./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1545251991 <...> Warning: Permanently added '10.128.1.81' (ED25519) to the list of known hosts. execve("./syz-executor1545251991", ["./syz-executor1545251991"], 0x7fff6dacce40 /* 10 vars */) = 0 brk(NULL) = 0x55556ec08000 brk(0x55556ec08d00) = 0x55556ec08d00 arch_prctl(ARCH_SET_FS, 0x55556ec08380) = 0 set_tid_address(0x55556ec08650) = 5057 set_robust_list(0x55556ec08660, 24) = 0 rseq(0x55556ec08ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1545251991", 4096) = 28 getrandom("\xfa\x03\x0a\x8b\xc7\xab\xbb\xe4", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556ec08d00 brk(0x55556ec29d00) = 0x55556ec29d00 brk(0x55556ec2a000) = 0x55556ec2a000 mprotect(0x7f1f4e269000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/audio", O_WRONLY|O_TRUNC|O_NOATIME) = 3 write(3, "\x00\x00\x00\x00\x18\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32) = 32 openat(AT_FDCWD, "/dev/sequencer2", O_RDWR) = 4 exit_group(0) = ? [ 56.161751][ C1] [ 56.164109][ C1] ======================================================== [ 56.171278][ C1] WARNING: possible irq lock inversion dependency detected [ 56.178488][ C1] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 56.185146][ C1] -------------------------------------------------------- [ 56.192318][ C1] swapper/1/0 just changed the state of lock: [ 56.198708][ C1] ffff8880298e6110 (&group->lock#2){..-.}-{2:2}, at: snd_pcm_period_elapsed+0x21/0x50 [ 56.208282][ C1] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 56.215799][ C1] (&timer->lock){+.+.}-{2:2} [ 56.215815][ C1] [ 56.215815][ C1] [ 56.215815][ C1] and interrupts could create inverse lock ordering between them. [ 56.215815][ C1] [ 56.234773][ C1] [ 56.234773][ C1] other info that might help us debug this: [ 56.242821][ C1] Possible interrupt unsafe locking scenario: [ 56.242821][ C1] [ 56.251128][ C1] CPU0 CPU1 [ 56.256518][ C1] ---- ---- [ 56.261873][ C1] lock(&timer->lock); [ 56.266021][ C1] local_irq_disable(); [ 56.272766][ C1] lock(&group->lock#2); [ 56.279600][ C1] lock(&timer->lock); [ 56.286251][ C1] [ 56.289682][ C1] lock(&group->lock#2); [ 56.294168][ C1] [ 56.294168][ C1] *** DEADLOCK *** [ 56.294168][ C1] [ 56.302288][ C1] no locks held by swapper/1/0. [ 56.307112][ C1] [ 56.307112][ C1] the shortest dependencies between 2nd lock and 1st lock: [ 56.316490][ C1] -> (&timer->lock){+.+.}-{2:2} { [ 56.321634][ C1] HARDIRQ-ON-W at: [ 56.325680][ C1] lock_acquire+0x1e4/0x530 [ 56.331991][ C1] _raw_spin_lock+0x2e/0x40 [ 56.338315][ C1] snd_timer_close_locked+0x53/0x8d0 [ 56.345432][ C1] snd_timer_close+0xae/0x130 [ 56.351924][ C1] snd_seq_timer_close+0xa9/0xe0 [ 56.358661][ C1] snd_seq_queue_delete+0x8f/0xf0 [ 56.365491][ C1] snd_seq_oss_release+0x1d3/0x310 [ 56.372409][ C1] odev_release+0x56/0x80 [ 56.378562][ C1] __fput+0x429/0x8a0 [ 56.384355][ C1] task_work_run+0x24f/0x310 [ 56.390751][ C1] do_exit+0xa1b/0x27e0 [ 56.396734][ C1] do_group_exit+0x207/0x2c0 [ 56.403146][ C1] __x64_sys_exit_group+0x3f/0x40 [ 56.409987][ C1] do_syscall_64+0xfb/0x240 [ 56.416291][ C1] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 56.423992][ C1] SOFTIRQ-ON-W at: [ 56.428041][ C1] lock_acquire+0x1e4/0x530 [ 56.434391][ C1] _raw_spin_lock+0x2e/0x40 [ 56.440715][ C1] snd_timer_close_locked+0x53/0x8d0 [ 56.447830][ C1] snd_timer_close+0xae/0x130 [ 56.454326][ C1] snd_seq_timer_close+0xa9/0xe0 [ 56.461081][ C1] snd_seq_queue_delete+0x8f/0xf0 [ 56.467910][ C1] snd_seq_oss_release+0x1d3/0x310 [ 56.474892][ C1] odev_release+0x56/0x80 [ 56.481043][ C1] __fput+0x429/0x8a0 [ 56.487020][ C1] task_work_run+0x24f/0x310 [ 56.493444][ C1] do_exit+0xa1b/0x27e0 [ 56.499436][ C1] do_group_exit+0x207/0x2c0 [ 56.505885][ C1] __x64_sys_exit_group+0x3f/0x40 [ 56.512721][ C1] do_syscall_64+0xfb/0x240 [ 56.519060][ C1] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 56.526760][ C1] INITIAL USE at: [ 56.530722][ C1] lock_acquire+0x1e4/0x530 [ 56.536975][ C1] _raw_spin_lock+0x2e/0x40 [ 56.543213][ C1] snd_timer_close_locked+0x53/0x8d0 [ 56.550214][ C1] snd_timer_close+0xae/0x130 [ 56.556606][ C1] snd_seq_timer_close+0xa9/0xe0 [ 56.563256][ C1] snd_seq_queue_delete+0x8f/0xf0 [ 56.570000][ C1] snd_seq_oss_release+0x1d3/0x310 [ 56.576826][ C1] odev_release+0x56/0x80 [ 56.582873][ C1] __fput+0x429/0x8a0 [ 56.588574][ C1] task_work_run+0x24f/0x310 [ 56.594879][ C1] do_exit+0xa1b/0x27e0 [ 56.600756][ C1] do_group_exit+0x207/0x2c0 [ 56.607064][ C1] __x64_sys_exit_group+0x3f/0x40 [ 56.613834][ C1] do_syscall_64+0xfb/0x240 [ 56.620082][ C1] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 56.627716][ C1] } [ 56.630284][ C1] ... key at: [] snd_timer_new.__key+0x0/0x20 [ 56.638528][ C1] ... acquired at: [ 56.642404][ C1] lock_acquire+0x1e4/0x530 [ 56.647085][ C1] _raw_spin_lock_irqsave+0xd5/0x120 [ 56.652543][ C1] snd_timer_notify+0x103/0x3d0 [ 56.657562][ C1] snd_pcm_start+0x3fa/0x4c0 [ 56.662308][ C1] __snd_pcm_lib_xfer+0x18bf/0x1e30 [ 56.667656][ C1] snd_pcm_oss_write3+0x1c4/0x350 [ 56.672838][ C1] snd_pcm_plug_write_transfer+0x2ff/0x530 [ 56.678802][ C1] snd_pcm_oss_sync1+0x2fe/0x7b0 [ 56.683916][ C1] snd_pcm_oss_sync+0x7cd/0xc30 [ 56.689051][ C1] snd_pcm_oss_release+0x11e/0x280 [ 56.694339][ C1] __fput+0x429/0x8a0 [ 56.698571][ C1] task_work_run+0x24f/0x310 [ 56.703923][ C1] do_exit+0xa1b/0x27e0 [ 56.708232][ C1] do_group_exit+0x207/0x2c0 [ 56.712986][ C1] __x64_sys_exit_group+0x3f/0x40 [ 56.718334][ C1] do_syscall_64+0xfb/0x240 [ 56.723019][ C1] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 56.729102][ C1] [ 56.731578][ C1] -> (&group->lock#2){..-.