[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.66' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 74.457905][ T34] audit: type=1400 audit(1606739816.005:8): avc: denied { execmem } for pid=8472 comm="syz-executor049" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 74.467273][ T8472] [ 74.481543][ T8472] ======================================================== [ 74.481546][ T8472] WARNING: possible irq lock inversion dependency detected [ 74.481551][ T8472] 5.10.0-rc6-syzkaller #0 Not tainted [ 74.481554][ T8472] -------------------------------------------------------- [ 74.481558][ T8472] syz-executor049/8472 just changed the state of lock: [ 74.481563][ T8472] ffff88801188edb8 (&f->f_owner.lock){.+..}-{2:2}, at: f_getown+0x1b/0xb0 [ 74.481600][ T8472] but this lock was taken by another, HARDIRQ-safe lock in the past: [ 74.481603][ T8472] (&dev->event_lock){-...}-{2:2} [ 74.481611][ T8472] [ 74.481611][ T8472] [ 74.481611][ T8472] and interrupts could create inverse lock ordering between them. [ 74.481611][ T8472] [ 74.481613][ T8472] [ 74.481613][ T8472] other info that might help us debug this: [ 74.481615][ T8472] Chain exists of: [ 74.481615][ T8472] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 74.481615][ T8472] [ 74.481628][ T8472] Possible interrupt unsafe locking scenario: [ 74.481628][ T8472] [ 74.481630][ T8472] CPU0 CPU1 [ 74.481632][ T8472] ---- ---- [ 74.481633][ T8472] lock(&f->f_owner.lock); [ 74.481639][ T8472] local_irq_disable(); [ 74.481640][ T8472] lock(&dev->event_lock); [ 74.481645][ T8472] lock(&new->fa_lock); [ 74.481651][ T8472] [ 74.481652][ T8472] lock(&dev->event_lock); [ 74.481657][ T8472] [ 74.481657][ T8472] *** DEADLOCK *** [ 74.481657][ T8472] [ 74.481660][ T8472] no locks held by syz-executor049/8472. [ 74.481662][ T8472] [ 74.481662][ T8472] the shortest dependencies between 2nd lock and 1st lock: [ 74.481672][ T8472] -> (&dev->event_lock){-...}-{2:2} { [ 74.481683][ T8472] IN-HARDIRQ-W at: [ 74.481692][ T8472] lock_acquire+0x29d/0x740 [ 74.481701][ T8472] _raw_spin_lock_irqsave+0x39/0x50 [ 74.481708][ T8472] input_event+0x7b/0xb0 [ 74.481718][ T8472] psmouse_report_standard_buttons+0x2c/0x80 [ 74.481725][ T8472] psmouse_process_byte+0x1e1/0x890 [ 74.481732][ T8472] psmouse_handle_byte+0x41/0x1b0 [ 74.481738][ T8472] psmouse_interrupt+0x304/0xf00 [ 74.481747][ T8472] serio_interrupt+0x88/0x150 [ 74.481754][ T8472] i8042_interrupt+0x27a/0x520 [ 74.481762][ T8472] __handle_irq_event_percpu+0x303/0x8f0 [ 74.481769][ T8472] handle_irq_event+0x102/0x290 [ 74.481777][ T8472] handle_edge_irq+0x25f/0xd00 [ 74.481784][ T8472] asm_call_irq_on_stack+0xf/0x20 [ 74.481791][ T8472] common_interrupt+0x120/0x200 [ 74.481798][ T8472] asm_common_interrupt+0x1e/0x40 [ 74.481805][ T8472] _raw_spin_unlock_irqrestore+0x25/0x50 [ 74.481812][ T8472] i8042_command+0x12e/0x150 [ 74.481819][ T8472] i8042_aux_write+0xd7/0x120 [ 74.481825][ T8472] ps2_do_sendbyte+0x2ca/0x710 [ 74.481830][ T8472] ps2_sendbyte+0x58/0x150 [ 74.481839][ T8472] cypress_ps2_sendbyte+0x2e/0x160 [ 74.481847][ T8472] cypress_send_ext_cmd+0x1d0/0x8d0 [ 74.481854][ T8472] cypress_detect+0x75/0x190 [ 74.481861][ T8472] psmouse_try_protocol+0x211/0x370 [ 74.481867][ T8472] psmouse_extensions+0x557/0x930 [ 74.481874][ T8472] psmouse_switch_protocol+0x52a/0x740 [ 74.481880][ T8472] psmouse_connect+0x5e6/0xfc0 [ 74.481887][ T8472] serio_driver_probe+0x72/0xa0 [ 74.481895][ T8472] really_probe+0x291/0xde0 [ 74.481902][ T8472] driver_probe_device+0x26b/0x3d0 [ 74.481909][ T8472] device_driver_attach+0x228/0x290 [ 74.481916][ T8472] __driver_attach+0x15b/0x2f0 [ 74.481923][ T8472] bus_for_each_dev+0x147/0x1d0 [ 74.481930][ T8472] serio_handle_event+0x5f6/0xa30 [ 74.481937][ T8472] process_one_work+0x933/0x15a0 [ 74.481943][ T8472] worker_thread+0x64c/0x1120 [ 74.481949][ T8472] kthread+0x3b1/0x4a0 [ 74.481956][ T8472] ret_from_fork+0x1f/0x30 [ 74.481958][ T8472] INITIAL USE at: [ 74.481965][ T8472] lock_acquire+0x29d/0x740 [ 74.481972][ T8472] _raw_spin_lock_irqsave+0x39/0x50 [ 74.481978][ T8472] input_inject_event+0xa6/0x310 [ 74.481985][ T8472] led_set_brightness_nosleep+0xe6/0x1a0 [ 74.481991][ T8472] led_set_brightness+0x134/0x170 [ 74.481997][ T8472] led_trigger_event+0x70/0xd0 [ 74.482005][ T8472] kbd_led_trigger_activate+0xfa/0x130 [ 74.482010][ T8472] led_trigger_set+0x61e/0xbd0 [ 74.482017][ T8472] led_trigger_set_default+0x1a6/0x230 [ 74.482023][ T8472] led_classdev_register_ext+0x5b1/0x7c0 [ 74.482030][ T8472] input_leds_connect+0x3fb/0x740 [ 74.482037][ T8472] input_attach_handler+0x180/0x1f0 [ 74.482044][ T8472] input_register_device.cold+0xf0/0x307 [ 74.482050][ T8472] atkbd_connect+0x736/0xa00 [ 74.482057][ T8472] serio_driver_probe+0x72/0xa0 [ 74.482064][ T8472] really_probe+0x291/0xde0 [ 74.482072][ T8472] driver_probe_device+0x26b/0x3d0 [ 74.482079][ T8472] device_driver_attach+0x228/0x290 [ 74.482086][ T8472] __driver_attach+0x15b/0x2f0 [ 74.482099][ T8472] bus_for_each_dev+0x147/0x1d0 [ 74.482106][ T8472] serio_handle_event+0x5f6/0xa30 [ 74.482112][ T8472] process_one_work+0x933/0x15a0 [ 74.482118][ T8472] worker_thread+0x64c/0x1120 [ 74.482125][ T8472] kthread+0x3b1/0x4a0 [ 74.482131][ T8472] ret_from_fork+0x1f/0x30 [ 74.482133][ T8472] } [ 74.482142][ T8472] ... key at: [] __key.8+0x0/0x40 [ 74.482144][ T8472] ... acquired at: [ 74.482150][ T8472] _raw_spin_lock+0x2a/0x40 [ 74.482156][ T8472] evdev_pass_values.part.0+0xf6/0x970 [ 74.482161][ T8472] evdev_events+0x28b/0x3f0 [ 74.482167][ T8472] input_to_handler+0x2a0/0x4c0 [ 74.482173][ T8472] input_pass_values.part.0+0x284/0x700 [ 74.482180][ T8472] input_handle_event+0x324/0x1400 [ 74.482186][ T8472] input_inject_event+0x2f5/0x310 [ 74.482191][ T8472] evdev_write+0x430/0x760 [ 74.482198][ T8472] vfs_write+0x28e/0xa30 [ 74.482204][ T8472] ksys_write+0x1ee/0x250 [ 74.482212][ T8472] do_syscall_64+0x2d/0x70 [ 74.482219][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.482220][ T8472] [ 74.482222][ T8472] -> (&client->buffer_lock){....