DUID 00:04:e6:bc:8e:bc:c3:7a:f3:fc:35:c5:a5:4f:9b:64:01:ce forked to background, child pid 3172 [ 26.533274][ T3173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.543593][ T3173] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.143' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 47.862364][ T3588] [ 47.864723][ T3588] ====================================================== [ 47.871804][ T3588] WARNING: possible circular locking dependency detected [ 47.878797][ T3588] 5.17.0-next-20220328-syzkaller #0 Not tainted [ 47.885011][ T3588] ------------------------------------------------------ [ 47.892000][ T3588] syz-executor329/3588 is trying to acquire lock: [ 47.898391][ T3588] ffff8880243c1d28 (&mm->mmap_lock#2){++++}-{3:3}, at: __might_fault+0xa1/0x170 [ 47.907437][ T3588] [ 47.907437][ T3588] but task is already holding lock: [ 47.914774][ T3588] ffff88801afef230 (&runtime->buffer_mutex){+.+.}-{3:3}, at: __snd_pcm_lib_xfer+0xbca/0x1e20 [ 47.924936][ T3588] [ 47.924936][ T3588] which lock already depends on the new lock. [ 47.924936][ T3588] [ 47.935319][ T3588] [ 47.935319][ T3588] the existing dependency chain (in reverse order) is: [ 47.944312][ T3588] [ 47.944312][ T3588] -> #1 (&runtime->buffer_mutex){+.+.}-{3:3}: [ 47.952550][ T3588] __mutex_lock+0x12f/0x12f0 [ 47.957657][ T3588] snd_pcm_hw_params+0xc9/0x18a0 [ 47.963106][ T3588] snd_pcm_kernel_ioctl+0x164/0x310 [ 47.968813][ T3588] snd_pcm_oss_change_params_locked+0x14e2/0x3a70 [ 47.975936][ T3588] snd_pcm_oss_mmap+0x442/0x550 [ 47.981305][ T3588] mmap_region+0xba5/0x14a0 [ 47.986322][ T3588] do_mmap+0x863/0xfa0 [ 47.990901][ T3588] vm_mmap_pgoff+0x1b7/0x290 [ 47.996013][ T3588] ksys_mmap_pgoff+0x40d/0x5a0 [ 48.001292][ T3588] do_syscall_64+0x35/0x80 [ 48.006217][ T3588] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 48.012634][ T3588] [ 48.012634][ T3588] -> #0 (&mm->mmap_lock#2){++++}-{3:3}: [ 48.020355][ T3588] __lock_acquire+0x2ac6/0x56c0 [ 48.025722][ T3588] lock_acquire+0x1ab/0x510 [ 48.030748][ T3588] __might_fault+0x104/0x170 [ 48.035864][ T3588] _copy_to_user+0x25/0x140 [ 48.040891][ T3588] default_read_copy+0x10f/0x180 [ 48.046358][ T3588] __snd_pcm_lib_xfer+0x1517/0x1e20 [ 48.052081][ T3588] snd_pcm_oss_read3+0x1c4/0x400 [ 48.057537][ T3588] snd_pcm_oss_read2+0x300/0x3f0 [ 48.062990][ T3588] snd_pcm_oss_read+0x620/0x7a0 [ 48.068359][ T3588] vfs_read+0x1ef/0x5d0 [ 48.073046][ T3588] ksys_read+0x127/0x250 [ 48.077808][ T3588] do_syscall_64+0x35/0x80 [ 48.082740][ T3588] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 48.089161][ T3588] [ 48.089161][ T3588] other info that might help us debug this: [ 48.089161][ T3588] [ 48.099373][ T3588] Possible unsafe locking scenario: [ 48.099373][ T3588] [ 48.106813][ T3588] CPU0 CPU1 [ 48.112176][ T3588] ---- ---- [ 48.117522][ T3588] lock(&runtime->buffer_mutex); [ 48.122536][ T3588] lock(&mm->mmap_lock#2); [ 48.129550][ T3588] lock(&runtime->buffer_mutex); [ 48.137076][ T3588] lock(&mm->mmap_lock#2); [ 48.141568][ T3588] [ 48.141568][ T3588] *** DEADLOCK *** [ 48.141568][ T3588] [ 48.149693][ T3588] 1 lock held by syz-executor329/3588: [ 48.155133][ T3588] #0: ffff88801afef230 (&runtime->buffer_mutex){+.