./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1991992943 <...> Warning: Permanently added '10.128.1.11' (ED25519) to the list of known hosts. execve("./syz-executor1991992943", ["./syz-executor1991992943"], 0x7ffde9885f40 /* 10 vars */) = 0 brk(NULL) = 0x5555814fc000 brk(0x5555814fcd00) = 0x5555814fcd00 arch_prctl(ARCH_SET_FS, 0x5555814fc380) = 0 set_tid_address(0x5555814fc650) = 5057 set_robust_list(0x5555814fc660, 24) = 0 rseq(0x5555814fcca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1991992943", 4096) = 28 getrandom("\xbd\xe3\x03\x68\x43\x7c\xd7\x34", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555814fcd00 brk(0x55558151dd00) = 0x55558151dd00 brk(0x55558151e000) = 0x55558151e000 mprotect(0x7f9fa0dc7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/dsp", O_RDONLY) = 3 openat(AT_FDCWD, "/dev/cec0", O_RDWR) = 4 openat(AT_FDCWD, "/proc/self/fd/3", O_RDWR) = 5 mount(NULL, ".", "9p", 0, "trans=fd,rfdno=0x0000000000000005,wfdno=0x0000000000000004,") = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "/dev/sequencer2", O_RDONLY) = 6 [ 61.126935][ T44] kernel read not supported for file /dsp (pid: 44 comm: kworker/1:1) [ 61.151499][ T5057] [ 61.153838][ T5057] ======================================================== [ 61.161004][ T5057] WARNING: possible irq lock inversion dependency detected [ 61.168165][ T5057] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 61.174810][ T5057] -------------------------------------------------------- [ 61.181975][ T5057] syz-executor199/5057 just changed the state of lock: [ 61.188792][ T5057] ffff888029dd7948 (&timer->lock){+.+.}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 61.198269][ T5057] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 61.206303][ T5057] (&group->lock#2){..-.}-{2:2} [ 61.206323][ T5057] [ 61.206323][ T5057] [ 61.206323][ T5057] and interrupts could create inverse lock ordering between them. [ 61.206323][ T5057] [ 61.225421][ T5057] [ 61.225421][ T5057] other info that might help us debug this: [ 61.233450][ T5057] Possible interrupt unsafe locking scenario: [ 61.233450][ T5057] [ 61.241756][ T5057] CPU0 CPU1 [ 61.247094][ T5057] ---- ---- [ 61.252434][ T5057] lock(&timer->lock); [ 61.256567][ T5057] local_irq_disable(); [ 61.263296][ T5057] lock(&group->lock#2); [ 61.270122][ T5057] lock(&timer->lock); [ 61.276773][ T5057] [ 61.280204][ T5057] lock(&group->lock#2); [ 61.284689][ T5057] [ 61.284689][ T5057] *** DEADLOCK *** [ 61.284689][ T5057] [ 61.292810][ T5057] 3 locks held by syz-executor199/5057: [ 61.299997][ T5057] #0: ffffffff8f2d3228 (register_mutex#4){+.+.}-{3:3}, at: odev_release+0x4e/0x80 [ 61.309304][ T5057] #1: ffff888021510578 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_delete+0x5b/0xf0 [ 61.319218][ T5057] #2: ffffffff8f2c1a68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 61.328705][ T5057] [ 61.328705][ T5057] the shortest dependencies between 2nd lock and 1st lock: [ 61.338069][ T5057] -> (&group->lock#2){..-.