bisecting cause commit starting from 6498f6151825f1e5aac5543fa9ea4ea218dcbe8c building syzkaller on 4d1b57d4d1aa7f8938163f8debd9293c062482b0 testing commit 6498f6151825f1e5aac5543fa9ea4ea218dcbe8c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: fbac392832c5b44b946990930fafd6b95243e7de3fe4e6a8a04d73b6dba967b7 all runs: crashed: possible deadlock in snd_hrtimer_callback testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: eaab50170f966c8b3eb39852b91e95d9bc7e454d96827a490e5a435720d1ffbe all runs: crashed: possible deadlock in snd_hrtimer_callback testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: a2c67d0aa4cd9031fb2dccc0e9429d13c38be324308c26aa1ef6b084265ddb79 all runs: crashed: possible deadlock in snd_hrtimer_callback testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 760afc9eb3d03287b34ea942b7a411382f5645571be3e022de43df2d69784b74 all runs: crashed: possible deadlock in snd_hrtimer_callback testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: ed87a01106570e960457a093defc61da2463f8df499a22d92a19e05b34bca040 all runs: crashed: possible deadlock in snd_hrtimer_callback testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: a6ff38e82dd9e7b72f8594f21d4456e9f130fed2d0baffe8f9a1ac831a8846b8 all runs: OK # git bisect start 2c85ebc57b3e1817b6ce1a6b703928e113a90442 bbf5c979011a099af5dc76498918ed7df445635b Bisecting: 9594 revisions left to test after this (roughly 13 steps) [4d0e9df5e43dba52d38b251e3b909df8fa1110be] lib, uaccess: add failure injection to usercopy functions testing commit 4d0e9df5e43dba52d38b251e3b909df8fa1110be compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 5454da860502d12a286f26576eeceec856e4672225f87777125a71c8b4e675b4 all runs: crashed: possible deadlock in snd_hrtimer_callback # git bisect bad 4d0e9df5e43dba52d38b251e3b909df8fa1110be Bisecting: 3935 revisions left to test after this (roughly 12 steps) [f888bdf9823c85fe945c4eb3ba353f749dec3856] Merge tag 'devicetree-for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux testing commit f888bdf9823c85fe945c4eb3ba353f749dec3856 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 20e9bde79b81dbc5b5a1bf31887d13af24c167aeba9a51b2037ae842396bf713 all runs: crashed: possible deadlock in snd_hrtimer_callback # git bisect bad f888bdf9823c85fe945c4eb3ba353f749dec3856 Bisecting: 1997 revisions left to test after this (roughly 11 steps) [57218d7f2e87069f73c7a841b6ed6c1cc7acf616] Merge tag 'regmap-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap testing commit 57218d7f2e87069f73c7a841b6ed6c1cc7acf616 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 460e78890dab6d1cad78ef0e0165c1897f9eabc964174723134af0335a3cc8f3 all runs: crashed: possible deadlock in snd_hrtimer_callback # git bisect bad 57218d7f2e87069f73c7a841b6ed6c1cc7acf616 Bisecting: 873 revisions left to test after this (roughly 10 steps) [39a5101f989e8d2be557136704d53990f9b402c8] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 testing commit 39a5101f989e8d2be557136704d53990f9b402c8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: d3bc66f8aaa490da9542f4f0e796bef91406af9ee61cb600fec86d71af5cef45 all runs: crashed: possible deadlock in snd_hrtimer_callback # git bisect bad 39a5101f989e8d2be557136704d53990f9b402c8 Bisecting: 521 revisions left to test after this (roughly 9 steps) [ed016af52ee3035b4799ebd7d53f9ae59d5782c4] Merge tag 'locking-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit ed016af52ee3035b4799ebd7d53f9ae59d5782c4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 2ac0aad75988ceb029648dce27de1f5b577824c80d69f2548e2fc71d1bfdab49 all runs: crashed: possible deadlock in snd_hrtimer_callback # git bisect bad ed016af52ee3035b4799ebd7d53f9ae59d5782c4 Bisecting: 274 revisions left to test after this (roughly 8 steps) [f94ab231136c53ee26b1ddda76b29218018834ff] Merge