bisecting cause commit starting from cf6c9d12750cf6f3f6aeffcd0bdb36b1ac993f44
building syzkaller on 282f03fbbd76ae15c1ed5e934873fbbc47735176
testing commit cf6c9d12750cf6f3f6aeffcd0bdb36b1ac993f44
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d0e52653ad8ccbd8c3c425e4470d40fa8eff8412c20a796b72f8850c9a0fd2dc
all runs: crashed: possible deadlock in snd_mixer_oss_ioctl1
testing release v5.14
testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c7d28c881d6e1b7aa23bc0fc87f336297933695a96165abbbb323bb34b5070fb
all runs: OK
# git bisect start cf6c9d12750cf6f3f6aeffcd0bdb36b1ac993f44 7d2a07b769330c34b4deabeed939325c77a7ec2f
Bisecting: 11857 revisions left to test after this (roughly 14 steps)
[2fcd14d0f78090f57aecd7f424e2b0373cd631a7] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 2fcd14d0f78090f57aecd7f424e2b0373cd631a7
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 55e24eeb20b142b3b0c102d21e1f74568c5a20e74ddc1651bc499a9ae1df4c60
all runs: OK
# git bisect good 2fcd14d0f78090f57aecd7f424e2b0373cd631a7
Bisecting: 5933 revisions left to test after this (roughly 13 steps)
[4e20217df7977e42affb404d0cc253964da4ed67] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git

testing commit 4e20217df7977e42affb404d0cc253964da4ed67
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 4255759371e740880188b2f7e6cc438a9fd7ca5e6beb544ac9bdf2b408949c34
all runs: crashed: possible deadlock in snd_mixer_oss_ioctl1
# git bisect bad 4e20217df7977e42affb404d0cc253964da4ed67
Bisecting: 2969 revisions left to test after this (roughly 12 steps)
[ab57312df329bff24343f8555fa735be9b5ce8e2] Merge branch 'for-next' of git://github.com/Xilinx/linux-xlnx.git

testing commit ab57312df329bff24343f8555fa735be9b5ce8e2
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: bae0085e2b10576f8ef0735891f171be3dd509991b5f6b4dac0f4ad5b498368d
all runs: crashed: possible deadlock in snd_mixer_oss_ioctl1
# git bisect bad ab57312df329bff24343f8555fa735be9b5ce8e2
Bisecting: 1487 revisions left to test after this (roughly 11 steps)
[b762bf6f7b708254033a6aaf9f3e76060709461f] Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git

testing commit b762bf6f7b708254033a6aaf9f3e76060709461f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a37ed767b9fe674e411bfe9303a2270082a1d43cc2d37e8fd3d9063c9b0924b1
all runs: OK
# git bisect good b762bf6f7b708254033a6aaf9f3e76060709461f
Bisecting: 704 revisions left to test after this (roughly 10 steps)
[e580ba64acd2483e69b1cb570ea605a14e379575] Merge branch 'arm/dt' into for-next

testing commit e580ba64acd2483e69b1cb570ea605a14e379575
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5b4875f7d550aee9389cac93f1bd28eae5f4fd25ac2556898f446bb909b1d174
all runs: OK
# git bisect good e580ba64acd2483e69b1cb570ea605a14e379575
Bisecting: 307 revisions left to test after this (roughly 9 steps)
[b00bfa447383561289a70881d1bae161f208836e] Merge branch 'for-next/core' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

testing commit b00bfa447383561289a70881d1bae161f208836e
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c3025612338dfe8e9542ac127d03363173609121af6d5ec13eb882b0dfa8c79c
all runs: crashed: possible deadlock in snd_mixer_oss_ioctl1
# git bisect bad b00bfa447383561289a70881d1bae161f208836e
Bisecting: 199 revisions left to test after this (roughly 8 steps)
[47d319f3f444e77c914736821b0ff9a26fe939d2] Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock.git

testing commit 47d319f3f444e77c914736821b0ff9a26fe939d2
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: eff32932d400512834eb86e4f5b702cfc76af29b45e1900cc63f62d5ed876aed
all runs: crashed: possible deadlock in snd_mixer_oss_ioctl1
# git bisect bad 47d319f3f444e77c914736821b0ff9a26fe939d2
Bisecting: 93 revisions left to test after this (roughly 7 steps)
[9ff145484084416f37e2dae34cf502f0dc8233de] Merge branch 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git

