syzbot |
sign-in | mailing list | source | docs | 🏰 |
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
syzkaller #0 Not tainted
-----------------------------------------------------
syz.0.17/6126 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffff8880528a20c0
(&new->fa_lock){....}-{3:3}, at: kill_fasync_rcu fs/fcntl.c:1124 [inline]
(&new->fa_lock){....}-{3:3}, at: kill_fasync fs/fcntl.c:1148 [inline]
(&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 fs/fcntl.c:1141
and this task is already holding:
ffff88805166c028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff88805166c028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 drivers/input/evdev.c:261
which would create a new lock dependency:
(&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&dev->event_lock#2){..-.}-{3:3}
... which became SOFTIRQ-irq-safe at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline]
input_inject_event+0x9f/0x3b0 drivers/input/input.c:418
__led_set_brightness drivers/leds/led-core.c:52 [inline]
led_set_brightness_nopm drivers/leds/led-core.c:335 [inline]
led_set_brightness_nosleep drivers/leds/led-core.c:369 [inline]
led_set_brightness+0x217/0x290 drivers/leds/led-core.c:328
led_trigger_event drivers/leds/led-triggers.c:420 [inline]
led_trigger_event+0xda/0x270 drivers/leds/led-triggers.c:408
kbd_propagate_led_state drivers/tty/vt/keyboard.c:1073 [inline]
kbd_bh+0x21b/0x300 drivers/tty/vt/keyboard.c:1262
tasklet_action_common+0x281/0x400 kernel/softirq.c:829
handle_softirqs+0x219/0x8e0 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_call_function arch/x86/kernel/smp.c:257 [inline]
sysvec_call_function+0xa4/0xc0 arch/x86/kernel/smp.c:257
asm_sysvec_call_function+0x1a/0x20 arch/x86/include/asm/idtentry.h:710
console_flush_all+0x9a2/0xc60 kernel/printk/printk.c:3227
__console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
console_unlock+0xd8/0x210 kernel/printk/printk.c:3325
console_callback+0x27c/0x4c0 drivers/tty/vt/vt.c:3232
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
to a SOFTIRQ-irq-unsafe lock:
(tasklist_lock){.+.+}-{3:3}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
__do_wait+0x105/0x890 kernel/exit.c:1662
do_wait+0x21e/0x5a0 kernel/exit.c:1706
kernel_wait+0x9f/0x160 kernel/exit.c:1882
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
other info that might help us debug this:
Chain exists of:
&dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(tasklist_lock);
local_irq_disable();
lock(&dev->event_lock#2);
lock(&client->buffer_lock);
<Interrupt>
lock(&dev->event_lock#2);
*** DEADLOCK ***
7 locks held by syz.0.17/6126:
#0: ffff888106cd9118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x206/0x750 drivers/input/evdev.c:511
#1: ffff8881006b8230 (&dev->event_lock#2){..-.}-{3:3}, at: class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline]
#1: ffff8881006b8230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 drivers/input/input.c:418
#2: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#2: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#2: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
#2: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 drivers/input/input.c:419
#3: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#3: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#3: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
#3: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 drivers/input/input.c:118
#4: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#4: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#4: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 drivers/input/evdev.c:298
#5: ffff88805166c028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
#5: ffff88805166c028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 drivers/input/evdev.c:261
#6: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#6: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#6: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: kill_fasync fs/fcntl.c:1147 [inline]
#6: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 fs/fcntl.c:1141
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&dev->event_lock#2){..-.}-{3:3} {