}-{2:2} { [ 74.482233][ T8472] INITIAL USE at: [ 74.482240][ T8472] lock_acquire+0x29d/0x740 [ 74.482246][ T8472] _raw_spin_lock+0x2a/0x40 [ 74.482252][ T8472] evdev_pass_values.part.0+0xf6/0x970 [ 74.482258][ T8472] evdev_events+0x28b/0x3f0 [ 74.482265][ T8472] input_to_handler+0x2a0/0x4c0 [ 74.482275][ T8472] input_pass_values.part.0+0x284/0x700 [ 74.482282][ T8472] input_handle_event+0x324/0x1400 [ 74.482288][ T8472] input_inject_event+0x2f5/0x310 [ 74.482294][ T8472] evdev_write+0x430/0x760 [ 74.482300][ T8472] vfs_write+0x28e/0xa30 [ 74.482306][ T8472] ksys_write+0x1ee/0x250 [ 74.482313][ T8472] do_syscall_64+0x2d/0x70 [ 74.482320][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.482322][ T8472] } [ 74.482329][ T8472] ... key at: [] __key.4+0x0/0x40 [ 74.482331][ T8472] ... acquired at: [ 74.482337][ T8472] _raw_read_lock+0x5b/0x70 [ 74.482342][ T8472] kill_fasync+0x14b/0x460 [ 74.482348][ T8472] evdev_pass_values.part.0+0x64e/0x970 [ 74.482353][ T8472] evdev_events+0x28b/0x3f0 [ 74.482359][ T8472] input_to_handler+0x2a0/0x4c0 [ 74.482365][ T8472] input_pass_values.part.0+0x284/0x700 [ 74.482372][ T8472] input_handle_event+0x324/0x1400 [ 74.482378][ T8472] input_inject_event+0x2f5/0x310 [ 74.482383][ T8472] evdev_write+0x430/0x760 [ 74.482389][ T8472] vfs_write+0x28e/0xa30 [ 74.482395][ T8472] ksys_write+0x1ee/0x250 [ 74.482401][ T8472] do_syscall_64+0x2d/0x70 [ 74.482408][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.482409][ T8472] [ 74.482411][ T8472] -> (&new->fa_lock){....}-{2:2} { [ 74.482422][ T8472] INITIAL READ USE at: [ 74.482429][ T8472] lock_acquire+0x29d/0x740 [ 74.482435][ T8472] _raw_read_lock+0x5b/0x70 [ 74.482441][ T8472] kill_fasync+0x14b/0x460 [ 74.482447][ T8472] evdev_pass_values.part.0+0x64e/0x970 [ 74.482453][ T8472] evdev_events+0x28b/0x3f0 [ 74.482458][ T8472] input_to_handler+0x2a0/0x4c0 [ 74.482465][ T8472] input_pass_values.part.0+0x284/0x700 [ 74.482472][ T8472] input_handle_event+0x324/0x1400 [ 74.482478][ T8472] input_inject_event+0x2f5/0x310 [ 74.482484][ T8472] evdev_write+0x430/0x760 [ 74.482490][ T8472] vfs_write+0x28e/0xa30 [ 74.482496][ T8472] ksys_write+0x1ee/0x250 [ 74.482503][ T8472] do_syscall_64+0x2d/0x70 [ 74.482510][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.482512][ T8472] } [ 74.482520][ T8472] ... key at: [] __key.0+0x0/0x40 [ 74.482521][ T8472] ... acquired at: [ 74.482527][ T8472] _raw_read_lock+0x5b/0x70 [ 74.482532][ T8472] send_sigio+0x24/0x350 [ 74.482538][ T8472] kill_fasync+0x205/0x460 [ 74.482544][ T8472] evdev_pass_values.part.0+0x64e/0x970 [ 74.482549][ T8472] evdev_events+0x28b/0x3f0 [ 74.482554][ T8472] input_to_handler+0x2a0/0x4c0 [ 74.482561][ T8472] input_pass_values.part.0+0x284/0x700 [ 74.482567][ T8472] input_handle_event+0x324/0x1400 [ 74.482573][ T8472] input_inject_event+0x2f5/0x310 [ 74.482584][ T8472] evdev_write+0x430/0x760 [ 74.482590][ T8472] vfs_write+0x28e/0xa30 [ 74.482596][ T8472] ksys_write+0x1ee/0x250 [ 74.482603][ T8472] do_syscall_64+0x2d/0x70 [ 74.482609][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.482611][ T8472] [ 74.482612][ T8472] -> (&f->f_owner.lock){.+..