[ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.63' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.579786][ T8461] [ 69.582119][ T8461] ===================================================== [ 69.589027][ T8461] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 69.596458][ T8461] 5.14.0-rc5-syzkaller #0 Not tainted [ 69.601801][ T8461] ----------------------------------------------------- [ 69.608740][ T8461] syz-executor294/8461 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 69.616781][ T8461] ffff888017fa03b8 (&f->f_owner.lock){.+.+}-{2:2}, at: send_sigio+0x24/0x380 [ 69.625549][ T8461] [ 69.625549][ T8461] and this task is already holding: [ 69.632890][ T8461] ffff8880368f2018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x132/0x460 [ 69.641558][ T8461] which would create a new lock dependency: [ 69.647424][ T8461] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){.+.+}-{2:2} [ 69.655138][ T8461] [ 69.655138][ T8461] but this new dependency connects a HARDIRQ-irq-safe lock: [ 69.664589][ T8461] (&dev->event_lock){-...}-{2:2} [ 69.664610][ T8461] [ 69.664610][ T8461] ... which became HARDIRQ-irq-safe at: [ 69.677282][ T8461] lock_acquire+0x1ab/0x510 [ 69.681851][ T8461] _raw_spin_lock_irqsave+0x39/0x50 [ 69.687128][ T8461] input_event+0x7b/0xb0 [ 69.691448][ T8461] psmouse_report_standard_buttons+0x2c/0x80 [ 69.697506][ T8461] psmouse_process_byte+0x1e1/0x890 [ 69.702783][ T8461] psmouse_handle_byte+0x41/0x1b0 [ 69.707889][ T8461] psmouse_interrupt+0x304/0xf00 [ 69.712901][ T8461] serio_interrupt+0x88/0x150 [ 69.717659][ T8461] i8042_interrupt+0x27a/0x520 [ 69.722505][ T8461] __handle_irq_event_percpu+0x303/0x8f0 [ 69.728219][ T8461] handle_irq_event+0x102/0x280 [ 69.733164][ T8461] handle_edge_irq+0x25f/0xd00 [ 69.738026][ T8461] __common_interrupt+0x9d/0x210 [ 69.743059][ T8461] common_interrupt+0x9f/0xd0 [ 69.747818][ T8461] asm_common_interrupt+0x1e/0x40 [ 69.752920][ T8461] lock_acquire+0x1ef/0x510 [ 69.757501][ T8461] fs_reclaim_acquire+0x117/0x160 [ 69.762607][ T8461] __kmalloc_node+0x5b/0x380 [ 69.767274][ T8461] kvmalloc_node+0x61/0xf0 [ 69.771771][ T8461] v4l2_ctrl_new+0x600/0x1a60 [ 69.776531][ T8461] v4l2_ctrl_new_std+0x196/0x260 [ 69.781555][ T8461] vimc_sen_add+0x180/0x610 [ 69.786140][ T8461] vimc_probe+0x3ef/0xd30 [ 69.790543][ T8461] platform_probe+0xfc/0x1f0 [ 69.795211][ T8461] really_probe+0x23c/0xcd0 [ 69.799794][ T8461] __driver_probe_device+0x338/0x4d0 [ 69.805174][ T8461] driver_probe_device+0x4c/0x1a0 [ 69.810279][ T8461] __driver_attach+0x22d/0x4e0 [ 69.815123][ T8461] bus_for_each_dev+0x147/0x1d0 [ 69.820051][ T8461] bus_add_driver+0x3a9/0x630 [ 69.824808][ T8461] driver_register+0x220/0x3a0 [ 69.829652][ T8461] vimc_init+0x54/0x97 [ 69.833797][ T8461] do_one_initcall+0x103/0x650 [ 69.838644][ T8461] kernel_init_freeable+0x6b8/0x741 [ 69.843925][ T8461] kernel_init+0x1a/0x1d0 [ 69.848328][ T8461] ret_from_fork+0x1f/0x30 [ 69.852822][ T8461] [ 69.852822][ T8461] to a HARDIRQ-irq-unsafe lock: [ 69.859819][ T8461] (&f->f_owner.lock){.+.