Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.205' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 62.854936][ T8495] [ 62.857404][ T8495] ======================================================== [ 62.864568][ T8495] WARNING: possible irq lock inversion dependency detected [ 62.871732][ T8495] 5.10.0-rc7-syzkaller #0 Not tainted [ 62.877072][ T8495] -------------------------------------------------------- [ 62.884250][ T8495] syz-executor924/8495 just changed the state of lock: [ 62.891066][ T8495] ffff88801c2fc138 (&f->f_owner.lock){.+..}-{2:2}, at: send_sigio+0x24/0x350 [ 62.899842][ T8495] but this lock was taken by another, HARDIRQ-safe lock in the past: [ 62.907896][ T8495] (&dev->event_lock){-...}-{2:2} [ 62.907908][ T8495] [ 62.907908][ T8495] [ 62.907908][ T8495] and interrupts could create inverse lock ordering between them. [ 62.907908][ T8495] [ 62.927174][ T8495] [ 62.927174][ T8495] other info that might help us debug this: [ 62.935206][ T8495] Chain exists of: [ 62.935206][ T8495] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 62.935206][ T8495] [ 62.948200][ T8495] Possible interrupt unsafe locking scenario: [ 62.948200][ T8495] [ 62.956488][ T8495] CPU0 CPU1 [ 62.961826][ T8495] ---- ---- [ 62.967164][ T8495] lock(&f->f_owner.lock); [ 62.971640][ T8495] local_irq_disable(); [ 62.978367][ T8495] lock(&dev->event_lock); [ 62.985375][ T8495] lock(&new->fa_lock); [ 62.992194][ T8495] [ 62.995622][ T8495] lock(&dev->event_lock); [ 63.000287][ T8495] [ 63.000287][ T8495] *** DEADLOCK *** [ 63.000287][ T8495] [ 63.008405][ T8495] 2 locks held by syz-executor924/8495: [ 63.013916][ T8495] #0: ffffffff8ef66e58 (&fsnotify_mark_srcu){....}-{0:0}, at: fsnotify+0x2e6/0x10a0 [ 63.023374][ T8495] #1: ffff88801ea7b038 (&mark->lock){+.+.}-{2:2}, at: dnotify_handle_event+0x47/0x280 [ 63.032987][ T8495] [ 63.032987][ T8495] the shortest dependencies between 2nd lock and 1st lock: [ 63.042331][ T8495] -> (&dev->event_lock){-...}-{2:2} { [ 63.047943][ T8495] IN-HARDIRQ-W at: [ 63.052164][ T8495] lock_acquire+0x29d/0x740 [ 63.058819][ T8495] _raw_spin_lock_irqsave+0x39/0x50 [ 63.066175][ T8495] input_event+0x7b/0xb0 [ 63.072575][ T8495] psmouse_report_standard_buttons+0x2c/0x80 [ 63.080697][ T8495] psmouse_process_byte+0x1e1/0x890 [ 63.088037][ T8495] psmouse_handle_byte+0x41/0x1b0 [ 63.095205][ T8495] psmouse_interrupt+0x304/0xf00 [ 63.102287][ T8495] serio_interrupt+0x88/0x150 [ 63.109112][ T8495] i8042_interrupt+0x27a/0x520 [ 63.116020][ T8495] __handle_irq_event_percpu+0x303/0x8f0 [ 63.123795][ T8495] handle_irq_event+0x102/0x290 [ 63.130802][ T8495] handle_edge_irq+0x25f/0xd00 [ 63.137708][ T8495] asm_call_irq_on_stack+0xf/0x20 [ 63.144877][ T8495] common_interrupt+0x120/0x200 [ 63.151867][ T8495] asm_common_interrupt+0x1e/0x40 [ 63.159122][ T8495] _raw_spin_unlock_irqrestore+0x25/0x50 [ 63.166899][ T8495] i8042_command+0x12e/0x150 [ 63.173634][ T8495] i8042_aux_write+0xd7/0x120 [ 63.180469][ T8495] ps2_do_sendbyte+0x2ca/0x710 [ 63.187392][ T8495] ps2_sendbyte+0x58/0x150 [ 63.193952][ T8495] cypress_ps2_sendbyte+0x2e/0x160 [ 63.201206][ T8495] cypress_send_ext_cmd+0x1d0/0x8d0 [ 63.208545][ T8495] cypress_detect+0x75/0x190 [ 63.215301][ T8495] psmouse_try_protocol+0x211/0x370 [ 63.222641][ T8495] psmouse_extensions+0x557/0x930 [ 63.229820][ T8495] psmouse_switch_protocol+0x52a/0x740 [ 63.237429][ T8495] psmouse_connect+0x5e6/0xfc0 [ 63.244355][ T8495] serio_driver_probe+0x72/0xa0 [ 63.251356][ T8495] really_probe+0x291/0xde0 [ 63.258009][ T8495] driver_probe_device+0x26b/0x3d0 [ 63.265266][ T8495] device_driver_attach+0x228/0x290 [ 63.272609][ T8495] __driver_attach+0x15b/0x2f0 [ 63.279536][ T8495] bus_for_each_dev+0x147/0x1d0 [ 63.286534][ T8495] serio_handle_event+0x5f6/0xa30 [ 63.293719][ T8495] process_one_work+0x933/0x15a0 [ 63.300799][ T8495] worker_thread+0x64c/0x1120 [ 63.307633][ T8495] kthread+0x3b1/0x4a0 [ 63.313844][ T8495] ret_from_fork+0x1f/0x30 [ 63.320397][ T8495] INITIAL USE at: [ 63.324542][ T8495] lock_acquire+0x29d/0x740 [ 63.331119][ T8495] _raw_spin_lock_irqsave+0x39/0x50 [ 63.338384][ T8495] input_inject_event+0xa6/0x310 [ 63.345394][ T8495] led_set_brightness_nosleep+0xe6/0x1a0 [ 63.353082][ T8495] led_set_brightness+0x134/0x170 [ 63.360163][ T8495] led_trigger_event+0x70/0xd0 [ 63.366993][ T8495] kbd_led_trigger_activate+0xfa/0x130 [ 63.374512][ T8495] led_trigger_set+0x61e/0xbd0 [ 63.381335][ T8495] led_trigger_set_default+0x1a6/0x230 [ 63.388850][ T8495] led_classdev_register_ext+0x5b1/0x7c0 [ 63.396541][ T8495] input_leds_connect+0x3fb/0x740 [ 63.403623][ T8495] input_attach_handler+0x180/0x1f0 [ 63.410879][ T8495] input_register_device.cold+0xf0/0x307 [ 63.418568][ T8495] atkbd_connect+0x736/0xa00 [ 63.425220][ T8495] serio_driver_probe+0x72/0xa0 [ 63.432127][ T8495] really_probe+0x291/0xde0 [ 63.438703][ T8495] driver_probe_device+0x26b/0x3d0 [ 63.445909][ T8495] device_driver_attach+0x228/0x290 [ 63.453163][ T8495] __driver_attach+0x15b/0x2f0 [ 63.460006][ T8495] bus_for_each_dev+0x147/0x1d0 [ 63.466919][ T8495] serio_handle_event+0x5f6/0xa30 [ 63.474002][ T8495] process_one_work+0x933/0x15a0 [ 63.481010][ T8495] worker_thread+0x64c/0x1120 [ 63.487745][ T8495] kthread+0x3b1/0x4a0 [ 63.493871][ T8495] ret_from_fork+0x1f/0x30 [ 63.500349][ T8495] } [ 63.503111][ T8495] ... key at: [] __key.8+0x0/0x40 [ 63.510447][ T8495] ... acquired at: [ 63.514522][ T8495] _raw_spin_lock+0x2a/0x40 [ 63.519173][ T8495] evdev_pass_values.part.0+0xf6/0x970 [ 63.524777][ T8495] evdev_events+0x28b/0x3f0 [ 63.529426][ T8495] input_to_handler+0x2a0/0x4c0 [ 63.534423][ T8495] input_pass_values.part.0+0x284/0x700 [ 63.540112][ T8495] input_handle_event+0x324/0x1400 [ 63.545369][ T8495] input_inject_event+0x2f5/0x310 [ 63.550548][ T8495] evdev_write+0x430/0x760 [ 63.555122][ T8495] vfs_write+0x28e/0xa30 [ 63.559515][ T8495] ksys_write+0x1ee/0x250 [ 63.563995][ T8495] do_syscall_64+0x2d/0x70 [ 63.568566][ T8495] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.574601][ T8495] [ 63.576904][ T8495] -> (&client->buffer_lock){....