./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4259684349 <...> Warning: Permanently added '10.128.1.73' (ED25519) to the list of known hosts. execve("./syz-executor4259684349", ["./syz-executor4259684349"], 0x7fffa0b6f590 /* 10 vars */) = 0 brk(NULL) = 0x5555645ac000 brk(0x5555645acd00) = 0x5555645acd00 arch_prctl(ARCH_SET_FS, 0x5555645ac380) = 0 set_tid_address(0x5555645ac650) = 5071 set_robust_list(0x5555645ac660, 24) = 0 rseq(0x5555645acca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4259684349", 4096) = 28 getrandom("\x90\x7b\xf5\x50\xf1\xb1\x32\xaf", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555645acd00 brk(0x5555645cdd00) = 0x5555645cdd00 brk(0x5555645ce000) = 0x5555645ce000 mprotect(0x7fd193cdc000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/audio1", O_RDONLY) = 3 read(3, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff", 74) = 74 openat(AT_FDCWD, "/dev/sequencer", O_RDONLY) = 4 exit_group(0) = ? [ 76.051424][ T5071] [ 76.053768][ T5071] ======================================================== [ 76.060985][ T5071] WARNING: possible irq lock inversion dependency detected [ 76.068165][ T5071] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 76.075111][ T5071] -------------------------------------------------------- [ 76.082310][ T5071] syz-executor425/5071 just changed the state of lock: [ 76.089142][ T5071] ffff8880299b7148 (&timer->lock){+.+.}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 76.098670][ T5071] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 76.106716][ T5071] (&group->lock#2){..-.}-{2:2} [ 76.106752][ T5071] [ 76.106752][ T5071] [ 76.106752][ T5071] and interrupts could create inverse lock ordering between them. [ 76.106752][ T5071] [ 76.125888][ T5071] [ 76.125888][ T5071] other info that might help us debug this: [ 76.133949][ T5071] Possible interrupt unsafe locking scenario: [ 76.133949][ T5071] [ 76.142251][ T5071] CPU0 CPU1 [ 76.147600][ T5071] ---- ---- [ 76.152950][ T5071] lock(&timer->lock); [ 76.157100][ T5071] local_irq_disable(); [ 76.163845][ T5071] lock(&group->lock#2); [ 76.170694][ T5071] lock(&timer->lock); [ 76.177381][ T5071] [ 76.180826][ T5071] lock(&group->lock#2); [ 76.185332][ T5071] [ 76.185332][ T5071] *** DEADLOCK *** [ 76.185332][ T5071] [ 76.193462][ T5071] 3 locks held by syz-executor425/5071: [ 76.198990][ T5071] #0: ffffffff8f2e5728 (register_mutex#4){+.+.}-{3:3}, at: odev_release+0x4e/0x80 [ 76.208323][ T5071] #1: ffff88802e96cd78 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_delete+0x5b/0xf0 [ 76.218256][ T5071] #2: ffffffff8f2d3f68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 76.227768][ T5071] [ 76.227768][ T5071] the shortest dependencies between 2nd lock and 1st lock: [ 76.237163][ T5071] -> (&group->lock#2){..-.