./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1545521853 <...> DUID 00:04:92:3d:a4:bf:d8:99:95:1d:d2:9f:0e:34:7d:20:a7:e6 forked to background, child pid 3188 [ 28.705330][ T3189] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.707954][ T3189] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. execve("./syz-executor1545521853", ["./syz-executor1545521853"], 0x7ffe494c12a0 /* 10 vars */) = 0 brk(NULL) = 0x555556234000 brk(0x555556234c40) = 0x555556234c40 arch_prctl(ARCH_SET_FS, 0x555556234300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1545521853", 4096) = 28 brk(0x555556255c40) = 0x555556255c40 brk(0x555556256000) = 0x555556256000 mprotect(0x7f485a0fd000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3610 attached , child_tidptr=0x5555562345d0) = 3610 [pid 3610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3610] setpgid(0, 0) = 0 [pid 3610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "1000", 4) = 4 [pid 3610] close(3) = 0 [pid 3610] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 3610] ioctl(3, SNDRV_TIMER_IOCTL_TREAD_OLD, 0x20000000) = 0 [pid 3610] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 3610] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 3610] fcntl(3, F_SETFL, O_RDONLY|O_CLOEXEC|FASYNC) = 0 [pid 3610] ioctl(3, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 3610] openat(AT_FDCWD, "/dev/audio", O_WRONLY|O_TRUNC|O_NOATIME) = 4 [pid 3610] write(4, "\x00\x00\x00\x00\x83\xfd\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 64956) = 64956 [pid 3610] open("./file0", O_RDONLY|O_CREAT|O_LARGEFILE|0x4000000, 000) = 5 [pid 3610] gettid() = 3610 [pid 3610] fcntl(5, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=3610}) = 0 [pid 3610] fcntl(5, F_SETLEASE, F_RDLCK) = 0 [pid 3610] creat("./file0", 000) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 3610] --- SIGIO {si_signo=SIGIO, si_code=SI_KERNEL} --- syzkaller login: [ 54.319108][ T3610] [ 54.319114][ T3610] ===================================================== [ 54.319118][ T3610] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 54.319124][ T3610] 5.18.0-rc6-next-20220516-syzkaller #0 Not tainted [ 54.319131][ T3610] ----------------------------------------------------- [ 54.319134][ T3610] syz-executor154/3610 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 54.319148][ T3610] ffffffff8ba0a098 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xab/0x370 [ 54.319190][ T3610] [ 54.319190][ T3610] and this task is already holding: [ 54.319193][ T3610] ffff88807ae38db0 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x24/0x370 [ 54.319222][ T3610] which would create a new lock dependency: [ 54.319225][ T3610] (&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2} [ 54.319254][ T3610] [ 54.319254][ T3610] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 54.319259][ T3610] (&group->lock){..-.