[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.191' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 67.444380][ T8492] [ 67.446835][ T8492] ===================================================== [ 67.453888][ T8492] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 67.461327][ T8492] 5.10.0-rc7-syzkaller #0 Not tainted [ 67.466695][ T8492] ----------------------------------------------------- [ 67.473609][ T8492] syz-executor048/8492 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 67.481669][ T8492] ffff88801799f038 (&f->f_owner.lock){.+.+}-{2:2}, at: send_sigio+0x24/0x350 [ 67.490462][ T8492] [ 67.490462][ T8492] and this task is already holding: [ 67.497825][ T8492] ffff888025b6c018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x14b/0x460 [ 67.506495][ T8492] which would create a new lock dependency: [ 67.512480][ T8492] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){.+.+}-{2:2} [ 67.520306][ T8492] [ 67.520306][ T8492] but this new dependency connects a HARDIRQ-irq-safe lock: [ 67.529741][ T8492] (&dev->event_lock){-...}-{2:2} [ 67.529756][ T8492] [ 67.529756][ T8492] ... which became HARDIRQ-irq-safe at: [ 67.542488][ T8492] lock_acquire+0x29d/0x740 [ 67.547082][ T8492] _raw_spin_lock_irqsave+0x39/0x50 [ 67.552367][ T8492] input_event+0x7b/0xb0 [ 67.556679][ T8492] psmouse_report_standard_buttons+0x2c/0x80 [ 67.562752][ T8492] psmouse_process_byte+0x1e1/0x890 [ 67.568047][ T8492] psmouse_handle_byte+0x41/0x1b0 [ 67.573147][ T8492] psmouse_interrupt+0x304/0xf00 [ 67.578168][ T8492] serio_interrupt+0x88/0x150 [ 67.582920][ T8492] i8042_interrupt+0x27a/0x520 [ 67.587782][ T8492] __handle_irq_event_percpu+0x303/0x8f0 [ 67.593489][ T8492] handle_irq_event+0x102/0x290 [ 67.598409][ T8492] handle_edge_irq+0x25f/0xd00 [ 67.603268][ T8492] asm_call_irq_on_stack+0xf/0x20 [ 67.608385][ T8492] common_interrupt+0x120/0x200 [ 67.613355][ T8492] asm_common_interrupt+0x1e/0x40 [ 67.618467][ T8492] write_comp_data+0x0/0x80 [ 67.623069][ T8492] alloc_pages_current+0x9a/0x2a0 [ 67.628176][ T8492] get_zeroed_page+0x10/0x40 [ 67.632841][ T8492] __pud_alloc+0x37/0x170 [ 67.637261][ T8492] handle_mm_fault+0x13f5/0x55d0 [ 67.642272][ T8492] __get_user_pages+0x642/0x1360 [ 67.647282][ T8492] __get_user_pages_remote+0x18f/0x7a0 [ 67.652815][ T8492] get_user_pages_remote+0x63/0x90 [ 67.658027][ T8492] get_arg_page+0xba/0x200 [ 67.662537][ T8492] copy_string_kernel+0x1b4/0x520 [ 67.667635][ T8492] kernel_execve+0x25c/0x460 [ 67.672294][ T8492] call_usermodehelper_exec_async+0x2de/0x580 [ 67.678433][ T8492] ret_from_fork+0x1f/0x30 [ 67.682920][ T8492] [ 67.682920][ T8492] to a HARDIRQ-irq-unsafe lock: [ 67.689933][ T8492] (&f->f_owner.lock){.+.+}-{2:2} [ 67.689951][ T8492] [ 67.689951][ T8492] ... which became HARDIRQ-irq-unsafe at: [ 67.702838][ T8492] ... [ 67.702855][ T8492] lock_acquire+0x29d/0x740 [ 67.710032][ T8492] _raw_read_lock+0x5b/0x70 [ 67.714625][ T8492] do_fcntl+0xb2c/0x1070 [ 67.718940][ T8492] __x64_sys_fcntl+0x165/0x1e0 [ 67.723794][ T8492] do_syscall_64+0x2d/0x70 [ 67.728283][ T8492] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.734334][ T8492] [ 67.734334][ T8492] other info that might help us debug this: [ 67.734334][ T8492] [ 67.744546][ T8492] Chain