[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.34' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.427859][ T8454] [ 52.430383][ T8454] ===================================================== [ 52.437279][ T8454] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 52.444700][ T8454] 5.14.0-rc6-syzkaller #0 Not tainted [ 52.450034][ T8454] ----------------------------------------------------- [ 52.457100][ T8454] syz-executor842/8454 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 52.465132][ T8454] ffff888025f1d038 (&f->f_owner.lock){.+.+}-{2:2}, at: send_sigio+0x24/0x380 [ 52.473890][ T8454] [ 52.473890][ T8454] and this task is already holding: [ 52.481218][ T8454] ffff888017ffe018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x132/0x460 [ 52.489875][ T8454] which would create a new lock dependency: [ 52.495730][ T8454] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){.+.+}-{2:2} [ 52.503802][ T8454] [ 52.503802][ T8454] but this new dependency connects a HARDIRQ-irq-safe lock: [ 52.513219][ T8454] (&dev->event_lock){-.-.}-{2:2} [ 52.513233][ T8454] [ 52.513233][ T8454] ... which became HARDIRQ-irq-safe at: [ 52.526240][ T8454] lock_acquire+0x1ab/0x510 [ 52.530801][ T8454] _raw_spin_lock_irqsave+0x39/0x50 [ 52.536063][ T8454] input_event+0x7b/0xb0 [ 52.540363][ T8454] psmouse_report_standard_buttons+0x2c/0x80 [ 52.546397][ T8454] psmouse_process_byte+0x1e1/0x890 [ 52.551648][ T8454] psmouse_handle_byte+0x41/0x1b0 [ 52.556729][ T8454] psmouse_interrupt+0x304/0xf00 [ 52.561720][ T8454] serio_interrupt+0x88/0x150 [ 52.566453][ T8454] i8042_interrupt+0x27a/0x520 [ 52.571274][ T8454] __handle_irq_event_percpu+0x303/0x8f0 [ 52.576965][ T8454] handle_irq_event+0x102/0x280 [ 52.581880][ T8454] handle_edge_irq+0x25f/0xd00 [ 52.586701][ T8454] __common_interrupt+0x9d/0x210 [ 52.591695][ T8454] common_interrupt+0x4c/0xd0 [ 52.596432][ T8454] asm_common_interrupt+0x1e/0x40 [ 52.601512][ T8454] unwind_next_frame+0x5ea/0x1ce0 [ 52.606595][ T8454] arch_stack_walk+0x7d/0xe0 [ 52.611239][ T8454] stack_trace_save+0x8c/0xc0 [ 52.615969][ T8454] kasan_save_stack+0x1b/0x40 [ 52.620703][ T8454] kasan_set_track+0x1c/0x30 [ 52.625347][ T8454] kasan_set_free_info+0x20/0x30 [ 52.630340][ T8454] __kasan_slab_free+0xfb/0x130 [ 52.635246][ T8454] slab_free_freelist_hook+0xdf/0x240 [ 52.640672][ T8454] kfree+0xe4/0x540 [ 52.644534][ T8454] security_cred_free+0xc3/0x130 [ 52.649528][ T8454] put_cred_rcu+0x122/0x520 [ 52.654084][ T8454] rcu_core+0x7ab/0x1380 [ 52.658384][ T8454] __do_softirq+0x29b/0x9c2 [ 52.662941][ T8454] __irq_exit_rcu+0x16e/0x1c0 [ 52.667678][ T8454] irq_exit_rcu+0x5/0x20 [ 52.671973][ T8454] sysvec_apic_timer_interrupt+0x93/0xc0 [ 52.677661][ T8454] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 52.683698][ T8454] lock_acquire+0x1ef/0x510 [ 52.688256][ T8454] fs_reclaim_acquire+0x117/0x160 [ 52.693340][ T8454] kmem_cache_alloc_trace+0x3b/0x3c0 [ 52.698768][ T8454] __v4l2_device_register_subdev_nodes+0x13f/0x690 [ 52.705324][ T8454] vimc_probe+0x9a8/0xd30 [ 52.709708][ T8454] platform_probe+0xfc/0x1f0 [ 52.714353][ T8454] really_probe+0x23c/0xcd0 [ 52.718917][ T8454] __driver_probe_device+0x338/0x4d0 [ 52.724256][ T8454] driver_probe_device+0x4c/0x1a0 [ 52.729337][ T8454] __driver_attach+0x22d/0x4e0 [ 52.734157][ T8454] bus_for_each_dev+0x147/0x1d0 [ 52.739065][ T8454] bus_add_driver+0x3a9/0x630 [ 52.743796][ T8454] driver_register+0x220/0x3a0 [ 52.748615][ T8454] vimc_init+0x54/0x97 [ 52.752741][ T8454] do_one_initcall+0x103/0x650 [ 52.757562][ T8454] kernel_init_freeable+0x6b8/0x741 [ 52.762817][ T8454] kernel_init+0x1a/0x1d0 [ 52.767206][ T8454] ret_from_fork+0x1f/0x30 [ 52.771674][ T8454] [ 52.771674][ T8454] to a HARDIRQ-irq-unsafe lock: [ 52.778655][ T8454] (&f->f_owner.lock){.+.+}-{2:2} [ 52.778670][ T8454] [ 52.778670][ T8454] ... which became HARDIRQ-irq-unsafe at: [ 52.791502][ T8454] ... [ 52.791506][ T8454] lock_acquire+0x1ab/0x510 [ 52.798610][ T8454] _raw_read_lock+0x5b/0x70 [ 52.803167][ T8454] do_fcntl+0x7c1/0x1210 [ 52.807466][ T8454] __x64_sys_fcntl+0x165/0x1e0 [ 52.812290][ T8454] do_syscall_64+0x35/0xb0 [ 52.816763][ T8454] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 52.822709][ T8454] [ 52.822709][ T8454] other info that might help us debug this: [ 52.822709][ T8454] [ 52.832992][ T8454] Chain exists of: [ 52.832992][ T8454] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 52.832992][ T8454] [ 52.845986][ T8454] Possible interrupt unsafe locking scenario: [ 52.845986][ T8454] [ 52.854273][ T8454] CPU0 CPU1 [ 52.859607][ T8454] ---- ---- [ 52.864940][ T8454] lock(&f->f_owner.lock); [ 52.869410][ T8454] local_irq_disable(); [ 52.876129][ T8454] lock(&dev->event_lock); [ 52.883117][ T8454] lock(&new->fa_lock); [ 52.889845][ T8454] [ 52.893266][ T8454] lock(&dev->event_lock); [ 52.897909][ T8454] [ 52.897909][ T8454] *** DEADLOCK *** [ 52.897909][ T8454] [ 52.906016][ T8454] 8 locks held by syz-executor842/8454: [ 52.911524][ T8454] #0: ffff888146851110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 52.920622][ T8454] #1: ffff888144792230 (&dev->event_lock){-.-.}-{2:2}, at: input_inject_event+0xa6/0x320 [ 52.930500][ T8454] #2: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x320 [ 52.940119][ T8454] #3: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 52.950168][ T8454] #4: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 [ 52.959263][ T8454] #5: ffff88801f906028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 52.970011][ T8454] #6: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 [ 52.979019][ T8454] #7: ffff888017ffe018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x132/0x460 [ 52.988115][ T8454] [ 52.988115][ T8454] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 52.998486][ T8454] -> (&dev->event_lock){-.