__do_sys_inotify_add_watch fs/notify/inotify/inotify_user.c:777 [inline] __se_sys_inotify_add_watch fs/notify/inotify/inotify_user.c:730 [inline] __x64_sys_inotify_add_watch+0x1f1/0x350 fs/notify/inotify/inotify_user.c:730 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f97fc5547f7 ================================ WARNING: inconsistent lock state 5.19.0-syzkaller-13666-gffcf9c5700e4 #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. udevd/29110 [HC0[0]:SC1[1]:HE0:SE0] takes: ffffffff87b854d8 (vmap_area_lock){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline] ffffffff87b854d8 (vmap_area_lock){+.?.}-{2:2}, at: find_vmap_area+0x1c/0x130 mm/vmalloc.c:1836 {SOFTIRQ-ON-W} state was registered at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] alloc_vmap_area+0xa0b/0x1d50 mm/vmalloc.c:1617 __get_vm_area_node+0x142/0x3f0 mm/vmalloc.c:2484 get_vm_area_caller+0x43/0x50 mm/vmalloc.c:2537 __ioremap_caller.constprop.0+0x292/0x600 arch/x86/mm/ioremap.c:280 acpi_os_ioremap include/acpi/acpi_io.h:13 [inline] acpi_map drivers/acpi/osl.c:296 [inline] acpi_os_map_iomem+0x463/0x550 drivers/acpi/osl.c:355 acpi_tb_acquire_table+0xd8/0x209 drivers/acpi/acpica/tbdata.c:142 acpi_tb_validate_table drivers/acpi/acpica/tbdata.c:317 [inline] acpi_tb_validate_table+0x50/0x8c drivers/acpi/acpica/tbdata.c:308 acpi_tb_verify_temp_table+0x84/0x674 drivers/acpi/acpica/tbdata.c:504 acpi_reallocate_root_table+0x374/0x3e0 drivers/acpi/acpica/tbxface.c:180 acpi_early_init+0x13a/0x438 drivers/acpi/bus.c:1214 start_kernel+0x3cf/0x48f init/main.c:1099 secondary_startup_64_no_verify+0xce/0xdb irq event stamp: 620775 hardirqs last enabled at (620774): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline] hardirqs last enabled at (620774): [] _raw_spin_unlock_irq+0x1f/0x40 kernel/locking/spinlock.c:202 hardirqs last disabled at (620775): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (620775): [] _raw_spin_lock_irqsave+0x4e/0x50 kernel/locking/spinlock.c:162 softirqs last enabled at (618630): [] invoke_softirq kernel/softirq.c:445 [inline] softirqs last enabled at (618630): [] __irq_exit_rcu+0x113/0x170 kernel/softirq.c:650 softirqs last disabled at (620767): [] invoke_softirq kernel/softirq.c:445 [inline] softirqs last disabled at (620767): [] __irq_exit_rcu+0x113/0x170 kernel/softirq.c:650 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(vmap_area_lock); lock(vmap_area_lock); *** DEADLOCK *** 5 locks held by udevd/29110: #0: ffffc90000178d70 ((&dev->timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:31 [inline] #0: ffffc90000178d70 ((&dev->timer)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0 kernel/time/timer.c:1464 #1: ffff88813e983230 (&dev->event_lock){-.-.}-{2:2}, at: input_repeat_key+0x78/0x390 drivers/input/input.c:195 #2: ffffffff87a94f60 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 drivers/input/input.c:884 #3: ffffffff87eb92f8 (kbd_event_lock){..-.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline] #3: ffffffff87eb92f8 (kbd_event_lock){..-.}-{2:2}, at: kbd_event+0x86/0x1790 drivers/tty/vt/keyboard.c:1537 #4: ffffffff87a94f60 (rcu_read_lock){....}-{1:2}, at: show_state_filter+0x0/0x300 kernel/sched/core.c:8832 stack backtrace: CPU: 1 PID: 29110 Comm: udevd Not tainted 5.19.0-syzkaller-13666-gffcf9c5700e4 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_usage_bug kernel/locking/lockdep.c:3961 [inline] valid_state kernel/locking/lockdep.c:3973 [inline] mark_lock_irq kernel/locking/lockdep.c:4176 [inline] mark_lock.part.0.cold+0x18/0xd8 kernel/locking/lockdep.c:4632 mark_lock kernel/locking/lockdep.c:4596 [inline] mark_usage kernel/locking/lockdep.c:4527 [inline] __lock_acquire+0x11d9/0x56d0 