./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1611372646 <...> Warning: Permanently added '10.128.1.7' (ECDSA) to the list of known hosts. execve("./syz-executor1611372646", ["./syz-executor1611372646"], 0x7ffdf6803c70 /* 10 vars */) = 0 brk(NULL) = 0x555556c5f000 brk(0x555556c5fc40) = 0x555556c5fc40 arch_prctl(ARCH_SET_FS, 0x555556c5f300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1611372646", 4096) = 28 brk(0x555556c80c40) = 0x555556c80c40 brk(0x555556c81000) = 0x555556c81000 mprotect(0x7fe17fb99000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/input/event0", O_WRONLY|O_CREAT|O_SYNC|O_NOFOLLOW, 000) = 3 fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK|O_NOATIME|FASYNC) = 0 ioctl(-1, EVIOCSFF, {type=0 /* FF_??? */, id=0, direction=0, ...}) = -1 EBADF (Bad file descriptor) write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 883) = 864 open("./file0", O_RDONLY|O_CREAT|O_EXCL|O_LARGEFILE|FASYNC|0x4000000, 000) = 4 gettid() = 3633 fcntl(4, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=3633}) = 0 fcntl(4, F_SETLEASE, F_RDLCK) = 0 [ 59.189062][ T26] audit: type=1400 audit(1670052854.949:75): avc: denied { execmem } for pid=3633 comm="syz-executor161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 59.209750][ T26] audit: type=1400 audit(1670052854.949:76): avc: denied { write } for pid=3633 comm="syz-executor161" name="event0" dev="devtmpfs" ino=834 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 59.212345][ T3633] [ 59.235341][ T26] audit: type=1400 audit(1670052854.949:77): avc: denied { open } for pid=3633 comm="syz-executor161" path="/dev/input/event0" dev="devtmpfs" ino=834 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 59.236824][ T3633] ===================================================== [ 59.236833][ T3633] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 59.276614][ T3633] 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 Not tainted [ 59.283632][ T3633] ----------------------------------------------------- [ 59.290727][ T3633] syz-executor161/3633 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 59.298806][ T3633] ffffffff8c20a098 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xaf/0x390 [ 59.307362][ T3633] [ 59.307362][ T3633] and this task is already holding: [ 59.314715][ T3633] ffff888028179b30 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x28/0x390 [ 59.323524][ T3633] which would create a new lock dependency: [ 59.329406][ T3633] (&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2} [ 59.337167][ T3633] [ 59.337167][ T3633] but this new dependency connects a HARDIRQ-irq-safe lock: [ 59.346607][ T3633] (&dev->event_lock#2){-.-.