Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts. [ 75.124245][ C1] [ 75.126599][ C1] ======================================================== [ 75.133792][ C1] WARNING: possible irq lock inversion dependency detected [ 75.140981][ C1] 5.17.0-rc6-syzkaller-00184-g38f80f42147f-dirty #0 Not tainted [ 75.148620][ C1] -------------------------------------------------------- [ 75.155811][ C1] syz-executor295/5049 just changed the state of lock: [ 75.162658][ C1] ffff888021a6f948 (&timer->lock){..-.}-{2:2}, at: snd_timer_interrupt.part.0+0x33/0xe80 [ 75.172522][ C1] but this lock took another, SOFTIRQ-READ-unsafe lock in the past: [ 75.180499][ C1] (tasklist_lock){.+.+}-{2:2} [ 75.180532][ C1] [ 75.180532][ C1] [ 75.180532][ C1] and interrupts could create inverse lock ordering between them. [ 75.180532][ C1] [ 75.199605][ C1] [ 75.199605][ C1] other info that might help us debug this: [ 75.207661][ C1] Chain exists of: [ 75.207661][ C1] &timer->lock --> &new->fa_lock --> tasklist_lock [ 75.207661][ C1] [ 75.220189][ C1] Possible interrupt unsafe locking scenario: [ 75.220189][ C1] [ 75.228509][ C1] CPU0 CPU1 [ 75.233873][ C1] ---- ---- [ 75.239239][ C1] lock(tasklist_lock); [ 75.243488][ C1] local_irq_disable(); [ 75.250240][ C1] lock(&timer->lock); [ 75.256921][ C1] lock(&new->fa_lock); [ 75.263692][ C1] [ 75.267142][ C1] lock(&timer->lock); [ 75.271475][ C1] [ 75.271475][ C1] *** DEADLOCK *** [ 75.271475][ C1] [ 75.279617][ C1] 2 locks held by syz-executor295/5049: [ 75.285161][ C1] #0: ffff88801bbbc028 (&mm->mmap_lock#2){++++}-{3:3}, at: exit_mmap+0x10d/0x6a0 [ 75.294433][ C1] #1: ffffc90000dc0d70 ((&priv->tlist)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0 [ 75.303783][ C1] [ 75.303783][ C1] the shortest dependencies between 2nd lock and 1st lock: [ 75.313158][ C1] -> (tasklist_lock){.+.+}-{2:2} { [ 75.318563][ C1] HARDIRQ-ON-R at: [ 75.322809][ C1] lock_acquire+0x1ab/0x510 [ 75.329501][ C1] _raw_read_lock+0x5b/0x70 [ 75.336192][ C1] do_wait+0x284/0xce0 [ 75.342454][ C1] kernel_wait+0x9c/0x150 [ 75.348972][ C1] call_usermodehelper_exec_work+0xf5/0x180 [ 75.357065][ C1] process_one_work+0x9ac/0x1650 [ 75.364184][ C1] worker_thread+0x657/0x1110 [ 75.371163][ C1] kthread+0x2e9/0x3a0 [ 75.377420][ C1] ret_from_fork+0x1f/0x30 [ 75.384128][ C1] SOFTIRQ-ON-R at: [ 75.388371][ C1] lock_acquire+0x1ab/0x510 [ 75.395070][ C1] _raw_read_lock+0x5b/0x70 [ 75.401780][ C1] do_wait+0x284/0xce0 [ 75.408034][ C1] kernel_wait+0x9c/0x150 [ 75.414562][ C1] call_usermodehelper_exec_work+0xf5/0x180 [ 75.422911][ C1] process_one_work+0x9ac/0x1650 [ 75.430034][ C1] worker_thread+0x657/0x1110 [ 75.436895][ C1] kthread+0x2e9/0x3a0 [ 75.443155][ C1] ret_from_fork+0x1f/0x30 [ 75.449760][ C1] INITIAL USE at: [ 75.453920][ C1] lock_acquire+0x1ab/0x510 [ 75.460527][ C1] _raw_write_lock_irq+0x32/0x50 [ 75.467568][ C1] copy_process+0x486a/0x7250 [ 75.474342][ C1] kernel_clone+0xe7/0xab0 [ 75.480863][ C1] kernel_thread+0xb5/0xf0 [ 75.487375][ C1] rest_init+0x23/0x3e0 [ 75.493634][ C1] start_kernel+0x47a/0x49b [ 75.500413][ C1] secondary_startup_64_no_verify+0xc3/0xcb [ 75.508417][ C1] INITIAL