[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.124' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   50.686932][ T2926] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   51.056318][ T2926] usb 1-1: config 0 has an invalid interface number: 123 but max is 0
[   51.064674][ T2926] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   51.075516][ T2926] usb 1-1: config 0 has no interface number 0
[   51.082007][ T2926] usb 1-1: config 0 interface 123 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[   51.246389][ T2926] usb 1-1: New USB device found, idVendor=0781, idProduct=0100, bcdDevice= 1.00
[   51.255466][ T2926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   51.263598][ T2926] usb 1-1: Product: syz
[   51.267850][ T2926] usb 1-1: Manufacturer: syz
[   51.272460][ T2926] usb 1-1: SerialNumber: syz
[   51.283810][ T2926] usb 1-1: config 0 descriptor??
[   51.564455][ T8356] 
[   51.566824][ T8356] ========================================================
[   51.573991][ T8356] WARNING: possible irq lock inversion dependency detected
[   51.581178][ T8356] 5.12.0-rc5-syzkaller #0 Not tainted
[   51.586585][ T8356] --------------------------------------------------------
[   51.593758][ T8356] syz-executor886/8356 just changed the state of lock:
[   51.600599][ T8356] ffff888020e8cdb8 (&f->f_owner.lock){.+..}-{2:2}, at: do_fcntl+0xd8/0x12e0
[   51.609317][ T8356] but this lock was taken by another, HARDIRQ-safe lock in the past:
[   51.617375][ T8356]  (&dev->event_lock){-...}-{2:2}
[   51.617396][ T8356] 
[   51.617396][ T8356] 
[   51.617396][ T8356] and interrupts could create inverse lock ordering between them.
[   51.617396][ T8356] 
[   51.636699][ T8356] 
[   51.636699][ T8356] other info that might help us debug this:
[   51.644741][ T8356] Chain exists of:
[   51.644741][ T8356]   &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock
[   51.644741][ T8356] 
[   51.657850][ T8356]  Possible interrupt unsafe locking scenario:
[   51.657850][ T8356] 
[   51.666156][ T8356]        CPU0                    CPU1
[   51.671605][ T8356]        ----                    ----
[   51.676962][ T8356]   lock(&f->f_owner.lock);
[   51.681443][ T8356]                                local_irq_disable();
[   51.688173][ T8356]                                lock(&dev->event_lock);
[   51.695171][ T8356]                                lock(&new->fa_lock);
[   51.701922][ T8356]   <Interrupt>
[   51.705355][ T8356]     lock(&dev->event_lock);
[   51.710039][ T8356] 
[   51.710039][ T8356]  *** DEADLOCK ***
[   51.710039][ T8356] 
[   51.718155][ T8356] no locks held by syz-executor886/8356.
[   51.723769][ T8356] 
[   51.723769][ T8356] the shortest dependencies between 2nd lock and 1st lock:
[   51.733126][ T8356]    -> (&dev->event_lock){-...}-{2:2} {
[   51.738780][ T8356]       IN-HARDIRQ-W at:
[   51.742997][ T8356]                           lock_acquire+0x126/0x650
[   51.749656][ T8356]                           _raw_spin_lock_irqsave+0x73/0xa0
[   51.757009][ T8356]                           input_event+0x89/0xc0
[   51.763403][ T8356]                           psmouse_report_standard_packet+0x4f/0x200
[   51.771531][ T8356]                           psmouse_process_byte+0x44f/0x640
[   51.779397][ T8356]                           psmouse_handle_byte+0x44/0x4a0
[   51.786569][ T8356]                           psmouse_interrupt+0x6d0/0x10c0
[   51.793757][ T8356]                           serio_interrupt+0x88/0x130
[   51.800599][ T8356]                           i8042_interrupt+0x34c/0x740
[   51.807532][ T8356]                           __handle_irq_event_percpu+0x1b7/0x620
[   51.815400][ T8356]                           handle_irq_event+0xbd/0x280
[   51.822328][ T8356]                           handle_edge_irq+0x245/0xbe0
[   51.829239][ T8356]                           __common_interrupt+0xce/0x1e0
[   51.836326][ T8356]                           common_interrupt+0x9c/0xc0
[   51.843154][ T8356]                           asm_common_interrupt+0x1e/0x40
