./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3689156863 <...> Warning: Permanently added '10.128.0.21' (ED25519) to the list of known hosts. execve("./syz-executor3689156863", ["./syz-executor3689156863"], 0x7ffd0ed3a9b0 /* 10 vars */) = 0 brk(NULL) = 0x5555743a0000 brk(0x5555743a0d00) = 0x5555743a0d00 arch_prctl(ARCH_SET_FS, 0x5555743a0380) = 0 set_tid_address(0x5555743a0650) = 5063 set_robust_list(0x5555743a0660, 24) = 0 rseq(0x5555743a0ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3689156863", 4096) = 28 getrandom("\x31\x3b\xd4\x26\x8e\xf6\xb5\x80", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555743a0d00 brk(0x5555743c1d00) = 0x5555743c1d00 brk(0x5555743c2000) = 0x5555743c2000 mprotect(0x7fc5c825d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/sequencer", O_RDWR|O_APPEND) = 3 openat(AT_FDCWD, "/dev/audio", O_RDONLY) = 4 read(4, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 218) = 218 exit_group(0) = ? [ 73.673003][ T5063] [ 73.675362][ T5063] ======================================================== [ 73.682627][ T5063] WARNING: possible irq lock inversion dependency detected [ 73.689835][ T5063] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 73.696512][ T5063] -------------------------------------------------------- [ 73.703689][ T5063] syz-executor368/5063 just changed the state of lock: [ 73.710525][ T5063] ffff88802a290948 (&timer->lock){+.+.}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 73.720056][ T5063] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 73.728116][ T5063] (&group->lock#2){..-.}-{2:2} [ 73.728148][ T5063] [ 73.728148][ T5063] [ 73.728148][ T5063] and interrupts could create inverse lock ordering between them. [ 73.728148][ T5063] [ 73.747292][ T5063] [ 73.747292][ T5063] other info that might help us debug this: [ 73.755377][ T5063] Possible interrupt unsafe locking scenario: [ 73.755377][ T5063] [ 73.763685][ T5063] CPU0 CPU1 [ 73.769073][ T5063] ---- ---- [ 73.774429][ T5063] lock(&timer->lock); [ 73.778584][ T5063] local_irq_disable(); [ 73.785329][ T5063] lock(&group->lock#2); [ 73.792177][ T5063] lock(&timer->lock); [ 73.798845][ T5063] [ 73.802288][ T5063] lock(&group->lock#2); [ 73.806793][ T5063] [ 73.806793][ T5063] *** DEADLOCK *** [ 73.806793][ T5063] [ 73.814942][ T5063] 3 locks held by syz-executor368/5063: [ 73.820497][ T5063] #0: ffffffff8f2d3228 (register_mutex#4){+.+.}-{3:3}, at: odev_release+0x4e/0x80 [ 73.829841][ T5063] #1: ffff888021e4b978 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_delete+0x5b/0xf0 [ 73.839780][ T5063] #2: ffffffff8f2c1a68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 73.849314][ T5063] [ 73.849314][ T5063] the shortest dependencies between 2nd lock and 1st lock: [ 73.858693][ T5063] -> (&group->lock#2){..-.