./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor182488312 <...> Warning: Permanently added '10.128.1.167' (ED25519) to the list of known hosts. execve("./syz-executor182488312", ["./syz-executor182488312"], 0x7ffcc2fa45f0 /* 10 vars */) = 0 brk(NULL) = 0x55559420c000 brk(0x55559420cd00) = 0x55559420cd00 arch_prctl(ARCH_SET_FS, 0x55559420c380) = 0 set_tid_address(0x55559420c650) = 5057 set_robust_list(0x55559420c660, 24) = 0 rseq(0x55559420cca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor182488312", 4096) = 27 getrandom("\xdc\x43\x9f\x34\x6b\x3d\xcf\xdc", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55559420cd00 brk(0x55559422dd00) = 0x55559422dd00 brk(0x55559422e000) = 0x55559422e000 mprotect(0x7fe65d22e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/sequencer2", O_RDONLY) = 3 openat(AT_FDCWD, "/dev/audio", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_LARGEFILE, 000) = 4 write(4, "#! ./file0\n", 11) = 11 exit_group(0) = ? [ 56.733987][ T5057] [ 56.736339][ T5057] ================================ [ 56.741426][ T5057] WARNING: inconsistent lock state [ 56.746613][ T5057] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 56.753261][ T5057] -------------------------------- [ 56.758342][ T5057] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. [ 56.765164][ T5057] syz-executor182/5057 [HC0[0]:SC0[0]:HE1:SE1] takes: [ 56.771906][ T5057] ffff888029edf148 (&timer->lock){+.?.}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 56.781388][ T5057] {IN-SOFTIRQ-W} state was registered at: [ 56.787102][ T5057] lock_acquire+0x1e4/0x530 [ 56.791671][ T5057] _raw_spin_lock_irqsave+0xd5/0x120 [ 56.797047][ T5057] snd_timer_notify+0x103/0x3d0 [ 56.801976][ T5057] snd_pcm_drain_done+0x2b8/0x3e0 [ 56.807089][ T5057] snd_pcm_update_state+0x31b/0x410 [ 56.812444][ T5057] snd_pcm_update_hw_ptr0+0x1066/0x1a70 [ 56.818062][ T5057] snd_pcm_period_elapsed_under_stream_lock+0xeb/0x210 [ 56.824975][ T5057] snd_pcm_period_elapsed+0x2c/0x50 [ 56.830238][ T5057] dummy_hrtimer_callback+0x7f/0x180 [ 56.835612][ T5057] __hrtimer_run_queues+0x595/0xd00 [ 56.840880][ T5057] hrtimer_run_softirq+0x19a/0x2c0 [ 56.846161][ T5057] __do_softirq+0x2bc/0x943 [ 56.850750][ T5057] __irq_exit_rcu+0xf2/0x1c0 [ 56.855416][ T5057] irq_exit_rcu+0x9/0x30 [ 56.859722][ T5057] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 56.865421][ T5057] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 56.871494][ T5057] acpi_safe_halt+0x21/0x30 [ 56.876066][ T5057] acpi_idle_enter+0xe4/0x140 [ 56.880807][ T5057] cpuidle_enter_state+0x118/0x490 [ 56.885983][ T5057] cpuidle_enter+0x5d/0xa0 [ 56.890465][ T5057] do_idle+0x375/0x5d0 [ 56.894623][ T5057] cpu_startup_entry+0x42/0x60 [ 56.899472][ T5057] rest_init+0x2e0/0x300 [ 56.903783][ T5057] arch_call_rest_init+0xe/0x10 [ 56.908704][ T5057] start_kernel+0x47a/0x500 [ 56.913274][ T5057] x86_64_start_reservations+0x2a/0x30 [ 56.918887][ T5057] x86_64_start_kernel+0x99/0xa0 [ 56.923887][ T5057] common_startup_64+0x13e/0x147 [ 56.928908][ T5057] irq event stamp: 5197 [ 56.933038][ T5057] hardirqs last enabled at (5197): [] _raw_spin_unlock_irq+0x23/0x50 [ 56.942737][ T5057] hardirqs last disabled at (5196): [] _raw_spin_lock_irq+0xad/0x120 [ 56.952376][ T5057] softirqs last enabled at (2622): [] __irq_exit_rcu+0xf2/0x1c0 [ 56.961637][ T5057] softirqs last disabled at (2609): [] __irq_exit_rcu+0xf2/0x1c0 [ 56.970930][ T5057] [ 56.970930][ T5057] other info that might help us debug this: [ 56.978985][ T5057] Possible unsafe locking scenario: [ 56.978985][ T5057] [ 56.986431][ T5057] CPU0 [ 56.989695][ T5057] ---- [ 56.993034][ T5057] lock(&timer->lock); [ 56.997199][ T5057] [ 57.000664][ T5057] lock(&timer->lock); [ 57.004974][ T5057] [ 57.004974][ T5057] *** DEADLOCK *** [ 57.004974][ T5057] [ 57.013095][ T5057] 3 locks held by syz-executor182/5057: [ 57.018614][ T5057] #0: ffffffff8f2d3228 (register_mutex#4){+.