syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [960] 🐞 Fixed [3811] 🐞 Invalid [8183] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | possible deadlock in snd_timer_notify | 119 | 200d | 307d | 22/22 | fixed on 2021/11/10 00:50 |
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
5.18.0-syzkaller-10037-g7e284070abe5 #0 Not tainted
-----------------------------------------------------
syz-executor.0/13065 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff8ba0a098 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xab/0x380 fs/fcntl.c:791
and this task is already holding:
ffff88807e08f7b0 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x24/0x380 fs/fcntl.c:777
which would create a new lock dependency:
(&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&timer->lock){..-.}-{2:2}
... which became SOFTIRQ-irq-safe at:
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
snd_timer_notify sound/core/timer.c:1086 [inline]
snd_timer_notify+0x10c/0x3d0 sound/core/timer.c:1073
snd_pcm_timer_notify sound/core/pcm_native.c:608 [inline]
snd_pcm_post_stop+0x195/0x1f0 sound/core/pcm_native.c:1512
snd_pcm_action_single sound/core/pcm_native.c:1283 [inline]
snd_pcm_drain_done+0xdc/0x120 sound/core/pcm_native.c:1550
snd_pcm_update_state+0x43b/0x540 sound/core/pcm_lib.c:191
snd_pcm_update_hw_ptr0+0xa75/0x1a50 sound/core/pcm_lib.c:465
snd_pcm_period_elapsed_under_stream_lock+0x15a/0x230 sound/core/pcm_lib.c:1817
snd_pcm_period_elapsed+0x28/0x50 sound/core/pcm_lib.c:1849
loopback_jiffies_timer_function+0x1c4/0x240 sound/drivers/aloop.c:668
call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers.part.0+0x679/0xa80 kernel/time/timer.c:1790
__run_timers kernel/time/timer.c:1768 [inline]
run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
__do_softirq+0x29b/0x9c2 kernel/softirq.c:571
invoke_softirq kernel/softirq.c:445 [inline]
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x45/0xc0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649
to a SOFTIRQ-irq-unsafe lock:
(tasklist_lock){.+.+}-{2:2}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1508
kernel_wait+0x9c/0x150 kernel/exit.c:1698
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
other info that might help us debug this:
Chain exists of:
&timer->lock --> &f->f_owner.lock --> tasklist_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(tasklist_lock);
local_irq_disable();
lock(&timer->lock);
lock(&f->f_owner.lock);
<Interrupt>
lock(&timer->lock);
*** DEADLOCK ***
5 locks held by syz-executor.0/13065:
#0: ffff8880437be5e8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe3/0x100 fs/file.c:1063
#1: ffff888078214de8 (&type->i_mutex_dir_key#5){++++}-{3:3}, at: iterate_dir+0xcd/0x6f0 fs/readdir.c:55
#2: ffffffff90674748 (&fsnotify_mark_srcu){....}-{0:0}, at: fsnotify+0x2ec/0x13a0 fs/notify/fsnotify.c:541
#3: ffff888025fad038 (&mark->lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline]
#3: ffff888025fad038 (&mark->lock){+.+.}-{2:2}, at: dnotify_handle_event+0x47/0x280 fs/notify/dnotify/dnotify.c:107
#4: ffff88807e08f7b0 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x24/0x380 fs/fcntl.c:777
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&timer->lock){..-.}-{2:2} {
IN-SOFTIRQ-W at:
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
snd_timer_notify sound/core/timer.c:1086 [inline]
snd_timer_notify+0x10c/0x3d0 sound/core/timer.c:1073
snd_pcm_timer_notify sound/core/pcm_native.c:608 [inline]
snd_pcm_post_stop+0x195/0x1f0 sound/core/pcm_native.c:1512
snd_pcm_action_single sound/core/pcm_native.c:1283 [inline]
snd_pcm_drain_done+0xdc/0x120 sound/core/pcm_native.c:1550
snd_pcm_update_state+0x43b/0x540 sound/core/pcm_lib.c:191
snd_pcm_update_hw_ptr0+0xa75/0x1a50 sound/core/pcm_lib.c:465
snd_pcm_period_elapsed_under_stream_lock+0x15a/0x230 sound/core/pcm_lib.c:1817
snd_pcm_period_elapsed+0x28/0x50 sound/core/pcm_lib.c:1849
loopback_jiffies_timer_function+0x1c4/0x240 sound/drivers/aloop.c:668
call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers.part.0+0x679/0xa80 kernel/time/timer.c:1790
__run_timers kernel/time/timer.c:1768 [inline]
run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
