Hello,
syzbot found the following issue on:
HEAD commit: cb690f5238d7 Merge tag 'for-5.16/drivers-2021-11-09' of gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=165fd58ab00000
kernel config: https://syzkaller.appspot.com/x/.config?x=9d7259f0deb293aa
dashboard link: https://syzkaller.appspot.com/bug?extid=d4c06e848a1c1f9f726f
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: i386
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
5.15.0-syzkaller #0 Not tainted
-----------------------------------------------------
syz-executor.4/9861 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffff88804ad623b8 (&f->f_owner.lock){...-}-{2:2}, at: send_sigio+0x24/0x380 fs/fcntl.c:796
and this task is already holding:
ffff88804c887018 (&new->fa_lock){....}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1014 [inline]
ffff88804c887018 (&new->fa_lock){....}-{2:2}, at: kill_fasync fs/fcntl.c:1035 [inline]
ffff88804c887018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x136/0x470 fs/fcntl.c:1028
which would create a new lock dependency:
(&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){...-}-{2:2}
but this new dependency connects a HARDIRQ-irq-safe lock:
(&dev->event_lock){-...}-{2:2}
... which became HARDIRQ-irq-safe at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
input_event drivers/input/input.c:445 [inline]
input_event+0x7b/0xb0 drivers/input/input.c:438
input_report_key include/linux/input.h:425 [inline]
psmouse_report_standard_buttons+0x2c/0x80 drivers/input/mouse/psmouse-base.c:123
psmouse_report_standard_packet drivers/input/mouse/psmouse-base.c:141 [inline]
psmouse_process_byte+0x1e1/0x890 drivers/input/mouse/psmouse-base.c:232
psmouse_handle_byte+0x41/0x1b0 drivers/input/mouse/psmouse-base.c:274
psmouse_interrupt+0x304/0xf00 drivers/input/mouse/psmouse-base.c:426
serio_interrupt+0x88/0x150 drivers/input/serio/serio.c:1001
i8042_interrupt+0x27a/0x520 drivers/input/serio/i8042.c:602
__handle_irq_event_percpu+0x303/0x8f0 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:198 [inline]
handle_irq_event+0x102/0x280 kernel/irq/handle.c:215
handle_edge_irq+0x25f/0xd00 kernel/irq/chip.c:822
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq arch/x86/kernel/irq.c:231 [inline]
__common_interrupt+0x9d/0x210 arch/x86/kernel/irq.c:250
common_interrupt+0xa4/0xc0 arch/x86/kernel/irq.c:240
asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:629
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0x38/0x70 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:404 [inline]
klist_next+0x288/0x510 lib/klist.c:401
next_device drivers/base/bus.c:258 [inline]
bus_for_each_dev+0x10d/0x1d0 drivers/base/bus.c:300
bus_add_driver+0x41d/0x630 drivers/base/bus.c:618
driver_register+0x220/0x3a0 drivers/base/driver.c:171
usb_register_driver+0x249/0x460 drivers/usb/core/driver.c:1061
do_one_initcall+0x103/0x650 init/main.c:1297
do_initcall_level init/main.c:1370 [inline]
do_initcalls init/main.c:1386 [inline]
do_basic_setup init/main.c:1405 [inline]
kernel_init_freeable+0x6b1/0x73a init/main.c:1610
kernel_init+0x1a/0x1d0 init/main.c:1499
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
to a HARDIRQ-irq-unsafe lock:
(tasklist_lock){.+.?}-{2:2}
... which became HARDIRQ-irq-unsafe at:
...
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1511
kernel_wait+0x9c/0x150 kernel/exit.c:1701
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
other info that might help us debug this:
Chain exists of:
&dev->event_lock --> &new->fa_lock --> tasklist_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(tasklist_lock);
local_irq_disable();
lock(&dev->event_lock);
lock(&new->fa_lock);
<Interrupt>
lock(&dev->event_lock);
*** DEADLOCK ***
8 locks held by syz-executor.4/9861:
#0: ffff88801e33b110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 drivers/input/evdev.c:513
#1: ffff88801dfc0230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xa6/0x320 drivers/input/input.c:471
#2: ffffffff8b983a20 (rcu_read_lock){....}-{1:2}, at: is_event_supported drivers/input/input.c:53 [inline]
#2: ffffffff8b983a20 (rcu_read_lock){....}-{1:2}, at: is_event_supported drivers/input/input.c:50 [inline]
#2: ffffffff8b983a20 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x320 drivers/input/input.c:470
#3: ffffffff8b983a20 (rcu_read_lock){....}-{1:2}, at: input_dev_toggle drivers/input/input.c:1712 [inline]
#3: ffffffff8b983a20 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 drivers/input/input.c:1832
#4: ffffffff8b983a20 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 drivers/input/evdev.c:296
#5: ffff888044df9028 (&client->buffer_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline]
#5: ffff888044df9028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 drivers/input/evdev.c:261
#6: ffffffff8b983a20 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x41/0x470 fs/fcntl.c:1033
#7: ffff88804c887018 (&new->fa_lock){....}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1014 [inline]
#7: ffff88804c887018 (&new->fa_lock){....}-{2:2}, at: kill_fasync fs/fcntl.c:1035 [inline]
#7: ffff88804c887018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x136/0x470 fs/fcntl.c:1028
the dependencies between HARDIRQ-irq-safe lock and the holding lock:
-> (&dev->event_lock){-...}-{2:2} {
IN-HARDIRQ-W at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
input_event drivers/input/input.c:445 [inline]
input_event+0x7b/0xb0 drivers/input/input.c:438
input_report_key include/linux/input.h:425 [inline]
psmouse_report_standard_buttons+0x2c/0x80 drivers/input/mouse/psmouse-base.c:123
psmouse_report_standard_packet drivers/input/mouse/psmouse-base.c:141 [inline]
psmouse_process_byte+0x1e1/0x890 drivers/input/mouse/psmouse-base.c:232
psmouse_handle_byte+0x41/0x1b0 drivers/input/mouse/psmouse-base.c:274
psmouse_interrupt+0x304/0xf00 drivers/input/mouse/psmouse-base.c:426
serio_interrupt+0x88/0x150 drivers/input/serio/serio.c:1001
i8042_interrupt+0x27a/0x520 drivers/input/serio/i8042.c:602
__handle_irq_event_percpu+0x303/0x8f0 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:198 [inline]
handle_irq_event+0x102/0x280 kernel/irq/handle.c:215
handle_edge_irq+0x25f/0xd00 kernel/irq/chip.c:822
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq arch/x86/kernel/irq.c:231 [inline]
__common_interrupt+0x9d/0x210 arch/x86/kernel/irq.c:250
common_interrupt+0xa4/0xc0 arch/x86/kernel/irq.c:240
asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:629
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0x38/0x70 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:404 [inline]
klist_next+0x288/0x510 lib/klist.c:401
next_device drivers/base/bus.c:258 [inline]
bus_for_each_dev+0x10d/0x1d0 drivers/base/bus.c:300
bus_add_driver+0x41d/0x630 drivers/base/bus.c:618
driver_register+0x220/0x3a0 drivers/base/driver.c:171
usb_register_driver+0x249/0x460 drivers/usb/core/driver.c:1061
do_one_initcall+0x103/0x650 init/main.c:1297
do_initcall_level init/main.c:1370 [inline]
do_initcalls init/main.c:1386 [inline]
do_basic_setup init/main.c:1405 [inline]
kernel_init_freeable+0x6b1/0x73a init/main.c:1610
kernel_init+0x1a/0x1d0 init/main.c:1499
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
input_inject_event+0xa6/0x320 drivers/input/input.c:471
__led_set_brightness drivers/leds/led-core.c:47 [inline]
led_set_brightness_nopm drivers/leds/led-core.c:271 [inline]
led_set_brightness_nosleep+0xe6/0x1a0 drivers/leds/led-core.c:287
led_set_brightness+0x134/0x170 drivers/leds/led-core.c:264
led_trigger_event drivers/leds/led-triggers.c:390 [inline]
led_trigger_event+0xb0/0x200 drivers/leds/led-triggers.c:380
kbd_led_trigger_activate+0xc9/0x100 drivers/tty/vt/keyboard.c:1029
led_trigger_set+0x5d7/0xaf0 drivers/leds/led-triggers.c:197
led_trigger_set_default drivers/leds/led-triggers.c:262 [inline]
led_trigger_set_default+0x1a6/0x230 drivers/leds/led-triggers.c:249
led_classdev_register_ext+0x622/0x850 drivers/leds/led-class.c:417
led_classdev_register include/linux/leds.h:196 [inline]
input_leds_connect+0x4bd/0x860 drivers/input/input-leds.c:139
input_attach_handler+0x180/0x1f0 drivers/input/input.c:1035
input_register_device.cold+0xf0/0x304 drivers/input/input.c:2335
atkbd_connect+0x749/0xa10 drivers/input/keyboard/atkbd.c:1293
serio_connect_driver drivers/input/serio/serio.c:47 [inline]
serio_driver_probe+0x72/0xa0 drivers/input/serio/serio.c:778
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x245/0xcc0 drivers/base/dd.c:596
__driver_probe_device+0x338/0x4d0 drivers/base/dd.c:751
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:781
__driver_attach+0x22d/0x4e0 drivers/base/dd.c:1140
bus_for_each_dev+0x147/0x1d0 drivers/base/bus.c:301
serio_attach_driver drivers/input/serio/serio.c:807 [inline]
serio_handle_event+0x5f6/0xa30 drivers/input/serio/serio.c:227
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
}
... key at: [<ffffffff905ad960>] __key.8+0x0/0x40
-> (&client->buffer_lock){....}-{2:2} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
evdev_pass_values.part.0+0xf6/0x970 drivers/input/evdev.c:261
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
}
... key at: [<ffffffff905adde0>] __key.4+0x0/0x40
... acquired at:
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
evdev_pass_values.part.0+0xf6/0x970 drivers/input/evdev.c:261
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
-> (&new->fa_lock){....}-{2:2} {
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1014 [inline]
kill_fasync fs/fcntl.c:1035 [inline]
kill_fasync+0x136/0x470 fs/fcntl.c:1028
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
}
... key at: [<ffffffff90308bc0>] __key.0+0x0/0x40
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1014 [inline]
kill_fasync fs/fcntl.c:1035 [inline]
kill_fasync+0x136/0x470 fs/fcntl.c:1028
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
the dependencies between the lock to be acquired
and HARDIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.?}-{2:2} {
HARDIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1511
kernel_wait+0x9c/0x150 kernel/exit.c:1701
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
IN-SOFTIRQ-R at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x36/0x70 kernel/locking/spinlock.c:228
send_sigurg+0xad/0xaf0 fs/fcntl.c:851
sk_send_sigurg+0x76/0x310 net/core/sock.c:3172
tcp_check_urg.isra.0+0x1f3/0x710 net/ipv4/tcp_input.c:5567
tcp_urg net/ipv4/tcp_input.c:5608 [inline]
tcp_rcv_established+0x12ab/0x2130 net/ipv4/tcp_input.c:5942
tcp_v4_do_rcv+0x600/0x8d0 net/ipv4/tcp_ipv4.c:1716
tcp_v4_rcv+0x2768/0x3080 net/ipv4/tcp_ipv4.c:2110
ip_protocol_deliver_rcu+0xa7/0xee0 net/ipv4/ip_input.c:204
ip_local_deliver_finish+0x20a/0x370 net/ipv4/ip_input.c:231
NF_HOOK include/linux/netfilter.h:307 [inline]
NF_HOOK include/linux/netfilter.h:301 [inline]
ip_local_deliver+0x1b3/0x200 net/ipv4/ip_input.c:252
dst_input include/net/dst.h:460 [inline]
ip_rcv_finish+0x1da/0x2f0 net/ipv4/ip_input.c:429
NF_HOOK include/linux/netfilter.h:307 [inline]
NF_HOOK include/linux/netfilter.h:301 [inline]
