syzbot


possible deadlock in snd_pcm_period_elapsed (3)

Status: upstream: reported C repro on 2021/12/29 01:23
Reported-by: syzbot+669c9abf11a6a011dd09@syzkaller.appspotmail.com
Fix commit: 96b097091c66 ALSA: pcm: Use deferred fasync helper
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 344d, last: 115d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: possible deadlock in snd_pcm_period_elapsed (log)
Repro: C syz .config
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in snd_pcm_period_elapsed 96 779d 781d 0/24 closed as dup on 2020/12/06 08:32
upstream possible deadlock in snd_pcm_period_elapsed (2) 52 391d 497d 22/24 fixed on 2021/11/10 00:50
Patch testing requests:
Created Duration User Patch Repo Result
2022/04/24 03:04 15m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ 45ab9400e73f OK

Sample crash report:
========================================================
WARNING: possible irq lock inversion dependency detected
5.19.0-syzkaller-02972-g200e340f2196 #0 Not tainted
--------------------------------------------------------
swapper/1/0 just changed the state of lock:
ffff88814a057110 (&group->lock){..-.}-{2:2}, at: snd_pcm_period_elapsed+0x2c/0x210 sound/core/pcm_lib.c:1848
but this lock took another, SOFTIRQ-READ-unsafe lock in the past:
 (tasklist_lock){.+.+}-{2:2}


and interrupts could create inverse lock ordering between them.


other info that might help us debug this:
Chain exists of:
  &group->lock --> &timer->lock --> tasklist_lock

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(tasklist_lock);
                               local_irq_disable();
                               lock(&group->lock);
                               lock(&timer->lock);
  <Interrupt>
    lock(&group->lock);

 *** DEADLOCK ***

no locks held by swapper/1/0.

the shortest dependencies between 2nd lock and 1st lock:
    -> (tasklist_lock){.+.+}-{2:2} {
       HARDIRQ-ON-R at:
                            lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
                            __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
                            _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
                            do_wait+0x224/0x9d0 kernel/exit.c:1508
                            kernel_wait+0xe4/0x230 kernel/exit.c:1698
                            call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
                            call_usermodehelper_exec_work+0xb4/0x220 kernel/umh.c:166
                            process_one_work+0x81c/0xd10 kernel/workqueue.c:2289
                            worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
                            kthread+0x266/0x300 kernel/kthread.c:376
                            ret_from_fork+0x1f/0x30
       SOFTIRQ-ON-R at:
                            lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
                            __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
                            _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
                            do_wait+0x224/0x9d0 kernel/exit.c:1508
                            kernel_wait+0xe4/0x230 kernel/exit.c:1698
                            call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
                            call_usermodehelper_exec_work+0xb4/0x220 kernel/umh.c:166
                            process_one_work+0x81c/0xd10 kernel/workqueue.c:2289
                            worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
                            kthread+0x266/0x300 kernel/kthread.c:376
                            ret_from_fork+0x1f/0x30
       INITIAL USE at:
                           lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
                           __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
                           _raw_write_lock_irq+0xcf/0x110 kernel/locking/spinlock.c:326
                           copy_process+0x244f/0x3fe0 kernel/fork.c:2378
                           kernel_clone+0x22f/0x7a0 kernel/fork.c:2659
                           user_mode_thread+0x12d/0x190 kernel/fork.c:2728
                           rest_init+0x21/0x270 init/main.c:692
                           start_kernel+0x0/0x55b init/main.c:883
                           start_kernel+0x4ac/0x55b init/main.c:1138
                           secondary_startup_64_no_verify+0xcf/0xdb
       INITIAL READ USE at:
                                lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
                                __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
                                _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
                                do_wait+0x224/0x9d0 kernel/exit.c:1508
                                kernel_wait+0xe4/0x230 kernel/exit.c:1698
                                call_usermodehelper_exec_sync kernel/umh.c:139 [inline]
                                call_usermodehelper_exec_work+0xb4/0x220 kernel/umh.c:166
                                process_one_work+0x81c/0xd10 kernel/workqueue.c:2289
                                worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
                                kthread+0x266/0x300 kernel/kthread.c:376
                                ret_from_fork+0x1f/0x30
     }
     ... key      at: [<ffffffff8c80a058>] tasklist_lock+0x18/0x40
     ... acquired at:
   lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
   __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
   _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
   send_sigio+0xbe/0x300 fs/fcntl.c:791
   dnotify_handle_event+0x136/0x450 fs/notify/dnotify/dnotify.c:115
   fsnotify+0xd1e/0x1360 fs/notify/fsnotify.c:570
   fsnotify_name include/linux/fsnotify.h:36 [inline]
   fsnotify_dirent include/linux/fsnotify.h:42 [inline]
   fsnotify_create include/linux/fsnotify.h:207 [inline]
   open_last_lookups fs/namei.c:3425 [inline]
   path_openat+0x147d/0x2da0 fs/namei.c:3629
   do_filp_open+0x275/0x500 fs/namei.c:3659
   do_sys_openat2+0x13b/0x500 fs/open.c:1310
   do_sys_open fs/open.c:1326 [inline]
   __do_sys_creat fs/open.c:1402 [inline]
   __se_sys_creat fs/open.c:1396 [inline]
   __x64_sys_creat+0x11f/0x160 fs/open.c:1396
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x63/0xcd

