Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.124' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 56.808174][ T8449] [ 56.808182][ T8449] ===================================================== [ 56.808187][ T8449] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 56.808196][ T8449] 5.14.0-rc2-syzkaller #0 Not tainted [ 56.808203][ T8449] ----------------------------------------------------- [ 56.808208][ T8449] syz-executor045/8449 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 56.808226][ T8449] ffff8880378392b8 (&f->f_owner.lock){.+.+}-{2:2}, at: send_sigio+0x24/0x380 [ 56.855966][ T8449] [ 56.855966][ T8449] and this task is already holding: [ 56.863421][ T8449] ffff888015f52018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x132/0x460 [ 56.872118][ T8449] which would create a new lock dependency: [ 56.877977][ T8449] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){.+.+}-{2:2} [ 56.885690][ T8449] [ 56.885690][ T8449] but this new dependency connects a HARDIRQ-irq-safe lock: [ 56.895198][ T8449] (&dev->event_lock){-...}-{2:2} [ 56.895214][ T8449] [ 56.895214][ T8449] ... which became HARDIRQ-irq-safe at: [ 56.907883][ T8449] lock_acquire+0x1ab/0x510 [ 56.912630][ T8449] _raw_spin_lock_irqsave+0x39/0x50 [ 56.918000][ T8449] input_event+0x7b/0xb0 [ 56.922307][ T8449] psmouse_report_standard_buttons+0x2c/0x80 [ 56.928566][ T8449] psmouse_process_byte+0x1e1/0x890 [ 56.933959][ T8449] psmouse_handle_byte+0x41/0x1b0 [ 56.939176][ T8449] psmouse_interrupt+0x304/0xf00 [ 56.944425][ T8449] serio_interrupt+0x88/0x150 [ 56.949352][ T8449] i8042_interrupt+0x27a/0x520 [ 56.954210][ T8449] __handle_irq_event_percpu+0x303/0x8f0 [ 56.959929][ T8449] handle_irq_event+0x102/0x280 [ 56.964856][ T8449] handle_edge_irq+0x25f/0xd00 [ 56.969695][ T8449] __common_interrupt+0x9d/0x210 [ 56.974721][ T8449] common_interrupt+0x9f/0xd0 [ 56.980080][ T8449] asm_common_interrupt+0x1e/0x40 [ 56.985188][ T8449] acpi_idle_do_entry+0x1c6/0x250 [ 56.990365][ T8449] acpi_idle_enter+0x361/0x500 [ 56.995298][ T8449] cpuidle_enter_state+0x1b1/0xc80 [ 57.000688][ T8449] cpuidle_enter+0x4a/0xa0 [ 57.005548][ T8449] do_idle+0x3e8/0x590 [ 57.009744][ T8449] cpu_startup_entry+0x14/0x20 [ 57.014686][ T8449] start_secondary+0x265/0x340 [ 57.019523][ T8449] secondary_startup_64_no_verify+0xb0/0xbb [ 57.025486][ T8449] [ 57.025486][ T8449] to a HARDIRQ-irq-unsafe lock: [ 57.032486][ T8449] (&f->f_owner.lock){.+.+}-{2:2} [ 57.032507][ T8449] [ 57.032507][ T8449] ... which became HARDIRQ-irq-unsafe at: [ 57.045360][ T8449] ... [ 57.045368][ T8449] lock_acquire+0x1ab/0x510 [ 57.052500][ T8449] _raw_read_lock+0x5b/0x70 [ 57.057080][ T8449] do_fcntl+0x8af/0x1210 [ 57.061414][ T8449] __x64_sys_fcntl+0x165/0x1e0 [ 57.066350][ T8449] do_syscall_64+0x35/0xb0 [ 57.070842][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.077165][ T8449] [ 57.077165][ T8449] other info that might help us debug this: [ 57.077165][ T8449] [ 57.087386][ T8449] Chain exists of: [ 57.087386][ T8449] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 57.087386][ T8449] [ 57.100420][ T8449] Possible interrupt unsafe locking scenario: [ 57.100420][ T8449] [ 57.108744][ T8449] CPU0 CPU1 [ 57.114108][ T8449] ---- ---- [ 57.119469][ T8449] lock(&f->f_owner.lock); [ 57.124226][ T8449] local_irq_disable(); [ 57.130963][ T8449] lock(&dev->event_lock); [ 57.137986][ T8449] lock(&new->fa_lock); [ 57.144821][ T8449] [ 57.148258][ T8449] lock(&dev->event_lock); [ 57.153007][ T8449] [ 57.153007][ T8449] *** DEADLOCK *** [ 57.153007][ T8449] [ 57.161158][ T8449] 8 locks held by syz-executor045/8449: [ 57.166696][ T8449] #0: ffff888021c55110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 57.175996][ T8449] #1: ffff888146c6c230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xa6/0x320 [ 57.186109][ T8449] #2: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x320 [ 57.196096][ T8449] #3: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 57.206456][ T8449] #4: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 [ 57.215628][ T8449] #5: ffff88802f6ac028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 57.226962][ T8449] #6: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 [ 57.236157][ T8449] #7: ffff888015f52018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x132/0x460 [ 57.245303][ T8449] [ 57.245303][ T8449] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 57.255692][ T8449] -> (&dev->event_lock){-...}-{2:2} { [ 57.261253][ T8449] IN-HARDIRQ-W at: [ 57.265385][ T8449] lock_acquire+0x1ab/0x510 [ 57.271867][ T8449] _raw_spin_lock_irqsave+0x39/0x50 [ 57.279049][ T8449] input_event+0x7b/0xb0 [ 57.286551][ T8449] psmouse_report_standard_buttons+0x2c/0x80 [ 57.294758][ T8449] psmouse_process_byte+0x1e1/0x890 [ 57.302696][ T8449] psmouse_handle_byte+0x41/0x1b0 [ 57.309924][ T8449] psmouse_interrupt+0x304/0xf00 [ 57.317618][ T8449] serio_interrupt+0x88/0x150 [ 57.324824][ T8449] i8042_interrupt+0x27a/0x520 [ 57.332004][ T8449] __handle_irq_event_percpu+0x303/0x8f0 [ 57.340110][ T8449] handle_irq_event+0x102/0x280 [ 57.346980][ T8449] handle_edge_irq+0x25f/0xd00 [ 57.353727][ T8449] __common_interrupt+0x9d/0x210 [ 57.360752][ T8449] common_interrupt+0x9f/0xd0 [ 57.367633][ T8449] asm_common_interrupt+0x1e/0x40 [ 57.374737][ T8449] acpi_idle_do_entry+0x1c6/0x250 [ 57.381841][ T8449] acpi_idle_enter+0x361/0x500 [ 57.388689][ T8449] cpuidle_enter_state+0x1b1/0xc80 [ 57.395793][ T8449] cpuidle_enter+0x4a/0xa0 [ 57.402191][ T8449] do_idle+0x3e8/0x590 [ 57.408252][ T8449] cpu_startup_entry+0x14/0x20 [ 57.414997][ T8449] start_secondary+0x265/0x340 [ 57.421831][ T8449] secondary_startup_64_no_verify+0xb0/0xbb [ 57.429711][ T8449] INITIAL USE at: [ 57.433758][ T8449] lock_acquire+0x1ab/0x510 [ 57.440671][ T8449] _raw_spin_lock_irqsave+0x39/0x50 [ 57.447770][ T8449] input_inject_event+0xa6/0x320 [ 57.454601][ T8449] led_set_brightness_nosleep+0xe6/0x1a0 [ 57.462230][ T8449] led_set_brightness+0x134/0x170 [ 57.469167][ T8449] led_trigger_event+0x75/0xd0 [ 57.475832][ T8449] kbd_led_trigger_activate+0xc9/0x100 [ 57.483810][ T8449] led_trigger_set+0x61e/0xbd0 [ 57.490642][ T8449] led_trigger_set_default+0x1a6/0x230 [ 57.497999][ T8449] led_classdev_register_ext+0x5b1/0x7c0 [ 57.505526][ T8449] input_leds_connect+0x4bd/0x860 [ 57.512442][ T8449] input_attach_handler+0x180/0x1f0 [ 57.519535][ T8449] input_register_device.cold+0xf0/0x304 [ 57.527233][ T8449] atkbd_connect+0x739/0xa00 [ 57.533890][ T8449] serio_driver_probe+0x72/0xa0 [ 57.541069][ T8449] really_probe+0x23c/0xcd0 [ 57.547573][ T8449] __driver_probe_device+0x338/0x4d0 [ 57.554758][ T8449] driver_probe_device+0x4c/0x1a0 [ 57.561934][ T8449] __driver_attach+0x22d/0x4e0 [ 57.568700][ T8449] bus_for_each_dev+0x147/0x1d0 [ 57.575446][ T8449] serio_handle_event+0x5f6/0xa30 [ 57.582371][ T8449] process_one_work+0x98d/0x1630 [ 57.589505][ T8449] worker_thread+0x658/0x11f0 [ 57.596090][ T8449] kthread+0x3e5/0x4d0 [ 57.602061][ T8449] ret_from_fork+0x1f/0x30 [ 57.608371][ T8449] } [ 57.611039][ T8449] ... key at: [] __key.8+0x0/0x40 [ 57.618320][ T8449] -> (&client->buffer_lock){....}-{2:2} { [ 57.624116][ T8449] INITIAL USE at: [ 57.628073][ T8449] lock_acquire+0x1ab/0x510 [ 57.634294][ T8449] _raw_spin_lock+0x2a/0x40 [ 57.640520][ T8449] evdev_pass_values.part.0+0xf6/0x970 [ 57.648389][ T8449] evdev_events+0x359/0x3e0 [ 57.654786][ T8449] input_to_handler+0x2a0/0x4c0 [ 57.661354][ T8449] input_pass_values.part.0+0x230/0x710 [ 57.668620][ T8449] input_handle_event+0x373/0x1440 [ 57.675528][ T8449] input_inject_event+0x1bd/0x320 [ 57.682351][ T8449] evdev_write+0x430/0x760 [ 57.688480][ T8449] vfs_write+0x28e/0xa40 [ 57.694523][ T8449] ksys_write+0x1ee/0x250 [ 57.700561][ T8449] do_syscall_64+0x35/0xb0 [ 57.706695][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.714469][ T8449] } [ 57.717035][ T8449] ... key at: [] __key.4+0x0/0x40 [ 57.724426][ T8449] ... acquired at: [ 57.728292][ T8449] _raw_spin_lock+0x2a/0x40 [ 57.733729][ T8449] evdev_pass_values.part.0+0xf6/0x970 [ 57.739526][ T8449] evdev_events+0x359/0x3e0 [ 57.744273][ T8449] input_to_handler+0x2a0/0x4c0 [ 57.749448][ T8449] input_pass_values.part.0+0x230/0x710 [ 57.755381][ T8449] input_handle_event+0x373/0x1440 [ 57.760641][ T8449] input_inject_event+0x1bd/0x320 [ 57.765814][ T8449] evdev_write+0x430/0x760 [ 57.770380][ T8449] vfs_write+0x28e/0xa40 [ 57.774788][ T8449] ksys_write+0x1ee/0x250 [ 57.779289][ T8449] do_syscall_64+0x35/0xb0 [ 57.783889][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.789961][ T8449] [ 57.792550][ T8449] -> (&new->fa_lock){....