tag 'x86_cleanups_for_v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit f94ab231136c53ee26b1ddda76b29218018834ff compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 976a55abfa3b042f08f95eeb534baf4e52008c85015774181a5ec81848ad2ab1 all runs: OK # git bisect good f94ab231136c53ee26b1ddda76b29218018834ff Bisecting: 125 revisions left to test after this (roughly 7 steps) [cc7343724eb77ce0752b1097a275f22f6fe47057] Merge tag 'x86-irq-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit cc7343724eb77ce0752b1097a275f22f6fe47057 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: d63f0854b20007d1259ba0da16004b103cef1739045675f33a05f19680178202 all runs: OK # git bisect good cc7343724eb77ce0752b1097a275f22f6fe47057 Bisecting: 61 revisions left to test after this (roughly 6 steps) [d6c4c11348816fb4d16e33bf47d559d7aa59350a] Merge branch 'kcsan' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into locking/core testing commit d6c4c11348816fb4d16e33bf47d559d7aa59350a compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 8da25fc691fdd705c93925e3bb9109804eff3a523b90e7b897effc0d0a38aefc all runs: crashed: possible deadlock in snd_hrtimer_callback # git bisect bad d6c4c11348816fb4d16e33bf47d559d7aa59350a Bisecting: 31 revisions left to test after this (roughly 5 steps) [6dd699b13d53f26a7603702d8bada3482312df74] seqlock: seqcount_LOCKNAME_t: Standardize naming convention testing commit 6dd699b13d53f26a7603702d8bada3482312df74 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 91c5e098a023e8fb743d76a6c6511f5ef5ac8a6f3153180cb3d12fcd12672a62 all runs: crashed: possible deadlock in snd_hrtimer_callback # git bisect bad 6dd699b13d53f26a7603702d8bada3482312df74 Bisecting: 15 revisions left to test after this (roughly 4 steps) [621c9dac0eea7607cb9a57cc9ba47fbcd4e644c9] lockdep: Add recursive read locks into dependency graph testing commit 621c9dac0eea7607cb9a57cc9ba47fbcd4e644c9 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: d5f7979fa2854b5bcce6e29e4eb8bccb72a2f6ac7febd430db66ce8be495f3e7 all runs: crashed: possible deadlock in snd_hrtimer_callback # git bisect bad 621c9dac0eea7607cb9a57cc9ba47fbcd4e644c9 Bisecting: 7 revisions left to test after this (roughly 3 steps) [d563bc6ead9e79be37067d58509a605b67378184] lockdep: Make __bfs() visit every dependency until a match testing commit d563bc6ead9e79be37067d58509a605b67378184 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 1a71d2552ede95bcc8be3309f1bb97782a46ea0136bea27538ace6427f891b79 run #0: crashed: possible deadlock in snd_hrtimer_callback run #1: crashed: possible deadlock in snd_hrtimer_callback run #2: crashed: possible deadlock in snd_hrtimer_callback run #3: crashed: possible deadlock in snd_hrtimer_callback run #4: crashed: possible deadlock in snd_hrtimer_callback run #5: crashed: possible deadlock in snd_hrtimer_callback run #6: crashed: possible deadlock in snd_hrtimer_callback run #7: crashed: possible deadlock in snd_hrtimer_callback run #8: OK run #9: OK # git bisect bad d563bc6ead9e79be37067d58509a605b67378184 Bisecting: 3 revisions left to test after this (roughly 2 steps) [92b4e9f11a636d1723cc0866bf8b9111b1e24339] Documentation/locking/locktypes: Fix local_locks documentation testing commit 92b4e9f11a636d1723cc0866bf8b9111b1e24339 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 2f05c78a9b8edf072b34ae8555cb3624a73dc3231425673ae99c53fa1ab980d0 all runs: OK # git bisect good 92b4e9f11a636d1723cc0866bf8b9111b1e24339 Bisecting: 1 revision left to test after this (roughly 1 step) [224ec489d3cdb0af6794e257eeee39d98dc9c5b2] lockdep/Documention: Recursive read lock detection reasoning testing commit 224ec489d3cdb0af6794e257eeee39d98dc9c5b2 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 182424f3f933a02eb6fd43063db8fda592d00834bf604d926293d320457c34b7 