IN-SOFTIRQ-W at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline]
input_inject_event+0x9f/0x3b0 drivers/input/input.c:418
__led_set_brightness drivers/leds/led-core.c:52 [inline]
led_set_brightness_nopm drivers/leds/led-core.c:335 [inline]
led_set_brightness_nosleep drivers/leds/led-core.c:369 [inline]
led_set_brightness+0x217/0x290 drivers/leds/led-core.c:328
led_trigger_event drivers/leds/led-triggers.c:420 [inline]
led_trigger_event+0xda/0x270 drivers/leds/led-triggers.c:408
kbd_propagate_led_state drivers/tty/vt/keyboard.c:1073 [inline]
kbd_bh+0x21b/0x300 drivers/tty/vt/keyboard.c:1262
tasklet_action_common+0x281/0x400 kernel/softirq.c:829
handle_softirqs+0x219/0x8e0 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_call_function arch/x86/kernel/smp.c:257 [inline]
sysvec_call_function+0xa4/0xc0 arch/x86/kernel/smp.c:257
asm_sysvec_call_function+0x1a/0x20 arch/x86/include/asm/idtentry.h:710
console_flush_all+0x9a2/0xc60 kernel/printk/printk.c:3227
__console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
console_unlock+0xd8/0x210 kernel/printk/printk.c:3325
console_callback+0x27c/0x4c0 drivers/tty/vt/vt.c:3232
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline]
input_inject_event+0x9f/0x3b0 drivers/input/input.c:418
__led_set_brightness drivers/leds/led-core.c:52 [inline]
led_set_brightness_nopm drivers/leds/led-core.c:335 [inline]
led_set_brightness_nosleep drivers/leds/led-core.c:369 [inline]
led_set_brightness+0x217/0x290 drivers/leds/led-core.c:328
kbd_led_trigger_activate+0xcb/0x110 drivers/tty/vt/keyboard.c:1029
led_trigger_set+0x59a/0xc50 drivers/leds/led-triggers.c:220
led_match_default_trigger drivers/leds/led-triggers.c:277 [inline]
led_match_default_trigger drivers/leds/led-triggers.c:271 [inline]
led_trigger_set_default drivers/leds/led-triggers.c:300 [inline]
led_trigger_set_default+0x1e0/0x2e0 drivers/leds/led-triggers.c:284
led_classdev_register_ext+0x7b8/0xa10 drivers/leds/led-class.c:565
led_classdev_register include/linux/leds.h:274 [inline]
input_leds_connect+0x552/0x8e0 drivers/input/input-leds.c:145
input_attach_handler.isra.0+0x176/0x250 drivers/input/input.c:993
input_register_device+0xab9/0x1180 drivers/input/input.c:2412
atkbd_connect+0x5f8/0xa40 drivers/input/keyboard/atkbd.c:1340
serio_connect_driver drivers/input/serio/serio.c:43 [inline]
serio_driver_probe+0x7c/0xd0 drivers/input/serio/serio.c:747
call_driver_probe drivers/base/dd.c:581 [inline]
really_probe+0x241/0xa90 drivers/base/dd.c:659
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:801
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:831
__driver_attach+0x283/0x580 drivers/base/dd.c:1217
bus_for_each_dev+0x13e/0x1d0 drivers/base/bus.c:370
serio_attach_driver drivers/input/serio/serio.c:776 [inline]
serio_handle_event+0x335/0xc30 drivers/input/serio/serio.c:213
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
}
... key at: [<ffffffff9b162f60>] __key.7+0x0/0x40
-> (&client->buffer_lock){....}-{3:3} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
evdev_pass_values+0x10e/0x9b0 drivers/input/evdev.c:261
evdev_events+0x1bb/0x390 drivers/input/evdev.c:306
input_pass_values+0x74e/0x880 drivers/input/input.c:127
input_event_dispose drivers/input/input.c:341 [inline]
input_handle_event+0xf00/0x14d0 drivers/input/input.c:369
input_inject_event+0x1e8/0x3b0 drivers/input/input.c:423
evdev_write+0x457/0x750 drivers/input/evdev.c:528
vfs_write+0x29d/0x11d0 fs/read_write.c:684
ksys_write+0x1f8/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9b1633e0>] __key.1+0x0/0x40
... acquired at:
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
evdev_pass_values+0x10e/0x9b0 drivers/input/evdev.c:261
evdev_events+0x1bb/0x390 drivers/input/evdev.c:306
input_pass_values+0x74e/0x880 drivers/input/input.c:127
input_event_dispose drivers/input/input.c:341 [inline]
input_handle_event+0xf00/0x14d0 drivers/input/input.c:369
input_inject_event+0x1e8/0x3b0 drivers/input/input.c:423
evdev_write+0x457/0x750 drivers/input/evdev.c:528
vfs_write+0x29d/0x11d0 fs/read_write.c:684
ksys_write+0x1f8/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{3:3} {
HARDIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
__do_wait+0x105/0x890 kernel/exit.c:1662
do_wait+0x21e/0x5a0 kernel/exit.c:1706
