============================================ WARNING: possible recursive locking detected 4.13.0-mm1+ #7 Not tainted -------------------------------------------- syz-executor7/8995 is trying to acquire lock: (&grp->list_mutex){++++}, at: [] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:666 [inline] (&grp->list_mutex){++++}, at: [] snd_seq_deliver_event+0x279/0x790 sound/core/seq/seq_clientmgr.c:807 but task is already holding lock: (&grp->list_mutex){++++}, at: [] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:666 [inline] (&grp->list_mutex){++++}, at: [] snd_seq_deliver_event+0x279/0x790 sound/core/seq/seq_clientmgr.c:807 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&grp->list_mutex); lock(&grp->list_mutex); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by syz-executor7/8995: #0: (register_mutex#4){+.+.}, at: [] odev_release+0x4a/0x70 sound/core/seq/oss/seq_oss.c:152 #1: (&grp->list_mutex){++++}, at: [] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:666 [inline] #1: (&grp->list_mutex){++++}, at: [] snd_seq_deliver_event+0x279/0x790 sound/core/seq/seq_clientmgr.c:807 stack backtrace: CPU: 0 PID: 8995 Comm: syz-executor7 Not tainted 4.13.0-mm1+ #7 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 print_deadlock_bug kernel/locking/lockdep.c:1797 [inline] check_deadlock kernel/locking/lockdep.c:1844 [inline] validate_chain kernel/locking/lockdep.c:2453 [inline] __lock_acquire+0x1232/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 down_read+0x96/0x150 kernel/locking/rwsem.c:23 deliver_to_subscribers sound/core/seq/seq_clientmgr.c:666 [inline] snd_seq_deliver_event+0x279/0x790 sound/core/seq/seq_clientmgr.c:807 snd_seq_kernel_client_dispatch+0x11e/0x150 sound/core/seq/seq_clientmgr.c:2309 dummy_input+0x2c4/0x400 sound/core/seq/seq_dummy.c:104 snd_seq_deliver_single_event.constprop.11+0x2fb/0x940 sound/core/seq/seq_clientmgr.c:621 deliver_to_subscribers sound/core/seq/seq_clientmgr.c:676 [inline] snd_seq_deliver_event+0x318/0x790 sound/core/seq/seq_clientmgr.c:807 snd_seq_kernel_client_dispatch+0x11e/0x150 sound/core/seq/seq_clientmgr.c:2309 dummy_input+0x2c4/0x400 sound/core/seq/seq_dummy.c:104 snd_seq_deliver_single_event.constprop.11+0x2fb/0x940 sound/core/seq/seq_clientmgr.c:621 snd_seq_deliver_event+0x12c/0x790 sound/core/seq/seq_clientmgr.c:818 snd_seq_kernel_client_dispatch+0x11e/0x150 sound/core/seq/seq_clientmgr.c:2309 snd_seq_oss_dispatch sound/core/seq/oss/seq_oss_device.h:150 [inline] snd_seq_oss_midi_reset+0x5ea/0x700 sound/core/seq/oss/seq_oss_midi.c:475 snd_seq_oss_reset+0x130/0x260 sound/core/seq/oss/seq_oss_init.c:453 snd_seq_oss_release+0x71/0x120 sound/core/seq/oss/seq_oss_init.c:425 odev_release+0x52/0x70 sound/core/seq/oss/seq_oss.c:153 __fput+0x333/0x7f0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:112 exit_task_work include/linux/task_work.h:21 [inline] do_exit+0xa52/0x1b40 kernel/exit.c:865 do_group_exit+0x149/0x400 kernel/exit.c:968 get_signal+0x7e8/0x17e0 kernel/signal.c:2334 do_signal+0x94/0x1ee0 arch/x86/kernel/signal.c:808 exit_to_usermode_loop+0x224/0x300 arch/x86/entry/common.c:158 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath+0x42f/0x500 arch/x86/entry/common.c:266 entry_SYSCALL_64_fastpath+0xbc/0xbe RIP: 0033:0x451e59 RSP: 002b:00007f50df4c9cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 0000000000718028 RCX: 0000000000451e59 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000718028 RBP: 0000000000718000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000a6f7ef R14: 00007f50df4ca9c0 R15: 0000000000000000 sock: sock_set_timeout: `syz-executor2' (pid 9024) tries to set negative timeout audit: type=1326 audit(1505634136.469:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9201 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000 audit: type=1326 audit(1505634136.564:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9201 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000 loop_reread_partitions: partition scan of loop0 (t?`JzP[ p>TK6C="L l!V #F-') failed (rc=-13) device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. audit: type=1326 audit(1505634137.452:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9426 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000 audit: type=1326 audit(1505634137.480:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9425 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000 QAT: Invalid ioctl audit: type=1326 audit(1505634137.595:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9426 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54588 sclass=netlink_route_socket pig=9573 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54588 sclass=netlink_route_socket pig=9578 comm=syz-executor0 netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pig=9642 comm=syz-executor6 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9 sclass=netlink_route_socket pig=9642 comm=syz-executor6 Disabled LAPIC found during irq injection *** Guest State *** CR0: actual=0x0000000080000031, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002051, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x00000000fffbc000 RSP = 0x000000000000fffa RIP = 0x0000000000000000 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=3131 sclass=netlink_xfrm_socket pig=9794 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=3131 sclass=netlink_xfrm_socket pig=9794 comm=syz-executor3 RFLAGS=0x00023000 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 DS: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x000f3, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x00002088, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811b8bff RSP = 0xffff8801ca8974c8 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f50df4a4700 GSBase=ffff8801db200000 TRBase=ffff8801db323100 GDTBase=ffffffffff576000 IDTBase=ffffffffff57b000 CR0=0000000080050033 CR3=00000001c3df5000 CR4=00000000001426f0 Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d450b0 EFER = 0x0000000000000d01 PAT = 0x0000000000000000 *** Control State *** PinBased=0000003f CPUBased=b699edfa SecondaryExec=00000042 EntryControls=0000d1ff ExitControls=0023efff ExceptionBitmap=ffffbfff PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffffccac934bfa EPT pointer = 0x00000001c362801e netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor7'. audit: type=1326 audit(1505634138.859:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9829 comm="syz-executor0" exe="/root/syz-executor0" sig=9 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0x0 audit: type=1326 audit(1505634138.971:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=9829 comm="syz-executor0" exe="/root/syz-executor0" sig=9 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0x0 kvm [9935]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008f netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. kvm [9935]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008e kvm [9935]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008d netlink: 5 bytes leftover after parsing attributes in process `syz-executor1'. kvm [9935]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008c kvm [9935]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008b kvm [9935]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008a kvm [9935]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008f kvm [9935]: vcpu0, guest rIP: 0x9135 Hyper-V unhandled rdmsr: 0x4000008e netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'. device gre0 entered promiscuous mode dccp_close: ABORT with 397 bytes unread