./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3268474462 <...> Warning: Permanently added '10.128.0.222' (ED25519) to the list of known hosts. execve("./syz-executor3268474462", ["./syz-executor3268474462"], 0x7ffd744afc30 /* 10 vars */) = 0 brk(NULL) = 0x5555574b7000 brk(0x5555574b7d40) = 0x5555574b7d40 arch_prctl(ARCH_SET_FS, 0x5555574b73c0) = 0 set_tid_address(0x5555574b7690) = 5061 set_robust_list(0x5555574b76a0, 24) = 0 rseq(0x5555574b7ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3268474462", 4096) = 28 getrandom("\x47\xd1\x43\x88\xeb\xac\xfe\x7e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555574b7d40 brk(0x5555574d8d40) = 0x5555574d8d40 brk(0x5555574d9000) = 0x5555574d9000 mprotect(0x7f4ec8b04000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f4ec8b0a40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f4ec8aa8e20, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4ec8a9a4a0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4ec8a22000 mprotect(0x7f4ec8a23000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4ec8a42990, parent_tid=0x7f4ec8a42990, exit_signal=0, stack=0x7f4ec8a22000, stack_size=0x20300, tls=0x7f4ec8a426c0}./strace-static-x86_64: Process 5062 attached => {parent_tid=[5062]}, 88) = 5062 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] rseq(0x7f4ec8a42fe0, 0x20, 0, 0x53053053 [pid 5061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] <... rseq resumed>) = 0 [pid 5061] futex(0x7f4ec8b0a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] set_robust_list(0x7f4ec8a429a0, 24 [pid 5061] <... futex resumed>) = 0 [pid 5062] <... set_robust_list resumed>) = 0 [pid 5061] futex(0x7f4ec8b0a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] open("./file0", O_RDONLY|O_CREAT|O_LARGEFILE|0x4000000, 000) = 3 [pid 5062] futex(0x7f4ec8b0a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5061] futex(0x7f4ec8b0a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] gettid( [pid 5061] <... futex resumed>) = 0 [pid 5062] <... gettid resumed>) = 5062 [pid 5061] futex(0x7f4ec8b0a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] futex(0x7f4ec8b0a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5061] futex(0x7f4ec8b0a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] futex(0x7f4ec8b0a408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f4ec8b0a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] fcntl(3, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=5062}) = 0 [pid 5062] futex(0x7f4ec8b0a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5061] futex(0x7f4ec8b0a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] fcntl(3, F_SETLEASE, F_RDLCK [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f4ec8b0a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... fcntl resumed>) = 0 [pid 5062] futex(0x7f4ec8b0a40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] futex(0x7f4ec8b0a408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f4ec8b0a408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5061] futex(0x7f4ec8b0a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] open("./file0", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] futex(0x7f4ec8b0a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5061] futex(0x7f4ec8b0a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] ioctl(-1, EVIOCSFF, {type=0 /* FF_??? */, id=0, direction=0, ...