Warning: Permanently added '10.128.0.135' (ECDSA) to the list of known hosts. executing program [ 48.316468][ T8421] [ 48.318814][ T8421] ===================================================== [ 48.325722][ T8421] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 48.333151][ T8421] 5.14.0-rc2-syzkaller #0 Not tainted [ 48.338493][ T8421] ----------------------------------------------------- [ 48.345396][ T8421] syz-executor476/8421 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 48.353433][ T8421] ffff88802083a138 (&f->f_owner.lock){.+.+}-{2:2}, at: send_sigio+0x2f/0x300 [ 48.362191][ T8421] [ 48.362191][ T8421] and this task is already holding: [ 48.369527][ T8421] ffff88803700d018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13b/0x430 [ 48.378196][ T8421] which would create a new lock dependency: [ 48.384067][ T8421] (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){.+.+}-{2:2} [ 48.391788][ T8421] [ 48.391788][ T8421] but this new dependency connects a HARDIRQ-irq-safe lock: [ 48.401208][ T8421] (&timer->lock){-...}-{2:2} [ 48.401222][ T8421] [ 48.401222][ T8421] ... which became HARDIRQ-irq-safe at: [ 48.413556][ T8421] lock_acquire+0x182/0x4a0 [ 48.418127][ T8421] _raw_spin_lock+0x2a/0x40 [ 48.422699][ T8421] snd_hrtimer_callback+0x51/0x360 [ 48.427873][ T8421] __hrtimer_run_queues+0x50b/0xa60 [ 48.433134][ T8421] hrtimer_interrupt+0x3b3/0x1040 [ 48.438220][ T8421] __sysvec_apic_timer_interrupt+0xf9/0x270 [ 48.444182][ T8421] sysvec_apic_timer_interrupt+0x3e/0xb0 [ 48.449874][ T8421] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 48.455915][ T8421] [ 48.455915][ T8421] to a HARDIRQ-irq-unsafe lock: [ 48.462903][ T8421] (&f->f_owner.lock){.+.+}-{2:2} [ 48.462920][ T8421] [ 48.462920][ T8421] ... which became HARDIRQ-irq-unsafe at: [ 48.475759][ T8421] ... [ 48.475763][ T8421] lock_acquire+0x182/0x4a0 [ 48.482887][ T8421] _raw_read_lock+0x32/0x40 [ 48.487453][ T8421] f_getown+0x22/0x210 [ 48.491581][ T8421] do_fcntl+0x1a8/0x1510 [ 48.495882][ T8421] __se_sys_fcntl+0xd8/0x1b0 [ 48.500531][ T8421] do_syscall_64+0x3d/0xb0 [ 48.505009][ T8421] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 48.510970][ T8421] [ 48.510970][ T8421] other info that might help us debug this: [ 48.510970][ T8421] [ 48.521177][ T8421] Chain exists of: [ 48.521177][ T8421] &timer->lock --> &new->fa_lock --> &f->f_owner.lock [ 48.521177][ T8421] [ 48.533831][ T8421] Possible interrupt unsafe locking scenario: [ 48.533831][ T8421] [ 48.542124][ T8421] CPU0 CPU1 [ 48.547461][ T8421] ---- ---- [ 48.552801][ T8421] lock(&f->f_owner.lock); [ 48.557276][ T8421] local_irq_disable(); [ 48.564002][ T8421] lock(&timer->lock); [ 48.570648][ T8421] lock(&new->fa_lock); [ 48.577383][ T8421] [ 48.580813][ T8421] lock(&timer->lock); [ 48.585131][ T8421] [ 48.585131][ T8421] *** DEADLOCK *** [ 48.585131][ T8421] [ 48.593245][ T8421] 4 locks held by syz-executor476/8421: [ 48.598760][ T8421] #0: ffff888037105d68 (&tu->ioctl_lock){+.+.}-{3:3}, at: snd_timer_user_ioctl+0x4d/0x80 [ 48.608641][ T8421] #1: ffff8880283e2948 (&timer->lock){-...