./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3961256136 <...> Warning: Permanently added '10.128.0.88' (ECDSA) to the list of known hosts. execve("./syz-executor3961256136", ["./syz-executor3961256136"], 0x7ffdf8099810 /* 10 vars */) = 0 brk(NULL) = 0x555555854000 brk(0x555555854c40) = 0x555555854c40 arch_prctl(ARCH_SET_FS, 0x555555854300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3961256136", 4096) = 28 brk(0x555555875c40) = 0x555555875c40 brk(0x555555876000) = 0x555555876000 mprotect(0x7ffacefe2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_UNIX, SOCK_DGRAM, 0) = 3 bind(3, {sa_family=AF_UNIX, sun_path="\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b"}, 110) = 0 ioctl(3, FIOSETOWN, [-1]) = 0 ioctl(3, FIOASYNC, [2]) = 0 socket(AF_UNIX, SOCK_DGRAM, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b"}, 110) = 0 sendmmsg(4, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, msg_len=0}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}}, ...], 3682232011, MSG_DONTWAIT|MSG_EOR|MSG_FIN|MSG_SYN|MSG_CONFIRM|MSG_RST|MSG_ERRQUEUE) = 11 openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 5 ioctl(5, FIOASYNC, [233]) = 0 openat(AT_FDCWD, "/dev/input/event0", O_RDWR|O_NOFOLLOW) = 6 [ 48.528583][ T3613] [ 48.530937][ T3613] ===================================================== [ 48.537850][ T3613] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 48.545284][ T3613] 6.0.0-rc5-syzkaller-00097-g38eddeedbbea #0 Not tainted [ 48.552282][ T3613] ----------------------------------------------------- [ 48.559193][ T3613] syz-executor396/3613 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 48.567236][ T3613] ffff88807557b018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13b/0x430 [ 48.575935][ T3613] [ 48.575935][ T3613] and this task is already holding: [ 48.583288][ T3613] ffff888018178028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xe5/0xb90 [ 48.592999][ T3613] which would create a new lock dependency: [ 48.598866][ T3613] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 48.606935][ T3613] [ 48.606935][ T3613] but this new dependency connects a HARDIRQ-irq-safe lock: [ 48.616368][ T3613] (&dev->event_lock#2){-...}-{2:2} [ 48.616392][ T3613] [ 48.616392][ T3613] ... which became HARDIRQ-irq-safe at: [ 48.629256][ T3613] lock_acquire+0x1a7/0x400 [ 48.633850][ T3613] _raw_spin_lock_irqsave+0xd1/0x120 [ 48.639221][ T3613] input_event+0x89/0xc0 [ 48.643548][ T3613] psmouse_report_standard_packet+0x4f/0x200 [ 48.649602][ T3613] psmouse_process_byte+0x447/0x630 [ 48.654872][ T3613] psmouse_handle_byte+0x44/0x4a0 [ 48.659969][ T3613] psmouse_interrupt+0x68a/0x1080 [ 48.665075][ T3613] serio_interrupt+0x88/0x130 [ 48.669910][ T3613] i8042_interrupt+0x32f/0x720 [ 48.674744][ T3613] __handle_irq_event_percpu+0x200/0x620 [ 48.680467][ T3613] handle_irq_event+0x83/0x1e0 [ 48.685315][ T3613] handle_edge_irq+0x245/0xbe0 [ 48.690774][ T3613] __common_interrupt+0xce/0x1e0 [ 48.695800][ T3613] common_interrupt+0x9f/0xc0 [ 48.700559][ T3613] asm_common_interrupt+0x22/0x40 [ 48.705664][ T3613] __sanitizer_cov_trace_pc+0xd/0x60 [ 48.711032][ T3613] kset_find_obj+0xc8/0x110 [ 48.715615][ T3613] module_add_driver+0x1b1/0x2e0 [ 48.720637][ T3613] bus_add_driver+0x393/0x600 [ 48.725397][ T3613] driver_register+0x2e9/0x3e0 [ 48.730251][ T3613] usb_register_driver+0x205/0x3d0 [ 48.735457][ T3613] do_one_initcall+0xbd/0x2b0 [ 48.740224][ T3613] do_initcall_level+0x168/0x218 [ 48.745245][ T3613] do_initcalls+0x4b/0x8c [ 48.749664][ T3613] kernel_init_freeable+0x43a/0x5c3 [ 48.754935][ T3613] kernel_init+0x19/0x2b0 [ 48.759341][ T3613] ret_from_fork+0x1f/0x30 [ 48.763831][ T3613] [ 48.763831][ T3613] to a HARDIRQ-irq-unsafe lock: [ 48.770831][ T3613] (tasklist_lock){.+.+}-{2:2} [ 48.770852][ T3613] [ 48.770852][ T3613] ... which became HARDIRQ-irq-unsafe at: [ 48.783454][ T3613] ... [ 48.783459][ T3613] lock_acquire+0x1a7/0x400 [ 48.790602][ T3613] _raw_read_lock+0x32/0x40 [ 48.795188][ T3613] do_wait+0x224/0x9d0 [ 48.799331][ T3613] kernel_wait+0xe4/0x230 [ 48.803747][ T3613] call_usermodehelper_exec_work+0xb4/0x220 [ 48.809713][ T3613] process_one_work+0x81c/0xd10 [ 48.814637][ T3613] worker_thread+0xb14/0x1330 [ 48.819388][ T3613] kthread+0x266/0x300 [ 48.823528][ T3613] ret_from_fork+0x1f/0x30 [ 48.828019][ T3613] [ 48.828019][ T3613] other info that might help us debug this: [ 48.828019][ T3613] [ 48.838228][ T3613] Chain exists of: [ 48.838228][ T3613] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 48.838228][ T3613] [ 48.851774][ T3613] Possible interrupt unsafe locking scenario: [ 48.851774][ T3613] [ 48.860076][ T3613] CPU0 CPU1 [ 48.865426][ T3613] ---- ---- [ 48.870803][ T3613] lock(tasklist_lock); [ 48.875037][ T3613] local_irq_disable(); [ 48.881774][ T3613] lock(&dev->event_lock#2); [ 48.888963][ T3613] lock(&client->buffer_lock); [ 48.896320][ T3613] [ 48.899757][ T3613] lock(&dev->event_lock#2); [ 48.904601][ T3613] [ 48.904601][ T3613] *** DEADLOCK *** [ 48.904601][ T3613] [ 48.912727][ T3613] 7 locks held by syz-executor396/3613: [ 48.918254][ T3613] #0: ffff888148257110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x26c/0x7d0 [ 48.927377][ T3613] #1: ffff888146db8230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xb4/0x270 [ 48.937457][ T3613] #2: ffffffff8cd208a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 48.946759][ T3613] #3: ffffffff8cd208a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 48.956228][ T3613] #4: ffffffff8cd208a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 48.965530][ T3613] #5: ffff888018178028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xe5/0xb90 [ 48.975697][ T3613] #6: ffffffff8cd208a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 48.984989][ T3613] [ 48.984989][ T3613] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 48.995377][ T3613] -> (&dev->event_lock#2){-...