========================================================
WARNING: possible irq lock inversion dependency detected
6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted
--------------------------------------------------------
kworker/1:6/5220 just changed the state of lock:
ffff888029e27910 (&group->lock#2){..-.}-{2:2}, at: class_pcm_stream_lock_irqsave_constructor include/sound/pcm.h:669 [inline]
ffff888029e27910 (&group->lock#2){..-.}-{2:2}, at: snd_pcm_period_elapsed+0x21/0x50 sound/core/pcm_lib.c:1904
but this lock took another, SOFTIRQ-unsafe lock in the past:
(&timer->lock){+.+.}-{2:2}
and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&timer->lock);
local_irq_disable();
lock(&group->lock#2);
lock(&timer->lock);
<Interrupt>
lock(&group->lock#2);
*** DEADLOCK ***
2 locks held by kworker/1:6/5220:
#0: ffff888014c75948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3229 [inline]
#0: ffff888014c75948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x8e0/0x1770 kernel/workqueue.c:3335
#1: ffffc90013497d00 ((work_completion)(&(&gc_work->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3230 [inline]
#1: ffffc90013497d00 ((work_completion)(&(&gc_work->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x91b/0x1770 kernel/workqueue.c:3335
the shortest dependencies between 2nd lock and 1st lock:
-> (&timer->lock){+.+.}-{2:2} {
HARDIRQ-ON-W at:
lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
class_spinlock_constructor include/linux/spinlock.h:561 [inline]
snd_timer_close_locked+0x53/0x8d0 sound/core/timer.c:412
snd_timer_close+0xae/0x130 sound/core/timer.c:464
snd_seq_timer_close+0xa9/0xe0 sound/core/seq/seq_timer.c:302
queue_delete sound/core/seq/seq_queue.c:126 [inline]
snd_seq_queue_delete+0x8f/0xf0 sound/core/seq/seq_queue.c:188
delete_seq_queue sound/core/seq/oss/seq_oss_init.c:371 [inline]
snd_seq_oss_release+0x1d3/0x310 sound/core/seq/oss/seq_oss_init.c:416
odev_release+0x56/0x80 sound/core/seq/oss/seq_oss.c:144
__fput+0x42b/0x8a0 fs/file_table.c:422
__do_sys_close fs/open.c:1556 [inline]
__se_sys_close fs/open.c:1541 [inline]
__x64_sys_close+0x7f/0x110 fs/open.c:1541
do_syscall_64+0xfd/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
SOFTIRQ-ON-W at:
lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
class_spinlock_constructor include/linux/spinlock.h:561 [inline]
snd_timer_close_locked+0x53/0x8d0 sound/core/timer.c:412
snd_timer_close+0xae/0x130 sound/core/timer.c:464
snd_seq_timer_close+0xa9/0xe0 sound/core/seq/seq_timer.c:302
queue_delete sound/core/seq/seq_queue.c:126 [inline]
snd_seq_queue_delete+0x8f/0xf0 sound/core/seq/seq_queue.c:188
delete_seq_queue sound/core/seq/oss/seq_oss_init.c:371 [inline]
snd_seq_oss_release+0x1d3/0x310 sound/core/seq/oss/seq_oss_init.c:416
odev_release+0x56/0x80 sound/core/seq/oss/seq_oss.c:144
__fput+0x42b/0x8a0 fs/file_table.c:422
__do_sys_close fs/open.c:1556 [inline]
__se_sys_close fs/open.c:1541 [inline]
__x64_sys_close+0x7f/0x110 fs/open.c:1541
do_syscall_64+0xfd/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
INITIAL USE at:
lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
class_spinlock_constructor include/linux/spinlock.h:561 [inline]
snd_timer_close_locked+0x53/0x8d0 sound/core/timer.c:412
snd_timer_close+0xae/0x130 sound/core/timer.c:464
snd_seq_timer_close+0xa9/0xe0 sound/core/seq/seq_timer.c:302
queue_delete sound/core/seq/seq_queue.c:126 [inline]
snd_seq_queue_delete+0x8f/0xf0 sound/core/seq/seq_queue.c:188
