./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1599363347 <...> Warning: Permanently added '10.128.0.79' (ED25519) to the list of known hosts. execve("./syz-executor1599363347", ["./syz-executor1599363347"], 0x7ffdc8198350 /* 10 vars */) = 0 brk(NULL) = 0x555557722000 brk(0x555557722d00) = 0x555557722d00 arch_prctl(ARCH_SET_FS, 0x555557722380) = 0 set_tid_address(0x555557722650) = 5070 set_robust_list(0x555557722660, 24) = 0 rseq(0x555557722ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1599363347", 4096) = 28 getrandom("\xde\x03\x33\xc3\x9c\x8c\x01\xb9", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557722d00 brk(0x555557743d00) = 0x555557743d00 brk(0x555557744000) = 0x555557744000 mprotect(0x7f8c2205f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/dsp", O_RDONLY) = 3 readv(3, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=12}], 1) = 12 openat(AT_FDCWD, "/dev/sequencer", O_RDONLY) = 4 exit_group(0) = ? [ 77.195651][ T5070] [ 77.198006][ T5070] ======================================================== [ 77.205189][ T5070] WARNING: possible irq lock inversion dependency detected [ 77.212369][ T5070] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 77.219030][ T5070] -------------------------------------------------------- [ 77.226226][ T5070] syz-executor159/5070 just changed the state of lock: [ 77.233070][ T5070] ffff888029d21148 (&timer->lock){+.+.}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 77.242600][ T5070] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 77.250656][ T5070] (&group->lock#2){..-.}-{2:2} [ 77.250696][ T5070] [ 77.250696][ T5070] [ 77.250696][ T5070] and interrupts could create inverse lock ordering between them. [ 77.250696][ T5070] [ 77.269831][ T5070] [ 77.269831][ T5070] other info that might help us debug this: [ 77.277923][ T5070] Possible interrupt unsafe locking scenario: [ 77.277923][ T5070] [ 77.286244][ T5070] CPU0 CPU1 [ 77.291613][ T5070] ---- ---- [ 77.296997][ T5070] lock(&timer->lock); [ 77.301153][ T5070] local_irq_disable(); [ 77.307898][ T5070] lock(&group->lock#2); [ 77.314761][ T5070] lock(&timer->lock); [ 77.321434][ T5070] [ 77.324878][ T5070] lock(&group->lock#2); [ 77.329394][ T5070] [ 77.329394][ T5070] *** DEADLOCK *** [ 77.329394][ T5070] [ 77.337530][ T5070] 3 locks held by syz-executor159/5070: [ 77.343069][ T5070] #0: ffffffff8f2e5728 (register_mutex#4){+.+.}-{3:3}, at: odev_release+0x4e/0x80 [ 77.352417][ T5070] #1: ffff8880259dd178 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_delete+0x5b/0xf0 [ 77.362357][ T5070] #2: ffffffff8f2d3f68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 77.371871][ T5070] [ 77.371871][ T5070] the shortest dependencies between 2nd lock and 1st lock: [ 77.381263][ T5070] -> (&group->lock#2){..-.