./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1104495130 <...> Warning: Permanently added '10.128.10.12' (ED25519) to the list of known hosts. execve("./syz-executor1104495130", ["./syz-executor1104495130"], 0x7ffce6248700 /* 10 vars */) = 0 brk(NULL) = 0x5555561c2000 brk(0x5555561c2d00) = 0x5555561c2d00 arch_prctl(ARCH_SET_FS, 0x5555561c2380) = 0 set_tid_address(0x5555561c2650) = 5053 set_robust_list(0x5555561c2660, 24) = 0 rseq(0x5555561c2ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1104495130", 4096) = 28 getrandom("\x37\xa6\x7a\x58\x99\x48\x63\x9c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555561c2d00 brk(0x5555561e3d00) = 0x5555561e3d00 brk(0x5555561e4000) = 0x5555561e4000 mprotect(0x7f59f5982000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0 fcntl(3, F_SETOWN, -1) = 0 sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="<", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_OOB|MSG_DONTROUTE|MSG_PROBE|MSG_NOSIGNAL|MSG_BATCH|MSG_ZEROCOPY|MSG_FASTOPEN) = 1 ioctl(-1, EVIOCSFF, {type=0 /* FF_??? */, id=0, direction=0, ...}) = -1 EBADF (Bad file descriptor) openat(AT_FDCWD, "/dev/input/event2", O_RDONLY) = 5 ioctl(5, FIOASYNC, [2047]) = 0 openat(AT_FDCWD, "/dev/input/event2", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000) = 6 [ 54.094140][ T5053] [ 54.096496][ T5053] ===================================================== [ 54.103402][ T5053] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 54.110830][ T5053] 6.8.0-rc7-syzkaller-00130-g135288b73cef #0 Not tainted [ 54.117823][ T5053] ----------------------------------------------------- [ 54.124727][ T5053] syz-executor110/5053 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 54.132780][ T5053] ffff888023169a18 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x33/0x360 [ 54.141574][ T5053] [ 54.141574][ T5053] and this task is already holding: [ 54.148910][ T5053] ffff88801eecb018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x19e/0x4d0 [ 54.157575][ T5053] which would create a new lock dependency: [ 54.163437][ T5053] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){....}-{2:2} [ 54.171155][ T5053] [ 54.171155][ T5053] but this new dependency connects a HARDIRQ-irq-safe lock: [ 54.180583][ T5053] (&dev->event_lock#2){-...}-{2:2} [ 54.180608][ T5053] [ 54.180608][ T5053] ... which became HARDIRQ-irq-safe at: [ 54.193461][ T5053] lock_acquire+0x1e3/0x530 [ 54.198042][ T5053] _raw_spin_lock_irqsave+0xd5/0x120 [ 54.203411][ T5053] input_event+0x91/0xd0 [ 54.207732][ T5053] psmouse_report_standard_packet+0x54/0x200 [ 54.213785][ T5053] psmouse_process_byte+0x48c/0x680 [ 54.219054][ T5053] psmouse_handle_byte+0x49/0x4c0 [ 54.224323][ T5053] ps2_interrupt+0x17c/0x8e0 [ 54.228983][ T5053] serio_interrupt+0x90/0x140 [ 54.233730][ T5053] i8042_interrupt+0x375/0x770 [ 54.238568][ T5053] __handle_irq_event_percpu+0x289/0xa30 [ 54.244270][ T5053] handle_irq_event+0x89/0x1f0 [ 54.249101][ T5053] handle_edge_irq+0x25f/0xc20 [ 54.253931][ T5053] __common_interrupt+0x138/0x230 [ 54.259023][ T5053] common_interrupt+0xa5/0xd0 [ 54.263772][ T5053] asm_common_interrupt+0x26/0x40 [ 54.268866][ T5053] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 54.274656][ T5053] i8042_aux_write+0x116/0x1a0 [ 54.279492][ T5053] ps2_do_sendbyte+0x20f/0x730 [ 54.284325][ T5053] ps2_sendbyte+0x60/0x120 [ 54.288817][ T5053] cypress_send_ext_cmd+0x221/0x910 [ 54.294099][ T5053] cypress_detect+0x93/0x230 [ 54.298760][ T5053] psmouse_extensions+0xc2e/0x1560 [ 54.303942][ T5053] psmouse_switch_protocol+0x308/0x7d0 [ 54.309471][ T5053] psmouse_connect+0x8e4/0x14b0 [ 54.314392][ T5053] serio_driver_probe+0x7f/0xa0 [ 54.319331][ T5053] really_probe+0x29e/0xc50 [ 54.323919][ T5053] __driver_probe_device+0x1a2/0x3e0 [ 54.329284][ T5053] driver_probe_device+0x50/0x430 [ 54.334391][ T5053] __driver_attach+0x45f/0x710 [ 54.339251][ T5053] bus_for_each_dev+0x239/0x2b0 [ 54.344283][ T5053] serio_handle_event+0x1c7/0x920 [ 54.349387][ T5053] process_scheduled_works+0x913/0x1420 [ 54.355013][ T5053] worker_thread+0xa5f/0x1000 [ 54.359767][ T5053] kthread+0x2ef/0x390 [ 54.363907][ T5053] ret_from_fork+0x4b/0x80 [ 54.368395][ T5053] ret_from_fork_asm+0x1b/0x30 [ 54.373231][ T5053] [ 54.373231][ T5053] to a HARDIRQ-irq-unsafe lock: [ 54.380231][ T5053] (tasklist_lock){.+.+}-{2:2} [ 54.380252][ T5053] [ 54.380252][ T5053] ... which became HARDIRQ-irq-unsafe at: [ 54.393283][ T5053] ... [ 54.393289][ T5053] lock_acquire+0x1e3/0x530 [ 54.400427][ T5053] _raw_read_lock+0x36/0x50 [ 54.405017][ T5053] __do_wait+0x12d/0x840 [ 54.409354][ T5053] do_wait+0x1d8/0x540 [ 54.413504][ T5053] kernel_wait+0xe9/0x240 [ 54.417927][ T5053] call_usermodehelper_exec_work+0xbd/0x230 [ 54.423908][ T5053] process_scheduled_works+0x913/0x1420 [ 54.429538][ T5053] worker_thread+0xa5f/0x1000 [ 54.434292][ T5053] kthread+0x2ef/0x390 [ 54.438441][ T5053] ret_from_fork+0x4b/0x80 [ 54.442937][ T5053] ret_from_fork_asm+0x1b/0x30 [ 54.447783][ T5053] [ 54.447783][ T5053] other info that might help us debug this: [ 54.447783][ T5053] [ 54.457991][ T5053] Chain exists of: [ 54.457991][ T5053] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 54.457991][ T5053] [ 54.471015][ T5053] Possible interrupt unsafe locking scenario: [ 54.471015][ T5053] [ 54.479321][ T5053] CPU0 CPU1 [ 54.484670][ T5053] ---- ---- [ 54.490012][ T5053] lock(tasklist_lock); [ 54.494240][ T5053] local_irq_disable(); [ 54.500976][ T5053] lock(&dev->event_lock#2); [ 54.508163][ T5053] lock(&new->fa_lock); [ 54.514908][ T5053] [ 54.518346][ T5053] lock(&dev->event_lock#2); [ 54.523184][ T5053] [ 54.523184][ T5053] *** DEADLOCK *** [ 54.523184][ T5053] [ 54.531313][ T5053] 8 locks held by syz-executor110/5053: [ 54.536844][ T5053] #0: ffff888024ba4110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x271/0x7c0 [ 54.545968][ T5053] #1: ffff888024abc230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xc5/0x340 [ 54.556043][ T5053] #2: ffffffff8e130be0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xd5/0x340 [ 54.565678][ T5053] #3: ffffffff8e130be0 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0x9d/0x1200 [ 54.575318][ T5053] #4: ffffffff8e130be0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x6f/0x300 [ 54.584433][ T5053] #5: ffff88807e5c8028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xf2/0xad0 [ 54.594596][ T5053] #6: ffffffff8e130be0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x55/0x4d0 [ 54.603644][ T5053] #7: ffff88801eecb018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x19e/0x4d0 [ 54.612763][ T5053] [ 54.612763][ T5053] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 54.623320][ T5053] -> (&dev->event_lock#2){-...}-{2:2} { [ 54.629041][ T5053] IN-HARDIRQ-W at: [ 54.633180][ T5053] lock_acquire+0x1e3/0x530 [ 54.639670][ T5053] _raw_spin_lock_irqsave+0xd5/0x120 [ 54.646938][ T5053] input_event+0x91/0xd0 [ 54.653163][ T5053] psmouse_report_standard_packet+0x54/0x200 [ 54.661123][ T5053] psmouse_process_byte+0x48c/0x680 [ 54.668302][ T5053] psmouse_handle_byte+0x49/0x4c0 [ 54.675310][ T5053] ps2_interrupt+0x17c/0x8e0 [ 54.681879][ T5053] serio_interrupt+0x90/0x140 [ 54.688536][ T5053] i8042_interrupt+0x375/0x770 [ 54.695542][ T5053] __handle_irq_event_percpu+0x289/0xa30 [ 54.703157][ T5053] handle_irq_event+0x89/0x1f0 [ 54.709900][ T5053] handle_edge_irq+0x25f/0xc20 [ 54.716645][ T5053] __common_interrupt+0x138/0x230 [ 54.723656][ T5053] common_interrupt+0xa5/0xd0 [ 54.730313][ T5053] asm_common_interrupt+0x26/0x40 [ 54.737317][ T5053] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 54.745019][ T5053] i8042_aux_write+0x116/0x1a0 [ 54.751767][ T5053] ps2_do_sendbyte+0x20f/0x730 [ 54.758511][ T5053] ps2_sendbyte+0x60/0x120 [ 54.764906][ T5053] cypress_send_ext_cmd+0x221/0x910 [ 54.772084][ T5053] cypress_detect+0x93/0x230 [ 54.778657][ T5053] psmouse_extensions+0xc2e/0x1560 [ 54.785754][ T5053] psmouse_switch_protocol+0x308/0x7d0 [ 54.793194][ T5053] psmouse_connect+0x8e4/0x14b0 [ 54.800026][ T5053] serio_driver_probe+0x7f/0xa0 [ 54.807041][ T5053] really_probe+0x29e/0xc50 [ 54.813526][ T5053] __driver_probe_device+0x1a2/0x3e0 [ 54.820792][ T5053] driver_probe_device+0x50/0x430 [ 54.827800][ T5053] __driver_attach+0x45f/0x710 [ 54.834544][ T5053] bus_for_each_dev+0x239/0x2b0 [ 54.841386][ T5053] serio_handle_event+0x1c7/0x920 [ 54.848391][ T5053] process_scheduled_works+0x913/0x1420 [ 54.855922][ T5053] worker_thread+0xa5f/0x1000 [ 54.862583][ T5053] kthread+0x2ef/0x390 [ 54.868629][ T5053] ret_from_fork+0x4b/0x80 [ 54.875030][ T5053] ret_from_fork_asm+0x1b/0x30 [ 54.881778][ T5053] INITIAL USE at: [ 54.885828][ T5053] lock_acquire+0x1e3/0x530 [ 54.892226][ T5053] _raw_spin_lock_irqsave+0xd5/0x120 [ 54.899407][ T5053] input_inject_event+0xc5/0x340 [ 54.906236][ T5053] led_trigger_event+0x11c/0x1e0 [ 54.913070][ T5053] kbd_led_trigger_activate+0xbd/0x100 [ 54.920426][ T5053] led_trigger_set+0x541/0x950 [ 54.927085][ T5053] led_trigger_set_default+0x1ca/0x200 [ 54.934437][ T5053] led_classdev_register_ext+0x6df/0x8f0 [ 54.941984][ T5053] input_leds_connect+0x497/0x640 [ 54.948908][ T5053] input_register_device+0xcfa/0x1090 [ 54.956173][ T5053] atkbd_connect+0x752/0xa00 [ 54.962659][ T5053] serio_driver_probe+0x7f/0xa0 [ 54.969492][ T5053] really_probe+0x29e/0xc50 [ 54.975890][ T5053] __driver_probe_device+0x1a2/0x3e0 [ 54.983157][ T5053] driver_probe_device+0x50/0x430 [ 54.990074][ T5053] __driver_attach+0x45f/0x710 [ 54.996730][ T5053] bus_for_each_dev+0x239/0x2b0 [ 55.003476][ T5053] serio_handle_event+0x1c7/0x920 [ 55.010398][ T5053] process_scheduled_works+0x913/0x1420 [ 55.017841][ T5053] worker_thread+0xa5f/0x1000 [ 55.024416][ T5053] kthread+0x2ef/0x390 [ 55.030378][ T5053] ret_from_fork+0x4b/0x80 [ 55.036693][ T5053] ret_from_fork_asm+0x1b/0x30 [ 55.043354][ T5053] } [ 55.046009][ T5053] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 55.055191][ T5053] -> (&client->buffer_lock){....}-{2:2} { [ 55.060994][ T5053] INITIAL USE at: [ 55.064956][ T5053] lock_acquire+0x1e3/0x530 [ 55.071182][ T5053] _raw_spin_lock+0x2e/0x40 [ 55.077406][ T5053] evdev_pass_values+0xf2/0xad0 [ 55.083978][ T5053] evdev_events+0x1c2/0x300 [ 55.090210][ T5053] input_pass_values+0x84d/0x1200 [ 55.096956][ T5053] input_event_dispose+0x36c/0x650 [ 55.103787][ T5053] input_handle_event+0xa71/0xbe0 [ 55.110529][ T5053] input_inject_event+0x22f/0x340 [ 55.117271][ T5053] evdev_write+0x670/0x7c0 [ 55.123409][ T5053] vfs_write+0x2a4/0xcb0 [ 55.129370][ T5053] ksys_write+0x1a0/0x2c0 [ 55.135420][ T5053] do_syscall_64+0xf9/0x240 [ 55.141641][ T5053] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 55.149262][ T5053] } [ 55.151826][ T5053] ... key at: [] evdev_open.__key.24+0x0/0x20 [ 55.160050][ T5053] ... acquired at: [ 55.163920][ T5053] lock_acquire+0x1e3/0x530 [ 55.168595][ T5053] _raw_spin_lock+0x2e/0x40 [ 55.173256][ T5053] evdev_pass_values+0xf2/0xad0 [ 55.178269][ T5053] evdev_events+0x1c2/0x300 [ 55.183016][ T5053] input_pass_values+0x84d/0x1200 [ 55.188200][ T5053] input_event_dispose+0x36c/0x650 [ 55.193467][ T5053] input_handle_event+0xa71/0xbe0 [ 55.198657][ T5053] input_inject_event+0x22f/0x340 [ 55.203838][ T5053] evdev_write+0x670/0x7c0 [ 55.208412][ T5053] vfs_write+0x2a4/0xcb0 [ 55.212809][ T5053] ksys_write+0x1a0/0x2c0 [ 55.217294][ T5053] do_syscall_64+0xf9/0x240 [ 55.221952][ T5053] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 55.228006][ T5053] [ 55.230313][ T5053] -> (&new->fa_lock){....}-{2:2} { [ 55.235424][ T5053] INITIAL READ USE at: [ 55.239732][ T5053] lock_acquire+0x1e3/0x530 [ 55.246221][ T5053] _raw_read_lock_irqsave+0xdd/0x130 [ 55.253492][ T5053] kill_fasync+0x19e/0x4d0 [ 55.259887][ T5053] evdev_pass_values+0x58a/0xad0 [ 55.266810][ T5053] evdev_events+0x1c2/0x300 [ 55.273295][ T5053] input_pass_values+0x84d/0x1200 [ 55.280307][ T5053] input_event_dispose+0x36c/0x650 [ 55.287402][ T5053] input_handle_event+0xa71/0xbe0 [ 55.294408][ T5053] input_inject_event+0x22f/0x340 [ 55.301413][ T5053] evdev_write+0x670/0x7c0 [ 55.307813][ T5053] vfs_write+0x2a4/0xcb0 [ 55.314061][ T5053] ksys_write+0x1a0/0x2c0 [ 55.320406][ T5053] do_syscall_64+0xf9/0x240 [ 55.326915][ T5053] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 55.334798][ T5053] } [ 55.337280][ T5053] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 55.345940][ T5053] ... acquired at: [ 55.349725][ T5053] lock_acquire+0x1e3/0x530 [ 55.354397][ T5053] _raw_read_lock_irqsave+0xdd/0x130 [ 55.359856][ T5053] kill_fasync+0x19e/0x4d0 [ 55.364429][ T5053] evdev_pass_values+0x58a/0xad0 [ 55.369529][ T5053] evdev_events+0x1c2/0x300 [ 55.374195][ T5053] input_pass_values+0x84d/0x1200 [ 55.379379][ T5053] input_event_dispose+0x36c/0x650 [ 55.384649][ T5053] input_handle_event+0xa71/0xbe0 [ 55.389829][ T5053] input_inject_event+0x22f/0x340 [ 55.395009][ T5053] evdev_write+0x670/0x7c0 [ 55.399587][ T5053] vfs_write+0x2a4/0xcb0 [ 55.403988][ T5053] ksys_write+0x1a0/0x2c0 [ 55.408472][ T5053] do_syscall_64+0xf9/0x240 [ 55.413132][ T5053] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 55.419190][ T5053] [ 55.421496][ T5053] [ 55.421496][ T5053] the dependencies between the lock to be acquired [ 55.421503][ T5053] and HARDIRQ-irq-unsafe lock: [ 55.434988][ T5053] -> (tasklist_lock){.+.+}-{2:2} { [ 55.440197][ T5053] HARDIRQ-ON-R at: [ 55.444248][ T5053] lock_acquire+0x1e3/0x530 [ 55.450565][ T5053] _raw_read_lock+0x36/0x50 [ 55.456879][ T5053] __do_wait+0x12d/0x840 [ 55.462933][ T5053] do_wait+0x1d8/0x540 [ 55.468815][ T5053] kernel_wait+0xe9/0x240 [ 55.474970][ T5053] call_usermodehelper_exec_work+0xbd/0x230 [ 55.482681][ T5053] process_scheduled_works+0x913/0x1420 [ 55.490039][ T5053] worker_thread+0xa5f/0x1000 [ 55.496532][ T5053] kthread+0x2ef/0x390 [ 55.502406][ T5053] ret_from_fork+0x4b/0x80 [ 55.508635][ T5053] ret_from_fork_asm+0x1b/0x30 [ 55.515208][ T5053] SOFTIRQ-ON-R at: [ 55.519258][ T5053] lock_acquire+0x1e3/0x530 [ 55.525574][ T5053] _raw_read_lock+0x36/0x50 [ 55.531887][ T5053] __do_wait+0x12d/0x840 [ 55.537940][ T5053] do_wait+0x1d8/0x540 [ 55.543817][ T5053] kernel_wait+0xe9/0x240 [ 55.549953][ T5053] call_usermodehelper_exec_work+0xbd/0x230 [ 55.557659][ T5053] process_scheduled_works+0x913/0x1420 [ 55.565016][ T5053] worker_thread+0xa5f/0x1000 [ 55.571506][ T5053] kthread+0x2ef/0x390 [ 55.577380][ T5053] ret_from_fork+0x4b/0x80 [ 55.583608][ T5053] ret_from_fork_asm+0x1b/0x30 [ 55.590185][ T5053] INITIAL USE at: [ 55.594151][ T5053] lock_acquire+0x1e3/0x530 [ 55.600376][ T5053] _raw_write_lock_irq+0xd3/0x120 [ 55.607124][ T5053] copy_process+0x2837/0x3fc0 [ 55.613522][ T5053] kernel_clone+0x222/0x840 [ 55.619754][ T5053] user_mode_thread+0x132/0x1a0 [ 55.626420][ T5053] rest_init+0x27/0x300 [ 55.632299][ T5053] arch_call_rest_init+0xe/0x10 [ 55.639050][ T5053] start_kernel+0x474/0x500 [ 55.645274][ T5053] x86_64_start_reservations+0x2a/0x30 [ 55.652457][ T5053] x86_64_start_kernel+0x99/0xa0 [ 55.659114][ T5053] secondary_startup_64_no_verify+0x171/0x17b [ 55.666903][ T5053] INITIAL READ USE at: [ 55.671299][ T5053] lock_acquire+0x1e3/0x530 [ 55.677959][ T5053] _raw_read_lock+0x36/0x50 [ 55.684622][ T5053] __do_wait+0x12d/0x840 [ 55.691020][ T5053] do_wait+0x1d8/0x540 [ 55.697247][ T5053] kernel_wait+0xe9/0x240 [ 55.703737][ T5053] call_usermodehelper_exec_work+0xbd/0x230 [ 55.711790][ T5053] process_scheduled_works+0x913/0x1420 [ 55.719522][ T5053] worker_thread+0xa5f/0x1000 [ 55.726363][ T5053] kthread+0x2ef/0x390 [ 55.732584][ T5053] ret_from_fork+0x4b/0x80 [ 55.739157][ T5053] ret_from_fork_asm+0x1b/0x30 [ 55.746081][ T5053] } [ 55.748650][ T5053] ... key at: [] tasklist_lock+0x18/0x40 [ 55.756439][ T5053] ... acquired at: [ 55.760312][ T5053] lock_acquire+0x1e3/0x530 [ 55.764975][ T5053] _raw_read_lock+0x36/0x50 [ 55.769638][ T5053] send_sigurg+0xee/0x3c0 [ 55.774123][ T5053] sk_send_sigurg+0x6e/0xc0 [ 55.778788][ T5053] queue_oob+0x62a/0x8f0 [ 55.783187][ T5053] unix_stream_sendmsg+0xfda/0x1230 [ 55.788545][ T5053] __sock_sendmsg+0x221/0x270 [ 55.793377][ T5053] ____sys_sendmsg+0x525/0x7d0 [ 55.798298][ T5053] __sys_sendmsg+0x2b0/0x3a0 [ 55.803047][ T5053] do_syscall_64+0xf9/0x240 [ 55.807709][ T5053] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 55.813765][ T5053] [ 55.816072][ T5053] -> (&f->f_owner.lock){....}-{2:2} { [ 55.821443][ T5053] INITIAL USE at: [ 55.825320][ T5053] lock_acquire+0x1e3/0x530 [ 55.831374][ T5053] _raw_write_lock_irq+0xd3/0x120 [ 55.837947][ T5053] f_modown+0x38/0x340 [ 55.843565][ T5053] f_setown+0x14f/0x200 [ 55.849271][ T5053] do_fcntl+0x83e/0x1690 [ 55.855057][ T5053] __se_sys_fcntl+0xd2/0x1b0 [ 55.861197][ T5053] do_syscall_64+0xf9/0x240 [ 55.867248][ T5053] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 55.874695][ T5053] INITIAL READ USE at: [ 55.879006][ T5053] lock_acquire+0x1e3/0x530 [ 55.885494][ T5053] _raw_read_lock_irqsave+0xdd/0x130 [ 55.892766][ T5053] send_sigurg+0x29/0x3c0 [ 55.899076][ T5053] sk_send_sigurg+0x6e/0xc0 [ 55.905561][ T5053] queue_oob+0x62a/0x8f0 [ 55.911788][ T5053] unix_stream_sendmsg+0xfda/0x1230 [ 55.918966][ T5053] __sock_sendmsg+0x221/0x270 [ 55.925624][ T5053] ____sys_sendmsg+0x525/0x7d0 [ 55.932371][ T5053] __sys_sendmsg+0x2b0/0x3a0 [ 55.938942][ T5053] do_syscall_64+0xf9/0x240 [ 55.945427][ T5053] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 55.953306][ T5053] } [ 55.955785][ T5053] ... key at: [] init_file.__key+0x0/0x20 [ 55.963573][ T5053] ... acquired at: [ 55.967356][ T5053] lock_acquire+0x1e3/0x530 [ 55.972021][ T5053] _raw_read_lock_irqsave+0xdd/0x130 [ 55.977478][ T5053] send_sigio+0x33/0x360 [ 55.982658][ T5053] kill_fasync+0x23a/0x4d0 [ 55.987229][ T5053] evdev_pass_values+0x58a/0xad0 [ 55.993043][ T5053] evdev_events+0x1c2/0x300 [ 55.997738][ T5053] input_pass_values+0x84d/0x1200 [ 56.002938][ T5053] input_event_dispose+0x36c/0x650 [ 56.008220][ T5053] input_handle_event+0xa71/0xbe0 [ 56.013408][ T5053] input_inject_event+0x22f/0x340 [ 56.018678][ T5053] evdev_write+0x670/0x7c0 [ 56.023254][ T5053] vfs_write+0x2a4/0xcb0 [ 56.027655][ T5053] ksys_write+0x1a0/0x2c0 [ 56.032141][ T5053] do_syscall_64+0xf9/0x240 [ 56.036801][ T5053] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 56.042855][ T5053] [ 56.045162][ T5053] [ 56.045162][ T5053] stack backtrace: [ 56.051029][ T5053] CPU: 1 PID: 5053 Comm: syz-executor110 Not tainted 6.8.0-rc7-syzkaller-00130-g135288b73cef #0 [ 56.061421][ T5053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 56.071458][ T5053] Call Trace: [ 56.074730][ T5053] [ 56.077647][ T5053] dump_stack_lvl+0x1e7/0x2e0 [ 56.082309][ T5053] ? __pfx_dump_stack_lvl+0x10/0x10 [ 56.087496][ T5053] ? __pfx__printk+0x10/0x10 [ 56.092076][ T5053] ? print_shortest_lock_dependencies+0xf2/0x160 [ 56.098479][ T5053] validate_chain+0x4dc5/0x58e0 [ 56.103324][ T5053] ? __pfx_validate_chain+0x10/0x10 [ 56.108509][ T5053] ? __pfx_validate_chain+0x10/0x10 [ 56.113693][ T5053] ? stack_trace_save+0x117/0x1d0 [ 56.118705][ T5053] ? register_lock_class+0x102/0x980 [ 56.124151][ T5053] ? lockdep_unlock+0x169/0x300 [ 56.128992][ T5053] ? __pfx_register_lock_class+0x10/0x10 [ 56.134638][ T5053] ? mark_lock+0x9a/0x350 [ 56.138951][ T5053] __lock_acquire+0x1345/0x1fd0 [ 56.143794][ T5053] lock_acquire+0x1e3/0x530 [ 56.148284][ T5053] ? send_sigio+0x33/0x360 [ 56.152689][ T5053] ? __pfx_lock_acquire+0x10/0x10 [ 56.157712][ T5053] ? __pfx_lock_acquire+0x10/0x10 [ 56.162727][ T5053] _raw_read_lock_irqsave+0xdd/0x130 [ 56.168000][ T5053] ? send_sigio+0x33/0x360 [ 56.172573][ T5053] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 56.178458][ T5053] ? _raw_read_lock_irqsave+0xe9/0x130 [ 56.183902][ T5053] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 56.189780][ T5053] send_sigio+0x33/0x360 [ 56.194006][ T5053] kill_fasync+0x23a/0x4d0 [ 56.198405][ T5053] ? kill_fasync+0x55/0x4d0 [ 56.202893][ T5053] evdev_pass_values+0x58a/0xad0 [ 56.207820][ T5053] ? evdev_pass_values+0x541/0xad0 [ 56.212924][ T5053] evdev_events+0x1c2/0x300 [ 56.217416][ T5053] ? evdev_events+0x6f/0x300 [ 56.221995][ T5053] ? __pfx_evdev_events+0x10/0x10 [ 56.227012][ T5053] input_pass_values+0x84d/0x1200 [ 56.232031][ T5053] ? input_pass_values+0x9d/0x1200 [ 56.237130][ T5053] input_event_dispose+0x36c/0x650 [ 56.242227][ T5053] input_handle_event+0xa71/0xbe0 [ 56.247234][ T5053] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 56.252678][ T5053] ? __pfx_input_handle_event+0x10/0x10 [ 56.258209][ T5053] input_inject_event+0x22f/0x340 [ 56.263215][ T5053] ? input_inject_event+0xd5/0x340 [ 56.268312][ T5053] evdev_write+0x670/0x7c0 [ 56.272803][ T5053] ? __pfx_evdev_write+0x10/0x10 [ 56.277722][ T5053] ? do_raw_spin_lock+0x14e/0x370 [ 56.282732][ T5053] ? bpf_lsm_file_permission+0x9/0x10 [ 56.288093][ T5053] ? security_file_permission+0x7f/0xa0 [ 56.293623][ T5053] ? rw_verify_area+0x1d2/0x580 [ 56.298462][ T5053] ? __pfx_evdev_write+0x10/0x10 [ 56.303385][ T5053] vfs_write+0x2a4/0xcb0 [ 56.307613][ T5053] ? __pfx_vfs_write+0x10/0x10 [ 56.312360][ T5053] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 56.318675][ T5053] ? _raw_spin_unlock_irq+0x23/0x50 [ 56.323862][ T5053] ? lockdep_hardirqs_on+0x98/0x140 [ 56.329054][ T5053] ? __fdget_pos+0x1a1/0x320 [ 56.333632][ T5053] ksys_write+0x1a0/0x2c0 [ 56.337957][ T5053] ? __pfx_ksys_write+0x10/0x10 [ 56.342803][ T5053] ? do_syscall_64+0x108/0x240 [ 56.347549][ T5053] ? syscall_trace_enter+0x5e/0x150 [ 56.352737][ T5053] do_syscall_64+0xf9/0x240 [ 56.357224][ T5053] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 56.363106][ T5053] RIP: 0033:0x7f59f590f329 [ 56.367507][ T5053] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 56.387548][ T5053] RSP: 002b:00007ffe094346a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.395973][ T5053] RAX: ffffffffffffffda RBX: 00007ffe09434878 RCX: 00007f59f590f329 write(6, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 10104) = 10104 exit_group(0) = ? +++ exited with 0 +++ [