./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1229647686 <...> Warning: Permanently added '10.128.0.152' (ED25519) to the list of known hosts. execve("./syz-executor1229647686", ["./syz-executor1229647686"], 0x7ffc85613ad0 /* 10 vars */) = 0 brk(NULL) = 0x555555e73000 brk(0x555555e73d40) = 0x555555e73d40 arch_prctl(ARCH_SET_FS, 0x555555e733c0) = 0 set_tid_address(0x555555e73690) = 5074 set_robust_list(0x555555e736a0, 24) = 0 rseq(0x555555e73ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1229647686", 4096) = 28 getrandom("\x93\xd7\x69\xe1\xfb\x1d\x8a\x62", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555e73d40 brk(0x555555e94d40) = 0x555555e94d40 brk(0x555555e95000) = 0x555555e95000 mprotect(0x7f600bd84000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f600bd8a40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f600bd28e20, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f600bd1a4a0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f600bca2000 mprotect(0x7f600bca3000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f600bcc2990, parent_tid=0x7f600bcc2990, exit_signal=0, stack=0x7f600bca2000, stack_size=0x20300, tls=0x7f600bcc26c0}./strace-static-x86_64: Process 5075 attached [pid 5075] rseq(0x7f600bcc2fe0, 0x20, 0, 0x53053053 [pid 5074] <... clone3 resumed> => {parent_tid=[5075]}, 88) = 5075 [pid 5075] <... rseq resumed>) = 0 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5075] set_robust_list(0x7f600bcc29a0, 24 [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5074] futex(0x7f600bd8a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], [pid 5074] <... futex resumed>) = 0 [pid 5075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5074] futex(0x7f600bd8a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] open("./file0", O_RDONLY|O_CREAT|O_LARGEFILE|0x4000000, 000) = 3 [pid 5075] futex(0x7f600bd8a40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5075] futex(0x7f600bd8a408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] futex(0x7f600bd8a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] <... futex resumed>) = 0 [pid 5075] gettid( [pid 5074] futex(0x7f600bd8a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... gettid resumed>) = 5075 [pid 5075] futex(0x7f600bd8a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5074] futex(0x7f600bd8a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] fcntl(3, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=5075} [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f600bd8a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... fcntl resumed>) = 0 [pid 5075] futex(0x7f600bd8a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5074] futex(0x7f600bd8a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] fcntl(3, F_SETLEASE, F_RDLCK [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f600bd8a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... fcntl resumed>) = 0 [pid 5075] futex(0x7f600bd8a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f600bd8a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5075] open("./file0", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5074] futex(0x7f600bd8a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... open resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] futex(0x7f600bd8a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f600bd8a408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f600bd8a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5075] ioctl(-1, EVIOCSFF, {type=0 /* FF_??? */, id=0, direction=0, ...