[   51.850336][ T8356]                           _raw_spin_unlock_irqrestore+0x7a/0xc0
[   51.858128][ T8356]                           i8042_aux_write+0xd2/0x140
[   51.864965][ T8356]                           ps2_do_sendbyte+0x197/0x620
[   51.871898][ T8356]                           ps2_sendbyte+0x5c/0x120
[   51.878478][ T8356]                           cypress_ps2_read_cmd_status+0xef/0x560
[   51.886362][ T8356]                           cypress_send_ext_cmd+0xfa/0x3e0
[   51.897886][ T8356]                           cypress_detect+0x37/0x190
[   51.904624][ T8356]                           psmouse_extensions+0x13dc/0x1ff0
[   51.911988][ T8356]                           psmouse_switch_protocol+0x307/0x840
[   51.920548][ T8356]                           psmouse_connect+0x887/0x1540
[   51.927544][ T8356]                           serio_driver_probe+0x76/0x90
[   51.934552][ T8356]                           really_probe+0x45f/0x13d0
[   51.941721][ T8356]                           driver_probe_device+0x15a/0x310
[   51.948976][ T8356]                           device_driver_attach+0x176/0x280
[   51.956332][ T8356]                           __driver_attach+0xa7/0x490
[   51.963165][ T8356]                           bus_for_each_dev+0x109/0x160
[   51.970164][ T8356]                           serio_handle_event+0x8d1/0x1070
[   51.977434][ T8356]                           process_one_work+0x789/0xfd0
[   51.984622][ T8356]                           worker_thread+0xac1/0x1300
[   51.991463][ T8356]                           kthread+0x39a/0x3c0
[   51.997678][ T8356]                           ret_from_fork+0x1f/0x30
[   52.004255][ T8356]       INITIAL USE at:
[   52.008397][ T8356]                          lock_acquire+0x126/0x650
[   52.014976][ T8356]                          _raw_spin_lock_irqsave+0x73/0xa0
[   52.022254][ T8356]                          input_inject_event+0xb3/0x280
[   52.029278][ T8356]                          led_trigger_event+0x6f/0xd0
[   52.036128][ T8356]                          kbd_led_trigger_activate+0x116/0x160
[   52.043761][ T8356]                          led_trigger_set+0x4ca/0x8c0
[   52.050608][ T8356]                          led_trigger_set_default+0x1ca/0x200
[   52.058134][ T8356]                          led_classdev_register_ext+0x603/0x7b0
[   52.065845][ T8356]                          input_leds_connect+0x495/0x660
[   52.072961][ T8356]                          input_register_device+0xd36/0x1220
[   52.080405][ T8356]                          atkbd_connect+0x74a/0x9f0
[   52.087083][ T8356]                          serio_driver_probe+0x76/0x90
[   52.094000][ T8356]                          really_probe+0x45f/0x13d0
[   52.100740][ T8356]                          driver_probe_device+0x15a/0x310
[   52.108013][ T8356]                          device_driver_attach+0x176/0x280
[   52.115272][ T8356]                          __driver_attach+0xa7/0x490
[   52.122011][ T8356]                          bus_for_each_dev+0x109/0x160
[   52.128946][ T8356]                          serio_handle_event+0x8d1/0x1070
[   52.136138][ T8356]                          process_one_work+0x789/0xfd0
[   52.143054][ T8356]                          worker_thread+0xac1/0x1300
[   52.149790][ T8356]                          kthread+0x39a/0x3c0
[   52.155928][ T8356]                          ret_from_fork+0x1f/0x30
[   52.162411][ T8356]     }
[   52.165166][ T8356]     ... key      at: [<ffffffff9038cbe0>] input_allocate_device.__key.6+0x0/0x40
[   52.174441][ T8356]     ... acquired at:
[   52.178507][ T8356]    lock_acquire+0x126/0x650
[   52.183208][ T8356]    _raw_spin_lock+0x2a/0x40
[   52.187885][ T8356]    evdev_pass_values+0xd9/0xaa0
[   52.192920][ T8356]    evdev_events+0x1c5/0x270
[   52.197600][ T8356]    input_pass_values+0x89c/0x11d0
[   52.202785][ T8356]    input_handle_event+0xb99/0x1550
[   52.208065][ T8356]    input_inject_event+0x1e8/0x280
[   52.213249][ T8356]    evdev_write+0x54d/0x6a0
[   52.217830][ T8356]    vfs_write+0x220/0xab0
