Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts. [ 71.356436][ T14] cfg80211: failed to load regulatory.db [ 71.363965][ C1] [ 71.366315][ C1] ======================================================== [ 71.373576][ C1] WARNING: possible irq lock inversion dependency detected [ 71.380840][ C1] 5.18.0-rc3-syzkaller #0 Not tainted [ 71.386284][ C1] -------------------------------------------------------- [ 71.393493][ C1] syz-executor425/6524 just changed the state of lock: [ 71.400317][ C1] ffff8880216b6148 (&timer->lock){..-.}-{2:2}, at: snd_timer_interrupt.part.0+0x28/0xd50 [ 71.410723][ C1] but this lock took another, SOFTIRQ-READ-unsafe lock in the past: [ 71.418874][ C1] (tasklist_lock){.+.+}-{2:2} [ 71.418889][ C1] [ 71.418889][ C1] [ 71.418889][ C1] and interrupts could create inverse lock ordering between them. [ 71.418889][ C1] [ 71.438263][ C1] [ 71.438263][ C1] other info that might help us debug this: [ 71.446565][ C1] Chain exists of: [ 71.446565][ C1] &timer->lock --> &new->fa_lock --> tasklist_lock [ 71.446565][ C1] [ 71.459128][ C1] Possible interrupt unsafe locking scenario: [ 71.459128][ C1] [ 71.467536][ C1] CPU0 CPU1 [ 71.472884][ C1] ---- ---- [ 71.478309][ C1] lock(tasklist_lock); [ 71.482523][ C1] local_irq_disable(); [ 71.489338][ C1] lock(&timer->lock); [ 71.496075][ C1] lock(&new->fa_lock); [ 71.502808][ C1] [ 71.506408][ C1] lock(&timer->lock); [ 71.510913][ C1] [ 71.510913][ C1] *** DEADLOCK *** [ 71.510913][ C1] [ 71.519114][ C1] 4 locks held by syz-executor425/6524: [ 71.524627][ C1] #0: ffff888072523228 (&mm->mmap_lock#2){++++}-{3:3}, at: do_user_addr_fault+0x18d/0xcd0 [ 71.534671][ C1] #1: ffffffff8ad781e0 (rcu_read_lock){....}-{1:2}, at: filemap_map_pages+0x175/0x1700 [ 71.544461][ C1] #2: ffff888071af2018 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: filemap_map_pages+0x6e7/0x1700 [ 71.554670][ C1] #3: ffffc900001e0d78 ((&priv->tlist)){+.-.}-{0:0}, at: call_timer_fn+0xcd/0x4a0 [ 71.564537][ C1] [ 71.564537][ C1] the shortest dependencies between 2nd lock and 1st lock: [ 71.574057][ C1] -> (tasklist_lock){.+.+}-{2:2} { [ 71.579409][ C1] HARDIRQ-ON-R at: [ 71.583827][ C1] lock_acquire+0x1ab/0x510 [ 71.590483][ C1] _raw_read_lock+0x5b/0x70 [ 71.597137][ C1] do_wait+0x231/0xaa0 [ 71.603437][ C1] kernel_wait+0x97/0x130 [ 71.609911][ C1] call_usermodehelper_exec_work+0xbb/0x140 [ 71.617942][ C1] process_one_work+0x865/0x13d0 [ 71.625012][ C1] worker_thread+0x598/0xec0 [ 71.631999][ C1] kthread+0x299/0x340 [ 71.638205][ C1] ret_from_fork+0x1f/0x30 [ 71.644759][ C1] SOFTIRQ-ON-R at: [ 71.648969][ C1] lock_acquire+0x1ab/0x510 [ 71.655704][ C1] _raw_read_lock+0x5b/0x70 [ 71.662648][ C1] do_wait+0x231/0xaa0 [ 71.669212][ C1] kernel_wait+0x97/0x130 [ 71.675677][ C1] call_usermodehelper_exec_work+0xbb/0x140 [ 71.683708][ C1] process_one_work+0x865/0x13d0 [ 71.690792][ C1] worker_thread+0x598/0xec0 [ 71.697614][ C1] kthread+0x299/0x340 [ 71.703824][ C1] ret_from_fork+0x1f/0x30 [ 71.710471][ C1] INITIAL USE at: [ 71.714823][ C1] lock_acquire+0x1ab/0x510 [ 71.721556][ C1] _raw_write_lock_irq+0x32/0x50 [ 71.728545][ C1] copy_process+0x3a19/0x68e0 [ 71.735362][ C1] kernel_clone+0xb8/0x7f0 [ 71.741936][ C1] kernel_thread+0xa3/0xe0 [ 71.748504][ C1] rest_init+0x1e/0x300 [ 71.754721][ C1] start_kernel+0x343/0x361 [ 71.761294][ C1] secondary_startup_64_no_verify+0xc3/0xcb [ 71.769255][ C1] INITIAL READ USE at: [ 71.773817][ C1] lock_acquire+0x1ab/0x510 [ 71.780910][ C1] _raw_read_lock+0x5b/0x70 [ 71.787902][ C1] do_wait+0x231/0xaa0 [ 71.794642][ C1] kernel_wait+0x97/0x130 [ 71.801459][ C1] call_usermodehelper_exec_work+0xbb/0x140 [ 71.809955][ C1] process_one_work+0x865/0x13d0 [ 71.817553][ C1] worker_thread+0x598/0xec0 [ 71.824713][ C1] kthread+0x299/0x340 [ 71.831276][ C1] ret_from_fork+0x1f/0x30 [ 71.838296][ C1] } [ 71.841045][ C1] ... key at: [] tasklist_lock+0x18/0x40 [ 71.849095][ C1] ... acquired at: [ 71.853216][ C1] _raw_read_lock+0x5b/0x70 [ 71.858313][ C1] send_sigio+0x8c/0x2b0 [ 71.862702][ C1] kill_fasync+0x176/0x320 [ 71.867259][ C1] snd_timer_user_ccallback+0x24d/0x300 [ 71.872948][ C1] snd_timer_notify1+0x115/0x330 [ 71.878675][ C1] snd_timer_stop1+0x3bd/0x7b0 [ 71.883669][ C1] snd_timer_close_locked+0x1cc/0xb30 [ 71.889185][ C1] snd_timer_close+0x7d/0xd0 [ 71.893916][ C1] __snd_timer_user_ioctl.isra.0+0xaf5/0x1e90 [ 71.900125][ C1] snd_timer_user_ioctl+0x72/0xa0 [ 71.905718][ C1] __x64_sys_ioctl+0x11f/0x190 [ 71.910646][ C1] do_syscall_64+0x35/0x80 [ 71.915211][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.921251][ C1] [ 71.923553][ C1] -> (&f->f_owner.lock){....}-{2:2} { [ 71.929248][ C1] INITIAL USE at: [ 71.933295][ C1] lock_acquire+0x1ab/0x510 [ 71.939768][ C1] _raw_write_lock_irq+0x32/0x50 [ 71.946589][ C1] f_modown+0x23/0x320 [ 71.952538][ C1] f_setown+0x86/0x160 [ 71.958485][ C1] do_fcntl+0x52a/0xd00 [ 71.964713][ C1] __x64_sys_fcntl+0x114/0x160 [ 71.971665][ C1] do_syscall_64+0x35/0x80 [ 71.978051][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.985974][ C1] INITIAL READ USE at: [ 71.990558][ C1] lock_acquire+0x1ab/0x510 [ 71.997566][ C1] _raw_read_lock_irqsave+0x70/0x90 [ 72.005256][ C1] send_sigio+0x1c/0x2b0 [ 72.011986][ C1] kill_fasync+0x176/0x320 [ 72.018716][ C1] snd_timer_user_ccallback+0x24d/0x300 [ 72.026679][ C1] snd_timer_notify1+0x115/0x330 [ 72.034210][ C1] snd_timer_start1+0x3dd/0x6f0 [ 72.041373][ C1] snd_timer_user_start.isra.0+0x16d/0x1e0 [ 72.049587][ C1] __snd_timer_user_ioctl.isra.0+0xa9d/0x1e90 [ 72.058240][ C1] snd_timer_user_ioctl+0x72/0xa0 [ 72.065939][ C1] __x64_sys_ioctl+0x11f/0x190 [ 72.073208][ C1] do_syscall_64+0x35/0x80 [ 72.080200][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.089285][ C1] } [ 72.091946][ C1] ... key at: [] __key.5+0x0/0x40 [ 72.099332][ C1] ... acquired at: [ 72.103398][ C1] _raw_read_lock_irqsave+0x70/0x90 [ 72.109263][ C1] send_sigio+0x1c/0x2b0 [ 72.113741][ C1] kill_fasync+0x176/0x320 [ 72.118305][ C1] snd_timer_user_ccallback+0x24d/0x300 [ 72.123994][ C1] snd_timer_notify1+0x115/0x330 [ 72.129073][ C1] snd_timer_start1+0x3dd/0x6f0 [ 72.134174][ C1] snd_timer_user_start.isra.0+0x16d/0x1e0 [ 72.140302][ C1] __snd_timer_user_ioctl.isra.0+0xa9d/0x1e90 [ 72.146601][ C1] snd_timer_user_ioctl+0x72/0xa0 [ 72.152229][ C1] __x64_sys_ioctl+0x11f/0x190 [ 72.157220][ C1] do_syscall_64+0x35/0x80 [ 72.161899][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.167950][ C1] [ 72.170403][ C1] -> (&new->fa_lock){....}-{2:2} { [ 72.175854][ C1] INITIAL USE at: [ 72.179851][ C1] lock_acquire+0x1ab/0x510 [ 72.186688][ C1] _raw_write_lock_irq+0x32/0x50 [ 72.193346][ C1] fasync_remove_entry+0xa1/0x1d0 [ 72.200162][ C1] __fput+0x664/0x8c0 [ 72.206022][ C1] task_work_run+0xc0/0x160 [ 72.212231][ C1] do_exit+0x986/0x2470 [ 72.218099][ C1] do_group_exit+0xb2/0x2a0 [ 72.224307][ C1] __x64_sys_exit_group+0x35/0x40 [ 72.231143][ C1] do_syscall_64+0x35/0x80 [ 72.237368][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.244968][ C1] INITIAL READ USE at: [ 72.249350][ C1] lock_acquire+0x1ab/0x510 [ 72.256080][ C1] _raw_read_lock_irqsave+0x70/0x90 [ 72.263417][ C1] kill_fasync+0xe5/0x320 [ 72.270023][ C1] snd_timer_user_ccallback+0x24d/0x300 [ 72.277718][ C1] snd_timer_notify1+0x115/0x330 [ 72.284794][ C1] snd_timer_start1+0x3dd/0x6f0 [ 72.291801][ C1] snd_timer_user_start.isra.0+0x16d/0x1e0 [ 72.299747][ C1] __snd_timer_user_ioctl.isra.0+0xa9d/0x1e90 [ 72.307953][ C1] snd_timer_user_ioctl+0x72/0xa0 [ 72.315239][ C1] __x64_sys_ioctl+0x11f/0x190 [ 72.322249][ C1] do_syscall_64+0x35/0x80 [ 72.329167][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.337201][ C1] } [ 72.339758][ C1] ... key at: [] __key.0+0x0/0x40 [ 72.346923][ C1] ... acquired at: [ 72.350783][ C1] _raw_read_lock_irqsave+0x70/0x90 [ 72.356204][ C1] kill_fasync+0xe5/0x320 [ 72.360677][ C1] snd_timer_user_ccallback+0x24d/0x300 [ 72.366365][ C1] snd_timer_notify1+0x115/0x330 [ 72.371456][ C1] snd_timer_start1+0x3dd/0x6f0 [ 72.376573][ C1] snd_timer_user_start.isra.0+0x16d/0x1e0 [ 72.382525][ C1] __snd_timer_user_ioctl.isra.0+0xa9d/0x1e90 [ 72.388735][ C1] snd_timer_user_ioctl+0x72/0xa0 [ 72.393910][ C1] __x64_sys_ioctl+0x11f/0x190 [ 72.398830][ C1] do_syscall_64+0x35/0x80 [ 72.403399][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.409543][ C1] [ 72.411846][ C1] -> (&timer->lock){..-.}-{2:2} { [ 72.416856][ C1] IN-SOFTIRQ-W at: [ 72.420805][ C1] lock_acquire+0x1ab/0x510 [ 72.426942][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 72.433759][ C1] snd_timer_interrupt.part.0+0x28/0xd50 [ 72.441011][ C1] call_timer_fn+0x163/0x4a0 [ 72.447218][ C1] __run_timers.part.0+0x530/0x8e0 [ 72.453951][ C1] run_timer_softirq+0x9c/0x190 [ 72.460419][ C1] __do_softirq+0x29b/0x9c2 [ 72.466735][ C1] __irq_exit_rcu+0x123/0x180 [ 72.473494][ C1] irq_exit_rcu+0x5/0x20 [ 72.479355][ C1] sysvec_apic_timer_interrupt+0x93/0xc0 [ 72.486615][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 72.494488][ C1] lock_release+0x3f1/0x720 [ 72.500616][ C1] page_add_file_rmap+0xb8/0x1290 [ 72.507879][ C1] do_set_pte+0x249/0x5e0 [ 72.513887][ C1] filemap_map_pages+0x876/0x1700 [ 72.520531][ C1] __handle_mm_fault+0x1adf/0x31c0 [ 72.527261][ C1] handle_mm_fault+0x166/0x5e0 [ 72.533728][ C1] do_user_addr_fault+0x2da/0xcd0 [ 72.540643][ C1] exc_page_fault+0x5a/0xc0 [ 72.546779][ C1] asm_exc_page_fault+0x1e/0x30 [ 72.553251][ C1] INITIAL USE at: [ 72.557113][ C1] lock_acquire+0x1ab/0x510 [ 72.563318][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 72.570047][ C1] snd_timer_notify+0xcc/0x320 [ 72.576344][ C1] snd_pcm_post_stop+0x173/0x1d0 [ 72.582872][ C1] snd_pcm_action_single+0xbe/0xf0 [ 72.589605][ C1] snd_pcm_drop+0x165/0x290 [ 72.595636][ C1] snd_pcm_oss_sync+0x1ed/0x730 [ 72.602104][ C1] snd_pcm_oss_release+0x21f/0x2b0 [ 72.608919][ C1] __fput+0x1f5/0x8c0 [ 72.614452][ C1] task_work_run+0xc0/0x160 [ 72.620493][ C1] exit_to_user_mode_prepare+0x23c/0x250 [ 72.627657][ C1] syscall_exit_to_user_mode+0x19/0x60 [ 72.634745][ C1] do_syscall_64+0x42/0x80 [ 72.640805][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.648401][ C1] } [ 72.650872][ C1] ... key at: [] __key.10+0x0/0x40 [ 72.658035][ C1] ... acquired at: [ 72.661849][ C1] __lock_acquire+0x11de/0x5660 [ 72.666844][ C1] lock_acquire+0x1ab/0x510 [ 72.671497][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 72.676848][ C1] snd_timer_interrupt.part.0+0x28/0xd50 [ 72.682622][ C1] call_timer_fn+0x163/0x4a0 [ 72.687363][ C1] __run_timers.part.0+0x530/0x8e0 [ 72.692616][ C1] run_timer_softirq+0x9c/0x190 [ 72.697607][ C1] __do_softirq+0x29b/0x9c2 [ 72.702249][ C1] __irq_exit_rcu+0x123/0x180 [ 72.707070][ C1] irq_exit_rcu+0x5/0x20 [ 72.711455][ C1] sysvec_apic_timer_interrupt+0x93/0xc0 [ 72.717316][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 72.723440][ C1] lock_release+0x3f1/0x720 [ 72.728173][ C1] page_add_file_rmap+0xb8/0x1290 [ 72.733339][ C1] do_set_pte+0x249/0x5e0 [ 72.737809][ C1] filemap_map_pages+0x876/0x1700 [ 72.742977][ C1] __handle_mm_fault+0x1adf/0x31c0 [ 72.748227][ C1] handle_mm_fault+0x166/0x5e0 [ 72.753228][ C1] do_user_addr_fault+0x2da/0xcd0 [ 72.758399][ C1] exc_page_fault+0x5a/0xc0 [ 72.763044][ C1] asm_exc_page_fault+0x1e/0x30 [ 72.768044][ C1] [ 72.770340][ C1] [ 72.770340][ C1] stack backtrace: [ 72.776199][ C1] CPU: 1 PID: 6524 Comm: syz-executor425 Not tainted 5.18.0-rc3-syzkaller #0 [ 72.784924][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.794949][ C1] Call Trace: [ 72.798210][ C1] [ 72.801135][ C1] dump_stack_lvl+0x57/0x7d [ 72.805720][ C1] mark_lock.part.0.cold+0x82/0xd8 [ 72.810983][ C1] ? lock_chain_count+0x20/0x20 [ 72.815804][ C1] ? mark_lock.part.0+0xee/0x19a0 [ 72.820884][ C1] ? lock_chain_count+0x20/0x20 [ 72.825884][ C1] __lock_acquire+0x11de/0x5660 [ 72.830706][ C1] ? __do_softirq+0x202/0x9c2 [ 72.835354][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.841305][ C1] ? lockdep_unlock+0x11b/0x290 [ 72.846125][ C1] ? __lock_acquire+0x2507/0x5660 [ 72.851117][ C1] lock_acquire+0x1ab/0x510 [ 72.855674][ C1] ? snd_timer_interrupt.part.0+0x28/0xd50 [ 72.861640][ C1] ? lock_release+0x720/0x720 [ 72.866284][ C1] ? __lock_acquire+0x15bc/0x5660 [ 72.871277][ C1] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 72.876795][ C1] ? snd_timer_interrupt+0xb0/0xb0 [ 72.882056][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 72.887318][ C1] ? snd_timer_interrupt.part.0+0x28/0xd50 [ 72.893440][ C1] snd_timer_interrupt.part.0+0x28/0xd50 [ 72.899134][ C1] ? snd_timer_interrupt+0xb0/0xb0 [ 72.904237][ C1] call_timer_fn+0x163/0x4a0 [ 72.908977][ C1] ? timer_fixup_activate+0x240/0x240 [ 72.914671][ C1] ? snd_timer_interrupt+0xb0/0xb0 [ 72.919753][ C1] ? lockdep_hardirqs_on_prepare+0x17b/0x400 [ 72.926067][ C1] ? snd_timer_interrupt+0xb0/0xb0 [ 72.931166][ C1] __run_timers.part.0+0x530/0x8e0 [ 72.936447][ C1] ? call_timer_fn+0x4a0/0x4a0 [ 72.941272][ C1] ? mark_held_locks+0x9f/0xe0 [ 72.946009][ C1] run_timer_softirq+0x9c/0x190 [ 72.951004][ C1] __do_softirq+0x29b/0x9c2 [ 72.955477][ C1] __irq_exit_rcu+0x123/0x180 [ 72.960137][ C1] irq_exit_rcu+0x5/0x20 [ 72.964345][ C1] sysvec_apic_timer_interrupt+0x93/0xc0 [ 