}) = -1 EBADF (Bad file descriptor) [pid 5075] futex(0x7f600bd8a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f600bd8a408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f600bd8a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5075] openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000) = 4 [pid 5075] futex(0x7f600bd8a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f600bd8a408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f600bd8a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5075] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 [pid 5075] futex(0x7f600bd8a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5074] futex(0x7f600bd8a408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY [pid 5074] futex(0x7f600bd8a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... openat resumed>) = 6 [pid 5075] futex(0x7f600bd8a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5074] futex(0x7f600bd8a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] ioctl(6, FIOASYNC, [1986356271] [pid 5074] <... futex resumed>) = 0 [pid 5075] <... ioctl resumed>) = 0 [pid 5075] futex(0x7f600bd8a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] futex(0x7f600bd8a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] futex(0x7f600bd8a408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] futex(0x7f600bd8a408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] futex(0x7f600bd8a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 95.732277][ T5075] [ 95.734645][ T5075] ===================================================== [ 95.741590][ T5075] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 95.749056][ T5075] 6.6.0-rc7-next-20231026-syzkaller #0 Not tainted [ 95.755564][ T5075] ----------------------------------------------------- [ 95.762498][ T5075] syz-executor122/5075 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 95.770580][ T5075] ffff88801831e018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x138/0x4f0 [ 95.779350][ T5075] [ 95.779350][ T5075] and this task is already holding: [ 95.786723][ T5075] ffff888079ccb028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 95.796602][ T5075] which would create a new lock dependency: [ 95.802498][ T5075] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 95.810625][ T5075] [ 95.810625][ T5075] but this new dependency connects a HARDIRQ-irq-safe lock: [ 95.820080][ T5075] (&dev->event_lock#2){-...