kernel/locking/lockdep.c:5007 lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] find_vmap_area+0x1c/0x130 mm/vmalloc.c:1836 check_heap_object mm/usercopy.c:176 [inline] __check_object_size mm/usercopy.c:250 [inline] __check_object_size+0x1f8/0x700 mm/usercopy.c:212 check_object_size include/linux/thread_info.h:199 [inline] __copy_from_user_inatomic include/linux/uaccess.h:62 [inline] copy_from_user_nmi arch/x86/lib/usercopy.c:47 [inline] copy_from_user_nmi+0xcb/0x130 arch/x86/lib/usercopy.c:31 copy_code arch/x86/kernel/dumpstack.c:91 [inline] show_opcodes+0x59/0xb0 arch/x86/kernel/dumpstack.c:121 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:149 __show_regs+0x1e/0x60 arch/x86/kernel/process_64.c:74 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:292 sched_show_task kernel/sched/core.c:8870 [inline] sched_show_task+0x44c/0x5c0 kernel/sched/core.c:8844 show_state_filter+0x13e/0x300 kernel/sched/core.c:8915 k_spec drivers/tty/vt/keyboard.c:667 [inline] k_spec+0xe1/0x130 drivers/tty/vt/keyboard.c:656 kbd_keycode drivers/tty/vt/keyboard.c:1524 [inline] kbd_event+0xcdd/0x1790 drivers/tty/vt/keyboard.c:1543 input_to_handler+0x3b9/0x4c0 drivers/input/input.c:129 input_pass_values.part.0+0x230/0x710 drivers/input/input.c:156 input_pass_values drivers/input/input.c:192 [inline] input_repeat_key+0x284/0x390 drivers/input/input.c:205 call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474 expire_timers kernel/time/timer.c:1519 [inline] __run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790 __run_timers kernel/time/timer.c:1768 [inline] run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803 __do_softirq+0x1c0/0x9a9 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x113/0x170 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1106 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649 RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:30 [inline] RIP: 0010:__orc_find+0x83/0xf0 arch/x86/kernel/unwind_orc.c:52 Code: 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 48 48 63 03 <48> 01 d8 48 39 c1 73 b0 4c 8d 63 fc 49 39 ec 73 b3 4d 29 ee 49 c1 RSP: 0018:ffffc9000346f980 EFLAGS: 00000246 RAX: fffffffff88e5743 RBX: ffffffff88eb9370 RCX: ffffffff8179ea0f RDX: 0000000000000000 RSI: ffffffff89345fbe RDI: ffffffff88eb9360 RBP: ffffffff88eb9360 R08: ffffffff87925ca0 R09: ffffc9000346fa6c R10: fffff5200068df52 R11: 0000000000052040 R12: ffffffff88eb9384 R13: ffffffff88eb9360 R14: ffffffff88eb9360 R15: dffffc0000000000 orc_find arch/x86/kernel/unwind_orc.c:173 [inline] unwind_next_frame+0x2a3/0x1cc0 arch/x86/kernel/unwind_orc.c:443 arch_stack_walk+0x7d/0xe0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:122 kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:45 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:367 [inline] ____kasan_slab_free+0x14a/0x1b0 mm/kasan/common.c:329 kasan_slab_free include/linux/kasan.h:200 [inline] slab_free_hook mm/slub.c:1754 [inline] slab_free_freelist_hook mm/slub.c:1780 [inline] slab_free mm/slub.c:3534 [inline] kmem_cache_free+0xd3/0x620 mm/slub.c:3551 putname fs/namei.c:271 [inline] putname+0xfe/0x140 fs/namei.c:257 user_path_at_empty+0x4d/0x60 fs/namei.c:2878 user_path_at include/linux/namei.h:57 [inline] inotify_find_inode+0x32/0x170 fs/notify/inotify/inotify_user.c:378 __do_sys_inotify_add_watch fs/notify/inotify/inotify_user.c:777 [inline] __se_sys_inotify_add_watch fs/notify/inotify/inotify_user.c:730 [inline] __x64_sys_inotify_add_watch+0x1f1/0x350 fs/notify/inotify/inotify_user.c:730 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f97fc5547f7 Code: f0 ff ff 73 01 c3 48 8b 0d 7e 06 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 