ip_rcv+0xaa/0xd0 net/ipv4/ip_input.c:540
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5462
__netif_receive_skb+0x24/0x1b0 net/core/dev.c:5576
process_backlog+0x2a5/0x6c0 net/core/dev.c:6452
__napi_poll+0xaf/0x440 net/core/dev.c:7017
napi_poll net/core/dev.c:7084 [inline]
net_rx_action+0x801/0xb40 net/core/dev.c:7171
__do_softirq+0x29b/0x9c2 kernel/softirq.c:558
invoke_softirq kernel/softirq.c:432 [inline]
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:636
irq_exit_rcu+0x5/0x20 kernel/softirq.c:648
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
freezer_do_not_count include/linux/freezer.h:109 [inline]
freezable_schedule include/linux/freezer.h:171 [inline]
do_nanosleep+0x223/0x690 kernel/time/hrtimer.c:2044
hrtimer_nanosleep+0x1f9/0x4a0 kernel/time/hrtimer.c:2097
common_nsleep+0xa2/0xc0 kernel/time/posix-timers.c:1227
__do_sys_clock_nanosleep kernel/time/posix-timers.c:1267 [inline]
__se_sys_clock_nanosleep kernel/time/posix-timers.c:1245 [inline]
__ia32_sys_clock_nanosleep+0x2f4/0x430 kernel/time/posix-timers.c:1245
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
SOFTIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1511
kernel_wait+0x9c/0x150 kernel/exit.c:1701
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_write_lock_irq include/linux/rwlock_api_smp.h:194 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:316
copy_process+0x36c0/0x75a0 kernel/fork.c:2310
kernel_clone+0xe7/0xab0 kernel/fork.c:2581
kernel_thread+0xb5/0xf0 kernel/fork.c:2633
rest_init+0x23/0x3e0 init/main.c:690
start_kernel+0x47a/0x49b init/main.c:1135
secondary_startup_64_no_verify+0xb0/0xbb
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1511
kernel_wait+0x9c/0x150 kernel/exit.c:1701
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
}
... key at: [<ffffffff8b60a098>] tasklist_lock+0x18/0x40
... acquired at:
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
send_sigurg+0xad/0xaf0 fs/fcntl.c:851
sk_send_sigurg+0x76/0x310 net/core/sock.c:3172
tcp_check_urg.isra.0+0x1f3/0x710 net/ipv4/tcp_input.c:5567
tcp_urg net/ipv4/tcp_input.c:5608 [inline]
tcp_rcv_established+0x12ab/0x2130 net/ipv4/tcp_input.c:5942
tcp_v4_do_rcv+0x600/0x8d0 net/ipv4/tcp_ipv4.c:1716
sk_backlog_rcv include/net/sock.h:1030 [inline]
__release_sock+0x134/0x3b0 net/core/sock.c:2768
release_sock+0x54/0x1b0 net/core/sock.c:3300
sk_stream_wait_memory+0x604/0xed0 net/core/stream.c:145
tcp_sendmsg_locked+0x7c1/0x2c60 net/ipv4/tcp.c:1384
tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1422
inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:724
__sys_sendto+0x21c/0x320 net/socket.c:2036
__do_sys_sendto net/socket.c:2048 [inline]
__se_sys_sendto net/socket.c:2044 [inline]
__ia32_sys_sendto+0xdb/0x1b0 net/socket.c:2044
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
-> (&f->f_owner.lock){...-}-{2:2} {
IN-SOFTIRQ-R at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x45/0x90 kernel/locking/spinlock.c:236
send_sigurg+0x1e/0xaf0 fs/fcntl.c:835
sk_send_sigurg+0x76/0x310 net/core/sock.c:3172
tcp_check_urg.isra.0+0x1f3/0x710 net/ipv4/tcp_input.c:5567
tcp_urg net/ipv4/tcp_input.c:5608 [inline]
tcp_rcv_established+0x12ab/0x2130 net/ipv4/tcp_input.c:5942
tcp_v6_do_rcv+0x461/0x1320 net/ipv6/tcp_ipv6.c:1522
tcp_v6_rcv+0x236d/0x2cb0 net/ipv6/tcp_ipv6.c:1765
ip6_protocol_deliver_rcu+0x2e9/0x1ca0 net/ipv6/ip6_input.c:422
ip6_input_finish+0x62/0x170 net/ipv6/ip6_input.c:463
NF_HOOK include/linux/netfilter.h:307 [inline]
NF_HOOK include/linux/netfilter.h:301 [inline]
ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:472
dst_input include/net/dst.h:460 [inline]
ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline]
NF_HOOK include/linux/netfilter.h:307 [inline]
NF_HOOK include/linux/netfilter.h:301 [inline]
ipv6_rcv+0x28c/0x3c0 net/ipv6/ip6_input.c:297
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5462
__netif_receive_skb+0x24/0x1b0 net/core/dev.c:5576
process_backlog+0x2a5/0x6c0 net/core/dev.c:6452
__napi_poll+0xaf/0x440 net/core/dev.c:7017
napi_poll net/core/dev.c:7084 [inline]
net_rx_action+0x801/0xb40 net/core/dev.c:7171
__do_softirq+0x29b/0x9c2 kernel/softirq.c:558
run_ksoftirqd kernel/softirq.c:920 [inline]
run_ksoftirqd+0x2d/0x60 kernel/softirq.c:912
smpboot_thread_fn+0x645/0x9c0 kernel/smpboot.c:164
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_write_lock_irq include/linux/rwlock_api_smp.h:194 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:316
f_modown+0x2a/0x390 fs/fcntl.c:91
__f_setown fs/fcntl.c:110 [inline]
f_setown+0xd7/0x230 fs/fcntl.c:138
do_fcntl+0x749/0x1210 fs/fcntl.c:393
do_compat_fcntl64+0x2ce/0x610 fs/fcntl.c:676
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock_irq include/linux/rwlock_api_smp.h:168 [inline]
_raw_read_lock_irq+0x63/0x80 kernel/locking/spinlock.c:244
f_getown_ex fs/fcntl.c:212 [inline]
do_fcntl+0x8af/0x1210 fs/fcntl.c:396
do_compat_fcntl64+0x2ce/0x610 fs/fcntl.c:676
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
}
... key at: [<ffffffff90307de0>] __key.5+0x0/0x40
... acquired at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
send_sigio+0x24/0x380 fs/fcntl.c:796
kill_fasync_rcu fs/fcntl.c:1021 [inline]
kill_fasync fs/fcntl.c:1035 [inline]
kill_fasync+0x1f8/0x470 fs/fcntl.c:1028
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
stack backtrace:
CPU: 0 PID: 9861 Comm: syz-executor.4 Not tainted 5.15.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_bad_irq_dependency kernel/locking/lockdep.c:2577 [inline]
check_irq_usage.cold+0x4c1/0x6b0 kernel/locking/lockdep.c:2816
check_prev_add kernel/locking/lockdep.c:3067 [inline]
check_prevs_add kernel/locking/lockdep.c:3186 [inline]
validate_chain kernel/locking/lockdep.c:3801 [inline]
__lock_acquire+0x2a1f/0x54a0 kernel/locking/lockdep.c:5027
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
send_sigio+0x24/0x380 fs/fcntl.c:796
kill_fasync_rcu fs/fcntl.c:1021 [inline]
kill_fasync fs/fcntl.c:1035 [inline]
kill_fasync+0x1f8/0x470 fs/fcntl.c:1028
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
RIP: 0023:0xf6e7b549
Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f44755fc EFLAGS: 00000296 ORIG_RAX: 0000000000000004
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040
RDX: 0000000000000373 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
----------------
Code disassembly (best guess):
0: 03 74 c0 01 add 0x1(%rax,%rax,8),%esi
4: 10 05 03 74 b8 01 adc %al,0x1b87403(%rip) # 0x1b8740d
a: 10 06 adc %al,(%rsi)
c: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi
10: 10 07 adc %al,(%rdi)
12: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
16: 10 08 adc %cl,(%rax)
18: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
1c: 00 00 add %al,(%rax)
1e: 00 00 add %al,(%rax)
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24: 89 e5 mov %esp,%ebp
26: 0f 34 sysenter
28: cd 80 int $0x80
* 2a: 5d pop %rbp <-- trapping instruction
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 retq
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
39: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot has found a reproducer for the following issue on:
HEAD commit: 90d9fbc16b69 Merge tag 'usb-5.16-rc5' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15996741b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=221ffc09e39ebbd1
dashboard link: https://syzkaller.appspot.com/bug?extid=d4c06e848a1c1f9f726f
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=108f4d4db00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17a0f551b00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
5.16.0-rc4-syzkaller #0 Not tainted
-----------------------------------------------------
syz-executor835/3750 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff8b80a098 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xab/0x380 fs/fcntl.c:810
and this task is already holding:
ffff88801c0172b8 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x24/0x380 fs/fcntl.c:796
which would create a new lock dependency:
(&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2}
but this new dependency connects a HARDIRQ-irq-safe lock:
(&dev->event_lock){-...}-{2:2}
... which became HARDIRQ-irq-safe at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
input_event drivers/input/input.c:445 [inline]
input_event+0x7b/0xb0 drivers/input/input.c:438
input_report_key include/linux/input.h:425 [inline]
psmouse_report_standard_buttons+0x2c/0x80 drivers/input/mouse/psmouse-base.c:123
psmouse_report_standard_packet drivers/input/mouse/psmouse-base.c:141 [inline]
psmouse_process_byte+0x1e1/0x890 drivers/input/mouse/psmouse-base.c:232
psmouse_handle_byte+0x41/0x1b0 drivers/input/mouse/psmouse-base.c:274
psmouse_interrupt+0x304/0xf00 drivers/input/mouse/psmouse-base.c:426
serio_interrupt+0x88/0x150 drivers/input/serio/serio.c:1001
i8042_interrupt+0x27a/0x520 drivers/input/serio/i8042.c:602
__handle_irq_event_percpu+0x303/0x8f0 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:198 [inline]
handle_irq_event+0x102/0x280 kernel/irq/handle.c:215
handle_edge_irq+0x25f/0xd00 kernel/irq/chip.c:822
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq arch/x86/kernel/irq.c:231 [inline]
__common_interrupt+0x9d/0x210 arch/x86/kernel/irq.c:250
common_interrupt+0xa4/0xc0 arch/x86/kernel/irq.c:240
asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:629
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0x38/0x70 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:404 [inline]
i8042_command+0x12e/0x150 drivers/input/serio/i8042.c:352
i8042_aux_write+0xd7/0x120 drivers/input/serio/i8042.c:387
serio_write include/linux/serio.h:125 [inline]
ps2_do_sendbyte+0x2cd/0x710 drivers/input/serio/libps2.c:40
ps2_sendbyte+0x58/0x150 drivers/input/serio/libps2.c:92
cypress_ps2_sendbyte+0x2e/0x160 drivers/input/mouse/cypress_ps2.c:42
cypress_ps2_read_cmd_status drivers/input/mouse/cypress_ps2.c:116 [inline]
cypress_send_ext_cmd+0x1d0/0x8e0 drivers/input/mouse/cypress_ps2.c:189
cypress_detect+0x75/0x190 drivers/input/mouse/cypress_ps2.c:205
psmouse_do_detect drivers/input/mouse/psmouse-base.c:1009 [inline]
psmouse_try_protocol+0x211/0x370 drivers/input/mouse/psmouse-base.c:1023
psmouse_extensions+0x557/0x930 drivers/input/mouse/psmouse-base.c:1146
psmouse_switch_protocol+0x52a/0x740 drivers/input/mouse/psmouse-base.c:1542
psmouse_connect+0x5e9/0xfb0 drivers/input/mouse/psmouse-base.c:1632
serio_connect_driver drivers/input/serio/serio.c:47 [inline]
serio_driver_probe+0x72/0xa0 drivers/input/serio/serio.c:778
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x245/0xcc0 drivers/base/dd.c:596
__driver_probe_device+0x338/0x4d0 drivers/base/dd.c:751
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:781
__driver_attach+0x22d/0x4e0 drivers/base/dd.c:1140
bus_for_each_dev+0x147/0x1d0 drivers/base/bus.c:301
serio_attach_driver drivers/input/serio/serio.c:807 [inline]
serio_handle_event+0x5f6/0xa30 drivers/input/serio/serio.c:227
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
to a HARDIRQ-irq-unsafe lock:
(tasklist_lock){.+.+}-{2:2}
... which became HARDIRQ-irq-unsafe at:
...
