bisecting cause commit starting from 8515d05bf6bcdc8873c576ae6a721985389a3bd1 building syzkaller on ee339263ba6b1a08006ea3e8e1862e15181a640d testing commit 8515d05bf6bcdc8873c576ae6a721985389a3bd1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b4ac8c6b3aff4b806f7567359751adab1eeb963df37eaa4702957d31f82e5cb5 all runs: crashed: possible deadlock in __snd_pcm_lib_xfer testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f8192cdec4b642d89e1e7c9399facdde641ff27ccab2a82b1214ee75b10d6eb1 all runs: OK # git bisect start 8515d05bf6bcdc8873c576ae6a721985389a3bd1 f443e374ae131c168a065ea1748feac6b2e76613 Bisecting: 7041 revisions left to test after this (roughly 13 steps) [169e77764adc041b1dacba84ea90516a895d43b2] Merge tag 'net-next-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 169e77764adc041b1dacba84ea90516a895d43b2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 71b17d3b6ec8469484774b1316c49bdb25874987f6b93485ce841ced50a30d00 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 169e77764adc041b1dacba84ea90516a895d43b2 Bisecting: 3456 revisions left to test after this (roughly 12 steps) [710f5d627a98e86f821aceb840b8f2f1fcc6cf75] Merge tag 'usb-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit 710f5d627a98e86f821aceb840b8f2f1fcc6cf75 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f255390546ea892ea56d32791cf2300cac2f775074b61a3e9ad8e335e3593d6e run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 710f5d627a98e86f821aceb840b8f2f1fcc6cf75 Bisecting: 1716 revisions left to test after this (roughly 11 steps) [d3e20c27fd1e68eaf548b81dbebc204ac6ad431d] Merge branch 'tty-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git testing commit d3e20c27fd1e68eaf548b81dbebc204ac6ad431d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 083cd118f52d0316ffe007063046497bd84d4a0447a584f5424631727d87fb6c all runs: crashed: possible deadlock in __snd_pcm_lib_xfer # git bisect bad d3e20c27fd1e68eaf548b81dbebc204ac6ad431d Bisecting: 869 revisions left to test after this (roughly 10 steps) [3bcf9ef9335b1d83128e7faa60a261749ae553b4] Merge branch 'h8300-next' of git://git.sourceforge.jp/gitroot/uclinux-h8/linux.git testing commit 3bcf9ef9335b1d83128e7faa60a261749ae553b4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 605710186fe7bce36c295b81fc1876822dfa33cc8206bbe6a64c5e89f51ffd51 all runs: OK # git bisect good 3bcf9ef9335b1d83128e7faa60a261749ae553b4 Bisecting: 451 revisions left to test after this (roughly 9 steps) [be6f51b8e2bda6149c2cf83820cb33747f03d0df] Merge branch 'for-linux-next' of git://anongit.freedesktop.org/drm/drm-misc testing commit be6f51b8e2bda6149c2cf83820cb33747f03d0df compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3be7d9749cd04f6a8c51a82d0c7c63bb524b3bc742704b06dbbe1a1e4e04bdbb all runs: OK # git bisect good be6f51b8e2bda6149c2cf83820cb33747f03d0df Bisecting: 226 revisions left to test after this (roughly 8 steps) [23e3fd606d63d289a48e669e9a56670c9f49bf78] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git testing commit 23e3fd606d63d289a48e669e9a56670c9f49bf78 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d9fce46f44535e718b2d718329a85197684e432ef06706853bfa3a458532ddc1 all runs: crashed: possible deadlock in __snd_pcm_lib_xfer # git bisect bad 23e3fd606d63d289a48e669e9a56670c9f49bf78 Bisecting: 119 revisions left to test after this (roughly 7 steps) [799d57acc1cb23f327945eba02793fa27edf52a5] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input.git testing commit 799d57acc1cb23f327945eba02793fa27edf52a5 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3bb63e3fe034e4976be701884583dff2fb78ac68009e5365945c905511e0ffe0 all runs: OK # git bisect good 799d57acc1cb23f327945eba02793fa27edf52a5 Bisecting: 60 revisions left to test after this (roughly 6 steps) [43a1f21f7c97d26d13ffd5e6544e7d6b584b30aa] Merge branch 'for-5.18/io_uring' into for-next testing commit 43a1f21f7c97d26d13ffd5e6544e7d6b584b30aa compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 72c232212c54d9c8d1e3c247828a7b6befbadbab204a2cec7e1c861cf56f1318 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 43a1f21f7c97d26d13ffd5e6544e7d6b584b30aa Bisecting: 26 revisions left to test after this (roughly 5 steps) [9a1a2b65cc299b5987d34c7b0decac0467ae17b0] Merge branch 'apparmor-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor testing commit 9a1a2b65cc299b5987d34c7b0decac0467ae17b0 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c6bd6d919313d2f969bf7777f20101fc2f7438070843306b447406527655be15 all runs: crashed: possible deadlock in __snd_pcm_lib_xfer # git bisect bad 9a1a2b65cc299b5987d34c7b0decac0467ae17b0 Bisecting: 16 revisions left to test after this (roughly 4 steps) [364bd29902aead91b15e436a6a69221c800113c8] apparmor: Fix some kernel-doc comments testing commit 364bd29902aead91b15e436a6a69221c800113c8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f824c24c5bbc2a5d9ce40537b41990f32c8e60fdd7aa2fc0a70afed0f4a2bc09 all runs: OK # git bisect good 364bd29902aead91b15e436a6a69221c800113c8 Bisecting: 8 revisions left to test after this (roughly 3 steps) [7f5985b0b3f6cf1e808773927423bbe5999f8953] Merge branch 'for-next' of git://git.kernel.dk/linux-block.git testing commit 7f5985b0b3f6cf1e808773927423bbe5999f8953 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f830d38f7e5b5e0f6ff54a995d62e0190ee89ad4d120fb9fb950358021d7805e all runs: crashed: possible deadlock in __snd_pcm_lib_xfer # git bisect bad 7f5985b0b3f6cf1e808773927423bbe5999f8953 Bisecting: 3 revisions left to test after this (roughly 2 steps) [c86d18f4aa93e0e66cda0e55827cd03eea6bc5f8] io_uring: fix memory leak of uid in files registration testing commit c86d18f4aa93e0e66cda0e55827cd03eea6bc5f8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 17afa36c5a69858b59e90c7bec9a9ca4423e799a1800455ead4d3cd11ea26939 all runs: OK # git bisect good c86d18f4aa93e0e66cda0e55827cd03eea6bc5f8 Bisecting: 1 revision left to test after this (roughly 1 step) [2226af05f4ea3f783438c9ad5a71794537420901] Merge branch 'for-5.18/io_uring' into for-next testing commit 2226af05f4ea3f783438c9ad5a71794537420901 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e66f79ebd4e4e78a6524ac0b64957f1f78a211d32f270bae7bf0321470dd14a8 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 2226af05f4ea3f783438c9ad5a71794537420901 Bisecting: 0 revisions left to test after this (roughly 0 steps) [95281b7d83925f379db2f26771050154a9179a42] Merge branch 'for-5.18/io_uring' into for-next testing commit 95281b7d83925f379db2f26771050154a9179a42 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: adb675a2268e3ea089e67abc9c46d30d52e5b8586020c6f7fa2d4e7f61534fab all runs: OK # git bisect good 95281b7d83925f379db2f26771050154a9179a42 7f5985b0b3f6cf1e808773927423bbe5999f8953 is the first bad commit commit 7f5985b0b3f6cf1e808773927423bbe5999f8953 Merge: 799d57acc1cb 95281b7d8392 Author: Stephen Rothwell Date: Mon Mar 28 10:17:45 2022 +1100 Merge branch 'for-next' of git://git.kernel.dk/linux-block.git block/blk-cgroup.c | 32 +++++++--- drivers/block/n64cart.c | 2 +- drivers/block/xen-blkback/blkback.c | 2 +- drivers/block/xen-blkfront.c | 2 +- fs/io_uring.c | 120 ++++++++++++++++++++++++++++++------ include/linux/blk-cgroup.h | 5 +- include/linux/sbitmap.h | 2 +- include/uapi/linux/io_uring.h | 2 - lib/sbitmap.c | 2 +- 9 files changed, 132 insertions(+), 37 deletions(-) revisions tested: 16, total time: 3h24m47.626123857s (build: 2h40m4.083423118s, test: 42m57.236826402s) first bad commit: 7f5985b0b3f6cf1e808773927423bbe5999f8953 Merge branch 'for-next' of git://git.kernel.dk/linux-block.git recipients (to): ["sfr@canb.auug.org.au"] recipients (cc): [] crash: possible deadlock in __snd_pcm_lib_xfer ====================================================== WARNING: possible circular locking dependency detected 5.17.0-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor339/4068 is trying to acquire lock: ffff8880774e3228 (&mm->mmap_lock#2){++++}-{3:3}, at: __might_fault+0x88/0x160 mm/memory.c:5317 but task is already holding lock: ffff88801a542230 (&runtime->buffer_mutex){+.