[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.75' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 70.254191][ T8439] [ 70.256521][ T8439] ===================================================== [ 70.263426][ T8439] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 70.270854][ T8439] 5.14.0-rc4-syzkaller #0 Not tainted [ 70.276199][ T8439] ----------------------------------------------------- [ 70.283105][ T8439] syz-executor164/8439 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 70.291182][ T8439] ffff88803670c0c0 (&new->fa_lock){.+.+}-{2:2}, at: kill_fasync+0x132/0x460 [ 70.299865][ T8439] [ 70.299865][ T8439] and this task is already holding: [ 70.307199][ T8439] ffff8880151de028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 70.317527][ T8439] which would create a new lock dependency: [ 70.323392][ T8439] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){.+.+}-{2:2} [ 70.331460][ T8439] [ 70.331460][ T8439] but this new dependency connects a HARDIRQ-irq-safe lock: [ 70.340886][ T8439] (&dev->event_lock){-...}-{2:2} [ 70.340904][ T8439] [ 70.340904][ T8439] ... which became HARDIRQ-irq-safe at: [ 70.353661][ T8439] lock_acquire+0x1ab/0x510 [ 70.358232][ T8439] _raw_spin_lock_irqsave+0x39/0x50 [ 70.363525][ T8439] input_event+0x7b/0xb0 [ 70.368270][ T8439] psmouse_report_standard_buttons+0x2c/0x80 [ 70.374321][ T8439] psmouse_process_byte+0x1e1/0x890 [ 70.379596][ T8439] psmouse_handle_byte+0x41/0x1b0 [ 70.384700][ T8439] psmouse_interrupt+0x304/0xf00 [ 70.389699][ T8439] serio_interrupt+0x88/0x150 [ 70.394442][ T8439] i8042_interrupt+0x27a/0x520 [ 70.399280][ T8439] __handle_irq_event_percpu+0x303/0x8f0 [ 70.404985][ T8439] handle_irq_event+0x102/0x280 [ 70.409906][ T8439] handle_edge_irq+0x25f/0xd00 [ 70.414744][ T8439] __common_interrupt+0x9d/0x210 [ 70.419751][ T8439] common_interrupt+0x9f/0xd0 [ 70.424496][ T8439] asm_common_interrupt+0x1e/0x40 [ 70.429598][ T8439] lock_acquire+0x1ef/0x510 [ 70.434168][ T8439] _raw_spin_trylock+0x60/0x70 [ 70.439010][ T8439] dput+0x645/0xbc0 [ 70.442882][ T8439] step_into+0xcb3/0x1c80 [ 70.447274][ T8439] walk_component+0x171/0x6a0 [ 70.452018][ T8439] link_path_walk.part.0+0x757/0xd00 [ 70.457382][ T8439] path_openat+0x260/0x27f0 [ 70.461949][ T8439] do_filp_open+0x1aa/0x400 [ 70.466532][ T8439] do_open_execat+0x116/0x690 [ 70.471274][ T8439] bprm_execve+0x48c/0x19b0 [ 70.475843][ T8439] kernel_execve+0x370/0x460 [ 70.480510][ T8439] call_usermodehelper_exec_async+0x2e3/0x580 [ 70.486665][ T8439] ret_from_fork+0x1f/0x30 [ 70.491148][ T8439] [ 70.491148][ T8439] to a HARDIRQ-irq-unsafe lock: [ 70.498139][ T8439] (&new->fa_lock){.+.+}-{2:2} [ 70.498158][ T8439] [ 70.498158][ T8439] ... which became HARDIRQ-irq-unsafe at: [ 70.510746][ T8439] ... [ 70.510752][ T8439] lock_acquire+0x1ab/0x510 [ 70.517879][ T8439] _raw_read_lock+0x5b/0x70 [ 70.522447][ T8439] kill_fasync+0x132/0x460 [ 70.526927][ T8439] sock_wake_async+0xd2/0x160 [ 70.531672][ T8439] sk_wake_async+0x108/0x290 [ 70.536328][ T8439] unix_release_sock+0x79d/0xbc0 [ 70.541332][ T8439] unix_release+0x3f/0x80 [ 70.545723][ T8439] __sock_release+0xcd/0x280 [ 70.550379][ T8439] sock_close+0x18/0x20 [ 70.554605][ T8439] __fput+0x288/0x920 [ 70.558651][ T8439] task_work_run+0xdd/0x1a0 [ 70.563216][ T8439] exit_to_user_mode_prepare+0x27e/0x290 [ 70.568920][ T8439] syscall_exit_to_user_mode+0x19/0x60 [ 70.574565][ T8439] do_syscall_64+0x42/0xb0 [ 70.579050][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.585013][ T8439] [ 70.585013][ T8439] other info that might help us debug this: [ 70.585013][ T8439] [ 70.595216][ T8439] Chain exists of: [ 70.595216][ T8439] &dev->event_lock --> &client->buffer_lock --> &new->fa_lock [ 70.595216][ T8439] [ 70.608575][ T8439] Possible interrupt unsafe locking scenario: [ 70.608575][ T8439] [ 70.616985][ T8439] CPU0 CPU1 [ 70.622325][ T8439] ---- ---- [ 70.627698][ T8439] lock(&new->fa_lock); [ 70.632004][ T8439] local_irq_disable(); [ 70.638731][ T8439] lock(&dev->event_lock); [ 70.645740][ T8439] lock(&client->buffer_lock); [ 70.653085][ T8439] [ 70.656532][ T8439] lock(&dev->event_lock); [ 70.661182][ T8439] [ 70.661182][ T8439] *** DEADLOCK *** [ 70.661182][ T8439] [ 70.669301][ T8439] 7 locks held by syz-executor164/8439: [ 70.674817][ T8439] #0: ffff88802282a110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x1d3/0x760 [ 70.683928][ T8439] #1: ffff888140bd4230 (&dev->event_lock){-...}-{2:2}, at: input_inject_event+0xa6/0x320 [ 70.693817][ T8439] #2: ffffffff8b97ba40 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0x92/0x320 [ 70.703445][ T8439] #3: ffffffff8b97ba40 (rcu_read_lock){....}-{1:2}, at: input_pass_values.part.0+0x0/0x710 [ 70.713522][ T8439] #4: ffffffff8b97ba40 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x59/0x3e0 [ 70.722632][ T8439] #5: ffff8880151de028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values.part.0+0xf6/0x970 [ 70.733400][ T8439] #6: ffffffff8b97ba40 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 [ 70.742429][ T8439] [ 70.742429][ T8439] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 70.752805][ T8439] -> (&dev->event_lock){-...}-{2:2} { [ 70.758248][ T8439] IN-HARDIRQ-W at: [ 70.762374][ T8439] lock_acquire+0x1ab/0x510 [ 70.768683][ T8439] _raw_spin_lock_irqsave+0x39/0x50 [ 70.775686][ T8439] input_event+0x7b/0xb0 [ 70.781736][ T8439] psmouse_report_standard_buttons+0x2c/0x80 [ 70.789531][ T8439] psmouse_process_byte+0x1e1/0x890 [ 70.796528][ T8439] psmouse_handle_byte+0x41/0x1b0 [ 70.803357][ T8439] psmouse_interrupt+0x304/0xf00 [ 70.810101][ T8439] serio_interrupt+0x88/0x150 [ 70.816589][ T8439] i8042_interrupt+0x27a/0x520 [ 70.823153][ T8439] __handle_irq_event_percpu+0x303/0x8f0 [ 70.830587][ T8439] handle_irq_event+0x102/0x280 [ 70.837238][ T8439] handle_edge_irq+0x25f/0xd00 [ 70.843804][ T8439] __common_interrupt+0x9d/0x210 [ 70.850544][ T8439] common_interrupt+0x9f/0xd0 [ 70.857025][ T8439] asm_common_interrupt+0x1e/0x40 [ 70.863851][ T8439] lock_acquire+0x1ef/0x510 [ 70.870163][ T8439] _raw_spin_trylock+0x60/0x70 [ 70.876731][ T8439] dput+0x645/0xbc0 [ 70.882339][ T8439] step_into+0xcb3/0x1c80 [ 70.888474][ T8439] walk_component+0x171/0x6a0 [ 70.894951][ T8439] link_path_walk.part.0+0x757/0xd00 [ 70.902036][ T8439] path_openat+0x260/0x27f0 [ 70.908339][ T8439] do_filp_open+0x1aa/0x400 [ 