READ USE at: [ 75.513017][ C1] lock_acquire+0x1ab/0x510 [ 75.520055][ C1] _raw_read_lock+0x5b/0x70 [ 75.527090][ C1] do_wait+0x284/0xce0 [ 75.533698][ C1] kernel_wait+0x9c/0x150 [ 75.540561][ C1] call_usermodehelper_exec_work+0xf5/0x180 [ 75.548994][ C1] process_one_work+0x9ac/0x1650 [ 75.556473][ C1] worker_thread+0x657/0x1110 [ 75.563683][ C1] kthread+0x2e9/0x3a0 [ 75.570292][ C1] ret_from_fork+0x1f/0x30 [ 75.577270][ C1] } [ 75.580029][ C1] ... key at: [] tasklist_lock+0x18/0x40 [ 75.588026][ C1] ... acquired at: [ 75.592089][ C1] _raw_read_lock+0x5b/0x70 [ 75.596778][ C1] send_sigio+0xab/0x380 [ 75.601212][ C1] kill_fasync+0x1f8/0x470 [ 75.605853][ C1] snd_timer_user_ccallback+0x298/0x330 [ 75.611591][ C1] snd_timer_notify1+0x11c/0x3b0 [ 75.616720][ C1] snd_timer_stop1+0x496/0x860 [ 75.621671][ C1] snd_timer_close_locked+0x20f/0xbb0 [ 75.627232][ C1] snd_timer_close+0x87/0xf0 [ 75.632035][ C1] __snd_timer_user_ioctl.isra.0+0x10e2/0x2490 [ 75.638383][ C1] snd_timer_user_ioctl+0x77/0xb0 [ 75.643600][ C1] __x64_sys_ioctl+0x193/0x200 [ 75.648553][ C1] do_syscall_64+0x35/0xb0 [ 75.653156][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.659239][ C1] [ 75.661561][ C1] -> (&f->f_owner.lock){....}-{2:2} { [ 75.667135][ C1] INITIAL USE at: [ 75.671202][ C1] lock_acquire+0x1ab/0x510 [ 75.677637][ C1] _raw_write_lock_irq+0x32/0x50 [ 75.684501][ C1] f_modown+0x2a/0x390 [ 75.690495][ C1] f_setown+0xd7/0x230 [ 75.696520][ C1] do_fcntl+0x749/0x1210 [ 75.702687][ C1] __x64_sys_fcntl+0x165/0x1e0 [ 75.709422][ C1] do_syscall_64+0x35/0xb0 [ 75.715789][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.723608][ C1] INITIAL READ USE at: [ 75.728112][ C1] lock_acquire+0x1ab/0x510 [ 75.734976][ C1] _raw_read_lock_irqsave+0x70/0x90 [ 75.742530][ C1] send_sigio+0x24/0x380 [ 75.749129][ C1] kill_fasync+0x1f8/0x470 [ 75.755900][ C1] snd_timer_user_ccallback+0x298/0x330 [ 75.763809][ C1] snd_timer_notify1+0x11c/0x3b0 [ 75.771133][ C1] snd_timer_start1+0x4d4/0x800 [ 75.778345][ C1] snd_timer_user_start.isra.0+0x1e3/0x260 [ 75.786539][ C1] __snd_timer_user_ioctl.isra.0+0xda8/0x2490 [ 75.794970][ C1] snd_timer_user_ioctl+0x77/0xb0 [ 75.802359][ C1] __x64_sys_ioctl+0x193/0x200 [ 75.809490][ C1] do_syscall_64+0x35/0xb0 [ 75.816276][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.824531][ C1] } [ 75.827204][ C1] ... key at: [] __key.5+0x0/0x40 [ 75.834625][ C1] ... acquired at: [ 75.838611][ C1] _raw_read_lock_irqsave+0x70/0x90 [ 75.844000][ C1] send_sigio+0x24/0x380 [ 75.848428][ C1] kill_fasync+0x1f8/0x470 [ 75.853030][ C1] snd_timer_user_ccallback+0x298/0x330 [ 75.858768][ C1] snd_timer_notify1+0x11c/0x3b0 [ 75.863893][ C1] snd_timer_start1+0x4d4/0x800 [ 75.868940][ C1] snd_timer_user_start.isra.0+0x1e3/0x260 [ 75.875735][ C1] __snd_timer_user_ioctl.isra.0+0xda8/0x2490 [ 75.882333][ C1] snd_timer_user_ioctl+0x77/0xb0 [ 75.887554][ C1] __x64_sys_ioctl+0x193/0x200 [ 75.892507][ C1] do_syscall_64+0x35/0xb0 [ 75.897119][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.903201][ C1] [ 75.905527][ C1] -> (&new->fa_lock){....