Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.243678][ T4875] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 55.613884][ T4875] usb 1-1: config 0 has an invalid interface number: 123 but max is 0 [ 55.622769][ T4875] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 55.634656][ T4875] usb 1-1: config 0 has no interface number 0 [ 55.640805][ T4875] usb 1-1: config 0 interface 123 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 15 [ 55.813637][ T4875] usb 1-1: New USB device found, idVendor=0781, idProduct=0100, bcdDevice= 1.00 [ 55.822846][ T4875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 55.831155][ T4875] usb 1-1: Product: syz [ 55.835437][ T4875] usb 1-1: Manufacturer: syz [ 55.840197][ T4875] usb 1-1: SerialNumber: syz [ 55.850614][ T4875] usb 1-1: config 0 descriptor?? [ 56.095719][ T8403] [ 56.098219][ T8403] ===================================================== [ 56.105667][ T8403] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 56.113449][ T8403] 5.13.0-syzkaller #0 Not tainted [ 56.118436][ T8403] ----------------------------------------------------- [ 56.125381][ T8403] syz-executor596/8403 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 56.133417][ T8403] ffff88801d8cd038 (&f->f_owner.lock){.+.+}-{2:2}, at: send_sigio+0x24/0x360 [ 56.142409][ T8403] [ 56.142409][ T8403] and this task is already holding: [ 56.149838][ T8403] ffff8880168aa018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x14b/0x460 [ 56.158501][ T8403] which would create a new lock dependency: [ 56.164444][ T8403] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){.+.+}-{2:2} [ 56.172151][ T8403] [ 56.172151][ T8403] but this new dependency connects a HARDIRQ-irq-safe lock: [ 56.181566][ T8403] (&dev->event_lock){-...}-{2:2} [ 56.181579][ T8403] [ 56.181579][ T8403] ... which became HARDIRQ-irq-safe at: [ 56.194949][ T8403] lock_acquire+0x1ab/0x510 [ 56.199563][ T8403] _raw_spin_lock_irqsave+0x39/0x50 [ 56.204838][ T8403] input_event+0x7b/0xb0 [ 56.209152][ T8403] psmouse_report_standard_buttons+0x2c/0x80 [ 56.215199][ T8403] psmouse_process_byte+0x1e1/0x890 [ 56.220470][ T8403] psmouse_handle_byte+0x41/0x1b0 [ 56.225573][ T8403] psmouse_interrupt+0x304/0xf00 [ 56.230764][ T8403] serio_interrupt+0x88/0x150 [ 56.236751][ T8403] i8042_interrupt+0x27a/0x520 [ 56.241664][ T8403] __handle_irq_event_percpu+0x303/0x8f0 [ 56.247384][ T8403] handle_irq_event+0x102/0x290 [ 56.252389][ T8403] handle_edge_irq+0x25f/0xd00 [ 56.257235][ T8403] __common_interrupt+0x9e/0x200 [ 56.262334][ T8403] common_interrupt+0x9f/0xd0 [ 56.267078][ T8403] asm_common_interrupt+0x1e/0x40 [ 56.272169][ T8403] acpi_idle_do_entry+0x1c6/0x250 [ 56.277260][ T8403] acpi_idle_enter+0x361/0x500 [ 56.282108][ T8403] cpuidle_enter_state+0x1b1/0xc80 [ 56.287290][ T8403] cpuidle_enter+0x4a/0xa0 [ 56.291770][ T8403] do_idle+0x3e8/0x590 [ 56.295902][ T8403] cpu_startup_entry+0x14/0x20 [ 56.300730][ T8403] start_secondary+0x265/0x340 [ 56.305559][ T8403] secondary_startup_64_no_verify+0xb0/0xbb [ 56.311608][ T8403] [ 56.311608][ T8403] to a HARDIRQ-irq-unsafe lock: [ 56.318597][ T8403] (&f->f_owner.lock){.+.