syzbot |
sign-in | mailing list | source | docs |
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
syzkaller #0 Not tainted
-----------------------------------------------------
syz.1.6073/21779 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffff88807c02f948 (&new->fa_lock){....}-{3:3}, at: kill_fasync_rcu fs/fcntl.c:1122 [inline]
ffff88807c02f948 (&new->fa_lock){....}-{3:3}, at: kill_fasync fs/fcntl.c:1146 [inline]
ffff88807c02f948 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 fs/fcntl.c:1139
and this task is already holding:
ffff888053e8a028 (&client->buffer_lock){..-.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff888053e8a028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 drivers/input/evdev.c:261
which would create a new lock dependency:
(&client->buffer_lock){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&client->buffer_lock){..-.}-{3:3}
... which became SOFTIRQ-irq-safe at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
evdev_pass_values+0x10e/0x9b0 drivers/input/evdev.c:261
evdev_events+0x1bb/0x390 drivers/input/evdev.c:306
input_pass_values+0x74e/0x880 drivers/input/input.c:128
input_event_dispose drivers/input/input.c:353 [inline]
input_handle_event+0xb29/0x14d0 drivers/input/input.c:370
input_event drivers/input/input.c:396 [inline]
input_event+0x8e/0xd0 drivers/input/input.c:391
hidinput_hid_event+0x90b/0x2440 drivers/hid/hid-input.c:1730
hid_process_event+0x4b7/0x5e0 drivers/hid/hid-core.c:1565
hid_process_report drivers/hid/hid-core.c:1713 [inline]
hid_report_raw_event+0xa0a/0x1290 drivers/hid/hid-core.c:2074
__hid_input_report.constprop.0+0x33f/0x450 drivers/hid/hid-core.c:2144
hid_irq_in+0x35e/0x870 drivers/hid/usbhid/hid-core.c:286
__usb_hcd_giveback_urb+0x38b/0x610 drivers/usb/core/hcd.c:1661
usb_hcd_giveback_urb+0x39b/0x450 drivers/usb/core/hcd.c:1745
dummy_timer+0x1809/0x3a00 drivers/usb/gadget/udc/dummy_hcd.c:1995
__run_hrtimer kernel/time/hrtimer.c:1777 [inline]
__hrtimer_run_queues+0x202/0xad0 kernel/time/hrtimer.c:1841
hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1858
handle_softirqs+0x219/0x8e0 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1052
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
to a SOFTIRQ-irq-unsafe lock:
(tasklist_lock){.+.+}-{3:3}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
__do_wait+0x105/0x890 kernel/exit.c:1667
do_wait+0x21d/0x590 kernel/exit.c:1711
kernel_wait+0x9f/0x160 kernel/exit.c:1887
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
other info that might help us debug this:
Chain exists of:
&client->buffer_lock --> &new->fa_lock --> tasklist_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(tasklist_lock);
local_irq_disable();
lock(&client->buffer_lock);
lock(&new->fa_lock);
<Interrupt>
lock(&client->buffer_lock);
*** DEADLOCK ***
7 locks held by syz.1.6073/21779:
#0: ffff888146f7b118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x206/0x750 drivers/input/evdev.c:511
#1: ffff8880213c8230 (&dev->event_lock#2){..-.}-{3:3}, at: class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline]
#1: ffff8880213c8230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 drivers/input/input.c:419
#2: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#2: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#2: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1195 [inline]
#2: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 drivers/input/input.c:420
#3: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#3: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#3: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1195 [inline]
#3: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 drivers/input/input.c:119
#4: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#4: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#4: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 drivers/input/evdev.c:298
#5: ffff888053e8a028 (&client->buffer_lock){..-.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
#5: ffff888053e8a028 (&client->buffer_lock){..-.}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 drivers/input/evdev.c:261
#6: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#6: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#6: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: kill_fasync fs/fcntl.c:1145 [inline]
#6: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 fs/fcntl.c:1139
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&client->buffer_lock){..-.}-{3:3} {
IN-SOFTIRQ-W at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
evdev_pass_values+0x10e/0x9b0 drivers/input/evdev.c:261
evdev_events+0x1bb/0x390 drivers/input/evdev.c:306
input_pass_values+0x74e/0x880 drivers/input/input.c:128
input_event_dispose drivers/input/input.c:353 [inline]
