Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 63.705291][ C0] [ 63.707625][ C0] ======================================================== [ 63.714786][ C0] WARNING: possible irq lock inversion dependency detected [ 63.721965][ C0] 5.9.0-rc5-next-20200918-syzkaller #0 Not tainted [ 63.728447][ C0] -------------------------------------------------------- [ 63.735631][ C0] systemd-rfkill/6881 just changed the state of lock: [ 63.742361][ C0] ffff88809a23a908 (&group->lock){..-.}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 63.752273][ C0] but this lock took another, SOFTIRQ-READ-unsafe lock in the past: [ 63.760215][ C0] (&card->ctl_files_rwlock){.+.+}-{2:2} [ 63.760228][ C0] [ 63.760228][ C0] [ 63.760228][ C0] and interrupts could create inverse lock ordering between them. [ 63.760228][ C0] [ 63.781276][ C0] [ 63.781276][ C0] other info that might help us debug this: [ 63.789326][ C0] Possible interrupt unsafe locking scenario: [ 63.789326][ C0] [ 63.797629][ C0] CPU0 CPU1 [ 63.803086][ C0] ---- ---- [ 63.808436][ C0] lock(&card->ctl_files_rwlock); [ 63.813518][ C0] local_irq_disable(); [ 63.820242][ C0] lock(&group->lock); [ 63.826886][ C0] lock(&card->ctl_files_rwlock); [ 63.834495][ C0] [ 63.837917][ C0] lock(&group->lock); [ 63.842227][ C0] [ 63.842227][ C0] *** DEADLOCK *** [ 63.842227][ C0] [ 63.850346][ C0] 2 locks held by systemd-rfkill/6881: [ 63.855769][ C0] #0: ffff8880905ac4f8 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0xa75/0x2b20 [ 63.865824][ C0] #1: ffffc90000007d80 ((&dpcm->timer)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0 [ 63.875088][ C0] [ 63.875088][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 63.884435][ C0] -> (&card->ctl_files_rwlock){.+.+}-{2:2} { [ 63.890484][ C0] HARDIRQ-ON-R at: [ 63.894544][ C0] lock_acquire+0x1f2/0xaa0 [ 63.900847][ C0] _raw_read_lock+0x5b/0x70 [ 63.907154][ C0] snd_ctl_notify.part.0+0x36/0x550 [ 63.914147][ C0] snd_ctl_notify+0x8f/0xb0 [ 63.920444][ C0] __snd_ctl_add_replace+0x638/0x800 [ 63.927529][ C0] snd_ctl_add_replace+0x76/0x130 [ 63.934356][ C0] snd_dummy_probe+0xc22/0x1180 [ 63.941000][ C0] platform_drv_probe+0x87/0x140 [ 63.947731][ C0] really_probe+0x282/0x9f0 [ 63.954036][ C0] driver_probe_device+0xfe/0x1d0 [ 63.960853][ C0] __device_attach_driver+0x1c2/0x220 [ 63.968051][ C0] bus_for_each_drv+0x15f/0x1e0 [ 63.974693][ C0] __device_attach+0x228/0x470 [ 63.981256][ C0] bus_probe_device+0x1e4/0x290 [ 63.987903][ C0] device_add+0xb17/0x1c40 [ 63.994113][ C0] platform_device_add+0x34f/0x6d0 [ 64.001037][ C0] platform_device_register_full+0x38c/0x4e0 [ 64.008810][ C0] alsa_card_dummy_init+0x1e0/0x309 [ 64.015826][ C0] do_one_initcall+0x103/0x6f0 [ 64.022384][ C0] kernel_init_freeable+0x652/0x6d6 [ 64.029375][ C0] kernel_init+0xd/0x1b8 [ 64.035412][ C0] ret_from_fork+0x1f/0x30 [ 64.041615][ C0] SOFTIRQ-ON-R at: [ 64.045661][ C0] lock_acquire+0x1f2/0xaa0 [ 64.051957][ C0] _raw_read_lock+0x5b/0x70 [ 64.058274][ C0] snd_ctl_notify.part.0+0x36/0x550 [ 64.065283][ C0] snd_ctl_notify+0x8f/0xb0 [ 64.071580][ C0] __snd_ctl_add_replace+0x638/0x800 [ 64.078660][ C0] snd_ctl_add_replace+0x76/0x130 [ 64.085481][ C0] snd_dummy_probe+0xc22/0x1180 [ 64.092124][ C0] platform_drv_probe+0x87/0x140 [ 64.098855][ C0] really_probe+0x282/0x9f0 [ 64.105161][ C0] driver_probe_device+0xfe/0x1d0 [ 64.111980][ C0] __device_attach_driver+0x1c2/0x220 [ 64.119147][ C0] bus_for_each_drv+0x15f/0x1e0 [ 64.125803][ C0] __device_attach+0x228/0x470 [ 64.132368][ C0] bus_probe_device+0x1e4/0x290 [ 64.139011][ C0] device_add+0xb17/0x1c40 [ 64.145233][ C0] platform_device_add+0x34f/0x6d0 [ 64.152136][ C0] platform_device_register_full+0x38c/0x4e0 [ 64.159908][ C0] alsa_card_dummy_init+0x1e0/0x309 [ 64.166900][ C0] do_one_initcall+0x103/0x6f0 [ 64.173456][ C0] kernel_init_freeable+0x652/0x6d6 [ 64.180458][ C0] kernel_init+0xd/0x1b8 [ 64.186497][ C0] ret_from_fork+0x1f/0x30 [ 64.192716][ C0] (null) at: [ 64.196244][ C0] ================================================================================ [ 64.205490][ C0] UBSAN: array-index-out-of-bounds in kernel/locking/lockdep.c:2240:40 [ 64.213702][ C0] index 9 is out of range for type 'lock_trace *[9]' [ 64.220356][ C0] CPU: 0 PID: 6881 Comm: systemd-rfkill Not tainted 5.9.0-rc5-next-20200918-syzkaller #0 [ 64.230122][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.240146][ C0] Call Trace: [ 64.243413][ C0] [ 64.246240][ C0] dump_stack+0x198/0x1fb [ 64.250552][ C0] ubsan_epilogue+0xb/0x5a [ 64.254939][ C0] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 64.261064][ C0] ? vprintk_func+0x95/0x1e0 [ 64.265642][ C0] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 64.272288][ C0] print_irq_inversion_bug.part.0+0x2c6/0x2ee [ 64.278341][ C0] mark_lock.cold+0x57/0x74 [ 64.282818][ C0] ? lock_chain_count+0x20/0x20 [ 64.287642][ C0] ? lock_is_held_type+0xbb/0xf0 [ 64.292547][ C0] ? find_held_lock+0x2d/0x110 [ 64.297297][ C0] ? debug_object_activate+0x287/0x3e0 [ 64.302761][ C0] ? lock_downgrade+0x830/0x830 [ 64.307588][ C0] __lock_acquire+0x118a/0x56d0 [ 64.312417][ C0] ? lock_downgrade+0x830/0x830 [ 64.317240][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 64.323189][ C0] ? mark_lock+0xf7/0x2420 [ 64.327579][ C0] lock_acquire+0x1f2/0xaa0 [ 64.332068][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 64.337945][ C0] ? lock_release+0x890/0x890 [ 64.342590][ C0] ? find_held_lock+0x2d/0x110 [ 64.347326][ C0] ? loopback_jiffies_timer_function+0x188/0x220 [ 64.353635][ C0] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 64.358978][ C0] _raw_spin_lock_irqsave+0x94/0xd0 [ 64.364149][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 64.370013][ C0] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 64.375706][ C0] snd_pcm_period_elapsed+0x24/0x250 [ 64.380964][ C0] loopback_jiffies_timer_function+0x1a8/0x220 [ 64.387102][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 64.393570][ C0] call_timer_fn+0x1a5/0x6b0 [ 64.398163][ C0] ? add_timer_on+0x4a0/0x4a0 [ 64.402847][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 64.408018][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 64.414488][ C0] __run_timers.part.0+0x67c/0xa50 [ 64.419583][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 64.424318][ C0] ? lapic_next_event+0x4d/0x80 [ 64.429157][ C0] ? mark_held_locks+0x9f/0xe0 [ 64.433890][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 64.439024][ C0] run_timer_softirq+0xb3/0x1d0 [ 64.443848][ C0] __do_softirq+0x203/0xab6 [ 64.448326][ C0] asm_call_on_stack+0xf/0x20 [ 64.452969][ C0] [ 64.455887][ C0] do_softirq_own_stack+0x9d/0xd0 [ 64.460895][ C0] irq_exit_rcu+0x235/0x280 [ 64.465372][ C0] sysvec_apic_timer_interrupt+0x51/0xf0 [ 64.470993][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 64.476969][ C0] RIP: 0010:unmap_page_range+0xaef/0x2b20 [ 64.482663][ C0] Code: 00 48 8b 5c 24 08 4c 89 6c 24 08 48 8d 83 00 f0 ff ff 48 89 44 24 50 e8 0f ee ce ff 48 8b 44 24 08 48 c1 e8 03 42 80 3c 30 00 <0f> 85 4a 1a 00 00 48 8b 44 24 08 31 ff 4c 8b 20 4c 89 e5 48 83 e5 [ 64.502251][ C0] RSP: 0018:ffffc900060679d8 EFLAGS: 00000246 [ 64.508306][ C0] RAX: 1ffff11012b19040 RBX: 00007f5c5f041000 RCX: ffffffff81a62fe0 [ 64.516267][ C0] RDX: ffff888094178540 RSI: ffffffff81a62aa1 RDI: 0000000000000006 [ 64.524221][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffea0002b92733 [ 64.532165][ C0] R10: 00007f5c5f08a000 R11: 0000000000000000 R12: 0000000000000003 [ 64.540109][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 00007f5c5f08a000 [ 64.548063][ C0] ? unmap_page_range+0x1020/0x2b20 [ 64.553249][ C0] ? unmap_page_range+0xae1/0x2b20 [ 64.558345][ C0] ? unmap_page_range+0xae1/0x2b20 [ 64.563427][ C0] ? unmap_vmas+0x126/0x2e0 [ 64.567913][ C0] ? vm_normal_page_pmd+0x690/0x690 [ 64.573094][ C0] ? lock_downgrade+0x830/0x830 [ 64.577929][ C0] ? uprobe_munmap+0x1c/0x560 [ 64.582588][ C0] unmap_single_vma+0x198/0x300 [ 64.587409][ C0] unmap_vmas+0x168/0x2e0 [ 64.591720][ C0] ? zap_vma_ptes+0x100/0x100 [ 64.596383][ C0] exit_mmap+0x2b1/0x530 [ 64.600600][ C0] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 64.606565][ C0] __mmput+0x122/0x470 [ 64.610603][ C0] mmput+0x53/0x60 [ 64.614297][ C0] do_exit+0xa31/0x2930 [ 64.618424][ C0] ? mm_update_next_owner+0x7a0/0x7a0 [ 64.623779][ C0] ? vmacache_update+0xce/0x140 [ 64.628602][ C0] do_group_exit+0x125/0x310 [ 64.633164][ C0] __x64_sys_exit_group+0x3a/0x50 [ 64.638162][ C0] do_syscall_64+0x2d/0x70 [ 64.642550][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.648411][ C0] RIP: 0033:0x7f5c5e9f3618 [ 64.652790][ C0] Code: Bad RIP value. [ 64.656825][ C0] RSP: 002b:00007ffc980a8538 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 64.665207][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5c5e9f3618 [ 64.673162][ C0] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 64.681106][ C0] RBP: 00007f5c5ecd08e0 R08: 00000000000000e7 R09: fffffffffffffee8 [ 64.689063][ C0] R10: 00007f5c5ceae158 R11: 0000000000000246 R12: 00007f5c5ecd08e0 [ 64.697007][ C0] R13: 00007f5c5ecd5c20 R14: 0000000000000000 R15: 0000000000000000 [ 64.704952][ C0] ================================================================================ [ 64.714196][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 64.720754][ C0] CPU: 0 PID: 6881 Comm: systemd-rfkill Not tainted 5.9.0-rc5-next-20200918-syzkaller #0 [ 64.730518][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.740540][ C0] Call Trace: [ 64.743794][ C0] [ 64.746621][ C0] dump_stack+0x198/0x1fb [ 64.750923][ C0] panic+0x382/0x7fb [ 64.754792][ C0] ? __warn_printk+0xf3/0xf3 [ 64.759354][ C0] ? ubsan_epilogue+0x3e/0x5a [ 64.764000][ C0] ? ubsan_epilogue+0x35/0x5a [ 64.768645][ C0] ubsan_epilogue+0x54/0x5a [ 64.773118][ C0] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 64.779260][ C0] ? vprintk_func+0x95/0x1e0 [ 64.783821][ C0] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 64.790468][ C0] print_irq_inversion_bug.part.0+0x2c6/0x2ee [ 64.796521][ C0] mark_lock.cold+0x57/0x74 [ 64.801000][ C0] ? lock_chain_count+0x20/0x20 [ 64.805836][ C0] ? lock_is_held_type+0xbb/0xf0 [ 64.810742][ C0] ? find_held_lock+0x2d/0x110 [ 64.815495][ C0] ? debug_object_activate+0x287/0x3e0 [ 64.820925][ C0] ? lock_downgrade+0x830/0x830 [ 64.825747][ C0] __lock_acquire+0x118a/0x56d0 [ 64.830568][ C0] ? lock_downgrade+0x830/0x830 [ 64.835388][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 64.841338][ C0] ? mark_lock+0xf7/0x2420 [ 64.845726][ C0] lock_acquire+0x1f2/0xaa0 [ 64.850202][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 64.856066][ C0] ? lock_release+0x890/0x890 [ 64.860713][ C0] ? find_held_lock+0x2d/0x110 [ 64.865465][ C0] ? loopback_jiffies_timer_function+0x188/0x220 [ 64.871761][ C0] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 64.877107][ C0] _raw_spin_lock_irqsave+0x94/0xd0 [ 64.882276][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 64.888155][ C0] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 64.893859][ C0] snd_pcm_period_elapsed+0x24/0x250 [ 64.899117][ C0] loopback_jiffies_timer_function+0x1a8/0x220 [ 64.905256][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 64.911725][ C0] call_timer_fn+0x1a5/0x6b0 [ 64.916288][ C0] ? add_timer_on+0x4a0/0x4a0 [ 64.920937][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 64.926108][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 64.932589][ C0] __run_timers.part.0+0x67c/0xa50 [ 64.937683][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 64.942420][ C0] ? lapic_next_event+0x4d/0x80 [ 64.947244][ C0] ? mark_held_locks+0x9f/0xe0 [ 64.951977][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 64.957067][ C0] run_timer_softirq+0xb3/0x1d0 [ 64.961893][ C0] __do_softirq+0x203/0xab6 [ 64.966372][ C0] asm_call_on_stack+0xf/0x20 [ 64.971030][ C0] [ 64.973944][ C0] do_softirq_own_stack+0x9d/0xd0 [ 64.978942][ C0] irq_exit_rcu+0x235/0x280 [ 64.983418][ C0] sysvec_apic_timer_interrupt+0x51/0xf0 [ 64.989026][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 64.994980][ C0] RIP: 0010:unmap_page_range+0xaef/0x2b20 [ 65.000670][ C0] Code: 00 48 8b 5c 24 08 4c 89 6c 24 08 48 8d 83 00 f0 ff ff 48 89 44 24 50 e8 0f ee ce ff 48 8b 44 24 08 48 c1 e8 03 42 80 3c 30 00 <0f> 85 4a 1a 00 00 48 8b 44 24 08 31 ff 4c 8b 20 4c 89 e5 48 83 e5 [ 65.020953][ C0] RSP: 0018:ffffc900060679d8 EFLAGS: 00000246 [ 65.027003][ C0] RAX: 1ffff11012b19040 RBX: 00007f5c5f041000 RCX: ffffffff81a62fe0 [ 65.034969][ C0] RDX: ffff888094178540 RSI: ffffffff81a62aa1 RDI: 0000000000000006 [ 65.042915][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffea0002b92733 [ 65.050860][ C0] R10: 00007f5c5f08a000 R11: 0000000000000000 R12: 0000000000000003 [ 65.061930][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 00007f5c5f08a000 [ 65.069882][ C0] ? unmap_page_range+0x1020/0x2b20 [ 65.075069][ C0] ? unmap_page_range+0xae1/0x2b20 [ 65.080152][ C0] ? unmap_page_range+0xae1/0x2b20 [ 65.085269][ C0] ? unmap_vmas+0x126/0x2e0 [ 65.089747][ C0] ? vm_normal_page_pmd+0x690/0x690 [ 65.094947][ C0] ? lock_downgrade+0x830/0x830 [ 65.099807][ C0] ? uprobe_munmap+0x1c/0x560 [ 65.104476][ C0] unmap_single_vma+0x198/0x300 [ 65.109309][ C0] unmap_vmas+0x168/0x2e0 [ 65.113619][ C0] ? zap_vma_ptes+0x100/0x100 [ 65.118281][ C0] exit_mmap+0x2b1/0x530 [ 65.122498][ C0] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 65.128469][ C0] __mmput+0x122/0x470 [ 65.132519][ C0] mmput+0x53/0x60 [ 65.136225][ C0] do_exit+0xa31/0x2930 [ 65.140359][ C0] ? mm_update_next_owner+0x7a0/0x7a0 [ 65.145704][ C0] ? vmacache_update+0xce/0x140 [ 65.150536][ C0] do_group_exit+0x125/0x310 [ 65.155098][ C0] __x64_sys_exit_group+0x3a/0x50 [ 65.160093][ C0] do_syscall_64+0x2d/0x70 [ 65.164481][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.170359][ C0] RIP: 0033:0x7f5c5e9f3618 [ 65.174741][ C0] Code: Bad RIP value. [ 65.178788][ C0] RSP: 002b:00007ffc980a8538 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 65.187170][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5c5e9f3618 [ 65.195127][ C0] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 65.203078][ C0] RBP: 00007f5c5ecd08e0 R08: 00000000000000e7 R09: fffffffffffffee8 [ 65.211020][ C0] R10: 00007f5c5ceae158 R11: 0000000000000246 R12: 00007f5c5ecd08e0 [ 65.218963][ C0] R13: 00007f5c5ecd5c20 R14: 0000000000000000 R15: 0000000000000000 [ 65.227944][ C0] Kernel Offset: disabled [ 65.232255][ C0] Rebooting in 86400 seconds..