syzbot |
sign-in | mailing list | source | docs |
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
syzkaller #0 Tainted: G L
-----------------------------------------------------
syz.7.8974/6651 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff8e40c058 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0x12b/0x420 fs/fcntl.c:978
and this task is already holding:
ffff88803f015920 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x55/0x420 fs/fcntl.c:962
which would create a new lock dependency:
(&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&client->buffer_lock){..-.}-{3:3}
... which became SOFTIRQ-irq-safe at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:341 [inline]
evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x3e5/0x6b0 drivers/input/input.c:353
input_event+0x89/0xe0 drivers/input/input.c:396
hidinput_hid_event+0x1487/0x1e60 drivers/hid/hid-input.c:1747
hid_process_event+0x4be/0x620 drivers/hid/hid-core.c:1565
hid_process_report drivers/hid/hid-core.c:1713 [inline]
hid_report_raw_event+0xe8f/0x1720 drivers/hid/hid-core.c:2074
__hid_input_report drivers/hid/hid-core.c:2144 [inline]
hid_input_report+0x44b/0x580 drivers/hid/hid-core.c:2166
hid_irq_in+0x47e/0x6d0 drivers/hid/usbhid/hid-core.c:286
__usb_hcd_giveback_urb+0x376/0x540 drivers/usb/core/hcd.c:1657
dummy_timer+0xbbd/0x45d0 drivers/usb/gadget/udc/dummy_hcd.c:1995
__run_hrtimer kernel/time/hrtimer.c:1785 [inline]
__hrtimer_run_queues+0x53a/0xcc0 kernel/time/hrtimer.c:1849
hrtimer_run_softirq+0x182/0x5a0 kernel/time/hrtimer.c:1866
handle_softirqs+0x22a/0x870 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:62
arch_safe_halt arch/x86/kernel/process.c:766 [inline]
default_idle+0x9/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x72/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:191 [inline]
do_idle+0x1ba/0x5d0 kernel/sched/idle.c:341
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:439
rest_init+0x2de/0x300 init/main.c:760
start_kernel+0x385/0x3d0 init/main.c:1210
x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291
common_startup_64+0x13e/0x147
to a SOFTIRQ-irq-unsafe lock:
(tasklist_lock){.+.+}-{3:3}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:161 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0xde/0x740 kernel/exit.c:1678
do_wait+0x1e7/0x540 kernel/exit.c:1722
kernel_wait+0xd6/0x1c0 kernel/exit.c:1898
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3276 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
other info that might help us debug this:
Chain exists of:
&client->buffer_lock --> &f_owner->lock --> tasklist_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(tasklist_lock);
local_irq_disable();
lock(&client->buffer_lock);
lock(&f_owner->lock);
<Interrupt>
lock(&client->buffer_lock);
*** DEADLOCK ***
2 locks held by syz.7.8974/6651:
#0: ffff8880226bde60 (&u->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:341 [inline]
#0: ffff8880226bde60 (&u->lock){+.+.}-{3:3}, at: queue_oob+0x1b6/0x4f0 net/unix/af_unix.c:2331
#1: ffff88803f015920 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x55/0x420 fs/fcntl.c:962
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&client->buffer_lock){..-.}-{3:3} {
IN-SOFTIRQ-W at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:341 [inline]
evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x3e5/0x6b0 drivers/input/input.c:353
input_event+0x89/0xe0 drivers/input/input.c:396
hidinput_hid_event+0x1487/0x1e60 drivers/hid/hid-input.c:1747
hid_process_event+0x4be/0x620 drivers/hid/hid-core.c:1565
hid_process_report drivers/hid/hid-core.c:1713 [inline]
hid_report_raw_event+0xe8f/0x1720 drivers/hid/hid-core.c:2074
__hid_input_report drivers/hid/hid-core.c:2144 [inline]
hid_input_report+0x44b/0x580 drivers/hid/hid-core.c:2166
hid_irq_in+0x47e/0x6d0 drivers/hid/usbhid/hid-core.c:286
__usb_hcd_giveback_urb+0x376/0x540 drivers/usb/core/hcd.c:1657
dummy_timer+0xbbd/0x45d0 drivers/usb/gadget/udc/dummy_hcd.c:1995
__run_hrtimer kernel/time/hrtimer.c:1785 [inline]
__hrtimer_run_queues+0x53a/0xcc0 kernel/time/hrtimer.c:1849
hrtimer_run_softirq+0x182/0x5a0 kernel/time/hrtimer.c:1866
handle_softirqs+0x22a/0x870 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:62
arch_safe_halt arch/x86/kernel/process.c:766 [inline]
default_idle+0x9/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x72/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:191 [inline]
