Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.75' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 65.669943][ C0] [ 65.672297][ C0] ======================================================== [ 65.679463][ C0] WARNING: possible irq lock inversion dependency detected [ 65.686648][ C0] 5.9.0-rc5-next-20200921-syzkaller #0 Not tainted [ 65.693115][ C0] -------------------------------------------------------- [ 65.701071][ C0] swapper/0/0 just changed the state of lock: [ 65.707122][ C0] ffff888099caf108 (&group->lock){..-.}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 65.717019][ C0] but this lock took another, SOFTIRQ-READ-unsafe lock in the past: [ 65.724967][ C0] (&card->ctl_files_rwlock){.+.+}-{2:2} [ 65.724983][ C0] [ 65.724983][ C0] [ 65.724983][ C0] and interrupts could create inverse lock ordering between them. [ 65.724983][ C0] [ 65.745129][ C0] [ 65.745129][ C0] other info that might help us debug this: [ 65.753173][ C0] Possible interrupt unsafe locking scenario: [ 65.753173][ C0] [ 65.761464][ C0] CPU0 CPU1 [ 65.766803][ C0] ---- ---- [ 65.772152][ C0] lock(&card->ctl_files_rwlock); [ 65.777249][ C0] local_irq_disable(); [ 65.783990][ C0] lock(&group->lock); [ 65.790639][ C0] lock(&card->ctl_files_rwlock); [ 65.798240][ C0] [ 65.801667][ C0] lock(&group->lock); [ 65.806665][ C0] [ 65.806665][ C0] *** DEADLOCK *** [ 65.806665][ C0] [ 65.814797][ C0] 1 lock held by swapper/0/0: [ 65.819440][ C0] #0: ffffc90000007d80 ((&dpcm->timer)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0 [ 65.828733][ C0] [ 65.828733][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 65.838099][ C0] -> (&card->ctl_files_rwlock){.+.+}-{2:2} { [ 65.844156][ C0] HARDIRQ-ON-R at: [ 65.848205][ C0] lock_acquire+0x1f2/0xaa0 [ 65.854507][ C0] _raw_read_lock+0x5b/0x70 [ 65.860813][ C0] snd_ctl_notify.part.0+0x36/0x550 [ 65.868771][ C0] snd_ctl_notify+0x8f/0xb0 [ 65.875098][ C0] __snd_ctl_add_replace+0x638/0x800 [ 65.882184][ C0] snd_ctl_add_replace+0x76/0x130 [ 65.889004][ C0] snd_dummy_probe+0xc22/0x1180 [ 65.895665][ C0] platform_drv_probe+0x87/0x140 [ 65.902413][ C0] really_probe+0x282/0x9f0 [ 65.908721][ C0] driver_probe_device+0xfe/0x1d0 [ 65.915551][ C0] __device_attach_driver+0x1c2/0x220 [ 65.922719][ C0] bus_for_each_drv+0x15f/0x1e0 [ 65.929384][ C0] __device_attach+0x228/0x470 [ 65.935954][ C0] bus_probe_device+0x1e4/0x290 [ 65.942603][ C0] device_add+0xb17/0x1c40 [ 65.948823][ C0] platform_device_add+0x34f/0x6d0 [ 65.955747][ C0] platform_device_register_full+0x38c/0x4e0 [ 65.963525][ C0] alsa_card_dummy_init+0x1e0/0x309 [ 65.970533][ C0] do_one_initcall+0x103/0x6f0 [ 65.977113][ C0] kernel_init_freeable+0x652/0x6d6 [ 65.984110][ C0] kernel_init+0xd/0x1b8 [ 65.990152][ C0] ret_from_fork+0x1f/0x30 [ 65.996371][ C0] SOFTIRQ-ON-R at: [ 66.000421][ C0] lock_acquire+0x1f2/0xaa0 [ 66.006719][ C0] _raw_read_lock+0x5b/0x70 [ 66.013023][ C0] snd_ctl_notify.part.0+0x36/0x550 [ 66.020142][ C0] snd_ctl_notify+0x8f/0xb0 [ 66.026464][ C0] __snd_ctl_add_replace+0x638/0x800 [ 66.033747][ C0] snd_ctl_add_replace+0x76/0x130 [ 66.041267][ C0] snd_dummy_probe+0xc22/0x1180 [ 66.047915][ C0] platform_drv_probe+0x87/0x140 [ 66.054649][ C0] really_probe+0x282/0x9f0 [ 66.060950][ C0] driver_probe_device+0xfe/0x1d0 [ 66.067791][ C0] __device_attach_driver+0x1c2/0x220 [ 66.074964][ C0] bus_for_each_drv+0x15f/0x1e0 [ 66.081630][ C0] __device_attach+0x228/0x470 [ 66.088193][ C0] bus_probe_device+0x1e4/0x290 [ 66.094847][ C0] device_add+0xb17/0x1c40 [ 66.101099][ C0] platform_device_add+0x34f/0x6d0 [ 66.108063][ C0] platform_device_register_full+0x38c/0x4e0 [ 66.115850][ C0] alsa_card_dummy_init+0x1e0/0x309 [ 66.122852][ C0] do_one_initcall+0x103/0x6f0 [ 66.129425][ C0] kernel_init_freeable+0x652/0x6d6 [ 66.136433][ C0] kernel_init+0xd/0x1b8 [ 66.142477][ C0] ret_from_fork+0x1f/0x30 [ 66.148691][ C0] (null) at: [ 66.152234][ C0] ================================================================================ [ 66.161506][ C0] UBSAN: array-index-out-of-bounds in kernel/locking/lockdep.c:2240:40 [ 66.169714][ C0] index 9 is out of range for type 'lock_trace *[9]' [ 66.176362][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.9.0-rc5-next-20200921-syzkaller #0 [ 66.185441][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.195486][ C0] Call Trace: [ 66.198767][ C0] [ 66.202557][ C0] dump_stack+0x198/0x1fb [ 66.206875][ C0] ubsan_epilogue+0xb/0x5a [ 66.211268][ C0] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 66.217397][ C0] ? vprintk_func+0x95/0x1e0 [ 66.221979][ C0] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 66.228628][ C0] print_irq_inversion_bug.part.0+0x2c6/0x2ee [ 66.234674][ C0] mark_lock.cold+0x57/0x74 [ 66.239179][ C0] ? lock_chain_count+0x20/0x20 [ 66.244005][ C0] ? lock_is_held_type+0xbb/0xf0 [ 66.248922][ C0] ? find_held_lock+0x2d/0x110 [ 66.253663][ C0] ? debug_object_activate+0x287/0x3e0 [ 66.259104][ C0] ? lock_downgrade+0x830/0x830 [ 66.263935][ C0] __lock_acquire+0x118a/0x56d0 [ 66.268762][ C0] ? lock_downgrade+0x830/0x830 [ 66.273598][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 66.279553][ C0] ? mark_lock+0xf7/0x2420 [ 66.283956][ C0] lock_acquire+0x1f2/0xaa0 [ 66.288434][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 66.294303][ C0] ? lock_release+0x890/0x890 [ 66.298970][ C0] ? find_held_lock+0x2d/0x110 [ 66.303720][ C0] ? loopback_jiffies_timer_function+0x188/0x220 [ 66.310033][ C0] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 66.315389][ C0] _raw_spin_lock_irqsave+0x94/0xd0 [ 66.320579][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 66.326449][ C0] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 66.332161][ C0] snd_pcm_period_elapsed+0x24/0x250 [ 66.337423][ C0] loopback_jiffies_timer_function+0x1a8/0x220 [ 66.343572][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 66.350047][ C0] call_timer_fn+0x1a5/0x6b0 [ 66.354871][ C0] ? add_timer_on+0x4a0/0x4a0 [ 66.359524][ C0] ? lock_downgrade+0x830/0x830 [ 66.364348][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 66.369537][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 66.376010][ C0] __run_timers.part.0+0x67c/0xa50 [ 66.381101][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 66.385837][ C0] ? lapic_next_event+0x4d/0x80 [ 66.390668][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 66.395844][ C0] ? sched_clock+0x2a/0x40 [ 66.400254][ C0] ? sched_clock_cpu+0x18/0x1f0 [ 66.405077][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 66.410166][ C0] run_timer_softirq+0xb3/0x1d0 [ 66.415007][ C0] __do_softirq+0x203/0xab6 [ 66.419504][ C0] asm_call_on_stack+0xf/0x20 [ 66.424158][ C0] [ 66.427088][ C0] do_softirq_own_stack+0x9d/0xd0 [ 66.432098][ C0] irq_exit_rcu+0x235/0x280 [ 66.436575][ C0] sysvec_apic_timer_interrupt+0x51/0xf0 [ 66.442181][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 66.448133][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 66.453489][ C0] Code: 89 ef e8 15 61 76 f9 e9 86 fe ff ff 48 89 df e8 08 61 76 f9 e9 7b ff ff ff cc cc cc e9 07 00 00 00 0f 00 2d 74 b8 68 00 fb f4 90 e9 07 00 00 00 0f 00 2d 64 b8 68 00 f4 c3 cc cc 55 53 e8 09 [ 66.473071][ C0] RSP: 0018:ffffffff8a207d48 EFLAGS: 00000293 [ 66.479138][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff175e959 [ 66.487209][ C0] RDX: ffffffff8a29ce40 RSI: ffffffff88403123 RDI: 0000000000000000 [ 66.496112][ C0] RBP: ffff88821a8a1064 R08: 0000000000000001 R09: 0000000000000001 [ 66.504069][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 66.512018][ C0] R13: ffff88821a8a1000 R14: ffff88821a8a1064 R15: ffff88821867d004 [ 66.520002][ C0] ? acpi_idle_do_entry+0x1e3/0x330 [ 66.525197][ C0] acpi_idle_do_entry+0x1e8/0x330 [ 66.530227][ C0] acpi_idle_enter+0x35a/0x550 [ 66.534969][ C0] cpuidle_enter_state+0x1ab/0xd20 [ 66.540071][ C0] ? tick_nohz_idle_stop_tick+0x50b/0xbd0 [ 66.545773][ C0] cpuidle_enter+0x4a/0xa0 [ 66.550165][ C0] do_idle+0x48e/0x730 [ 66.554209][ C0] ? arch_cpu_idle_exit+0x70/0x70 [ 66.559227][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe [ 66.565727][ C0] cpu_startup_entry+0x14/0x20 [ 66.570468][ C0] start_kernel+0x490/0x4b1 [ 66.574951][ C0] secondary_startup_64_no_verify+0xa6/0xab [ 66.580815][ C0] ================================================================================ [ 66.590076][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 66.596644][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.9.0-rc5-next-20200921-syzkaller #0 [ 66.605720][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.615761][ C0] Call Trace: [ 66.619030][ C0] [ 66.621862][ C0] dump_stack+0x198/0x1fb [ 66.626168][ C0] panic+0x382/0x7fb [ 66.630039][ C0] ? __warn_printk+0xf3/0xf3 [ 66.634615][ C0] ? secondary_startup_64_no_verify+0xa6/0xab [ 66.640660][ C0] ? ubsan_epilogue+0x3e/0x5a [ 66.645309][ C0] ? ubsan_epilogue+0x35/0x5a [ 66.649959][ C0] ubsan_epilogue+0x54/0x5a [ 66.654437][ C0] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 66.660574][ C0] ? vprintk_func+0x95/0x1e0 [ 66.665151][ C0] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 66.671896][ C0] print_irq_inversion_bug.part.0+0x2c6/0x2ee [ 66.678895][ C0] mark_lock.cold+0x57/0x74 [ 66.683377][ C0] ? lock_chain_count+0x20/0x20 [ 66.688472][ C0] ? lock_is_held_type+0xbb/0xf0 [ 66.693387][ C0] ? find_held_lock+0x2d/0x110 [ 66.698141][ C0] ? debug_object_activate+0x287/0x3e0 [ 66.705927][ C0] ? lock_downgrade+0x830/0x830 [ 66.710780][ C0] __lock_acquire+0x118a/0x56d0 [ 66.715606][ C0] ? lock_downgrade+0x830/0x830 [ 66.720468][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 