-.}-{2:2} { [ 53.004015][ T8454] IN-HARDIRQ-W at: [ 53.008138][ T8454] lock_acquire+0x1ab/0x510 [ 53.014610][ T8454] _raw_spin_lock_irqsave+0x39/0x50 [ 53.021777][ T8454] input_event+0x7b/0xb0 [ 53.027982][ T8454] psmouse_report_standard_buttons+0x2c/0x80 [ 53.035930][ T8454] psmouse_process_byte+0x1e1/0x890 [ 53.043092][ T8454] psmouse_handle_byte+0x41/0x1b0 [ 53.050082][ T8454] psmouse_interrupt+0x304/0xf00 [ 53.056982][ T8454] serio_interrupt+0x88/0x150 [ 53.063627][ T8454] i8042_interrupt+0x27a/0x520 [ 53.070359][ T8454] __handle_irq_event_percpu+0x303/0x8f0 [ 53.077957][ T8454] handle_irq_event+0x102/0x280 [ 53.084776][ T8454] handle_edge_irq+0x25f/0xd00 [ 53.091509][ T8454] __common_interrupt+0x9d/0x210 [ 53.098411][ T8454] common_interrupt+0x4c/0xd0 [ 53.105056][ T8454] asm_common_interrupt+0x1e/0x40 [ 53.112049][ T8454] unwind_next_frame+0x5ea/0x1ce0 [ 53.119044][ T8454] arch_stack_walk+0x7d/0xe0 [ 53.125598][ T8454] stack_trace_save+0x8c/0xc0 [ 53.132242][ T8454] kasan_save_stack+0x1b/0x40 [ 53.138886][ T8454] kasan_set_track+0x1c/0x30 [ 53.145441][ T8454] kasan_set_free_info+0x20/0x30 [ 53.152346][ T8454] __kasan_slab_free+0xfb/0x130 [ 53.159166][ T8454] slab_free_freelist_hook+0xdf/0x240 [ 53.166590][ T8454] kfree+0xe4/0x540 [ 53.172366][ T8454] security_cred_free+0xc3/0x130 [ 53.179274][ T8454] put_cred_rcu+0x122/0x520 [ 53.185745][ T8454] rcu_core+0x7ab/0x1380 [ 53.191955][ T8454] __do_softirq+0x29b/0x9c2 [ 53.198428][ T8454] __irq_exit_rcu+0x16e/0x1c0 [ 53.205072][ T8454] irq_exit_rcu+0x5/0x20 [ 53.211282][ T8454] sysvec_apic_timer_interrupt+0x93/0xc0 [ 53.218879][ T8454] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 53.226826][ T8454] lock_acquire+0x1ef/0x510 [ 53.233296][ T8454] fs_reclaim_acquire+0x117/0x160 [ 53.240288][ T8454] kmem_cache_alloc_trace+0x3b/0x3c0 [ 53.247537][ T8454] __v4l2_device_register_subdev_nodes+0x13f/0x690 [ 53.256005][ T8454] vimc_probe+0x9a8/0xd30 [ 53.262305][ T8454] platform_probe+0xfc/0x1f0 [ 53.268859][ T8454] really_probe+0x23c/0xcd0 [ 53.275504][ T8454] __driver_probe_device+0x338/0x4d0 [ 53.282757][ T8454] driver_probe_device+0x4c/0x1a0 [ 53.289747][ T8454] __driver_attach+0x22d/0x4e0 [ 53.296478][ T8454] bus_for_each_dev+0x147/0x1d0 [ 53.303301][ T8454] bus_add_driver+0x3a9/0x630 [ 53.310034][ T8454] driver_register+0x220/0x3a0 [ 53.316771][ T8454] vimc_init+0x54/0x97 [ 53.322810][ T8454] do_one_initcall+0x103/0x650 [ 53.329543][ T8454] kernel_init_freeable+0x6b8/0x741 [ 53.336708][ T8454] kernel_init+0x1a/0x1d0 [ 53.343006][ T8454] ret_from_fork+0x1f/0x30 [ 53.349392][ T8454] IN-SOFTIRQ-W at: [ 53.353514][ T8454] lock_acquire+0x1ab/0x510 [ 53.359985][ T8454] _raw_spin_lock_irqsave+0x39/0x50 [ 53.367151][ T8454] input_event+0x7b/0xb0 [ 53.373359][ T8454] psmouse_report_standard_buttons+0x2c/0x80 [ 53.381305][ T8454] psmouse_process_byte+0x1e1/0x890 [ 53.388465][ T8454] psmouse_handle_byte+0x41/0x1b0 [ 53.395463][ T8454] psmouse_interrupt+0x304/0xf00 [ 53.402364][ T8454] serio_interrupt+0x88/0x150 [ 53.409007][ T8454] i8042_interrupt+0x27a/0x520 [ 53.415736][ T8454] __handle_irq_event_percpu+0x303/0x8f0 [ 53.423338][ T8454] handle_irq_event+0x102/0x280 [ 53.430155][ T8454] handle_edge_irq+0x25f/0xd00 [ 53.436885][ T8454] __common_interrupt+0x9d/0x210 [ 53.443790][ T8454] common_interrupt+0x4c/0xd0 [ 53.450435][ T8454] asm_common_interrupt+0x1e/0x40 [ 53.457425][ T8454] unwind_next_frame+0x5ea/0x1ce0 [ 53.464419][ T8454] arch_stack_walk+0x7d/0xe0 [ 53.470975][ T8454] stack_trace_save+0x8c/0xc0 [ 53.477619][ T8454] kasan_save_stack+0x1b/0x40 [ 53.484261][ T8454] kasan_set_track+0x1c/0x30 [ 53.490816][ T8454] kasan_set_free_info+0x20/0x30 [ 53.497719][ T8454] __kasan_slab_free+0xfb/0x130 [ 53.504536][ T8454] slab_free_freelist_hook+0xdf/0x240 [ 53.511877][ T8454] kfree+0xe4/0x540 [ 53.517659][ T8454] security_cred_free+0xc3/0x130 [ 53.524562][ T8454] put_cred_rcu+0x122/0x520 [ 53.531029][ T8454] rcu_core+0x7ab/0x1380 [ 53.537238][ T8454] __do_softirq+0x29b/0x9c2 [ 53.543709][ T8454] __irq_exit_rcu+0x16e/0x1c0 [ 53.550354][ T8454] irq_exit_rcu+0x5/0x20 [ 53.556563][ T8454] sysvec_apic_timer_interrupt+0x93/0xc0 [ 53.564163][ T8454] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 53.572108][ T8454] lock_acquire+0x1ef/0x510 [ 53.578576][ T8454] fs_reclaim_acquire+0x117/0x160 [ 53.585563][ T8454] kmem_cache_alloc_trace+0x3b/0x3c0 [ 53.592813][ T8454] __v4l2_device_register_subdev_nodes+0x13f/0x690 [ 53.601281][ T8454] vimc_probe+0x9a8/0xd30 [ 53.607579][ T8454] platform_probe+0xfc/0x1f0 [ 53.614134][ T8454] really_probe+0x23c/0xcd0 [ 53.620604][ T8454] __driver_probe_device+0x338/0x4d0 [ 53.627853][ T8454] driver_probe_device+0x4c/0x1a0 [ 53.634844][ T8454] __driver_attach+0x22d/0x4e0 [ 53.641573][ T8454] bus_for_each_dev+0x147/0x1d0 [ 53.648388][ T8454] bus_add_driver+0x3a9/0x630 [ 53.655031][ T8454] driver_register+0x220/0x3a0 [ 53.661763][ T8454] vimc_init+0x54/0x97 [ 53.667794][ T8454] do_one_initcall+0x103/0x650 [ 53.674524][ T8454] kernel_init_freeable+0x6b8/0x741 [ 53.681688][ T8454] kernel_init+0x1a/0x1d0 [ 53.687984][ T8454] ret_from_fork+0x1f/0x30 [ 53.694367][ T8454] INITIAL USE at: [ 53.698400][ T8454] lock_acquire+0x1ab/0x510 [ 53.704780][ T8454] _raw_spin_lock_irqsave+0x39/0x50 [ 53.711863][ T8454] input_inject_event+0xa6/0x320 [ 53.718680][ T8454] led_set_brightness_nosleep+0xe6/0x1a0 [ 53.726191][ T8454] led_set_brightness+0x134/0x170 [ 53.733097][ T8454] led_trigger_event+0x75/0xd0 [ 53.739741][ T8454] kbd_led_trigger_activate+0xc9/0x100 [ 53.747077][ T8454] led_trigger_set+0x61e/0xbd0 [ 53.753719][ T8454] led_trigger_set_default+0x1a6/0x230 [ 53.761056][ T8454] led_classdev_register_ext+0x5b1/0x7c0 [ 53.768566][ T8454] input_leds_connect+0x4bd/0x860 [ 53.775473][ T8454] input_attach_handler+0x180/0x1f0 [ 53.782556][ T8454] input_register_device.cold+0xf0/0x304 [ 53.790074][ T8454] atkbd_connect+0x739/0xa00 [ 53.796543][ T8454] serio_driver_probe+0x72/0xa0 [ 53.803275][ T8454] really_probe+0x23c/0xcd0 [ 53.809658][ T8454] __driver_probe_device+0x338/0x4d0 [ 53.816821][ T8454] driver_probe_device+0x4c/0x1a0 [ 53.823727][ T8454] __driver_attach+0x22d/0x4e0 [ 53.830372][ T8454] bus_for_each_dev+0x147/0x1d0 [ 53.837100][ T8454] serio_handle_event+0x5f6/0xa30 [ 53.844004][ T8454] process_one_work+0x98d/0x1630 [ 53.850822][ T8454] worker_thread+0x658/0x11f0 [ 53.857380][ T8454] kthread+0x3e5/0x4d0 [ 53.863329][ T8454] ret_from_fork+0x1f/0x30 [ 53.869624][ T8454] } [ 53.872264][ T8454] ... key at: [] __key.8+0x0/0x40 [ 53.879518][ T8454] -> (&client->buffer_lock){....}-{2:2} { [ 53.885304][ T8454] INITIAL USE at: [ 53.889262][ T8454] lock_acquire+0x1ab/0x510 [ 53.895470][ T8454] _raw_spin_lock+0x2a/0x40 [ 53.901686][ T8454] evdev_pass_values.part.0+0xf6/0x970 [ 53.908848][ T8454] evdev_events+0x359/0x3e0 [ 53.915057][ T8454] input_to_handler+0x2a0/0x4c0 [ 53.921614][ T8454] input_pass_values.part.0+0x230/0x710 [ 53.928860][ T8454] input_handle_event+0x373/0x1440 [ 53.935676][ T8454] input_inject_event+0x1bd/0x320 [ 53.942408][ T8454] evdev_write+0x430/0x760 [ 53.948620][ T8454] vfs_write+0x28e/0xa40 [ 53.954575][ T8454] ksys_write+0x1ee/0x250 [ 53.960614][ T8454] do_syscall_64+0x35/0xb0 [ 53.966738][ T8454] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 53.974341][ T8454] } [ 53.976895][ T8454] ... key at: [] __key.4+0x0/0x40 [ 53.984060][ T8454] ... acquired at: [ 53.987916][ T8454] _raw_spin_lock+0x2a/0x40 [ 53.992564][ T8454] evdev_pass_values.part.0+0xf6/0x970 [ 53.998168][ T8454] evdev_events+0x359/0x3e0 [ 54.002812][ T8454] input_to_handler+0x2a0/0x4c0 [ 54.007806][ T8454] input_pass_values.part.0+0x230/0x710 [ 54.013495][ T8454] input_handle_event+0x373/0x1440 [ 54.018748][ T8454] input_inject_event+0x1bd/0x320 [ 54.023911][ T8454] evdev_write+0x430/0x760 [ 54.028468][ T8454] vfs_write+0x28e/0xa40 [ 54.032857][ T8454] ksys_write+0x1ee/0x250 [ 54.037330][ T8454] do_syscall_64+0x35/0xb0 [ 54.041890][ T8454] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.047924][ T8454] [ 54.050213][ T8454] -> (&new->fa_lock){....}-{2:2} { [ 54.055302][ T8454] INITIAL READ USE at: [ 54.059594][ T8454] lock_acquire+0x1ab/0x510 [ 54.066059][ T8454] _raw_read_lock+0x5b/0x70 [ 54.072528][ T8454] kill_fasync+0x132/0x460 [ 54.078914][ T8454] evdev_pass_values.part.0+0x64e/0x970 [ 54.086422][ T8454] evdev_events+0x359/0x3e0 [ 54.092892][ T8454] input_to_handler+0x2a0/0x4c0 [ 54.099712][ T8454] input_pass_values.part.0+0x230/0x710 [ 54.107310][ T8454] input_handle_event+0x373/0x1440 [ 54.114387][ T8454] input_inject_event+0x1bd/0x320 [ 54.121378][ T8454] evdev_write+0x430/0x760 [ 54.127760][ T8454] vfs_write+0x28e/0xa40 [ 54.133971][ T8454] ksys_write+0x1ee/0x250 [ 54.140267][ T8454] do_syscall_64+0x35/0xb0 [ 54.146650][ T8454] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.154509][ T8454] } [ 54.156977][ T8454] ... key at: [] __key.0+0x0/0x40 [ 54.164058][ T8454] ... acquired at: [ 54.167827][ T8454] _raw_read_lock+0x5b/0x70 [ 54.172469][ T8454] kill_fasync+0x132/0x460 [ 54.177032][ T8454] evdev_pass_values.part.0+0x64e/0x970 [ 54.182720][ T8454] evdev_events+0x359/0x3e0 [ 54.187454][ T8454] input_to_handler+0x2a0/0x4c0 [ 54.192446][ T8454] input_pass_values.part.0+0x230/0x710 [ 54.198136][ T8454] input_handle_event+0x373/0x1440 [ 54.203387][ T8454] input_inject_event+0x1bd/0x320 [ 54.208553][ T8454] evdev_write+0x430/0x760 [ 54.213112][ T8454] vfs_write+0x28e/0xa40 [ 54.217501][ T8454] ksys_write+0x1ee/0x250 [ 54.221975][ T8454] do_syscall_64+0x35/0xb0 [ 54.226533][ T8454] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.232565][ T8454] [ 54.234856][ T8454] [ 54.234856][ T8454] the dependencies between the lock to be acquired [ 54.234861][ T8454] and HARDIRQ-irq-unsafe lock: [ 54.248311][ T8454] -> (&f->f_owner.lock){.+.+}-{2:2} { [ 54.253658][ T8454] HARDIRQ-ON-R at: [ 54.257606][ T8454] lock_acquire+0x1ab/0x510 [ 54.263729][ T8454] _raw_read_lock+0x5b/0x70 [ 54.269849][ T8454] do_fcntl+0x7c1/0x1210 [ 54.275713][ T8454] __x64_sys_fcntl+0x165/0x1e0 [ 54.282095][ T8454] do_syscall_64+0x35/0xb0 [ 54.288130][ T8454] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.295639][ T8454] SOFTIRQ-ON-R at: [ 54.299586][ T8454] lock_acquire+0x1ab/0x510 [ 54.305704][ T8454] _raw_read_lock+0x5b/0x70 [ 54.311826][ T8454] do_fcntl+0x7c1/0x1210 [ 54.317688][ T8454] __x64_sys_fcntl+0x165/0x1e0 [ 54.324069][ T8454] do_syscall_64+0x35/0xb0 [ 54.330106][ T8454] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.337616][ T8454] INITIAL READ USE at: [ 54.341911][ T8454] lock_acquire+0x1ab/0x510 [ 54.348379][ T8454] _raw_read_lock+0x5b/0x70 [ 54.354843][ T8454] do_fcntl+0x7c1/0x1210 [ 54.361051][ T8454] __x64_sys_fcntl+0x165/0x1e0 [ 54.367779][ T8454] do_syscall_64+0x35/0xb0 [ 54.374161][ T8454] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.382020][ T8454] } [ 54.384487][ T8454] ... key at: [] __key.5+0x0/0x40 [ 54.391568][ T8454] ... acquired at: [ 54.395339][ T8454] lock_acquire+0x1ab/0x510 [ 54.399985][ T8454] _raw_read_lock_irqsave+0x70/0x90 [ 54.405327][ T8454] send_sigio+0x24/0x380 [ 54.409711][ T8454] kill_fasync+0x1ec/0x460 [ 54.414268][ T8454] evdev_pass_values.part.0+0x64e/0x970 [ 54.419957][ T8454] evdev_events+0x359/0x3e0 [ 54.424601][ T8454] input_to_handler+0x2a0/0x4c0 [ 54.429595][ T8454] input_pass_values.part.0+0x230/0x710 [ 54.435280][ T8454] input_handle_event+0x373/0x1440 [ 54.440536][ T8454] input_inject_event+0x1bd/0x320 [ 54.445700][ T8454] evdev_write+0x430/0x760 [ 54.450260][ T8454] vfs_write+0x28e/0xa40 [ 54.454644][ T8454] ksys_write+0x1ee/0x250 [ 54.459120][ T8454] do_syscall_64+0x35/0xb0 [ 54.463677][ T8454] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.469711][ T8454] [ 54.472004][ T8454] [ 54.472004][ T8454] stack backtrace: [ 54.477858][ T8454] CPU: 1 PID: 8454 Comm: syz-executor842 Not tainted 5.14.0-rc6-syzkaller #0 [ 54.486582][ T8454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.496607][ T8454] Call Trace: [ 54.499857][ T8454] dump_stack_lvl+0xcd/0x134 [ 54.504424][ T8454] check_irq_usage.cold+0x4c1/0x6b0 [ 54.509597][ T8454] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 54.516677][ T8454] ? kernel_text_address+0xbd/0xf0 [ 54.521762][ T8454] ? check_path.constprop.0+0x24/0x50 [ 54.527102][ T8454] ? register_lock_class+0xb7/0x10c0 [ 54.532356][ T8454] ? stack_trace_save+0x8c/0xc0 [ 54.537176][ T8454] ? lockdep_lock+0xc6/0x200 [ 54.541739][ T8454] ? call_rcu_zapped+0xb0/0xb0 [ 54.546477][ T8454] __lock_acquire+0x2a1f/0x54a0 [ 54.551303][ T8454] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 54.557253][ T8454] lock_acquire+0x1ab/0x510 [ 54.561726][ T8454] ? send_sigio+0x24/0x380 [ 54.566113][ T8454] ? lock_release+0x720/0x720 [ 54.570757][ T8454] ? lock_release+0x720/0x720 [ 54.575399][ T8454] ? lock_release+0x720/0x720 [ 54.580044][ T8454] _raw_read_lock_irqsave+0x70/0x90 [ 54.585209][ T8454] ? send_sigio+0x24/0x380 [ 54.589595][ T8454] send_sigio+0x24/0x380 [ 54.593811][ T8454] kill_fasync+0x1ec/0x460 [ 54.598201][ T8454] evdev_pass_values.part.0+0x64e/0x970 [ 54.603721][ T8454] ? evdev_release+0x410/0x410 [ 54.608455][ T8454] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 54.614147][ T8454] evdev_events+0x359/0x3e0 [ 54.618621][ T8454] ? evdev_pass_values.part.0+0x970/0x970 [ 54.624311][ T8454] input_to_handler+0x2a0/0x4c0 [ 54.629137][ T8454] input_pass_values.part.0+0x230/0x710 [ 54.634650][ T8454] input_handle_event+0x373/0x1440 [ 54.639732][ T8454] input_inject_event+0x1bd/0x320 [ 54.644724][ T8454] evdev_write+0x430/0x760 [ 54.649113][ T8454] ? evdev_read+0xe40/0xe40 [ 54.653585][ T8454] ? security_file_permission+0x248/0x560 [ 54.659292][ T8454] ? evdev_read+0xe40/0xe40 [ 54.663766][ T8454] vfs_write+0x28e/0xa40 [ 54.667982][ T8454] ksys_write+0x1ee/0x250 [ 54.672287][ T8454] ? __ia32_sys_read+0xb0/0xb0 [ 54.677026][ T8454] ? syscall_enter_from_user_mode+0x21/0x70 [ 54.682892][ T8454] do_syscall_64+0x35/0xb0 [ 54.687280][ T8454] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.693141][ T8454] RIP: 0033:0x446479 [ 54.697007][ T8454] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 54.716581][ T8454] RSP: 002b:00007ffdbd14fd28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 54.725049][ T8454] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000446479 [ 54.732992][ T8454] RDX: 0000000000003888 RSI: 000000002