}-{2:2} { [ 75.910929][ C1] INITIAL USE at: [ 75.914923][ C1] lock_acquire+0x1ab/0x510 [ 75.921183][ C1] _raw_write_lock_irq+0x32/0x50 [ 75.927871][ C1] fasync_remove_entry+0xb6/0x1f0 [ 75.934660][ C1] fasync_helper+0x9e/0xb0 [ 75.940828][ C1] __fput+0x846/0x9f0 [ 75.946563][ C1] task_work_run+0xdd/0x1a0 [ 75.952821][ C1] do_exit+0xb29/0x2a30 [ 75.958734][ C1] do_group_exit+0xd2/0x2f0 [ 75.964996][ C1] __x64_sys_exit_group+0x3a/0x50 [ 75.971806][ C1] do_syscall_64+0x35/0xb0 [ 75.978505][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.986156][ C1] INITIAL READ USE at: [ 75.990583][ C1] lock_acquire+0x1ab/0x510 [ 75.997277][ C1] _raw_read_lock_irqsave+0x70/0x90 [ 76.004665][ C1] kill_fasync+0x136/0x470 [ 76.011361][ C1] snd_timer_user_ccallback+0x298/0x330 [ 76.019106][ C1] snd_timer_notify1+0x11c/0x3b0 [ 76.026233][ C1] snd_timer_start1+0x4d4/0x800 [ 76.033276][ C1] snd_timer_user_start.isra.0+0x1e3/0x260 [ 76.041278][ C1] __snd_timer_user_ioctl.isra.0+0xda8/0x2490 [ 76.049536][ C1] snd_timer_user_ioctl+0x77/0xb0 [ 76.056753][ C1] __x64_sys_ioctl+0x193/0x200 [ 76.063705][ C1] do_syscall_64+0x35/0xb0 [ 76.070318][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.078425][ C1] } [ 76.081016][ C1] ... key at: [] __key.0+0x0/0x40 [ 76.088233][ C1] ... acquired at: [ 76.092122][ C1] _raw_read_lock_irqsave+0x70/0x90 [ 76.097509][ C1] kill_fasync+0x136/0x470 [ 76.102116][ C1] snd_timer_user_ccallback+0x298/0x330 [ 76.107852][ C1] snd_timer_notify1+0x11c/0x3b0 [ 76.112983][ C1] snd_timer_start1+0x4d4/0x800 [ 76.118020][ C1] snd_timer_user_start.isra.0+0x1e3/0x260 [ 76.124015][ C1] __snd_timer_user_ioctl.isra.0+0xda8/0x2490 [ 76.130276][ C1] snd_timer_user_ioctl+0x77/0xb0 [ 76.135495][ C1] __x64_sys_ioctl+0x193/0x200 [ 76.140455][ C1] do_syscall_64+0x35/0xb0 [ 76.145060][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.151146][ C1] [ 76.153473][ C1] -> (&timer->lock){..-.}-{2:2} { [ 76.158527][ C1] IN-SOFTIRQ-W at: [ 76.162516][ C1] lock_acquire+0x1ab/0x510 [ 76.168688][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 76.175554][ C1] snd_timer_interrupt.part.0+0x33/0xe80 [ 76.182858][ C1] snd_timer_s_function+0x14b/0x200 [ 76.189722][ C1] call_timer_fn+0x1a5/0x6b0 [ 76.195975][ C1] __run_timers.part.0+0x67c/0xa30 [ 76.202753][ C1] run_timer_softirq+0xb3/0x1d0 [ 76.209265][ C1] __do_softirq+0x29b/0x9c2 [ 76.215439][ C1] __irq_exit_rcu+0x123/0x180 [ 76.221789][ C1] irq_exit_rcu+0x5/0x20 [ 76.227699][ C1] sysvec_apic_timer_interrupt+0x93/0xc0 [ 76.235003][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 76.242648][ C1] lock_is_held_type+0x51/0x140 [ 76.249169][ C1] __might_resched+0x3a/0x2c0 [ 76.255508][ C1] down_write+0x6c/0x150 [ 76.261421][ C1] unlink_file_vma+0x7d/0x110 [ 76.267762][ C1] free_pgtables+0x1b3/0x2f0 [ 76.274019][ C1] exit_mmap+0x210/0x6a0 [ 76.279923][ C1] __mmput+0x122/0x4b0 [ 76.285652][ C1] mmput+0x56/0x60 [ 76.291030][ C1] do_exit+0xa3c/0x2a30 [ 76.296851][ C1] do_group_exit+0xd2/0x2f0 [ 76.303025][ C1] __x64_sys_exit_group+0x3a/0x50 [ 76.309714][ C1] do_syscall_64+0x35/0xb0 [ 76.315802][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.323450][ C1] INITIAL USE at: [ 76.327400][ C1] lock_acquire+0x1ab/0x510 [ 76.333481][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 76.340263][ C1] snd_timer_notify+0x10c/0x3d0 [ 76.346693][ C1] snd_pcm_post_stop+0x195/0x1f0 [ 76.353206][ C1] snd_pcm_action+0x143/0x170 [ 76.359459][ C1] snd_pcm_drop+0x1ab/0x320 [ 76.365536][ C1] snd_pcm_kernel_ioctl+0x2af/0x310 [ 76.372307][ C1] snd_pcm_oss_sync+0x230/0x800 [ 76.378745][ C1] snd_pcm_oss_release+0x276/0x300 [ 76.385437][ C1] __fput+0x286/0x9f0 [ 76.390998][ C1] task_work_run+0xdd/0x1a0 [ 76.397084][ C1] exit_to_user_mode_prepare+0x27e/0x290 [ 76.404292][ C1] syscall_exit_to_user_mode+0x19/0x60 [ 76.411336][ C1] do_syscall_64+0x42/0xb0 [ 76.417338][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.424820][ C1] } [ 76.427317][ C1] ... key at: [] __key.12+0x0/0x40 [ 76.434547][ C1] ... acquired at: [ 76.438350][ C1] __lock_acquire+0x11e3/0x56c0 [ 76.443484][ C1] lock_acquire+0x1ab/0x510 [ 76.448176][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 76.453559][ C1] snd_timer_interrupt.part.0+0x33/0xe80 [ 76.459394][ C1] snd_timer_s_function+0x14b/0x200 [ 76.464783][ C1] call_timer_fn+0x1a5/0x6b0 [ 76.469561][ C1] __run_timers.part.0+0x67c/0xa30 [ 76.474871][ C1] run_timer_softirq+0xb3/0x1d0 [ 76.479907][ C1] __do_softirq+0x29b/0x9c2 [ 76.484597][ C1] __irq_exit_rcu+0x123/0x180 [ 76.489500][ C1] irq_exit_rcu+0x5/0x20 [ 76.493945][ C1] sysvec_apic_timer_interrupt+0x93/0xc0 [ 76.499780][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 76.505944][ C1] lock_is_held_type+0x51/0x140 [ 76.510989][ C1] __might_resched+0x3a/0x2c0 [ 76.515852][ C1] down_write+0x6c/0x150 [ 76.520283][ C1] unlink_file_vma+0x7d/0x110 [ 76.525147][ C1] free_pgtables+0x1b3/0x2f0 [ 76.529931][ C1] exit_mmap+0x210/0x6a0 [ 76.534372][ C1] __mmput+0x122/0x4b0 [ 76.538624][ C1] mmput+0x56/0x60 [ 76.542528][ C1] do_exit+0xa3c/0x2a30 [ 76.546975][ C1] do_group_exit+0xd2/0x2f0 [ 76.551667][ C1] __x64_sys_exit_group+0x3a/0x50 [ 76.556886][ C1] do_syscall_64+0x35/0xb0 [ 76.561499][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.567581][ C1] [ 76.569905][ C1] [ 76.569905][ C1] stack backtrace: [ 76.575882][ C1] CPU: 1 PID: 5049 Comm: syz-executor295 Not tainted 5.17.0-rc6-syzkaller-00184-g38f80f42147f-dirty #0 [ 76.586915][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.597145][ C1] Call Trace: [ 76.600431][ C1] [ 76.603277][ C1] dump_stack_lvl+0xcd/0x134 [ 76.607886][ C1] mark_lock.part.0.cold+0x86/0xd8 [ 76.613018][ C1] ? lock_chain_count+0x20/0x20 [ 76.617887][ C1] ? mark_lock.part.0+0xee/0x1910 [ 76.622938][ C1] ? mark_lock.part.0+0xee/0x1910 [ 76.627987][ C1] __lock_acquire+0x11e3/0x56c0 [ 76.632861][ C1] ? mark_lock.part.0+0xee/0x1910 [ 76.637907][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 76.643908][ C1] lock_acquire+0x1ab/0x510 [ 76.648429][ C1] ? snd_timer_interrupt.part.0+0x33/0xe80 [ 76.654259][ C1] ? lock_release+0x720/0x720 [ 76.658953][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 76.664956][ C1] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 76.670437][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 76.675650][ C1] ? snd_timer_interrupt.part.0+0x33/0xe80 [ 