./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor400793549 <...> Warning: Permanently added '10.128.0.52' (ED25519) to the list of known hosts. execve("./syz-executor400793549", ["./syz-executor400793549"], 0x7fff2095bbd0 /* 10 vars */) = 0 brk(NULL) = 0x555556154000 brk(0x555556154d00) = 0x555556154d00 arch_prctl(ARCH_SET_FS, 0x555556154380) = 0 set_tid_address(0x555556154650) = 5016 set_robust_list(0x555556154660, 24) = 0 rseq(0x555556154ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor400793549", 4096) = 27 getrandom("\x96\xcc\x42\xbd\x41\x23\xb6\xc0", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556154d00 brk(0x555556175d00) = 0x555556175d00 brk(0x555556176000) = 0x555556176000 mprotect(0x7fd9826b5000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 inotify_init1(0) = 3 inotify_add_watch(3, ".", IN_OPEN|IN_MOVED_TO|IN_CREATE|IN_DELETE|IN_MOVE_SELF|IN_ONLYDIR|IN_EXCL_UNLINK|IN_MASK_ADD|IN_ISDIR|IN_ONESHOT) = 1 [ 84.431499][ T26] audit: type=1400 audit(1691254320.275:83): avc: denied { write } for pid=5013 comm="strace-static-x" path="pipe:[30231]" dev="pipefs" ino=30231 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 ioctl(3, FIOASYNC, [1]) = 0 fcntl(3, F_SETOWN, -1) = 0 openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000) = 5 ioctl(-1, HIDIOCGUSAGES, 0x20000080) = -1 EBADF (Bad file descriptor) openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 6 ioctl(6, FIOASYNC, [3]) = 0 [ 84.466047][ T26] audit: type=1400 audit(1691254320.305:84): avc: denied { execmem } for pid=5016 comm="syz-executor400" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 84.475727][ T5016] [ 84.486265][ T26] audit: type=1400 audit(1691254320.305:85): avc: denied { write } for pid=5016 comm="syz-executor400" name="event0" dev="devtmpfs" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 84.487984][ T5016] ===================================================== [ 84.487994][ T5016] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 84.512021][ T26] audit: type=1400 audit(1691254320.305:86): avc: denied { open } for pid=5016 comm="syz-executor400" path="/dev/input/event0" dev="devtmpfs" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 84.518322][ T5016] 6.5.0-rc4-syzkaller-00227-g024ff300db33 #0 Not tainted [ 84.518340][ T5016] ----------------------------------------------------- [ 84.518348][ T5016] syz-executor400/5016 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 84.525983][ T26] audit: type=1400 audit(1691254320.305:87): avc: denied { read } for pid=5016 comm="syz-executor400" name="event0" dev="devtmpfs" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 84.550157][ T5016] ffff88802c5b1948 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13a/0x4f0 [ 84.604401][ T5016] [ 84.604401][ T5016] and this task is already holding: [ 84.611769][ T5016] ffff88801a278028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 84.621657][ T5016] which would create a new lock dependency: [ 84.627548][ T5016] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 84.635678][ T5016] [ 84.635678][ T5016] but this new dependency connects a HARDIRQ-irq-safe lock: [ 84.645130][ T5016] (&dev->event_lock#2){-...