}-{2:2} { [ 56.736795][ C1] IN-SOFTIRQ-W at: [ 56.740765][ C1] lock_acquire+0x1e4/0x530 [ 56.746927][ C1] _raw_spin_lock_irqsave+0xd5/0x120 [ 56.753844][ C1] snd_pcm_period_elapsed+0x21/0x50 [ 56.760670][ C1] dummy_hrtimer_callback+0x7f/0x180 [ 56.767606][ C1] __hrtimer_run_queues+0x595/0xd00 [ 56.774463][ C1] hrtimer_run_softirq+0x19a/0x2c0 [ 56.781298][ C1] __do_softirq+0x2bc/0x943 [ 56.787445][ C1] __irq_exit_rcu+0xf2/0x1c0 [ 56.793850][ C1] irq_exit_rcu+0x9/0x30 [ 56.799915][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 56.807242][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 56.814872][ C1] acpi_safe_halt+0x21/0x30 [ 56.821012][ C1] acpi_idle_enter+0xe4/0x140 [ 56.827316][ C1] cpuidle_enter_state+0x118/0x490 [ 56.834059][ C1] cpuidle_enter+0x5d/0xa0 [ 56.840102][ C1] do_idle+0x375/0x5d0 [ 56.845799][ C1] cpu_startup_entry+0x42/0x60 [ 56.852208][ C1] __pfx_ap_starting+0x0/0x10 [ 56.858513][ C1] common_startup_64+0x13e/0x147 [ 56.865079][ C1] INITIAL USE at: [ 56.868954][ C1] lock_acquire+0x1e4/0x530 [ 56.875028][ C1] _raw_spin_lock_irq+0xd3/0x120 [ 56.881598][ C1] snd_pcm_hw_params+0x201/0x1ea0 [ 56.888343][ C1] snd_pcm_oss_change_params_locked+0x20d5/0x3e00 [ 56.896867][ C1] snd_pcm_oss_write+0x2d5/0x11f0 [ 56.903989][ C1] vfs_write+0x2a4/0xcb0 [ 56.909805][ C1] ksys_write+0x1a0/0x2c0 [ 56.915783][ C1] do_syscall_64+0xfb/0x240 [ 56.921976][ C1] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 56.929442][ C1] } [ 56.931980][ C1] ... key at: [] snd_pcm_group_init.__key+0x0/0x20 [ 56.940564][ C1] ... acquired at: [ 56.944343][ C1] mark_lock+0x223/0x350 [ 56.948747][ C1] __lock_acquire+0xbcd/0x1fd0 [ 56.953658][ C1] lock_acquire+0x1e4/0x530 [ 56.958309][ C1] _raw_spin_lock_irqsave+0xd5/0x120 [ 56.963746][ C1] snd_pcm_period_elapsed+0x21/0x50 [ 56.969105][ C1] dummy_hrtimer_callback+0x7f/0x180 [ 56.974545][ C1] __hrtimer_run_queues+0x595/0xd00 [ 56.979908][ C1] hrtimer_run_softirq+0x19a/0x2c0 [ 56.985190][ C1] __do_softirq+0x2bc/0x943 [ 56.989864][ C1] __irq_exit_rcu+0xf2/0x1c0 [ 56.994612][ C1] irq_exit_rcu+0x9/0x30 [ 56.999003][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 57.004805][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 57.010961][ C1] acpi_safe_halt+0x21/0x30 [ 57.015617][ C1] acpi_idle_enter+0xe4/0x140 [ 57.020447][ C1] cpuidle_enter_state+0x118/0x490 [ 57.025796][ C1] cpuidle_enter+0x5d/0xa0 [ 57.030361][ C1] do_idle+0x375/0x5d0 [ 57.034579][ C1] cpu_startup_entry+0x42/0x60 [ 57.039492][ C1] __pfx_ap_starting+0x0/0x10 [ 57.044323][ C1] common_startup_64+0x13e/0x147 [ 57.049429][ C1] [ 57.051736][ C1] [ 57.051736][ C1] stack backtrace: [ 57.057599][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 57.066864][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 57.077089][ C1] Call Trace: [ 57.080372][ C1] [ 57.083198][ C1] dump_stack_lvl+0x241/0x360 [ 57.087859][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 57.093035][ C1] ? print_shortest_lock_dependencies+0xf2/0x160 [ 57.099372][ C1] ? print_irq_inversion_bug+0x329/0x3a0 [ 57.105009][ C1] mark_lock_irq+0x80c/0xc20 [ 57.109604][ C1] ? __pfx_mark_lock_irq+0x10/0x10 [ 57.114748][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 57.120131][ C1] ? validate_chain+0x11b/0x58e0 [ 57.125054][ C1] ? lockdep_lock+0x123/0x2b0 [ 