do_idle+0x1ba/0x5d0 kernel/sched/idle.c:341
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:439
rest_init+0x2de/0x300 init/main.c:760
start_kernel+0x385/0x3d0 init/main.c:1210
x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291
common_startup_64+0x13e/0x147
INITIAL USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:341 [inline]
evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x330/0x6b0 drivers/input/input.c:342
input_inject_event+0x1dd/0x340 drivers/input/input.c:424
evdev_write+0x325/0x4c0 drivers/input/evdev.c:528
vfs_write+0x29a/0xb90 fs/read_write.c:686
ksys_write+0x150/0x270 fs/read_write.c:740
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
}
... key at: [<ffffffff9a60b800>] evdev_open.__key.27+0x0/0x20
-> (&new->fa_lock){...-}-{3:3} {
IN-SOFTIRQ-R at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:172 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1135 [inline]
kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
sock_wake_async+0x137/0x160 net/socket.c:-1
sk_wake_async_rcu include/net/sock.h:2579 [inline]
sock_def_readable+0x3c1/0x580 net/core/sock.c:3613
tcp_data_queue+0x1e2e/0x5e50 net/ipv4/tcp_input.c:5714
tcp_rcv_established+0xf45/0x2740 net/ipv4/tcp_input.c:6708
tcp_v4_do_rcv+0xa90/0x1430 net/ipv4/tcp_ipv4.c:1884
tcp_v4_rcv+0x2825/0x31f0 net/ipv4/tcp_ipv4.c:2319
ip_protocol_deliver_rcu+0x221/0x440 net/ipv4/ip_input.c:207
ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:241
NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318
NF_HOOK+0x336/0x3c0 include/linux/netfilter.h:318
__netif_receive_skb_one_core net/core/dev.c:6164 [inline]
__netif_receive_skb net/core/dev.c:6277 [inline]
process_backlog+0xaa3/0x1950 net/core/dev.c:6628
__napi_poll+0xae/0x340 net/core/dev.c:7692
napi_poll net/core/dev.c:7755 [inline]
net_rx_action+0x627/0xf70 net/core/dev.c:7912
handle_softirqs+0x22a/0x870 kernel/softirq.c:622
do_softirq+0x76/0xd0 kernel/softirq.c:523
__local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450
sk_stream_wait_memory+0x72b/0xf80 net/core/stream.c:149
tcp_sendmsg_locked+0x23ba/0x5490 net/ipv4/tcp.c:1418
tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1465
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
__sys_sendto+0x5de/0x710 net/socket.c:2206
__do_sys_sendto net/socket.c:2213 [inline]
__se_sys_sendto net/socket.c:2209 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2209
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_write_lock_irq include/linux/rwlock_api_smp.h:211 [inline]
_raw_write_lock_irq+0x3d/0x50 kernel/locking/spinlock.c:326
fasync_remove_entry+0xf1/0x1c0 fs/fcntl.c:1012
tun_chr_fasync+0x87/0x1a0 drivers/net/tun.c:3380
__fput+0x8a5/0xa70 fs/file_table.c:466
task_work_run+0x1d9/0x270 kernel/task_work.c:233
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x70f/0x23c0 kernel/exit.c:976
do_group_exit+0x21b/0x2d0 kernel/exit.c:1118
get_signal+0x1284/0x1330 kernel/signal.c:3034
arch_do_signal_or_restart+0xbc/0x830 arch/x86/kernel/signal.c:337
__exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
exit_to_user_mode_loop+0x86/0x480 kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
do_syscall_64+0x32d/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL READ USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:172 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1135 [inline]
kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
tun_net_xmit+0x10bc/0x1620 drivers/net/tun.c:1074
__netdev_start_xmit include/linux/netdevice.h:5324 [inline]
netdev_start_xmit include/linux/netdevice.h:5333 [inline]
xmit_one net/core/dev.c:3871 [inline]
dev_hard_start_xmit+0x2d8/0x870 net/core/dev.c:3887
sch_direct_xmit+0x251/0x4c0 net/sched/sch_generic.c:347
__dev_xmit_skb net/core/dev.c:4186 [inline]
__dev_queue_xmit+0x1550/0x3890 net/core/dev.c:4802
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:246
dst_output include/net/dst.h:470 [inline]
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xd0b/0x1670 net/ipv6/ndisc.c:512
addrconf_dad_completed+0x909/0xe60 net/ipv6/addrconf.c:4364
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work kernel/workqueue.c:3276 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
}
... key at: [<ffffffff9a2ec200>] fasync_insert_entry.__key+0x0/0x20
