[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.215' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.034022][ T8427] [ 71.036392][ T8427] ======================================================== [ 71.043575][ T8427] WARNING: possible irq lock inversion dependency detected [ 71.051006][ T8427] 5.13.0-rc2-next-20210518-syzkaller #0 Not tainted [ 71.057573][ T8427] -------------------------------------------------------- [ 71.064745][ T8427] syz-executor494/8427 just changed the state of lock: [ 71.071579][ T8427] ffff888018b0a3b8 (&f->f_owner.lock){.+..}-{2:2}, at: f_getown+0x23/0x2a0 [ 71.080270][ T8427] but this lock was taken by another, HARDIRQ-safe lock in the past: [ 71.088318][ T8427] (&dev->event_lock){-...}-{2:2} [ 71.088336][ T8427] [ 71.088336][ T8427] [ 71.088336][ T8427] and interrupts could create inverse lock ordering between them. [ 71.088336][ T8427] [ 71.107609][ T8427] [ 71.107609][ T8427] other info that might help us debug this: [ 71.115765][ T8427] Chain exists of: [ 71.115765][ T8427] &dev->event_lock --> &new->fa_lock --> &f->f_owner.lock [ 71.115765][ T8427] [ 71.128785][ T8427] Possible interrupt unsafe locking scenario: [ 71.128785][ T8427] [ 71.137080][ T8427] CPU0 CPU1 [ 71.142599][ T8427] ---- ---- [ 71.147943][ T8427] lock(&f->f_owner.lock); [ 71.152439][ T8427] local_irq_disable(); [ 71.159186][ T8427] lock(&dev->event_lock); [ 71.166188][ T8427] lock(&new->fa_lock); [ 71.172928][ T8427] [ 71.176360][ T8427] lock(&dev->event_lock); [ 71.181026][ T8427] [ 71.181026][ T8427] *** DEADLOCK *** [ 71.181026][ T8427] [ 71.189149][ T8427] no locks held by syz-executor494/8427. [ 71.194761][ T8427] [ 71.194761][ T8427] the shortest dependencies between 2nd lock and 1st lock: [ 71.204135][ T8427] -> (&dev->event_lock){-...}-{2:2} { [ 71.209778][ T8427] IN-HARDIRQ-W at: [ 71.214031][ T8427] lock_acquire+0x1ab/0x740 [ 71.220705][ T8427] _raw_spin_lock_irqsave+0x39/0x50 [ 71.228084][ T8427] input_event+0x7b/0xb0 [ 71.234482][ T8427] psmouse_report_standard_buttons+0x2c/0x80 [ 71.242626][ T8427] psmouse_process_byte+0x1e1/0x890 [ 71.249993][ T8427] psmouse_handle_byte+0x41/0x1b0 [ 71.257267][ T8427] psmouse_interrupt+0x304/0xf00 [ 71.264359][ T8427] serio_interrupt+0x88/0x150 [ 71.271204][ T8427] i8042_interrupt+0x27a/0x520 [ 71.278136][ T8427] __handle_irq_event_percpu+0x303/0x8f0 [ 71.285927][ T8427] handle_irq_event+0x102/0x290 [ 71.292946][ T8427] handle_edge_irq+0x25f/0xd00 [ 71.299916][ T8427] __common_interrupt+0x9d/0x210 [ 71.307016][ T8427] common_interrupt+0x9f/0xd0 [ 71.313854][ T8427] asm_common_interrupt+0x1e/0x40 [ 71.321203][ T8427] _raw_spin_unlock_irqrestore+0x38/0x70 [ 71.328997][ T8427] i8042_command+0x12e/0x150 [ 71.335749][ T8427] i8042_aux_write+0xd7/0x120 [ 71.342710][ T8427] ps2_do_sendbyte+0x2cf/0x710 [ 71.349632][ T8427] ps2_sendbyte+0x58/0x150 [ 71.356239][ T8427] cypress_ps2_sendbyte+0x2e/0x160 [ 71.363506][ T8427] cypress_send_ext_cmd+0x1d0/0x8e0 [ 71.370861][ T8427] cypress_detect+0x75/0x190 [ 71.377621][ T8427] psmouse_try_protocol+0x211/0x370 [ 71.384987][ T8427] psmouse_extensions+0x557/0x930 [ 71.392184][ T8427] psmouse_switch_protocol+0x52a/0x740 [ 71.399990][ T8427] psmouse_connect+0x5e9/0xfd0 [ 71.407005][ T8427] serio_driver_probe+0x72/0xa0 [ 71.414020][ T8427] really_probe+0x291/0xf60 [ 71.420696][ T8427] driver_probe_device+0x298/0x410 [ 71.427974][ T8427] device_driver_attach+0x228/0x290 [ 71.435347][ T8427] __driver_attach+0x190/0x340 [ 71.442277][ T8427] bus_for_each_dev+0x147/0x1d0 [ 71.449453][ T8427] serio_handle_event+0x5f6/0xa30 [ 71.456632][ T8427] process_one_work+0x98d/0x1600 [ 71.463833][ T8427] worker_thread+0x64c/0x1120 [ 71.470719][ T8427] kthread+0x3b1/0x4a0 [ 71.476950][ T8427] ret_from_fork+0x1f/0x30 [ 71.483529][ T8427] INITIAL USE at: [ 71.487673][ T8427] lock_acquire+0x1ab/0x740 [ 71.494238][ T8427] _raw_spin_lock_irqsave+0x39/0x50 [ 71.501504][ T8427] input_inject_event+0xa6/0x320 [ 71.508509][ T8427] led_set_brightness_nosleep+0xe6/0x1a0 [ 71.516223][ T8427] led_set_brightness+0x134/0x170 [ 71.523332][ T8427] led_trigger_event+0x75/0xd0 [ 71.530160][ T8427] kbd_led_trigger_activate+0xc9/0x100 [ 71.537702][ T8427] led_trigger_set+0x61e/0xbd0 [ 71.544543][ T8427] led_trigger_set_default+0x1a6/0x230 [ 71.552154][ T8427] led_classdev_register_ext+0x5b1/0x7c0 [ 71.559867][ T8427] input_leds_connect+0x4bd/0x860 [ 71.566959][ T8427] input_attach_handler+0x180/0x1f0 [ 71.574220][ T8427] input_register_device.cold+0xf0/0x304 [ 71.581917][ T8427] atkbd_connect+0x739/0xa00 [ 71.588575][ T8427] serio_driver_probe+0x72/0xa0 [ 71.595490][ T8427] really_probe+0x291/0xf60 [ 71.602059][ T8427] driver_probe_device+0x298/0x410 [ 71.609423][ T8427] device_driver_attach+0x228/0x290 [ 71.616799][ T8427] __driver_attach+0x190/0x340 [ 71.623646][ T8427] bus_for_each_dev+0x147/0x1d0 [ 71.630562][ T8427] serio_handle_event+0x5f6/0xa30 [ 71.637652][ T8427] process_one_work+0x98d/0x1600 [ 71.644658][ T8427] worker_thread+0x64c/0x1120 [ 71.651411][ T8427] kthread+0x3b1/0x4a0 [ 71.657549][ T8427] ret_from_fork+0x1f/0x30 [ 71.664044][ T8427] } [ 71.666781][ T8427] ... key at: [] __key.8+0x0/0x40 [ 71.674131][ T8427] ... acquired at: [ 71.678188][ T8427] _raw_spin_lock+0x2a/0x40 [ 71.682863][ T8427] evdev_pass_values.part.0+0xf6/0x970 [ 71.688476][ T8427] evdev_events+0x359/0x3e0 [ 71.693133][ T8427] input_to_handler+0x2a0/0x4c0 [ 71.698138][ T8427] input_pass_values.part.0+0x230/0x710 [ 71.703863][ T8427] input_handle_event+0x373/0x1440 [ 71.709129][ T8427] input_inject_event+0x1bd/0x320 [ 71.714307][ T8427] evdev_write+0x430/0x760 [ 71.718892][ T8427] vfs_write+0x28e/0xa40 [ 71.723293][ T8427] ksys_write+0x1ee/0x250 [ 71.727779][ T8427] do_syscall_64+0x31/0xb0 [ 71.732887][ T8427] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.738947][ T8427] [ 71.741250][ T8427] -> (&client->buffer_lock){....}-{2:2} { [ 71.747134][ T8427] INITIAL USE at: [ 71.751187][ T8427] lock_acquire+0x1ab/0x740 [ 71.757598][ T8427] _raw_spin_lock+0x2a/0x40 [ 71.763996][ T8427] evdev_pass_values.part.0+0xf6/0x970 [ 71.771370][ T8427] evdev_events+0x359/0x3e0 [ 71.777774][ T8427] input_to_handler+0x2a0/0x4c0 [ 71.784525][ T8427] input_pass_values.part.0+0x230/0x710 [ 71.792081][ T8427] input_handle_event+0x373/0x1440 [ 71.799093][ T8427] input_inject_event+0x1bd/0x320 [ 71.806011][ T8427] evdev_write+0x430/0x760 [ 71.812323][ T8427] vfs_write+0x28e/0xa40 [ 71.818474][ T8427] ksys_write+0x1ee/0x250 [ 71.824696][ T8427] do_syscall_64+0x31/0xb0 [ 71.831003][ T8427] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.838795][ T8427] } [ 71.841449][ T8427] ... key at: [] __key.4+0x0/0x40 [ 71.848719][ T8427] ... acquired at: [ 71.852675][ T8427] _raw_read_lock+0x5b/0x70 [ 71.857352][ T8427] kill_fasync+0x132/0x460 [ 71.861941][ T8427] evdev_pass_values.part.0+0x64e/0x970 [ 71.867648][ T8427] evdev_events+0x359/0x3e0 [ 71.872341][ T8427] input_to_handler+0x2a0/0x4c0 [ 71.877369][ T8427] input_pass_values.part.0+0x230/0x710 [ 71.883074][ T8427] input_handle_event+0x373/0x1440 [ 71.888354][ T8427] input_inject_event+0x1bd/0x320 [ 71.893537][ T8427] evdev_write+0x430/0x760 [ 71.898116][ T8427] vfs_write+0x28e/0xa40 [ 71.902539][ T8427] ksys_write+0x1ee/0x250 [ 71.907026][ T8427] do_syscall_64+0x31/0xb0 [ 71.911597][ T8427] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.917659][ T8427] [ 71.919962][ T8427] -> (&new->fa_lock){....}-{2:2} { [ 71.925160][ T8427] INITIAL READ USE at: [ 71.929567][ T8427] lock_acquire+0x1ab/0x740 [ 71.936240][ T8427] _raw_read_lock+0x5b/0x70 [ 71.942903][ T8427] kill_fasync+0x132/0x460 [ 71.949475][ T8427] evdev_pass_values.part.0+0x64e/0x970 [ 71.957189][ T8427] evdev_events+0x359/0x3e0 [ 71.963857][ T8427] input_to_handler+0x2a0/0x4c0 [ 71.970879][ T8427] input_pass_values.part.0+0x230/0x710 [ 71.978579][ T8427] input_handle_event+0x373/0x1440 [ 71.985867][ T8427] input_inject_event+0x1bd/0x320 [ 71.993046][ T8427] evdev_write+0x430/0x760 [ 71.999616][ T8427] vfs_write+0x28e/0xa40 [ 72.006023][ T8427] ksys_write+0x1ee/0x250 [ 72.012506][ T8427] do_syscall_64+0x31/0xb0 [ 72.019076][ T8427] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.027211][ T8427] } [ 72.029803][ T8427] ... key at: [] __key.0+0x0/0x40 [ 72.037003][ T8427] ... acquired at: [ 72.040903][ T8427] _raw_read_lock_irqsave+0x70/0x90 [ 72.046270][ T8427] send_sigio+0x24/0x370 [ 72.050692][ T8427] kill_fasync+0x1ec/0x460 [ 72.055273][ T8427] evdev_pass_values.part.0+0x64e/0x970 [ 72.060976][ T8427] evdev_events+0x359/0x3e0 [ 72.065634][ T8427] input_to_handler+0x2a0/0x4c0 [ 72.070650][ T8427] input_pass_values.part.0+0x230/0x710 [ 72.076359][ T8427] input_handle_event+0x373/0x1440 [ 72.081624][ T8427] input_inject_event+0x1bd/0x320 [ 72.086838][ T8427] evdev_write+0x430/0x760 [ 72.091690][ T8427] vfs_write+0x28e/0xa40 [ 72.096098][ T8427] ksys_write+0x1ee/0x250 [ 72.100580][ T8427] do_syscall_64+0x31/0xb0 [ 72.105151][ T8427] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.111202][ T8427] [ 72.113506][ T8427] -> (&f->f_owner.lock){.+..}-{2:2} { [ 72.118868][ T8427] HARDIRQ-ON-R at: [ 72.122859][ T8427] lock_acquire+0x1ab/0x740 [ 72.129008][ T8427] _raw_read_lock+0x5b/0x70 [ 72.135143][ T8427] f_getown+0x23/0x2a0 [ 72.140891][ T8427] sock_ioctl+0x4ba/0x6a0 [ 72.146867][ T8427] __x64_sys_ioctl+0x193/0x200 [ 72.153270][ T8427] do_syscall_64+0x31/0xb0 [ 72.159318][ T8427] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.166966][ T8427] INITIAL READ USE at: [ 72.171296][ T8427] lock_acquire+0x1ab/0x740 [ 72.177804][ T8427] _raw_read_lock_irqsave+0x70/0x90 [ 72.184985][ T8427] send_sigio+0x24/0x370 [ 