[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.88' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.883505][ T8437] [ 55.883513][ T8437] ===================================================== [ 55.883517][ T8437] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 55.883524][ T8437] 5.14.0-rc2-syzkaller #0 Not tainted [ 55.883531][ T8437] ----------------------------------------------------- [ 55.883536][ T8437] syz-executor667/8437 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 55.883554][ T8437] ffff88801c3c80c0 (&new->fa_lock){.+.+}-{2:2}, at: kill_fasync+0x132/0x460 [ 55.883602][ T8437] [ 55.883602][ T8437] and this task is already holding: [ 55.883606][ T8437] ffff88801fde8028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 55.948009][ T8437] which would create a new lock dependency: [ 55.953925][ T8437] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){.+.+}-{2:2} [ 55.962075][ T8437] [ 55.962075][ T8437] but this new dependency connects a HARDIRQ-irq-safe lock: [ 55.971494][ T8437] (&dev->event_lock){-.-.}-{2:2} [ 55.971509][ T8437] [ 55.971509][ T8437] ... which became HARDIRQ-irq-safe at: [ 55.984387][ T8437] lock_acquire+0x1ab/0x510 [ 55.988954][ T8437] _raw_spin_lock_irqsave+0x39/0x50 [ 55.994228][ T8437] input_event+0x7b/0xb0 [ 55.998527][ T8437] psmouse_report_standard_buttons+0x2c/0x80 [ 56.004570][ T8437] psmouse_process_byte+0x1e1/0x890 [ 56.009829][ T8437] psmouse_handle_byte+0x41/0x1b0 [ 56.014981][ T8437] psmouse_interrupt+0x304/0xf00 [ 56.019982][ T8437] serio_interrupt+0x88/0x150 [ 56.024718][ T8437] i8042_interrupt+0x27a/0x520 [ 56.029717][ T8437] __handle_irq_event_percpu+0x303/0x8f0 [ 56.035414][ T8437] handle_irq_event+0x102/0x280 [ 56.040332][ T8437] handle_edge_irq+0x25f/0xd00 [ 56.045159][ T8437] __common_interrupt+0x9d/0x210 [ 56.050157][ T8437] common_interrupt+0x9f/0xd0 [ 56.054897][ T8437] asm_common_interrupt+0x1e/0x40 [ 56.060070][ T8437] unwind_next_frame+0xce4/0x1ce0 [ 56.065159][ T8437] arch_stack_walk+0x7d/0xe0 [ 56.069813][ T8437] stack_trace_save+0x8c/0xc0 [ 56.074553][ T8437] kasan_save_stack+0x1b/0x40 [ 56.079295][ T8437] kasan_set_track+0x1c/0x30 [ 56.083947][ T8437] kasan_set_free_info+0x20/0x30 [ 56.089043][ T8437] __kasan_slab_free+0xfb/0x130 [ 56.094184][ T8437] slab_free_freelist_hook+0xdf/0x240 [ 56.099618][ T8437] kfree+0xeb/0x650 [ 56.103576][ T8437] security_cred_free+0xc3/0x130 [ 56.109011][ T8437] put_cred_rcu+0x122/0x520 [ 56.113792][ T8437] rcu_core+0x7ab/0x1380 [ 56.118486][ T8437] __do_softirq+0x29b/0x9c2 [ 56.123053][ T8437] run_ksoftirqd+0x2d/0x60 [ 56.127590][ T8437] smpboot_thread_fn+0x645/0x9c0 [ 56.132590][ T8437] kthread+0x3e5/0x4d0 [ 56.136723][ T8437] ret_from_fork+0x1f/0x30 [ 56.141211][ T8437] [ 56.141211][ T8437] to a HARDIRQ-irq-unsafe lock: [ 56.148198][ T8437] (&new->fa_lock){.+.