testing commit 9ff145484084416f37e2dae34cf502f0dc8233de
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d62400925a8eb50e4a706cb36a6cffb62f24833bbd61d6582ffeba5cd18d0591
all runs: OK
# git bisect good 9ff145484084416f37e2dae34cf502f0dc8233de
Bisecting: 46 revisions left to test after this (roughly 6 steps)
[a52da737fc2f6eb1f9b65b95e0b2cb851db6478f] Merge branch 'hwmon' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging.git

testing commit a52da737fc2f6eb1f9b65b95e0b2cb851db6478f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6b7be95dcb6b0bcd48e78c866563c917b65a938625609e454046fc79ec115b4a
all runs: crashed: possible deadlock in snd_mixer_oss_ioctl1
# git bisect bad a52da737fc2f6eb1f9b65b95e0b2cb851db6478f
Bisecting: 21 revisions left to test after this (roughly 5 steps)
[cd89e1187e46e97e557d552d68853e3637eb3ab6] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git

testing commit cd89e1187e46e97e557d552d68853e3637eb3ab6
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: fa14ec1f5f045f98710e32f562a999fb7a1947b8591c133f337100da6994f866
all runs: crashed: possible deadlock in snd_mixer_oss_ioctl1
# git bisect bad cd89e1187e46e97e557d552d68853e3637eb3ab6
Bisecting: 12 revisions left to test after this (roughly 4 steps)
[4ca239f33737198827c7f4ac68a1f6fc8a9d79ba] ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts

testing commit 4ca239f33737198827c7f4ac68a1f6fc8a9d79ba
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: caa26deff314f01629c70cc148749ebfe84e545afa01007e3a6887fef4a817cf
all runs: OK
# git bisect good 4ca239f33737198827c7f4ac68a1f6fc8a9d79ba
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[61d5f1574b8c30667df40a2b0a5bf02034c8041f] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git

testing commit 61d5f1574b8c30667df40a2b0a5bf02034c8041f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8f39ddf7e40bfac096e45cd8c60012e75343c821d21c3c778e6ec804208ce0d2
all runs: crashed: possible deadlock in snd_mixer_oss_ioctl1
# git bisect bad 61d5f1574b8c30667df40a2b0a5bf02034c8041f
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[345e3ca26d45ca441d8e6cb4e82cbf1d730d3d72] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git

testing commit 345e3ca26d45ca441d8e6cb4e82cbf1d730d3d72
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8f39ddf7e40bfac096e45cd8c60012e75343c821d21c3c778e6ec804208ce0d2
all runs: crashed: possible deadlock in snd_mixer_oss_ioctl1
# git bisect bad 345e3ca26d45ca441d8e6cb4e82cbf1d730d3d72
Bisecting: 0 revisions left to test after this (roughly 1 step)
[5fc462c3aaad601d5089fd5588a5799896a6937d] ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14

testing commit 5fc462c3aaad601d5089fd5588a5799896a6937d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 58660cc6d4d5eae5e5bb899f7a8d86743f9b27455d85e52e943531900de901ae
all runs: crashed: possible deadlock in snd_mixer_oss_ioctl1
# git bisect bad 5fc462c3aaad601d5089fd5588a5799896a6937d
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[411cef6adfb38a5bb6bd9af3941b28198e7fb680] ALSA: mixer: oss: Fix racy access to slots

testing commit 411cef6adfb38a5bb6bd9af3941b28198e7fb680
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 0bfe60fe87c1ff43b2ca1ec5a9f2b87412f840a092fb2c860022c29d02c1093a
all runs: crashed: possible deadlock in snd_mixer_oss_ioctl1
# git bisect bad 411cef6adfb38a5bb6bd9af3941b28198e7fb680
411cef6adfb38a5bb6bd9af3941b28198e7fb680 is the first bad commit
commit 411cef6adfb38a5bb6bd9af3941b28198e7fb680
Author: Takashi Iwai <tiwai@suse.de>
Date:   Wed Oct 20 18:48:46 2021 +0200

    ALSA: mixer: oss: Fix racy access to slots
    
    The OSS mixer can reassign the mapping slots dynamically via proc
    file.  Although the addition and deletion of those slots are protected
    by mixer->reg_mutex, the access to slots aren't, hence this may cause
    UAF when the slots in use are deleted concurrently.
    
    This patch applies the mixer->reg_mutex in all appropriate code paths
    (i.e. the ioctl functions) that may access slots.
    