kernel_wait+0x9f/0x160 kernel/exit.c:1882
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
SOFTIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
__do_wait+0x105/0x890 kernel/exit.c:1662
do_wait+0x21e/0x5a0 kernel/exit.c:1706
kernel_wait+0x9f/0x160 kernel/exit.c:1882
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326
copy_process+0x4caf/0x7690 kernel/fork.c:2321
kernel_clone+0xfc/0x930 kernel/fork.c:2605
user_mode_thread+0xc7/0x110 kernel/fork.c:2683
rest_init+0x23/0x2b0 init/main.c:709
start_kernel+0x3ee/0x4d0 init/main.c:1097
x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:307
x86_64_start_kernel+0x130/0x190 arch/x86/kernel/head64.c:288
common_startup_64+0x13e/0x148
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
__do_wait+0x105/0x890 kernel/exit.c:1662
do_wait+0x21e/0x5a0 kernel/exit.c:1706
kernel_wait+0x9f/0x160 kernel/exit.c:1882
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163
process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c2/0x780 kernel/kthread.c:463
ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
}
... key at: [<ffffffff8e20c098>] tasklist_lock+0x18/0x40
... acquired at:
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228
send_sigio+0xb8/0x3e0 fs/fcntl.c:921
kill_fasync_rcu fs/fcntl.c:1133 [inline]
kill_fasync fs/fcntl.c:1148 [inline]
kill_fasync+0x214/0x510 fs/fcntl.c:1141
lease_break_callback+0x23/0x30 fs/locks.c:558
__break_lease+0x674/0x1810 fs/locks.c:1592
break_lease include/linux/filelock.h:446 [inline]
vfs_truncate+0x4d3/0x6e0 fs/open.c:112
do_sys_truncate fs/open.c:141 [inline]
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x172/0x1e0 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> (&f_owner->lock){....}-{3:3} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326
__f_setown+0x61/0x3c0 fs/fcntl.c:136
generic_add_lease fs/locks.c:1874 [inline]
generic_setlease fs/locks.c:1942 [inline]
generic_setlease+0xef2/0x1300 fs/locks.c:1929
kernel_setlease+0x106/0x140 fs/locks.c:1991
vfs_setlease+0x258/0x2d0 fs/locks.c:2026
do_fcntl_add_lease fs/locks.c:2047 [inline]
fcntl_setlease+0x3ed/0x5a0 fs/locks.c:2069
do_fcntl+0x751/0x15a0 fs/fcntl.c:536
__do_sys_fcntl fs/fcntl.c:591 [inline]
__se_sys_fcntl fs/fcntl.c:576 [inline]
__x64_sys_fcntl+0x163/0x200 fs/fcntl.c:576
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock_irq include/linux/rwlock_api_smp.h:169 [inline]
_raw_read_lock_irq+0x67/0x80 kernel/locking/spinlock.c:244
f_getown+0x57/0x300 fs/fcntl.c:204
sock_ioctl+0x1f2/0x6b0 net/socket.c:1304
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:598 [inline]
__se_sys_ioctl fs/ioctl.c:584 [inline]
__x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:584
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9ae93360>] __key.1+0x0/0x40
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
send_sigio+0x31/0x3e0 fs/fcntl.c:907
kill_fasync_rcu fs/fcntl.c:1133 [inline]
kill_fasync fs/fcntl.c:1148 [inline]
kill_fasync+0x214/0x510 fs/fcntl.c:1141
lease_break_callback+0x23/0x30 fs/locks.c:558
__break_lease+0x674/0x1810 fs/locks.c:1592
break_lease include/linux/filelock.h:446 [inline]
vfs_truncate+0x4d3/0x6e0 fs/open.c:112
do_sys_truncate fs/open.c:141 [inline]
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x172/0x1e0 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> (&new->fa_lock){....}-{3:3} {
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1124 [inline]
kill_fasync fs/fcntl.c:1148 [inline]
kill_fasync+0x138/0x510 fs/fcntl.c:1141
lease_break_callback+0x23/0x30 fs/locks.c:558
__break_lease+0x674/0x1810 fs/locks.c:1592
break_lease include/linux/filelock.h:446 [inline]
vfs_truncate+0x4d3/0x6e0 fs/open.c:112
do_sys_truncate fs/open.c:141 [inline]
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x172/0x1e0 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9ae93320>] __key.0+0x0/0x40
... acquired at:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1124 [inline]
kill_fasync fs/fcntl.c:1148 [inline]
kill_fasync+0x138/0x510 fs/fcntl.c:1141
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x619/0x9b0 drivers/input/evdev.c:278
evdev_events+0x1bb/0x390 drivers/input/evdev.c:306
input_pass_values+0x74e/0x880 drivers/input/input.c:127
