[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.91' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 75.588396][ T3805] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 75.948688][ T3805] usb 1-1: config 0 has an invalid interface number: 123 but max is 0 [ 75.957048][ T3805] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.967754][ T3805] usb 1-1: config 0 has no interface number 0 [ 75.974393][ T3805] usb 1-1: config 0 interface 123 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 15 [ 76.138384][ T3805] usb 1-1: New USB device found, idVendor=0781, idProduct=0100, bcdDevice= 1.00 [ 76.147468][ T3805] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.155525][ T3805] usb 1-1: Product: syz [ 76.159799][ T3805] usb 1-1: Manufacturer: syz [ 76.164406][ T3805] usb 1-1: SerialNumber: syz [ 76.178333][ T3805] usb 1-1: config 0 descriptor?? [ 76.438775][ T8449] [ 76.441112][ T8449] ======================================================== [ 76.448309][ T8449] WARNING: possible irq lock inversion dependency detected [ 76.455604][ T8449] 5.12.0-next-20210506-syzkaller #0 Not tainted [ 76.461815][ T8449] -------------------------------------------------------- [ 76.468976][ T8449] syz-executor557/8449 just changed the state of lock: [ 76.475795][ T8449] ffff8880133852b8 (&f->f_owner.lock){.+..}-{2:2}, at: do_fcntl+0x8b4/0x1200 [ 76.484571][ T8449] but this lock was taken by another, HARDIRQ-safe lock in the past: [ 76.492610][ T8449] (&dev->event_lock){-...}-{2:2} [ 76.492630][ T8449] [ 76.492630][ T8449] [ 76.492630][ T8449] and interrupts could create inverse lock ordering between them. [ 76.492630][ T8449] [ 76.511904][ T8449] [ 76.511904][ T8449] other info that might help us debug this: [ 76.519939][ T8449] Chain exists of: [ 76.519939][ T8449] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 76.519939][ T8449] [ 76.532948][ T8449] Possible interrupt unsafe locking scenario: [ 76.532948][ T8449] [ 76.541250][ T8449] CPU0 CPU1 [ 76.546606][ T8449] ---- ---- [ 76.551978][ T8449] lock(&f->f_owner.lock); [ 76.556478][ T8449] local_irq_disable(); [ 76.563224][ T8449] lock(&dev->event_lock); [ 76.570245][ T8449] lock(&new->fa_lock); [ 76.577007][ T8449] [ 76.580446][ T8449] lock(&dev->event_lock); [ 76.585115][ T8449] [ 76.585115][ T8449] *** DEADLOCK *** [ 76.585115][ T8449] [ 76.593248][ T8449] no locks held by syz-executor557/8449. [ 76.598867][ T8449] [ 76.598867][ T8449] the shortest dependencies between 2nd lock and 1st lock: [ 76.608273][ T8449] -> (&dev->event_lock){-...}-{2:2} { [ 76.614136][ T8449] IN-HARDIRQ-W at: [ 76.618403][ T8449] lock_acquire+0x1ab/0x740 [ 76.625085][ T8449] _raw_spin_lock_irqsave+0x39/0x50 [ 76.632470][ T8449] input_event+0x7b/0xb0 [ 76.638923][ T8449] psmouse_report_standard_buttons+0x2c/0x80 [ 76.647091][ T8449] psmouse_process_byte+0x1e1/0x890 [ 76.654462][ T8449] psmouse_handle_byte+0x41/0x1b0 [ 76.661659][ T8449] psmouse_interrupt+0x304/0xf00 [ 76.668770][ T8449] serio_interrupt+0x88/0x150 [ 76.675627][ T8449] i8042_interrupt+0x27a/0x520 [ 76.682561][ T8449] __handle_irq_event_percpu+0x303/0x8f0 [ 76.690366][ T8449] handle_irq_event+0x102/0x290 [ 76.697385][ T8449] handle_edge_irq+0x25f/0xd00 [ 76.704320][ T8449] __common_interrupt+0x9e/0x200 [ 76.711457][ T8449] common_interrupt+0x9f/0xd0 [ 76.718341][ T8449] asm_common_interrupt+0x1e/0x40 [ 76.725536][ T8449] lock_acquire+0x59e/0x740 [ 76.732211][ T8449] fs_reclaim_acquire+0x117/0x160 [ 76.739409][ T8449] kmem_cache_alloc+0x3e/0x3a0 [ 76.746347][ T8449] __kernfs_new_node+0xd4/0x8b0 [ 76.753371][ T8449] kernfs_create_dir_ns+0x9c/0x220 [ 76.760663][ T8449] sysfs_create_dir_ns+0x127/0x290 [ 76.767959][ T8449] kobject_add_internal+0x2d2/0xa60 [ 76.775342][ T8449] kobject_add+0x150/0x1c0 [ 76.781945][ T8449] kobject_create_and_add+0x73/0xb0 [ 76.789316][ T8449] module_add_driver+0x28a/0x370 [ 76.796437][ T8449] bus_add_driver+0x3ee/0x630 [ 76.803297][ T8449] driver_register+0x220/0x3a0 [ 76.810233][ T8449] usb_register_driver+0x249/0x460 [ 76.817513][ T8449] do_one_initcall+0x103/0x650 [ 76.824446][ T8449] kernel_init_freeable+0x643/0x6cc [ 76.831815][ T8449] kernel_init+0xd/0x1b8 [ 76.838262][ T8449] ret_from_fork+0x1f/0x30 [ 76.844859][ T8449] INITIAL USE at: [ 76.849005][ T8449] lock_acquire+0x1ab/0x740 [ 76.855592][ T8449] _raw_spin_lock_irqsave+0x39/0x50 [ 76.862869][ T8449] input_inject_event+0xa6/0x310 [ 76.869914][ T8449] led_set_brightness_nosleep+0xe6/0x1a0 [ 76.877634][ T8449] led_set_brightness+0x134/0x170 [ 76.884740][ T8449] led_trigger_event+0x75/0xd0 [ 76.891593][ T8449] kbd_led_trigger_activate+0xc9/0x100 [ 76.899139][ T8449] led_trigger_set+0x61e/0xbd0 [ 76.906003][ T8449] led_trigger_set_default+0x1a6/0x230 [ 76.913546][ T8449] led_classdev_register_ext+0x5b1/0x7c0 [ 76.921308][ T8449] input_leds_connect+0x4bd/0x860 [ 76.928414][ T8449] input_attach_handler+0x180/0x1f0 [ 76.935696][ T8449] input_register_device.cold+0xf0/0x307 [ 76.943413][ T8449] atkbd_connect+0x739/0xa10 [ 76.950086][ T8449] serio_driver_probe+0x72/0xa0 [ 76.957028][ T8449] really_probe+0x291/0xf60 [ 76.963612][ T8449] driver_probe_device+0x298/0x410 [ 76.970803][ T8449] device_driver_attach+0x228/0x290 [ 76.978097][ T8449] __driver_attach+0x190/0x340 [ 76.984968][ T8449] bus_for_each_dev+0x147/0x1d0 [ 76.991908][ T8449] serio_handle_event+0x5f6/0xa30 [ 76.999016][ T8449] process_one_work+0x98d/0x1600 [ 77.006039][ T8449] worker_thread+0x64c/0x1120 [ 77.012798][ T8449] kthread+0x3b1/0x4a0 [ 77.018951][ T8449] ret_from_fork+0x1f/0x30 [ 77.025454][ T8449] } [ 77.028201][ T8449] ... key at: [] __key.8+0x0/0x40 [ 77.035575][ T8449] ... acquired at: [ 77.039624][ T8449] _raw_spin_lock+0x2a/0x40 [ 77.044298][ T8449] evdev_pass_values.part.0+0xf6/0x970 [ 77.049928][ T8449] evdev_events+0x28b/0x3f0 [ 77.054600][ T8449] input_to_handler+0x2a0/0x4c0 [ 77.059623][ T8449] input_pass_values.part.0+0x284/0x700 [ 77.065358][ T8449] input_handle_event+0x373/0x1440 [ 77.070642][ T8449] input_inject_event+0x2f5/0x310 [ 77.075930][ T8449] evdev_write+0x430/0x760 [ 77.080516][ T8449] vfs_write+0x28e/0xa30 [ 77.084932][ T8449] ksys_write+0x1ee/0x250 [ 77.089431][ T8449] do_syscall_64+0x3a/0xb0 [ 77.094017][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.100079][ T8449] [ 77.102392][ T8449] -> (&client->buffer_lock){....