./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4274531482 <...> Warning: Permanently added '10.128.1.104' (ED25519) to the list of known hosts. execve("./syz-executor4274531482", ["./syz-executor4274531482"], 0x7ffefec483b0 /* 10 vars */) = 0 brk(NULL) = 0x55556e229000 brk(0x55556e229d00) = 0x55556e229d00 arch_prctl(ARCH_SET_FS, 0x55556e229380) = 0 set_tid_address(0x55556e229650) = 5064 set_robust_list(0x55556e229660, 24) = 0 rseq(0x55556e229ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4274531482", 4096) = 28 getrandom("\xc7\xf5\x32\x47\x2e\x90\xda\xc0", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556e229d00 brk(0x55556e24ad00) = 0x55556e24ad00 brk(0x55556e24b000) = 0x55556e24b000 mprotect(0x7f780bd5a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/dsp", O_RDONLY) = 3 readv(3, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=12}], 1) = 12 openat(AT_FDCWD, "/dev/sequencer", O_RDONLY) = 4 exit_group(0) = ? [ 75.340307][ T5064] [ 75.344094][ T5064] ======================================================== [ 75.353315][ T5064] WARNING: possible irq lock inversion dependency detected [ 75.362227][ T5064] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 75.370590][ T5064] -------------------------------------------------------- [ 75.379397][ T5064] syz-executor427/5064 just changed the state of lock: [ 75.388455][ T5064] ffff888029751148 (&timer->lock){+.+.}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 75.403024][ T5064] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 75.415902][ T5064] (&group->lock#2){..-.}-{2:2} [ 75.415937][ T5064] [ 75.415937][ T5064] [ 75.415937][ T5064] and interrupts could create inverse lock ordering between them. [ 75.415937][ T5064] [ 75.443517][ T5064] [ 75.443517][ T5064] other info that might help us debug this: [ 75.454463][ T5064] Possible interrupt unsafe locking scenario: [ 75.454463][ T5064] [ 75.463554][ T5064] CPU0 CPU1 [ 75.470768][ T5064] ---- ---- [ 75.477774][ T5064] lock(&timer->lock); [ 75.482025][ T5064] local_irq_disable(); [ 75.490144][ T5064] lock(&group->lock#2); [ 75.497224][ T5064] lock(&timer->lock); [ 75.504411][ T5064] [ 75.508332][ T5064] lock(&group->lock#2); [ 75.513213][ T5064] [ 75.513213][ T5064] *** DEADLOCK *** [ 75.513213][ T5064] [ 75.522347][ T5064] 3 locks held by syz-executor427/5064: [ 75.529749][ T5064] #0: ffffffff8f2d3228 (register_mutex#4){+.+.}-{3:3}, at: odev_release+0x4e/0x80 [ 75.541333][ T5064] #1: ffff88807f2e4d78 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_delete+0x5b/0xf0 [ 75.552702][ T5064] #2: ffffffff8f2c1a68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 75.564158][ T5064] [ 75.564158][ T5064] the shortest dependencies between 2nd lock and 1st lock: [ 75.575841][ T5064] -> (&group->lock#2){..-.