Warning: Permanently added '10.128.0.250' (ED25519) to the list of known hosts. 2024/12/15 02:11:11 ignoring optional flag "sandboxArg"="0" 2024/12/15 02:11:11 parsed 1 programs [ 55.519941][ T1888] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/12/15 02:11:16 executed programs: 0 [ 60.716925][ T2771] [ 60.719252][ T2771] ===================================================== [ 60.726155][ T2771] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 60.733588][ T2771] 5.16.0-rc6-syzkaller #0 Not tainted [ 60.738918][ T2771] ----------------------------------------------------- [ 60.745813][ T2771] syz.3.15/2771 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 60.753255][ T2771] ffff888178ea2080 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x7a/0x1e0 [ 60.761847][ T2771] [ 60.761847][ T2771] and this task is already holding: [ 60.769276][ T2771] ffff88817a1bd828 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0x5e/0x230 [ 60.779751][ T2771] which would create a new lock dependency: [ 60.785628][ T2771] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 60.793857][ T2771] [ 60.793857][ T2771] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 60.803289][ T2771] (&dev->event_lock){..-.}-{2:2} [ 60.803293][ T2771] [ 60.803293][ T2771] ... which became SOFTIRQ-irq-safe at: [ 60.815962][ T2771] lock_acquire+0xc9/0x300 [ 60.820553][ T2771] _raw_spin_lock_irqsave+0x39/0x50 [ 60.825821][ T2771] input_inject_event+0x3f/0x1c0 [ 60.830909][ T2771] led_trigger_event+0x65/0x110 [ 60.835817][ T2771] kbd_bh+0xa3/0xe0 [ 60.839689][ T2771] tasklet_action_common.constprop.0+0xd2/0xf0 [ 60.845922][ T2771] __do_softirq+0x16e/0x4db [ 60.850677][ T2771] run_ksoftirqd+0x2d/0x40 [ 60.855309][ T2771] smpboot_thread_fn+0x183/0x220 [ 60.860316][ T2771] kthread+0x15b/0x180 [ 60.864442][ T2771] ret_from_fork+0x22/0x30 [ 60.869011][ T2771] [ 60.869011][ T2771] to a SOFTIRQ-irq-unsafe lock: [ 60.876027][ T2771] (tasklist_lock){.+.+}-{2:2} [ 60.876033][ T2771] [ 60.876033][ T2771] ... which became SOFTIRQ-irq-unsafe at: [ 60.889095][ T2771] ... [ 60.889098][ T2771] lock_acquire+0xc9/0x300 [ 60.896129][ T2771] _raw_read_lock+0x5b/0x70 [ 60.900683][ T2771] do_wait+0x9e/0x360 [ 60.904713][ T2771] kernel_wait+0x44/0x80 [ 60.909048][ T2771] call_usermodehelper_exec_work+0x5c/0xa0 [ 60.914903][ T2771] process_one_work+0x258/0x540 [ 60.920003][ T2771] worker_thread+0x4d/0x330 [ 60.924568][ T2771] kthread+0x15b/0x180 [ 60.928770][ T2771] ret_from_fork+0x22/0x30 [ 60.933317][ T2771] [ 60.933317][ T2771] other info that might help us debug this: [ 60.933317][ T2771] [ 60.943803][ T2771] Chain exists of: [ 60.943803][ T2771] &dev->event_lock --> &client->buffer_lock --> tasklist_lock [ 60.943803][ T2771] [ 60.957147][ T2771] Possible interrupt unsafe locking scenario: [ 60.957147][ T2771] [ 60.965432][ T2771] CPU0 CPU1 [ 60.970761][ T2771] ---- ---- [ 60.976106][ T2771] lock(tasklist_lock); [ 60.980315][ T2771] local_irq_disable(); [ 60.987128][ T2771] lock(&dev->event_lock); [ 60.994119][ T2771] lock(&client->buffer_lock); [ 61.001561][ T2771] [ 61.005015][ T2771] lock(&dev->event_lock); [ 61.010070][ T2771] [ 61.010070][ T2771] *** DEADLOCK *** [ 61.010070][ T2771] [ 61.018183][ T2771] 7 locks held by syz.3.15/2771: [ 61.023187][ T2771] #0: ffff888109fe8110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x72/0x150 [ 61.032364][ T2771] #1: ffff88810438b230 (&dev->event_lock){..