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:172 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:1135 [inline]
kill_fasync+0x199/0x4d0 fs/fcntl.c:1159
__pass_event drivers/input/evdev.c:240 [inline]
evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278
evdev_events+0x1e6/0x340 drivers/input/evdev.c:306
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x330/0x6b0 drivers/input/input.c:342
input_inject_event+0x1dd/0x340 drivers/input/input.c:424
evdev_write+0x325/0x4c0 drivers/input/evdev.c:528
vfs_write+0x29a/0xb90 fs/read_write.c:686
ksys_write+0x150/0x270 fs/read_write.c:740
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> (&f_owner->lock){....}-{3:3} {
INITIAL USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_write_lock_irq include/linux/rwlock_api_smp.h:211 [inline]
_raw_write_lock_irq+0x3d/0x50 kernel/locking/spinlock.c:326
__f_setown+0x67/0x370 fs/fcntl.c:136
tun_chr_fasync+0x127/0x1a0 drivers/net/tun.c:3384
setfl fs/fcntl.c:76 [inline]
do_fcntl+0x1201/0x1a20 fs/fcntl.c:477
__do_sys_fcntl fs/fcntl.c:602 [inline]
__se_sys_fcntl+0xc8/0x150 fs/fcntl.c:587
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
INITIAL READ USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:172 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
send_sigio+0x38/0x370 fs/fcntl.c:918
kill_fasync_rcu fs/fcntl.c:1144 [inline]
kill_fasync+0x24d/0x4d0 fs/fcntl.c:1159
tun_net_xmit+0x10bc/0x1620 drivers/net/tun.c:1074
__netdev_start_xmit include/linux/netdevice.h:5324 [inline]
netdev_start_xmit include/linux/netdevice.h:5333 [inline]
xmit_one net/core/dev.c:3871 [inline]
dev_hard_start_xmit+0x2d8/0x870 net/core/dev.c:3887
sch_direct_xmit+0x251/0x4c0 net/sched/sch_generic.c:347
__dev_xmit_skb net/core/dev.c:4186 [inline]
__dev_queue_xmit+0x1550/0x3890 net/core/dev.c:4802
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:246
dst_output include/net/dst.h:470 [inline]
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xd0b/0x1670 net/ipv6/ndisc.c:512
addrconf_dad_completed+0x909/0xe60 net/ipv6/addrconf.c:4364
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work kernel/workqueue.c:3276 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
}
... key at: [<ffffffff9a2ec1e0>] file_f_owner_allocate.__key+0x0/0x20
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:172 [inline]
_raw_read_lock_irqsave+0x48/0x60 kernel/locking/spinlock.c:236
send_sigio+0x38/0x370 fs/fcntl.c:918
kill_fasync_rcu fs/fcntl.c:1144 [inline]
kill_fasync+0x24d/0x4d0 fs/fcntl.c:1159
tun_net_xmit+0x10bc/0x1620 drivers/net/tun.c:1074
__netdev_start_xmit include/linux/netdevice.h:5324 [inline]
netdev_start_xmit include/linux/netdevice.h:5333 [inline]
xmit_one net/core/dev.c:3871 [inline]
dev_hard_start_xmit+0x2d8/0x870 net/core/dev.c:3887
sch_direct_xmit+0x251/0x4c0 net/sched/sch_generic.c:347
__dev_xmit_skb net/core/dev.c:4186 [inline]
__dev_queue_xmit+0x1550/0x3890 net/core/dev.c:4802
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:246
dst_output include/net/dst.h:470 [inline]
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xd0b/0x1670 net/ipv6/ndisc.c:512
addrconf_dad_completed+0x909/0xe60 net/ipv6/addrconf.c:4364
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work kernel/workqueue.c:3276 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{3:3} {
HARDIRQ-ON-R at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:161 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0xde/0x740 kernel/exit.c:1678
do_wait+0x1e7/0x540 kernel/exit.c:1722
kernel_wait+0xd6/0x1c0 kernel/exit.c:1898
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3276 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
SOFTIRQ-ON-R at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:161 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0xde/0x740 kernel/exit.c:1678
do_wait+0x1e7/0x540 kernel/exit.c:1722
kernel_wait+0xd6/0x1c0 kernel/exit.c:1898
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3276 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INITIAL USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_write_lock_irq include/linux/rwlock_api_smp.h:211 [inline]
_raw_write_lock_irq+0x3d/0x50 kernel/locking/spinlock.c:326
copy_process+0x247a/0x3cd0 kernel/fork.c:2369
kernel_clone+0x248/0x8e0 kernel/fork.c:2653
user_mode_thread+0x110/0x180 kernel/fork.c:2729
rest_init+0x23/0x300 init/main.c:725
start_kernel+0x385/0x3d0 init/main.c:1210