+.}-{3:3}, at: wait_for_avail sound/core/pcm_lib.c:1913 [inline] ffff88801a542230 (&runtime->buffer_mutex){+.+.}-{3:3}, at: __snd_pcm_lib_xfer+0x9ca/0x1ab0 sound/core/pcm_lib.c:2263 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&runtime->buffer_mutex){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:600 [inline] __mutex_lock+0x12f/0x12f0 kernel/locking/mutex.c:733 snd_pcm_hw_params+0xbb/0x1740 sound/core/pcm_native.c:705 snd_pcm_oss_change_params_locked+0x11a2/0x30a0 sound/core/oss/pcm_oss.c:976 snd_pcm_oss_change_params sound/core/oss/pcm_oss.c:1116 [inline] snd_pcm_oss_mmap+0x391/0x4a0 sound/core/oss/pcm_oss.c:2929 call_mmap include/linux/fs.h:2085 [inline] mmap_region+0x976/0x1200 mm/mmap.c:1791 do_mmap+0x5c4/0xd70 mm/mmap.c:1582 vm_mmap_pgoff+0x163/0x210 mm/util.c:519 ksys_mmap_pgoff+0x2e8/0x490 mm/mmap.c:1628 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #0 (&mm->mmap_lock#2){++++}-{3:3}: check_prev_add kernel/locking/lockdep.c:3065 [inline] check_prevs_add kernel/locking/lockdep.c:3188 [inline] validate_chain kernel/locking/lockdep.c:3803 [inline] __lock_acquire+0x2a44/0x5660 kernel/locking/lockdep.c:5029 lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __might_fault mm/memory.c:5318 [inline] __might_fault+0xe6/0x160 mm/memory.c:5311 _copy_to_user+0x20/0xc0 lib/usercopy.c:28 copy_to_user include/linux/uaccess.h:160 [inline] default_read_copy+0xf1/0x160 sound/core/pcm_lib.c:2013 __snd_pcm_lib_xfer+0x1148/0x1ab0 sound/core/pcm_lib.c:2282 snd_pcm_oss_read3+0x16f/0x360 sound/core/oss/pcm_oss.c:1292 snd_pcm_oss_read2+0x261/0x3b0 sound/core/oss/pcm_oss.c:1503 snd_pcm_oss_read1 sound/core/oss/pcm_oss.c:1550 [inline] snd_pcm_oss_read+0x4a4/0x6a0 sound/core/oss/pcm_oss.c:2788 vfs_read+0x15f/0x4b0 fs/read_write.c:480 ksys_read+0xee/0x1c0 fs/read_write.c:620 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&runtime->buffer_mutex); lock(&mm->mmap_lock#2); lock(&runtime->buffer_mutex); lock(&mm->mmap_lock#2); *** DEADLOCK *** 1 lock held by syz-executor339/4068: #0: ffff88801a542230 (&runtime->buffer_mutex){+.+.}-{3:3}, at: wait_for_avail sound/core/pcm_lib.c:1913 [inline] #0: ffff88801a542230 (&runtime->buffer_mutex){+.+.}-{3:3}, at: __snd_pcm_lib_xfer+0x9ca/0x1ab0 sound/core/pcm_lib.c:2263 stack backtrace: CPU: 0 PID: 4068 Comm: syz-executor339 Not tainted 5.17.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2145 check_prev_add kernel/locking/lockdep.c:3065 [inline] check_prevs_add kernel/locking/lockdep.c:3188 [inline] validate_chain kernel/locking/lockdep.c:3803 [inline] __lock_acquire+0x2a44/0x5660 kernel/locking/lockdep.c:5029 lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __might_fault mm/memory.c:5318 [inline] __might_fault+0xe6/0x160 mm/memory.c:5311 _copy_to_user+0x20/0xc0 lib/usercopy.c:28 copy_to_user include/linux/uaccess.h:160 [inline] default_read_copy+0xf1/0x160 sound/core/pcm_lib.c:2013 __snd_pcm_lib_xfer+0x1148/0x1ab0 sound/core/pcm_lib.c:2282 snd_pcm_oss_read3+0x16f/0x360 sound/core/oss/pcm_oss.c:1292 snd_pcm_oss_read2+0x261/0x3b0 sound/core/oss/pcm_oss.c:1503 snd_pcm_oss_read1 sound/core/oss/pcm_oss.c:1550 [inline] snd_pcm_oss_read+0x4a4/0x6a0 sound/core/oss/pcm_oss.c:2788 vfs_read+0x15f/0x4b0 fs/read_write.c:480 ksys_read+0xee/0x1c0 fs/read_write.c:620 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f407434ec19 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fffea664128 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f407434ec19 RDX: 0000000000000ff2 RSI: 0000000020000780 RDI: 0000000000000004 RBP: 00007f4074312dc0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4074312e50 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000