./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor166755644 <...> Warning: Permanently added '10.128.0.34' (ED25519) to the list of known hosts. execve("./syz-executor166755644", ["./syz-executor166755644"], 0x7ffcb2b153c0 /* 10 vars */) = 0 brk(NULL) = 0x555556045000 brk(0x555556045d40) = 0x555556045d40 arch_prctl(ARCH_SET_FS, 0x5555560453c0) = 0 set_tid_address(0x555556045690) = 5061 set_robust_list(0x5555560456a0, 24) = 0 rseq(0x555556045ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor166755644", 4096) = 27 getrandom("\xff\x09\xbd\x5a\xa5\x15\x68\xa8", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556045d40 brk(0x555556066d40) = 0x555556066d40 brk(0x555556067000) = 0x555556067000 mprotect(0x7fedb2fb7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7fedb2fbd34c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fedb2f5ca60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fedb2f4e0e0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb2ed6000 mprotect(0x7fedb2ed7000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fedb2ef6990, parent_tid=0x7fedb2ef6990, exit_signal=0, stack=0x7fedb2ed6000, stack_size=0x20300, tls=0x7fedb2ef66c0}./strace-static-x86_64: Process 5062 attached => {parent_tid=[5062]}, 88) = 5062 [pid 5062] rseq(0x7fedb2ef6fe0, 0x20, 0, 0x53053053 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] <... rseq resumed>) = 0 [pid 5061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] set_robust_list(0x7fedb2ef69a0, 24 [pid 5061] futex(0x7fedb2fbd348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... set_robust_list resumed>) = 0 [pid 5061] <... futex resumed>) = 0 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], [pid 5061] futex(0x7fedb2fbd34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] open("./file0", O_RDONLY|O_CREAT|O_LARGEFILE|0x4000000, 000) = 3 [pid 5062] futex(0x7fedb2fbd34c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5061] futex(0x7fedb2fbd348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] gettid( [pid 5061] <... futex resumed>) = 0 [pid 5062] <... gettid resumed>) = 5062 [pid 5061] futex(0x7fedb2fbd34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] futex(0x7fedb2fbd34c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5061] futex(0x7fedb2fbd348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5061] <... futex resumed>) = 0 [pid 5062] fcntl(3, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=5062} [pid 5061] futex(0x7fedb2fbd34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... fcntl resumed>) = 0 [pid 5062] futex(0x7fedb2fbd34c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5061] futex(0x7fedb2fbd348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] fcntl(3, F_SETLEASE, F_RDLCK [pid 5061] <... futex resumed>) = 0 [pid 5062] <... fcntl resumed>) = 0 [pid 