Warning: Permanently added '10.128.1.8' (ECDSA) to the list of known hosts. executing program [ 68.593435][ T8453] [ 68.595781][ T8453] ===================================================== [ 68.602699][ T8453] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 68.602712][ T8453] 5.14.0-rc2-syzkaller #0 Not tainted [ 68.602721][ T8453] ----------------------------------------------------- [ 68.602726][ T8453] syz-executor605/8453 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 68.602745][ T8453] ffff88803666d2b8 (&f->f_owner.lock){.+.+}-{2:2}, at: send_sigio+0x24/0x380 [ 68.602815][ T8453] [ 68.602815][ T8453] and this task is already holding: [ 68.602820][ T8453] ffff88801a29f018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x132/0x460 [ 68.646969][ T8453] which would create a new lock dependency: [ 68.646976][ T8453] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){.+.+}-{2:2} [ 68.647016][ T8453] [ 68.647016][ T8453] but this new dependency connects a HARDIRQ-irq-safe lock: [ 68.647023][ T8453] (&dev->event_lock){-...}-{2:2} [ 68.647041][ T8453] [ 68.647041][ T8453] ... which became HARDIRQ-irq-safe at: [ 68.647048][ T8453] lock_acquire+0x1ab/0x510 [ 68.647067][ T8453] _raw_spin_lock_irqsave+0x39/0x50 [ 68.647101][ T8453] input_event+0x7b/0xb0 [ 68.647118][ T8453] psmouse_report_standard_buttons+0x2c/0x80 [ 68.647143][ T8453] psmouse_process_byte+0x1e1/0x890 [ 68.647167][ T8453] psmouse_handle_byte+0x41/0x1b0 [ 68.722714][ T8453] psmouse_interrupt+0x304/0xf00 [ 68.722745][ T8453] serio_interrupt+0x88/0x150 [ 68.722764][ T8453] i8042_interrupt+0x27a/0x520 [ 68.722784][ T8453] __handle_irq_event_percpu+0x303/0x8f0 [ 68.722806][ T8453] handle_irq_event+0x102/0x280 [ 68.722826][ T8453] handle_edge_irq+0x25f/0xd00 [ 68.722849][ T8453] __common_interrupt+0x9d/0x210 [ 68.722871][ T8453] common_interrupt+0x9f/0xd0 [ 68.722891][ T8453] asm_common_interrupt+0x1e/0x40 [ 68.722908][ T8453] __sanitizer_cov_trace_pc+0x0/0x60 [ 68.722927][ T8453] kernfs_activate+0x89/0x1d0 [ 68.722946][ T8453] kernfs_add_one+0x36a/0x4c0 [ 68.782577][ T8453] __kernfs_create_file+0x29c/0x350 [ 68.782609][ T8453] sysfs_add_file_mode_ns+0x226/0x540 [ 68.782629][ T8453] sysfs_create_file_ns+0x131/0x1c0 [ 68.782650][ T8453] driver_create_file+0x48/0x70 [ 68.782674][ T8453] bus_add_driver+0x3fd/0x630 [ 68.782695][ T8453] driver_register+0x220/0x3a0 [ 68.782717][ T8453] usb_register_driver+0x249/0x460 [ 68.818299][ T8453] do_one_initcall+0x103/0x650 [ 68.818327][ T8453] kernel_init_freeable+0x6b8/0x741 [ 68.818346][ T8453] kernel_init+0x1a/0x1d0 [ 68.818368][ T8453] ret_from_fork+0x1f/0x30 [ 68.818388][ T8453] [ 68.818388][ T8453] to a HARDIRQ-irq-unsafe lock: [ 68.818395][ T8453] (&f->f_owner.lock){.+.