delete_seq_queue sound/core/seq/oss/seq_oss_init.c:371 [inline]
snd_seq_oss_release+0x1d3/0x310 sound/core/seq/oss/seq_oss_init.c:416
odev_release+0x56/0x80 sound/core/seq/oss/seq_oss.c:144
__fput+0x42b/0x8a0 fs/file_table.c:422
__do_sys_close fs/open.c:1556 [inline]
__se_sys_close fs/open.c:1541 [inline]
__x64_sys_close+0x7f/0x110 fs/open.c:1541
do_syscall_64+0xfd/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
}
... key at: [<ffffffff94896220>] snd_timer_new.__key+0x0/0x20
... acquired at:
lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
class_spinlock_irqsave_constructor include/linux/spinlock.h:574 [inline]
snd_timer_notify+0x103/0x3d0 sound/core/timer.c:1040
snd_pcm_timer_notify sound/core/pcm_native.c:622 [inline]
snd_pcm_post_stop sound/core/pcm_native.c:1520 [inline]
snd_pcm_action sound/core/pcm_native.c:1370 [inline]
snd_pcm_stop+0x358/0x490 sound/core/pcm_native.c:1543
snd_pcm_drop+0x158/0x250 sound/core/pcm_native.c:2208
snd_pcm_oss_sync+0x202/0xc30 sound/core/oss/pcm_oss.c:1734
snd_pcm_oss_release+0x11e/0x280 sound/core/oss/pcm_oss.c:2575
__fput+0x42b/0x8a0 fs/file_table.c:422
__do_sys_close fs/open.c:1556 [inline]
__se_sys_close fs/open.c:1541 [inline]
__x64_sys_close+0x7f/0x110 fs/open.c:1541
do_syscall_64+0xfd/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
-> (&group->lock#2){..-.}-{2:2} {
IN-SOFTIRQ-W at:
lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
class_pcm_stream_lock_irqsave_constructor include/sound/pcm.h:669 [inline]
snd_pcm_period_elapsed+0x21/0x50 sound/core/pcm_lib.c:1904
dummy_hrtimer_callback+0x7f/0x180 sound/drivers/dummy.c:385
__run_hrtimer kernel/time/hrtimer.c:1692 [inline]
__hrtimer_run_queues+0x597/0xd00 kernel/time/hrtimer.c:1756
hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1773
__do_softirq+0x2be/0x943 kernel/softirq.c:554
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633
irq_exit_rcu+0x9/0x30 kernel/softirq.c:645
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
lock_is_held_type+0x13b/0x190
lock_is_held include/linux/lockdep.h:231 [inline]
__might_resched+0xa5/0x780 kernel/sched/core.c:10149
gc_worker+0xec9/0x1650 net/netfilter/nf_conntrack_core.c:1566
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa02/0x1770 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f2/0x390 kernel/kthread.c:388
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
INITIAL USE at:
lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline]
_raw_spin_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:170
spin_lock_irq include/linux/spinlock.h:376 [inline]
snd_pcm_group_lock_irq sound/core/pcm_native.c:97 [inline]
snd_pcm_stream_lock_irq sound/core/pcm_native.c:136 [inline]
class_pcm_stream_lock_irq_constructor include/sound/pcm.h:666 [inline]
snd_pcm_poll+0x21e/0x650 sound/core/pcm_native.c:3605
vfs_poll include/linux/poll.h:84 [inline]
ep_item_poll fs/eventpoll.c:995 [inline]
ep_insert+0x10c6/0x1900 fs/eventpoll.c:1666
do_epoll_ctl+0x8d2/0xf70 fs/eventpoll.c:2329
__do_sys_epoll_ctl fs/eventpoll.c:2386 [inline]
__se_sys_epoll_ctl fs/eventpoll.c:2377 [inline]
__x64_sys_epoll_ctl+0x161/0x1a0 fs/eventpoll.c:2377
do_syscall_64+0xfd/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
}
... key at: [<ffffffff94896440>] snd_pcm_group_init.__key+0x0/0x20
... acquired at:
mark_lock+0x223/0x350 kernel/locking/lockdep.c:4678
__lock_acquire+0xbcd/0x1fd0 kernel/locking/lockdep.c:5091
lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
