syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [957] ≡ Subsystems 🐞 Fixed [4569] 🐞 Invalid [10546] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | possible deadlock in snd_timer_notify fs | 119 | 576d | 683d | 22/24 | fixed on 2021/11/10 00:50 |
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
5.19.0-syzkaller-02858-ge2b542100719 #0 Not tainted
-----------------------------------------------------
syz-executor.2/19041 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff8ba0a098 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xab/0x370 fs/fcntl.c:791
and this task is already holding:
ffff888071ae9530 (&f->f_owner.lock){...-}-{2:2}, at: send_sigio+0x24/0x370 fs/fcntl.c:777
which would create a new lock dependency:
(&f->f_owner.lock){...-}-{2:2} -> (tasklist_lock){.+.+}-{2:2}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&timer->lock){..-.}-{2:2}
... which became SOFTIRQ-irq-safe at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
snd_timer_notify sound/core/timer.c:1086 [inline]
snd_timer_notify+0x10c/0x3d0 sound/core/timer.c:1073
snd_pcm_timer_notify sound/core/pcm_native.c:608 [inline]
snd_pcm_post_stop+0x195/0x1f0 sound/core/pcm_native.c:1512
snd_pcm_action_single sound/core/pcm_native.c:1283 [inline]
snd_pcm_drain_done+0xdc/0x120 sound/core/pcm_native.c:1550
snd_pcm_update_state+0x43b/0x540 sound/core/pcm_lib.c:191
snd_pcm_update_hw_ptr0+0xa75/0x1a50 sound/core/pcm_lib.c:465
snd_pcm_period_elapsed_under_stream_lock+0x15a/0x230 sound/core/pcm_lib.c:1817
snd_pcm_period_elapsed+0x28/0x50 sound/core/pcm_lib.c:1849
loopback_jiffies_timer_function+0x1c4/0x240 sound/drivers/aloop.c:668
call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers.part.0+0x679/0xa80 kernel/time/timer.c:1790
__run_timers kernel/time/timer.c:1768 [inline]
run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
__do_softirq+0x29b/0x9c2 kernel/softirq.c:571
invoke_softirq kernel/softirq.c:445 [inline]
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
kasan_check_range+0xe/0x180 mm/kasan/generic.c:188
instrument_atomic_read include/linux/instrumented.h:71 [inline]
test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
folio_test_swapcache include/linux/page-flags.h:563 [inline]
folio_mapping+0x125/0x220 mm/util.c:803
__folio_cancel_dirty+0x1e/0x3d0 mm/page-writeback.c:2791
folio_cancel_dirty include/linux/pagemap.h:1068 [inline]
truncate_cleanup_folio+0x203/0x3b0 mm/truncate.c:186
truncate_inode_folio+0x40/0x70 mm/truncate.c:195
shmem_undo_range+0x3fa/0x1560 mm/shmem.c:952
shmem_truncate_range mm/shmem.c:1044 [inline]
shmem_evict_inode+0x3c6/0xc20 mm/shmem.c:1133
evict+0x2ed/0x6b0 fs/inode.c:664
iput_final fs/inode.c:1744 [inline]
iput.part.0+0x562/0x820 fs/inode.c:1770
iput+0x58/0x70 fs/inode.c:1760
do_unlinkat+0x41b/0x650 fs/namei.c:4267
__do_sys_unlink fs/namei.c:4308 [inline]
__se_sys_unlink fs/namei.c:4306 [inline]
__x64_sys_unlink+0xc6/0x110 fs/namei.c:4306
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
to a SOFTIRQ-irq-unsafe lock:
(tasklist_lock){.+.+}-{2:2}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1508
kernel_wait+0x9c/0x150 kernel/exit.c:1698
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
other info that might help us debug this:
Chain exists of:
&timer->lock --> &f->f_owner.lock --> tasklist_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(tasklist_lock);