+}-{2:2} [ 56.148215][ T8437] [ 56.148215][ T8437] ... which became HARDIRQ-irq-unsafe at: [ 56.160881][ T8437] ... [ 56.160886][ T8437] lock_acquire+0x1ab/0x510 [ 56.168006][ T8437] _raw_read_lock+0x5b/0x70 [ 56.172572][ T8437] kill_fasync+0x132/0x460 [ 56.177051][ T8437] __do_sys_vmsplice+0x305/0x9e0 [ 56.182051][ T8437] do_syscall_64+0x35/0xb0 [ 56.186529][ T8437] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.192484][ T8437] [ 56.192484][ T8437] other info that might help us debug this: [ 56.192484][ T8437] [ 56.202700][ T8437] Chain exists of: [ 56.202700][ T8437] &dev->event_lock --> &client->buffer_lock --> &new->fa_lock [ 56.202700][ T8437] [ 56.216066][ T8437] Possible interrupt unsafe locking scenario: [ 56.216066][ T8437] [ 56.224353][ T8437] CPU0 CPU1 [ 56.229693][ T8437] ---- ---- [ 56.235030][ T8437] lock(&new->fa_lock); [ 56.239243][ T8437] local_irq_disable(); [ 56.245969][ T8437] lock(&dev->event_lock); [ 56.253048][ T8437] lock(&client->buffer_lock); [ 56.260389][ T8437] [ 56.263813][ T8437] lock(&dev->event_lock); [ 56.268459][ T8437] [ 56.268459][ T8437] *** DEADLOCK *** [ 56.268459][ T8437] [ 56.276573][ T8437] 7 locks held by syz-executor667/8437: [ 56.282090][ T8437] #0: ffff888022213110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 56.291195][ T8437] #1: ffff888146cf6230 (&dev->event_lock){-.-.}-{2:2}, at: input_inject_event+0xa6/0x320 [ 56.301076][ T8437] #2: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x320 [ 56.310862][ T8437] #3: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 56.321004][ T8437] #4: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 [ 56.330111][ T8437] #5: ffff88801fde8028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 56.340865][ T8437] #6: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 [ 56.349885][ T8437] [ 56.349885][ T8437] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 56.360260][ T8437] -> (&dev->event_lock){-.-.}-{2:2} { [ 56.365702][ T8437] IN-HARDIRQ-W at: [ 56.369739][ T8437] lock_acquire+0x1ab/0x510 [ 56.376039][ T8437] _raw_spin_lock_irqsave+0x39/0x50 [ 56.383037][ T8437] input_event+0x7b/0xb0 [ 56.389075][ T8437] psmouse_report_standard_buttons+0x2c/0x80 [ 56.396945][ T8437] psmouse_process_byte+0x1e1/0x890 [ 56.403945][ T8437] psmouse_handle_byte+0x41/0x1b0 [ 56.410773][ T8437] psmouse_interrupt+0x304/0xf00 [ 56.417698][ T8437] serio_interrupt+0x88/0x150 [ 56.424172][ T8437] i8042_interrupt+0x27a/0x520 [ 56.430750][ T8437] __handle_irq_event_percpu+0x303/0x8f0 [ 56.438183][ T8437] handle_irq_event+0x102/0x280 [ 56.444831][ T8437] handle_edge_irq+0x25f/0xd00 [ 56.451485][ T8437] __common_interrupt+0x9d/0x210 [ 56.458397][ T8437] common_interrupt+0x9f/0xd0 [ 56.464964][ T8437] asm_common_interrupt+0x1e/0x40 [ 56.471782][ T8437] unwind_next_frame+0xce4/0x1ce0 [ 56.478650][ T8437] arch_stack_walk+0x7d/0xe0 [ 56.485130][ T8437] stack_trace_save+0x8c/0xc0 [ 56.491622][ T8437] kasan_save_stack+0x1b/0x40 [ 56.498099][ T8437] kasan_set_track+0x1c/0x30 [ 56.504489][ T8437] kasan_set_free_info+0x20/0x30 [ 56.511226][ T8437] __kasan_slab_free+0xfb/0x130 [ 56.517877][ T8437] slab_free_freelist_hook+0xdf/0x240 [ 56.525504][ T8437] kfree+0xeb/0x650 [ 56.531114][ T8437] security_cred_free+0xc3/0x130 [ 56.537852][ T8437] put_cred_rcu+0x122/0x520 [ 56.544148][ T8437] rcu_core+0x7ab/0x1380 [ 56.550191][ T8437] __do_softirq+0x29b/0x9c2 [ 56.556491][ T8437] run_ksoftirqd+0x2d/0x60 [ 56.562703][ T8437] smpboot_thread_fn+0x645/0x9c0 [ 56.569437][ T8437] kthread+0x3e5/0x4d0 [ 56.575304][ T8437] ret_from_fork+0x1f/0x30 [ 56.581518][ T8437] IN-SOFTIRQ-W at: [ 56.585556][ T8437] lock_acquire+0x1ab/0x510 [ 56.591855][ T8437] _raw_spin_lock_irqsave+0x39/0x50 [ 56.598855][ T8437] input_event+0x7b/0xb0 [ 56.604892][ T8437] psmouse_report_standard_buttons+0x2c/0x80 [ 56.612674][ T8437] psmouse_process_byte+0x1e1/0x890 [ 56.619673][ T8437] psmouse_handle_byte+0x41/0x1b0 [ 56.626511][ T8437] psmouse_interrupt+0x304/0xf00 [ 56.633264][ T8437] serio_interrupt+0x88/0x150 [ 56.639741][ T8437] i8042_interrupt+0x27a/0x520 [ 56.646300][ T8437] __handle_irq_event_percpu+0x303/0x8f0 [ 56.653817][ T8437] handle_irq_event+0x102/0x280 [ 56.660465][ T8437] handle_edge_irq+0x25f/0xd00 [ 56.667029][ T8437] __common_interrupt+0x9d/0x210 [ 56.673768][ T8437] common_interrupt+0x9f/0xd0 [ 56.680242][ T8437] asm_common_interrupt+0x1e/0x40 [ 56.687068][ T8437] unwind_next_frame+0xce4/0x1ce0 [ 56.693892][ T8437] arch_stack_walk+0x7d/0xe0 [ 56.700369][ T8437] stack_trace_save+0x8c/0xc0 [ 56.706841][ T8437] kasan_save_stack+0x1b/0x40 [ 56.713316][ T8437] kasan_set_track+0x1c/0x30 [ 56.719705][ T8437] kasan_set_free_info+0x20/0x30 [ 56.726444][ T8437] __kasan_slab_free+0xfb/0x130 [ 56.733180][ T8437] slab_free_freelist_hook+0xdf/0x240 [ 56.740352][ T8437] kfree+0xeb/0x650 [ 56.746043][ T8437] security_cred_free+0xc3/0x130 [ 56.752813][ T8437] put_cred_rcu+0x122/0x520 [ 56.759129][ T8437] rcu_core+0x7ab/0x1380 [ 56.765168][ T8437] __do_softirq+0x29b/0x9c2 [ 56.771467][ T8437] run_ksoftirqd+0x2d/0x60 [ 56.780864][ T8437] smpboot_thread_fn+0x645/0x9c0 [ 56.788038][ T8437] kthread+0x3e5/0x4d0 [ 56.793903][ T8437] ret_from_fork+0x1f/0x30 [ 56.800124][ T8437] INITIAL USE at: [ 56.804168][ T8437] lock_acquire+0x1ab/0x510 [ 56.810381][ T8437] _raw_spin_lock_irqsave+0x39/0x50 [ 56.817292][ T8437] input_inject_event+0xa6/0x320 [ 56.825156][ T8437] led_set_brightness_nosleep+0xe6/0x1a0 [ 56.832501][ T8437] led_set_brightness+0x134/0x170 [ 56.839236][ T8437] led_trigger_event+0x75/0xd0 [ 56.845888][ T8437] kbd_led_trigger_activate+0xc9/0x100 [ 56.853060][ T8437] led_trigger_set+0x61e/0xbd0 [ 56.862573][ T8437] led_trigger_set_default+0x1a6/0x230 [ 56.869742][ T8437] led_classdev_register_ext+0x5b1/0x7c0 [ 56.877087][ T8437] input_leds_connect+0x4bd/0x860 [ 56.883822][ T8437] input_attach_handler+0x180/0x1f0 [ 56.892643][ T8437] input_register_device.cold+0xf0/0x304 [ 56.899990][ T8437] atkbd_connect+0x739/0xa00 [ 56.906294][ T8437] serio_driver_probe+0x72/0xa0 [ 56.912874][ T8437] really_probe+0x23c/0xcd0 [ 56.919093][ T8437] __driver_probe_device+0x338/0x4d0 [ 56.926092][ T8437] driver_probe_device+0x4c/0x1a0 [ 56.932835][ T8437] __driver_attach+0x22d/0x4e0 [ 56.939319][ T8437] bus_for_each_dev+0x147/0x1d0 [ 56.945881][ T8437] serio_handle_event+0x5f6/0xa30 [ 56.952615][ T8437] process_one_work+0x98d/0x1630 [ 56.959268][ T8437] worker_thread+0x658/0x11f0 [ 56.965663][ T8437] kthread+0x3e5/0x4d0 [ 56.971445][ T8437] ret_from_fork+0x1f/0x30 [ 56.977577][ T8437] } [ 56.980135][ T8437] ... key at: [] __key.8+0x0/0x40 [ 56.987305][ T8437] -> (&client->buffer_lock){....