__do_softirq+0x29b/0x9c2 kernel/softirq.c:571
invoke_softirq kernel/softirq.c:445 [inline]
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x45/0xc0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline]
_raw_spin_lock_irq+0x32/0x50 kernel/locking/spinlock.c:170
spin_lock_irq include/linux/spinlock.h:374 [inline]
snd_timer_close_locked+0x63/0xbb0 sound/core/timer.c:396
snd_timer_close+0x87/0xf0 sound/core/timer.c:463
snd_seq_timer_close+0x8c/0xd0 sound/core/seq/seq_timer.c:326
queue_delete+0x4a/0xa0 sound/core/seq/seq_queue.c:134
snd_seq_queue_client_leave+0x37/0x1a0 sound/core/seq/seq_queue.c:565
seq_free_client1.part.0+0x10a/0x260 sound/core/seq/seq_clientmgr.c:280
seq_free_client1 sound/core/seq/seq_clientmgr.c:273 [inline]
seq_free_client+0x7b/0xf0 sound/core/seq/seq_clientmgr.c:301
snd_seq_release+0x4d/0xe0 sound/core/seq/seq_clientmgr.c:382
__fput+0x277/0x9d0 fs/file_table.c:317
task_work_run+0xdd/0x1a0 kernel/task_work.c:177
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop kernel/entry/common.c:169 [inline]
exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:201
__syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x46/0xb0
}
... key at: [<ffffffff9096fe00>] __key.10+0x0/0x40
-> (&new->fa_lock){....}-{2:2} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:326
fasync_remove_entry+0xb6/0x1e0 fs/fcntl.c:872
fasync_helper+0x9e/0xb0 fs/fcntl.c:975
sock_fasync+0x94/0x140 net/socket.c:1390
__fput+0x834/0x9d0 fs/file_table.c:314
task_work_run+0xdd/0x1a0 kernel/task_work.c:177
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop kernel/entry/common.c:169 [inline]
exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:201
__syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x46/0xb0
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:995 [inline]
kill_fasync fs/fcntl.c:1016 [inline]
kill_fasync+0x136/0x470 fs/fcntl.c:1009
sock_wake_async+0xd2/0x160 net/socket.c:1419
sk_wake_async include/net/sock.h:2480 [inline]
sk_wake_async include/net/sock.h:2476 [inline]
unix_write_space+0x2fb/0x5f0 net/unix/af_unix.c:518
sock_wfree+0x257/0x940 net/core/sock.c:2372
unix_destruct_scm+0x1ba/0x240 net/unix/scm.c:152
skb_release_head_state+0x9f/0x2a0 net/core/skbuff.c:729
skb_release_all net/core/skbuff.c:740 [inline]
__kfree_skb net/core/skbuff.c:756 [inline]
kfree_skb_reason.part.0+0x8a/0x2f0 net/core/skbuff.c:778
kfree_skb_reason+0x85/0x110 include/linux/refcount.h:279
kfree_skb include/linux/skbuff.h:1375 [inline]
skb_queue_purge+0x19/0x40 net/core/skbuff.c:3302
unix_dgram_disconnected+0x4b/0x180 net/unix/af_unix.c:530
unix_dgram_connect+0x50b/0xb30 net/unix/af_unix.c:1365
__sys_connect_file+0x14f/0x190 net/socket.c:1979
__sys_connect+0x161/0x190 net/socket.c:1996
__do_sys_connect net/socket.c:2006 [inline]
__se_sys_connect net/socket.c:2003 [inline]
__x64_sys_connect+0x6f/0xb0 net/socket.c:2003
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
}
... key at: [<ffffffff90671580>] __key.0+0x0/0x40
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:995 [inline]
kill_fasync fs/fcntl.c:1016 [inline]
kill_fasync+0x136/0x470 fs/fcntl.c:1009
snd_timer_user_ccallback+0x298/0x330 sound/core/timer.c:1386
snd_timer_notify1+0x11c/0x3b0 sound/core/timer.c:516
snd_timer_start1+0x4d4/0x800 sound/core/timer.c:578
snd_timer_start sound/core/timer.c:696 [inline]
snd_timer_start sound/core/timer.c:689 [inline]
snd_timer_user_start.isra.0+0x1e3/0x260 sound/core/timer.c:1984
__snd_timer_user_ioctl.isra.0+0xda4/0x2490 sound/core/timer.c:2107
snd_timer_user_ioctl+0x77/0xb0 sound/core/timer.c:2128
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
-> (&f->f_owner.lock){....}-{2:2} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:326
f_modown+0x2a/0x390 fs/fcntl.c:90
generic_add_lease fs/locks.c:1820 [inline]
generic_setlease+0x11bc/0x1760 fs/locks.c:1899
vfs_setlease+0xfd/0x120 fs/locks.c:1989
do_fcntl_add_lease fs/locks.c:2010 [inline]
fcntl_setlease+0x134/0x2c0 fs/locks.c:2032
do_fcntl+0x299/0x1040 fs/fcntl.c:402
__do_sys_fcntl fs/fcntl.c:453 [inline]
__se_sys_fcntl fs/fcntl.c:438 [inline]
__x64_sys_fcntl+0x15f/0x1d0 fs/fcntl.c:438
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
