[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.213' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 70.359158][ T8401] [ 70.359166][ T8401] ======================================================== [ 70.359172][ T8401] WARNING: possible irq lock inversion dependency detected [ 70.359179][ T8401] 5.12.0-rc5-syzkaller #0 Not tainted [ 70.359190][ T8401] -------------------------------------------------------- [ 70.359196][ T8401] syz-executor888/8401 just changed the state of lock: [ 70.359206][ T8401] ffff888011cb20c0 (&new->fa_lock){.+..}-{2:2}, at: kill_fasync+0x14b/0x460 [ 70.395321][ T8401] but this lock was taken by another, HARDIRQ-safe lock in the past: [ 70.395331][ T8401] (&dev->event_lock){-.-.}-{2:2} [ 70.395351][ T8401] [ 70.395351][ T8401] [ 70.395351][ T8401] and interrupts could create inverse lock ordering between them. [ 70.395351][ T8401] [ 70.395358][ T8401] [ 70.395358][ T8401] other info that might help us debug this: [ 70.395364][ T8401] Chain exists of: [ 70.395364][ T8401] &dev->event_lock --> &client->buffer_lock --> &new->fa_lock [ 70.395364][ T8401] [ 70.395396][ T8401] Possible interrupt unsafe locking scenario: [ 70.395396][ T8401] [ 70.395401][ T8401] CPU0 CPU1 [ 70.395406][ T8401] ---- ---- [ 70.395410][ T8401] lock(&new->fa_lock); [ 70.476066][ T8401] local_irq_disable(); [ 70.476074][ T8401] lock(&dev->event_lock); [ 70.476090][ T8401] lock(&client->buffer_lock); [ 70.476102][ T8401] [ 70.476105][ T8401] lock(&dev->event_lock); [ 70.476115][ T8401] [ 70.476115][ T8401] *** DEADLOCK *** [ 70.476115][ T8401] [ 70.476119][ T8401] 2 locks held by syz-executor888/8401: [ 70.476154][ T8401] #0: ffffffff8fe98758 (&fsnotify_mark_srcu){....}-{0:0}, at: fsnotify+0x2ed/0x1070 [ 70.476216][ T8401] #1: ffffffff8bf74320 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x3d/0x460 [ 70.476267][ T8401] [ 70.476267][ T8401] the shortest dependencies between 2nd lock and 1st lock: [ 70.476289][ T8401] -> (&dev->event_lock){-.-.}-{2:2} { [ 70.476317][ T8401] IN-HARDIRQ-W at: [ 70.476328][ T8401] lock_acquire+0x1ab/0x740 [ 70.562923][ T8401] _raw_spin_lock_irqsave+0x39/0x50 [ 70.562966][ T8401] input_event+0x7b/0xb0 [ 70.562986][ T8401] psmouse_report_standard_buttons+0x2c/0x80 [ 70.563013][ T8401] psmouse_process_byte+0x1e1/0x890 [ 70.563038][ T8401] psmouse_handle_byte+0x41/0x1b0 [ 70.563062][ T8401] psmouse_interrupt+0x304/0xf00 [ 70.605510][ T8401] serio_interrupt+0x88/0x150 [ 70.612169][ T8401] i8042_interrupt+0x27a/0x520 [ 70.618916][ T8401] __handle_irq_event_percpu+0x303/0x8f0 [ 70.626528][ T8401] handle_irq_event+0x102/0x290 [ 70.633354][ T8401] handle_edge_irq+0x25f/0xd00 [ 70.640095][ T8401] __common_interrupt+0x9e/0x200 [ 70.647016][ T8401] common_interrupt+0x9f/0xd0 [ 70.653669][ T8401] asm_common_interrupt+0x1e/0x40 [ 70.660687][ T8401] _raw_spin_unlock_irqrestore+0x38/0x70 [ 70.668296][ T8401] debug_check_no_obj_freed+0x20c/0x420 [ 70.675819][ T8401] slab_free_freelist_hook+0x147/0x210 [ 70.683260][ T8401] kmem_cache_free+0x8a/0x740 [ 70.689920][ T8401] rcu_core+0x74a/0x12f0 [ 70.696155][ T8401] __do_softirq+0x29b/0x9f6 [ 70.702638][ T8401] run_ksoftirqd+0x2d/0x60 [ 70.709031][ T8401] smpboot_thread_fn+0x655/0x9e0 [ 70.715945][ T8401] kthread+0x3b1/0x4a0 [ 70.721993][ T8401] ret_from_fork+0x1f/0x30 [ 70.728385][ T8401] IN-SOFTIRQ-W at: [ 70.732516][ T8401] lock_acquire+0x1ab/0x740 [ 70.739008][ T8401] _raw_spin_lock_irqsave+0x39/0x50 [ 70.746190][ T8401] input_event+0x7b/0xb0 [ 70.752413][ T8401] psmouse_report_standard_buttons+0x2c/0x80 [ 70.760374][ T8401] psmouse_process_byte+0x1e1/0x890 [ 70.767562][ T8401] psmouse_handle_byte+0x41/0x1b0 [ 70.774579][ T8401] psmouse_interrupt+0x304/0xf00 [ 70.781498][ T8401] serio_interrupt+0x88/0x150 [ 70.788163][ T8401] i8042_interrupt+0x27a/0x520 [ 70.794926][ T8401] __handle_irq_event_percpu+0x303/0x8f0 [ 70.802560][ T8401] handle_irq_event+0x102/0x290 [ 70.809391][ T8401] handle_edge_irq+0x25f/0xd00 [ 70.816135][ T8401] __common_interrupt+0x9e/0x200 [ 70.823050][ T8401] common_interrupt+0x9f/0xd0 [ 70.829705][ T8401] asm_common_interrupt+0x1e/0x40 [ 70.836727][ T8401] _raw_spin_unlock_irqrestore+0x38/0x70 [ 70.844336][ T8401] debug_check_no_obj_freed+0x20c/0x420 [ 70.851868][ T8401] slab_free_freelist_hook+0x147/0x210 [ 70.859322][ T8401] kmem_cache_free+0x8a/0x740 [ 70.866006][ T8401] rcu_core+0x74a/0x12f0 [ 70.872243][ T8401] __do_softirq+0x29b/0x9f6 [ 70.878725][ T8401] run_ksoftirqd+0x2d/0x60 [ 70.885117][ T8401] smpboot_thread_fn+0x655/0x9e0 [ 70.892033][ T8401] kthread+0x3b1/0x4a0 [ 70.898081][ T8401] ret_from_fork+0x1f/0x30 [ 70.904474][ T8401] INITIAL USE at: [ 70.908532][ T8401] lock_acquire+0x1ab/0x740 [ 70.914924][ T8401] _raw_spin_lock_irqsave+0x39/0x50 [ 70.922011][ T8401] input_inject_event+0xa6/0x310 [ 70.928839][ T8401] led_set_brightness_nosleep+0xe6/0x1a0 [ 70.936363][ T8401] led_set_brightness+0x134/0x170 [ 70.943292][ T8401] led_trigger_event+0x75/0xd0 [ 70.949947][ T8401] kbd_led_trigger_activate+0xfa/0x130 [ 70.957299][ T8401] led_trigger_set+0x61e/0xbd0 [ 70.963955][ T8401] led_trigger_set_default+0x1a6/0x230 [ 70.971306][ T8401] led_classdev_register_ext+0x5b1/0x7c0 [ 70.978834][ T8401] input_leds_connect+0x3fb/0x740 [ 70.985748][ T8401] input_attach_handler+0x180/0x1f0 [ 70.992838][ T8401] input_register_device.cold+0xf0/0x307 [ 71.000361][ T8401] atkbd_connect+0x739/0xa10 [ 71.006841][ T8401] serio_driver_probe+0x72/0xa0 [ 71.013580][ T8401] really_probe+0x291/0xe60 [ 71.019975][ T8401] driver_probe_device+0x26b/0x3d0 [ 71.026975][ T8401] device_driver_attach+0x228/0x290 [ 71.034062][ T8401] __driver_attach+0x15b/0x2f0 [ 71.040714][ T8401] bus_for_each_dev+0x147/0x1d0 [ 71.047450][ T8401] serio_handle_event+0x5f6/0xa30 [ 71.054366][ T8401] process_one_work+0x98d/0x1600 [ 71.061202][ T8401] worker_thread+0x64c/0x1120 [ 71.067767][ T8401] kthread+0x3b1/0x4a0 [ 71.073741][ T8401] ret_from_fork+0x1f/0x30 [ 71.080069][ T8401] } [ 71.082722][ T8401] ... key at: [] __key.8+0x0/0x40 [ 71.089999][ T8401] ... acquired at: [ 71.093952][ T8401] _raw_spin_lock+0x2a/0x40 [ 71.098606][ T8401] evdev_pass_values.part.0+0xf6/0x970 [ 71.104218][ T8401] evdev_events+0x28b/0x3f0 [ 71.108887][ T8401] input_to_handler+0x2a0/0x4c0 [ 71.113893][ T8401] input_pass_values.part.0+0x284/0x700 [ 71.119607][ T8401] input_handle_event+0x373/0x1440 [ 71.124871][ T8401] input_inject_event+0x2f5/0x310 [ 71.130048][ T8401] evdev_write+0x430/0x760 [ 71.134621][ T8401] vfs_write+0x28e/0xa30 [ 71.139016][ T8401] ksys_write+0x1ee/0x250 [ 71.143499][ T8401] do_syscall_64+0x2d/0x70 [ 71.148088][ T8401] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.154150][ T8401] [ 71.156454][ T8401] -> (&client->buffer_lock){....