exists of: [ 67.744546][ T8492] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 67.744546][ T8492] [ 67.757571][ T8492] Possible interrupt unsafe locking scenario: [ 67.757571][ T8492] [ 67.765875][ T8492] CPU0 CPU1 [ 67.771242][ T8492] ---- ---- [ 67.776602][ T8492] lock(&f->f_owner.lock); [ 67.781182][ T8492] local_irq_disable(); [ 67.787922][ T8492] lock(&dev->event_lock); [ 67.794932][ T8492] lock(&new->fa_lock); [ 67.801696][ T8492] [ 67.805149][ T8492] lock(&dev->event_lock); [ 67.809820][ T8492] [ 67.809820][ T8492] *** DEADLOCK *** [ 67.809820][ T8492] [ 67.817973][ T8492] 8 locks held by syz-executor048/8492: [ 67.823546][ T8492] #0: ffff88801cc9c110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 67.832795][ T8492] #1: ffff888017aca230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xa6/0x310 [ 67.842696][ T8492] #2: ffffffff8b3378e0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x310 [ 67.852354][ T8492] #3: ffffffff8b3378e0 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x700 [ 67.862429][ T8492] #4: ffffffff8b3378e0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3f0 [ 67.871544][ T8492] #5: ffff888020dd9028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 67.882331][ T8492] #6: ffffffff8b3378e0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 [ 67.891444][ T8492] #7: ffff888025b6c018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x14b/0x460 [ 67.900575][ T8492] [ 67.900575][ T8492] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 67.910990][ T8492] -> (&dev->event_lock){-...}-{2:2} { [ 67.916537][ T8492] IN-HARDIRQ-W at: [ 67.920739][ T8492] lock_acquire+0x29d/0x740 [ 67.927252][ T8492] _raw_spin_lock_irqsave+0x39/0x50 [ 67.934436][ T8492] input_event+0x7b/0xb0 [ 67.940662][ T8492] psmouse_report_standard_buttons+0x2c/0x80 [ 67.948629][ T8492] psmouse_process_byte+0x1e1/0x890 [ 67.955813][ T8492] psmouse_handle_byte+0x41/0x1b0 [ 67.962824][ T8492] psmouse_interrupt+0x304/0xf00 [ 67.969749][ T8492] serio_interrupt+0x88/0x150 [ 67.976405][ T8492] i8042_interrupt+0x27a/0x520 [ 67.983162][ T8492] __handle_irq_event_percpu+0x303/0x8f0 [ 67.991583][ T8492] handle_irq_event+0x102/0x290 [ 67.998428][ T8492] handle_edge_irq+0x25f/0xd00 [ 68.005194][ T8492] asm_call_irq_on_stack+0xf/0x20 [ 68.012219][ T8492] common_interrupt+0x120/0x200 [ 68.019059][ T8492] asm_common_interrupt+0x1e/0x40 [ 68.026102][ T8492] write_comp_data+0x0/0x80 [ 68.032608][ T8492] alloc_pages_current+0x9a/0x2a0 [ 68.039631][ T8492] get_zeroed_page+0x10/0x40 [ 68.046205][ T8492] __pud_alloc+0x37/0x170 [ 68.052557][ T8492] handle_mm_fault+0x13f5/0x55d0 [ 68.059512][ T8492] __get_user_pages+0x642/0x1360 [ 68.066438][ T8492] __get_user_pages_remote+0x18f/0x7a0 [ 68.073903][ T8492] get_user_pages_remote+0x63/0x90 [ 68.081022][ T8492] get_arg_page+0xba/0x200 [ 68.087435][ T8492] copy_string_kernel+0x1b4/0x520 [ 68.094442][ T8492] kernel_execve+0x25c/0x460 [ 68.101018][ T8492] call_usermodehelper_exec_async+0x2de/0x580 [ 68.109089][ T8492] ret_from_fork+0x1f/0x30 [ 68.115750][ T8492] INITIAL USE at: [ 68.119811][ T8492] lock_acquire+0x29d/0x740 [ 68.126866][ T8492] _raw_spin_lock_irqsave+0x39/0x50 [ 68.134343][ T8492] input_inject_event+0xa6/0x310 [ 68.141315][ T8492] led_set_brightness_nosleep+0xe6/0x1a0 [ 68.148959][ T8492] led_set_brightness+0x134/0x170 [ 68.156422][ T8492] led_trigger_event+0x70/0xd0 [ 68.163101][ T8492] kbd_led_trigger_activate+0xfa/0x130 [ 68.170649][ T8492] led_trigger_set+0x61e/0xbd0 [ 68.177323][ T8492] led_trigger_set_default+0x1a6/0x230 [ 68.185059][ T8492] led_classdev_register_ext+0x5b1/0x7c0 [ 68.192727][ T8492] input_leds_connect+0x3fb/0x740 [ 68.199667][ T8492] input_attach_handler+0x180/0x1f0 [ 68.207040][ T8492] input_register_device.cold+0xf0/0x307 [ 68.214569][ T8492] atkbd_connect+0x736/0xa00 [ 68.221239][ T8492] serio_driver_probe+0x72/0xa0 [ 68.228446][ T8492] really_probe+0x291/0xde0 [ 68.234852][ T8492] driver_probe_device+0x26b/0x3d0 [ 68.241872][ T8492] device_driver_attach+0x228/0x290 [ 68.248996][ T8492] __driver_attach+0x15b/0x2f0 [ 68.255654][ T8492] bus_for_each_dev+0x147/0x1d0 [ 68.262430][ T8492] serio_handle_event+0x5f6/0xa30 [ 68.269361][ T8492] process_one_work+0x933/0x15a0 [ 68.276211][ T8492] worker_thread+0x64c/0x1120 [ 68.282787][ T8492] kthread+0x3b1/0x4a0 [ 68.288762][ T8492] ret_from_fork+0x1f/0x30 [ 68.295068][ T8492] } [ 68.297738][ T8492] ... key at: [] __key.8+0x0/0x40 [ 68.304995][ T8492] ... acquired at: [ 68.308967][ T8492] _raw_spin_lock+0x2a/0x40 [ 68.313627][ T8492] evdev_pass_values.part.0+0xf6/0x970 [ 68.319686][ T8492] evdev_events+0x28b/0x3f0 [ 68.324361][ T8492] input_to_handler+0x2a0/0x4c0 [ 68.329371][ T8492] input_pass_values.part.0+0x284/0x700 [ 68.335075][ T8492] input_handle_event+0x324/0x1400 [ 68.340350][ T8492] input_inject_event+0x2f5/0x310 [ 68.345542][ T8492] evdev_write+0x430/0x760 [ 68.350109][ T8492] vfs_write+0x28e/0xa30 [ 68.354505][ T8492] ksys_write+0x1ee/0x250 [ 68.358991][ T8492] do_syscall_64+0x2d/0x70 [ 68.363581][ T8492] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.369622][ T8492] [ 68.371928][ T8492] -> (&client->buffer_lock){....}-{2:2} { [ 68.377742][ T8492] INITIAL USE at: [ 68.381712][ T8492] lock_acquire+0x29d/0x740 [ 68.387945][ T8492] _raw_spin_lock+0x2a/0x40 [ 68.394184][ T8492] evdev_pass_values.part.0+0xf6/0x970 [ 68.401546][ T8492] evdev_events+0x28b/0x3f0 [ 68.407780][ T8492] input_to_handler+0x2a0/0x4c0 [ 68.414375][ T8492] input_pass_values.part.0+0x284/0x700 [ 68.421646][ T8492] input_handle_event+0x324/0x1400 [ 68.428490][ T8492] input_inject_event+0x2f5/0x310 [ 68.435239][ T8492] evdev_write+0x430/0x760 [ 68.441376][ T8492] vfs_write+0x28e/0xa30 [ 68.447612][ T8492] ksys_write+0x1ee/0x250 [ 68.453676][ T8492] do_syscall_64+0x2d/0x70 [ 68.459838][ T8492] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.467464][ T8492] } [ 68.470061][ T8492] ... key at: [] __key.4+0x0/0x40 [ 68.477242][ T8492] ... acquired at: [ 68.481125][ T8492] _raw_read_lock+0x5b/0x70 [ 68.485886][ T8492] kill_fasync+0x14b/0x460 [ 68.490475][ T8492] evdev_pass_values.part.0+0x64e/0x970 [ 68.496176][ T8492] evdev_events+0x28b/0x3f0 [ 68.500830][ T8492] input_to_handler+0x2a0/0x4c0 [ 68.505849][ T8492] input_pass_values.part.0+0x284/0x700 [ 68.511553][ T8492] input_handle_event+0x324/0x1400 [ 68.516867][ T8492] input_inject_event+0x2f5/0x310 [ 68.522069][ T8492] evdev_write+0x430/0x760 [ 68.526657][ T8492] vfs_write+0x28e/0xa30 [ 68.531065][ T8492] ksys_write+0x1ee/0x250 [ 68.535548][ T8492] do_syscall_64+0x2d/0x70 [ 68.540134][ T8492] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.546175][ T8492] [ 68.548493][ T8492] -> (&new->fa_lock){....