+}-{2:2} [ 69.859845][ T8461] [ 69.859845][ T8461] ... which became HARDIRQ-irq-unsafe at: [ 69.872709][ T8461] ... [ 69.872716][ T8461] lock_acquire+0x1ab/0x510 [ 69.879860][ T8461] _raw_read_lock+0x5b/0x70 [ 69.884443][ T8461] f_getown+0x23/0x2a0 [ 69.888592][ T8461] do_fcntl+0xbd8/0x1210 [ 69.892911][ T8461] __x64_sys_fcntl+0x165/0x1e0 [ 69.897755][ T8461] do_syscall_64+0x35/0xb0 [ 69.902251][ T8461] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 69.908222][ T8461] [ 69.908222][ T8461] other info that might help us debug this: [ 69.908222][ T8461] [ 69.918438][ T8461] Chain exists of: [ 69.918438][ T8461] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 69.918438][ T8461] [ 69.931466][ T8461] Possible interrupt unsafe locking scenario: [ 69.931466][ T8461] [ 69.939776][ T8461] CPU0 CPU1 [ 69.945128][ T8461] ---- ---- [ 69.950480][ T8461] lock(&f->f_owner.lock); [ 69.954975][ T8461] local_irq_disable(); [ 69.961710][ T8461] lock(&dev->event_lock); [ 69.968719][ T8461] lock(&new->fa_lock); [ 69.975467][ T8461] [ 69.978905][ T8461] lock(&dev->event_lock); [ 69.983585][ T8461] [ 69.983585][ T8461] *** DEADLOCK *** [ 69.983585][ T8461] [ 69.991711][ T8461] 8 locks held by syz-executor294/8461: [ 69.997239][ T8461] #0: ffff8881466a6110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 70.006378][ T8461] #1: ffff88801c846230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xa6/0x320 [ 70.016294][ T8461] #2: ffffffff8b97c1c0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x320 [ 70.025943][ T8461] #3: ffffffff8b97c1c0 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 70.036030][ T8461] #4: ffffffff8b97c1c0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 [ 70.045177][ T8461] #5: ffff888028101028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 70.055963][ T8461] #6: ffffffff8b97c1c0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 [ 70.065011][ T8461] #7: ffff8880368f2018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x132/0x460 [ 70.074146][ T8461] [ 70.074146][ T8461] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 70.084533][ T8461] -> (&dev->event_lock){-...}-{2:2} { [ 70.090085][ T8461] IN-HARDIRQ-W at: [ 70.094223][ T8461] lock_acquire+0x1ab/0x510 [ 70.100716][ T8461] _raw_spin_lock_irqsave+0x39/0x50 [ 70.107930][ T8461] input_event+0x7b/0xb0 [ 70.114176][ T8461] psmouse_report_standard_buttons+0x2c/0x80 [ 70.122152][ T8461] psmouse_process_byte+0x1e1/0x890 [ 70.129336][ T8461] psmouse_handle_byte+0x41/0x1b0 [ 70.136355][ T8461] psmouse_interrupt+0x304/0xf00 [ 70.143287][ T8461] serio_interrupt+0x88/0x150 [ 70.149957][ T8461] i8042_interrupt+0x27a/0x520 [ 70.156725][ T8461] __handle_irq_event_percpu+0x303/0x8f0 [ 70.164352][ T8461] handle_irq_event+0x102/0x280 [ 70.171200][ T8461] handle_edge_irq+0x25f/0xd00 [ 70.177971][ T8461] __common_interrupt+0x9d/0x210 [ 70.184912][ T8461] common_interrupt+0x9f/0xd0 [ 70.191590][ T8461] asm_common_interrupt+0x1e/0x40 [ 70.198606][ T8461] lock_acquire+0x1ef/0x510 [ 70.205106][ T8461] fs_reclaim_acquire+0x117/0x160 [ 70.212145][ T8461] __kmalloc_node+0x5b/0x380 [ 70.218746][ T8461] kvmalloc_node+0x61/0xf0 [ 70.225157][ T8461] v4l2_ctrl_new+0x600/0x1a60 [ 70.231830][ T8461] v4l2_ctrl_new_std+0x196/0x260 [ 70.238773][ T8461] vimc_sen_add+0x180/0x610 [ 70.245269][ T8461] vimc_probe+0x3ef/0xd30 [ 70.251586][ T8461] platform_probe+0xfc/0x1f0 [ 70.258169][ T8461] really_probe+0x23c/0xcd0 [ 70.264680][ T8461] __driver_probe_device+0x338/0x4d0 [ 70.271957][ T8461] driver_probe_device+0x4c/0x1a0 [ 70.278973][ T8461] __driver_attach+0x22d/0x4e0 [ 70.285731][ T8461] bus_for_each_dev+0x147/0x1d0 [ 70.292570][ T8461] bus_add_driver+0x3a9/0x630 [ 70.299242][ T8461] driver_register+0x220/0x3a0 [ 70.306003][ T8461] vimc_init+0x54/0x97 [ 70.312061][ T8461] do_one_initcall+0x103/0x650 [ 70.318815][ T8461] kernel_init_freeable+0x6b8/0x741 [ 70.326020][ T8461] kernel_init+0x1a/0x1d0 [ 70.332335][ T8461] ret_from_fork+0x1f/0x30 [ 70.338756][ T8461] INITIAL USE at: [ 70.342812][ T8461] lock_acquire+0x1ab/0x510 [ 70.349218][ T8461] _raw_spin_lock_irqsave+0x39/0x50 [ 70.356316][ T8461] input_inject_event+0xa6/0x320 [ 70.363161][ T8461] led_set_brightness_nosleep+0xe6/0x1a0 [ 70.370700][ T8461] led_set_brightness+0x134/0x170 [ 70.377624][ T8461] led_trigger_event+0x75/0xd0 [ 70.384290][ T8461] kbd_led_trigger_activate+0xc9/0x100 [ 70.391654][ T8461] led_trigger_set+0x61e/0xbd0 [ 70.398319][ T8461] led_trigger_set_default+0x1a6/0x230 [ 70.405698][ T8461] led_classdev_register_ext+0x5b1/0x7c0 [ 70.413237][ T8461] input_leds_connect+0x4bd/0x860 [ 70.420175][ T8461] input_attach_handler+0x180/0x1f0 [ 70.427270][ T8461] input_register_device.cold+0xf0/0x304 [ 70.434812][ T8461] atkbd_connect+0x739/0xa00 [ 70.441305][ T8461] serio_driver_probe+0x72/0xa0 [ 70.448058][ T8461] really_probe+0x23c/0xcd0 [ 70.454465][ T8461] __driver_probe_device+0x338/0x4d0 [ 70.461655][ T8461] driver_probe_device+0x4c/0x1a0 [ 70.468603][ T8461] __driver_attach+0x22d/0x4e0 [ 70.475285][ T8461] bus_for_each_dev+0x147/0x1d0 [ 70.482039][ T8461] serio_handle_event+0x5f6/0xa30 [ 70.488968][ T8461] process_one_work+0x98d/0x1630 [ 70.495813][ T8461] worker_thread+0x658/0x11f0 [ 70.502399][ T8461] kthread+0x3e5/0x4d0 [ 70.508372][ T8461] ret_from_fork+0x1f/0x30 [ 70.514694][ T8461] } [ 70.517350][ T8461] ... key at: [] __key.8+0x0/0x40 [ 70.524629][ T8461] -> (&client->buffer_lock){....}-{2:2} { [ 70.530445][ T8461] INITIAL USE at: [ 70.534409][ T8461] lock_acquire+0x1ab/0x510 [ 70.540641][ T8461] _raw_spin_lock+0x2a/0x40 [ 70.546877][ T8461] evdev_pass_values.part.0+0xf6/0x970 [ 70.554067][ T8461] evdev_events+0x359/0x3e0 [ 70.560300][ T8461] input_to_handler+0x2a0/0x4c0 [ 70.566882][ T8461] input_pass_values.part.0+0x230/0x710 [ 70.574156][ T8461] input_handle_event+0x373/0x1440 [ 70.580995][ T8461] input_inject_event+0x1bd/0x320 [ 70.587745][ T8461] evdev_write+0x430/0x760 [ 70.593891][ T8461] vfs_write+0x28e/0xa40 [ 70.599866][ T8461] ksys_write+0x1ee/0x250 [ 70.605927][ T8461] do_syscall_64+0x35/0xb0 [ 70.612092][ T8461] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.619714][ T8461] } [ 70.622283][ T8461] ... key at: [] __key.4+0x0/0x40 [ 70.629477][ T8461] ... acquired at: [ 70.633350][ T8461] _raw_spin_lock+0x2a/0x40 [ 70.638022][ T8461] evdev_pass_values.part.0+0xf6/0x970 [ 70.643649][ T8461] evdev_events+0x359/0x3e0 [ 70.648321][ T8461] input_to_handler+0x2a0/0x4c0 [ 70.653341][ T8461] input_pass_values.part.0+0x230/0x710 [ 70.659063][ T8461] input_handle_event+0x373/0x1440 [ 70.664337][ T8461] input_inject_event+0x1bd/0x320 [ 70.669539][ T8461] evdev_write+0x430/0x760 [ 70.674126][ T8461] vfs_write+0x28e/0xa40 [ 70.678536][ T8461] ksys_write+0x1ee/0x250 [ 70.683035][ T8461] do_syscall_64+0x35/0xb0 [ 70.687617][ T8461] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.693676][ T8461] [ 70.696000][ T8461] -> (&new->fa_lock){....}-{2:2} { [ 70.701113][ T8461] INITIAL READ USE at: [ 70.705431][ T8461] lock_acquire+0x1ab/0x510 [ 70.711935][ T8461] _raw_read_lock+0x5b/0x70 [ 70.718426][ T8461] kill_fasync+0x132/0x460 [ 70.724834][ T8461] evdev_pass_values.part.0+0x64e/0x970 [ 70.732373][ T8461] evdev_events+0x359/0x3e0 [ 70.738866][ T8461] input_to_handler+0x2a0/0x4c0 [ 70.745709][ T8461] input_pass_values.part.0+0x230/0x710 [ 70.753245][ T8461] input_handle_event+0x373/0x1440 [ 70.760352][ T8461] input_inject_event+0x1bd/0x320 [ 70.767368][ T8461] evdev_write+0x430/0x760 [ 70.773777][ T8461] vfs_write+0x28e/0xa40 [ 70.780016][ T8461] ksys_write+0x1ee/0x250 [ 70.786428][ T8461] do_syscall_64+0x35/0xb0 [ 70.792834][ T8461] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.800714][ T8461] } [ 70.803194][ T8461] ... key at: [] __key.0+0x0/0x40 [ 70.810300][ T8461] ... acquired at: [ 70.814099][ T8461] _raw_read_lock+0x5b/0x70 [ 70.818774][ T8461] kill_fasync+0x132/0x460 [ 70.823358][ T8461] evdev_pass_values.part.0+0x64e/0x970 [ 70.829076][ T8461] evdev_events+0x359/0x3e0 [ 70.833745][ T8461] input_to_handler+0x2a0/0x4c0 [ 70.838763][ T8461] input_pass_values.part.0+0x230/0x710 [ 70.844489][ T8461] input_handle_event+0x373/0x1440 [ 70.849772][ T8461] input_inject_event+0x1bd/0x320 [ 70.854962][ T8461] evdev_write+0x430/0x760 [ 70.859566][ T8461] vfs_write+0x28e/0xa40 [ 70.863986][ T8461] ksys_write+0x1ee/0x250 [ 70.868490][ T8461] do_syscall_64+0x35/0xb0 [ 70.873072][ T8461] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.879139][ T8461] [ 70.881444][ T8461] [ 70.881444][ T8461] the dependencies between the lock to be acquired [ 70.881452][ T8461] and HARDIRQ-irq-unsafe lock: [ 70.894947][ T8461] -> (&f->f_owner.lock){.+.+}-{2:2} { [ 70.900322][ T8461] HARDIRQ-ON-R at: [ 70.904287][ T8461] lock_acquire+0x1ab/0x510 [ 70.910447][ T8461] _raw_read_lock+0x5b/0x70 [ 70.916595][ T8461] f_getown+0x23/0x2a0 [ 70.922311][ T8461] do_fcntl+0xbd8/0x1210 [ 70.928197][ T8461] __x64_sys_fcntl+0x165/0x1e0 [ 70.934605][ T8461] do_syscall_64+0x35/0xb0 [ 70.940663][ T8461] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.948198][ T8461] SOFTIRQ-ON-R at: [ 70.952164][ T8461] lock_acquire+0x1ab/0x510 [ 70.958308][ T8461] _raw_read_lock+0x5b/0x70 [ 70.964450][ T8461] f_getown+0x23/0x2a0 [ 70.970161][ T8461] do_fcntl+0xbd8/0x1210 [ 70.976047][ T8461] __x64_sys_fcntl+0x165/0x1e0 [ 70.982454][ T8461] do_syscall_64+0x35/0xb0 [ 70.988773][ T8461] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.996306][ T8461] INITIAL READ USE at: [ 71.000617][ T8461] lock_acquire+0x1ab/0x510 [ 71.007118][ T8461] _raw_read_lock+0x5b/0x70 [ 71.013608][ T8461] f_getown+0x23/0x2a0 [ 71.019669][ T8461] do_fcntl+0xbd8/0x1210 [ 71.025900][ T8461] __x64_sys_fcntl+0x165/0x1e0 [ 71.032654][ T8461] do_syscall_64+0x35/0xb0 [ 71.039061][ T8461] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.046942][ T8461] } [ 71.049422][ T8461] ... key at: [] __key.5+0x0/0x40 [ 71.056526][ T8461] ... acquired