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1511
kernel_wait+0x9c/0x150 kernel/exit.c:1701
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
other info that might help us debug this:
Chain exists of:
&dev->event_lock --> &f->f_owner.lock --> tasklist_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(tasklist_lock);
local_irq_disable();
lock(&dev->event_lock);
lock(&f->f_owner.lock);
<Interrupt>
lock(&dev->event_lock);
*** DEADLOCK ***
9 locks held by syz-executor835/3750:
#0: ffff88801df50110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 drivers/input/evdev.c:513
#1: ffff8881468e8230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xa6/0x320 drivers/input/input.c:471
#2: ffffffff8bb83e60 (rcu_read_lock){....}-{1:2}, at: is_event_supported drivers/input/input.c:53 [inline]
#2: ffffffff8bb83e60 (rcu_read_lock){....}-{1:2}, at: is_event_supported drivers/input/input.c:50 [inline]
#2: ffffffff8bb83e60 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x320 drivers/input/input.c:470
#3: ffffffff8bb83e60 (rcu_read_lock){....}-{1:2}, at: input_dev_toggle drivers/input/input.c:1712 [inline]
#3: ffffffff8bb83e60 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 drivers/input/input.c:1832
#4: ffffffff8bb83e60 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 drivers/input/evdev.c:296
#5: ffff8880741ae028 (&client->buffer_lock){....}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline]
#5: ffff8880741ae028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 drivers/input/evdev.c:261
#6: ffffffff8bb83e60 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x41/0x470 fs/fcntl.c:1033
#7: ffff88801c739be8 (&new->fa_lock){....}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1014 [inline]
#7: ffff88801c739be8 (&new->fa_lock){....}-{2:2}, at: kill_fasync fs/fcntl.c:1035 [inline]
#7: ffff88801c739be8 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x136/0x470 fs/fcntl.c:1028
#8: ffff88801c0172b8 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x24/0x380 fs/fcntl.c:796
the dependencies between HARDIRQ-irq-safe lock and the holding lock:
-> (&dev->event_lock){-...}-{2:2} {
IN-HARDIRQ-W at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
input_event drivers/input/input.c:445 [inline]
input_event+0x7b/0xb0 drivers/input/input.c:438
input_report_key include/linux/input.h:425 [inline]
psmouse_report_standard_buttons+0x2c/0x80 drivers/input/mouse/psmouse-base.c:123
psmouse_report_standard_packet drivers/input/mouse/psmouse-base.c:141 [inline]
psmouse_process_byte+0x1e1/0x890 drivers/input/mouse/psmouse-base.c:232
psmouse_handle_byte+0x41/0x1b0 drivers/input/mouse/psmouse-base.c:274
psmouse_interrupt+0x304/0xf00 drivers/input/mouse/psmouse-base.c:426
serio_interrupt+0x88/0x150 drivers/input/serio/serio.c:1001
i8042_interrupt+0x27a/0x520 drivers/input/serio/i8042.c:602
__handle_irq_event_percpu+0x303/0x8f0 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:198 [inline]
handle_irq_event+0x102/0x280 kernel/irq/handle.c:215
handle_edge_irq+0x25f/0xd00 kernel/irq/chip.c:822
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq arch/x86/kernel/irq.c:231 [inline]
__common_interrupt+0x9d/0x210 arch/x86/kernel/irq.c:250
common_interrupt+0xa4/0xc0 arch/x86/kernel/irq.c:240
asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:629
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0x38/0x70 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:404 [inline]
i8042_command+0x12e/0x150 drivers/input/serio/i8042.c:352
i8042_aux_write+0xd7/0x120 drivers/input/serio/i8042.c:387
serio_write include/linux/serio.h:125 [inline]
ps2_do_sendbyte+0x2cd/0x710 drivers/input/serio/libps2.c:40
ps2_sendbyte+0x58/0x150 drivers/input/serio/libps2.c:92
cypress_ps2_sendbyte+0x2e/0x160 drivers/input/mouse/cypress_ps2.c:42
cypress_ps2_read_cmd_status drivers/input/mouse/cypress_ps2.c:116 [inline]
cypress_send_ext_cmd+0x1d0/0x8e0 drivers/input/mouse/cypress_ps2.c:189
cypress_detect+0x75/0x190 drivers/input/mouse/cypress_ps2.c:205
psmouse_do_detect drivers/input/mouse/psmouse-base.c:1009 [inline]
psmouse_try_protocol+0x211/0x370 drivers/input/mouse/psmouse-base.c:1023
psmouse_extensions+0x557/0x930 drivers/input/mouse/psmouse-base.c:1146
psmouse_switch_protocol+0x52a/0x740 drivers/input/mouse/psmouse-base.c:1542
psmouse_connect+0x5e9/0xfb0 drivers/input/mouse/psmouse-base.c:1632
serio_connect_driver drivers/input/serio/serio.c:47 [inline]
serio_driver_probe+0x72/0xa0 drivers/input/serio/serio.c:778
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x245/0xcc0 drivers/base/dd.c:596
__driver_probe_device+0x338/0x4d0 drivers/base/dd.c:751
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:781
__driver_attach+0x22d/0x4e0 drivers/base/dd.c:1140
bus_for_each_dev+0x147/0x1d0 drivers/base/bus.c:301
serio_attach_driver drivers/input/serio/serio.c:807 [inline]
serio_handle_event+0x5f6/0xa30 drivers/input/serio/serio.c:227
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
input_inject_event+0xa6/0x320 drivers/input/input.c:471
__led_set_brightness drivers/leds/led-core.c:47 [inline]
led_set_brightness_nopm drivers/leds/led-core.c:271 [inline]
led_set_brightness_nosleep+0xe6/0x1a0 drivers/leds/led-core.c:287
led_set_brightness+0x134/0x170 drivers/leds/led-core.c:264
led_trigger_event drivers/leds/led-triggers.c:390 [inline]
led_trigger_event+0xb0/0x200 drivers/leds/led-triggers.c:380
kbd_led_trigger_activate+0xc9/0x100 drivers/tty/vt/keyboard.c:1029
led_trigger_set+0x5d7/0xaf0 drivers/leds/led-triggers.c:197
led_trigger_set_default drivers/leds/led-triggers.c:262 [inline]
led_trigger_set_default+0x1a6/0x230 drivers/leds/led-triggers.c:249
led_classdev_register_ext+0x622/0x850 drivers/leds/led-class.c:417
led_classdev_register include/linux/leds.h:196 [inline]
input_leds_connect+0x4bd/0x860 drivers/input/input-leds.c:139
input_attach_handler+0x180/0x1f0 drivers/input/input.c:1035
input_register_device.cold+0xf0/0x304 drivers/input/input.c:2335
atkbd_connect+0x749/0xa10 drivers/input/keyboard/atkbd.c:1293
serio_connect_driver drivers/input/serio/serio.c:47 [inline]
serio_driver_probe+0x72/0xa0 drivers/input/serio/serio.c:778
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x245/0xcc0 drivers/base/dd.c:596
__driver_probe_device+0x338/0x4d0 drivers/base/dd.c:751
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:781
__driver_attach+0x22d/0x4e0 drivers/base/dd.c:1140
bus_for_each_dev+0x147/0x1d0 drivers/base/bus.c:301
serio_attach_driver drivers/input/serio/serio.c:807 [inline]
serio_handle_event+0x5f6/0xa30 drivers/input/serio/serio.c:227
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
}
... key at: [<ffffffff907da6e0>] __key.8+0x0/0x40
-> (&client->buffer_lock){....}-{2:2} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
evdev_pass_values.part.0+0xf6/0x970 drivers/input/evdev.c:261
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
}
... key at: [<ffffffff907dab60>] __key.4+0x0/0x40
... acquired at:
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
evdev_pass_values.part.0+0xf6/0x970 drivers/input/evdev.c:261
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> (&new->fa_lock){....}-{2:2} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_write_lock_irq include/linux/rwlock_api_smp.h:194 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:316
fasync_remove_entry+0xb6/0x1f0 fs/fcntl.c:891
fasync_helper+0x9e/0xb0 fs/fcntl.c:994
__fput+0x846/0x9f0 fs/file_table.c:277
task_work_run+0xdd/0x1a0 kernel/task_work.c:164
exit_task_work include/linux/task_work.h:32 [inline]
do_exit+0xc14/0x2b40 kernel/exit.c:832
do_group_exit+0x125/0x310 kernel/exit.c:929
get_signal+0x47d/0x2220 kernel/signal.c:2852
arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
handle_signal_work kernel/entry/common.c:148 [inline]
exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
__syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x44/0xae
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1014 [inline]
kill_fasync fs/fcntl.c:1035 [inline]
kill_fasync+0x136/0x470 fs/fcntl.c:1028
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
}
... key at: [<ffffffff90535bc0>] __key.0+0x0/0x40
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1014 [inline]
kill_fasync fs/fcntl.c:1035 [inline]
kill_fasync+0x136/0x470 fs/fcntl.c:1028
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> (&f->f_owner.lock){....}-{2:2} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_write_lock_irq include/linux/rwlock_api_smp.h:194 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:316
f_modown+0x2a/0x390 fs/fcntl.c:91
__f_setown fs/fcntl.c:110 [inline]
f_setown+0xd7/0x230 fs/fcntl.c:138
do_fcntl+0x749/0x1210 fs/fcntl.c:393
__do_sys_fcntl fs/fcntl.c:472 [inline]
__se_sys_fcntl fs/fcntl.c:457 [inline]
__x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:457
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
send_sigio+0x24/0x380 fs/fcntl.c:796
kill_fasync_rcu fs/fcntl.c:1021 [inline]
kill_fasync fs/fcntl.c:1035 [inline]
kill_fasync+0x1f8/0x470 fs/fcntl.c:1028
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
}
... key at: [<ffffffff90534de0>] __key.5+0x0/0x40
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
send_sigio+0x24/0x380 fs/fcntl.c:796
kill_fasync_rcu fs/fcntl.c:1021 [inline]