run #0: crashed: possible deadlock in snd_hrtimer_callback run #1: crashed: possible deadlock in snd_hrtimer_callback run #2: crashed: possible deadlock in snd_hrtimer_callback run #3: crashed: possible deadlock in snd_hrtimer_callback run #4: crashed: possible deadlock in snd_hrtimer_callback run #5: crashed: possible deadlock in snd_hrtimer_callback run #6: crashed: possible deadlock in snd_hrtimer_callback run #7: OK run #8: OK run #9: OK # git bisect bad 224ec489d3cdb0af6794e257eeee39d98dc9c5b2 Bisecting: 0 revisions left to test after this (roughly 0 steps) [e918188611f073063415f40fae568fa4d86d9044] locking: More accurate annotations for read_lock() testing commit e918188611f073063415f40fae568fa4d86d9044 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 182424f3f933a02eb6fd43063db8fda592d00834bf604d926293d320457c34b7 run #0: crashed: possible deadlock in snd_hrtimer_callback run #1: crashed: possible deadlock in snd_hrtimer_callback run #2: crashed: possible deadlock in snd_hrtimer_callback run #3: crashed: possible deadlock in snd_hrtimer_callback run #4: crashed: possible deadlock in snd_hrtimer_callback run #5: crashed: possible deadlock in snd_hrtimer_callback run #6: crashed: possible deadlock in snd_hrtimer_callback run #7: OK run #8: OK run #9: OK # git bisect bad e918188611f073063415f40fae568fa4d86d9044 e918188611f073063415f40fae568fa4d86d9044 is the first bad commit commit e918188611f073063415f40fae568fa4d86d9044 Author: Boqun Feng Date: Fri Aug 7 15:42:20 2020 +0800 locking: More accurate annotations for read_lock() On the archs using QUEUED_RWLOCKS, read_lock() is not always a recursive read lock, actually it's only recursive if in_interrupt() is true. So change the annotation accordingly to catch more deadlocks. Note we used to treat read_lock() as pure recursive read locks in lib/locking-seftest.c, and this is useful, especially for the lockdep development selftest, so we keep this via a variable to force switching lock annotation for read_lock(). Signed-off-by: Boqun Feng Signed-off-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/20200807074238.1632519-2-boqun.feng@gmail.com include/linux/lockdep.h | 23 ++++++++++++++++++++++- kernel/locking/lockdep.c | 14 ++++++++++++++ lib/locking-selftest.c | 11 +++++++++++ 3 files changed, 47 insertions(+), 1 deletion(-) culprit signature: 182424f3f933a02eb6fd43063db8fda592d00834bf604d926293d320457c34b7 parent signature: 2f05c78a9b8edf072b34ae8555cb3624a73dc3231425673ae99c53fa1ab980d0 revisions tested: 20, total time: 3h50m43.686970769s (build: 2h2m45.122240627s, test: 1h45m34.627423765s) first bad commit: e918188611f073063415f40fae568fa4d86d9044 locking: More accurate annotations for read_lock() recipients (to): ["boqun.feng@gmail.com" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "peterz@infradead.org" "peterz@infradead.org" "will@kernel.org"] recipients (cc): [] crash: possible deadlock in snd_hrtimer_callback ======================================================== WARNING: possible irq lock inversion dependency detected 5.9.0-rc2-syzkaller #0 Not tainted -------------------------------------------------------- kworker/u4:5/226 just changed the state of lock: ffff8880a393dd48 (&timer->lock){-.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline] ffff8880a393dd48 (&timer->lock){-.-.}-{2:2}, at: snd_hrtimer_callback+0x4a/0x380 sound/core/hrtimer.c:38 but this lock took another, SOFTIRQ-READ-unsafe lock in the past: (&f->f_owner.lock){.+.