70.914641][ T8439] do_open_execat+0x116/0x690 [ 70.921117][ T8439] bprm_execve+0x48c/0x19b0 [ 70.927423][ T8439] kernel_execve+0x370/0x460 [ 70.933815][ T8439] call_usermodehelper_exec_async+0x2e3/0x580 [ 70.941688][ T8439] ret_from_fork+0x1f/0x30 [ 70.947907][ T8439] INITIAL USE at: [ 70.951872][ T8439] lock_acquire+0x1ab/0x510 [ 70.958098][ T8439] _raw_spin_lock_irqsave+0x39/0x50 [ 70.965019][ T8439] input_inject_event+0xa6/0x320 [ 70.971670][ T8439] led_set_brightness_nosleep+0xe6/0x1a0 [ 70.979015][ T8439] led_set_brightness+0x134/0x170 [ 70.985754][ T8439] led_trigger_event+0x75/0xd0 [ 70.992231][ T8439] kbd_led_trigger_activate+0xc9/0x100 [ 70.999403][ T8439] led_trigger_set+0x61e/0xbd0 [ 71.005891][ T8439] led_trigger_set_default+0x1a6/0x230 [ 71.013065][ T8439] led_classdev_register_ext+0x5b1/0x7c0 [ 71.020410][ T8439] input_leds_connect+0x4bd/0x860 [ 71.027151][ T8439] input_attach_handler+0x180/0x1f0 [ 71.034074][ T8439] input_register_device.cold+0xf0/0x304 [ 71.041429][ T8439] atkbd_connect+0x739/0xa00 [ 71.047758][ T8439] serio_driver_probe+0x72/0xa0 [ 71.054326][ T8439] really_probe+0x23c/0xcd0 [ 71.060544][ T8439] __driver_probe_device+0x338/0x4d0 [ 71.067544][ T8439] driver_probe_device+0x4c/0x1a0 [ 71.074284][ T8439] __driver_attach+0x22d/0x4e0 [ 71.080775][ T8439] bus_for_each_dev+0x147/0x1d0 [ 71.087401][ T8439] serio_handle_event+0x5f6/0xa30 [ 71.094146][ T8439] process_one_work+0x98d/0x1630 [ 71.100799][ T8439] worker_thread+0x658/0x11f0 [ 71.107191][ T8439] kthread+0x3e5/0x4d0 [ 71.112973][ T8439] ret_from_fork+0x1f/0x30 [ 71.119106][ T8439] } [ 71.121840][ T8439] ... key at: [] __key.8+0x0/0x40 [ 71.129025][ T8439] -> (&client->buffer_lock){....}-{2:2} { [ 71.134729][ T8439] INITIAL USE at: [ 71.138596][ T8439] lock_acquire+0x1ab/0x510 [ 71.144636][ T8439] _raw_spin_lock+0x2a/0x40 [ 71.150681][ T8439] evdev_pass_values.part.0+0xf6/0x970 [ 71.157680][ T8439] evdev_events+0x359/0x3e0 [ 71.163720][ T8439] input_to_handler+0x2a0/0x4c0 [ 71.170111][ T8439] input_pass_values.part.0+0x230/0x710 [ 71.177202][ T8439] input_handle_event+0x373/0x1440 [ 71.183865][ T8439] input_inject_event+0x1bd/0x320 [ 71.190441][ T8439] evdev_write+0x430/0x760 [ 71.196399][ T8439] vfs_write+0x28e/0xa40 [ 71.202188][ T8439] ksys_write+0x1ee/0x250 [ 71.208068][ T8439] do_syscall_64+0x35/0xb0 [ 71.214025][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.221457][ T8439] } [ 71.223931][ T8439] ... key at: [] __key.4+0x0/0x40 [ 71.231106][ T8439] ... acquired at: [ 71.234881][ T8439] _raw_spin_lock+0x2a/0x40 [ 71.239549][ T8439] evdev_pass_values.part.0+0xf6/0x970 [ 71.245160][ T8439] evdev_events+0x359/0x3e0 [ 71.249813][ T8439] input_to_handler+0x2a0/0x4c0 [ 71.254825][ T8439] input_pass_values.part.0+0x230/0x710 [ 71.260522][ T8439] input_handle_event+0x373/0x1440 [ 71.265796][ T8439] input_inject_event+0x1bd/0x320 [ 71.270971][ T8439] evdev_write+0x430/0x760 [ 71.275540][ T8439] vfs_write+0x28e/0xa40 [ 71.279940][ T8439] ksys_write+0x1ee/0x250 [ 71.284431][ T8439] do_syscall_64+0x35/0xb0 [ 71.289001][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.295047][ T8439] [ 71.297356][ T8439] [ 71.297356][ T8439] the dependencies between the lock to be acquired [ 71.297362][ T8439] and HARDIRQ-irq-unsafe lock: [ 71.310843][ T8439] -> (&new->fa_lock){.