}-{2:2} { [ 56.993007][ T8437] INITIAL USE at: [ 56.998387][ T8437] lock_acquire+0x1ab/0x510 [ 57.006513][ T8437] _raw_spin_lock+0x2a/0x40 [ 57.012556][ T8437] evdev_pass_values.part.0+0xf6/0x970 [ 57.019556][ T8437] evdev_events+0x359/0x3e0 [ 57.025597][ T8437] input_to_handler+0x2a0/0x4c0 [ 57.031987][ T8437] input_pass_values.part.0+0x230/0x710 [ 57.039066][ T8437] input_handle_event+0x373/0x1440 [ 57.045716][ T8437] input_inject_event+0x1bd/0x320 [ 57.052539][ T8437] evdev_write+0x430/0x760 [ 57.058742][ T8437] vfs_write+0x28e/0xa40 [ 57.064523][ T8437] ksys_write+0x1ee/0x250 [ 57.070390][ T8437] do_syscall_64+0x35/0xb0 [ 57.076562][ T8437] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.084290][ T8437] } [ 57.087224][ T8437] ... key at: [] __key.4+0x0/0x40 [ 57.094308][ T8437] ... acquired at: [ 57.098379][ T8437] _raw_spin_lock+0x2a/0x40 [ 57.103354][ T8437] evdev_pass_values.part.0+0xf6/0x970 [ 57.108962][ T8437] evdev_events+0x359/0x3e0 [ 57.113614][ T8437] input_to_handler+0x2a0/0x4c0 [ 57.118946][ T8437] input_pass_values.part.0+0x230/0x710 [ 57.124872][ T8437] input_handle_event+0x373/0x1440 [ 57.130131][ T8437] input_inject_event+0x1bd/0x320 [ 57.135476][ T8437] evdev_write+0x430/0x760 [ 57.140454][ T8437] vfs_write+0x28e/0xa40 [ 57.145067][ T8437] ksys_write+0x1ee/0x250 [ 57.149760][ T8437] do_syscall_64+0x35/0xb0 [ 57.154949][ T8437] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.161254][ T8437] [ 57.163557][ T8437] [ 57.163557][ T8437] the dependencies between the lock to be acquired [ 57.163562][ T8437] and HARDIRQ-irq-unsafe lock: [ 57.177254][ T8437] -> (&new->fa_lock){.+.+}-{2:2} { [ 57.182352][ T8437] HARDIRQ-ON-R at: [ 57.186307][ T8437] lock_acquire+0x1ab/0x510 [ 57.194071][ T8437] _raw_read_lock+0x5b/0x70 [ 57.200716][ T8437] kill_fasync+0x132/0x460 [ 57.206756][ T8437] __do_sys_vmsplice+0x305/0x9e0 [ 57.213524][ T8437] do_syscall_64+0x35/0xb0 [ 57.219565][ T8437] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.227471][ T8437] SOFTIRQ-ON-R at: [ 57.231701][ T8437] lock_acquire+0x1ab/0x510 [ 57.237828][ T8437] _raw_read_lock+0x5b/0x70 [ 57.244181][ T8437] kill_fasync+0x132/0x460 [ 57.250437][ T8437] __do_sys_vmsplice+0x305/0x9e0 [ 57.257189][ T8437] do_syscall_64+0x35/0xb0 [ 57.263228][ T8437] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.270748][ T8437] INITIAL READ USE at: [ 57.275218][ T8437] lock_acquire+0x1ab/0x510 [ 57.281928][ T8437] _raw_read_lock+0x5b/0x70 [ 57.288404][ T8437] kill_fasync+0x132/0x460 [ 57.294792][ T8437] __do_sys_vmsplice+0x305/0x9e0 [ 57.301901][ T8437] do_syscall_64+0x35/0xb0 [ 57.308290][ T8437] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.316329][ T8437] } [ 57.318801][ T8437] ... key at: [] __key.0+0x0/0x40 [ 57.326028][ T8437] ... acquired at: [ 57.329889][ T8437] lock_acquire+0x1ab/0x510 [ 57.334541][ T8437] _raw_read_lock+0x5b/0x70 [ 57.339192][ T8437] kill_fasync+0x132/0x460 [ 57.343753][ T8437] evdev_pass_values.part.0+0x64e/0x970 [ 57.349444][ T8437] evdev_events+0x359/0x3e0 [ 57.354097][ T8437] input_to_handler+0x2a0/0x4c0 [ 57.359095][ T8437] input_pass_values.part.0+0x230/0x710 [ 57.364962][ T8437] input_handle_event+0x373/0x1440 [ 57.370220][ T8437] input_inject_event+0x1bd/0x320 [ 57.375391][ T8437] evdev_write+0x430/0x760 [ 57.379956][ T8437] vfs_write+0x28e/0xa40 [ 57.384348][ T8437] ksys_write+0x1ee/0x250 [ 57.388824][ T8437] do_syscall_64+0x35/0xb0 [ 57.393388][ T8437] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.399433][ T8437] [ 57.401726][ T8437] [ 57.401726][ T8437] stack backtrace: [ 57.407581][ T8437] CPU: 0 PID: 8437 Comm: syz-executor667 Not tainted 5.14.0-rc2-syzkaller #0 [ 57.416314][ T8437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.426344][ T8437] Call Trace: [ 57.429598][ T8437] dump_stack_lvl+0xcd/0x134 [ 57.434168][ T8437] check_irq_usage.cold+0x4c1/0x6b0 [ 57.439345][ T8437] ? is_bpf_text_address+0x99/0x170 [ 57.445775][ T8437] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 57.452861][ T8437] ? __kernel_text_address+0x9/0x30 [ 57.458040][ T8437] ? check_path.constprop.0+0x24/0x50 [ 57.463385][ T8437] ? pv_hash+0x100/0x100 [ 57.467600][ T8437] ? register_lock_class+0xb7/0x10c0 [ 57.473551][ T8437] ? stack_trace_save+0x8c/0xc0 [ 57.478380][ T8437] ? lockdep_lock+0x1b7/0x200 [ 57.483034][ T8437] ? call_rcu_zapped+0xb0/0xb0 [ 57.487774][ T8437] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 57.493991][ T8437] __lock_acquire+0x2a1f/0x54a0 [ 57.498818][ T8437] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.507902][ T8437] lock_acquire+0x1ab/0x510 [ 57.512385][ T8437] ? kill_fasync+0x132/0x460 [ 57.516953][ T8437] ? lock_release+0x720/0x720 [ 57.521606][ T8437] ? lock_release+0x720/0x720 [ 57.526261][ T8437] ? lock_release+0x720/0x720 [ 57.530912][ T8437] _raw_read_lock+0x5b/0x70 [ 57.535395][ T8437] ? kill_fasync+0x132/0x460 [ 57.539961][ T8437] kill_fasync+0x132/0x460 [ 57.544352][ T8437] evdev_pass_values.part.0+0x64e/0x970 [ 57.549874][ T8437] ? evdev_release+0x410/0x410 [ 57.554613][ T8437] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 57.560326][ T8437] evdev_events+0x359/0x3e0 [ 57.564805][ T8437] ? evdev_pass_values.part.0+0x970/0x970 [ 57.570497][ T8437] input_to_handler+0x2a0/0x4c0 [ 57.575325][ T8437] input_pass_values.part.0+0x230/0x710 [ 57.580843][ T8437] input_handle_event+0x373/0x1440 [ 57.585930][ T8437] input_inject_event+0x1bd/0x320 [ 57.590931][ T8437] evdev_write+0x430/0x760 [ 57.595323][ T8437] ? evdev_read+0xe40/0xe40 [ 57.599797][ T8437] ? security_file_permission+0x248/0x560 [ 57.605669][ T8437] ? evdev_read+0xe40/0xe40 [ 57.610146][ T8437] vfs_write+0x28e/0xa40 [ 57.614367][ T8437] ksys_write+0x1ee/0x250 [ 57.618691][ T8437] ? __ia32_sys_read+0xb0/0xb0 [ 57.623431][ T8437] ? syscall_enter_from_user_mode+0x21/0x70 [ 57.629440][ T8437] do_syscall_64+0x35/0xb0 [ 57.633832][ T8437] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.639703][ T8437] RIP: 0033:0x4435d9 [ 57.643572][ T8437] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.664370][ T8437] RSP: 002b:00007ffdcf343438 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.673910][ T8437] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 00000000004435d9 [ 57.681969][ T8437] RDX: 00000000000002b8 RSI: 0000000020000040 RDI: 0000000000000005 [