Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. [ 63.284451][ T5880] [ 63.286786][ T5880] ======================================================== [ 63.293942][ T5880] WARNING: possible irq lock inversion dependency detected [ 63.301097][ T5880] 5.11.0-syzkaller #0 Not tainted [ 63.306084][ T5880] -------------------------------------------------------- [ 63.313402][ T5880] syz-executor292/5880 just changed the state of lock: [ 63.320210][ T5880] ffff88802ae300c0 (&new->fa_lock){.+..}-{2:2}, at: kill_fasync+0xec/0x310 [ 63.328859][ T5880] but this lock was taken by another, HARDIRQ-safe lock in the past: [ 63.336972][ T5880] (&timer->lock){-...}-{2:2} [ 63.336979][ T5880] [ 63.336979][ T5880] [ 63.336979][ T5880] and interrupts could create inverse lock ordering between them. [ 63.336979][ T5880] [ 63.355968][ T5880] [ 63.355968][ T5880] other info that might help us debug this: [ 63.363987][ T5880] Possible interrupt unsafe locking scenario: [ 63.363987][ T5880] [ 63.372289][ T5880] CPU0 CPU1 [ 63.377618][ T5880] ---- ---- [ 63.382947][ T5880] lock(&new->fa_lock); [ 63.387171][ T5880] local_irq_disable(); [ 63.393912][ T5880] lock(&timer->lock); [ 63.400545][ T5880] lock(&new->fa_lock); [ 63.407294][ T5880] [ 63.410712][ T5880] lock(&timer->lock); [ 63.415003][ T5880] [ 63.415003][ T5880] *** DEADLOCK *** [ 63.415003][ T5880] [ 63.423108][ T5880] 3 locks held by syz-executor292/5880: [ 63.428610][ T5880] #0: ffffffff8a76ad40 (rcu_read_lock){....}-{1:2}, at: sock_def_readable+0x0/0x340 [ 63.438257][ T5880] #1: ffffffff8a76ad40 (rcu_read_lock){....}-{1:2}, at: sock_def_readable+0x134/0x340 [ 63.447938][ T5880] #2: ffffffff8a76ad40 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x36/0x310 [ 63.456946][ T5880] [ 63.456946][ T5880] the shortest dependencies between 2nd lock and 1st lock: [ 63.466301][ T5880] -> (&timer->lock){-...}-{2:2} { [ 63.471379][ T5880] IN-HARDIRQ-W at: [ 63.475482][ T5880] lock_acquire+0x1a8/0x720 [ 63.481776][ T5880] _raw_spin_lock+0x2a/0x40 [ 63.488336][ T5880] snd_hrtimer_callback+0x4a/0x380 [ 63.495236][ T5880] __hrtimer_run_queues+0x4d7/0xb00 [ 63.502223][ T5880] hrtimer_interrupt+0x300/0x930 [ 63.508943][ T5880] __sysvec_apic_timer_interrupt+0x146/0x540 [ 63.516794][ T5880] asm_call_irq_on_stack+0xf/0x20 [ 63.523612][ T5880] sysvec_apic_timer_interrupt+0xbd/0x100 [ 63.531117][ T5880] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 63.538897][ T5880] _raw_spin_unlock_irqrestore+0x25/0x50 [ 63.546313][ T5880] snd_seq_check_queue+0xd0/0x380 [ 63.553122][ T5880] snd_seq_enqueue_event+0x17e/0x380 [ 63.560188][ T5880] snd_seq_client_enqueue_event.constprop.0+0x1b0/0x3c0 [ 63.568905][ T5880] snd_seq_kernel_client_enqueue+0x12d/0x180 [ 63.576783][ T5880] snd_seq_oss_write+0x474/0x650 [ 63.583522][ T5880] odev_write+0x37/0x70 [ 63.589461][ T5880] vfs_write+0x1c4/0x870 [ 63.595486][ T5880] ksys_write+0xf4/0x1d0 [ 63.601513][ T5880] do_syscall_64+0x2d/0x70 [ 63.607717][ T5880] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.615393][ T5880] INITIAL USE at: [ 63.619336][ T5880] lock_acquire+0x1a8/0x720 [ 63.625561][ T5880] _raw_spin_lock_irqsave+0x39/0x50 [ 63.632454][ T5880] snd_timer_notify+0xcc/0x320 [ 63.638914][ T5880] snd_pcm_post_stop+0x1a0/0x210 [ 63.645552][ T5880] snd_pcm_action+0x10c/0x140 [ 63.651925][ T5880] snd_pcm_drop+0x165/0x290 [ 63.658212][ T5880] snd_pcm_oss_sync+0x1ed/0x730 [ 63.664775][ T5880] snd_pcm_oss_release+0x21f/0x2b0 [ 63.671586][ T5880] __fput+0x204/0x870 [ 63.677283][ T5880] task_work_run+0xc0/0x160 [ 63.683488][ T5880] exit_to_user_mode_prepare+0x249/0x250 [ 63.690819][ T5880] syscall_exit_to_user_mode+0x19/0x60 [ 63.697995][ T5880] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.705585][ T5880] } [ 63.708136][ T5880] ... key at: [] __key.12+0x0/0x40 [ 63.715404][ T5880] ... acquired at: [ 63.719261][ T5880] _raw_read_lock+0x5b/0x70 [ 63.723907][ T5880] kill_fasync+0xec/0x310 [ 63.728376][ T5880] snd_timer_user_ccallback+0x24d/0x300 [ 63.734342][ T5880] snd_timer_notify1+0x119/0x330 [ 63.739436][ T5880] snd_timer_start1+0x3dd/0x6f0 [ 63.744421][ T5880] snd_timer_user_start.isra.0+0x16d/0x1e0 [ 63.750367][ T5880] __snd_timer_user_ioctl.isra.0+0xb0b/0x1fc0 [ 63.756574][ T5880] snd_timer_user_ioctl+0x72/0xa0 [ 63.761730][ T5880] __x64_sys_ioctl+0x11f/0x190 [ 63.766650][ T5880] do_syscall_64+0x2d/0x70 [ 63.771201][ T5880] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.777225][ T5880] [ 63.779514][ T5880] -> (&new->fa_lock){.+..}-{2:2} { [ 63.784590][ T5880] HARDIRQ-ON-R at: [ 63.788532][ T5880] lock_acquire+0x1a8/0x720 [ 63.794652][ T5880] _raw_read_lock+0x5b/0x70 [ 63.800772][ T5880] kill_fasync+0xec/0x310 [ 63.806712][ T5880] sock_wake_async+0xce/0x110 [ 63.812999][ T5880] sock_def_readable+0x1cc/0x340 [ 63.819547][ T5880] unix_dgram_sendmsg+0xcad/0x1710 [ 63.826285][ T5880] sock_sendmsg+0xab/0xe0 [ 63.832227][ T5880] ____sys_sendmsg+0x392/0x7a0 [ 63.838621][ T5880] ___sys_sendmsg+0xd3/0x150 [ 63.844819][ T5880] __sys_sendmmsg+0x141/0x300 [ 63.851105][ T5880] __x64_sys_sendmmsg+0x94/0x100 [ 63.857653][ T5880] do_syscall_64+0x2d/0x70 [ 63.863677][ T5880] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.871182][ T5880] INITIAL READ USE at: [ 63.875470][ T5880] lock_acquire+0x1a8/0x720 [ 63.881928][ T5880] _raw_read_lock+0x5b/0x70 [ 63.888387][ T5880] kill_fasync+0xec/0x310 [ 63.894675][ T5880] snd_timer_user_ccallback+0x24d/0x300 [ 63.902178][ T5880] snd_timer_notify1+0x119/0x330 [ 63.909098][ T5880] snd_timer_start1+0x3dd/0x6f0 [ 63.915930][ T5880] snd_timer_user_start.isra.0+0x16d/0x1e0 [ 63.923693][ T5880] __snd_timer_user_ioctl.isra.0+0xb0b/0x1fc0 [ 63.931742][ T5880] snd_timer_user_ioctl+0x72/0xa0 [ 63.938723][ T5880] __x64_sys_ioctl+0x11f/0x190 [ 63.945446][ T5880] do_syscall_64+0x2d/0x70 [ 63.951823][ T5880] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.959704][ T5880] } [ 63.962186][ T5880] ... key at: [] __key.0+0x0/0x40 [ 63.969599][ T5880] ... acquired at: [ 63.973368][ T5880] __lock_acquire+0x11cb/0x57d0 [ 63.978369][ T5880] lock_acquire+0x1a8/0x720 [ 63.983096][ T5880] _raw_read_lock+0x5b/0x70 [ 63.987735][ T5880] kill_fasync+0xec/0x310 [ 63.992197][ T5880] sock_wake_async+0xce/0x110 [ 63.997007][ T5880] sock_def_readable+0x1cc/0x340 [ 64.002079][ T5880] unix_dgram_sendmsg+0xcad/0x1710 [ 64.007347][ T5880] sock_sendmsg+0xab/0xe0 [ 64.011809][ T5880] ____sys_sendmsg+0x392/0x7a0 [ 64.016710][ T5880] ___sys_sendmsg+0xd3/0x150 [ 64.021433][ T5880] __sys_sendmmsg+0x141/0x300 [ 64.026266][ T5880] __x64_sys_sendmmsg+0x94/0x100 [ 64.031335][ T5880] do_syscall_64+0x2d/0x70 [ 64.035892][ T5880] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.041928][ T5880] [ 64.044219][ T5880] [ 64.044219][ T5880] stack backtrace: [ 64.050095][ T5880] CPU: 0 PID: 5880 Comm: syz-executor292 Not tainted 5.11.0-syzkaller #0 [ 64.058479][ T5880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.068500][ T5880] Call Trace: [ 64.071779][ T5880] dump_stack+0x9a/0xcc [ 64.075901][ T5880] mark_lock.cold+0x6d/0x72 [ 64.080366][ T5880] ? lock_chain_count+0x20/0x20 [ 64.085202][ T5880] ? mark_lock+0xee/0x1720 [ 64.089599][ T5880] ? lock_chain_count+0x20/0x20 [ 64.094429][ T5880] ? __lock_acquire+0xbfc/0x57d0 [ 64.099331][ T5880] __lock_acquire+0x11cb/0x57d0 [ 64.104147][ T5880] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 64.110175][ T5880] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 64.116116][ T5880] lock_acquire+0x1a8/0x720 [ 64.120588][ T5880] ? kill_fasync+0xec/0x310 [ 64.125052][ T5880] ? lock_release+0x710/0x710 [ 64.129691][ T5880] ? lock_release+0x710/0x710 [ 64.134331][ T5880] ? lock_acquire+0x1a8/0x720 [ 64.138987][ T5880] _raw_read_lock+0x5b/0x70 [ 64.143560][ T5880] ? kill_fasync+0xec/0x310 [ 64.148026][ T5880] kill_fasync+0xec/0x310 [ 64.152317][ T5880] sock_wake_async+0xce/0x110 [ 64.156956][ T5880] sock_def_readable+0x1cc/0x340 [ 64.161868][ T5880] unix_dgram_sendmsg+0xcad/0x1710 [ 64.166954][ T5880] ? unix_stream_sendpage+0xa50/0xa50 [ 64.172298][ T5880] ? unix_stream_sendpage+0xa50/0xa50 [ 64.177638][ T5880] sock_sendmsg+0xab/0xe0 [ 64.181936][ T5880] ____sys_sendmsg+0x392/0x7a0 [ 64.186660][ T5880] ? kernel_sendmsg+0x30/0x30 [ 64.191298][ T5880] ? do_recvmmsg+0x540/0x540 [ 64.195848][ T5880] ? __lock_acquire+0x1644/0x57d0 [ 64.200834][ T5880] ___sys_sendmsg+0xd3/0x150 [ 64.205402][ T5880] ? sendmsg_copy_msghdr+0x110/0x110 [ 64.210646][ T5880] ? mark_lock+0xee/0x1720 [ 64.215022][ T5880] ? mark_lock+0xee/0x1720 [ 64.219589][ T5880] ? lock_chain_count+0x20/0x20 [ 64.224485][ T5880] ? lock_chain_count+0x20/0x20 [ 64.229383][ T5880] ? find_held_lock+0x2d/0x110 [ 64.234128][ T5880] ? unix_dgram_connect+0x7da/0x9f0 [ 64.239290][ T5880] ? lock_downgrade+0x6d0/0x6d0 [ 64.244105][ T5880] ? __fget_light+0x4c/0x220 [ 64.248748][ T5880] __sys_sendmmsg+0x141/0x300 [ 64.253396][ T5880] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 64.258383][ T5880] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 64.264326][ T5880] ? find_held_lock+0x2d/0x110 [ 64.269063][ T5880] ? __context_tracking_exit+0x80/0x90 [ 64.274482][ T5880] ? lock_downgrade+0x6d0/0x6d0 [ 64.279322][ T5880] __x64_sys_sendmmsg+0x94/0x100 [ 64.284225][ T5880] ? syscall_enter_from_user_mode+0x27/0x70 [ 64.290078][ T5880] do_syscall_64+0x2d/0x70 [ 64.294458][ T5880] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.300317][ T5880] RIP: 0033:0x7fb40a1e6039 [ 64.304701][ T5880] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 64.324295][ T5880] RSP: 002b:00007ffc770fcd88 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 64.332673][ T5880] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb40