031] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 74.374074][ T5031] [ 74.374074][ T5031] but this new dependency connects a HARDIRQ-irq-safe lock: [ 74.383534][ T5031] (&dev->event_lock#2){-...}-{2:2} [ 74.383578][ T5031] [ 74.383578][ T5031] ... which became HARDIRQ-irq-safe at: [ 74.396492][ T5031] lock_acquire+0x1b1/0x520 [ 74.401111][ T5031] _raw_spin_lock_irqsave+0x3d/0x60 [ 74.406426][ T5031] input_event+0x70/0xa0 [ 74.410778][ T5031] psmouse_report_standard_buttons+0x30/0x80 [ 74.416867][ T5031] psmouse_process_byte+0x39e/0x8b0 [ 74.422171][ T5031] psmouse_handle_byte+0x41/0x560 [ 74.427299][ T5031] psmouse_receive_byte+0x1ee/0xd70 [ 74.432607][ T5031] ps2_interrupt+0x1ed/0x5e0 [ 74.437299][ T5031] serio_interrupt+0x8c/0x150 [ 74.442092][ T5031] i8042_interrupt+0x3a9/0x820 [ 74.446972][ T5031] __handle_irq_event_percpu+0x22b/0x730 [ 74.452706][ T5031] handle_irq_event+0xab/0x1e0 [ 74.457571][ T5031] handle_edge_irq+0x263/0xd00 [ 74.462446][ T5031] __common_interrupt+0xa1/0x220 [ 74.467491][ T5031] common_interrupt+0xa8/0xd0 [ 74.472271][ T5031] asm_common_interrupt+0x26/0x40 [ 74.477403][ T5031] __sanitizer_cov_trace_pc+0xb/0x70 [ 74.482807][ T5031] kset_find_obj+0x5c/0x110 [ 74.487415][ T5031] driver_find+0x59/0xd0 [ 74.491774][ T5031] driver_register+0x14c/0x4a0 [ 74.496652][ T5031] usb_register_driver+0x251/0x500 [ 74.501880][ T5031] do_one_initcall+0x105/0x630 [ 74.506758][ T5031] kernel_init_freeable+0x64e/0xba0 [ 74.512065][ T5031] kernel_init+0x1e/0x2c0 [ 74.516531][ T5031] ret_from_fork+0x1f/0x30 [ 74.521094][ T5031] [ 74.521094][ T5031] to a HARDIRQ-irq-unsafe lock: [ 74.528116][ T5031] (tasklist_lock){.+.+}-{2:2} [ 74.528149][ T5031] [ 74.528149][ T5031] ... which became HARDIRQ-irq-unsafe at: [ 74.540848][ T5031] ... [ 74.540855][ T5031] lock_acquire+0x1b1/0x520 [ 74.548060][ T5031] _raw_read_lock+0x5f/0x70 [ 74.552677][ T5031] do_wait+0x283/0xc30 [ 74.556866][ T5031] kernel_wait+0xa0/0x150 [ 74.561399][ T5031] call_usermodehelper_exec_work+0xf9/0x180 [ 74.567400][ T5031] process_one_work+0xa34/0x16f0 [ 74.572448][ T5031] worker_thread+0x67d/0x10c0 [ 74.577234][ T5031] kthread+0x344/0x440 [ 74.581411][ T5031] ret_from_fork+0x1f/0x30 [ 74.585960][ T5031] [ 74.585960][ T5031] other info that might help us debug this: [ 74.585960][ T5031] [ 74.596191][ T5031] Chain exists of: [ 74.596191][ T5031] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 74.596191][ T5031] [ 74.609779][ T5031] Possible interrupt unsafe locking scenario: [ 74.609779][ T5031] [ 74.618107][ T5031] CPU0 CPU1 [ 74.623491][ T5031] ---- ---- [ 74.628861][ T5031] lock(tasklist_lock); [ 74.633146][ T5031] local_irq_disable(); [ 74.639910][ T5031] lock(&dev->event_lock#2); [ 74.647130][ T5031] lock(&client->buffer_lock); [ 74.654515][ T5031] [ 74.657986][ T5031] lock(&dev->event_lock#2); [ 74.662859][ T5031] [ 74.662859][ T5031] *** DEADLOCK *** [ 74.662859][ T5031] [ 74.671007][ T5031] 7 locks held by syz-executor684/5031: [ 74.676566][ T5031] #0: ffff888143fbc110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d7/0x760 [ 74.685838][ T5031] #1: ffff8880157ba230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0x9f/0x390 [ 74.695978][ T5031] #2: ffffffff8c9a4700 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x8b/0x390 [ 74.705698][ T5031] #3: ffffffff8c9a4700 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x760 [ 74.715849][ T5031] #4: ffffffff8c9a4700 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x5d/0x430 [ 74.725034][ T5031] #5: ffff88807cfc1028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x960 [ 74.735876][ T5031] #6: ffffffff8c9a4700 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x45/0x4f0 [ 74.744966][ T5031] [ 74.744966][ T5031] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 74.755378][ T5031] -> (&dev->event_lock#2){-...}-{2:2} { [ 74.761056][ T5031] IN-HARDIRQ-W at: [ 74.765131][ T5031] lock_acquire+0x1b1/0x520 [ 74.771484][ T5031] _raw_spin_lock_irqsave+0x3d/0x60 [ 74.778533][ T5031] input_event+0x70/0xa0 [ 74.784619][ T5031] psmouse_report_standard_buttons+0x30/0x80 [ 74.792442][ T5031] psmouse_process_byte+0x39e/0x8b0 [ 74.799483][ T5031] psmouse_handle_byte+0x41/0x560 [ 74.806349][ T5031] psmouse_receive_byte+0x1ee/0xd70 [ 74.813405][ T5031] ps2_interrupt+0x1ed/0x5e0 [ 74.819843][ T5031] serio_interrupt+0x8c/0x150 [ 74.826416][ T5031] i8042_interrupt+0x3a9/0x820 [ 74.833039][ T5031] __handle_irq_event_percpu+0x22b/0x730 [ 74.840519][ T5031] handle_irq_event+0xab/0x1e0 [ 74.847123][ T5031] handle_edge_irq+0x263/0xd00 [ 74.853832][ T5031] __common_interrupt+0xa1/0x220 [ 74.860613][ T5031] common_interrupt+0xa8/0xd0 [ 74.867134][ T5031] asm_common_interrupt+0x26/0x40 [ 74.874030][ T5031] __sanitizer_cov_trace_pc+0xb/0x70 [ 74.881168][ T5031] kset_find_obj+0x5c/0x110 [ 74.887515][ T5031] driver_find+0x59/0xd0 [ 74.893615][ T5031] driver_register+0x14c/0x4a0 [ 74.900230][ T5031] usb_register_driver+0x251/0x500 [ 74.907185][ T5031] do_one_initcall+0x105/0x630 [ 74.913800][ T5031] kernel_init_freeable+0x64e/0xba0 [ 74.920840][ T5031] kernel_init+0x1e/0x2c0 [ 74.927019][ T5031] ret_from_fork+0x1f/0x30 [ 74.933286][ T5031] INITIAL USE at: [ 74.937280][ T5031] lock_acquire+0x1b1/0x520 [ 74.943543][ T5031] _raw_spin_lock_irqsave+0x3d/0x60 [ 74.950511][ T5031] input_inject_event+0x9f/0x390 [ 74.957217][ T5031] led_set_brightness+0x207/0x290 [ 74.964010][ T5031] led_trigger_event+0xb4/0x240 [ 74.970637][ T5031] kbd_led_trigger_activate+0xcd/0x110 [ 74.977863][ T5031] led_trigger_set+0x602/0xbe0 [ 74.984390][ T5031] led_trigger_set_default+0x1aa/0x230 [ 74.991625][ T5031] led_classdev_register_ext+0x5e2/0x880 [ 74.999023][ T5031] input_leds_connect+0x4b0/0x8f0 [ 75.005812][ T5031] input_attach_handler+0x184/0x260 [ 75.012781][ T5031] input_register_device+0xafd/0x10f0 [ 75.019996][ T5031] atkbd_connect+0x5d8/0xa30 [ 75.026373][ T5031] serio_driver_probe+0x76/0xa0 [ 75.032992][ T5031] really_probe+0x240/0xca0 [ 75.039251][ T5031] __driver_probe_device+0x1df/0x4b0 [ 75.046290][ T5031] driver_probe_device+0x4c/0x1a0 [ 75.053157][ T5031] __driver_attach+0x271/0x570 [ 75.059700][ T5031] bus_for_each_dev+0x12a/0x1c0 [ 75.066331][ T5031] serio_handle_event+0x2bf/0xba0 [ 75.073135][ T5031] process_one_work+0xa34/0x16f0 [ 75.079842][ T5031] worker_thread+0x67d/0x10c0 [ 75.086293][ T5031] kthread+0x344/0x440 [ 75.092133][ T5031] ret_from_fork+0x1f/0x30 [ 75.098323][ T5031] } [ 75.100928][ T5031] ... key at: [] __key.6+0x0/0x40 [ 75.108232][ T5031] -> (&client->buffer_lock){....