}-{2:2} [ 59.346644][ T3633] [ 59.346644][ T3633] ... which became HARDIRQ-irq-safe at: [ 59.359524][ T3633] lock_acquire+0x1e3/0x630 [ 59.364133][ T3633] _raw_spin_lock_irqsave+0x3d/0x60 [ 59.369444][ T3633] input_event+0x70/0xa0 [ 59.373876][ T3633] psmouse_report_standard_buttons+0x30/0x80 [ 59.379964][ T3633] psmouse_process_byte+0x39e/0x8b0 [ 59.385266][ T3633] psmouse_handle_byte+0x41/0x1b0 [ 59.390391][ T3633] psmouse_interrupt+0x308/0xf00 [ 59.395429][ T3633] serio_interrupt+0x8c/0x150 [ 59.400384][ T3633] i8042_interrupt+0x27e/0x520 [ 59.405244][ T3633] __handle_irq_event_percpu+0x264/0x970 [ 59.410971][ T3633] handle_irq_event+0xab/0x1e0 [ 59.415826][ T3633] handle_edge_irq+0x263/0xd00 [ 59.420685][ T3633] __common_interrupt+0xa1/0x210 [ 59.425720][ T3633] common_interrupt+0xa8/0xd0 [ 59.430575][ T3633] asm_common_interrupt+0x26/0x40 [ 59.435703][ T3633] lock_acquire+0x117/0x630 [ 59.440305][ T3633] rcu_core+0x7f7/0x1980 [ 59.444647][ T3633] __do_softirq+0x1fb/0xadc [ 59.449239][ T3633] run_ksoftirqd+0x31/0x60 [ 59.453764][ T3633] smpboot_thread_fn+0x659/0xa20 [ 59.458806][ T3633] kthread+0x2e8/0x3a0 [ 59.462976][ T3633] ret_from_fork+0x1f/0x30 [ 59.467491][ T3633] [ 59.467491][ T3633] to a HARDIRQ-irq-unsafe lock: [ 59.474942][ T3633] (tasklist_lock){.+.+}-{2:2} [ 59.474971][ T3633] [ 59.474971][ T3633] ... which became HARDIRQ-irq-unsafe at: [ 59.487592][ T3633] ... [ 59.487599][ T3633] lock_acquire+0x1e3/0x630 [ 59.494952][ T3633] _raw_read_lock+0x5f/0x70 [ 59.499641][ T3633] do_wait+0x2b7/0xd70 [ 59.503811][ T3633] kernel_wait+0xa0/0x150 [ 59.508252][ T3633] call_usermodehelper_exec_work+0xf9/0x180 [ 59.514256][ T3633] process_one_work+0x9bf/0x1710 [ 59.519287][ T3633] worker_thread+0x669/0x1090 [ 59.524056][ T3633] kthread+0x2e8/0x3a0 [ 59.528229][ T3633] ret_from_fork+0x1f/0x30 [ 59.532756][ T3633] [ 59.532756][ T3633] other info that might help us debug this: [ 59.532756][ T3633] [ 59.542989][ T3633] Chain exists of: [ 59.542989][ T3633] &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock [ 59.542989][ T3633] [ 59.556212][ T3633] Possible interrupt unsafe locking scenario: [ 59.556212][ T3633] [ 59.564526][ T3633] CPU0 CPU1 [ 59.569885][ T3633] ---- ---- [ 59.575245][ T3633] lock(tasklist_lock); [ 59.579492][ T3633] local_irq_disable(); [ 59.586244][ T3633] lock(&dev->event_lock#2); [ 59.593461][ T3633] lock(&f->f_owner.lock); [ 59.600484][ T3633] [ 59.603931][ T3633] lock(&dev->event_lock#2); [ 59.608789][ T3633] [ 59.608789][ T3633] *** DEADLOCK *** [ 59.608789][ T3633] [ 59.616923][ T3633] 6 locks held by syz-executor161/3633: [ 59.622466][ T3633] #0: ffff88814b636460 (sb_writers#5){.+.+}-{0:0}, at: path_openat+0x19ee/0x2860 [ 59.631722][ T3633] #1: ffffffff8c759510 (file_rwsem){.+.+}-{0:0}, at: do_dentry_open+0x65e/0x13f0 [ 59.640978][ T3633] #2: ffff8880299f8018 (&ctx->flc_lock){+.+.}-{2:2}, at: __break_lease+0x213/0x1590 [ 59.650572][ T3633] #3: ffffffff8c58cdc0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x45/0x480 [ 59.659650][ T3633] #4: ffff888074e5c948 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13a/0x480 [ 59.668813][ T3633] #5: ffff888028179b30 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x28/0x390 [ 59.678061][ T3633] [ 59.678061][ T3633] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 59.688458][ T3633] -> (&dev->event_lock#2){-.-.