}-{2:2} { [ 57.797660][ T8449] INITIAL READ USE at: [ 57.801981][ T8449] lock_acquire+0x1ab/0x510 [ 57.808559][ T8449] _raw_read_lock+0x5b/0x70 [ 57.815234][ T8449] kill_fasync+0x132/0x460 [ 57.821634][ T8449] evdev_pass_values.part.0+0x64e/0x970 [ 57.829164][ T8449] evdev_events+0x359/0x3e0 [ 57.835650][ T8449] input_to_handler+0x2a0/0x4c0 [ 57.842477][ T8449] input_pass_values.part.0+0x230/0x710 [ 57.850005][ T8449] input_handle_event+0x373/0x1440 [ 57.857175][ T8449] input_inject_event+0x1bd/0x320 [ 57.864294][ T8449] evdev_write+0x430/0x760 [ 57.870705][ T8449] vfs_write+0x28e/0xa40 [ 57.877012][ T8449] ksys_write+0x1ee/0x250 [ 57.883466][ T8449] do_syscall_64+0x35/0xb0 [ 57.891638][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.899537][ T8449] } [ 57.902019][ T8449] ... key at: [] __key.0+0x0/0x40 [ 57.909214][ T8449] ... acquired at: [ 57.912996][ T8449] _raw_read_lock+0x5b/0x70 [ 57.917653][ T8449] kill_fasync+0x132/0x460 [ 57.922236][ T8449] evdev_pass_values.part.0+0x64e/0x970 [ 57.927936][ T8449] evdev_events+0x359/0x3e0 [ 57.932610][ T8449] input_to_handler+0x2a0/0x4c0 [ 57.937621][ T8449] input_pass_values.part.0+0x230/0x710 [ 57.943329][ T8449] input_handle_event+0x373/0x1440 [ 57.948678][ T8449] input_inject_event+0x1bd/0x320 [ 57.953875][ T8449] evdev_write+0x430/0x760 [ 57.958530][ T8449] vfs_write+0x28e/0xa40 [ 57.962942][ T8449] ksys_write+0x1ee/0x250 [ 57.967804][ T8449] do_syscall_64+0x35/0xb0 [ 57.972375][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.979049][ T8449] [ 57.981355][ T8449] [ 57.981355][ T8449] the dependencies between the lock to be acquired [ 57.981360][ T8449] and HARDIRQ-irq-unsafe lock: [ 57.994860][ T8449] -> (&f->f_owner.lock){.+.+}-{2:2} { [ 58.000394][ T8449] HARDIRQ-ON-R at: [ 58.004345][ T8449] lock_acquire+0x1ab/0x510 [ 58.010474][ T8449] _raw_read_lock+0x5b/0x70 [ 58.016622][ T8449] do_fcntl+0x8af/0x1210 [ 58.022499][ T8449] __x64_sys_fcntl+0x165/0x1e0 [ 58.029069][ T8449] do_syscall_64+0x35/0xb0 [ 58.035115][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 58.042900][ T8449] SOFTIRQ-ON-R at: [ 58.046863][ T8449] lock_acquire+0x1ab/0x510 [ 58.053185][ T8449] _raw_read_lock+0x5b/0x70 [ 58.059333][ T8449] do_fcntl+0x8af/0x1210 [ 58.065396][ T8449] __x64_sys_fcntl+0x165/0x1e0 [ 58.071882][ T8449] do_syscall_64+0x35/0xb0 [ 58.078011][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 58.085532][ T8449] INITIAL READ USE at: [ 58.089834][ T8449] lock_acquire+0x1ab/0x510 [ 58.096398][ T8449] _raw_read_lock+0x5b/0x70 [ 58.102877][ T8449] do_fcntl+0x8af/0x1210 [ 58.109107][ T8449] __x64_sys_fcntl+0x165/0x1e0 [ 58.115854][ T8449] do_syscall_64+0x35/0xb0 [ 58.122264][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 58.130153][ T8449] } [ 58.132626][ T8449] ... key at: [] __key.5+0x0/0x40 [ 58.139708][ T8449] ... acquired at: [ 58.143483][ T8449] lock_acquire+0x1ab/0x510 [ 58.148136][ T8449] _raw_read_lock_irqsave+0x70/0x90 [ 58.153484][ T8449] send_sigio+0x24/0x380 [ 58.157961][ T8449] kill_fasync+0x1ec/0x460 [ 58.162526][ T8449] evdev_pass_values.part.0+0x64e/0x970 [ 58.168225][ T8449] evdev_events+0x359/0x3e0 [ 58.172874][ T8449] input_to_handler+0x2a0/0x4c0 [ 58.177880][ T8449] input_pass_values.part.0+0x230/0x710 [ 58.183853][ T8449] input_handle_event+0x373/0x1440 [ 58.189129][ T8449] input_inject_event+0x1bd/0x320 [ 58.194494][ T8449] evdev_write+0x430/0x760 [ 58.199060][ T8449] vfs_write+0x28e/0xa40 [ 58.203479][ T8449] ksys_write+0x1ee/0x250 [ 58.208064][ T8449] do_syscall_64+0x35/0xb0 [ 58.212823][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 58.218871][ T8449] [ 58.221172][ T8449] [ 58.221172][ T8449] stack backtrace: [ 58.227053][ T8449] CPU: 0 PID: 8449 Comm: syz-executor045 Not tainted 5.14.0-rc2-syzkaller #0 [ 58.236076][ T8449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.246718][ T8449] Call Trace: [ 58.250139][ T8449] dump_stack_lvl+0xcd/0x134 [ 58.254729][ T8449] check_irq_usage.cold+0x4c1/0x6b0 [ 58.259911][ T8449] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 58.267238][ T8449] ? kernel_text_address+0xbd/0xf0 [ 58.272478][ T8449] ? check_path.constprop.0+0x24/0x50 [ 58.277853][ T8449] ? register_lock_class+0xb7/0x10c0 [ 58.283206][ T8449] ? stack_trace_save+0x8c/0xc0 [ 58.288820][ T8449] ? lockdep_lock+0xc6/0x200 [ 58.294614][ T8449] ? call_rcu_zapped+0xb0/0xb0 [ 58.299360][ T8449] __lock_acquire+0x2a1f/0x54a0 [ 58.304282][ T8449] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 58.310504][ T8449] lock_acquire+0x1ab/0x510 [ 58.315252][ T8449] ? send_sigio+0x24/0x380 [ 58.319862][ T8449] ? lock_release+0x720/0x720 [ 58.324536][ T8449] ? lock_release+0x720/0x720 [ 58.329218][ T8449] ? lock_release+0x720/0x720 [ 58.334010][ T8449] _raw_read_lock_irqsave+0x70/0x90 [ 58.339314][ T8449] ? send_sigio+0x24/0x380 [ 58.344628][ T8449] send_sigio+0x24/0x380 [ 58.349393][ T8449] kill_fasync+0x1ec/0x460 [ 58.353821][ T8449] evdev_pass_values.part.0+0x64e/0x970 [ 58.360057][ T8449] ? evdev_release+0x410/0x410 [ 58.364809][ T8449] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 58.370630][ T8449] evdev_events+0x359/0x3e0 [ 58.375422][ T8449] ? evdev_pass_values.part.0+0x970/0x970 [ 58.381237][ T8449] input_to_handler+0x2a0/0x4c0 [ 58.386100][ T8449] input_pass_values.part.0+0x230/0x710 [ 58.391630][ T8449] input_handle_event+0x373/0x1440 [ 58.396722][ T8449] input_inject_event+0x1bd/0x320 [ 58.402071][ T8449] evdev_write+0x430/0x760 [ 58.406468][ T8449] ? evdev_read+0xe40/0xe40 [ 58.411125][ T8449] ? security_file_permission+0x248/0x560 [ 58.416826][ T8449] ? evdev_read+0xe40/0xe40 [ 58.421412][ T8449] vfs_write+0x28e/0xa40 [ 58.425826][ T8449] ksys_write+0x1ee/0x250 [ 58.430256][ T8449] ? __ia32_sys_read+0xb0/0xb0 [ 58.434999][ T8449] ? syscall_enter_from_user_mode+0x21/0x70 [ 58.440892][ T8449] do_syscall_64+0x35/0xb0 [ 58.445337][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 58.451221][ T8449] RIP: 0033:0x443579 [ 58.455973][ T8449] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 58.475764][ T8449] RSP: 002b:00007ffd567bf798 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 58.484195][ T8449] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000443579 [ 58.492273][ T8449] RDX: 00000000000002b8 RSI: 0000000020000040 RDI: 0000000000000004 [ 58.500583][ T8449] RBP: 0000000000403120 R08: 00000000004004a0 R09: 00000000004004a0 [ 58.509587][ T8449] R10: 00000000004004a0 R11: 0000000000000246 R1