} [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f4ec8b0a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5062] futex(0x7f4ec8b0a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5061] futex(0x7f4ec8b0a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000 [pid 5061] <... futex resumed>) = 0 [ 103.628058][ T28] audit: type=1400 audit(1709897331.730:86): avc: denied { execmem } for pid=5061 comm="syz-executor326" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 5061] futex(0x7f4ec8b0a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... openat resumed>) = 4 [pid 5062] futex(0x7f4ec8b0a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f4ec8b0a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 1 [pid 5061] <... futex resumed>) = 0 [pid 5062] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY [pid 5061] futex(0x7f4ec8b0a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... openat resumed>) = 5 [pid 5062] futex(0x7f4ec8b0a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f4ec8b0a408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] futex(0x7f4ec8b0a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... futex resumed>) = 1 [pid 5062] openat(AT_FDCWD, "/dev/input/event0", O_RDONLY) = 6 [pid 5062] futex(0x7f4ec8b0a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f4ec8b0a408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5061] futex(0x7f4ec8b0a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] ioctl(6, FIOASYNC, [1986356271]) = 0 [ 103.684726][ T28] audit: type=1400 audit(1709897331.790:87): avc: denied { write } for pid=5061 comm="syz-executor326" name="event0" dev="devtmpfs" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 103.709515][ T28] audit: type=1400 audit(1709897331.790:88): avc: denied { open } for pid=5061 comm="syz-executor326" path="/dev/input/event0" dev="devtmpfs" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [pid 5062] futex(0x7f4ec8b0a40c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5061] futex(0x7f4ec8b0a408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] write(4, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xc6\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 10968 [pid 5061] <... futex resumed>) = 0 [ 103.721877][ T5062] [ 103.734861][ T28] audit: type=1400 audit(1709897331.790:89): avc: denied { read } for pid=5061 comm="syz-executor326" name="event0" dev="devtmpfs" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 103.736300][ T5062] ===================================================== [ 103.736310][ T5062] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 103.774067][ T5062] 6.8.0-rc7-syzkaller-00142-g3aaa8ce7a335 #0 Not tainted [pid 5061] futex(0x7f4ec8b0a40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 103.781292][ T5062] ----------------------------------------------------- [ 103.788241][ T5062] syz-executor326/5062 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 103.796329][ T5062] ffff8880788a1018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x138/0x4f0 [ 103.805245][ T5062] [ 103.805245][ T5062] and this task is already holding: [ 103.812636][ T5062] ffff88801aebc028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 103.822504][ T5062] which would create a new lock dependency: [ 103.828398][ T5062] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 103.836526][ T5062] [ 103.836526][ T5062] but this new dependency connects a HARDIRQ-irq-safe lock: [ 103.845983][ T5062] (&dev->event_lock#2){-...}-{2:2} [ 103.846022][ T5062] [ 103.846022][ T5062] ... which became HARDIRQ-irq-safe at: [ 103.858954][ T5062] lock_acquire+0x1ae/0x520 [ 103.863567][ T5062] _raw_spin_lock_irqsave+0x3a/0x60 [ 103.868885][ T5062] input_event+0x70/0xa0 [ 103.873227][ T5062] psmouse_report_standard_buttons+0x30/0x80 [ 103.879323][ T5062] psmouse_process_byte+0x39c/0x8a0 [ 103.884615][ T5062] psmouse_handle_byte+0x44/0x570 [ 103.889767][ T5062] psmouse_receive_byte+0x243/0xe20 [ 103.895127][ T5062] ps2_interrupt+0x20b/0x5b0 [ 103.899868][ T5062] serio_interrupt+0x8f/0x150 [ 103.904677][ T5062] i8042_interrupt+0x3f5/0x8a0 [ 103.909567][ T5062] __handle_irq_event_percpu+0x22a/0x750 [ 103.915310][ T5062] handle_irq_event+0xab/0x1e0 [ 103.920182][ T5062] handle_edge_irq+0x263/0xd10 [ 103.925144][ T5062] __common_interrupt+0xde/0x250 [ 103.930197][ T5062] common_interrupt+0xab/0xd0 [ 103.934986][ T5062] asm_common_interrupt+0x26/0x40 [ 103.940108][ T5062] __sanitizer_cov_trace_pc+0x0/0x60 [ 103.945502][ T5062] klist_next+0x2a8/0x520 [ 103.949930][ T5062] bus_for_each_dev+0xfb/0x1d0 [ 103.954808][ T5062] bus_add_driver+0x2ed/0x640 [ 103.959597][ T5062] driver_register+0x15c/0x4b0 [ 103.964499][ T5062] usb_register_driver+0x21d/0x4d0 [ 103.969724][ T5062] do_one_initcall+0x11c/0x670 [ 103.974596][ T5062] kernel_init_freeable+0x68d/0xc10 [ 103.979988][ T5062] kernel_init+0x1c/0x2a0 [ 103.984422][ T5062] ret_from_fork+0x45/0x80 [ 103.988958][ T5062] ret_from_fork_asm+0x1b/0x30 [ 103.993862][ T5062] [ 103.993862][ T5062] to a HARDIRQ-irq-unsafe lock: [ 104.000879][ T5062] (tasklist_lock){.+.+}-{2:2} [ 104.000909][ T5062] [ 104.000909][ T5062] ... which became HARDIRQ-irq-unsafe at: [ 104.013727][ T5062] ... [ 104.013739][ T5062] lock_acquire+0x1ae/0x520 [ 104.020963][ T5062] _raw_read_lock+0x5f/0x70 [ 104.025583][ T5062] __do_wait+0x105/0x890 [ 104.029934][ T5062] do_wait+0x212/0x530 [ 104.034112][ T5062] kernel_wait+0xa0/0x160 [ 104.038549][ T5062] call_usermodehelper_exec_work+0xf1/0x170 [ 104.044546][ T5062] process_one_work+0x889/0x15e0 [ 104.049684][ T5062] worker_thread+0x8b9/0x12a0 [ 104.054469][ T5062] kthread+0x2c6/0x3b0 [ 104.058659][ T5062] ret_from_fork+0x45/0x80 [ 104.063206][ T5062] ret_from_fork_asm+0x1b/0x30 [ 104.068078][ T5062] [ 104.068078][ T5062] other info that might help us debug this: [ 104.068078][ T5062] [ 104.078569][ T5062] Chain exists of: [ 104.078569][ T5062] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 104.078569][ T5062] [ 104.092251][ T5062] Possible interrupt unsafe locking scenario: [ 104.092251][ T5062] [ 104.100577][ T5062] CPU0 CPU1 [ 104.106031][ T5062] ---- ---- [ 104.111576][ T5062] lock(tasklist_lock); [ 104.115837][ T5062] local_irq_disable(); [ 104.122628][ T5062] lock(&dev->event_lock#2); [ 104.129928][ T5062] lock(&client->buffer_lock); [ 104.137311][ T5062] [ 104.140770][ T5062] lock(&dev->event_lock#2); [ 104.145646][ T5062] [ 104.145646][ T5062] *** DEADLOCK *** [ 104.145646][ T5062] [ 104.153812][ T5062] 7 locks held by syz-executor326/5062: [ 104.159375][ T5062] #0: ffff888024179110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x201/0x760 [ 104.168555][ T5062] #1: ffff888018f5b230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xa4/0x370 [ 104.178726][ T5062] #2: ffffffff8d7ad220 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xca/0x370 [ 104.188442][ T5062] #3: ffffffff8d7ad220 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0xb2/0x840 [ 104.198073][ T5062] #4: ffffffff8d7ad220 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x87/0x390 [ 104.207461][ T5062] #5: ffff88801aebc028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x10e/0x9b0 [ 104.217768][ T5062] #6: ffffffff8d7ad220 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x6d/0x4f0 [ 104.226855][ T5062] [ 104.226855][ T5062] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [pid 5061] exit_group(0) = ? [ 104.237263][ T5062] -> (&dev->event_lock#2){-...}-{2:2} { [ 104.243037][ T5062] IN-HARDIRQ-W at: [ 104.247111][ T5062] lock_acquire+0x1ae/0x520 [ 104.253471][ T5062] _raw_spin_lock_irqsave+0x3a/0x60 [ 104.260519][ T5062] input_event+0x70/0xa0 [ 104.266598][ T5062] psmouse_report_standard_buttons+0x30/0x80 [ 104.274952][ T5062] psmouse_process_byte+0x39c/0x8a0 [ 104.281986][ T5062] psmouse_handle_byte+0x44/0x570 [ 104.289121][ T5062] psmouse_receive_byte+0x243/0xe20 [ 104.296168][ T5062] ps2_interrupt+0x20b/0x5b0 [ 104.302613][ T5062] serio_interrupt+0x8f/0x150 [ 104.309148][ T5062] i8042_interrupt+0x3f5/0x8a0 [ 104.315745][ T5062] __handle_irq_event_percpu+0x22a/0x750 [ 104.323397][ T5062] handle_irq_event+0xab/0x1e0 [ 104.330015][ T5062] handle_edge_irq+0x263/0xd10 [ 104.336746][ T5062] __common_interrupt+0xde/0x250 [ 104.343542][ T5062] common_interrupt+0xab/0xd0 [ 104.350071][ T5062] asm_common_interrupt+0x26/0x40 [ 104.356931][ T5062] __sanitizer_cov_trace_pc+0x0/0x60 [ 104.364069][ T5062] klist_next+0x2a8/0x520 [ 104.370498][ T5062] bus_for_each_dev+0xfb/0x1d0 [ 104.377119][ T5062] bus_add_driver+0x2ed/0x640 [ 104.383755][ T5062] driver_register+0x15c/0x4b0 [ 104.390443][ T5062] usb_register_driver+0x21d/0x4d0 [ 104.397408][ T5062] do_one_initcall+0x11c/0x670 [ 104.404019][ T5062] kernel_init_freeable+0x68d/0xc10 [ 104.411053][ T5062] kernel_init+0x1c/0x2a0 [ 104.417219][ T5062] ret_from_fork+0x45/0x80 [ 104.423482][ T5062] ret_from_fork_asm+0x1b/0x30 [ 104.430178][ T5062] INITIAL USE at: [ 104.434159][ T5062] lock_acquire+0x1ae/0x520 [ 104.440415][ T5062] _raw_spin_lock_irqsave+0x3a/0x60 [ 104.447370][ T5062] input_inject_event+0xa4/0x370 [ 104.454057][ T5062] led_set_brightness+0x211/0x290 [ 104.460831][ T5062] led_trigger_event+0xb2/0x240 [ 104.467438][ T5062] kbd_led_trigger_activate+0xc6/0x100 [ 104.474648][ T5062] led_trigger_set+0x58c/0xc10 [ 104.481169][ T5062] led_trigger_set_default+0x1d2/0x230 [ 104.488382][ T5062] led_classdev_register_ext+0x791/0xa10 [ 104.495765][ T5062] input_leds_connect+0x54a/0x8e0 [ 104.502636][ T5062] input_attach_handler.isra.0+0x181/0x260 [ 104.510280][ T5062] input_register_device+0xb22/0x1140 [ 104.517484][ T5062] atkbd_connect+0x5e2/0xa20 [ 104.523825][ T5062] serio_driver_probe+0x74/0xa0 [ 104.530422][ T5062] really_probe+0x23a/0xcb0 [ 104.536670][ T5062] __driver_probe_device+0x1de/0x4b0 [ 104.543699][ T5062] driver_probe_device+0x4c/0x1b0 [ 104.550470][ T5062] __driver_attach+0x283/0x580 [ 104.557067][ T5062] bus_for_each_dev+0x13c/0x1d0 [ 104.563759][ T5062] serio_handle_event+0x2bb/0xa90 [ 104.570529][ T5062] process_one_work+0x889/0x15e0 [ 104.577226][ T5062] worker_thread+0x8b9/0x12a0 [ 104.583669][ T5062] kthread+0x2c6/0x3b0 [ 104.589493][ T5062] ret_from_fork+0x45/0x80 [ 104.595754][ T5062] ret_from_fork_asm+0x1b/0x30 [ 104.602367][ T5062] } [ 104.604953][ T5062] ... key at: [] __key.6+0x0/0x40 [ 104.612263][ T5062] -> (&client->buffer_lock){....}-{2:2} { [ 104.618007][ T5062] INITIAL USE at: [ 104.621904][ T5062] lock_acquire+0x1ae/0x520 [ 104.628424][ T5062] _raw_spin_lock+0x2e/0x40 [ 104.634511][ T5062] evdev_pass_values+0x10e/0x9b0 [ 104.641023][ T5062] evdev_events+0x1b7/0x390 [ 104.647097][ T5062] input_to_handler+0x2a1/0x4d0 [ 104.653531][ T5062] input_pass_values+0x5c9/0x840 [ 104.660044][ T5062] input_event_dispose+0x37a/0x630 [ 104.666812][ T5062] input_handle_event+0x11c/0xd80 [ 104.673413][ T5062] input_inject_event+0x1bb/0x370 [ 104.680100][ T5062] evdev_write+0x456/0x760 [ 104.686088][ T5062] vfs_write+0x298/0x1110 [ 104.692001][ T5062] ksys_write+0x1f8/0x260 [ 104.698174][ T5062] do_syscall_64+0xd5/0x270 [ 104.704256][ T5062] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 104.711740][ T5062] } [ 104.714240][ T5062] ... key at: [] __key.3+0x0/0x40 [ 104.721376][ T5062] ... acquired at: [ 104.725185][ T5062] _raw_spin_lock+0x2e/0x40 [ 104.729878][ T5062] evdev_pass_values+0x10e/0x9b0 [ 104.735025][ T5062] evdev_events+0x1b7/0x390 [ 104.739718][ T5062] input_to_handler+0x2a1/0x4d0 [ 104.744762][ T5062] input_pass_values+0x5c9/0x840 [ 104.749887][ T5062] input_event_dispose+0x37a/0x630 [ 104.755269][ T5062] input_handle_event+0x11c/0xd80 [ 104.760482][ T5062] input_inject_event+0x1bb/0x370 [ 104.765777][ T5062] evdev_write+0x456/0x760 [ 104.770410][ T5062] vfs_write+0x298/0x1110 [ 104.774988][ T5062] ksys_write+0x1f8/0x260 [ 104.779513][ T5062] do_syscall_64+0xd5/0x270 [ 104.784211][ T5062] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 104.790309][ T5062] [ 104.792643][ T5062] [ 104.792643][ T5062] the dependencies between the lock to be acquired [ 104.792652][ T5062] and HARDIRQ-irq-unsafe lock: [ 104.806271][ T5062] -> (tasklist_lock){.+.