Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.40' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 63.907740][ C0] [ 63.910125][ C0] ======================================================== [ 63.917367][ C0] WARNING: possible irq lock inversion dependency detected [ 63.924556][ C0] 5.9.0-rc5-next-20200921-syzkaller #0 Not tainted [ 63.931030][ C0] -------------------------------------------------------- [ 63.938200][ C0] swapper/0/0 just changed the state of lock: [ 63.944236][ C0] ffff888214d1e908 (&group->lock){..-.}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 63.954202][ C0] but this lock took another, SOFTIRQ-READ-unsafe lock in the past: [ 63.962155][ C0] (&card->ctl_files_rwlock){.+.+}-{2:2} [ 63.962168][ C0] [ 63.962168][ C0] [ 63.962168][ C0] and interrupts could create inverse lock ordering between them. [ 63.962168][ C0] [ 63.982052][ C0] [ 63.982052][ C0] other info that might help us debug this: [ 63.990168][ C0] Possible interrupt unsafe locking scenario: [ 63.990168][ C0] [ 63.998479][ C0] CPU0 CPU1 [ 64.003817][ C0] ---- ---- [ 64.009152][ C0] lock(&card->ctl_files_rwlock); [ 64.014245][ C0] local_irq_disable(); [ 64.021058][ C0] lock(&group->lock); [ 64.027710][ C0] lock(&card->ctl_files_rwlock); [ 64.035310][ C0] [ 64.038831][ C0] lock(&group->lock); [ 64.043141][ C0] [ 64.043141][ C0] *** DEADLOCK *** [ 64.043141][ C0] [ 64.051261][ C0] 1 lock held by swapper/0/0: [ 64.055902][ C0] #0: ffffc90000007d80 ((&dpcm->timer)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0 [ 64.065170][ C0] [ 64.065170][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 64.074587][ C0] -> (&card->ctl_files_rwlock){.+.+}-{2:2} { [ 64.080683][ C0] HARDIRQ-ON-R at: [ 64.084739][ C0] lock_acquire+0x1f2/0xaa0 [ 64.091052][ C0] _raw_read_lock+0x5b/0x70 [ 64.097706][ C0] snd_ctl_notify.part.0+0x36/0x550 [ 64.104713][ C0] snd_ctl_notify+0x8f/0xb0 [ 64.111015][ C0] __snd_ctl_add_replace+0x638/0x800 [ 64.118107][ C0] snd_ctl_add_replace+0x76/0x130 [ 64.124923][ C0] snd_dummy_probe+0xc22/0x1180 [ 64.131567][ C0] platform_drv_probe+0x87/0x140 [ 64.138298][ C0] really_probe+0x282/0x9f0 [ 64.144593][ C0] driver_probe_device+0xfe/0x1d0 [ 64.151421][ C0] __device_attach_driver+0x1c2/0x220 [ 64.158604][ C0] bus_for_each_drv+0x15f/0x1e0 [ 64.165247][ C0] __device_attach+0x228/0x470 [ 64.171801][ C0] bus_probe_device+0x1e4/0x290 [ 64.178456][ C0] device_add+0xb17/0x1c40 [ 64.184680][ C0] platform_device_add+0x34f/0x6d0 [ 64.191591][ C0] platform_device_register_full+0x38c/0x4e0 [ 64.199451][ C0] alsa_card_dummy_init+0x1e0/0x309 [ 64.206456][ C0] do_one_initcall+0x103/0x6f0 [ 64.213040][ C0] kernel_init_freeable+0x652/0x6d6 [ 64.220050][ C0] kernel_init+0xd/0x1b8 [ 64.226100][ C0] ret_from_fork+0x1f/0x30 [ 64.232331][ C0] SOFTIRQ-ON-R at: [ 64.236381][ C0] lock_acquire+0x1f2/0xaa0 [ 64.242693][ C0] _raw_read_lock+0x5b/0x70 [ 64.249009][ C0] snd_ctl_notify.part.0+0x36/0x550 [ 64.256002][ C0] snd_ctl_notify+0x8f/0xb0 [ 64.262314][ C0] __snd_ctl_add_replace+0x638/0x800 [ 64.269411][ C0] snd_ctl_add_replace+0x76/0x130 [ 64.276251][ C0] snd_dummy_probe+0xc22/0x1180 [ 64.282919][ C0] platform_drv_probe+0x87/0x140 [ 64.289662][ C0] really_probe+0x282/0x9f0 [ 64.295967][ C0] driver_probe_device+0xfe/0x1d0 [ 64.302802][ C0] __device_attach_driver+0x1c2/0x220 [ 64.309987][ C0] bus_for_each_drv+0x15f/0x1e0 [ 64.316633][ C0] __device_attach+0x228/0x470 [ 64.323200][ C0] bus_probe_device+0x1e4/0x290 [ 64.329863][ C0] device_add+0xb17/0x1c40 [ 64.336072][ C0] platform_device_add+0x34f/0x6d0 [ 64.343022][ C0] platform_device_register_full+0x38c/0x4e0 [ 64.350864][ C0] alsa_card_dummy_init+0x1e0/0x309 [ 64.358034][ C0] do_one_initcall+0x103/0x6f0 [ 64.364606][ C0] kernel_init_freeable+0x652/0x6d6 [ 64.371603][ C0] kernel_init+0xd/0x1b8 [ 64.377640][ C0] ret_from_fork+0x1f/0x30 [ 64.383847][ C0] (null) at: [ 64.387367][ C0] ================================================================================ [ 64.396619][ C0] UBSAN: array-index-out-of-bounds in kernel/locking/lockdep.c:2240:40 [ 64.404923][ C0] index 9 is out of range for type 'lock_trace *[9]' [ 64.411584][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.9.0-rc5-next-20200921-syzkaller #0 [ 64.420670][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.430741][ C0] Call Trace: [ 64.434034][ C0] [ 64.436871][ C0] dump_stack+0x198/0x1fb [ 64.441196][ C0] ubsan_epilogue+0xb/0x5a [ 64.445593][ C0] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 64.451727][ C0] ? vprintk_func+0x95/0x1e0 [ 64.456295][ C0] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 64.462951][ C0] print_irq_inversion_bug.part.0+0x2c6/0x2ee [ 64.468993][ C0] mark_lock.cold+0x57/0x74 [ 64.473489][ C0] ? lock_chain_count+0x20/0x20 [ 64.478314][ C0] ? lock_is_held_type+0xbb/0xf0 [ 64.483224][ C0] ? find_held_lock+0x2d/0x110 [ 64.488311][ C0] ? debug_object_activate+0x287/0x3e0 [ 64.493741][ C0] ? lock_downgrade+0x830/0x830 [ 64.498581][ C0] __lock_acquire+0x118a/0x56d0 [ 64.503433][ C0] ? lock_downgrade+0x830/0x830 [ 64.508263][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 64.514219][ C0] ? mark_lock+0xf7/0x2420 [ 64.518617][ C0] lock_acquire+0x1f2/0xaa0 [ 64.523200][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 64.529078][ C0] ? lock_release+0x890/0x890 [ 64.533734][ C0] ? find_held_lock+0x2d/0x110 [ 64.538472][ C0] ? loopback_jiffies_timer_function+0x188/0x220 [ 64.544769][ C0] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 64.550113][ C0] _raw_spin_lock_irqsave+0x94/0xd0 [ 64.555291][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 64.561155][ C0] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 64.566849][ C0] snd_pcm_period_elapsed+0x24/0x250 [ 64.572118][ C0] loopback_jiffies_timer_function+0x1a8/0x220 [ 64.578249][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 64.584729][ C0] call_timer_fn+0x1a5/0x6b0 [ 64.589295][ C0] ? add_timer_on+0x4a0/0x4a0 [ 64.593959][ C0] ? lock_downgrade+0x830/0x830 [ 64.598782][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 64.603966][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 64.610451][ C0] __run_timers.part.0+0x67c/0xa50 [ 64.615542][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 64.620280][ C0] ? lapic_next_event+0x4d/0x80 [ 64.625130][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 64.630312][ C0] ? sched_clock+0x2a/0x40 [ 64.634710][ C0] ? sched_clock_cpu+0x18/0x1f0 [ 64.639556][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 64.644649][ C0] run_timer_softirq+0xb3/0x1d0 [ 64.649473][ C0] __do_softirq+0x203/0xab6 [ 64.653968][ C0] asm_call_on_stack+0xf/0x20 [ 64.658625][ C0] [ 64.661541][ C0] do_softirq_own_stack+0x9d/0xd0 [ 64.666537][ C0] irq_exit_rcu+0x235/0x280 [ 64.671020][ C0] sysvec_apic_timer_interrupt+0x51/0xf0 [ 64.676625][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 64.682598][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 64.687942][ C0] Code: 89 ef e8 15 61 76 f9 e9 86 fe ff ff 48 89 df e8 08 61 76 f9 e9 7b ff ff ff cc cc cc e9 07 00 00 00 0f 00 2d 74 b8 68 00 fb f4 90 e9 07 00 00 00 0f 00 2d 64 b8 68 00 f4 c3 cc cc 55 53 e8 09 [ 64.707518][ C0] RSP: 0018:ffffffff8a207d48 EFLAGS: 00000293 [ 64.713642][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff175e959 [ 64.721588][ C0] RDX: ffffffff8a29ce40 RSI: ffffffff88403123 RDI: 0000000000000000 [ 64.729543][ C0] RBP: ffff8880a65f6064 R08: 0000000000000001 R09: 0000000000000001 [ 64.737625][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 64.745580][ C0] R13: ffff8880a65f6000 R14: ffff8880a65f6064 R15: ffff8880a2cb6004 [ 64.753545][ C0] ? acpi_idle_do_entry+0x1e3/0x330 [ 64.758734][ C0] acpi_idle_do_entry+0x1e8/0x330 [ 64.763742][ C0] acpi_idle_enter+0x35a/0x550 [ 64.768486][ C0] cpuidle_enter_state+0x1ab/0xd20 [ 64.773572][ C0] ? tick_nohz_idle_stop_tick+0x5b6/0xbd0 [ 64.779266][ C0] cpuidle_enter+0x4a/0xa0 [ 64.783683][ C0] do_idle+0x48e/0x730 [ 64.787749][ C0] ? arch_cpu_idle_exit+0x70/0x70 [ 64.792773][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe [ 64.799000][ C0] cpu_startup_entry+0x14/0x20 [ 64.803750][ C0] start_kernel+0x490/0x4b1 [ 64.808246][ C0] secondary_startup_64_no_verify+0xa6/0xab [ 64.814114][ C0] ================================================================================ [ 64.823370][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 64.829942][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.9.0-rc5-next-20200921-syzkaller #0 [ 64.839013][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.849041][ C0] Call Trace: [ 64.852301][ C0] [ 64.855139][ C0] dump_stack+0x198/0x1fb [ 64.859460][ C0] panic+0x382/0x7fb [ 64.863334][ C0] ? __warn_printk+0xf3/0xf3 [ 64.867910][ C0] ? secondary_startup_64_no_verify+0xa6/0xab [ 64.873954][ C0] ? ubsan_epilogue+0x3e/0x5a [ 64.878601][ C0] ? ubsan_epilogue+0x35/0x5a [ 64.883248][ C0] ubsan_epilogue+0x54/0x5a [ 64.887726][ C0] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 64.893864][ C0] ? vprintk_func+0x95/0x1e0 [ 64.898428][ C0] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 64.905087][ C0] print_irq_inversion_bug.part.0+0x2c6/0x2ee [ 64.911141][ C0] mark_lock.cold+0x57/0x74 [ 64.915624][ C0] ? lock_chain_count+0x20/0x20 [ 64.920459][ C0] ? lock_is_held_type+0xbb/0xf0 [ 64.925395][ C0] ? find_held_lock+0x2d/0x110 [ 64.930135][ C0] ? debug_object_activate+0x287/0x3e0 [ 64.935571][ C0] ? lock_downgrade+0x830/0x830 [ 64.940395][ C0] __lock_acquire+0x118a/0x56d0 [ 64.945241][ C0] ? lock_downgrade+0x830/0x830 [ 64.950068][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 