+.}-{3:3}, at: odev_release+0x4e/0x80 [ 57.027932][ T5057] #1: ffff88801d869978 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_delete+0x5b/0xf0 [ 57.037829][ T5057] #2: ffffffff8f2c1a68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 57.047318][ T5057] [ 57.047318][ T5057] stack backtrace: [ 57.053190][ T5057] CPU: 0 PID: 5057 Comm: syz-executor182 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 57.063415][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 57.073477][ T5057] Call Trace: [ 57.076740][ T5057] [ 57.079764][ T5057] dump_stack_lvl+0x241/0x360 [ 57.084425][ T5057] ? __pfx_dump_stack_lvl+0x10/0x10 [ 57.089605][ T5057] ? print_usage_bug+0x61a/0x8a0 [ 57.094528][ T5057] ? is_bpf_text_address+0x28d/0x2b0 [ 57.099822][ T5057] valid_state+0x13a/0x1c0 [ 57.104225][ T5057] mark_lock_irq+0xbb/0xc20 [ 57.108800][ T5057] ? arch_stack_walk+0x16d/0x1b0 [ 57.113749][ T5057] ? __pfx_mark_lock_irq+0x10/0x10 [ 57.118851][ T5057] ? stack_trace_save+0x118/0x1d0 [ 57.123860][ T5057] ? __pfx_stack_trace_save+0x10/0x10 [ 57.129220][ T5057] ? save_trace+0x749/0xb40 [ 57.133708][ T5057] mark_lock+0x223/0x350 [ 57.137933][ T5057] __lock_acquire+0x116e/0x1fd0 [ 57.142768][ T5057] lock_acquire+0x1e4/0x530 [ 57.147261][ T5057] ? snd_timer_close_locked+0x53/0x8d0 [ 57.152707][ T5057] ? __pfx___mutex_trylock_common+0x10/0x10 [ 57.158584][ T5057] ? __pfx_lock_acquire+0x10/0x10 [ 57.163653][ T5057] ? rcu_is_watching+0x15/0xb0 [ 57.168430][ T5057] ? trace_contention_end+0x3c/0x100 [ 57.173718][ T5057] ? __mutex_lock+0x2ef/0xd70 [ 57.178378][ T5057] ? snd_timer_close+0xa3/0x130 [ 57.183241][ T5057] _raw_spin_lock+0x2e/0x40 [ 57.187762][ T5057] ? snd_timer_close_locked+0x53/0x8d0 [ 57.193296][ T5057] snd_timer_close_locked+0x53/0x8d0 [ 57.198591][ T5057] snd_timer_close+0xae/0x130 [ 57.203253][ T5057] ? __pfx_snd_timer_close+0x10/0x10 [ 57.208523][ T5057] ? _raw_spin_unlock_irq+0x23/0x50 [ 57.213708][ T5057] ? lockdep_hardirqs_on+0x99/0x150 [ 57.218895][ T5057] snd_seq_timer_close+0xa9/0xe0 [ 57.223817][ T5057] snd_seq_queue_delete+0x8f/0xf0 [ 57.228828][ T5057] snd_seq_oss_release+0x1d3/0x310 [ 57.233928][ T5057] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 57.239541][ T5057] ? __asan_memset+0x23/0x50 [ 57.244121][ T5057] ? __fput+0x30f/0x8a0 [ 57.248264][ T5057] ? evm_file_release+0x140/0x1d0 [ 57.253269][ T5057] ? __pfx_odev_release+0x10/0x10 [ 57.258276][ T5057] odev_release+0x56/0x80 [ 57.262599][ T5057] __fput+0x429/0x8a0 [ 57.266568][ T5057] task_work_run+0x24f/0x310 [ 57.271243][ T5057] ? __pfx_task_work_run+0x10/0x10 [ 57.276344][ T5057] ? switch_task_namespaces+0xe1/0x110 [ 57.281784][ T5057] do_exit+0xa1b/0x27e0 [ 57.285926][ T5057] ? __pfx_do_exit+0x10/0x10 [ 57.290509][ T5057] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 57.296473][ T5057] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 57.302799][ T5057] ? _raw_spin_unlock_irq+0x23/0x50 [ 57.307983][ T5057] ? lockdep_hardirqs_on+0x99/0x150 [ 57.313170][ T5057] do_group_exit+0x207/0x2c0 [ 57.317749][ T5057] __x64_sys_exit_group+0x3f/0x40 [ 57.322763][ T5057] do_syscall_64+0xfb/0x240 [ 57.327247][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 57.333130][ T5057] RIP: 0033:0x7fe65d1b9cb9 [ 57.337527][ T5057] Code: Unable to access opcode bytes at 0x7fe65d1b9c8f. [ 57.344526][ T5057] RSP: 002b:00007fffb1b08258 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 57.352921][ T5057] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe65d1b9cb9 [ 57.360896][ T5057] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 57.368868][ T5057] RBP: 00007fe65d234270 R08: ffffffffffffffb8 R09: 00007fffb1b08478 [ 57.376829][ T5057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe65d234270 +++ exited with 0 +++ [ 57.384837][ T5057] R