kill_fasync fs/fcntl.c:1035 [inline]
kill_fasync+0x1f8/0x470 fs/fcntl.c:1028
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
the dependencies between the lock to be acquired
and HARDIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{2:2} {
HARDIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1511
kernel_wait+0x9c/0x150 kernel/exit.c:1701
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
SOFTIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1511
kernel_wait+0x9c/0x150 kernel/exit.c:1701
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_write_lock_irq include/linux/rwlock_api_smp.h:194 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:316
copy_process+0x36c8/0x75a0 kernel/fork.c:2311
kernel_clone+0xe7/0xab0 kernel/fork.c:2582
kernel_thread+0xb5/0xf0 kernel/fork.c:2634
rest_init+0x23/0x3e0 init/main.c:690
start_kernel+0x47a/0x49b init/main.c:1135
secondary_startup_64_no_verify+0xb0/0xbb
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1511
kernel_wait+0x9c/0x150 kernel/exit.c:1701
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
}
... key at: [<ffffffff8b80a098>] tasklist_lock+0x18/0x40
... acquired at:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
send_sigio+0xab/0x380 fs/fcntl.c:810
kill_fasync_rcu fs/fcntl.c:1021 [inline]
kill_fasync fs/fcntl.c:1035 [inline]
kill_fasync+0x1f8/0x470 fs/fcntl.c:1028
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
stack backtrace:
CPU: 1 PID: 3750 Comm: syz-executor835 Not tainted 5.16.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_bad_irq_dependency kernel/locking/lockdep.c:2577 [inline]
check_irq_usage.cold+0x4c1/0x6b0 kernel/locking/lockdep.c:2816
check_prev_add kernel/locking/lockdep.c:3067 [inline]
check_prevs_add kernel/locking/lockdep.c:3186 [inline]
validate_chain kernel/locking/lockdep.c:3801 [inline]
__lock_acquire+0x2a1f/0x54a0 kernel/locking/lockdep.c:5027
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
send_sigio+0xab/0x380 fs/fcntl.c:810
kill_fasync_rcu fs/fcntl.c:1021 [inline]
kill_fasync fs/fcntl.c:1035 [inline]
kill_fasync+0x1f8/0x470 fs/fcntl.c:1028
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values.part.0+0x64e/0x970 drivers/input/evdev.c:278
evdev_pass_values drivers/input/evdev.c:253 [inline]
evdev_events+0x359/0x3e0 drivers/input/evdev.c:306
input_to_handler+0x2a0/0x4c0 drivers/input/input.c:115
input_pass_values.part.0+0x230/0x710 drivers/input/input.c:145
input_pass_values drivers/input/input.c:134 [inline]
input_handle_event+0x373/0x1440 drivers/input/input.c:404
input_inject_event+0x1bd/0x320 drivers/input/input.c:476
evdev_write+0x430/0x760 drivers/input/evdev.c:530
vfs_write+0x28e/0xae0 fs/read_write.c:588
ksys_write+0x1ee/0x250 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f45cf04c349
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f45ceff62f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f45cf0d04c0 RCX: 00007f45cf04c349
RDX: 0000000000003888 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 00007f45cf09d08c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000200012a8
R13: f36140dfc32eddd6 R14: 0030656c69662f2e R15: 00007f45cf0d04c8
</TASK>
please test deadlock in input_event
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
---
fs/fcntl.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/fcntl.c b/fs/fcntl.c
index 54cc85d3338e..30f4d75fdb03 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -829,7 +829,7 @@ int send_sigurg(struct fown_struct *fown)
struct task_struct *p;
enum pid_type type;
struct pid *pid;
- unsigned long flags;
+ unsigned long flags, read_flags;
int ret = 0;
read_lock_irqsave(&fown->lock, flags);
@@ -848,11 +848,11 @@ int send_sigurg(struct fown_struct *fown)
send_sigurg_to_task(p, fown, type);
rcu_read_unlock();
} else {
- read_lock(&tasklist_lock);
+ read_lock_irqsave(&tasklist_lock, read_flags);
do_each_pid_task(pid, type, p) {
send_sigurg_to_task(p, fown, type);
} while_each_pid_task(pid, type, p);
- read_unlock(&tasklist_lock);
+ read_unlock_irqrestore(&tasklist_lock, read_flags);
}
out_unlock_fown:
read_unlock_irqrestore(&fown->lock, flags);
--
2.34.1
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
ered new interface driver rtsx_usb
[ 7.634517][ T1] usbcore: registered new interface driver viperboard
[ 7.636633][ T1] usbcore: registered new interface driver dln2
[ 7.637993][ T1] usbcore: registered new interface driver pn533_usb
[ 7.644508][ T1] nfcsim 0.2 initialized
[ 7.645311][ T1] usbcore: registered new interface driver port100
[ 7.646749][ T1] usbcore: registered new interface driver nfcmrvl
[ 7.653669][ T1] Loading iSCSI transport class v2.0-870.
[ 7.673487][ T1] virtio_scsi virtio0: 1/0/0 default/read/poll queues
[ 7.682830][ T1] ------------[ cut here ]------------
[ 7.683827][ T1] refcount_t: decrement hit 0; leaking memory.
[ 7.685157][ T1] WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0
[ 7.687468][ T1] Modules linked in:
[ 7.688124][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc4-syzkaller-00113-g2668e3ae2ef3-dirty #0
[ 7.689750][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 7.691310][ T1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[ 7.692391][ T1] Code: b2 00 00 00 e8 f7 25 e7 fc 5b 5d c3 cc cc cc cc e8 eb 25 e7 fc c6 05 b9 a2 e5 0a 01 90 48 c7 c7 80 3d 1f 8c e8 47 c0 a9 fc 90 <0f> 0b 90 90 eb d9 e8 cb 25 e7 fc c6 05 96 a2 e5 0a 01 90 48 c7 c7
[ 7.695171][ T1] RSP: 0000:ffffc90000066e18 EFLAGS: 00010246
[ 7.696459][ T1] RAX: 215871e6f02e7200 RBX: ffff88814072374c RCX: ffff8880166d0000
[ 7.697689][ T1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 7.698819][ T1] RBP: 0000000000000004 R08: ffffffff815880a2 R09: fffffbfff1c39b48
[ 7.699877][ T1] R10: dffffc0000000000 R11: fffffbfff1c39b48 R12: ffffea0000846dc0
[ 7.701019][ T1] R13: ffffea0000846dc8 R14: 1ffffd4000108db9 R15: 0000000000000000
[ 7.702376][ T1] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[ 7.703947][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7.704958][ T1] CR2: ffff88823ffff000 CR3: 000000000e134000 CR4: 00000000003506f0
[ 7.706361][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 7.707631][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 7.708825][ T1] Call Trace:
[ 7.709413][ T1] <TASK>
[ 7.709929][ T1] ? __warn+0x163/0x4e0
[ 7.710644][ T1] ? refcount_warn_saturate+0xfa/0x1d0
[ 7.711650][ T1] ? report_bug+0x2b3/0x500
[ 7.712569][ T1] ? refcount_warn_saturate+0xfa/0x1d0
[ 7.713521][ T1] ? handle_bug+0x3e/0x70
[ 7.714155][ T1] ? exc_invalid_op+0x1a/0x50
[ 7.714820][ T1] ? asm_exc_invalid_op+0x1a/0x20
[ 7.715528][ T1] ? __warn_printk+0x292/0x360
[ 7.716343][ T1] ? refcount_warn_saturate+0xfa/0x1d0
[ 7.717135][ T1] ? refcount_warn_saturate+0xf9/0x1d0
[ 7.718192][ T1] __free_pages_ok+0xc60/0xd90
[ 7.718893][ T1] make_alloc_exact+0xa3/0xf0
[ 7.719753][ T1] vring_alloc_queue_split+0x20a/0x600
[ 7.720878][ T1] ? __pfx_vring_alloc_queue_split+0x10/0x10
[ 7.721837][ T1] ? vp_find_vqs+0x4c/0x4e0
[ 7.722631][ T1] ? virtscsi_probe+0x3ea/0xf60
[ 7.723321][ T1] ? virtio_dev_probe+0x991/0xaf0
[ 7.724085][ T1] ? really_probe+0x2b8/0xad0
[ 7.725035][ T1] ? driver_probe_device+0x50/0x430
[ 7.725939][ T1] vring_create_virtqueue_split+0xc6/0x310
[ 7.726833][ T1] ? ret_from_fork+0x4b/0x80
[ 7.727545][ T1] ? __pfx_vring_create_virtqueue_split+0x10/0x10
[ 7.728856][ T1] vring_create_virtqueue+0xca/0x110
[ 7.729802][ T1] ? __pfx_vp_notify+0x10/0x10
[ 7.730501][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10
[ 7.731766][ T1] setup_vq+0xe9/0x2d0
[ 7.732420][ T1] ? __pfx_vp_notify+0x10/0x10
[ 7.733372][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10
[ 7.734230][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10
[ 7.735111][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10
[ 7.735961][ T1] vp_setup_vq+0xbf/0x330
[ 7.736791][ T1] ? __pfx_vp_config_changed+0x10/0x10
[ 7.738100][ T1] ? ioread16+0x2f/0x90
[ 7.738752][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10
[ 7.739755][ T1] vp_find_vqs_msix+0x8b2/0xc80
[ 7.740621][ T1] vp_find_vqs+0x4c/0x4e0
[ 7.741314][ T1] virtscsi_init+0x8db/0xd00
[ 7.742665][ T1] ? __pfx_virtscsi_init+0x10/0x10
[ 7.743385][ T1] ? __pfx_default_calc_sets+0x10/0x10
[ 7.744188][ T1] ? scsi_host_alloc+0xa57/0xea0
[ 7.744880][ T1] ? vp_get+0xfd/0x140
[ 7.745886][ T1] virtscsi_probe+0x3ea/0xf60
[ 7.746690][ T1] ? __pfx_virtscsi_probe+0x10/0x10
[ 7.747405][ T1] ? kernfs_add_one+0x156/0x8b0
[ 7.748307][ T1] ? virtio_no_restricted_mem_acc+0x9/0x10
[ 7.749465][ T1] ? virtio_features_ok+0x10c/0x270
[ 7.750275][ T1] virtio_dev_probe+0x991/0xaf0
[ 7.751073][ T1] ? __pfx_virtio_dev_probe+0x10/0x10
[ 7.751895][ T1] really_probe+0x2b8/0xad0
[ 7.752754][ T1] __driver_probe_device+0x1a2/0x390
[ 7.754208][ T1] driver_probe_device+0x50/0x430
[ 7.755539][ T1] __driver_attach+0x45f/0x710
[ 7.756521][ T1] ? __pfx___driver_attach+0x10/0x10
[ 7.757862][ T1] bus_for_each_dev+0x239/0x2b0
[ 7.758718][ T1] ? __pfx___driver_attach+0x10/0x10
[ 7.759488][ T1] ? __pfx_bus_for_each_dev+0x10/0x10
[ 7.760237][ T1] ? do_raw_spin_unlock+0x13c/0x8b0
[ 7.761233][ T1] bus_add_driver+0x347/0x620
[ 7.762229][ T1] driver_register+0x23a/0x320
[ 7.763093][ T1] virtio_scsi_init+0x69/0xe0
[ 7.763779][ T1] ? __pfx_virtio_scsi_init+0x10/0x10
[ 7.764701][ T1] do_one_initcall+0x248/0x880
