./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor143954035 <...> Warning: Permanently added '10.128.0.207' (ED25519) to the list of known hosts. execve("./syz-executor143954035", ["./syz-executor143954035"], 0x7ffebbd67510 /* 10 vars */) = 0 brk(NULL) = 0x55557332a000 brk(0x55557332ad00) = 0x55557332ad00 arch_prctl(ARCH_SET_FS, 0x55557332a380) = 0 set_tid_address(0x55557332a650) = 5061 set_robust_list(0x55557332a660, 24) = 0 rseq(0x55557332aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor143954035", 4096) = 27 getrandom("\xf3\x1e\xe1\xeb\x7c\xab\xca\x96", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557332ad00 brk(0x55557334bd00) = 0x55557334bd00 brk(0x55557334c000) = 0x55557334c000 mprotect(0x7f4f16bdb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/snd/seq", O_RDWR|O_NOATIME|FASYNC) = 3 ioctl(3, SNDRV_SEQ_IOCTL_CREATE_QUEUE, 0x20000280) = 0 openat(AT_FDCWD, "/dev/adsp1", O_RDONLY) = 4 read(4, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 225) = 225 exit_group(0) = ? [ 75.901604][ T5061] [ 75.903977][ T5061] ======================================================== [ 75.911171][ T5061] WARNING: possible irq lock inversion dependency detected [ 75.918379][ T5061] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 75.925072][ T5061] -------------------------------------------------------- [ 75.932279][ T5061] syz-executor143/5061 just changed the state of lock: [ 75.939142][ T5061] ffff888029b63948 (&timer->lock){+.+.}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 75.948676][ T5061] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 75.956735][ T5061] (&group->lock#2){..-.}-{2:2} [ 75.956768][ T5061] [ 75.956768][ T5061] [ 75.956768][ T5061] and interrupts could create inverse lock ordering between them. [ 75.956768][ T5061] [ 75.975971][ T5061] [ 75.975971][ T5061] other info that might help us debug this: [ 75.984029][ T5061] Possible interrupt unsafe locking scenario: [ 75.984029][ T5061] [ 75.992377][ T5061] CPU0 CPU1 [ 75.997780][ T5061] ---- ---- [ 76.003153][ T5061] lock(&timer->lock); [ 76.007316][ T5061] local_irq_disable(); [ 76.014067][ T5061] lock(&group->lock#2); [ 76.020949][ T5061] lock(&timer->lock); [ 76.027734][ T5061] [ 76.031192][ T5061] lock(&group->lock#2); [ 76.035706][ T5061] [ 76.035706][ T5061] *** DEADLOCK *** [ 76.035706][ T5061] [ 76.043863][ T5061] 3 locks held by syz-executor143/5061: [ 76.049415][ T5061] #0: ffffffff8f2d05e8 (register_mutex#3){+.+.}-{3:3}, at: seq_free_client+0x27/0x180 [ 76.059102][ T5061] #1: ffff88801f480178 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_client_leave+0x54/0x2b0 [ 76.069666][ T5061] #2: ffffffff8f2c1a68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 76.079295][ T5061] [ 76.079295][ T5061] the shortest dependencies between 2nd lock and 1st lock: [ 76.088677][ T5061] -> (&group->lock#2){..-.