input_handle_event+0xb29/0x14d0 drivers/input/input.c:370
input_event drivers/input/input.c:396 [inline]
input_event+0x8e/0xd0 drivers/input/input.c:391
hidinput_hid_event+0x90b/0x2440 drivers/hid/hid-input.c:1730
hid_process_event+0x4b7/0x5e0 drivers/hid/hid-core.c:1565
hid_process_report drivers/hid/hid-core.c:1713 [inline]
hid_report_raw_event+0xa0a/0x1290 drivers/hid/hid-core.c:2074
__hid_input_report.constprop.0+0x33f/0x450 drivers/hid/hid-core.c:2144
hid_irq_in+0x35e/0x870 drivers/hid/usbhid/hid-core.c:286
__usb_hcd_giveback_urb+0x38b/0x610 drivers/usb/core/hcd.c:1661
usb_hcd_giveback_urb+0x39b/0x450 drivers/usb/core/hcd.c:1745
dummy_timer+0x1809/0x3a00 drivers/usb/gadget/udc/dummy_hcd.c:1995
__run_hrtimer kernel/time/hrtimer.c:1777 [inline]
__hrtimer_run_queues+0x202/0xad0 kernel/time/hrtimer.c:1841
hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1858
handle_softirqs+0x219/0x8e0 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1052
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
evdev_pass_values+0x10e/0x9b0 drivers/input/evdev.c:261
evdev_events+0x1bb/0x390 drivers/input/evdev.c:306
input_pass_values+0x74e/0x880 drivers/input/input.c:128
input_event_dispose drivers/input/input.c:342 [inline]
input_handle_event+0xf00/0x14d0 drivers/input/input.c:370
input_inject_event+0x1e8/0x3b0 drivers/input/input.c:424
evdev_write+0x457/0x750 drivers/input/evdev.c:528
vfs_write+0x2a0/0x11d0 fs/read_write.c:684
ksys_write+0x1f8/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9ae24fa0>] __key.83+0x0/0x40
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{3:3} {
HARDIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
__do_wait+0x105/0x890 kernel/exit.c:1667
do_wait+0x21d/0x590 kernel/exit.c:1711
kernel_wait+0x9f/0x160 kernel/exit.c:1887
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
SOFTIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
__do_wait+0x105/0x890 kernel/exit.c:1667
do_wait+0x21d/0x590 kernel/exit.c:1711
kernel_wait+0x9f/0x160 kernel/exit.c:1887
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326
copy_process+0x4fe3/0x76a0 kernel/fork.c:2327
kernel_clone+0xfc/0x930 kernel/fork.c:2609
user_mode_thread+0xc8/0x110 kernel/fork.c:2685
rest_init+0x23/0x2b0 init/main.c:722
start_kernel+0x3f6/0x4e0 init/main.c:1111
x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:310
x86_64_start_kernel+0x130/0x190 arch/x86/kernel/head64.c:291
common_startup_64+0x13e/0x148
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
__do_wait+0x105/0x890 kernel/exit.c:1667
do_wait+0x21d/0x590 kernel/exit.c:1711
kernel_wait+0x9f/0x160 kernel/exit.c:1887
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
}
... key at: [<ffffffff8e00c098>] tasklist_lock+0x18/0x40
... acquired at:
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
send_sigurg+0xed/0xc80 fs/fcntl.c:965
sk_send_sigurg+0x76/0x360 net/core/sock.c:3609
queue_oob net/unix/af_unix.c:2380 [inline]
unix_stream_sendmsg+0xfa5/0x1340 net/unix/af_unix.c:2516
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
____sys_sendmsg+0xa98/0xc70 net/socket.c:2630
___sys_sendmsg+0x134/0x1d0 net/socket.c:2684
__sys_sendmmsg+0x200/0x420 net/socket.c:2773
__do_sys_sendmmsg net/socket.c:2800 [inline]
__se_sys_sendmmsg net/socket.c:2797 [inline]
__x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2797
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> (&f_owner->lock){....}-{3:3} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326
__f_setown+0x61/0x3c0 fs/fcntl.c:136
generic_add_lease fs/locks.c:1874 [inline]
generic_setlease fs/locks.c:1942 [inline]
generic_setlease+0xef2/0x1300 fs/locks.c:1929
kernel_setlease+0x106/0x140 fs/locks.c:1991
vfs_setlease+0x258/0x2d0 fs/locks.c:2026
do_fcntl_add_lease fs/locks.c:2047 [inline]
fcntl_setlease+0x3ed/0x5a0 fs/locks.c:2069
do_fcntl+0x751/0x15a0 fs/fcntl.c:534
__do_sys_fcntl fs/fcntl.c:589 [inline]
__se_sys_fcntl fs/fcntl.c:574 [inline]
__x64_sys_fcntl+0x163/0x200 fs/fcntl.c:574
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
send_sigio+0x31/0x3e0 fs/fcntl.c:905
kill_fasync_rcu fs/fcntl.c:1131 [inline]
kill_fasync fs/fcntl.c:1146 [inline]
kill_fasync+0x214/0x510 fs/fcntl.c:1139
sock_wake_async+0x132/0x160 net/socket.c:1509
sk_wake_async include/net/sock.h:2539 [inline]
sk_wake_async include/net/sock.h:2535 [inline]
unix_release_sock+0xc3a/0x1530 net/unix/af_unix.c:712
unix_release+0x91/0xf0 net/unix/af_unix.c:1196
__sock_release+0xb3/0x270 net/socket.c:662
sock_close+0x1c/0x30 net/socket.c:1455
__fput+0x402/0xb70 fs/file_table.c:468
task_work_run+0x150/0x240 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xec/0x130 kernel/entry/common.c:43
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
do_syscall_64+0x426/0xfa0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9ab3fda0>] __key.1+0x0/0x40