72.191477][ T8427] kill_fasync+0x1ec/0x460 [ 72.197899][ T8427] evdev_pass_values.part.0+0x64e/0x970 [ 72.205427][ T8427] evdev_events+0x359/0x3e0 [ 72.211922][ T8427] input_to_handler+0x2a0/0x4c0 [ 72.218807][ T8427] input_pass_values.part.0+0x230/0x710 [ 72.226339][ T8427] input_handle_event+0x373/0x1440 [ 72.233430][ T8427] input_inject_event+0x1bd/0x320 [ 72.240575][ T8427] evdev_write+0x430/0x760 [ 72.246989][ T8427] vfs_write+0x28e/0xa40 [ 72.253228][ T8427] ksys_write+0x1ee/0x250 [ 72.259550][ T8427] do_syscall_64+0x31/0xb0 [ 72.265947][ T8427] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.273833][ T8427] } [ 72.276323][ T8427] ... key at: [] __key.5+0x0/0x40 [ 72.283422][ T8427] ... acquired at: [ 72.287232][ T8427] __lock_acquire+0x120f/0x5230 [ 72.292250][ T8427] lock_acquire+0x1ab/0x740 [ 72.296910][ T8427] _raw_read_lock+0x5b/0x70 [ 72.301573][ T8427] f_getown+0x23/0x2a0 [ 72.305796][ T8427] sock_ioctl+0x4ba/0x6a0 [ 72.310283][ T8427] __x64_sys_ioctl+0x193/0x200 [ 72.315203][ T8427] do_syscall_64+0x31/0xb0 [ 72.319783][ T8427] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.325880][ T8427] [ 72.328189][ T8427] [ 72.328189][ T8427] stack backtrace: [ 72.334055][ T8427] CPU: 0 PID: 8427 Comm: syz-executor494 Not tainted 5.13.0-rc2-next-20210518-syzkaller #0 [ 72.344012][ T8427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.354052][ T8427] Call Trace: [ 72.357332][ T8427] dump_stack_lvl+0x13e/0x1d6 [ 72.362033][ T8427] mark_lock.cold+0x1d/0x8e [ 72.366534][ T8427] ? lock_chain_count+0x20/0x20 [ 72.371424][ T8427] ? lock_chain_count+0x20/0x20 [ 72.376260][ T8427] ? find_held_lock+0x2d/0x110 [ 72.381008][ T8427] __lock_acquire+0x120f/0x5230 [ 72.385842][ T8427] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.391804][ T8427] ? tomoyo_path_number_perm+0x24e/0x590 [ 72.397423][ T8427] lock_acquire+0x1ab/0x740 [ 72.401920][ T8427] ? f_getown+0x23/0x2a0 [ 72.406153][ T8427] ? lock_release+0x720/0x720 [ 72.410830][ T8427] ? __might_fault+0xd3/0x180 [ 72.415490][ T8427] ? lock_downgrade+0x6e0/0x6e0 [ 72.420322][ T8427] _raw_read_lock+0x5b/0x70 [ 72.424832][ T8427] ? f_getown+0x23/0x2a0 [ 72.429058][ T8427] f_getown+0x23/0x2a0 [ 72.433122][ T8427] sock_ioctl+0x4ba/0x6a0 [ 72.437437][ T8427] ? vlan_ioctl_set+0x30/0x30 [ 72.442109][ T8427] ? lock_downgrade+0x6e0/0x6e0 [ 72.446943][ T8427] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.453165][ T8427] ? vlan_ioctl_set+0x30/0x30 [ 72.457828][ T8427] __x64_sys_ioctl+0x193/0x200 [ 72.462575][ T8427] do_syscall_64+0x31/0xb0 [ 72.467144][ T8427] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.473024][ T8427] RIP: 0033:0x443599 [ 72.476914][ T8427] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.496511][ T8427] RSP: 002b:00007ffd25395128 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 72.504950][ T8427] RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000443599 [ 72.513062][ T8427] RDX: 0000000000000000 RSI: 0000000000008904 RDI: 0000000000000004 [ 72.521025][ T8427] RBP: 0000000000403140 R08: 00000000004004a0 R09: 00000000004004a0 [ 72.528990][ T8427] R10: 00000000004004a0 R11: 0000000000000246 R12: 00000000004031d0 [ 72.536946][ T8427] R13: 0000000000000000 R1