send_sigio+0x24/0x380 fs/fcntl.c:777
kill_fasync_rcu fs/fcntl.c:1002 [inline]
kill_fasync fs/fcntl.c:1016 [inline]
kill_fasync+0x1f8/0x470 fs/fcntl.c:1009
sock_wake_async+0xd2/0x160 net/socket.c:1419
sk_wake_async include/net/sock.h:2480 [inline]
sk_wake_async include/net/sock.h:2476 [inline]
unix_write_space+0x2fb/0x5f0 net/unix/af_unix.c:518
sock_wfree+0x257/0x940 net/core/sock.c:2372
unix_destruct_scm+0x1ba/0x240 net/unix/scm.c:152
skb_release_head_state+0x9f/0x2a0 net/core/skbuff.c:729
skb_release_all net/core/skbuff.c:740 [inline]
__kfree_skb net/core/skbuff.c:756 [inline]
kfree_skb_reason.part.0+0x8a/0x2f0 net/core/skbuff.c:778
kfree_skb_reason+0x85/0x110 include/linux/refcount.h:279
kfree_skb include/linux/skbuff.h:1375 [inline]
skb_queue_purge+0x19/0x40 net/core/skbuff.c:3302
unix_dgram_disconnected+0x4b/0x180 net/unix/af_unix.c:530
unix_dgram_connect+0x50b/0xb30 net/unix/af_unix.c:1365
__sys_connect_file+0x14f/0x190 net/socket.c:1979
__sys_connect+0x161/0x190 net/socket.c:1996
__do_sys_connect net/socket.c:2006 [inline]
__se_sys_connect net/socket.c:2003 [inline]
__x64_sys_connect+0x6f/0xb0 net/socket.c:2003
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
}
... key at: [<ffffffff906707a0>] __key.5+0x0/0x40
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
send_sigio+0x24/0x380 fs/fcntl.c:777
kill_fasync_rcu fs/fcntl.c:1002 [inline]
kill_fasync fs/fcntl.c:1016 [inline]
kill_fasync+0x1f8/0x470 fs/fcntl.c:1009
sock_wake_async+0xd2/0x160 net/socket.c:1419
sk_wake_async include/net/sock.h:2480 [inline]
sk_wake_async include/net/sock.h:2476 [inline]
unix_write_space+0x2fb/0x5f0 net/unix/af_unix.c:518
sock_wfree+0x257/0x940 net/core/sock.c:2372
unix_destruct_scm+0x1ba/0x240 net/unix/scm.c:152
skb_release_head_state+0x9f/0x2a0 net/core/skbuff.c:729
skb_release_all net/core/skbuff.c:740 [inline]
__kfree_skb net/core/skbuff.c:756 [inline]
kfree_skb_reason.part.0+0x8a/0x2f0 net/core/skbuff.c:778
kfree_skb_reason+0x85/0x110 include/linux/refcount.h:279
kfree_skb include/linux/skbuff.h:1375 [inline]
skb_queue_purge+0x19/0x40 net/core/skbuff.c:3302
unix_dgram_disconnected+0x4b/0x180 net/unix/af_unix.c:530
unix_dgram_connect+0x50b/0xb30 net/unix/af_unix.c:1365
__sys_connect_file+0x14f/0x190 net/socket.c:1979
__sys_connect+0x161/0x190 net/socket.c:1996
__do_sys_connect net/socket.c:2006 [inline]
__se_sys_connect net/socket.c:2003 [inline]
__x64_sys_connect+0x6f/0xb0 net/socket.c:2003
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{2:2} {
HARDIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1508
kernel_wait+0x9c/0x150 kernel/exit.c:1698
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
SOFTIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1508
kernel_wait+0x9c/0x150 kernel/exit.c:1698
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:326
copy_process+0x436c/0x6ff0 kernel/fork.c:2371
kernel_clone+0xe7/0xab0 kernel/fork.c:2642
kernel_thread+0xb5/0xf0 kernel/fork.c:2694
rest_init+0x23/0x270 init/main.c:691
arch_call_rest_init+0xf/0x14 init/main.c:882
start_kernel+0x46e/0x48f init/main.c:1137
secondary_startup_64_no_verify+0xce/0xdb
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1508
kernel_wait+0x9c/0x150 kernel/exit.c:1698
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
}
... key at: [<ffffffff8ba0a098>] tasklist_lock+0x18/0x40
... acquired at:
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
send_sigio+0xab/0x380 fs/fcntl.c:791
dnotify_handle_event+0x148/0x280 fs/notify/dnotify/dnotify.c:115
fsnotify_handle_inode_event.isra.0+0x22e/0x370 fs/notify/fsnotify.c:264
fsnotify_handle_event fs/notify/fsnotify.c:316 [inline]
send_to_group fs/notify/fsnotify.c:362 [inline]
fsnotify+0xec5/0x13a0 fs/notify/fsnotify.c:567
fsnotify_parent include/linux/fsnotify.h:80 [inline]
fsnotify_file include/linux/fsnotify.h:99 [inline]
fsnotify_access include/linux/fsnotify.h:309 [inline]
iterate_dir+0x5e2/0x6f0 fs/readdir.c:69
__do_sys_getdents fs/readdir.c:286 [inline]
__se_sys_getdents fs/readdir.c:271 [inline]
__x64_sys_getdents+0x13a/0x2b0 fs/readdir.c:271
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