66.726441][ C0] ? mark_lock+0xf7/0x2420 [ 66.730837][ C0] lock_acquire+0x1f2/0xaa0 [ 66.735329][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 66.741202][ C0] ? lock_release+0x890/0x890 [ 66.745854][ C0] ? find_held_lock+0x2d/0x110 [ 66.750607][ C0] ? loopback_jiffies_timer_function+0x188/0x220 [ 66.756948][ C0] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 66.762308][ C0] _raw_spin_lock_irqsave+0x94/0xd0 [ 66.767496][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 66.773366][ C0] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 66.779070][ C0] snd_pcm_period_elapsed+0x24/0x250 [ 66.784341][ C0] loopback_jiffies_timer_function+0x1a8/0x220 [ 66.790514][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 66.796989][ C0] call_timer_fn+0x1a5/0x6b0 [ 66.801554][ C0] ? add_timer_on+0x4a0/0x4a0 [ 66.806209][ C0] ? lock_downgrade+0x830/0x830 [ 66.811053][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 66.816230][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 66.822707][ C0] __run_timers.part.0+0x67c/0xa50 [ 66.827812][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 66.832552][ C0] ? lapic_next_event+0x4d/0x80 [ 66.837377][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 66.842550][ C0] ? sched_clock+0x2a/0x40 [ 66.847045][ C0] ? sched_clock_cpu+0x18/0x1f0 [ 66.851870][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 66.856966][ C0] run_timer_softirq+0xb3/0x1d0 [ 66.861794][ C0] __do_softirq+0x203/0xab6 [ 66.866289][ C0] asm_call_on_stack+0xf/0x20 [ 66.871012][ C0] [ 66.873955][ C0] do_softirq_own_stack+0x9d/0xd0 [ 66.878956][ C0] irq_exit_rcu+0x235/0x280 [ 66.883434][ C0] sysvec_apic_timer_interrupt+0x51/0xf0 [ 66.889062][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 66.895035][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 66.900416][ C0] Code: 89 ef e8 15 61 76 f9 e9 86 fe ff ff 48 89 df e8 08 61 76 f9 e9 7b ff ff ff cc cc cc e9 07 00 00 00 0f 00 2d 74 b8 68 00 fb f4 90 e9 07 00 00 00 0f 00 2d 64 b8 68 00 f4 c3 cc cc 55 53 e8 09 [ 66.920011][ C0] RSP: 0018:ffffffff8a207d48 EFLAGS: 00000293 [ 66.926088][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff175e959 [ 66.934559][ C0] RDX: ffffffff8a29ce40 RSI: ffffffff88403123 RDI: 0000000000000000 [ 66.942506][ C0] RBP: ffff88821a8a1064 R08: 0000000000000001 R09: 0000000000000001 [ 66.950453][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 66.958398][ C0] R13: ffff88821a8a1000 R14: ffff88821a8a1064 R15: ffff88821867d004 [ 66.966440][ C0] ? acpi_idle_do_entry+0x1e3/0x330 [ 66.971625][ C0] acpi_idle_do_entry+0x1e8/0x330 [ 66.976623][ C0] acpi_idle_enter+0x35a/0x550 [ 66.981365][ C0] cpuidle_enter_state+0x1ab/0xd20 [ 66.986560][ C0] ? tick_nohz_idle_stop_tick+0x50b/0xbd0 [ 66.992270][ C0] cpuidle_enter+0x4a/0xa0 [ 66.996674][ C0] do_idle+0x48e/0x730 [ 67.000735][ C0] ? arch_cpu_idle_exit+0x70/0x70 [ 67.005736][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe [ 67.011955][ C0] cpu_startup_entry+0x14/0x20 [ 67.016696][ C0] start_kernel+0x490/0x4b1 [ 67.021189][ C0] secondary_startup_64_no_verify+0xa6/0xab [ 67.028231][ C0] Kernel Offset: disabled [ 67.032584][ C0] Rebooting in 86400 seconds..