./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1234180867 <...> Warning: Permanently added '10.128.0.187' (ED25519) to the list of known hosts. execve("./syz-executor1234180867", ["./syz-executor1234180867"], 0x7ffd46080b40 /* 10 vars */) = 0 brk(NULL) = 0x55557aab5000 brk(0x55557aab5d00) = 0x55557aab5d00 arch_prctl(ARCH_SET_FS, 0x55557aab5380) = 0 set_tid_address(0x55557aab5650) = 5066 set_robust_list(0x55557aab5660, 24) = 0 rseq(0x55557aab5ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1234180867", 4096) = 28 getrandom("\x86\xf2\xbc\x95\xbc\x93\xda\x97", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557aab5d00 brk(0x55557aad6d00) = 0x55557aad6d00 brk(0x55557aad7000) = 0x55557aad7000 mprotect(0x7f8231df3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/audio1", O_RDONLY) = 3 read(3, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff", 74) = 74 openat(AT_FDCWD, "/dev/sequencer", O_RDONLY) = 4 exit_group(0) = ? syzkaller login: [ 70.519204][ T5066] [ 70.521559][ T5066] ======================================================== [ 70.528750][ T5066] WARNING: possible irq lock inversion dependency detected [ 70.535947][ T5066] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 70.542623][ T5066] -------------------------------------------------------- [ 70.549810][ T5066] syz-executor123/5066 just changed the state of lock: [ 70.556647][ T5066] ffff888029790948 (&timer->lock){+.+.}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 70.566175][ T5066] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 70.574240][ T5066] (&group->lock#2){..-.}-{2:2} [ 70.574269][ T5066] [ 70.574269][ T5066] [ 70.574269][ T5066] and interrupts could create inverse lock ordering between them. [ 70.574269][ T5066] [ 70.593410][ T5066] [ 70.593410][ T5066] other info that might help us debug this: [ 70.601455][ T5066] Possible interrupt unsafe locking scenario: [ 70.601455][ T5066] [ 70.609762][ T5066] CPU0 CPU1 [ 70.615114][ T5066] ---- ---- [ 70.620465][ T5066] lock(&timer->lock); [ 70.624630][ T5066] local_irq_disable(); [ 70.631373][ T5066] lock(&group->lock#2); [ 70.638226][ T5066] lock(&timer->lock); [ 70.644895][ T5066] [ 70.648338][ T5066] lock(&group->lock#2); [ 70.652848][ T5066] [ 70.652848][ T5066] *** DEADLOCK *** [ 70.652848][ T5066] [ 70.661090][ T5066] 3 locks held by syz-executor123/5066: [ 70.666643][ T5066] #0: ffffffff8f2d3228 (register_mutex#4){+.+.}-{3:3}, at: odev_release+0x4e/0x80 [ 70.675961][ T5066] #1: ffff88801577ed78 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_delete+0x5b/0xf0 [ 70.686064][ T5066] #2: ffffffff8f2c1a68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 70.695555][ T5066] [ 70.695555][ T5066] the shortest dependencies between 2nd lock and 1st lock: [ 70.704929][ T5066] -> (&group->lock#2){..-.}-{2:2} { [ 70.710232][ T5066] IN-SOFTIRQ-W at: [ 70.714292][ T5066] lock_acquire+0x1e4/0x530 [ 70.720613][ T5066] _raw_spin_lock_irqsave+0xd5/0x120 [ 70.727727][ T5066] snd_pcm_period_elapsed+0x21/0x50 [ 70.734741][ T5066] call_timer_fn+0x17e/0x600 [ 70.741212][ T5066] __run_timer_base+0x66a/0x8e0 [ 70.747951][ T5066] run_timer_softirq+0xb7/0x170 [ 70.754636][ T5066] __do_softirq+0x2bc/0x943 [ 70.760964][ T5066] __irq_exit_rcu+0xf2/0x1c0 [ 70.767381][ T5066] irq_exit_rcu+0x9/0x30 [ 70.773468][ T5066] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 70.780944][ T5066] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 70.788758][ T5066] acpi_safe_halt+0x21/0x30 [ 70.795102][ T5066] acpi_idle_enter+0xe4/0x140 [ 70.801622][ T5066] cpuidle_enter_state+0x118/0x490 [ 70.808561][ T5066] cpuidle_enter+0x5d/0xa0 [ 70.814823][ T5066] do_idle+0x375/0x5d0 [ 70.820718][ T5066] cpu_startup_entry+0x42/0x60 [ 70.827306][ T5066] rest_init+0x2e0/0x300 [ 70.833381][ T5066] arch_call_rest_init+0xe/0x10 [ 70.840060][ T5066] start_kernel+0x47a/0x500 [ 70.846384][ T5066] x86_64_start_reservations+0x2a/0x30 [ 70.853663][ T5066] x86_64_start_kernel+0x99/0xa0 [ 70.860445][ T5066] common_startup_64+0x13e/0x147 [ 70.867202][ T5066] INITIAL USE at: [ 70.871196][ T5066] lock_acquire+0x1e4/0x530 [ 70.877444][ T5066] _raw_spin_lock_irq+0xd3/0x120 [ 70.884117][ T5066] snd_pcm_hw_params+0x201/0x1ea0 [ 70.890876][ T5066] snd_pcm_oss_change_params_locked+0x20d5/0x3e00 [ 70.899026][ T5066] snd_pcm_oss_read+0x24c/0x940 [ 70.905609][ T5066] vfs_read+0x204/0xb70 [ 70.911501][ T5066] ksys_read+0x1a0/0x2c0 [ 70.917489][ T5066] do_syscall_64+0xfb/0x240 [ 70.923737][ T5066] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 70.931360][ T5066] } [ 70.933938][ T5066] ... key at: [] snd_pcm_group_init.__key+0x0/0x20 [ 70.942610][ T5066] ... acquired at: [ 70.946497][ T5066] lock_acquire+0x1e4/0x530 [ 70.951172][ T5066] _raw_spin_lock_irqsave+0xd5/0x120 [ 70.956637][ T5066] snd_timer_notify+0x103/0x3d0 [ 70.961659][ T5066] snd_pcm_start+0x3fa/0x4c0 [ 70.966420][ T5066] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 70.971783][ T5066] snd_pcm_oss_read3+0x3ea/0x600 [ 70.976894][ T5066] snd_pcm_plug_read_transfer+0x3a1/0x470 [ 70.982803][ T5066] snd_pcm_oss_read2+0x296/0x430 [ 70.987908][ T5066] snd_pcm_oss_read+0x45b/0x940 [ 70.992927][ T5066] vfs_read+0x204/0xb70 [ 70.997246][ T5066] ksys_read+0x1a0/0x2c0 [ 71.001666][ T5066] do_syscall_64+0xfb/0x240 [ 71.006333][ T5066] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 71.012394][ T5066] [ 71.014710][ T5066] -> (&timer->lock){+.+.}-{2:2} { [ 71.019746][ T5066] HARDIRQ-ON-W at: [ 71.023719][ T5066] lock_acquire+0x1e4/0x530 [ 71.029865][ T5066] _raw_spin_lock+0x2e/0x40 [ 71.036017][ T5066] snd_timer_close_locked+0x53/0x8d0 [ 71.042967][ T5066] snd_timer_close+0xae/0x130 [ 71.049289][ T5066] snd_seq_timer_close+0xa9/0xe0 [ 71.055892][ T5066] snd_seq_queue_delete+0x8f/0xf0 [ 71.062566][ T5066] snd_seq_oss_release+0x1d3/0x310 [ 71.069329][ T5066] odev_release+0x56/0x80 [ 71.075307][ T5066] __fput+0x429/0x8a0 [ 71.080951][ T5066] task_work_run+0x24f/0x310 [ 71.087184][ T5066] do_exit+0xa1b/0x27e0 [ 71.092985][ T5066] do_group_exit+0x207/0x2c0 [ 71.099225][ T5066] __x64_sys_exit_group+0x3f/0x40 [ 71.105923][ T5066] do_syscall_64+0xfb/0x240 [ 71.112065][ T5066] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 71.119598][ T5066] SOFTIRQ-ON-W at: [ 71.123589][ T5066] lock_acquire+0x1e4/0x530 [ 71.129754][ T5066] _raw_spin_lock+0x2e/0x40 [ 71.135919][ T5066] snd_timer_close_locked+0x53/0x8d0 [ 71.142855][ T5066] snd_timer_close+0xae/0x130 [ 71.149178][ T5066] snd_seq_timer_close+0xa9/0xe0 [ 71.155770][ T5066] snd_seq_queue_delete+0x8f/0xf0 [ 71.162454][ T5066] snd_seq_oss_release+0x1d3/0x310 [ 71.169208][ T5066] odev_release+0x56/0x80 [ 71.175180][ T5066] __fput+0x429/0x8a0 [ 71.180810][ T5066] task_work_run+0x24f/0x310 [ 71.187049][ T5066] do_exit+0xa1b/0x27e0 [ 71.192853][ T5066] do_group_exit+0x207/0x2c0 [ 71.199091][ T5066] __x64_sys_exit_group+0x3f/0x40 [ 71.205772][ T5066] do_syscall_64+0xfb/0x240 [ 71.211922][ T5066] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 71.219466][ T5066] INITIAL USE at: [ 71.223363][ T5066] lock_acquire+0x1e4/0x530 [ 71.229427][ T5066] _raw_spin_lock_irqsave+0xd5/0x120 [ 71.236277][ T5066] snd_timer_notify+0x103/0x3d0 [ 71.242691][ T5066] snd_pcm_start+0x3fa/0x4c0 [ 71.248856][ T5066] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 71.255607][ T5066] snd_pcm_oss_read3+0x3ea/0x600 [ 71.262145][ T5066] snd_pcm_plug_read_transfer+0x3a1/0x470 [ 71.269459][ T5066] snd_pcm_oss_read2+0x296/0x430 [ 71.275964][ T5066] snd_pcm_oss_read+0x45b/0x940 [ 71.282378][ T5066] vfs_read+0x204/0xb70 [ 71.288111][ T5066] ksys_read+0x1a0/0x2c0 [ 71.293909][ T5066] do_syscall_64+0xfb/0x240 [ 71.299968][ T5066] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 71.307419][ T5066] } [ 71.309908][ T5066] ... key at: [] snd_timer_new.__key+0x0/0x20 [ 71.318060][ T5066] ... acquired at: [ 71.321853][ T5066] mark_lock+0x223/0x350 [ 71.326263][ T5066] __lock_acquire+0x116e/0x1fd0 [ 71.331279][ T5066] lock_acquire+0x1e4/0x530 [ 71.335970][ T5066] _raw_spin_lock+0x2e/0x40 [ 71.340643][ T5066] snd_timer_close_locked+0x53/0x8d0 [ 71.346102][ T5066] snd_timer_close+0xae/0x130 [ 71.350950][ T5066] snd_seq_timer_close+0xa9/0xe0 [ 71.356053][ T5066] snd_seq_queue_delete+0x8f/0xf0 [ 71.361248][ T5066] snd_seq_oss_release+0x1d3/0x310 [ 71.366546][ T5066] odev_release+0x56/0x80 [ 71.371044][ T5066] __fput+0x429/0x8a0 [ 71.375212][ T5066] task_work_run+0x24f/0x310 [ 71.380012][ T5066] do_exit+0xa1b/0x27e0 [ 71.384353][ T5066] do_group_exit+0x207/0x2c0 [ 71.389227][ T5066] __x64_sys_exit_group+0x3f/0x40 [ 71.394461][ T5066] do_syscall_64+0xfb/0x240 [ 71.399163][ T5066] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 71.405230][ T5066] [ 71.407555][ T5066] [ 71.407555][ T5066] stack backtrace: [ 71.413472][ T5066] CPU: 1 PID: 5066 Comm: syz-executor123 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 71.423542][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 71.433629][ T5066] Call Trace: [ 71.436923][ T5066] [ 71.439859][ T5066] dump_stack_lvl+0x241/0x360 [ 71.444581][ T5066] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.449824][ T5066] ? print_shortest_lock_dependencies+0xf2/0x160 [ 71.456166][ T5066] ? print_irq_inversion_bug+0x329/0x3a0 [ 71.461804][ T5066] mark_lock_irq+0x867/0xc20 [ 71.466410][ T5066] ? __pfx_mark_lock_irq+0x10/0x10 [ 71.471545][ T5066] ? stack_trace_save+0x118/0x1d0 [ 71.476582][ T5066] ? __pfx_stack_trace_save+0x10/0x10 [ 71.481962][ T5066] ? save_trace+0x749/0xb40 [ 71.486468][ T5066] mark_lock+0x223/0x350 [ 71.490713][ T5066] __lock_acquire+0x116e/0x1fd0 [ 71.495577][ T5066] lock_acquire+0x1e4/0x530 [ 71.500075][ T5066] ? snd_timer_close_locked+0x53/0x8d0 [ 71.505534][ T5066] ? __pfx___mutex_trylock_common+0x10/0x10 [ 71.511426][ T5066] ? __pfx_lock_acquire+0x10/0x10 [ 71.516442][ T5066] ? rcu_is_watching+0x15/0xb0 [ 71.521206][ T5066] ? trace_contention_end+0x3c/0x100 [ 71.526490][ T5066] ? __mutex_lock+0x2ef/0xd70 [ 71.531166][ T5066] ? snd_timer_close+0xa3/0x130 [ 71.536017][ T5066] _raw_spin_lock+0x2e/0x40 [ 71.540538][ T5066] ? snd_timer_close_locked+0x53/0x8d0 [ 71.546012][ T5066] snd_timer_close_locked+0x53/0x8d0 [ 71.551310][ T5066] snd_timer_close+0xae/0x130 [ 71.556033][ T5066] ? __pfx_snd_timer_close+0x10/0x10 [ 71.561343][ T5066] ? _raw_spin_unlock_irq+0x23/0x50 [ 71.566547][ T5066] ? lockdep_hardirqs_on+0x99/0x150 [ 71.571767][ T5066] snd_seq_timer_close+0xa9/0xe0 [ 71.576731][ T5066] snd_seq_queue_delete+0x8f/0xf0 [ 71.581765][ T5066] snd_seq_oss_release+0x1d3/0x310 [ 71.586881][ T5066] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 71.592521][ T5066] ? __asan_memset+0x23/0x50 [ 71.597126][ T5066] ? evm_file_release+0x140/0x1d0 [ 71.602149][ T5066] ? __pfx_odev_release+0x10/0x10 [ 71.607183][ T5066] odev_release+0x56/0x80 [ 71.611512][ T5066] __fput+0x429/0x8a0 [ 71.615502][ T5066] task_work_run+0x24f/0x310 [ 71.620115][ T5066] ? __pfx_task_work_run+0x10/0x10 [ 71.625241][ T5066] ? switch_task_namespaces+0xe1/0x110 [ 71.630704][ T5066] do_exit+0xa1b/0x27e0 [ 71.634864][ T5066] ? __pfx_do_exit+0x10/0x10 [ 71.639451][ T5066] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 71.645430][ T5066] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 71.651769][ T5066] ? _raw_spin_unlock_irq+0x23/0x50 [ 71.657011][ T5066] ? lockdep_hardirqs_on+0x99/0x150 [ 71.662299][ T5066] do_group_exit+0x207/0x2c0 [ 71.666904][ T5066] __x64_sys_exit_group+0x3f/0x40 [ 71.671939][ T5066] do_syscall_64+0xfb/0x240 [ 71.676547][ T5066] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 71.682442][ T5066] RIP: 0033:0x7f8231d7ec79 [ 71.686861][ T5066] Code: Unable to access opcode bytes at 0x7f8231d7ec4f. [ 71.693869][ T5066] RSP: 002b:00007ffcb5836788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 71.702281][ T5066] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8231d7ec79 [ 71.710249][ T5066] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 +++ exited with 0 +++ [ 71.718242][ T5066] RBP: 00007f8231df9270 R08: ffffffffffffffb8 R09: 00