}-{2:2} { [ 75.114004][ T5031] INITIAL USE at: [ 75.117908][ T5031] lock_acquire+0x1b1/0x520 [ 75.123999][ T5031] _raw_spin_lock+0x2e/0x40 [ 75.130094][ T5031] evdev_pass_values.part.0+0xf6/0x960 [ 75.137149][ T5031] evdev_events+0x3b4/0x430 [ 75.143242][ T5031] input_to_handler+0x2a0/0x4c0 [ 75.149673][ T5031] input_pass_values.part.0+0x230/0x760 [ 75.156802][ T5031] input_event_dispose+0x5cf/0x730 [ 75.163499][ T5031] input_handle_event+0x122/0xdc0 [ 75.170116][ T5031] input_inject_event+0x1c7/0x390 [ 75.176734][ T5031] evdev_write+0x434/0x760 [ 75.182745][ T5031] vfs_write+0x2af/0xda0 [ 75.188580][ T5031] ksys_write+0x1e3/0x250 [ 75.194504][ T5031] do_syscall_64+0x39/0xb0 [ 75.200515][ T5031] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.208007][ T5031] } [ 75.210511][ T5031] ... key at: [] __key.3+0x0/0x40 [ 75.217644][ T5031] ... acquired at: [ 75.221451][ T5031] _raw_spin_lock+0x2e/0x40 [ 75.226156][ T5031] evdev_pass_values.part.0+0xf6/0x960 [ 75.231817][ T5031] evdev_events+0x3b4/0x430 [ 75.236523][ T5031] input_to_handler+0x2a0/0x4c0 [ 75.241580][ T5031] input_pass_values.part.0+0x230/0x760 [ 75.247324][ T5031] input_event_dispose+0x5cf/0x730 [ 75.252629][ T5031] input_handle_event+0x122/0xdc0 [ 75.258305][ T5031] input_inject_event+0x1c7/0x390 [ 75.263524][ T5031] evdev_write+0x434/0x760 [ 75.268145][ T5031] vfs_write+0x2af/0xda0 [ 75.272588][ T5031] ksys_write+0x1e3/0x250 [ 75.277119][ T5031] do_syscall_64+0x39/0xb0 [ 75.281761][ T5031] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.287865][ T5031] [ 75.290194][ T5031] [ 75.290194][ T5031] the dependencies between the lock to be acquired [ 75.290204][ T5031] and HARDIRQ-irq-unsafe lock: [ 75.303732][ T5031] -> (tasklist_lock){.+.+}-{2:2} { [ 75.309057][ T5031] HARDIRQ-ON-R at: [ 75.313218][ T5031] lock_acquire+0x1b1/0x520 [ 75.319745][ T5031] _raw_read_lock+0x5f/0x70 [ 75.326273][ T5031] do_wait+0x283/0xc30 [ 75.332371][ T5031] kernel_wait+0xa0/0x150 [ 75.338729][ T5031] call_usermodehelper_exec_work+0xf9/0x180 [ 75.346639][ T5031] process_one_work+0xa34/0x16f0 [ 75.353596][ T5031] worker_thread+0x67d/0x10c0 [ 75.360297][ T5031] kthread+0x344/0x440 [ 75.366381][ T5031] ret_from_fork+0x1f/0x30 [ 75.372829][ T5031] SOFTIRQ-ON-R at: [ 75.376992][ T5031] lock_acquire+0x1b1/0x520 [ 75.383519][ T5031] _raw_read_lock+0x5f/0x70 [ 75.390045][ T5031] do_wait+0x283/0xc30 [ 75.396143][ T5031] kernel_wait+0xa0/0x150 [ 75.402673][ T5031] call_usermodehelper_exec_work+0xf9/0x180 [ 75.410605][ T5031] process_one_work+0xa34/0x16f0 [ 75.418953][ T5031] worker_thread+0x67d/0x10c0 [ 75.425649][ T5031] kthread+0x344/0x440 [ 75.431731][ T5031] ret_from_fork+0x1f/0x30 [ 75.438176][ T5031] INITIAL USE at: [ 75.442258][ T5031] lock_acquire+0x1b1/0x520 [ 75.448781][ T5031] _raw_write_lock_irq+0x36/0x50 [ 75.455661][ T5031] copy_process+0x4bad/0x75c0 [ 75.462269][ T5031] kernel_clone+0xeb/0x890 [ 75.468613][ T5031] user_mode_thread+0xb1/0xf0 [ 75.475228][ T5031] rest_init+0x27/0x2b0 [ 75.481320][ T5031] arch_call_rest_init+0x13/0x30 [ 75.488188][ T5031] start_kernel+0x3b1/0x490 [ 75.494621][ T5031] x86_64_start_reservations+0x18/0x30 [ 75.502022][ T5031] x86_64_start_kernel+0xb3/0xc0 [ 75.508902][ T5031] secondary_startup_64_no_verify+0x167/0x16b [ 75.516910][ T5031] INITIAL READ USE at: [ 75.521420][ T5031] lock_acquire+0x1b1/0x520 [ 75.528296][ T5031] _raw_read_lock+0x5f/0x70 [ 75.535175][ T5031] do_wait+0x283/0xc30 [ 75.541616][ T5031] kernel_wait+0xa0/0x150 [ 75.548320][ T5031] call_usermodehelper_exec_work+0xf9/0x180 [ 75.556579][ T5031] process_one_work+0xa34/0x16f0 [ 75.563908][ T5031] worker_thread+0x67d/0x10c0 [ 75.570973][ T5031] kthread+0x344/0x440 [ 75.577407][ T5031] ret_from_fork+0x1f/0x30 [ 75.584195][ T5031] } [ 75.586875][ T5031] ... key at: [] tasklist_lock+0x18/0x40 [ 75.594802][ T5031] ... acquired at: [ 75.598782][ T5031] _raw_read_lock+0x5f/0x70 [ 75.603484][ T5031] send_sigio+0xaf/0x3b0 [ 75.607928][ T5031] kill_fasync+0x1fb/0x4f0 [ 75.612541][ T5031] lease_break_callback+0x23/0x30 [ 75.617763][ T5031] __break_lease+0x3db/0x12d0 [ 75.622638][ T5031] do_dentry_open+0x668/0x17b0 [ 75.627595][ T5031] path_openat+0x1b65/0x2710 [ 75.632378][ T5031] do_filp_open+0x1ba/0x410 [ 75.637078][ T5031] do_sys_openat2+0x160/0x1c0 [ 75.641956][ T5031] __x64_sys_open+0x11d/0x1c0 [ 75.646835][ T5031] do_syscall_64+0x39/0xb0 [ 75.651462][ T5031] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.657649][ T5031] [ 75.659987][ T5031] -> (&f->f_owner.lock){....}-{2:2} { [ 75.665922][ T5031] INITIAL USE at: [ 75.670085][ T5031] lock_acquire+0x1b1/0x520 [ 75.676444][ T5031] _raw_write_lock_irq+0x36/0x50 [ 75.683147][ T5031] f_modown+0x2a/0x390 [ 75.688978][ T5031] do_fcntl+0xb58/0x1270 [ 75.694982][ T5031] __x64_sys_fcntl+0x15a/0x1d0 [ 75.701512][ T5031] do_syscall_64+0x39/0xb0 [ 75.707703][ T5031] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.715384][ T5031] INITIAL READ USE at: [ 75.719811][ T5031] lock_acquire+0x1b1/0x520 [ 75.726513][ T5031] _raw_read_lock_irqsave+0x74/0x90 [ 75.734002][ T5031] send_sigio+0x28/0x3b0 [ 75.740442][ T5031] kill_fasync+0x1fb/0x4f0 [ 75.747053][ T5031] lease_break_callback+0x23/0x30 [ 75.754273][ T5031] __break_lease+0x3db/0x12d0 [ 75.761176][ T5031] do_dentry_open+0x668/0x17b0 [ 75.768131][ T5031] path_openat+0x1b65/0x2710 [ 75.774912][ T5031] do_filp_open+0x1ba/0x410 [ 75.781608][ T5031] do_sys_openat2+0x160/0x1c0 [ 75.788483][ T5031] __x64_sys_open+0x11d/0x1c0 [ 75.795356][ T5031] do_syscall_64+0x39/0xb0 [ 75.801977][ T5031] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.810074][ T5031] } [ 75.812664][ T5031] ... key at: [] __key.5+0x0/0x40 [ 75.819890][ T5031] ... acquired at: [ 75.823784][ T5031] _raw_read_lock_irqsave+0x74/0x90 [ 75.829186][ T5031] send_sigio+0x28/0x3b0 [ 75.833652][ T5031] kill_fasync+0x1fb/0x4f0 [ 75.838298][ T5031] lease_break_callback+0x23/0x30 [ 75.843530][ T5031] __break_lease+0x3db/0x12d0 [ 75.848415][ T5031] do_dentry_open+0x668/0x17b0 [ 75.853382][ T5031] path_openat+0x1b65/0x2710 [ 75.858168][ T5031] do_filp_open+0x1ba/0x410 [ 75.862863][ T5031] do_sys_openat2+0x160/0x1c0 [ 75.867739][ T5031] __x64_sys_open+0x11d/0x1c0 [ 75.872612][ T5031] do_syscall_64+0x39/0xb0 [ 75.877252][ T5031] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.883353][ T5031] [ 75.885684][ T5031] -> (&new->fa_lock){....}-{2:2} { [ 75.890836][ T5031] INITIAL READ USE at: [ 75.895192][ T5031] lock_acquire+0x1b1/0x520 [ 75.901734][ T5031] _raw_read_lock_irqsave+0x74/0x90 [ 75.908974][ T5031] kill_fasync+0x139/0x4f0 [ 75.915424][ T5031] lease_break_callback+0x23/0x30 [ 75.922469][ T5031] __break_lease+0x3db/0x12d0 [ 75.929169][ T5031] do_dentry_open+0x668/0x17b0 [ 75.935955][ T5031] path_openat+0x1b65/0x2710 [ 75.942559][ T5031] do_filp_open+0x1ba/0x410 [ 75.949079][ T5031] do_sys_openat2+0x160/0x1c0 [ 75.955787][ T5031] __x64_sys_open+0x11d/0x1c0 [ 75.962501][ T5031] do_syscall_64+0x39/0xb0 [ 75.968966][ T5031] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.976901][ T5031] } [ 75.979417][ T5031] ... key at: [] __key.0+0x0/0x40 [ 75.986568][ T5031] ... acquired at: [ 75.990381][ T5031] lock_acquire+0x1b1/0x520 [ 75.995086][ T5031] _raw_read_lock_irqsave+0x74/0x90 [ 76.000490][ T5031] kill_fasync+0x139/0x4f0 [ 76.005107][ T5031] evdev_pass_values.part.0+0x667/0x960 [ 76.010859][ T5031] evdev_events+0x3b4/0x430 [ 76.015566][ T5031] input_to_handler+0x2a0/0x4c0 [ 76.020607][ T5031] input_pass_values.part.0+0x230/0x760 [ 76.026362][ T5031] input_event_dispose+0x5cf/0x730 [ 76.031679][ T5031] input_handle_event+0x122/0xdc0 [ 76.036906][ T5031] input_inject_event+0x1c7/0x390 [ 76.042139][ T5031] evdev_write+0x434/0x760 [ 76.046782][ T5031] vfs_write+0x2af/0xda0 [ 76.051230][ T5031] ksys_write+0x1e3/0x250 [ 76.055772][ T5031] do_syscall_64+0x39/0xb0 [ 76.060394][ T5031] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.066496][ T5031] [ 76.068824][ T5031] [ 76.068824][ T5031] stack backtrace: [ 76.074716][ T5031] CPU: 0 PID: 5031 Comm: syz-executor684 Not tainted 6.5.0-rc1-syzkaller-00006-g3f01e9fed845 #0 [ 76.085147][ T5031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 76.095231][ T5031] Call Trace: [ 76.098593][ T5031] [ 76.101537][ T5031] dump_stack_lvl+0xd9/0x150 [ 76.106274][ T5031] check_irq_usage+0x10fa/0x1a50 [ 76.111250][ T5031] ? print_shortest_lock_dependencies_backwards+0x1e0/0x1e0 [ 76.118666][ T5031] ? __lockdep_reset_lock+0x1a0/0x1a0 [ 76.124067][ T5031] ? mark_lock.part.0+0xee/0x1960 [ 76.129123][ T5031] ? check_path.constprop.0+0x24/0x50 [ 76.134553][ T5031] ? register_lock_class+0xbe/0x1120 [ 76.139867][ T5031] ? print_circular_bug+0x740/0x740 [ 76.145095][ T5031] ? print_usage_bug.part.0+0x670/0x670 [ 76.150672][ T5031] ? is_dynamic_key.part.0+0x190/0x190 [ 76.156166][ T5031] __lock_acquire+0x2eb5/0x5e20 [ 76.161052][ T5031] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 76.167061][ T5031] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 76.173081][ T5031] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 76.179091][ T5031] ? __wake_up_common_lock+0xe2/0x140 [ 76.184500][ T5031] lock_acquire+0x1b1/0x520 [ 76.189054][ T5031] ? kill_fasync+0x139/0x4f0 [ 76.193674][ T5031] ? lock_sync+0x190/0x190 [ 76.198114][ T5031] ? lock_sync+0x190/0x190 [ 76.202561][ T5031] ? lock_sync+0x190/0x190 [ 76.207003][ T5031] ? __wake_up_common+0x650/0x650 [ 76.212055][ T5031] _raw_read_lock_irqsave+0x74/0x90 [ 76.217286][ T5031] ? kill_fasync+0x139/0x4f0 [ 76.221913][ T5031] kill_fasync+0x139/0x4f0 [ 76.226362][ T5031] evdev_pass_values.part.0+0x667/0x960 [ 76.231949][ T5031] ? evdev_free+0x70/0x70 [ 76.236307][ T5031] ? ktime_mono_to_any+0xb9/0x1e0 [ 76.241365][ T5031] evdev_events+0x3b4/0x430 [ 76.245901][ T5031] ? evdev_connect+0x4c0/0x4c0 [ 76.250713][ T5031] input_to_handler+0x2a0/0x4c0 [ 76.255589][ T5031] input_pass_values.part.0+0x230/0x760 [ 76.261176][ T5031] input_event_dispose+0x5cf/0x730 [ 76.266321][ T5031] input_handle_event+0x122/0xdc0 [ 76.271373][ T5031] input_inject_event+0x1c7/0x390 [ 76.276438][ T5031] evdev_write+0x434/0x760 [ 76.280896][ T5031] ? evdev_read+0xe40/0xe40 [ 76.285431][ T5031] ? apparmor_file_permission+0x278/0x4f0 [ 76.291171][ T5031] ? bpf_lsm_file_permission+0x9/0x10 [ 76.296566][ T5031] ? security_file_permission+0xaf/0xd0 [ 76.302148][ T5031] vfs_write+0x2af/0xda0 [ 76.306419][ T5031] ? evdev_read+0xe40/0xe40 [ 76.310976][ T5031] ? kernel_write+0x680/0x680 [ 76.315683][ T5031] ? recalc_sigpending_tsk+0x18b/0x1d0 [ 76.321195][ T5031] ? __fget_files+0x261/0x470 [ 76.325909][ T5031] ? __fget_light+0xe5/0x270 [ 76.330542][ T5031] ksys_write+0x1e3/0x250 [ 76.334905][ T5031] ? __ia32_sys_read+0xb0/0xb0 [ 76.339702][ T5031] ? lockdep_hardirqs_on+0x7d/0x100 [ 76.344929][ T5031] ? _raw_spin_unlock_irq+0x2e/0x50 [ 76.350158][ T5031] ? ptrace_notify+0xfe/0x140 [ 76.354855][ T5031] do_syscall_64+0x39/0xb0 [ 76.359309][ T5031] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.365252][ T5031] RIP: 0033:0x7f1e45543f79 [ 76.369684][ T5031] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 76.389309][ T5031] RSP: 002b:00007f1e45503228 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 5031] write(4, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xa7\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 10968 [pid 5030] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5031] <... write resumed>) = 10968 [pid 5031] futex(0x7f1e455cb40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7f1e455cb408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5030] exit_group(0) = ? [pid 5031] <... futex resumed>) = ? [pid 5031] +++ exited with 0 +++ +++ exited with 0 +++ [ 76.397743][ T5031] RAX: ffffffffffffffda RBX: 00007f1e455cb408 RCX: 0