[   52.222232][ T8356]    ksys_write+0x11b/0x220
[   52.226720][ T8356]    do_syscall_64+0x2d/0x70
[   52.231296][ T8356]    entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.237382][ T8356] 
[   52.239702][ T8356]   -> (&client->buffer_lock){....}-{2:2} {
[   52.245635][ T8356]      INITIAL USE at:
[   52.249700][ T8356]                        lock_acquire+0x126/0x650
[   52.256114][ T8356]                        _raw_spin_lock+0x2a/0x40
[   52.262615][ T8356]                        evdev_pass_values+0xd9/0xaa0
[   52.269383][ T8356]                        evdev_events+0x1c5/0x270
[   52.275980][ T8356]                        input_pass_values+0x89c/0x11d0
[   52.282892][ T8356]                        input_handle_event+0xb99/0x1550
[   52.289900][ T8356]                        input_inject_event+0x1e8/0x280
[   52.296821][ T8356]                        evdev_write+0x54d/0x6a0
[   52.303130][ T8356]                        vfs_write+0x220/0xab0
[   52.309263][ T8356]                        ksys_write+0x11b/0x220
[   52.315570][ T8356]                        do_syscall_64+0x2d/0x70
[   52.321902][ T8356]                        entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.329683][ T8356]    }
[   52.332345][ T8356]    ... key      at: [<ffffffff9038d160>] evdev_open.__key.23+0x0/0x40
[   52.340649][ T8356]    ... acquired at:
[   52.344615][ T8356]    lock_acquire+0x126/0x650
[   52.349267][ T8356]    _raw_read_lock+0x32/0x40
[   52.353922][ T8356]    kill_fasync+0x19b/0x440
[   52.358496][ T8356]    evdev_pass_values+0x58a/0xaa0
[   52.363793][ T8356]    evdev_events+0x1c5/0x270
[   52.368444][ T8356]    input_pass_values+0x89c/0x11d0
[   52.373614][ T8356]    input_handle_event+0xb99/0x1550
[   52.378889][ T8356]    input_inject_event+0x1e8/0x280
[   52.384076][ T8356]    evdev_write+0x54d/0x6a0
[   52.388641][ T8356]    vfs_write+0x220/0xab0
[   52.393047][ T8356]    ksys_write+0x11b/0x220
[   52.397523][ T8356]    do_syscall_64+0x2d/0x70
[   52.402089][ T8356]    entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.408159][ T8356] 
[   52.410460][ T8356]  -> (&new->fa_lock){....}-{2:2} {
[   52.415642][ T8356]     INITIAL READ USE at:
[   52.420030][ T8356]                           lock_acquire+0x126/0x650
[   52.426678][ T8356]                           _raw_read_lock+0x32/0x40
[   52.433340][ T8356]                           kill_fasync+0x19b/0x440
[   52.439904][ T8356]                           evdev_pass_values+0x58a/0xaa0
[   52.446989][ T8356]                           evdev_events+0x1c5/0x270
[   52.453655][ T8356]                           input_pass_values+0x89c/0x11d0
[   52.460823][ T8356]                           input_handle_event+0xb99/0x1550
[   52.468087][ T8356]                           input_inject_event+0x1e8/0x280
[   52.475279][ T8356]                           evdev_write+0x54d/0x6a0
[   52.481842][ T8356]                           vfs_write+0x220/0xab0
[   52.488247][ T8356]                           ksys_write+0x11b/0x220
[   52.494722][ T8356]                           do_syscall_64+0x2d/0x70
[   52.501286][ T8356]                           entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.509342][ T8356]   }
[   52.511912][ T8356]   ... key      at: [<ffffffff90052ac0>] fasync_insert_entry.__key+0x0/0x40
[   52.520650][ T8356]   ... acquired at:
[   52.524515][ T8356]    lock_acquire+0x126/0x650
[   52.529182][ T8356]    _raw_read_lock_irqsave+0x7b/0xb0
[   52.534532][ T8356]    send_sigio+0x2f/0x300
[   52.538924][ T8356]    kill_fasync+0x243/0x440
[   52.543510][ T8356]    evdev_pass_values+0x58a/0xaa0
[   52.548596][ T8356]    evdev_events+0x1c5/0x270
[   52.553247][ T8356]    input_pass_values+0x89c/0x11d0
[   52.558431][ T8356]    input_handle_event+0xb99/0x1550
[   52.563692][ T8356]    input_inject_event+0x1e8/0x280
[   52.568864][ T8356]    evdev_write+0x54d/0x6a0
[   52.573444][ T8356]    vfs_write+0x220/0xab0
[   52.577850][ T8356]    ksys_write+0x11b/0x220
[   52.582327][ T8356]    do_syscall_64+0x2d/0x70
