[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. syzkaller login: [ 62.231264][ T6867] IPVS: ftp: loaded support on port[0] = 21 [ 62.346360][ T6867] chnl_net:caif_netlink_parms(): no params data found [ 62.418752][ T6867] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.427293][ T6867] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.438224][ T6867] device bridge_slave_0 entered promiscuous mode [ 62.448318][ T6867] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.457273][ T6867] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.466222][ T6867] device bridge_slave_1 entered promiscuous mode [ 62.499532][ T6867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.513532][ T6867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.544191][ T6867] team0: Port device team_slave_0 added [ 62.554945][ T6867] team0: Port device team_slave_1 added [ 62.577242][ T6867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.584332][ T6867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.613268][ T6867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.629106][ T6867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.636443][ T6867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.664364][ T6867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.694484][ T6867] device hsr_slave_0 entered promiscuous mode [ 62.702106][ T6867] device hsr_slave_1 entered promiscuous mode [ 62.786976][ T6867] debugfs: Directory 'ethtool' with parent 'netdevsim0' already present! [ 62.801423][ T6867] debugfs: Directory 'ethtool' with parent 'netdevsim0' already present! [ 62.816765][ T6867] debugfs: Directory 'ethtool' with parent 'netdevsim0' already present! [ 62.833641][ T6867] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.847041][ T6867] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.858345][ T6867] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.870467][ T6867] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.898121][ T6867] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.906268][ T6867] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.914916][ T6867] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.922446][ T6867] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.972151][ T6867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.986675][ T2646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.999653][ T2646] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.009369][ T2646] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.018845][ T2646] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 63.033152][ T6867] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.047059][ T2600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.058834][ T2600] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.066257][ T2600] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.078904][ T2646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.088432][ T2646] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.096194][ T2646] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.119993][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.129896][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.139081][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.156989][ T6867] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 63.169258][ T6867] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.182767][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.192002][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.200978][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.221262][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.229865][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.242902][ T6867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.263714][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 63.284649][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 63.294806][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 63.304093][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 63.317036][ T6867] device veth0_vlan entered promiscuous mode [ 63.330987][ T6867] device veth1_vlan entered promiscuous mode [ 63.356757][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 63.365369][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.380576][ T6867] device veth0_macvtap entered promiscuous mode [ 63.390938][ T6867] device veth1_macvtap entered promiscuous mode [ 63.409434][ T6867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.418416][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.429296][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.438402][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.448982][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.461372][ T6867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.470656][ T7076] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.480768][ T7076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.493152][ T6867] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 63.506475][ T6867] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.515528][ T6867] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.526629][ T6867] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.575677][ T6867] [ 63.578211][ T6867] ===================================================== [ 63.578217][ T6867] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 63.578224][ T6867] 5.9.0-rc6-next-20200924-syzkaller #0 Not tainted [ 63.578228][ T6867] ----------------------------------------------------- [ 63.578240][ T6867] syz-executor744/6867 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 63.578246][ T6867] ffff88809ab2fdf8 (&f->f_owner.lock){.+.+}-{2:2}, at: send_sigio+0x24/0x360 [ 63.578276][ T6867] [ 63.578276][ T6867] and this task is already holding: [ 63.578281][ T6867] ffff8880911de9f0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x14b/0x460 [ 63.578306][ T6867] which would create a new lock dependency: [ 63.578310][ T6867] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){.+.+}-{2:2} [ 63.578341][ T6867] [ 63.578341][ T6867] but this new dependency connects a HARDIRQ-irq-safe lock: [ 63.578344][ T6867] (&dev->event_lock){-...}-{2:2} [ 63.578358][ T6867] [ 63.578358][ T6867] ... which became HARDIRQ-irq-safe at: [ 63.578371][ T6867] lock_acquire+0x1f2/0xaa0 [ 63.578385][ T6867] _raw_spin_lock_irqsave+0x94/0xd0 [ 63.578398][ T6867] input_event+0x7b/0xb0 [ 63.578411][ T6867] psmouse_report_standard_buttons+0x2c/0x80 [ 63.578423][ T6867] psmouse_process_byte+0x1e1/0x890 [ 63.578434][ T6867] psmouse_handle_byte+0x41/0x1b0 [ 63.578446][ T6867] psmouse_interrupt+0x304/0xf00 [ 63.578455][ T6867] serio_interrupt+0x88/0x150 [ 63.578465][ T6867] i8042_interrupt+0x27a/0x520 [ 63.578483][ T6867] __handle_irq_event_percpu+0x20b/0x9e0 [ 63.738089][ T6867] handle_irq_event+0x102/0x290 [ 63.738099][ T6867] handle_edge_irq+0x25f/0xd00 [ 63.738111][ T6867] asm_call_on_stack+0xf/0x20 [ 63.738120][ T6867] common_interrupt+0x115/0x1f0 [ 63.738131][ T6867] asm_common_interrupt+0x1e/0x40 [ 63.738141][ T6867] native_safe_halt+0xe/0x10 [ 63.738156][ T6867] acpi_idle_do_entry+0x1e8/0x330 [ 63.738166][ T6867] acpi_idle_enter+0x35a/0x550 [ 63.738177][ T6867] cpuidle_enter_state+0x1ab/0xd20 [ 63.738186][ T6867] cpuidle_enter+0x4a/0xa0 [ 63.738197][ T6867] do_idle+0x48e/0x730 [ 63.738207][ T6867] cpu_startup_entry+0x14/0x20 [ 63.738217][ T6867] start_kernel+0x490/0x4b1 [ 63.738229][ T6867] secondary_startup_64_no_verify+0xa6/0xab [ 63.738235][ T6867] [ 63.738235][ T6867] to a HARDIRQ-irq-unsafe lock: [ 63.738239][ T6867] (&f->f_owner.lock){.