fe 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 06 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007ffda966d538 EFLAGS: 00000202 ORIG_RAX: 00000000000000fe RAX: ffffffffffffffda RBX: 00005626bfa83190 RCX: 00007f97fc5547f7 RDX: 0000000000000008 RSI: 00005626bfa66ce0 RDI: 0000000000000007 RBP: 00005626bfa83190 R08: 0000000000000001 R09: 00005626bfa73290 R10: 00000000000001b6 R11: 0000000000000202 R12: 00005626bfaa1460 R13: 00005626bfa77720 R14: 0000000000000008 R15: 00005626bfa5d910 Code: f0 ff ff 73 01 c3 48 8b 0d 7e 06 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 fe 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 06 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007ffda966d538 EFLAGS: 00000202 ORIG_RAX: 00000000000000fe RAX: ffffffffffffffda RBX: 00005626bfa83190 RCX: 00007f97fc5547f7 RDX: 0000000000000008 RSI: 00005626bfa66ce0 RDI: 0000000000000007 RBP: 00005626bfa83190 R08: 0000000000000001 R09: 00005626bfa73290 R10: 00000000000001b6 R11: 0000000000000202 R12: 00005626bfaa1460 R13: 00005626bfa77720 R14: 0000000000000008 R15: 00005626bfa5d910 task:udevd state:S stack:27952 pid:29119 ppid: 1178 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 schedule_hrtimeout_range_clock+0x343/0x390 kernel/time/hrtimer.c:2296 ep_poll fs/eventpoll.c:1878 [inline] do_epoll_wait+0x12ba/0x1950 fs/eventpoll.c:2256 __do_sys_epoll_wait fs/eventpoll.c:2268 [inline] __se_sys_epoll_wait fs/eventpoll.c:2263 [inline] __x64_sys_epoll_wait+0x158/0x270 fs/eventpoll.c:2263 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f97fc553e46 RSP: 002b:00007ffda966d968 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f97fc553e46 RDX: 0000000000000004 RSI: 00007ffda966d9a8 RDI: 0000000000000004 RBP: 00005626bfa83dc0 R08: 0000000000000007 R09: 00005626bfa66b70 R10: 00000000ffffffff R11: 0000000000000246 R12: 00005626bfa88030 R13: 00007ffda966d9a8 R14: 00000000ffffffff R15: 00005626bfa5d910 task:udevd state:S stack:28432 pid:29206 ppid: 1178 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 schedule_hrtimeout_range_clock+0x343/0x390 kernel/time/hrtimer.c:2296 ep_poll fs/eventpoll.c:1878 [inline] do_epoll_wait+0x12ba/0x1950 fs/eventpoll.c:2256 __do_sys_epoll_wait fs/eventpoll.c:2268 [inline] __se_sys_epoll_wait fs/eventpoll.c:2263 [inline] __x64_sys_epoll_wait+0x158/0x270 fs/eventpoll.c:2263 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f97fc553e46 RSP: 002b:00007ffda966d968 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f97fc553e46 RDX: 0000000000000004 RSI: 00007ffda966d9a8 RDI: 0000000000000004 RBP: 00005626bfa83190 R08: 0000000000000007 R09: 00005626bfa77720 R10: 00000000ffffffff R11: 0000000000000246 R12: 00005626bfa84f20 R13: 00007ffda966d9a8 R14: 00000000ffffffff R15: 00005626bfa5d910 task:udevd state:S stack:28560 pid:29435 ppid: 1178 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 schedule_hrtimeout_range_clock+0x343/0x390 kernel/time/hrtimer.c:2296 ep_poll fs/eventpoll.c:1878 [inline] do_epoll_wait+0x12ba/0x1950 fs/eventpoll.c:2256 __do_sys_epoll_wait fs/eventpoll.c:2268 [inline] __se_sys_epoll_wait fs/eventpoll.c:2263 [inline] __x64_sys_epoll_wait+0x158/0x270 fs/eventpoll.c:2263 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f97fc553e46 RSP: 002b:00007ffda966d968 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f97fc553e46 RDX: 0000000000000004 RSI: 00007ffda966d9a8 RDI: 0000000000000004 RBP: 00005626bfac8190 R08: 0000000000000007 R09: 00005626bfa72620 R10: 00000000ffffffff R11: 0000000000000246 R12: 00005626bfa8fb70 R13: 00007ffda966d9a8 R14: 00000000ffffffff R15: 00005626bfa5d910 task:kworker/0:5 state:I stack:24472 pid:29546 ppid: 2 flags:0x00004000 Workqueue: 0x0 (rcu_gp) Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 worker_thread+0x15c/0x1080 kernel/workqueue.c:2457 kthread+0x2ea/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 task:kworker/1:4 state:D stack:24752 pid:29626 ppid: 2 flags:0x00004000 Workqueue: usb_hub_wq hub_event Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1935 schedule_timeout_uninterruptible kernel/time/timer.c:1969 [inline] msleep+0xb2/0xf0 kernel/time/timer.c:2091 hub_port_debounce+0x1b9/0x3b0 drivers/usb/core/hub.c:4569 hub_port_debounce_be_stable drivers/usb/core/hub.h:170 [inline] hub_port_connect drivers/usb/core/hub.c:5209 [inline] hub_port_connect_change drivers/usb/core/hub.c:5497 [inline] port_event drivers/usb/core/hub.c:5653 [inline] hub_event+0x323a/0x4610 drivers/usb/core/hub.c:5735 process_one_work+0x991/0x1610 kernel/workqueue.c:2289 process_scheduled_works kernel/workqueue.c:2352 [inline] worker_thread+0x854/0x1080 kernel/workqueue.c:2438 kthread+0x2ea/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 task:udevd state:S stack:28560 pid:29652 ppid: 1178 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 schedule_hrtimeout_range_clock+0x343/0x390 kernel/time/hrtimer.c:2296 ep_poll fs/eventpoll.c:1878 [inline] do_epoll_wait+0x12ba/0x1950 fs/eventpoll.c:2256 __do_sys_epoll_wait fs/eventpoll.c:2268 [inline] __se_sys_epoll_wait fs/eventpoll.c:2263 [inline] __x64_sys_epoll_wait+0x158/0x270 fs/eventpoll.c:2263 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f97fc553e46 RSP: 002b:00007ffda966d968 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f97fc553e46 RDX: 0000000000000004 RSI: 00007ffda966d9a8 RDI: 0000000000000004 RBP: 00005626bfac8190 R08: 0000000000000007 R09: 00005626bfa81280 R10: 00000000ffffffff R11: 0000000000000246 R12: 00005626bfac8400 R13: 00007ffda966d9a8 R14: 00000000ffffffff R15: 00005626bfa5d910 task:syz-executor.3 state:S stack:28680 pid:31246 ppid: 7738 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 freezable_schedule include/linux/freezer.h:172 [inline] futex_wait_queue+0x144/0x3b0 kernel/futex/waitwake.c:355 futex_wait+0x28e/0x680 kernel/futex/waitwake.c:656 do_futex+0x1af/0x300 kernel/futex/syscalls.c:106 __do_sys_futex kernel/futex/syscalls.c:183 [inline] __se_sys_futex kernel/futex/syscalls.c:164 [inline] __x64_sys_futex+0x1b0/0x4a0 kernel/futex/syscalls.c:164 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f526c8a8279 RSP: 002b:00007ffcd6f720f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007f526c9baf8c RCX: 00007f526c8a8279 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f526c9baf8c RBP: 00007f526c9baf80 R08: 00007ffcd6fb1080 R09: 0000000000000000 R10: 00007ffcd6f721e0 R11: 0000000000000246 R12: 00000000001e652b R13: 00007ffcd6f721e0 R14: 00007ffcd6f72200 R15: 0000000000000bea task:syz-executor.3 state:S stack:29192 pid:31247 ppid: 7738 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1911 ___down_common kernel/locking/semaphore.c:225 [inline] __down_common+0x341/0x780 kernel/locking/semaphore.c:246 down_interruptible+0x7b/0xa0 kernel/locking/semaphore.c:87 raw_event_queue_fetch drivers/usb/gadget/legacy/raw_gadget.c:99 [inline] raw_ioctl_event_fetch drivers/usb/gadget/legacy/raw_gadget.c:588 [inline] raw_ioctl+0x100b/0x2740 drivers/usb/gadget/legacy/raw_gadget.c:1256 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f526c8a8037 RSP: 002b:00007f526c01c098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f526c01d110 RCX: 00007f526c8a8037 RDX: 00007f526c01d110 RSI: 0000000080085502 RDI: 0000000000000003 RBP: 0000000000000003 R08: 000000000000ffff R09: 000000000000000b R10: 00007f526c01c140 R11: 0000000000000246 R12: 0000000800000000 R13: 0000000000000000 R14: 