}-{2:2} { [ 76.242645][ T5071] IN-SOFTIRQ-W at: [ 76.246703][ T5071] lock_acquire+0x1e4/0x530 [ 76.253022][ T5071] _raw_spin_lock_irqsave+0xd5/0x120 [ 76.260148][ T5071] snd_pcm_period_elapsed+0x21/0x50 [ 76.267173][ T5071] call_timer_fn+0x180/0x600 [ 76.273582][ T5071] __run_timer_base+0x66a/0x8e0 [ 76.280247][ T5071] run_timer_softirq+0xb7/0x170 [ 76.286911][ T5071] __do_softirq+0x2be/0x943 [ 76.293248][ T5071] __irq_exit_rcu+0xf2/0x1c0 [ 76.299651][ T5071] irq_exit_rcu+0x9/0x30 [ 76.305707][ T5071] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 76.313161][ T5071] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 76.320961][ T5071] acpi_safe_halt+0x21/0x30 [ 76.327283][ T5071] acpi_idle_enter+0xe4/0x140 [ 76.333776][ T5071] cpuidle_enter_state+0x11a/0x490 [ 76.340703][ T5071] cpuidle_enter+0x5d/0xa0 [ 76.346935][ T5071] do_idle+0x375/0x5d0 [ 76.352846][ T5071] cpu_startup_entry+0x42/0x60 [ 76.359448][ T5071] rest_init+0x2e0/0x300 [ 76.365511][ T5071] arch_call_rest_init+0xe/0x10 [ 76.372194][ T5071] start_kernel+0x47a/0x500 [ 76.378535][ T5071] x86_64_start_reservations+0x2a/0x30 [ 76.385822][ T5071] x86_64_start_kernel+0x99/0xa0 [ 76.392585][ T5071] common_startup_64+0x13e/0x147 [ 76.399349][ T5071] INITIAL USE at: [ 76.403324][ T5071] lock_acquire+0x1e4/0x530 [ 76.409567][ T5071] _raw_spin_lock_irq+0xd3/0x120 [ 76.416252][ T5071] snd_pcm_hw_params+0x201/0x1ea0 [ 76.423020][ T5071] snd_pcm_oss_change_params_locked+0x20d5/0x3e00 [ 76.431170][ T5071] snd_pcm_oss_read+0x24c/0x940 [ 76.437762][ T5071] vfs_read+0x206/0xb70 [ 76.443748][ T5071] ksys_read+0x1a0/0x2c0 [ 76.449725][ T5071] do_syscall_64+0xfd/0x240 [ 76.455966][ T5071] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.463593][ T5071] } [ 76.466166][ T5071] ... key at: [] snd_pcm_group_init.__key+0x0/0x20 [ 76.474833][ T5071] ... acquired at: [ 76.478708][ T5071] lock_acquire+0x1e4/0x530 [ 76.483376][ T5071] _raw_spin_lock_irqsave+0xd5/0x120 [ 76.488842][ T5071] snd_timer_notify+0x103/0x3d0 [ 76.493872][ T5071] snd_pcm_start+0x3fc/0x4c0 [ 76.498630][ T5071] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 76.504006][ T5071] snd_pcm_oss_read3+0x3ea/0x600 [ 76.509111][ T5071] snd_pcm_plug_read_transfer+0x3a3/0x470 [ 76.515008][ T5071] snd_pcm_oss_read2+0x296/0x430 [ 76.520115][ T5071] snd_pcm_oss_read+0x45b/0x940 [ 76.525141][ T5071] vfs_read+0x206/0xb70 [ 76.529475][ T5071] ksys_read+0x1a0/0x2c0 [ 76.533890][ T5071] do_syscall_64+0xfd/0x240 [ 76.538561][ T5071] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.544628][ T5071] [ 76.546937][ T5071] -> (&timer->lock){+.+.}-{2:2} { [ 76.551978][ T5071] HARDIRQ-ON-W at: [ 76.555948][ T5071] lock_acquire+0x1e4/0x530 [ 76.562112][ T5071] _raw_spin_lock+0x2e/0x40 [ 76.568272][ T5071] snd_timer_close_locked+0x53/0x8d0 [ 76.575205][ T5071] snd_timer_close+0xae/0x130 [ 76.581535][ T5071] snd_seq_timer_close+0xa9/0xe0 [ 76.588119][ T5071] snd_seq_queue_delete+0x8f/0xf0 [ 76.594797][ T5071] snd_seq_oss_release+0x1d3/0x310 [ 76.601563][ T5071] odev_release+0x56/0x80 [ 76.607624][ T5071] __fput+0x42b/0x8a0 [ 76.613255][ T5071] task_work_run+0x251/0x310 [ 76.619497][ T5071] do_exit+0xa1b/0x27e0 [ 76.625298][ T5071] do_group_exit+0x207/0x2c0 [ 76.631540][ T5071] __x64_sys_exit_group+0x3f/0x40 [ 76.638216][ T5071] do_syscall_64+0xfd/0x240 [ 76.644361][ T5071] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.651903][ T5071] SOFTIRQ-ON-W at: [ 76.655875][ T5071] lock_acquire+0x1e4/0x530 [ 76.662023][ T5071] _raw_spin_lock+0x2e/0x40 [ 76.668176][ T5071] snd_timer_close_locked+0x53/0x8d0 [ 76.675112][ T5071] snd_timer_close+0xae/0x130 [ 76.681450][ T5071] snd_seq_timer_close+0xa9/0xe0 [ 76.688038][ T5071] snd_seq_queue_delete+0x8f/0xf0 [ 76.694718][ T5071] snd_seq_oss_release+0x1d3/0x310 [ 76.701474][ T5071] odev_release+0x56/0x80 [ 76.707446][ T5071] __fput+0x42b/0x8a0 [ 76.713069][ T5071] task_work_run+0x251/0x310 [ 76.719306][ T5071] do_exit+0xa1b/0x27e0 [ 76.725109][ T5071] do_group_exit+0x207/0x2c0 [ 76.731350][ T5071] __x64_sys_exit_group+0x3f/0x40 [ 76.738042][ T5071] do_syscall_64+0xfd/0x240 [ 76.744186][ T5071] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.751723][ T5071] INITIAL USE at: [ 76.755606][ T5071] lock_acquire+0x1e4/0x530 [ 76.761662][ T5071] _raw_spin_lock_irqsave+0xd5/0x120 [ 76.768509][ T5071] snd_timer_notify+0x103/0x3d0 [ 76.774933][ T5071] snd_pcm_start+0x3fc/0x4c0 [ 76.781099][ T5071] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 76.787865][ T5071] snd_pcm_oss_read3+0x3ea/0x600 [ 76.794365][ T5071] snd_pcm_plug_read_transfer+0x3a3/0x470 [ 76.801655][ T5071] snd_pcm_oss_read2+0x296/0x430 [ 76.808159][ T5071] snd_pcm_oss_read+0x45b/0x940 [ 76.814568][ T5071] vfs_read+0x206/0xb70 [ 76.820281][ T5071] ksys_read+0x1a0/0x2c0 [ 76.826081][ T5071] do_syscall_64+0xfd/0x240 [ 76.832145][ T5071] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.839595][ T5071] } [ 76.842080][ T5071] ... key at: [] snd_timer_new.__key+0x0/0x20 [ 76.850241][ T5071] ... acquired at: [ 76.854028][ T5071] mark_lock+0x223/0x350 [ 76.858439][ T5071] __lock_acquire+0x116e/0x1fd0 [ 76.863455][ T5071] lock_acquire+0x1e4/0x530 [ 76.868120][ T5071] _raw_spin_lock+0x2e/0x40 [ 76.872824][ T5071] snd_timer_close_locked+0x53/0x8d0 [ 76.878299][ T5071] snd_timer_close+0xae/0x130 [ 76.883179][ T5071] snd_seq_timer_close+0xa9/0xe0 [ 76.888283][ T5071] snd_seq_queue_delete+0x8f/0xf0 [ 76.893483][ T5071] snd_seq_oss_release+0x1d3/0x310 [ 76.898766][ T5071] odev_release+0x56/0x80 [ 76.903265][ T5071] __fput+0x42b/0x8a0 [ 76.907435][ T5071] task_work_run+0x251/0x310 [ 76.912200][ T5071] do_exit+0xa1b/0x27e0 [ 76.916533][ T5071] do_group_exit+0x207/0x2c0 [ 76.921295][ T5071] __x64_sys_exit_group+0x3f/0x40 [ 76.926519][ T5071] do_syscall_64+0xfd/0x240 [ 76.931192][ T5071] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 76.937259][ T5071] [ 76.939571][ T5071] [ 76.939571][ T5071] stack backtrace: [ 76.945449][ T5071] CPU: 0 PID: 5071 Comm: syz-executor425 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 76.955500][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 76.965548][ T5071] Call Trace: [ 76.968821][ T5071] [ 76.971760][ T5071] dump_stack_lvl+0x241/0x360 [ 76.976531][ T5071] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.981743][ T5071] ? srso_return_thunk+0x5/0x5f [ 76.986619][ T5071] ? print_shortest_lock_dependencies+0xf2/0x160 [ 76.992942][ T5071] ? srso_return_thunk+0x5/0x5f [ 76.997794][ T5071] ? print_irq_inversion_bug+0x329/0x3a0 [ 77.003433][ T5071] mark_lock_irq+0x867/0xc20 [ 77.008019][ T5071] ? srso_return_thunk+0x5/0x5f [ 77.012870][ T5071] ? __pfx_mark_lock_irq+0x10/0x10 [ 77.017983][ T5071] ? srso_return_thunk+0x5/0x5f [ 77.022829][ T5071] ? stack_trace_save+0x118/0x1d0 [ 77.027855][ T5071] ? __pfx_stack_trace_save+0x10/0x10 [ 77.033240][ T5071] ? srso_return_thunk+0x5/0x5f [ 77.038084][ T5071] ? save_trace+0x749/0xb40 [ 77.042590][ T5071] mark_lock+0x223/0x350 [ 77.046828][ T5071] __lock_acquire+0x116e/0x1fd0 [ 77.051681][ T5071] lock_acquire+0x1e4/0x530 [ 77.056192][ T5071] ? snd_timer_close_locked+0x53/0x8d0 [ 77.061670][ T5071] ? __pfx___mutex_trylock_common+0x10/0x10 [ 77.067568][ T5071] ? __pfx_lock_acquire+0x10/0x10 [ 77.072584][ T5071] ? rcu_is_watching+0x15/0xb0 [ 77.077343][ T5071] ? srso_return_thunk+0x5/0x5f [ 77.082295][ T5071] ? trace_contention_end+0x3c/0x100 [ 77.087589][ T5071] ? srso_return_thunk+0x5/0x5f [ 77.092435][ T5071] ? __mutex_lock+0x2ef/0xd70 [ 77.097122][ T5071] ? snd_timer_close+0xa3/0x130 [ 77.101983][ T5071] _raw_spin_lock+0x2e/0x40 [ 77.106510][ T5071] ? snd_timer_close_locked+0x53/0x8d0 [ 77.111967][ T5071] snd_timer_close_locked+0x53/0x8d0 [ 77.117255][ T5071] ? srso_return_thunk+0x5/0x5f [ 77.122132][ T5071] snd_timer_close+0xae/0x130 [ 77.126814][ T5071] ? __pfx_snd_timer_close+0x10/0x10 [ 77.132108][ T5071] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.137325][ T5071] ? srso_return_thunk+0x5/0x5f [ 77.142181][ T5071] ? lockdep_hardirqs_on+0x99/0x150 [ 77.147387][ T5071] snd_seq_timer_close+0xa9/0xe0 [ 77.152323][ T5071] snd_seq_queue_delete+0x8f/0xf0 [ 77.157358][ T5071] snd_seq_oss_release+0x1d3/0x310 [ 77.162463][ T5071] ? srso_return_thunk+0x5/0x5f [ 77.167312][ T5071] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 77.172943][ T5071] ? __asan_memset+0x23/0x50 [ 77.177541][ T5071] ? srso_return_thunk+0x5/0x5f [ 77.182386][ T5071] ? evm_file_release+0x140/0x1d0 [ 77.187429][ T5071] ? __pfx_odev_release+0x10/0x10 [ 77.192450][ T5071] odev_release+0x56/0x80 [ 77.196777][ T5071] __fput+0x42b/0x8a0 [ 77.200761][ T5071] task_work_run+0x251/0x310 [ 77.205357][ T5071] ? __pfx_task_work_run+0x10/0x10 [ 77.210492][ T5071] ? srso_return_thunk+0x5/0x5f [ 77.215336][ T5071] ? switch_task_namespaces+0xe1/0x110 [ 77.220792][ T5071] do_exit+0xa1b/0x27e0 [ 77.224956][ T5071] ? __pfx_do_exit+0x10/0x10 [ 77.229543][ T5071] ? srso_return_thunk+0x5/0x5f [ 77.234388][ T5071] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 77.240369][ T5071] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 77.246700][ T5071] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.251905][ T5071] ? srso_return_thunk+0x5/0x5f [ 77.256753][ T5071] ? lockdep_hardirqs_on+0x99/0x150 [ 77.261957][ T5071] do_group_exit+0x207/0x2c0 [ 77.266553][ T5071] __x64_sys_exit_group+0x3f/0x40 [ 77.271581][ T5071] do_syscall_64+0xfd/0x240 [ 77.276088][ T5071] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 77.281986][ T5071] RIP: 0033:0x7fd193c67c79 [ 77.286391][ T5071] Code: Unable to access opcode bytes at 0x7fd193c67c4f. [ 77.293397][ T5071] RSP: 002b:00007ffc31cb9cd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 +++ exited with 0 +++ [ 77.301901][ T5071] RAX: ffffffffffffffda RBX: 00000000000000