5061] futex(0x7fedb2fbd34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] futex(0x7fedb2fbd34c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5061] futex(0x7fedb2fbd348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] futex(0x7fedb2fbd348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5061] futex(0x7fedb2fbd34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] open("./file0", O_WRONLY|O_APPEND|O_NONBLOCK|O_DIRECT) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] futex(0x7fedb2fbd34c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5061] futex(0x7fedb2fbd348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY [pid 5061] <... futex resumed>) = 0 [pid 5062] <... openat resumed>) = 4 [pid 5061] futex(0x7fedb2fbd34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] futex(0x7fedb2fbd34c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7fedb2fbd348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5061] futex(0x7fedb2fbd348, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5061] futex(0x7fedb2fbd34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] ioctl(4, FIOASYNC, [1]) = 0 [pid 5062] futex(0x7fedb2fbd34c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5061] futex(0x7fedb2fbd348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] openat(AT_FDCWD, "/dev/input/event0", O_RDWR|O_NOFOLLOW [pid 5061] <... futex resumed>) = 0 [pid 5062] <... openat resumed>) = 5 [pid 5061] futex(0x7fedb2fbd34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] futex(0x7fedb2fbd34c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7fedb2fbd348, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 1 [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7fedb2fbd34c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 71.044713][ T5062] [ 71.047078][ T5062] ===================================================== [ 71.054017][ T5062] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 71.061466][ T5062] 6.6.0-syzkaller-15029-gbe3ca57cfb77 #0 Not tainted [ 71.068129][ T5062] ----------------------------------------------------- [ 71.075047][ T5062] syz-executor166/5062 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 71.083104][ T5062] ffff8880269d6018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x19a/0x4d0 [ 71.091842][ T5062] [ 71.091842][ T5062] and this task is already holding: [ 71.099208][ T5062] ffff88807ecdc028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xee/0xad0 [ 71.108984][ T5062] which would create a new lock dependency: [ 71.114875][ T5062] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 71.122981][ T5062] [ 71.122981][ T5062] but this new dependency connects a HARDIRQ-irq-safe lock: [ 71.132424][ T5062] (&dev->event_lock#2){-...}-{2:2} [ 71.132457][ T5062] [ 71.132457][ T5062] ... which became HARDIRQ-irq-safe at: [ 71.145377][ T5062] lock_acquire+0x1e3/0x520 [ 71.149976][ T5062] _raw_spin_lock_irqsave+0xd5/0x120 [ 71.155370][ T5062] input_event+0x91/0xd0 [ 71.159721][ T5062] psmouse_report_standard_packet+0x54/0x200 [ 71.165819][ T5062] psmouse_process_byte+0x48c/0x670 [ 71.171125][ T5062] psmouse_handle_byte+0x46/0x4b0 [ 71.176268][ T5062] ps2_interrupt+0x174/0x8d0 [ 71.180957][ T5062] serio_interrupt+0x8c/0x130 [ 71.185727][ T5062] i8042_interrupt+0x372/0x770 [ 71.190582][ T5062] __handle_irq_event_percpu+0x286/0xa20 [ 71.196340][ T5062] handle_irq_event+0x89/0x1f0 [ 71.201217][ T5062] handle_edge_irq+0x249/0xbf0 [ 71.206100][ T5062] __common_interrupt+0x134/0x220 [ 71.211225][ T5062] common_interrupt+0xa3/0xc0 [ 71.216010][ T5062] asm_common_interrupt+0x26/0x40 [ 71.221151][ T5062] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 71.226978][ T5062] i8042_aux_write+0x116/0x190 [ 71.231848][ T5062] ps2_do_sendbyte+0x20e/0x720 [ 71.236706][ T5062] ps2_sendbyte+0x60/0x120 [ 71.241218][ T5062] cypress_send_ext_cmd+0x221/0x910 [ 71.246516][ T5062] cypress_detect+0x93/0x220 [ 71.251197][ T5062] psmouse_extensions+0xc2e/0x1560 [ 71.256406][ T5062] psmouse_switch_protocol+0x305/0x7c0 [ 71.261971][ T5062] psmouse_connect+0x8b5/0x1440 [ 71.266915][ T5062] serio_driver_probe+0x78/0x90 [ 71.271873][ T5062] really_probe+0x294/0xc30 [ 71.276487][ T5062] __driver_probe_device+0x1a2/0x3d0 [ 71.281871][ T5062] driver_probe_device+0x50/0x420 [ 71.286986][ T5062] __driver_attach+0x45c/0x710 [ 71.291839][ T5062] bus_for_each_dev+0x236/0x2b0 [ 71.296790][ T5062] serio_handle_event+0x1c7/0x910 [ 71.301906][ T5062] process_scheduled_works+0x90f/0x1400 [ 71.307562][ T5062] worker_thread+0xa5f/0xff0 [ 71.312268][ T5062] kthread+0x2d3/0x370 [ 71.316437][ T5062] ret_from_fork+0x48/0x80 [ 71.320967][ T5062] ret_from_fork_asm+0x11/0x20 [ 71.325870][ T5062] [ 71.325870][ T5062] to a HARDIRQ-irq-unsafe lock: [ 71.332908][ T5062] (tasklist_lock){.+.+}-{2:2} [ 71.332939][ T5062] [ 71.332939][ T5062] ... which became HARDIRQ-irq-unsafe at: [ 71.345573][ T5062] ... [ 71.345581][ T5062] lock_acquire+0x1e3/0x520 [ 71.352759][ T5062] _raw_read_lock+0x36/0x50 [ 71.357358][ T5062] __do_wait+0x12d/0x840 [ 71.361700][ T5062] do_wait+0x1d8/0x530 [ 71.365865][ T5062] kernel_wait+0xe9/0x240 [ 71.370288][ T5062] call_usermodehelper_exec_work+0xb9/0x220 [ 71.376284][ T5062] process_scheduled_works+0x90f/0x1400 [ 71.381927][ T5062] worker_thread+0xa5f/0xff0 [ 71.386605][ T5062] kthread+0x2d3/0x370 [ 71.390780][ T5062] ret_from_fork+0x48/0x80 [ 71.395304][ T5062] ret_from_fork_asm+0x11/0x20 [ 71.400176][ T5062] [ 71.400176][ T5062] other info that might help us debug this: [ 71.400176][ T5062] [ 71.410444][ T5062] Chain exists of: [ 71.410444][ T5062] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 71.410444][ T5062] [ 71.424022][ T5062] Possible interrupt unsafe locking scenario: [ 71.424022][ T5062] [ 71.432335][ T5062] CPU0 CPU1 [ 71.437698][ T5062] ---- ---- [ 71.443059][ T5062] lock(tasklist_lock); [ 71.447304][ T5062] local_irq_disable(); [ 71.454058][ T5062] lock(&dev->event_lock#2); [ 71.461266][ T5062] lock(&client->buffer_lock); [ 71.468638][ T5062] [ 71.472088][ T5062] lock(&dev->event_lock#2); [ 71.476970][ T5062] [ 71.476970][ T5062] *** DEADLOCK *** [ 71.476970][ T5062] [ 71.485108][ T5062] 7 locks held by syz-executor166/5062: [ 71.490650][ T5062] #0: ffff888020cf9110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x271/0x7c0 [ 71.499805][ T5062] #1: ffff888016fc4230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xc5/0x340 [ 71.509920][ T5062] #2: ffffffff8d92d0a0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xd5/0x340 [ 71.519592][ T5062] #3: ffffffff8d92d0a0 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0xa3/0x12a0 [ 71.529265][ T5062] #4: ffffffff8d92d0a0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x6f/0x300 [ 71.538418][ T5062] #5: ffff88807ecdc028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xee/0xad0 [ 71.548607][ T5062] #6: ffffffff8d92d0a0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x55/0x4d0 [ 71.557670][ T5062] [ 71.557670][ T5062] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 71.568073][ T5062] -> (&dev->event_lock#2){-...}-{2:2} { [ 71.573733][ T5062] IN-HARDIRQ-W at: [ 71.577899][ T5062] lock_acquire+0x1e3/0x520 [ 71.584231][ T5062] _raw_spin_lock_irqsave+0xd5/0x120 [ 71.591348][ T5062] input_event+0x91/0xd0 [ 71.597427][ T5062] psmouse_report_standard_packet+0x54/0x200 [ 71.605241][ T5062] psmouse_process_byte+0x48c/0x670 [ 71.612293][ T5062] psmouse_handle_byte+0x46/0x4b0 [ 71.619150][ T5062] ps2_interrupt+0x174/0x8d0 [ 71.625572][ T5062] serio_interrupt+0x8c/0x130 [ 71.632077][ T5062] i8042_interrupt+0x372/0x770 [ 71.638669][ T5062] __handle_irq_event_percpu+0x286/0xa20 [ 71.646129][ T5062] handle_irq_event+0x89/0x1f0 [ 71.652717][ T5062] handle_edge_irq+0x249/0xbf0 [ 71.659311][ T5062] __common_interrupt+0x134/0x220 [ 71.666164][ T5062] common_interrupt+0xa3/0xc0 [ 71.672671][ T5062] asm_common_interrupt+0x26/0x40 [ 71.679538][ T5062] _raw_spin_unlock_irqrestore+0xd8/0x140 [ 71.687105][ T5062] i8042_aux_write+0x116/0x190 [ 71.693713][ T5062] ps2_do_sendbyte+0x20e/0x720 [ 71.700336][ T5062] ps2_sendbyte+0x60/0x120 [ 71.706590][ T5062] cypress_send_ext_cmd+0x221/0x910 [ 71.713623][ T5062] cypress_detect+0x93/0x220 [ 71.720041][ T5062] psmouse_extensions+0xc2e/0x1560 [ 71.726985][ T5062] psmouse_switch_protocol+0x305/0x7c0 [ 71.734276][ T5062] psmouse_connect+0x8b5/0x1440 [ 71.740960][ T5062] serio_driver_probe+0x78/0x90 [ 71.747637][ T5062] really_probe+0x294/0xc30 [ 71.753963][ T5062] __driver_probe_device+0x1a2/0x3d0 [ 71.761072][ T5062] driver_probe_device+0x50/0x420 [ 71.767921][ T5062] __driver_attach+0x45c/0x710 [ 71.774508][ T5062] bus_for_each_dev+0x236/0x2b0 [ 71.781192][ T5062] serio_handle_event+0x1c7/0x910 [ 71.788046][ T5062] process_scheduled_works+0x90f/0x1400 [ 71.795421][ T5062] worker_thread+0xa5f/0xff0 [ 71.801844][ T5062] kthread+0x2d3/0x370 [ 71.807740][ T5062] ret_from_fork+0x48/0x80 [ 71.813985][ T5062] ret_from_fork_asm+0x11/0x20 [ 71.820580][ T5062] INITIAL USE at: [ 71.824566][ T5062] lock_acquire+0x1e3/0x520 [ 71.830810][ T5062] _raw_spin_lock_irqsave+0xd5/0x120 [ 71.837848][ T5062] input_inject_event+0xc5/0x340 [ 71.844529][ T5062] led_trigger_event+0x118/0x1e0 [ 71.851204][ T5062] kbd_led_trigger_activate+0xbd/0x100 [ 71.858400][ T5062] led_trigger_set+0x53a/0x940 [ 71.864900][ T5062] led_trigger_set_default+0x1c6/0x200 [ 71.872098][ T5062] led_classdev_register_ext+0x6df/0x8e0 [ 71.879472][ T5062] input_leds_connect+0x493/0x640 [ 71.886239][ T5062] input_register_device+0xcf0/0x1090 [ 71.893358][ T5062] atkbd_connect+0x752/0xa00 [ 71.899690][ T5062] serio_driver_probe+0x78/0x90 [ 71.906283][ T5062] really_probe+0x294/0xc30 [ 