}-{2:2} { [ 77.386678][ T5070] IN-SOFTIRQ-W at: [ 77.390779][ T5070] lock_acquire+0x1e4/0x530 [ 77.397118][ T5070] _raw_spin_lock_irqsave+0xd5/0x120 [ 77.404268][ T5070] snd_pcm_period_elapsed+0x21/0x50 [ 77.411324][ T5070] dummy_hrtimer_callback+0x7f/0x180 [ 77.418438][ T5070] __hrtimer_run_queues+0x597/0xd00 [ 77.425468][ T5070] hrtimer_run_softirq+0x19a/0x2c0 [ 77.432455][ T5070] __do_softirq+0x2be/0x943 [ 77.438782][ T5070] __irq_exit_rcu+0xf2/0x1c0 [ 77.445199][ T5070] irq_exit_rcu+0x9/0x30 [ 77.451264][ T5070] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 77.458724][ T5070] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 77.466538][ T5070] acpi_safe_halt+0x21/0x30 [ 77.472869][ T5070] acpi_idle_enter+0xe4/0x140 [ 77.479364][ T5070] cpuidle_enter_state+0x11a/0x490 [ 77.486313][ T5070] cpuidle_enter+0x5d/0xa0 [ 77.492563][ T5070] do_idle+0x375/0x5d0 [ 77.498454][ T5070] cpu_startup_entry+0x42/0x60 [ 77.505062][ T5070] rest_init+0x2e0/0x300 [ 77.511136][ T5070] arch_call_rest_init+0xe/0x10 [ 77.517859][ T5070] start_kernel+0x47a/0x500 [ 77.524230][ T5070] x86_64_start_reservations+0x2a/0x30 [ 77.531517][ T5070] x86_64_start_kernel+0x99/0xa0 [ 77.538301][ T5070] common_startup_64+0x13e/0x147 [ 77.545087][ T5070] INITIAL USE at: [ 77.549090][ T5070] lock_acquire+0x1e4/0x530 [ 77.555329][ T5070] _raw_spin_lock_irq+0xd3/0x120 [ 77.562006][ T5070] snd_pcm_hw_params+0x201/0x1ea0 [ 77.568790][ T5070] snd_pcm_oss_change_params_locked+0x20d5/0x3e00 [ 77.576967][ T5070] snd_pcm_oss_read+0x24c/0x940 [ 77.583566][ T5070] vfs_readv+0x691/0xa50 [ 77.589551][ T5070] do_readv+0x1b1/0x350 [ 77.595444][ T5070] do_syscall_64+0xfd/0x240 [ 77.601690][ T5070] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 77.609348][ T5070] } [ 77.611926][ T5070] ... key at: [] snd_pcm_group_init.__key+0x0/0x20 [ 77.620622][ T5070] ... acquired at: [ 77.624505][ T5070] lock_acquire+0x1e4/0x530 [ 77.629180][ T5070] _raw_spin_lock_irqsave+0xd5/0x120 [ 77.634644][ T5070] snd_timer_notify+0x103/0x3d0 [ 77.639670][ T5070] snd_pcm_start+0x3fc/0x4c0 [ 77.644436][ T5070] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 77.649844][ T5070] snd_pcm_oss_read3+0x3ea/0x600 [ 77.654955][ T5070] snd_pcm_oss_read2+0x1c1/0x430 [ 77.660068][ T5070] snd_pcm_oss_read+0x45b/0x940 [ 77.665092][ T5070] vfs_readv+0x691/0xa50 [ 77.669504][ T5070] do_readv+0x1b1/0x350 [ 77.673832][ T5070] do_syscall_64+0xfd/0x240 [ 77.678503][ T5070] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 77.684602][ T5070] [ 77.686920][ T5070] -> (&timer->lock){+.+.}-{2:2} { [ 77.691973][ T5070] HARDIRQ-ON-W at: [ 77.695954][ T5070] lock_acquire+0x1e4/0x530 [ 77.702109][ T5070] _raw_spin_lock+0x2e/0x40 [ 77.708274][ T5070] snd_timer_close_locked+0x53/0x8d0 [ 77.715221][ T5070] snd_timer_close+0xae/0x130 [ 77.721558][ T5070] snd_seq_timer_close+0xa9/0xe0 [ 77.728141][ T5070] snd_seq_queue_delete+0x8f/0xf0 [ 77.734824][ T5070] snd_seq_oss_release+0x1d3/0x310 [ 77.741589][ T5070] odev_release+0x56/0x80 [ 77.747572][ T5070] __fput+0x42b/0x8a0 [ 77.753207][ T5070] task_work_run+0x251/0x310 [ 77.759451][ T5070] do_exit+0xa1b/0x27e0 [ 77.765255][ T5070] do_group_exit+0x207/0x2c0 [ 77.771654][ T5070] __x64_sys_exit_group+0x3f/0x40 [ 77.778420][ T5070] do_syscall_64+0xfd/0x240 [ 77.784569][ T5070] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 77.792116][ T5070] SOFTIRQ-ON-W at: [ 77.796092][ T5070] lock_acquire+0x1e4/0x530 [ 77.802240][ T5070] _raw_spin_lock+0x2e/0x40 [ 77.808405][ T5070] snd_timer_close_locked+0x53/0x8d0 [ 77.815354][ T5070] snd_timer_close+0xae/0x130 [ 77.821705][ T5070] snd_seq_timer_close+0xa9/0xe0 [ 77.828306][ T5070] snd_seq_queue_delete+0x8f/0xf0 [ 77.834983][ T5070] snd_seq_oss_release+0x1d3/0x310 [ 77.841740][ T5070] odev_release+0x56/0x80 [ 77.847726][ T5070] __fput+0x42b/0x8a0 [ 77.853382][ T5070] task_work_run+0x251/0x310 [ 77.859660][ T5070] do_exit+0xa1b/0x27e0 [ 77.865494][ T5070] do_group_exit+0x207/0x2c0 [ 77.871764][ T5070] __x64_sys_exit_group+0x3f/0x40 [ 77.878467][ T5070] do_syscall_64+0xfd/0x240 [ 77.884614][ T5070] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 77.892175][ T5070] INITIAL USE at: [ 77.896066][ T5070] lock_acquire+0x1e4/0x530 [ 77.902131][ T5070] _raw_spin_lock_irqsave+0xd5/0x120 [ 77.909006][ T5070] snd_timer_notify+0x103/0x3d0 [ 77.915432][ T5070] snd_pcm_start+0x3fc/0x4c0 [ 77.921585][ T5070] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 77.928353][ T5070] snd_pcm_oss_read3+0x3ea/0x600 [ 77.934858][ T5070] snd_pcm_oss_read2+0x1c1/0x430 [ 77.941368][ T5070] snd_pcm_oss_read+0x45b/0x940 [ 77.947788][ T5070] vfs_readv+0x691/0xa50 [ 77.953592][ T5070] do_readv+0x1b1/0x350 [ 77.959305][ T5070] do_syscall_64+0xfd/0x240 [ 77.965370][ T5070] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 77.972838][ T5070] } [ 77.975333][ T5070] ... key at: [] snd_timer_new.__key+0x0/0x20 [ 77.983492][ T5070] ... acquired at: [ 77.987307][ T5070] mark_lock+0x223/0x350 [ 77.991721][ T5070] __lock_acquire+0x116e/0x1fd0 [ 77.996739][ T5070] lock_acquire+0x1e4/0x530 [ 78.001416][ T5070] _raw_spin_lock+0x2e/0x40 [ 78.006098][ T5070] snd_timer_close_locked+0x53/0x8d0 [ 78.011558][ T5070] snd_timer_close+0xae/0x130 [ 78.016411][ T5070] snd_seq_timer_close+0xa9/0xe0 [ 78.021517][ T5070] snd_seq_queue_delete+0x8f/0xf0 [ 78.026717][ T5070] snd_seq_oss_release+0x1d3/0x310 [ 78.032003][ T5070] odev_release+0x56/0x80 [ 78.036505][ T5070] __fput+0x42b/0x8a0 [ 78.040656][ T5070] task_work_run+0x251/0x310 [ 78.045422][ T5070] do_exit+0xa1b/0x27e0 [ 78.049755][ T5070] do_group_exit+0x207/0x2c0 [ 78.054543][ T5070] __x64_sys_exit_group+0x3f/0x40 [ 78.059829][ T5070] do_syscall_64+0xfd/0x240 [ 78.064520][ T5070] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 78.070583][ T5070] [ 78.072900][ T5070] [ 78.072900][ T5070] stack backtrace: [ 78.078783][ T5070] CPU: 0 PID: 5070 Comm: syz-executor159 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 78.088866][ T5070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 78.098940][ T5070] Call Trace: [ 78.102221][ T5070] [ 78.105149][ T5070] dump_stack_lvl+0x241/0x360 [ 78.109861][ T5070] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.115092][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.119962][ T5070] ? print_shortest_lock_dependencies+0xf2/0x160 [ 78.126287][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.131136][ T5070] ? print_irq_inversion_bug+0x329/0x3a0 [ 78.136772][ T5070] mark_lock_irq+0x867/0xc20 [ 78.141364][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.146243][ T5070] ? __pfx_mark_lock_irq+0x10/0x10 [ 78.151356][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.156223][ T5070] ? stack_trace_save+0x118/0x1d0 [ 