+.+}-{2:2} { [ 71.315943][ T8439] HARDIRQ-ON-R at: [ 71.319911][ T8439] lock_acquire+0x1ab/0x510 [ 71.326044][ T8439] _raw_read_lock+0x5b/0x70 [ 71.332172][ T8439] kill_fasync+0x132/0x460 [ 71.338216][ T8439] sock_wake_async+0xd2/0x160 [ 71.344531][ T8439] sk_wake_async+0x108/0x290 [ 71.350750][ T8439] unix_release_sock+0x79d/0xbc0 [ 71.357317][ T8439] unix_release+0x3f/0x80 [ 71.363289][ T8439] __sock_release+0xcd/0x280 [ 71.369514][ T8439] sock_close+0x18/0x20 [ 71.375298][ T8439] __fput+0x288/0x920 [ 71.380909][ T8439] task_work_run+0xdd/0x1a0 [ 71.387040][ T8439] exit_to_user_mode_prepare+0x27e/0x290 [ 71.394304][ T8439] syscall_exit_to_user_mode+0x19/0x60 [ 71.401493][ T8439] do_syscall_64+0x42/0xb0 [ 71.407535][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.415057][ T8439] SOFTIRQ-ON-R at: [ 71.419032][ T8439] lock_acquire+0x1ab/0x510 [ 71.425164][ T8439] _raw_read_lock+0x5b/0x70 [ 71.431295][ T8439] kill_fasync+0x132/0x460 [ 71.437344][ T8439] sock_wake_async+0xd2/0x160 [ 71.443661][ T8439] sk_wake_async+0x108/0x290 [ 71.449880][ T8439] unix_release_sock+0x79d/0xbc0 [ 71.456454][ T8439] unix_release+0x3f/0x80 [ 71.462423][ T8439] __sock_release+0xcd/0x280 [ 71.468674][ T8439] sock_close+0x18/0x20 [ 71.474470][ T8439] __fput+0x288/0x920 [ 71.480081][ T8439] task_work_run+0xdd/0x1a0 [ 71.486230][ T8439] exit_to_user_mode_prepare+0x27e/0x290 [ 71.493495][ T8439] syscall_exit_to_user_mode+0x19/0x60 [ 71.500601][ T8439] do_syscall_64+0x42/0xb0 [ 71.506664][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.514204][ T8439] INITIAL READ USE at: [ 71.518534][ T8439] lock_acquire+0x1ab/0x510 [ 71.525015][ T8439] _raw_read_lock+0x5b/0x70 [ 71.531499][ T8439] kill_fasync+0x132/0x460 [ 71.537897][ T8439] sock_wake_async+0xd2/0x160 [ 71.544551][ T8439] sk_wake_async+0x108/0x290 [ 71.551119][ T8439] unix_release_sock+0x79d/0xbc0 [ 71.558035][ T8439] unix_release+0x3f/0x80 [ 71.564345][ T8439] __sock_release+0xcd/0x280 [ 71.570913][ T8439] sock_close+0x18/0x20 [ 71.577136][ T8439] __fput+0x288/0x920 [ 71.583134][ T8439] task_work_run+0xdd/0x1a0 [ 71.589614][ T8439] exit_to_user_mode_prepare+0x27e/0x290 [ 71.597227][ T8439] syscall_exit_to_user_mode+0x19/0x60 [ 71.604670][ T8439] do_syscall_64+0x42/0xb0 [ 71.611067][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.618939][ T8439] } [ 71.621416][ T8439] ... key at: [] __key.0+0x0/0x40 [ 71.628509][ T8439] ... acquired at: [ 71.632288][ T8439] lock_acquire+0x1ab/0x510 [ 71.636944][ T8439] _raw_read_lock+0x5b/0x70 [ 71.641596][ T8439] kill_fasync+0x132/0x460 [ 71.646165][ T8439] evdev_pass_values.part.0+0x64e/0x970 [ 71.651867][ T8439] evdev_events+0x359/0x3e0 [ 71.656524][ T8439] input_to_handler+0x2a0/0x4c0 [ 71.661567][ T8439] input_pass_values.part.0+0x230/0x710 [ 71.667274][ T8439] input_handle_event+0x373/0x1440 [ 71.672546][ T8439] input_inject_event+0x1bd/0x320 [ 71.677722][ T8439] evdev_write+0x430/0x760 [ 71.682291][ T8439] vfs_write+0x28e/0xa40 [ 71.686689][ T8439] ksys_write+0x1ee/0x250 [ 71.691172][ T8439] do_syscall_64+0x35/0xb0 [ 71.695747][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.701793][ T8439] [ 71.704096][ T8439] [ 71.704096][ T8439] stack backtrace: [ 71.709960][ T8439] CPU: 0 PID: 8439 Comm: syz-executor164 Not tainted 5.14.0-rc4-syzkaller #0 [ 71.718701][ T8439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.728736][ T8439] Call Trace: [ 71.732000][ T8439] dump_stack_lvl+0xcd/0x134 [ 71.736580][ T8439] check_irq_usage.cold+0x4c1/0x6b0 [ 71.741765][ T8439] ? is_bpf_text_address+0x99/0x170 [ 71.746956][ T8439] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 71.754051][ T8439] ? __kernel_text_address+0x9/0x30 [ 71.759230][ T8439] ? unwind_get_return_address+0x51/0x90 [ 71.764849][ T8439] ? check_path.constprop.0+0x24/0x50 [ 71.770202][ T8439] ? register_lock_class+0xb7/0x10c0 [ 71.775469][ T8439] ? stack_trace_save+0x8c/0xc0 [ 71.780306][ T8439] ? stack_trace_consume_entry+0x160/0x160 [ 71.786094][ T8439] ? lockdep_lock+0xc6/0x200 [ 71.790727][ T8439] ? call_rcu_zapped+0xb0/0xb0 [ 71.795476][ T8439] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.801701][ T8439] __lock_acquire+0x2a1f/0x54a0 [ 71.806537][ T8439] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.812500][ T8439] lock_acquire+0x1ab/0x510 [ 71.816986][ T8439] ? kill_fasync+0x132/0x460 [ 71.821557][ T8439] ? lock_release+0x720/0x720 [ 71.826211][ T8439] ? lock_release+0x720/0x720 [ 71.830871][ T8439] ? lock_release+0x720/0x720 [ 71.835530][ T8439] _raw_read_lock+0x5b/0x70 [ 71.840015][ T8439] ? kill_fasync+0x132/0x460 [ 71.844586][ T8439] kill_fasync+0x132/0x460 [ 71.848984][ T8439] evdev_pass_values.part.0+0x64e/0x970 [ 71.854514][ T8439] ? evdev_release+0x410/0x410 [ 71.859284][ T8439] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 71.865007][ T8439] evdev_events+0x359/0x3e0 [ 71.869495][ T8439] ? evdev_pass_values.part.0+0x970/0x970 [ 71.875214][ T8439] input_to_handler+0x2a0/0x4c0 [ 71.880060][ T8439] input_pass_values.part.0+0x230/0x710 [ 71.885589][ T8439] input_handle_event+0x373/0x1440 [ 71.890683][ T8439] input_inject_event+0x1bd/0x320 [ 71.895698][ T8439] evdev_write+0x430/0x760 [ 71.900107][ T8439] ? evdev_read+0xe40/0xe40 [ 71.904594][ T8439] ? security_file_permission+0x248/0x560 [ 71.910367][ T8439] ? evdev_read+0xe40/0xe40 [ 71.914865][ T8439] vfs_write+0x28e/0xa40 [ 71.919099][ T8439] ksys_write+0x1ee/0x250 [ 71.923416][ T8439] ? __ia32_sys_read+0xb0/0xb0 [ 71.928164][ T8439] ? syscall_enter_from_user_mode+0x21/0x70 [ 71.934063][ T8439] do_syscall_64+0x35/0xb0 [ 71.938464][ T8439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.944339][ T8439] RIP: 0033:0x443599 [ 71.948212][ T8439] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 71.967802][ T8439] RSP: 002b:00007fff31bc3768 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 71.976216][ T8439] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000443599 [ 71.984179][ T8439] RDX: 0000000000035000 RSI: 0000000020000040 RDI: 0000000000000005 [ 71.992130][ T8439] RBP: 0000000000403140 R08: 00000000004004a0 R09: 00000000004004a0 [ 72.000082][ T8439] R10: 00000000004004a0 R11: 0000000000000246 R12: 00000000004031d0 [ 72.008057][ T8439] R13: 0000000000000000 R