+}-{2:2} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Chain exists of: &timer->lock --> &new->fa_lock --> &f->f_owner.lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&f->f_owner.lock); local_irq_disable(); lock(&timer->lock); lock(&new->fa_lock); lock(&timer->lock); *** DEADLOCK *** 5 locks held by kworker/u4:5/226: #0: ffff8880ae194138 ((wq_completion)wg-kex-wg1#5){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880ae194138 ((wq_completion)wg-kex-wg1#5){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff8880ae194138 ((wq_completion)wg-kex-wg1#5){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff8880ae194138 ((wq_completion)wg-kex-wg1#5){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff8880ae194138 ((wq_completion)wg-kex-wg1#5){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff8880ae194138 ((wq_completion)wg-kex-wg1#5){+.+.}-{0:0}, at: process_one_work+0x7f5/0x1690 kernel/workqueue.c:2240 #1: ffffc9000192fe00 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x82a/0x1690 kernel/workqueue.c:2244 #2: ffffc90000d90db8 ((&idev->mc_dad_timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:35 [inline] #2: ffffc90000d90db8 ((&idev->mc_dad_timer)){+.-.}-{0:0}, at: call_timer_fn+0xd3/0x5b0 kernel/time/timer.c:1403 #3: ffffffff8a51c0c0 (rcu_read_lock){....}-{1:2}, at: read_pnet include/net/net_namespace.h:330 [inline] #3: ffffffff8a51c0c0 (rcu_read_lock){....}-{1:2}, at: dev_net include/linux/netdevice.h:2281 [inline] #3: ffffffff8a51c0c0 (rcu_read_lock){....}-{1:2}, at: mld_sendpack+0x16f/0xca0 net/ipv6/mcast.c:1646 #4: ffffffff8a51c0c0 (rcu_read_lock){....}-{1:2}, at: nf_hook.constprop.18+0x0/0x430 net/ipv6/mcast.c:2795 the shortest dependencies between 2nd lock and 1st lock: -> (&f->f_owner.lock){.+.+}-{2:2} { HARDIRQ-ON-R at: lock_acquire+0x188/0xac0 kernel/locking/lockdep.c:5020 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 f_getown+0x16/0xa0 fs/fcntl.c:152 do_fcntl+0x3e8/0xe50 fs/fcntl.c:380 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x11a/0x160 fs/fcntl.c:448 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 SOFTIRQ-ON-R at: lock_acquire+0x188/0xac0 kernel/locking/lockdep.c:5020 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 f_getown+0x16/0xa0 fs/fcntl.c:152 do_fcntl+0x3e8/0xe50 fs/fcntl.c:380 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x11a/0x160 fs/fcntl.c:448 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 INITIAL USE at: lock_acquire+0x188/0xac0 kernel/locking/lockdep.c:5020 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 f_getown+0x16/0xa0 fs/fcntl.c:152 do_fcntl+0x3e8/0xe50 fs/fcntl.c:380 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x11a/0x160 fs/fcntl.c:448 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 } ... key at: [] __key.50580+0x0/0x40 ... acquired at: __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 send_sigio+0x1f/0x2d0 fs/fcntl.c:786 kill_fasync_rcu fs/fcntl.c:1009 [inline] kill_fasync fs/fcntl.c:1023 [inline] kill_fasync+0x1e1/0x3a0 fs/fcntl.c:1016 snd_timer_user_ccallback+0x253/0x300 sound/core/timer.c:1387 snd_timer_notify1+0x117/0x330 sound/core/timer.c:516 snd_timer_start1+0x3ee/0x710 sound/core/timer.c:577 snd_timer_user_start+0xee/0x140 sound/core/timer.c:1985 __snd_timer_user_ioctl+0xc45/0x1db0 sound/core/timer.c:2108 snd_timer_user_ioctl+0x55/0x71 sound/core/timer.c:2129 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x120/0x190 fs/ioctl.c:739 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> (&new->fa_lock){....}-{2:2} { INITIAL USE at: lock_acquire+0x188/0xac0 kernel/locking/lockdep.c:5020 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 kill_fasync_rcu fs/fcntl.c:1002 [inline] kill_fasync fs/fcntl.c:1023 [inline] kill_fasync+0x14c/0x3a0 fs/fcntl.c:1016 snd_timer_user_ccallback+0x253/0x300 sound/core/timer.c:1387 snd_timer_notify1+0x117/0x330 sound/core/timer.c:516 snd_timer_start1+0x3ee/0x710 sound/core/timer.c:577 snd_timer_user_start+0xee/0x140 sound/core/timer.c:1985 __snd_timer_user_ioctl+0xc45/0x1db0 sound/core/timer.c:2108 snd_timer_user_ioctl+0x55/0x71 sound/core/timer.c:2129 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x120/0x190 