}-{2:2} [ 84.645171][ T5016] [ 84.645171][ T5016] ... which became HARDIRQ-irq-safe at: [ 84.658072][ T5016] lock_acquire+0x1ae/0x510 [ 84.662708][ T5016] _raw_spin_lock_irqsave+0x3a/0x50 [ 84.668018][ T5016] input_event+0x70/0xa0 [ 84.672375][ T5016] psmouse_report_standard_buttons+0x30/0x80 [ 84.678481][ T5016] psmouse_process_byte+0x39c/0x8a0 [ 84.683794][ T5016] psmouse_handle_byte+0x41/0x560 [ 84.688955][ T5016] psmouse_receive_byte+0x243/0xe10 [ 84.694274][ T5016] ps2_interrupt+0x1fe/0x5a0 [ 84.698978][ T5016] serio_interrupt+0x8d/0x150 [ 84.703764][ T5016] i8042_interrupt+0x3f2/0x8a0 [ 84.708639][ T5016] __handle_irq_event_percpu+0x22a/0x740 [ 84.714396][ T5016] handle_irq_event+0xab/0x1e0 [ 84.719277][ T5016] handle_edge_irq+0x261/0xcf0 [ 84.724150][ T5016] __common_interrupt+0x9f/0x220 [ 84.729192][ T5016] common_interrupt+0xa9/0xd0 [ 84.733976][ T5016] asm_common_interrupt+0x26/0x40 [ 84.739104][ T5016] _raw_spin_unlock_irqrestore+0x31/0x70 [ 84.744856][ T5016] i8042_aux_write+0x11a/0x180 [ 84.749730][ T5016] ps2_do_sendbyte+0x264/0x6e0 [ 84.754609][ T5016] ps2_sendbyte+0x59/0x140 [ 84.759146][ T5016] cypress_ps2_sendbyte+0x2e/0x160 [ 84.764370][ T5016] cypress_send_ext_cmd+0x1e3/0x8c0 [ 84.769677][ T5016] cypress_detect+0x8c/0x1a0 [ 84.774376][ T5016] psmouse_try_protocol+0x214/0x370 [ 84.779693][ T5016] psmouse_extensions+0x616/0x960 [ 84.784835][ T5016] psmouse_switch_protocol+0x528/0x740 [ 84.790410][ T5016] psmouse_connect+0x5cc/0xf70 [ 84.795285][ T5016] serio_driver_probe+0x71/0xa0 [ 84.800246][ T5016] really_probe+0x234/0xc90 [ 84.804866][ T5016] __driver_probe_device+0x1de/0x4b0 [ 84.810270][ T5016] driver_probe_device+0x4c/0x1a0 [ 84.815412][ T5016] __driver_attach+0x274/0x570 [ 84.820292][ T5016] bus_for_each_dev+0x13c/0x1d0 [ 84.825254][ T5016] serio_handle_event+0x2b8/0xa90 [ 84.830390][ T5016] process_one_work+0xaa2/0x16f0 [ 84.835437][ T5016] worker_thread+0x687/0x1110 [ 84.840220][ T5016] kthread+0x33a/0x430 [ 84.844400][ T5016] ret_from_fork+0x2c/0x70 [ 84.848935][ T5016] ret_from_fork_asm+0x11/0x20 [ 84.853835][ T5016] [ 84.853835][ T5016] to a HARDIRQ-irq-unsafe lock: [ 84.860903][ T5016] (tasklist_lock){.+.