0000000020000080 R15: 00007f526c90dd1d task:syz-executor.2 state:S stack:28680 pid:31248 ppid: 1313 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 freezable_schedule include/linux/freezer.h:172 [inline] futex_wait_queue+0x144/0x3b0 kernel/futex/waitwake.c:355 futex_wait+0x28e/0x680 kernel/futex/waitwake.c:656 do_futex+0x1af/0x300 kernel/futex/syscalls.c:106 __do_sys_futex kernel/futex/syscalls.c:183 [inline] __se_sys_futex kernel/futex/syscalls.c:164 [inline] __x64_sys_futex+0x1b0/0x4a0 kernel/futex/syscalls.c:164 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fbaa4953279 RSP: 002b:00007ffe59e4e868 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007fbaa4a65f8c RCX: 00007fbaa4953279 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbaa4a65f8c RBP: 00007fbaa4a65f80 R08: 00007ffe59ea3080 R09: 0000000000000000 R10: 00007ffe59e4e950 R11: 0000000000000246 R12: 00000000001e6581 R13: 00007ffe59e4e950 R14: 00007ffe59e4e970 R15: 0000000000000bea task:syz-executor.2 state:S stack:29088 pid:31257 ppid: 1313 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1911 ___down_common kernel/locking/semaphore.c:225 [inline] __down_common+0x341/0x780 kernel/locking/semaphore.c:246 down_interruptible+0x7b/0xa0 kernel/locking/semaphore.c:87 raw_event_queue_fetch drivers/usb/gadget/legacy/raw_gadget.c:99 [inline] raw_ioctl_event_fetch drivers/usb/gadget/legacy/raw_gadget.c:588 [inline] raw_ioctl+0x100b/0x2740 drivers/usb/gadget/legacy/raw_gadget.c:1256 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fbaa4953037 RSP: 002b:00007fbaa40c7098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fbaa40c8110 RCX: 00007fbaa4953037 RDX: 00007fbaa40c8110 RSI: 0000000080085502 RDI: 0000000000000003 RBP: 0000000000000003 R08: 000000000000ffff R09: 000000000000000b R10: 00007fbaa40c7140 R11: 0000000000000246 R12: 0000000800000000 R13: 0000000000000000 R14: 0000000020000880 R15: 00007fbaa49b8d1d task:syz-executor.0 state:S stack:28680 pid:31249 ppid: 24840 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 freezable_schedule include/linux/freezer.h:172 [inline] futex_wait_queue+0x144/0x3b0 kernel/futex/waitwake.c:355 futex_wait+0x28e/0x680 kernel/futex/waitwake.c:656 do_futex+0x1af/0x300 kernel/futex/syscalls.c:106 __do_sys_futex kernel/futex/syscalls.c:183 [inline] __se_sys_futex kernel/futex/syscalls.c:164 [inline] __x64_sys_futex+0x1b0/0x4a0 kernel/futex/syscalls.c:164 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fd1d0603279 RSP: 002b:00007ffe2326dae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007fd1d071605c RCX: 00007fd1d0603279 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd1d071605c RBP: 00007fd1d0715f80 R08: 00007ffe2337d080 R09: 00000000000000d0 R10: 00007ffe2326dbd0 R11: 0000000000000246 R12: 00000000001e654b R13: 00007ffe2326dbd0 R14: 00007ffe2326dbf0 R15: 0000000000000bea task:syz-executor.0 state:S stack:30392 pid:31250 ppid: 24840 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 freezable_schedule include/linux/freezer.h:172 [inline] futex_wait_queue+0x144/0x3b0 kernel/futex/waitwake.c:355 futex_wait+0x28e/0x680 kernel/futex/waitwake.c:656 do_futex+0x1af/0x300 kernel/futex/syscalls.c:106 __do_sys_futex kernel/futex/syscalls.c:183 [inline] __se_sys_futex kernel/futex/syscalls.c:164 [inline] __x64_sys_futex+0x1b0/0x4a0 kernel/futex/syscalls.c:164 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fd1d0603279 RSP: 002b:00007fd1cfd79218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007fd1d0715f88 RCX: 00007fd1d0603279 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd1d0715f88 RBP: 00007fd1d0715f80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd1d0715f8c R13: 00007ffe2326da6f