+.+}-{2:2} [ 63.738255][ T6867] [ 63.738255][ T6867] ... which became HARDIRQ-irq-unsafe at: [ 63.738258][ T6867] ... [ 63.738270][ T6867] lock_acquire+0x1f2/0xaa0 [ 63.738281][ T6867] _raw_read_lock+0x5b/0x70 [ 63.738291][ T6867] send_sigurg+0x1e/0xac0 [ 63.738303][ T6867] sk_send_sigurg+0x76/0x300 [ 63.738315][ T6867] tcp_check_urg.isra.0+0x1f4/0x710 [ 63.738336][ T6867] tcp_rcv_established+0x106c/0x1e40 [ 63.864841][ T6867] tcp_v4_do_rcv+0x5d1/0x870 [ 63.869568][ T6867] __release_sock+0x134/0x3a0 [ 63.874627][ T6867] release_sock+0x54/0x1b0 [ 63.879278][ T6867] tcp_sendmsg+0x36/0x40 [ 63.883861][ T6867] inet_sendmsg+0x99/0xe0 [ 63.889550][ T6867] sock_sendmsg+0xcf/0x120 [ 63.894389][ T6867] __sys_sendto+0x21c/0x320 [ 63.899026][ T6867] __x64_sys_sendto+0xdd/0x1b0 [ 63.903963][ T6867] do_syscall_64+0x2d/0x70 [ 63.908474][ T6867] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.914475][ T6867] [ 63.914475][ T6867] other info that might help us debug this: [ 63.914475][ T6867] [ 63.924844][ T6867] Chain exists of: [ 63.924844][ T6867] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 63.924844][ T6867] [ 63.938218][ T6867] Possible interrupt unsafe locking scenario: [ 63.938218][ T6867] [ 63.946951][ T6867] CPU0 CPU1 [ 63.952464][ T6867] ---- ---- [ 63.958256][ T6867] lock(&f->f_owner.lock); [ 63.963029][ T6867] local_irq_disable(); [ 63.970185][ T6867] lock(&dev->event_lock); [ 63.977195][ T6867] lock(&new->fa_lock); [ 63.984037][ T6867] [ 63.987483][ T6867] lock(&dev->event_lock); [ 63.992146][ T6867] [ 63.992146][ T6867] *** DEADLOCK *** [ 63.992146][ T6867] [ 64.000845][ T6867] 8 locks held by syz-executor744/6867: [ 64.006465][ T6867] #0: ffff88809c488160 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1cd/0x750 [ 64.015581][ T6867] #1: ffff8880a5db8230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xa6/0x310 [ 64.025827][ T6867] #2: ffffffff8a553d40 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x310 [ 64.035686][ T6867] #3: ffffffff8a553d40 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x700 [ 64.046205][ T6867] #4: ffffffff8a553d40 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x55/0x330 [ 64.055331][ T6867] #5: ffff8880a9777028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0x195/0xa70 [ 64.066403][ T6867] #6: ffffffff8a553d40 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 [ 64.075737][ T6867] #7: ffff8880911de9f0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x14b/0x460 [ 64.085215][ T6867] [ 64.085215][ T6867] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 64.097397][ T6867] -> (&dev->event_lock){-...}-{2:2} { [ 64.103202][ T6867] IN-HARDIRQ-W at: [ 64.107359][ T6867] lock_acquire+0x1f2/0xaa0 [ 64.113915][ T6867] _raw_spin_lock_irqsave+0x94/0xd0 [ 64.121372][ T6867] input_event+0x7b/0xb0 [ 64.127913][ T6867] psmouse_report_standard_buttons+0x2c/0x80 [ 64.135878][ T6867] psmouse_process_byte+0x1e1/0x890 [ 64.143978][ T6867] psmouse_handle_byte+0x41/0x1b0 [ 64.152208][ T6867] psmouse_interrupt+0x304/0xf00 [ 64.159403][ T6867] serio_interrupt+0x88/0x150 [ 64.171338][ T6867] i8042_interrupt+0x27a/0x520 [ 64.178274][ T6867] __handle_irq_event_percpu+0x20b/0x9e0 [ 64.187137][ T6867] handle_irq_event+0x102/0x290 [ 64.194313][ T6867] handle_edge_irq+0x25f/0xd00 [ 64.201202][ T6867] asm_call_on_stack+0xf/0x20 [ 64.208031][ T6867] common_interrupt+0x115/0x1f0 [ 64.215402][ T6867] asm_common_interrupt+0x1e/0x40 [ 64.222414][ T6867] native_safe_halt+0xe/0x10 [ 64.229140][ T6867] acpi_idle_do_entry+0x1e8/0x330 [ 64.236257][ T6867] acpi_idle_enter+0x35a/0x550 [ 64.243132][ T6867] cpuidle_enter_state+0x1ab/0xd20 [ 64.250289][ T6867] cpuidle_enter+0x4a/0xa0 [ 64.256818][ T6867] do_idle+0x48e/0x730 [ 64.263000][ T6867] cpu_startup_entry+0x14/0x20 [ 64.269860][ T6867] start_kernel+0x490/0x4b1 [ 64.276594][ T6867] secondary_startup_64_no_verify+0xa6/0xab [ 64.285380][ T6867] INITIAL USE at: [ 64.289680][ T6867] lock_acquire+0x1f2/0xaa0 [ 64.297213][ T6867] _raw_spin_lock_irqsave+0x94/0xd0 [ 64.304771][ T6867] input_inject_event+0xa6/0x310 [ 64.311621][ T6867] led_set_brightness_nosleep+0xe6/0x1a0 [ 64.319802][ T6867] led_set_brightness+0x134/0x170 [ 64.327043][ T6867] led_trigger_event+0x70/0xd0 [ 64.334528][ T6867] kbd_led_trigger_activate+0xfa/0x130 [ 64.342202][ T6867] led_trigger_set+0x61e/0xbd0 [ 64.349214][ T6867] led_trigger_set_default+0x1a6/0x230 [ 64.358427][ T6867] led_classdev_register_ext+0x511/0x6a0 [ 64.368093][ T6867] input_leds_connect+0x3fb/0x740 [ 64.379402][ T6867] input_attach_handler+0x180/0x1f0 [ 64.387426][ T6867] input_register_device.cold+0xf0/0x243 [ 64.395398][ T6867] atkbd_connect+0x736/0x9d0 [ 64.402358][ T6867] serio_driver_probe+0x72/0xa0 [ 64.409551][ T6867] really_probe+0x282/0x9f0 [ 64.416289][ T6867] driver_probe_device+0xfe/0x1d0 [ 64.424428][ T6867] device_driver_attach+0x228/0x290 [ 64.431702][ T6867] __driver_attach+0xda/0x240 [ 64.438737][ T6867] bus_for_each_dev+0x147/0x1d0 [ 64.445753][ T6867] serio_handle_event+0x5f6/0xa30 [ 64.452793][ T6867] process_one_work+0x933/0x15a0 [ 64.460421][ T6867] worker_thread+0x64c/0x1120 [ 64.467595][ T6867] kthread+0x3af/0x4a0 [ 64.475620][ T6867] ret_from_fork+0x1f/0x30 [ 64.482544][ T6867] } [ 64.485478][ T6867] ... key at: [] __key.5+0x0/0x40 [ 64.495558][ T6867] ... acquired at: [ 64.499629][ T6867] _raw_spin_lock+0x2a/0x40 [ 64.506471][ T6867] evdev_pass_values+0x195/0xa70 [ 64.511893][ T6867] evdev_events+0x20c/0x330 [ 64.516745][ T6867] input_to_handler+0x2a0/0x4c0 [ 64.522239][ T6867] input_pass_values.part.0+0x284/0x700 [ 64.528036][ T6867] input_handle_event+0x324/0x1400 [ 64.533436][ T6867] input_inject_event+0x2f5/0x310 [ 64.538679][ T6867] evdev_write+0x424/0x750 [ 64.543269][ T6867] vfs_write+0x28e/0x700 [ 64.547677][ T6867] ksys_write+0x1ee/0x250 [ 64.552298][ T6867] do_syscall_64+0x2d/0x70 [ 64.556875][ T6867] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.562918][ T6867] [ 64.565227][ T6867] -> (&client->buffer_lock){....}-{2:2} { [ 64.571310][ T6867] INITIAL USE at: [ 64.575488][ T6867] lock_acquire+0x1f2/0xaa0 [ 64.581804][ T6867] _raw_spin_lock+0x2a/0x40 [ 64.588038][ T6867] evdev_pass_values+0x195/0xa70 [ 64.595083][ T6867] evdev_events+0x20c/0x330 [ 64.601446][ T6867] input_to_handler+0x2a0/0x4c0 [ 64.608563][ T6867] input_pass_values.part.0+0x284/0x700 [ 64.615835][ T6867] input_handle_event+0x324/0x1400 [ 64.622675][ T6867] input_inject_event+0x2f5/0x310 [ 64.629497][ T6867] evdev_write+0x424/0x750 [ 64.635648][ T6867] vfs_write+0x28e/0x700 [ 64.641614][ T6867] ksys_write+0x1ee/0x250 [ 64.647671][ T6867] do_syscall_64+0x2d/0x70 [ 64.654091][ T6867] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.661701][ T6867] } [ 64.664484][ T6867] ... key at: [] __key.4+0x0/0x40 [ 64.671916][ T6867] ... acquired at: [ 64.675891][ T6867] _raw_read_lock+0x5b/0x70 [ 64.680910][ T6867] kill_fasync+0x14b/0x460 [ 64.685601][ T6867] evdev_pass_values+0x72a/0xa70 [ 64.690756][ T6867] evdev_events+0x20c/0x330 [ 64.695856][ T6867] input_to_handler+0x2a0/0x4c0 [ 64.700928][ T6867] input_pass_values.part.0+0x284/0x700 [ 64.706744][ T6867] input_handle_event+0x324/0x1400 [ 64.712279][ T6867] input_inject_event+0x2f5/0x310 [ 64.717705][ T6867] evdev_write+0x424/0x750 [ 64.725274][ T6867] vfs_write+0x28e/0x700 [ 64.729862][ T6867] ksys_write+0x1ee/0x250 [ 64.734621][ T6867] do_syscall_64+0x2d/0x70 [ 64.739331][ T6867] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.745376][ T6867] [ 64.747742][ T6867] -> (&new->fa_lock){....