From: syzbot <syzbot+a04707b50020dd3fe3f7@syzkaller.appspotmail.com>
To: alsa-devel@alsa-project.org, dan.carpenter@oracle.com,
linux-kernel@vger.kernel.org, o-takashi@sakamocchi.jp,
perex@perex.cz, syzkaller-bugs@googlegroups.com, tiwai@suse.com
Subject: possible deadlock in snd_ctl_notify
Date: Wed, 09 Sep 2020 01:58:20 -0700 [thread overview]
Message-ID: <00000000000045446005aedda747@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: dff9f829 Add linux-next specific files for 20200908
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=12f43229900000
kernel config: https://syzkaller.appspot.com/x/.config?x=37b3426c77bda44c
dashboard link: https://syzkaller.appspot.com/bug?extid=a04707b50020dd3fe3f7
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a04707b50020dd3fe3f7@syzkaller.appspotmail.com
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
5.9.0-rc4-next-20200908-syzkaller #0 Not tainted
-----------------------------------------------------
syz-executor.3/8556 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffff888214db8760 (&card->ctl_files_rwlock){.+.+}-{2:2}, at: snd_ctl_notify.part.0+0x36/0x550 sound/core/control.c:153
and this task is already holding:
ffff888214dc2108 (&group->lock){..-.}-{2:2}, at: spin_lock_irq include/linux/spinlock.h:379 [inline]
ffff888214dc2108 (&group->lock){..-.}-{2:2}, at: snd_pcm_group_lock_irq sound/core/pcm_native.c:97 [inline]
ffff888214dc2108 (&group->lock){..-.}-{2:2}, at: snd_pcm_stream_lock_irq+0x8e/0xb0 sound/core/pcm_native.c:136
which would create a new lock dependency:
(&group->lock){..-.}-{2:2} -> (&card->ctl_files_rwlock){.+.+}-{2:2}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&group->lock){..-.}-{2:2}
... which became SOFTIRQ-irq-safe at:
lock_acquire+0x1f3/0xaf0 kernel/locking/lockdep.c:5398
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x94/0xd0 kernel/locking/spinlock.c:159
_snd_pcm_stream_lock_irqsave+0x9f/0xd0 sound/core/pcm_native.c:170
snd_pcm_period_elapsed+0x24/0x250 sound/core/pcm_lib.c:1799
loopback_jiffies_timer_function+0x1a8/0x220 sound/drivers/aloop.c:669
call_timer_fn+0x1ac/0x760 kernel/time/timer.c:1413
expire_timers kernel/time/timer.c:1458 [inline]
__run_timers.part.0+0x67c/0xaa0 kernel/time/timer.c:1755
__run_timers kernel/time/timer.c:1736 [inline]
run_timer_softirq+0xae/0x1a0 kernel/time/timer.c:1768
__do_softirq+0x1f7/0xa91 kernel/softirq.c:298
asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
__run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
do_softirq_own_stack+0x9d/0xd0 arch/x86/kernel/irq_64.c:77
invoke_softirq kernel/softirq.c:393 [inline]
__irq_exit_rcu kernel/softirq.c:423 [inline]
irq_exit_rcu+0x235/0x280 kernel/softirq.c:435
sysvec_apic_timer_interrupt+0x51/0xf0 arch/x86/kernel/apic/apic.c:1091
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
unwind_next_frame+0xc51/0x1f90 arch/x86/kernel/unwind_orc.c:543
arch_stack_walk+0x81/0xf0 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:123
kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48
kasan_set_track mm/kasan/common.c:56 [inline]
__kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:461
__do_kmalloc mm/slab.c:3655 [inline]
__kmalloc+0x27c/0x480 mm/slab.c:3664
kmalloc include/linux/slab.h:559 [inline]
tomoyo_realpath_from_path+0xc3/0x620 security/tomoyo/realpath.c:254
tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
tomoyo_path_perm+0x212/0x3f0 security/tomoyo/file.c:822
security_inode_getattr+0xcf/0x140 security/security.c:1278
vfs_getattr fs/stat.c:121 [inline]
vfs_statx+0x170/0x390 fs/stat.c:206
vfs_lstat include/linux/fs.h:3186 [inline]
__do_sys_newlstat+0x91/0x110 fs/stat.c:374
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
to a SOFTIRQ-irq-unsafe lock:
(&card->ctl_files_rwlock){.+.+}-{2:2}
... which became SOFTIRQ-irq-unsafe at:
...
