./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor978049848 <...> Warning: Permanently added '10.128.1.79' (ED25519) to the list of known hosts. execve("./syz-executor978049848", ["./syz-executor978049848"], 0x7ffc3d4376e0 /* 10 vars */) = 0 brk(NULL) = 0x5555577b0000 brk(0x5555577b0d00) = 0x5555577b0d00 arch_prctl(ARCH_SET_FS, 0x5555577b0380) = 0 set_tid_address(0x5555577b0650) = 5057 set_robust_list(0x5555577b0660, 24) = 0 rseq(0x5555577b0ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor978049848", 4096) = 27 getrandom("\xc0\x69\x07\xf7\x8b\x60\xa1\x37", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555577b0d00 brk(0x5555577d1d00) = 0x5555577d1d00 brk(0x5555577d2000) = 0x5555577d2000 mprotect(0x7f4840432000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/sequencer", O_RDONLY) = 3 openat(AT_FDCWD, "/dev/dsp", O_RDONLY) = 4 read(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 190) = 190 exit_group(0) = ? [ 62.037735][ T5057] [ 62.040119][ T5057] ======================================================== [ 62.047382][ T5057] WARNING: possible irq lock inversion dependency detected [ 62.054578][ T5057] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 62.061255][ T5057] -------------------------------------------------------- [ 62.068730][ T5057] syz-executor978/5057 just changed the state of lock: [ 62.075780][ T5057] ffff8880299f5148 (&timer->lock){+.+.}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 62.085451][ T5057] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 62.093593][ T5057] (&group->lock#2){..-.}-{2:2} [ 62.093614][ T5057] [ 62.093614][ T5057] [ 62.093614][ T5057] and interrupts could create inverse lock ordering between them. [ 62.093614][ T5057] [ 62.113120][ T5057] [ 62.113120][ T5057] other info that might help us debug this: [ 62.121461][ T5057] Possible interrupt unsafe locking scenario: [ 62.121461][ T5057] [ 62.129888][ T5057] CPU0 CPU1 [ 62.135252][ T5057] ---- ---- [ 62.140705][ T5057] lock(&timer->lock); [ 62.145198][ T5057] local_irq_disable(); [ 62.152021][ T5057] lock(&group->lock#2); [ 62.159151][ T5057] lock(&timer->lock); [ 62.165948][ T5057] [ 62.169570][ T5057] lock(&group->lock#2); [ 62.174083][ T5057] [ 62.174083][ T5057] *** DEADLOCK *** [ 62.174083][ T5057] [ 62.182358][ T5057] 3 locks held by syz-executor978/5057: [ 62.188000][ T5057] #0: ffffffff8f2d3228 (register_mutex#4){+.+.}-{3:3}, at: odev_release+0x4e/0x80 [ 62.197328][ T5057] #1: ffff888017b6d178 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_delete+0x5b/0xf0 [ 62.207429][ T5057] #2: ffffffff8f2c1a68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 62.217081][ T5057] [ 62.217081][ T5057] the shortest dependencies between 2nd lock and 1st lock: [ 62.226466][ T5057] -> (&group->lock#2){..-.