}-{2:2} { [ 61.343355][ T5057] IN-SOFTIRQ-W at: [ 61.347401][ T5057] lock_acquire+0x1e4/0x530 [ 61.353715][ T5057] _raw_spin_lock_irqsave+0xd5/0x120 [ 61.360820][ T5057] snd_pcm_period_elapsed+0x21/0x50 [ 61.367823][ T5057] dummy_hrtimer_callback+0x7f/0x180 [ 61.374916][ T5057] __hrtimer_run_queues+0x595/0xd00 [ 61.381916][ T5057] hrtimer_run_softirq+0x19a/0x2c0 [ 61.388828][ T5057] __do_softirq+0x2bc/0x943 [ 61.395139][ T5057] __irq_exit_rcu+0xf2/0x1c0 [ 61.401529][ T5057] irq_exit_rcu+0x9/0x30 [ 61.407571][ T5057] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 61.415011][ T5057] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 61.422792][ T5057] acpi_safe_halt+0x21/0x30 [ 61.429094][ T5057] acpi_idle_enter+0xe4/0x140 [ 61.435571][ T5057] cpuidle_enter_state+0x118/0x490 [ 61.442479][ T5057] cpuidle_enter+0x5d/0xa0 [ 61.448694][ T5057] do_idle+0x375/0x5d0 [ 61.454574][ T5057] cpu_startup_entry+0x42/0x60 [ 61.461136][ T5057] __pfx_ap_starting+0x0/0x10 [ 61.467617][ T5057] common_startup_64+0x13e/0x147 [ 61.474386][ T5057] INITIAL USE at: [ 61.478357][ T5057] lock_acquire+0x1e4/0x530 [ 61.484585][ T5057] _raw_spin_lock_irq+0xd3/0x120 [ 61.491250][ T5057] snd_pcm_oss_poll+0x191/0x8c0 [ 61.497822][ T5057] p9_conn_create+0x42b/0x5c0 [ 61.504217][ T5057] p9_fd_create+0x407/0x530 [ 61.510437][ T5057] p9_client_create+0x860/0x1040 [ 61.517088][ T5057] v9fs_session_init+0x1e4/0x1b80 [ 61.523838][ T5057] v9fs_mount+0xce/0xc70 [ 61.529805][ T5057] legacy_get_tree+0xee/0x190 [ 61.536206][ T5057] vfs_get_tree+0x90/0x2a0 [ 61.542347][ T5057] do_new_mount+0x2be/0xb40 [ 61.548562][ T5057] __se_sys_mount+0x2d9/0x3c0 [ 61.554951][ T5057] do_syscall_64+0xfb/0x240 [ 61.561165][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 61.568771][ T5057] } [ 61.571333][ T5057] ... key at: [] snd_pcm_group_init.__key+0x0/0x20 [ 61.579984][ T5057] ... acquired at: [ 61.583849][ T5057] lock_acquire+0x1e4/0x530 [ 61.588498][ T5057] _raw_spin_lock_irqsave+0xd5/0x120 [ 61.593962][ T5057] snd_timer_notify+0x103/0x3d0 [ 61.598979][ T5057] snd_pcm_action_lock_irq+0x1b5/0x290 [ 61.604588][ T5057] snd_pcm_oss_set_trigger+0x580/0x730 [ 61.610200][ T5057] snd_pcm_oss_poll+0x668/0x8c0 [ 61.615205][ T5057] p9_conn_create+0x42b/0x5c0 [ 61.620041][ T5057] p9_fd_create+0x407/0x530 [ 61.624700][ T5057] p9_client_create+0x860/0x1040 [ 61.629808][ T5057] v9fs_session_init+0x1e4/0x1b80 [ 61.635008][ T5057] v9fs_mount+0xce/0xc70 [ 61.639426][ T5057] legacy_get_tree+0xee/0x190 [ 61.644279][ T5057] vfs_get_tree+0x90/0x2a0 [ 61.648867][ T5057] do_new_mount+0x2be/0xb40 [ 61.653528][ T5057] __se_sys_mount+0x2d9/0x3c0 [ 61.658368][ T5057] do_syscall_64+0xfb/0x240 [ 61.663036][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 61.669098][ T5057] [ 61.671403][ T5057] -> (&timer->lock){+.+.