./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3610490354 <...> Warning: Permanently added '10.128.0.199' (ED25519) to the list of known hosts. execve("./syz-executor3610490354", ["./syz-executor3610490354"], 0x7ffcc1275380 /* 10 vars */) = 0 brk(NULL) = 0x555589a6e000 brk(0x555589a6ed00) = 0x555589a6ed00 arch_prctl(ARCH_SET_FS, 0x555589a6e380) = 0 set_tid_address(0x555589a6e650) = 5058 set_robust_list(0x555589a6e660, 24) = 0 rseq(0x555589a6eca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3610490354", 4096) = 28 getrandom("\x78\xdf\x59\xb9\xee\x6a\xf9\x93", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555589a6ed00 brk(0x555589a8fd00) = 0x555589a8fd00 brk(0x555589a90000) = 0x555589a90000 mprotect(0x7f4156653000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/sequencer", O_RDONLY) = 3 openat(AT_FDCWD, "/dev/dsp", O_RDONLY) = 4 read(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 190) = 190 exit_group(0) = ? [ 58.131315][ T5058] [ 58.133670][ T5058] ======================================================== [ 58.140841][ T5058] WARNING: possible irq lock inversion dependency detected [ 58.148006][ T5058] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 58.154954][ T5058] -------------------------------------------------------- [ 58.162142][ T5058] syz-executor361/5058 just changed the state of lock: [ 58.169070][ T5058] ffff888029c0c948 (&timer->lock){+.+.}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 58.178575][ T5058] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 58.186616][ T5058] (&group->lock#2){..-.}-{2:2} [ 58.186637][ T5058] [ 58.186637][ T5058] [ 58.186637][ T5058] and interrupts could create inverse lock ordering between them. [ 58.186637][ T5058] [ 58.206352][ T5058] [ 58.206352][ T5058] other info that might help us debug this: [ 58.214417][ T5058] Possible interrupt unsafe locking scenario: [ 58.214417][ T5058] [ 58.222839][ T5058] CPU0 CPU1 [ 58.228190][ T5058] ---- ---- [ 58.233536][ T5058] lock(&timer->lock); [ 58.237703][ T5058] local_irq_disable(); [ 58.244458][ T5058] lock(&group->lock#2); [ 58.251303][ T5058] lock(&timer->lock); [ 58.257962][ T5058] [ 58.261412][ T5058] lock(&group->lock#2); [ 58.265958][ T5058] [ 58.265958][ T5058] *** DEADLOCK *** [ 58.265958][ T5058] [ 58.274087][ T5058] 3 locks held by syz-executor361/5058: [ 58.279614][ T5058] #0: ffffffff8f2d3228 (register_mutex#4){+.+.}-{3:3}, at: odev_release+0x4e/0x80 [ 58.288912][ T5058] #1: ffff88806a9f8d78 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_delete+0x5b/0xf0 [ 58.299193][ T5058] #2: ffffffff8f2c1a68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 58.308665][ T5058] [ 58.308665][ T5058] the shortest dependencies between 2nd lock and 1st lock: [ 58.318027][ T5058] -> (&group->lock#2){..-.}-{2:2} { [ 58.323326][ T5058] IN-SOFTIRQ-W at: [ 58.327386][ T5058] lock_acquire+0x1e4/0x530 [ 58.333713][ T5058] _raw_spin_lock_irqsave+0xd5/0x120 [ 58.340926][ T5058] snd_pcm_period_elapsed+0x21/0x50 [ 58.347935][ T5058] dummy_hrtimer_callback+0x7f/0x180 [ 58.355133][ T5058] __hrtimer_run_queues+0x595/0xd00 [ 58.362161][ T5058] hrtimer_run_softirq+0x19a/0x2c0 [ 58.369102][ T5058] __do_softirq+0x2bc/0x943 [ 58.375406][ T5058] __irq_exit_rcu+0xf2/0x1c0 [ 58.381799][ T5058] irq_exit_rcu+0x9/0x30 [ 58.387848][ T5058] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 58.395286][ T5058] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 58.403159][ T5058] acpi_safe_halt+0x21/0x30 [ 58.409480][ T5058] acpi_idle_enter+0xe4/0x140 [ 58.415958][ T5058] cpuidle_enter_state+0x118/0x490 [ 58.423779][ T5058] cpuidle_enter+0x5d/0xa0 [ 58.430048][ T5058] do_idle+0x375/0x5d0 [ 58.435926][ T5058] cpu_startup_entry+0x42/0x60 [ 58.442520][ T5058] rest_init+0x2e0/0x300 [ 58.448566][ T5058] arch_call_rest_init+0xe/0x10 [ 58.455331][ T5058] start_kernel+0x47a/0x500 [ 58.461658][ T5058] x86_64_start_reservations+0x2a/0x30 [ 58.469209][ T5058] x86_64_start_kernel+0x99/0xa0 [ 58.475958][ T5058] common_startup_64+0x13e/0x147 [ 58.482724][ T5058] INITIAL USE at: [ 58.486689][ T5058] lock_acquire+0x1e4/0x530 [ 58.492913][ T5058] _raw_spin_lock_irq+0xd3/0x120 [ 58.499569][ T5058] snd_pcm_hw_params+0x201/0x1ea0 [ 58.506316][ T5058] snd_pcm_oss_change_params_locked+0x20d5/0x3e00 [ 58.514456][ T5058] snd_pcm_oss_read+0x24c/0x940 [ 58.521031][ T5058] vfs_read+0x204/0xb70 [ 58.526920][ T5058] ksys_read+0x1a0/0x2c0 [ 58.532907][ T5058] do_syscall_64+0xfb/0x240 [ 58.539143][ T5058] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 58.546777][ T5058] } [ 58.549352][ T5058] ... key at: [] snd_pcm_group_init.__key+0x0/0x20 [ 58.558013][ T5058] ... acquired at: [ 58.561882][ T5058] lock_acquire+0x1e4/0x530 [ 58.566541][ T5058] _raw_spin_lock_irqsave+0xd5/0x120 [ 58.572070][ T5058] snd_timer_notify+0x103/0x3d0 [ 58.577080][ T5058] snd_pcm_start+0x3fa/0x4c0 [ 58.581825][ T5058] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 58.587464][ T5058] snd_pcm_oss_read3+0x3ea/0x600 [ 58.592585][ T5058] snd_pcm_oss_read2+0x1c1/0x430 [ 58.597726][ T5058] snd_pcm_oss_read+0x45b/0x940 [ 58.602764][ T5058] vfs_read+0x204/0xb70 [ 58.607082][ T5058] ksys_read+0x1a0/0x2c0 [ 58.611495][ T5058] do_syscall_64+0xfb/0x240 [ 58.616199][ T5058] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 58.622263][ T5058] [ 58.624572][ T5058] -> (&timer->lock){+.+.}-{2:2} { [ 58.629615][ T5058] HARDIRQ-ON-W at: [ 58.633611][ T5058] lock_acquire+0x1e4/0x530 [ 58.639753][ T5058] _raw_spin_lock+0x2e/0x40 [ 58.645911][ T5058] snd_timer_close_locked+0x53/0x8d0 [ 58.652870][ T5058] snd_timer_close+0xae/0x130 [ 58.659190][ T5058] snd_seq_timer_close+0xa9/0xe0 [ 58.665774][ T5058] snd_seq_queue_delete+0x8f/0xf0 [ 58.672449][ T5058] snd_seq_oss_release+0x1d3/0x310 [ 58.679227][ T5058] odev_release+0x56/0x80 [ 58.685204][ T5058] __fput+0x429/0x8a0 [ 58.690913][ T5058] task_work_run+0x24f/0x310 [ 58.697158][ T5058] do_exit+0xa1b/0x27e0 [ 58.703051][ T5058] do_group_exit+0x207/0x2c0 [ 58.709281][ T5058] __x64_sys_exit_group+0x3f/0x40 [ 58.715955][ T5058] do_syscall_64+0xfb/0x240 [ 58.722093][ T5058] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 58.729623][ T5058] SOFTIRQ-ON-W at: [ 58.733592][ T5058] lock_acquire+0x1e4/0x530 [ 58.739745][ T5058] _raw_spin_lock+0x2e/0x40 [ 58.745886][ T5058] snd_timer_close_locked+0x53/0x8d0 [ 58.752800][ T5058] snd_timer_close+0xae/0x130 [ 58.759111][ T5058] snd_seq_timer_close+0xa9/0xe0 [ 58.765686][ T5058] snd_seq_queue_delete+0x8f/0xf0 [ 58.772344][ T5058] snd_seq_oss_release+0x1d3/0x310 [ 58.779082][ T5058] odev_release+0x56/0x80 [ 58.785043][ T5058] __fput+0x429/0x8a0 [ 58.790655][ T5058] task_work_run+0x24f/0x310 [ 58.796874][ T5058] do_exit+0xa1b/0x27e0 [ 58.802658][ T5058] do_group_exit+0x207/0x2c0 [ 58.808888][ T5058] __x64_sys_exit_group+0x3f/0x40 [ 58.815559][ T5058] do_syscall_64+0xfb/0x240 [ 58.821691][ T5058] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 58.829215][ T5058] INITIAL USE at: [ 58.833095][ T5058] lock_acquire+0x1e4/0x530 [ 58.839139][ T5058] _raw_spin_lock_irqsave+0xd5/0x120 [ 58.845971][ T5058] snd_timer_notify+0x103/0x3d0 [ 58.852415][ T5058] snd_pcm_start+0x3fa/0x4c0 [ 58.858571][ T5058] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 58.865327][ T5058] snd_pcm_oss_read3+0x3ea/0x600 [ 58.871838][ T5058] snd_pcm_oss_read2+0x1c1/0x430 [ 58.878348][ T5058] snd_pcm_oss_read+0x45b/0x940 [ 58.884791][ T5058] vfs_read+0x204/0xb70 [ 58.890514][ T5058] ksys_read+0x1a0/0x2c0 [ 58.896342][ T5058] do_syscall_64+0xfb/0x240 [ 58.902412][ T5058] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 58.909914][ T5058] } [ 58.912403][ T5058] ... key at: [] snd_timer_new.__key+0x0/0x20 [ 58.920550][ T5058] ... acquired at: [ 58.924334][ T5058] mark_lock+0x223/0x350 [ 58.928729][ T5058] __lock_acquire+0x116e/0x1fd0 [ 58.933819][ T5058] lock_acquire+0x1e4/0x530 [ 58.939121][ T5058] _raw_spin_lock+0x2e/0x40 [ 58.943793][ T5058] snd_timer_close_locked+0x53/0x8d0 [ 58.951581][ T5058] snd_timer_close+0xae/0x130 [ 58.956413][ T5058] snd_seq_timer_close+0xa9/0xe0 [ 58.961591][ T5058] snd_seq_queue_delete+0x8f/0xf0 [ 58.966870][ T5058] snd_seq_oss_release+0x1d3/0x310 [ 58.972222][ T5058] odev_release+0x56/0x80 [ 58.976730][ T5058] __fput+0x429/0x8a0 [ 58.980870][ T5058] task_work_run+0x24f/0x310 [ 58.985617][ T5058] do_exit+0xa1b/0x27e0 [ 58.990029][ T5058] do_group_exit+0x207/0x2c0 [ 58.994790][ T5058] __x64_sys_exit_group+0x3f/0x40 [ 58.999969][ T5058] do_syscall_64+0xfb/0x240 [ 59.004628][ T5058] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 59.010682][ T5058] [ 59.013010][ T5058] [ 59.013010][ T5058] stack backtrace: [ 59.018967][ T5058] CPU: 0 PID: 5058 Comm: syz-executor361 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 59.029012][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 59.039053][ T5058] Call Trace: [ 59.042335][ T5058] [ 59.045250][ T5058] dump_stack_lvl+0x241/0x360 [ 59.049911][ T5058] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.055108][ T5058] ? print_shortest_lock_dependencies+0xf2/0x160 [ 59.061424][ T5058] ? print_irq_inversion_bug+0x329/0x3a0 [ 59.067046][ T5058] mark_lock_irq+0x867/0xc20 [ 59.071625][ T5058] ? __pfx_mark_lock_irq+0x10/0x10 [ 59.076733][ T5058] ? stack_trace_save+0x118/0x1d0 [ 59.081742][ T5058] ? __pfx_stack_trace_save+0x10/0x10 [ 59.087102][ T5058] ? save_trace+0x749/0xb40 [ 59.091589][ T5058] mark_lock+0x223/0x350 [ 59.095816][ T5058] __lock_acquire+0x116e/0x1fd0 [ 59.100653][ T5058] lock_acquire+0x1e4/0x530 [ 59.105188][ T5058] ? snd_timer_close_locked+0x53/0x8d0 [ 59.110654][ T5058] ? __pfx___mutex_trylock_common+0x10/0x10 [ 59.116543][ T5058] ? __pfx_lock_acquire+0x10/0x10 [ 59.121552][ T5058] ? rcu_is_watching+0x15/0xb0 [ 59.126300][ T5058] ? trace_contention_end+0x3c/0x100 [ 59.131572][ T5058] ? __mutex_lock+0x2ef/0xd70 [ 59.136233][ T5058] ? snd_timer_close+0xa3/0x130 [ 59.141091][ T5058] _raw_spin_lock+0x2e/0x40 [ 59.145580][ T5058] ? snd_timer_close_locked+0x53/0x8d0 [ 59.151025][ T5058] snd_timer_close_locked+0x53/0x8d0 [ 59.156325][ T5058] snd_timer_close+0xae/0x130 [ 59.161025][ T5058] ? __pfx_snd_timer_close+0x10/0x10 [ 59.166305][ T5058] ? _raw_spin_unlock_irq+0x23/0x50 [ 59.171488][ T5058] ? lockdep_hardirqs_on+0x99/0x150 [ 59.176691][ T5058] snd_seq_timer_close+0xa9/0xe0 [ 59.181627][ T5058] snd_seq_queue_delete+0x8f/0xf0 [ 59.186643][ T5058] snd_seq_oss_release+0x1d3/0x310 [ 59.191767][ T5058] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 59.197403][ T5058] ? __asan_memset+0x23/0x50 [ 59.202047][ T5058] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.208436][ T5058] ? evm_file_release+0x140/0x1d0 [ 59.213461][ T5058] ? __pfx_odev_release+0x10/0x10 [ 59.218477][ T5058] odev_release+0x56/0x80 [ 59.222900][ T5058] __fput+0x429/0x8a0 [ 59.226882][ T5058] task_work_run+0x24f/0x310 [ 59.231986][ T5058] ? __pfx_task_work_run+0x10/0x10 [ 59.237113][ T5058] ? switch_task_namespaces+0xe1/0x110 [ 59.242558][ T5058] do_exit+0xa1b/0x27e0 [ 59.246700][ T5058] ? __pfx_do_exit+0x10/0x10 [ 59.251274][ T5058] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 59.257237][ T5058] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.263546][ T5058] ? _raw_spin_unlock_irq+0x23/0x50 [ 59.268734][ T5058] ? lockdep_hardirqs_on+0x99/0x150 [ 59.273919][ T5058] do_group_exit+0x207/0x2c0 [ 59.278511][ T5058] __x64_sys_exit_group+0x3f/0x40 [ 59.283529][ T5058] do_syscall_64+0xfb/0x240 [ 59.288100][ T5058] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 59.293978][ T5058] RIP: 0033:0x7f41565dec79 [ 59.298394][ T5058] Code: Unable to access opcode bytes at 0x7f41565dec4f. [ 59.305414][ T5058] RSP: 002b:00007fff0274a328 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 59.313840][ T5058] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f41565dec79 [ 59.321819][ T5058] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 +++ exited with 0 +++ [ 59.329792][ T5058] RBP: 00007f4156659270 R08: ffffffffffffffb8 R09: 00007fff0274a54