[ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. Starting Load/Save RF Kill Switch Status... [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 56.401489][ T8435] [ 56.404504][ T8435] ======================================================== [ 56.411856][ T8435] WARNING: possible irq lock inversion dependency detected [ 56.419440][ T8435] 5.13.0-rc2-syzkaller #0 Not tainted [ 56.424786][ T8435] -------------------------------------------------------- [ 56.432321][ T8435] syz-executor274/8435 just changed the state of lock: [ 56.439151][ T8435] ffff888014b9f7b8 (&f->f_owner.lock){.+..}-{2:2}, at: f_getown+0x23/0x2a0 [ 56.448002][ T8435] but this lock was taken by another, HARDIRQ-safe lock in the past: [ 56.456307][ T8435] (&dev->event_lock){-...}-{2:2} [ 56.456327][ T8435] [ 56.456327][ T8435] [ 56.456327][ T8435] and interrupts could create inverse lock ordering between them. [ 56.456327][ T8435] [ 56.475864][ T8435] [ 56.475864][ T8435] other info that might help us debug this: [ 56.484159][ T8435] Chain exists of: [ 56.484159][ T8435] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 56.484159][ T8435] [ 56.497342][ T8435] Possible interrupt unsafe locking scenario: [ 56.497342][ T8435] [ 56.505907][ T8435] CPU0 CPU1 [ 56.511252][ T8435] ---- ---- [ 56.516691][ T8435] lock(&f->f_owner.lock); [ 56.521174][ T8435] local_irq_disable(); [ 56.527907][ T8435] lock(&dev->event_lock); [ 56.534923][ T8435] lock(&new->fa_lock); [ 56.541859][ T8435] [ 56.545288][ T8435] lock(&dev->event_lock); [ 56.550029][ T8435] [ 56.550029][ T8435] *** DEADLOCK *** [ 56.550029][ T8435] [ 56.558146][ T8435] no locks held by syz-executor274/8435. [ 56.563753][ T8435] [ 56.563753][ T8435] the shortest dependencies between 2nd lock and 1st lock: [ 56.573214][ T8435] -> (&dev->event_lock){-...}-{2:2} { [ 56.579053][ T8435] IN-HARDIRQ-W at: [ 56.583865][ T8435] lock_acquire+0x1ab/0x740 [ 56.590733][ T8435] _raw_spin_lock_irqsave+0x39/0x50 [ 56.598757][ T8435] input_event+0x7b/0xb0 [ 56.605384][ T8435] psmouse_report_standard_buttons+0x2c/0x80 [ 56.613703][ T8435] psmouse_process_byte+0x1e1/0x890 [ 56.621065][ T8435] psmouse_handle_byte+0x41/0x1b0 [ 56.628254][ T8435] psmouse_interrupt+0x304/0xf00 [ 56.635361][ T8435] serio_interrupt+0x88/0x150 [ 56.642279][ T8435] i8042_interrupt+0x27a/0x520 [ 56.649544][ T8435] __handle_irq_event_percpu+0x303/0x8f0 [ 56.657324][ T8435] handle_irq_event+0x102/0x290 [ 56.664318][ T8435] handle_edge_irq+0x25f/0xd00 [ 56.671230][ T8435] __common_interrupt+0x9e/0x200 [ 56.678317][ T8435] common_interrupt+0x9f/0xd0 [ 56.685146][ T8435] asm_common_interrupt+0x1e/0x40 [ 56.692317][ T8435] _raw_spin_unlock_irqrestore+0x38/0x70 [ 56.700153][ T8435] i8042_command+0x12e/0x150 [ 56.706960][ T8435] i8042_aux_write+0xd7/0x120 [ 56.713782][ T8435] ps2_do_sendbyte+0x2cf/0x720 [ 56.720694][ T8435] ps2_sendbyte+0x58/0x150 [ 56.727258][ T8435] cypress_ps2_sendbyte+0x2e/0x160 [ 56.734517][ T8435] cypress_send_ext_cmd+0x1d0/0x8e0 [ 56.741863][ T8435] cypress_detect+0x75/0x190 [ 56.748604][ T8435] psmouse_try_protocol+0x211/0x370 [ 56.755954][ T8435] psmouse_extensions+0x557/0x930 [ 56.763130][ T8435] psmouse_switch_protocol+0x52a/0x740 [ 56.770740][ T8435] psmouse_connect+0x5e9/0xfd0 [ 56.777654][ T8435] serio_driver_probe+0x72/0xa0 [ 56.784654][ T8435] really_probe+0x291/0xf60 [ 56.791305][ T8435] driver_probe_device+0x298/0x410 [ 56.798566][ T8435] device_driver_attach+0x228/0x290 [ 56.805914][ T8435] __driver_attach+0x190/0x340 [ 56.812824][ T8435] bus_for_each_dev+0x147/0x1d0 [ 56.819826][ T8435] serio_handle_event+0x5f6/0xa30 [ 56.827004][ T8435] process_one_work+0x98d/0x1600 [ 56.834367][ T8435] worker_thread+0x64c/0x1120 [ 56.841190][ T8435] kthread+0x3b1/0x4a0 [ 56.847423][ T8435] ret_from_fork+0x1f/0x30 [ 56.854007][ T8435] INITIAL USE at: [ 56.858135][ T8435] lock_acquire+0x1ab/0x740 [ 56.864703][ T8435] _raw_spin_lock_irqsave+0x39/0x50 [ 56.871968][ T8435] input_inject_event+0xa6/0x310 [ 56.878989][ T8435] led_set_brightness_nosleep+0xe6/0x1a0 [ 56.886688][ T8435] led_set_brightness+0x134/0x170 [ 56.893775][ T8435] led_trigger_event+0x75/0xd0 [ 56.900601][ T8435] kbd_led_trigger_activate+0xc9/0x100 [ 56.908124][ T8435] led_trigger_set+0x61e/0xbd0 [ 56.914951][ T8435] led_trigger_set_default+0x1a6/0x230 [ 56.922469][ T8435] led_classdev_register_ext+0x5b1/0x7c0 [ 56.930164][ T8435] input_leds_connect+0x4bd/0x860 [ 56.937250][ T8435] input_attach_handler+0x180/0x1f0 [ 56.944511][ T8435] input_register_device.cold+0xf0/0x307 [ 56.952476][ T8435] atkbd_connect+0x739/0xa10 [ 56.959308][ T8435] serio_driver_probe+0x72/0xa0 [ 56.966396][ T8435] really_probe+0x291/0xf60 [ 56.972960][ T8435] driver_probe_device+0x298/0x410 [ 56.980307][ T8435] device_driver_attach+0x228/0x290 [ 56.987585][ T8435] __driver_attach+0x190/0x340 [ 56.994410][ T8435] bus_for_each_dev+0x147/0x1d0 [ 57.001335][ T8435] serio_handle_event+0x5f6/0xa30 [ 57.008422][ T8435] process_one_work+0x98d/0x1600 [ 57.015515][ T8435] worker_thread+0x64c/0x1120 [ 57.022253][ T8435] kthread+0x3b1/0x4a0 [ 57.028395][ T8435] ret_from_fork+0x1f/0x30 [ 57.034973][ T8435] } [ 57.037708][ T8435] ... key at: [] __key.8+0x0/0x40 [ 57.045068][ T8435] ... acquired at: [ 57.049120][ T8435] _raw_spin_lock+0x2a/0x40 [ 57.053788][ T8435] evdev_pass_values.part.0+0xf6/0x970 [ 57.059401][ T8435] evdev_events+0x28b/0x3f0 [ 57.064052][ T8435] input_to_handler+0x2a0/0x4c0 [ 57.069053][ T8435] input_pass_values.part.0+0x284/0x700 [ 57.074749][ T8435] input_handle_event+0x373/0x1440 [ 57.080016][ T8435] input_inject_event+0x2f5/0x310 [ 57.085190][ T8435] evdev_write+0x430/0x760 [ 57.089754][ T8435] vfs_write+0x28e/0xa30 [ 57.094146][ T8435] ksys_write+0x1ee/0x250 [ 57.098622][ T8435] do_syscall_64+0x3a/0xb0 [ 57.103191][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.109234][ T8435] [ 57.111532][ T8435] -> (&client->buffer_lock){....}-{2:2} { [ 57.117408][ T8435] INITIAL USE at: [ 57.121448][ T8435] lock_acquire+0x1ab/0x740 [ 57.127842][ T8435] _raw_spin_lock+0x2a/0x40 [ 57.134232][ T8435] evdev_pass_values.part.0+0xf6/0x970 [ 57.141662][ T8435] evdev_events+0x28b/0x3f0 [ 57.148148][ T8435] input_to_handler+0x2a0/0x4c0 [ 57.154990][ T8435] input_pass_values.part.0+0x284/0x700 [ 57.162423][ T8435] input_handle_event+0x373/0x1440 [ 57.169428][ T8435] input_inject_event+0x2f5/0x310 [ 57.176343][ T8435] evdev_write+0x430/0x760 [ 57.182648][ T8435] vfs_write+0x28e/0xa30 [ 57.188788][ T8435] ksys_write+0x1ee/0x250 [ 57.195007][ T8435] do_syscall_64+0x3a/0xb0 [ 57.201312][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.209093][ T8435] } [ 57.211761][ T8435] ... key at: [] __key.4+0x0/0x40 [ 57.219026][ T8435] ... acquired at: [ 57.222977][ T8435] _raw_read_lock+0x5b/0x70 [ 57.227637][ T8435] kill_fasync+0x14b/0x460 [ 57.232209][ T8435] evdev_pass_values.part.0+0x64e/0x970 [ 57.237903][ T8435] evdev_events+0x28b/0x3f0 [ 57.242554][ T8435] input_to_handler+0x2a0/0x4c0 [ 57.247556][ T8435] input_pass_values.part.0+0x284/0x700 [ 57.253257][ T8435] input_handle_event+0x373/0x1440 [ 57.258523][ T8435] input_inject_event+0x2f5/0x310 [ 57.263702][ T8435] evdev_write+0x430/0x760 [ 57.268284][ T8435] vfs_write+0x28e/0xa30 [ 57.272678][ T8435] ksys_write+0x1ee/0x250 [ 57.277154][ T8435] do_syscall_64+0x3a/0xb0 [ 57.281720][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.287766][ T8435] [ 57.290064][ T8435] -> (&new->fa_lock){....}-{2:2} { [ 57.295260][ T8435] INITIAL READ USE at: [ 57.299648][ T8435] lock_acquire+0x1ab/0x740 [ 57.306310][ T8435] _raw_read_lock+0x5b/0x70 [ 57.313484][ T8435] kill_fasync+0x14b/0x460 [ 57.320053][ T8435] evdev_pass_values.part.0+0x64e/0x970 [ 57.327751][ T8435] evdev_events+0x28b/0x3f0 [ 57.334577][ T8435] input_to_handler+0x2a0/0x4c0 [ 57.341593][ T8435] input_pass_values.part.0+0x284/0x700 [ 57.349309][ T8435] input_handle_event+0x373/0x1440 [ 57.356831][ T8435] input_inject_event+0x2f5/0x310 [ 57.364006][ T8435] evdev_write+0x430/0x760 [ 57.370572][ T8435] vfs_write+0x28e/0xa30 [ 57.376962][ T8435] ksys_write+0x1ee/0x250 [ 57.383437][ T8435] do_syscall_64+0x3a/0xb0 [ 57.390279][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.398320][ T8435] } [ 57.400893][ T8435] ... key at: [] __key.0+0x0/0x40 [ 57.408083][ T8435] ... acquired at: [ 57.411959][ T8435] _raw_read_lock_irqsave+0x70/0x90 [ 57.417308][ T8435] send_sigio+0x24/0x370 [ 57.421704][ T8435] kill_fasync+0x205/0x460 [ 57.426270][ T8435] evdev_pass_values.part.0+0x64e/0x970 [ 57.431967][ T8435] evdev_events+0x28b/0x3f0 [ 57.436616][ T8435] input_to_handler+0x2a0/0x4c0 [ 57.441617][ T8435] input_pass_values.part.0+0x284/0x700 [ 57.447314][ T8435] input_handle_event+0x373/0x1440 [ 57.452577][ T8435] input_inject_event+0x2f5/0x310 [ 57.457753][ T8435] evdev_write+0x430/0x760 [ 57.462317][ T8435] vfs_write+0x28e/0xa30 [ 57.466706][ T8435] ksys_write+0x1ee/0x250 [ 57.471183][ T8435] do_syscall_64+0x3a/0xb0 [ 57.475761][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.481801][ T8435] [ 57.484099][ T8435] -> (&f->f_owner.lock){.+..}-{2:2} { [ 57.489454][ T8435] HARDIRQ-ON-R at: [ 57.493408][ T8435] lock_acquire+0x1ab/0x740 [ 57.499543][ T8435] _raw_read_lock+0x5b/0x70 [ 57.505680][ T8435] f_getown+0x23/0x2a0 [ 57.511379][ T8435] sock_ioctl+0x4ba/0x6a0 [ 57.517340][ T8435] __x64_sys_ioctl+0x193/0x200 [ 57.523743][ T8435] do_syscall_64+0x3a/0xb0 [ 57.529785][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.537305][ T8435] INITIAL READ USE at: [ 57.541619][ T8435] lock_acquire+0x1ab/0x740 [ 57.548099][ T8435] _raw_read_lock_irqsave+0x70/0x90 [ 