}-{2:2} { [ 61.676421][ T5057] HARDIRQ-ON-W at: [ 61.680384][ T5057] lock_acquire+0x1e4/0x530 [ 61.686522][ T5057] _raw_spin_lock+0x2e/0x40 [ 61.692654][ T5057] snd_timer_close_locked+0x53/0x8d0 [ 61.699571][ T5057] snd_timer_close+0xae/0x130 [ 61.705878][ T5057] snd_seq_timer_close+0xa9/0xe0 [ 61.712442][ T5057] snd_seq_queue_delete+0x8f/0xf0 [ 61.719095][ T5057] snd_seq_oss_release+0x1d3/0x310 [ 61.725920][ T5057] odev_release+0x56/0x80 [ 61.731874][ T5057] __fput+0x429/0x8a0 [ 61.737571][ T5057] task_work_run+0x24f/0x310 [ 61.743789][ T5057] do_exit+0xa1b/0x27e0 [ 61.749571][ T5057] do_group_exit+0x207/0x2c0 [ 61.755787][ T5057] __x64_sys_exit_group+0x3f/0x40 [ 61.762439][ T5057] do_syscall_64+0xfb/0x240 [ 61.768565][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 61.776084][ T5057] SOFTIRQ-ON-W at: [ 61.780043][ T5057] lock_acquire+0x1e4/0x530 [ 61.786178][ T5057] _raw_spin_lock+0x2e/0x40 [ 61.792309][ T5057] snd_timer_close_locked+0x53/0x8d0 [ 61.799221][ T5057] snd_timer_close+0xae/0x130 [ 61.805537][ T5057] snd_seq_timer_close+0xa9/0xe0 [ 61.812099][ T5057] snd_seq_queue_delete+0x8f/0xf0 [ 61.818754][ T5057] snd_seq_oss_release+0x1d3/0x310 [ 61.825489][ T5057] odev_release+0x56/0x80 [ 61.831458][ T5057] __fput+0x429/0x8a0 [ 61.837087][ T5057] task_work_run+0x24f/0x310 [ 61.843326][ T5057] do_exit+0xa1b/0x27e0 [ 61.849119][ T5057] do_group_exit+0x207/0x2c0 [ 61.855337][ T5057] __x64_sys_exit_group+0x3f/0x40 [ 61.861992][ T5057] do_syscall_64+0xfb/0x240 [ 61.868134][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 61.875719][ T5057] INITIAL USE at: [ 61.879594][ T5057] lock_acquire+0x1e4/0x530 [ 61.885636][ T5057] _raw_spin_lock_irqsave+0xd5/0x120 [ 61.892466][ T5057] snd_timer_notify+0x103/0x3d0 [ 61.898860][ T5057] snd_pcm_action_lock_irq+0x1b5/0x290 [ 61.905860][ T5057] snd_pcm_oss_set_trigger+0x580/0x730 [ 61.912874][ T5057] snd_pcm_oss_poll+0x668/0x8c0 [ 61.919265][ T5057] p9_conn_create+0x42b/0x5c0 [ 61.925487][ T5057] p9_fd_create+0x407/0x530 [ 61.931614][ T5057] p9_client_create+0x860/0x1040 [ 61.938101][ T5057] v9fs_session_init+0x1e4/0x1b80 [ 61.944662][ T5057] v9fs_mount+0xce/0xc70 [ 61.950444][ T5057] legacy_get_tree+0xee/0x190 [ 61.956672][ T5057] vfs_get_tree+0x90/0x2a0 [ 61.962638][ T5057] do_new_mount+0x2be/0xb40 [ 61.968687][ T5057] __se_sys_mount+0x2d9/0x3c0 [ 61.974903][ T5057] do_syscall_64+0xfb/0x240 [ 61.980954][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 61.988398][ T5057] } [ 61.990875][ T5057] ... key at: [] snd_timer_new.__key+0x0/0x20 [ 61.999008][ T5057] ... acquired at: [ 62.002790][ T5057] mark_lock+0x223/0x350 [ 62.007199][ T5057] __lock_acquire+0x116e/0x1fd0 [ 62.012211][ T5057] lock_acquire+0x1e4/0x530 [ 62.016869][ T5057] _raw_spin_lock+0x2e/0x40 [ 62.021538][ T5057] snd_timer_close_locked+0x53/0x8d0 [ 62.026991][ T5057] snd_timer_close+0xae/0x130 [ 62.031836][ T5057] snd_seq_timer_close+0xa9/0xe0 [ 62.036932][ T5057] snd_seq_queue_delete+0x8f/0xf0 [ 62.042117][ T5057] snd_seq_oss_release+0x1d3/0x310 [ 62.047388][ T5057] odev_release+0x56/0x80 [ 62.051877][ T5057] __fput+0x429/0x8a0 [ 62.056023][ T5057] task_work_run+0x24f/0x310 [ 62.060775][ T5057] do_exit+0xa1b/0x27e0 [ 62.065099][ T5057] do_group_exit+0x207/0x2c0 [ 62.069842][ T5057] __x64_sys_exit_group+0x3f/0x40 [ 62.075018][ T5057] do_syscall_64+0xfb/0x240 [ 62.079672][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.085713][ T5057] [ 62.088014][ T5057] [ 62.088014][ T5057] stack backtrace: [ 62.093877][ T5057] CPU: 1 PID: 5057 Comm: syz-executor199 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 62.103914][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 62.113964][ T5057] Call Trace: [ 62.117233][ T5057] [ 62.120145][ T5057] dump_stack_lvl+0x241/0x360 [ 62.124803][ T5057] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.129978][ T5057] ? print_shortest_lock_dependencies+0xf2/0x160 [ 62.136391][ T5057] ? print_irq_inversion_bug+0x329/0x3a0 [ 62.142005][ T5057] mark_lock_irq+0x867/0xc20 [ 62.146576][ T5057] ? __pfx_mark_lock_irq+0x10/0x10 [ 62.151665][ T5057] ? stack_trace_save+0x118/0x1d0 [ 62.156668][ T5057] ? __pfx_stack_trace_save+0x10/0x10 [ 62.162035][ T5057] ? save_trace+0x749/0xb40 [ 62.166520][ T5057] mark_lock+0x223/0x350 [ 62.170743][ T5057] __lock_acquire+0x116e/0x1fd0 [ 62.175574][ T5057] lock_acquire+0x1e4/0x530 [ 62.180053][ T5057] ? snd_timer_close_locked+0x53/0x8d0 [ 62.185490][ T5057] ? __pfx___mutex_trylock_common+0x10/0x10 [ 62.191382][ T5057] ? __pfx_lock_acquire+0x10/0x10 [ 62.196378][ T5057] ? rcu_is_watching+0x15/0xb0 [ 62.201126][ T5057] ? trace_contention_end+0x3c/0x100 [ 62.206390][ T5057] ? __mutex_lock+0x2ef/0xd70 [ 62.211067][ T5057] ? snd_timer_close+0xa3/0x130 [ 62.215897][ T5057] _raw_spin_lock+0x2e/0x40 [ 62.220394][ T5057] ? snd_timer_close_locked+0x53/0x8d0 [ 62.225843][ T5057] snd_timer_close_locked+0x53/0x8d0 [ 62.231116][ T5057] snd_timer_close+0xae/0x130 [ 62.235772][ T5057] ? __pfx_snd_timer_close+0x10/0x10 [ 62.241037][ T5057] ? _raw_spin_unlock_irq+0x23/0x50 [ 62.246212][ T5057] ? lockdep_hardirqs_on+0x99/0x150 [ 62.251403][ T5057] snd_seq_timer_close+0xa9/0xe0 [ 62.256338][ T5057] snd_seq_queue_delete+0x8f/0xf0 [ 62.261375][ T5057] snd_seq_oss_release+0x1d3/0x310 [ 62.266477][ T5057] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 62.272266][ T5057] ? __asan_memset+0x23/0x50 [ 62.276843][ T5057] ? evm_file_release+0x140/0x1d0 [ 62.281845][ T5057] ? __pfx_odev_release+0x10/0x10 [ 62.286857][ T5057] odev_release+0x56/0x80 [ 62.291163][ T5057] __fput+0x429/0x8a0 [ 62.295125][ T5057] task_work_run+0x24f/0x310 [ 62.299695][ T5057] ? __pfx_task_work_run+0x10/0x10 [ 62.304786][ T5057] ? switch_task_namespaces+0xe1/0x110 [ 62.310221][ T5057] do_exit+0xa1b/0x27e0 [ 62.314358][ T5057] ? __pfx_do_exit+0x10/0x10 [ 62.318923][ T5057] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 62.324881][ T5057] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 62.331184][ T5057] ? _raw_spin_unlock_irq+0x23/0x50 [ 62.336375][ T5057] ? lockdep_hardirqs_on+0x99/0x150 [ 62.341555][ T5057] do_group_exit+0x207/0x2c0 [ 62.346215][ T5057] __x64_sys_exit_group+0x3f/0x40 [ 62.351217][ T5057] do_syscall_64+0xfb/0x240 [ 62.355696][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.361566][ T5057] RIP: 0033:0x7f9fa0d530b9 [ 62.365960][ T5057] Code: Unable to access opcode bytes at 0x7f9fa0d5308f. [ 62.372959][ T5057] RSP: 002b:00007ffe3e899618 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 exit_group(0) = ? +++ exited with 0 +++ [ 62.381350][