71.912524][ T5062] __driver_probe_device+0x1a2/0x3d0 [ 71.919545][ T5062] driver_probe_device+0x50/0x420 [ 71.926309][ T5062] __driver_attach+0x45c/0x710 [ 71.932809][ T5062] bus_for_each_dev+0x236/0x2b0 [ 71.939420][ T5062] serio_handle_event+0x1c7/0x910 [ 71.946184][ T5062] process_scheduled_works+0x90f/0x1400 [ 71.953476][ T5062] worker_thread+0xa5f/0xff0 [ 71.959808][ T5062] kthread+0x2d3/0x370 [ 71.965617][ T5062] ret_from_fork+0x48/0x80 [ 71.971778][ T5062] ret_from_fork_asm+0x11/0x20 [ 71.978292][ T5062] } [ 71.980874][ T5062] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 71.989997][ T5062] -> (&client->buffer_lock){....}-{2:2} { [ 71.995745][ T5062] INITIAL USE at: [ 71.999638][ T5062] lock_acquire+0x1e3/0x520 [ 72.005709][ T5062] _raw_spin_lock+0x2e/0x40 [ 72.011782][ T5062] evdev_pass_values+0xee/0xad0 [ 72.018207][ T5062] evdev_events+0x1c2/0x300 [ 72.024275][ T5062] input_pass_values+0x8e0/0x12a0 [ 72.030872][ T5062] input_event_dispose+0x366/0x650 [ 72.037557][ T5062] input_handle_event+0xa6d/0xbe0 [ 72.044151][ T5062] input_inject_event+0x228/0x340 [ 72.050746][ T5062] evdev_write+0x66c/0x7c0 [ 72.056737][ T5062] vfs_write+0x290/0xb20 [ 72.062631][ T5062] ksys_write+0x1a0/0x2c0 [ 72.068531][ T5062] do_syscall_64+0x44/0x110 [ 72.074600][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.082064][ T5062] } [ 72.084559][ T5062] ... key at: [] evdev_open.__key.24+0x0/0x20 [ 72.092726][ T5062] ... acquired at: [ 72.096524][ T5062] _raw_spin_lock+0x2e/0x40 [ 72.101205][ T5062] evdev_pass_values+0xee/0xad0 [ 72.106237][ T5062] evdev_events+0x1c2/0x300 [ 72.110916][ T5062] input_pass_values+0x8e0/0x12a0 [ 72.116123][ T5062] input_event_dispose+0x366/0x650 [ 72.121417][ T5062] input_handle_event+0xa6d/0xbe0 [ 72.126622][ T5062] input_inject_event+0x228/0x340 [ 72.131833][ T5062] evdev_write+0x66c/0x7c0 [ 72.136450][ T5062] vfs_write+0x290/0xb20 [ 72.140871][ T5062] ksys_write+0x1a0/0x2c0 [ 72.145379][ T5062] do_syscall_64+0x44/0x110 [ 72.150054][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.156473][ T5062] [ 72.158814][ T5062] [ 72.158814][ T5062] the dependencies between the lock to be acquired [ 72.158823][ T5062] and HARDIRQ-irq-unsafe lock: [ 72.172376][ T5062] -> (tasklist_lock){.+.+}-{2:2} { [ 72.177704][ T5062] HARDIRQ-ON-R at: [ 72.181865][ T5062] lock_acquire+0x1e3/0x520 [ 72.188378][ T5062] _raw_read_lock+0x36/0x50 [ 72.194888][ T5062] __do_wait+0x12d/0x840 [ 72.201139][ T5062] do_wait+0x1d8/0x530 [ 72.207225][ T5062] kernel_wait+0xe9/0x240 [ 72.213577][ T5062] call_usermodehelper_exec_work+0xb9/0x220 [ 72.221505][ T5062] process_scheduled_works+0x90f/0x1400 [ 72.229070][ T5062] worker_thread+0xa5f/0xff0 [ 72.235670][ T5062] kthread+0x2d3/0x370 [ 72.241746][ T5062] ret_from_fork+0x48/0x80 [ 72.248373][ T5062] ret_from_fork_asm+0x11/0x20 [ 72.255173][ T5062] SOFTIRQ-ON-R at: [ 72.259343][ T5062] lock_acquire+0x1e3/0x520 [ 72.265854][ T5062] _raw_read_lock+0x36/0x50 [ 72.272365][ T5062] __do_wait+0x12d/0x840 [ 72.278612][ T5062] do_wait+0x1d8/0x530 [ 72.284691][ T5062] kernel_wait+0xe9/0x240 [ 72.291026][ T5062] call_usermodehelper_exec_work+0xb9/0x220 [ 72.298932][ T5062] process_scheduled_works+0x90f/0x1400 [ 72.306496][ T5062] worker_thread+0xa5f/0xff0 [ 72.313107][ T5062] kthread+0x2d3/0x370 [ 72.319205][ T5062] ret_from_fork+0x48/0x80 [ 72.325629][ T5062] ret_from_fork_asm+0x11/0x20 [ 72.332500][ T5062] INITIAL USE at: [ 72.336570][ T5062] lock_acquire+0x1e3/0x520 [ 72.342989][ T5062] _raw_write_lock_irq+0xd3/0x120 [ 72.350125][ T5062] copy_process+0x282b/0x3fb0 [ 72.356730][ T5062] kernel_clone+0x222/0x840 [ 72.363155][ T5062] user_mode_thread+0x132/0x190 [ 72.369942][ T5062] rest_init+0x27/0x300 [ 72.376055][ T5062] arch_call_rest_init+0xe/0x10 [ 72.382838][ T5062] start_kernel+0x46e/0x4f0 [ 72.389265][ T5062] x86_64_start_reservations+0x2a/0x30 [ 72.396655][ T5062] x86_64_start_kernel+0x99/0xa0 [ 72.403512][ T5062] secondary_startup_64_no_verify+0x167/0x16b [ 72.411499][ T5062] INITIAL READ USE at: [ 72.416018][ T5062] lock_acquire+0x1e3/0x520 [ 72.422871][ T5062] _raw_read_lock+0x36/0x50 [ 72.429724][ T5062] __do_wait+0x12d/0x840 [ 72.436327][ T5062] do_wait+0x1d8/0x530 [ 72.442750][ T5062] kernel_wait+0xe9/0x240 [ 72.449432][ T5062] call_usermodehelper_exec_work+0xb9/0x220 [ 72.457684][ T5062] process_scheduled_works+0x90f/0x1400 [ 72.465577][ T5062] worker_thread+0xa5f/0xff0 [ 72.472516][ T5062] kthread+0x2d3/0x370 [ 72.478933][ T5062] ret_from_fork+0x48/0x80 [ 72.485701][ T5062] ret_from_fork_asm+0x11/0x20 [ 72.492819][ T5062] } [ 72.495490][ T5062] ... key at: [] tasklist_lock+0x18/0x40 [ 72.503388][ T5062] ... acquired at: [ 72.507360][ T5062] _raw_read_lock+0x36/0x50 [ 72.512042][ T5062] send_sigio+0xfc/0x360 [ 72.516459][ T5062] kill_fasync+0x236/0x4d0 [ 72.521050][ T5062] lease_break_callback+0x26/0x30 [ 72.526251][ T5062] __break_lease+0x4d5/0x13d0 [ 72.531106][ T5062] do_dentry_open+0x86b/0x1590 [ 72.536052][ T5062] path_openat+0x2845/0x3280 [ 72.540827][ T5062] do_filp_open+0x234/0x490 [ 72.545515][ T5062] do_sys_openat2+0x13e/0x1d0 [ 72.550365][ T5062] __x64_sys_open+0x225/0x270 [ 72.555215][ T5062] do_syscall_64+0x44/0x110 [ 72.559896][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.565972][ T5062] [ 72.568296][ T5062] -> (&f->f_owner.lock){....}-{2:2} { [ 72.573784][ T5062] INITIAL USE at: [ 72.577768][ T5062] lock_acquire+0x1e3/0x520 [ 72.584016][ T5062] _raw_write_lock_irq+0xd3/0x120 [ 72.590785][ T5062] f_modown+0x38/0x340 [ 72.596593][ T5062] do_fcntl+0x12ba/0x1680 [ 72.602662][ T5062] __se_sys_fcntl+0xd2/0x1b0 [ 72.608993][ T5062] do_syscall_64+0x44/0x110 [ 72.615242][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.622881][ T5062] INITIAL READ USE at: [ 72.627302][ T5062] lock_acquire+0x1e3/0x520 [ 72.633979][ T5062] _raw_read_lock_irqsave+0xdd/0x120 [ 72.641441][ T5062] send_sigio+0x33/0x360 [ 72.647855][ T5062] kill_fasync+0x236/0x4d0 [ 72.654441][ T5062] lease_break_callback+0x26/0x30 [ 72.661643][ T5062] __break_lease+0x4d5/0x13d0 [ 72.668497][ T5062] do_dentry_open+0x86b/0x1590 [ 72.675434][ T5062] path_openat+0x2845/0x3280 [ 72.682207][ T5062] do_filp_open+0x234/0x490 [ 72.688892][ T5062] do_sys_openat2+0x13e/0x1d0 [ 72.695750][ T5062] __x64_sys_open+0x225/0x270 [ 72.702612][ T5062] do_syscall_64+0x44/0x110 [ 72.709293][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.717364][ T5062] } [ 72.719951][ T5062] ... key at: [] init_file.