}-{2:2} { [ 71.162249][ T8401] INITIAL USE at: [ 71.166220][ T8401] lock_acquire+0x1ab/0x740 [ 71.172439][ T8401] _raw_spin_lock+0x2a/0x40 [ 71.178658][ T8401] evdev_pass_values.part.0+0xf6/0x970 [ 71.185851][ T8401] evdev_events+0x28b/0x3f0 [ 71.192071][ T8401] input_to_handler+0x2a0/0x4c0 [ 71.198638][ T8401] input_pass_values.part.0+0x284/0x700 [ 71.205905][ T8401] input_handle_event+0x373/0x1440 [ 71.212741][ T8401] input_inject_event+0x2f5/0x310 [ 71.219503][ T8401] evdev_write+0x430/0x760 [ 71.225644][ T8401] vfs_write+0x28e/0xa30 [ 71.231608][ T8401] ksys_write+0x1ee/0x250 [ 71.237665][ T8401] do_syscall_64+0x2d/0x70 [ 71.243802][ T8401] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.251413][ T8401] } [ 71.253975][ T8401] ... key at: [] __key.4+0x0/0x40 [ 71.261154][ T8401] ... acquired at: [ 71.265019][ T8401] _raw_read_lock+0x5b/0x70 [ 71.269678][ T8401] kill_fasync+0x14b/0x460 [ 71.274249][ T8401] evdev_pass_values.part.0+0x64e/0x970 [ 71.279949][ T8401] evdev_events+0x28b/0x3f0 [ 71.284604][ T8401] input_to_handler+0x2a0/0x4c0 [ 71.289608][ T8401] input_pass_values.part.0+0x284/0x700 [ 71.295305][ T8401] input_handle_event+0x373/0x1440 [ 71.300581][ T8401] input_inject_event+0x2f5/0x310 [ 71.305758][ T8401] evdev_write+0x430/0x760 [ 71.310342][ T8401] vfs_write+0x28e/0xa30 [ 71.314739][ T8401] ksys_write+0x1ee/0x250 [ 71.319234][ T8401] do_syscall_64+0x2d/0x70 [ 71.323806][ T8401] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.329853][ T8401] [ 71.332171][ T8401] -> (&new->fa_lock){.+..}-{2:2} { [ 71.337272][ T8401] HARDIRQ-ON-R at: [ 71.341227][ T8401] lock_acquire+0x1ab/0x740 [ 71.347362][ T8401] _raw_read_lock+0x5b/0x70 [ 71.353495][ T8401] kill_fasync+0x14b/0x460 [ 71.359542][ T8401] fsnotify_add_event+0x398/0x4e0 [ 71.366209][ T8401] inotify_handle_inode_event+0x340/0x5f0 [ 71.373573][ T8401] fsnotify_handle_inode_event.isra.0+0x1b8/0x270 [ 71.381634][ T8401] fsnotify+0xbf9/0x1070 [ 71.387623][ T8401] do_sys_openat2+0x3a3/0x420 [ 71.393980][ T8401] __x64_sys_open+0x119/0x1c0 [ 71.400296][ T8401] do_syscall_64+0x2d/0x70 [ 71.406359][ T8401] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.413897][ T8401] INITIAL READ USE at: [ 71.418209][ T8401] lock_acquire+0x1ab/0x740 [ 71.424699][ T8401] _raw_read_lock+0x5b/0x70 [ 71.431187][ T8401] kill_fasync+0x14b/0x460 [ 71.437597][ T8401] evdev_pass_values.part.0+0x64e/0x970 [ 71.445122][ T8401] evdev_events+0x28b/0x3f0 [ 71.451603][ T8401] input_to_handler+0x2a0/0x4c0 [ 71.458434][ T8401] input_pass_values.part.0+0x284/0x700 [ 71.465961][ T8401] input_handle_event+0x373/0x1440 [ 71.473066][ T8401] input_inject_event+0x2f5/0x310 [ 71.480079][ T8401] evdev_write+0x430/0x760 [ 71.486475][ T8401] vfs_write+0x28e/0xa30 [ 71.492696][ T8401] ksys_write+0x1ee/0x250 [ 71.499003][ T8401] do_syscall_64+0x2d/0x70 [ 71.505406][ T8401] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.513335][ T8401] } [ 71.515821][ T8401] ... key at: [] __key.0+0x0/0x40 [ 71.522918][ T8401] ... acquired at: [ 71.526713][ T8401] __lock_acquire+0x121c/0x54c0 [ 71.531719][ T8401] lock_acquire+0x1ab/0x740 [ 71.536390][ T8401] _raw_read_lock+0x5b/0x70 [ 71.541051][ T8401] kill_fasync+0x14b/0x460 [ 71.545625][ T8401] fsnotify_add_event+0x398/0x4e0 [ 71.550825][ T8401] inotify_handle_inode_event+0x340/0x5f0 [ 71.556697][ T8401] fsnotify_handle_inode_event.isra.0+0x1b8/0x270 [ 71.563266][ T8401] fsnotify+0xbf9/0x1070 [ 71.567665][ T8401] do_sys_openat2+0x3a3/0x420 [ 71.572503][ T8401] __x64_sys_open+0x119/0x1c0 [ 71.577332][ T8401] do_syscall_64+0x2d/0x70 [ 71.581904][ T8401] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.587952][ T8401] [ 71.590253][ T8401] [ 71.590253][ T8401] stack backtrace: [ 71.596131][ T8401] CPU: 0 PID: 8401 Comm: syz-executor888 Not tainted 5.12.0-rc5-syzkaller #0 [ 71.604873][ T8401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.614907][ T8401] Call Trace: [ 71.618172][ T8401] dump_stack+0x141/0x1d7 [ 71.622503][ T8401] mark_lock.cold+0x1d/0x8e [ 71.627047][ T8401] ? lock_chain_count+0x20/0x20 [ 71.631894][ T8401] ? lockdep_unlock+0x11c/0x290 [ 71.636735][ T8401] ? __lock_acquire+0x2506/0x54c0 [ 71.641749][ T8401] __lock_acquire+0x121c/0x54c0 [ 71.646588][ T8401] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.652561][ T8401] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.658526][ T8401] lock_acquire+0x1ab/0x740 [ 71.663011][ T8401] ? kill_fasync+0x14b/0x460 [ 71.667582][ T8401] ? lock_release+0x720/0x720 [ 71.672242][ T8401] ? lock_release+0x720/0x720 [ 71.676918][ T8401] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 71.682709][ T8401] ? __wake_up_common_lock+0xde/0x130 [ 71.688067][ T8401] ? __wake_up_common+0x650/0x650 [ 71.693072][ T8401] ? lock_downgrade+0x6e0/0x6e0 [ 71.697904][ T8401] _raw_read_lock+0x5b/0x70 [ 71.702392][ T8401] ? kill_fasync+0x14b/0x460 [ 71.706962][ T8401] kill_fasync+0x14b/0x460 [ 71.711359][ T8401] fsnotify_add_event+0x398/0x4e0 [ 71.716368][ T8401] inotify_handle_inode_event+0x340/0x5f0 [ 71.722098][ T8401] ? idr_callback+0x70/0x70 [ 71.726588][ T8401] fsnotify_handle_inode_event.isra.0+0x1b8/0x270 [ 71.732996][ T8401] fsnotify+0xbf9/0x1070 [ 71.737221][ T8401] ? fsnotify_first_mark+0x1f0/0x1f0 [ 71.742495][ T8401] ? alloc_fd+0x2bc/0x640 [ 71.746809][ T8401] do_sys_openat2+0x3a3/0x420 [ 71.751469][ T8401] ? build_open_flags+0x6f0/0x6f0 [ 71.756473][ T8401] ? __context_tracking_exit+0xb8/0xe0 [ 71.761927][ T8401] ? lock_downgrade+0x6e0/0x6e0 [ 71.766773][ T8401] __x64_sys_open+0x119/0x1c0 [ 71.771430][ T8401] ? do_sys_open+0x140/0x140 [ 71.776003][ T8401] ? syscall_enter_from_user_mode+0x27/0x70 [ 71.781879][ T8401] do_syscall_64+0x2d/0x70 [ 71.786279][ T8401] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.792155][ T8401] RIP: 0033:0x443679 [ 71.796033][ T8401] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [