./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3604147965 <...> Warning: Permanently added '10.128.1.72' (ED25519) to the list of known hosts. execve("./syz-executor3604147965", ["./syz-executor3604147965"], 0x7ffda699b0d0 /* 10 vars */) = 0 brk(NULL) = 0x555559099000 brk(0x555559099d00) = 0x555559099d00 arch_prctl(ARCH_SET_FS, 0x555559099380) = 0 set_tid_address(0x555559099650) = 5056 set_robust_list(0x555559099660, 24) = 0 rseq(0x555559099ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3604147965", 4096) = 28 getrandom("\x44\x34\x38\x6a\xd3\xe0\x32\xea", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555559099d00 brk(0x5555590bad00) = 0x5555590bad00 brk(0x5555590bb000) = 0x5555590bb000 mprotect(0x7f7a21c5e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/dsp", O_RDONLY) = 3 read(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4128) = 4128 openat(AT_FDCWD, "/dev/sequencer2", O_RDONLY) = 4 exit_group(0) = ? [ 61.261609][ T5056] [ 61.264034][ T5056] ======================================================== [ 61.271284][ T5056] WARNING: possible irq lock inversion dependency detected [ 61.278588][ T5056] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 61.285296][ T5056] -------------------------------------------------------- [ 61.292559][ T5056] syz-executor360/5056 just changed the state of lock: [ 61.299560][ T5056] ffff88802473f148 (&timer->lock){+.+.}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 61.309054][ T5056] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 61.317122][ T5056] (&group->lock#2){..-.}-{2:2} [ 61.317147][ T5056] [ 61.317147][ T5056] [ 61.317147][ T5056] and interrupts could create inverse lock ordering between them. [ 61.317147][ T5056] [ 61.336871][ T5056] [ 61.336871][ T5056] other info that might help us debug this: [ 61.344996][ T5056] Possible interrupt unsafe locking scenario: [ 61.344996][ T5056] [ 61.353471][ T5056] CPU0 CPU1 [ 61.359213][ T5056] ---- ---- [ 61.364666][ T5056] lock(&timer->lock); [ 61.369005][ T5056] local_irq_disable(); [ 61.375836][ T5056] lock(&group->lock#2); [ 61.382680][ T5056] lock(&timer->lock); [ 61.389353][ T5056] [ 61.392786][ T5056] lock(&group->lock#2); [ 61.397289][ T5056] [ 61.397289][ T5056] *** DEADLOCK *** [ 61.397289][ T5056] [ 61.405412][ T5056] 3 locks held by syz-executor360/5056: [ 61.410940][ T5056] #0: ffffffff8f2d3228 (register_mutex#4){+.+.}-{3:3}, at: odev_release+0x4e/0x80 [ 61.420243][ T5056] #1: ffff888022c29d78 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_delete+0x5b/0xf0 [ 61.430141][ T5056] #2: ffffffff8f2c1a68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 61.439695][ T5056] [ 61.439695][ T5056] the shortest dependencies between 2nd lock and 1st lock: [ 61.449162][ T5056] -> (&group->lock#2){..-.