local_irq_disable();
lock(&timer->lock);
lock(&f->f_owner.lock);
<Interrupt>
lock(&timer->lock);
*** DEADLOCK ***
7 locks held by syz-executor.2/19041:
#0: ffff8880433d0468 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_lock_nested fs/pipe.c:82 [inline]
#0: ffff8880433d0468 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_lock+0x5a/0x70 fs/pipe.c:90
#1: ffff8880281ac0f0 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1677 [inline]
#1: ffff8880281ac0f0 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_splice_read+0x108/0x8b0 net/ipv4/tcp.c:788
#2: ffffffff8bd87300 (rcu_read_lock){....}-{1:2}, at: sock_def_readable+0x0/0x4e0 net/core/sock.c:2234
#3: ffffffff8bd87300 (rcu_read_lock){....}-{1:2}, at: rcu_read_unlock include/linux/rcupdate.h:735 [inline]
#3: ffffffff8bd87300 (rcu_read_lock){....}-{1:2}, at: sock_def_readable+0x2aa/0x4e0 net/core/sock.c:3220
#4: ffffffff8bd87300 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x41/0x470 fs/fcntl.c:1014
#5: ffff88801fd0d558 (&new->fa_lock){....}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:995 [inline]
#5: ffff88801fd0d558 (&new->fa_lock){....}-{2:2}, at: kill_fasync fs/fcntl.c:1016 [inline]
#5: ffff88801fd0d558 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x136/0x470 fs/fcntl.c:1009
#6: ffff888071ae9530 (&f->f_owner.lock){...-}-{2:2}, at: send_sigio+0x24/0x370 fs/fcntl.c:777
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&timer->lock){..-.}-{2:2} {
IN-SOFTIRQ-W at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
snd_timer_notify sound/core/timer.c:1086 [inline]
snd_timer_notify+0x10c/0x3d0 sound/core/timer.c:1073
snd_pcm_timer_notify sound/core/pcm_native.c:608 [inline]
snd_pcm_post_stop+0x195/0x1f0 sound/core/pcm_native.c:1512
snd_pcm_action_single sound/core/pcm_native.c:1283 [inline]
snd_pcm_drain_done+0xdc/0x120 sound/core/pcm_native.c:1550
snd_pcm_update_state+0x43b/0x540 sound/core/pcm_lib.c:191
snd_pcm_update_hw_ptr0+0xa75/0x1a50 sound/core/pcm_lib.c:465
snd_pcm_period_elapsed_under_stream_lock+0x15a/0x230 sound/core/pcm_lib.c:1817
snd_pcm_period_elapsed+0x28/0x50 sound/core/pcm_lib.c:1849
loopback_jiffies_timer_function+0x1c4/0x240 sound/drivers/aloop.c:668
call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers.part.0+0x679/0xa80 kernel/time/timer.c:1790
__run_timers kernel/time/timer.c:1768 [inline]
run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
__do_softirq+0x29b/0x9c2 kernel/softirq.c:571
invoke_softirq kernel/softirq.c:445 [inline]
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
kasan_check_range+0xe/0x180 mm/kasan/generic.c:188
instrument_atomic_read include/linux/instrumented.h:71 [inline]
test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
folio_test_swapcache include/linux/page-flags.h:563 [inline]
folio_mapping+0x125/0x220 mm/util.c:803
__folio_cancel_dirty+0x1e/0x3d0 mm/page-writeback.c:2791
folio_cancel_dirty include/linux/pagemap.h:1068 [inline]
truncate_cleanup_folio+0x203/0x3b0 mm/truncate.c:186
truncate_inode_folio+0x40/0x70 mm/truncate.c:195
shmem_undo_range+0x3fa/0x1560 mm/shmem.c:952
shmem_truncate_range mm/shmem.c:1044 [inline]
shmem_evict_inode+0x3c6/0xc20 mm/shmem.c:1133
evict+0x2ed/0x6b0 fs/inode.c:664
iput_final fs/inode.c:1744 [inline]
iput.part.0+0x562/0x820 fs/inode.c:1770
iput+0x58/0x70 fs/inode.c:1760
do_unlinkat+0x41b/0x650 fs/namei.c:4267