-.}-{2:2}, at: input_inject_event+0x3f/0x1c0 [ 61.042257][ T2771] #2: ffffffff82fdcc60 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x2a/0x1c0 [ 61.051870][ T2771] #3: ffffffff82fdcc60 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x260 [ 61.062426][ T2771] #4: ffffffff82fdcc60 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x0/0x1c0 [ 61.071424][ T2771] #5: ffff88817a1bd828 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0x5e/0x230 [ 61.082273][ T2771] #6: ffffffff82fdcc60 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0xa/0x1e0 [ 61.091355][ T2771] [ 61.091355][ T2771] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 61.101739][ T2771] -> (&dev->event_lock){..-.}-{2:2} { [ 61.107161][ T2771] IN-SOFTIRQ-W at: [ 61.111192][ T2771] lock_acquire+0xc9/0x300 [ 61.117393][ T2771] _raw_spin_lock_irqsave+0x39/0x50 [ 61.124381][ T2771] input_inject_event+0x3f/0x1c0 [ 61.131105][ T2771] led_trigger_event+0x65/0x110 [ 61.137740][ T2771] kbd_bh+0xa3/0xe0 [ 61.143339][ T2771] tasklet_action_common.constprop.0+0xd2/0xf0 [ 61.151281][ T2771] __do_softirq+0x16e/0x4db [ 61.157896][ T2771] run_ksoftirqd+0x2d/0x40 [ 61.164113][ T2771] smpboot_thread_fn+0x183/0x220 [ 61.170842][ T2771] kthread+0x15b/0x180 [ 61.176697][ T2771] ret_from_fork+0x22/0x30 [ 61.182901][ T2771] INITIAL USE at: [ 61.186843][ T2771] lock_acquire+0xc9/0x300 [ 61.192980][ T2771] _raw_spin_lock_irqsave+0x39/0x50 [ 61.200097][ T2771] input_inject_event+0x3f/0x1c0 [ 61.206760][ T2771] led_trigger_event+0x65/0x110 [ 61.213523][ T2771] kbd_led_trigger_activate+0x42/0x50 [ 61.220598][ T2771] led_trigger_set+0x1ef/0x2e0 [ 61.227158][ T2771] led_trigger_set_default+0x91/0xb0 [ 61.234166][ T2771] led_classdev_register_ext+0x245/0x2d0 [ 61.241525][ T2771] input_leds_connect+0x172/0x2c0 [ 61.248536][ T2771] input_attach_handler+0x75/0x90 [ 61.255258][ T2771] input_register_device.cold+0xa1/0x150 [ 61.262591][ T2771] atkbd_connect+0x299/0x380 [ 61.268899][ T2771] serio_driver_probe+0x33/0x50 [ 61.275473][ T2771] really_probe+0xc5/0x3c0 [ 61.281603][ T2771] __driver_probe_device+0xf9/0x170 [ 61.288499][ T2771] driver_probe_device+0x19/0x90 [ 61.295219][ T2771] __driver_attach+0xbf/0x1d0 [ 61.301797][ T2771] bus_for_each_dev+0x78/0xc0 [ 61.308477][ T2771] serio_handle_event+0x11f/0x2d0 [ 61.315292][ T2771] process_one_work+0x258/0x540 [ 61.321939][ T2771] worker_thread+0x4d/0x330 [ 61.328257][ T2771] kthread+0x15b/0x180 [ 61.334049][ T2771] ret_from_fork+0x22/0x30 [ 61.340177][ T2771] } [ 61.342744][ T2771] ... key at: [] __key.7+0x0/0x10 [ 61.349903][ T2771] -> (&client->buffer_lock){....