======================================================== WARNING: possible irq lock inversion dependency detected 5.9.0-rc2-syzkaller #0 Not tainted -------------------------------------------------------- syz-executor.4/6956 just changed the state of lock: ffff888217776d08 (&group->lock){..-.}-{2:2}, at: snd_pcm_period_elapsed+0x15/0xb0 sound/core/pcm_lib.c:1799 but this lock took another, SOFTIRQ-READ-unsafe lock in the past: (&card->ctl_files_rwlock){.+.+}-{2:2} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&card->ctl_files_rwlock); local_irq_disable(); lock(&group->lock); lock(&card->ctl_files_rwlock); lock(&group->lock); *** DEADLOCK *** 3 locks held by syz-executor.4/6956: #0: ffffffff845329a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff845329a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 #1: ffffffff842f5dc0 (rcu_read_lock){....}-{1:2}, at: mutex_spin_on_owner+0x0/0x170 kernel/locking/mutex.c:423 #2: ffffc90000d08ea8 ((&dpcm->timer)){+.-.}-{0:0}, at: call_timer_fn+0x0/0x330 kernel/time/timer.c:1110 the shortest dependencies between 2nd lock and 1st lock: -> (&card->ctl_files_rwlock){.+.+}-{2:2} { HARDIRQ-ON-R at: lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 snd_ctl_notify+0x5e/0x200 sound/core/control.c:153 __snd_ctl_add_replace+0x1ca/0x230 sound/core/control.c:382 snd_ctl_add_replace+0x3d/0x80 sound/core/control.c:399 snd_card_dummy_new_mixer sound/drivers/dummy.c:885 [inline] snd_dummy_probe+0x302/0x440 sound/drivers/dummy.c:1080 platform_drv_probe+0x2d/0x70 drivers/base/platform.c:747 really_probe+0x29e/0x2e0 drivers/base/dd.c:557 driver_probe_device+0x49/0xa0 drivers/base/dd.c:738 bus_for_each_drv+0x74/0xc0 drivers/base/bus.c:431 __device_attach+0xdd/0x140 drivers/base/dd.c:912 bus_probe_device+0x94/0xb0 drivers/base/bus.c:491 device_add+0x40a/0x780 drivers/base/core.c:2930 platform_device_add+0x106/0x1f0 drivers/base/platform.c:597 platform_device_register_full+0xc2/0x120 drivers/base/platform.c:720 platform_device_register_resndata include/linux/platform_device.h:131 [inline] platform_device_register_simple include/linux/platform_device.h:160 [inline] alsa_card_dummy_init+0xc9/0x128 sound/drivers/dummy.c:1168 do_one_initcall+0x5e/0x36f init/main.c:1204 do_initcall_level init/main.c:1277 [inline] do_initcalls init/main.c:1293 [inline] do_basic_setup init/main.c:1313 [inline] kernel_init_freeable+0x24d/0x292 init/main.c:1512 kernel_init+0x5/0xfa init/main.c:1402 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 SOFTIRQ-ON-R at: lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 snd_ctl_notify+0x5e/0x200 sound/core/control.c:153 __snd_ctl_add_replace+0x1ca/0x230 sound/core/control.c:382 snd_ctl_add_replace+0x3d/0x80 sound/core/control.c:399 snd_card_dummy_new_mixer sound/drivers/dummy.c:885 [inline] snd_dummy_probe+0x302/0x440 sound/drivers/dummy.c:1080 platform_drv_probe+0x2d/0x70 drivers/base/platform.c:747 really_probe+0x29e/0x2e0 drivers/base/dd.c:557 driver_probe_device+0x49/0xa0 drivers/base/dd.c:738 bus_for_each_drv+0x74/0xc0 drivers/base/bus.c:431 __device_attach+0xdd/0x140 drivers/base/dd.c:912 bus_probe_device+0x94/0xb0 drivers/base/bus.c:491 device_add+0x40a/0x780 drivers/base/core.c:2930 platform_device_add+0x106/0x1f0 drivers/base/platform.c:597 platform_device_register_full+0xc2/0x120 drivers/base/platform.c:720 platform_device_register_resndata include/linux/platform_device.h:131 [inline] platform_device_register_simple include/linux/platform_device.h:160 [inline] alsa_card_dummy_init+0xc9/0x128 sound/drivers/dummy.c:1168 do_one_initcall+0x5e/0x36f init/main.c:1204 do_initcall_level init/main.c:1277 [inline] do_initcalls init/main.c:1293 [inline] do_basic_setup init/main.c:1313 [inline] kernel_init_freeable+0x24d/0x292 init/main.c:1512 kernel_init+0x5/0xfa init/main.c:1402 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INITIAL USE at: lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 snd_ctl_notify+0x5e/0x200 sound/core/control.c:153 __snd_ctl_add_replace+0x1ca/0x230 sound/core/control.c:382 snd_ctl_add_replace+0x3d/0x80 sound/core/control.c:399 snd_card_dummy_new_mixer sound/drivers/dummy.c:885 [inline] snd_dummy_probe+0x302/0x440 sound/drivers/dummy.c:1080 platform_drv_probe+0x2d/0x70 drivers/base/platform.c:747 really_probe+0x29e/0x2e0 drivers/base/dd.c:557 driver_probe_device+0x49/0xa0 drivers/base/dd.c:738 bus_for_each_drv+0x74/0xc0 drivers/base/bus.c:431 __device_attach+0xdd/0x140 drivers/base/dd.c:912 bus_probe_device+0x94/0xb0 drivers/base/bus.c:491 device_add+0x40a/0x780 drivers/base/core.c:2930 platform_device_add+0x106/0x1f0 drivers/base/platform.c:597 platform_device_register_full+0xc2/0x120 drivers/base/platform.c:720 platform_device_register_resndata include/linux/platform_device.h:131 [inline] platform_device_register_simple include/linux/platform_device.h:160 [inline] alsa_card_dummy_init+0xc9/0x128 sound/drivers/dummy.c:1168 do_one_initcall+0x5e/0x36f init/main.c:1204 do_initcall_level init/main.c:1277 [inline] do_initcalls init/main.c:1293 [inline] do_basic_setup init/main.c:1313 [inline] kernel_init_freeable+0x24d/0x292 init/main.c:1512 kernel_init+0x5/0xfa init/main.c:1402 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 } ... key at: [] __key.32276+0x0/0x10 ... acquired at: __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 snd_ctl_notify+0x5e/0x200 sound/core/control.c:153 loopback_check_format sound/drivers/aloop.c:358 [inline] loopback_trigger+0x250/0x300 sound/drivers/aloop.c:387 snd_pcm_action_single+0x25/0x70 sound/core/pcm_native.c:1207 __snd_pcm_lib_xfer+0x3f3/0x7d9 sound/core/pcm_lib.c:2247 snd_pcm_oss_write3+0x60/0xd0 sound/core/oss/pcm_oss.c:1221 snd_pcm_plug_write_transfer+0xed/0x140 sound/core/oss/pcm_plugin.c:624 snd_pcm_oss_write2+0xc1/0x140 sound/core/oss/pcm_oss.c:1353 snd_pcm_oss_write1 sound/core/oss/pcm_oss.c:1419 [inline] snd_pcm_oss_write+0x19d/0x2d0 sound/core/oss/pcm_oss.c:2765 vfs_write+0xc7/0x230 fs/read_write.c:576 ksys_write+0x5a/0xd0 fs/read_write.c:631 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> (&group->lock){..-.}-{2:2} { IN-SOFTIRQ-W at: lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x58/0x80 kernel/locking/spinlock.c:159 snd_pcm_period_elapsed+0x15/0xb0 sound/core/pcm_lib.c:1799 call_timer_fn+0xa7/0x330 kernel/time/timer.c:1413 expire_timers kernel/time/timer.c:1458 [inline] __run_timers kernel/time/timer.c:1755 [inline] run_timer_softirq+0x20d/0x580 kernel/time/timer.c:1768 __do_softirq+0xee/0x55a kernel/softirq.c:298 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0x73/0x90 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0xea/0x110 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x57/0xe0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 rep_nop arch/x86/include/asm/vdso/processor.h:13 [inline] cpu_relax arch/x86/include/asm/vdso/processor.h:18 [inline] mutex_spin_on_owner+0xf7/0x170 kernel/locking/mutex.c:579 mutex_optimistic_spin kernel/locking/mutex.c:673 [inline] __mutex_lock_common kernel/locking/mutex.c:959 [inline] __mutex_lock+0x3d9/0x9f0 kernel/locking/mutex.c:1103 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto net/socket.c:2000 [inline] __x64_sys_sendto+0x1f/0x30 net/socket.c:2000 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 INITIAL USE at: lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline] _raw_spin_lock_irq+0x59/0x70 kernel/locking/spinlock.c:167 snd_pcm_hw_params+0x42/0x770 sound/core/pcm_native.c:672 snd_pcm_oss_change_params_locked+0x5fd/0xce0 sound/core/oss/pcm_oss.c:941 snd_pcm_oss_change_params+0x2c/0x60 sound/core/oss/pcm_oss.c:1084 snd_pcm_oss_make_ready+0x2d/0x80 sound/core/oss/pcm_oss.c:1143 snd_pcm_oss_sync.isra.34+0x93/0x260 sound/core/oss/pcm_oss.c:1708 snd_pcm_oss_release+0xa8/0xb0 sound/core/oss/pcm_oss.c:2546 __fput+0xaa/0x250 fs/file_table.c:281 task_work_run+0x68/0xb0 kernel/task_work.c:141 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:140 [inline] exit_to_user_mode_prepare+0x219/0x220 kernel/entry/common.c:167 syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:242 entry_SYSCALL_64_after_hwframe+0x44/0xa9 } ... key at: [] __key.50406+0x0/0x10 ... acquired at: mark_lock_irq kernel/locking/lockdep.c:3579 [inline] mark_lock+0x1a0/0x2d0 kernel/locking/lockdep.c:4006 mark_usage kernel/locking/lockdep.c:3905 [inline] __lock_acquire+0x80b/0x16e0 kernel/locking/lockdep.c:4380 lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x58/0x80 kernel/locking/spinlock.c:159 snd_pcm_period_elapsed+0x15/0xb0 sound/core/pcm_lib.c:1799 call_timer_fn+0xa7/0x330 kernel/time/timer.c:1413 expire_timers kernel/time/timer.c:1458 [inline] __run_timers kernel/time/timer.c:1755 [inline] run_timer_softirq+0x20d/0x580 kernel/time/timer.c:1768 __do_softirq+0xee/0x55a kernel/softirq.c:298 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0x73/0x90 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0xea/0x110 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x57/0xe0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 rep_nop arch/x86/include/asm/vdso/processor.h:13 [inline] cpu_relax arch/x86/include/asm/vdso/processor.h:18 [inline] mutex_spin_on_owner+0xf7/0x170 kernel/locking/mutex.c:579 mutex_optimistic_spin kernel/locking/mutex.c:673 [inline] __mutex_lock_common kernel/locking/mutex.c:959 [inline] __mutex_lock+0x3d9/0x9f0 kernel/locking/mutex.c:1103 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto net/socket.c:2000 [inline] __x64_sys_sendto+0x1f/0x30 net/socket.c:2000 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 stack backtrace: CPU: 1 PID: 6956 Comm: syz-executor.4 Not tainted 5.9.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xa3/0xcc lib/dump_stack.c:118 print_irq_inversion_bug kernel/locking/lockdep.c:3429 [inline] check_usage_forwards.cold.65+0x20/0x29 kernel/locking/lockdep.c:3453 mark_lock_irq kernel/locking/lockdep.c:3579 [inline] mark_lock+0x1a0/0x2d0 kernel/locking/lockdep.c:4006 mark_usage kernel/locking/lockdep.c:3905 [inline] __lock_acquire+0x80b/0x16e0 kernel/locking/lockdep.c:4380 lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x58/0x80 kernel/locking/spinlock.c:159 snd_pcm_period_elapsed+0x15/0xb0 sound/core/pcm_lib.c:1799 call_timer_fn+0xa7/0x330 kernel/time/timer.c:1413 expire_timers kernel/time/timer.c:1458 [inline] __run_timers kernel/time/timer.c:1755 [inline] run_timer_softirq+0x20d/0x580 kernel/time/timer.c:1768 __do_softirq+0xee/0x55a kernel/softirq.c:298 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0x73/0x90 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0xea/0x110 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x57/0xe0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 RIP: 0010:rep_nop arch/x86/include/asm/vdso/processor.h:13 [inline] RIP: 0010:cpu_relax arch/x86/include/asm/vdso/processor.h:18 [inline] RIP: 0010:mutex_spin_on_owner+0xf7/0x170 kernel/locking/mutex.c:579 Code: 22 81 48 c7 c7 c0 5d 2f 84 e8 75 7f 00 00 48 8d 65 e0 89 d8 5b 41 5c 41 5d 41 5e 5d c3 4d 85 e4 74 0d 4d 3b 66 50 75 ba f3 90 57 ff ff ff 49 8b 06 a8 01 74 f2 eb aa e8 e6 d0 02 00 84 c0 0f RSP: 0018:ffffc90000e97b70 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff888121b763c0 RCX: ffffffff8122dc40 RDX: 0000000000000001 RSI: ffffffff8401c9d1 RDI: 0000000000000000 RBP: ffffc90000e97b90 R08: 0000000000000028 R09: 0000000000000001 R10: ffff8881218a8680 R11: cb417b02b3c995b6 R12: 0000000000000000 R13: 0000000000000000 R14: ffffffff84532940 R15: ffffffff828913fa mutex_optimistic_spin kernel/locking/mutex.c:673 [inline] __mutex_lock_common kernel/locking/mutex.c:959 [inline] __mutex_lock+0x3d9/0x9f0 kernel/locking/mutex.c:1103 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 __sys_sendto+0xec/0x160 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto net/socket.c:2000 [inline] __x64_sys_sendto+0x1f/0x30 net/socket.c:2000 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x417087 Code: 2c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 81 19 00 00 c3 48 83 ec 08 e8 87 fa ff ff 48 89 04 24 49 89 ca b8 2c 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 cd fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007ffede1fe2f0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00000000016a3700 RCX: 0000000000417087 RDX: 000000000000002c RSI: 00000000016a3750 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007ffede1fe300 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000000000 R14: 00000000016a3750 R15: 0000000000000003