}-{2:2} [ 54.319269][ T3610] [ 54.319269][ T3610] ... which became SOFTIRQ-irq-safe at: [ 54.319273][ T3610] lock_acquire+0x1ab/0x570 [ 54.319294][ T3610] _raw_spin_lock_irqsave+0x39/0x50 [ 54.319310][ T3610] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 54.319324][ T3610] snd_pcm_period_elapsed+0x1d/0x50 [ 54.319342][ T3610] dummy_hrtimer_callback+0x94/0x1b0 [ 54.319356][ T3610] __hrtimer_run_queues+0x609/0xe50 [ 54.319370][ T3610] hrtimer_run_softirq+0x17b/0x360 [ 54.319389][ T3610] __do_softirq+0x29b/0x9c2 [ 54.319405][ T3610] __irq_exit_rcu+0x123/0x180 [ 54.319417][ T3610] irq_exit_rcu+0x5/0x20 [ 54.319428][ T3610] sysvec_apic_timer_interrupt+0x93/0xc0 [ 54.319449][ T3610] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 54.319464][ T3610] acpi_idle_do_entry+0x1c6/0x250 [ 54.319475][ T3610] acpi_idle_enter+0x369/0x510 [ 54.319494][ T3610] cpuidle_enter_state+0x1b1/0xc80 [ 54.319508][ T3610] cpuidle_enter+0x4a/0xa0 [ 54.319520][ T3610] do_idle+0x3e8/0x590 [ 54.319532][ T3610] cpu_startup_entry+0x14/0x20 [ 54.319544][ T3610] start_secondary+0x21d/0x2b0 [ 54.319564][ T3610] secondary_startup_64_no_verify+0xce/0xdb [ 54.319582][ T3610] [ 54.319582][ T3610] to a SOFTIRQ-irq-unsafe lock: [ 54.319585][ T3610] (tasklist_lock){.+.+}-{2:2} [ 54.319596][ T3610] [ 54.319596][ T3610] ... which became SOFTIRQ-irq-unsafe at: [ 54.319600][ T3610] ... [ 54.319602][ T3610] lock_acquire+0x1ab/0x570 [ 54.319620][ T3610] _raw_read_lock+0x5b/0x70 [ 54.319634][ T3610] do_wait+0x284/0xce0 [ 54.319662][ T3610] kernel_wait+0x9c/0x150 [ 54.319691][ T3610] call_usermodehelper_exec_work+0xf5/0x180 [ 54.319711][ T3610] process_one_work+0x996/0x1610 [ 54.319728][ T3610] worker_thread+0x665/0x1080 [ 54.319741][ T3610] kthread+0x2e9/0x3a0 [ 54.319752][ T3610] ret_from_fork+0x1f/0x30 [ 54.319768][ T3610] [ 54.319768][ T3610] other info that might help us debug this: [ 54.319768][ T3610] [ 54.319771][ T3610] Chain exists of: [ 54.319771][ T3610] &group->lock --> &f->f_owner.lock --> tasklist_lock [ 54.319771][ T3610] [ 54.319788][ T3610] Possible interrupt unsafe locking scenario: [ 54.319788][ T3610] [ 54.319791][ T3610] CPU0 CPU1 [ 54.319794][ T3610] ---- ---- [ 54.319796][ T3610] lock(tasklist_lock); [ 54.319803][ T3610] local_irq_disable(); [ 54.319806][ T3610] lock(&group->lock); [ 54.319813][ T3610] lock(&f->f_owner.lock); [ 54.319820][ T3610] [ 54.319822][ T3610] lock(&group->lock); [ 54.319828][ T3610] [ 54.319828][ T3610] *** DEADLOCK *** [ 54.319828][ T3610] [ 54.319830][ T3610] 6 locks held by syz-executor154/3610: [ 54.319837][ T3610] #0: ffff88807fa68460 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1b3c/0x2910 [ 54.319870][ T3610] #1: ffffffff8bf55e90 (file_rwsem){.+.+}-{0:0}, at: do_dentry_open+0x432/0x11f0 [ 54.319901][ T3610] #2: ffff88801f820388 (&ctx->flc_lock){+.+.}-{2:2}, at: __break_lease+0x208/0x1420 [ 54.319931][ T3610] #3: ffffffff8bd872e0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x41/0x470 [ 54.319963][ T3610] #4: ffff888023ab6018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x136/0x470 [ 54.319994][ T3610] #5: ffff88807ae38db0 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x24/0x370 [ 54.320025][ T3610] [ 54.320025][ T3610] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 54.320030][ T3610] -> (&group->lock){..