+}-{2:2} [ 68.818415][ T8453] [ 68.818415][ T8453] ... which became HARDIRQ-irq-unsafe at: [ 68.818422][ T8453] ... [ 68.818425][ T8453] lock_acquire+0x1ab/0x510 [ 68.818442][ T8453] _raw_read_lock+0x5b/0x70 [ 68.818464][ T8453] do_fcntl+0x8af/0x1210 [ 68.818483][ T8453] __x64_sys_fcntl+0x165/0x1e0 [ 68.818503][ T8453] do_syscall_64+0x35/0xb0 [ 68.818527][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 68.888810][ T8453] [ 68.888810][ T8453] other info that might help us debug this: [ 68.888810][ T8453] [ 68.888818][ T8453] Chain exists of: [ 68.888818][ T8453] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 68.888818][ T8453] [ 68.888846][ T8453] Possible interrupt unsafe locking scenario: [ 68.888846][ T8453] [ 68.888850][ T8453] CPU0 CPU1 [ 68.888854][ T8453] ---- ---- [ 68.888858][ T8453] lock(&f->f_owner.lock); [ 68.888870][ T8453] local_irq_disable(); [ 68.888875][ T8453] lock(&dev->event_lock); [ 68.888887][ T8453] lock(&new->fa_lock); [ 68.888899][ T8453] [ 68.888902][ T8453] lock(&dev->event_lock); [ 68.888913][ T8453] [ 68.888913][ T8453] *** DEADLOCK *** [ 68.888913][ T8453] [ 68.888917][ T8453] 8 locks held by syz-executor605/8453: [ 68.888929][ T8453] #0: ffff888146f27110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 68.978317][ T8453] #1: ffff888146a96230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xa6/0x320 [ 68.978366][ T8453] #2: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x320 [ 68.978411][ T8453] #3: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 68.978456][ T8453] #4: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 [ 68.978528][ T8453] #5: ffff888020996028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 69.027092][ T8453] #6: ffffffff8b97b9c0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 [ 69.027144][ T8453] #7: ffff88801a29f018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x132/0x460 [ 69.027191][ T8453] [ 69.027191][ T8453] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 69.027199][ T8453] -> (&dev->event_lock){-...}-{2:2} { [ 69.066408][ T8453] IN-HARDIRQ-W at: [ 69.066419][ T8453] lock_acquire+0x1ab/0x510 [ 69.066486][ T8453] _raw_spin_lock_irqsave+0x39/0x50 [ 69.066511][ T8453] input_event+0x7b/0xb0 [ 69.066530][ T8453] psmouse_report_standard_buttons+0x2c/0x80 [ 69.066556][ T8453] psmouse_process_byte+0x1e1/0x890 [ 69.066588][ T8453] psmouse_handle_byte+0x41/0x1b0 [ 69.066612][ T8453] psmouse_interrupt+0x304/0xf00 [ 69.125289][ T8453] serio_interrupt+0x88/0x150 [ 69.125320][ T8453] i8042_interrupt+0x27a/0x520 [ 69.125339][ T8453] __handle_irq_event_percpu+0x303/0x8f0 [ 69.125361][ T8453] handle_irq_event+0x102/0x280 [ 69.125381][ T8453] handle_edge_irq+0x25f/0xd00 [ 69.125404][ T8453] __common_interrupt+0x9d/0x210 [ 69.125428][ T8453] common_interrupt+0x9f/0xd0 [ 69.173550][ T8453] asm_common_interrupt+0x1e/0x40 [ 69.180559][ T8453] __sanitizer_cov_trace_pc+0x0/0x60 [ 69.187825][ T8453] kernfs_activate+0x89/0x1d0 [ 69.194493][ T8453] kernfs_add_one+0x36a/0x4c0 [ 69.201146][ T8453] __kernfs_create_file+0x29c/0x350 [ 69.208327][ T8453] sysfs_add_file_mode_ns+0x226/0x540 [ 69.215677][ T8453] sysfs_create_file_ns+0x131/0x1c0 [ 69.222851][ T8453] driver_create_file+0x48/0x70 [ 69.229681][ T8453] bus_add_driver+0x3fd/0x630 [ 69.236349][ T8453] driver_register+0x220/0x3a0 [ 69.243107][ T8453] usb_register_driver+0x249/0x460 [ 69.250213][ T8453] do_one_initcall+0x103/0x650 [ 69.256962][ T8453] kernel_init_freeable+0x6b8/0x741 [ 69.264157][ T8453] kernel_init+0x1a/0x1d0 [ 69.270473][ T8453] ret_from_fork+0x1f/0x30 [ 69.276873][ T8453] INITIAL USE at: [ 69.280917][ T8453] lock_acquire+0x1ab/0x510 [ 69.287307][ T8453] _raw_spin_lock_irqsave+0x39/0x50 [ 69.294399][ T8453] input_inject_event+0xa6/0x320 [ 69.301226][ T8453] led_set_brightness_nosleep+0xe6/0x1a0 [ 69.308752][ T8453] led_set_brightness+0x134/0x170 [ 69.315663][ T8453] led_trigger_event+0x75/0xd0 [ 69.322314][ T8453] kbd_led_trigger_activate+0xc9/0x100 [ 69.329669][ T8453] led_trigger_set+0x61e/0xbd0 [ 69.336330][ T8453] led_trigger_set_default+0x1a6/0x230 [ 69.343705][ T8453] led_classdev_register_ext+0x5b1/0x7c0 [ 69.351235][ T8453] input_leds_connect+0x4bd/0x860 [ 69.358165][ T8453] input_attach_handler+0x180/0x1f0 [ 69.365257][ T8453] input_register_device.cold+0xf0/0x304 [ 69.372799][ T8453] atkbd_connect+0x739/0xa00 [ 69.379284][ T8453] serio_driver_probe+0x72/0xa0 [ 69.386130][ T8453] really_probe+0x23c/0xcd0 [ 69.392561][ T8453] __driver_probe_device+0x338/0x4d0 [ 69.399748][ T8453] driver_probe_device+0x4c/0x1a0 [ 69.406679][ T8453] __driver_attach+0x22d/0x4e0 [ 69.413370][ T8453] bus_for_each_dev+0x147/0x1d0 [ 69.420201][ T8453] serio_handle_event+0x5f6/0xa30 [ 69.427120][ T8453] process_one_work+0x98d/0x1630 [ 69.433954][ T8453] worker_thread+0x658/0x11f0 [ 69.440590][ T8453] kthread+0x3e5/0x4d0 [ 69.446550][ T8453] ret_from_fork+0x1f/0x30 [ 69.452867][ T8453] } [ 69.455536][ T8453] ... key at: [] __key.8+0x0/0x40 [ 69.462820][ T8453] -> (&client->buffer_lock){....}-{2:2} { [ 69.468621][ T8453] INITIAL USE at: [ 69.472579][ T8453] lock_acquire+0x1ab/0x510 [ 69.478818][ T8453] _raw_spin_lock+0x2a/0x40 [ 69.485054][ T8453] evdev_pass_values.part.0+0xf6/0x970 [ 69.492231][ T8453] evdev_events+0x359/0x3e0 [ 69.498543][ T8453] input_to_handler+0x2a0/0x4c0 [ 69.505128][ T8453] input_pass_values.part.0+0x230/0x710 [ 69.512387][ T8453] input_handle_event+0x373/0x1440 [ 69.519300][ T8453] input_inject_event+0x1bd/0x320 [ 69.526037][ T8453] evdev_write+0x430/0x760 [ 69.532169][ T8453] vfs_write+0x28e/0xa40 [ 69.538125][ T8453] ksys_write+0x1ee/0x250 [ 69.544175][ T8453] do_syscall_64+0x35/0xb0 [ 69.550311][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 69.557939][ T8453] } [ 69.560501][ T8453] ... key at: [] __key.4+0x0/0x40 [ 69.567706][ T8453] ... acquired at: [ 69.571627][ T8453] _raw_spin_lock+0x2a/0x40 [ 69.576294][ T8453] evdev_pass_values.part.0+0xf6/0x970 [ 69.581914][ T8453] evdev_events+0x359/0x3e0 [ 69.586573][ T8453] input_to_handler+0x2a0/0x4c0 [ 69.591587][ T8453] input_pass_values.part.0+0x230/0x710 [ 69.597426][ T8453] input_handle_event+0x373/0x1440 [ 69.602698][ T8453] input_inject_event+0x1bd/0x320 [ 69.607883][ T8453] evdev_write+0x430/0x760 [ 69.612462][ T8453] vfs_write+0x28e/0xa40 [ 69.616862][ T8453] ksys_write+0x1ee/0x250 [ 69.621347][ T8453] do_syscall_64+0x35/0xb0 [ 69.625925][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 69.631976][ T8453] [ 69.634282][ T8453] -> (&new->fa_lock){....