./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor641511357 <...> Warning: Permanently added '10.128.1.94' (ED25519) to the list of known hosts. execve("./syz-executor641511357", ["./syz-executor641511357"], 0x7fff9146e9f0 /* 10 vars */) = 0 brk(NULL) = 0x555560dfd000 brk(0x555560dfdd00) = 0x555560dfdd00 arch_prctl(ARCH_SET_FS, 0x555560dfd380) = 0 set_tid_address(0x555560dfd650) = 5063 set_robust_list(0x555560dfd660, 24) = 0 rseq(0x555560dfdca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor641511357", 4096) = 27 getrandom("\x9b\x11\x5e\xe9\x1b\x05\x2a\x94", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555560dfdd00 brk(0x555560e1ed00) = 0x555560e1ed00 brk(0x555560e1f000) = 0x555560e1f000 mprotect(0x7f4d2af8b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/sequencer2", O_RDONLY) = 3 openat(AT_FDCWD, "/dev/audio", O_RDONLY) = 4 readv(4, [{iov_base="\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., iov_len=204}], 1) = 204 exit_group(0) = ? [ 73.789059][ T5063] [ 73.791513][ T5063] ======================================================== [ 73.798739][ T5063] WARNING: possible irq lock inversion dependency detected [ 73.805940][ T5063] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 73.812623][ T5063] -------------------------------------------------------- [ 73.819914][ T5063] syz-executor641/5063 just changed the state of lock: [ 73.827035][ T5063] ffff888029a72948 (&timer->lock){+.+.}-{2:2}, at: snd_timer_close_locked+0x53/0x8d0 [ 73.836570][ T5063] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 73.844629][ T5063] (&group->lock#2){..-.}-{2:2} [ 73.844661][ T5063] [ 73.844661][ T5063] [ 73.844661][ T5063] and interrupts could create inverse lock ordering between them. [ 73.844661][ T5063] [ 73.863823][ T5063] [ 73.863823][ T5063] other info that might help us debug this: [ 73.871899][ T5063] Possible interrupt unsafe locking scenario: [ 73.871899][ T5063] [ 73.880239][ T5063] CPU0 CPU1 [ 73.885607][ T5063] ---- ---- [ 73.890985][ T5063] lock(&timer->lock); [ 73.895168][ T5063] local_irq_disable(); [ 73.901924][ T5063] lock(&group->lock#2); [ 73.908797][ T5063] lock(&timer->lock); [ 73.915579][ T5063] [ 73.919034][ T5063] lock(&group->lock#2); [ 73.923561][ T5063] [ 73.923561][ T5063] *** DEADLOCK *** [ 73.923561][ T5063] [ 73.931717][ T5063] 3 locks held by syz-executor641/5063: [ 73.937288][ T5063] #0: ffffffff8f2d3228 (register_mutex#4){+.+.}-{3:3}, at: odev_release+0x4e/0x80 [ 73.946636][ T5063] #1: ffff88801a37ad78 (&q->timer_mutex){+.+.}-{3:3}, at: snd_seq_queue_delete+0x5b/0xf0 [ 73.956591][ T5063] #2: ffffffff8f2c1a68 (register_mutex){+.+.}-{3:3}, at: snd_timer_close+0xa3/0x130 [ 73.966096][ T5063] [ 73.966096][ T5063] the shortest dependencies between 2nd lock and 1st lock: [ 73.975514][ T5063] -> (&group->lock#2){..-.