+}-{2:2} [ 84.860944][ T5016] [ 84.860944][ T5016] ... which became HARDIRQ-irq-unsafe at: [ 84.873606][ T5016] ... [ 84.873616][ T5016] lock_acquire+0x1ae/0x510 [ 84.880841][ T5016] _raw_read_lock+0x5f/0x70 [ 84.885546][ T5016] do_wait+0x2a9/0xc70 [ 84.889744][ T5016] kernel_wait+0xa0/0x150 [ 84.894198][ T5016] call_usermodehelper_exec_work+0xf1/0x170 [ 84.900246][ T5016] process_one_work+0xaa2/0x16f0 [ 84.905297][ T5016] worker_thread+0x687/0x1110 [ 84.910082][ T5016] kthread+0x33a/0x430 [ 84.914254][ T5016] ret_from_fork+0x2c/0x70 [ 84.918786][ T5016] ret_from_fork_asm+0x11/0x20 [ 84.923670][ T5016] [ 84.923670][ T5016] other info that might help us debug this: [ 84.923670][ T5016] [ 84.933910][ T5016] Chain exists of: [ 84.933910][ T5016] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 84.933910][ T5016] [ 84.947511][ T5016] Possible interrupt unsafe locking scenario: [ 84.947511][ T5016] [ 84.955842][ T5016] CPU0 CPU1 [ 84.961214][ T5016] ---- ---- [ 84.966589][ T5016] lock(tasklist_lock); [ 84.970847][ T5016] local_irq_disable(); [ 84.977609][ T5016] lock(&dev->event_lock#2); [ 84.984829][ T5016] lock(&client->buffer_lock); [ 84.992214][ T5016] [ 84.995673][ T5016] lock(&dev->event_lock#2); [ 85.000543][ T5016] [ 85.000543][ T5016] *** DEADLOCK *** [ 85.000543][ T5016] [ 85.008696][ T5016] 7 locks held by syz-executor400/5016: [ 85.014255][ T5016] #0: ffff88814433b110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x201/0x750 [ 85.023447][ T5016] #1: ffff888016fa6230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xa4/0x380 [ 85.033579][ T5016] #2: ffffffff8c9a3340 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x8b/0x380 [ 85.043268][ T5016] #3: ffffffff8c9a3340 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x7a0 [ 85.053395][ T5016] #4: ffffffff8c9a3340 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x390 [ 85.062576][ T5016] #5: ffff88801a278028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 85.072885][ T5016] #6: ffffffff8c9a3340 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x46/0x4f0 [ 85.082000][ T5016] [ 85.082000][ T5016] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 85.092415][ T5016] -> (&dev->event_lock#2){-...}-{2:2} { [ 85.098099][ T5016] IN-HARDIRQ-W at: [ 85.102176][ T5016] lock_acquire+0x1ae/0x510 [ 85.108533][ T5016] _raw_spin_lock_irqsave+0x3a/0x50 [ 85.115600][ T5016] input_event+0x70/0xa0 [ 85.121680][ T5016] psmouse_report_standard_buttons+0x30/0x80 [ 85.129518][ T5016] psmouse_process_byte+0x39c/0x8a0 [ 85.136586][ T5016] psmouse_handle_byte+0x41/0x560 [ 85.143468][ T5016] psmouse_receive_byte+0x243/0xe10 [ 85.150522][ T5016] ps2_interrupt+0x1fe/0x5a0 [ 85.156963][ T5016] serio_interrupt+0x8d/0x150 [ 85.163481][ T5016] i8042_interrupt+0x3f2/0x8a0 [ 85.170090][ T5016] __handle_irq_event_percpu+0x22a/0x740 [ 85.177589][ T5016] handle_irq_event+0xab/0x1e0 [ 85.184228][ T5016] handle_edge_irq+0x261/0xcf0 [ 85.190842][ T5016] __common_interrupt+0x9f/0x220 [ 85.197623][ T5016] common_interrupt+0xa9/0xd0 [ 85.204138][ T5016] asm_common_interrupt+0x26/0x40 [ 85.211006][ T5016] _raw_spin_unlock_irqrestore+0x31/0x70 [ 85.218497][ T5016] i8042_aux_write+0x11a/0x180 [ 85.225110][ T5016] ps2_do_sendbyte+0x264/0x6e0 [ 85.231722][ T5016] ps2_sendbyte+0x59/0x140 [ 85.238004][ T5016] cypress_ps2_sendbyte+0x2e/0x160 [ 85.244976][ T5016] cypress_send_ext_cmd+0x1e3/0x8c0 [ 85.252027][ T5016] cypress_detect+0x8c/0x1a0 [ 85.258464][ T5016] psmouse_try_protocol+0x214/0x370 [ 85.265519][ T5016] psmouse_extensions+0x616/0x960 [ 85.272408][ T5016] psmouse_switch_protocol+0x528/0x740 [ 85.279729][ T5016] psmouse_connect+0x5cc/0xf70 [ 85.286336][ T5016] serio_driver_probe+0x71/0xa0 [ 85.293057][ T5016] really_probe+0x234/0xc90 [ 85.299424][ T5016] __driver_probe_device+0x1de/0x4b0 [ 85.306587][ T5016] driver_probe_device+0x4c/0x1a0 [ 85.313480][ T5016] __driver_attach+0x274/0x570 [ 85.320111][ T5016] bus_for_each_dev+0x13c/0x1d0 [ 85.326824][ T5016] serio_handle_event+0x2b8/0xa90 [ 85.333703][ T5016] process_one_work+0xaa2/0x16f0 [ 85.340489][ T5016] worker_thread+0x687/0x1110 [ 85.347010][ T5016] kthread+0x33a/0x430 [ 85.352927][ T5016] ret_from_fork+0x2c/0x70 [ 85.359189][ T5016] ret_from_fork_asm+0x11/0x20 [ 85.365810][ T5016] INITIAL USE at: [ 85.369804][ T5016] lock_acquire+0x1ae/0x510 [ 85.376069][ T5016] _raw_spin_lock_irqsave+0x3a/0x50 [ 85.383032][ T5016] input_inject_event+0xa4/0x380 [ 85.389726][ T5016] led_set_brightness+0x208/0x290 [ 85.396515][ T5016] led_trigger_event+0xb4/0x240 [ 85.403130][ T5016] kbd_led_trigger_activate+0xc6/0x100 [ 85.410442][ T5016] led_trigger_set+0x580/0xc00 [ 85.416975][ T5016] led_trigger_set_default+0x1c9/0x220 [ 85.424208][ T5016] led_classdev_register_ext+0x63b/0x8c0 [ 85.431600][ T5016] input_leds_connect+0x54a/0x8d0 [ 85.438386][ T5016] input_attach_handler.isra.0+0x17c/0x250 [ 85.445949][ T5016] input_register_device+0xb1e/0x1130 [ 85.453100][ T5016] atkbd_connect+0x5e2/0xa20 [ 85.459455][ T5016] serio_driver_probe+0x71/0xa0 [ 85.466103][ T5016] really_probe+0x234/0xc90 [ 85.472377][ T5016] __driver_probe_device+0x1de/0x4b0 [ 85.479434][ T5016] driver_probe_device+0x4c/0x1a0 [ 85.486230][ T5016] __driver_attach+0x274/0x570 [ 85.492765][ T5016] bus_for_each_dev+0x13c/0x1d0 [ 85.499378][ T5016] serio_handle_event+0x2b8/0xa90 [ 85.506165][ T5016] process_one_work+0xaa2/0x16f0 [ 85.512859][ T5016] worker_thread+0x687/0x1110 [ 85.519297][ T5016] kthread+0x33a/0x430 [ 85.525120][ T5016] ret_from_fork+0x2c/0x70 [ 85.531294][ T5016] ret_from_fork_asm+0x11/0x20 [ 85.537825][ T5016] } [ 85.540420][ T5016] ... key at: [] __key.6+0x0/0x40 [ 85.547661][ T5016] -> (&client->buffer_lock){....}-{2:2} { [ 85.553418][ T5016] INITIAL USE at: [ 85.557315][ T5016] lock_acquire+0x1ae/0x510 [ 85.563394][ T5016] _raw_spin_lock+0x2e/0x40 [ 85.569488][ T5016] evdev_pass_values+0x10e/0x9b0 [ 85.576013][ T5016] evdev_events+0x1be/0x390 [ 85.582100][ T5016] input_to_handler+0x29e/0x4c0 [ 85.588535][ T5016] input_pass_values.part.0+0x536/0x7a0 [ 85.595657][ T5016] input_event_dispose+0x5ee/0x770 [ 85.602347][ T5016] input_handle_event+0x11c/0xd80 [ 85.608965][ T5016] input_inject_event+0x1c2/0x380 [ 85.615573][ T5016] evdev_write+0x456/0x750 [ 