input_event_dispose drivers/input/input.c:341 [inline]
input_handle_event+0xf00/0x14d0 drivers/input/input.c:369
input_inject_event+0x1e8/0x3b0 drivers/input/input.c:423
evdev_write+0x457/0x750 drivers/input/evdev.c:528
vfs_write+0x29d/0x11d0 fs/read_write.c:684
ksys_write+0x1f8/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
stack backtrace:
CPU: 1 UID: 0 PID: 6126 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_bad_irq_dependency kernel/locking/lockdep.c:2616 [inline]
check_irq_usage+0x7dc/0x920 kernel/locking/lockdep.c:2857
check_prev_add kernel/locking/lockdep.c:3169 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x12bc/0x1ce0 kernel/locking/lockdep.c:5237
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1124 [inline]
kill_fasync fs/fcntl.c:1148 [inline]
kill_fasync+0x138/0x510 fs/fcntl.c:1141
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x619/0x9b0 drivers/input/evdev.c:278
evdev_events+0x1bb/0x390 drivers/input/evdev.c:306
input_pass_values+0x74e/0x880 drivers/input/input.c:127
input_event_dispose drivers/input/input.c:341 [inline]
input_handle_event+0xf00/0x14d0 drivers/input/input.c:369
input_inject_event+0x1e8/0x3b0 drivers/input/input.c:423
evdev_write+0x457/0x750 drivers/input/evdev.c:528
vfs_write+0x29d/0x11d0 fs/read_write.c:684
ksys_write+0x1f8/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f445578ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f445664e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f44559c6090 RCX: 00007f445578ebe9
RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000009
RBP: 00007f4455811e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f44559c6128 R14: 00007f44559c6090 R15: 00007ffc20cd8298
</TASK>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/09/08 18:01 | upstream | 76eeb9b8de98 | d291dd2d | .config | console log | report | syz / log | C | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in input_inject_event | |
| 2025/05/24 20:37 | upstream | 4856ebd99715 | ed351ea7 | .config | console log | report | syz / log | C | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-snapshot-upstream-root | possible deadlock in input_inject_event | |
| 2024/11/27 08:40 | upstream | 7eef7e306d3c | 52b38cc1 | .config | console log | report | syz / log | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in input_inject_event | ||
| 2025/09/11 17:10 | upstream | 02ffd6f89c50 | e2beed91 | .config | console log | report | syz / log | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in input_inject_event | ||
| 2025/05/07 13:12 | upstream | 0d8d44db295c | 350f4ffc | .config | console log | report | syz / log | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-snapshot-upstream-root | possible deadlock in input_inject_event | ||
| 2026/04/12 03:41 | upstream | e753c16cb3dd | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/11 23:29 | upstream | e753c16cb3dd | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/11 20:54 | upstream | e774d5f1bc27 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/11 16:43 | upstream | e774d5f1bc27 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/11 15:13 | upstream | e774d5f1bc27 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/11 08:59 | upstream | 7c6c4ed80b87 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/11 07:11 | upstream | 7c6c4ed80b87 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/11 04:19 | upstream | 7c6c4ed80b87 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/11 02:07 | upstream | 7c6c4ed80b87 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/11 01:03 | upstream | 7c6c4ed80b87 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/10 20:30 | upstream | 7c6c4ed80b87 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/10 18:01 | upstream | 9a9c8ce300cd | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/10 15:46 | upstream | 9a9c8ce300cd | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/10 14:23 | upstream | 9a9c8ce300cd | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/10 05:57 | upstream | 8b02520ec5f7 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/10 04:29 | upstream | 8b02520ec5f7 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/09 