./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2215024680 <...> Warning: Permanently added '10.128.0.205' (ED25519) to the list of known hosts. execve("./syz-executor2215024680", ["./syz-executor2215024680"], 0x7ffe33e14e90 /* 10 vars */) = 0 brk(NULL) = 0x555591a8d000 brk(0x555591a8dd00) = 0x555591a8dd00 arch_prctl(ARCH_SET_FS, 0x555591a8d380) = 0 set_tid_address(0x555591a8d650) = 5064 set_robust_list(0x555591a8d660, 24) = 0 rseq(0x555591a8dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2215024680", 4096) = 28 getrandom("\xd4\x84\x05\xea\xc9\xfb\xda\x89", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555591a8dd00 brk(0x555591aaed00) = 0x555591aaed00 brk(0x555591aaf000) = 0x555591aaf000 mprotect(0x7fe753947000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555591a8d650) = 5065 ./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x555591a8d660, 24) = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] openat(AT_FDCWD, "/dev/sequencer", O_WRONLY|O_SYNC|O_LARGEFILE) = 3 [pid 5065] openat(AT_FDCWD, "/dev/dsp", O_WRONLY|O_APPEND) = 4 [pid 5065] write(4, "\xe1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294966701 [pid 5064] kill(-5065, SIGKILL) = 0 [pid 5065] <... write resumed>) = ? [pid 5064] kill(5065, SIGKILL) = 0 syzkaller login: [ 83.841696][ T5065] [ 83.844087][ T5065] ======================================================== [ 83.851276][ T5065] WARNING: possible irq lock inversion dependency detected [ 83.858476][ T5065] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 83.865155][ T5065] -------------------------------------------------------- [ 83.872347][ T5065] syz-executor221/5065 just changed the state of lock: [ 83.879228][ T5065] ffff8880293f4148 (&timer->lock){+.+.}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 83.888763][ T5065] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 83.896839][ T5065] (&group->lock#2){..-.}-{2:2} [ 83.896872][ T5065] [ 83.896872][ T5065] [ 83.896872][ T5065] and interrupts could create inverse lock ordering between them. [ 83.896872][ T5065] [ 83.916071][ T5065] [ 83.916071][ T5065] other info that might help us debug this: [ 83.924142][ T5065] Possible interrupt unsafe locking scenario: [ 83.924142][ T5065] [ 83.932481][ T5065] CPU0 CPU1 [ 83.937848][ T5065] ---- ---- [ 83.943222][ T5065] lock(&timer->lock); [ 83.947392][ T5065] local_irq_disable(); [ 83.954150][ T5065] lock(&group->lock#2); [ 83.961019][ T5065] lock(&timer->lock); [ 83.967707][ T5065] [ 83.971170][ T5065] lock(&group->lock#2); [ 83.975691][ T5065] [ 83.975691][ T5065] *** DEADLOCK *** [ 83.975691][ T5065] [ 83.983845][ T5065] 3 locks held by syz-executor221/5065: [ 83.989410][ T5065] #0: ffffffff8f2d3228 (register_mutex#4){+.+.}-{3:3}, at: odev_release+0x4e/0x80 [ 83.998762][ T5065] #1: ffff8880238f0578 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_delete+0x5b/0xf0 [ 84.008731][ T5065] #2: ffffffff8f2c1a68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 84.018248][ T5065] [ 84.018248][ T5065] the shortest dependencies between 2nd lock and 1st lock: [ 84.027652][ T5065] -> (&group->lock#2){..-.