}-{2:2} { [ 63.582780][ T8495] INITIAL USE at: [ 63.586828][ T8495] lock_acquire+0x29d/0x740 [ 63.593225][ T8495] _raw_spin_lock+0x2a/0x40 [ 63.599625][ T8495] evdev_pass_values.part.0+0xf6/0x970 [ 63.606970][ T8495] evdev_events+0x28b/0x3f0 [ 63.613355][ T8495] input_to_handler+0x2a0/0x4c0 [ 63.620103][ T8495] input_pass_values.part.0+0x284/0x700 [ 63.627530][ T8495] input_handle_event+0x324/0x1400 [ 63.634522][ T8495] input_inject_event+0x2f5/0x310 [ 63.641428][ T8495] evdev_write+0x430/0x760 [ 63.647728][ T8495] vfs_write+0x28e/0xa30 [ 63.653854][ T8495] ksys_write+0x1ee/0x250 [ 63.660066][ T8495] do_syscall_64+0x2d/0x70 [ 63.666367][ T8495] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.674154][ T8495] } [ 63.676809][ T8495] ... key at: [] __key.4+0x0/0x40 [ 63.684062][ T8495] ... acquired at: [ 63.688016][ T8495] _raw_read_lock+0x5b/0x70 [ 63.692668][ T8495] kill_fasync+0x14b/0x460 [ 63.697231][ T8495] evdev_pass_values.part.0+0x64e/0x970 [ 63.702922][ T8495] evdev_events+0x28b/0x3f0 [ 63.707573][ T8495] input_to_handler+0x2a0/0x4c0 [ 63.712572][ T8495] input_pass_values.part.0+0x284/0x700 [ 63.718262][ T8495] input_handle_event+0x324/0x1400 [ 63.723519][ T8495] input_inject_event+0x2f5/0x310 [ 63.728700][ T8495] evdev_write+0x430/0x760 [ 63.733263][ T8495] vfs_write+0x28e/0xa30 [ 63.737653][ T8495] ksys_write+0x1ee/0x250 [ 63.742129][ T8495] do_syscall_64+0x2d/0x70 [ 63.746691][ T8495] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.752723][ T8495] [ 63.755024][ T8495] -> (&new->fa_lock){....}-{2:2} { [ 63.760216][ T8495] INITIAL READ USE at: [ 63.764605][ T8495] lock_acquire+0x29d/0x740 [ 63.771250][ T8495] _raw_read_lock+0x5b/0x70 [ 63.777910][ T8495] kill_fasync+0x14b/0x460 [ 63.784469][ T8495] evdev_pass_values.part.0+0x64e/0x970 [ 63.792156][ T8495] evdev_events+0x28b/0x3f0 [ 63.798802][ T8495] input_to_handler+0x2a0/0x4c0 [ 63.805796][ T8495] input_pass_values.part.0+0x284/0x700 [ 63.813484][ T8495] input_handle_event+0x324/0x1400 [ 63.820738][ T8495] input_inject_event+0x2f5/0x310 [ 63.827904][ T8495] evdev_write+0x430/0x760 [ 63.834469][ T8495] vfs_write+0x28e/0xa30 [ 63.840855][ T8495] ksys_write+0x1ee/0x250 [ 63.847329][ T8495] do_syscall_64+0x2d/0x70 [ 63.853890][ T8495] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.861921][ T8495] } [ 63.864507][ T8495] ... key at: [] __key.0+0x0/0x40 [ 63.871674][ T8495] ... acquired at: [ 63.875558][ T8495] _raw_read_lock+0x5b/0x70 [ 63.880207][ T8495] send_sigio+0x24/0x350 [ 63.884610][ T8495] kill_fasync+0x205/0x460 [ 63.889175][ T8495] evdev_pass_values.part.0+0x64e/0x970 [ 63.894866][ T8495] evdev_events+0x28b/0x3f0 [ 63.899536][ T8495] input_to_handler+0x2a0/0x4c0 [ 63.904561][ T8495] input_pass_values.part.0+0x284/0x700 [ 63.910253][ T8495] input_handle_event+0x324/0x1400 [ 63.915509][ T8495] input_inject_event+0x2f5/0x310 [ 63.920678][ T8495] evdev_write+0x430/0x760 [ 63.925242][ T8495] vfs_write+0x28e/0xa30 [ 63.929647][ T8495] ksys_write+0x1ee/0x250 [ 63.934123][ T8495] do_syscall_64+0x2d/0x70 [ 63.938686][ T8495] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.944718][ T8495] [ 63.947057][ T8495] -> (&f->f_owner.lock){.+..}-{2:2} { [ 63.952432][ T8495] HARDIRQ-ON-R at: [ 63.956403][ T8495] lock_acquire+0x29d/0x740 [ 63.962529][ T8495] _raw_read_lock+0x5b/0x70 [ 63.968655][ T8495] send_sigio+0x24/0x350 [ 63.974520][ T8495] dnotify_handle_event+0x148/0x280 [ 63.981339][ T8495] fsnotify+0xbc1/0x10a0 [ 63.987204][ T8495] do_iter_read+0x531/0x6e0 [ 63.993335][ T8495] vfs_readv+0xe5/0x150 [ 63.999112][ T8495] __x64_sys_preadv+0x231/0x310 [ 64.005583][ T8495] do_syscall_64+0x2d/0x70 [ 64.011623][ T8495] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.019218][ T8495] INITIAL USE at: [ 64.023089][ T8495] lock_acquire+0x29d/0x740 [ 64.029129][ T8495] _raw_write_lock_irq+0x32/0x50 [ 64.035600][ T8495] f_modown+0x2a/0x390 [ 64.041218][ T8495] fcntl_dirnotify+0x736/0xbd0 [ 64.047515][ T8495] do_fcntl+0x269/0x1070 [ 64.053296][ T8495] __x64_sys_fcntl+0x165/0x1e0 [ 64.059619][ T8495] do_syscall_64+0x2d/0x70 [ 64.065572][ T8495] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.072993][ T8495] INITIAL READ USE at: [ 64.077314][ T8495] lock_acquire+0x29d/0x740 [ 64.084501][ T8495] _raw_read_lock+0x5b/0x70 [ 64.090972][ T8495] send_sigio+0x24/0x350 [ 64.097180][ T8495] kill_fasync+0x205/0x460 [ 64.103580][ T8495] evdev_pass_values.part.0+0x64e/0x970 [ 64.111090][ T8495] evdev_events+0x28b/0x3f0 [ 64.117561][ T8495] input_to_handler+0x2a0/0x4c0 [ 64.124381][ T8495] input_pass_values.part.0+0x284/0x700 [ 64.131894][ T8495] input_handle_event+0x324/0x1400 [ 64.138975][ T8495] input_inject_event+0x2f5/0x310 [ 64.145967][ T8495] evdev_write+0x430/0x760 [ 64.152369][ T8495] vfs_write+0x28e/0xa30 [ 64.158582][ T8495] ksys_write+0x1ee/0x250 [ 64.164889][ T8495] do_syscall_64+0x2d/0x70 [ 64.171286][ T8495] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.179139][ T8495] } [ 64.181890][ T8495] ... key at: [] __key.5+0x0/0x40 [ 64.188963][ T8495] ... acquired at: [ 64.192756][ T8495] __lock_acquire+0x120a/0x5500 [ 64.197749][ T8495] lock_acquire+0x29d/0x740 [ 64.202405][ T8495] _raw_read_lock+0x5b/0x70 [ 64.207053][ T8495] send_sigio+0x24/0x350 [ 64.211440][ T8495] dnotify_handle_event+0x148/0x280 [ 64.216781][ T8495] fsnotify+0xbc1/0x10a0 [ 64.221169][ T8495] do_iter_read+0x531/0x6e0 [ 64.225825][ T8495] vfs_readv+0xe5/0x150 [ 64.230125][ T8495] __x64_sys_preadv+0x231/0x310 [ 64.235121][ T8495] do_syscall_64+0x2d/0x70 [ 64.239682][ T8495] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.245713][ T8495] [ 64.248013][ T8495] [ 64.248013][ T8495] stack backtrace: [ 64.254240][ T8495] CPU: 0 PID: 8495 Comm: syz-executor924 Not tainted 5.10.0-rc7-syzkaller #0 [ 64.263013][ T8495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.273041][ T8495] Call Trace: [ 64.276315][ T8495] dump_stack+0x107/0x163 [ 64.280622][ T8495] mark_lock.cold+0x1a/0x73 [ 64.285101][ T8495] ? lock_chain_count+0x20/0x20 [ 64.290017][ T8495] ? unwind_next_frame+0xe3b/0x1f90 [ 64.295190][ T8495] ? lock_chain_count+0x20/0x20 [ 64.300015][ T8495] ? __bfs+0x27a/0x690 [ 64.304075][ T8495] __lock_acquire+0x120a/0x5500 [ 64.308915][ T8495] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 64.314865][ T8495] lock_acquire+0x29d/0x740 [ 64.319340][ T8495] ? send_sigio+0x24/0x350 [ 64.323727][ T8495] ? lock_release+0x710/0x710 [ 64.328398][ T8495] ? lock_release+0x710/0x710 [ 64.333060][ T8495] _raw_read_lock+0x5b/0x70 [ 64.337549][ T8495] ? send_sigio+0x24/0x350 [ 64.341944][ T8495] send_sigio+0x24/0x350 [ 64.346162][ T8495] dnotify_handle_event+0x148/0x280 [ 64.351345][ T8495] ? dnotify_recalc_inode_mask+0x1a0/0x1a0 [ 64.357134][ T8495] fsnotify+0xbc1/0x10a0 [ 64.361349][ T8495] ? fsnotify_first_mark+0x1f0/0x1f0 [ 64.366608][ T8495] ? find_held_lock+0x2d/0x110 [ 64.371342][ T8495] ? iovec_from_user+0x210/0x3c0 [ 64.376252][ T8495] do_iter_read+0x531/0x6e0 [ 64.380728][ T8495] ? import_iovec+0x10c/0x150 [ 64.385391][ T8495] vfs_readv+0xe5/0x150 [ 64.389544][ T8495] ? vfs_iter_read+0xa0/0xa0 [ 64.394120][ T8495] ? fsnotify_wait_marks_destroyed+0x20/0x20 [ 64.400071][ T8495] ? __fsnotify_update_child_dentry_flags+0x50/0x70 [ 64.406630][ T8495] ? fcntl_dirnotify+0x21a/0xbd0 [ 64.411539][ T8495] ? do_fcntl+0xa3/0x1070 [ 64.415844][ T8495] ? blkcg_maybe_throttle_current+0x64d/0xd80 [ 64.421912][ T8495] ? f_setown+0x230/0x230 [ 64.426226][ T8495] __x64_sys_preadv+0x231/0x310 [ 64.431052][ T8495] ? __ia32_sys_writev+0xb0/0xb0 [ 64.435967][ T8495] ? syscall_enter_from_user_mode+0x1d/0x50 [ 64.441849][ T8495] do_syscall_64+0x2d/0x70 [ 64.446288][ T8495] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.452153][ T8495] RIP: 0033:0x446d09 [ 64.456027][ T8495] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.475605][ T8495] RSP: 002b:00007ffe07d15b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 64.483992][ T8495] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000446d09 [ 64.491943][ T8495] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 64.499886][ T8495] RBP: 00000000006d1018 R08: 0000000000000000 R09: 65732f636f72702f [ 64.507831][ T8495] R10: 0000000000000000 R11: