./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1020336094 <...> Warning: Permanently added '10.128.1.5' (ED25519) to the list of known hosts. execve("./syz-executor1020336094", ["./syz-executor1020336094"], 0x7ffe5bf004b0 /* 10 vars */) = 0 brk(NULL) = 0x555557171000 brk(0x555557171d00) = 0x555557171d00 arch_prctl(ARCH_SET_FS, 0x555557171380) = 0 set_tid_address(0x555557171650) = 5072 set_robust_list(0x555557171660, 24) = 0 rseq(0x555557171ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1020336094", 4096) = 28 getrandom("\x5c\xf0\x6f\x2a\x21\x0c\x84\xa4", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557171d00 brk(0x555557192d00) = 0x555557192d00 brk(0x555557193000) = 0x555557193000 mprotect(0x7f4bc0533000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0 fcntl(3, F_SETOWN, -1) = 0 sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="<", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_OOB|MSG_DONTROUTE|MSG_PROBE|MSG_NOSIGNAL|MSG_BATCH|MSG_ZEROCOPY|MSG_FASTOPEN) = 1 ioctl(-1, EVIOCSFF, {type=0 /* FF_??? */, id=0, direction=0, ...}) = -1 EBADF (Bad file descriptor) openat(AT_FDCWD, "/dev/input/event2", O_RDONLY) = 5 ioctl(5, FIOASYNC, [2047]) = 0 openat(AT_FDCWD, "/dev/input/event2", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000) = 6 [ 53.796900][ T5072] [ 53.799276][ T5072] ===================================================== [ 53.806190][ T5072] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 53.813721][ T5072] 6.6.0-syzkaller-16159-g3ca112b71f35 #0 Not tainted [ 53.820380][ T5072] ----------------------------------------------------- [ 53.827299][ T5072] syz-executor102/5072 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 53.835349][ T5072] ffff888015a56d98 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x28/0x3c0 [ 53.844315][ T5072] [ 53.844315][ T5072] and this task is already holding: [ 53.851661][ T5072] ffff88806433d018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x138/0x4f0 [ 53.860342][ T5072] which would create a new lock dependency: [ 53.866217][ T5072] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){....}-{2:2} [ 53.873938][ T5072] [ 53.873938][ T5072] but this new dependency connects a HARDIRQ-irq-safe lock: [ 53.883370][ T5072] (&dev->event_lock#2){-...}-{2:2} [ 53.883389][ T5072] [ 53.883389][ T5072] ... which became HARDIRQ-irq-safe at: [ 53.896248][ T5072] lock_acquire+0x1ae/0x510 [ 53.900832][ T5072] _raw_spin_lock_irqsave+0x3a/0x50 [ 53.906117][ T5072] input_event+0x70/0xa0 [ 53.910436][ T5072] psmouse_report_standard_buttons+0x30/0x80 [ 53.916491][ T5072] psmouse_process_byte+0x39c/0x8a0 [ 53.921769][ T5072] psmouse_handle_byte+0x41/0x560 [ 53.926868][ T5072] psmouse_receive_byte+0x243/0xe10 [ 53.932143][ T5072] ps2_interrupt+0x1fe/0x5a0 [ 53.936815][ T5072] serio_interrupt+0x8d/0x150 [ 53.941570][ T5072] i8042_interrupt+0x3f2/0x8a0 [ 53.946416][ T5072] __handle_irq_event_percpu+0x22a/0x740 [ 53.952470][ T5072] handle_irq_event+0xab/0x1e0 [ 53.957336][ T5072] handle_edge_irq+0x261/0xcf0 [ 53.962208][ T5072] __common_interrupt+0xdb/0x240 [ 53.967233][ T5072] common_interrupt+0xa9/0xd0 [ 53.972000][ T5072] asm_common_interrupt+0x26/0x40 [ 53.977096][ T5072] lock_acquire+0x1ef/0x510 [ 53.981673][ T5072] fs_reclaim_acquire+0x100/0x150 [ 53.986790][ T5072] kmem_cache_alloc+0x4f/0x380 [ 53.991624][ T5072] __kernfs_new_node+0xd3/0x890 [ 53.996553][ T5072] kernfs_new_node+0x94/0x110 [ 54.001316][ T5072] __kernfs_create_file+0x53/0x340 [ 54.006506][ T5072] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 54.012077][ T5072] sysfs_create_file_ns+0x13e/0x1d0 [ 54.017349][ T5072] driver_create_file+0x4a/0x70 [ 54.022275][ T5072] bus_add_driver+0x4fe/0x630 [ 54.027024][ T5072] driver_register+0x15c/0x4a0 [ 54.031862][ T5072] usb_register_driver+0x24f/0x500 [ 54.037045][ T5072] do_one_initcall+0x11c/0x640 [ 54.041887][ T5072] kernel_init_freeable+0x5c2/0x900 [ 54.047167][ T5072] kernel_init+0x1c/0x2a0 [ 54.051569][ T5072] ret_from_fork+0x45/0x80 [ 54.056075][ T5072] ret_from_fork_asm+0x11/0x20 [ 54.060910][ T5072] [ 54.060910][ T5072] to a HARDIRQ-irq-unsafe lock: [ 54.067932][ T5072] (tasklist_lock){.+.+}-{2:2} [ 54.067950][ T5072] [ 54.067950][ T5072] ... which became HARDIRQ-irq-unsafe at: [ 54.080551][ T5072] ... [ 54.080557][ T5072] lock_acquire+0x1ae/0x510 [ 54.087825][ T5072] _raw_read_lock+0x5f/0x70 [ 54.092411][ T5072] __do_wait+0x105/0x890 [ 54.096734][ T5072] do_wait+0x212/0x520 [ 54.101030][ T5072] kernel_wait+0xa0/0x150 [ 54.105446][ T5072] call_usermodehelper_exec_work+0xf1/0x170 [ 54.111411][ T5072] process_one_work+0x884/0x15c0 [ 54.116430][ T5072] worker_thread+0x8b9/0x1290 [ 54.121184][ T5072] kthread+0x33c/0x440 [ 54.125328][ T5072] ret_from_fork+0x45/0x80 [ 54.129818][ T5072] ret_from_fork_asm+0x11/0x20 [ 54.134675][ T5072] [ 54.134675][ T5072] other info that might help us debug this: [ 54.134675][ T5072] [ 54.144893][ T5072] Chain exists of: [ 54.144893][ T5072] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 54.144893][ T5072] [ 54.157861][ T5072] Possible interrupt unsafe locking scenario: [ 54.157861][ T5072] [ 54.166254][ T5072] CPU0 CPU1 [ 54.171609][ T5072] ---- ---- [ 54.176950][ T5072] lock(tasklist_lock); [ 54.181170][ T5072] local_irq_disable(); [ 54.187931][ T5072] lock(&dev->event_lock#2); [ 54.195109][ T5072] lock(&new->fa_lock); [ 54.201851][ T5072] [ 54.205280][ T5072] lock(&dev->event_lock#2); [ 54.210111][ T5072] [ 54.210111][ T5072] *** DEADLOCK *** [ 54.210111][ T5072] [ 54.218253][ T5072] 8 locks held by syz-executor102/5072: [ 54.223782][ T5072] #0: ffff888021425110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x201/0x750 [ 54.232907][ T5072] #1: ffff888021421230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xa4/0x370 [ 54.242987][ T5072] #2: ffffffff8cfacfe0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xca/0x370 [ 54.252627][ T5072] #3: ffffffff8cfacfe0 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x3e/0x7a0 [ 54.262794][ T5072] #4: ffffffff8cfacfe0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x87/0x390 [ 54.271914][ T5072] #5: ffff88806443a028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 54.282154][ T5072] #6: ffffffff8cfacfe0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x6d/0x4f0 [ 54.291181][ T5072] #7: ffff88806433d018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x138/0x4f0 [ 54.300292][ T5072] [ 54.300292][ T5072] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 54.310674][ T5072] -> (&dev->event_lock#2){-...}-{2:2} { [ 54.316387][ T5072] IN-HARDIRQ-W at: [ 54.320517][ T5072] lock_acquire+0x1ae/0x510 [ 54.327034][ T5072] _raw_spin_lock_irqsave+0x3a/0x50 [ 54.334216][ T5072] input_event+0x70/0xa0 [ 54.340454][ T5072] psmouse_report_standard_buttons+0x30/0x80 [ 54.348439][ T5072] psmouse_process_byte+0x39c/0x8a0 [ 54.355630][ T5072] psmouse_handle_byte+0x41/0x560 [ 54.362726][ T5072] psmouse_receive_byte+0x243/0xe10 [ 54.369907][ T5072] ps2_interrupt+0x1fe/0x5a0 [ 54.376478][ T5072] serio_interrupt+0x8d/0x150 [ 54.383135][ T5072] i8042_interrupt+0x3f2/0x8a0 [ 54.389876][ T5072] __handle_irq_event_percpu+0x22a/0x740 [ 54.397493][ T5072] handle_irq_event+0xab/0x1e0 [ 54.404232][ T5072] handle_edge_irq+0x261/0xcf0 [ 54.410987][ T5072] __common_interrupt+0xdb/0x240 [ 54.417905][ T5072] common_interrupt+0xa9/0xd0 [ 54.424564][ T5072] asm_common_interrupt+0x26/0x40 [ 54.431566][ T5072] lock_acquire+0x1ef/0x510 [ 54.438051][ T5072] fs_reclaim_acquire+0x100/0x150 [ 54.445050][ T5072] kmem_cache_alloc+0x4f/0x380 [ 54.451792][ T5072] __kernfs_new_node+0xd3/0x890 [ 54.458620][ T5072] kernfs_new_node+0x94/0x110 [ 54.465270][ T5072] __kernfs_create_file+0x53/0x340 [ 54.472359][ T5072] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 54.479708][ T5072] sysfs_create_file_ns+0x13e/0x1d0 [ 54.486889][ T5072] driver_create_file+0x4a/0x70 [ 54.493809][ T5072] bus_add_driver+0x4fe/0x630 [ 54.500459][ T5072] driver_register+0x15c/0x4a0 [ 54.507203][ T5072] usb_register_driver+0x24f/0x500 [ 54.514296][ T5072] do_one_initcall+0x11c/0x640 [ 54.521044][ T5072] kernel_init_freeable+0x5c2/0x900 [ 54.528223][ T5072] kernel_init+0x1c/0x2a0 [ 54.534617][ T5072] ret_from_fork+0x45/0x80 [ 54.541012][ T5072] ret_from_fork_asm+0x11/0x20 [ 54.547755][ T5072] INITIAL USE at: [ 54.551975][ T5072] lock_acquire+0x1ae/0x510 [ 54.558375][ T5072] _raw_spin_lock_irqsave+0x3a/0x50 [ 54.565471][ T5072] input_inject_event+0xa4/0x370 [ 54.572303][ T5072] led_set_brightness+0x211/0x290 [ 54.579224][ T5072] led_trigger_event+0xb2/0x240 [ 54.585988][ T5072] kbd_led_trigger_activate+0xc6/0x100 [ 54.593348][ T5072] led_trigger_set+0x589/0xc00 [ 54.600009][ T5072] led_trigger_set_default+0x1d2/0x230 [ 54.607364][ T5072] led_classdev_register_ext+0x78d/0xa10 [ 54.614896][ T5072] input_leds_connect+0x54a/0x8d0 [ 54.621819][ T5072] input_attach_handler.isra.0+0x17c/0x250 [ 54.629520][ T5072] input_register_device+0xb1e/0x1130 [ 54.636792][ T5072] atkbd_connect+0x5e2/0xa20 [ 54.643282][ T5072] serio_driver_probe+0x71/0xa0 [ 54.650039][ T5072] really_probe+0x234/0xc90 [ 54.656450][ T5072] __driver_probe_device+0x1de/0x4b0 [ 54.663635][ T5072] driver_probe_device+0x4c/0x1a0 [ 54.671771][ T5072] __driver_attach+0x274/0x570 [ 54.678439][ T5072] bus_for_each_dev+0x13c/0x1d0 [ 54.685181][ T5072] serio_handle_event+0x2b8/0xa90 [ 54.692117][ T5072] process_one_work+0x884/0x15c0 [ 54.698951][ T5072] worker_thread+0x8b9/0x1290 [ 54.705525][ T5072] kthread+0x33c/0x440 [ 54.711499][ T5072] ret_from_fork+0x45/0x80 [ 54.719825][ T5072] ret_from_fork_asm+0x11/0x20 [ 54.726513][ T5072] } [ 54.729167][ T5072] ... key at: [] __key.6+0x0/0x40 [ 54.736437][ T5072] -> (&client->buffer_lock){....}-{2:2} { [ 54.742236][ T5072] INITIAL USE at: [ 54.746192][ T5072] lock_acquire+0x1ae/0x510 [ 54.752419][ T5072] _raw_spin_lock+0x2e/0x40 [ 54.758642][ T5072] evdev_pass_values+0x10e/0x9b0 [ 54.765318][ T5072] evdev_events+0x1b7/0x390 [ 54.771572][ T5072] input_to_handler+0x29e/0x4c0 [ 54.778147][ T5072] input_pass_values.part.0+0x52f/0x7a0 [ 54.785419][ T5072] input_event_dispose+0x5ee/0x770 [ 54.792259][ T5072] input_handle_event+0x11c/0xd80 [ 54.799002][ T5072] input_inject_event+0x1bb/0x370 [ 54.805747][ T5072] evdev_write+0x456/0x750 [ 54.811884][ T5072] vfs_write+0x2a4/0xdf0 [ 54.817937][ T5072] ksys_write+0x1f0/0x250 [ 54.823988][ T5072] do_syscall_64+0x3f/0x110 [ 54.830211][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 54.837828][ T5072] } [ 54.840395][ T5072] ... key at: [] __key.3+0x0/0x40 [ 54.847582][ T5072] ... acquired at: [ 54.851454][ T5072] _raw_spin_lock+0x2e/0x40 [ 54.856148][ T5072] evdev_pass_values+0x10e/0x9b0 [ 54.861240][ T5072] evdev_events+0x1b7/0x390 [ 54.865899][ T5072] input_to_handler+0x29e/0x4c0 [ 54.870907][ T5072] input_pass_values.part.0+0x52f/0x7a0 [ 54.876612][ T5072] input_event_dispose+0x5ee/0x770 [ 54.881884][ T5072] input_handle_event+0x11c/0xd80 [ 54.887058][ T5072] input_inject_event+0x1bb/0x370 [ 54.892235][ T5072] evdev_write+0x456/0x750 [ 54.896805][ T5072] vfs_write+0x2a4/0xdf0 [ 54.901200][ T5072] ksys_write+0x1f0/0x250 [ 54.905691][ T5072] do_syscall_64+0x3f/0x110 [ 54.910624][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 54.917974][ T5072] [ 54.920276][ T5072] -> (&new->fa_lock){....}-{2:2} { [ 54.925375][ T5072] INITIAL READ USE at: [ 54.929677][ T5072] lock_acquire+0x1ae/0x510 [ 54.936162][ T5072] _raw_read_lock_irqsave+0x70/0x90 [ 54.943379][ T5072] kill_fasync+0x138/0x4f0 [ 54.949779][ T5072] evdev_pass_values+0x619/0x9b0 [ 54.956698][ T5072] evdev_events+0x1b7/0x390 [ 54.963182][ T5072] input_to_handler+0x29e/0x4c0 [ 54.970014][ T5072] input_pass_values.part.0+0x52f/0x7a0 [ 54.977542][ T5072] input_event_dispose+0x5ee/0x770 [ 54.984679][ T5072] input_handle_event+0x11c/0xd80 [ 54.991694][ T5072] input_inject_event+0x1bb/0x370 [ 54.998798][ T5072] evdev_write+0x456/0x750 [ 55.005204][ T5072] vfs_write+0x2a4/0xdf0 [ 55.011436][ T5072] ksys_write+0x1f0/0x250 [ 55.017759][ T5072] do_syscall_64+0x3f/0x110 [ 55.024254][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.032133][ T5072] } [ 55.034615][ T5072] ... key