lock_acquire+0x1f3/0xaf0 kernel/locking/lockdep.c:5398
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
snd_ctl_notify.part.0+0x36/0x550 sound/core/control.c:153
snd_ctl_notify+0x8f/0xb0 sound/core/control.c:181
__snd_ctl_add_replace+0x638/0x800 sound/core/control.c:382
snd_ctl_add_replace+0x76/0x130 sound/core/control.c:399
snd_card_dummy_new_mixer sound/drivers/dummy.c:885 [inline]
snd_dummy_probe+0xbbf/0x1050 sound/drivers/dummy.c:1080
platform_drv_probe+0x87/0x140 drivers/base/platform.c:747
really_probe+0x282/0x9f0 drivers/base/dd.c:553
driver_probe_device+0xfe/0x1d0 drivers/base/dd.c:738
__device_attach_driver+0x1c2/0x220 drivers/base/dd.c:844
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
__device_attach+0x228/0x470 drivers/base/dd.c:912
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
device_add+0xb17/0x1c40 drivers/base/core.c:2926
platform_device_add+0x34f/0x6d0 drivers/base/platform.c:597
platform_device_register_full+0x38c/0x4e0 drivers/base/platform.c:720
platform_device_register_resndata include/linux/platform_device.h:131 [inline]
platform_device_register_simple include/linux/platform_device.h:160 [inline]
alsa_card_dummy_init+0x1cc/0x2e0 sound/drivers/dummy.c:1168
do_one_initcall+0x10a/0x7b0 init/main.c:1204
do_initcall_level init/main.c:1277 [inline]
do_initcalls init/main.c:1293 [inline]
do_basic_setup init/main.c:1313 [inline]
kernel_init_freeable+0x5e9/0x66d init/main.c:1512
kernel_init+0xd/0x1c0 init/main.c:1402
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&card->ctl_files_rwlock);
local_irq_disable();
lock(&group->lock);
lock(&card->ctl_files_rwlock);
<Interrupt>
lock(&group->lock);
*** DEADLOCK ***
1 lock held by syz-executor.3/8556:
#0: ffff888214dc2108 (&group->lock){..-.}-{2:2}, at: spin_lock_irq include/linux/spinlock.h:379 [inline]
#0: ffff888214dc2108 (&group->lock){..-.}-{2:2}, at: snd_pcm_group_lock_irq sound/core/pcm_native.c:97 [inline]
#0: ffff888214dc2108 (&group->lock){..-.}-{2:2}, at: snd_pcm_stream_lock_irq+0x8e/0xb0 sound/core/pcm_native.c:136
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&group->lock){..-.}-{2:2} {
IN-SOFTIRQ-W at:
lock_acquire+0x1f3/0xaf0 kernel/locking/lockdep.c:5398
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x94/0xd0 kernel/locking/spinlock.c:159
_snd_pcm_stream_lock_irqsave+0x9f/0xd0 sound/core/pcm_native.c:170
snd_pcm_period_elapsed+0x24/0x250 sound/core/pcm_lib.c:1799
loopback_jiffies_timer_function+0x1a8/0x220 sound/drivers/aloop.c:669
call_timer_fn+0x1ac/0x760 kernel/time/timer.c:1413
expire_timers kernel/time/timer.c:1458 [inline]
__run_timers.part.0+0x67c/0xaa0 kernel/time/timer.c:1755
__run_timers kernel/time/timer.c:1736 [inline]
run_timer_softirq+0xae/0x1a0 kernel/time/timer.c:1768
__do_softirq+0x1f7/0xa91 kernel/softirq.c:298
asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
__run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
do_softirq_own_stack+0x9d/0xd0 arch/x86/kernel/irq_64.c:77
invoke_softirq kernel/softirq.c:393 [inline]
__irq_exit_rcu kernel/softirq.c:423 [inline]
irq_exit_rcu+0x235/0x280 kernel/softirq.c:435