   -> (&f->f_owner.lock){....}-{2:2} {
      INITIAL USE at:
                         lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
                         __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
                         _raw_write_lock_irq+0xcf/0x110 kernel/locking/spinlock.c:326
                         f_modown+0x38/0x340 fs/fcntl.c:90
                         __f_setown fs/fcntl.c:109 [inline]
                         f_setown+0x113/0x1a0 fs/fcntl.c:137
                         do_fcntl+0x128/0x1370 fs/fcntl.c:376
                         __do_sys_fcntl fs/fcntl.c:453 [inline]
                         __se_sys_fcntl+0xd5/0x1b0 fs/fcntl.c:438
                         do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                         do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
                         entry_SYSCALL_64_after_hwframe+0x63/0xcd
      INITIAL READ USE at:
                              lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
                              __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
                              _raw_read_lock_irqsave+0xd9/0x120 kernel/locking/spinlock.c:236
                              send_sigio+0x2f/0x300 fs/fcntl.c:777
                              kill_fasync_rcu fs/fcntl.c:1002 [inline]
                              kill_fasync+0x1e4/0x430 fs/fcntl.c:1016
                              snd_timer_user_ccallback+0x370/0x540 sound/core/timer.c:1386
                              snd_timer_notify1+0x1ad/0x350 sound/core/timer.c:516
                              snd_timer_start1+0x53d/0x640 sound/core/timer.c:578
                              snd_timer_start sound/core/timer.c:696 [inline]
                              snd_timer_user_start sound/core/timer.c:1984 [inline]
                              __snd_timer_user_ioctl+0xae7/0x54c0 sound/core/timer.c:2107
                              snd_timer_user_ioctl+0x5d/0x80 sound/core/timer.c:2128
                              vfs_ioctl fs/ioctl.c:51 [inline]
                              __do_sys_ioctl fs/ioctl.c:870 [inline]
                              __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
                              do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                              do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
                              entry_SYSCALL_64_after_hwframe+0x63/0xcd
    }
    ... key      at: [<ffffffff91612420>] __alloc_file.__key+0x0/0x10
    ... acquired at:
   lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
   _raw_read_lock_irqsave+0xd9/0x120 kernel/locking/spinlock.c:236
   send_sigio+0x2f/0x300 fs/fcntl.c:777
   kill_fasync_rcu fs/fcntl.c:1002 [inline]
   kill_fasync+0x1e4/0x430 fs/fcntl.c:1016
   snd_timer_user_ccallback+0x370/0x540 sound/core/timer.c:1386
   snd_timer_notify1+0x1ad/0x350 sound/core/timer.c:516
   snd_timer_start1+0x53d/0x640 sound/core/timer.c:578
   snd_timer_start sound/core/timer.c:696 [inline]
   snd_timer_user_start sound/core/timer.c:1984 [inline]
   __snd_timer_user_ioctl+0xae7/0x54c0 sound/core/timer.c:2107
   snd_timer_user_ioctl+0x5d/0x80 sound/core/timer.c:2128
   vfs_ioctl fs/ioctl.c:51 [inline]
   __do_sys_ioctl fs/ioctl.c:870 [inline]
   __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x63/0xcd