}-{2:2} [ 95.820122][ T5075] [ 95.820122][ T5075] ... which became HARDIRQ-irq-safe at: [ 95.833034][ T5075] lock_acquire+0x1b1/0x530 [ 95.837659][ T5075] _raw_spin_lock_irqsave+0x3a/0x50 [ 95.842980][ T5075] input_event+0x70/0xa0 [ 95.847345][ T5075] psmouse_report_standard_buttons+0x30/0x80 [ 95.853440][ T5075] psmouse_process_byte+0x39c/0x8a0 [ 95.858751][ T5075] psmouse_handle_byte+0x41/0x560 [ 95.863892][ T5075] psmouse_receive_byte+0x243/0xe10 [ 95.869234][ T5075] ps2_interrupt+0x1fe/0x5a0 [ 95.873960][ T5075] serio_interrupt+0x8d/0x150 [ 95.878759][ T5075] i8042_interrupt+0x3f2/0x8a0 [ 95.883638][ T5075] __handle_irq_event_percpu+0x229/0x740 [ 95.889389][ T5075] handle_irq_event+0xab/0x1e0 [ 95.894265][ T5075] handle_edge_irq+0x261/0xcf0 [ 95.899166][ T5075] __common_interrupt+0xdb/0x240 [ 95.904212][ T5075] common_interrupt+0xa9/0xd0 [ 95.909002][ T5075] asm_common_interrupt+0x26/0x40 [ 95.914140][ T5075] _raw_spin_unlock_irqrestore+0x31/0x70 [ 95.919892][ T5075] i8042_aux_write+0x11a/0x180 [ 95.924767][ T5075] ps2_do_sendbyte+0x264/0x6e0 [ 95.929646][ T5075] ps2_sendbyte+0x59/0x140 [ 95.934258][ T5075] cypress_ps2_sendbyte+0x2e/0x160 [ 95.939499][ T5075] cypress_send_ext_cmd+0x1e3/0x8c0 [ 95.944893][ T5075] cypress_detect+0x8c/0x1a0 [ 95.949590][ T5075] psmouse_try_protocol+0x214/0x370 [ 95.954903][ T5075] psmouse_extensions+0x616/0x960 [ 95.960044][ T5075] psmouse_switch_protocol+0x528/0x740 [ 95.965617][ T5075] psmouse_connect+0x5cc/0xf70 [ 95.970494][ T5075] serio_driver_probe+0x71/0xa0 [ 95.975449][ T5075] really_probe+0x234/0xc90 [ 95.980064][ T5075] __driver_probe_device+0x1de/0x4b0 [ 95.985465][ T5075] driver_probe_device+0x4c/0x1a0 [ 95.990611][ T5075] __driver_attach+0x274/0x570 [ 95.995486][ T5075] bus_for_each_dev+0x13c/0x1d0 [ 96.000529][ T5075] serio_handle_event+0x2b8/0xa90 [ 96.005657][ T5075] process_one_work+0x8a2/0x15e0 [ 96.010702][ T5075] worker_thread+0x8b6/0x1280 [ 96.015489][ T5075] kthread+0x337/0x440 [ 96.019670][ T5075] ret_from_fork+0x45/0x80 [ 96.024205][ T5075] ret_from_fork_asm+0x11/0x20 [ 96.029085][ T5075] [ 96.029085][ T5075] to a HARDIRQ-irq-unsafe lock: [ 96.036105][ T5075] (tasklist_lock){.+.+}-{2:2} [ 96.036139][ T5075] [ 96.036139][ T5075] ... which became HARDIRQ-irq-unsafe at: [ 96.048779][ T5075] ... [ 96.048787][ T5075] lock_acquire+0x1b1/0x530 [ 96.056017][ T5075] _raw_read_lock+0x5f/0x70 [ 96.060636][ T5075] __do_wait+0x105/0x890 [ 96.065007][ T5075] do_wait+0x219/0x530 [ 96.069195][ T5075] kernel_wait+0xa0/0x150 [ 96.073624][ T5075] call_usermodehelper_exec_work+0xf1/0x170 [ 96.079622][ T5075] process_one_work+0x8a2/0x15e0 [ 96.084670][ T5075] worker_thread+0x8b6/0x1280 [ 96.089458][ T5075] kthread+0x337/0x440 [ 96.093640][ T5075] ret_from_fork+0x45/0x80 [ 96.098168][ T5075] ret_from_fork_asm+0x11/0x20 [ 96.103063][ T5075] [ 96.103063][ T5075] other info that might help us debug this: [ 96.103063][ T5075] [ 96.113313][ T5075] Chain exists of: [ 96.113313][ T5075] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 96.113313][ T5075] [ 96.126911][ T5075] Possible interrupt unsafe locking scenario: [ 96.126911][ T5075] [ 96.135245][ T5075] CPU0 CPU1 [ 96.140617][ T5075] ---- ---- [ 96.145986][ T5075] lock(tasklist_lock); [ 96.150241][ T5075] local_irq_disable(); [ 96.157012][ T5075] lock(&dev->event_lock#2); [ 96.164232][ T5075] lock(&client->buffer_lock); [ 96.171617][ T5075] [ 96.175075][ T5075] lock(&dev->event_lock#2); [ 96.179951][ T5075] [ 96.179951][ T5075] *** DEADLOCK *** [ 96.179951][ T5075] [ 96.188099][ T5075] 7 locks held by syz-executor122/5075: [ 96.193653][ T5075] #0: ffff88814438d110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1ff/0x750 [ 96.202830][ T5075] #1: ffff88801b2ee230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xa4/0x370 [ 96.213000][ T5075] #2: ffffffff8cfacf60 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xca/0x370 [ 96.222710][ T5075] #3: ffffffff8cfacf60 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x3e/0x7a0 [ 96.232945][ T5075] #4: ffffffff8cfacf60 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x87/0x390 [ 96.242120][ T5075] #5: ffff888079ccb028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 96.252426][ T5075] #6: ffffffff8cfacf60 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x6d/0x4f0 [ 96.261524][ T5075] [ 96.261524][ T5075] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 96.272155][ T5075] -> (&dev->event_lock#2){-...}-{2:2} { [ 96.277839][ T5075] IN-HARDIRQ-W at: [ 96.281917][ T5075] lock_acquire+0x1b1/0x530 [ 96.288511][ T5075] _raw_spin_lock_irqsave+0x3a/0x50 [ 96.295567][ T5075] input_event+0x70/0xa0 [ 96.301664][ T5075] psmouse_report_standard_buttons+0x30/0x80 [ 96.309515][ T5075] psmouse_process_byte+0x39c/0x8a0 [ 96.316671][ T5075] psmouse_handle_byte+0x41/0x560 [ 96.323572][ T5075] psmouse_receive_byte+0x243/0xe10 [ 96.330643][ T5075] ps2_interrupt+0x1fe/0x5a0 [ 96.337094][ T5075] serio_interrupt+0x8d/0x150 [ 96.343620][ T5075] i8042_interrupt+0x3f2/0x8a0 [ 96.350228][ T5075] __handle_irq_event_percpu+0x229/0x740 [ 96.357709][ T5075] handle_irq_event+0xab/0x1e0 [ 96.364317][ T5075] handle_edge_irq+0x261/0xcf0 [ 96.370946][ T5075] __common_interrupt+0xdb/0x240 [ 96.377725][ T5075] common_interrupt+0xa9/0xd0 [ 96.384247][ T5075] asm_common_interrupt+0x26/0x40 [ 96.391125][ T5075] _raw_spin_unlock_irqrestore+0x31/0x70 [ 96.398611][ T5075] i8042_aux_write+0x11a/0x180 [ 96.405216][ T5075] ps2_do_sendbyte+0x264/0x6e0 [ 96.411826][ T5075] ps2_sendbyte+0x59/0x140 [ 96.418091][ T5075] cypress_ps2_sendbyte+0x2e/0x160 [ 96.425043][ T5075] cypress_send_ext_cmd+0x1e3/0x8c0 [ 96.432082][ T5075] cypress_detect+0x8c/0x1a0 [ 96.438518][ T5075] psmouse_try_protocol+0x214/0x370 [ 96.445566][ T5075] psmouse_extensions+0x616/0x960 [ 96.452440][ T5075] psmouse_switch_protocol+0x528/0x740 [ 96.459756][ T5075] psmouse_connect+0x5cc/0xf70 [ 96.466380][ T5075] serio_driver_probe+0x71/0xa0 [ 96.473072][ T5075] really_probe+0x234/0xc90 [ 96.479423][ T5075] __driver_probe_device+0x1de/0x4b0 [ 96.487717][ T5075] driver_probe_device+0x4c/0x1a0 [ 96.494592][ T5075] __driver_attach+0x274/0x570 [ 96.501205][ T5075] bus_for_each_dev+0x13c/0x1d0 [ 96.507907][ T5075] serio_handle_event+0x2b8/0xa90 [ 96.514860][ T5075] process_one_work+0x8a2/0x15e0 [ 96.521642][ T5075] worker_thread+0x8b6/0x1280 [ 96.528168][ T5075] kthread+0x337/0x440 [ 96.534080][ T5075] ret_from_fork+0x45/0x80 [ 96.540339][ T5075] ret_from_fork_asm+0x11/0x20 [ 96.546957][ T5075] INITIAL USE at: [ 96.550949][ T5075] lock_acquire+0x1b1/0x530 [ 96.557221][ T5075] _raw_spin_lock_irqsave+0x3a/0x50 [ 96.564273][ T5075] input_inject_event+0xa4/0x370 [ 96.570979][ T5075] led_set_brightness+0x211/0x290 [ 96.577757][ T5075] led_trigger_event+0xb2/0x240 [ 96.584366][ T5075] kbd_led_trigger_activate+0xc6/0x100 [ 96.591685][ T5075] led_trigger_set+0x589/0xc00 [ 96.598205][ T5075] led_trigger_set_default+0x1d2/0x230 [ 96.605419][ T5075] led_classdev_register_ext+0x78d/0xa10 [ 96.612942][ T5075] input_leds_connect+0x54a/0x8d0 [ 96.619723][ T5075] input_attach_handler.isra.0+0x17c/0x250 [ 96.627902][ T5075] input_register_device+0xb1e/0x1130 [ 96.635096][ T5075] atkbd_connect+0x5e2/0xa20 [ 96.641448][ T5075] serio_driver_probe+0x71/0xa0 [ 96.648058][ T5075] really_probe+0x234/0xc90 [ 96.654319][ T5075] __driver_probe_device+0x1de/0x4b0 [ 96.661367][ T5075] driver_probe_device+0x4c/0x1a0 [ 96.668153][ T5075] __driver_attach+0x274/0x570 [ 96.674775][ T5075] bus_for_each_dev+0x13c/0x1d0 [ 96.681397][ T5075] serio_handle_event+0x2b8/0xa90 [ 96.688193][ T5075] process_one_work+0x8a2/0x15e0 [ 96.694902][ T5075] worker_thread+0x8b6/0x1280 [ 96.701350][ T5075] kthread+0x337/0x440 [ 96.707184][ T5075] ret_from_fork+0x45/0x80 [ 96.713365][ T5075] ret_from_fork_asm+0x11/0x20 [ 96.719902][ T5075] } [ 96.722496][ T5075] ... key at: [] __key.6+0x0/0x40 [ 96.729894][ T5075] -> (&client->buffer_lock){....}-{2:2} { [ 96.735652][ T5075] INITIAL USE at: [ 96.739567][ T5075] lock_acquire+0x1b1/0x530 [ 96.745671][ T5075] _raw_spin_lock+0x2e/0x40 [ 96.751775][ T5075] evdev_pass_values+0x10e/0x9b0 [ 96.758304][ T5075] evdev_events+0x1b7/0x390 [ 96.764396][ T5075] input_to_handler+0x29e/0x4c0 [ 96.770834][ T5075] input_pass_values.part.0+0x52f/0x7a0 [ 96.777974][ T5075] input_event_dispose+0x5ee/0x770 [ 96.784684][ T5075] input_handle_event+0x11c/0xd80 [ 96.791299][ T5075] input_inject_event+0x1bb/0x370 [ 96.797913][ T5075] evdev_write+0x450/0x750 [ 96.803911][ T5075] vfs_write+0x2a4/0xdf0 [ 96.809754][ T5075] ksys_write+0x1f0/0x250 [ 96.815690][ T5075] do_syscall_64+0x3f/0x110 [ 96.821780][ T5075] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 96.829271][ T5075] } [ 96.831781][ T5075] ... key at: [] __key.3+0x0/0x40 [ 96.838924][ T5075] ... acquired at: [ 96.842733][ T5075] _raw_spin_lock+0x2e/0x40 [ 96.847445][ T5075] evdev_pass_values+0x10e/0x9b0 [ 96.852576][ T5075] evdev_events+0x1b7/0x390 [ 96.857270][ T5075] input_to_handler+0x29e/0x4c0 [ 96.862322][ T5075] input_pass_values.part.0+0x52f/0x7a0 [ 96.868079][ T5075] input_event_dispose+0x5ee/0x770 [ 96.873396][ T5075] input_handle_event+0x11c/0xd80 [ 96.878626][ T5075] input_inject_event+0x1bb/0x370 [ 96.883854][ T5075] evdev_write+0x450/0x750 [ 96.888465][ T5075] vfs_write+0x2a4/0xdf0 [ 96.892942][ T5075] ksys_write+0x1f0/0x250 [ 96.897556][ T5075] do_syscall_64+0x3f/0x110 [ 96.902423][ T5075] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 96.908521][ T5075] [ 96.910874][ T5075] [ 96.910874][ T5075] the dependencies between the lock to be acquired [ 96.910885][ T5075] and HARDIRQ-irq-unsafe lock: [ 96.924425][ T5075] -> (tasklist_lock){.+.