[   52.586892][ T8356]    entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.593126][ T8356] 
[   52.595433][ T8356] -> (&f->f_owner.lock){.+..}-{2:2} {
[   52.600980][ T8356]    HARDIRQ-ON-R at:
[   52.604935][ T8356]                     lock_acquire+0x126/0x650
[   52.611076][ T8356]                     _raw_read_lock+0x32/0x40
[   52.617217][ T8356]                     do_fcntl+0xd8/0x12e0
[   52.622998][ T8356]                     __se_sys_fcntl+0xd8/0x1b0
[   52.629226][ T8356]                     do_syscall_64+0x2d/0x70
[   52.635267][ T8356]                     entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.642886][ T8356]    INITIAL READ USE at:
[   52.647189][ T8356]                         lock_acquire+0x126/0x650
[   52.653665][ T8356]                         _raw_read_lock_irqsave+0x7b/0xb0
[   52.660833][ T8356]                         send_sigio+0x2f/0x300
[   52.667065][ T8356]                         kill_fasync+0x243/0x440
[   52.673451][ T8356]                         evdev_pass_values+0x58a/0xaa0
[   52.680378][ T8356]                         evdev_events+0x1c5/0x270
[   52.686854][ T8356]                         input_pass_values+0x89c/0x11d0
[   52.693942][ T8356]                         input_handle_event+0xb99/0x1550
[   52.701295][ T8356]                         input_inject_event+0x1e8/0x280
[   52.708311][ T8356]                         evdev_write+0x54d/0x6a0
[   52.714702][ T8356]                         vfs_write+0x220/0xab0
[   52.720929][ T8356]                         ksys_write+0x11b/0x220
[   52.727236][ T8356]                         do_syscall_64+0x2d/0x70
[   52.733644][ T8356]                         entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.741509][ T8356]  }
[   52.743988][ T8356]  ... key      at: [<ffffffff90051c00>] __alloc_file.__key+0x0/0x10
[   52.752029][ T8356]  ... acquired at:
[   52.755823][ T8356]    __lock_acquire+0xc20/0x5e60
[   52.760739][ T8356]    lock_acquire+0x126/0x650
[   52.765477][ T8356]    _raw_read_lock+0x32/0x40
[   52.770128][ T8356]    do_fcntl+0xd8/0x12e0
[   52.774445][ T8356]    __se_sys_fcntl+0xd8/0x1b0
[   52.779191][ T8356]    do_syscall_64+0x2d/0x70
[   52.783766][ T8356]    entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.789818][ T8356] 
[   52.792119][ T8356] 
[   52.792119][ T8356] stack backtrace:
[   52.797995][ T8356] CPU: 1 PID: 8356 Comm: syz-executor886 Not tainted 5.12.0-rc5-syzkaller #0
[   52.806852][ T8356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.816881][ T8356] Call Trace:
[   52.820144][ T8356]  dump_stack+0x176/0x24e
[   52.824452][ T8356]  print_irq_inversion_bug+0xa93/0xe00
[   52.829891][ T8356]  ? stack_trace_save+0xad/0x150
[   52.836730][ T8356]  mark_lock+0x11d0/0x1fe0
[   52.844540][ T8356]  ? kasan_set_track+0x54/0x70
[   52.849278][ T8356]  ? kasan_set_free_info+0x1f/0x40
[   52.854363][ T8356]  ? entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.861374][ T8356]  __lock_acquire+0xc20/0x5e60
[   52.866119][ T8356]  ? rcu_read_lock_sched_held+0x41/0xb0
[   52.871654][ T8356]  lock_acquire+0x126/0x650
[   52.876134][ T8356]  ? do_fcntl+0xd8/0x12e0
[   52.880445][ T8356]  _raw_read_lock+0x32/0x40
[   52.884925][ T8356]  ? do_fcntl+0xd8/0x12e0
[   52.889237][ T8356]  do_fcntl+0xd8/0x12e0
[   52.893368][ T8356]  ? bpf_lsm_file_fcntl+0x5/0x10
[   52.898284][ T8356]  __se_sys_fcntl+0xd8/0x1b0
[   52.902870][ T8356]  do_syscall_64+0x2d/0x70
[   52.907264][ T8356]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.913135][ T8356] RIP: 0033:0x446d89
[   52.917008][ T8356] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   52.936594][ T8356] RSP: 002b:00007ffdaac6c638 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[   52.945005][ T8356] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000446d89
[   52.953053][ T8356] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000000000006
[   52.961013][ T8356] RBP: 0000000000406610 R08: 00000000004004a0 R09: 00000000004004a0
[   52.968987][ T8356