64.956017][ C0] ? mark_lock+0xf7/0x2420 [ 64.960406][ C0] lock_acquire+0x1f2/0xaa0 [ 64.964886][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 64.970767][ C0] ? lock_release+0x890/0x890 [ 64.975434][ C0] ? find_held_lock+0x2d/0x110 [ 64.980190][ C0] ? loopback_jiffies_timer_function+0x188/0x220 [ 64.986492][ C0] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 64.991838][ C0] _raw_spin_lock_irqsave+0x94/0xd0 [ 64.997037][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 65.002905][ C0] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 65.008599][ C0] snd_pcm_period_elapsed+0x24/0x250 [ 65.013873][ C0] loopback_jiffies_timer_function+0x1a8/0x220 [ 65.020001][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 65.026478][ C0] call_timer_fn+0x1a5/0x6b0 [ 65.031049][ C0] ? add_timer_on+0x4a0/0x4a0 [ 65.035698][ C0] ? lock_downgrade+0x830/0x830 [ 65.040608][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 65.045802][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 65.052294][ C0] __run_timers.part.0+0x67c/0xa50 [ 65.057596][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 65.062359][ C0] ? lapic_next_event+0x4d/0x80 [ 65.067193][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 65.072376][ C0] ? sched_clock+0x2a/0x40 [ 65.076782][ C0] ? sched_clock_cpu+0x18/0x1f0 [ 65.081610][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 65.086717][ C0] run_timer_softirq+0xb3/0x1d0 [ 65.091572][ C0] __do_softirq+0x203/0xab6 [ 65.096061][ C0] asm_call_on_stack+0xf/0x20 [ 65.100710][ C0] [ 65.103628][ C0] do_softirq_own_stack+0x9d/0xd0 [ 65.108626][ C0] irq_exit_rcu+0x235/0x280 [ 65.113281][ C0] sysvec_apic_timer_interrupt+0x51/0xf0 [ 65.118889][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 65.124928][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 65.130273][ C0] Code: 89 ef e8 15 61 76 f9 e9 86 fe ff ff 48 89 df e8 08 61 76 f9 e9 7b ff ff ff cc cc cc e9 07 00 00 00 0f 00 2d 74 b8 68 00 fb f4 90 e9 07 00 00 00 0f 00 2d 64 b8 68 00 f4 c3 cc cc 55 53 e8 09 [ 65.149862][ C0] RSP: 0018:ffffffff8a207d48 EFLAGS: 00000293 [ 65.155901][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff175e959 [ 65.163932][ C0] RDX: ffffffff8a29ce40 RSI: ffffffff88403123 RDI: 0000000000000000 [ 65.171876][ C0] RBP: ffff8880a65f6064 R08: 0000000000000001 R09: 0000000000000001 [ 65.179837][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 65.187811][ C0] R13: ffff8880a65f6000 R14: ffff8880a65f6064 R15: ffff8880a2cb6004 [ 65.195786][ C0] ? acpi_idle_do_entry+0x1e3/0x330 [ 65.200970][ C0] acpi_idle_do_entry+0x1e8/0x330 [ 65.205968][ C0] acpi_idle_enter+0x35a/0x550 [ 65.210705][ C0] cpuidle_enter_state+0x1ab/0xd20 [ 65.215803][ C0] ? tick_nohz_idle_stop_tick+0x5b6/0xbd0 [ 65.221492][ C0] cpuidle_enter+0x4a/0xa0 [ 65.225880][ C0] do_idle+0x48e/0x730 [ 65.229937][ C0] ? arch_cpu_idle_exit+0x70/0x70 [ 65.234944][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe [ 65.241157][ C0] cpu_startup_entry+0x14/0x20 [ 65.245968][ C0] start_kernel+0x490/0x4b1 [ 65.250449][ C0] secondary_startup_64_no_verify+0xa6/0xab [ 65.257908][ C0] Kernel Offset: disabled [ 65.262223][ C0] Rebooting in 86400 seconds..