+}-{2:2} { [ 96.929750][ T5075] HARDIRQ-ON-R at: [ 96.933912][ T5075] lock_acquire+0x1b1/0x530 [ 96.940441][ T5075] _raw_read_lock+0x5f/0x70 [ 96.946981][ T5075] __do_wait+0x105/0x890 [ 96.953261][ T5075] do_wait+0x219/0x530 [ 96.959362][ T5075] kernel_wait+0xa0/0x150 [ 96.965703][ T5075] call_usermodehelper_exec_work+0xf1/0x170 [ 96.973614][ T5075] process_one_work+0x8a2/0x15e0 [ 96.981021][ T5075] worker_thread+0x8b6/0x1280 [ 96.987737][ T5075] kthread+0x337/0x440 [ 96.993827][ T5075] ret_from_fork+0x45/0x80 [ 97.000268][ T5075] ret_from_fork_asm+0x11/0x20 [ 97.007063][ T5075] SOFTIRQ-ON-R at: [ 97.011237][ T5075] lock_acquire+0x1b1/0x530 [ 97.017771][ T5075] _raw_read_lock+0x5f/0x70 [ 97.024306][ T5075] __do_wait+0x105/0x890 [ 97.030582][ T5075] do_wait+0x219/0x530 [ 97.036677][ T5075] kernel_wait+0xa0/0x150 [ 97.043016][ T5075] call_usermodehelper_exec_work+0xf1/0x170 [ 97.050925][ T5075] process_one_work+0x8a2/0x15e0 [ 97.057969][ T5075] worker_thread+0x8b6/0x1280 [ 97.064665][ T5075] kthread+0x337/0x440 [ 97.070747][ T5075] ret_from_fork+0x45/0x80 [ 97.077189][ T5075] ret_from_fork_asm+0x11/0x20 [ 97.083977][ T5075] INITIAL USE at: [ 97.088056][ T5075] lock_acquire+0x1b1/0x530 [ 97.094497][ T5075] _raw_write_lock_irq+0x36/0x50 [ 97.101376][ T5075] copy_process+0x45d6/0x7470 [ 97.107984][ T5075] kernel_clone+0xfd/0x940 [ 97.114335][ T5075] user_mode_thread+0xb4/0xf0 [ 97.121042][ T5075] rest_init+0x27/0x2b0 [ 97.127144][ T5075] arch_call_rest_init+0x13/0x30 [ 97.134069][ T5075] start_kernel+0x39e/0x480 [ 97.140509][ T5075] x86_64_start_reservations+0x18/0x30 [ 97.147897][ T5075] x86_64_start_kernel+0xb2/0xc0 [ 97.154760][ T5075] secondary_startup_64_no_verify+0x166/0x16b [ 97.162763][ T5075] INITIAL READ USE at: [ 97.167623][ T5075] lock_acquire+0x1b1/0x530 [ 97.174497][ T5075] _raw_read_lock+0x5f/0x70 [ 97.181375][ T5075] __do_wait+0x105/0x890 [ 97.188005][ T5075] do_wait+0x219/0x530 [ 97.194451][ T5075] kernel_wait+0xa0/0x150 [ 97.201139][ T5075] call_usermodehelper_exec_work+0xf1/0x170 [ 97.209482][ T5075] process_one_work+0x8a2/0x15e0 [ 97.216790][ T5075] worker_thread+0x8b6/0x1280 [ 97.223843][ T5075] kthread+0x337/0x440 [ 97.230796][ T5075] ret_from_fork+0x45/0x80 [ 97.237582][ T5075] ret_from_fork_asm+0x11/0x20 [ 97.244716][ T5075] } [ 97.247398][ T5075] ... key at: [] tasklist_lock+0x18/0x40 [ 97.255317][ T5075] ... acquired at: [ 97.259307][ T5075] _raw_read_lock+0x5f/0x70 [ 97.264014][ T5075] send_sigio+0xb4/0x3c0 [ 97.268451][ T5075] kill_fasync+0x1f6/0x4f0 [ 97.273063][ T5075] lease_break_callback+0x23/0x30 [ 97.278290][ T5075] __break_lease+0x70e/0x17f0 [ 97.283163][ T5075] do_dentry_open+0x675/0x18d0 [ 97.288124][ T5075] path_openat+0x1d49/0x2c40 [ 97.292910][ T5075] do_filp_open+0x1dc/0x430 [ 97.297608][ T5075] do_sys_openat2+0x176/0x1e0 [ 97.302498][ T5075] __x64_sys_open+0x154/0x1e0 [ 97.307370][ T5075] do_syscall_64+0x3f/0x110 [ 97.312068][ T5075] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 97.318163][ T5075] [ 97.320492][ T5075] -> (&f->f_owner.lock){....}-{2:2} { [ 97.325993][ T5075] INITIAL USE at: [ 97.329985][ T5075] lock_acquire+0x1b1/0x530 [ 97.336251][ T5075] _raw_write_lock_irq+0x36/0x50 [ 97.343046][ T5075] f_modown+0x2a/0x390 [ 97.348881][ T5075] do_fcntl+0xcd5/0x1260 [ 97.354876][ T5075] __x64_sys_fcntl+0x16c/0x1e0 [ 97.361397][ T5075] do_syscall_64+0x3f/0x110 [ 97.367653][ T5075] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 97.375306][ T5075] INITIAL READ USE at: [ 97.379732][ T5075] lock_acquire+0x1b1/0x530 [ 97.386436][ T5075] _raw_read_lock_irqsave+0x70/0x90 [ 97.393841][ T5075] send_sigio+0x28/0x3c0 [ 97.400274][ T5075] kill_fasync+0x1f6/0x4f0 [ 97.406882][ T5075] lease_break_callback+0x23/0x30 [ 97.414097][ T5075] __break_lease+0x70e/0x17f0 [ 97.420969][ T5075] do_dentry_open+0x675/0x18d0 [ 97.427928][ T5075] path_openat+0x1d49/0x2c40 [ 97.434704][ T5075] do_filp_open+0x1dc/0x430 [ 97.441406][ T5075] do_sys_openat2+0x176/0x1e0 [ 97.448365][ T5075] __x64_sys_open+0x154/0x1e0 [ 97.455232][ T5075] do_syscall_64+0x3f/0x110 [ 97.461930][ T5075] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 97.470109][ T5075] } [ 97.472700][ T5075] ... key at: [] __key.5+0x0/0x40 [ 97.479919][ T5075] ... acquired at: [ 97.483812][ T5075] _raw_read_lock_irqsave+0x70/0x90 [ 97.489630][ T5075] send_sigio+0x28/0x3c0 [ 97.494066][ T5075] kill_fasync+0x1f6/0x4f0 [ 97.498679][ T5075] lease_break_callback+0x23/0x30 [ 97.503899][ T5075] __break_lease+0x70e/0x17f0 [ 97.508770][ T5075] do_dentry_open+0x675/0x18d0 [ 97.513730][ T5075] path_openat+0x1d49/0x2c40 [ 97.518509][ T5075] do_filp_open+0x1dc/0x430 [ 97.523201][ T5075] do_sys_openat2+0x176/0x1e0 [ 97.528077][ T5075] __x64_sys_open+0x154/0x1e0 [ 97.532953][ T5075] do_syscall_64+0x3f/0x110 [ 97.537655][ T5075] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 97.543750][ T5075] [ 97.546080][ T5075] -> (&new->fa_lock){....}-{2:2} { [ 97.551226][ T5075] INITIAL READ USE at: [ 97.555567][ T5075] lock_acquire+0x1b1/0x530 [ 97.562184][ T5075] _raw_read_lock_irqsave+0x70/0x90 [ 97.569413][ T5075] kill_fasync+0x138/0x4f0 [ 97.575850][ T5075] lease_break_callback+0x23/0x30 [ 97.582897][ T5075] __break_lease+0x70e/0x17f0 [ 97.589596][ T5075] do_dentry_open+0x675/0x18d0 [ 97.596377][ T5075] path_openat+0x1d49/0x2c40 [ 97.604226][ T5075] do_filp_open+0x1dc/0x430 [ 97.610834][ T5075] do_sys_openat2+0x176/0x1e0 [ 97.617530][ T5075] __x64_sys_open+0x154/0x1e0 [ 97.624231][ T5075] do_syscall_64+0x3f/0x110 [ 97.630749][ T5075] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 97.638775][ T5075] } [ 97.641296][ T5075] ... key at: [] __key.0+0x0/0x40 [ 97.648453][ T5075] ... acquired at: [ 97.652275][ T5075] lock_acquire+0x1b1/0x530 [ 97.657074][ T5075] _raw_read_lock_irqsave+0x70/0x90 [ 97.662482][ T5075] kill_fasync+0x138/0x4f0 [ 97.667123][ T5075] evdev_pass_values+0x619/0x9b0 [ 97.672258][ T5075] evdev_events+0x1b7/0x390 [ 97.676955][ T5075] input_to_handler+0x29e/0x4c0 [ 97.682004][ T5075] input_pass_values.part.0+0x52f/0x7a0 [ 97.687756][ T5075] input_event_dispose+0x5ee/0x770 [ 97.693075][ T5075] input_handle_event+0x11c/0xd80 [ 97.698311][ T5075] input_inject_event+0x1bb/0x370 [ 97.703543][ T5075] evdev_write+0x450/0x750 [ 97.708152][ T5075] vfs_write+0x2a4/0xdf0 [ 97.712601][ T5075] ksys_write+0x1f0/0x250 [ 97.717134][ T5075] do_syscall_64+0x3f/0x110 [ 97.721830][ T5075] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 97.727932][ T5075] [ 97.730264][ T5075] [ 97.730264][ T5075] stack backtrace: [ 97.736163][ T5075] CPU: 0 PID: 5075 Comm: syz-executor122 Not tainted 6.6.0-rc7-next-20231026-syzkaller #0 [ 97.746082][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 97.756152][ T5075] Call Trace: [ 97.759525][ T5075] [ 97.762483][ T5075] dump_stack_lvl+0xd9/0x1b0 [ 97.767285][ T5075] check_irq_usage+0x10b8/0x1c70 [ 97.772269][ T5075] ? print_shortest_lock_dependencies_backwards+0x1b0/0x1b0 [ 97.779602][ T5075] ? hlock_conflict+0x58/0x200 [ 97.784416][ T5075] ? __bfs+0x2f7/0x660 [ 97.788519][ T5075] ? save_trace+0xb30/0xb30 [ 97.793075][ T5075] ? mark_lock+0x105/0x1950 [ 97.797653][ T5075] ? find_held_lock+0x2d/0x110 [ 97.802461][ T5075] ? is_dynamic_key+0x200/0x200 [ 97.807374][ T5075] ? __lock_acquire+0x2e38/0x5dc0 [ 97.812436][ T5075] __lock_acquire+0x2e38/0x5dc0 [ 97.817331][ T5075] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 97.823532][ T5075] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 97.829561][ T5075] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 97.835584][ T5075] lock_acquire+0x1b1/0x530 [ 97.840126][ T5075] ? kill_fasync+0x138/0x4f0 [ 97.844759][ T5075] ? lock_sync+0x180/0x180 [ 97.849216][ T5075] ? lock_sync+0x180/0x180 [ 97.853670][ T5075] ? lock_sync+0x180/0x180 [ 97.858125][ T5075] _raw_read_lock_irqsave+0x70/0x90 [ 97.863366][ T5075] ? kill_fasync+0x138/0x4f0 [ 97.867980][ T5075] kill_fasync+0x138/0x4f0 [ 97.872425][ T5075] evdev_pass_values+0x619/0x9b0 [ 97.877393][ T5075] evdev_events+0x1b7/0x390 [ 97.881917][ T5075] ? evdev_connect+0x4c0/0x4c0 [ 97.886705][ T5075] input_to_handler+0x29e/0x4c0 [ 97.891590][ T5075] input_pass_values.part.0+0x52f/0x7a0 [ 97.897176][ T5075] input_event_dispose+0x5ee/0x770 [ 97.902325][ T5075] input_handle_event+0x11c/0xd80 [ 97.907389][ T5075] input_inject_event+0x1bb/0x370 [ 97.912449][ T5075] evdev_write+0x450/0x750 [ 97.916903][ T5075] ? evdev_read+0xdf0/0xdf0 [ 97.921430][ T5075] ? apparmor_file_permission+0x255/0x530 [ 97.927184][ T5075] ? bpf_lsm_file_permission+0x9/0x10 [ 97.932588][ T5075] ? security_file_permission+0x94/0x100 [ 97.938247][ T5075] vfs_write+0x2a4/0xdf0 [ 97.942523][ T5075] ? evdev_read+0xdf0/0xdf0 [ 97.947049][ T5075] ? kernel_write+0x6c0/0x6c0 [ 97.951757][ T5075] ? ptrace_stop.part.0+0x606/0x8e0 [ 97.956980][ T5075] ? __fget_files+0x1c6/0x340 [ 97.961702][ T5075] ? __fget_light+0xe4/0x260 [ 97.966325][ T5075] ksys_write+0x1f0/0x250 [ 97.970686][ T5075] ? __ia32_sys_read+0xb0/0xb0 [ 97.975477][ T5075] ? lockdep_hardirqs_on+0x7c/0x100 [ 97.980710][ T5075] ? _raw_spin_unlock_irq+0x2e/0x50 [ 97.985939][ T5075] ? ptrace_notify+0xf1/0x130 [ 97.990639][ T5075] do_syscall_64+0x3f/0x110 [ 97.995168][ T5075] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 98.001098][ T5075] RIP: 0033:0x7f600bd02f79 [ 98.005528][ T5075] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 98.025159][ T5075] RSP: 002b:00007f600bcc2228 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 98.033589][ T5075] RAX: ffffffffffffffda RBX: 00007f600bd8a408 RCX: 00007f600bd02f79 [pid 5075] write(4, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xd3\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 10968 [pid 5074] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5075] <... write resumed>) = 10968 [pid 5075] futex(0x7f600bd8a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] exit_group(0) = ? [pid 5075] <... futex resumed>) = ? [pid 5075] +++ exited with 0 +++ +++ exited with 0 +++ [ 98.041