}-{2:2} { [ 59.694298][ T3633] IN-HARDIRQ-W at: [ 59.698537][ T3633] lock_acquire+0x1e3/0x630 [ 59.705236][ T3633] _raw_spin_lock_irqsave+0x3d/0x60 [ 59.712618][ T3633] input_event+0x70/0xa0 [ 59.719079][ T3633] psmouse_report_standard_buttons+0x30/0x80 [ 59.727245][ T3633] psmouse_process_byte+0x39e/0x8b0 [ 59.734628][ T3633] psmouse_handle_byte+0x41/0x1b0 [ 59.741839][ T3633] psmouse_interrupt+0x308/0xf00 [ 59.748962][ T3633] serio_interrupt+0x8c/0x150 [ 59.755819][ T3633] i8042_interrupt+0x27e/0x520 [ 59.762848][ T3633] __handle_irq_event_percpu+0x264/0x970 [ 59.770670][ T3633] handle_irq_event+0xab/0x1e0 [ 59.777608][ T3633] handle_edge_irq+0x263/0xd00 [ 59.784553][ T3633] __common_interrupt+0xa1/0x210 [ 59.791677][ T3633] common_interrupt+0xa8/0xd0 [ 59.798528][ T3633] asm_common_interrupt+0x26/0x40 [ 59.806348][ T3633] lock_acquire+0x117/0x630 [ 59.813038][ T3633] rcu_core+0x7f7/0x1980 [ 59.819462][ T3633] __do_softirq+0x1fb/0xadc [ 59.826137][ T3633] run_ksoftirqd+0x31/0x60 [ 59.832746][ T3633] smpboot_thread_fn+0x659/0xa20 [ 59.841778][ T3633] kthread+0x2e8/0x3a0 [ 59.848036][ T3633] ret_from_fork+0x1f/0x30 [ 59.854641][ T3633] IN-SOFTIRQ-W at: [ 59.858879][ T3633] lock_acquire+0x1e3/0x630 [ 59.865570][ T3633] _raw_spin_lock_irqsave+0x3d/0x60 [ 59.872953][ T3633] input_event+0x70/0xa0 [ 59.879381][ T3633] psmouse_report_standard_buttons+0x30/0x80 [ 59.887550][ T3633] psmouse_process_byte+0x39e/0x8b0 [ 59.894935][ T3633] psmouse_handle_byte+0x41/0x1b0 [ 59.902143][ T3633] psmouse_interrupt+0x308/0xf00 [ 59.909279][ T3633] serio_interrupt+0x8c/0x150 [ 59.916135][ T3633] i8042_interrupt+0x27e/0x520 [ 59.923078][ T3633] __handle_irq_event_percpu+0x264/0x970 [ 59.930888][ T3633] handle_irq_event+0xab/0x1e0 [ 59.937826][ T3633] handle_edge_irq+0x263/0xd00 [ 59.944770][ T3633] __common_interrupt+0xa1/0x210 [ 59.951890][ T3633] common_interrupt+0xa8/0xd0 [ 59.958752][ T3633] asm_common_interrupt+0x26/0x40 [ 59.965979][ T3633] lock_acquire+0x117/0x630 [ 59.972687][ T3633] rcu_core+0x7f7/0x1980 [ 59.979116][ T3633] __do_softirq+0x1fb/0xadc [ 59.985803][ T3633] run_ksoftirqd+0x31/0x60 [ 59.992406][ T3633] smpboot_thread_fn+0x659/0xa20 [ 59.999541][ T3633] kthread+0x2e8/0x3a0 [ 60.005800][ T3633] ret_from_fork+0x1f/0x30 [ 60.012402][ T3633] INITIAL USE at: [ 60.016556][ T3633] lock_acquire+0x1e3/0x630 [ 60.023184][ T3633] _raw_spin_lock_irqsave+0x3d/0x60 [ 60.030495][ T3633] input_inject_event+0x9f/0x330 [ 60.037573][ T3633] led_set_brightness_nosleep+0xea/0x1a0 [ 60.045312][ T3633] led_set_brightness+0x138/0x180 [ 60.052431][ T3633] led_trigger_event+0xb4/0x200 [ 60.059374][ T3633] kbd_led_trigger_activate+0xcd/0x110 [ 60.066953][ T3633] led_trigger_set+0x5db/0xaf0 [ 60.073808][ T3633] led_trigger_set_default+0x1aa/0x230 [ 60.081356][ T3633] led_classdev_register_ext+0x573/0x770 [ 60.089078][ T3633] input_leds_connect+0x4c1/0x860 [ 60.096215][ T3633] input_attach_handler+0x180/0x1f0 [ 60.103515][ T3633] input_register_device.cold+0xf0/0x2fd [ 60.111238][ T3633] atkbd_connect+0x5ca/0x9d0 [ 60.117924][ T3633] serio_driver_probe+0x76/0xa0 [ 60.124866][ T3633] really_probe+0x249/0xb90 [ 60.131468][ T3633] __driver_probe_device+0x1df/0x4d0 [ 60.139725][ T3633] driver_probe_device+0x4c/0x1a0 [ 60.146850][ T3633] __driver_attach+0x1d4/0x550 [ 60.153717][ T3633] bus_for_each_dev+0x14b/0x1d0 [ 60.160663][ T3633] serio_handle_event+0x2c3/0xa40 [ 60.167782][ T3633] process_one_work+0x9bf/0x1710 [ 60.174813][ T3633] worker_thread+0x669/0x1090 [ 60.181577][ T3633] kthread+0x2e8/0x3a0 [ 60.187747][ T3633] ret_from_fork+0x1f/0x30 [ 60.194260][ T3633] } [ 60.197017][ T3633] ... key at: [] __key.7+0x0/0x40 [ 60.204406][ T3633] -> (&client->buffer_lock){....}-{2:2} { [ 60.210325][ T3633] INITIAL USE at: [ 60.214399][ T3633] lock_acquire+0x1e3/0x630 [ 60.220833][ T3633] _raw_spin_lock+0x2e/0x40 [ 60.227438][ T3633] evdev_pass_values.part.0+0xf6/0x960 [ 60.234819][ T3633] evdev_events+0x35d/0x3e0 [ 60.241412][ T3633] input_to_handler+0x2a0/0x4c0 [ 60.248183][ T3633] input_pass_values.part.0+0x230/0x710 [ 60.255651][ T3633] input_event_dispose+0x5cf/0x730 [ 60.262709][ T3633] input_handle_event+0x120/0xe70 [ 60.269655][ T3633] input_inject_event+0x1c8/0x330 [ 60.276618][ T3633] evdev_write+0x434/0x760 [ 60.283004][ T3633] vfs_write+0x2db/0xdd0 [ 60.289194][ T3633] ksys_write+0x1ec/0x250 [ 60.295457][ T3633] do_syscall_64+0x39/0xb0 [ 60.301808][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.309632][ T3633] } [ 60.312303][ T3633] ... key at: [] __key.3+0x0/0x40 [ 60.319602][ T3633] ... acquired at: [ 60.323576][ T3633] _raw_spin_lock+0x2e/0x40 [ 60.328270][ T3633] evdev_pass_values.part.0+0xf6/0x960 [ 60.333913][ T3633] evdev_events+0x35d/0x3e0 [ 60.338609][ T3633] input_to_handler+0x2a0/0x4c0 [ 60.343668][ T3633] input_pass_values.part.0+0x230/0x710 [ 60.349423][ T3633] input_event_dispose+0x5cf/0x730 [ 60.354729][ T3633] input_handle_event+0x120/0xe70 [ 60.359965][ T3633] input_inject_event+0x1c8/0x330 [ 60.365185][ T3633] evdev_write+0x434/0x760 [ 60.369786][ T3633] vfs_write+0x2db/0xdd0 [ 60.374221][ T3633] ksys_write+0x1ec/0x250 [ 60.378743][ T3633] do_syscall_64+0x39/0xb0 [ 60.383366][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.389451][ T3633] [ 60.391768][ T3633] -> (&new->fa_lock){....}-{2:2} { [ 60.396993][ T3633] INITIAL READ USE at: [ 60.401404][ T3633] lock_acquire+0x1e3/0x630 [ 60.408125][ T3633] _raw_read_lock_irqsave+0x74/0x90 [ 60.415525][ T3633] kill_fasync+0x13a/0x480 [ 60.422139][ T3633] evdev_pass_values.part.0+0x667/0x960 [ 60.429955][ T3633] evdev_events+0x35d/0x3e0 [ 60.436637][ T3633] input_to_handler+0x2a0/0x4c0 [ 60.443672][ T3633] input_pass_values.part.0+0x230/0x710 [ 60.451406][ T3633] input_event_dispose+0x5cf/0x730 [ 60.458730][ T3633] input_handle_event+0x120/0xe70 [ 60.466033][ T3633] input_inject_event+0x1c8/0x330 [ 60.473250][ T3633] evdev_write+0x434/0x760 [ 60.479847][ T3633] vfs_write+0x2db/0xdd0 [ 60.486283][ T3633] ksys_write+0x1ec/0x250 [ 60.492803][ T3633] do_syscall_64+0x39/0xb0 [ 