fs/ioctl.c:739 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 } ... key at: [] __key.46457+0x0/0x40 ... acquired at: __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 kill_fasync_rcu fs/fcntl.c:1002 [inline] kill_fasync fs/fcntl.c:1023 [inline] kill_fasync+0x14c/0x3a0 fs/fcntl.c:1016 snd_timer_user_ccallback+0x253/0x300 sound/core/timer.c:1387 snd_timer_notify1+0x117/0x330 sound/core/timer.c:516 snd_timer_start1+0x3ee/0x710 sound/core/timer.c:577 snd_timer_user_start+0xee/0x140 sound/core/timer.c:1985 __snd_timer_user_ioctl+0xc45/0x1db0 sound/core/timer.c:2108 snd_timer_user_ioctl+0x55/0x71 sound/core/timer.c:2129 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x120/0x190 fs/ioctl.c:739 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> (&timer->lock){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0x188/0xac0 kernel/locking/lockdep.c:5020 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] snd_hrtimer_callback+0x4a/0x380 sound/core/hrtimer.c:38 __run_hrtimer kernel/time/hrtimer.c:1524 [inline] __hrtimer_run_queues+0x1da/0xaf0 kernel/time/hrtimer.c:1588 hrtimer_interrupt+0x314/0x800 kernel/time/hrtimer.c:1650 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline] __sysvec_apic_timer_interrupt+0x174/0x650 arch/x86/kernel/apic/apic.c:1097 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] sysvec_apic_timer_interrupt+0xb2/0xd0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] _raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:199 finish_lock_switch kernel/sched/core.c:3517 [inline] finish_task_switch+0x17c/0x800 kernel/sched/core.c:3617 context_switch kernel/sched/core.c:3781 [inline] __schedule+0xaff/0x2030 kernel/sched/core.c:4527 preempt_schedule_common+0x1a/0xc0 kernel/sched/core.c:4683 preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:40 try_to_wake_up+0xc08/0x1590 kernel/sched/core.c:2984 wake_up_process kernel/sched/core.c:3048 [inline] wake_up_q+0xb7/0x130 kernel/sched/core.c:596 futex_wake+0x312/0x490 kernel/futex.c:1621 do_futex+0x530/0x14d0 kernel/futex.c:3754 __do_sys_futex kernel/futex.c:3810 [inline] __se_sys_futex kernel/futex.c:3778 [inline] __x64_sys_futex+0x269/0x320 kernel/futex.c:3778 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 IN-SOFTIRQ-W at: lock_acquire+0x188/0xac0 kernel/locking/lockdep.c:5020 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] snd_hrtimer_callback+0x4a/0x380 sound/core/hrtimer.c:38 __run_hrtimer kernel/time/hrtimer.c:1524 [inline] __hrtimer_run_queues+0x1da/0xaf0 kernel/time/hrtimer.c:1588 hrtimer_interrupt+0x314/0x800 kernel/time/hrtimer.c:1650 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline] __sysvec_apic_timer_interrupt+0x174/0x650 arch/x86/kernel/apic/apic.c:1097 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:50 [inline] sysvec_apic_timer_interrupt+0x43/0xd0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 ipv6_get_l4proto net/netfilter/nf_conntrack_core.c:371 [inline] get_l4proto+0x2a6/0x4e0 net/netfilter/nf_conntrack_core.c:387 nf_conntrack_in+0x212/0x1090 net/netfilter/nf_conntrack_core.c:1813 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow+0xa9/0x170 net/netfilter/core.c:512 nf_hook.constprop.18+0x2d2/0x430 include/linux/netfilter.h:256 NF_HOOK include/linux/netfilter.h:299 [inline] mld_sendpack+0x614/0xca0 net/ipv6/mcast.c:1679 mld_send_initial_cr net/ipv6/mcast.c:2080 [inline] mld_dad_timer_expire+0x26/0x180 net/ipv6/mcast.c:2115 call_timer_fn+0x16f/0x5b0 kernel/time/timer.c:1413 expire_timers kernel/time/timer.c:1458 [inline] __run_timers kernel/time/timer.c:1755 [inline] run_timer_softirq+0x589/0x1170 kernel/time/timer.c:1768 __do_softirq+0x1d5/0xa45 kernel/softirq.c:298 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0xa4/0xd0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x132/0x150 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x48/0xd0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 wg_socket_send_buffer_to_peer+0x2/0x300 drivers/net/wireguard/socket.c:190 wg_packet_send_handshake_initiation+0x1bc/0x2d0 drivers/net/wireguard/send.c:40 wg_packet_handshake_send_worker+0x10/0x20 drivers/net/wireguard/send.c:51 process_one_work+0x8e9/0x1690 kernel/workqueue.c:2269 worker_thread+0x82/0xb50 kernel/workqueue.c:2415 kthread+0x36b/0x440 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INITIAL USE at: lock_acquire+0x188/0xac0 kernel/locking/lockdep.c:5020 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x33/0x50 kernel/locking/spinlock.c:159 snd_timer_notify sound/core/timer.c:1087 [inline] snd_timer_notify+0xcc/0x330 sound/core/timer.c:1074 snd_pcm_timer_notify sound/core/pcm_native.c:581 [inline] snd_pcm_post_stop+0x1a0/0x210 sound/core/pcm_native.c:1431 snd_pcm_action_single+0xc9/0x110 sound/core/pcm_native.c:1209 snd_pcm_stop sound/core/pcm_native.c:1455 [inline] snd_pcm_drop+0xfd/0x180 sound/core/pcm_native.c:2133 snd_pcm_oss_sync+0x1f0/0x7a0 sound/core/oss/pcm_oss.c:1711 snd_pcm_oss_release+0x1c4/0x240 sound/core/oss/pcm_oss.c:2546 __fput+0x1ff/0x830 fs/file_table.c:281 task_work_run+0xc2/0x160 kernel/task_work.c:141 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:140 [inline] exit_to_user_mode_prepare+0x1b6/0x1c0 kernel/entry/common.c:167 syscall_exit_to_user_mode+0x41/0x2a0 kernel/entry/common.c:242 entry_SYSCALL_64_after_hwframe+0x44/0xa9 } ... key at: [] __key.34689+0x0/0x40 ... acquired at: mark_lock_irq kernel/locking/lockdep.c:3579 [inline] mark_lock+0x7b5/0x1aa0 kernel/locking/lockdep.c:4006 mark_usage kernel/locking/lockdep.c:3905 [inline] __lock_acquire+0x1567/0x4fb0 kernel/locking/lockdep.c:4380 lock_acquire+0x188/0xac0 kernel/locking/lockdep.c:5020 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] snd_hrtimer_callback+0x4a/0x380 sound/core/hrtimer.c:38 __run_hrtimer kernel/time/hrtimer.c:1524 [inline] __hrtimer_run_queues+0x1da/0xaf0 kernel/time/hrtimer.c:1588 hrtimer_interrupt+0x314/0x800 kernel/time/hrtimer.c:1650 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline] __sysvec_apic_timer_interrupt+0x174/0x650 arch/x86/kernel/apic/apic.c:1097 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:50 [inline] sysvec_apic_timer_interrupt+0x43/0xd0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 ipv6_get_l4proto net/netfilter/nf_conntrack_core.c:371 [inline] get_l4proto+0x2a6/0x4e0 net/netfilter/nf_conntrack_core.c:387 nf_conntrack_in+0x212/0x1090 net/netfilter/nf_conntrack_core.c:1813 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow+0xa9/0x170 net/netfilter/core.c:512 nf_hook.constprop.18+0x2d2/0x430 include/linux/netfilter.h:256 NF_HOOK include/linux/netfilter.h:299 [inline] mld_sendpack+0x614/0xca0 net/ipv6/mcast.c:1679 mld_send_initial_cr net/ipv6/mcast.c:2080 [inline] mld_dad_timer_expire+0x26/0x180 net/ipv6/mcast.c:2115 call_timer_fn+0x16f/0x5b0 kernel/time/timer.c:1413 expire_timers kernel/time/timer.c:1458 [inline] __run_timers kernel/time/timer.c:1755 [inline] run_timer_softirq+0x589/0x1170 kernel/time/timer.c:1768 __do_softirq+0x1d5/0xa45 kernel/softirq.c:298 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0xa4/0xd0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x132/0x150 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x48/0xd0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 wg_socket_send_buffer_to_peer+0x2/0x300 drivers/net/wireguard/socket.c:190 wg_packet_send_handshake_initiation+0x1bc/0x2d0 drivers/net/wireguard/send.c:40 wg_packet_handshake_send_worker+0x10/0x20 drivers/net/wireguard/send.c:51 process_one_work+0x8e9/0x1690 kernel/workqueue.c:2269 worker_thread+0x82/0xb50 kernel/workqueue.c:2415 kthread+0x36b/0x440 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 stack backtrace: CPU: 1 PID: 226 Comm: kworker/u4:5 Not tainted 5.9.