+}-{2:2} [ 56.318616][ T8403] [ 56.318616][ T8403] ... which became HARDIRQ-irq-unsafe at: [ 56.331493][ T8403] ... [ 56.331497][ T8403] lock_acquire+0x1ab/0x510 [ 56.338796][ T8403] _raw_read_lock+0x5b/0x70 [ 56.343367][ T8403] f_getown+0x23/0x2a0 [ 56.347503][ T8403] sock_ioctl+0x4ba/0x6a0 [ 56.351916][ T8403] __x64_sys_ioctl+0x193/0x200 [ 56.356744][ T8403] do_syscall_64+0x31/0xb0 [ 56.361223][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 56.367185][ T8403] [ 56.367185][ T8403] other info that might help us debug this: [ 56.367185][ T8403] [ 56.377387][ T8403] Chain exists of: [ 56.377387][ T8403] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 56.377387][ T8403] [ 56.390484][ T8403] Possible interrupt unsafe locking scenario: [ 56.390484][ T8403] [ 56.399560][ T8403] CPU0 CPU1 [ 56.404916][ T8403] ---- ---- [ 56.410440][ T8403] lock(&f->f_owner.lock); [ 56.415023][ T8403] local_irq_disable(); [ 56.421760][ T8403] lock(&dev->event_lock); [ 56.428862][ T8403] lock(&new->fa_lock); [ 56.435599][ T8403] [ 56.439030][ T8403] lock(&dev->event_lock); [ 56.443685][ T8403] [ 56.443685][ T8403] *** DEADLOCK *** [ 56.443685][ T8403] [ 56.451808][ T8403] 8 locks held by syz-executor596/8403: [ 56.457326][ T8403] #0: ffff888146dba110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 56.466441][ T8403] #1: ffff8880225fc230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xa6/0x310 [ 56.476511][ T8403] #2: ffffffff8bf7d5a0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x310 [ 56.486230][ T8403] #3: ffffffff8bf7d5a0 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x700 [ 56.496315][ T8403] #4: ffffffff8bf7d5a0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3f0 [ 56.505511][ T8403] #5: ffff88814730a028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 56.516468][ T8403] #6: ffffffff8bf7d5a0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 [ 56.525600][ T8403] #7: ffff8880168aa018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x14b/0x460 [ 56.534971][ T8403] [ 56.534971][ T8403] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 56.545523][ T8403] -> (&dev->event_lock){-...}-{2:2} { [ 56.551145][ T8403] IN-HARDIRQ-W at: [ 56.555289][ T8403] lock_acquire+0x1ab/0x510 [ 56.561788][ T8403] _raw_spin_lock_irqsave+0x39/0x50 [ 56.568981][ T8403] input_event+0x7b/0xb0 [ 56.575202][ T8403] psmouse_report_standard_buttons+0x2c/0x80 [ 56.583262][ T8403] psmouse_process_byte+0x1e1/0x890 [ 56.590490][ T8403] psmouse_handle_byte+0x41/0x1b0 [ 56.597492][ T8403] psmouse_interrupt+0x304/0xf00 [ 56.604608][ T8403] serio_interrupt+0x88/0x150 [ 56.611442][ T8403] i8042_interrupt+0x27a/0x520 [ 56.618351][ T8403] __handle_irq_event_percpu+0x303/0x8f0 [ 56.625964][ T8403] handle_irq_event+0x102/0x290 [ 56.632879][ T8403] handle_edge_irq+0x25f/0xd00 [ 56.639639][ T8403] __common_interrupt+0x9e/0x200 [ 56.646643][ T8403] common_interrupt+0x9f/0xd0 [ 56.653389][ T8403] asm_common_interrupt+0x1e/0x40 [ 56.660391][ T8403] acpi_idle_do_entry+0x1c6/0x250 [ 56.667487][ T8403] acpi_idle_enter+0x361/0x500 [ 56.674316][ T8403] cpuidle_enter_state+0x1b1/0xc80 [ 56.681405][ T8403] cpuidle_enter+0x4a/0xa0 [ 56.687815][ T8403] do_idle+0x3e8/0x590 [ 56.693861][ T8403] cpu_startup_entry+0x14/0x20 [ 56.700687][ T8403] start_secondary+0x265/0x340 [ 56.707432][ T8403] secondary_startup_64_no_verify+0xb0/0xbb [ 56.715475][ T8403] INITIAL USE at: [ 56.719518][ T8403] lock_acquire+0x1ab/0x510 [ 56.725927][ T8403] _raw_spin_lock_irqsave+0x39/0x50 [ 56.733034][ T8403] input_inject_event+0xa6/0x310 [ 56.739864][ T8403] led_set_brightness_nosleep+0xe6/0x1a0 [ 56.747407][ T8403] led_set_brightness+0x134/0x170 [ 56.754321][ T8403] led_trigger_event+0x75/0xd0 [ 56.761063][ T8403] kbd_led_trigger_activate+0xc9/0x100 [ 56.768411][ T8403] led_trigger_set+0x61e/0xbd0 [ 56.775085][ T8403] led_trigger_set_default+0x1a6/0x230 [ 56.782623][ T8403] led_classdev_register_ext+0x5b1/0x7c0 [ 56.792599][ T8403] input_leds_connect+0x4bd/0x860 [ 56.799634][ T8403] input_attach_handler+0x180/0x1f0 [ 56.808480][ T8403] input_register_device.cold+0xf0/0x304 [ 56.816889][ T8403] atkbd_connect+0x739/0xa00 [ 56.823695][ T8403] serio_driver_probe+0x72/0xa0 [ 56.830549][ T8403] really_probe+0x291/0xf60 [ 56.836943][ T8403] driver_probe_device+0x298/0x410 [ 56.844050][ T8403] device_driver_attach+0x228/0x290 [ 56.851140][ T8403] __driver_attach+0x190/0x340 [ 56.857795][ T8403] bus_for_each_dev+0x147/0x1d0 [ 56.864558][ T8403] serio_handle_event+0x5f6/0xa30 [ 56.871730][ T8403] process_one_work+0x98d/0x1630 [ 56.878560][ T8403] worker_thread+0x658/0x11f0 [ 56.885218][ T8403] kthread+0x3e5/0x4d0 [ 56.891364][ T8403] ret_from_fork+0x1f/0x30 [ 56.897666][ T8403] } [ 56.900310][ T8403] ... key at: [] __key.8+0x0/0x40 [ 56.907579][ T8403] -> (&client->buffer_lock){....}-{2:2} { [ 56.913393][ T8403] INITIAL USE at: [ 56.917352][ T8403] lock_acquire+0x1ab/0x510 [ 56.923568][ T8403] _raw_spin_lock+0x2a/0x40 [ 56.929789][ T8403] evdev_pass_values.part.0+0xf6/0x970 [ 56.936980][ T8403] evdev_events+0x28b/0x3f0 [ 56.943195][ T8403] input_to_handler+0x2a0/0x4c0 [ 56.949760][ T8403] input_pass_values.part.0+0x284/0x700 [ 56.957042][ T8403] input_handle_event+0x373/0x1440 [ 56.963871][ T8403] input_inject_event+0x2f5/0x310 [ 56.970872][ T8403] evdev_write+0x430/0x760 [ 56.977017][ T8403] vfs_write+0x28e/0xa30 [ 56.982983][ T8403] ksys_write+0x1ee/0x250 [ 56.989030][ T8403] do_syscall_64+0x31/0xb0 [ 56.995252][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.002869][ T8403] } [ 57.005427][ T8403] ... key at: [] __key.4+0x0/0x40 [ 57.013064][ T8403] ... acquired at: [ 57.017297][ T8403] _raw_spin_lock+0x2a/0x40 [ 57.022082][ T8403] evdev_pass_values.part.0+0xf6/0x970 [ 57.027704][ T8403] evdev_events+0x28b/0x3f0 [ 57.032360][ T8403] input_to_handler+0x2a0/0x4c0 [ 57.037364][ T8403] input_pass_values.part.0+0x284/0x700 [ 57.043065][ T8403] input_handle_event+0x373/0x1440 [ 57.048331][ T8403] input_inject_event+0x2f5/0x310 [ 57.053515][ T8403] evdev_write+0x430/0x760 [ 57.058086][ T8403] vfs_write+0x28e/0xa30 [ 57.062485][ T8403] ksys_write+0x1ee/0x250 [ 57.066967][ T8403] do_syscall_64+0x31/0xb0 [ 57.071537][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.077605][ T8403] [ 57.079905][ T8403] -> (&new->fa_lock){....