}-{2:2} { [ 49.001014][ T3613] IN-HARDIRQ-W at: [ 49.005094][ T3613] lock_acquire+0x1a7/0x400 [ 49.011408][ T3613] _raw_spin_lock_irqsave+0xd1/0x120 [ 49.018505][ T3613] input_event+0x89/0xc0 [ 49.024556][ T3613] psmouse_report_standard_packet+0x4f/0x200 [ 49.032346][ T3613] psmouse_process_byte+0x447/0x630 [ 49.039355][ T3613] psmouse_handle_byte+0x44/0x4a0 [ 49.046189][ T3613] psmouse_interrupt+0x68a/0x1080 [ 49.053021][ T3613] serio_interrupt+0x88/0x130 [ 49.059507][ T3613] i8042_interrupt+0x32f/0x720 [ 49.066080][ T3613] __handle_irq_event_percpu+0x200/0x620 [ 49.073529][ T3613] handle_irq_event+0x83/0x1e0 [ 49.080102][ T3613] handle_edge_irq+0x245/0xbe0 [ 49.086673][ T3613] __common_interrupt+0xce/0x1e0 [ 49.093419][ T3613] common_interrupt+0x9f/0xc0 [ 49.099908][ T3613] asm_common_interrupt+0x22/0x40 [ 49.106742][ T3613] __sanitizer_cov_trace_pc+0xd/0x60 [ 49.113925][ T3613] kset_find_obj+0xc8/0x110 [ 49.120255][ T3613] module_add_driver+0x1b1/0x2e0 [ 49.127005][ T3613] bus_add_driver+0x393/0x600 [ 49.133494][ T3613] driver_register+0x2e9/0x3e0 [ 49.140065][ T3613] usb_register_driver+0x205/0x3d0 [ 49.146990][ T3613] do_one_initcall+0xbd/0x2b0 [ 49.153478][ T3613] do_initcall_level+0x168/0x218 [ 49.160228][ T3613] do_initcalls+0x4b/0x8c [ 49.166367][ T3613] kernel_init_freeable+0x43a/0x5c3 [ 49.173378][ T3613] kernel_init+0x19/0x2b0 [ 49.179519][ T3613] ret_from_fork+0x1f/0x30 [ 49.185748][ T3613] INITIAL USE at: [ 49.189716][ T3613] lock_acquire+0x1a7/0x400 [ 49.195946][ T3613] _raw_spin_lock_irqsave+0xd1/0x120 [ 49.202954][ T3613] input_inject_event+0xb4/0x270 [ 49.209701][ T3613] led_trigger_event+0xdb/0x190 [ 49.216275][ T3613] kbd_led_trigger_activate+0xb8/0x100 [ 49.223459][ T3613] led_trigger_set+0x53b/0x910 [ 49.229943][ T3613] led_trigger_set_default+0x1d1/0x210 [ 49.237125][ T3613] led_classdev_register_ext+0x600/0x7f0 [ 49.244479][ T3613] input_leds_connect+0x55d/0x780 [ 49.251226][ T3613] input_register_device+0xd90/0x1150 [ 49.258321][ T3613] atkbd_connect+0x796/0xa60 [ 49.264636][ T3613] serio_driver_probe+0x76/0x90 [ 49.271222][ T3613] call_driver_probe+0x96/0x250 [ 49.277797][ T3613] really_probe+0x24c/0x9f0 [ 49.284026][ T3613] __driver_probe_device+0x1f4/0x3f0 [ 49.291036][ T3613] driver_probe_device+0x50/0x240 [ 49.297786][ T3613] __driver_attach+0x364/0x5b0 [ 49.304271][ T3613] bus_for_each_dev+0x188/0x1f0 [ 49.310844][ T3613] serio_handle_event+0x8bc/0x1060 [ 49.317685][ T3613] process_one_work+0x81c/0xd10 [ 49.324278][ T3613] worker_thread+0xb14/0x1330 [ 49.330693][ T3613] kthread+0x266/0x300 [ 49.336483][ T3613] ret_from_fork+0x1f/0x30 [ 49.342641][ T3613] } [ 49.345219][ T3613] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 49.354328][ T3613] -> (&client->buffer_lock){....