}-{2:2} { [ 76.093985][ T5061] IN-SOFTIRQ-W at: [ 76.098069][ T5061] lock_acquire+0x1e4/0x530 [ 76.104399][ T5061] _raw_spin_lock_irqsave+0xd5/0x120 [ 76.111547][ T5061] snd_pcm_period_elapsed+0x21/0x50 [ 76.118655][ T5061] call_timer_fn+0x17e/0x600 [ 76.125081][ T5061] __run_timer_base+0x66a/0x8e0 [ 76.131757][ T5061] run_timer_softirq+0xb7/0x170 [ 76.138522][ T5061] __do_softirq+0x2bc/0x943 [ 76.144849][ T5061] __irq_exit_rcu+0xf2/0x1c0 [ 76.151270][ T5061] irq_exit_rcu+0x9/0x30 [ 76.157336][ T5061] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 76.164800][ T5061] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 76.172622][ T5061] acpi_safe_halt+0x21/0x30 [ 76.178972][ T5061] acpi_idle_enter+0xe4/0x140 [ 76.185517][ T5061] cpuidle_enter_state+0x118/0x490 [ 76.192488][ T5061] cpuidle_enter+0x5d/0xa0 [ 76.198737][ T5061] do_idle+0x375/0x5d0 [ 76.204637][ T5061] cpu_startup_entry+0x42/0x60 [ 76.211240][ T5061] __pfx_ap_starting+0x0/0x10 [ 76.217791][ T5061] common_startup_64+0x13e/0x147 [ 76.224580][ T5061] INITIAL USE at: [ 76.228593][ T5061] lock_acquire+0x1e4/0x530 [ 76.234866][ T5061] _raw_spin_lock_irq+0xd3/0x120 [ 76.241747][ T5061] snd_pcm_hw_params+0x201/0x1ea0 [ 76.248517][ T5061] snd_pcm_oss_change_params_locked+0x20d5/0x3e00 [ 76.256696][ T5061] snd_pcm_oss_read+0x24c/0x940 [ 76.263299][ T5061] vfs_read+0x204/0xb70 [ 76.269192][ T5061] ksys_read+0x1a0/0x2c0 [ 76.275171][ T5061] do_syscall_64+0xfb/0x240 [ 76.281409][ T5061] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.289052][ T5061] } [ 76.291634][ T5061] ... key at: [] snd_pcm_group_init.__key+0x0/0x20 [ 76.300330][ T5061] ... acquired at: [ 76.304216][ T5061] lock_acquire+0x1e4/0x530 [ 76.308919][ T5061] _raw_spin_lock_irqsave+0xd5/0x120 [ 76.314400][ T5061] snd_timer_notify+0x103/0x3d0 [ 76.319431][ T5061] snd_pcm_start+0x3fa/0x4c0 [ 76.324209][ T5061] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 76.329578][ T5061] snd_pcm_oss_read3+0x3ea/0x600 [ 76.334692][ T5061] snd_pcm_plug_read_transfer+0x3a1/0x470 [ 76.340611][ T5061] snd_pcm_oss_read2+0x296/0x430 [ 76.345742][ T5061] snd_pcm_oss_read+0x45b/0x940 [ 76.350780][ T5061] vfs_read+0x204/0xb70 [ 76.355131][ T5061] ksys_read+0x1a0/0x2c0 [ 76.359617][ T5061] do_syscall_64+0xfb/0x240 [ 76.364328][ T5061] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.370423][ T5061] [ 76.372757][ T5061] -> (&timer->lock){+.+.}-{2:2} { [ 76.377802][ T5061] HARDIRQ-ON-W at: [ 76.381781][ T5061] lock_acquire+0x1e4/0x530 [ 76.387935][ T5061] _raw_spin_lock+0x2e/0x40 [ 76.394094][ T5061] snd_timer_close_locked+0x53/0x8d0 [ 76.401045][ T5061] snd_timer_close+0xae/0x130 [ 76.407378][ T5061] snd_seq_timer_close+0xa9/0xe0 [ 76.413983][ T5061] snd_seq_queue_client_leave+0x7f/0x2b0 [ 76.421285][ T5061] seq_free_client1+0xfe/0x2b0 [ 76.427809][ T5061] seq_free_client+0x6c/0x180 [ 76.434153][ T5061] snd_seq_release+0x48/0xc0 [ 76.440401][ T5061] __fput+0x429/0x8a0 [ 76.446041][ T5061] task_work_run+0x24f/0x310 [ 76.452286][ T5061] do_exit+0xa1b/0x27e0 [ 76.458094][ T5061] do_group_exit+0x207/0x2c0 [ 76.464340][ T5061] __x64_sys_exit_group+0x3f/0x40 [ 76.471042][ T5061] do_syscall_64+0xfb/0x240 [ 76.477238][ T5061] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.484784][ T5061] SOFTIRQ-ON-W at: [ 76.488764][ T5061] lock_acquire+0x1e4/0x530 [ 76.494937][ T5061] _raw_spin_lock+0x2e/0x40 [ 76.501644][ T5061] snd_timer_close_locked+0x53/0x8d0 [ 76.508583][ T5061] snd_timer_close+0xae/0x130 [ 76.514914][ T5061] snd_seq_timer_close+0xa9/0xe0 [ 76.521506][ T5061] snd_seq_queue_client_leave+0x7f/0x2b0 [ 76.528810][ T5061] seq_free_client1+0xfe/0x2b0 [ 76.535294][ T5061] seq_free_client+0x6c/0x180 [ 76.541646][ T5061] snd_seq_release+0x48/0xc0 [ 76.548069][ T5061] __fput+0x429/0x8a0 [ 76.554115][ T5061] task_work_run+0x24f/0x310 [ 76.560405][ T5061] do_exit+0xa1b/0x27e0 [ 76.566419][ T5061] do_group_exit+0x207/0x2c0 [ 76.572743][ T5061] __x64_sys_exit_group+0x3f/0x40 [ 76.579486][ T5061] do_syscall_64+0xfb/0x240 [ 76.585657][ T5061] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.593296][ T5061] INITIAL USE at: [ 76.597211][ T5061] lock_acquire+0x1e4/0x530 [ 76.603334][ T5061] _raw_spin_lock_irqsave+0xd5/0x120 [ 76.610464][ T5061] snd_timer_notify+0x103/0x3d0 [ 76.616936][ T5061] snd_pcm_start+0x3fa/0x4c0 [ 76.623204][ T5061] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 76.630089][ T5061] snd_pcm_oss_read3+0x3ea/0x600 [ 76.636645][ T5061] snd_pcm_plug_read_transfer+0x3a1/0x470 [ 76.643982][ T5061] snd_pcm_oss_read2+0x296/0x430 [ 76.650516][ T5061] snd_pcm_oss_read+0x45b/0x940 [ 76.656942][ T5061] vfs_read+0x204/0xb70 [ 76.662678][ T5061] ksys_read+0x1a0/0x2c0 [ 76.668609][ T5061] do_syscall_64+0xfb/0x240 [ 76.674717][ T5061] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.682199][ T5061] } [ 76.684706][ T5061] ... key at: [] snd_timer_new.__key+0x0/0x20 [ 76.692875][ T5061] ... acquired at: [ 76.696678][ T5061] mark_lock+0x223/0x350 [ 76.701101][ T5061] __lock_acquire+0x116e/0x1fd0 [ 76.706154][ T5061] lock_acquire+0x1e4/0x530 [ 76.710858][ T5061] _raw_spin_lock+0x2e/0x40 [ 76.715547][ T5061] snd_timer_close_locked+0x53/0x8d0 [ 76.721109][ T5061] snd_timer_close+0xae/0x130 [ 76.726252][ T5061] snd_seq_timer_close+0xa9/0xe0 [ 76.731556][ T5061] snd_seq_queue_client_leave+0x7f/0x2b0 [ 76.737436][ T5061] seq_free_client1+0xfe/0x2b0 [ 76.742403][ T5061] seq_free_client+0x6c/0x180 [ 76.747271][ T5061] snd_seq_release+0x48/0xc0 [ 76.752626][ T5061] __fput+0x429/0x8a0 [ 76.756813][ T5061] task_work_run+0x24f/0x310 [ 76.761602][ T5061] do_exit+0xa1b/0x27e0 [ 76.765951][ T5061] do_group_exit+0x207/0x2c0 [ 76.770738][ T5061] __x64_sys_exit_group+0x3f/0x40 [ 76.775975][ T5061] do_syscall_64+0xfb/0x240 [ 76.780705][ T5061] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.786796][ T5061] [ 76.789141][ T5061] [ 76.789141][ T5061] stack backtrace: [ 76.795052][ T5061] CPU: 0 PID: 5061 Comm: syz-executor143 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 76.805128][ T5061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 76.815278][ T5061] Call Trace: [ 76.818564][ T5061] [ 76.821694][ T5061] dump_stack_lvl+0x241/0x360 [ 76.826400][ T5061] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.831657][ T5061] ? print_shortest_lock_dependencies+0xf2/0x160 [ 76.838273][ T5061] ? print_irq_inversion_bug+0x329/0x3a0 [ 76.843925][ T5061] mark_lock_irq+0x867/0xc20 [ 76.848540][ T5061] ? __pfx_mark_lock_irq+0x10/0x10 [ 76.853763][ T5061] ? stack_trace_save+0x118/0x1d0 [ 76.858804][ T5061] ? __pfx_stack_trace_save+0x10/0x10 [ 76.864201][ T5061] ? save_trace+0x749/0xb40 [ 76.868720][ T5061] mark_lock+0x223/0x350 [ 76.873079][ T5061] __lock_acquire+0x116e/0x1fd0 [ 76.878057][ T5061] lock_acquire+0x1e4/0x530 [ 76.882855][ T5061] ? snd_timer_close_locked+0x53/0x8d0 [ 76.888455][ T5061] ? __pfx___mutex_trylock_common+0x10/0x10 [ 76.894366][ T5061] ? __pfx_lock_acquire+0x10/0x10 [ 76.899407][ T5061] ? rcu_is_watching+0x15/0xb0 [ 76.904208][ T5061] ? trace_contention_end+0x3c/0x100 [ 76.909684][ T5061] ? __mutex_lock+0x2ef/0xd70 [ 76.914463][ T5061] ? snd_timer_close+0xa3/0x130 [ 76.919336][ T5061] _raw_spin_lock+0x2e/0x40 [ 76.923907][ T5061] ? snd_timer_close_locked+0x53/0x8d0 [ 76.929441][ T5061] snd_timer_close_locked+0x53/0x8d0 [ 76.934751][ T5061] ? mark_lock+0x9a/0x350 [ 76.939097][ T5061] snd_timer_close+0xae/0x130 [ 76.943826][ T5061] ? __pfx_snd_timer_close+0x10/0x10 [ 76.949133][ T5061] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.954357][ T5061] ? lockdep_hardirqs_on+0x99/0x150 [ 76.959598][ T5061] snd_seq_timer_close+0xa9/0xe0 [ 76.964730][ T5061] snd_seq_queue_client_leave+0x7f/0x2b0 [ 76.970565][ T5061] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.975890][ T5061] ? lockdep_hardirqs_on+0x99/0x150 [ 76.981218][ T5061] seq_free_client1+0xfe/0x2b0 [ 76.986016][ T5061] seq_free_client+0x6c/0x180 [ 76.990728][ T5061] snd_seq_release+0x48/0xc0 [ 76.995332][ T5061] ? __pfx_snd_seq_release+0x10/0x10 [ 77.000646][ T5061] __fput+0x429/0x8a0 [ 77.004659][ T5061] task_work_run+0x24f/0x310 [ 77.009275][ T5061] ? __pfx_task_work_run+0x10/0x10 [ 77.014415][ T5061] ? switch_task_namespaces+0xe1/0x110 [ 77.019973][ T5061] do_exit+0xa1b/0x27e0 [ 77.024236][ T5061] ? __pfx_do_exit+0x10/0x10 [ 77.028849][ T5061] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 77.034847][ T5061] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 77.041367][ T5061] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.046588][ T5061] ? lockdep_hardirqs_on+0x99/0x150 [ 77.051816][ T5061] do_group_exit+0x207/0x2c0 [ 77.056424][ T5061] __x64_sys_exit_group+0x3f/0x40 [ 77.061556][ T5061] do_syscall_64+0xfb/0x240 [ 77.066070][ T5061] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 77.072012][ T5061] RIP: 0033:0x7f4f16b66d39 [ 77.076468][ T5061] Code: Unable to access opcode bytes at 0x7f4f16b66d0f. [ 77.083493][ T5061] RSP: 002b:00007ffec5cc46d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 77.091940][ T5061] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4f16b66d39 +++ exited with 0 +++ [ 77.099922][ T5061] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 00000000