}-{2:2} { [ 64.752970][ T6867] (null) at: [ 64.756450][ T6867] ================================================================================ [ 64.766732][ T6867] UBSAN: array-index-out-of-bounds in kernel/locking/lockdep.c:2240:40 [ 64.776713][ T6867] index 9 is out of range for type 'lock_trace *[9]' [ 64.783690][ T6867] CPU: 1 PID: 6867 Comm: syz-executor744 Not tainted 5.9.0-rc6-next-20200924-syzkaller #0 [ 64.793928][ T6867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.804769][ T6867] Call Trace: [ 64.808315][ T6867] dump_stack+0x198/0x1fb [ 64.813054][ T6867] ubsan_epilogue+0xb/0x5a [ 64.817474][ T6867] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 64.823755][ T6867] ? vprintk_func+0x95/0x1e0 [ 64.828792][ T6867] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 64.835834][ T6867] check_irq_usage.cold+0x45e/0x613 [ 64.842083][ T6867] ? print_shortest_lock_dependencies+0x80/0x80 [ 64.848762][ T6867] ? hlock_conflict+0x54/0x1f0 [ 64.854211][ T6867] ? __bfs+0x7a/0x5d0 [ 64.858268][ T6867] ? __pv_queued_spin_lock_slowpath+0x254/0xb40 [ 64.864593][ T6867] ? check_path.constprop.0+0x22/0x40 [ 64.869972][ T6867] ? alloc_chain_hlocks+0x230/0x770 [ 64.875321][ T6867] __lock_acquire+0x2873/0x56d0 [ 64.880222][ T6867] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 64.886195][ T6867] lock_acquire+0x1f2/0xaa0 [ 64.890904][ T6867] ? send_sigio+0x24/0x360 [ 64.895465][ T6867] ? lock_release+0x890/0x890 [ 64.900636][ T6867] ? kill_fasync+0x14b/0x460 [ 64.905561][ T6867] ? lock_release+0x890/0x890 [ 64.910468][ T6867] ? lock_release+0x890/0x890 [ 64.915634][ T6867] ? lock_release+0x890/0x890 [ 64.920783][ T6867] _raw_read_lock+0x5b/0x70 [ 64.925698][ T6867] ? send_sigio+0x24/0x360 [ 64.930289][ T6867] send_sigio+0x24/0x360 [ 64.935045][ T6867] kill_fasync+0x205/0x460 [ 64.940105][ T6867] evdev_pass_values+0x72a/0xa70 [ 64.945187][ T6867] ? evdev_read+0xe30/0xe30 [ 64.950121][ T6867] ? ktime_mono_to_any+0xb1/0xf0 [ 64.955107][ T6867] ? lock_is_held_type+0xbb/0xf0 [ 64.960256][ T6867] evdev_events+0x20c/0x330 [ 64.964844][ T6867] ? evdev_pass_values+0xa70/0xa70 [ 64.970657][ T6867] input_to_handler+0x2a0/0x4c0 [ 64.975600][ T6867] input_pass_values.part.0+0x284/0x700 [ 64.981182][ T6867] ? rwlock_bug.part.0+0x90/0x90 [ 64.986198][ T6867] input_handle_event+0x324/0x1400 [ 64.993648][ T6867] input_inject_event+0x2f5/0x310 [ 64.998796][ T6867] evdev_write+0x424/0x750 [ 65.003704][ T6867] ? evdev_event+0xc0/0xc0 [ 65.008388][ T6867] ? security_file_permission+0x248/0x560 [ 65.014423][ T6867] ? evdev_event+0xc0/0xc0 [ 65.019418][ T6867] vfs_write+0x28e/0x700 [ 65.023958][ T6867] ksys_write+0x1ee/0x250 [ 65.028620][ T6867] ? __ia32_sys_read+0xb0/0xb0 [ 65.033578][ T6867] ? check_preemption_disabled+0x50/0x130 [ 65.039416][ T6867] ? syscall_enter_from_user_mode+0x1d/0x60 [ 65.045538][ T6867] do_syscall_64+0x2d/0x70 [ 65.050330][ T6867] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.056562][ T6867] RIP: 0033:0x447909 [ 65.060570][ T6867] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb cf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 65.080527][ T6867] RSP: 002b:00007fffe6f13818 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 65.089140][ T6867] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000447909 [ 65.097471][ T6867] RDX: 0000000000000373 RSI: 0000000020000040 RDI: 0000000000000004 [ 65.105827][ T6867] RBP: 00007fffe6f13830 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 65.114349][ T6867] R10: 00000000bb1414ac R11: 0000000000000246 R12: 00007fffe6f13860 [ 65.122722][ T6867] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 65.131736][ T6867] ================================================================================ [ 65.141890][ T6867] Kernel panic - not syncing: panic_on_warn set ... [ 65.149920][ T6867] CPU: 1 PID: 6867 Comm: syz-executor744 Not tainted 5.9.0-rc6-next-20200924-syzkaller #0 [ 65.160867][ T6867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.172144][ T6867] Call Trace: [ 65.176812][ T6867] dump_stack+0x198/0x1fb [ 65.181303][ T6867] panic+0x382/0x7fb [ 65.185223][ T6867] ? __warn_printk+0xf3/0xf3 [ 65.189894][ T6867] ? ubsan_epilogue+0x3e/0x5a [ 65.195053][ T6867] ? ubsan_epilogue+0x35/0x5a [ 65.199955][ T6867] ubsan_epilogue+0x54/0x5a [ 65.205106][ T6867] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 65.211987][ T6867] ? vprintk_func+0x95/0x1e0 [ 65.216750][ T6867] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 65.227629][ T6867] check_irq_usage.cold+0x45e/0x613 [ 65.235849][ T6867] ? print_shortest_lock_dependencies+0x80/0x80 [ 65.242616][ T6867] ? hlock_conflict+0x54/0x1f0 [ 65.247399][ T6867] ? __bfs+0x7a/0x5d0 [ 65.251376][ T6867] ? __pv_queued_spin_lock_slowpath+0x254/0xb40 [ 65.257977][ T6867] ? check_path.constprop.0+0x22/0x40 [ 65.263492][ T6867] ? alloc_chain_hlocks+0x230/0x770 [ 65.268895][ T6867] __lock_acquire+0x2873/0x56d0 [ 65.274084][ T6867] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 65.280622][ T6867] lock_acquire+0x1f2/0xaa0 [ 65.285212][ T6867] ? send_sigio+0x24/0x360 [ 65.289622][ T6867] ? lock_release+0x890/0x890 [ 65.294324][ T6867] ? kill_fasync+0x14b/0x460 [ 65.298997][ T6867] ? lock_release+0x890/0x890 [ 65.303793][ T6867] ? lock_release+0x890/0x890 [ 65.308666][ T6867] ? lock_release+0x890/0x890 [ 65.313601][ T6867] _raw_read_lock+0x5b/0x70 [ 65.318095][ T6867] ? send_sigio+0x24/0x360 [ 65.322590][ T6867] send_sigio+0x24/0x360 [ 65.326907][ T6867] kill_fasync+0x205/0x460 [ 65.331423][ T6867] evdev_pass_values+0x72a/0xa70 [ 65.336469][ T6867] ? evdev_read+0xe30/0xe30 [ 65.341046][ T6867] ? ktime_mono_to_any+0xb1/0xf0 [ 65.346014][ T6867] ? lock_is_held_type+0xbb/0xf0 [ 65.351048][ T6867] evdev_events+0x20c/0x330 [ 65.355619][ T6867] ? evdev_pass_values+0xa70/0xa70 [ 65.360790][ T6867] input_to_handler+0x2a0/0x4c0 [ 65.365632][ T6867] input_pass_values.part.0+0x284/0x700 [ 65.371222][ T6867] ? rwlock_bug.part.0+0x90/0x90 [ 65.376152][ T6867] input_handle_event+0x324/0x1400 [ 65.381261][ T6867] input_inject_event+0x2f5/0x310 [ 65.386413][ T6867] evdev_write+0x424/0x750 [ 65.390938][ T6867] ? evdev_event+0xc0/0xc0 [ 65.395348][ T6867] ? security_file_permission+0x248/0x560 [ 65.401060][ T6867] ? evdev_event+0xc0/0xc0 [ 65.405466][ T6867] vfs_write+0x28e/0x700 [ 65.409693][ T6867] ksys_write+0x1ee/0x250 [ 65.414060][ T6867] ? __ia32_sys_read+0xb0/0xb0 [ 65.418814][ T6867] ? check_preemption_disabled+0x50/0x130 [ 65.424611][ T6867] ? syscall_enter_from_user_mode+0x1d/0x60 [ 65.430612][ T6867] do_syscall_64+0x2d/0x70 [ 65.435372][ T6867] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.441289][ T6867] RIP: 0033:0x447909 [ 65.445173][ T6867] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb cf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 65.465067][ T6867] RSP: 002b:00007fffe6f13818 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 65.473466][ T6867] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000447909 [ 65.481649][ T6867] RDX: 0000000000000373 RSI: 0000000020000040 RDI: 0000000000000004 [ 65.489908][ T6867] RBP: 00007fffe6f13830 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 65.497933][ T6867] R10: 00000000bb1414ac R11: 0000000000000246 R12: 00007fffe6f13860 [ 65.506108][ T6867] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 65.515969][ T6867] Kernel Offset: disabled [ 65.520296][ T6867] Rebooting in 86400 seconds..