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
send_sigio+0x31/0x3e0 fs/fcntl.c:905
kill_fasync_rcu fs/fcntl.c:1131 [inline]
kill_fasync fs/fcntl.c:1146 [inline]
kill_fasync+0x214/0x510 fs/fcntl.c:1139
sock_wake_async+0x132/0x160 net/socket.c:1509
sk_wake_async include/net/sock.h:2539 [inline]
sk_wake_async include/net/sock.h:2535 [inline]
unix_release_sock+0xc3a/0x1530 net/unix/af_unix.c:712
unix_release+0x91/0xf0 net/unix/af_unix.c:1196
__sock_release+0xb3/0x270 net/socket.c:662
sock_close+0x1c/0x30 net/socket.c:1455
__fput+0x402/0xb70 fs/file_table.c:468
task_work_run+0x150/0x240 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xec/0x130 kernel/entry/common.c:43
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
do_syscall_64+0x426/0xfa0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> (&new->fa_lock){....}-{3:3} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326
fasync_remove_entry+0xb2/0x1e0 fs/fcntl.c:999
fasync_helper+0xaf/0xd0 fs/fcntl.c:1102
fuse_dev_fasync+0xad/0x100 fs/fuse/dev.c:2571
__fput+0x96b/0xb70 fs/file_table.c:465
task_work_run+0x150/0x240 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xec/0x130 kernel/entry/common.c:43
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
do_syscall_64+0x426/0xfa0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1122 [inline]
kill_fasync fs/fcntl.c:1146 [inline]
kill_fasync+0x138/0x510 fs/fcntl.c:1139
pipe_release+0x191/0x320 fs/pipe.c:739
__fput+0x402/0xb70 fs/file_table.c:468
task_work_run+0x150/0x240 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xec/0x130 kernel/entry/common.c:43
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
do_syscall_64+0x426/0xfa0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9ab3fd60>] __key.0+0x0/0x40
... acquired at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1122 [inline]
kill_fasync fs/fcntl.c:1146 [inline]
kill_fasync+0x138/0x510 fs/fcntl.c:1139
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x619/0x9b0 drivers/input/evdev.c:278
evdev_events+0x1bb/0x390 drivers/input/evdev.c:306
input_pass_values+0x74e/0x880 drivers/input/input.c:128
input_event_dispose drivers/input/input.c:342 [inline]
input_handle_event+0xf00/0x14d0 drivers/input/input.c:370
input_inject_event+0x1e8/0x3b0 drivers/input/input.c:424
evdev_write+0x457/0x750 drivers/input/evdev.c:528
vfs_write+0x2a0/0x11d0 fs/read_write.c:684
ksys_write+0x1f8/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
stack backtrace:
CPU: 1 UID: 0 PID: 21779 Comm: syz.1.6073 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_bad_irq_dependency kernel/locking/lockdep.c:2616 [inline]
check_irq_usage+0x7dc/0x920 kernel/locking/lockdep.c:2857
check_prev_add kernel/locking/lockdep.c:3169 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x1285/0x1c90 kernel/locking/lockdep.c:5237
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1122 [inline]
kill_fasync fs/fcntl.c:1146 [inline]
kill_fasync+0x138/0x510 fs/fcntl.c:1139
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x619/0x9b0 drivers/input/evdev.c:278
evdev_events+0x1bb/0x390 drivers/input/evdev.c:306
input_pass_values+0x74e/0x880 drivers/input/input.c:128
input_event_dispose drivers/input/input.c:342 [inline]
input_handle_event+0xf00/0x14d0 drivers/input/input.c:370
input_inject_event+0x1e8/0x3b0 drivers/input/input.c:424
evdev_write+0x457/0x750 drivers/input/evdev.c:528
vfs_write+0x2a0/0x11d0 fs/read_write.c:684
ksys_write+0x1f8/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd7d9d8efc9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd7dac15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fd7d9fe5fa0 RCX: 00007fd7d9d8efc9
RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000004
RBP: 00007fd7d9e11f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fd7d9fe6038 R14: 00007fd7d9fe5fa0 R15: 00007fff382c92a8
</TASK>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/10/25 22:49 | upstream | 72761a7e3122 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in evdev_pass_values | ||
| 2025/10/25 10:06 | upstream | 566771afc7a8 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in evdev_pass_values | ||
| 2025/10/25 06:04 | upstream | 566771afc7a8 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in evdev_pass_values | ||
| 2025/10/24 14:51 | upstream | 6fab32bb6508 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/24 13:50 | upstream | 6fab32bb6508 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in evdev_pass_values | ||
| 2025/10/24 07:26 | upstream | 5121062e8345 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/24 03:59 | upstream | 6fab32bb6508 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2025/10/24 01:05 | upstream | 5121062e8345 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/23 23:26 | upstream | 43e9ad0c55a3 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/23 12:00 | upstream | 250a17e8f955 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in evdev_pass_values | ||