__do_sys_unlink fs/namei.c:4308 [inline]
__se_sys_unlink fs/namei.c:4306 [inline]
__x64_sys_unlink+0xc6/0x110 fs/namei.c:4306
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
snd_timer_notify sound/core/timer.c:1086 [inline]
snd_timer_notify+0x10c/0x3d0 sound/core/timer.c:1073
snd_pcm_timer_notify sound/core/pcm_native.c:608 [inline]
snd_pcm_post_start+0x24a/0x310 sound/core/pcm_native.c:1451
snd_pcm_action_single+0xf4/0x130 sound/core/pcm_native.c:1283
snd_pcm_action+0x6e/0x90 sound/core/pcm_native.c:1364
__snd_pcm_lib_xfer+0x179c/0x1e10 sound/core/pcm_lib.c:2238
snd_pcm_oss_read3+0x1c4/0x400 sound/core/oss/pcm_oss.c:1292
io_capture_transfer+0x27e/0x330 sound/core/oss/io.c:73
snd_pcm_plug_read_transfer+0x1a4/0x2e0 sound/core/oss/pcm_plugin.c:663
snd_pcm_oss_read2+0x1db/0x3f0 sound/core/oss/pcm_oss.c:1493
snd_pcm_oss_read1 sound/core/oss/pcm_oss.c:1550 [inline]
snd_pcm_oss_read+0x620/0x7a0 sound/core/oss/pcm_oss.c:2788
vfs_read+0x1ef/0x5d0 fs/read_write.c:480
ksys_read+0x127/0x250 fs/read_write.c:620
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
}
... key at: [<ffffffff912cfbc0>] __key.10+0x0/0x40
-> (&new->fa_lock){....}-{2:2} {
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:326
fasync_remove_entry+0xb6/0x1e0 fs/fcntl.c:872
fasync_helper+0x9e/0xb0 fs/fcntl.c:975
__fput+0x834/0x9d0 fs/file_table.c:314
task_work_run+0xdd/0x1a0 kernel/task_work.c:177
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop kernel/entry/common.c:169 [inline]
exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:201
__syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:995 [inline]
kill_fasync fs/fcntl.c:1016 [inline]
kill_fasync+0x136/0x470 fs/fcntl.c:1009
snd_timer_user_ccallback+0x298/0x330 sound/core/timer.c:1386
snd_timer_notify1+0x11c/0x3b0 sound/core/timer.c:516
snd_timer_start1+0x4d4/0x800 sound/core/timer.c:578
snd_timer_start sound/core/timer.c:696 [inline]
snd_timer_start sound/core/timer.c:689 [inline]
snd_timer_user_start.isra.0+0x1e3/0x260 sound/core/timer.c:1984
__snd_timer_user_ioctl.isra.0+0xda4/0x2490 sound/core/timer.c:2107
snd_timer_user_ioctl+0x77/0xb0 sound/core/timer.c:2128
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
}
... key at: [<ffffffff90fd56e0>] __key.0+0x0/0x40
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
kill_fasync_rcu fs/fcntl.c:995 [inline]
kill_fasync fs/fcntl.c:1016 [inline]
kill_fasync+0x136/0x470 fs/fcntl.c:1009
snd_timer_user_ccallback+0x298/0x330 sound/core/timer.c:1386
snd_timer_notify1+0x11c/0x3b0 sound/core/timer.c:516
snd_timer_start1+0x4d4/0x800 sound/core/timer.c:578
snd_timer_start sound/core/timer.c:696 [inline]
snd_timer_start sound/core/timer.c:689 [inline]
snd_timer_user_start.isra.0+0x1e3/0x260 sound/core/timer.c:1984
__snd_timer_user_ioctl.isra.0+0xda4/0x2490 sound/core/timer.c:2107
snd_timer_user_ioctl+0x77/0xb0 sound/core/timer.c:2128
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
-> (&f->f_owner.lock){...-}-{2:2} {
IN-SOFTIRQ-R at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x45/0x90 kernel/locking/spinlock.c:236
send_sigurg+0x1e/0xae0 fs/fcntl.c:816
sk_send_sigurg+0x76/0x310 net/core/sock.c:3275
tcp_check_urg net/ipv4/tcp_input.c:5604 [inline]
tcp_urg+0x38e/0xb40 net/ipv4/tcp_input.c:5645
tcp_rcv_established+0x81d/0x20e0 net/ipv4/tcp_input.c:5992
tcp_v6_do_rcv+0x810/0x13c0 net/ipv6/tcp_ipv6.c:1476
