Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.218' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 63.247242][ C0] [ 63.249615][ C0] ======================================================== [ 63.258822][ C0] WARNING: possible irq lock inversion dependency detected [ 63.266169][ C0] 5.9.0-rc5-next-20200918-syzkaller #0 Not tainted [ 63.272668][ C0] -------------------------------------------------------- [ 63.279834][ C0] swapper/0/0 just changed the state of lock: [ 63.285880][ C0] ffff888214da2908 (&group->lock){..-.}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 63.295765][ C0] but this lock took another, SOFTIRQ-READ-unsafe lock in the past: [ 63.305282][ C0] (&card->ctl_files_rwlock){.+.+}-{2:2} [ 63.305299][ C0] [ 63.305299][ C0] [ 63.305299][ C0] and interrupts could create inverse lock ordering between them. [ 63.305299][ C0] [ 63.325230][ C0] [ 63.325230][ C0] other info that might help us debug this: [ 63.333273][ C0] Possible interrupt unsafe locking scenario: [ 63.333273][ C0] [ 63.341679][ C0] CPU0 CPU1 [ 63.347024][ C0] ---- ---- [ 63.352368][ C0] lock(&card->ctl_files_rwlock); [ 63.357461][ C0] local_irq_disable(); [ 63.364216][ C0] lock(&group->lock); [ 63.370872][ C0] lock(&card->ctl_files_rwlock); [ 63.378482][ C0] [ 63.381913][ C0] lock(&group->lock); [ 63.386240][ C0] [ 63.386240][ C0] *** DEADLOCK *** [ 63.386240][ C0] [ 63.394364][ C0] 1 lock held by swapper/0/0: [ 63.399049][ C0] #0: ffffc90000007d80 ((&dpcm->timer)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0 [ 63.408327][ C0] [ 63.408327][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 63.417690][ C0] -> (&card->ctl_files_rwlock){.+.+}-{2:2} { [ 63.423776][ C0] HARDIRQ-ON-R at: [ 63.427857][ C0] lock_acquire+0x1f2/0xaa0 [ 63.434164][ C0] _raw_read_lock+0x5b/0x70 [ 63.440474][ C0] snd_ctl_notify.part.0+0x36/0x550 [ 63.447477][ C0] snd_ctl_notify+0x8f/0xb0 [ 63.453784][ C0] __snd_ctl_add_replace+0x638/0x800 [ 63.460892][ C0] snd_ctl_add_replace+0x76/0x130 [ 63.467721][ C0] snd_dummy_probe+0xc22/0x1180 [ 63.474380][ C0] platform_drv_probe+0x87/0x140 [ 63.481120][ C0] really_probe+0x282/0x9f0 [ 63.487428][ C0] driver_probe_device+0xfe/0x1d0 [ 63.494253][ C0] __device_attach_driver+0x1c2/0x220 [ 63.501440][ C0] bus_for_each_drv+0x15f/0x1e0 [ 63.508092][ C0] __device_attach+0x228/0x470 [ 63.514656][ C0] bus_probe_device+0x1e4/0x290 [ 63.521307][ C0] device_add+0xb17/0x1c40 [ 63.527528][ C0] platform_device_add+0x34f/0x6d0 [ 63.534446][ C0] platform_device_register_full+0x38c/0x4e0 [ 63.542230][ C0] alsa_card_dummy_init+0x1e0/0x309 [ 63.549237][ C0] do_one_initcall+0x103/0x6f0 [ 63.555809][ C0] kernel_init_freeable+0x652/0x6d6 [ 63.562848][ C0] kernel_init+0xd/0x1b8 [ 63.568940][ C0] ret_from_fork+0x1f/0x30 [ 63.575156][ C0] SOFTIRQ-ON-R at: [ 63.579212][ C0] lock_acquire+0x1f2/0xaa0 [ 63.585554][ C0] _raw_read_lock+0x5b/0x70 [ 63.591914][ C0] snd_ctl_notify.part.0+0x36/0x550 [ 63.598953][ C0] snd_ctl_notify+0x8f/0xb0 [ 63.605302][ C0] __snd_ctl_add_replace+0x638/0x800 [ 63.612394][ C0] snd_ctl_add_replace+0x76/0x130 [ 63.619262][ C0] snd_dummy_probe+0xc22/0x1180 [ 63.625926][ C0] platform_drv_probe+0x87/0x140 [ 63.632784][ C0] really_probe+0x282/0x9f0 [ 63.639107][ C0] driver_probe_device+0xfe/0x1d0 [ 63.645937][ C0] __device_attach_driver+0x1c2/0x220 [ 63.653156][ C0] bus_for_each_drv+0x15f/0x1e0 [ 63.659851][ C0] __device_attach+0x228/0x470 [ 63.666420][ C0] bus_probe_device+0x1e4/0x290 [ 63.673082][ C0] device_add+0xb17/0x1c40 [ 63.679306][ C0] platform_device_add+0x34f/0x6d0 [ 63.686267][ C0] platform_device_register_full+0x38c/0x4e0 [ 63.694065][ C0] alsa_card_dummy_init+0x1e0/0x309 [ 63.701073][ C0] do_one_initcall+0x103/0x6f0 [ 63.707648][ C0] kernel_init_freeable+0x652/0x6d6 [ 63.714650][ C0] kernel_init+0xd/0x1b8 [ 63.720696][ C0] ret_from_fork+0x1f/0x30 [ 63.726915][ C0] (null) at: [ 63.730715][ C0] ================================================================================ [ 63.739974][ C0] UBSAN: array-index-out-of-bounds in kernel/locking/lockdep.c:2240:40 [ 63.748285][ C0] index 9 is out of range for type 'lock_trace *[9]' [ 63.754984][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.9.0-rc5-next-20200918-syzkaller #0 [ 63.764068][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.774396][ C0] Call Trace: [ 63.777668][ C0] [ 63.780512][ C0] dump_stack+0x198/0x1fb [ 63.784826][ C0] ubsan_epilogue+0xb/0x5a [ 63.789290][ C0] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 63.795509][ C0] ? vprintk_func+0x95/0x1e0 [ 63.800088][ C0] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 63.806762][ C0] print_irq_inversion_bug.part.0+0x2c6/0x2ee [ 63.812965][ C0] mark_lock.cold+0x57/0x74 [ 63.817503][ C0] ? lock_chain_count+0x20/0x20 [ 63.822471][ C0] ? lock_is_held_type+0xbb/0xf0 [ 63.827481][ C0] ? find_held_lock+0x2d/0x110 [ 63.832658][ C0] ? debug_object_activate+0x287/0x3e0 [ 63.838110][ C0] ? lock_downgrade+0x830/0x830 [ 63.842948][ C0] __lock_acquire+0x118a/0x56d0 [ 63.847848][ C0] ? lock_downgrade+0x830/0x830 [ 63.852686][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 63.858649][ C0] ? mark_lock+0xf7/0x2420 [ 63.863190][ C0] lock_acquire+0x1f2/0xaa0 [ 63.867686][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 63.873758][ C0] ? lock_release+0x890/0x890 [ 63.878519][ C0] ? find_held_lock+0x2d/0x110 [ 63.883359][ C0] ? loopback_jiffies_timer_function+0x188/0x220 [ 63.889904][ C0] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 63.895383][ C0] _raw_spin_lock_irqsave+0x94/0xd0 [ 63.900579][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 63.906462][ C0] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 63.912401][ C0] snd_pcm_period_elapsed+0x24/0x250 [ 63.918895][ C0] loopback_jiffies_timer_function+0x1a8/0x220 [ 63.925135][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 63.931665][ C0] call_timer_fn+0x1a5/0x6b0 [ 63.936243][ C0] ? add_timer_on+0x4a0/0x4a0 [ 63.941027][ C0] ? lock_downgrade+0x830/0x830 [ 63.945921][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 63.951203][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 63.957853][ C0] __run_timers.part.0+0x67c/0xa50 [ 63.963045][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 63.967806][ C0] ? lapic_next_event+0x4d/0x80 [ 63.973061][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 63.978247][ C0] ? sched_clock+0x2a/0x40 [ 63.982652][ C0] ? sched_clock_cpu+0x18/0x1f0 [ 63.987495][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 63.992682][ C0] run_timer_softirq+0xb3/0x1d0 [ 63.997572][ C0] __do_softirq+0x203/0xab6 [ 64.002068][ C0] asm_call_on_stack+0xf/0x20 [ 64.006731][ C0] [ 64.009672][ C0] do_softirq_own_stack+0x9d/0xd0 [ 64.014681][ C0] irq_exit_rcu+0x235/0x280 [ 64.019220][ C0] sysvec_apic_timer_interrupt+0x51/0xf0 [ 64.024978][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 64.031144][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 64.036505][ C0] Code: 89 ef e8 a5 99 76 f9 e9 86 fe ff ff 48 89 df e8 98 99 76 f9 e9 7b ff ff ff cc cc cc e9 07 00 00 00 0f 00 2d c4 14 49 00 fb f4 90 e9 07 00 00 00 0f 00 2d b4 14 49 00 f4 c3 cc cc 55 53 e8 09 [ 64.056273][ C0] RSP: 0018:ffffffff8a007d48 EFLAGS: 00000293 [ 64.062336][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff171e639 [ 64.070436][ C0] RDX: ffffffff8a09ce40 RSI: ffffffff883fd4d3 RDI: 0000000000000000 [ 64.078401][ C0] RBP: ffff88821af6f864 R08: 0000000000000001 R09: 0000000000000001 [ 64.086711][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 64.094693][ C0] R13: ffff88821af6f800 R14: ffff88821af6f864 R15: ffff888218694804 [ 64.102673][ C0] ? acpi_idle_do_entry+0x1e3/0x330 [ 64.107998][ C0] acpi_idle_do_entry+0x1e8/0x330 [ 64.113011][ C0] acpi_idle_enter+0x35a/0x550 [ 64.117763][ C0] cpuidle_enter_state+0x1ab/0xd20 [ 64.122859][ C0] ? tick_nohz_idle_stop_tick+0x5b6/0xbd0 [ 64.128619][ C0] cpuidle_enter+0x4a/0xa0 [ 64.133025][ C0] do_idle+0x48e/0x730 [ 64.137168][ C0] ? arch_cpu_idle_exit+0x70/0x70 [ 64.142265][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe [ 64.148636][ C0] cpu_startup_entry+0x14/0x20 [ 64.153477][ C0] start_kernel+0x490/0x4b1 [ 64.158022][ C0] secondary_startup_64_no_verify+0xa6/0xab [ 64.163905][ C0] ================================================================================ [ 64.173174][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 64.179802][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.9.0-rc5-next-20200918-syzkaller #0 [ 64.188893][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.198932][ C0] Call Trace: [ 64.202416][ C0] [ 64.205264][ C0] dump_stack+0x198/0x1fb [ 64.209713][ C0] panic+0x382/0x7fb [ 64.213731][ C0] ? __warn_printk+0xf3/0xf3 [ 64.218311][ C0] ? secondary_startup_64_no_verify+0xa6/0xab [ 64.224372][ C0] ? ubsan_epilogue+0x3e/0x5a [ 64.229229][ C0] ? ubsan_epilogue+0x35/0x5a [ 64.234016][ C0] ubsan_epilogue+0x54/0x5a [ 64.238556][ C0] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 64.244699][ C0] ? vprintk_func+0x95/0x1e0 [ 64.249288][ C0] print_shortest_lock_dependencies.cold+0x11c/0x2e2 [ 64.256083][ C0] print_irq_inversion_bug.part.0+0x2c6/0x2ee [ 64.262139][ C0] mark_lock.cold+0x57/0x74 [ 64.266780][ C0] ? lock_chain_count+0x20/0x20 [ 64.271671][ C0] ? lock_is_held_type+0xbb/0xf0 [ 64.276639][ C0] ? find_held_lock+0x2d/0x110 [ 64.281392][ C0] ? debug_object_activate+0x287/0x3e0 [ 64.286934][ C0] ? lock_downgrade+0x830/0x830 [ 64.291775][ C0] __lock_acquire+0x118a/0x56d0 [ 64.296659][ C0] ? lock_downgrade+0x830/0x830 [ 64.301544][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 