x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291
common_startup_64+0x13e/0x147
INITIAL READ USE at:
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:161 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
__do_wait+0xde/0x740 kernel/exit.c:1678
do_wait+0x1e7/0x540 kernel/exit.c:1722
kernel_wait+0xd6/0x1c0 kernel/exit.c:1898
call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163
process_one_work kernel/workqueue.c:3276 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
}
... key at: [<ffffffff8e40c058>] tasklist_lock+0x18/0x40
... acquired at:
__raw_read_lock include/linux/rwlock_api_smp.h:161 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
send_sigurg+0x12b/0x420 fs/fcntl.c:978
sk_send_sigurg+0x6c/0x2e0 net/core/sock.c:3669
queue_oob+0x42c/0x4f0 net/unix/af_unix.c:2352
unix_stream_sendmsg+0xcb1/0xe80 net/unix/af_unix.c:2486
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
____sys_sendmsg+0x972/0x9f0 net/socket.c:2592
___sys_sendmsg+0x2a5/0x360 net/socket.c:2646
__sys_sendmmsg+0x27c/0x4e0 net/socket.c:2735
__do_sys_sendmmsg net/socket.c:2762 [inline]
__se_sys_sendmmsg net/socket.c:2759 [inline]
__x64_sys_sendmmsg+0xa0/0xc0 net/socket.c:2759
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
stack backtrace:
CPU: 0 UID: 0 PID: 6651 Comm: syz.7.8974 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
print_bad_irq_dependency kernel/locking/lockdep.c:2616 [inline]
check_irq_usage kernel/locking/lockdep.c:2857 [inline]
check_prev_add kernel/locking/lockdep.c:3169 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x2a94/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__raw_read_lock include/linux/rwlock_api_smp.h:161 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
send_sigurg+0x12b/0x420 fs/fcntl.c:978
sk_send_sigurg+0x6c/0x2e0 net/core/sock.c:3669
queue_oob+0x42c/0x4f0 net/unix/af_unix.c:2352
unix_stream_sendmsg+0xcb1/0xe80 net/unix/af_unix.c:2486
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
____sys_sendmsg+0x972/0x9f0 net/socket.c:2592
___sys_sendmsg+0x2a5/0x360 net/socket.c:2646
__sys_sendmmsg+0x27c/0x4e0 net/socket.c:2735
__do_sys_sendmmsg net/socket.c:2762 [inline]
__se_sys_sendmmsg net/socket.c:2759 [inline]
__x64_sys_sendmmsg+0xa0/0xc0 net/socket.c:2759
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f929959c799
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f929a4c1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f9299815fa0 RCX: 00007f929959c799
RDX: 0000000000000001 RSI: 0000200000006c40 RDI: 0000000000000006
RBP: 00007f9299632c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000040015 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f9299816038 R14: 00007f9299815fa0 R15: 00007f929993fa48
</TASK>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/03/17 20:09 | upstream | 2d1373e4246d | c01bca74 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/03/17 09:23 | upstream | 2d1373e4246d | c01bca74 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/03/17 08:16 | upstream | 2d1373e4246d | 0737c18f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/03/17 01:07 | upstream | 2d1373e4246d | 0737c18f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/03/16 22:05 | upstream | 2d1373e4246d | 0737c18f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/03/15 22:04 | upstream | 4f3df2e5ea69 | ee8d34d6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/03/15 20:51 | upstream | 267594792a71 | ee8d34d6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/03/15 17:58 | upstream | 267594792a71 | ee8d34d6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/03/15 15:35 | upstream | 267594792a71 | ee8d34d6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/25 12:52 | upstream | 7dff99b35460 | df2e85d4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/25 10:38 | upstream | 7dff99b35460 | 787dfb7c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/25 03:45 | upstream | 7dff99b35460 | 787dfb7c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/25 00:43 | upstream | 7dff99b35460 | 787dfb7c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/24 12:09 | upstream | 7dff99b35460 | 96b1aa46 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/24 09:52 | upstream | 7dff99b35460 | 41d2fa6a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/24 08:21 | upstream | 7dff99b35460 | 41d2fa6a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/24 08:18 | upstream | 7dff99b35460 | 41d2fa6a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/24 04:45 | upstream | 7dff99b35460 | 41d2fa6a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/13 21:55 | upstream | cd7a5651db26 | 1e62d198 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2026/02/13 19:30 | upstream | cee73b1e840c | 1e62d198 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in evdev_pass_values | ||