    Reported-by: syzbot+9988f17cf72a1045a189@syzkaller.appspotmail.com
    Reviewed-by: Jaroslav Kysela <perex@perex.cz>
    Cc: <stable@vger.kernel.org>
    Link: https://lore.kernel.org/r/00000000000036adc005ceca9175@google.com
    Link: https://lore.kernel.org/r/20211020164846.922-1-tiwai@suse.de
    Signed-off-by: Takashi Iwai <tiwai@suse.de>

 sound/core/oss/mixer_oss.c | 44 +++++++++++++++++++++++++++++++++-----------
 1 file changed, 33 insertions(+), 11 deletions(-)

parent commit 29664923725a384dc7e0f74af7c66e5ab7bb2a26 wasn't tested
testing commit 29664923725a384dc7e0f74af7c66e5ab7bb2a26
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f17ee307be6e11366cc7770558e0ac85ee1756d89bab8ad2af658f17fce99445
culprit signature: 0bfe60fe87c1ff43b2ca1ec5a9f2b87412f840a092fb2c860022c29d02c1093a
parent  signature: f17ee307be6e11366cc7770558e0ac85ee1756d89bab8ad2af658f17fce99445
revisions tested: 17, total time: 3h31m9.314999606s (build: 1h58m4.772620858s, test: 1h31m8.835137929s)
first bad commit: 411cef6adfb38a5bb6bd9af3941b28198e7fb680 ALSA: mixer: oss: Fix racy access to slots
recipients (to): ["alsa-devel@alsa-project.org" "perex@perex.cz" "perex@perex.cz" "tiwai@suse.com" "tiwai@suse.de"]
recipients (cc): ["broonie@kernel.org" "joe@perches.com" "lars@metafoo.de" "linux-kernel@vger.kernel.org"]
crash: possible deadlock in snd_mixer_oss_ioctl1
============================================
WARNING: possible recursive locking detected
5.15.0-rc1-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.2/9051 is trying to acquire lock:
ffff888147a5c9c8 (&mixer->reg_mutex
){+.+.}-{3:3}
, at: snd_mixer_oss_set_volume sound/core/oss/mixer_oss.c:316 [inline]
, at: snd_mixer_oss_ioctl1+0x512/0x1470 sound/core/oss/mixer_oss.c:375

but task is already holding lock:
ffff888147a5c9c8
 (&mixer->reg_mutex){+.+.}-{3:3}, at: snd_mixer_oss_set_volume sound/core/oss/mixer_oss.c:300 [inline]
 (&mixer->reg_mutex){+.+.}-{3:3}, at: snd_mixer_oss_ioctl1+0x3c5/0x1470 sound/core/oss/mixer_oss.c:375

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&mixer->reg_mutex);
  lock(&mixer->reg_mutex);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

1 lock held by syz-executor.2/9051:
 #0: ffff888147a5c9c8 (&mixer->reg_mutex){+.+.}-{3:3}, at: snd_mixer_oss_set_volume sound/core/oss/mixer_oss.c:300 [inline]
 #0: ffff888147a5c9c8 (&mixer->reg_mutex){+.+.}-{3:3}, at: snd_mixer_oss_ioctl1+0x3c5/0x1470 sound/core/oss/mixer_oss.c:375

stack backtrace:
CPU: 1 PID: 9051 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106
 print_deadlock_bug kernel/locking/lockdep.c:2944 [inline]
 check_deadlock kernel/locking/lockdep.c:2987 [inline]
 validate_chain kernel/locking/lockdep.c:3776 [inline]
 __lock_acquire.cold+0x229/0x3ab kernel/locking/lockdep.c:5015
 lock_acquire kernel/locking/lockdep.c:5625 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590
 __mutex_lock_common kernel/locking/mutex.c:596 [inline]
 __mutex_lock+0x131/0x12f0 kernel/locking/mutex.c:729
 snd_mixer_oss_set_volume sound/core/oss/mixer_oss.c:316 [inline]
 snd_mixer_oss_ioctl1+0x512/0x1470 sound/core/oss/mixer_oss.c:375
 snd_mixer_oss_ioctl+0x32/0x60 sound/core/oss/mixer_oss.c:390
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f70333cca39
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7032b42188 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f70334cff60 RCX: 00007f70333cca39
RDX: 0000000020000080 RSI: 00000000c0044d00 RDI: 0000000000000003
RBP: 00007f7033426e8f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdb897cfaf R14: 00007f7032b42300 R15: 0000000000022000