-.}-{2:2} { [ 54.320045][ T3610] IN-SOFTIRQ-W at: [ 54.320051][ T3610] lock_acquire+0x1ab/0x570 [ 54.320069][ T3610] _raw_spin_lock_irqsave+0x39/0x50 [ 54.320082][ T3610] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 54.320095][ T3610] snd_pcm_period_elapsed+0x1d/0x50 [ 54.320114][ T3610] dummy_hrtimer_callback+0x94/0x1b0 [ 54.320126][ T3610] __hrtimer_run_queues+0x609/0xe50 [ 54.320141][ T3610] hrtimer_run_softirq+0x17b/0x360 [ 54.320155][ T3610] __do_softirq+0x29b/0x9c2 [ 54.320170][ T3610] __irq_exit_rcu+0x123/0x180 [ 54.320181][ T3610] irq_exit_rcu+0x5/0x20 [ 54.320193][ T3610] sysvec_apic_timer_interrupt+0x93/0xc0 [ 54.320213][ T3610] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 54.320228][ T3610] acpi_idle_do_entry+0x1c6/0x250 [ 54.320239][ T3610] acpi_idle_enter+0x369/0x510 [ 54.320257][ T3610] cpuidle_enter_state+0x1b1/0xc80 [ 54.320270][ T3610] cpuidle_enter+0x4a/0xa0 [ 54.320283][ T3610] do_idle+0x3e8/0x590 [ 54.320295][ T3610] cpu_startup_entry+0x14/0x20 [ 54.320307][ T3610] start_secondary+0x21d/0x2b0 [ 54.320325][ T3610] secondary_startup_64_no_verify+0xce/0xdb [ 54.320342][ T3610] INITIAL USE at: [ 54.320348][ T3610] lock_acquire+0x1ab/0x570 [ 54.320366][ T3610] _raw_spin_lock_irq+0x32/0x50 [ 54.320383][ T3610] snd_pcm_hw_params+0x14b/0x19f0 [ 54.320398][ T3610] snd_pcm_kernel_ioctl+0x164/0x310 [ 54.320414][ T3610] snd_pcm_oss_change_params_locked+0x14e2/0x3a70 [ 54.320432][ T3610] snd_pcm_oss_make_ready_locked+0xb3/0x130 [ 54.320450][ T3610] snd_pcm_oss_write+0x4ac/0x9c0 [ 54.320467][ T3610] vfs_write+0x269/0xac0 [ 54.320485][ T3610] ksys_write+0x127/0x250 [ 54.320503][ T3610] do_syscall_64+0x35/0xb0 [ 54.320518][ T3610] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 54.320533][ T3610] } [ 54.320535][ T3610] ... key at: [] __key.8+0x0/0x40 [ 54.320551][ T3610] -> (&timer->lock){....}-{2:2} { [ 54.320566][ T3610] INITIAL USE at: [ 54.320571][ T3610] lock_acquire+0x1ab/0x570 [ 54.320590][ T3610] _raw_spin_lock_irqsave+0x39/0x50 [ 54.320602][ T3610] snd_timer_resolution+0x55/0x100 [ 54.320620][ T3610] snd_timer_user_params.isra.0+0x18e/0x8c0 [ 54.320640][ T3610] __snd_timer_user_ioctl.isra.0+0x101c/0x2490 [ 54.320660][ T3610] snd_timer_user_ioctl+0x77/0xb0 [ 54.320679][ T3610] __x64_sys_ioctl+0x193/0x200 [ 54.320695][ T3610] do_syscall_64+0x35/0xb0 [ 54.320710][ T3610] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 54.320724][ T3610] } [ 54.320727][ T3610] ... key at: [] __key.10+0x0/0x40 [ 54.320740][ T3610] ... acquired at: [ 54.320743][ T3610] _raw_spin_lock_irqsave+0x39/0x50 [ 54.320755][ T3610] snd_timer_notify+0x10c/0x3d0 [ 54.320772][ T3610] snd_pcm_post_start+0x24a/0x310 [ 54.320785][ T3610] snd_pcm_action_single+0xf4/0x130 [ 54.320796][ T3610] snd_pcm_action+0x6e/0x90 [ 54.320808][ T3610] __snd_pcm_lib_xfer+0x14d0/0x1e10 [ 54.320826][ T3610] snd_pcm_oss_write3+0x103/0x250 [ 54.320842][ T3610] io_playback_transfer+0x27e/0x330 [ 54.320859][ T3610] snd_pcm_plug_write_transfer+0x2cd/0x3f0 [ 54.320877][ T3610] snd_pcm_oss_write2+0x245/0x3f0 [ 54.320893][ T3610] snd_pcm_oss_write+0x759/0x9c0 [ 54.320909][ T3610] vfs_write+0x269/0xac0 [ 54.320926][ T3610] ksys_write+0x127/0x250 [ 54.320943][ T3610] do_syscall_64+0x35/0xb0 [ 54.320958][ T3610] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 54.320972][ T3610] [ 54.320973][ T3610] -> (&new->fa_lock){....