}-{2:2} { [ 73.864091][ T5063] IN-SOFTIRQ-W at: [ 73.868167][ T5063] lock_acquire+0x1e4/0x530 [ 73.874529][ T5063] _raw_spin_lock_irqsave+0xd5/0x120 [ 73.881647][ T5063] snd_pcm_period_elapsed+0x21/0x50 [ 73.888746][ T5063] dummy_hrtimer_callback+0x7f/0x180 [ 73.895869][ T5063] __hrtimer_run_queues+0x595/0xd00 [ 73.902899][ T5063] hrtimer_run_softirq+0x19a/0x2c0 [ 73.909833][ T5063] __do_softirq+0x2bc/0x943 [ 73.916151][ T5063] __irq_exit_rcu+0xf2/0x1c0 [ 73.922563][ T5063] irq_exit_rcu+0x9/0x30 [ 73.928625][ T5063] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 73.936083][ T5063] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 73.943880][ T5063] acpi_safe_halt+0x21/0x30 [ 73.950201][ T5063] acpi_idle_enter+0xe4/0x140 [ 73.956694][ T5063] cpuidle_enter_state+0x118/0x490 [ 73.963617][ T5063] cpuidle_enter+0x5d/0xa0 [ 73.969866][ T5063] do_idle+0x375/0x5d0 [ 73.975749][ T5063] cpu_startup_entry+0x42/0x60 [ 73.982329][ T5063] __pfx_ap_starting+0x0/0x10 [ 73.988937][ T5063] common_startup_64+0x13e/0x147 [ 73.995695][ T5063] INITIAL USE at: [ 73.999686][ T5063] lock_acquire+0x1e4/0x530 [ 74.005918][ T5063] _raw_spin_lock_irq+0xd3/0x120 [ 74.012594][ T5063] snd_pcm_hw_params+0x201/0x1ea0 [ 74.019357][ T5063] snd_pcm_oss_change_params_locked+0x20d5/0x3e00 [ 74.027504][ T5063] snd_pcm_oss_read+0x24c/0x940 [ 74.034116][ T5063] vfs_read+0x204/0xb70 [ 74.040016][ T5063] ksys_read+0x1a0/0x2c0 [ 74.045986][ T5063] do_syscall_64+0xfb/0x240 [ 74.052229][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.059854][ T5063] } [ 74.062431][ T5063] ... key at: [] snd_pcm_group_init.__key+0x0/0x20 [ 74.071101][ T5063] ... acquired at: [ 74.074981][ T5063] lock_acquire+0x1e4/0x530 [ 74.079664][ T5063] _raw_spin_lock_irqsave+0xd5/0x120 [ 74.085127][ T5063] snd_timer_notify+0x103/0x3d0 [ 74.090328][ T5063] snd_pcm_start+0x3fa/0x4c0 [ 74.095091][ T5063] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 74.100456][ T5063] snd_pcm_oss_read3+0x3ea/0x600 [ 74.105561][ T5063] snd_pcm_plug_read_transfer+0x3a1/0x470 [ 74.111459][ T5063] snd_pcm_oss_read2+0x296/0x430 [ 74.116563][ T5063] snd_pcm_oss_read+0x45b/0x940 [ 74.121580][ T5063] vfs_read+0x204/0xb70 [ 74.125902][ T5063] ksys_read+0x1a0/0x2c0 [ 74.130326][ T5063] do_syscall_64+0xfb/0x240 [ 74.135010][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.141104][ T5063] [ 74.143427][ T5063] -> (&timer->lock){+.+.}-{2:2} { [ 74.148468][ T5063] HARDIRQ-ON-W at: [ 74.152479][ T5063] lock_acquire+0x1e4/0x530 [ 74.158634][ T5063] _raw_spin_lock+0x2e/0x40 [ 74.164787][ T5063] snd_timer_close_locked+0x53/0x8d0 [ 74.171732][ T5063] snd_timer_close+0xae/0x130 [ 74.178056][ T5063] snd_seq_timer_close+0xa9/0xe0 [ 74.184639][ T5063] snd_seq_queue_delete+0x8f/0xf0 [ 74.191323][ T5063] snd_seq_oss_release+0x1d3/0x310 [ 74.198075][ T5063] odev_release+0x56/0x80 [ 74.204064][ T5063] __fput+0x429/0x8a0 [ 74.209709][ T5063] task_work_run+0x24f/0x310 [ 74.215966][ T5063] do_exit+0xa1b/0x27e0 [ 74.221780][ T5063] do_group_exit+0x207/0x2c0 [ 74.228026][ T5063] __x64_sys_exit_group+0x3f/0x40 [ 74.234704][ T5063] do_syscall_64+0xfb/0x240 [ 74.240875][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.248428][ T5063] SOFTIRQ-ON-W at: [ 