tcp_v6_rcv+0x2d9b/0x37f0 net/ipv6/tcp_ipv6.c:1735
ip6_protocol_deliver_rcu+0x2f4/0x1950 net/ipv6/ip6_input.c:439
ip6_input_finish+0x14c/0x2c0 net/ipv6/ip6_input.c:484
NF_HOOK include/linux/netfilter.h:307 [inline]
NF_HOOK include/linux/netfilter.h:301 [inline]
ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:493
dst_input include/net/dst.h:461 [inline]
ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]
NF_HOOK include/linux/netfilter.h:307 [inline]
NF_HOOK include/linux/netfilter.h:301 [inline]
ipv6_rcv+0x24c/0x380 net/ipv6/ip6_input.c:309
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5484
__netif_receive_skb+0x24/0x1b0 net/core/dev.c:5598
process_backlog+0x3a0/0x7c0 net/core/dev.c:5926
__napi_poll+0xb3/0x6e0 net/core/dev.c:6492
napi_poll net/core/dev.c:6559 [inline]
net_rx_action+0x9c1/0xd90 net/core/dev.c:6670
__do_softirq+0x29b/0x9c2 kernel/softirq.c:571
do_softirq.part.0+0xde/0x130 kernel/softirq.c:472
do_softirq kernel/softirq.c:464 [inline]
__local_bh_enable_ip+0x102/0x120 kernel/softirq.c:396
sk_stream_wait_memory+0x608/0xed0 net/core/stream.c:145
tcp_sendmsg_locked+0x94b/0x3180 net/ipv4/tcp.c:1422
tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1460
inet6_sendmsg+0x99/0xe0 net/ipv6/af_inet6.c:652
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:734
__sys_sendto+0x236/0x340 net/socket.c:2120
__do_sys_sendto net/socket.c:2132 [inline]
__se_sys_sendto net/socket.c:2128 [inline]
__x64_sys_sendto+0xdd/0x1b0 net/socket.c:2128
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:326
f_modown+0x2a/0x390 fs/fcntl.c:90
__f_setown fs/fcntl.c:109 [inline]
f_setown+0xd7/0x230 fs/fcntl.c:137
do_fcntl+0x6f1/0x1040 fs/fcntl.c:376
__do_sys_fcntl fs/fcntl.c:453 [inline]
__se_sys_fcntl fs/fcntl.c:438 [inline]
__x64_sys_fcntl+0x15f/0x1d0 fs/fcntl.c:438
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_read_lock_irq include/linux/rwlock_api_smp.h:169 [inline]
_raw_read_lock_irq+0x63/0x80 kernel/locking/spinlock.c:244
f_getown+0x23/0x2a0 fs/fcntl.c:153
do_fcntl+0xbc4/0x1040 fs/fcntl.c:372
__do_sys_fcntl fs/fcntl.c:453 [inline]
__se_sys_fcntl fs/fcntl.c:438 [inline]
__x64_sys_fcntl+0x15f/0x1d0 fs/fcntl.c:438
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
}
... key at: [<ffffffff90fd4900>] __key.5+0x0/0x40
... acquired at:
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236
send_sigio+0x24/0x370 fs/fcntl.c:777
kill_fasync_rcu fs/fcntl.c:1002 [inline]
kill_fasync fs/fcntl.c:1016 [inline]
kill_fasync+0x1f8/0x470 fs/fcntl.c:1009
snd_timer_user_ccallback+0x298/0x330 sound/core/timer.c:1386
snd_timer_notify1+0x11c/0x3b0 sound/core/timer.c:516
snd_timer_start1+0x4d4/0x800 sound/core/timer.c:578
snd_timer_start sound/core/timer.c:696 [inline]
snd_timer_start sound/core/timer.c:689 [inline]
snd_timer_user_start.isra.0+0x1e3/0x260 sound/core/timer.c:1984
__snd_timer_user_ioctl.isra.0+0xda4/0x2490 sound/core/timer.c:2107
snd_timer_user_ioctl+0x77/0xb0 sound/core/timer.c:2128
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (tasklist_lock){.+.+}-{2:2} {
HARDIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1508
kernel_wait+0x9c/0x150 kernel/exit.c:1698
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
SOFTIRQ-ON-R at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1508
kernel_wait+0x9c/0x150 kernel/exit.c:1698
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
