./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor389445513 <...> Warning: Permanently added '10.128.10.29' (ED25519) to the list of known hosts. execve("./syz-executor389445513", ["./syz-executor389445513"], 0x7ffc43ee3780 /* 10 vars */) = 0 brk(NULL) = 0x555573ad4000 brk(0x555573ad4d00) = 0x555573ad4d00 arch_prctl(ARCH_SET_FS, 0x555573ad4380) = 0 set_tid_address(0x555573ad4650) = 5056 set_robust_list(0x555573ad4660, 24) = 0 rseq(0x555573ad4ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor389445513", 4096) = 27 getrandom("\x6d\x65\x0d\xbf\xec\xf3\x7f\xb7", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555573ad4d00 brk(0x555573af5d00) = 0x555573af5d00 brk(0x555573af6000) = 0x555573af6000 mprotect(0x7f995fb56000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/sequencer", O_RDWR|O_EXCL|O_NONBLOCK) = 3 write(3, "\x00\x93\x00\x00\x00\x00\x00\x77\x05\xff\x00\x00\x00\x00\x00\x00\x00", 17) = 16 exit_group(0) = ? [ 53.884259][ T5056] [ 53.886601][ T5056] ================================ [ 53.891681][ T5056] WARNING: inconsistent lock state [ 53.896763][ T5056] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 53.903410][ T5056] -------------------------------- [ 53.908491][ T5056] inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. [ 53.915317][ T5056] syz-executor389/5056 [HC0[0]:SC0[0]:HE1:SE1] takes: [ 53.922052][ T5056] ffff888029ba8148 (&timer->lock){?...}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 53.931536][ T5056] {IN-HARDIRQ-W} state was registered at: [ 53.937226][ T5056] lock_acquire+0x1e4/0x530 [ 53.941795][ T5056] _raw_spin_lock+0x2e/0x40 [ 53.946369][ T5056] snd_hrtimer_callback+0x54/0x370 [ 53.951546][ T5056] __hrtimer_run_queues+0x595/0xd00 [ 53.956812][ T5056] hrtimer_interrupt+0x396/0x990 [ 53.961822][ T5056] __sysvec_apic_timer_interrupt+0x107/0x3a0 [ 53.967878][ T5056] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 53.973586][ T5056] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.979638][ T5056] acpi_safe_halt+0x21/0x30 [ 53.984212][ T5056] acpi_idle_enter+0xe4/0x140 [ 53.988961][ T5056] cpuidle_enter_state+0x118/0x490 [ 53.994147][ T5056] cpuidle_enter+0x5d/0xa0 [ 53.998630][ T5056] do_idle+0x375/0x5d0 [ 54.002768][ T5056] cpu_startup_entry+0x42/0x60 [ 54.007600][ T5056] rest_init+0x2e0/0x300 [ 54.011911][ T5056] arch_call_rest_init+0xe/0x10 [ 54.016832][ T5056] start_kernel+0x47a/0x500 [ 54.021408][ T5056] x86_64_start_reservations+0x2a/0x30 [ 54.026934][ T5056] x86_64_start_kernel+0x99/0xa0 [ 54.031944][ T5056] common_startup_64+0x13e/0x147 [ 54.036953][ T5056] irq event stamp: 4713 [ 54.041084][ T5056] hardirqs last enabled at (4713): [] _raw_spin_unlock_irq+0x23/0x50 [ 54.050789][ T5056] hardirqs last disabled at (4712): [] _raw_spin_lock_irq+0xad/0x120 [ 54.060405][ T5056] softirqs last enabled at (3692): [] __irq_exit_rcu+0xf2/0x1c0 [ 54.069667][ T5056] softirqs last disabled at (3683): [] __irq_exit_rcu+0xf2/0x1c0 [ 54.078932][ T5056] [ 54.078932][ T5056] other info that might help us debug this: [ 54.086973][ T5056] Possible unsafe locking scenario: [ 54.086973][ T5056] [ 54.094404][ T5056] CPU0 [ 54.097664][ T5056] ---- [ 54.100922][ T5056] lock(&timer->lock); [ 54.105065][ T5056] [ 54.108500][ T5056] lock(&timer->lock); [ 54.112814][ T5056] [ 54.112814][ T5056] *** DEADLOCK *** [ 54.112814][ T5056] [ 54.120936][ T5056] 3 locks held by syz-executor389/5056: [ 54.126465][ T5056] #0: ffffffff8f2d3228 (register_mutex#4){+.+.