  -> (&new->fa_lock){....}-{2:2} {
     INITIAL READ USE at:
                            lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
                            __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
                            _raw_read_lock_irqsave+0xd9/0x120 kernel/locking/spinlock.c:236
                            kill_fasync_rcu fs/fcntl.c:995 [inline]
                            kill_fasync+0x13b/0x430 fs/fcntl.c:1016
                            snd_timer_user_ccallback+0x370/0x540 sound/core/timer.c:1386
                            snd_timer_notify1+0x1ad/0x350 sound/core/timer.c:516
                            snd_timer_start1+0x53d/0x640 sound/core/timer.c:578
                            snd_timer_start sound/core/timer.c:696 [inline]
                            snd_timer_user_start sound/core/timer.c:1984 [inline]
                            __snd_timer_user_ioctl+0xae7/0x54c0 sound/core/timer.c:2107
                            snd_timer_user_ioctl+0x5d/0x80 sound/core/timer.c:2128
                            vfs_ioctl fs/ioctl.c:51 [inline]
                            __do_sys_ioctl fs/ioctl.c:870 [inline]
                            __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
                            do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                            do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
                            entry_SYSCALL_64_after_hwframe+0x63/0xcd
   }
   ... key      at: [<ffffffff916130a0>] fasync_insert_entry.__key+0x0/0x20
   ... acquired at:
   lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
   __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
   _raw_read_lock_irqsave+0xd9/0x120 kernel/locking/spinlock.c:236
   kill_fasync_rcu fs/fcntl.c:995 [inline]
   kill_fasync+0x13b/0x430 fs/fcntl.c:1016
   snd_timer_user_ccallback+0x370/0x540 sound/core/timer.c:1386
   snd_timer_notify1+0x1ad/0x350 sound/core/timer.c:516
   snd_timer_start1+0x53d/0x640 sound/core/timer.c:578
   snd_timer_start sound/core/timer.c:696 [inline]
   snd_timer_user_start sound/core/timer.c:1984 [inline]
   __snd_timer_user_ioctl+0xae7/0x54c0 sound/core/timer.c:2107
   snd_timer_user_ioctl+0x5d/0x80 sound/core/timer.c:2128
   vfs_ioctl fs/ioctl.c:51 [inline]
   __do_sys_ioctl fs/ioctl.c:870 [inline]
   __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x63/0xcd