| 2026/02/12 04:49 | upstream | c22e26bd0906 | 76a109e2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2026/02/11 03:12 | upstream | dc855b77719f | 441e25b7 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2026/02/01 20:22 | upstream | 162b42445b58 | 6b8752f2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/01 16:55 | upstream | 162b42445b58 | 6b8752f2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/30 02:33 | upstream | 8dfce8991b95 | aeb6fdd5 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | possible deadlock in evdev_pass_values | ||
| 2026/01/04 21:27 | upstream | 54e82e93ca93 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-badwrites-root | possible deadlock in evdev_pass_values | ||
| 2025/08/23 14:33 | upstream | 038d61fd6422 | bf27483f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | possible deadlock in evdev_pass_values | ||
| 2026/03/17 22:09 | upstream | f0caa1d49cc0 | c8810548 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/03/02 00:31 | upstream | e2bd1b136926 | 43249bac | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/03/01 11:06 | upstream | eb71ab2bf722 | 43249bac | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/02/28 21:48 | upstream | 42eb01783091 | 43249bac | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/02/27 04:54 | upstream | a75cb869a8cc | a2f13f71 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/02/26 16:54 | upstream | f4d0ec0aa20d | ffa54287 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/02/16 16:04 | upstream | 0f2acd3148e0 | 5d52cba5 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/02/16 10:40 | upstream | 0f2acd3148e0 | 1e62d198 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/02/03 02:00 | upstream | dee65f79364c | d78927dd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/02/02 14:59 | upstream | 18f7fcd5e69a | 018ebef2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/02/02 02:38 | upstream | 18f7fcd5e69a | 6b8752f2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/31 20:49 | upstream | ad9a728a3388 | 35764559 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/16 12:05 | upstream | 983d014aafb1 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/15 00:29 | upstream | 944aacb68baf | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/14 11:06 | upstream | c537e12daeec | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/13 21:15 | upstream | b54345928fa1 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/12 22:23 | upstream | b71e635feefc | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/12 06:45 | upstream | 0f61b1860cc3 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/10 13:47 | upstream | b6151c4e60e5 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/10 00:01 | upstream | 372800cb95a3 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/01/07 23:37 | upstream | f0b9d8eb98df | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-386 | possible deadlock in evdev_pass_values | ||
| 2026/02/03 22:16 | upstream | de0674d9bc69 | 42b01fab | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | possible deadlock in evdev_pass_values | ||
| 2025/10/22 22:28 | upstream | dd72c8fcf6d3 | c0460fcd | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | possible deadlock in evdev_pass_values | ||
| 2023/04/19 19:50 | upstream | 789b4a41c247 | a219f34e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2023/04/16 17:07 | upstream | 3e7bb4f24617 | ec410564 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/02/24 00:07 | linux-next | d4906ae14a5f | 41d2fa6a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-rust-kasan-gce | possible deadlock in evdev_pass_values | ||
| 2026/01/13 02:58 | linux-next | f417b7ffcbef | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in evdev_pass_values | ||
| 2026/01/09 18:20 | linux-next | f417b7ffcbef | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | possible deadlock in evdev_pass_values |