+.}-{3:3}, at: __snd_pcm_lib_xfer+0xbca/0x1e20 [ 48.165755][ T3588] [ 48.165755][ T3588] stack backtrace: [ 48.171633][ T3588] CPU: 0 PID: 3588 Comm: syz-executor329 Not tainted 5.17.0-next-20220328-syzkaller #0 [ 48.181249][ T3588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.191292][ T3588] Call Trace: [ 48.194555][ T3588] [ 48.197472][ T3588] dump_stack_lvl+0xcd/0x134 [ 48.202062][ T3588] check_noncircular+0x25f/0x2e0 [ 48.206997][ T3588] ? print_circular_bug+0x1e0/0x1e0 [ 48.212196][ T3588] ? lock_chain_count+0x20/0x20 [ 48.217044][ T3588] __lock_acquire+0x2ac6/0x56c0 [ 48.221897][ T3588] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 48.227878][ T3588] lock_acquire+0x1ab/0x510 [ 48.232377][ T3588] ? __might_fault+0xa1/0x170 [ 48.237051][ T3588] ? lock_release+0x720/0x720 [ 48.241731][ T3588] __might_fault+0x104/0x170 [ 48.246334][ T3588] ? __might_fault+0xa1/0x170 [ 48.251010][ T3588] _copy_to_user+0x25/0x140 [ 48.255519][ T3588] default_read_copy+0x10f/0x180 [ 48.260452][ T3588] __snd_pcm_lib_xfer+0x1517/0x1e20 [ 48.265645][ T3588] ? snd_pcm_add_chmap_ctls+0x570/0x570 [ 48.271187][ T3588] ? snd_pcm_hw_rule_step+0x440/0x440 [ 48.276553][ T3588] ? pcm_lib_apply_appl_ptr+0x550/0x550 [ 48.282093][ T3588] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 48.287818][ T3588] ? wake_up_q+0xf0/0xf0 [ 48.292068][ T3588] ? find_held_lock+0x2d/0x110 [ 48.296831][ T3588] snd_pcm_oss_read3+0x1c4/0x400 [ 48.301765][ T3588] ? snd_pcm_oss_write+0x9c0/0x9c0 [ 48.306869][ T3588] ? up_write+0x470/0x470 [ 48.311192][ T3588] ? _raw_spin_unlock_irq+0x2a/0x40 [ 48.316404][ T3588] ? snd_pcm_post_prepare+0x27c/0x310 [ 48.321768][ T3588] snd_pcm_oss_read2+0x300/0x3f0 [ 48.326701][ T3588] ? snd_pcm_oss_read3+0x400/0x400 [ 48.331803][ T3588] ? snd_pcm_kernel_ioctl+0x1cc/0x310 [ 48.337171][ T3588] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 48.343413][ T3588] ? snd_pcm_oss_prepare+0x11f/0x220 [ 48.348692][ T3588] snd_pcm_oss_read+0x620/0x7a0 [ 48.353537][ T3588] ? snd_pcm_oss_read2+0x3f0/0x3f0 [ 48.358642][ T3588] vfs_read+0x1ef/0x5d0 [ 48.362795][ T3588] ksys_read+0x127/0x250 [ 48.367046][ T3588] ? vfs_write+0xac0/0xac0 [ 48.371461][ T3588] ? syscall_enter_from_user_mode+0x21/0x70 [ 48.377354][ T3588] do_syscall_64+0x35/0x80 [ 48.381758][ T3588] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 48.387658][ T3588] RIP: 0033:0x7f72068ad0f9 [ 48.392060][ T3588] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 48.411655][ T3588] RSP: 002b:00007fff51e1f1c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 48.420059][ T3588] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f72068ad0f9 [ 48.428017][ T3588] RDX: 0000000000000ff2 RSI: 0000000020000780 RDI: 0000000000000004 [ 48.435973][ T3588] RBP: 00007f72068710e0 R08: 0000000000000000 R09: 0000000000000000 [ 48.443930][ T3588] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7206871170 [ 48.451893][ T3588] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.459856][ T3588]