57.555274][ T8435] send_sigio+0x24/0x370 [ 57.561492][ T8435] kill_fasync+0x205/0x460 [ 57.567882][ T8435] evdev_pass_values.part.0+0x64e/0x970 [ 57.575402][ T8435] evdev_events+0x28b/0x3f0 [ 57.581876][ T8435] input_to_handler+0x2a0/0x4c0 [ 57.588713][ T8435] input_pass_values.part.0+0x284/0x700 [ 57.596513][ T8435] input_handle_event+0x373/0x1440 [ 57.603603][ T8435] input_inject_event+0x2f5/0x310 [ 57.610759][ T8435] evdev_write+0x430/0x760 [ 57.617150][ T8435] vfs_write+0x28e/0xa30 [ 57.623367][ T8435] ksys_write+0x1ee/0x250 [ 57.629672][ T8435] do_syscall_64+0x3a/0xb0 [ 57.636066][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.643931][ T8435] } [ 57.646402][ T8435] ... key at: [] __key.5+0x0/0x40 [ 57.653489][ T8435] ... acquired at: [ 57.657329][ T8435] __lock_acquire+0x120f/0x5230 [ 57.662399][ T8435] lock_acquire+0x1ab/0x740 [ 57.667051][ T8435] _raw_read_lock+0x5b/0x70 [ 57.672033][ T8435] f_getown+0x23/0x2a0 [ 57.676342][ T8435] sock_ioctl+0x4ba/0x6a0 [ 57.681378][ T8435] __x64_sys_ioctl+0x193/0x200 [ 57.686291][ T8435] do_syscall_64+0x3a/0xb0 [ 57.691119][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.697162][ T8435] [ 57.699462][ T8435] [ 57.699462][ T8435] stack backtrace: [ 57.705322][ T8435] CPU: 1 PID: 8435 Comm: syz-executor274 Not tainted 5.13.0-rc2-syzkaller #0 [ 57.714072][ T8435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.724103][ T8435] Call Trace: [ 57.727363][ T8435] dump_stack+0x141/0x1d7 [ 57.731678][ T8435] mark_lock.cold+0x1d/0x8e [ 57.736161][ T8435] ? lock_chain_count+0x20/0x20 [ 57.741007][ T8435] ? lock_chain_count+0x20/0x20 [ 57.745837][ T8435] ? find_held_lock+0x2d/0x110 [ 57.750580][ T8435] __lock_acquire+0x120f/0x5230 [ 57.755409][ T8435] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.761369][ T8435] ? tomoyo_path_number_perm+0x24e/0x590 [ 57.766982][ T8435] lock_acquire+0x1ab/0x740 [ 57.771487][ T8435] ? f_getown+0x23/0x2a0 [ 57.775724][ T8435] ? lock_release+0x720/0x720 [ 57.780553][ T8435] ? __might_fault+0xd3/0x180 [ 57.785297][ T8435] ? lock_downgrade+0x6e0/0x6e0 [ 57.790301][ T8435] _raw_read_lock+0x5b/0x70 [ 57.794786][ T8435] ? f_getown+0x23/0x2a0 [ 57.799011][ T8435] f_getown+0x23/0x2a0 [ 57.803158][ T8435] sock_ioctl+0x4ba/0x6a0 [ 57.807465][ T8435] ? vlan_ioctl_set+0x30/0x30 [ 57.812119][ T8435] ? lock_downgrade+0x6e0/0x6e0 [ 57.816947][ T8435] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 57.823166][ T8435] ? vlan_ioctl_set+0x30/0x30 [ 57.827817][ T8435] __x64_sys_ioctl+0x193/0x200 [ 57.832555][ T8435] do_syscall_64+0x3a/0xb0 [ 57.836950][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.842993][ T8435] RIP: 0033:0x443599 [ 57.846881][ T8435] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.866470][ T8435] RSP: 002b:00007fffccd0f478 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.874863][ T8435] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000443599 [ 57.882811][ T8435] RDX: 0000000000000000 RSI: 0000000000008904 RDI: 0000000000000004 [ 57.890760][ T8435] RBP: 0000000000403140 R08: 00000000004004a0 R09: 00000000004004a0 [ 57.898708][ T8435] R10: 00000000004004a0 R11: 0000000000000246 R12: 00000000004031d0 [ 57.906655][ T8435