60.499438][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.507519][ T3633] } [ 60.510105][ T3633] ... key at: [] __key.0+0x0/0x40 [ 60.517322][ T3633] ... acquired at: [ 60.521203][ T3633] _raw_read_lock_irqsave+0x74/0x90 [ 60.526587][ T3633] kill_fasync+0x13a/0x480 [ 60.531192][ T3633] evdev_pass_values.part.0+0x667/0x960 [ 60.536923][ T3633] evdev_events+0x35d/0x3e0 [ 60.541608][ T3633] input_to_handler+0x2a0/0x4c0 [ 60.546644][ T3633] input_pass_values.part.0+0x230/0x710 [ 60.552384][ T3633] input_event_dispose+0x5cf/0x730 [ 60.557686][ T3633] input_handle_event+0x120/0xe70 [ 60.562923][ T3633] input_inject_event+0x1c8/0x330 [ 60.568157][ T3633] evdev_write+0x434/0x760 [ 60.572756][ T3633] vfs_write+0x2db/0xdd0 [ 60.577195][ T3633] ksys_write+0x1ec/0x250 [ 60.581717][ T3633] do_syscall_64+0x39/0xb0 [ 60.586326][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.592410][ T3633] [ 60.594726][ T3633] -> (&f->f_owner.lock){....}-{2:2} { [ 60.600122][ T3633] INITIAL USE at: [ 60.604012][ T3633] lock_acquire+0x1e3/0x630 [ 60.610102][ T3633] _raw_write_lock_irq+0x36/0x50 [ 60.616614][ T3633] f_modown+0x2a/0x390 [ 60.622257][ T3633] do_fcntl+0xb1c/0x11c0 [ 60.628104][ T3633] __x64_sys_fcntl+0x163/0x1d0 [ 60.634444][ T3633] do_syscall_64+0x39/0xb0 [ 60.640442][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.647916][ T3633] INITIAL READ USE at: [ 60.652245][ T3633] lock_acquire+0x1e3/0x630 [ 60.658762][ T3633] _raw_read_lock_irqsave+0x74/0x90 [ 60.665970][ T3633] send_sigio+0x28/0x390 [ 60.672222][ T3633] kill_fasync+0x1fc/0x480 [ 60.678649][ T3633] evdev_pass_values.part.0+0x667/0x960 [ 60.686201][ T3633] evdev_events+0x35d/0x3e0 [ 60.692710][ T3633] input_to_handler+0x2a0/0x4c0 [ 60.699569][ T3633] input_pass_values.part.0+0x230/0x710 [ 60.707129][ T3633] input_event_dispose+0x5cf/0x730 [ 60.714253][ T3633] input_handle_event+0x120/0xe70 [ 60.721293][ T3633] input_inject_event+0x1c8/0x330 [ 60.728331][ T3633] evdev_write+0x434/0x760 [ 60.735185][ T3633] vfs_write+0x2db/0xdd0 [ 60.741473][ T3633] ksys_write+0x1ec/0x250 [ 60.747818][ T3633] do_syscall_64+0x39/0xb0 [ 60.754252][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.762161][ T3633] } [ 60.764651][ T3633] ... key at: [] __key.5+0x0/0x40 [ 60.771776][ T3633] ... acquired at: [ 60.775569][ T3633] _raw_read_lock_irqsave+0x74/0x90 [ 60.780959][ T3633] send_sigio+0x28/0x390 [ 60.785389][ T3633] kill_fasync+0x1fc/0x480 [ 60.790012][ T3633] evdev_pass_values.part.0+0x667/0x960 [ 60.795832][ T3633] evdev_events+0x35d/0x3e0 [ 60.800516][ T3633] input_to_handler+0x2a0/0x4c0 [ 60.805552][ T3633] input_pass_values.part.0+0x230/0x710 [ 60.811287][ T3633] input_event_dispose+0x5cf/0x730 [ 60.816601][ T3633] input_handle_event+0x120/0xe70 [ 60.821814][ T3633] input_inject_event+0x1c8/0x330 [ 60.827027][ T3633] evdev_write+0x434/0x760 [ 60.831629][ T3633] vfs_write+0x2db/0xdd0 [ 60.836066][ T3633] ksys_write+0x1ec/0x250 [ 60.840588][ T3633] do_syscall_64+0x39/0xb0 [ 60.845199][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.851279][ T3633] [ 60.853595][ T3633] [ 60.853595][ T3633] the dependencies between the lock to be acquired [ 60.853605][ T3633] and HARDIRQ-irq-unsafe lock: [ 60.867201][ T3633] -> (tasklist_lock){.