}-{3:3}, at: odev_release+0x4e/0x80 [ 54.135764][ T5056] #1: ffff888021a18178 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_delete+0x5b/0xf0 [ 54.145665][ T5056] #2: ffffffff8f2c1a68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 54.155133][ T5056] [ 54.155133][ T5056] stack backtrace: [ 54.161003][ T5056] CPU: 0 PID: 5056 Comm: syz-executor389 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 54.171047][ T5056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 54.181085][ T5056] Call Trace: [ 54.184351][ T5056] [ 54.187267][ T5056] dump_stack_lvl+0x241/0x360 [ 54.191931][ T5056] ? __pfx_dump_stack_lvl+0x10/0x10 [ 54.197118][ T5056] ? print_usage_bug+0x61a/0x8a0 [ 54.202041][ T5056] ? is_bpf_text_address+0x28d/0x2b0 [ 54.207316][ T5056] valid_state+0x13a/0x1c0 [ 54.211718][ T5056] mark_lock_irq+0xbb/0xc20 [ 54.216207][ T5056] ? arch_stack_walk+0x16d/0x1b0 [ 54.221129][ T5056] ? __pfx_mark_lock_irq+0x10/0x10 [ 54.226228][ T5056] ? stack_trace_save+0x118/0x1d0 [ 54.231239][ T5056] ? __pfx_stack_trace_save+0x10/0x10 [ 54.236601][ T5056] ? lockdep_lock+0x123/0x2b0 [ 54.241267][ T5056] ? save_trace+0x5a/0xb40 [ 54.245667][ T5056] ? __lock_acquire+0x1346/0x1fd0 [ 54.250674][ T5056] mark_lock+0x223/0x350 [ 54.254903][ T5056] __lock_acquire+0x112d/0x1fd0 [ 54.259743][ T5056] lock_acquire+0x1e4/0x530 [ 54.264230][ T5056] ? snd_timer_close_locked+0x53/0x8d0 [ 54.269674][ T5056] ? __pfx___mutex_trylock_common+0x10/0x10 [ 54.275557][ T5056] ? __pfx_lock_acquire+0x10/0x10 [ 54.280561][ T5056] ? rcu_is_watching+0x15/0xb0 [ 54.285307][ T5056] ? trace_contention_end+0x3c/0x100 [ 54.290579][ T5056] ? __mutex_lock+0x2ef/0xd70 [ 54.295242][ T5056] ? snd_timer_close+0xa3/0x130 [ 54.300079][ T5056] _raw_spin_lock+0x2e/0x40 [ 54.304570][ T5056] ? snd_timer_close_locked+0x53/0x8d0 [ 54.310014][ T5056] snd_timer_close_locked+0x53/0x8d0 [ 54.315290][ T5056] snd_timer_close+0xae/0x130 [ 54.319958][ T5056] ? __pfx_snd_timer_close+0x10/0x10 [ 54.325230][ T5056] ? _raw_spin_unlock_irq+0x23/0x50 [ 54.330416][ T5056] ? lockdep_hardirqs_on+0x99/0x150 [ 54.335602][ T5056] snd_seq_timer_close+0xa9/0xe0 [ 54.340522][ T5056] snd_seq_queue_delete+0x8f/0xf0 [ 54.345535][ T5056] snd_seq_oss_release+0x1d3/0x310 [ 54.350635][ T5056] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 54.356252][ T5056] ? __asan_memset+0x23/0x50 [ 54.360834][ T5056] ? evm_file_release+0x140/0x1d0 [ 54.365845][ T5056] ? __pfx_odev_release+0x10/0x10 [ 54.370856][ T5056] odev_release+0x56/0x80 [ 54.375170][ T5056] __fput+0x429/0x8a0 [ 54.379142][ T5056] task_work_run+0x24f/0x310 [ 54.383722][ T5056] ? __pfx_task_work_run+0x10/0x10 [ 54.388823][ T5056] ? switch_task_namespaces+0xe1/0x110 [ 54.394263][ T5056] do_exit+0xa1b/0x27e0 [ 54.398409][ T5056] ? __pfx_do_exit+0x10/0x10 [ 54.402987][ T5056] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 54.408954][ T5056] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 54.415265][ T5056] ? _raw_spin_unlock_irq+0x23/0x50 [ 54.420452][ T5056] ? lockdep_hardirqs_on+0x99/0x150 [ 54.425636][ T5056] do_group_exit+0x207/0x2c0 [ 54.430212][ T5056] __x64_sys_exit_group+0x3f/0x40 [ 54.435222][ T5056] do_syscall_64+0xfb/0x240 [ 54.439709][ T5056] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 54.445587][ T5056] RIP: 0033:0x7f995fae1cb9 [ 54.449985][ T5056] Code: Unable to access opcode bytes at 0x7f995fae1c8f. [ 54.456984][ T5056] RSP: 002b:00007ffcb20c2cd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 54.465384][ T5056] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f995fae1cb9 [ 54.473339][ T5056] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 +++ exited with 0 +++ [ 54.481297][ T5056] RBP: 00007f995fb5c270 R08: ffffffffffffff