85.621575][ T5016] vfs_write+0x2a4/0xe40 [ 85.627393][ T5016] ksys_write+0x1f0/0x250 [ 85.633296][ T5016] do_syscall_64+0x38/0xb0 [ 85.639293][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.646768][ T5016] } [ 85.649275][ T5016] ... key at: [] __key.3+0x0/0x40 [ 85.656420][ T5016] ... acquired at: [ 85.660233][ T5016] _raw_spin_lock+0x2e/0x40 [ 85.664934][ T5016] evdev_pass_values+0x10e/0x9b0 [ 85.670067][ T5016] evdev_events+0x1be/0x390 [ 85.674759][ T5016] input_to_handler+0x29e/0x4c0 [ 85.679808][ T5016] input_pass_values.part.0+0x536/0x7a0 [ 85.685549][ T5016] input_event_dispose+0x5ee/0x770 [ 85.690851][ T5016] input_handle_event+0x11c/0xd80 [ 85.696068][ T5016] input_inject_event+0x1c2/0x380 [ 85.701279][ T5016] evdev_write+0x456/0x750 [ 85.705896][ T5016] vfs_write+0x2a4/0xe40 [ 85.710323][ T5016] ksys_write+0x1f0/0x250 [ 85.714834][ T5016] do_syscall_64+0x38/0xb0 [ 85.719446][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.725530][ T5016] [ 85.727859][ T5016] [ 85.727859][ T5016] the dependencies between the lock to be acquired [ 85.727869][ T5016] and HARDIRQ-irq-unsafe lock: [ 85.741389][ T5016] -> (tasklist_lock){.+.+}-{2:2} { [ 85.746707][ T5016] HARDIRQ-ON-R at: [ 85.750868][ T5016] lock_acquire+0x1ae/0x510 [ 85.757399][ T5016] _raw_read_lock+0x5f/0x70 [ 85.763930][ T5016] do_wait+0x2a9/0xc70 [ 85.770023][ T5016] kernel_wait+0xa0/0x150 [ 85.776374][ T5016] call_usermodehelper_exec_work+0xf1/0x170 [ 85.784296][ T5016] process_one_work+0xaa2/0x16f0 [ 85.791251][ T5016] worker_thread+0x687/0x1110 [ 85.797940][ T5016] kthread+0x33a/0x430 [ 85.804019][ T5016] ret_from_fork+0x2c/0x70 [ 85.810454][ T5016] ret_from_fork_asm+0x11/0x20 [ 85.817244][ T5016] SOFTIRQ-ON-R at: [ 85.821409][ T5016] lock_acquire+0x1ae/0x510 [ 85.827930][ T5016] _raw_read_lock+0x5f/0x70 [ 85.834466][ T5016] do_wait+0x2a9/0xc70 [ 85.840562][ T5016] kernel_wait+0xa0/0x150 [ 85.846914][ T5016] call_usermodehelper_exec_work+0xf1/0x170 [ 85.854834][ T5016] process_one_work+0xaa2/0x16f0 [ 85.861794][ T5016] worker_thread+0x687/0x1110 [ 85.868491][ T5016] kthread+0x33a/0x430 [ 85.874570][ T5016] ret_from_fork+0x2c/0x70 [ 85.881002][ T5016] ret_from_fork_asm+0x11/0x20 [ 85.887793][ T5016] INITIAL USE at: [ 85.891868][ T5016] lock_acquire+0x1ae/0x510 [ 85.898303][ T5016] _raw_write_lock_irq+0x36/0x50 [ 85.905185][ T5016] copy_process+0x4672/0x7400 [ 85.911790][ T5016] kernel_clone+0xfd/0x8f0 [ 85.918133][ T5016] user_mode_thread+0xb4/0xf0 [ 85.924742][ T5016] rest_init+0x27/0x2b0 [ 85.930841][ T5016] arch_call_rest_init+0x13/0x30 [ 85.937714][ T5016] start_kernel+0x39f/0x480 [ 85.944161][ T5016] x86_64_start_reservations+0x18/0x30 [ 85.951573][ T5016] x86_64_start_kernel+0xb2/0xc0 [ 85.958454][ T5016] secondary_startup_64_no_verify+0x167/0x16b [ 85.966472][ T5016] INITIAL READ USE at: [ 85.970990][ T5016] lock_acquire+0x1ae/0x510 [ 85.977864][ T5016] _raw_read_lock+0x5f/0x70 [ 85.984749][ T5016] do_wait+0x2a9/0xc70 [ 85.991198][ T5016] kernel_wait+0xa0/0x150 [ 85.997912][ T5016] call_usermodehelper_exec_work+0xf1/0x170 [ 86.006180][ T5016] process_one_work+0xaa2/0x16f0 [ 86.013592][ T5016] worker_thread+0x687/0x1110 [ 86.020645][ T5016] kthread+0x33a/0x430 [ 86.027079][ T5016] ret_from_fork+0x2c/0x70 [ 86.033872][ T5016] ret_from_fork_asm+0x11/0x20 [ 86.041012][ T5016] } [ 86.043697][ T5016] ... key at: [] tasklist_lock+0x18/0x40 [ 86.051621][ T5016] ... acquired at: [ 86.055602][ T5016] _raw_read_lock+0x5f/0x70 [ 86.060314][ T5016] send_sigio+0xaf/0x3c0 [ 86.064759][ T5016] kill_fasync+0x1f8/0x4f0 [ 86.069376][ T5016] fsnotify_insert_event+0x3a5/0x4e0 [ 86.074869][ T5016] inotify_handle_inode_event+0x3f6/0x660 [ 86.080818][ T5016] fsnotify_handle_inode_event.isra.0+0x1d0/0x350 [ 86.087437][ T5016] fsnotify+0x12f5/0x1af0 [ 86.091968][ T5016] path_openat+0x10a5/0x29c0 [ 86.096766][ T5016] do_filp_open+0x1de/0x430 [ 86.101474][ T5016] do_sys_openat2+0x176/0x1e0 [ 86.106375][ T5016] __x64_sys_openat+0x175/0x210 [ 86.111431][ T5016] do_syscall_64+0x38/0xb0 [ 86.116041][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 86.122127][ T5016] [ 86.124459][ T5016] -> (&f->f_owner.lock){....}-{2:2} { [ 86.129965][ T5016] INITIAL USE at: [ 86.133960][ T5016] lock_acquire+0x1ae/0x510 [ 86.140237][ T5016] _raw_write_lock_irq+0x36/0x50 [ 86.146948][ T5016] f_modown+0x2a/0x390 [ 86.152786][ T5016] f_setown+0xd3/0x260 [ 86.158623][ T5016] do_fcntl+0x11ab/0x1290 [ 86.164726][ T5016] __x64_sys_fcntl+0x16c/0x1e0 [ 86.171272][ T5016] do_syscall_64+0x38/0xb0 [ 86.177447][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 86.185093][ T5016] INITIAL READ USE at: [ 86.189529][ T5016] lock_acquire+0x1ae/0x510 [ 86.196226][ T5016] _raw_read_lock_irqsave+0x70/0x90 [ 86.203637][ T5016] send_sigio+0x28/0x3c0 [ 86.210088][ T5016] kill_fasync+0x1f8/0x4f0 [ 86.216712][ T5016] fsnotify_insert_event+0x3a5/0x4e0 [ 86.224201][ T5016] inotify_handle_inode_event+0x3f6/0x660 [ 86.232127][ T5016] fsnotify_handle_inode_event.isra.0+0x1d0/0x350 [ 86.240748][ T5016] fsnotify+0x12f5/0x1af0 [ 86.247277][ T5016] path_openat+0x10a5/0x29c0 [ 86.254069][ T5016] do_filp_open+0x1de/0x430 [ 86.260775][ T5016] do_sys_openat2+0x176/0x1e0 [ 86.267657][ T5016] __x64_sys_openat+0x175/0x210 [ 86.274709][ T5016] do_syscall_64+0x38/0xb0 [ 86.281314][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 86.289405][ T5016] } [ 86.292000][ T5016] ... key at: [] __key.5+0x0/0x40 [ 86.299222][ T5016] ... acquired at: [ 86.303114][ T5016] _raw_read_lock_irqsave+0x70/0x90 [ 86.308515][ T5016] send_sigio+0x28/0x3c0 [ 86.312953][ T5016] kill_fasync+0x1f8/0x4f0 [ 86.317565][ T5016] fsnotify_insert_event+0x3a5/0x4e0 [ 86.323045][ T5016] inotify_handle_inode_event+0x3f6/0x660 [ 86.328963][ T5016] fsnotify_handle_inode_event.isra.0+0x1d0/0x350 [ 86.335575][ T5016] fsnotify+0x12f5/0x1af0 [ 86.340099][ T5016] path_openat+0x10a5/0x29c0 [ 86.344885][ T5016] do_filp_open+0x1de/0x430 [ 86.349584][ T5016] do_sys_openat2+0x176/0x1e0 [ 86.354462][ T5016] __x64_sys_openat+0x175/0x210 [ 86.359512][ T5016] do_syscall_64+0x38/0xb0 [ 86.364126][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 86.370210][ T5016] [ 86.372544][ T5016] -> (&new->fa_lock){....