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x99/0xd0 lib/dump_stack.c:118 print_irq_inversion_bug kernel/locking/lockdep.c:599 [inline] check_usage_forwards.cold.50+0x39/0x42 kernel/locking/lockdep.c:3453 mark_lock_irq kernel/locking/lockdep.c:3579 [inline] mark_lock+0x7b5/0x1aa0 kernel/locking/lockdep.c:4006 mark_usage kernel/locking/lockdep.c:3905 [inline] __lock_acquire+0x1567/0x4fb0 kernel/locking/lockdep.c:4380 lock_acquire+0x188/0xac0 kernel/locking/lockdep.c:5020 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] snd_hrtimer_callback+0x4a/0x380 sound/core/hrtimer.c:38 __run_hrtimer kernel/time/hrtimer.c:1524 [inline] __hrtimer_run_queues+0x1da/0xaf0 kernel/time/hrtimer.c:1588 hrtimer_interrupt+0x314/0x800 kernel/time/hrtimer.c:1650 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline] __sysvec_apic_timer_interrupt+0x174/0x650 arch/x86/kernel/apic/apic.c:1097 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:50 [inline] sysvec_apic_timer_interrupt+0x43/0xd0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 RIP: 0010:ipv6_get_l4proto net/netfilter/nf_conntrack_core.c:355 [inline] RIP: 0010:get_l4proto+0x2a6/0x4e0 net/netfilter/nf_conntrack_core.c:387 Code: 14 11 84 d2 74 09 80 fa 03 0f 8e b0 01 00 00 8b 6d 70 41 39 ef 0f 86 26 fe ff ff 0f 1f 44 00 00 b8 ff ff ff ff e9 17 fe ff ff <44> 8d 6e 28 89 f6 b9 01 00 00 00 48 8d 54 24 38 48 83 c6 06 e8 81 RSP: 0018:ffffc90000d90848 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 1ffff920001b210c RCX: ffffc90000d90a08 RDX: 000000000000000a RSI: 0000000000000000 RDI: ffff8880b0bad640 RBP: ffff8880b0bad640 R08: 0000000000000001 R09: fffffbfff1cb02f3 R10: ffffffff8e581797 R11: fffffbfff1cb02f2 R12: 0000000000000000 R13: dffffc0000000000 R14: ffffc90000d90a08 R15: dffffc0000000000 nf_conntrack_in+0x212/0x1090 net/netfilter/nf_conntrack_core.c:1813 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow+0xa9/0x170 net/netfilter/core.c:512 nf_hook.constprop.18+0x2d2/0x430 include/linux/netfilter.h:256 NF_HOOK include/linux/netfilter.h:299 [inline] mld_sendpack+0x614/0xca0 net/ipv6/mcast.c:1679 mld_send_initial_cr net/ipv6/mcast.c:2080 [inline] mld_dad_timer_expire+0x26/0x180 net/ipv6/mcast.c:2115 call_timer_fn+0x16f/0x5b0 kernel/time/timer.c:1413 expire_timers kernel/time/timer.c:1458 [inline] __run_timers kernel/time/timer.c:1755 [inline] run_timer_softirq+0x589/0x1170 kernel/time/timer.c:1768 __do_softirq+0x1d5/0xa45 kernel/softirq.c:298 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0xa4/0xd0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x132/0x150 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x48/0xd0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 RIP: 0010:wg_socket_send_buffer_to_peer+0x2/0x300 drivers/net/wireguard/socket.c:190 Code: 89 df 48 89 54 24 10 89 4c 24 0c 4c 89 04 24 e8 b4 71 3f fd 48 8b 54 24 10 8b 4c 24 0c 4c 8b 04 24 e9 6b ff ff ff 66 90 41 57 <49> 89 f7 be 20 0a 00 00 41 56 41 89 ce b9 ff ff ff ff 41 55 49 89 RSP: 0018:ffffc9000192fc38 EFLAGS: 00000246 RAX: dffffc0000000000 RBX: 1ffff92000325f8b RCX: 0000000000000088 RDX: 0000000000000094 RSI: ffffc9000192fc78 RDI: ffff8880a9378000 RBP: ffff8880a9378000 R08: ffffed101526f0d8 R09: ffffed101526f0d8 R10: ffff8880a93786bf R11: ffffed101526f0d7 R12: ffff8880a93786b8 R13: ffffc9000192fc78 R14: 00000010d1f1d704 R15: ffff8880b5869858 wg_packet_send_handshake_initiation+0x1bc/0x2d0 drivers/net/wireguard/send.c:40 wg_packet_handshake_send_worker+0x10/0x20 drivers/net/wireguard/send.c:51 process_one_work+0x8e9/0x1690 kernel/workqueue.c:2269 worker_thread+0x82/0xb50 kernel/workqueue.c:2415 kthread+0x36b/0x440 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294