}-{2:2}, at: snd_timer_start1+0x5b/0x640 [ 48.617999][ T8421] #2: ffffffff8c7177c0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 48.627268][ T8421] #3: ffff88803700d018 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x13b/0x430 [ 48.636378][ T8421] [ 48.636378][ T8421] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 48.646754][ T8421] -> (&timer->lock){-...}-{2:2} { [ 48.651846][ T8421] IN-HARDIRQ-W at: [ 48.655888][ T8421] lock_acquire+0x182/0x4a0 [ 48.662189][ T8421] _raw_spin_lock+0x2a/0x40 [ 48.668507][ T8421] snd_hrtimer_callback+0x51/0x360 [ 48.675419][ T8421] __hrtimer_run_queues+0x50b/0xa60 [ 48.682414][ T8421] hrtimer_interrupt+0x3b3/0x1040 [ 48.689235][ T8421] __sysvec_apic_timer_interrupt+0xf9/0x270 [ 48.696923][ T8421] sysvec_apic_timer_interrupt+0x3e/0xb0 [ 48.704365][ T8421] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 48.712155][ T8421] INITIAL USE at: [ 48.716109][ T8421] lock_acquire+0x182/0x4a0 [ 48.722324][ T8421] _raw_spin_lock_irqsave+0xb3/0x100 [ 48.729319][ T8421] snd_timer_resolution+0x4d/0xe0 [ 48.736055][ T8421] snd_seq_timer_start+0x298/0x4e0 [ 48.742878][ T8421] snd_seq_control_queue+0x323/0x19d0 [ 48.749977][ T8421] snd_seq_deliver_single_event+0x550/0xcc0 [ 48.757580][ T8421] snd_seq_deliver_event+0x233/0x950 [ 48.764584][ T8421] snd_seq_kernel_client_dispatch+0x1f6/0x2f0 [ 48.772373][ T8421] snd_seq_oss_timer_start+0x48a/0x8d0 [ 48.779548][ T8421] snd_seq_oss_write+0x4f6/0xba0 [ 48.786204][ T8421] odev_write+0x5a/0x80 [ 48.792071][ T8421] vfs_write+0x289/0xc90 [ 48.798023][ T8421] ksys_write+0x171/0x2a0 [ 48.804077][ T8421] do_syscall_64+0x3d/0xb0 [ 48.810207][ T8421] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 48.817810][ T8421] } [ 48.820372][ T8421] ... key at: [] snd_timer_new.__key+0x0/0x40 [ 48.828588][ T8421] -> (&new->fa_lock){....}-{2:2} { [ 48.833681][ T8421] INITIAL READ USE at: [ 48.837982][ T8421] lock_acquire+0x182/0x4a0 [ 48.844455][ T8421] _raw_read_lock+0x32/0x40 [ 48.850931][ T8421] kill_fasync+0x13b/0x430 [ 48.857321][ T8421] snd_timer_user_ccallback+0x3ee/0x710 [ 48.864837][ T8421] snd_timer_notify1+0x19e/0x340 [ 48.871744][ T8421] snd_timer_start1+0x53d/0x640 [ 48.878564][ T8421] __snd_timer_user_ioctl+0xe18/0x5ed0 [ 48.885992][ T8421] snd_timer_user_ioctl+0x5d/0x80 [ 48.892999][ T8421] __se_sys_ioctl+0xfb/0x170 [ 48.899560][ T8421] do_syscall_64+0x3d/0xb0 [ 48.905950][ T8421] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 48.913814][ T8421] } [ 48.916287][ T8421] ... key at: [] fasync_insert_entry.__key+0x0/0x40 [ 48.924933][ T8421] ... acquired at: [ 48.928708][ T8421] lock_acquire+0x182/0x4a0 [ 48.933360][ T8421] _raw_read_lock+0x32/0x40 [ 48.938010][ T8421] kill_fasync+0x13b/0x430 [ 48.942573][ T8421] snd_timer_user_ccallback+0x3ee/0x710 [ 48.948264][ T8421] snd_timer_notify1+0x19e/0x340 [ 48.953346][ T8421] snd_timer_start1+0x53d/0x640 [ 48.958342][ T8421] __snd_timer_user_ioctl+0xe18/0x5ed0 [ 48.963946][ T8421] snd_timer_user_ioctl+0x5d/0x80 [ 48.969126][ T8421] __se_sys_ioctl+0xfb/0x170 [ 48.973877][ T8421] do_syscall_64+0x3d/0xb0 [ 48.978459][ T8421] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 48.984498][ T8421] [ 48.986797][ T8421] [ 48.986797][ T8421] the dependencies between the lock to be acquired [ 48.986802][ T8421] and HARDIRQ-irq-unsafe lock: [ 49.000289][ T8421] -> (&f->f_owner.lock){.