__key+0x0/0x20 [ 72.727851][ T5062] ... acquired at: [ 72.731738][ T5062] _raw_read_lock_irqsave+0xdd/0x120 [ 72.737205][ T5062] send_sigio+0x33/0x360 [ 72.741621][ T5062] kill_fasync+0x236/0x4d0 [ 72.746220][ T5062] lease_break_callback+0x26/0x30 [ 72.751421][ T5062] __break_lease+0x4d5/0x13d0 [ 72.756280][ T5062] do_dentry_open+0x86b/0x1590 [ 72.761219][ T5062] path_openat+0x2845/0x3280 [ 72.765992][ T5062] do_filp_open+0x234/0x490 [ 72.770677][ T5062] do_sys_openat2+0x13e/0x1d0 [ 72.775527][ T5062] __x64_sys_open+0x225/0x270 [ 72.780379][ T5062] do_syscall_64+0x44/0x110 [ 72.785057][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.791129][ T5062] [ 72.793450][ T5062] -> (&new->fa_lock){....}-{2:2} { [ 72.798583][ T5062] INITIAL READ USE at: [ 72.802914][ T5062] lock_acquire+0x1e3/0x520 [ 72.809420][ T5062] _raw_read_lock_irqsave+0xdd/0x120 [ 72.816710][ T5062] kill_fasync+0x19a/0x4d0 [ 72.823127][ T5062] lease_break_callback+0x26/0x30 [ 72.830155][ T5062] __break_lease+0x4d5/0x13d0 [ 72.836835][ T5062] do_dentry_open+0x86b/0x1590 [ 72.843602][ T5062] path_openat+0x2845/0x3280 [ 72.850203][ T5062] do_filp_open+0x234/0x490 [ 72.856714][ T5062] do_sys_openat2+0x13e/0x1d0 [ 72.863393][ T5062] __x64_sys_open+0x225/0x270 [ 72.870068][ T5062] do_syscall_64+0x44/0x110 [ 72.876573][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.884467][ T5062] } [ 72.886965][ T5062] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 72.895648][ T5062] ... acquired at: [ 72.899449][ T5062] _raw_read_lock_irqsave+0xdd/0x120 [ 72.904913][ T5062] kill_fasync+0x19a/0x4d0 [ 72.909505][ T5062] evdev_pass_values+0x586/0xad0 [ 72.914620][ T5062] evdev_events+0x1c2/0x300 [ 72.919301][ T5062] input_pass_values+0x8e0/0x12a0 [ 72.924508][ T5062] input_event_dispose+0x366/0x650 [ 72.929798][ T5062] input_handle_event+0xa6d/0xbe0 [ 72.935005][ T5062] input_inject_event+0x228/0x340 [ 72.940209][ T5062] evdev_write+0x66c/0x7c0 [ 72.944809][ T5062] vfs_write+0x290/0xb20 [ 72.949227][ T5062] ksys_write+0x1a0/0x2c0 [ 72.953736][ T5062] do_syscall_64+0x44/0x110 [ 72.958419][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.964490][ T5062] [ 72.966811][ T5062] [ 72.966811][ T5062] stack backtrace: [ 72.972697][ T5062] CPU: 0 PID: 5062 Comm: syz-executor166 Not tainted 6.6.0-syzkaller-15029-gbe3ca57cfb77 #0 [ 72.982760][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 72.992816][ T5062] Call Trace: [ 72.996098][ T5062] [ 72.999031][ T5062] dump_stack_lvl+0x1e7/0x2d0 [ 73.003713][ T5062] ? nf_tcp_handle_invalid+0x650/0x650 [ 73.009178][ T5062] ? panic+0x850/0x850 [ 73.013261][ T5062] ? print_shortest_lock_dependencies+0xf2/0x150 [ 73.019596][ T5062] __lock_acquire+0x73f1/0x7f70 [ 73.024468][ T5062] ? verify_lock_unused+0x140/0x140 [ 73.029683][ T5062] ? do_raw_spin_unlock+0x13b/0x8b0 [ 73.034911][ T5062] lock_acquire+0x1e3/0x520 [ 73.039448][ T5062] ? kill_fasync+0x19a/0x4d0 [ 73.044064][ T5062] ? read_lock_is_recursive+0x20/0x20 [ 73.049455][ T5062] ? read_lock_is_recursive+0x20/0x20 [ 73.054842][ T5062] _raw_read_lock_irqsave+0xdd/0x120 [ 73.060173][ T5062] ? kill_fasync+0x19a/0x4d0 [ 73.064796][ T5062] ? _raw_read_lock+0x50/0x50 [ 73.069486][ T5062] kill_fasync+0x19a/0x4d0 [ 73.073908][ T5062] ? kill_fasync+0x55/0x4d0 [ 73.078417][ T5062] evdev_pass_values+0x586/0xad0 [ 73.083363][ T5062] ? evdev_pass_values+0x5a1/0xad0 [ 73.088482][ T5062] evdev_events+0x1c2/0x300 [ 73.092991][ T5062] ? evdev_events+0x6f/0x300 [ 73.097585][ T5062] ? evdev_event+0x170/0x170 [ 73.102179][ T5062] ? kd_nosound+0x30/0x30 [ 73.106514][ T5062] input_pass_values+0x8e0/0x12a0 [ 73.111552][ T5062] ? input_pass_values+0xa3/0x12a0 [ 73.116701][ T5062] input_event_dispose+0x366/0x650 [ 73.121828][ T5062] input_handle_event+0xa6d/0xbe0 [ 73.126865][ T5062] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 73.132334][ T5062] ? userio_device_write+0x1f0/0x1f0 [ 73.137635][ T5062] input_inject_event+0x228/0x340 [ 73.142669][ T5062] ? input_inject_event+0xd5/0x340 [ 73.147792][ T5062] evdev_write+0x66c/0x7c0 [ 73.152221][ T5062] ? evdev_read+0xe00/0xe00 [ 73.156732][ T5062] ? fsnotify_perm+0x67/0x5a0 [ 73.161416][ T5062] ? bpf_lsm_file_permission+0x9/0x10 [ 73.166799][ T5062] ? evdev_read+0xe00/0xe00 [ 73.171310][ T5062] vfs_write+0x290/0xb20 [ 73.175562][ T5062] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 73.181565][ T5062] ? file_end_write+0x250/0x250 [ 73.186434][ T5062] ? __fget_files+0x29/0x480 [ 73.191050][ T5062] ? __fget_files+0x3fe/0x480 [ 73.195742][ T5062] ? __fget_files+0x29/0x480 [ 73.200350][ T5062] ? __fdget_pos+0x1df/0x340 [ 73.205038][ T5062] ? ksys_write+0x7b/0x2c0 [ 73.209463][ T5062] ksys_write+0x1a0/0x2c0 [ 73.213802][ T5062] ? __ia32_sys_read+0x90/0x90 [ 73.218576][ T5062] ? syscall_enter_from_user_mode+0x32/0x230 [ 73.224570][ T5062] ? syscall_enter_from_user_mode+0x8c/0x230 [ 73.230561][ T5062] do_syscall_64+0x44/0x110 [ 73.235075][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 73.240977][ T5062] RIP: 0033:0x7fedb2f36bb9 [ 73.245411][ T5062] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 73.265030][ T5062] RSP: 002b:00007fedb2ef6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 73.273454][ T5062] RAX: ffffffffffffffda RBX: 00007fedb2fbd348 RCX: 00007fedb2f36bb9 [ 73.281432][ T5062] RDX: 0000000000000079 RSI: 000000002004d000 RDI: 0000000000000005 [ 73.289403][ T5062] RBP: 00007fedb2fbd340 R08: 00007fedb2ef66c0 R09: 00007fedb2ef66c0 [ 73.297378][ T5062] R10: 00007fedb2ef66c0 R11: 0000000000000246 R12: 00007fedb2fbd34c [pid 5062] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x10\x27\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 121 [pid 5061] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5062] <... write resumed>) = 120 [pid 5061] exit_group(0 [pid 5062] futex(0x7fedb2fbd34c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7fedb2fbd348, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... exit_group resumed>) = ? [pid 5062] <... futex resumed>) = ? [pid 5062] +++ exited with 0 +++ +++ exited with 0 +++ [