[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started OpenBSD Secure Shell server. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 68.117323][ T8481] [ 68.119659][ T8481] ======================================================== [ 68.126857][ T8481] WARNING: possible irq lock inversion dependency detected [ 68.134018][ T8481] 5.11.0-rc2-syzkaller #0 Not tainted [ 68.139357][ T8481] -------------------------------------------------------- [ 68.146528][ T8481] syz-executor658/8481 just changed the state of lock: [ 68.153381][ T8481] ffff888025e63a38 (&f->f_owner.lock){.+..}-{2:2}, at: f_getown+0x1b/0xb0 [ 68.161924][ T8481] but this lock was taken by another, HARDIRQ-safe lock in the past: [ 68.169992][ T8481] (&dev->event_lock){-.-.}-{2:2} [ 68.170008][ T8481] [ 68.170008][ T8481] [ 68.170008][ T8481] and interrupts could create inverse lock ordering between them. [ 68.170008][ T8481] [ 68.189469][ T8481] [ 68.189469][ T8481] other info that might help us debug this: [ 68.197499][ T8481] Chain exists of: [ 68.197499][ T8481] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 68.197499][ T8481] [ 68.210510][ T8481] Possible interrupt unsafe locking scenario: [ 68.210510][ T8481] [ 68.218808][ T8481] CPU0 CPU1 [ 68.224145][ T8481] ---- ---- [ 68.229518][ T8481] lock(&f->f_owner.lock); [ 68.234005][ T8481] local_irq_disable(); [ 68.240729][ T8481] lock(&dev->event_lock); [ 68.247723][ T8481] lock(&new->fa_lock); [ 68.254455][ T8481] [ 68.257881][ T8481] lock(&dev->event_lock); [ 68.262529][ T8481] [ 68.262529][ T8481] *** DEADLOCK *** [ 68.262529][ T8481] [ 68.270639][ T8481] no locks held by syz-executor658/8481. [ 68.276236][ T8481] [ 68.276236][ T8481] the shortest dependencies between 2nd lock and 1st lock: [ 68.285583][ T8481] -> (&dev->event_lock){-.-.}-{2:2} { [ 68.291198][ T8481] IN-HARDIRQ-W at: [ 68.295421][ T8481] lock_acquire+0x29d/0x740 [ 68.302075][ T8481] _raw_spin_lock_irqsave+0x39/0x50 [ 68.309438][ T8481] input_event+0x7b/0xb0 [ 68.315826][ T8481] psmouse_report_standard_buttons+0x2c/0x80 [ 68.323952][ T8481] psmouse_process_byte+0x1e1/0x890 [ 68.331300][ T8481] psmouse_handle_byte+0x41/0x1b0 [ 68.338466][ T8481] psmouse_interrupt+0x304/0xf00 [ 68.345570][ T8481] serio_interrupt+0x88/0x150 [ 68.352400][ T8481] i8042_interrupt+0x27a/0x520 [ 68.359319][ T8481] __handle_irq_event_percpu+0x303/0x8f0 [ 68.367101][ T8481] handle_irq_event+0x102/0x290 [ 68.374102][ T8481] handle_edge_irq+0x25f/0xd00 [ 68.381577][ T8481] asm_call_irq_on_stack+0xf/0x20 [ 68.388760][ T8481] common_interrupt+0x120/0x200 [ 68.395770][ T8481] asm_common_interrupt+0x1e/0x40 [ 68.402946][ T8481] preempt_count_add+0x3f/0x140 [ 68.409959][ T8481] unwind_next_frame+0x11f/0x1f90 [ 68.417136][ T8481] arch_stack_walk+0x7d/0xe0 [ 