64.307516][ C0] ? mark_lock+0xf7/0x2420 [ 64.311924][ C0] lock_acquire+0x1f2/0xaa0 [ 64.316506][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 64.322391][ C0] ? lock_release+0x890/0x890 [ 64.327059][ C0] ? find_held_lock+0x2d/0x110 [ 64.332038][ C0] ? loopback_jiffies_timer_function+0x188/0x220 [ 64.338400][ C0] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 64.343760][ C0] _raw_spin_lock_irqsave+0x94/0xd0 [ 64.348951][ C0] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 64.355086][ C0] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 64.360967][ C0] snd_pcm_period_elapsed+0x24/0x250 [ 64.366237][ C0] loopback_jiffies_timer_function+0x1a8/0x220 [ 64.372638][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 64.379178][ C0] call_timer_fn+0x1a5/0x6b0 [ 64.383890][ C0] ? add_timer_on+0x4a0/0x4a0 [ 64.388693][ C0] ? lock_downgrade+0x830/0x830 [ 64.393576][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 64.398767][ C0] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 64.405346][ C0] __run_timers.part.0+0x67c/0xa50 [ 64.410575][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 64.415385][ C0] ? lapic_next_event+0x4d/0x80 [ 64.420228][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 64.425636][ C0] ? sched_clock+0x2a/0x40 [ 64.430043][ C0] ? sched_clock_cpu+0x18/0x1f0 [ 64.435010][ C0] ? hrtimer_interrupt+0x6f4/0x940 [ 64.440180][ C0] run_timer_softirq+0xb3/0x1d0 [ 64.445026][ C0] __do_softirq+0x203/0xab6 [ 64.449582][ C0] asm_call_on_stack+0xf/0x20 [ 64.454319][ C0] [ 64.457289][ C0] do_softirq_own_stack+0x9d/0xd0 [ 64.462309][ C0] irq_exit_rcu+0x235/0x280 [ 64.466810][ C0] sysvec_apic_timer_interrupt+0x51/0xf0 [ 64.472552][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 64.478529][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 64.483947][ C0] Code: 89 ef e8 a5 99 76 f9 e9 86 fe ff ff 48 89 df e8 98 99 76 f9 e9 7b ff ff ff cc cc cc e9 07 00 00 00 0f 00 2d c4 14 49 00 fb f4 90 e9 07 00 00 00 0f 00 2d b4 14 49 00 f4 c3 cc cc 55 53 e8 09 [ 64.503770][ C0] RSP: 0018:ffffffff8a007d48 EFLAGS: 00000293 [ 64.509883][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff171e639 [ 64.517973][ C0] RDX: ffffffff8a09ce40 RSI: ffffffff883fd4d3 RDI: 0000000000000000 [ 64.526021][ C0] RBP: ffff88821af6f864 R08: 0000000000000001 R09: 0000000000000001 [ 64.534325][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 64.542286][ C0] R13: ffff88821af6f800 R14: ffff88821af6f864 R15: ffff888218694804 [ 64.550297][ C0] ? acpi_idle_do_entry+0x1e3/0x330 [ 64.555570][ C0] acpi_idle_do_entry+0x1e8/0x330 [ 64.560583][ C0] acpi_idle_enter+0x35a/0x550 [ 64.565566][ C0] cpuidle_enter_state+0x1ab/0xd20 [ 64.570824][ C0] ? tick_nohz_idle_stop_tick+0x5b6/0xbd0 [ 64.576727][ C0] cpuidle_enter+0x4a/0xa0 [ 64.581133][ C0] do_idle+0x48e/0x730 [ 64.585188][ C0] ? arch_cpu_idle_exit+0x70/0x70 [ 64.590334][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe [ 64.596561][ C0] cpu_startup_entry+0x14/0x20 [ 64.601444][ C0] start_kernel+0x490/0x4b1 [ 64.605938][ C0] secondary_startup_64_no_verify+0xa6/0xab [ 64.613372][ C0] Kernel Offset: disabled [ 64.617777][ C0] Rebooting in 86400 seconds..