}-{2:2} { [ 49.360050][ T3613] INITIAL USE at: [ 49.363927][ T3613] lock_acquire+0x1a7/0x400 [ 49.369980][ T3613] _raw_spin_lock+0x2a/0x40 [ 49.376034][ T3613] evdev_pass_values+0xe5/0xb90 [ 49.382450][ T3613] evdev_events+0x195/0x280 [ 49.388515][ T3613] input_pass_values+0x8fc/0x12b0 [ 49.395089][ T3613] input_event_dispose+0x33f/0x620 [ 49.401751][ T3613] input_handle_event+0x3f2/0xa80 [ 49.408325][ T3613] input_inject_event+0x189/0x270 [ 49.414900][ T3613] evdev_write+0x685/0x7d0 [ 49.420865][ T3613] vfs_write+0x2e5/0xbb0 [ 49.426658][ T3613] ksys_write+0x19b/0x2c0 [ 49.432536][ T3613] do_syscall_64+0x2b/0x70 [ 49.438500][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.445943][ T3613] } [ 49.448450][ T3613] ... key at: [] evdev_open.__key.23+0x0/0x20 [ 49.456617][ T3613] ... acquired at: [ 49.460413][ T3613] lock_acquire+0x1a7/0x400 [ 49.465086][ T3613] _raw_spin_lock+0x2a/0x40 [ 49.469755][ T3613] evdev_pass_values+0xe5/0xb90 [ 49.474769][ T3613] evdev_events+0x195/0x280 [ 49.479432][ T3613] input_pass_values+0x8fc/0x12b0 [ 49.484622][ T3613] input_event_dispose+0x33f/0x620 [ 49.489895][ T3613] input_handle_event+0x3f2/0xa80 [ 49.495079][ T3613] input_inject_event+0x189/0x270 [ 49.500264][ T3613] evdev_write+0x685/0x7d0 [ 49.504865][ T3613] vfs_write+0x2e5/0xbb0 [ 49.509270][ T3613] ksys_write+0x19b/0x2c0 [ 49.513758][ T3613] do_syscall_64+0x2b/0x70 [ 49.518334][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.524391][ T3613] [ 49.526698][ T3613] [ 49.526698][ T3613] the dependencies between the lock to be acquired [ 49.526705][ T3613] and HARDIRQ-irq-unsafe lock: [ 49.540198][ T3613] -> (tasklist_lock){.+.+}-{2:2} { [ 49.545516][ T3613] HARDIRQ-ON-R at: [ 49.549672][ T3613] lock_acquire+0x1a7/0x400 [ 49.556164][ T3613] _raw_read_lock+0x32/0x40 [ 49.562654][ T3613] do_wait+0x224/0x9d0 [ 49.568706][ T3613] kernel_wait+0xe4/0x230 [ 49.575023][ T3613] call_usermodehelper_exec_work+0xb4/0x220 [ 49.582902][ T3613] process_one_work+0x81c/0xd10 [ 49.589751][ T3613] worker_thread+0xb14/0x1330 [ 49.596413][ T3613] kthread+0x266/0x300 [ 49.602466][ T3613] ret_from_fork+0x1f/0x30 [ 49.608881][ T3613] SOFTIRQ-ON-R at: [ 49.613021][ T3613] lock_acquire+0x1a7/0x400 [ 49.619536][ T3613] _raw_read_lock+0x32/0x40 [ 49.626025][ T3613] do_wait+0x224/0x9d0 [ 49.632090][ T3613] kernel_wait+0xe4/0x230 [ 49.638402][ T3613] call_usermodehelper_exec_work+0xb4/0x220 [ 49.646293][ T3613] process_one_work+0x81c/0xd10 [ 49.653154][ T3613] worker_thread+0xb14/0x1330 [ 49.659830][ T3613] kthread+0x266/0x300 [ 49.665895][ T3613] ret_from_fork+0x1f/0x30 [ 49.672309][ T3613] INITIAL USE at: [ 49.676384][ T3613] lock_acquire+0x1a7/0x400 [ 49.682790][ T3613] _raw_write_lock_irq+0xcf/0x110 [ 49.689714][ T3613] copy_process+0x24d6/0x4010 [ 49.696289][ T3613] kernel_clone+0x22f/0x7a0 [ 49.702689][ T3613] user_mode_thread+0x12d/0x190 [ 49.709436][ T3613] rest_init+0x21/0x270 [ 49.715487][ T3613] start_kernel+0x0/0x55b [ 49.721710][ T3613] start_kernel+0x4ac/0x55b [ 49.728130][ T3613] secondary_startup_64_no_verify+0xcf/0xdb [ 49.735923][ T3613] INITIAL READ USE at: [ 49.740411][ T3613] lock_acquire+0x1a7/0x400 [ 49.747262][ T3613] _raw_read_lock+0x32/0x40 [ 49.754111][ T3613] do_wait+0x224/0x9d0 [ 49.760531][ T3613] kernel_wait+0xe4/0x230 [ 49.767191][ T3613] call_usermodehelper_exec_work+0xb4/0x220 [ 49.775415][ T3613] process_one_work+0x81c/0xd10 [ 49.782595][ T3613] worker_thread+0xb14/0x1330 [ 49.789605][ T3613] kthread+0x266/0x300 [ 49.796005][ T3613] ret_from_fork+0x1f/0x30 [ 49.802751][ T3613] } [ 49.805410][ T3613] ... key at: [] tasklist_lock+0x18/0x40 [ 49.813292][ T3613] ... acquired at: [ 49.817254][ T3613] lock_acquire+0x1a7/0x400 [ 49.821920][ T3613] _raw_read_lock+0x32/0x40 [ 49.826585][ T3613] send_sigio+0xbe/0x300 [ 49.830988][ T3613] kill_fasync+0x1e4/0x430 [ 49.835650][ T3613] sock_wake_async+0x130/0x150 [ 49.840587][ T3613] sk_wake_async+0x12e/0x200 [ 49.845334][ T3613] sock_def_readable+0x152/0x200 [ 49.850431][ T3613] unix_dgram_sendmsg+0x1551/0x2050 [ 49.856049][ T3613] ____sys_sendmsg+0x597/0x8e0 [ 49.860972][ T3613] __sys_sendmmsg+0x3d7/0x770 [ 49.865805][ T3613] __x64_sys_sendmmsg+0x9c/0xb0 [ 49.870813][ T3613] do_syscall_64+0x2b/0x70 [ 49.875391][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.881463][ T3613] [ 49.883780][ T3613] -> (&f->f_owner.lock){....}-{2:2} { [ 49.889242][ T3613] INITIAL USE at: [ 49.893208][ T3613] lock_acquire+0x1a7/0x400 [ 49.899457][ T3613] _raw_write_lock_irq+0xcf/0x110 [ 49.906205][ T3613] f_modown+0x38/0x340 [ 49.911995][ T3613] f_setown+0x113/0x1a0 [ 49.917874][ T3613] sock_ioctl+0x591/0x770 [ 49.923928][ T3613] __se_sys_ioctl+0xfb/0x170 [ 49.930241][ T3613] do_syscall_64+0x2b/0x70 [ 49.936381][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.943997][ T3613] INITIAL READ USE at: [ 49.948394][ T3613] lock_acquire+0x1a7/0x400 [ 49.955054][ T3613] _raw_read_lock_irqsave+0xd9/0x120 [ 49.962496][ T3613] send_sigio+0x2f/0x300 [ 49.968893][ T3613] kill_fasync+0x1e4/0x430 [ 49.975483][ T3613] sock_wake_async+0x130/0x150 [ 49.982402][ T3613] sk_wake_async+0x12e/0x200 [ 49.989147][ T3613] sock_def_readable+0x152/0x200 [ 49.996243][ T3613] unix_dgram_sendmsg+0x1551/0x2050 [ 50.003608][ T3613] ____sys_sendmsg+0x597/0x8e0 [ 50.010529][ T3613] __sys_sendmmsg+0x3d7/0x770 [ 50.017376][ T3613] __x64_sys_sendmmsg+0x9c/0xb0 [ 50.024381][ T3613] do_syscall_64+0x2b/0x70 [ 50.030968][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.039034][ T3613] } [ 50.041606][ T3613] ... key at: [] __alloc_file.