74.252399][ T5063] lock_acquire+0x1e4/0x530 [ 74.258544][ T5063] _raw_spin_lock+0x2e/0x40 [ 74.264692][ T5063] snd_timer_close_locked+0x53/0x8d0 [ 74.271711][ T5063] snd_timer_close+0xae/0x130 [ 74.278053][ T5063] snd_seq_timer_close+0xa9/0xe0 [ 74.284658][ T5063] snd_seq_queue_delete+0x8f/0xf0 [ 74.291331][ T5063] snd_seq_oss_release+0x1d3/0x310 [ 74.298086][ T5063] odev_release+0x56/0x80 [ 74.304076][ T5063] __fput+0x429/0x8a0 [ 74.309704][ T5063] task_work_run+0x24f/0x310 [ 74.315941][ T5063] do_exit+0xa1b/0x27e0 [ 74.321747][ T5063] do_group_exit+0x207/0x2c0 [ 74.327980][ T5063] __x64_sys_exit_group+0x3f/0x40 [ 74.334656][ T5063] do_syscall_64+0xfb/0x240 [ 74.340812][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.348367][ T5063] INITIAL USE at: [ 74.352273][ T5063] lock_acquire+0x1e4/0x530 [ 74.358335][ T5063] _raw_spin_lock_irqsave+0xd5/0x120 [ 74.365185][ T5063] snd_timer_notify+0x103/0x3d0 [ 74.371601][ T5063] snd_pcm_start+0x3fa/0x4c0 [ 74.377748][ T5063] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 74.384504][ T5063] snd_pcm_oss_read3+0x3ea/0x600 [ 74.391010][ T5063] snd_pcm_plug_read_transfer+0x3a1/0x470 [ 74.398297][ T5063] snd_pcm_oss_read2+0x296/0x430 [ 74.404798][ T5063] snd_pcm_oss_read+0x45b/0x940 [ 74.411206][ T5063] vfs_read+0x204/0xb70 [ 74.416915][ T5063] ksys_read+0x1a0/0x2c0 [ 74.422720][ T5063] do_syscall_64+0xfb/0x240 [ 74.428775][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.436335][ T5063] } [ 74.438824][ T5063] ... key at: [] snd_timer_new.__key+0x0/0x20 [ 74.446998][ T5063] ... acquired at: [ 74.450805][ T5063] mark_lock+0x223/0x350 [ 74.455210][ T5063] __lock_acquire+0x116e/0x1fd0 [ 74.460225][ T5063] lock_acquire+0x1e4/0x530 [ 74.464894][ T5063] _raw_spin_lock+0x2e/0x40 [ 74.469568][ T5063] snd_timer_close_locked+0x53/0x8d0 [ 74.475049][ T5063] snd_timer_close+0xae/0x130 [ 74.479906][ T5063] snd_seq_timer_close+0xa9/0xe0 [ 74.485011][ T5063] snd_seq_queue_delete+0x8f/0xf0 [ 74.490239][ T5063] snd_seq_oss_release+0x1d3/0x310 [ 74.495522][ T5063] odev_release+0x56/0x80 [ 74.500072][ T5063] __fput+0x429/0x8a0 [ 74.504236][ T5063] task_work_run+0x24f/0x310 [ 74.508998][ T5063] do_exit+0xa1b/0x27e0 [ 74.513327][ T5063] do_group_exit+0x207/0x2c0 [ 74.518091][ T5063] __x64_sys_exit_group+0x3f/0x40 [ 74.523285][ T5063] do_syscall_64+0xfb/0x240 [ 74.527963][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.534027][ T5063] [ 74.536341][ T5063] [ 74.536341][ T5063] stack backtrace: [ 74.542218][ T5063] CPU: 1 PID: 5063 Comm: syz-executor368 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 74.552409][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 74.562487][ T5063] Call Trace: [ 74.565772][ T5063] [ 74.568713][ T5063] dump_stack_lvl+0x241/0x360 [ 74.573398][ T5063] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.578593][ T5063] ? print_shortest_lock_dependencies+0xf2/0x160 [ 74.584941][ T5063] ? print_irq_inversion_bug+0x329/0x3a0 [ 74.590579][ T5063] mark_lock_irq+0x867/0xc20 [ 74.595213][ T5063] ? __pfx_mark_lock_irq+0x10/0x10 [ 74.600326][ T5063] ? stack_trace_save+0x118/0x1d0 [ 74.605371][ T5063] ? __pfx_stack_trace_save+0x10/0x10 [ 74.610750][ T5063] ? save_trace+0x749/0xb40 [ 74.615257][ T5063] mark_lock+0x223/0x350 [ 74.619499][ T5063] __lock_acquire+0x116e/0x1fd0 [ 74.624368][ T5063] lock_acquire+0x1e4/0x530 [ 74.628875][ T5063] ? snd_timer_close_locked+0x53/0x8d0 [ 74.634336][ T5063] ? __pfx___mutex_trylock_common+0x10/0x10 [ 74.640230][ T5063] ? __pfx_lock_acquire+0x10/0x10 [ 74.645280][ T5063] ? rcu_is_watching+0x15/0xb0 [ 74.650048][ T5063] ? trace_contention_end+0x3c/0x100 [ 74.655330][ T5063] ? __mutex_lock+0x2ef/0xd70 [ 74.660023][ T5063] ? snd_timer_close+0xa3/0x130 [ 74.664917][ T5063] _raw_spin_lock+0x2e/0x40 [ 74.669431][ T5063] ? snd_timer_close_locked+0x53/0x8d0 [ 74.674900][ T5063] snd_timer_close_locked+0x53/0x8d0 [ 74.680225][ T5063] snd_timer_close+0xae/0x130 [ 74.684917][ T5063] ? __pfx_snd_timer_close+0x10/0x10 [ 74.690222][ T5063] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.695421][ T5063] ? lockdep_hardirqs_on+0x99/0x150 [ 74.700624][ T5063] snd_seq_timer_close+0xa9/0xe0 [ 74.705568][ T5063] snd_seq_queue_delete+0x8f/0xf0 [ 74.710604][ T5063] snd_seq_oss_release+0x1d3/0x310 [ 74.715714][ T5063] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 74.721349][ T5063] ? __asan_memset+0x23/0x50 [ 74.725947][ T5063] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.732269][ T5063] ? evm_file_release+0x140/0x1d0 [ 74.737289][ T5063] ? __pfx_odev_release+0x10/0x10 [ 74.742308][ T5063] odev_release+0x56/0x80 [ 74.746649][ T5063] __fput+0x429/0x8a0 [ 74.750640][ T5063] task_work_run+0x24f/0x310 [ 74.755231][ T5063] ? __pfx_task_work_run+0x10/0x10 [ 74.760361][ T5063] ? switch_task_namespaces+0xe1/0x110 [ 74.765813][ T5063] do_exit+0xa1b/0x27e0 [ 74.769977][ T5063] ? __pfx_do_exit+0x10/0x10 [ 74.774591][ T5063] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 74.780580][ T5063] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.786918][ T5063] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.792139][ T5063] ? lockdep_hardirqs_on+0x99/0x150 [ 74.797339][ T5063] do_group_exit+0x207/0x2c0 [ 74.801950][ T5063] __x64_sys_exit_group+0x3f/0x40 [ 74.806970][ T5063] do_syscall_64+0xfb/0x240 [ 74.811463][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.817357][ T5063] RIP: 0033:0x7fc5c81e8c79 [ 74.821763][ T5063] Code: Unable to access opcode bytes at 0x7fc5c81e8c4f. [ 74.828788][ T5063] RSP: 002b:00007ffe56f0ab08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 74.837195][ T5063] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc5c81e8c79 [ 74.845174][ T5063] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 74.853154][ T5063] RBP: 00007fc5c8263270 R08: ffffffffffffffb8 R09: 00007ffe56f0ad28 [ 74.861140][ T5063] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc5c8263270 [ 74.869109][ T5063] R13: 0000000000000000 R14: 00007fc5c8263cc0 R15: 00007fc5c81baa60 +++ exited with 0 +++ [ 74.8771