}-{2:2} { [ 54.320988][ T3610] INITIAL READ USE at: [ 54.320994][ T3610] lock_acquire+0x1ab/0x570 [ 54.321012][ T3610] _raw_read_lock_irqsave+0x70/0x90 [ 54.321025][ T3610] kill_fasync+0x136/0x470 [ 54.321040][ T3610] snd_timer_user_ccallback+0x298/0x330 [ 54.321058][ T3610] snd_timer_notify1+0x11c/0x3b0 [ 54.321075][ T3610] snd_timer_start1+0x4d4/0x800 [ 54.321093][ T3610] snd_timer_user_start.isra.0+0x1e3/0x260 [ 54.321112][ T3610] __snd_timer_user_ioctl.isra.0+0xda4/0x2490 [ 54.321133][ T3610] snd_timer_user_ioctl+0x77/0xb0 [ 54.321151][ T3610] __x64_sys_ioctl+0x193/0x200 [ 54.321168][ T3610] do_syscall_64+0x35/0xb0 [ 54.321183][ T3610] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 54.321197][ T3610] } [ 54.321200][ T3610] ... key at: [] __key.0+0x0/0x40 [ 54.321214][ T3610] ... acquired at: [ 54.321217][ T3610] _raw_read_lock_irqsave+0x70/0x90 [ 54.321229][ T3610] kill_fasync+0x136/0x470 [ 54.321244][ T3610] snd_timer_user_ccallback+0x298/0x330 [ 54.321261][ T3610] snd_timer_notify1+0x11c/0x3b0 [ 54.321278][ T3610] snd_timer_start1+0x4d4/0x800 [ 54.321295][ T3610] snd_timer_user_start.isra.0+0x1e3/0x260 [ 54.321314][ T3610] __snd_timer_user_ioctl.isra.0+0xda4/0x2490 [ 54.321334][ T3610] snd_timer_user_ioctl+0x77/0xb0 [ 54.321352][ T3610] __x64_sys_ioctl+0x193/0x200 [ 54.321367][ T3610] do_syscall_64+0x35/0xb0 [ 54.321386][ T3610] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 54.321400][ T3610] [ 54.321402][ T3610] -> (&f->f_owner.lock){....}-{2:2} { [ 54.321416][ T3610] INITIAL USE at: [ 54.321422][ T3610] lock_acquire+0x1ab/0x570 [ 54.321440][ T3610] _raw_write_lock_irq+0x32/0x50 [ 54.321452][ T3610] f_modown+0x2a/0x390 [ 54.321466][ T3610] do_fcntl+0x923/0x1040 [ 54.321480][ T3610] __x64_sys_fcntl+0x15f/0x1d0 [ 54.321495][ T3610] do_syscall_64+0x35/0xb0 [ 54.321511][ T3610] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 54.321525][ T3610] INITIAL READ USE at: [ 54.321530][ T3610] lock_acquire+0x1ab/0x570 [ 54.321549][ T3610] _raw_read_lock_irqsave+0x70/0x90 [ 54.321561][ T3610] send_sigio+0x24/0x370 [ 54.321576][ T3610] kill_fasync+0x1f8/0x470 [ 54.321591][ T3610] snd_timer_user_ccallback+0x298/0x330 [ 54.321609][ T3610] snd_timer_notify1+0x11c/0x3b0 [ 54.321626][ T3610] snd_timer_start1+0x4d4/0x800 [ 54.321644][ T3610] snd_timer_user_start.isra.0+0x1e3/0x260 [ 54.321663][ T3610] __snd_timer_user_ioctl.isra.0+0xda4/0x2490 [ 54.321683][ T3610] snd_timer_user_ioctl+0x77/0xb0 [ 54.321702][ T3610] __x64_sys_ioctl+0x193/0x200 [ 54.321718][ T3610] do_syscall_64+0x35/0xb0 [ 54.321734][ T3610] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 54.321748][ T3610] } [ 54.321750][ T3610] ... key at: [] __key.5+0x0/0x40 [ 54.321771][ T3610] ... acquired at: [ 54.321774][ T3610] _raw_read_lock_irqsave+0x70/0x90 [ 54.321786][ T3610] send_sigio+0x24/0x370 [ 54.321800][ T3610] kill_fasync+0x1f8/0x470 [ 54.321815][ T3610] snd_timer_user_ccallback+0x298/0x330 [ 54.321832][ T3610] snd_timer_notify1+0x11c/0x3b0 [ 54.321849][ T3610] snd_timer_start1+0x4d4/0x800 [ 54.321867][ T3610] snd_timer_user_start.isra.0+0x1e3/0x260 [ 54.321886][ T3610] __snd_timer_user_ioctl.isra.0+0xda4/0x2490 [ 54.321905][ T3610] snd_timer_user_ioctl+0x77/0xb0 [ 54.321923][ T3610] __x64_sys_ioctl+0x193/0x200 [ 54.321939][ T3610] do_syscall_64+0x35/0xb0 [ 54.321954][ T3610] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 54.321967][ T3610] [ 54.321969][ T3610] [ 54.321969][ T3610] the dependencies between the lock to be acquired [ 54.321972][ T3610] and SOFTIRQ-irq-unsafe lock: [ 54.321981][ T3610] -> (tasklist_lock){.+.+}-{2:2} { [ 54.321996][ T3610] HARDIRQ-ON-R at: [ 54.322001][ T3610] lock_acquire+0x1ab/0x570 [ 54.322020][ T3610] _raw_read_lock+0x5b/0x70 [ 54.322031][ T3610] do_wait+0x284/0xce0 [ 54.322049][ T3610] kernel_wait+0x9c/0x150 [ 54.322067][ T3610] call_usermodehelper_exec_work+0xf5/0x180 [ 54.322080][ T3610] process_one_work+0x996/0x1610 [ 54.322094][ T3610] worker_thread+0x665/0x1080 [ 54.322107][ T3610] kthread+0x2e9/0x3a0 [ 54.322118][ T3610] ret_from_fork+0x1f/0x30 [ 54.322134][ T3610] SOFTIRQ-ON-R at: [ 54.322140][ T3610] lock_acquire+0x1ab/0x570 [ 54.322158][ T3610] _raw_read_lock+0x5b/0x70 [ 54.322169][ T3610] do_wait+0x284/0xce0 [ 54.322187][ T3610] kernel_wait+0x9c/0x150 [ 54.322206][ T3610] call_usermodehelper_exec_work+0xf5/0x180 [pid 3609] kill(-3610, SIGKILL) = 0 [pid 3609] kill(3610, SIGKILL) = 0 [ 54.322218][ T3610] process_one_work+0x996/0x1610 [ 54.322232][ T3610] worker_thread+0x665/0x1080 [ 54.322246][ T3610] kthread+0x2e9/0x3a0 [ 54.322257][ T3610] ret_from_fork+0x1f/0x30 [ 54.322273][ T3610] INITIAL USE at: [ 54.322278][ T3610] lock_acquire+0x1ab/0x570 [ 54.322297][ T3610] _raw_write_lock_irq+0x32/0x50 [ 54.322309][ T3610] copy_process+0x4451/0x7010 [ 54.322323][ T3610] kernel_clone+0xe7/0xab0 [ 54.322336][ T3610] user_mode_thread+0xad/0xe0 [ 54.322350][ T3610] rest_init+0x23/0x270 [ 54.322361][ T3610] arch_call_rest_init+0xf/0x14 [ 54.322377][ T3610] start_kernel+0x473/0x494 [ 54.322388][ T3610] secondary_startup_64_no_verify+0xce/0xdb [ 54.322405][ T3610] INITIAL READ USE at: [ 54.322410][ T3610] lock_acquire+0x1ab/0x570 [ 54.322429][ T3610] _raw_read_lock+0x5b/0x70 [ 54.322440][ T3610] do_wait+0x284/0xce0 [ 54.322458][ T3610] kernel_wait+0x9c/0x150 [ 54.322477][ T3610] call_usermodehelper_exec_work+0xf5/0x180 [ 54.322489][ T3610] process_one_work+0x996/0x1610 [ 54.322507][ T3610] worker_thread+0x665/0x1080 [ 54.322529][ T3610] kthread+0x2e9/0x3a0 [ 54.322547][ T3610] ret_from_fork+0x1f/0x30 [ 54.322571][ T3610] } [pid 3609] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3609] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3609] getdents64(3, 