 -> (&timer->lock){....}-{2:2} {
    INITIAL USE at:
                     lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
                     __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                     _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
                     snd_timer_resolution sound/core/timer.c:489 [inline]
                     snd_timer_user_params sound/core/timer.c:1851 [inline]
                     __snd_timer_user_ioctl+0x1a3f/0x54c0 sound/core/timer.c:2100
                     snd_timer_user_ioctl+0x5d/0x80 sound/core/timer.c:2128
                     vfs_ioctl fs/ioctl.c:51 [inline]
                     __do_sys_ioctl fs/ioctl.c:870 [inline]
                     __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
                     do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                     do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
                     entry_SYSCALL_64_after_hwframe+0x63/0xcd
  }
  ... key      at: [<ffffffff919607a0>] snd_timer_new.__key+0x0/0x20
  ... acquired at:
   lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
   __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
   _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
   snd_timer_notify+0x105/0x3e0 sound/core/timer.c:1086
   snd_pcm_action sound/core/pcm_native.c:1364 [inline]
   snd_pcm_start+0x383/0x400 sound/core/pcm_native.c:1470
   __snd_pcm_lib_xfer+0x13e0/0x18a0 sound/core/pcm_lib.c:2308
   snd_pcm_oss_write3+0x202/0x390 sound/core/oss/pcm_oss.c:1253
   snd_pcm_oss_write2 sound/core/oss/pcm_oss.c:1393 [inline]
   snd_pcm_oss_sync1+0x3a6/0x7f0 sound/core/oss/pcm_oss.c:1627
   snd_pcm_oss_sync+0x9cf/0xf00 sound/core/oss/pcm_oss.c:1693
   snd_pcm_oss_release+0x119/0x270 sound/core/oss/pcm_oss.c:2590
   __fput+0x3b9/0x820 fs/file_table.c:319
   task_work_run+0x146/0x1c0 kernel/task_work.c:177
   exit_task_work include/linux/task_work.h:38 [inline]
   do_exit+0x55e/0x20a0 kernel/exit.c:795
   do_group_exit+0x23b/0x2f0 kernel/exit.c:925
   __do_sys_exit_group kernel/exit.c:936 [inline]
   __se_sys_exit_group kernel/exit.c:934 [inline]
   __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:934
   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
   do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
   entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> (&group->lock){..-.}-{2:2} {
   IN-SOFTIRQ-W at:
                    lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
                    __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                    _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
                    snd_pcm_period_elapsed+0x2c/0x210 sound/core/pcm_lib.c:1848
                    dummy_hrtimer_callback+0x87/0x190 sound/drivers/dummy.c:377
                    __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
                    __hrtimer_run_queues+0x50b/0xa60 kernel/time/hrtimer.c:1749
                    hrtimer_run_softirq+0x1a1/0x580 kernel/time/hrtimer.c:1766
                    __do_softirq+0x382/0x793 kernel/softirq.c:571
                    __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650
                    irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
                    sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1106
                    asm_sysvec_apic_timer_interrupt+0x16/0x20
                    native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
                    arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
                    acpi_safe_halt drivers/acpi/processor_idle.c:112 [inline]
                    acpi_idle_do_entry drivers/acpi/processor_idle.c:555 [inline]
                    acpi_idle_enter+0x43d/0x7a0 drivers/acpi/processor_idle.c:692
                    cpuidle_enter_state+0x517/0xed0 drivers/cpuidle/cpuidle.c:238
                    cpuidle_enter+0x59/0x90 drivers/cpuidle/cpuidle.c:352
                    call_cpuidle kernel/sched/idle.c:155 [inline]
                    cpuidle_idle_call kernel/sched/idle.c:236 [inline]
                    do_idle+0x3d2/0x640 kernel/sched/idle.c:303
                    cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:400
                    start_secondary+0xe4/0xf0 arch/x86/kernel/smpboot.c:266
                    secondary_startup_64_no_verify+0xcf/0xdb
   INITIAL USE at:
                   lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
                   __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline]
                   _raw_spin_lock_irq+0xcf/0x110 kernel/locking/spinlock.c:170
                   spin_lock_irq include/linux/spinlock.h:374 [inline]
                   snd_pcm_group_lock_irq sound/core/pcm_native.c:97 [inline]
                   snd_pcm_stream_lock_irq sound/core/pcm_native.c:136 [inline]
                   snd_pcm_hw_params+0x164/0x1860 sound/core/pcm_native.c:726
                   snd_pcm_oss_change_params_locked+0x1f21/0x3c80 sound/core/oss/pcm_oss.c:976
                   snd_pcm_oss_make_ready_locked sound/core/oss/pcm_oss.c:1198 [inline]
                   snd_pcm_oss_write1+0x249/0x1130 sound/core/oss/pcm_oss.c:1416
                   vfs_write+0x303/0xcc0 fs/read_write.c:578
                   ksys_write+0x19b/0x2c0 fs/read_write.c:633
                   do_syscall_x64 arch/x86/entry/common.c:50 [inline]
                   do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
                   entry_SYSCALL_64_after_hwframe+0x63/0xcd
 }
 ... key      at: [<ffffffff91960f20>] snd_pcm_group_init.__key+0x0/0x20
 ... acquired at:
   mark_lock+0x21c/0x350 kernel/locking/lockdep.c:4632
   __lock_acquire+0xb81/0x1f80 kernel/locking/lockdep.c:5007
   lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
   __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
   _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
   snd_pcm_period_elapsed+0x2c/0x210 sound/core/pcm_lib.c:1848
   dummy_hrtimer_callback+0x87/0x190 sound/drivers/dummy.c:377
   __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
   __hrtimer_run_queues+0x50b/0xa60 kernel/time/hrtimer.c:1749
   hrtimer_run_softirq+0x1a1/0x580 kernel/time/hrtimer.c:1766
   __do_softirq+0x382/0x793 kernel/softirq.c:571
   __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650
   irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
   sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1106
   asm_sysvec_apic_timer_interrupt+0x16/0x20
   native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
   arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
   acpi_safe_halt drivers/acpi/processor_idle.c:112 [inline]
   acpi_idle_do_entry drivers/acpi/processor_idle.c:555 [inline]
   acpi_idle_enter+0x43d/0x7a0 drivers/acpi/processor_idle.c:692
   cpuidle_enter_state+0x517/0xed0 drivers/cpuidle/cpuidle.c:238
   cpuidle_enter+0x59/0x90 drivers/cpuidle/cpuidle.c:352
   call_cpuidle kernel/sched/idle.c:155 [inline]
   cpuidle_idle_call kernel/sched/idle.c:236 [inline]
   do_idle+0x3d2/0x640 kernel/sched/idle.c:303
   cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:400
   start_secondary+0xe4/0xf0 arch/x86/kernel/smpboot.c:266
   secondary_startup_64_no_verify+0xcf/0xdb