[ 7.765411][ T1] ? __pfx_virtio_scsi_init+0x10/0x10
[ 7.766339][ T1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 7.767256][ T1] ? __pfx_do_one_initcall+0x10/0x10
[ 7.768182][ T1] ? __pfx_parse_args+0x10/0x10
[ 7.769173][ T1] ? do_initcalls+0x1c/0x80
[ 7.770103][ T1] ? rcu_is_watching+0x15/0xb0
[ 7.771124][ T1] do_initcall_level+0x157/0x210
[ 7.772065][ T1] do_initcalls+0x3f/0x80
[ 7.772851][ T1] kernel_init_freeable+0x435/0x5d0
[ 7.773659][ T1] ? __pfx_kernel_init_freeable+0x10/0x10
[ 7.774557][ T1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 7.776278][ T1] ? __pfx_kernel_init+0x10/0x10
[ 7.777202][ T1] ? __pfx_kernel_init+0x10/0x10
[ 7.777966][ T1] ? __pfx_kernel_init+0x10/0x10
[ 7.778686][ T1] kernel_init+0x1d/0x2b0
[ 7.779531][ T1] ret_from_fork+0x4b/0x80
[ 7.780153][ T1] ? __pfx_kernel_init+0x10/0x10
[ 7.780872][ T1] ret_from_fork_asm+0x1a/0x30
[ 7.781578][ T1] </TASK>
[ 7.782050][ T1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 7.783113][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc4-syzkaller-00113-g2668e3ae2ef3-dirty #0
[ 7.784483][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 7.786150][ T1] Call Trace:
[ 7.786150][ T1] <TASK>
[ 7.786150][ T1] dump_stack_lvl+0x241/0x360
[ 7.786150][ T1] ? __pfx_dump_stack_lvl+0x10/0x10
[ 7.786150][ T1] ? __pfx__printk+0x10/0x10
[ 7.786150][ T1] ? _printk+0xd5/0x120
[ 7.786150][ T1] ? vscnprintf+0x5d/0x90
[ 7.786150][ T1] panic+0x349/0x860
[ 7.786150][ T1] ? __warn+0x172/0x4e0
[ 7.786150][ T1] ? __pfx_panic+0x10/0x10
[ 7.786150][ T1] ? show_trace_log_lvl+0x4e6/0x520
[ 7.786150][ T1] ? ret_from_fork_asm+0x1a/0x30
[ 7.786150][ T1] __warn+0x346/0x4e0
[ 7.786150][ T1] ? refcount_warn_saturate+0xfa/0x1d0
[ 7.786150][ T1] report_bug+0x2b3/0x500
[ 7.796183][ T1] ? refcount_warn_saturate+0xfa/0x1d0
[ 7.796183][ T1] handle_bug+0x3e/0x70
[ 7.796183][ T1] exc_invalid_op+0x1a/0x50
[ 7.796183][ T1] asm_exc_invalid_op+0x1a/0x20
[ 7.796183][ T1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[ 7.796183][ T1] Code: b2 00 00 00 e8 f7 25 e7 fc 5b 5d c3 cc cc cc cc e8 eb 25 e7 fc c6 05 b9 a2 e5 0a 01 90 48 c7 c7 80 3d 1f 8c e8 47 c0 a9 fc 90 <0f> 0b 90 90 eb d9 e8 cb 25 e7 fc c6 05 96 a2 e5 0a 01 90 48 c7 c7
[ 7.796183][ T1] RSP: 0000:ffffc90000066e18 EFLAGS: 00010246
[ 7.796183][ T1] RAX: 215871e6f02e7200 RBX: ffff88814072374c RCX: ffff8880166d0000
[ 7.796183][ T1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 7.806084][ T1] RBP: 0000000000000004 R08: ffffffff815880a2 R09: fffffbfff1c39b48
[ 7.806084][ T1] R10: dffffc0000000000 R11: fffffbfff1c39b48 R12: ffffea0000846dc0
[ 7.806084][ T1] R13: ffffea0000846dc8 R14: 1ffffd4000108db9 R15: 0000000000000000
[ 7.806084][ T1] ? __warn_printk+0x292/0x360
[ 7.806084][ T1] ? refcount_warn_saturate+0xf9/0x1d0
[ 7.806084][ T1] __free_pages_ok+0xc60/0xd90
[ 7.806084][ T1] make_alloc_exact+0xa3/0xf0
[ 7.806084][ T1] vring_alloc_queue_split+0x20a/0x600
[ 7.806084][ T1] ? __pfx_vring_alloc_queue_split+0x10/0x10
[ 7.806084][ T1] ? vp_find_vqs+0x4c/0x4e0
[ 7.806084][ T1] ? virtscsi_probe+0x3ea/0xf60
[ 7.816141][ T1] ? virtio_dev_probe+0x991/0xaf0
[ 7.816141][ T1] ? really_probe+0x2b8/0xad0
[ 7.816141][ T1] ? driver_probe_device+0x50/0x430
[ 7.816141][ T1] vring_create_virtqueue_split+0xc6/0x310
[ 7.816141][ T1] ? ret_from_fork+0x4b/0x80
[ 7.816141][ T1] ? __pfx_vring_create_virtqueue_split+0x10/0x10
[ 7.816141][ T1] vring_create_virtqueue+0xca/0x110
[ 7.816141][ T1] ? __pfx_vp_notify+0x10/0x10
[ 7.816141][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10
[ 7.816141][ T1] setup_vq+0xe9/0x2d0
[ 7.816141][ T1] ? __pfx_vp_notify+0x10/0x10
[ 7.816141][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10
[ 7.816141][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10
[ 7.826063][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10
[ 7.826063][ T1] vp_setup_vq+0xbf/0x330
[ 7.826063][ T1] ? __pfx_vp_config_changed+0x10/0x10
[ 7.826063][ T1] ? ioread16+0x2f/0x90
[ 7.826063][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10
[ 7.826063][ T1] vp_find_vqs_msix+0x8b2/0xc80
[ 7.826063][ T1] vp_find_vqs+0x4c/0x4e0
[ 7.826063][ T1] virtscsi_init+0x8db/0xd00
[ 7.826063][ T1] ? __pfx_virtscsi_init+0x10/0x10
[ 7.826063][ T1] ? __pfx_default_calc_sets+0x10/0x10
[ 7.826063][ T1] ? scsi_host_alloc+0xa57/0xea0
[ 7.826063][ T1] ? vp_get+0xfd/0x140
[ 7.826063][ T1] virtscsi_probe+0x3ea/0xf60
[ 7.826063][ T1] ? __pfx_virtscsi_probe+0x10/0x10
[ 7.836184][ T1] ? kernfs_add_one+0x156/0x8b0
[ 7.836184][ T1] ? virtio_no_restricted_mem_acc+0x9/0x10
[ 7.836184][ T1] ? virtio_features_ok+0x10c/0x270
[ 7.836184][ T1] virtio_dev_probe+0x991/0xaf0
[ 7.836184][ T1] ? __pfx_virtio_dev_probe+0x10/0x10
[ 7.836184][ T1] really_probe+0x2b8/0xad0
[ 7.836184][ T1] __driver_probe_device+0x1a2/0x390
[ 7.836184][ T1] driver_probe_device+0x50/0x430
[ 7.836184][ T1] __driver_attach+0x45f/0x710
[ 7.836184][ T1] ? __pfx___driver_attach+0x10/0x10
[ 7.836184][ T1] bus_for_each_dev+0x239/0x2b0
[ 7.836184][ T1] ? __pfx___driver_attach+0x10/0x10
[ 7.846105][ T1] ? __pfx_bus_for_each_dev+0x10/0x10
[ 7.846105][ T1] ? do_raw_spin_unlock+0x13c/0x8b0
[ 7.846105][ T1] bus_add_driver+0x347/0x620
[ 7.846105][ T1] driver_register+0x23a/0x320
[ 7.846105][ T1] virtio_scsi_init+0x69/0xe0
[ 7.846105][ T1] ? __pfx_virtio_scsi_init+0x10/0x10
[ 7.846105][ T1] do_one_initcall+0x248/0x880
[ 7.846105][ T1] ? __pfx_virtio_scsi_init+0x10/0x10
[ 7.846105][ T1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 7.846105][ T1] ? __pfx_do_one_initcall+0x10/0x10
[ 7.846105][ T1] ? __pfx_parse_args+0x10/0x10
[ 7.846105][ T1] ? do_initcalls+0x1c/0x80
[ 7.846105][ T1] ? rcu_is_watching+0x15/0xb0
[ 7.856222][ T1] do_initcall_level+0x157/0x210
[ 7.856222][ T1] do_initcalls+0x3f/0x80
[ 7.856222][ T1] kernel_init_freeable+0x435/0x5d0
[ 7.856222][ T1] ? __pfx_kernel_init_freeable+0x10/0x10
[ 7.856222][ T1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 7.856222][ T1] ? __pfx_kernel_init+0x10/0x10
[ 7.856222][ T1] ? __pfx_kernel_init+0x10/0x10
[ 7.856222][ T1] ? __pfx_kernel_init+0x10/0x10
[ 7.856222][ T1] kernel_init+0x1d/0x2b0
[ 7.856222][ T1] ret_from_fork+0x4b/0x80
[ 7.856222][ T1] ? __pfx_kernel_init+0x10/0x10
[ 7.856222][ T1] ret_from_fork_asm+0x1a/0x30
[ 7.856222][ T1] </TASK>
[ 7.866111][ T1] Kernel Offset: disabled
[ 7.866111][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.21.4'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2070068173=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at 478efa7f2
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=478efa7f2f5af720ac23b860a65d458f3db39b0c -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240411-101510'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=478efa7f2f5af720ac23b860a65d458f3db39b0c -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240411-101510'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=478efa7f2f5af720ac23b860a65d458f3db39b0c -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240411-101510'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"478efa7f2f5af720ac23b860a65d458f3db39b0c\"
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=12c085f7180000
Tested on:
commit: 2668e3ae Merge tag 'scsi-fixes' of git://git.kernel.or..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=c6e826cf3c9c6ffc
dashboard link: https://syzkaller.appspot.com/bug?extid=d4c06e848a1c1f9f726f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=154085f7180000
please test deadlock in input_event
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
---
drivers/input/evdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
index 51e0c4954600..181c798b232b 100644
--- a/drivers/input/evdev.c
+++ b/drivers/input/evdev.c
@@ -258,7 +258,7 @@ static void evdev_pass_values(struct evdev_client *client,
event.input_event_usec = ts.tv_nsec / NSEC_PER_USEC;
/* Interrupts are disabled, just acquire the lock. */
- spin_lock(&client->buffer_lock);
+ spin_lock_irq(&client->buffer_lock);
for (v = vals; v != vals + count; v++) {
if (__evdev_is_filtered(client, v->type, v->code))
@@ -278,7 +278,7 @@ static void evdev_pass_values(struct evdev_client *client,
__pass_event(client, &event);
}
- spin_unlock(&client->buffer_lock);
+ spin_unlock_irq(&client->buffer_lock);
if (wakeup)
wake_up_interruptible_poll(&client->wait,
--
2.34.1
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
inconsistent lock state in valid_state
================================
WARNING: inconsistent lock state
6.9.0-rc4-syzkaller-00214-g13a2e429f644-dirty #0 Not tainted
--------------------------------
inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
syz-executor.0/5511 [HC0[0]:SC0[0]:HE0:SE1] takes:
ffff88801bbe3230 (&dev->event_lock#2){?...}-{2:2}, at: input_inject_event+0xc5/0x340 drivers/input/input.c:460
{IN-HARDIRQ-W} state was registered at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
input_event+0x91/0xd0 drivers/input/input.c:434
input_report_key include/linux/input.h:425 [inline]
psmouse_report_standard_buttons drivers/input/mouse/psmouse-base.c:128 [inline]
psmouse_report_standard_packet+0x54/0x200 drivers/input/mouse/psmouse-base.c:146
psmouse_process_byte+0x48c/0x680 drivers/input/mouse/psmouse-base.c:237
psmouse_handle_byte+0x49/0x4c0 drivers/input/mouse/psmouse-base.c:279