72.970050][ C1] [ 72.973144][ C1] [ 72.976315][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 72.982357][ C1] RIP: 0010:lock_release+0x3f1/0x720 [ 72.987788][ C1] Code: 7e 83 f8 01 0f 85 8d 01 00 00 9c 58 f6 c4 02 0f 85 78 01 00 00 48 f7 04 24 00 02 00 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c5 48 c7 45 00 00 00 00 00 c7 45 08 00 00 00 00 48 8b 84 24 [ 73.007993][ C1] RSP: 0000:ffffc9000b7bfa90 EFLAGS: 00000206 [ 73.014139][ C1] RAX: dffffc0000000000 RBX: c89cedfddc633325 RCX: ffffc9000b7bfae0 [ 73.022443][ C1] RDX: 1ffff11003981c2a RSI: ffffffff88eb9380 RDI: ffffffff8942bfe0 [ 73.030386][ C1] RBP: 1ffff920016f7f54 R08: 0000000000000000 R09: 0000000000000000 [ 73.038336][ C1] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000003 [ 73.046369][ C1] R13: 0000000000000004 R14: ffff88801cc0e158 R15: ffff88801cc0d700 [ 73.054489][ C1] ? rcu_read_unlock+0x9/0x60 [ 73.059350][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 73.064273][ C1] ? lockdep_hardirqs_on_prepare+0x17b/0x400 [ 73.070337][ C1] ? folio_memcg_lock+0x4af/0x6c0 [ 73.075336][ C1] ? folio_memcg_lock+0x18f/0x6c0 [ 73.080421][ C1] page_add_file_rmap+0xb8/0x1290 [ 73.085424][ C1] ? next_uptodate_page+0x43e/0x610 [ 73.090594][ C1] do_set_pte+0x249/0x5e0 [ 73.094997][ C1] filemap_map_pages+0x876/0x1700 [ 73.099996][ C1] ? filemap_get_read_batch+0x760/0x760 [ 73.105600][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 73.111654][ C1] ? lock_chain_count+0x20/0x20 [ 73.116471][ C1] __handle_mm_fault+0x1adf/0x31c0 [ 73.121570][ C1] ? vm_iomap_memory+0x170/0x170 [ 73.126839][ C1] ? lockdep_hardirqs_on_prepare+0x17b/0x400 [ 73.132875][ C1] handle_mm_fault+0x166/0x5e0 [ 73.137607][ C1] do_user_addr_fault+0x2da/0xcd0 [ 73.142770][ C1] exc_page_fault+0x5a/0xc0 [ 73.147265][ C1] ? asm_exc_page_fault+0x8/0x30 [ 73.152270][ C1] asm_exc_page_fault+0x1e/0x30 [ 73.157178][ C1] RIP: 0033:0x7f32ec669900 [ 73.161913][ C1] Code: e8 15 d1 03 00 48 83 c4 38 31 c0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 4c 8d 7c 24 10 bb 40 42 0f 00 4c 8d 74 24 20 e8 a0 d1 03 00 <89> c5 85 c0 0f 88 9a 00 00 00 0f 84 9e 00 00 00 4c 89 fe bf 01 00 [ 73.181752][ C1] RSP: 002b:00007ffe94af4ec0 EFLAGS: 00010206 [ 73.188063][ C1] RAX: 0000000000000000 RBX: 00000000000f4240 RCX: 00007f32ec6a6aeb [ 73.196006][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 73.203950][ C1] RBP: 0000000000001976 R08: 0000000000000000 R09: 0000555557069300 [ 73.211912][ C1] R10: 00005555570695d0 R11: 0000000000000246 R12: 000000000001167d [ 73.219952][ C1] R13: 00007ffe94af4ecc R14: 00007ffe94af4ee0 R15: 00007ffe94af4ed0 [ 73.228009][ C1]