}-{2:2} { [ 69.639426][ T8453] INITIAL READ USE at: [ 69.643736][ T8453] lock_acquire+0x1ab/0x510 [ 69.650230][ T8453] _raw_read_lock+0x5b/0x70 [ 69.656711][ T8453] kill_fasync+0x132/0x460 [ 69.663110][ T8453] evdev_pass_values.part.0+0x64e/0x970 [ 69.670654][ T8453] evdev_events+0x359/0x3e0 [ 69.677145][ T8453] input_to_handler+0x2a0/0x4c0 [ 69.684006][ T8453] input_pass_values.part.0+0x230/0x710 [ 69.691628][ T8453] input_handle_event+0x373/0x1440 [ 69.698715][ T8453] input_inject_event+0x1bd/0x320 [ 69.705712][ T8453] evdev_write+0x430/0x760 [ 69.712103][ T8453] vfs_write+0x28e/0xa40 [ 69.718321][ T8453] ksys_write+0x1ee/0x250 [ 69.724626][ T8453] do_syscall_64+0x35/0xb0 [ 69.731018][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 69.738901][ T8453] } [ 69.741381][ T8453] ... key at: [] __key.0+0x0/0x40 [ 69.748486][ T8453] ... acquired at: [ 69.752265][ T8453] _raw_read_lock+0x5b/0x70 [ 69.756932][ T8453] kill_fasync+0x132/0x460 [ 69.761503][ T8453] evdev_pass_values.part.0+0x64e/0x970 [ 69.767204][ T8453] evdev_events+0x359/0x3e0 [ 69.771863][ T8453] input_to_handler+0x2a0/0x4c0 [ 69.776878][ T8453] input_pass_values.part.0+0x230/0x710 [ 69.782582][ T8453] input_handle_event+0x373/0x1440 [ 69.787848][ T8453] input_inject_event+0x1bd/0x320 [ 69.793029][ T8453] evdev_write+0x430/0x760 [ 69.797601][ T8453] vfs_write+0x28e/0xa40 [ 69.801998][ T8453] ksys_write+0x1ee/0x250 [ 69.806480][ T8453] do_syscall_64+0x35/0xb0 [ 69.811048][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 69.817136][ T8453] [ 69.819454][ T8453] [ 69.819454][ T8453] the dependencies between the lock to be acquired [ 69.819460][ T8453] and HARDIRQ-irq-unsafe lock: [ 69.832987][ T8453] -> (&f->f_owner.lock){.+.+}-{2:2} { [ 69.838347][ T8453] HARDIRQ-ON-R at: [ 69.842315][ T8453] lock_acquire+0x1ab/0x510 [ 69.848467][ T8453] _raw_read_lock+0x5b/0x70 [ 69.854783][ T8453] do_fcntl+0x8af/0x1210 [ 69.860743][ T8453] __x64_sys_fcntl+0x165/0x1e0 [ 69.867135][ T8453] do_syscall_64+0x35/0xb0 [ 69.873186][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 69.880822][ T8453] SOFTIRQ-ON-R at: [ 69.884786][ T8453] lock_acquire+0x1ab/0x510 [ 69.890920][ T8453] _raw_read_lock+0x5b/0x70 [ 69.897069][ T8453] do_fcntl+0x8af/0x1210 [ 69.902951][ T8453] __x64_sys_fcntl+0x165/0x1e0 [ 69.909344][ T8453] do_syscall_64+0x35/0xb0 [ 69.915399][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 69.922947][ T8453] INITIAL READ USE at: [ 69.927251][ T8453] lock_acquire+0x1ab/0x510 [ 69.933743][ T8453] _raw_read_lock+0x5b/0x70 [ 69.940225][ T8453] do_fcntl+0x8af/0x1210 [ 69.946458][ T8453] __x64_sys_fcntl+0x165/0x1e0 [ 69.953198][ T8453] do_syscall_64+0x35/0xb0 [ 69.959596][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 69.967475][ T8453] } [ 69.970042][ T8453] ... key at: [] __key.5+0x0/0x40 [ 69.977140][ T8453] ... acquired at: [ 69.980923][ T8453] lock_acquire+0x1ab/0x510 [ 69.985602][ T8453] _raw_read_lock_irqsave+0x70/0x90 [ 69.990963][ T8453] send_sigio+0x24/0x380 [ 69.995360][ T8453] kill_fasync+0x1ec/0x460 [ 69.999935][ T8453] evdev_pass_values.part.0+0x64e/0x970 [ 70.005641][ T8453] evdev_events+0x359/0x3e0 [ 70.010316][ T8453] input_to_handler+0x2a0/0x4c0 [ 70.015346][ T8453] input_pass_values.part.0+0x230/0x710 [ 70.021062][ T8453] input_handle_event+0x373/0x1440 [ 70.026495][ T8453] input_inject_event+0x1bd/0x320 [ 70.031677][ T8453] evdev_write+0x430/0x760 [ 70.036256][ T8453] vfs_write+0x28e/0xa40 [ 70.040665][ T8453] ksys_write+0x1ee/0x250 [ 70.045146][ T8453] do_syscall_64+0x35/0xb0 [ 70.049712][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.055767][ T8453] [ 70.058068][ T8453] [ 70.058068][ T8453] stack backtrace: [ 70.063934][ T8453] CPU: 1 PID: 8453 Comm: syz-executor605 Not tainted 5.14.0-rc2-syzkaller #0 [ 70.072671][ T8453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.082703][ T8453] Call Trace: [ 70.085968][ T8453] dump_stack_lvl+0xcd/0x134 [ 70.090544][ T8453] check_irq_usage.cold+0x4c1/0x6b0 [ 70.095722][ T8453] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 70.102812][ T8453] ? kernel_text_address+0xbd/0xf0 [ 70.107914][ T8453] ? check_path.constprop.0+0x24/0x50 [ 70.113261][ T8453] ? register_lock_class+0xb7/0x10c0 [ 70.118523][ T8453] ? stack_trace_save+0x8c/0xc0 [ 70.123357][ T8453] ? lockdep_lock+0xc6/0x200 [ 70.127926][ T8453] ? call_rcu_zapped+0xb0/0xb0 [ 70.132675][ T8453] __lock_acquire+0x2a1f/0x54a0 [ 70.137514][ T8453] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.143473][ T8453] lock_acquire+0x1ab/0x510 [ 70.147953][ T8453] ? send_sigio+0x24/0x380 [ 70.152351][ T8453] ? lock_release+0x720/0x720 [ 70.157058][ T8453] ? lock_release+0x720/0x720 [ 70.161714][ T8453] ? lock_release+0x720/0x720 [ 70.166371][ T8453] _raw_read_lock_irqsave+0x70/0x90 [ 70.171553][ T8453] ? send_sigio+0x24/0x380 [ 70.175948][ T8453] send_sigio+0x24/0x380 [ 70.180169][ T8453] kill_fasync+0x1ec/0x460 [ 70.184563][ T8453] evdev_pass_values.part.0+0x64e/0x970 [ 70.190089][ T8453] ? evdev_release+0x410/0x410 [ 70.194830][ T8453] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 70.200528][ T8453] evdev_events+0x359/0x3e0 [ 70.205007][ T8453] ? evdev_pass_values.part.0+0x970/0x970 [ 70.210721][ T8453] input_to_handler+0x2a0/0x4c0 [ 70.215566][ T8453] input_pass_values.part.0+0x230/0x710 [ 70.221089][ T8453] input_handle_event+0x373/0x1440 [ 70.226303][ T8453] input_inject_event+0x1bd/0x320 [ 70.231380][ T8453] evdev_write+0x430/0x760 [ 70.235787][ T8453] ? evdev_read+0xe40/0xe40 [ 70.240281][ T8453] ? security_file_permission+0x248/0x560 [ 70.246014][ T8453] ? evdev_read+0xe40/0xe40 [ 70.250508][ T8453] vfs_write+0x28e/0xa40 [ 70.254750][ T8453] ksys_write+0x1ee/0x250 [ 70.259062][ T8453] ? __ia32_sys_read+0xb0/0xb0 [ 70.263810][ T8453] ? syscall_enter_from_user_mode+0x2b/0x70 [ 70.269694][ T8453] do_syscall_64+0x35/0xb0 [ 70.274094][ T8453] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.279985][ T8453] RIP: 0033:0x4436b9 [ 70.283873][ T8453] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 70.303720][ T8453] RSP: 002b:00007ffc205370b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 70.312121][ T8453] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 00000000004436b9 [ 70.320083][ T8453] RDX: 00000000000002b8 RSI: 0000000020000040 RDI: 0000000000000004 [ 70.328054][ T8453] RBP: 0000000000403260 R08: 00000000004004a0 R09: 00000000004004a0 [ 70.336016][ T8453] R10: 00000000004004a0 R11: 0000000000000246 R12: 00000000004032f0 [ 70.343982][ T8453] R13: 0000000000000000 R14: 00000000004b1018 R15: 0000000000