R14: 00007fd1cfd79300 R15: 0000000000022000 task:syz-executor.0 state:S stack:29192 pid:31251 ppid: 24840 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1911 ___down_common kernel/locking/semaphore.c:225 [inline] __down_common+0x341/0x780 kernel/locking/semaphore.c:246 down_interruptible+0x7b/0xa0 kernel/locking/semaphore.c:87 raw_event_queue_fetch drivers/usb/gadget/legacy/raw_gadget.c:99 [inline] raw_ioctl_event_fetch drivers/usb/gadget/legacy/raw_gadget.c:588 [inline] raw_ioctl+0x100b/0x2740 drivers/usb/gadget/legacy/raw_gadget.c:1256 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fd1d0603037 RSP: 002b:00007fd1cfd56098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fd1cfd57110 RCX: 00007fd1d0603037 RDX: 00007fd1cfd57110 RSI: 0000000080085502 RDI: 0000000000000003 RBP: 0000000000000003 R08: 000000000000ffff R09: 000000000000000b R10: 00007fd1cfd56140 R11: 0000000000000246 R12: 0000000800000000 R13: 0000000000000000 R14: 0000000020000000 R15: 00007fd1d0668d1d task:syz-executor.1 state:S stack:28680 pid:31252 ppid: 1309 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 freezable_schedule include/linux/freezer.h:172 [inline] futex_wait_queue+0x144/0x3b0 kernel/futex/waitwake.c:355 futex_wait+0x28e/0x680 kernel/futex/waitwake.c:656 do_futex+0x1af/0x300 kernel/futex/syscalls.c:106 __do_sys_futex kernel/futex/syscalls.c:183 [inline] __se_sys_futex kernel/futex/syscalls.c:164 [inline] __x64_sys_futex+0x1b0/0x4a0 kernel/futex/syscalls.c:164 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f2ee62dc279 RSP: 002b:00007fff67c975f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007f2ee63eef8c RCX: 00007f2ee62dc279 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2ee63eef8c RBP: 00007f2ee63eef80 R08: 00007fff67de3080 R09: 0000000000000000 R10: 00007fff67c976e0 R11: 0000000000000246 R12: 00000000001e6558 R13: 00007fff67c976e0 R14: 00007fff67c97700 R15: 0000000000000bea task:syz-executor.1 state:S stack:29192 pid:31253 ppid: 1309 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1911 ___down_common kernel/locking/semaphore.c:225 [inline] __down_common+0x341/0x780 kernel/locking/semaphore.c:246 down_interruptible+0x7b/0xa0 kernel/locking/semaphore.c:87 raw_event_queue_fetch drivers/usb/gadget/legacy/raw_gadget.c:99 [inline] raw_ioctl_event_fetch drivers/usb/gadget/legacy/raw_gadget.c:588 [inline] raw_ioctl+0x100b/0x2740 drivers/usb/gadget/legacy/raw_gadget.c:1256 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f2ee62dc037 RSP: 002b:00007f2ee5a50098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f2ee5a51110 RCX: 00007f2ee62dc037 RDX: 00007f2ee5a51110 RSI: 0000000080085502 RDI: 0000000000000003 RBP: 0000000000000003 R08: 000000000000ffff R09: 000000000000000b R10: 00007f2ee5a50140 R11: 0000000000000246 R12: 0000000800000000 R13: 0000000000000000 R14: 0000000020000000 R15: 00007f2ee6341d1d task:syz-executor.4 state:S stack:28680 pid:31254 ppid: 1319 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 freezable_schedule include/linux/freezer.h:172 [inline] futex_wait_queue+0x144/0x3b0 kernel/futex/waitwake.c:355 futex_wait+0x28e/0x680 kernel/futex/waitwake.c:656 do_futex+0x1af/0x300 kernel/futex/syscalls.c:106 __do_sys_futex kernel/futex/syscalls.c:183 [inline] __se_sys_futex kernel/futex/syscalls.c:164 [inline] __x64_sys_futex+0x1b0/0x4a0 kernel/futex/syscalls.c:164 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f4a2f98d279 RSP: 002b:00007ffed97bddc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007f4a2fa9ff8c RCX: 00007f4a2f98d279 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4a2fa9ff8c RBP: 00007f4a2fa9ff80 R08: 00007ffed97e3080 R09: 0000000000000000 R10: 00007ffed97bdeb0 