class_pcm_stream_lock_irqsave_constructor include/sound/pcm.h:669 [inline]
snd_pcm_period_elapsed+0x21/0x50 sound/core/pcm_lib.c:1904
dummy_hrtimer_callback+0x7f/0x180 sound/drivers/dummy.c:385
__run_hrtimer kernel/time/hrtimer.c:1692 [inline]
__hrtimer_run_queues+0x597/0xd00 kernel/time/hrtimer.c:1756
hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1773
__do_softirq+0x2be/0x943 kernel/softirq.c:554
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633
irq_exit_rcu+0x9/0x30 kernel/softirq.c:645
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
lock_is_held_type+0x13b/0x190
lock_is_held include/linux/lockdep.h:231 [inline]
__might_resched+0xa5/0x780 kernel/sched/core.c:10149
gc_worker+0xec9/0x1650 net/netfilter/nf_conntrack_core.c:1566
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa02/0x1770 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f2/0x390 kernel/kthread.c:388
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
stack backtrace:
CPU: 1 PID: 5220 Comm: kworker/1:6 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: events_power_efficient gc_worker
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
mark_lock_irq+0x80c/0xc20 kernel/locking/lockdep.c:4243
mark_lock+0x223/0x350 kernel/locking/lockdep.c:4678
__lock_acquire+0xbcd/0x1fd0 kernel/locking/lockdep.c:5091
lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
class_pcm_stream_lock_irqsave_constructor include/sound/pcm.h:669 [inline]
snd_pcm_period_elapsed+0x21/0x50 sound/core/pcm_lib.c:1904
dummy_hrtimer_callback+0x7f/0x180 sound/drivers/dummy.c:385
__run_hrtimer kernel/time/hrtimer.c:1692 [inline]
__hrtimer_run_queues+0x597/0xd00 kernel/time/hrtimer.c:1756
hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1773
__do_softirq+0x2be/0x943 kernel/softirq.c:554
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633
irq_exit_rcu+0x9/0x30 kernel/softirq.c:645
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_is_held_type+0x13b/0x190
Code: 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 04 25 28 00 00 00 <48> 3b 44 24 08 75 42 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f
RSP: 0018:ffffc900134978f8 EFLAGS: 00000206
RAX: 403f75f931aa5c00 RBX: 0000000000000000 RCX: ffff888027cc0000
RDX: 0000000000000000 RSI: ffffffff8baad360 RDI: ffffffff8bfed300
RBP: 0000000000000002 R08: ffffffff8f873a6f R09: 1ffffffff1f0e74d
R10: dffffc0000000000 R11: fffffbfff1f0e74e R12: 0000000000000246
R13: ffff888027cc0000 R14: 00000000ffffffff R15: ffffffff8e132080
lock_is_held include/linux/lockdep.h:231 [inline]
__might_resched+0xa5/0x780 kernel/sched/core.c:10149
gc_worker+0xec9/0x1650 net/netfilter/nf_conntrack_core.c:1566
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa02/0x1770 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f2/0x390 kernel/kthread.c:388
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
</TASK>
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
----------------
Code disassembly (best guess):
0: 75 44 jne 0x46
2: 48 c7 04 24 00 00 00 movq $0x0,(%rsp)
9: 00
a: 9c pushf
b: 8f 04 24 pop (%rsp)
e: f7 04 24 00 02 00 00 testl $0x200,(%rsp)
15: 75 4c jne 0x63
17: 41 f7 c4 00 02 00 00 test $0x200,%r12d
1e: 74 01 je 0x21
20: fb sti
21: 65 48 8b 04 25 28 00 mov %gs:0x28,%rax
28: 00 00
* 2a: 48 3b 44 24 08 cmp 0x8(%rsp),%rax <-- trapping instruction
2f: 75 42 jne 0x73
31: 89 d8 mov %ebx,%eax
33: 48 83 c4 10 add $0x10,%rsp
37: 5b pop %rbx
38: 41 5c pop %r12
3a: 41 5d pop %r13
3c: 41 5e pop %r14
3e: 41 5f pop %r15