}-{2:2} { [ 68.553603][ T8492] INITIAL READ USE at: [ 68.557931][ T8492] lock_acquire+0x29d/0x740 [ 68.564460][ T8492] _raw_read_lock+0x5b/0x70 [ 68.570946][ T8492] kill_fasync+0x14b/0x460 [ 68.577362][ T8492] evdev_pass_values.part.0+0x64e/0x970 [ 68.584913][ T8492] evdev_events+0x28b/0x3f0 [ 68.591426][ T8492] input_to_handler+0x2a0/0x4c0 [ 68.598263][ T8492] input_pass_values.part.0+0x284/0x700 [ 68.605798][ T8492] input_handle_event+0x324/0x1400 [ 68.612898][ T8492] input_inject_event+0x2f5/0x310 [ 68.619920][ T8492] evdev_write+0x430/0x760 [ 68.626339][ T8492] vfs_write+0x28e/0xa30 [ 68.632572][ T8492] ksys_write+0x1ee/0x250 [ 68.638877][ T8492] do_syscall_64+0x2d/0x70 [ 68.645645][ T8492] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.653531][ T8492] } [ 68.656044][ T8492] ... key at: [] __key.0+0x0/0x40 [ 68.663135][ T8492] ... acquired at: [ 68.666962][ T8492] lock_acquire+0x29d/0x740 [ 68.671623][ T8492] _raw_read_lock+0x5b/0x70 [ 68.676281][ T8492] send_sigio+0x24/0x350 [ 68.680832][ T8492] kill_fasync+0x205/0x460 [ 68.685409][ T8492] evdev_pass_values.part.0+0x64e/0x970 [ 68.691115][ T8492] evdev_events+0x28b/0x3f0 [ 68.695799][ T8492] input_to_handler+0x2a0/0x4c0 [ 68.700822][ T8492] input_pass_values.part.0+0x284/0x700 [ 68.706528][ T8492] input_handle_event+0x324/0x1400 [ 68.713545][ T8492] input_inject_event+0x2f5/0x310 [ 68.718724][ T8492] evdev_write+0x430/0x760 [ 68.723310][ T8492] vfs_write+0x28e/0xa30 [ 68.727747][ T8492] ksys_write+0x1ee/0x250 [ 68.732230][ T8492] do_syscall_64+0x2d/0x70 [ 68.736811][ T8492] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.742863][ T8492] [ 68.745168][ T8492] [ 68.745168][ T8492] the dependencies between the lock to be acquired [ 68.745172][ T8492] and HARDIRQ-irq-unsafe lock: [ 68.758666][ T8492] -> (&f->f_owner.lock){.+.+}-{2:2} { [ 68.764037][ T8492] HARDIRQ-ON-R at: [ 68.768016][ T8492] lock_acquire+0x29d/0x740 [ 68.774163][ T8492] _raw_read_lock+0x5b/0x70 [ 68.780305][ T8492] do_fcntl+0xb2c/0x1070 [ 68.786181][ T8492] __x64_sys_fcntl+0x165/0x1e0 [ 68.792676][ T8492] do_syscall_64+0x2d/0x70 [ 68.798735][ T8492] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.806255][ T8492] SOFTIRQ-ON-R at: [ 68.810228][ T8492] lock_acquire+0x29d/0x740 [ 68.816386][ T8492] _raw_read_lock+0x5b/0x70 [ 68.822535][ T8492] do_fcntl+0xb2c/0x1070 [ 68.828538][ T8492] __x64_sys_fcntl+0x165/0x1e0 [ 68.834954][ T8492] do_syscall_64+0x2d/0x70 [ 68.841008][ T8492] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.848536][ T8492] INITIAL READ USE at: [ 68.852853][ T8492] lock_acquire+0x29d/0x740 [ 68.859350][ T8492] _raw_read_lock+0x5b/0x70 [ 68.865836][ T8492] do_fcntl+0xb2c/0x1070 [ 68.872071][ T8492] __x64_sys_fcntl+0x165/0x1e0 [ 68.878822][ T8492] do_syscall_64+0x2d/0x70 [ 68.885241][ T8492] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.893122][ T8492] } [ 68.895623][ T8492] ... key at: [] __key.5+0x0/0x40 [ 68.902720][ T8492] ... acquired at: [ 68.906516][ T8492] lock_acquire+0x29d/0x740 [ 68.911193][ T8492] _raw_read_lock+0x5b/0x70 [ 68.915851][ T8492] send_sigio+0x24/0x350 [ 68.920248][ T8492] kill_fasync+0x205/0x460 [ 68.924827][ T8492] evdev_pass_values.part.0+0x64e/0x970 [ 68.930530][ T8492] evdev_events+0x28b/0x3f0 [ 68.935192][ T8492] input_to_handler+0x2a0/0x4c0 [ 68.942375][ T8492] input_pass_values.part.0+0x284/0x700 [ 68.948082][ T8492] input_handle_event+0x324/0x1400 [ 68.953371][ T8492] input_inject_event+0x2f5/0x310 [ 68.958993][ T8492] evdev_write+0x430/0x760 [ 68.963612][ T8492] vfs_write+0x28e/0xa30 [ 68.968008][ T8492] ksys_write+0x1ee/0x250 [ 68.972515][ T8492] do_syscall_64+0x2d/0x70 [ 68.977096][ T8492] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.983158][ T8492] [ 68.985475][ T8492] [ 68.985475][ T8492] stack backtrace: [ 68.991371][ T8492] CPU: 1 PID: 8492 Comm: syz-executor048 Not tainted 5.10.0-rc7-syzkaller #0 [ 69.000106][ T8492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.010408][ T8492] Call Trace: [ 69.013707][ T8492] dump_stack+0x107/0x163 [ 69.018046][ T8492] check_irq_usage.cold+0x4f5/0x6c8 [ 69.023252][ T8492] ? print_shortest_lock_dependencies+0x80/0x80 [ 69.029485][ T8492] ? __kernel_text_address+0x9/0x30 [ 69.034726][ T8492] ? unwind_get_return_address+0x51/0x90 [ 69.040479][ T8492] ? check_path.constprop.0+0x22/0x40 [ 69.045888][ T8492] ? stack_trace_save+0x8c/0xc0 [ 69.050768][ T8492] ? lockdep_lock+0xc6/0x200 [ 69.055355][ T8492] ? call_rcu_zapped+0xb0/0xb0 [ 69.060121][ T8492] __lock_acquire+0x2af6/0x5500 [ 69.064978][ T8492] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 69.070955][ T8492] lock_acquire+0x29d/0x740 [ 69.075452][ T8492] ? send_sigio+0x24/0x350 [ 69.080067][ T8492] ? lock_release+0x710/0x710 [ 69.084753][ T8492] ? lock_release+0x710/0x710 [ 69.089854][ T8492] ? lock_release+0x710/0x710 [ 69.094515][ T8492] ? lock_release+0x710/0x710 [ 69.099178][ T8492] _raw_read_lock+0x5b/0x70 [ 69.103665][ T8492] ? send_sigio+0x24/0x350 [ 69.108073][ T8492] send_sigio+0x24/0x350 [ 69.112301][ T8492] kill_fasync+0x205/0x460 [ 69.116717][ T8492] evdev_pass_values.part.0+0x64e/0x970 [ 69.122250][ T8492] ? evdev_release+0x410/0x410 [ 69.127012][ T8492] ? ktime_mono_to_any+0xb8/0x1a0 [ 69.132040][ T8492] evdev_events+0x28b/0x3f0 [ 69.136531][ T8492] ? evdev_pass_values.part.0+0x970/0x970 [ 69.142332][ T8492] input_to_handler+0x2a0/0x4c0 [ 69.147180][ T8492] input_pass_values.part.0+0x284/0x700 [ 69.152740][ T8492] ? rwlock_bug.part.0+0x90/0x90 [ 69.157780][ T8492] input_handle_event+0x324/0x1400 [ 69.162891][ T8492] input_inject_event+0x2f5/0x310 [ 69.167909][ T8492] evdev_write+0x430/0x760 [ 69.172337][ T8492] ? evdev_read+0xe40/0xe40 [ 69.176868][ T8492] ? security_file_permission+0x248/0x560 [ 69.182576][ T8492] ? evdev_read+0xe40/0xe40 [ 69.187083][ T8492] vfs_write+0x28e/0xa30 [ 69.191325][ T8492] ksys_write+0x1ee/0x250 [ 69.195740][ T8492] ? __ia32_sys_read+0xb0/0xb0 [ 69.200510][ T8492] ? syscall_enter_from_user_mode+0x1d/0x50 [ 69.206404][ T8492] do_syscall_64+0x2d/0x70 [ 69.210813][ T8492] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.216693][ T8492] RIP: 0033:0x443f89 [ 69.220579][ T8492] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.240257][ T8492] RSP: 002b:00007ffc353c6db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 69.248659][ T8492] RAX: ffffffffffffff