}-{2:2} { [ 61.454750][ T5056] IN-SOFTIRQ-W at: [ 61.458820][ T5056] lock_acquire+0x1e4/0x530 [ 61.465236][ T5056] _raw_spin_lock_irqsave+0xd5/0x120 [ 61.472450][ T5056] snd_pcm_period_elapsed+0x21/0x50 [ 61.479633][ T5056] dummy_hrtimer_callback+0x7f/0x180 [ 61.486728][ T5056] __hrtimer_run_queues+0x595/0xd00 [ 61.493758][ T5056] hrtimer_run_softirq+0x19a/0x2c0 [ 61.500867][ T5056] __do_softirq+0x2bc/0x943 [ 61.507215][ T5056] __irq_exit_rcu+0xf2/0x1c0 [ 61.513712][ T5056] irq_exit_rcu+0x9/0x30 [ 61.519758][ T5056] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 61.527373][ T5056] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 61.537264][ T5056] acpi_safe_halt+0x21/0x30 [ 61.543691][ T5056] acpi_idle_enter+0xe4/0x140 [ 61.550180][ T5056] cpuidle_enter_state+0x118/0x490 [ 61.557098][ T5056] cpuidle_enter+0x5d/0xa0 [ 61.563320][ T5056] do_idle+0x375/0x5d0 [ 61.569226][ T5056] cpu_startup_entry+0x42/0x60 [ 61.575919][ T5056] __pfx_ap_starting+0x0/0x10 [ 61.582433][ T5056] common_startup_64+0x13e/0x147 [ 61.589469][ T5056] INITIAL USE at: [ 61.593463][ T5056] lock_acquire+0x1e4/0x530 [ 61.599693][ T5056] _raw_spin_lock_irq+0xd3/0x120 [ 61.606368][ T5056] snd_pcm_hw_params+0x201/0x1ea0 [ 61.613116][ T5056] snd_pcm_oss_change_params_locked+0x20d5/0x3e00 [ 61.621250][ T5056] snd_pcm_oss_read+0x24c/0x940 [ 61.628001][ T5056] vfs_read+0x204/0xb70 [ 61.633964][ T5056] ksys_read+0x1a0/0x2c0 [ 61.640449][ T5056] do_syscall_64+0xfb/0x240 [ 61.646673][ T5056] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 61.654287][ T5056] } [ 61.657028][ T5056] ... key at: [] snd_pcm_group_init.__key+0x0/0x20 [ 61.665700][ T5056] ... acquired at: [ 61.669674][ T5056] lock_acquire+0x1e4/0x530 [ 61.674332][ T5056] _raw_spin_lock_irqsave+0xd5/0x120 [ 61.679786][ T5056] snd_timer_notify+0x103/0x3d0 [ 61.684798][ T5056] snd_pcm_start+0x3fa/0x4c0 [ 61.689559][ T5056] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 61.694922][ T5056] snd_pcm_oss_read3+0x3ea/0x600 [ 61.700029][ T5056] snd_pcm_oss_read2+0x1c1/0x430 [ 61.705121][ T5056] snd_pcm_oss_read+0x6b7/0x940 [ 61.710145][ T5056] vfs_read+0x204/0xb70 [ 61.714454][ T5056] ksys_read+0x1a0/0x2c0 [ 61.718847][ T5056] do_syscall_64+0xfb/0x240 [ 61.723503][ T5056] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 61.729567][ T5056] [ 61.731967][ T5056] -> (&timer->lock){+.+.}-{2:2} { [ 61.737167][ T5056] HARDIRQ-ON-W at: [ 61.741150][ T5056] lock_acquire+0x1e4/0x530 [ 61.747407][ T5056] _raw_spin_lock+0x2e/0x40 [ 61.753592][ T5056] snd_timer_close_locked+0x53/0x8d0 [ 61.760558][ T5056] snd_timer_close+0xae/0x130 [ 61.766967][ T5056] snd_seq_timer_close+0xa9/0xe0 [ 61.773553][ T5056] snd_seq_queue_delete+0x8f/0xf0 [ 61.780476][ T5056] snd_seq_oss_release+0x1d3/0x310 [ 61.787234][ T5056] odev_release+0x56/0x80 [ 61.793199][ T5056] __fput+0x429/0x8a0 [ 61.798926][ T5056] task_work_run+0x24f/0x310 [ 61.805154][ T5056] do_exit+0xa1b/0x27e0 [ 61.810963][ T5056] do_group_exit+0x207/0x2c0 [ 61.817197][ T5056] __x64_sys_exit_group+0x3f/0x40 [ 61.823861][ T5056] do_syscall_64+0xfb/0x240 [ 61.829996][ T5056] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 61.837521][ T5056] SOFTIRQ-ON-W at: [ 61.841484][ T5056] lock_acquire+0x1e4/0x530 [ 61.848139][ T5056] _raw_spin_lock+0x2e/0x40 [ 61.854799][ T5056] snd_timer_close_locked+0x53/0x8d0 [ 61.861719][ T5056] snd_timer_close+0xae/0x130 [ 61.868047][ T5056] snd_seq_timer_close+0xa9/0xe0 [ 61.874616][ T5056] snd_seq_queue_delete+0x8f/0xf0 [ 61.881275][ T5056] snd_seq_oss_release+0x1d3/0x310 [ 61.888148][ T5056] odev_release+0x56/0x80 [ 61.894226][ T5056] __fput+0x429/0x8a0 [ 61.899864][ T5056] task_work_run+0x24f/0x310 [ 61.906090][ T5056] do_exit+0xa1b/0x27e0 [ 61.911877][ T5056] do_group_exit+0x207/0x2c0 [ 61.918106][ T5056] __x64_sys_exit_group+0x3f/0x40 [ 61.924830][ T5056] do_syscall_64+0xfb/0x240 [ 61.930982][ T5056] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 61.938597][ T5056] INITIAL USE at: [ 61.942469][ T5056] lock_acquire+0x1e4/0x530 [ 61.948526][ T5056] _raw_spin_lock_irqsave+0xd5/0x120 [ 61.955445][ T5056] snd_timer_notify+0x103/0x3d0 [ 61.962367][ T5056] snd_pcm_start+0x3fa/0x4c0 [ 61.968531][ T5056] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 61.975375][ T5056] snd_pcm_oss_read3+0x3ea/0x600 [ 61.981972][ T5056] snd_pcm_oss_read2+0x1c1/0x430 [ 61.988467][ T5056] snd_pcm_oss_read+0x6b7/0x940 [ 61.994951][ T5056] vfs_read+0x204/0xb70 [ 62.000648][ T5056] ksys_read+0x1a0/0x2c0 [ 62.006430][ T5056] do_syscall_64+0xfb/0x240 [ 62.012479][ T5056] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.020261][ T5056] } [ 62.022749][ T5056] ... key at: [] snd_timer_new.__key+0x0/0x20 [ 62.031055][ T5056] ... acquired at: [ 62.034834][ T5056] mark_lock+0x223/0x350 [ 62.039252][ T5056] __lock_acquire+0x116e/0x1fd0 [ 62.044700][ T5056] lock_acquire+0x1e4/0x530 [ 62.049443][ T5056] _raw_spin_lock+0x2e/0x40 [ 62.054102][ T5056] snd_timer_close_locked+0x53/0x8d0 [ 62.059542][ T5056] snd_timer_close+0xae/0x130 [ 62.064469][ T5056] snd_seq_timer_close+0xa9/0xe0 [ 62.069642][ T5056] snd_seq_queue_delete+0x8f/0xf0 [ 62.074823][ T5056] snd_seq_oss_release+0x1d3/0x310 [ 62.080193][ T5056] odev_release+0x56/0x80 [ 62.085210][ T5056] __fput+0x429/0x8a0 [ 62.089352][ T5056] task_work_run+0x24f/0x310 [ 62.094107][ T5056] do_exit+0xa1b/0x27e0 [ 62.098437][ T5056] do_group_exit+0x207/0x2c0 [ 62.103198][ T5056] __x64_sys_exit_group+0x3f/0x40 [ 62.108467][ T5056] do_syscall_64+0xfb/0x240 [ 62.113140][ T5056] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.119189][ T5056] [ 62.121493][ T5056] [ 62.121493][ T5056] stack backtrace: [ 62.127362][ T5056] CPU: 1 PID: 5056 Comm: syz-executor360 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 62.137418][ T5056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 