stack backtrace:
CPU: 1 PID: 13065 Comm: syz-executor.0 Not tainted 5.18.0-syzkaller-10037-g7e284070abe5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_bad_irq_dependency kernel/locking/lockdep.c:2609 [inline]
check_irq_usage.cold+0x4c1/0x6b0 kernel/locking/lockdep.c:2848
check_prev_add kernel/locking/lockdep.c:3099 [inline]
check_prevs_add kernel/locking/lockdep.c:3214 [inline]
validate_chain kernel/locking/lockdep.c:3829 [inline]
__lock_acquire+0x2ade/0x56c0 kernel/locking/lockdep.c:5053
lock_acquire kernel/locking/lockdep.c:5665 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5630
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
send_sigio+0xab/0x380 fs/fcntl.c:791
dnotify_handle_event+0x148/0x280 fs/notify/dnotify/dnotify.c:115
fsnotify_handle_inode_event.isra.0+0x22e/0x370 fs/notify/fsnotify.c:264
fsnotify_handle_event fs/notify/fsnotify.c:316 [inline]
send_to_group fs/notify/fsnotify.c:362 [inline]
fsnotify+0xec5/0x13a0 fs/notify/fsnotify.c:567
fsnotify_parent include/linux/fsnotify.h:80 [inline]
fsnotify_file include/linux/fsnotify.h:99 [inline]
fsnotify_access include/linux/fsnotify.h:309 [inline]
iterate_dir+0x5e2/0x6f0 fs/readdir.c:69
__do_sys_getdents fs/readdir.c:286 [inline]
__se_sys_getdents fs/readdir.c:271 [inline]
__x64_sys_getdents+0x13a/0x2b0 fs/readdir.c:271
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7fa80d489109
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa80e649168 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
RAX: ffffffffffffffda RBX: 00007fa80d59bf60 RCX: 00007fa80d489109
RDX: 000000000000007e RSI: 00000000200000c0 RDI: 0000000000000005
RBP: 00007fa80d4e308d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa80dacfb1f R14: 00007fa80e649300 R15: 0000000000022000
</TASK>
| Manager | Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|
| ci-upstream-kasan-gce | 2022/05/27 11:24 | upstream | 7e284070abe5 | 116e7a7b | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-smack-root | 2022/05/26 23:15 | upstream | babf0bb978e3 | 3037caa9 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/26 11:32 | upstream | 7e062cda7d90 | 3037caa9 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/25 12:46 | upstream | fdaf9a5840ac | 647c0e27 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/24 01:22 | upstream | 1e57930e9f40 | e7f9308d | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-smack-root | 2022/05/23 02:04 | upstream | 4b0986a3613c | 7268fa62 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-smack-root | 2022/05/22 13:45 | upstream | eaea45fc0e7b | 7268fa62 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/22 12:29 | upstream | eaea45fc0e7b | 7268fa62 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-smack-root | 2022/05/22 10:14 | upstream | eaea45fc0e7b | 7268fa62 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/21 04:48 | upstream | 3b5e1590a267 | 7268fa62 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-smack-root | 2022/05/20 17:01 | upstream | 3d7285a335ed | bd37ad7e | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-smack-root | 2022/05/20 15:25 | upstream | 3d7285a335ed | cb1ac2e7 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/20 02:19 | upstream | b015dcd62b86 | cb1ac2e7 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-root | 2022/05/18 02:20 | upstream | 210e04ff7681 | 744a39e2 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-selinux-root | 2022/05/18 00:57 | upstream | 210e04ff7681 | 744a39e2 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/17 10:17 | upstream | 42226c989789 | 744a39e2 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-root | 2022/05/15 16:16 | upstream | bc403203d65a | 744a39e2 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-smack-root | 2022/05/15 15:02 | upstream | bc403203d65a | 744a39e2 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/12 00:24 | upstream | feb9c5e19e91 | beb0b407 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/09 01:25 | upstream | c5eb0a61238d | e60b1103 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/04 16:54 | upstream | 107c948d1d3e | dc9e5259 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/03 05:40 | upstream | 9050ba3a61a4 | 2df221f6 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/02 12:13 | upstream | 672c0c517342 | 2df221f6 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/02 02:57 | upstream | 672c0c517342 | 2df221f6 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/05/01 04:31 | upstream | 57ae8a492116 | 2df221f6 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/29 08:05 | upstream | 38d741cb70b3 | e9076525 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/28 21:10 | upstream | 259b897e5a79 | e9076525 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/26 20:20 | upstream | cf424ef014ac | 1fa34c1b | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/24 08:38 | upstream | 22da5264abf4 | 131df97d | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-smack-root | 2022/04/22 15:56 | upstream | d569e86915b7 | 131df97d | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-root | 2022/04/21 22:37 | upstream | 59f0c2447e25 | 2738b391 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-root | 2022/04/21 15:15 | upstream | b253435746d9 | 2738b391 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/20 06:13 | upstream | b7f73403a3e9 | 7d7bc738 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/19 21:59 | upstream | b7f73403a3e9 | c334415e | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/18 01:51 | upstream | b2d229d4ddb1 | 8bcc32a6 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/15 18:47 | upstream | 028192fea1de | 8bcc32a6 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/10 20:21 | upstream | 4ea3c6425269 | e22c3da3 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/10 07:06 | upstream | e1f700ebd6be | e22c3da3 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/10 05:26 | upstream | e1f700ebd6be | e22c3da3 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/05 10:00 | upstream | 312310928417 | 5915c2cb | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/02 16:14 | upstream | 88e6c0207623 | 79a2a8fc | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/04/02 01:33 | upstream | 8467b0ed6ce3 | 79a2a8fc | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/03/19 00:37 | upstream | 34e047aa16c0 | e2d91b1d | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/03/12 20:10 | upstream | aad611a868d1 | 9e8eaa75 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/03/08 20:52 | upstream | 92f90cc9fe0e | 9e8eaa75 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-qemu-upstream | 2022/03/07 23:02 | upstream | ea4424be1688 | 7bdd8b2c | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-smack-root | 2022/03/07 00:47 | upstream | ffb217a13a2e | 7bdd8b2c | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce | 2022/03/06 10:05 | upstream | dcde98da9970 | 7bdd8b2c | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-smack-root | 2022/03/05 13:46 | upstream | ac84e82f78cb | 45a13a73 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-selinux-root | 2022/03/05 11:35 | upstream | ac84e82f78cb | 45a13a73 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-root | 2022/03/04 22:41 | upstream | 07ebd38a0da2 | 45a13a73 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-root | 2021/11/11 11:45 | upstream | debe436e77c7 | 75b04091 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-kasan-gce-selinux-root | 2021/11/10 19:08 | upstream | 89d714ab6043 | 75b04091 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-linux-next-kasan-gce-root | 2022/04/27 22:21 | linux-next | f02ac5c95dfd | 8a1f1f07 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-linux-next-kasan-gce-root | 2022/04/01 06:10 | linux-next | e5071887cd22 | 68fc921a | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-linux-next-kasan-gce-root | 2022/03/25 13:58 | linux-next | fd4fbb998102 | 89bc8608 | .config | log | report | info | possible deadlock in snd_timer_notify | ||
| ci-upstream-linux-next-kasan-gce-root | 2022/02/17 02:53 | linux-next | ef6b35306dd8 | 2bea8a27 | .config | log | report | info | possible deadlock in snd_timer_notify |