at: [] __key.0+0x0/0x40 [ 55.041718][ T5072] ... acquired at: [ 55.045523][ T5072] _raw_read_lock_irqsave+0x70/0x90 [ 55.051071][ T5072] kill_fasync+0x138/0x4f0 [ 55.055654][ T5072] evdev_pass_values+0x619/0x9b0 [ 55.060768][ T5072] evdev_events+0x1b7/0x390 [ 55.065431][ T5072] input_to_handler+0x29e/0x4c0 [ 55.070448][ T5072] input_pass_values.part.0+0x52f/0x7a0 [ 55.076158][ T5072] input_event_dispose+0x5ee/0x770 [ 55.081429][ T5072] input_handle_event+0x11c/0xd80 [ 55.086610][ T5072] input_inject_event+0x1bb/0x370 [ 55.091788][ T5072] evdev_write+0x456/0x750 [ 55.096358][ T5072] vfs_write+0x2a4/0xdf0 [ 55.100767][ T5072] ksys_write+0x1f0/0x250 [ 55.105255][ T5072] do_syscall_64+0x3f/0x110 [ 55.109923][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.115974][ T5072] [ 55.118275][ T5072] [ 55.118275][ T5072] the dependencies between the lock to be acquired [ 55.118280][ T5072] and HARDIRQ-irq-unsafe lock: [ 55.131778][ T5072] -> (tasklist_lock){.+.+}-{2:2} { [ 55.136974][ T5072] HARDIRQ-ON-R at: [ 55.141128][ T5072] lock_acquire+0x1ae/0x510 [ 55.147454][ T5072] _raw_read_lock+0x5f/0x70 [ 55.153775][ T5072] __do_wait+0x105/0x890 [ 55.159929][ T5072] do_wait+0x212/0x520 [ 55.165845][ T5072] kernel_wait+0xa0/0x150 [ 55.172033][ T5072] call_usermodehelper_exec_work+0xf1/0x170 [ 55.179823][ T5072] process_one_work+0x884/0x15c0 [ 55.186610][ T5072] worker_thread+0x8b9/0x1290 [ 55.193112][ T5072] kthread+0x33c/0x440 [ 55.198999][ T5072] ret_from_fork+0x45/0x80 [ 55.205346][ T5072] ret_from_fork_asm+0x11/0x20 [ 55.211931][ T5072] SOFTIRQ-ON-R at: [ 55.215980][ T5072] lock_acquire+0x1ae/0x510 [ 55.222323][ T5072] _raw_read_lock+0x5f/0x70 [ 55.228640][ T5072] __do_wait+0x105/0x890 [ 55.234696][ T5072] do_wait+0x212/0x520 [ 55.240577][ T5072] kernel_wait+0xa0/0x150 [ 55.246724][ T5072] call_usermodehelper_exec_work+0xf1/0x170 [ 55.254429][ T5072] process_one_work+0x884/0x15c0 [ 55.261177][ T5072] worker_thread+0x8b9/0x1290 [ 55.267667][ T5072] kthread+0x33c/0x440 [ 55.273548][ T5072] ret_from_fork+0x45/0x80 [ 55.279775][ T5072] ret_from_fork_asm+0x11/0x20 [ 55.286384][ T5072] INITIAL USE at: [ 55.290345][ T5072] lock_acquire+0x1ae/0x510 [ 55.296584][ T5072] _raw_write_lock_irq+0x36/0x50 [ 55.303247][ T5072] copy_process+0x45f4/0x74b0 [ 55.309646][ T5072] kernel_clone+0xfd/0x920 [ 55.315785][ T5072] user_mode_thread+0xb4/0xf0 [ 55.322191][ T5072] rest_init+0x27/0x2b0 [ 55.328077][ T5072] arch_call_rest_init+0x13/0x30 [ 55.334747][ T5072] start_kernel+0x39f/0x480 [ 55.340976][ T5072] x86_64_start_reservations+0x18/0x30 [ 55.348163][ T5072] x86_64_start_kernel+0xb2/0xc0 [ 55.354826][ T5072] secondary_startup_64_no_verify+0x166/0x16b [ 55.362622][ T5072] INITIAL READ USE at: [ 55.367300][ T5072] lock_acquire+0x1ae/0x510 [ 55.374211][ T5072] _raw_read_lock+0x5f/0x70 [ 55.380886][ T5072] __do_wait+0x105/0x890 [ 55.387298][ T5072] do_wait+0x212/0x520 [ 55.393536][ T5072] kernel_wait+0xa0/0x150 [ 55.400026][ T5072] call_usermodehelper_exec_work+0xf1/0x170 [ 55.408093][ T5072] process_one_work+0x884/0x15c0 [ 55.415191][ T5072] worker_thread+0x8b9/0x1290 [ 55.422030][ T5072] kthread+0x33c/0x440 [ 55.428254][ T5072] ret_from_fork+0x45/0x80 [ 55.434827][ T5072] ret_from_fork_asm+0x11/0x20 [ 55.441756][ T5072] } [ 55.444324][ T5072] ... key at: [] tasklist_lock+0x18/0x40 [ 55.452137][ T5072] ... acquired at: [ 55.456006][ T5072] _raw_read_lock+0x5f/0x70 [ 55.460690][ T5072] send_sigurg+0xb0/0xc50 [ 55.465180][ T5072] sk_send_sigurg+0x7a/0x370 [ 55.469928][ T5072] unix_stream_sendmsg+0xdba/0x10a0 [ 55.475288][ T5072] __sock_sendmsg+0xd5/0x180 [ 55.480034][ T5072] ____sys_sendmsg+0x6ac/0x940 [ 55.484954][ T5072] ___sys_sendmsg+0x135/0x1d0 [ 55.489791][ T5072] __sys_sendmsg+0x117/0x1e0 [ 55.494732][ T5072] do_syscall_64+0x3f/0x110 [ 55.499405][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.505463][ T5072] [ 55.507768][ T5072] -> (&f->f_owner.lock){....}-{2:2} { [ 55.513134][ T5072] INITIAL USE at: [ 55.517088][ T5072] lock_acquire+0x1ae/0x510 [ 55.523155][ T5072] _raw_write_lock_irq+0x36/0x50 [ 55.529646][ T5072] f_modown+0x2a/0x390 [ 55.535262][ T5072] f_setown+0xd4/0x2a0 [ 55.541752][ T5072] do_fcntl+0x11e6/0x1260 [ 55.547629][ T5072] __x64_sys_fcntl+0x16c/0x1e0 [ 55.553937][ T5072] do_syscall_64+0x3f/0x110 [ 55.559988][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.567429][ T5072] INITIAL READ USE at: [ 55.571740][ T5072] lock_acquire+0x1ae/0x510 [ 55.578227][ T5072] _raw_read_lock_irqsave+0x70/0x90 [ 55.585408][ T5072] send_sigurg+0x22/0xc50 [ 55.591731][ T5072] sk_send_sigurg+0x7a/0x370 [ 55.598305][ T5072] unix_stream_sendmsg+0xdba/0x10a0 [ 55.605514][ T5072] __sock_sendmsg+0xd5/0x180 [ 55.612083][ T5072] ____sys_sendmsg+0x6ac/0x940 [ 55.618821][ T5072] ___sys_sendmsg+0x135/0x1d0 [ 55.625482][ T5072] __sys_sendmsg+0x117/0x1e0 [ 55.632057][ T5072] do_syscall_64+0x3f/0x110 [ 55.638560][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.646433][ T5072] } [ 55.648915][ T5072] ... key at: [] __key.5+0x0/0x40 [ 55.656007][ T5072] ... acquired at: [ 55.659785][ T5072] lock_acquire+0x1ae/0x510 [ 55.664450][ T5072] _raw_read_lock_irqsave+0x70/0x90 [ 55.669807][ T5072] send_sigio+0x28/0x3c0 [ 55.674208][ T5072] kill_fasync+0x1f6/0x4f0 [ 55.678779][ T5072] evdev_pass_values+0x619/0x9b0 [ 55.683872][ T5072] evdev_events+0x1b7/0x390 [ 55.688565][ T5072] input_to_handler+0x29e/0x4c0 [ 55.693575][ T5072] input_pass_values.part.0+0x52f/0x7a0 [ 55.699284][ T5072] input_event_dispose+0x5ee/0x770 [ 55.704559][ T5072] input_handle_event+0x11c/0xd80 [ 55.709735][ T5072] input_inject_event+0x1bb/0x370 [ 55.714912][ T5072] evdev_write+0x456/0x750 [ 55.719487][ T5072] vfs_write+0x2a4/0xdf0 [ 55.723912][ T5072] ksys_write+0x1f0/0x250 [ 55.728396][ T5072] do_syscall_64+0x3f/0x110 [ 55.733056][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 55.739107][ T5072] [ 55.741418][ T5072] [ 55.741418][ T5072] stack backtrace: [ 55.747370][ T5072] CPU: 1 PID: 5072 Comm: syz-executor102 Not tainted 6.6.0-syzkaller-16159-g3ca112b71f35 #0 [ 55.757412][ T5072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 55.767452][ T5072] Call Trace: [ 55.770819][ T5072] [ 55.773733][ T5072] dump_stack_lvl+0xd9/0x1b0 [ 55.778315][ T5072] check_irq_usage+0x10b8/0x1c70 [ 55.783246][ T5072] ? __read_once_word_nocheck+0x9/0x10 [ 55.788707][ T5072] ? unwind_next_frame+0x51/0x2390 [ 55.793802][ T5072] ? print_shortest_lock_dependencies_backwards+0x1b0/0x1b0 [ 55.801067][ T5072] ? hlock_conflict+0x58/0x200 [ 55.805814][ T5072] ? __bfs+0x2f8/0x660 [ 55.809862][ T5072] ? save_trace+0xb30/0xb30 [ 55.814348][ T5072] ? mark_lock+0x105/0x1950 [ 55.818831][ T5072] ? arch_stack_walk+0x112/0x170 [ 55.823757][ T5072] ? __lock_acquire+0x2e53/0x5de0 [ 55.828762][ T5072] __lock_acquire+0x2e53/0x5de0 [ 55.833608][ T5072] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 55.839572][ T5072] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 55.845552][ T5072] lock_acquire+0x1ae/0x510 [ 55.850039][ T5072] ? send_sigio+0x28/0x3c0 [ 55.854436][ T5072] ? lock_sync+0x190/0x190 [ 55.858835][ T5072] ? lock_sync+0x190/0x190 [ 55.863412][ T5072] ? lock_sync+0x190/0x190 [ 55.867821][ T5072] _raw_read_lock_irqsave+0x70/0x90 [ 55.873013][ T5072] ? send_sigio+0x28/0x3c0 [ 55.877417][ T5072] send_sigio+0x28/0x3c0 [ 55.881650][ T5072] kill_fasync+0x1f6/0x4f0 [ 55.886139][ T5072] evdev_pass_values+0x619/0x9b0 [ 55.891088][ T5072] evdev_events+0x1b7/0x390 [ 55.895575][ T5072] ? evdev_connect+0x4c0/0x4c0 [ 55.900323][ T5072] input_to_handler+0x29e/0x4c0 [ 55.905163][ T5072] input_pass_values.part.0+0x52f/0x7a0 [ 55.910699][ T5072] input_event_dispose+0x5ee/0x770 [ 55.915796][ T5072] input_handle_event+0x11c/0xd80 [ 55.920806][ T5072] input_inject_event+0x1bb/0x370 [ 55.925848][ T5072] evdev_write+0x456/0x750 [ 55.930256][ T5072] ? evdev_read+0xdf0/0xdf0 [ 55.934745][ T5072] ? apparmor_file_permission+0x258/0x540 [ 55.940453][ T5072] ? bpf_lsm_file_permission+0x9/0x10 [ 55.945849][ T5072] ? security_file_permission+0x94/0x100 [ 55.951533][ T5072] vfs_write+0x2a4/0xdf0 [ 55.955786][ T5072] ? evdev_read+0xdf0/0xdf0 [ 55.960273][ T5072] ? kernel_write+0x6c0/0x6c0 [ 55.964935][ T5072] ? ptrace_stop.part.0+0x61a/0x900 [ 55.970115][ T5072] ? find_held_lock+0x2d/0x110 [ 55.974867][ T5072] ? ptrace_notify+0xf4/0x130 [ 55.979560][ T5072] ? reacquire_held_locks+0x4b0/0x4b0 [ 55.984927][ T5072] ? __fget_light+0x1fc/0x260 [ 55.989598][ T5072] ksys_write+0x1f0/0x250 [ 55.993920][ T5072] ? __ia32_sys_read+0xb0/0xb0 [ 55.998669][ T5072] ? lockdep_hardirqs_on+0x7d/0x100 [ 56.003854][ T5072] ? _raw_spin_unlock_irq+0x2e/0x50 [ 56.009063][ T5072] ? ptrace_notify+0xf4/0x130 [ 56.013730][ T5072] do_syscall_64+0x3f/0x110 [ 56.018227][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 56.024108][ T5072] RIP: 0033:0x7f4bc04c0329 [ 56.028533][ T5072] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 write(6, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 10104) = 10104 exit_group(0) = ? +++ exited with 0 +++ [ 56.048908][ T5072] RSP: 002b:00007ffd7a33fda8 EFLAGS: 00000246 ORIG_RAX: 000000000000000