}-{2:2} { [ 74.482623][ T8472] HARDIRQ-ON-R at: [ 74.482630][ T8472] lock_acquire+0x29d/0x740 [ 74.482636][ T8472] _raw_read_lock+0x5b/0x70 [ 74.482641][ T8472] f_getown+0x1b/0xb0 [ 74.482648][ T8472] sock_ioctl+0x528/0x730 [ 74.482653][ T8472] __x64_sys_ioctl+0x193/0x200 [ 74.482660][ T8472] do_syscall_64+0x2d/0x70 [ 74.482667][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.482670][ T8472] INITIAL READ USE at: [ 74.482677][ T8472] lock_acquire+0x29d/0x740 [ 74.482683][ T8472] _raw_read_lock+0x5b/0x70 [ 74.482688][ T8472] send_sigio+0x24/0x350 [ 74.482694][ T8472] kill_fasync+0x205/0x460 [ 74.482700][ T8472] evdev_pass_values.part.0+0x64e/0x970 [ 74.482705][ T8472] evdev_events+0x28b/0x3f0 [ 74.482711][ T8472] input_to_handler+0x2a0/0x4c0 [ 74.482718][ T8472] input_pass_values.part.0+0x284/0x700 [ 74.482725][ T8472] input_handle_event+0x324/0x1400 [ 74.482732][ T8472] input_inject_event+0x2f5/0x310 [ 74.482737][ T8472] evdev_write+0x430/0x760 [ 74.482744][ T8472] vfs_write+0x28e/0xa30 [ 74.482750][ T8472] ksys_write+0x1ee/0x250 [ 74.482757][ T8472] do_syscall_64+0x2d/0x70 [ 74.482764][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.482765][ T8472] } [ 74.482773][ T8472] ... key at: [] __key.5+0x0/0x40 [ 74.482775][ T8472] ... acquired at: [ 74.482780][ T8472] __lock_acquire+0x120a/0x5500 [ 74.482785][ T8472] lock_acquire+0x29d/0x740 [ 74.482791][ T8472] _raw_read_lock+0x5b/0x70 [ 74.482796][ T8472] f_getown+0x1b/0xb0 [ 74.482801][ T8472] sock_ioctl+0x528/0x730 [ 74.482807][ T8472] __x64_sys_ioctl+0x193/0x200 [ 74.482813][ T8472] do_syscall_64+0x2d/0x70 [ 74.482820][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.482821][ T8472] [ 74.482823][ T8472] [ 74.482823][ T8472] stack backtrace: [ 74.482831][ T8472] CPU: 0 PID: 8472 Comm: syz-executor049 Not tainted 5.10.0-rc6-syzkaller #0 [ 74.482835][ T8472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.482838][ T8472] Call Trace: [ 74.482849][ T8472] dump_stack+0x107/0x163 [ 74.482860][ T8472] mark_lock.cold+0x1a/0x73 [ 74.482869][ T8472] ? lock_chain_count+0x20/0x20 [ 74.482875][ T8472] ? lock_downgrade+0x6d0/0x6d0 [ 74.482884][ T8472] __lock_acquire+0x120a/0x5500 [ 74.482895][ T8472] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.482903][ T8472] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.482910][ T8472] lock_acquire+0x29d/0x740 [ 74.482916][ T8472] ? f_getown+0x1b/0xb0 [ 74.482922][ T8472] ? lock_release+0x710/0x710 [ 74.482930][ T8472] ? __might_fault+0xd3/0x180 [ 74.482936][ T8472] ? lock_downgrade+0x6d0/0x6d0 [ 74.482944][ T8472] _raw_read_lock+0x5b/0x70 [ 74.482950][ T8472] ? f_getown+0x1b/0xb0 [ 74.482956][ T8472] f_getown+0x1b/0xb0 [ 74.482962][ T8472] sock_ioctl+0x528/0x730 [ 74.482969][ T8472] ? dlci_ioctl_set+0x30/0x30 [ 74.482976][ T8472] ? __sys_socket+0x16d/0x200 [ 74.483003][ T8472] ? bpf_lsm_file_ioctl+0x5/0x10 [ 74.483009][ T8472] ? dlci_ioctl_set+0x30/0x30 [ 74.483016][ T8472] __x64_sys_ioctl+0x193/0x200 [ 74.483024][ T8472] do_syscall_64+0x2d/0x70 [ 74.483031][ T8472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.483038][ T8472] RIP: 0033:0x444129 [ 74.483048][ T8472] Code: 23 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b d7 fb ff