+}-{2:2} { [ 104.811585][ T5062] HARDIRQ-ON-R at: [ 104.815744][ T5062] lock_acquire+0x1ae/0x520 [ 104.822268][ T5062] _raw_read_lock+0x5f/0x70 [ 104.828790][ T5062] __do_wait+0x105/0x890 [ 104.835049][ T5062] do_wait+0x212/0x530 [ 104.841133][ T5062] kernel_wait+0xa0/0x160 [ 104.847740][ T5062] call_usermodehelper_exec_work+0xf1/0x170 [ 104.855647][ T5062] process_one_work+0x889/0x15e0 [ 104.862956][ T5062] worker_thread+0x8b9/0x12a0 [ 104.871217][ T5062] kthread+0x2c6/0x3b0 [ 104.877324][ T5062] ret_from_fork+0x45/0x80 [ 104.883934][ T5062] ret_from_fork_asm+0x1b/0x30 [ 104.890714][ T5062] SOFTIRQ-ON-R at: [ 104.894885][ T5062] lock_acquire+0x1ae/0x520 [ 104.901404][ T5062] _raw_read_lock+0x5f/0x70 [ 104.907937][ T5062] __do_wait+0x105/0x890 [ 104.914220][ T5062] do_wait+0x212/0x530 [ 104.920311][ T5062] kernel_wait+0xa0/0x160 [ 104.926658][ T5062] call_usermodehelper_exec_work+0xf1/0x170 [ 104.934562][ T5062] process_one_work+0x889/0x15e0 [ 104.941616][ T5062] worker_thread+0x8b9/0x12a0 [ 104.948321][ T5062] kthread+0x2c6/0x3b0 [ 104.954403][ T5062] ret_from_fork+0x45/0x80 [ 104.961103][ T5062] ret_from_fork_asm+0x1b/0x30 [ 104.967973][ T5062] INITIAL USE at: [ 104.972047][ T5062] lock_acquire+0x1ae/0x520 [ 104.978564][ T5062] _raw_write_lock_irq+0x36/0x50 [ 104.985438][ T5062] copy_process+0x6add/0x97b0 [ 104.992042][ T5062] kernel_clone+0xfd/0x930 [ 104.998382][ T5062] user_mode_thread+0xb4/0xf0 [ 105.004986][ T5062] rest_init+0x27/0x2b0 [ 105.011070][ T5062] arch_call_rest_init+0x13/0x40 [ 105.017930][ T5062] start_kernel+0x39f/0x480 [ 105.024353][ T5062] x86_64_start_reservations+0x18/0x30 [ 105.031821][ T5062] x86_64_start_kernel+0xb2/0xc0 [ 105.038686][ T5062] secondary_startup_64_no_verify+0x170/0x17b [ 105.046860][ T5062] INITIAL READ USE at: [ 105.051372][ T5062] lock_acquire+0x1ae/0x520 [ 105.058248][ T5062] _raw_read_lock+0x5f/0x70 [ 105.065146][ T5062] __do_wait+0x105/0x890 [ 105.071770][ T5062] do_wait+0x212/0x530 [ 105.078218][ T5062] kernel_wait+0xa0/0x160 [ 105.084932][ T5062] call_usermodehelper_exec_work+0xf1/0x170 [ 105.093191][ T5062] process_one_work+0x889/0x15e0 [ 105.100500][ T5062] worker_thread+0x8b9/0x12a0 [ 105.107720][ T5062] kthread+0x2c6/0x3b0 [ 105.114163][ T5062] ret_from_fork+0x45/0x80 [ 105.120946][ T5062] ret_from_fork_asm+0x1b/0x30 [ 105.128163][ T5062] } [ 105.130836][ T5062] ... key at: [] tasklist_lock+0x18/0x40 [ 105.138830][ T5062] ... acquired at: [ 105.142893][ T5062] _raw_read_lock+0x5f/0x70 [ 105.147588][ T5062] send_sigio+0xb4/0x3c0 [ 105.152020][ T5062] kill_fasync+0x1f6/0x4f0 [ 105.156623][ T5062] lease_break_callback+0x23/0x30 [ 105.164193][ T5062] __break_lease+0x711/0x1810 [ 105.169064][ T5062] do_dentry_open+0x675/0x18c0 [ 105.174020][ T5062] path_openat+0x1e00/0x29a0 [ 105.178805][ T5062] do_filp_open+0x1de/0x440 [ 105.183487][ T5062] do_sys_openat2+0x17a/0x1e0 [ 105.188360][ T5062] __x64_sys_open+0x154/0x1e0 [ 105.193228][ T5062] do_syscall_64+0xd5/0x270 [ 105.197917][ T5062] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 105.204016][ T5062] [ 105.206357][ T5062] -> (&f->f_owner.lock){....}-{2:2} { [ 105.211904][ T5062] INITIAL USE at: [ 105.215996][ T5062] lock_acquire+0x1ae/0x520 [ 105.222277][ T5062] _raw_write_lock_irq+0x36/0x50 [ 105.228995][ T5062] f_modown+0x2a/0x380 [ 105.235085][ T5062] do_fcntl+0xce2/0x1270 [ 105.241257][ T5062] __x64_sys_fcntl+0x174/0x1f0 [ 105.247772][ T5062] do_syscall_64+0xd5/0x270 [ 105.254429][ T5062] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 105.262086][ T5062] INITIAL READ USE at: [ 105.266502][ T5062] lock_acquire+0x1ae/0x520 [ 105.273198][ T5062] _raw_read_lock_irqsave+0x74/0x90 [ 105.280590][ T5062] send_sigio+0x28/0x3c0 [ 105.287015][ T5062] kill_fasync+0x1f6/0x4f0 [ 105.293618][ T5062] lease_break_callback+0x23/0x30 [ 105.300832][ T5062] __break_lease+0x711/0x1810 [ 105.310510][ T5062] do_dentry_open+0x675/0x18c0 [ 105.317454][ T5062] path_openat+0x1e00/0x29a0 [ 105.324417][ T5062] do_filp_open+0x1de/0x440 [ 105.331186][ T5062] do_sys_openat2+0x17a/0x1e0 [ 105.338134][ T5062] __x64_sys_open+0x154/0x1e0 [ 105.345001][ T5062] do_syscall_64+0xd5/0x270 [ 105.351689][ T5062] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 105.359788][ T5062] } [ 105.362373][ T5062] ... key at: [] __key.4+0x0/0x40 [ 105.369763][ T5062] ... acquired at: [ 105.373658][ T5062] _raw_read_lock_irqsave+0x74/0x90 [ 105.379063][ T5062] send_sigio+0x28/0x3c0 [ 105.383590][ T5062] kill_fasync+0x1f6/0x4f0 [ 105.388364][ T5062] lease_break_callback+0x23/0x30 [ 105.393673][ T5062] __break_lease+0x711/0x1810 [ 105.398542][ T5062] do_dentry_open+0x675/0x18c0 [ 105.403492][ T5062] path_openat+0x1e00/0x29a0 [ 105.408277][ T5062] do_filp_open+0x1de/0x440 [ 105.413222][ T5062] do_sys_openat2+0x17a/0x1e0 [ 105.418267][ T5062] __x64_sys_open+0x154/0x1e0 [ 105.423133][ T5062] do_syscall_64+0xd5/0x270 [ 105.427819][ T5062] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 105.433911][ T5062] [ 105.436234][ T5062] -> (&new->fa_lock){....}-{2:2} { [ 105.441374][ T5062] INITIAL READ USE at: [ 105.445699][ T5062] lock_acquire+0x1ae/0x520 [ 105.452214][ T5062] _raw_read_lock_irqsave+0x74/0x90 [ 105.459432][ T5062] kill_fasync+0x138/0x4f0 [ 105.465856][ T5062] lease_break_callback+0x23/0x30 [ 105.472892][ T5062] __break_lease+0x711/0x1810 [ 105.479583][ T5062] do_dentry_open+0x675/0x18c0 [ 105.486349][ T5062] path_openat+0x1e00/0x29a0 [ 105.492987][ T5062] do_filp_open+0x1de/0x440 [ 105.499491][ T5062] do_sys_openat2+0x17a/0x1e0 [ 105.506178][ T5062] __x64_sys_open+0x154/0x1e0 [ 105.512868][ T5062] do_syscall_64+0xd5/0x270 [ 105.519382][ T5062] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 105.527302][ T5062] } [ 105.529805][ T5062] ... key at: [] __key.0+0x0/0x40 [ 105.536928][ T5062] ... acquired at: [ 105.540755][ T5062] lock_acquire+0x1ae/0x520 [ 105.545448][ T5062] _raw_read_lock_irqsave+0x74/0x90 [ 105.550840][ T5062] kill_fasync+0x138/0x4f0 [ 105.555440][ T5062] evdev_pass_values+0x619/0x9b0 [ 105.560557][ T5062] evdev_events+0x1b7/0x390 [ 105.565241][ T5062] input_to_handler+0x2a1/0x4d0 [ 105.570280][ T5062] input_pass_values+0x5c9/0x840 [ 105.575398][ T5062] input_event_dispose+0x37a/0x630 [ 105.580688][ T5062] input_handle_event+0x11c/0xd80 [ 105.585894][ T5062] input_inject_event+0x1bb/0x370 [ 105.591102][ T5062] evdev_write+0x456/0x760 [ 105.595701][ T5062] vfs_write+0x298/0x1110 [ 105.600227][ T5062] ksys_write+0x1f8/0x260 [ 105.604751][ T5062] do_syscall_64+0xd5/0x270 [ 105.609436][ T5062] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 105.615533][ T5062] [ 105.617855][ T5062] [ 105.617855][ T5062] stack backtrace: [ 105.623738][ T5062] CPU: 0 PID: 5062 Comm: syz-executor326 Not tainted 6.8.0-rc7-syzkaller-00142-g3aaa8ce7a335 #0 [ 