ps2_interrupt+0x17c/0x8e0 drivers/input/serio/libps2.c:613
serio_interrupt+0x90/0x140 drivers/input/serio/serio.c:998
i8042_interrupt+0x375/0x770 drivers/input/serio/i8042.c:606
__handle_irq_event_percpu+0x29a/0xa80 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x89/0x1f0 kernel/irq/handle.c:210
handle_edge_irq+0x25f/0xc20 kernel/irq/chip.c:831
generic_handle_irq_desc include/linux/irqdesc.h:161 [inline]
handle_irq arch/x86/kernel/irq.c:238 [inline]
__common_interrupt+0x138/0x230 arch/x86/kernel/irq.c:257
common_interrupt+0xa5/0xd0 arch/x86/kernel/irq.c:247
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0xd8/0x140 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
i8042_command drivers/input/serio/i8042.c:356 [inline]
i8042_aux_write+0x116/0x1a0 drivers/input/serio/i8042.c:391
serio_write include/linux/serio.h:125 [inline]
ps2_do_sendbyte+0x20f/0x730 drivers/input/serio/libps2.c:58
ps2_sendbyte+0x60/0x120 drivers/input/serio/libps2.c:113
cypress_ps2_sendbyte drivers/input/mouse/cypress_ps2.c:42 [inline]
cypress_ps2_read_cmd_status drivers/input/mouse/cypress_ps2.c:116 [inline]
cypress_send_ext_cmd+0x221/0x910 drivers/input/mouse/cypress_ps2.c:189
cypress_detect+0x93/0x230 drivers/input/mouse/cypress_ps2.c:205
psmouse_do_detect drivers/input/mouse/psmouse-base.c:1006 [inline]
psmouse_try_protocol drivers/input/mouse/psmouse-base.c:1020 [inline]
psmouse_extensions+0xc2e/0x1560 drivers/input/mouse/psmouse-base.c:1143
psmouse_switch_protocol+0x308/0x7d0 drivers/input/mouse/psmouse-base.c:1537
psmouse_connect+0x8e4/0x14b0 drivers/input/mouse/psmouse-base.c:1626
serio_connect_driver drivers/input/serio/serio.c:44 [inline]
serio_driver_probe+0x7f/0xa0 drivers/input/serio/serio.c:775
really_probe+0x2b8/0xad0 drivers/base/dd.c:656
__driver_probe_device+0x1a2/0x390 drivers/base/dd.c:798
driver_probe_device+0x50/0x430 drivers/base/dd.c:828
__driver_attach+0x45f/0x710 drivers/base/dd.c:1214
bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:368
serio_attach_driver drivers/input/serio/serio.c:804 [inline]
serio_handle_event+0x1c7/0x920 drivers/input/serio/serio.c:224
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f0/0x390 kernel/kthread.c:388
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
irq event stamp: 1274
hardirqs last enabled at (1273): [<ffffffff8b8f8b1f>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (1273): [<ffffffff8b8f8b1f>] _raw_spin_unlock_irqrestore+0x8f/0x140 kernel/locking/spinlock.c:194
hardirqs last disabled at (1274): [<ffffffff8b8f8820>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (1274): [<ffffffff8b8f8820>] _raw_spin_lock_irqsave+0xb0/0x120 kernel/locking/spinlock.c:162
softirqs last enabled at (0): [<ffffffff8157a613>] rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
softirqs last enabled at (0): [<ffffffff8157a613>] rcu_read_lock include/linux/rcupdate.h:781 [inline]
softirqs last enabled at (0): [<ffffffff8157a613>] copy_process+0xa03/0x3df0 kernel/fork.c:2259
softirqs last disabled at (0): [<0000000000000000>] 0x0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&dev->event_lock#2);
<Interrupt>
lock(&dev->event_lock#2);
*** DEADLOCK ***
5 locks held by syz-executor.0/5511:
#0: ffff8880249f5110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x272/0x7c0 drivers/input/evdev.c:513
#1: ffff88801bbe3230 (&dev->event_lock#2){?...}-{2:2}, at: input_inject_event+0xc5/0x340 drivers/input/input.c:460
#2: ffffffff8e334de0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
#2: ffffffff8e334de0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
#2: ffffffff8e334de0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xd5/0x340 drivers/input/input.c:462
#3: ffffffff8e334de0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
#3: ffffffff8e334de0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
#3: ffffffff8e334de0 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0x9d/0x1200 drivers/input/input.c:153
#4: ffffffff8e334de0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
#4: ffffffff8e334de0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
#4: ffffffff8e334de0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x6f/0x300 drivers/input/evdev.c:298
stack backtrace:
CPU: 1 PID: 5511 Comm: syz-executor.0 Not tainted 6.9.0-rc4-syzkaller-00214-g13a2e429f644-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
valid_state+0x13a/0x1c0 kernel/locking/lockdep.c:4013
mark_lock_irq+0xbb/0xc20 kernel/locking/lockdep.c:4216
mark_lock+0x223/0x350 kernel/locking/lockdep.c:4678
mark_held_locks kernel/locking/lockdep.c:4274 [inline]
__trace_hardirqs_on_caller kernel/locking/lockdep.c:4292 [inline]
lockdep_hardirqs_on_prepare+0x282/0x780 kernel/locking/lockdep.c:4359
trace_hardirqs_on+0x28/0x40 kernel/trace/trace_preemptirq.c:61
__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
_raw_spin_unlock_irq+0x23/0x50 kernel/locking/spinlock.c:202
spin_unlock_irq include/linux/spinlock.h:401 [inline]
evdev_pass_values+0xa28/0xad0 drivers/input/evdev.c:281
evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
input_to_handler drivers/input/input.c:129 [inline]
input_pass_values+0x84d/0x1200 drivers/input/input.c:161
input_event_dispose+0x36c/0x650 drivers/input/input.c:378
input_handle_event+0xa71/0xbe0 drivers/input/input.c:406
input_inject_event+0x22f/0x340 drivers/input/input.c:465
evdev_write+0x672/0x7c0 drivers/input/evdev.c:530
vfs_write+0x2a4/0xcb0 fs/read_write.c:588
ksys_write+0x1a0/0x2c0 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2d3287de69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2d3363a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f2d329abf80 RCX: 00007f2d3287de69
RDX: 0000000000002250 RSI: 0000000020000040 RDI: 0000000000000004
RBP: 00007f2d328ca47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f2d329abf80 R15: 00007fff20752928
</TASK>
------------[ cut here ]------------
raw_local_irq_restore() called with IRQs enabled
WARNING: CPU: 1 PID: 5511 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x40 kernel/locking/irqflag-debug.c:10
Modules linked in:
CPU: 1 PID: 5511 Comm: syz-executor.0 Not tainted 6.9.0-rc4-syzkaller-00214-g13a2e429f644-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:warn_bogus_irq_restore+0x29/0x40 kernel/locking/irqflag-debug.c:10
Code: 90 f3 0f 1e fa 90 80 3d 6f 98 0f 04 00 74 06 90 c3 cc cc cc cc c6 05 60 98 0f 04 01 90 48 c7 c7 a0 b0 ca 8b e8 c8 be d3 f5 90 <0f> 0b 90 90 90 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f
RSP: 0018:ffffc90004a67ab8 EFLAGS: 00010246
RAX: 40581f7928fa8d00 RBX: 1ffff9200094cf5c RCX: ffff888019f00000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90004a67b50 R08: ffffffff81588072 R09: fffffbfff1c39b48
R10: dffffc0000000000 R11: fffffbfff1c39b48 R12: dffffc0000000000
R13: 1ffff9200094cf58 R14: ffffc90004a67ae0 R15: 0000000000000246
FS: 00007f2d3363a6c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0861c15ff8 CR3: 000000002c376000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
_raw_spin_unlock_irqrestore+0x120/0x140 kernel/locking/spinlock.c:194
evdev_write+0x672/0x7c0 drivers/input/evdev.c:530
vfs_write+0x2a4/0xcb0 fs/read_write.c:588
ksys_write+0x1a0/0x2c0 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2d3287de69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2d3363a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f2d329abf80 RCX: 00007f2d3287de69
RDX: 0000000000002250 RSI: 0000000020000040 RDI: 0000000000000004
RBP: 00007f2d328ca47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f2d329abf80 R15: 00007fff20752928
</TASK>
Tested on:
commit: 13a2e429 Merge tag 'perf-tools-fixes-for-v6.9-2024-04-..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15f2ff0b180000
kernel config: https://syzkaller.appspot.com/x/.config?x=c6e826cf3c9c6ffc
dashboard link: https://syzkaller.appspot.com/bug?extid=d4c06e848a1c1f9f726f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=179d4bab180000
please test deadlock in input_event
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
---
fs/fcntl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/fcntl.c b/fs/fcntl.c
index 54cc85d3338e..b2d06c845a18 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -848,11 +848,11 @@ int send_sigurg(struct fown_struct *fown)
send_sigurg_to_task(p, fown, type);
rcu_read_unlock();
} else {
- read_lock(&tasklist_lock);
+ read_lock_irq(&tasklist_lock);
do_each_pid_task(pid, type, p) {
send_sigurg_to_task(p, fown, type);
} while_each_pid_task(pid, type, p);
- read_unlock(&tasklist_lock);
+ read_unlock_irq(&tasklist_lock);
}
out_unlock_fown:
read_unlock_irqrestore(&fown->lock, flags);
--
2.34.1
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
possible deadlock in input_event
=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
6.9.0-rc4-syzkaller-00214-g13a2e429f644-dirty #0 Not tainted
-----------------------------------------------------
syz-executor.0/5495 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff8e00a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigurg+0xee/0x3c0 fs/fcntl.c:851
and this task is already holding:
ffff88801c7f4398 (&f->f_owner.lock){....}-{2:2}, at: send_sigurg+0x29/0x3c0 fs/fcntl.c:835
which would create a new lock dependency:
(&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2}
but this new dependency connects a HARDIRQ-irq-safe lock:
(&dev->event_lock#2){-...}-{2:2}
.. which became HARDIRQ-irq-safe at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
input_event+0x91/0xd0 drivers/input/input.c:434
input_report_key include/linux/input.h:425 [inline]
psmouse_report_standard_buttons drivers/input/mouse/psmouse-base.c:128 [inline]
psmouse_report_standard_packet+0x54/0x200 drivers/input/mouse/psmouse-base.c:146
psmouse_process_byte+0x48c/0x680 drivers/input/mouse/psmouse-base.c:237
psmouse_handle_byte+0x49/0x4c0 drivers/input/mouse/psmouse-base.c:279
ps2_interrupt+0x17c/0x8e0 drivers/input/serio/libps2.c:613
serio_interrupt+0x90/0x140 drivers/input/serio/serio.c:998
i8042_interrupt+0x375/0x770 drivers/input/serio/i8042.c:606
__handle_irq_event_percpu+0x29a/0xa80 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x89/0x1f0 kernel/irq/handle.c:210
handle_edge_irq+0x25f/0xc20 kernel/irq/chip.c:831
generic_handle_irq_desc include/linux/irqdesc.h:161 [inline]
handle_irq arch/x86/kernel/irq.c:238 [inline]
__common_interrupt+0x138/0x230 arch/x86/kernel/irq.c:257
common_interrupt+0xa5/0xd0 arch/x86/kernel/irq.c:247
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
pv_queued_spin_unlock arch/x86/include/asm/paravirt.h:589 [inline]
queued_spin_unlock arch/x86/include/asm/qspinlock.h:57 [inline]
do_raw_spin_unlock+0x118/0x8b0 kernel/locking/spinlock_debug.c:142
__raw_spin_unlock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_unlock+0x1e/0x50 kernel/locking/spinlock.c:186
usb_device_match+0x41b/0x4a0 drivers/usb/core/driver.c:897
driver_match_device drivers/base/base.h:167 [inline]
__driver_attach+0x6c/0x710 drivers/base/dd.c:1170
bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:368
bus_add_driver+0x347/0x620 drivers/base/bus.c:673
driver_register+0x23a/0x320 drivers/base/driver.c:246
usb_register_driver+0x1f5/0x3b0 drivers/usb/core/driver.c:1068
do_one_initcall+0x248/0x880 init/main.c:1245
do_initcall_level+0x157/0x210 init/main.c:1307
do_initcalls+0x3f/0x80 init/main.c:1323
kernel_init_freeable+0x435/0x5d0 init/main.c:1555
kernel_init+0x1d/0x2b0 init/main.c:1444
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
to a HARDIRQ-irq-unsafe lock:
(tasklist_lock){.+.+}-{2:2}
.. which became HARDIRQ-irq-unsafe at:
..
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0x12d/0x850 kernel/exit.c:1587
do_wait+0x1e9/0x560 kernel/exit.c:1631
kernel_wait+0xe9/0x240 kernel/exit.c:1807
call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:164
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f0/0x390 kernel/kthread.c:388
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
other info that might help us debug this:
Chain exists of:
&dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(tasklist_lock);
local_irq_disable();
lock(&dev->event_lock#2);
lock(&f->f_owner.lock);
<Interrupt>
lock(&dev->event_lock#2);
*** DEADLOCK ***
2 locks held by syz-executor.0/5495:
#0: ffff88802b50d058 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1671 [inline]
#0: ffff88802b50d058 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_sendmsg+0x22/0x50 net/ipv4/tcp.c:1341
#1: ffff88801c7f4398 (&f->f_owner.lock){....}-{2:2}, at: send_sigurg+0x29/0x3c0 fs/fcntl.c:835
the dependencies between HARDIRQ-irq-safe lock and the holding lock:
-> (&dev->event_lock#2){-...}-{2:2} {
IN-HARDIRQ-W at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
input_event+0x91/0xd0 drivers/input/input.c:434
input_report_key include/linux/input.h:425 [inline]
psmouse_report_standard_buttons drivers/input/mouse/psmouse-base.c:128 [inline]
psmouse_report_standard_packet+0x54/0x200 drivers/input/mouse/psmouse-base.c:146
psmouse_process_byte+0x48c/0x680 drivers/input/mouse/psmouse-base.c:237
psmouse_handle_byte+0x49/0x4c0 drivers/input/mouse/psmouse-base.c:279
ps2_interrupt+0x17c/0x8e0 drivers/input/serio/libps2.c:613
serio_interrupt+0x90/0x140 drivers/input/serio/serio.c:998
i8042_interrupt+0x375/0x770 drivers/input/serio/i8042.c:606
__handle_irq_event_percpu+0x29a/0xa80 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x89/0x1f0 kernel/irq/handle.c:210
handle_edge_irq+0x25f/0xc20 kernel/irq/chip.c:831
generic_handle_irq_desc include/linux/irqdesc.h:161 [inline]
handle_irq arch/x86/kernel/irq.c:238 [inline]
__common_interrupt+0x138/0x230 arch/x86/kernel/irq.c:257
common_interrupt+0xa5/0xd0 arch/x86/kernel/irq.c:247
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
pv_queued_spin_unlock arch/x86/include/asm/paravirt.h:589 [inline]
queued_spin_unlock arch/x86/include/asm/qspinlock.h:57 [inline]
do_raw_spin_unlock+0x118/0x8b0 kernel/locking/spinlock_debug.c:142
__raw_spin_unlock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_unlock+0x1e/0x50 kernel/locking/spinlock.c:186
usb_device_match+0x41b/0x4a0 drivers/usb/core/driver.c:897
driver_match_device drivers/base/base.h:167 [inline]
__driver_attach+0x6c/0x710 drivers/base/dd.c:1170
bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:368
bus_add_driver+0x347/0x620 drivers/base/bus.c:673
driver_register+0x23a/0x320 drivers/base/driver.c:246
usb_register_driver+0x1f5/0x3b0 drivers/usb/core/driver.c:1068
do_one_initcall+0x248/0x880 init/main.c:1245
do_initcall_level+0x157/0x210 init/main.c:1307
do_initcalls+0x3f/0x80 init/main.c:1323
kernel_init_freeable+0x435/0x5d0 init/main.c:1555
kernel_init+0x1d/0x2b0 init/main.c:1444
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
INITIAL USE at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
input_inject_event+0xc5/0x340 drivers/input/input.c:460
led_trigger_event+0x11c/0x1e0 drivers/leds/led-triggers.c:392
kbd_led_trigger_activate+0xbd/0x100 drivers/tty/vt/keyboard.c:1036
led_trigger_set+0x541/0x950 drivers/leds/led-triggers.c:198
led_match_default_trigger drivers/leds/led-triggers.c:256 [inline]
led_trigger_set_default+0x229/0x260 drivers/leds/led-triggers.c:274
led_classdev_register_ext+0x773/0x960 drivers/leds/led-class.c:561
led_classdev_register include/linux/leds.h:271 [inline]
input_leds_connect+0x497/0x640 drivers/input/input-leds.c:145
input_attach_handler drivers/input/input.c:1064 [inline]
input_register_device+0xcfa/0x1090 drivers/input/input.c:2396
atkbd_connect+0x752/0xa00 drivers/input/keyboard/atkbd.c:1342
serio_connect_driver drivers/input/serio/serio.c:44 [inline]
serio_driver_probe+0x7f/0xa0 drivers/input/serio/serio.c:775
really_probe+0x2b8/0xad0 drivers/base/dd.c:656
__driver_probe_device+0x1a2/0x390 drivers/base/dd.c:798
driver_probe_device+0x50/0x430 drivers/base/dd.c:828
__driver_attach+0x45f/0x710 drivers/base/dd.c:1214
bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:368
serio_attach_driver drivers/input/serio/serio.c:804 [inline]
serio_handle_event+0x1c7/0x920 drivers/input/serio/serio.c:224
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f0/0x390 kernel/kthread.c:388
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
}
... key at: [<ffffffff94ab3660>] input_allocate_device.__key.5+0x0/0x20
-> (&client->buffer_lock){....}-{2:2} {
INITIAL USE at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
evdev_pass_values+0xf2/0xad0 drivers/input/evdev.c:261
evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
input_to_handler drivers/input/input.c:129 [inline]
input_pass_values+0x84d/0x1200 drivers/input/input.c:161
input_event_dispose+0x36c/0x650 drivers/input/input.c:378
input_handle_event+0xa71/0xbe0 drivers/input/input.c:406
input_inject_event+0x22f/0x340 drivers/input/input.c:465
evdev_write+0x672/0x7c0 drivers/input/evdev.c:530
vfs_write+0x2a4/0xcb0 fs/read_write.c:588
ksys_write+0x1a0/0x2c0 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff94ab3900>] evdev_open.__key.24+0x0/0x20
... acquired at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
evdev_pass_values+0xf2/0xad0 drivers/input/evdev.c:261
evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
input_to_handler drivers/input/input.c:129 [inline]
input_pass_values+0x84d/0x1200 drivers/input/input.c:161
input_event_dispose+0x36c/0x650 drivers/input/input.c:378
input_handle_event+0xa71/0xbe0 drivers/input/input.c:406
input_inject_event+0x22f/0x340 drivers/input/input.c:465
evdev_write+0x672/0x7c0 drivers/input/evdev.c:530
vfs_write+0x2a4/0xcb0 fs/read_write.c:588
ksys_write+0x1a0/0x2c0 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> (&new->fa_lock){....}-{2:2} {
INITIAL READ USE at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1008 [inline]
kill_fasync+0x19e/0x4d0 fs/fcntl.c:1029
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x58a/0xad0 drivers/input/evdev.c:278
evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
input_to_handler drivers/input/input.c:129 [inline]
input_pass_values+0x84d/0x1200 drivers/input/input.c:161
input_event_dispose+0x36c/0x650 drivers/input/input.c:378
input_handle_event+0xa71/0xbe0 drivers/input/input.c:406
input_inject_event+0x22f/0x340 drivers/input/input.c:465
evdev_write+0x672/0x7c0 drivers/input/evdev.c:530
vfs_write+0x2a4/0xcb0 fs/read_write.c:588
ksys_write+0x1a0/0x2c0 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff947baba0>] fasync_insert_entry.__key+0x0/0x20
... acquired at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1008 [inline]
kill_fasync+0x19e/0x4d0 fs/fcntl.c:1029