57.129710][ C1] ? save_trace+0x5a/0xb40 [ 57.134107][ C1] ? __lock_acquire+0x1346/0x1fd0 [ 57.139107][ C1] mark_lock+0x223/0x350 [ 57.143327][ C1] __lock_acquire+0xbcd/0x1fd0 [ 57.148071][ C1] lock_acquire+0x1e4/0x530 [ 57.152548][ C1] ? snd_pcm_period_elapsed+0x21/0x50 [ 57.157898][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 57.162897][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 57.169213][ C1] _raw_spin_lock_irqsave+0xd5/0x120 [ 57.174604][ C1] ? snd_pcm_period_elapsed+0x21/0x50 [ 57.180125][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 57.186244][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 57.191460][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 57.197385][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 57.203714][ C1] snd_pcm_period_elapsed+0x21/0x50 [ 57.208998][ C1] dummy_hrtimer_callback+0x7f/0x180 [ 57.214550][ C1] ? __pfx_dummy_hrtimer_callback+0x10/0x10 [ 57.220449][ C1] __hrtimer_run_queues+0x595/0xd00 [ 57.225737][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 57.231456][ C1] ? ktime_get_update_offsets_now+0x411/0x430 [ 57.237590][ C1] hrtimer_run_softirq+0x19a/0x2c0 [ 57.242685][ C1] __do_softirq+0x2bc/0x943 [ 57.247166][ C1] ? __irq_exit_rcu+0xf2/0x1c0 [ 57.251916][ C1] ? __pfx___do_softirq+0x10/0x10 [ 57.257089][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 57.262264][ C1] __irq_exit_rcu+0xf2/0x1c0 [ 57.266829][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 57.272030][ C1] irq_exit_rcu+0x9/0x30 [ 57.276629][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 57.282287][ C1] [ 57.285294][ C1] [ 57.288236][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 57.294246][ C1] RIP: 0010:acpi_safe_halt+0x21/0x30 [ 57.299728][ C1] Code: 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 40 d0 03 00 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d 95 ec 9b 00 f3 0f 1e fa fb f4 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 57.319494][ C1] RSP: 0018:ffffc90000197d08 EFLAGS: 00000246 [ 57.325571][ C1] RAX: ffff8880172b5a00 RBX: ffff88801bae3064 RCX: 0000000000011741 [ 57.333521][ C1] RDX: 0000000000000001 RSI: ffff88801bae3000 RDI: ffff88801bae3064 [ 57.341558][ C1] RBP: 000000000003a0f8 R08: ffff8880b9537d0b R09: 1ffff110172a6fa1 [ 57.349522][ C1] R10: dffffc0000000000 R11: ffffffff8b6bc600 R12: ffff88801c310000 [ 57.357492][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff8e8948a0 [ 57.365554][ C1] ? __pfx_acpi_idle_enter+0x10/0x10 [ 57.370855][ C1] acpi_idle_enter+0xe4/0x140 [ 57.375523][ C1] cpuidle_enter_state+0x118/0x490 [ 57.380618][ C1] ? __pfx_tick_nohz_idle_stop_tick+0x10/0x10 [ 57.387036][ C1] cpuidle_enter+0x5d/0xa0 [ 57.391445][ C1] do_idle+0x375/0x5d0 [ 57.395500][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 57.401847][ C1] ? __pfx_do_idle+0x10/0x10 [ 57.406434][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 57.412341][ C1] ? complete+0xb4/0x1c0 +++ exited with 0 +++ [ 57.416575