__key+0x0/0x10 [ 50.049750][ T3613] ... acquired at: [ 50.053646][ T3613] lock_acquire+0x1a7/0x400 [ 50.058308][ T3613] _raw_read_lock_irqsave+0xd9/0x120 [ 50.063753][ T3613] send_sigio+0x2f/0x300 [ 50.068156][ T3613] kill_fasync+0x1e4/0x430 [ 50.072733][ T3613] sock_wake_async+0x130/0x150 [ 50.077670][ T3613] sk_wake_async+0x12e/0x200 [ 50.082417][ T3613] sock_def_readable+0x152/0x200 [ 50.087513][ T3613] unix_dgram_sendmsg+0x1551/0x2050 [ 50.092877][ T3613] ____sys_sendmsg+0x597/0x8e0 [ 50.097800][ T3613] __sys_sendmmsg+0x3d7/0x770 [ 50.102636][ T3613] __x64_sys_sendmmsg+0x9c/0xb0 [ 50.107644][ T3613] do_syscall_64+0x2b/0x70 [ 50.112219][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.118274][ T3613] [ 50.120586][ T3613] -> (&new->fa_lock){....}-{2:2} { [ 50.125693][ T3613] INITIAL READ USE at: [ 50.130008][ T3613] lock_acquire+0x1a7/0x400 [ 50.136496][ T3613] _raw_read_lock_irqsave+0xd9/0x120 [ 50.143785][ T3613] kill_fasync+0x13b/0x430 [ 50.150183][ T3613] sock_wake_async+0x130/0x150 [ 50.156947][ T3613] sk_wake_async+0x12e/0x200 [ 50.163520][ T3613] sock_def_readable+0x152/0x200 [ 50.170440][ T3613] unix_dgram_sendmsg+0x1551/0x2050 [ 50.177724][ T3613] ____sys_sendmsg+0x597/0x8e0 [ 50.184471][ T3613] __sys_sendmmsg+0x3d7/0x770 [ 50.191130][ T3613] __x64_sys_sendmmsg+0x9c/0xb0 [ 50.197964][ T3613] do_syscall_64+0x2b/0x70 [ 50.204366][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.212242][ T3613] } [ 50.214748][ T3613] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 50.223409][ T3613] ... acquired at: [ 50.227209][ T3613] lock_acquire+0x1a7/0x400 [ 50.231873][ T3613] _raw_read_lock_irqsave+0xd9/0x120 [ 50.237317][ T3613] kill_fasync+0x13b/0x430 [ 50.241893][ T3613] evdev_pass_values+0x5b1/0xb90 [ 50.246991][ T3613] evdev_events+0x195/0x280 [ 50.251656][ T3613] input_pass_values+0x8fc/0x12b0 [ 50.256845][ T3613] input_event_dispose+0x33f/0x620 [ 50.262117][ T3613] input_handle_event+0x3f2/0xa80 [ 50.267302][ T3613] input_inject_event+0x189/0x270 [ 50.272487][ T3613] evdev_write+0x685/0x7d0 [ 50.277064][ T3613] vfs_write+0x2e5/0xbb0 [ 50.281482][ T3613] ksys_write+0x19b/0x2c0 [ 50.285971][ T3613] do_syscall_64+0x2b/0x70 [ 50.290548][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.296601][ T3613] [ 50.298913][ T3613] [ 50.298913][ T3613] stack backtrace: [ 50.304784][ T3613] CPU: 1 PID: 3613 Comm: syz-executor396 Not tainted 6.0.0-rc5-syzkaller-00097-g38eddeedbbea #0 [ 50.315180][ T3613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 50.325234][ T3613] Call Trace: [ 50.328503][ T3613] [ 50.331423][ T3613] dump_stack_lvl+0x1e3/0x2cb [ 50.336091][ T3613] ? io_alloc_page_table+0x110/0x110 [ 50.341362][ T3613] ? panic+0x76b/0x76b [ 50.345426][ T3613] ? print_shortest_lock_dependencies+0x102/0x160 [ 50.351851][ T3613] validate_chain+0x575e/0x6600 [ 50.356700][ T3613] ? reacquire_held_locks+0x680/0x680 [ 50.362061][ T3613] ? rcu_read_lock_sched_held+0x89/0x130 [ 50.367684][ T3613] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 