sysvec_apic_timer_interrupt+0x51/0xf0 arch/x86/kernel/apic/apic.c:1091
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
unwind_next_frame+0xc51/0x1f90 arch/x86/kernel/unwind_orc.c:543
arch_stack_walk+0x81/0xf0 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:123
kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48
kasan_set_track mm/kasan/common.c:56 [inline]
__kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:461
__do_kmalloc mm/slab.c:3655 [inline]
__kmalloc+0x27c/0x480 mm/slab.c:3664
kmalloc include/linux/slab.h:559 [inline]
tomoyo_realpath_from_path+0xc3/0x620 security/tomoyo/realpath.c:254
tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
tomoyo_path_perm+0x212/0x3f0 security/tomoyo/file.c:822
security_inode_getattr+0xcf/0x140 security/security.c:1278
vfs_getattr fs/stat.c:121 [inline]
vfs_statx+0x170/0x390 fs/stat.c:206
vfs_lstat include/linux/fs.h:3186 [inline]
__do_sys_newlstat+0x91/0x110 fs/stat.c:374
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
INITIAL USE at:
lock_acquire+0x1f3/0xaf0 kernel/locking/lockdep.c:5398
__raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline]
_raw_spin_lock_irq+0x94/0xd0 kernel/locking/spinlock.c:167
spin_lock_irq include/linux/spinlock.h:379 [inline]
snd_pcm_group_lock_irq sound/core/pcm_native.c:97 [inline]
snd_pcm_stream_lock_irq sound/core/pcm_native.c:136 [inline]
snd_pcm_hw_params+0x12a/0x1880 sound/core/pcm_native.c:672
snd_pcm_kernel_ioctl+0xd1/0x240 sound/core/pcm_native.c:3325
snd_pcm_oss_change_params_locked+0x130c/0x3430 sound/core/oss/pcm_oss.c:941
snd_pcm_oss_change_params sound/core/oss/pcm_oss.c:1084 [inline]
snd_pcm_oss_get_active_substream+0x164/0x1c0 sound/core/oss/pcm_oss.c:1101
snd_pcm_oss_get_channels sound/core/oss/pcm_oss.c:1792 [inline]
snd_pcm_oss_set_channels+0x244/0x380 sound/core/oss/pcm_oss.c:1784
snd_pcm_oss_ioctl+0x17d5/0x3370 sound/core/oss/pcm_oss.c:2606
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl fs/ioctl.c:739 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:739
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
}
... key at: [<ffffffff8d607200>] __key.7+0x0/0x40
... acquired at:
lock_acquire+0x1f3/0xaf0 kernel/locking/lockdep.c:5398
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
snd_ctl_notify.part.0+0x36/0x550 sound/core/control.c:153
snd_ctl_notify+0x8f/0xb0 sound/core/control.c:181
loopback_check_format sound/drivers/aloop.c:358 [inline]
loopback_trigger+0x10df/0x1990 sound/drivers/aloop.c:387
snd_pcm_do_start sound/core/pcm_native.c:1350 [inline]
snd_pcm_do_start+0xb1/0xf0 sound/core/pcm_native.c:1345
snd_pcm_action_single sound/core/pcm_native.c:1207 [inline]
snd_pcm_action+0xc8/0x170 sound/core/pcm_native.c:1290
__snd_pcm_lib_xfer+0x1202/0x1a90 sound/core/pcm_lib.c:2247
snd_pcm_oss_write3+0x107/0x320 sound/core/oss/pcm_oss.c:1221
io_playback_transfer+0x27e/0x330 sound/core/oss/io.c:47
snd_pcm_plug_write_transfer+0x2cd/0x3f0 sound/core/oss/pcm_plugin.c:624
snd_pcm_oss_write2+0x245/0x3f0 sound/core/oss/pcm_oss.c:1353
snd_pcm_oss_write1 sound/core/oss/pcm_oss.c:1419 [inline]