}-{2:2} { [ 77.108328][ T8449] INITIAL USE at: [ 77.112380][ T8449] lock_acquire+0x1ab/0x740 [ 77.118796][ T8449] _raw_spin_lock+0x2a/0x40 [ 77.125216][ T8449] evdev_pass_values.part.0+0xf6/0x970 [ 77.132588][ T8449] evdev_events+0x28b/0x3f0 [ 77.138996][ T8449] input_to_handler+0x2a0/0x4c0 [ 77.145756][ T8449] input_pass_values.part.0+0x284/0x700 [ 77.153231][ T8449] input_handle_event+0x373/0x1440 [ 77.160253][ T8449] input_inject_event+0x2f5/0x310 [ 77.167182][ T8449] evdev_write+0x430/0x760 [ 77.173499][ T8449] vfs_write+0x28e/0xa30 [ 77.179645][ T8449] ksys_write+0x1ee/0x250 [ 77.185885][ T8449] do_syscall_64+0x3a/0xb0 [ 77.192210][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.200009][ T8449] } [ 77.202672][ T8449] ... key at: [] __key.4+0x0/0x40 [ 77.209960][ T8449] ... acquired at: [ 77.213924][ T8449] _raw_read_lock+0x5b/0x70 [ 77.218593][ T8449] kill_fasync+0x14b/0x460 [ 77.223191][ T8449] evdev_pass_values.part.0+0x64e/0x970 [ 77.228926][ T8449] evdev_events+0x28b/0x3f0 [ 77.233599][ T8449] input_to_handler+0x2a0/0x4c0 [ 77.238665][ T8449] input_pass_values.part.0+0x284/0x700 [ 77.244384][ T8449] input_handle_event+0x373/0x1440 [ 77.249671][ T8449] input_inject_event+0x2f5/0x310 [ 77.254885][ T8449] evdev_write+0x430/0x760 [ 77.259486][ T8449] vfs_write+0x28e/0xa30 [ 77.263897][ T8449] ksys_write+0x1ee/0x250 [ 77.268408][ T8449] do_syscall_64+0x3a/0xb0 [ 77.272999][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.279064][ T8449] [ 77.281375][ T8449] -> (&new->fa_lock){....}-{2:2} { [ 77.286586][ T8449] INITIAL READ USE at: [ 77.290990][ T8449] lock_acquire+0x1ab/0x740 [ 77.297683][ T8449] _raw_read_lock+0x5b/0x70 [ 77.304352][ T8449] kill_fasync+0x14b/0x460 [ 77.310950][ T8449] evdev_pass_values.part.0+0x64e/0x970 [ 77.318694][ T8449] evdev_events+0x28b/0x3f0 [ 77.325366][ T8449] input_to_handler+0x2a0/0x4c0 [ 77.332427][ T8449] input_pass_values.part.0+0x284/0x700 [ 77.340179][ T8449] input_handle_event+0x373/0x1440 [ 77.347494][ T8449] input_inject_event+0x2f5/0x310 [ 77.354689][ T8449] evdev_write+0x430/0x760 [ 77.361285][ T8449] vfs_write+0x28e/0xa30 [ 77.367724][ T8449] ksys_write+0x1ee/0x250 [ 77.374221][ T8449] do_syscall_64+0x3a/0xb0 [ 77.380809][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.388873][ T8449] } [ 77.391445][ T8449] ... key at: [] __key.0+0x0/0x40 [ 77.398669][ T8449] ... acquired at: [ 77.402545][ T8449] _raw_read_lock_irqsave+0x70/0x90 [ 77.407914][ T8449] send_sigio+0x24/0x370 [ 77.412325][ T8449] kill_fasync+0x205/0x460 [ 77.416912][ T8449] evdev_pass_values.part.0+0x64e/0x970 [ 77.422630][ T8449] evdev_events+0x28b/0x3f0 [ 77.427302][ T8449] input_to_handler+0x2a0/0x4c0 [ 77.432325][ T8449] input_pass_values.part.0+0x284/0x700 [ 77.438047][ T8449] input_handle_event+0x373/0x1440 [ 77.443334][ T8449] input_inject_event+0x2f5/0x310 [ 77.448530][ T8449] evdev_write+0x430/0x760 [ 77.453146][ T8449] vfs_write+0x28e/0xa30 [ 77.457579][ T8449] ksys_write+0x1ee/0x250 [ 77.462090][ T8449] do_syscall_64+0x3a/0xb0 [ 77.466686][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.472767][ T8449] [ 77.475094][ T8449] -> (&f->f_owner.lock){.+..