[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 75.886237][ C0] [ 75.888597][ C0] ======================================================== [ 75.895805][ C0] WARNING: possible irq lock inversion dependency detected [ 75.903003][ C0] 5.9.0-rc5-next-20200918-syzkaller #0 Not tainted [ 75.909934][ C0] -------------------------------------------------------- [ 75.917134][ C0] swapper/0/0 just changed the state of lock: [ 75.923200][ C0] ffff88809a210908 (&group->lock){..-.}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 75.933117][ C0] but this lock took another, SOFTIRQ-READ-unsafe lock in the past: [ 75.941120][ C0] (&card->ctl_files_rwlock){.+.+}-{2:2} [ 75.941137][ C0] [ 75.941137][ C0] [ 75.941137][ C0] and interrupts could create inverse lock ordering between them. [ 75.941137][ C0] [ 75.961040][ C0] [ 75.961040][ C0] other info that might help us debug this: [ 75.969191][ C0] Possible interrupt unsafe locking scenario: [ 75.969191][ C0] [ 75.977497][ C0] CPU0 CPU1 [ 75.982850][ C0] ---- ---- [ 75.988204][ C0] lock(&card->ctl_files_rwlock); [ 75.993330][ C0] local_irq_disable(); [ 76.000091][ C0] lock(&group->lock); [ 76.006756][ C0] lock(&card->ctl_files_rwlock); [ 76.014374][ C0] [ 76.017819][ C0] lock(&group->lock); [ 76.022153][ C0] [ 76.022153][ C0] *** DEADLOCK *** [ 76.022153][ C0] [ 76.030380][ C0] 1 lock held by swapper/0/0: [ 76.035051][ C0] #0: ffffc90000007d80 ((&dpcm->timer)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0 [ 76.044349][ C0] [ 76.044349][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 76.053767][ C0] -> (&card->ctl_files_rwlock){.+.+}-{2:2} { [ 76.059870][ C0] HARDIRQ-ON-R at: [ 76.063951][ C0] lock_acquire+0x1f2/0xaa0 [ 76.070289][ C0] _raw_read_lock+0x5b/0x70 [ 76.076629][ C0] snd_ctl_notify.part.0+0x36/0x550 [ 76.083643][ C0] snd_ctl_notify+0x8f/0xb0 [ 76.089977][ C0] __snd_ctl_add_replace+0x638/0x800 [ 76.097101][ C0] snd_ctl_add_replace+0x76/0x130 [ 76.103955][ C0] snd_dummy_probe+0xc22/0x1180 [ 76.110614][ C0] platform_drv_probe+0x87/0x140 [ 76.117362][ C0] really_probe+0x282/0x9f0 [ 76.123696][ C0] driver_probe_device+0xfe/0x1d0 [ 76.130556][ C0] __device_attach_driver+0x1c2/0x220 [ 76.137738][ C0] bus_for_each_drv+0x15f/0x1e0 [ 76.144397][ C0] __device_attach+0x228/0x470 [ 76.151111][ C0] bus_probe_device+0x1e4/0x290 [ 76.157818][ C0] device_add+0xb17/0x1c40 [ 76.164309][ C0] platform_device_add+0x34f/0x6d0 [ 76.171401][ C0] platform_device_register_full+0x38c/0x4e0 [ 76.179227][ C0] alsa_card_dummy_init+0x1e0/0x309 [ 76.186256][ C0] do_one_initcall+0x103/0x6f0 [ 76.192831][ C0] kernel_init_freeable+0x652/0x6d6 [ 76.199859][ C0] kernel_init+0xd/0x1b8 [ 76.205933][ C0] ret_from_fork+0x1f/0x30 [ 76.212150][ C0] SOFTIRQ-ON-R at: [ 76.216229][ C0] lock_acquire+0x1f2/0xaa0 [ 76.222549][ C0] _raw_read_lock+0x5b/0x70 [ 76.228959][ C0] snd_ctl_notify.part.0+0x36/0x550 [ 76.235963][ C0] snd_ctl_notify+0x8f/0xb0 [ 76.242288][ C0] __snd_ctl_add_replace+0x638/0x800 [ 76.249379][ C0] snd_ctl_add_replace+0x76/0x130 [ 76.256209][ C0] snd_dummy_probe+0xc22/0x1180 [ 76.262886][ C0] platform_drv_probe+0x87/0x140 [ 76.269631][ C0] really_probe+0x282/0x9f0 [ 76.275949][ C0] driver_probe_device+0xfe/0x1d0 [ 76.282793][ C0] __device_attach_driver+0x1c2/0x220 [ 76.289977][ C0] bus_for_each_drv+0x15f/0x1e0 [ 76.296635][ C0] __device_attach+0x228/0x470 [ 76.303209][ C0] bus_probe_device+0x1e4/0x290 [ 76.309924][ C0] device_add+0xb17/0x1c40 [ 76.316156][ C0] platform_device_add+0x34f/0x6d0 [ 76.323363][ C0] platform_device_register_full+0x38c/0x4e0 [ 76.331292][ C0] alsa_card_dummy_init+0x1e0/0x309 [ 76.338321][ C0] do_one_initcall+0x103/0x6f0 [ 76.344920][ C0] kernel_init_freeable+0x652/0x6d6 [ 76.351946][ C0] kernel_init+0xd/0x1b8 [ 76.360863][ C0] ret_from_fork+0x1f/0x30 [ 76.367099][ C0] (null) at: [ 76.370623][ C0] ================================================================================ [ 76.379974][ C0] UBSAN: array-index-out-of-bounds in kernel/locking/lockdep.c:2240:40 [ 76.388455][ C0] index 9 is out of range for type 'lock_trace *[9]' [ 76.395146][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.9.0-rc5-next-20200918-syzkaller #0 [ 76.404235][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.414290][ C0] Call Trace: [ 76.417557][ C0] [ 76.420416][ C0] dump_stack+0x198/0x1fb [ 76.424751][ C0] ubsan_epilogue+0xb/0x5a [ 76.429184][ C0] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 76.435400][ C0] ? vprintk_func+0x95/0x1e0 [ 76.440001][ C0] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 76.446683][ C0] print_irq_inversion_bug.part.0+0x2c6/0x2ee [ 76.452851][ C0] mark_lock.cold+0x57/0x74 [ 76.457343][ C0] ? lock_chain_count+0x20/0x20 [ 76.462192][ C0] ? find_held_lock+0x2d/0x110 [ 76.467035][ C0] ? ktime_get+0x3e/0x140 [ 76.471378][ C0] ? lock_downgrade+0x830/0x830 [ 76.476236][ C0] ? find_held_lock+0x2d/0x110 [ 76.481001][ C0] __lock_acquire+0x118a/0x56d0 [ 76.485937][ C0] ? lock_chain_count+0x20/0x20 [ 76.490785][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 76.496756][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 76.501888][ C0] lock_acquire+0x1f2/0xaa0 [ 76.506388][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 76.512302][ C0] ? lock_release+0x890/0x890 [ 76.516979][ C0] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 76.523131][ C0] ? lockdep_hardirqs_on+0x53/0x100 [ 76.528328][ C0] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 76.534464][ C0] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 76.539848][ C0] _raw_spin_lock_irqsave+0x94/0xd0 [ 76.545050][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 76.550925][ C0] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 76.556630][ C0] snd_pcm_period_elapsed+0x24/0x250 [ 76.561901][ C0] loopback_jiffies_timer_function+0x1a8/0x220 [ 76.568041][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 76.574637][ C0] call_timer_fn+0x1a5/0x6b0 [ 76.579236][ C0] ? add_timer_on+0x4a0/0x4a0 [ 76.583903][ C0] ? lock_downgrade+0x830/0x830 [ 76.588769][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 76.593959][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 76.600461][ C0] __run_timers.part.0+0x67c/0xa50 [ 76.605571][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 76.610328][ C0] ? lapic_next_event+0x4d/0x80 [ 76.615178][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 