}-{2:2} { [ 84.033073][ T5065] IN-SOFTIRQ-W at: [ 84.037146][ T5065] lock_acquire+0x1e4/0x530 [ 84.043486][ T5065] _raw_spin_lock_irqsave+0xd5/0x120 [ 84.050630][ T5065] snd_pcm_period_elapsed+0x21/0x50 [ 84.057681][ T5065] dummy_hrtimer_callback+0x7f/0x180 [ 84.064815][ T5065] __hrtimer_run_queues+0x595/0xd00 [ 84.071857][ T5065] hrtimer_run_softirq+0x19a/0x2c0 [ 84.078812][ T5065] __do_softirq+0x2bc/0x943 [ 84.085148][ T5065] __irq_exit_rcu+0xf2/0x1c0 [ 84.091573][ T5065] irq_exit_rcu+0x9/0x30 [ 84.097659][ T5065] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 84.105143][ T5065] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 84.112975][ T5065] acpi_safe_halt+0x21/0x30 [ 84.119320][ T5065] acpi_idle_enter+0xe4/0x140 [ 84.125837][ T5065] cpuidle_enter_state+0x118/0x490 [ 84.132821][ T5065] cpuidle_enter+0x5d/0xa0 [ 84.139109][ T5065] do_idle+0x375/0x5d0 [ 84.145023][ T5065] cpu_startup_entry+0x42/0x60 [ 84.151630][ T5065] __pfx_ap_starting+0x0/0x10 [ 84.158152][ T5065] common_startup_64+0x13e/0x147 [ 84.164934][ T5065] INITIAL USE at: [ 84.168929][ T5065] lock_acquire+0x1e4/0x530 [ 84.175186][ T5065] _raw_spin_lock_irq+0xd3/0x120 [ 84.181901][ T5065] snd_pcm_hw_params+0x201/0x1ea0 [ 84.188686][ T5065] snd_pcm_oss_change_params_locked+0x20d5/0x3e00 [ 84.196866][ T5065] snd_pcm_oss_write+0x2d5/0x11f0 [ 84.203648][ T5065] vfs_write+0x2a4/0xcb0 [ 84.209638][ T5065] ksys_write+0x1a0/0x2c0 [ 84.215730][ T5065] do_syscall_64+0xfb/0x240 [ 84.221981][ T5065] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 84.229661][ T5065] } [ 84.232256][ T5065] ... key at: [] snd_pcm_group_init.__key+0x0/0x20 [ 84.240948][ T5065] ... acquired at: [ 84.244843][ T5065] lock_acquire+0x1e4/0x530 [ 84.249535][ T5065] _raw_spin_lock_irqsave+0xd5/0x120 [ 84.255012][ T5065] snd_timer_notify+0x103/0x3d0 [ 84.260057][ T5065] snd_pcm_start+0x3fa/0x4c0 [ 84.264837][ T5065] __snd_pcm_lib_xfer+0x18bf/0x1e30 [ 84.270222][ T5065] snd_pcm_oss_write3+0x1c4/0x350 [ 84.275438][ T5065] snd_pcm_oss_write+0xaf9/0x11f0 [ 84.280649][ T5065] vfs_write+0x2a4/0xcb0 [ 84.285081][ T5065] ksys_write+0x1a0/0x2c0 [ 84.289597][ T5065] do_syscall_64+0xfb/0x240 [ 84.294284][ T5065] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 84.300365][ T5065] [ 84.302700][ T5065] -> (&timer->lock){+.+.}-{2:2} { [ 84.307759][ T5065] HARDIRQ-ON-W at: [ 84.311749][ T5065] lock_acquire+0x1e4/0x530 [ 84.317920][ T5065] _raw_spin_lock+0x2e/0x40 [ 84.324104][ T5065] snd_timer_close_locked+0x53/0x8d0 [ 84.331067][ T5065] snd_timer_close+0xae/0x130 [ 84.337447][ T5065] snd_seq_timer_close+0xa9/0xe0 [ 84.344066][ T5065] snd_seq_queue_delete+0x8f/0xf0 [ 84.350765][ T5065] snd_seq_oss_release+0x1d3/0x310 [ 84.357547][ T5065] odev_release+0x56/0x80 [ 84.363542][ T5065] __fput+0x429/0x8a0 [ 84.369194][ T5065] task_work_run+0x24f/0x310 [ 84.375451][ T5065] do_exit+0xa1b/0x27e0 [ 84.381314][ T5065] do_group_exit+0x207/0x2c0 [ 84.387572][ T5065] get_signal+0x176e/0x1850 [ 84.393769][ T5065] arch_do_signal_or_restart+0x96/0x860 [ 84.400981][ T5065] syscall_exit_to_user_mode+0xc9/0x360 [ 84.408204][ T5065] do_syscall_64+0x10a/0x240 [ 84.414457][ T5065] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 84.422018][ T5065] SOFTIRQ-ON-W at: [ 84.426034][ T5065] lock_acquire+0x1e4/0x530 [ 84.432213][ T5065] _raw_spin_lock+0x2e/0x40 [ 84.438384][ T5065] snd_timer_close_locked+0x53/0x8d0 [ 84.445340][ T5065] snd_timer_close+0xae/0x130 [ 84.451694][ T5065] snd_seq_timer_close+0xa9/0xe0 [ 84.458301][ T5065] snd_seq_queue_delete+0x8f/0xf0 [ 84.464998][ T5065] snd_seq_oss_release+0x1d3/0x310 [ 84.471789][ T5065] odev_release+0x56/0x80 [ 84.477790][ T5065] __fput+0x429/0x8a0 [ 84.483443][ T5065] task_work_run+0x24f/0x310 [ 84.489706][ T5065] do_exit+0xa1b/0x27e0 [ 84.495538][ T5065] do_group_exit+0x207/0x2c0 [ 84.501805][ T5065] get_signal+0x176e/0x1850 [ 84.507988][ T5065] arch_do_signal_or_restart+0x96/0x860 [ 84.515210][ T5065] syscall_exit_to_user_mode+0xc9/0x360 [ 84.522429][ T5065] do_syscall_64+0x10a/0x240 [ 84.528685][ T5065] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 84.536251][ T5065] INITIAL USE at: [ 84.540154][ T5065] lock_acquire+0x1e4/0x530 [ 84.546407][ T5065] _raw_spin_lock_irqsave+0xd5/0x120 [ 84.553276][ T5065] snd_timer_notify+0x103/0x3d0 [ 84.559739][ T5065] snd_pcm_start+0x3fa/0x4c0 [ 84.565923][ T5065] __snd_pcm_lib_xfer+0x18bf/0x1e30 [ 84.572697][ T5065] snd_pcm_oss_write3+0x1c4/0x350 [ 84.579299][ T5065] snd_pcm_oss_write+0xaf9/0x11f0 [ 84.585901][ T5065] vfs_write+0x2a4/0xcb0 [ 84.591716][ T5065] ksys_write+0x1a0/0x2c0 [ 84.597621][ T5065] do_syscall_64+0xfb/0x240 [ 84.603703][ T5065] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 84.611265][ T5065] } [ 84.613768][ T5065] ... key at: [] snd_timer_new.__key+0x0/0x20 [ 84.621939][ T5065] ... acquired at: [ 84.625754][ T5065] mark_lock+0x223/0x350 [ 84.630186][ T5065] __lock_acquire+0x116e/0x1fd0 [ 84.635220][ T5065] lock_acquire+0x1e4/0x530 [ 84.639907][ T5065] _raw_spin_lock+0x2e/0x40 [ 84.644603][ T5065] snd_timer_close_locked+0x53/0x8d0 [ 84.650085][ T5065] snd_timer_close+0xae/0x130 [ 84.654961][ T5065] snd_seq_timer_close+0xa9/0xe0 [ 84.660082][ T5065] snd_seq_queue_delete+0x8f/0xf0 [ 84.665301][ T5065] snd_seq_oss_release+0x1d3/0x310 [ 84.670601][ T5065] odev_release+0x56/0x80 [ 84.675117][ T5065] __fput+0x429/0x8a0 [ 84.679288][ T5065] task_work_run+0x24f/0x310 [ 84.684085][ T5065] do_exit+0xa1b/0x27e0 [ 84.688486][ T5065] do_group_exit+0x207/0x2c0 [ 84.693271][ T5065] get_signal+0x176e/0x1850 [ 84.697967][ T5065] arch_do_signal_or_restart+0x96/0x860 [ 84.703700][ T5065] syscall_exit_to_user_mode+0xc9/0x360 [ 84.709443][ T5065] do_syscall_64+0x10a/0x240 [ 84.714215][ T5065] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 84.720298][ T5065] [ 84.722648][ T5065] [ 84.722648][ T5065] stack backtrace: [ 84.728550][ T5065] CPU: 1 PID: 5065 Comm: syz-executor221 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 84.738627][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 84.748693][ T5065] Call Trace: [ 84.751984][ T5065] [ 84.754929][ T5065] dump_stack_lvl+0x241/0x360 [ 84.759628][ T5065] ? __pfx_dump_stack_lvl+0x10/0x10 [ 84.764898][ T5065] ? print_shortest_lock_dependencies+0xf2/0x160 [ 84.771271][ T5065] ? print_irq_inversion_bug+0x329/0x3a0 [ 84.776925][ T5065] mark_lock_irq+0x867/0xc20 [ 84.781539][ T5065] ? __pfx_mark_lock_irq+0x10/0x10 [ 84.786669][ T5065] ? stack_trace_save+0x118/0x1d0 [ 84.791724][ T5065] ? __pfx_stack_trace_save+0x10/0x10 [ 84.797125][ T5065] ? save_trace+0x749/0xb40 [ 84.801652][ T5065] mark_lock+0x223/0x350 [ 84.805912][ T5065] __lock_acquire+0x116e/0x1fd0 [ 84.810794][ T5065] lock_acquire+0x1e4/0x530 [ 84.815333][ T5065] ? snd_timer_close_locked+0x53/0x8d0 [ 84.820827][ T5065] ? __pfx___mutex_trylock_common+0x10/0x10 [ 84.826745][ T5065] ? __pfx_lock_acquire+0x10/0x10 [ 84.831786][ T5065] ? rcu_is_watching+0x15/0xb0 [ 84.836562][ T5065] ? trace_contention_end+0x3c/0x100 [ 84.841874][ T5065] ? __mutex_lock+0x2ef/0xd70 [ 84.846571][ T5065] ? snd_timer_close+0xa3/0x130 [ 84.851444][ T5065] _raw_spin_lock+0x2e/0x40 [ 84.855964][ T5065] ? snd_timer_close_locked+0x53/0x8d0 [ 84.861473][ T5065] snd_timer_close_locked+0x53/0x8d0 [ 84.866812][ T5065] snd_timer_close+0xae/0x130 [ 84.871512][ T5065] ? __pfx_snd_timer_close+0x10/0x10 [ 84.876818][ T5065] ? _raw_spin_unlock_irq+0x23/0x50 [ 84.882038][ T5065] ? lockdep_hardirqs_on+0x99/0x150 [ 84.887278][ T5065] snd_seq_timer_close+0xa9/0xe0 [ 84.892242][ T5065] snd_seq_queue_delete+0x8f/0xf0 [ 84.897292][ T5065] snd_seq_oss_release+0x1d3/0x310 [ 84.902430][ T5065] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 84.908082][ T5065] ? __asan_memset+0x23/0x50 [ 84.912709][ T5065] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 84.919056][ T5065] ? evm_file_release+0x140/0x1d0 [ 84.924102][ T5065] ? __pfx_odev_release+0x10/0x10 [ 84.929146][ T5065] odev_release+0x56/0x80 [ 84.933498][ T5065] __fput+0x429/0x8a0 [ 84.937510][ T5065] task_work_run+0x24f/0x310 [ 84.942128][ T5065] ? __pfx_task_work_run+0x10/0x10 [ 84.947283][ T5065] ? switch_task_namespaces+0xe1/0x110 [ 84.952845][ T5065] do_exit+0xa1b/0x27e0 [ 84.957057][ T5065] ? __pfx_do_exit+0x10/0x10 [ 84.961690][ T5065] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 84.967092][ T5065] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 84.973086][ T5065] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 84.979423][ T5065] ? _raw_spin_lock_irq+0xdf/0x120 [ 84.984572][ T5065] do_group_exit+0x207/0x2c0 [ 84.989180][ T5065] ? _raw_spin_unlock_irq+0x23/0x50 [ 84.994397][ T5065] ? lockdep_hardirqs_on+0x99/0x150 [ 84.999622][ T5065] get_signal+0x176e/0x1850 [ 85.004159][ T5065] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 85.010503][ T5065] ? __pfx_get_signal+0x10/0x10 [ 85.015378][ T5065] arch_do_signal_or_restart+0x96/0x860 [ 85.020978][ T5065] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 85.027153][ T5065] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 85.033155][ T5065] ? syscall_exit_to_user_mode+0xa3/0x360 [ 85.038906][ T5065] syscall_exit_to_user_mode+0xc9/0x360 [ 85.044491][ T5065] do_syscall_64+0x10a/0x240 [ 85.049119][ T5065] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 85.055031][ T5065] RIP: 0033:0x7fe7538d4a39 [ 85.059466][ T5065] Code: Unable to access opcode bytes at 0x7fe7538d4a0f. [ 85.066494][ T5065] RSP: 002b:00007ffe91a97ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.074921][ T5065] RAX: 0000000000019004 RBX: 0000000000000000 RCX: 00007fe7538d4a39 [ 85.082903][ T5065] RDX: 00000000fffffdad RSI: 0000000020000040 RDI: 0000000000000004 [pid 5065] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5065, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=1 /* 0.01 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached , child_tidptr=0x555591a8d650) = 5066 [pid 5066] set_robust_list(0x555591a8d660, 24) = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [ 85.090883][ T5065] RBP: 00007fe7539475f0 R08: 0000000000000006 R09: 0000000000000006 [ 85.098863][ T5065] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 85.106842][ T5065] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 85.114831][ T5065] [pid 5066] openat(AT_FDCWD, "/dev/sequencer", O_WRONLY|O_SYNC|O_LARGEFILE) = 3 [pid 5066] openat(AT_FDCWD, "/dev/dsp", O_WRONLY|O_APPEND) = 4 [pid 5066] write(4, "\xe1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294966701 [pid 5064] kill(-5066, SIGKILL) = 0 [pid 5066] <... write resumed>) = ? [pid 5064] kill(5066, SIGKILL) = 0 [pid 5066] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5066, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555591a8d650) = 5067 ./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x555591a8d660, 24) = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] openat(AT_FDCWD, "/dev/sequencer", O_WRONLY|O_SYNC|O_LARGEFILE) = 3 [pid 5067] openat(AT_FDCWD, "/dev/dsp", O_WRONLY|O_APPEND) = 4 [ 92.952811][ T1149] cfg80211: failed to load regulatory.db