22:04 | upstream | 8b02520ec5f7 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/09 15:56 | upstream | 7f87a5ea75f0 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/09 11:16 | upstream | 7f87a5ea75f0 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/09 06:35 | upstream | 7f87a5ea75f0 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/09 05:28 | upstream | 7f87a5ea75f0 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/09 01:45 | upstream | 7f87a5ea75f0 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/08 22:06 | upstream | 7f87a5ea75f0 | d9b7f621 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/08 20:16 | upstream | 3036cd0d3328 | d9b7f621 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/08 13:23 | upstream | 3036cd0d3328 | d9b7f621 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/08 11:27 | upstream | 3036cd0d3328 | 2c961e87 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/08 10:21 | upstream | 3036cd0d3328 | 2c961e87 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/08 09:07 | upstream | 3036cd0d3328 | 2c961e87 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/08 08:04 | upstream | 3036cd0d3328 | 2c961e87 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/08 06:18 | upstream | 3036cd0d3328 | 2c961e87 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/08 03:21 | upstream | 3036cd0d3328 | 2c961e87 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/08 02:00 | upstream | 3036cd0d3328 | 2c961e87 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/07 18:03 | upstream | bfe62a454542 | 628666c6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in input_inject_event | ||
| 2026/04/06 22:25 | upstream | bfe62a454542 | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2026/03/22 15:36 | upstream | 113ae7b4decc | 5b92003d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in input_inject_event | ||
| 2026/03/18 15:28 | upstream | a989fde763f4 | 0199f9a1 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in input_inject_event | ||
| 2025/08/23 09:27 | upstream | 038d61fd6422 | bf27483f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in input_inject_event | ||
| 2024/09/19 15:26 | upstream | 2a17bb8c204f | 6f888b75 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2024/09/03 22:43 | upstream | 88fac17500f4 | 9d47f20a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in input_inject_event | ||
| 2024/08/31 06:52 | upstream | 1934261d8974 | 1eda0d14 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in input_inject_event | ||
| 2026/04/12 00:53 | upstream | e753c16cb3dd | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/11 11:29 | upstream | e774d5f1bc27 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/10 22:59 | upstream | 7c6c4ed80b87 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/10 21:56 | upstream | 7c6c4ed80b87 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/10 21:47 | upstream | 7c6c4ed80b87 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/10 08:09 | upstream | 9a9c8ce300cd | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/09 18:49 | upstream | 8b02520ec5f7 | 38c8e246 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/08 23:07 | upstream | 7f87a5ea75f0 | d9b7f621 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/08 19:29 | upstream | 3036cd0d3328 | d9b7f621 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/07 22:57 | upstream | 3036cd0d3328 | 2c961e87 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/04/07 20:50 | upstream | 3036cd0d3328 | 628666c6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in input_inject_event | ||
| 2026/02/24 22:51 | upstream | 7dff99b35460 | 787dfb7c | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in input_inject_event | ||
| 2026/03/12 02:23 | upstream | b29fb8829bff | 2d88ab01 | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | possible deadlock in input_inject_event | ||
| 2026/04/06 01:30 | linux-next | cc13002a9f98 | 4440e7c2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in input_inject_event | ||
| 2026/03/23 10:31 | linux-next | 785f0eb2f85d | 5b92003d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | possible deadlock in input_inject_event |