======================================================== WARNING: possible irq lock inversion dependency detected 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted -------------------------------------------------------- kworker/1:6/5220 just changed the state of lock: ffff888029e27910 (&group->lock#2){..-.}-{2:2}, at: class_pcm_stream_lock_irqsave_constructor include/sound/pcm.h:669 [inline] ffff888029e27910 (&group->lock#2){..-.}-{2:2}, at: snd_pcm_period_elapsed+0x21/0x50 sound/core/pcm_lib.c:1904 but this lock took another, SOFTIRQ-unsafe lock in the past: (&timer->lock){+.+.}-{2:2} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&timer->lock); local_irq_disable(); lock(&group->lock#2); lock(&timer->lock); lock(&group->lock#2); *** DEADLOCK *** 2 locks held by kworker/1:6/5220: #0: ffff888014c75948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3229 [inline] #0: ffff888014c75948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x8e0/0x1770 kernel/workqueue.c:3335 #1: ffffc90013497d00 ((work_completion)(&(&gc_work->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3230 [inline] #1: ffffc90013497d00 ((work_completion)(&(&gc_work->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x91b/0x1770 kernel/workqueue.c:3335 the shortest dependencies between 2nd lock and 1st lock: -> (&timer->lock){+.+.}-{2:2} { HARDIRQ-ON-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] class_spinlock_constructor include/linux/spinlock.h:561 [inline] snd_timer_close_locked+0x53/0x8d0 sound/core/timer.c:412 snd_timer_close+0xae/0x130 sound/core/timer.c:464 snd_seq_timer_close+0xa9/0xe0 sound/core/seq/seq_timer.c:302 queue_delete sound/core/seq/seq_queue.c:126 [inline] snd_seq_queue_delete+0x8f/0xf0 sound/core/seq/seq_queue.c:188 delete_seq_queue sound/core/seq/oss/seq_oss_init.c:371 [inline] snd_seq_oss_release+0x1d3/0x310 sound/core/seq/oss/seq_oss_init.c:416 odev_release+0x56/0x80 sound/core/seq/oss/seq_oss.c:144 __fput+0x42b/0x8a0 fs/file_table.c:422 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1541 do_syscall_64+0xfd/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 SOFTIRQ-ON-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] class_spinlock_constructor include/linux/spinlock.h:561 [inline] snd_timer_close_locked+0x53/0x8d0 sound/core/timer.c:412 snd_timer_close+0xae/0x130 sound/core/timer.c:464 snd_seq_timer_close+0xa9/0xe0 sound/core/seq/seq_timer.c:302 queue_delete sound/core/seq/seq_queue.c:126 [inline] snd_seq_queue_delete+0x8f/0xf0 sound/core/seq/seq_queue.c:188 delete_seq_queue sound/core/seq/oss/seq_oss_init.c:371 [inline] snd_seq_oss_release+0x1d3/0x310 sound/core/seq/oss/seq_oss_init.c:416 odev_release+0x56/0x80 sound/core/seq/oss/seq_oss.c:144 __fput+0x42b/0x8a0 fs/file_table.c:422 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1541 do_syscall_64+0xfd/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 INITIAL USE at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] class_spinlock_constructor include/linux/spinlock.h:561 [inline] snd_timer_close_locked+0x53/0x8d0 sound/core/timer.c:412 snd_timer_close+0xae/0x130 sound/core/timer.c:464 snd_seq_timer_close+0xa9/0xe0 sound/core/seq/seq_timer.c:302 queue_delete sound/core/seq/seq_queue.c:126 [inline] snd_seq_queue_delete+0x8f/0xf0 sound/core/seq/seq_queue.c:188 delete_seq_queue sound/core/seq/oss/seq_oss_init.c:371 [inline] snd_seq_oss_release+0x1d3/0x310 sound/core/seq/oss/seq_oss_init.c:416 odev_release+0x56/0x80 sound/core/seq/oss/seq_oss.c:144 __fput+0x42b/0x8a0 fs/file_table.c:422 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1541 do_syscall_64+0xfd/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 } ... key at: [] snd_timer_new.__key+0x0/0x20 ... acquired at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:574 [inline] snd_timer_notify+0x103/0x3d0 sound/core/timer.c:1040 snd_pcm_timer_notify sound/core/pcm_native.c:622 [inline] snd_pcm_post_stop sound/core/pcm_native.c:1520 [inline] snd_pcm_action sound/core/pcm_native.c:1370 [inline] snd_pcm_stop+0x358/0x490 sound/core/pcm_native.c:1543 snd_pcm_drop+0x158/0x250 sound/core/pcm_native.c:2208 snd_pcm_oss_sync+0x202/0xc30 sound/core/oss/pcm_oss.c:1734 snd_pcm_oss_release+0x11e/0x280 sound/core/oss/pcm_oss.c:2575 __fput+0x42b/0x8a0 fs/file_table.c:422 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1541 do_syscall_64+0xfd/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 -> (&group->lock#2){..-.