INITIAL USE at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:326
copy_process+0x449d/0x70a0 kernel/fork.c:2378
kernel_clone+0xe7/0xab0 kernel/fork.c:2659
user_mode_thread+0xad/0xe0 kernel/fork.c:2728
rest_init+0x23/0x270 init/main.c:692
arch_call_rest_init+0xf/0x14 init/main.c:883
start_kernel+0x46e/0x48f init/main.c:1138
secondary_startup_64_no_verify+0xce/0xdb
INITIAL READ USE at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
do_wait+0x284/0xce0 kernel/exit.c:1508
kernel_wait+0x9c/0x150 kernel/exit.c:1698
call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
}
... key at: [<ffffffff8ba0a098>] tasklist_lock+0x18/0x40
... acquired at:
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
send_sigio+0xab/0x370 fs/fcntl.c:791
kill_fasync_rcu fs/fcntl.c:1002 [inline]
kill_fasync fs/fcntl.c:1016 [inline]
kill_fasync+0x1f8/0x470 fs/fcntl.c:1009
sock_wake_async+0xd2/0x160 net/socket.c:1419
sk_wake_async include/net/sock.h:2466 [inline]
sk_wake_async include/net/sock.h:2462 [inline]
sock_def_readable+0x349/0x4e0 net/core/sock.c:3219
tcp_data_ready+0x106/0x520 net/ipv4/tcp_input.c:4993
tcp_data_queue+0x1bb2/0x4c60 net/ipv4/tcp_input.c:5067
tcp_rcv_established+0x82f/0x20e0 net/ipv4/tcp_input.c:5995
tcp_v6_do_rcv+0x810/0x13c0 net/ipv6/tcp_ipv6.c:1476
sk_backlog_rcv include/net/sock.h:1047 [inline]
__release_sock+0x134/0x3b0 net/core/sock.c:2849
release_sock+0x54/0x1b0 net/core/sock.c:3404
tcp_splice_read+0x508/0x8b0 net/ipv4/tcp.c:836
sock_splice_read+0xb6/0x120 net/socket.c:1066
do_splice_to+0x1b9/0x240 fs/splice.c:796
splice_file_to_pipe+0x100/0x120 fs/splice.c:1018
do_splice+0x1549/0x1920 fs/splice.c:1104
__do_splice+0x134/0x250 fs/splice.c:1144
__do_sys_splice fs/splice.c:1350 [inline]
__se_sys_splice fs/splice.c:1332 [inline]
__x64_sys_splice+0x198/0x250 fs/splice.c:1332
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
stack backtrace:
CPU: 0 PID: 19041 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-02858-ge2b542100719 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_bad_irq_dependency kernel/locking/lockdep.c:2609 [inline]
check_irq_usage.cold+0x4c1/0x6b0 kernel/locking/lockdep.c:2848
check_prev_add kernel/locking/lockdep.c:3099 [inline]
check_prevs_add kernel/locking/lockdep.c:3214 [inline]
validate_chain kernel/locking/lockdep.c:3829 [inline]
__lock_acquire+0x2ad2/0x5660 kernel/locking/lockdep.c:5053
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228
send_sigio+0xab/0x370 fs/fcntl.c:791
kill_fasync_rcu fs/fcntl.c:1002 [inline]
kill_fasync fs/fcntl.c:1016 [inline]
kill_fasync+0x1f8/0x470 fs/fcntl.c:1009
sock_wake_async+0xd2/0x160 net/socket.c:1419
sk_wake_async include/net/sock.h:2466 [inline]
sk_wake_async include/net/sock.h:2462 [inline]
sock_def_readable+0x349/0x4e0 net/core/sock.c:3219
tcp_data_ready+0x106/0x520 net/ipv4/tcp_input.c:4993
tcp_data_queue+0x1bb2/0x4c60 net/ipv4/tcp_input.c:5067
tcp_rcv_established+0x82f/0x20e0 net/ipv4/tcp_input.c:5995
tcp_v6_do_rcv+0x810/0x13c0 net/ipv6/tcp_ipv6.c:1476
sk_backlog_rcv include/net/sock.h:1047 [inline]
__release_sock+0x134/0x3b0 net/core/sock.c:2849
release_sock+0x54/0x1b0 net/core/sock.c:3404
tcp_splice_read+0x508/0x8b0 net/ipv4/tcp.c:836
sock_splice_read+0xb6/0x120 net/socket.c:1066
do_splice_to+0x1b9/0x240 fs/splice.c:796
splice_file_to_pipe+0x100/0x120 fs/splice.c:1018
do_splice+0x1549/0x1920 fs/splice.c:1104