stack backtrace:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 print_irq_inversion_bug+0x58c/0x6f0 kernel/locking/lockdep.c:4040
 mark_lock_irq+0x9d2/0xf00 kernel/locking/lockdep.c:4203
 mark_lock+0x21c/0x350 kernel/locking/lockdep.c:4632
 __lock_acquire+0xb81/0x1f80 kernel/locking/lockdep.c:5007
 lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5666
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
 snd_pcm_period_elapsed+0x2c/0x210 sound/core/pcm_lib.c:1848
 dummy_hrtimer_callback+0x87/0x190 sound/drivers/dummy.c:377
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x50b/0xa60 kernel/time/hrtimer.c:1749
 hrtimer_run_softirq+0x1a1/0x580 kernel/time/hrtimer.c:1766
 __do_softirq+0x382/0x793 kernel/softirq.c:571
 __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1106
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:22 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline]
RIP: 0010:arch_irqs_disabled arch/x86/include/asm/irqflags.h:130 [inline]
RIP: 0010:acpi_safe_halt drivers/acpi/processor_idle.c:113 [inline]
RIP: 0010:acpi_idle_do_entry drivers/acpi/processor_idle.c:555 [inline]
RIP: 0010:acpi_idle_enter+0x43d/0x7a0 drivers/acpi/processor_idle.c:692
Code: ff e8 07 1b 53 f7 48 83 e3 08 44 8b 7c 24 04 0f 85 10 01 00 00 e8 c3 c2 59 f7 66 90 e8 2c 16 53 f7 0f 00 2d 55 7c c0 00 fb f4 <4c> 89 e3 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 e7 e8 4d e2 a5 f7
RSP: 0018:ffffc90000177c00 EFLAGS: 000002d3
RAX: ffffffff8a350a84 RBX: 0000000000000000 RCX: ffff888011fe1d80
RDX: 0000000000000000 RSI: ffffffff8a8d2fe0 RDI: ffffffff8ae9a7c0
RBP: ffffc90000177cb0 R08: ffffffff8a350a69 R09: ffffed10023fc3b1
R10: ffffed10023fc3b1 R11: 1ffff110023fc3b0 R12: ffffc90000177c40
R13: dffffc0000000000 R14: ffff888011dbe000 R15: 0000000000000001
 cpuidle_enter_state+0x517/0xed0 drivers/cpuidle/cpuidle.c:238
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	e8 07 1b 53 f7       	callq  0xf7531b0c
   5:	48 83 e3 08          	and    $0x8,%rbx
   9:	44 8b 7c 24 04       	mov    0x4(%rsp),%r15d
   e:	0f 85 10 01 00 00    	jne    0x124
  14:	e8 c3 c2 59 f7       	callq  0xf759c2dc
  19:	66 90                	xchg   %ax,%ax
  1b:	e8 2c 16 53 f7       	callq  0xf753164c
  20:	0f 00 2d 55 7c c0 00 	verw   0xc07c55(%rip)        # 0xc07c7c
  27:	fb                   	sti
  28:	f4                   	hlt
* 29:	4c 89 e3             	mov    %r12,%rbx <-- trapping instruction
  2c:	48 c1 eb 03          	shr    $0x3,%rbx
  30:	42 80 3c 2b 00       	cmpb   $0x0,(%rbx,%r13,1)
  35:	74 08                	je     0x3f
  37:	4c 89 e7             	mov    %r12,%rdi
  3a:	e8 4d e2 a5 f7       	callq  0xf7a5e28c