}-{2:2} { IN-SOFTIRQ-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_pcm_stream_lock_irqsave_constructor include/sound/pcm.h:669 [inline] snd_pcm_period_elapsed+0x21/0x50 sound/core/pcm_lib.c:1904 dummy_hrtimer_callback+0x7f/0x180 sound/drivers/dummy.c:385 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x597/0xd00 kernel/time/hrtimer.c:1756 hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1773 __do_softirq+0x2be/0x943 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 lock_is_held_type+0x13b/0x190 lock_is_held include/linux/lockdep.h:231 [inline] __might_resched+0xa5/0x780 kernel/sched/core.c:10149 gc_worker+0xec9/0x1650 net/netfilter/nf_conntrack_core.c:1566 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa02/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f2/0x390 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 INITIAL USE at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] _raw_spin_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:170 spin_lock_irq include/linux/spinlock.h:376 [inline] snd_pcm_group_lock_irq sound/core/pcm_native.c:97 [inline] snd_pcm_stream_lock_irq sound/core/pcm_native.c:136 [inline] class_pcm_stream_lock_irq_constructor include/sound/pcm.h:666 [inline] snd_pcm_poll+0x21e/0x650 sound/core/pcm_native.c:3605 vfs_poll include/linux/poll.h:84 [inline] ep_item_poll fs/eventpoll.c:995 [inline] ep_insert+0x10c6/0x1900 fs/eventpoll.c:1666 do_epoll_ctl+0x8d2/0xf70 fs/eventpoll.c:2329 __do_sys_epoll_ctl fs/eventpoll.c:2386 [inline] __se_sys_epoll_ctl fs/eventpoll.c:2377 [inline] __x64_sys_epoll_ctl+0x161/0x1a0 fs/eventpoll.c:2377 do_syscall_64+0xfd/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 } ... key at: [] snd_pcm_group_init.__key+0x0/0x20 ... acquired at: mark_lock+0x223/0x350 kernel/locking/lockdep.c:4678 __lock_acquire+0xbcd/0x1fd0 kernel/locking/lockdep.c:5091 lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_pcm_stream_lock_irqsave_constructor include/sound/pcm.h:669 [inline] snd_pcm_period_elapsed+0x21/0x50 sound/core/pcm_lib.c:1904 dummy_hrtimer_callback+0x7f/0x180 sound/drivers/dummy.c:385 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x597/0xd00 kernel/time/hrtimer.c:1756 hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1773 __do_softirq+0x2be/0x943 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 lock_is_held_type+0x13b/0x190 lock_is_held include/linux/lockdep.h:231 [inline] __might_resched+0xa5/0x780 kernel/sched/core.c:10149 gc_worker+0xec9/0x1650 net/netfilter/nf_conntrack_core.c:1566 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa02/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f2/0x390 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 stack backtrace: CPU: 1 PID: 5220 Comm: kworker/1:6 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: events_power_efficient gc_worker Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 mark_lock_irq+0x80c/0xc20 kernel/locking/lockdep.c:4243 mark_lock+0x223/0x350 kernel/locking/lockdep.c:4678 __lock_acquire+0xbcd/0x1fd0 kernel/locking/lockdep.c:5091 lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_pcm_stream_lock_irqsave_constructor include/sound/pcm.h:669 [inline] snd_pcm_period_elapsed+0x21/0x50 sound/core/pcm_lib.c:1904 dummy_hrtimer_callback+0x7f/0x180 sound/drivers/dummy.c:385 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x597/0xd00 kernel/time/hrtimer.c:1756 hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1773 __do_softirq+0x2be/0x943 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:lock_is_held_type+0x13b/0x190 Code: 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 04 25 28 00 00 00 <48> 3b 44 24 08 75 42 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f RSP: 0018:ffffc900134978f8 EFLAGS: 00000206 RAX: 403f75f931aa5c00 RBX: 0000000000000000 RCX: ffff888027cc0000 RDX: 0000000000000000 RSI: ffffffff8baad360 RDI: ffffffff8bfed300 RBP: 0000000000000002 R08: ffffffff8f873a6f R09: 1ffffffff1f0e74d R10: dffffc0000000000 R11: fffffbfff1f0e74e R12: 0000000000000246 R13: ffff888027cc0000 R14: 00000000ffffffff R15: ffffffff8e132080 lock_is_held include/linux/lockdep.h:231 [inline] __might_resched+0xa5/0x780 kernel/sched/core.c:10149 gc_worker+0xec9/0x1650 net/netfilter/nf_conntrack_core.c:1566 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa02/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f2/0x390 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 ---------------- Code disassembly (best guess): 0: 75 44 jne 0x46 2: 48 c7 04 24 00 00 00 movq $0x0,(%rsp) 9: 00 a: 9c pushf b: 8f 04 24 pop (%rsp) e: f7 04 24 00 02 00 00 testl $0x200,(%rsp) 15: 75 4c jne 0x63 17: 41 f7 c4 00 02 00 00 test $0x200,%r12d 1e: 74 01 je 0x21 20: fb sti 21: 65 48 8b 04 25 28 00 mov %gs:0x28,%rax 28: 00 00 * 2a: 48 3b 44 24 08 cmp 0x8(%rsp),%rax <-- trapping instruction 2f: 75 42 jne 0x73 31: 89 d8 mov %ebx,%eax 33: 48 83 c4 10 add $0x10,%rsp 37: 5b pop %rbx 38: 41 5c pop %r12 3a: 41 5d pop %r13 3c: 41 5e pop %r14 3e: 41 5f pop %r15