| 2025/10/23 10:21 | upstream | 250a17e8f955 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in evdev_pass_values | ||
| 2025/10/23 07:57 | upstream | dd72c8fcf6d3 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/22 21:23 | upstream | dd72c8fcf6d3 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/17 11:33 | upstream | 98ac9cc4b445 | 7adf5298 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/17 09:16 | upstream | 98ac9cc4b445 | 19568248 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/16 21:00 | upstream | 98ac9cc4b445 | 19568248 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/16 16:15 | upstream | 7ea30958b305 | 19568248 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/16 14:04 | upstream | 7ea30958b305 | 19568248 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/16 07:18 | upstream | 7ea30958b305 | 19568248 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/16 06:17 | upstream | 1f4a222b0e33 | 19568248 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/16 04:39 | upstream | 1f4a222b0e33 | 19568248 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/16 00:40 | upstream | 1f4a222b0e33 | 19568248 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/15 17:29 | upstream | 1f4a222b0e33 | 19568248 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/15 14:19 | upstream | 9b332cece987 | 19568248 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/15 10:25 | upstream | 9b332cece987 | b6605ba8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/14 17:46 | upstream | 9b332cece987 | b6605ba8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/14 15:27 | upstream | 3a8660878839 | b6605ba8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/14 09:15 | upstream | 3a8660878839 | b6605ba8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/13 17:54 | upstream | 3a8660878839 | b6605ba8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/13 17:53 | upstream | 3a8660878839 | b6605ba8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/13 12:19 | upstream | 3a8660878839 | ff1712fe | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/09/27 23:25 | upstream | fec734e8d564 | 001c9061 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/09/27 12:42 | upstream | fec734e8d564 | 001c9061 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/09/26 23:46 | upstream | 083fc6d7fa0d | 001c9061 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/09/26 22:03 | upstream | 083fc6d7fa0d | 0abd0691 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/09/26 15:34 | upstream | 4ff71af020ae | 0abd0691 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/09/25 23:18 | upstream | 4ff71af020ae | 0abd0691 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/09/25 11:27 | upstream | bf40f4b87761 | 0abd0691 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/09/25 10:11 | upstream | bf40f4b87761 | 0abd0691 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/09/24 20:44 | upstream | 4ea5af085908 | 0abd0691 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/09/24 05:29 | upstream | cec1e6e5d1ab | 0abd0691 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/09/19 12:53 | upstream | 097a6c336d00 | 67c37560 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in evdev_pass_values | ||
| 2025/08/23 14:33 | upstream | 038d61fd6422 | bf27483f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in evdev_pass_values | ||
| 2025/10/25 10:08 | upstream | 566771afc7a8 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2025/10/24 20:46 | upstream | 2e590d67c2d8 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2025/10/23 14:08 | upstream | 43e9ad0c55a3 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2025/08/26 16:11 | upstream | fab1beda7597 | e12e5ba4 | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in evdev_pass_values | ||
| 2025/10/22 22:28 | upstream | dd72c8fcf6d3 | c0460fcd | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | possible deadlock in evdev_pass_values | ||
| 2023/04/19 19:50 | upstream | 789b4a41c247 | a219f34e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/04/16 17:07 | upstream | 3e7bb4f24617 | ec410564 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/24 06:21 | linux-next | 72fb0170ef1f | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2025/10/23 23:03 | linux-next | aaa9c3550b60 | c0460fcd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/10/22 18:43 | linux-next | aaa9c3550b60 | 252fbbad | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2025/09/19 11:38 | linux-next | 8f7f8b1b3f4c | e2beed91 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in evdev_pass_values |