62.147592][ T5056] Call Trace: [ 62.150863][ T5056] [ 62.153781][ T5056] dump_stack_lvl+0x241/0x360 [ 62.158464][ T5056] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.163647][ T5056] ? print_shortest_lock_dependencies+0xf2/0x160 [ 62.170007][ T5056] ? print_irq_inversion_bug+0x329/0x3a0 [ 62.175679][ T5056] mark_lock_irq+0x867/0xc20 [ 62.180301][ T5056] ? __pfx_mark_lock_irq+0x10/0x10 [ 62.185438][ T5056] ? stack_trace_save+0x118/0x1d0 [ 62.190471][ T5056] ? __pfx_stack_trace_save+0x10/0x10 [ 62.195837][ T5056] ? save_trace+0x749/0xb40 [ 62.200358][ T5056] mark_lock+0x223/0x350 [ 62.204588][ T5056] __lock_acquire+0x116e/0x1fd0 [ 62.209424][ T5056] lock_acquire+0x1e4/0x530 [ 62.213911][ T5056] ? snd_timer_close_locked+0x53/0x8d0 [ 62.219356][ T5056] ? __pfx___mutex_trylock_common+0x10/0x10 [ 62.225234][ T5056] ? __pfx_lock_acquire+0x10/0x10 [ 62.230242][ T5056] ? rcu_is_watching+0x15/0xb0 [ 62.235000][ T5056] ? trace_contention_end+0x3c/0x100 [ 62.240309][ T5056] ? __mutex_lock+0x2ef/0xd70 [ 62.244984][ T5056] ? snd_timer_close+0xa3/0x130 [ 62.249848][ T5056] _raw_spin_lock+0x2e/0x40 [ 62.254352][ T5056] ? snd_timer_close_locked+0x53/0x8d0 [ 62.259803][ T5056] snd_timer_close_locked+0x53/0x8d0 [ 62.265079][ T5056] snd_timer_close+0xae/0x130 [ 62.269830][ T5056] ? __pfx_snd_timer_close+0x10/0x10 [ 62.275118][ T5056] ? _raw_spin_unlock_irq+0x23/0x50 [ 62.280319][ T5056] ? lockdep_hardirqs_on+0x99/0x150 [ 62.285600][ T5056] snd_seq_timer_close+0xa9/0xe0 [ 62.290517][ T5056] snd_seq_queue_delete+0x8f/0xf0 [ 62.295529][ T5056] snd_seq_oss_release+0x1d3/0x310 [ 62.300635][ T5056] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 62.306248][ T5056] ? __asan_memset+0x23/0x50 [ 62.310826][ T5056] ? evm_file_release+0x140/0x1d0 [ 62.316003][ T5056] ? __pfx_odev_release+0x10/0x10 [ 62.321014][ T5056] odev_release+0x56/0x80 [ 62.325426][ T5056] __fput+0x429/0x8a0 [ 62.329412][ T5056] task_work_run+0x24f/0x310 [ 62.334251][ T5056] ? __pfx_task_work_run+0x10/0x10 [ 62.339360][ T5056] ? switch_task_namespaces+0xe1/0x110 [ 62.344900][ T5056] do_exit+0xa1b/0x27e0 [ 62.349081][ T5056] ? __pfx_do_exit+0x10/0x10 [ 62.353666][ T5056] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 62.359636][ T5056] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 62.365961][ T5056] ? _raw_spin_unlock_irq+0x23/0x50 [ 62.371163][ T5056] ? lockdep_hardirqs_on+0x99/0x150 [ 62.376374][ T5056] do_group_exit+0x207/0x2c0 [ 62.381036][ T5056] __x64_sys_exit_group+0x3f/0x40 [ 62.386042][ T5056] do_syscall_64+0xfb/0x240 [ 62.390536][ T5056] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 62.396410][ T5056] RIP: 0033:0x7f7a21be9c79 [ 62.400817][ T5056] Code: Unable to access opcode bytes at 0x7f7a21be9c4f. [ 62.407910][ T5056] RSP: 002b:00007ffc3435b0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 +++ exited with 0 +++ [ 62.4