}-{2:2} { [ 57.085116][ T8403] INITIAL READ USE at: [ 57.089420][ T8403] lock_acquire+0x1ab/0x510 [ 57.095902][ T8403] _raw_read_lock+0x5b/0x70 [ 57.102405][ T8403] kill_fasync+0x14b/0x460 [ 57.108798][ T8403] evdev_pass_values.part.0+0x64e/0x970 [ 57.116322][ T8403] evdev_events+0x28b/0x3f0 [ 57.122821][ T8403] input_to_handler+0x2a0/0x4c0 [ 57.129654][ T8403] input_pass_values.part.0+0x284/0x700 [ 57.137181][ T8403] input_handle_event+0x373/0x1440 [ 57.144275][ T8403] input_inject_event+0x2f5/0x310 [ 57.151276][ T8403] evdev_write+0x430/0x760 [ 57.157669][ T8403] vfs_write+0x28e/0xa30 [ 57.163890][ T8403] ksys_write+0x1ee/0x250 [ 57.170200][ T8403] do_syscall_64+0x31/0xb0 [ 57.176610][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.184487][ T8403] } [ 57.186960][ T8403] ... key at: [] __key.0+0x0/0x40 [ 57.194068][ T8403] ... acquired at: [ 57.197863][ T8403] _raw_read_lock+0x5b/0x70 [ 57.202522][ T8403] kill_fasync+0x14b/0x460 [ 57.207091][ T8403] evdev_pass_values.part.0+0x64e/0x970 [ 57.212789][ T8403] evdev_events+0x28b/0x3f0 [ 57.217441][ T8403] input_to_handler+0x2a0/0x4c0 [ 57.222447][ T8403] input_pass_values.part.0+0x284/0x700 [ 57.228147][ T8403] input_handle_event+0x373/0x1440 [ 57.233430][ T8403] input_inject_event+0x2f5/0x310 [ 57.238608][ T8403] evdev_write+0x430/0x760 [ 57.243174][ T8403] vfs_write+0x28e/0xa30 [ 57.247575][ T8403] ksys_write+0x1ee/0x250 [ 57.252056][ T8403] do_syscall_64+0x31/0xb0 [ 57.256626][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.262675][ T8403] [ 57.264976][ T8403] [ 57.264976][ T8403] the dependencies between the lock to be acquired [ 57.264982][ T8403] and HARDIRQ-irq-unsafe lock: [ 57.278449][ T8403] -> (&f->f_owner.lock){.+.+}-{2:2} { [ 57.283812][ T8403] HARDIRQ-ON-R at: [ 57.287768][ T8403] lock_acquire+0x1ab/0x510 [ 57.293904][ T8403] _raw_read_lock+0x5b/0x70 [ 57.300127][ T8403] f_getown+0x23/0x2a0 [ 57.305842][ T8403] sock_ioctl+0x4ba/0x6a0 [ 57.311803][ T8403] __x64_sys_ioctl+0x193/0x200 [ 57.318196][ T8403] do_syscall_64+0x31/0xb0 [ 57.324239][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.331762][ T8403] SOFTIRQ-ON-R at: [ 57.335714][ T8403] lock_acquire+0x1ab/0x510 [ 57.341956][ T8403] _raw_read_lock+0x5b/0x70 [ 57.348184][ T8403] f_getown+0x23/0x2a0 [ 57.353905][ T8403] sock_ioctl+0x4ba/0x6a0 [ 57.359953][ T8403] __x64_sys_ioctl+0x193/0x200 [ 57.366345][ T8403] do_syscall_64+0x31/0xb0 [ 57.372409][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.379937][ T8403] INITIAL READ USE at: [ 57.384242][ T8403] lock_acquire+0x1ab/0x510 [ 57.390722][ T8403] _raw_read_lock+0x5b/0x70 [ 57.397290][ T8403] f_getown+0x23/0x2a0 [ 57.403335][ T8403] sock_ioctl+0x4ba/0x6a0 [ 57.409643][ T8403] __x64_sys_ioctl+0x193/0x200 [ 57.416617][ T8403] do_syscall_64+0x31/0xb0 [ 57.423112][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.430984][ T8403] } [ 57.433457][ T8403] ... key at: [] __key.5+0x0/0x40 [ 57.440544][ T8403] ... acquired at: [ 57.444321][ T8403] lock_acquire+0x1ab/0x510 [ 57.448980][ T8403] _raw_read_lock_irqsave+0x70/0x90 [ 57.454334][ T8403] send_sigio+0x24/0x360 [ 57.458732][ T8403] kill_fasync+0x205/0x460 [ 57.463301][ T8403] evdev_pass_values.part.0+0x64e/0x970 [ 57.469025][ T8403] evdev_events+0x28b/0x3f0 [ 57.473679][ T8403] input_to_handler+0x2a0/0x4c0 [ 57.478682][ T8403] input_pass_values.part.0+0x284/0x700 [ 57.484397][ T8403] input_handle_event+0x373/0x1440 [ 57.489661][ T8403] input_inject_event+0x2f5/0x310 [ 57.494839][ T8403] evdev_write+0x430/0x760 [ 57.499598][ T8403] vfs_write+0x28e/0xa30 [ 57.503997][ T8403] ksys_write+0x1ee/0x250 [ 57.508565][ T8403] do_syscall_64+0x31/0xb0 [ 57.513129][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.519260][ T8403] [ 57.521558][ T8403] [ 57.521558][ T8403] stack backtrace: [ 57.527438][ T8403] CPU: 1 PID: 8403 Comm: syz-executor596 Not tainted 5.13.0-syzkaller #0 [ 57.535826][ T8403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.546075][ T8403] Call Trace: [ 57.549342][ T8403] dump_stack+0x141/0x1d7 [ 57.553657][ T8403] check_irq_usage.cold+0x4c1/0x6b0 [ 57.558844][ T8403] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 57.565935][ T8403] ? kernel_text_address+0xbd/0xf0 [ 57.571030][ T8403] ? check_path.constprop.0+0x24/0x50 [ 57.576476][ T8403] ? register_lock_class+0xb7/0x10c0 [ 57.581738][ T8403] ? stack_trace_save+0x8c/0xc0 [ 57.586656][ T8403] ? lockdep_lock+0xc6/0x200 [ 57.591230][ T8403] ? call_rcu_zapped+0xb0/0xb0 [ 57.595978][ T8403] __lock_acquire+0x2a1f/0x54a0 [ 57.600812][ T8403] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.606777][ T8403] lock_acquire+0x1ab/0x510 [ 57.611259][ T8403] ? send_sigio+0x24/0x360 [ 57.615778][ T8403] ? lock_release+0x720/0x720 [ 57.620472][ T8403] ? lock_release+0x720/0x720 [ 57.625138][ T8403] ? lock_release+0x720/0x720 [ 57.629806][ T8403] _raw_read_lock_irqsave+0x70/0x90 [ 57.634996][ T8403] ? send_sigio+0x24/0x360 [ 57.639402][ T8403] send_sigio+0x24/0x360 [ 57.643719][ T8403] kill_fasync+0x205/0x460 [ 57.648122][ T8403] evdev_pass_values.part.0+0x64e/0x970 [ 57.653742][ T8403] ? evdev_release+0x410/0x410 [ 57.658490][ T8403] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 57.664193][ T8403] evdev_events+0x28b/0x3f0 [ 57.668695][ T8403] ? evdev_pass_values.part.0+0x970/0x970 [ 57.674414][ T8403] input_to_handler+0x2a0/0x4c0 [ 57.679249][ T8403] input_pass_values.part.0+0x284/0x700 [ 57.684780][ T8403] input_handle_event+0x373/0x1440 [ 57.689876][ T8403] input_inject_event+0x2f5/0x310 [ 57.694884][ T8403] evdev_write+0x430/0x760 [ 57.699280][ T8403] ? evdev_read+0xe40/0xe40 [ 57.703765][ T8403] ? security_file_permission+0x248/0x560 [ 57.709470][ T8403] ? evdev_read+0xe40/0xe40 [ 57.713954][ T8403] vfs_write+0x28e/0xa30 [ 57.718356][ T8403] ksys_write+0x1ee/0x250 [ 57.722666][ T8403] ? __ia32_sys_read+0xb0/0xb0 [ 57.727416][ T8403] ? syscall_enter_from_user_mode+0x21/0x70 [ 57.733297][ T8403] do_syscall_64+0x31/0xb0 [ 57.737697][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.743581][ T8403] RIP: 0033:0x446d69 [ 57.747550][ T8403] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.767234][ T8403] RSP: 002b:00007fffbce95f38 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.775637][ T8403] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000446d69 [ 57.783613][ T8403] RDX: 0000000000035000 RSI: 0000000020000040 RDI: 0000000000000007 [ 57.791654][ T8403] RBP: 00000000004065f0 R08: 00000000004004a0 R09: 00000000004004a0 [ 57.799626][ T8403] R10: 00000000000000