+.+}-{2:2} { [ 60.872335][ T3633] HARDIRQ-ON-R at: [ 60.876312][ T3633] lock_acquire+0x1e3/0x630 [ 60.882480][ T3633] _raw_read_lock+0x5f/0x70 [ 60.888645][ T3633] do_wait+0x2b7/0xd70 [ 60.894374][ T3633] kernel_wait+0xa0/0x150 [ 60.900366][ T3633] call_usermodehelper_exec_work+0xf9/0x180 [ 60.907925][ T3633] process_one_work+0x9bf/0x1710 [ 60.914526][ T3633] worker_thread+0x669/0x1090 [ 60.920855][ T3633] kthread+0x2e8/0x3a0 [ 60.926759][ T3633] ret_from_fork+0x1f/0x30 [ 60.932929][ T3633] SOFTIRQ-ON-R at: [ 60.936905][ T3633] lock_acquire+0x1e3/0x630 [ 60.943078][ T3633] _raw_read_lock+0x5f/0x70 [ 60.949241][ T3633] do_wait+0x2b7/0xd70 [ 60.954970][ T3633] kernel_wait+0xa0/0x150 [ 60.960963][ T3633] call_usermodehelper_exec_work+0xf9/0x180 [ 60.968524][ T3633] process_one_work+0x9bf/0x1710 [ 60.975124][ T3633] worker_thread+0x669/0x1090 [ 60.981456][ T3633] kthread+0x2e8/0x3a0 [ 60.987189][ T3633] ret_from_fork+0x1f/0x30 [ 60.993266][ T3633] INITIAL USE at: [ 60.997158][ T3633] lock_acquire+0x1e3/0x630 [ 61.003238][ T3633] _raw_write_lock_irq+0x36/0x50 [ 61.009757][ T3633] copy_process+0x43c5/0x7190 [ 61.015997][ T3633] kernel_clone+0xeb/0x980 [ 61.021982][ T3633] user_mode_thread+0xb1/0xf0 [ 61.028224][ T3633] rest_init+0x27/0x270 [ 61.033949][ T3633] arch_call_rest_init+0x13/0x1c [ 61.040463][ T3633] start_kernel+0x477/0x498 [ 61.046548][ T3633] secondary_startup_64_no_verify+0xce/0xdb [ 61.054031][ T3633] INITIAL READ USE at: [ 61.058374][ T3633] lock_acquire+0x1e3/0x630 [ 61.064901][ T3633] _raw_read_lock+0x5f/0x70 [ 61.071420][ T3633] do_wait+0x2b7/0xd70 [ 61.077522][ T3633] kernel_wait+0xa0/0x150 [ 61.083884][ T3633] call_usermodehelper_exec_work+0xf9/0x180 [ 61.091796][ T3633] process_one_work+0x9bf/0x1710 [ 61.098738][ T3633] worker_thread+0x669/0x1090 [ 61.105415][ T3633] kthread+0x2e8/0x3a0 [ 61.111496][ T3633] ret_from_fork+0x1f/0x30 [ 61.117924][ T3633] } [ 61.120416][ T3633] ... key at: [] tasklist_lock+0x18/0x40 [ 61.128153][ T3633] ... acquired at: [ 61.131948][ T3633] lock_acquire+0x1e3/0x630 [ 61.136639][ T3633] _raw_read_lock+0x5f/0x70 [ 61.141327][ T3633] send_sigio+0xaf/0x390 [ 61.145752][ T3633] kill_fasync+0x1fc/0x480 [ 61.150352][ T3633] lease_break_callback+0x23/0x30 [ 61.155554][ T3633] __break_lease+0x3e2/0x1590 [ 61.160410][ T3633] do_dentry_open+0x65e/0x13f0 [ 61.165354][ T3633] path_openat+0x1bf6/0x2860 [ 61.170135][ T3633] do_filp_open+0x1ba/0x410 [ 61.174827][ T3633] do_sys_openat2+0x16d/0x4c0 [ 61.179717][ T3633] __x64_sys_creat+0xcd/0x120 [ 61.184679][ T3633] do_syscall_64+0x39/0xb0 [ 61.189306][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.195395][ T3633] [ 61.197713][ T3633] [ 61.197713][ T3633] stack backtrace: [ 61.203603][ T3633] CPU: 0 PID: 3633 Comm: syz-executor161 Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 61.214026][ T3633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 61.224354][ T3633] Call Trace: [ 61.227635][ T3633] [ 61.230566][ T3633] dump_stack_lvl+0xd1/0x138 [ 61.235176][ T3633] check_irq_usage.cold+0x4e4/0x761 [ 61.240402][ T3633] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 61.247539][ T3633] ? write_profile+0x410/0x410 [ 61.252329][ T3633] ? check_path.constprop.0+0x24/0x50 [ 61.257723][ T3633] ? stack_trace_save+0x90/0xc0 [ 61.262596][ T3633] __lock_acquire+0x2a5b/0x56d0 [ 61.267556][ T3633] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 61.273563][ T3633] lock_acquire+0x1e3/0x630 [ 61.278088][ T3633] ? send_sigio+0xaf/0x390 [ 61.282519][ T3633] ? lock_release+0x810/0x810 [ 61.287210][ T3633] ? lock_release+0x810/0x810 [ 61.291901][ T3633] ? lock_release+0x810/0x810 [ 61.296597][ T3633] _raw_read_lock+0x5f/0x70 [ 61.301166][ T3633] ? send_sigio+0xaf/0x390 [ 61.305610][ T3633] send_sigio+0xaf/0x390 [ 61.309878][ T3633] kill_fasync+0x1fc/0x480 [ 61.314322][ T3633] lease_break_callback+0x23/0x30 [ 61.319368][ T3633] __break_lease+0x3e2/0x1590 [ 61.324056][ T3633] ? locks_remove_posix+0x610/0x610 [ 61.329267][ T3633] ? selinux_inode_create+0x30/0x30 [ 61.334476][ T3633] ? fsnotify_perm.part.0+0x221/0x610 [ 61.339867][ T3633] do_dentry_open+0x65e/0x13f0 [ 61.344656][ T3633] path_openat+0x1bf6/0x2860 [ 61.349253][ T3633] ? path_lookupat+0x840/0x840 [ 61.354025][ T3633] do_filp_open+0x1ba/0x410 [ 61.358657][ T3633] ? may_open_dev+0xf0/0xf0 [ 61.363188][ T3633] ? find_held_lock+0x2d/0x110 [ 61.367991][ T3633] ? do_raw_spin_lock+0x124/0x2b0 [ 61.373042][ T3633] ? rwlock_bug.part.0+0x90/0x90 [ 61.378007][ T3633] ? _raw_spin_unlock+0x28/0x40 [ 61.382871][ T3633] ? alloc_fd+0x2d8/0x6d0 [ 61.387221][ T3633] do_sys_openat2+0x16d/0x4c0 [ 61.391915][ T3633] ? find_held_lock+0x2d/0x110 [ 61.396691][ T3633] ? build_open_flags+0x6f0/0x6f0 [ 61.401730][ T3633] ? ptrace_notify+0xfe/0x140 [ 61.406426][ T3633] ? lock_downgrade+0x6e0/0x6e0 [ 61.411299][ T3633] __x64_sys_creat+0xcd/0x120 [ 61.415995][ T3633] ? __x64_compat_sys_openat+0x1f0/0x1f0 [ 61.421642][ T3633] ? _raw_spin_unlock_irq+0x2e/0x50 [ 61.426854][ T3633] ? ptrace_notify+0xfe/0x140 [ 61.431555][ T3633] ? syscall_trace_enter.constprop.0+0xb0/0x250 [ 61.437820][ T3633] do_syscall_64+0x39/0xb0 [ 61.442258][ T3633] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.448174][ T3633] RIP: 0033:0x7fe17fb2c749 [ 61.452589][ T3633] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 61.472198][ T3633] RSP: 002b:00007ffd3282f738 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 61.480613][ T3633] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe17fb2c749 [ 61.488582][ T3633] RDX: 00007fe17fb2c749 RSI: 0000000000000000 RDI: 0000000020001440 [ 61.496551][ T3633] RBP: 00007fe17faec250 R08: 0000000000000000 R09: 0000000000000000 [ 61.504520][ T3633] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe17faec2e0 [ 61.512489][ T3633] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 61.520465][ T3633]