76.620358][ C0] ? sched_clock+0x2a/0x40 [ 76.624768][ C0] ? sched_clock_cpu+0x18/0x1f0 [ 76.629618][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 76.634728][ C0] run_timer_softirq+0xb3/0x1d0 [ 76.639562][ C0] __do_softirq+0x203/0xab6 [ 76.644047][ C0] asm_call_on_stack+0xf/0x20 [ 76.648715][ C0] [ 76.651653][ C0] do_softirq_own_stack+0x9d/0xd0 [ 76.656674][ C0] irq_exit_rcu+0x235/0x280 [ 76.661189][ C0] sysvec_apic_timer_interrupt+0x51/0xf0 [ 76.666820][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 76.672780][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 76.678145][ C0] Code: 89 ef e8 a5 99 76 f9 e9 86 fe ff ff 48 89 df e8 98 99 76 f9 e9 7b ff ff ff cc cc cc e9 07 00 00 00 0f 00 2d c4 14 49 00 fb f4 90 e9 07 00 00 00 0f 00 2d b4 14 49 00 f4 c3 cc cc 55 53 e8 09 [ 76.697735][ C0] RSP: 0018:ffffffff8a007d48 EFLAGS: 00000293 [ 76.703803][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff171e639 [ 76.711776][ C0] RDX: ffffffff8a09ce40 RSI: ffffffff883fd4d3 RDI: 0000000000000000 [ 76.719783][ C0] RBP: ffff8880a62a2864 R08: 0000000000000001 R09: 0000000000000001 [ 76.728201][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 76.736167][ C0] R13: ffff8880a62a2800 R14: ffff8880a62a2864 R15: ffff888218621004 [ 76.744156][ C0] ? acpi_idle_do_entry+0x1e3/0x330 [ 76.749368][ C0] acpi_idle_do_entry+0x1e8/0x330 [ 76.754406][ C0] acpi_idle_enter+0x35a/0x550 [ 76.759164][ C0] cpuidle_enter_state+0x1ab/0xd20 [ 76.764287][ C0] cpuidle_enter+0x4a/0xa0 [ 76.768696][ C0] do_idle+0x48e/0x730 [ 76.772770][ C0] ? arch_cpu_idle_exit+0x70/0x70 [ 76.777789][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe [ 76.784036][ C0] cpu_startup_entry+0x14/0x20 [ 76.788788][ C0] start_kernel+0x490/0x4b1 [ 76.793369][ C0] secondary_startup_64_no_verify+0xa6/0xab [ 76.799257][ C0] ================================================================================ [ 76.808514][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 76.815082][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.9.0-rc5-next-20200918-syzkaller #0 [ 76.824169][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.834494][ C0] Call Trace: [ 76.837787][ C0] [ 76.840666][ C0] dump_stack+0x198/0x1fb [ 76.844990][ C0] panic+0x382/0x7fb [ 76.848873][ C0] ? __warn_printk+0xf3/0xf3 [ 76.853457][ C0] ? secondary_startup_64_no_verify+0xa6/0xab [ 76.859534][ C0] ? ubsan_epilogue+0x3e/0x5a [ 76.864208][ C0] ? ubsan_epilogue+0x35/0x5a [ 76.868866][ C0] ubsan_epilogue+0x54/0x5a [ 76.873373][ C0] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 76.879520][ C0] ? vprintk_func+0x95/0x1e0 [ 76.884110][ C0] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 76.890773][ C0] print_irq_inversion_bug.part.0+0x2c6/0x2ee [ 76.896851][ C0] mark_lock.cold+0x57/0x74 [ 76.901360][ C0] ? lock_chain_count+0x20/0x20 [ 76.906215][ C0] ? find_held_lock+0x2d/0x110 [ 76.910995][ C0] ? ktime_get+0x3e/0x140 [ 76.915412][ C0] ? lock_downgrade+0x830/0x830 [ 76.920261][ C0] ? find_held_lock+0x2d/0x110 [ 76.925004][ C0] __lock_acquire+0x118a/0x56d0 [ 76.929856][ C0] ? lock_chain_count+0x20/0x20 [ 76.934708][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 76.940676][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 76.945785][ C0] lock_acquire+0x1f2/0xaa0 [ 76.950304][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 76.956192][ C0] ? lock_release+0x890/0x890 [ 76.960850][ C0] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 76.967007][ C0] ? lockdep_hardirqs_on+0x53/0x100 [ 76.972205][ C0] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 76.978342][ C0] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 76.983731][ C0] _raw_spin_lock_irqsave+0x94/0xd0 [ 76.988918][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 76.994818][ C0] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 77.000534][ C0] snd_pcm_period_elapsed+0x24/0x250 [ 77.005819][ C0] loopback_jiffies_timer_function+0x1a8/0x220 [ 77.011970][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 77.018449][ C0] call_timer_fn+0x1a5/0x6b0 [ 77.023015][ C0] ? add_timer_on+0x4a0/0x4a0 [ 77.027696][ C0] ? lock_downgrade+0x830/0x830 [ 77.032530][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 77.037716][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 77.044198][ C0] __run_timers.part.0+0x67c/0xa50 [ 77.049311][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 77.054056][ C0] ? lapic_next_event+0x4d/0x80 [ 77.058908][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 77.064104][ C0] ? sched_clock+0x2a/0x40 [ 77.068504][ C0] ? sched_clock_cpu+0x18/0x1f0 [ 77.073337][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 77.078428][ C0] run_timer_softirq+0xb3/0x1d0 [ 77.083260][ C0] __do_softirq+0x203/0xab6 [ 77.087748][ C0] asm_call_on_stack+0xf/0x20 [ 77.092412][ C0] [ 77.095858][ C0] do_softirq_own_stack+0x9d/0xd0 [ 77.100862][ C0] irq_exit_rcu+0x235/0x280 [ 77.105397][ C0] sysvec_apic_timer_interrupt+0x51/0xf0 [ 77.111020][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 77.117103][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 77.122469][ C0] Code: 89 ef e8 a5 99 76 f9 e9 86 fe ff ff 48 89 df e8 98 99 76 f9 e9 7b ff ff ff cc cc cc e9 07 00 00 00 0f 00 2d c4 14 49 00 fb f4 90 e9 07 00 00 00 0f 00 2d b4 14 49 00 f4 c3 cc cc 55 53 e8 09 [ 77.142343][ C0] RSP: 0018:ffffffff8a007d48 EFLAGS: 00000293 [ 77.148430][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff171e639 [ 77.156502][ C0] RDX: ffffffff8a09ce40 RSI: ffffffff883fd4d3 RDI: 0000000000000000 [ 77.164503][ C0] RBP: ffff8880a62a2864 R08: 0000000000000001 R09: 0000000000000001 [ 77.172483][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 77.180582][ C0] R13: ffff8880a62a2800 R14: ffff8880a62a2864 R15: ffff888218621004 [ 77.188571][ C0] ? acpi_idle_do_entry+0x1e3/0x330 [ 77.193931][ C0] acpi_idle_do_entry+0x1e8/0x330 [ 77.198942][ C0] acpi_idle_enter+0x35a/0x550 [ 77.203710][ C0] cpuidle_enter_state+0x1ab/0xd20 [ 77.208835][ C0] cpuidle_enter+0x4a/0xa0 [ 77.213248][ C0] do_idle+0x48e/0x730 [ 77.217316][ C0] ? arch_cpu_idle_exit+0x70/0x70 [ 77.222959][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe [ 77.229207][ C0] cpu_startup_entry+0x14/0x20 [ 77.233970][ C0] start_kernel+0x490/0x4b1 [ 77.238471][ C0] secondary_startup_64_no_verify+0xa6/0xab [ 77.245472][ C0] Kernel Offset: disabled [ 77.249803][ C0] Rebooting in 86400 seconds..