}-{2:2} { [ 61.355672][ T2771] INITIAL USE at: [ 61.359637][ T2771] lock_acquire+0xc9/0x300 [ 61.365722][ T2771] _raw_spin_lock+0x2a/0x40 [ 61.371886][ T2771] evdev_pass_values.part.0+0x5e/0x230 [ 61.379011][ T2771] evdev_events+0x19c/0x1c0 [ 61.385056][ T2771] input_to_handler+0x90/0xf0 [ 61.391278][ T2771] input_pass_values.part.0+0x17f/0x260 [ 61.398375][ T2771] input_handle_event+0x1eb/0x5e0 [ 61.404952][ T2771] input_inject_event+0x1b2/0x1c0 [ 61.411504][ T2771] evdev_write+0xe7/0x150 [ 61.417378][ T2771] vfs_write+0xbf/0x370 [ 61.423297][ T2771] ksys_write+0xae/0xe0 [ 61.429035][ T2771] do_syscall_64+0x3c/0x90 [ 61.435666][ T2771] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 61.443322][ T2771] } [ 61.445792][ T2771] ... key at: [] __key.1+0x0/0x10 [ 61.452890][ T2771] ... acquired at: [ 61.456664][ T2771] _raw_spin_lock+0x2a/0x40 [ 61.461306][ T2771] evdev_pass_values.part.0+0x5e/0x230 [ 61.466930][ T2771] evdev_events+0x19c/0x1c0 [ 61.471584][ T2771] input_to_handler+0x90/0xf0 [ 61.476403][ T2771] input_pass_values.part.0+0x17f/0x260 [ 61.482576][ T2771] input_handle_event+0x1eb/0x5e0 [ 61.487749][ T2771] input_inject_event+0x1b2/0x1c0 [ 61.492919][ T2771] evdev_write+0xe7/0x150 [ 61.497396][ T2771] vfs_write+0xbf/0x370 [ 61.501694][ T2771] ksys_write+0xae/0xe0 [ 61.506100][ T2771] do_syscall_64+0x3c/0x90 [ 61.510923][ T2771] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 61.517158][ T2771] [ 61.519477][ T2771] [ 61.519477][ T2771] the dependencies between the lock to be acquired [ 61.519479][ T2771] and SOFTIRQ-irq-unsafe lock: [ 61.533105][ T2771] -> (tasklist_lock){.+.+}-{2:2} { [ 61.538356][ T2771] HARDIRQ-ON-R at: [ 61.542874][ T2771] lock_acquire+0xc9/0x300 [ 61.549268][ T2771] _raw_read_lock+0x5b/0x70 [ 61.555824][ T2771] do_wait+0x9e/0x360 [ 61.561923][ T2771] kernel_wait+0x44/0x80 [ 61.568160][ T2771] call_usermodehelper_exec_work+0x5c/0xa0 [ 61.575948][ T2771] process_one_work+0x258/0x540 [ 61.582919][ T2771] worker_thread+0x4d/0x330 [ 61.589499][ T2771] kthread+0x15b/0x180 [ 61.595527][ T2771] ret_from_fork+0x22/0x30 [ 61.601916][ T2771] SOFTIRQ-ON-R at: [ 61.606060][ T2771] lock_acquire+0xc9/0x300 [ 61.612435][ T2771] _raw_read_lock+0x5b/0x70 [ 61.618894][ T2771] do_wait+0x9e/0x360 [ 61.624834][ T2771] kernel_wait+0x44/0x80 [ 61.631045][ T2771] call_usermodehelper_exec_work+0x5c/0xa0 [ 61.638951][ T2771] process_one_work+0x258/0x540 [ 61.646111][ T2771] worker_thread+0x4d/0x330 [ 61.652728][ T2771] kthread+0x15b/0x180 [ 61.658862][ T2771] ret_from_fork+0x22/0x30 [ 61.665805][ T2771] INITIAL USE at: [ 61.669896][ T2771] lock_acquire+0xc9/0x300 [ 61.676205][ T2771] _raw_write_lock_irq+0x32/0x50 [ 61.683165][ T2771] copy_process+0x14af/0x1f30 [ 61.689870][ T2771] kernel_clone+0x96/0x3e0 [ 61.696172][ T2771] kernel_thread+0x50/0x70 [ 61.702480][ T2771] rest_init+0x19/0x250 [ 61.708518][ T2771] start_kernel+0x577/0x59c [ 61.714927][ T2771] secondary_startup_64_no_verify+0xb0/0xbb [ 61.722729][ T2771] INITIAL READ USE at: [ 61.727218][ T2771] lock_acquire+0xc9/0x300 [ 61.733954][ T2771] _raw_read_lock+0x5b/0x70 [ 61.740775][ T2771] do_wait+0x9e/0x360 [ 61.747165][ T2771] kernel_wait+0x44/0x80 [ 61.753844][ T2771] call_usermodehelper_exec_work+0x5c/0xa0 [ 61.761972][ T2771] process_one_work+0x258/0x540 [ 61.769290][ T2771] worker_thread+0x4d/0x330 [ 61.776278][ T2771] kthread+0x15b/0x180 [ 61.782797][ T2771] ret_from_fork+0x22/0x30 [ 61.789589][ T2771] } [ 61.792253][ T2771] ... key at: [] tasklist_lock+0x18/0x40 [ 61.800118][ T2771] ... acquired at: [ 61.804068][ T2771] _raw_read_lock+0x5b/0x70 [ 61.808722][ T2771] send_sigio+0x44/0x1b0 [ 61.813117][ T2771] kill_fasync+0xa8/0x1e0 [ 61.817670][ T2771] lease_break_callback+0x16/0x20 [ 61.822826][ T2771] __break_lease+0x18d/0x920 [ 61.827552][ T2771] vfs_truncate+0xea/0x150 [ 61.832347][ T2771] do_sys_truncate.part.0+0x85/0xa0 [ 61.837694][ T2771] do_syscall_64+0x3c/0x90 [ 61.842256][ T2771] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 61.848286][ T2771] [ 61.850664][ T2771] -> (&f->f_owner.lock){....}-{2:2} { [ 61.856176][ T2771] INITIAL USE at: [ 61.860132][ T2771] lock_acquire+0xc9/0x300 [ 61.866415][ T2771] _raw_write_lock_irq+0x32/0x50 [ 61.873190][ T2771] f_modown+0x23/0xf0 [ 61.878909][ T2771] generic_setlease+0x7a8/0x980 [ 61.885570][ T2771] fcntl_setlease+0x75/0x130 [ 61.892095][ T2771] do_fcntl+0x5ac/0x820 [ 61.898076][ T2771] __x64_sys_fcntl+0x89/0xb0 [ 61.904552][ T2771] do_syscall_64+0x3c/0x90 [ 61.910702][ T2771] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 61.918404][ T2771] INITIAL READ USE at: [ 61.922782][ T2771] lock_acquire+0xc9/0x300 [ 61.929336][ T2771] _raw_read_lock_irq+0x63/0x80 [ 61.936331][ T2771] f_getown+0x16/0x120 [ 61.942537][ T2771] sock_ioctl+0x9e/0x300 [ 61.948979][ T2771] __x64_sys_ioctl+0x7e/0xb0 [ 61.955817][ T2771] do_syscall_64+0x3c/0x90 [ 61.962468][ T2771] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 61.970588][ T2771] } [ 61.973262][ T2771] ... key at: [] __key.3+0x0/0x10 [ 61.980429][ T2771] ... acquired at: [ 61.984924][ T2771] _raw_read_lock_irqsave+0x70/0x90 [ 61.990262][ T2771] send_sigio+0x1c/0x1b0 [ 61.994776][ T2771] kill_fasync+0xa8/0x1e0 [ 61.999425][ T2771] lease_break_callback+0x16/0x20 [ 62.004652][ T2771] __break_lease+0x18d/0x920 [ 62.009482][ T2771] vfs_truncate+0xea/0x150 [ 62.014207][ T2771] do_sys_truncate.part.0+0x85/0xa0 [ 62.019591][ T2771] do_syscall_64+0x3c/0x90 [ 62.024152][ T2771] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 62.030194][ T2771] [ 62.032493][ T2771] -> (&new->fa_lock){....}-{2:2} { [ 62.037791][ T2771] INITIAL READ USE at: [ 62.042192][ T2771] lock_acquire+0xc9/0x300 [ 62.048581][ T2771] _raw_read_lock_irqsave+0x70/0x90 [ 62.055746][ T2771] kill_fasync+0x7a/0x1e0 [ 62.062211][ T2771] lease_break_callback+0x16/0x20 [ 62.069294][ T2771] __break_lease+0x18d/0x920 [ 62.076367][ T2771] vfs_truncate+0xea/0x150 [ 62.082967][ T2771] do_sys_truncate.part.0+0x85/0xa0 [ 62.090695][ T2771] do_syscall_64+0x3c/0x90 [ 62.097082][ T2771] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 