snd_pcm_oss_write+0x705/0x940 sound/core/oss/pcm_oss.c:2765
vfs_write+0x28e/0x700 fs/read_write.c:593
ksys_write+0x12d/0x250 fs/read_write.c:648
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (&card->ctl_files_rwlock){.+.+}-{2:2} {
HARDIRQ-ON-R at:
lock_acquire+0x1f3/0xaf0 kernel/locking/lockdep.c:5398
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
snd_ctl_notify.part.0+0x36/0x550 sound/core/control.c:153
snd_ctl_notify+0x8f/0xb0 sound/core/control.c:181
__snd_ctl_add_replace+0x638/0x800 sound/core/control.c:382
snd_ctl_add_replace+0x76/0x130 sound/core/control.c:399
snd_card_dummy_new_mixer sound/drivers/dummy.c:885 [inline]
snd_dummy_probe+0xbbf/0x1050 sound/drivers/dummy.c:1080
platform_drv_probe+0x87/0x140 drivers/base/platform.c:747
really_probe+0x282/0x9f0 drivers/base/dd.c:553
driver_probe_device+0xfe/0x1d0 drivers/base/dd.c:738
__device_attach_driver+0x1c2/0x220 drivers/base/dd.c:844
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
__device_attach+0x228/0x470 drivers/base/dd.c:912
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
device_add+0xb17/0x1c40 drivers/base/core.c:2926
platform_device_add+0x34f/0x6d0 drivers/base/platform.c:597
platform_device_register_full+0x38c/0x4e0 drivers/base/platform.c:720
platform_device_register_resndata include/linux/platform_device.h:131 [inline]
platform_device_register_simple include/linux/platform_device.h:160 [inline]
alsa_card_dummy_init+0x1cc/0x2e0 sound/drivers/dummy.c:1168
do_one_initcall+0x10a/0x7b0 init/main.c:1204
do_initcall_level init/main.c:1277 [inline]
do_initcalls init/main.c:1293 [inline]
do_basic_setup init/main.c:1313 [inline]
kernel_init_freeable+0x5e9/0x66d init/main.c:1512
kernel_init+0xd/0x1c0 init/main.c:1402
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
SOFTIRQ-ON-R at:
lock_acquire+0x1f3/0xaf0 kernel/locking/lockdep.c:5398
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
snd_ctl_notify.part.0+0x36/0x550 sound/core/control.c:153
snd_ctl_notify+0x8f/0xb0 sound/core/control.c:181
__snd_ctl_add_replace+0x638/0x800 sound/core/control.c:382
snd_ctl_add_replace+0x76/0x130 sound/core/control.c:399
snd_card_dummy_new_mixer sound/drivers/dummy.c:885 [inline]
snd_dummy_probe+0xbbf/0x1050 sound/drivers/dummy.c:1080
platform_drv_probe+0x87/0x140 drivers/base/platform.c:747
really_probe+0x282/0x9f0 drivers/base/dd.c:553
driver_probe_device+0xfe/0x1d0 drivers/base/dd.c:738
__device_attach_driver+0x1c2/0x220 drivers/base/dd.c:844
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
__device_attach+0x228/0x470 drivers/base/dd.c:912
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
device_add+0xb17/0x1c40 drivers/base/core.c:2926
platform_device_add+0x34f/0x6d0 drivers/base/platform.c:597
platform_device_register_full+0x38c/0x4e0 drivers/base/platform.c:720
platform_device_register_resndata include/linux/platform_device.h:131 [inline]
platform_device_register_simple include/linux/platform_device.h:160 [inline]
alsa_card_dummy_init+0x1cc/0x2e0 sound/drivers/dummy.c:1168
do_one_initcall+0x10a/0x7b0 init/main.c:1204
do_initcall_level init/main.c:1277 [inline]