}-{2:2} { [ 73.980830][ T5063] IN-SOFTIRQ-W at: [ 73.984898][ T5063] lock_acquire+0x1e4/0x530 [ 73.991224][ T5063] _raw_spin_lock_irqsave+0xd5/0x120 [ 73.998464][ T5063] snd_pcm_period_elapsed+0x21/0x50 [ 74.006555][ T5063] dummy_hrtimer_callback+0x7f/0x180 [ 74.014020][ T5063] __hrtimer_run_queues+0x595/0xd00 [ 74.021047][ T5063] hrtimer_run_softirq+0x19a/0x2c0 [ 74.027980][ T5063] __do_softirq+0x2bc/0x943 [ 74.034297][ T5063] __irq_exit_rcu+0xf2/0x1c0 [ 74.040702][ T5063] irq_exit_rcu+0x9/0x30 [ 74.046881][ T5063] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 74.054362][ T5063] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 74.062230][ T5063] acpi_safe_halt+0x21/0x30 [ 74.068572][ T5063] acpi_idle_enter+0xe4/0x140 [ 74.075078][ T5063] cpuidle_enter_state+0x118/0x490 [ 74.082098][ T5063] cpuidle_enter+0x5d/0xa0 [ 74.088371][ T5063] do_idle+0x375/0x5d0 [ 74.094269][ T5063] cpu_startup_entry+0x42/0x60 [ 74.100859][ T5063] rest_init+0x2e0/0x300 [ 74.106920][ T5063] arch_call_rest_init+0xe/0x10 [ 74.113596][ T5063] start_kernel+0x47a/0x500 [ 74.119945][ T5063] x86_64_start_reservations+0x2a/0x30 [ 74.127247][ T5063] x86_64_start_kernel+0x99/0xa0 [ 74.134023][ T5063] common_startup_64+0x13e/0x147 [ 74.140875][ T5063] INITIAL USE at: [ 74.144851][ T5063] lock_acquire+0x1e4/0x530 [ 74.151090][ T5063] _raw_spin_lock_irq+0xd3/0x120 [ 74.157853][ T5063] snd_pcm_hw_params+0x201/0x1ea0 [ 74.164832][ T5063] snd_pcm_oss_change_params_locked+0x20d5/0x3e00 [ 74.173016][ T5063] snd_pcm_oss_read+0x24c/0x940 [ 74.179646][ T5063] vfs_readv+0x68f/0xa50 [ 74.185656][ T5063] do_readv+0x1b1/0x350 [ 74.191658][ T5063] do_syscall_64+0xfb/0x240 [ 74.197908][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.205574][ T5063] } [ 74.208160][ T5063] ... key at: [] snd_pcm_group_init.__key+0x0/0x20 [ 74.216859][ T5063] ... acquired at: [ 74.220766][ T5063] lock_acquire+0x1e4/0x530 [ 74.225451][ T5063] _raw_spin_lock_irqsave+0xd5/0x120 [ 74.230918][ T5063] snd_timer_notify+0x103/0x3d0 [ 74.235945][ T5063] snd_pcm_start+0x3fa/0x4c0 [ 74.240963][ T5063] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 74.246355][ T5063] snd_pcm_oss_read3+0x3ea/0x600 [ 74.251526][ T5063] snd_pcm_plug_read_transfer+0x3a1/0x470 [ 74.257459][ T5063] snd_pcm_oss_read2+0x296/0x430 [ 74.262593][ T5063] snd_pcm_oss_read+0x45b/0x940 [ 74.267650][ T5063] vfs_readv+0x68f/0xa50 [ 74.272076][ T5063] do_readv+0x1b1/0x350 [ 74.276422][ T5063] do_syscall_64+0xfb/0x240 [ 74.281104][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.287302][ T5063] [ 74.289637][ T5063] -> (&timer->lock){+.+.}-{2:2} { [ 74.294697][ T5063] HARDIRQ-ON-W at: [ 74.298683][ T5063] lock_acquire+0x1e4/0x530 [ 74.304851][ T5063] _raw_spin_lock+0x2e/0x40 [ 74.311065][ T5063] snd_timer_close_locked+0x53/0x8d0 [ 74.318031][ T5063] snd_timer_close+0xae/0x130 [ 74.324490][ T5063] snd_seq_timer_close+0xa9/0xe0 [ 74.331104][ T5063] snd_seq_queue_delete+0x8f/0xf0 [ 74.337805][ T5063] snd_seq_oss_release+0x1d3/0x310 [ 74.344665][ T5063] odev_release+0x56/0x80 [ 74.350651][ T5063] __fput+0x429/0x8a0 [ 74.356393][ T5063] task_work_run+0x24f/0x310 [ 74.362644][ T5063] do_exit+0xa1b/0x27e0 [ 74.368550][ T5063] do_group_exit+0x207/0x2c0 [ 74.375060][ T5063] __x64_sys_exit_group+0x3f/0x40 [ 74.381856][ T5063] do_syscall_64+0xfb/0x240 [ 74.388465][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.396036][ T5063] SOFTIRQ-ON-W at: [ 74.400038][ T5063] lock_acquire+0x1e4/0x530 [ 74.406201][ T5063] _raw_spin_lock+0x2e/0x40 [ 74.412454][ T5063] snd_timer_close_locked+0x53/0x8d0 [ 74.419415][ T5063] snd_timer_close+0xae/0x130 [ 74.425783][ T5063] snd_seq_timer_close+0xa9/0xe0 [ 74.432484][ T5063] snd_seq_queue_delete+0x8f/0xf0 [ 74.439185][ T5063] snd_seq_oss_release+0x1d3/0x310 [ 74.445953][ T5063] odev_release+0x56/0x80 [ 74.452022][ T5063] __fput+0x429/0x8a0 [ 74.457657][ T5063] task_work_run+0x24f/0x310 [ 74.463916][ T5063] do_exit+0xa1b/0x27e0 [ 74.469764][ T5063] do_group_exit+0x207/0x2c0 [ 74.476036][ T5063] __x64_sys_exit_group+0x3f/0x40 [ 74.482892][ T5063] do_syscall_64+0xfb/0x240 [ 74.489127][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.497031][ T5063] INITIAL USE at: [ 74.500934][ T5063] lock_acquire+0x1e4/0x530 [ 74.507029][ T5063] _raw_spin_lock_irqsave+0xd5/0x120 [ 74.513986][ T5063] snd_timer_notify+0x103/0x3d0 [ 74.520415][ T5063] snd_pcm_start+0x3fa/0x4c0 [ 74.526748][ T5063] __snd_pcm_lib_xfer+0x1af3/0x1e30 [ 74.533598][ T5063] snd_pcm_oss_read3+0x3ea/0x600 [ 74.540189][ T5063] snd_pcm_plug_read_transfer+0x3a1/0x470 [ 74.547476][ T5063] snd_pcm_oss_read2+0x296/0x430 [ 74.554062][ T5063] snd_pcm_oss_read+0x45b/0x940 [ 74.560477][ T5063] vfs_readv+0x68f/0xa50 [ 74.566297][ T5063] do_readv+0x1b1/0x350 [ 74.572016][ T5063] do_syscall_64+0xfb/0x240 [ 74.578078][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.585535][ T5063] } [ 74.588027][ T5063] ... key at: [] snd_timer_new.__key+0x0/0x20 [ 74.596352][ T5063] ... acquired at: [ 74.600145][ T5063] mark_lock+0x223/0x350 [ 74.604558][ T5063] __lock_acquire+0x116e/0x1fd0 [ 74.609688][ T5063] lock_acquire+0x1e4/0x530 [ 74.614363][ T5063] _raw_spin_lock+0x2e/0x40 [ 74.619040][ T5063] snd_timer_close_locked+0x53/0x8d0 [ 74.624503][ T5063] snd_timer_close+0xae/0x130 [ 74.629376][ T5063] snd_seq_timer_close+0xa9/0xe0 [ 74.634512][ T5063] snd_seq_queue_delete+0x8f/0xf0 [ 74.639743][ T5063] snd_seq_oss_release+0x1d3/0x310 [ 74.645053][ T5063] odev_release+0x56/0x80 [ 74.649568][ T5063] __fput+0x429/0x8a0 [ 74.653753][ T5063] task_work_run+0x24f/0x310 [ 74.658554][ T5063] do_exit+0xa1b/0x27e0 [ 74.662906][ T5063] do_group_exit+0x207/0x2c0 [ 74.667715][ T5063] __x64_sys_exit_group+0x3f/0x40 [ 74.672930][ T5063] do_syscall_64+0xfb/0x240 [ 74.677618][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.683709][ T5063] [ 74.686033][ T5063] [ 74.686033][ T5063] stack backtrace: [ 74.691927][ T5063] CPU: 0 PID: 5063 Comm: syz-executor641 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 74.702011][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 74.712065][ T5063] Call Trace: [ 74.715520][ T5063] [ 74.718449][ T5063] dump_stack_lvl+0x241/0x360 [ 74.723131][ T5063] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.728333][ T5063] ? print_shortest_lock_dependencies+0xf2/0x160 [ 74.734687][ T5063] ? print_irq_inversion_bug+0x329/0x3a0 [ 74.741040][ T5063] mark_lock_irq+0x867/0xc20 [ 74.745652][ T5063] ? __pfx_mark_lock_irq+0x10/0x10 [ 74.751247][ T5063] ? stack_trace_save+0x118/0x1d0 [ 74.756291][ T5063] ? __pfx_stack_trace_save+0x10/0x10 [ 74.761792][ T5063] ? save_trace+0x749/0xb40 [ 74.766493][ T5063] mark_lock+0x223/0x350 [ 74.770746][ T5063] __lock_acquire+0x116e/0x1fd0 [ 74.775706][ T5063] lock_acquire+0x1e4/0x530 [ 74.780220][ T5063] ? snd_timer_close_locked+0x53/0x8d0 [ 74.785693][ T5063] ? __pfx___mutex_trylock_common+0x10/0x10 [ 74.792211][ T5063] ? __pfx_lock_acquire+0x10/0x10 [ 74.797272][ T5063] ? rcu_is_watching+0x15/0xb0 [ 74.802065][ T5063] ? trace_contention_end+0x3c/0x100 [ 74.807624][ T5063] ? __mutex_lock+0x2ef/0xd70 [ 74.812306][ T5063] ? snd_timer_close+0xa3/0x130 [ 74.817177][ T5063] _raw_spin_lock+0x2e/0x40 [ 74.821694][ T5063] ? snd_timer_close_locked+0x53/0x8d0 [ 74.827196][ T5063] snd_timer_close_locked+0x53/0x8d0 [ 74.832493][ T5063] snd_timer_close+0xae/0x130 [ 74.837177][ T5063] ? __pfx_snd_timer_close+0x10/0x10 [ 74.842488][ T5063] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.847704][ T5063] ? lockdep_hardirqs_on+0x99/0x150 [ 74.852909][ T5063] snd_seq_timer_close+0xa9/0xe0 [ 74.857847][ T5063] snd_seq_queue_delete+0x8f/0xf0 [ 74.862880][ T5063] snd_seq_oss_release+0x1d3/0x310 [ 74.868106][ T5063] ? __pfx_snd_seq_oss_release+0x10/0x10 [ 74.873831][ T5063] ? __asan_memset+0x23/0x50 [ 74.878447][ T5063] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.884977][ T5063] ? evm_file_release+0x140/0x1d0 [ 74.890018][ T5063] ? __pfx_odev_release+0x10/0x10 [ 74.895049][ T5063] odev_release+0x56/0x80 [ 74.899644][ T5063] __fput+0x429/0x8a0 [ 74.903660][ T5063] task_work_run+0x24f/0x310 [ 74.908274][ T5063] ? __pfx_task_work_run+0x10/0x10 [ 74.913401][ T5063] ? switch_task_namespaces+0xe1/0x110 [ 74.918873][ T5063] do_exit+0xa1b/0x27e0 [ 74.923136][ T5063] ? __pfx_do_exit+0x10/0x10 [ 74.927753][ T5063] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 74.933755][ T5063] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.940080][ T5063] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.945281][ T5063] ? lockdep_hardirqs_on+0x99/0x150 [ 74.950503][ T5063] do_group_exit+0x207/0x2c0 [ 74.955094][ T5063] __x64_sys_exit_group+0x3f/0x40 [ 74.960119][ T5063] do_syscall_64+0xfb/0x240 [ 74.964622][ T5063] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 74.970529][ T5063] RIP: 0033:0x7f4d2af16c79 [ 74.974937][ T5063] Code: Unable to access opcode bytes at 0x7f4d2af16c4f. [ 74.981959][ T5063] RSP: 002b:00007ffd402f0ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 +++ exited with 0 +++ [ 74.990648][ T5063] RAX: ffffffffffffffda