62.104959][ T2771] } [ 62.107639][ T2771] ... key at: [] __key.0+0x0/0x10 [ 62.114724][ T2771] ... acquired at: [ 62.118943][ T2771] lock_acquire+0xc9/0x300 [ 62.123514][ T2771] _raw_read_lock_irqsave+0x70/0x90 [ 62.128980][ T2771] kill_fasync+0x7a/0x1e0 [ 62.133592][ T2771] evdev_pass_values.part.0+0x1a5/0x230 [ 62.139548][ T2771] evdev_events+0x19c/0x1c0 [ 62.144292][ T2771] input_to_handler+0x90/0xf0 [ 62.149706][ T2771] input_pass_values.part.0+0x17f/0x260 [ 62.155409][ T2771] input_handle_event+0x1eb/0x5e0 [ 62.160584][ T2771] input_inject_event+0x1b2/0x1c0 [ 62.166264][ T2771] evdev_write+0xe7/0x150 [ 62.170742][ T2771] vfs_write+0xbf/0x370 [ 62.175185][ T2771] ksys_write+0xae/0xe0 [ 62.179481][ T2771] do_syscall_64+0x3c/0x90 [ 62.184053][ T2771] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 62.190083][ T2771] [ 62.192399][ T2771] [ 62.192399][ T2771] stack backtrace: [ 62.198358][ T2771] CPU: 0 PID: 2771 Comm: syz.3.15 Not tainted 5.16.0-rc6-syzkaller #0 [ 62.206490][ T2771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 62.217601][ T2771] Call Trace: [ 62.221553][ T2771] [ 62.224859][ T2771] dump_stack_lvl+0x57/0x7d [ 62.229498][ T2771] check_irq_usage.cold+0x251/0x256 [ 62.234862][ T2771] ? check_noncircular+0x77/0xe0 [ 62.239776][ T2771] ? register_lock_class+0x43/0x4c0 [ 62.245164][ T2771] ? update_load_avg+0x6d/0x620 [ 62.249993][ T2771] __lock_acquire+0xfdc/0x1840 [ 62.254898][ T2771] lock_acquire+0xc9/0x300 [ 62.259275][ T2771] ? kill_fasync+0x7a/0x1e0 [ 62.263896][ T2771] _raw_read_lock_irqsave+0x70/0x90 [ 62.269161][ T2771] ? kill_fasync+0x7a/0x1e0 [ 62.274162][ T2771] kill_fasync+0x7a/0x1e0 [ 62.278684][ T2771] evdev_pass_values.part.0+0x1a5/0x230 [ 62.284200][ T2771] evdev_events+0x19c/0x1c0 [ 62.288683][ T2771] input_to_handler+0x90/0xf0 [ 62.293371][ T2771] input_pass_values.part.0+0x17f/0x260 [ 62.298894][ T2771] input_handle_event+0x1eb/0x5e0 [ 62.303897][ T2771] input_inject_event+0x1b2/0x1c0 [ 62.308893][ T2771] evdev_write+0xe7/0x150 [ 62.313186][ T2771] vfs_write+0xbf/0x370 [ 62.317307][ T2771] ksys_write+0xae/0xe0 [ 62.321426][ T2771] ? lockdep_hardirqs_on+0x77/0xc0 [ 62.326624][ T2771] do_syscall_64+0x3c/0x90 [ 62.331100][ T2771] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 62.337136][ T2771] RIP: 0033:0x7f4e2e52d809 [ 62.341524][ T2771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.361367][ T2771] RSP: 002b:00007f4e2df8b058 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 62.370281][ T2771] RAX: ffffffffffffffda RBX: 00007f4e2e6f3080 RCX: 00007f4e2e52d809 [ 62.378226][ T2771] RDX: 0000000000001068 RSI: 0000000020000040 RDI: 0000000000000008 [ 62.386267][ T2771] RBP: 00007f4e2e5a093e R08: 0000000000000000 R09: 0000000000000000 [ 62.394360][ T2771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 62.402305][ T2771] R13: 0000000000000000 R14: 00007f4e2e6f3080 R15: 00007ffea23554d8 [ 62.410398][ T2771] 2024/12/15 02:11:21 executed programs: 3 2024/12/15 02:11:27 executed programs: 5