}-{2:2} { [ 86.377692][ T5016] INITIAL READ USE at: [ 86.382026][ T5016] lock_acquire+0x1ae/0x510 [ 86.388552][ T5016] _raw_read_lock_irqsave+0x70/0x90 [ 86.395777][ T5016] kill_fasync+0x13a/0x4f0 [ 86.402216][ T5016] fsnotify_insert_event+0x3a5/0x4e0 [ 86.409527][ T5016] inotify_handle_inode_event+0x3f6/0x660 [ 86.417272][ T5016] fsnotify_handle_inode_event.isra.0+0x1d0/0x350 [ 86.425710][ T5016] fsnotify+0x12f5/0x1af0 [ 86.432056][ T5016] path_openat+0x10a5/0x29c0 [ 86.438702][ T5016] do_filp_open+0x1de/0x430 [ 86.445228][ T5016] do_sys_openat2+0x176/0x1e0 [ 86.451933][ T5016] __x64_sys_openat+0x175/0x210 [ 86.458811][ T5016] do_syscall_64+0x38/0xb0 [ 86.465257][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 86.473167][ T5016] } [ 86.475671][ T5016] ... key at: [] __key.0+0x0/0x40 [ 86.482805][ T5016] ... acquired at: [ 86.486614][ T5016] lock_acquire+0x1ae/0x510 [ 86.491311][ T5016] _raw_read_lock_irqsave+0x70/0x90 [ 86.496719][ T5016] kill_fasync+0x13a/0x4f0 [ 86.501334][ T5016] evdev_pass_values+0x619/0x9b0 [ 86.506480][ T5016] evdev_events+0x1be/0x390 [ 86.511179][ T5016] input_to_handler+0x29e/0x4c0 [ 86.516226][ T5016] input_pass_values.part.0+0x536/0x7a0 [ 86.521963][ T5016] input_event_dispose+0x5ee/0x770 [ 86.527276][ T5016] input_handle_event+0x11c/0xd80 [ 86.532499][ T5016] input_inject_event+0x1c2/0x380 [ 86.537722][ T5016] evdev_write+0x456/0x750 [ 86.542337][ T5016] vfs_write+0x2a4/0xe40 [ 86.546769][ T5016] ksys_write+0x1f0/0x250 [ 86.551289][ T5016] do_syscall_64+0x38/0xb0 [ 86.555894][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 86.561977][ T5016] [ 86.564310][ T5016] [ 86.564310][ T5016] stack backtrace: [ 86.570206][ T5016] CPU: 0 PID: 5016 Comm: syz-executor400 Not tainted 6.5.0-rc4-syzkaller-00227-g024ff300db33 #0 [ 86.580634][ T5016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 86.590701][ T5016] Call Trace: [ 86.593988][ T5016] [ 86.596928][ T5016] dump_stack_lvl+0xd9/0x1b0 [ 86.601541][ T5016] check_irq_usage+0x10b8/0x1c70 [ 86.606501][ T5016] ? lock_acquire+0x1ae/0x510 [ 86.611201][ T5016] ? print_shortest_lock_dependencies_backwards+0x1b0/0x1b0 [ 86.618511][ T5016] ? hlock_conflict+0x58/0x200 [ 86.623299][ T5016] ? __bfs+0x2f8/0x660 [ 86.627389][ T5016] ? save_trace+0xb30/0xb30 [ 86.631912][ T5016] ? mark_lock+0x105/0x1950 [ 86.636440][ T5016] ? is_dynamic_key+0x1f0/0x1f0 [ 86.641317][ T5016] ? __lock_acquire+0x2e53/0x5de0 [ 86.646376][ T5016] __lock_acquire+0x2e53/0x5de0 [ 86.651258][ T5016] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 