Fix bisection attempts:
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2022/06/26 04:08 upstream 0840a7914caa 131df97d .config log report syz C
* Struck through repros no longer work on HEAD.
Crashes (23):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2022/08/11 08:41 upstream 200e340f2196 a6201f11 .config log report syz C possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/04/23 22:25 upstream 45ab9400e73f 131df97d .config log report syz C possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/08/10 11:35 upstream 200e340f2196 c2a623d6 .config log report syz possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/05/21 17:55 upstream 3b5e1590a267 7268fa62 .config log report syz possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/07/13 09:19 upstream b047602d579b 5d921b08 .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/07/12 17:19 upstream 72a8e05d4f66 d91dd8ea .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/07/08 22:10 upstream a471da3100ef b5765a15 .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/07/03 15:28 upstream 69cb6c6556ad 1434eec0 .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/05/25 03:34 upstream aa051d36ce4a 647c0e27 .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/05/23 22:55 upstream 1e57930e9f40 4c7657cb .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/05/23 10:34 upstream 4b0986a3613c 4c7657cb .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/05/23 01:56 upstream 4b0986a3613c 7268fa62 .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/05/20 16:49 upstream 3d7285a335ed bd37ad7e .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/05/19 13:09 upstream f993aed406ea 50c53f39 .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/05/18 01:43 upstream 210e04ff7681 744a39e2 .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/04/23 19:03 upstream 45ab9400e73f 131df97d .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/04/22 01:10 upstream 59f0c2447e25 2738b391 .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/04/22 00:19 upstream 59f0c2447e25 2738b391 .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/04/21 17:10 upstream b253435746d9 2738b391 .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/04/21 00:18 upstream 559089e0a93d 160a3f31 .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/03/05 18:05 upstream ac84e82f78cb 7bdd8b2c .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2022/02/03 06:27 upstream 27bb0b18c208 4ebb2798 .config log report info possible deadlock in snd_pcm_period_elapsed
ci-upstream-kasan-gce-smack-root 2021/12/25 01:21 upstream b927dfc67d05 6caa12e4 .config log report info possible deadlock in snd_pcm_period_elapsed
* Struck through repros no longer work on HEAD.