do_initcalls init/main.c:1293 [inline]
do_basic_setup init/main.c:1313 [inline]
kernel_init_freeable+0x5e9/0x66d init/main.c:1512
kernel_init+0xd/0x1c0 init/main.c:1402
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
INITIAL USE at:
lock_acquire+0x1f3/0xaf0 kernel/locking/lockdep.c:5398
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
snd_ctl_notify.part.0+0x36/0x550 sound/core/control.c:153
snd_ctl_notify+0x8f/0xb0 sound/core/control.c:181
__snd_ctl_add_replace+0x638/0x800 sound/core/control.c:382
snd_ctl_add_replace+0x76/0x130 sound/core/control.c:399
snd_card_dummy_new_mixer sound/drivers/dummy.c:885 [inline]
snd_dummy_probe+0xbbf/0x1050 sound/drivers/dummy.c:1080
platform_drv_probe+0x87/0x140 drivers/base/platform.c:747
really_probe+0x282/0x9f0 drivers/base/dd.c:553
driver_probe_device+0xfe/0x1d0 drivers/base/dd.c:738
__device_attach_driver+0x1c2/0x220 drivers/base/dd.c:844
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
__device_attach+0x228/0x470 drivers/base/dd.c:912
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
device_add+0xb17/0x1c40 drivers/base/core.c:2926
platform_device_add+0x34f/0x6d0 drivers/base/platform.c:597
platform_device_register_full+0x38c/0x4e0 drivers/base/platform.c:720
platform_device_register_resndata include/linux/platform_device.h:131 [inline]
platform_device_register_simple include/linux/platform_device.h:160 [inline]
alsa_card_dummy_init+0x1cc/0x2e0 sound/drivers/dummy.c:1168
do_one_initcall+0x10a/0x7b0 init/main.c:1204
do_initcall_level init/main.c:1277 [inline]
do_initcalls init/main.c:1293 [inline]
do_basic_setup init/main.c:1313 [inline]
kernel_init_freeable+0x5e9/0x66d init/main.c:1512
kernel_init+0xd/0x1c0 init/main.c:1402
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
(null) at:
general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 0 PID: 8556 Comm: syz-executor.3 Not tainted 5.9.0-rc4-next-20200908-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:print_lock_trace kernel/locking/lockdep.c:1751 [inline]
RIP: 0010:print_lock_class_header kernel/locking/lockdep.c:2240 [inline]
RIP: 0010:print_shortest_lock_dependencies.cold+0x110/0x2af kernel/locking/lockdep.c:2263
Code: 48 8b 04 24 48 c1 e8 03 42 80 3c 20 00 74 09 48 8b 3c 24 e8 dd fb de f9 48 8b 04 24 48 8b 00 48 8d 78 14 48 89 fa 48 c1 ea 03 <42> 0f b6 0c 22 48 89 fa 83 e2 07 83 c2 03 38 ca 7c 08 84 c9 0f 85
RSP: 0018:ffffc900056f73a0 EFLAGS: 00010003
RAX: 0000000000000001 RBX: ffffc900056f7558 RCX: 0000000000000000
RDX: 0000000000000002 RSI: ffffffff815bc817 RDI: 0000000000000015
RBP: ffffc900056f7558 R08: 0000000000000004 R09: ffff8880ae620f8b
R10: 0000000000000000 R11: 6c6c756e28202020 R12: dffffc0000000000
R13: ffffffff8c6de340 R14: 0000000000000009 R15: 0000000000000000
FS: 00007f3778278700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b33223000 CR3: 00000000a78fa000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
print_bad_irq_dependency kernel/locking/lockdep.c:2402 [inline]
check_irq_usage.cold+0x46b/0x5b0 kernel/locking/lockdep.c:2634
check_prev_add kernel/locking/lockdep.c:2823 [inline]