at: [ 71.060307][ T8461] lock_acquire+0x1ab/0x510 [ 71.064976][ T8461] _raw_read_lock_irqsave+0x70/0x90 [ 71.070345][ T8461] send_sigio+0x24/0x380 [ 71.074760][ T8461] kill_fasync+0x1ec/0x460 [ 71.079345][ T8461] evdev_pass_values.part.0+0x64e/0x970 [ 71.085064][ T8461] evdev_events+0x359/0x3e0 [ 71.089753][ T8461] input_to_handler+0x2a0/0x4c0 [ 71.094775][ T8461] input_pass_values.part.0+0x230/0x710 [ 71.100486][ T8461] input_handle_event+0x373/0x1440 [ 71.105764][ T8461] input_inject_event+0x1bd/0x320 [ 71.110954][ T8461] evdev_write+0x430/0x760 [ 71.115540][ T8461] vfs_write+0x28e/0xa40 [ 71.119952][ T8461] ksys_write+0x1ee/0x250 [ 71.124465][ T8461] do_syscall_64+0x35/0xb0 [ 71.129050][ T8461] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.135113][ T8461] [ 71.137418][ T8461] [ 71.137418][ T8461] stack backtrace: [ 71.143295][ T8461] CPU: 0 PID: 8461 Comm: syz-executor294 Not tainted 5.14.0-rc5-syzkaller #0 [ 71.152046][ T8461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.162097][ T8461] Call Trace: [ 71.165367][ T8461] dump_stack_lvl+0xcd/0x134 [ 71.169957][ T8461] check_irq_usage.cold+0x4c1/0x6b0 [ 71.175157][ T8461] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 71.182266][ T8461] ? kernel_text_address+0xbd/0xf0 [ 71.187376][ T8461] ? check_path.constprop.0+0x24/0x50 [ 71.192745][ T8461] ? register_lock_class+0xb7/0x10c0 [ 71.198024][ T8461] ? stack_trace_save+0x8c/0xc0 [ 71.202865][ T8461] ? lockdep_lock+0xc6/0x200 [ 71.207455][ T8461] ? call_rcu_zapped+0xb0/0xb0 [ 71.212217][ T8461] __lock_acquire+0x2a1f/0x54a0 [ 71.217071][ T8461] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.223045][ T8461] lock_acquire+0x1ab/0x510 [ 71.227539][ T8461] ? send_sigio+0x24/0x380 [ 71.231951][ T8461] ? lock_release+0x720/0x720 [ 71.236621][ T8461] ? lock_release+0x720/0x720 [ 71.241288][ T8461] ? lock_release+0x720/0x720 [ 71.245975][ T8461] _raw_read_lock_irqsave+0x70/0x90 [ 71.251164][ T8461] ? send_sigio+0x24/0x380 [ 71.255573][ T8461] send_sigio+0x24/0x380 [ 71.259810][ T8461] kill_fasync+0x1ec/0x460 [ 71.264221][ T8461] evdev_pass_values.part.0+0x64e/0x970 [ 71.269766][ T8461] ? evdev_release+0x410/0x410 [ 71.274524][ T8461] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 71.280239][ T8461] evdev_events+0x359/0x3e0 [ 71.284738][ T8461] ? evdev_pass_values.part.0+0x970/0x970 [ 71.290539][ T8461] input_to_handler+0x2a0/0x4c0 [ 71.295390][ T8461] input_pass_values.part.0+0x230/0x710 [ 71.300932][ T8461] input_handle_event+0x373/0x1440 [ 71.306036][ T8461] input_inject_event+0x1bd/0x320 [ 71.311057][ T8461] evdev_write+0x430/0x760 [ 71.315471][ T8461] ? evdev_read+0xe40/0xe40 [ 71.319968][ T8461] ? security_file_permission+0x248/0x560 [ 71.325687][ T8461] ? evdev_read+0xe40/0xe40 [ 71.330185][ T8461] vfs_write+0x28e/0xa40 [ 71.334428][ T8461] ksys_write+0x1ee/0x250 [ 71.338756][ T8461] ? __ia32_sys_read+0xb0/0xb0 [ 71.343520][ T8461] ? syscall_enter_from_user_mode+0x21/0x70 [ 71.349419][ T8461] do_syscall_64+0x35/0xb0 [ 71.353830][ T8461] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.359719][ T8461] RIP: 0033:0x446459 [ 71.363606][ T8461] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 71.383208][ T8461] RSP: 002b:00007ffd6a44b658 EFL