}-{2:2} { [ 77.480498][ T8449] HARDIRQ-ON-R at: [ 77.484496][ T8449] lock_acquire+0x1ab/0x740 [ 77.490664][ T8449] _raw_read_lock+0x5b/0x70 [ 77.496815][ T8449] do_fcntl+0x8b4/0x1200 [ 77.502706][ T8449] __x64_sys_fcntl+0x165/0x1e0 [ 77.509130][ T8449] do_syscall_64+0x3a/0xb0 [ 77.515196][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.522733][ T8449] INITIAL READ USE at: [ 77.527050][ T8449] lock_acquire+0x1ab/0x740 [ 77.533552][ T8449] _raw_read_lock_irqsave+0x70/0x90 [ 77.540744][ T8449] send_sigio+0x24/0x370 [ 77.546981][ T8449] kill_fasync+0x205/0x460 [ 77.553388][ T8449] evdev_pass_values.part.0+0x64e/0x970 [ 77.560932][ T8449] evdev_events+0x28b/0x3f0 [ 77.567431][ T8449] input_to_handler+0x2a0/0x4c0 [ 77.574274][ T8449] input_pass_values.part.0+0x284/0x700 [ 77.581834][ T8449] input_handle_event+0x373/0x1440 [ 77.588949][ T8449] input_inject_event+0x2f5/0x310 [ 77.595973][ T8449] evdev_write+0x430/0x760 [ 77.602385][ T8449] vfs_write+0x28e/0xa30 [ 77.608636][ T8449] ksys_write+0x1ee/0x250 [ 77.614958][ T8449] do_syscall_64+0x3a/0xb0 [ 77.621370][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.629257][ T8449] } [ 77.631774][ T8449] ... key at: [] __key.5+0x0/0x40 [ 77.638901][ T8449] ... acquired at: [ 77.642697][ T8449] __lock_acquire+0x120f/0x5230 [ 77.647722][ T8449] lock_acquire+0x1ab/0x740 [ 77.652394][ T8449] _raw_read_lock+0x5b/0x70 [ 77.657079][ T8449] do_fcntl+0x8b4/0x1200 [ 77.661486][ T8449] __x64_sys_fcntl+0x165/0x1e0 [ 77.666419][ T8449] do_syscall_64+0x3a/0xb0 [ 77.671004][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.677073][ T8449] [ 77.679386][ T8449] [ 77.679386][ T8449] stack backtrace: [ 77.685263][ T8449] CPU: 1 PID: 8449 Comm: syz-executor557 Not tainted 5.12.0-next-20210506-syzkaller #0 [ 77.694886][ T8449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.704937][ T8449] Call Trace: [ 77.708222][ T8449] dump_stack+0x141/0x1d7 [ 77.712554][ T8449] mark_lock.cold+0x1d/0x8e [ 77.717061][ T8449] ? do_syscall_64+0x3a/0xb0 [ 77.721669][ T8449] ? lock_chain_count+0x20/0x20 [ 77.726525][ T8449] ? find_held_lock+0x2d/0x110 [ 77.731321][ T8449] ? mark_lock+0xef/0x17b0 [ 77.735744][ T8449] ? lock_downgrade+0x6e0/0x6e0 [ 77.740591][ T8449] __lock_acquire+0x120f/0x5230 [ 77.745489][ T8449] ? kasan_quarantine_put+0xf5/0x210 [ 77.750776][ T8449] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 77.756762][ T8449] lock_acquire+0x1ab/0x740 [ 77.761268][ T8449] ? do_fcntl+0x8b4/0x1200 [ 77.765695][ T8449] ? lock_release+0x720/0x720 [ 77.770372][ T8449] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 77.776354][ T8449] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 77.782361][ T8449] _raw_read_lock+0x5b/0x70 [ 77.786866][ T8449] ? do_fcntl+0x8b4/0x1200 [ 77.791277][ T8449] do_fcntl+0x8b4/0x1200 [ 77.795512][ T8449] ? __context_tracking_exit+0xb8/0xe0 [ 77.800975][ T8449] ? f_getown+0x2a0/0x2a0 [ 77.805330][ T8449] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 77.811611][ T8449] ? tomoyo_file_fcntl+0x6e/0xc0 [ 77.816591][ T8449] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 77.822832][ T8449] __x64_sys_fcntl+0x165/0x1e0 [ 77.827596][ T8449] do_syscall_64+0x3a/0xb0 [ 77.832008][ T8449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.837923][ T8449] RIP: 0033:0x446d89 [ 77.841830][ T8449] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 77.861436][ T8449] RSP: 002b:00007fff83890848 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 77.869845][ T8449] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000446d89 [ 77.877847][ T8449] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000000000006 [ 77.885839][ T8449] RBP: 0000000000406610 R08: 00000000004004a0 R09: 00000000004004a0 [ 77.893825]