50.373651][ T3613] ? reacquire_held_locks+0x680/0x680 [ 50.379012][ T3613] ? reacquire_held_locks+0x680/0x680 [ 50.384373][ T3613] ? register_lock_class+0xfe/0x9b0 [ 50.389558][ T3613] ? is_dynamic_key+0x1f0/0x1f0 [ 50.394395][ T3613] ? mark_lock+0x9a/0x350 [ 50.398711][ T3613] __lock_acquire+0x1292/0x1f60 [ 50.403568][ T3613] lock_acquire+0x1a7/0x400 [ 50.408099][ T3613] ? kill_fasync+0x13b/0x430 [ 50.412705][ T3613] ? read_lock_is_recursive+0x10/0x10 [ 50.418088][ T3613] ? read_lock_is_recursive+0x10/0x10 [ 50.423460][ T3613] _raw_read_lock_irqsave+0xd9/0x120 [ 50.428741][ T3613] ? kill_fasync+0x13b/0x430 [ 50.433322][ T3613] ? _raw_read_lock+0x40/0x40 [ 50.437994][ T3613] kill_fasync+0x13b/0x430 [ 50.442398][ T3613] evdev_pass_values+0x5b1/0xb90 [ 50.447328][ T3613] ? evdev_pass_values+0x621/0xb90 [ 50.452517][ T3613] evdev_events+0x195/0x280 [ 50.457023][ T3613] ? evdev_event+0x170/0x170 [ 50.461612][ T3613] input_pass_values+0x8fc/0x12b0 [ 50.466631][ T3613] input_event_dispose+0x33f/0x620 [ 50.471738][ T3613] input_handle_event+0x3f2/0xa80 [ 50.476778][ T3613] ? userio_device_write+0x1f0/0x1f0 [ 50.482064][ T3613] input_inject_event+0x189/0x270 [ 50.487090][ T3613] evdev_write+0x685/0x7d0 [ 50.491501][ T3613] ? evdev_read+0xe10/0xe10 [ 50.496007][ T3613] ? bpf_lsm_file_permission+0x5/0x10 [ 50.501372][ T3613] ? security_file_permission+0xe0/0x5c0 [ 50.506990][ T3613] ? vfs_write+0x213/0xbb0 [ 50.511393][ T3613] ? evdev_read+0xe10/0xe10 [ 50.515881][ T3613] vfs_write+0x2e5/0xbb0 [ 50.520114][ T3613] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 50.526085][ T3613] ? file_end_write+0x230/0x230 [ 50.530923][ T3613] ? do_raw_spin_unlock+0x134/0x8a0 [ 50.536280][ T3613] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.541472][ T3613] ? lockdep_hardirqs_on+0x95/0x140 [ 50.546658][ T3613] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.551862][ T3613] ? __fdget_pos+0x1d2/0x2e0 [ 50.556443][ T3613] ksys_write+0x19b/0x2c0 [ 50.560763][ T3613] ? print_irqtrace_events+0x220/0x220 [ 50.566215][ T3613] ? __ia32_sys_read+0x80/0x80 [ 50.570982][ T3613] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 50.576953][ T3613] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 50.583024][ T3613] do_syscall_64+0x2b/0x70 [ 50.587447][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.593421][ T3613] RIP: 0033:0x7ffacef75829 [ 50.597825][ T3613] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 50.617429][ T3613] RSP: 002b:00007ffd22c7edd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 50.625919][ T3613] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffacef75829 write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x10\x27\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 121) = 120 exit_group(0) = ? +++ exited with 0 +++ [ 50.633894][ T3613] RDX: 0000000000000079 RS