R11: 0000000000000246 R12: 00000000001e656c R13: 00007ffed97bdeb0 R14: 00007ffed97bded0 R15: 0000000000000bea task:syz-executor.4 state:S stack:29192 pid:31255 ppid: 1319 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1911 ___down_common kernel/locking/semaphore.c:225 [inline] __down_common+0x341/0x780 kernel/locking/semaphore.c:246 down_interruptible+0x7b/0xa0 kernel/locking/semaphore.c:87 raw_event_queue_fetch drivers/usb/gadget/legacy/raw_gadget.c:99 [inline] raw_ioctl_event_fetch drivers/usb/gadget/legacy/raw_gadget.c:588 [inline] raw_ioctl+0x100b/0x2740 drivers/usb/gadget/legacy/raw_gadget.c:1256 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f4a2f98d037 RSP: 002b:00007f4a2f101098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f4a2f102110 RCX: 00007f4a2f98d037 RDX: 00007f4a2f102110 RSI: 0000000080085502 RDI: 0000000000000003 RBP: 0000000000000003 R08: 000000000000ffff R09: 000000000000000b R10: 00007f4a2f101140 R11: 0000000000000246 R12: 0000000800000000 R13: 0000000000000000 R14: 0000000020000000 R15: 00007f4a2f9f2d1d task:syz-executor.5 state:S stack:28680 pid:31256 ppid: 1305 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 freezable_schedule include/linux/freezer.h:172 [inline] do_nanosleep+0x197/0x690 kernel/time/hrtimer.c:2044 hrtimer_nanosleep+0x1f9/0x4a0 kernel/time/hrtimer.c:2097 common_nsleep+0xa2/0xc0 kernel/time/posix-timers.c:1236 __do_sys_clock_nanosleep kernel/time/posix-timers.c:1276 [inline] __se_sys_clock_nanosleep kernel/time/posix-timers.c:1254 [inline] __x64_sys_clock_nanosleep+0x2f4/0x430 kernel/time/posix-timers.c:1254 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5aa735cfa1 RSP: 002b:00007fffff62bd60 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f5aa735cfa1 RDX: 00007fffff62bda0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000001 R08: 0000000000000000 R09: 00007f5aa744fc38 R10: 0000000000000000 R11: 0000000000000293 R12: 00000000001e6593 R13: 00007fffff62beb0 R14: 00007f5aa744af80 R15: 000000000000015e task:syz-executor.5 state:S stack:30064 pid:31258 ppid: 1305 flags:0x00000000 Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0x93f/0x26f0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 freezable_schedule include/linux/freezer.h:172 [inline] futex_wait_queue+0x144/0x3b0 kernel/futex/waitwake.c:355 futex_wait+0x28e/0x680 kernel/futex/waitwake.c:656 do_futex+0x1af/0x300 kernel/futex/syscalls.c:106 __do_sys_futex kernel/futex/syscalls.c:183 [inline] __se_sys_futex kernel/futex/syscalls.c:164 [inline] __x64_sys_futex+0x1b0/0x4a0 kernel/futex/syscalls.c:164 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5aa7338279 RSP: 002b:00007f5aa6aae218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007f5aa744af88 RCX: 00007f5aa7338279 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5aa744af88 RBP: 00007f5aa744af80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5aa744af8c R13: 00007fffff62bd4f R14: 00007f5aa6aae300 R15: 0000000000022000 INFO: lockdep is turned off. ---------------- Code disassembly (best guess): 0: 01 d0 add %edx,%eax 2: 48 d1 f8 sar %rax 5: 48 8d 5c 85 00 lea 0x0(%rbp,%rax,4),%rbx a: 48 89 d8 mov %rbx,%rax d: 48 c1 e8 03 shr $0x3,%rax 11: 42 0f b6 14 38 movzbl (%rax,%r15,1),%edx 16: 48 89 d8 mov %rbx,%rax 19: 83 e0 07 and $0x7,%eax 1c: 83 c0 03 add $0x3,%eax 1f: 38 d0 cmp %dl,%al 21: 7c 04 jl 0x27 23: 84 d2 test %dl,%dl 25: 75 48 jne 0x6f 27: 48 63 03 movslq (%rbx),%rax * 2a: 48 01 d8 add %rbx,%rax <-- trapping instruction 2d: 48 39 c1 cmp %rax,%rcx 30: 73 b0 jae 0xffffffe2 32: 4c 8d 63 fc lea -0x4(%rbx),%r12 36: 49 39 ec cmp %rbp,%r12 39: 73 b3 jae 0xffffffee 3b: 4d 29 ee sub %r13,%r14 3e: 49 rex.WB 3f: c1 .byte 0xc1