}-{2:2} { [ 75.582789][ T5064] IN-SOFTIRQ-W at: [ 75.588560][ T5064] lock_acquire+0x1e4/0x530 [ 75.596218][ T5064] _raw_spin_lock_irqsave+0xd5/0x120 [ 75.603681][ T5064] snd_pcm_period_elapsed+0x21/0x50 [ 75.611847][ T5064] dummy_hrtimer_callback+0x7f/0x180 [ 75.620639][ T5064] __hrtimer_run_queues+0x595/0xd00 [ 75.629716][ T5064] hrtimer_run_softirq+0x19a/0x2c0 [ 75.637662][ T5064] __do_softirq+0x2bc/0x943 [ 75.644800][ T5064] __irq_exit_rcu+0xf2/0x1c0 [ 75.653615][ T5064] irq_exit_rcu+0x9/0x30 [ 75.659989][ T5064] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 75.668279][ T5064] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 75.677450][ T5064] acpi_safe_halt+0x21/0x30 [ 75.684686][ T5064] acpi_idle_enter+0xe4/0x140 [ 75.696096][ T5064] cpuidle_enter_state+0x118/0x490 [ 75.704372][ T5064] cpuidle_enter+0x5d/0xa0 [ 75.712038][ T5064] do_idle+0x375/0x5d0 [ 75.719269][ T5064] cpu_startup_entry+0x42/0x60 [ 75.729221][ T5064] rest_init+0x2e0/0x300 [ 75.738670][ T5064] arch_call_rest_init+0xe/0x10 [ 75.748205][ T5064] start_kernel+0x47a/0x500 [ 75.756783][ T5064] x86_64_start_reservations+0x2a/0x30 [ 75.764804][ T5064] x86_64_start_kernel+0x99/0xa0 [ 75.773898][ T5064] common_startup_64+0x13e/0x147 [ 75.781947][ T5064] INITIAL USE at: [ 75.786388][ T5064] lock_acquire+0x1e4/0x530 [ 75.793144][ T5064] _raw_spin_lock_irq+0xd3/0x120 [ 75.801019][ T5064] snd_pcm_hw_params+0x201/0x1ea0 [ 75.808881][ T5064] snd_pcm_oss_change_params_locked+0x20d5/0x3e00 [ 75.817703][ T5064] snd_pcm_oss_read+0x24c/0x940 [ 75.824499][ T5064] vfs_readv+0x68f/0xa50 [ 75.830508][ T5064] do_readv+0x1b1/0x350 [ 75.836803][ T5064] do_syscall_64+0xfb/0x240 [ 75.843871][ T5064] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 75.851816][ T5064] } [ 75.855120][ T5064] ... key at: [] snd_pcm_group_init.__key+0x0/0x20 [ 75.866623][ T5064] ... acquired at: [ 75.871066][ T5064] lock_acquire+0x1e4/0x530 [ 75.877514][ T5064] _raw_spin_lock_irqsave+0xd5/0x120 [ 75.883971][ T5064] snd_timer_notify+0x103/0x3d0 [ 75.889595][ T5064] snd_pcm_start+0x3fa/0x4c0 [ 75.897312][ T5064] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 75.903911][ T5064] snd_pcm_oss_read3+0x3ea/0x600 [ 75.909557][ T5064] snd_pcm_oss_read2+0x1c1/0x430 [ 75.915123][ T5064] snd_pcm_oss_read+0x45b/0x940 [ 75.922438][ T5064] vfs_readv+0x68f/0xa50 [ 75.927422][ T5064] do_readv+0x1b1/0x350 [ 75.933149][ T5064] do_syscall_64+0xfb/0x240 [ 75.938481][ T5064] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 75.947229][ T5064] [ 75.949836][ T5064] -> (&timer->lock){+.+.}-{2:2} { [ 75.955542][ T5064] HARDIRQ-ON-W at: [ 75.959733][ T5064] lock_acquire+0x1e4/0x530 [ 75.966791][ T5064] _raw_spin_lock+0x2e/0x40 [ 75.974493][ T5064] snd_timer_close_locked+0x53/0x8d0 [ 75.984232][ T5064] snd_timer_close+0xae/0x130 [ 75.993235][ T5064] snd_seq_timer_close+0xa9/0xe0 [ 76.003991][ T5064] snd_seq_queue_delete+0x8f/0xf0 [ 76.013242][ T5064] snd_seq_oss_release+0x1d3/0x310 [ 76.020934][ T5064] odev_release+0x56/0x80 [ 76.027214][ T5064] __fput+0x429/0x8a0 [ 76.032888][ T5064] task_work_run+0x24f/0x310 [ 76.039326][ T5064] do_exit+0xa1b/0x27e0 [ 76.046691][ T5064] do_group_exit+0x207/0x2c0 [ 76.053151][ T5064] __x64_sys_exit_group+0x3f/0x40 [ 76.059952][ T5064] do_syscall_64+0xfb/0x240 [ 76.066163][ T5064] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.075344][ T5064] SOFTIRQ-ON-W at: [ 76.079981][ T5064] lock_acquire+0x1e4/0x530 [ 76.086589][ T5064] _raw_spin_lock+0x2e/0x40 [ 76.095060][ T5064] snd_timer_close_locked+0x53/0x8d0 [ 76.103355][ T5064] snd_timer_close+0xae/0x130 [ 76.111923][ T5064] snd_seq_timer_close+0xa9/0xe0 [ 76.119279][ T5064] snd_seq_queue_delete+0x8f/0xf0 [ 76.126624][ T5064] snd_seq_oss_release+0x1d3/0x310 [ 76.136070][ T5064] odev_release+0x56/0x80 [ 76.142456][ T5064] __fput+0x429/0x8a0 [ 76.150253][ T5064] task_work_run+0x24f/0x310 [ 76.159381][ T5064] do_exit+0xa1b/0x27e0 [ 76.166179][ T5064] do_group_exit+0x207/0x2c0 [ 76.173953][ T5064] __x64_sys_exit_group+0x3f/0x40 [ 76.183731][ T5064] do_syscall_64+0xfb/0x240 [ 76.190774][ T5064] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.200743][ T5064] INITIAL USE at: [ 76.205352][ T5064] lock_acquire+0x1e4/0x530 [ 76.214055][ T5064] _raw_spin_lock_irqsave+0xd5/0x120 [ 76.222118][ T5064] snd_timer_notify+0x103/0x3d0 [ 76.229280][ T5064] snd_pcm_start+0x3fa/0x4c0 [ 76.237234][ T5064] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 76.245072][ T5064] snd_pcm_oss_read3+0x3ea/0x600 [ 76.252599][ T5064] snd_pcm_oss_read2+0x1c1/0x430 [ 76.259416][ T5064] snd_pcm_oss_read+0x45b/0x940 [ 76.266780][ T5064] vfs_readv+0x68f/0xa50 [ 76.273349][ T5064] do_readv+0x1b1/0x350 [ 76.281297][ T5064] do_syscall_64+0xfb/0x240 [ 76.290744][ T5064] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.300988][ T5064] } [ 76.303674][ T5064] ... key at: [] snd_timer_new.__key+0x0/0x20 [ 76.312589][ T5064] ... acquired at: [ 76.317502][ T5064] mark_lock+0x223/0x350 [ 76.324744][ T5064] __lock_acquire+0x116e/0x1fd0 [ 76.333114][ T5064] lock_acquire+0x1e4/0x530 [ 76.340953][ T5064] _raw_spin_lock+0x2e/0x40 [ 76.349372][ T5064] snd_timer_close_locked+0x53/0x8d0 [ 76.358510][ T5064] snd_timer_close+0xae/0x130 [ 76.365817][ T5064] snd_seq_timer_close+0xa9/0xe0 [ 76.371539][ T5064] snd_seq_queue_delete+0x8f/0xf0 [ 76.377244][ T5064] snd_seq_oss_release+0x1d3/0x310 [ 76.382845][ T5064] odev_release+0x56/0x80 [ 76.387839][ T5064] __fput+0x429/0x8a0 [ 76.393032][ T5064] task_work_run+0x24f/0x310 [ 76.398447][ T5064] do_exit+0xa1b/0x27e0 [ 76.404502][ T5064] do_group_exit+0x207/0x2c0 [ 76.410657][ T5064] __x64_sys_exit_group+0x3f/0x40 [ 76.417913][ T5064] do_syscall_64+0xfb/0x240 [ 76.422867][ T5064] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.429446][ T5064] [ 76.431997][ T5064] [ 76.431997][ T5064] stack backtrace: [ 76.440025][ T5064] CPU: 0 PID: 5064 Comm: syz-executor427 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 76.453836][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 76.464769][ T5064] Call Trace: [ 76.468342][ T5064] [ 76.472090][ T5064] dump_stack_lvl+0x241/0x360 [ 76.477320][ T5064] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.482744][ T5064] ? print_shortest_lock_dependencies+0xf2/0x160 [ 76.489280][ T5064] ? print_irq_inversion_bug+0x329/0x3a0 [ 76.495205][ T5064] mark_lock_irq+0x867/0xc20 [ 76.500119][ T5064] ? __pfx_mark_lock_irq+0x10/0x10 [ 76.505386][ T5064] ? stack_trace_save+0x118/0x1d0 [ 76.510842][ T5064] ? __pfx_stack_trace_save+0x10/0x10 [ 76.516712][ T5064] ? save_trace+0x749/0xb40 [ 76.521435][ T5064] mark_lock+0x223/0x350 [ 76.526313][ T5064] __lock_acquire+0x116e/0x1fd0 [ 76.532350][ T5064] lock_acquire+0x1e4/0x530 [ 76.537002][ T5064] ? snd_timer_close_locked+0x53/0x8d0 [ 76.543415][ T5064] ? __pfx___mutex_trylock_common+0x10/0x10 [ 76.550250][ T5064] ? __pfx_lock_acquire+0x10/0x10 [ 76.556816][ T5064] ? rcu_is_watching+0x15/0xb0 [ 76.561886][ T5064] ? trace_contention_end+0x3c/0x100 [ 76.567729][ T5064] ? __mutex_lock+0x2ef/0xd70 [ 76.572637][ T5064] ? snd_timer_close+0xa3/0x130 [ 76.577906][ T5064] _raw_spin_lock+0x2e/0x40 [ 76.583024][ T5064] ? snd_timer_close_locked+0x53/0x8d0 [ 76.589291][ T5064] snd_timer_close_locked+0x53/0x8d0 [ 76.595385][ T5064] snd_timer_close+0xae/0x130 [ 76.600496][ T5064] ? __pfx_snd_timer_close+0x10/0x10 [ 76.606112][ T5064] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.611531][ T5064] ? lockdep_hardirqs_on+0x99/0x150 [ 76.616844][ T5064] snd_seq_timer_close+0xa9/0xe0 [ 76.621931][ T5064] snd_seq_queue_delete+0x8f/0xf0 [ 76.627650][ T5064] snd_seq_oss_release+0x1d3/0x310 [ 76.634109][ T5064] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 76.640443][ T5064] ? __asan_memset+0x23/0x50 [ 76.645293][ T5064] ? evm_file_release+0x140/0x1d0 [ 76.650742][ T5064] ? __pfx_odev_release+0x10/0x10 [ 76.656316][ T5064] odev_release+0x56/0x80 [ 76.661997][ T5064] __fput+0x429/0x8a0 [ 76.666290][ T5064] task_work_run+0x24f/0x310 [ 76.671095][ T5064] ? __pfx_task_work_run+0x10/0x10 [ 76.676243][ T5064] ? switch_task_namespaces+0xe1/0x110 [ 76.681753][ T5064] do_exit+0xa1b/0x27e0 [ 76.687044][ T5064] ? __pfx_do_exit+0x10/0x10 [ 76.691787][ T5064] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 76.697972][ T5064] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 76.704597][ T5064] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.709905][ T5064] ? lockdep_hardirqs_on+0x99/0x150 [ 76.715448][ T5064] do_group_exit+0x207/0x2c0 [ 76.720360][ T5064] __x64_sys_exit_group+0x3f/0x40 [ 76.726328][ T5064] do_syscall_64+0xfb/0x240 [ 76.731532][ T5064] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.738089][ T5064] RIP: 0033:0x7f780bce5c79 [ 76.742922][ T5064] Code: Unable to access opcode bytes at 0x7f780bce5c4f. [ 76.751021][ T5064] RSP: 002b:00007ffd0675a738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 76.761682][ T5064] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f780bce5c79 [ 76.773011][ T5064] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 76.782446][ T5064] RBP: 00007f780bd60270 R08: ffffffffffffffb8 R09: 00007ffd0675a958 [ 76.791677][ T5064] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f780bd60270 +++ exited with 0 +++ [ 76.800203][ T5064] R13: 0