check_prevs_add kernel/locking/lockdep.c:2944 [inline]
validate_chain kernel/locking/lockdep.c:3562 [inline]
__lock_acquire+0x2800/0x55d0 kernel/locking/lockdep.c:4796
lock_acquire+0x1f3/0xaf0 kernel/locking/lockdep.c:5398
__raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
_raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
snd_ctl_notify.part.0+0x36/0x550 sound/core/control.c:153
snd_ctl_notify+0x8f/0xb0 sound/core/control.c:181
loopback_check_format sound/drivers/aloop.c:358 [inline]
loopback_trigger+0x10df/0x1990 sound/drivers/aloop.c:387
snd_pcm_do_start sound/core/pcm_native.c:1350 [inline]
snd_pcm_do_start+0xb1/0xf0 sound/core/pcm_native.c:1345
snd_pcm_action_single sound/core/pcm_native.c:1207 [inline]
snd_pcm_action+0xc8/0x170 sound/core/pcm_native.c:1290
__snd_pcm_lib_xfer+0x1202/0x1a90 sound/core/pcm_lib.c:2247
snd_pcm_oss_write3+0x107/0x320 sound/core/oss/pcm_oss.c:1221
io_playback_transfer+0x27e/0x330 sound/core/oss/io.c:47
snd_pcm_plug_write_transfer+0x2cd/0x3f0 sound/core/oss/pcm_plugin.c:624
snd_pcm_oss_write2+0x245/0x3f0 sound/core/oss/pcm_oss.c:1353
snd_pcm_oss_write1 sound/core/oss/pcm_oss.c:1419 [inline]
snd_pcm_oss_write+0x705/0x940 sound/core/oss/pcm_oss.c:2765
vfs_write+0x28e/0x700 fs/read_write.c:593
ksys_write+0x12d/0x250 fs/read_write.c:648
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5b9
Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f3778277c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000038f40 RCX: 000000000045d5b9
RDX: 0000000000000080 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c
R13: 00007ffe90897b0f R14: 00007f37782789c0 R15: 000000000118cf4c
Modules linked in:
---[ end trace f8fb172cba9857a8 ]---
RIP: 0010:print_lock_trace kernel/locking/lockdep.c:1751 [inline]
RIP: 0010:print_lock_class_header kernel/locking/lockdep.c:2240 [inline]
RIP: 0010:print_shortest_lock_dependencies.cold+0x110/0x2af kernel/locking/lockdep.c:2263
Code: 48 8b 04 24 48 c1 e8 03 42 80 3c 20 00 74 09 48 8b 3c 24 e8 dd fb de f9 48 8b 04 24 48 8b 00 48 8d 78 14 48 89 fa 48 c1 ea 03 <42> 0f b6 0c 22 48 89 fa 83 e2 07 83 c2 03 38 ca 7c 08 84 c9 0f 85
RSP: 0018:ffffc900056f73a0 EFLAGS: 00010003
RAX: 0000000000000001 RBX: ffffc900056f7558 RCX: 0000000000000000
RDX: 0000000000000002 RSI: ffffffff815bc817 RDI: 0000000000000015
RBP: ffffc900056f7558 R08: 0000000000000004 R09: ffff8880ae620f8b
R10: 0000000000000000 R11: 6c6c756e28202020 R12: dffffc0000000000
R13: ffffffff8c6de340 R14: 0000000000000009 R15: 0000000000000000
FS: 00007f3778278700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b33223000 CR3: 00000000a78fa000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
reply other threads:[~2020-09-09 9:10 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000045446005aedda747@google.com \
--to=syzbot+a04707b50020dd3fe3f7@syzkaller.appspotmail.com \
--cc=alsa-devel@alsa-project.org \
--cc=dan.carpenter@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=o-takashi@sakamocchi.jp \
--cc=perex@perex.cz \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tiwai@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.