78.161255][ T5070] ? __pfx_stack_trace_save+0x10/0x10 [ 78.166639][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.171491][ T5070] ? save_trace+0x749/0xb40 [ 78.175998][ T5070] mark_lock+0x223/0x350 [ 78.180244][ T5070] __lock_acquire+0x116e/0x1fd0 [ 78.185103][ T5070] lock_acquire+0x1e4/0x530 [ 78.189628][ T5070] ? snd_timer_close_locked+0x53/0x8d0 [ 78.195124][ T5070] ? __pfx___mutex_trylock_common+0x10/0x10 [ 78.201025][ T5070] ? __pfx_lock_acquire+0x10/0x10 [ 78.206042][ T5070] ? rcu_is_watching+0x15/0xb0 [ 78.210798][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.215648][ T5070] ? trace_contention_end+0x3c/0x100 [ 78.220932][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.225785][ T5070] ? __mutex_lock+0x2ef/0xd70 [ 78.230490][ T5070] ? snd_timer_close+0xa3/0x130 [ 78.235368][ T5070] _raw_spin_lock+0x2e/0x40 [ 78.239905][ T5070] ? snd_timer_close_locked+0x53/0x8d0 [ 78.245399][ T5070] snd_timer_close_locked+0x53/0x8d0 [ 78.250701][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.255559][ T5070] snd_timer_close+0xae/0x130 [ 78.260243][ T5070] ? __pfx_snd_timer_close+0x10/0x10 [ 78.265537][ T5070] ? _raw_spin_unlock_irq+0x23/0x50 [ 78.270740][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.275589][ T5070] ? lockdep_hardirqs_on+0x99/0x150 [ 78.280797][ T5070] snd_seq_timer_close+0xa9/0xe0 [ 78.285754][ T5070] snd_seq_queue_delete+0x8f/0xf0 [ 78.290784][ T5070] snd_seq_oss_release+0x1d3/0x310 [ 78.295897][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.300766][ T5070] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 78.306400][ T5070] ? __asan_memset+0x23/0x50 [ 78.311091][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.315938][ T5070] ? evm_file_release+0x140/0x1d0 [ 78.320977][ T5070] ? __pfx_odev_release+0x10/0x10 [ 78.326018][ T5070] odev_release+0x56/0x80 [ 78.330348][ T5070] __fput+0x42b/0x8a0 [ 78.334358][ T5070] task_work_run+0x251/0x310 [ 78.338952][ T5070] ? __pfx_task_work_run+0x10/0x10 [ 78.344070][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.348919][ T5070] ? switch_task_namespaces+0xe1/0x110 [ 78.354379][ T5070] do_exit+0xa1b/0x27e0 [ 78.358557][ T5070] ? __pfx_do_exit+0x10/0x10 [ 78.363158][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.368018][ T5070] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 78.374014][ T5070] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 78.380348][ T5070] ? _raw_spin_unlock_irq+0x23/0x50 [ 78.385558][ T5070] ? srso_return_thunk+0x5/0x5f [ 78.390408][ T5070] ? lockdep_hardirqs_on+0x99/0x150 [ 78.395624][ T5070] do_group_exit+0x207/0x2c0 [ 78.400236][ T5070] __x64_sys_exit_group+0x3f/0x40 [ 78.405421][ T5070] do_syscall_64+0xfd/0x240 [ 78.409946][ T5070] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 78.415841][ T5070] RIP: 0033:0x7f8c21feac79 [ 78.420292][ T5070] Code: Unable to access opcode bytes at 0x7f8c21feac4f. [ 78.427306][ T5070] RSP: 002b:00007fff8b99dfb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 78.435729][ T5070] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8c21feac79 [ 78.443707][ T5070] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 +++ exited with 0 +++