105.634155][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 105.644221][ T5062] Call Trace: [ 105.647502][ T5062] [ 105.650434][ T5062] dump_stack_lvl+0xd9/0x1b0 [ 105.655047][ T5062] check_irq_usage+0xe3c/0x1490 [ 105.659917][ T5062] ? __pfx___lock_acquire+0x10/0x10 [ 105.665223][ T5062] ? __pfx_check_irq_usage+0x10/0x10 [ 105.670523][ T5062] ? hlock_conflict+0x58/0x200 [ 105.675299][ T5062] ? __bfs+0x2fb/0x670 [ 105.679377][ T5062] ? __pfx_hlock_conflict+0x10/0x10 [ 105.684589][ T5062] ? lockdep_lock+0xc6/0x200 [ 105.689188][ T5062] ? __pfx_lockdep_lock+0x10/0x10 [ 105.694233][ T5062] ? __lock_acquire+0x2465/0x3b40 [ 105.699275][ T5062] __lock_acquire+0x2465/0x3b40 [ 105.704146][ T5062] ? __pfx___lock_acquire+0x10/0x10 [ 105.709363][ T5062] ? __pfx___lock_acquire+0x10/0x10 [ 105.714579][ T5062] lock_acquire+0x1ae/0x520 [ 105.719098][ T5062] ? kill_fasync+0x138/0x4f0 [ 105.723703][ T5062] ? __pfx_lock_acquire+0x10/0x10 [ 105.728854][ T5062] ? __pfx_lock_acquire+0x10/0x10 [ 105.733896][ T5062] ? __pfx_lock_acquire+0x10/0x10 [ 105.738939][ T5062] _raw_read_lock_irqsave+0x74/0x90 [ 105.744157][ T5062] ? kill_fasync+0x138/0x4f0 [ 105.748765][ T5062] kill_fasync+0x138/0x4f0 [ 105.753194][ T5062] evdev_pass_values+0x619/0x9b0 [ 105.758159][ T5062] evdev_events+0x1b7/0x390 [ 105.762684][ T5062] ? __pfx_evdev_events+0x10/0x10 [ 105.767719][ T5062] input_to_handler+0x2a1/0x4d0 [ 105.772688][ T5062] input_pass_values+0x5c9/0x840 [ 105.777636][ T5062] input_event_dispose+0x37a/0x630 [ 105.782758][ T5062] input_handle_event+0x11c/0xd80 [ 105.787795][ T5062] input_inject_event+0x1bb/0x370 [ 105.792832][ T5062] evdev_write+0x456/0x760 [ 105.797284][ T5062] ? __pfx_evdev_write+0x10/0x10 [ 105.802234][ T5062] ? security_file_permission+0x98/0xc0 [ 105.807791][ T5062] ? __pfx_evdev_write+0x10/0x10 [ 105.812990][ T5062] vfs_write+0x298/0x1110 [ 105.817345][ T5062] ? __pfx_lock_release+0x10/0x10 [ 105.822384][ T5062] ? __pfx_vfs_write+0x10/0x10 [ 105.827205][ T5062] ? __fget_files+0x256/0x400 [ 105.831902][ T5062] ? __fget_light+0x177/0x210 [ 105.836598][ T5062] ksys_write+0x1f8/0x260 [ 105.840950][ T5062] ? __pfx_ksys_write+0x10/0x10 [ 105.845824][ T5062] ? lockdep_hardirqs_on+0x7d/0x110 [ 105.851032][ T5062] ? _raw_spin_unlock_irq+0x2e/0x50 [ 105.856261][ T5062] ? ptrace_notify+0xf4/0x140 [ 105.860953][ T5062] do_syscall_64+0xd5/0x270 [ 105.865470][ T5062] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 105.871392][ T5062] RIP: 0033:0x7f4ec8a82f79 [pid 5062] <... write resumed>) = ? [ 105.875812][ T5062] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 105.895525][ T5062] RSP: 002b:00007f4ec8a42228 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 105.903949][ T5062] RAX: ffffffffffffffda RBX: 00007f4ec8b0a408 RCX: 00007f4ec8a82f79 [ 105.912102][ T5062] RDX: 0000000000002ad8 RSI: 0000000020000040 RDI: 0000000000000004 [ 105.920094][ T5062] RBP: 00007f4ec8b0a400 R08: 00007f4ec8a426c0 R09: 00007f4ec8a426c0 [ 105.928068][ T5062] R10: 00007f4ec8a426c0 R11: 0000000000000246 R12: 00007f4ec8b0a40c [ 105.936057][ T5062] R13: 00007f4ec8ad7018 R14: 0030656c69662f2e R15: 00007ffdeb484698 [pid 5062] +++ exited with 0 +++ +++ exited with 0 +++ [ 105.944040][