__do_splice+0x134/0x250 fs/splice.c:1144
__do_sys_splice fs/splice.c:1350 [inline]
__se_sys_splice fs/splice.c:1332 [inline]
__x64_sys_splice+0x198/0x250 fs/splice.c:1332
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f63b7689209
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f63b8708168 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 00007f63b779c030 RCX: 00007f63b7689209
RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007f63b76e3161 R08: 000800000406f40a R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f63b7ccfb1f R14: 00007f63b8708300 R15: 0000000000022000
</TASK>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2022/08/03 17:25 | upstream | e2b542100719 | 1c9013ac | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/07/30 18:24 | upstream | 620725263f42 | fef302b1 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/07/30 06:00 | upstream | e65c6a46df94 | fef302b1 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/07/13 07:55 | upstream | b047602d579b | 5d921b08 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in snd_timer_notify | |||
| 2022/07/12 01:06 | upstream | 5a29232d870d | da3d6955 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in snd_timer_notify | |||
| 2022/07/10 22:02 | upstream | d9919d43cbf6 | b5765a15 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in snd_timer_notify | |||
| 2022/07/08 13:06 | upstream | e8a4e1c1bb69 | 8442e655 | .config | console log | report | info | ci-qemu-upstream | possible deadlock in snd_timer_notify | |||
| 2022/07/06 18:34 | upstream | 9f09069cde34 | bff65f44 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/07/04 20:06 | upstream | c1084b6c5620 | bff65f44 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in snd_timer_notify | |||
| 2022/07/04 16:00 | upstream | 88084a3df167 | bff65f44 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in snd_timer_notify | |||
| 2022/07/04 03:53 | upstream | 88084a3df167 | 1434eec0 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in snd_timer_notify | |||
| 2022/07/03 14:32 | upstream | 69cb6c6556ad | 1434eec0 | .config | console log | report | info | ci-upstream-kasan-gce-root | possible deadlock in snd_timer_notify | |||
| 2022/07/03 02:56 | upstream | 34074da5424c | 1434eec0 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in snd_timer_notify | |||
| 2022/06/21 23:56 | upstream | ca1fdab7fd27 | 0fc5c330 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/06/20 16:57 | upstream | 78ca55889a54 | 8d15e28d | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/06/16 23:28 | upstream | 48a23ec6ff2b | 1719ee24 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/06/14 21:15 | upstream | 24625f7d91fb | 127d1faf | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/06/12 02:13 | upstream | 7a68065eb9cd | 0d5abf15 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/06/10 02:44 | upstream | 874c8ca1e60b | 0d5abf15 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/31 08:16 | upstream | 8ab2afa23bd1 | af70c3a9 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/28 14:16 | upstream | 9d004b2f4fea | a46af346 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/27 11:24 | upstream | 7e284070abe5 | 116e7a7b | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/26 23:15 | upstream | babf0bb978e3 | 3037caa9 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in snd_timer_notify | |||