76.681474][ C1] snd_timer_interrupt.part.0+0x33/0xe80 [ 76.687131][ C1] ? lock_chain_count+0x20/0x20 [ 76.692001][ C1] snd_timer_s_function+0x14b/0x200 [ 76.697220][ C1] ? snd_timer_interrupt+0xd0/0xd0 [ 76.702434][ C1] call_timer_fn+0x1a5/0x6b0 [ 76.707041][ C1] ? timer_fixup_activate+0x350/0x350 [ 76.712437][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 76.717658][ C1] ? snd_timer_interrupt+0xd0/0xd0 [ 76.722790][ C1] __run_timers.part.0+0x67c/0xa30 [ 76.727928][ C1] ? call_timer_fn+0x6b0/0x6b0 [ 76.732709][ C1] run_timer_softirq+0xb3/0x1d0 [ 76.737572][ C1] __do_softirq+0x29b/0x9c2 [ 76.742098][ C1] __irq_exit_rcu+0x123/0x180 [ 76.746834][ C1] irq_exit_rcu+0x5/0x20 [ 76.751103][ C1] sysvec_apic_timer_interrupt+0x93/0xc0 [ 76.756760][ C1] [ 76.759694][ C1] [ 76.762629][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 76.768654][ C1] RIP: 0010:lock_is_held_type+0x51/0x140 [ 76.774311][ C1] Code: b6 76 85 c0 0f 85 ca 00 00 00 65 4c 8b 24 25 00 70 02 00 41 8b 94 24 5c 0a 00 00 85 d2 0f 85 b1 00 00 00 48 89 fd 41 89 f6 9c <8f> 04 24 fa 48 c7 c7 e0 60 ac 89 31 db e8 fd 0d 00 00 41 8b 84 24 [ 76.793941][ C1] RSP: 0018:ffffc9000333fb08 EFLAGS: 00000246 [ 76.800018][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 [ 76.808084][ C1] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffffffff8bb84520 [ 76.816090][ C1] RBP: ffffffff8bb84520 R08: 0000000000000000 R09: ffffffff8ffc4977 [ 76.824162][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888022f40000 [ 76.832140][ C1] R13: 00000000ffffffff R14: 00000000ffffffff R15: 0000000000000000 [ 76.840130][ C1] __might_resched+0x3a/0x2c0 [ 76.844831][ C1] down_write+0x6c/0x150 [ 76.849094][ C1] ? down_write_killable_nested+0x180/0x180 [ 76.855007][ C1] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 76.861288][ C1] unlink_file_vma+0x7d/0x110 [ 76.865994][ C1] free_pgtables+0x1b3/0x2f0 [ 76.870607][ C1] exit_mmap+0x210/0x6a0 [ 76.874865][ C1] ? exit_aio+0x276/0x340 [ 76.879217][ C1] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 76.885224][ C1] __mmput+0x122/0x4b0 [ 76.889357][ C1] mmput+0x56/0x60 [ 76.893088][ C1] do_exit+0xa3c/0x2a30 [ 76.897265][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 76.902137][ C1] ? mm_update_next_owner+0x7a0/0x7a0 [ 76.907535][ C1] do_group_exit+0xd2/0x2f0 [ 76.912060][ C1] __x64_sys_exit_group+0x3a/0x50 [ 76.917102][ C1] do_syscall_64+0x35/0xb0 [ 76.921538][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.927451][ C1] RIP: 0033:0x7fa5e94ccc89 [ 76.931967][ C1] Code: Unable to access opcode bytes at RIP 0x7fa5e94ccc5f. [ 76.939336][ C1] RSP: 002b:00007ffe3ea446b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 76.947771][ C1] RAX: ffffffffffffffda RBX: 00007fa5e9541330 RCX: 00007fa5e94ccc89 [ 76.955840][ C1] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 76.963820][ C1] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000001 [ 76.971974][ C1] R10: 0000000000000001 R11: 0000000000000246 R12: 00007fa5e9541330 [ 76.979958][ C1] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 76.987951][ C1] [ 76.995785][ T141] cfg80211: failed to load regulatory.db