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x58a/0xad0 drivers/input/evdev.c:278
evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
input_to_handler drivers/input/input.c:129 [inline]
input_pass_values+0x84d/0x1200 drivers/input/input.c:161
input_event_dispose+0x36c/0x650 drivers/input/input.c:378
input_handle_event+0xa71/0xbe0 drivers/input/input.c:406
input_inject_event+0x22f/0x340 drivers/input/input.c:465
evdev_write+0x672/0x7c0 drivers/input/evdev.c:530
vfs_write+0x2a4/0xcb0 fs/read_write.c:588
ksys_write+0x1a0/0x2c0 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> (&f->f_owner.lock){....}-{2:2} {
INITIAL USE at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:326
f_modown+0x38/0x340 fs/fcntl.c:93
__f_setown fs/fcntl.c:112 [inline]
f_setown+0x14f/0x200 fs/fcntl.c:140
do_fcntl+0x8b1/0x16f0 fs/fcntl.c:393
__do_sys_fcntl fs/fcntl.c:472 [inline]
__se_sys_fcntl+0xd2/0x1b0 fs/fcntl.c:457
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL READ USE at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236
send_sigio+0x33/0x360 fs/fcntl.c:796
kill_fasync_rcu fs/fcntl.c:1015 [inline]
kill_fasync+0x23a/0x4d0 fs/fcntl.c:1029
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x58a/0xad0 drivers/input/evdev.c:278
evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
input_to_handler drivers/input/input.c:129 [inline]
input_pass_values+0x84d/0x1200 drivers/input/input.c:161
input_event_dispose+0x36c/0x650 drivers/input/input.c:378
input_handle_event+0xa71/0xbe0 drivers/input/input.c:406
input_inject_event+0x22f/0x340 drivers/input/input.c:465
evdev_write+0x672/0x7c0 drivers/input/evdev.c:530
vfs_write+0x2a4/0xcb0 fs/read_write.c:588
ksys_write+0x1a0/0x2c0 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff947b9f40>] init_file.__key+0x0/0x20
... acquired at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236
send_sigio+0x33/0x360 fs/fcntl.c:796
kill_fasync_rcu fs/fcntl.c:1015 [inline]
kill_fasync+0x23a/0x4d0 fs/fcntl.c:1029
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x58a/0xad0 drivers/input/evdev.c:278
evdev_events+0x1c2/0x300 drivers/input/evdev.c:306
input_to_handler drivers/input/input.c:129 [inline]
input_pass_values+0x84d/0x1200 drivers/input/input.c:161
input_event_dispose+0x36c/0x650 drivers/input/input.c:378
input_handle_event+0xa71/0xbe0 drivers/input/input.c:406
input_inject_event+0x22f/0x340 drivers/input/input.c:465
evdev_write+0x672/0x7c0 drivers/input/evdev.c:530
vfs_write+0x2a4/0xcb0 fs/read_write.c:588
ksys_write+0x1a0/0x2c0 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
the dependencies between the lock to be acquired
and HARDIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{2:2} {
HARDIRQ-ON-R at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0x12d/0x850 kernel/exit.c:1587
do_wait+0x1e9/0x560 kernel/exit.c:1631
kernel_wait+0xe9/0x240 kernel/exit.c:1807
call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:164
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f0/0x390 kernel/kthread.c:388
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
SOFTIRQ-ON-R at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0x12d/0x850 kernel/exit.c:1587
do_wait+0x1e9/0x560 kernel/exit.c:1631
kernel_wait+0xe9/0x240 kernel/exit.c:1807
call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:164
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f0/0x390 kernel/kthread.c:388
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
INITIAL USE at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:326
copy_process+0x228b/0x3df0 kernel/fork.c:2516
kernel_clone+0x226/0x8f0 kernel/fork.c:2797
user_mode_thread+0x132/0x1a0 kernel/fork.c:2875
rest_init+0x23/0x300 init/main.c:704
start_kernel+0x47a/0x500 init/main.c:1081
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:507
x86_64_start_kernel+0x99/0xa0 arch/x86/kernel/head64.c:488
common_startup_64+0x13e/0x147
INITIAL READ USE at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0x12d/0x850 kernel/exit.c:1587
do_wait+0x1e9/0x560 kernel/exit.c:1631
kernel_wait+0xe9/0x240 kernel/exit.c:1807
call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:164
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f0/0x390 kernel/kthread.c:388
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
}
... key at: [<ffffffff8e00a058>] tasklist_lock+0x18/0x40
... acquired at:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_read_lock_irq include/linux/rwlock_api_smp.h:169 [inline]
_raw_read_lock_irq+0xda/0x120 kernel/locking/spinlock.c:244
send_sigurg+0xee/0x3c0 fs/fcntl.c:851
sk_send_sigurg+0x6e/0xc0 net/core/sock.c:3412
tcp_check_urg+0x207/0x740 net/ipv4/tcp_input.c:5777
tcp_urg+0x15c/0x450 net/ipv4/tcp_input.c:5818
tcp_rcv_established+0xfac/0x2020 net/ipv4/tcp_input.c:6167
tcp_v6_do_rcv+0xa09/0x1300 net/ipv6/tcp_ipv6.c:1644
sk_backlog_rcv include/net/sock.h:1106 [inline]
__release_sock+0x1c8/0x350 net/core/sock.c:2984
release_sock+0x61/0x1f0 net/core/sock.c:3550
tcp_sendmsg+0x3a/0x50 net/ipv4/tcp.c:1343
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0xef/0x270 net/socket.c:745
__sys_sendto+0x3a4/0x4f0 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
stack backtrace:
CPU: 1 PID: 5495 Comm: syz-executor.0 Not tainted 6.9.0-rc4-syzkaller-00214-g13a2e429f644-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline]
check_irq_usage kernel/locking/lockdep.c:2865 [inline]
check_prev_add kernel/locking/lockdep.c:3138 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x4dc7/0x58e0 kernel/locking/lockdep.c:3869
__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_read_lock_irq include/linux/rwlock_api_smp.h:169 [inline]
_raw_read_lock_irq+0xda/0x120 kernel/locking/spinlock.c:244
send_sigurg+0xee/0x3c0 fs/fcntl.c:851
sk_send_sigurg+0x6e/0xc0 net/core/sock.c:3412
tcp_check_urg+0x207/0x740 net/ipv4/tcp_input.c:5777
tcp_urg+0x15c/0x450 net/ipv4/tcp_input.c:5818
tcp_rcv_established+0xfac/0x2020 net/ipv4/tcp_input.c:6167
tcp_v6_do_rcv+0xa09/0x1300 net/ipv6/tcp_ipv6.c:1644
sk_backlog_rcv include/net/sock.h:1106 [inline]
__release_sock+0x1c8/0x350 net/core/sock.c:2984
release_sock+0x61/0x1f0 net/core/sock.c:3550
tcp_sendmsg+0x3a/0x50 net/ipv4/tcp.c:1343
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0xef/0x270 net/socket.c:745
__sys_sendto+0x3a4/0x4f0 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f93be67de69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f93bf3490c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f93be7abf80 RCX: 00007f93be67de69
RDX: 0000000000000002 RSI: 0000000020000080 RDI: 0000000000000005
RBP: 00007f93be6ca47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f93be7abf80 R15: 00007ffd71560168
</TASK>
------------[ cut here ]------------
raw_local_irq_restore() called with IRQs enabled
WARNING: CPU: 1 PID: 5495 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x40 kernel/locking/irqflag-debug.c:10
Modules linked in:
CPU: 1 PID: 5495 Comm: syz-executor.0 Not tainted 6.9.0-rc4-syzkaller-00214-g13a2e429f644-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:warn_bogus_irq_restore+0x29/0x40 kernel/locking/irqflag-debug.c:10
Code: 90 f3 0f 1e fa 90 80 3d 6f 98 0f 04 00 74 06 90 c3 cc cc cc cc c6 05 60 98 0f 04 01 90 48 c7 c7 a0 b0 ca 8b e8 c8 be d3 f5 90 <0f> 0b 90 90 90 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f
RSP: 0018:ffffc90004a37798 EFLAGS: 00010246
RAX: 7bd43406166ed700 RBX: 1ffff92000946ef8 RCX: ffff88802ab70000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90004a37828 R08: ffffffff81588072 R09: fffffbfff1c39b48
R10: dffffc0000000000 R11: fffffbfff1c39b48 R12: dffffc0000000000
R13: 1ffff92000946ef4 R14: ffffc90004a377c0 R15: 0000000000000246
FS: 00007f93bf3496c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020b63fe4 CR3: 000000002a1e0000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__raw_read_unlock_irqrestore include/linux/rwlock_api_smp.h:241 [inline]
_raw_read_unlock_irqrestore+0x120/0x140 kernel/locking/spinlock.c:268
send_sigurg+0x36a/0x3c0 fs/fcntl.c:858
sk_send_sigurg+0x6e/0xc0 net/core/sock.c:3412
tcp_check_urg+0x207/0x740 net/ipv4/tcp_input.c:5777
tcp_urg+0x15c/0x450 net/ipv4/tcp_input.c:5818
tcp_rcv_established+0xfac/0x2020 net/ipv4/tcp_input.c:6167
tcp_v6_do_rcv+0xa09/0x1300 net/ipv6/tcp_ipv6.c:1644
sk_backlog_rcv include/net/sock.h:1106 [inline]
__release_sock+0x1c8/0x350 net/core/sock.c:2984
release_sock+0x61/0x1f0 net/core/sock.c:3550
tcp_sendmsg+0x3a/0x50 net/ipv4/tcp.c:1343
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0xef/0x270 net/socket.c:745
__sys_sendto+0x3a4/0x4f0 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f93be67de69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f93bf3490c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f93be7abf80 RCX: 00007f93be67de69
RDX: 0000000000000002 RSI: 0000000020000080 RDI: 0000000000000005
RBP: 00007f93be6ca47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f93be7abf80 R15: 00007ffd71560168
</TASK>
Tested on:
commit: 13a2e429 Merge tag 'perf-tools-fixes-for-v6.9-2024-04-..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15316e10980000
kernel config: https://syzkaller.appspot.com/x/.config?x=c6e826cf3c9c6ffc
dashboard link: https://syzkaller.appspot.com/bug?extid=d4c06e848a1c1f9f726f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=11fa4e07180000