| 2022/05/26 11:32 | upstream | 7e062cda7d90 | 3037caa9 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/25 12:46 | upstream | fdaf9a5840ac | 647c0e27 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/24 01:22 | upstream | 1e57930e9f40 | e7f9308d | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/23 02:04 | upstream | 4b0986a3613c | 7268fa62 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in snd_timer_notify | |||
| 2022/05/22 13:45 | upstream | eaea45fc0e7b | 7268fa62 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in snd_timer_notify | |||
| 2022/05/22 12:29 | upstream | eaea45fc0e7b | 7268fa62 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/22 10:14 | upstream | eaea45fc0e7b | 7268fa62 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in snd_timer_notify | |||
| 2022/05/21 04:48 | upstream | 3b5e1590a267 | 7268fa62 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/20 17:01 | upstream | 3d7285a335ed | bd37ad7e | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in snd_timer_notify | |||
| 2022/05/20 15:25 | upstream | 3d7285a335ed | cb1ac2e7 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in snd_timer_notify | |||
| 2022/05/20 02:19 | upstream | b015dcd62b86 | cb1ac2e7 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/18 02:20 | upstream | 210e04ff7681 | 744a39e2 | .config | console log | report | info | ci-upstream-kasan-gce-root | possible deadlock in snd_timer_notify | |||
| 2022/05/18 00:57 | upstream | 210e04ff7681 | 744a39e2 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in snd_timer_notify | |||
| 2022/05/17 10:17 | upstream | 42226c989789 | 744a39e2 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/15 16:16 | upstream | bc403203d65a | 744a39e2 | .config | console log | report | info | ci-upstream-kasan-gce-root | possible deadlock in snd_timer_notify | |||
| 2022/05/15 15:02 | upstream | bc403203d65a | 744a39e2 | .config | console log | report | info | ci-upstream-kasan-gce-smack-root | possible deadlock in snd_timer_notify | |||
| 2022/05/12 00:24 | upstream | feb9c5e19e91 | beb0b407 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/09 01:25 | upstream | c5eb0a61238d | e60b1103 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/04 16:54 | upstream | 107c948d1d3e | dc9e5259 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/03 05:40 | upstream | 9050ba3a61a4 | 2df221f6 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/02 12:13 | upstream | 672c0c517342 | 2df221f6 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/02 02:57 | upstream | 672c0c517342 | 2df221f6 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2022/05/01 04:31 | upstream | 57ae8a492116 | 2df221f6 | .config | console log | report | info | ci-upstream-kasan-gce | possible deadlock in snd_timer_notify | |||
| 2021/11/11 11:45 | upstream | debe436e77c7 | 75b04091 | .config | console log | report | info | ci-upstream-kasan-gce-root | possible deadlock in snd_timer_notify | |||
| 2021/11/10 19:08 | upstream | 89d714ab6043 | 75b04091 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | possible deadlock in snd_timer_notify | |||
| 2022/07/13 12:18 | linux-next | cb71b93c2dc3 | 5d921b08 | .config | console log | report | info | ci-upstream-linux-next-kasan-gce-root | possible deadlock in snd_timer_notify |