68.423898][ T8481] stack_trace_save+0x8c/0xc0 [ 68.430727][ T8481] kasan_save_stack+0x1b/0x40 [ 68.437555][ T8481] kasan_set_track+0x1c/0x30 [ 68.444305][ T8481] kasan_set_free_info+0x20/0x30 [ 68.451417][ T8481] ____kasan_slab_free+0xe1/0x110 [ 68.458598][ T8481] slab_free_freelist_hook+0x5d/0x150 [ 68.466120][ T8481] kmem_cache_free+0x82/0x350 [ 68.472942][ T8481] rcu_core+0x5eb/0xf00 [ 68.479249][ T8481] __do_softirq+0x2a5/0x9f7 [ 68.485901][ T8481] run_ksoftirqd+0x2d/0x50 [ 68.492465][ T8481] smpboot_thread_fn+0x655/0x9e0 [ 68.499551][ T8481] kthread+0x3b1/0x4a0 [ 68.505768][ T8481] ret_from_fork+0x1f/0x30 [ 68.512333][ T8481] IN-SOFTIRQ-W at: [ 68.516548][ T8481] lock_acquire+0x29d/0x740 [ 68.523199][ T8481] _raw_spin_lock_irqsave+0x39/0x50 [ 68.530543][ T8481] input_event+0x7b/0xb0 [ 68.536932][ T8481] psmouse_report_standard_buttons+0x2c/0x80 [ 68.545056][ T8481] psmouse_process_byte+0x1e1/0x890 [ 68.552400][ T8481] psmouse_handle_byte+0x41/0x1b0 [ 68.559579][ T8481] psmouse_interrupt+0x304/0xf00 [ 68.566662][ T8481] serio_interrupt+0x88/0x150 [ 68.573486][ T8481] i8042_interrupt+0x27a/0x520 [ 68.580441][ T8481] __handle_irq_event_percpu+0x303/0x8f0 [ 68.588294][ T8481] handle_irq_event+0x102/0x290 [ 68.595298][ T8481] handle_edge_irq+0x25f/0xd00 [ 68.602317][ T8481] asm_call_irq_on_stack+0xf/0x20 [ 68.609498][ T8481] common_interrupt+0x120/0x200 [ 68.616497][ T8481] asm_common_interrupt+0x1e/0x40 [ 68.623670][ T8481] preempt_count_add+0x3f/0x140 [ 68.630671][ T8481] unwind_next_frame+0x11f/0x1f90 [ 68.637880][ T8481] arch_stack_walk+0x7d/0xe0 [ 68.644669][ T8481] stack_trace_save+0x8c/0xc0 [ 68.651495][ T8481] kasan_save_stack+0x1b/0x40 [ 68.658318][ T8481] kasan_set_track+0x1c/0x30 [ 68.665055][ T8481] kasan_set_free_info+0x20/0x30 [ 68.672138][ T8481] ____kasan_slab_free+0xe1/0x110 [ 68.679319][ T8481] slab_free_freelist_hook+0x5d/0x150 [ 68.686948][ T8481] kmem_cache_free+0x82/0x350 [ 68.693769][ T8481] rcu_core+0x5eb/0xf00 [ 68.700072][ T8481] __do_softirq+0x2a5/0x9f7 [ 68.706724][ T8481] run_ksoftirqd+0x2d/0x50 [ 68.713286][ T8481] smpboot_thread_fn+0x655/0x9e0 [ 68.720370][ T8481] kthread+0x3b1/0x4a0 [ 68.726603][ T8481] ret_from_fork+0x1f/0x30 [ 68.733171][ T8481] INITIAL USE at: [ 68.737300][ T8481] lock_acquire+0x29d/0x740 [ 68.743865][ T8481] _raw_spin_lock_irqsave+0x39/0x50 [ 68.751121][ T8481] input_inject_event+0xa6/0x310 [ 68.758119][ T8481] led_set_brightness_nosleep+0xe6/0x1a0 [ 68.765811][ T8481] led_set_brightness+0x134/0x170 [ 68.772979][ T8481] led_trigger_event+0x70/0xd0 [ 68.779799][ T8481] kbd_led_trigger_activate+0xfa/0x130 [ 68.787329][ T8481] led_trigger_set+0x61e/0xbd0 [ 68.794150][ T8481] led_trigger_set_default+0x1a6/0x230 [ 68.801664][ T8481] led_classdev_register_ext+0x5b1/0x7c0 [ 68.809352][ T8481] input_leds_connect+0x3fb/0x740 [ 68.816435][ T8481] input_attach_handler+0x180/0x1f0 [ 68.823690][ T8481] input_register_device.cold+0xf0/0x307 [ 68.831382][ T8481] atkbd_connect+0x736/0xa00 [ 68.838032][ T8481] serio_driver_probe+0x72/0xa0 [ 68.844944][ T8481] really_probe+0x291/0xde0 [ 68.851520][ T8481] driver_probe_device+0x26b/0x3d0 [ 68.858703][ T8481] device_driver_attach+0x228/0x290 [ 68.865980][ T8481] __driver_attach+0x15b/0x2f0 [ 68.872802][ T8481] bus_for_each_dev+0x147/0x1d0 [ 68.879714][ T8481] serio_handle_event+0x5f6/0xa30 [ 68.886818][ T8481] process_one_work+0x98d/0x15f0 [ 68.893815][ T8481] worker_thread+0x64c/0x1120 [ 68.900552][ T8481] kthread+0x3b1/0x4a0 [ 68.906679][ T8481] ret_from_fork+0x1f/0x30 [ 68.913155][ T8481] } [ 68.915888][ T8481] ... key at: [] __key.8+0x0/0x40 [ 68.923233][ T8481] ... acquired at: [ 68.927280][ T8481] _raw_spin_lock+0x2a/0x40 [ 68.931933][ T8481] evdev_pass_values.part.0+0xf6/0x970 [ 68.937542][ T8481] evdev_events+0x28b/0x3f0 [ 68.942197][ T8481] input_to_handler+0x2a0/0x4c0 [ 68.947202][ T8481] input_pass_values.part.0+0x284/0x700 [ 68.952900][ T8481] input_handle_event+0x373/0x1440 [ 68.958159][ T8481] input_inject_event+0x2f5/0x310 [ 68.963332][ T8481] evdev_write+0x430/0x760 [ 68.967896][ T8481] vfs_write+0x28e/0xa30 [ 68.972287][ T8481] ksys_write+0x1ee/0x250 [ 68.976765][ T8481] do_syscall_64+0x2d/0x70 [ 68.981330][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.987372][ T8481] [ 68.989672][ T8481] -> (&client->buffer_lock){....}-{2:2} { [ 68.995550][ T8481] INITIAL USE at: [ 68.999589][ T8481] lock_acquire+0x29d/0x740 [ 69.006064][ T8481] _raw_spin_lock+0x2a/0x40 [ 69.012452][ T8481] evdev_pass_values.part.0+0xf6/0x970 [ 69.019795][ T8481] evdev_events+0x28b/0x3f0 [ 69.026185][ T8481] input_to_handler+0x2a0/0x4c0 [ 69.032929][ T8481] input_pass_values.part.0+0x284/0x700 [ 69.040361][ T8481] input_handle_event+0x373/0x1440 [ 69.047358][ T8481] input_inject_event+0x2f5/0x310 [ 69.054279][ T8481] evdev_write+0x430/0x760 [ 69.060683][ T8481] vfs_write+0x28e/0xa30 [ 69.066812][ T8481] ksys_write+0x1ee/0x250 [ 69.073034][ T8481] do_syscall_64+0x2d/0x70 [ 69.079360][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.087140][ T8481] } [ 69.089784][ T8481] ... key at: [] __key.4+0x0/0x40 [ 69.097042][ T8481] ... acquired at: [ 69.100991][ T8481] _raw_read_lock+0x5b/0x70 [ 69.105644][ T8481] kill_fasync+0x14b/0x460 [ 69.110210][ T8481] evdev_pass_values.part.0+0x64e/0x970 [ 69.115924][ T8481] evdev_events+0x28b/0x3f0 [ 69.120577][ T8481] input_to_handler+0x2a0/0x4c0 [ 69.125583][ T8481] input_pass_values.part.0+0x284/0x700 [ 69.131276][ T8481] input_handle_event+0x373/0x1440 [ 69.136536][ T8481] input_inject_event+0x2f5/0x310 [ 69.141710][ T8481] evdev_write+0x430/0x760 [ 69.146273][ T8481] vfs_write+0x28e/0xa30 [ 69.150664][ T8481] ksys_write+0x1ee/0x250 [ 69.155142][ T8481] do_syscall_64+0x2d/0x70 [ 69.159706][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.165748][ T8481] [ 69.168048][ T8481] -> (&new->fa_lock){....}-{2:2} { [ 69.173227][ T8481] INITIAL READ USE at: [ 69.177614][ T8481] lock_acquire+0x29d/0x740 [ 69.184266][ T8481] _raw_read_lock+0x5b/0x70 [ 69.190918][ T8481] kill_fasync+0x14b/0x460 [ 69.197480][ T8481] evdev_pass_values.part.0+0x64e/0x970 [ 69.205175][ T8481] evdev_events+0x28b/0x3f0 [ 69.211831][ T8481] input_to_handler+0x2a0/0x4c0 [ 69.218830][ T8481] input_pass_values.part.0+0x284/0x700 [ 69.226535][ T8481] input_handle_event+0x373/0x1440 [ 69.233801][ T8481] input_inject_event+0x2f5/0x310 [ 69.240970][ T8481] evdev_write+0x430/0x760 [ 69.247545][ T8481] vfs_write+0x28e/0xa30 [ 69.253945][ T8481] ksys_write+0x1ee/0x250 [ 69.260420][ T8481] do_syscall_64+0x2d/0x70 [ 69.266993][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.275038][ T8481] } [ 69.277597][ T8481] ... key at: [] __key.0+0x0/0x40 [ 69.284767][ T8481] ... acquired at: [ 69.288627][ T8481] _raw_read_lock_irqsave+0x70/0x90 [ 69.293972][ T8481] send_sigio+0x24/0x360 [ 69.298373][ T8481] kill_fasync+0x205/0x460 [ 69.302937][ T8481] evdev_pass_values.part.0+0x64e/0x970 [ 69.308633][ T8481] evdev_events+0x28b/0x3f0 [ 69.313286][ T8481] input_to_handler+0x2a0/0x4c0 [ 69.318284][ T8481] input_pass_values.part.0+0x284/0x700 [ 69.323975][ T8481] input_handle_event+0x373/0x1440 [ 69.329232][ T8481] input_inject_event+0x2f5/0x310 [ 69.334405][ T8481] evdev_write+0x430/0x760 [ 69.338983][ T8481] vfs_write+0x28e/0xa30 [ 69.343372][ T8481] ksys_write+0x1ee/0x250 [ 69.347849][ T8481] do_syscall_64+0x2d/0x70 [ 69.352415][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.358461][ T8481] [ 69.360779][ T8481] -> (&f->f_owner.lock){.+..}-{2:2} { [ 69.366136][ T8481] HARDIRQ-ON-R at: [ 69.370088][ T8481] lock_acquire+0x29d/0x740 [ 69.376227][ T8481] _raw_read_lock+0x5b/0x70 [ 69.382355][ T8481] f_getown+0x1b/0xb0 [ 69.387961][ T8481] sock_ioctl+0x4ba/0x6a0 [ 69.393915][ T8481] __x64_sys_ioctl+0x193/0x200 [ 69.400327][ T8481] do_syscall_64+0x2d/0x70 [ 69.406374][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.413905][ T8481] INITIAL READ USE at: [ 69.418216][ T8481] lock_acquire+0x29d/0x740 [ 69.424699][ T8481] _raw_read_lock_irqsave+0x70/0x90 [ 69.431876][ T8481] send_sigio+0x24/0x360 [ 69.438093][ T8481] kill_fasync+0x205/0x460 [ 69.444480][ T8481] evdev_pass_values.part.0+0x64e/0x970 [ 69.452000][ T8481] evdev_events+0x28b/0x3f0 [ 69.458506][ T8481] input_to_handler+0x2a0/0x4c0 [ 69.465333][ T8481] input_pass_values.part.0+0x284/0x700 [ 69.472852][ T8481] input_handle_event+0x373/0x1440 [ 69.479937][ T8481] input_inject_event+0x2f5/0x310 [ 69.486969][ T8481] evdev_write+0x430/0x760 [ 69.493361][ T8481] vfs_write+0x28e/0xa30 [ 69.499576][ T8481] ksys_write+0x1ee/0x250 [ 69.505891][ T8481] do_syscall_64+0x2d/0x70 [ 69.512279][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.520152][ T8481] } [ 69.522623][ T8481] ... key at: [] __key.5+0x0/0x40 [ 69.529711][ T8481] ... acquired at: [ 69.533485][ T8481] __lock_acquire+0x120a/0x5500 [ 69.538496][ T8481] lock_acquire+0x29d/0x740 [ 69.543154][ T8481] _raw_read_lock+0x5b/0x70 [ 69.547815][ T8481] f_getown+0x1b/0xb0 [ 69.551952][ T8481] sock_ioctl+0x4ba/0x6a0 [ 69.556443][ T8481] __x64_sys_ioctl+0x193/0x200 [ 69.561358][ T8481] do_syscall_64+0x2d/0x70 [ 69.565927][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.571975][ T8481] [ 69.574275][ T8481] [ 69.574275][ T8481] stack backtrace: [ 69.580685][ T8481] CPU: 0 PID: 8481 Comm: syz-executor658 Not tainted 5.11.0-rc2-syzkaller #0 [ 69.589549][ T8481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.599589][ T8481] Call Trace: [ 69.602864][ T8481] dump_stack+0x107/0x163 [ 69.607181][ T8481] mark_lock.cold+0x1a/0x73 [ 69.611668][ T8481] ? lock_chain_count+0x20/0x20 [ 69.616500][ T8481] ? lockdep_hardirqs_on+0x79/0x100 [ 69.621741][ T8481] ? find_held_lock+0x2d/0x110 [ 69.626486][ T8481] __lock_acquire+0x120a/0x5500 [ 69.631317][ T8481] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 69.637539][ T8481] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 69.643498][ T8481] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 69.649455][ T8481] lock_acquire+0x29d/0x740 [ 69.653935][ T8481] ? f_getown+0x1b/0xb0 [ 69.658067][ T8481] ? lock_release+0x710/0x710 [ 69.662720][ T8481] ? __might_fault+0xd3/0x180 [ 69.667373][ T8481] ? lock_downgrade+0x6d0/0x6d0 [ 69.672207][ T8481] _raw_read_lock+0x5b/0x70 [ 69.676687][ T8481] ? f_getown+0x1b/0xb0 [ 69.680819][ T8481] f_getown+0x1b/0xb0 [ 69.684773][ T8481] sock_ioctl+0x4ba/0x6a0 [ 69.689079][ T8481] ? vlan_ioctl_set+0x30/0x30 [ 69.693731][ T8481] ? __sys_socket+0x16d/0x200 [ 69.698382][ T8481] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.704599][ T8481] ? vlan_ioctl_set+0x30/0x30 [ 69.709251][ T8481] __x64_sys_ioctl+0x193/0x200 [ 69.714028][ T8481] do_syscall_64+0x2d/0x70 [ 69.718419][ T8481] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.724289][ T8481] RIP: 0033:0x444039 [ 69.728158][ T8481] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.747749][ T8481] RSP: 002b:00007fff0ceb9688 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.756136][ T8481] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444039 [ 69.764118][ T8481] RDX: 0000000000000000 RSI: 0000000000008904 RDI: 0000000000000004 [ 69.772062][ T8481] RBP: 00