}-{2:2} { [ 62.231762][ T5057] IN-SOFTIRQ-W at: [ 62.235893][ T5057] lock_acquire+0x1e4/0x530 [ 62.242393][ T5057] _raw_spin_lock_irqsave+0xd5/0x120 [ 62.249514][ T5057] snd_pcm_period_elapsed+0x21/0x50 [ 62.257092][ T5057] dummy_hrtimer_callback+0x7f/0x180 [ 62.264203][ T5057] __hrtimer_run_queues+0x595/0xd00 [ 62.271282][ T5057] hrtimer_run_softirq+0x19a/0x2c0 [ 62.278297][ T5057] __do_softirq+0x2bc/0x943 [ 62.284623][ T5057] __irq_exit_rcu+0xf2/0x1c0 [ 62.291115][ T5057] irq_exit_rcu+0x9/0x30 [ 62.297335][ T5057] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 62.304796][ T5057] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 62.312791][ T5057] acpi_safe_halt+0x21/0x30 [ 62.319131][ T5057] acpi_idle_enter+0xe4/0x140 [ 62.325640][ T5057] cpuidle_enter_state+0x118/0x490 [ 62.332946][ T5057] cpuidle_enter+0x5d/0xa0 [ 62.340181][ T5057] do_idle+0x375/0x5d0 [ 62.346436][ T5057] cpu_startup_entry+0x42/0x60 [ 62.353128][ T5057] __pfx_ap_starting+0x0/0x10 [ 62.359707][ T5057] common_startup_64+0x13e/0x147 [ 62.366690][ T5057] INITIAL USE at: [ 62.370745][ T5057] lock_acquire+0x1e4/0x530 [ 62.376976][ T5057] _raw_spin_lock_irq+0xd3/0x120 [ 62.383639][ T5057] snd_pcm_hw_params+0x201/0x1ea0 [ 62.390403][ T5057] snd_pcm_oss_change_params_locked+0x20d5/0x3e00 [ 62.398567][ T5057] snd_pcm_oss_read+0x24c/0x940 [ 62.405242][ T5057] vfs_read+0x204/0xb70 [ 62.411121][ T5057] ksys_read+0x1a0/0x2c0 [ 62.417169][ T5057] do_syscall_64+0xfb/0x240 [ 62.423574][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.431363][ T5057] } [ 62.433930][ T5057] ... key at: [] snd_pcm_group_init.__key+0x0/0x20 [ 62.442675][ T5057] ... acquired at: [ 62.446544][ T5057] lock_acquire+0x1e4/0x530 [ 62.451215][ T5057] _raw_spin_lock_irqsave+0xd5/0x120 [ 62.456673][ T5057] snd_timer_notify+0x103/0x3d0 [ 62.461692][ T5057] snd_pcm_start+0x3fa/0x4c0 [ 62.466522][ T5057] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 62.471893][ T5057] snd_pcm_oss_read3+0x3ea/0x600 [ 62.476983][ T5057] snd_pcm_oss_read2+0x1c1/0x430 [ 62.482075][ T5057] snd_pcm_oss_read+0x45b/0x940 [ 62.487079][ T5057] vfs_read+0x204/0xb70 [ 62.491562][ T5057] ksys_read+0x1a0/0x2c0 [ 62.496044][ T5057] do_syscall_64+0xfb/0x240 [ 62.500722][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.506795][ T5057] [ 62.509106][ T5057] -> (&timer->lock){+.+.}-{2:2} { [ 62.514127][ T5057] HARDIRQ-ON-W at: [ 62.518108][ T5057] lock_acquire+0x1e4/0x530 [ 62.524270][ T5057] _raw_spin_lock+0x2e/0x40 [ 62.530435][ T5057] snd_timer_close_locked+0x53/0x8d0 [ 62.537551][ T5057] snd_timer_close+0xae/0x130 [ 62.543975][ T5057] snd_seq_timer_close+0xa9/0xe0 [ 62.550574][ T5057] snd_seq_queue_delete+0x8f/0xf0 [ 62.557704][ T5057] snd_seq_oss_release+0x1d3/0x310 [ 62.564477][ T5057] odev_release+0x56/0x80 [ 62.570451][ T5057] __fput+0x429/0x8a0 [ 62.576085][ T5057] task_work_run+0x24f/0x310 [ 62.582320][ T5057] do_exit+0xa1b/0x27e0 [ 62.588109][ T5057] do_group_exit+0x207/0x2c0 [ 62.594329][ T5057] __x64_sys_exit_group+0x3f/0x40 [ 62.601591][ T5057] do_syscall_64+0xfb/0x240 [ 62.607732][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.615466][ T5057] SOFTIRQ-ON-W at: [ 62.619517][ T5057] lock_acquire+0x1e4/0x530 [ 62.625675][ T5057] _raw_spin_lock+0x2e/0x40 [ 62.631898][ T5057] snd_timer_close_locked+0x53/0x8d0 [ 62.639034][ T5057] snd_timer_close+0xae/0x130 [ 62.645377][ T5057] snd_seq_timer_close+0xa9/0xe0 [ 62.651987][ T5057] snd_seq_queue_delete+0x8f/0xf0 [ 62.658842][ T5057] snd_seq_oss_release+0x1d3/0x310 [ 62.665773][ T5057] odev_release+0x56/0x80 [ 62.671944][ T5057] __fput+0x429/0x8a0 [ 62.677839][ T5057] task_work_run+0x24f/0x310 [ 62.684252][ T5057] do_exit+0xa1b/0x27e0 [ 62.690052][ T5057] do_group_exit+0x207/0x2c0 [ 62.696449][ T5057] __x64_sys_exit_group+0x3f/0x40 [ 62.703108][ T5057] do_syscall_64+0xfb/0x240 [ 62.709355][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.716980][ T5057] INITIAL USE at: [ 62.720869][ T5057] lock_acquire+0x1e4/0x530 [ 62.727351][ T5057] _raw_spin_lock_irqsave+0xd5/0x120 [ 62.734214][ T5057] snd_timer_notify+0x103/0x3d0 [ 62.741395][ T5057] snd_pcm_start+0x3fa/0x4c0 [ 62.747629][ T5057] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 62.754473][ T5057] snd_pcm_oss_read3+0x3ea/0x600 [ 62.761093][ T5057] snd_pcm_oss_read2+0x1c1/0x430 [ 62.767774][ T5057] snd_pcm_oss_read+0x45b/0x940 [ 62.774381][ T5057] vfs_read+0x204/0xb70 [ 62.780202][ T5057] ksys_read+0x1a0/0x2c0 [ 62.785997][ T5057] do_syscall_64+0xfb/0x240 [ 62.792233][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.799791][ T5057] } [ 62.802284][ T5057] ... key at: [] snd_timer_new.__key+0x0/0x20 [ 62.810744][ T5057] ... acquired at: [ 62.814647][ T5057] mark_lock+0x223/0x350 [ 62.819250][ T5057] __lock_acquire+0x116e/0x1fd0 [ 62.824735][ T5057] lock_acquire+0x1e4/0x530 [ 62.829951][ T5057] _raw_spin_lock+0x2e/0x40 [ 62.834905][ T5057] snd_timer_close_locked+0x53/0x8d0 [ 62.840554][ T5057] snd_timer_close+0xae/0x130 [ 62.845751][ T5057] snd_seq_timer_close+0xa9/0xe0 [ 62.851309][ T5057] snd_seq_queue_delete+0x8f/0xf0 [ 62.856799][ T5057] snd_seq_oss_release+0x1d3/0x310 [ 62.862272][ T5057] odev_release+0x56/0x80 [ 62.866848][ T5057] __fput+0x429/0x8a0 [ 62.871194][ T5057] task_work_run+0x24f/0x310 [ 62.875975][ T5057] do_exit+0xa1b/0x27e0 [ 62.880461][ T5057] do_group_exit+0x207/0x2c0 [ 62.885275][ T5057] __x64_sys_exit_group+0x3f/0x40 [ 62.890611][ T5057] do_syscall_64+0xfb/0x240 [ 62.895377][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.901536][ T5057] [ 62.903871][ T5057] [ 62.903871][ T5057] stack backtrace: [ 62.909742][ T5057] CPU: 1 PID: 5057 Comm: syz-executor978 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 62.919983][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 62.930042][ T5057] Call Trace: [ 62.933327][ T5057] [ 62.936268][ T5057] dump_stack_lvl+0x241/0x360 [ 62.941087][ T5057] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.946280][ T5057] ? print_shortest_lock_dependencies+0xf2/0x160 [ 62.952597][ T5057] ? print_irq_inversion_bug+0x329/0x3a0 [ 62.958304][ T5057] mark_lock_irq+0x867/0xc20 [ 62.963138][ T5057] ? __pfx_mark_lock_irq+0x10/0x10 [ 62.968320][ T5057] ? stack_trace_save+0x118/0x1d0 [ 62.973820][ T5057] ? __pfx_stack_trace_save+0x10/0x10 [ 62.979312][ T5057] ? save_trace+0x749/0xb40 [ 62.983832][ T5057] mark_lock+0x223/0x350 [ 62.988240][ T5057] __lock_acquire+0x116e/0x1fd0 [ 62.993091][ T5057] lock_acquire+0x1e4/0x530 [ 62.997615][ T5057] ? snd_timer_close_locked+0x53/0x8d0 [ 63.003160][ T5057] ? __pfx___mutex_trylock_common+0x10/0x10 [ 63.009129][ T5057] ? __pfx_lock_acquire+0x10/0x10 [ 63.014132][ T5057] ? rcu_is_watching+0x15/0xb0 [ 63.019062][ T5057] ? trace_contention_end+0x3c/0x100 [ 63.024330][ T5057] ? __mutex_lock+0x2ef/0xd70 [ 63.028988][ T5057] ? snd_timer_close+0xa3/0x130 [ 63.033820][ T5057] _raw_spin_lock+0x2e/0x40 [ 63.038305][ T5057] ? snd_timer_close_locked+0x53/0x8d0 [ 63.043765][ T5057] snd_timer_close_locked+0x53/0x8d0 [ 63.049132][ T5057] snd_timer_close+0xae/0x130 [ 63.053790][ T5057] ? __pfx_snd_timer_close+0x10/0x10 [ 63.059238][ T5057] ? _raw_spin_unlock_irq+0x23/0x50 [ 63.064436][ T5057] ? lockdep_hardirqs_on+0x99/0x150 [ 63.069815][ T5057] snd_seq_timer_close+0xa9/0xe0 [ 63.074753][ T5057] snd_seq_queue_delete+0x8f/0xf0 [ 63.079786][ T5057] snd_seq_oss_release+0x1d3/0x310 [ 63.085229][ T5057] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 63.091217][ T5057] ? __asan_memset+0x23/0x50 [ 63.096390][ T5057] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 63.102712][ T5057] ? evm_file_release+0x140/0x1d0 [ 63.107742][ T5057] ? __pfx_odev_release+0x10/0x10 [ 63.112751][ T5057] odev_release+0x56/0x80 [ 63.117115][ T5057] __fput+0x429/0x8a0 [ 63.121107][ T5057] task_work_run+0x24f/0x310 [ 63.125777][ T5057] ? __pfx_task_work_run+0x10/0x10 [ 63.130920][ T5057] ? switch_task_namespaces+0xe1/0x110 [ 63.136396][ T5057] do_exit+0xa1b/0x27e0 [ 63.140553][ T5057] ? __pfx_do_exit+0x10/0x10 [ 63.145151][ T5057] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 63.151316][ T5057] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 63.157818][ T5057] ? _raw_spin_unlock_irq+0x23/0x50 [ 63.163069][ T5057] ? lockdep_hardirqs_on+0x99/0x150 [ 63.168287][ T5057] do_group_exit+0x207/0x2c0 [ 63.173077][ T5057] __x64_sys_exit_group+0x3f/0x40 [ 63.178532][ T5057] do_syscall_64+0xfb/0x240 [ 63.183149][ T5057] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 63.189155][ T5057] RIP: 0033:0x7f48403bdc79 [ 63.193564][ T5057] Code: Unable to access opcode bytes at 0x7f48403bdc4f. [ 63.200571][ T5057] RSP: 002b:00007ffef0b9db38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 63.209055][ T5057] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f48403bdc79 [ 63.217104][ T5057] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 63.225066][ T5057] RBP: 00007f4840438270 R08: ffffffffffffffb8 R09: 00007ffef0b9dd58 [ 63.233020][ T5057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4840438270 +++ exited with 0 +++ [ 63.240989][ T5057] R13: 000000