0x555556235620 /* 2 entries */, 32768) = 48 [pid 3609] getdents64(3, 0x555556235620 /* 0 entries */, 32768) = 0 [pid 3609] close(3) = 0 [ 54.322575][ T3610] ... key at: [] tasklist_lock+0x18/0x40 [ 54.322607][ T3610] ... acquired at: [ 54.322612][ T3610] lock_acquire+0x1ab/0x570 [ 54.322639][ T3610] _raw_read_lock+0x5b/0x70 [ 54.322650][ T3610] send_sigio+0xab/0x370 [ 54.322665][ T3610] kill_fasync+0x1f8/0x470 [ 54.322679][ T3610] lease_break_callback+0x1f/0x30 [ 54.322700][ T3610] __break_lease+0x3d7/0x1420 [ 54.322711][ T3610] do_dentry_open+0x432/0x11f0 [ 54.322724][ T3610] path_openat+0x1c71/0x2910 [ 54.322736][ T3610] do_filp_open+0x1aa/0x400 [ 54.322749][ T3610] do_sys_openat2+0x16d/0x4c0 [ 54.322764][ T3610] __x64_sys_creat+0xc9/0x120 [ 54.322780][ T3610] do_syscall_64+0x35/0xb0 [ 54.322795][ T3610] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 54.322808][ T3610] [ 54.322810][ T3610] [ 54.322810][ T3610] stack backtrace: [ 54.322813][ T3610] CPU: 1 PID: 3610 Comm: syz-executor154 Not tainted 5.18.0-rc6-next-20220516-syzkaller #0 [ 54.322827][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.322835][ T3610] Call Trace: [ 54.322838][ T3610] [ 54.322843][ T3610] dump_stack_lvl+0xcd/0x134 [ 54.322862][ T3610] check_irq_usage.cold+0x4c1/0x6b0 [ 54.322884][ T3610] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 54.322907][ T3610] ? create_prof_cpu_mask+0x20/0x20 [ 54.322927][ T3610] ? check_path.constprop.0+0x24/0x50 [ 54.322947][ T3610] ? stack_trace_save+0x8c/0xc0 [ 54.322968][ T3610] __lock_acquire+0x2ad6/0x5660 [ 54.322990][ T3610] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 54.323013][ T3610] lock_acquire+0x1ab/0x570 [ 54.323032][ T3610] ? send_sigio+0xab/0x370 [ 54.323048][ T3610] ? lock_release+0x780/0x780 [ 54.323068][ T3610] ? lock_release+0x780/0x780 [ 54.323087][ T3610] ? lock_release+0x780/0x780 [ 54.323108][ T3610] _raw_read_lock+0x5b/0x70 [ 54.323120][ T3610] ? send_sigio+0xab/0x370 [ 54.323135][ T3610] send_sigio+0xab/0x370 [ 54.323152][ T3610] kill_fasync+0x1f8/0x470 [ 54.323169][ T3610] lease_break_callback+0x1f/0x30 [ 54.323189][ T3610] __break_lease+0x3d7/0x1420 [ 54.323203][ T3610] ? locks_remove_posix+0x580/0x580 [ 54.323216][ T3610] ? check_access_path_dual.part.0+0x3470/0x3470 [ 54.323239][ T3610] ? apparmor_path_chmod+0x20/0x20 [ 54.323252][ T3610] ? fsnotify_perm.part.0+0x221/0x610 [ 54.323278][ T3610] do_dentry_open+0x432/0x11f0 [ 54.323295][ T3610] path_openat+0x1c71/0x2910 [ 54.323310][ T3610] ? path_lookupat+0x860/0x860 [ 54.323324][ T3610] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 54.323347][ T3610] do_filp_open+0x1aa/0x400 [ 54.323361][ T3610] ? may_open_dev+0xf0/0xf0 [ 54.323383][ T3610] ? alloc_fd+0x2f0/0x670 [ 54.323402][ T3610] ? rwlock_bug.part.0+0x90/0x90 [ 54.323415][ T3610] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 54.323432][ T3610] ? _find_next_bit+0x1e3/0x260 [ 54.323452][ T3610] ? _raw_spin_unlock+0x24/0x40 [ 54.323464][ T3610] ? alloc_fd+0x2f0/0x670 [ 54.323482][ T3610] do_sys_openat2+0x16d/0x4c0 [ 54.323499][ T3610] ? find_held_lock+0x2d/0x110 [ 54.323516][ T3610] ? build_open_flags+0x6f0/0x6f0 [ 54.323533][ T3610] ? ptrace_notify+0xfa/0x140 [ 54.323546][ T3610] ? lock_downgrade+0x6e0/0x6e0 [ 54.323567][ T3610] __x64_sys_creat+0xc9/0x120 [ 54.323584][ T3610] ? __x64_compat_sys_openat+0x1f0/0x1f0 [ 54.323602][ T3610] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.323614][ T3610] ? ptrace_notify+0xfa/0x140 [ 54.323626][ T3610] ? syscall_trace_enter.constprop.0+0xb0/0x240 [ 54.323650][ T3610] do_syscall_64+0x35/0xb0 [ 54.323666][ T3610] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 54.323681][ T3610] RIP: 0033:0x7f485a08ff99 [ 54.323692][ T3610] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 54.323704][ T3610] RSP: 002b:00007ffdc96ac228 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 54.323717][ T3610] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f485a08ff99 [ 54.323725][ T3610] RDX: 00007f485a08ff99 RSI: 0000000000000000 RDI: 0000000020000040 [ 54.323734][ T3610] RBP: 0000000000000000 R08: 00007ffdc96ac3c8 R09: 00007ffdc96ac3c8 [ 54.323742][ T3610] R10: 00007ffdc96ac3c8 R11: 0000000000000246 R12: 00007f485a053820 [ 54.323750][ T3610] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 54.323761][ T3610] [pid 3610] +++ killed by SIGIO +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3610, si_uid=0, si_status=SIGIO, si_utime=0, si_stime=2} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3611 attached [pid 3611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3611] setpgid(0, 0) = 0 [pid 3611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3611] write(3, "1000", 4) = 4 [pid 3611] close(3) = 0 [pid 3611] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 3611] ioctl(3, SNDRV_TIMER_IOCTL_TREAD_OLD, 0x20000000) = 0 [pid 3611] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 3611] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 3611] fcntl(3, F_SETFL, O_RDONLY|O_CLOEXEC|FASYNC) = 0 [pid 3611] ioctl(3, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 3611] openat(AT_FDCWD, "/dev/audio", O_WRONLY|O_TRUNC|O_NOATIME) = 4 [pid 3611] write(4, "\x00\x00\x00\x00\x83\xfd\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 64956 [pid 3609] <... clone resumed>, child_tidptr=0x5555562345d0) = 3611 [pid 3611] <... write resumed>) = 64956 [pid 3611] open("./file0", O_RDONLY|O_CREAT|O_LARGEFILE|0x4000000, 000) = 5 [pid 3611] gettid() = 3611 [pid 3611] fcntl(5, F_SETOWN_EX, {type=F_OWNER_PGRP, pid=3611}) = 0 [pid 3611] fcntl(5, F_SETLEASE, F_RDLCK) = 0 [pid 3611] creat("./file0", 000) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) [pid 3611] --- SIGIO {si_signo=SIGIO, si_code=SI_KERNEL} --- [pid 3609] kill(-3611, SIGKILL) = 0 [pid 3609] kill(3611, SIGKILL) = 0 [pid 3609] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3609] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3609] getdents64(3, 0x555556235620 /* 2 entries */, 32768) = 48 [pid 3609] getdents64(3, 0x555556235620 /* 0 entries */, 32768) = 0 [pid 3609] close(3) = 0