+.+}-{2:2} { [ 49.005643][ T8421] HARDIRQ-ON-R at: [ 49.009597][ T8421] lock_acquire+0x182/0x4a0 [ 49.015735][ T8421] _raw_read_lock+0x32/0x40 [ 49.021860][ T8421] f_getown+0x22/0x210 [ 49.027553][ T8421] do_fcntl+0x1a8/0x1510 [ 49.033418][ T8421] __se_sys_fcntl+0xd8/0x1b0 [ 49.039633][ T8421] do_syscall_64+0x3d/0xb0 [ 49.045676][ T8421] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.053194][ T8421] SOFTIRQ-ON-R at: [ 49.057147][ T8421] lock_acquire+0x182/0x4a0 [ 49.063276][ T8421] _raw_read_lock+0x32/0x40 [ 49.069400][ T8421] f_getown+0x22/0x210 [ 49.075093][ T8421] do_fcntl+0x1a8/0x1510 [ 49.080958][ T8421] __se_sys_fcntl+0xd8/0x1b0 [ 49.087171][ T8421] do_syscall_64+0x3d/0xb0 [ 49.093217][ T8421] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.100732][ T8421] INITIAL READ USE at: [ 49.105046][ T8421] lock_acquire+0x182/0x4a0 [ 49.111518][ T8421] _raw_read_lock+0x32/0x40 [ 49.117992][ T8421] f_getown+0x22/0x210 [ 49.124036][ T8421] do_fcntl+0x1a8/0x1510 [ 49.130246][ T8421] __se_sys_fcntl+0xd8/0x1b0 [ 49.136808][ T8421] do_syscall_64+0x3d/0xb0 [ 49.143194][ T8421] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.151054][ T8421] } [ 49.153527][ T8421] ... key at: [] __alloc_file.__key+0x0/0x10 [ 49.161565][ T8421] ... acquired at: [ 49.165346][ T8421] lock_acquire+0x182/0x4a0 [ 49.169998][ T8421] _raw_read_lock_irqsave+0xbb/0x100 [ 49.175429][ T8421] send_sigio+0x2f/0x300 [ 49.179834][ T8421] kill_fasync+0x1e3/0x430 [ 49.184398][ T8421] snd_timer_user_ccallback+0x3ee/0x710 [ 49.190092][ T8421] snd_timer_notify1+0x19e/0x340 [ 49.195177][ T8421] snd_timer_start1+0x53d/0x640 [ 49.200180][ T8421] __snd_timer_user_ioctl+0xe18/0x5ed0 [ 49.205786][ T8421] snd_timer_user_ioctl+0x5d/0x80 [ 49.210955][ T8421] __se_sys_ioctl+0xfb/0x170 [ 49.215690][ T8421] do_syscall_64+0x3d/0xb0 [ 49.220254][ T8421] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.226293][ T8421] [ 49.228592][ T8421] [ 49.228592][ T8421] stack backtrace: [ 49.234454][ T8421] CPU: 0 PID: 8421 Comm: syz-executor476 Not tainted 5.14.0-rc2-syzkaller #0 [ 49.243188][ T8421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.253215][ T8421] Call Trace: [ 49.256485][ T8421] dump_stack_lvl+0x1ae/0x29f [ 49.261144][ T8421] ? show_regs_print_info+0x12/0x12 [ 49.266319][ T8421] ? log_buf_vmcoreinfo_setup+0x498/0x498 [ 49.272030][ T8421] ? print_shortest_lock_dependencies+0xd4/0x150 [ 49.278334][ T8421] check_prevs_add+0x4eaa/0x5b30 [ 49.283251][ T8421] ? reacquire_held_locks+0x5f0/0x5f0 [ 49.288598][ T8421] ? __bfs+0x700/0x700 [ 49.292638][ T8421] ? reacquire_held_locks+0x5f0/0x5f0 [ 49.297982][ T8421] ? __lock_acquire+0x6100/0x6100 [ 49.302982][ T8421] ? __rcu_read_lock+0x60/0x60 [ 49.307724][ T8421] ? stack_trace_save+0x1e0/0x1e0 [ 49.312722][ T8421] ? stack_trace_save+0x1e0/0x1e0 [ 49.317721][ T8421] ? is_bpf_text_address+0x253/0x270 [ 49.322985][ T8421] ? stack_trace_save+0x1e0/0x1e0 [ 49.327984][ T8421] ? __kernel_text_address+0x93/0x100 [ 49.333329][ T8421] ? unwind_get_return_address+0x48/0x80 [ 49.338939][ T8421] ? arch_stack_walk+0x98/0xe0 [ 49.343681][ T8421] ? stack_trace_save+0x104/0x1e0 [ 49.348681][ T8421] ? stack_trace_snprint+0xe0/0xe0 [ 49.353762][ T8421] ? mark_lock+0x199/0x1eb0 [ 49.358251][ T8421] ? mark_lock+0x199/0x1eb0 [ 49.362725][ T8421] ? lockdep_unlock+0x145/0x2e0 [ 49.367553][ T8421] ? lockdep_lock+0x2c0/0x2c0 [ 49.372203][ T8421] ? __bfs+0x700/0x700 [ 49.376254][ T8421] ? mark_lock+0x199/0x1eb0 [ 49.380755][ T8421] ? mark_lock+0x5dc/0x1eb0 [ 49.385276][ T8421] ? __bfs+0x700/0x700 [ 49.389322][ T8421] ? register_lock_class+0xd7/0x1210 [ 49.394588][ T8421] ? lockdep_lock+0x102/0x2c0 [ 49.399253][ T8421] ? lockdep_lock+0x102/0x2c0 [ 49.403903][ T8421] ? register_lock_class+0xb2d/0x1210 [ 49.409249][ T8421] __lock_acquire+0x4476/0x6100 [ 49.414089][ T8421] ? lockdep_unlock+0x145/0x2e0 [ 49.418919][ T8421] ? trace_lock_acquire+0x190/0x190 [ 49.424095][ T8421] ? trace_lock_acquire+0x190/0x190 [ 49.429269][ T8421] ? rcu_read_lock_sched_held+0x87/0x110 [ 49.434879][ T8421] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 49.440850][ T8421] lock_acquire+0x182/0x4a0 [ 49.445327][ T8421] ? send_sigio+0x2f/0x300 [ 49.449721][ T8421] ? read_lock_is_recursive+0x10/0x10 [ 49.455071][ T8421] ? read_lock_is_recursive+0x10/0x10 [ 49.460419][ T8421] _raw_read_lock_irqsave+0xbb/0x100 [ 49.465681][ T8421] ? send_sigio+0x2f/0x300 [ 49.470070][ T8421] ? _raw_read_lock+0x40/0x40 [ 49.474720][ T8421] ? seqcount_lockdep_reader_access+0x198/0x200 [ 49.480943][ T8421] send_sigio+0x2f/0x300 [ 49.485162][ T8421] kill_fasync+0x1e3/0x430 [ 49.489553][ T8421] snd_timer_user_ccallback+0x3ee/0x710 [ 49.495072][ T8421] ? ktime_get_raw+0x280/0x280 [ 49.499811][ T8421] ? snd_timer_user_interrupt+0x440/0x440 [ 49.505505][ T8421] snd_timer_notify1+0x19e/0x340 [ 49.510415][ T8421] ? check_matching_master_slave+0x570/0x570 [ 49.516368][ T8421] ? snd_timer_s_start+0x170/0x190 [ 49.521451][ T8421] snd_timer_start1+0x53d/0x640 [ 49.526278][ T8421] __snd_timer_user_ioctl+0xe18/0x5ed0 [ 49.531714][ T8421] ? rcu_read_lock_sched_held+0x87/0x110 [ 49.537323][ T8421] ? snd_timer_user_fasync+0x60/0x60 [ 49.542597][ T8421] ? __x64_compat_sys_ioctl+0x80/0x80 [ 49.547943][ T8421] ? rcu_lock_release+0x5/0x20 [ 49.552684][ T8421] ? read_lock_is_recursive+0x10/0x10 [ 49.558036][ T8421] ? __might_sleep+0x100/0x100 [ 49.562788][ T8421] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 49.568223][ T8421] ? __mutex_lock_common+0x570/0x3770 [ 49.573572][ T8421] ? memset+0x1f/0x40 [ 49.577530][ T8421] ? smack_file_ioctl+0x284/0x390 [ 49.582540][ T8421] ? snd_timer_user_ioctl+0x4d/0x80 [ 49.587714][ T8421] ? smack_file_alloc_security+0xd0/0xd0 [ 49.593319][ T8421] ? mutex_lock_io_nested+0x60/0x60 [ 49.598504][ T8421] ? print_irqtrace_events+0x220/0x220 [ 49.603940][ T8421] ? vtime_user_exit+0x2b2/0x3e0 [ 49.608852][ T8421] snd_timer_user_ioctl+0x5d/0x80 [ 49.613851][ T8421] ? snd_timer_user_poll+0x130/0x130 [ 49.619112][ T8421] __se_sys_ioctl+0xfb/0x170 [ 49.623691][ T8421] do_syscall_64+0x3d/0xb0 [ 49.628095][ T8421] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 49.633963][ T8421] RIP: 0033:0x43fbd9 [ 49.637837][ T8421] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 49.657421][ T8421] RSP: 002b:00007ffca846a608 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 49.665822][ T8421] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 00000