86.657265][ T5016] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 86.663272][ T5016] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 86.669276][ T5016] ? __wake_up_common_lock+0xe3/0x140 [ 86.674677][ T5016] lock_acquire+0x1ae/0x510 [ 86.679203][ T5016] ? kill_fasync+0x13a/0x4f0 [ 86.683822][ T5016] ? lock_sync+0x190/0x190 [ 86.688260][ T5016] ? lock_sync+0x190/0x190 [ 86.692699][ T5016] ? lock_sync+0x190/0x190 [ 86.697137][ T5016] ? __wake_up_common+0x5a0/0x5a0 [ 86.702187][ T5016] _raw_read_lock_irqsave+0x70/0x90 [ 86.707419][ T5016] ? kill_fasync+0x13a/0x4f0 [ 86.712051][ T5016] kill_fasync+0x13a/0x4f0 [ 86.716497][ T5016] evdev_pass_values+0x619/0x9b0 [ 86.721462][ T5016] evdev_events+0x1be/0x390 [ 86.725990][ T5016] ? evdev_connect+0x4c0/0x4c0 [ 86.730776][ T5016] input_to_handler+0x29e/0x4c0 [ 86.735659][ T5016] input_pass_values.part.0+0x536/0x7a0 [ 86.741224][ T5016] input_event_dispose+0x5ee/0x770 [ 86.746357][ T5016] input_handle_event+0x11c/0xd80 [ 86.751402][ T5016] input_inject_event+0x1c2/0x380 [ 86.756457][ T5016] evdev_write+0x456/0x750 [ 86.760902][ T5016] ? evdev_read+0xdf0/0xdf0 [ 86.765433][ T5016] ? security_file_permission+0x94/0x100 [ 86.771082][ T5016] vfs_write+0x2a4/0xe40 [ 86.775346][ T5016] ? evdev_read+0xdf0/0xdf0 [ 86.779875][ T5016] ? kernel_write+0x6c0/0x6c0 [ 86.784568][ T5016] ? ptrace_stop.part.0+0x61f/0x8f0 [ 86.789800][ T5016] ? find_held_lock+0x2d/0x110 [ 86.794585][ T5016] ? ptrace_notify+0xf4/0x130 [ 86.799278][ T5016] ? reacquire_held_locks+0x4b0/0x4b0 [ 86.804680][ T5016] ? __fget_light+0x1fc/0x260 [ 86.809390][ T5016] ksys_write+0x1f0/0x250 [ 86.813733][ T5016] ? __ia32_sys_read+0xb0/0xb0 [ 86.818512][ T5016] ? lockdep_hardirqs_on+0x7d/0x100 [ 86.823738][ T5016] ? _raw_spin_unlock_irq+0x2e/0x50 [ 86.828971][ T5016] ? ptrace_notify+0xf4/0x130 [ 86.833677][ T5016] do_syscall_64+0x38/0xb0 [ 86.838107][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 86.844018][ T5016] RIP: 0033:0x7fd982642169 [ 86.848444][ T5016] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 86.868067][ T5016] RSP: 002b:00007ffdb56559d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 86.876501][ T5016] RAX: ffffffffffffffda RBX: 00007ffdb5655ba8 RCX: 00007fd982642169 [ 86.884503][ T5016] RDX: 0000000000002ad8 RSI: 0000000020000040 RDI: 0000000000000005 [ 86.892487][ T5016] RBP: 00007fd9826b5610 R08: 00007ffdb5655ba8 R09: 00007ffdb5655ba8 [ 86.900472][ T5016] R10: 00007ffdb5655ba8 R11: 0000000000000246 R12: 0000000000000001 [ 86.908458][ T5016] R13: 00007ffdb5655b98 R14: 0000000000000001 R15: 0000000000000001 [ 86.916446][ T5016] write(5, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 10968) = 10968 exit_group(0) = ? +++ exited with 0 +++ [ 86.922012][ T26] audit: type=1400 audit(1691254322.765:88): avc: denied { append } for pid=4449 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=f