============================================
WARNING: possible recursive locking detected
5.16.0-rc3-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.2/20468 is trying to acquire lock:
ffff888019eb3130 (&runtime->sleep){..-.}-{2:2}, at: io_poll_double_wake+0x2be/0x820 fs/io_uring.c:5463

but task is already holding lock:
ffff888019eb4130 (&runtime->sleep){..-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 kernel/sched/wait.c:137

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&runtime->sleep);
  lock(&runtime->sleep);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

5 locks held by syz-executor.2/20468:
 #0: ffff88801f7dc0a8 (&ctx->uring_lock){+.+.}-{3:3}, at: __do_sys_io_uring_enter+0xf60/0x1f50 fs/io_uring.c:10069
 #1: ffffffff8bb83d20 (rcu_read_lock){....}-{1:2}, at: is_bpf_text_address+0x0/0x170 kernel/bpf/core.c:702
 #2: ffffc900005b8d70 ((&dpcm->timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:35 [inline]
 #2: ffffc900005b8d70 ((&dpcm->timer)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0 kernel/time/timer.c:1411
 #3: ffff88801f4ec910 (&group->lock){..-.}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0x9f/0xd0 sound/core/pcm_native.c:170
 #4: ffff888019eb4130 (&runtime->sleep){..-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 kernel/sched/wait.c:137

stack backtrace:
CPU: 3 PID: 20468 Comm: syz-executor.2 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_deadlock_bug kernel/locking/lockdep.c:2956 [inline]
 check_deadlock kernel/locking/lockdep.c:2999 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire.cold+0x149/0x3ab kernel/locking/lockdep.c:5027
 lock_acquire kernel/locking/lockdep.c:5637 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
 io_poll_double_wake+0x2be/0x820 fs/io_uring.c:5463
 __wake_up_common+0x147/0x650 kernel/sched/wait.c:108
 __wake_up_common_lock+0xd0/0x130 kernel/sched/wait.c:138
 snd_pcm_update_state+0x46a/0x540 sound/core/pcm_lib.c:204
 snd_pcm_update_hw_ptr0+0xa75/0x1a50 sound/core/pcm_lib.c:465
 snd_pcm_period_elapsed_under_stream_lock+0x15a/0x230 sound/core/pcm_lib.c:1817
 snd_pcm_period_elapsed+0x28/0x50 sound/core/pcm_lib.c:1849
 loopback_jiffies_timer_function+0x1c4/0x240 sound/drivers/aloop.c:668
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
 expire_timers kernel/time/timer.c:1466 [inline]
 __run_timers.part.0+0x675/0xa20 kernel/time/timer.c:1734
 __run_timers kernel/time/timer.c:1715 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1169 [inline]
RIP: 0010:rcu_lockdep_current_cpu_online+0x5c/0x150 kernel/rcu/tree.c:1160
Code: 03 00 83 f8 07 89 c5 0f 87 f5 00 00 00 48 8d 3c ed a0 28 56 8b 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 ad 00 00 00 48 03 1c ed a0 28 56 8b 48 b8 00 00 00 00 00 fc
RSP: 0018:ffffc900062c73f8 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: 000000000003a900 RCX: ffffffff815cbf11
RDX: 1ffffffff16ac517 RSI: 0000000000000002 RDI: ffffffff8b5628b8
RBP: 0000000000000003 R08: 0000000000000000 R09: ffffffff8d912e57
R10: fffffbfff1b225ca R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000000 R14: ffff88804d185700 R15: ffff88806e49cc00
 rcu_read_lock_held_common kernel/rcu/update.c:112 [inline]
 rcu_read_lock_held_common kernel/rcu/update.c:102 [inline]
 rcu_read_lock_sched_held+0x25/0x70 kernel/rcu/update.c:123
 trace_lock_release include/trace/events/lock.h:58 [inline]
 lock_release+0x522/0x720 kernel/locking/lockdep.c:5648
 rcu_lock_release include/linux/rcupdate.h:273 [inline]
 rcu_read_unlock include/linux/rcupdate.h:721 [inline]
 is_bpf_text_address+0x99/0x170 kernel/bpf/core.c:717
 kernel_text_address kernel/extable.c:124 [inline]
 kernel_text_address+0x39/0x80 kernel/extable.c:93
 __kernel_text_address+0x9/0x30 kernel/extable.c:78
 unwind_get_return_address arch/x86/kernel/unwind_orc.c:318 [inline]
 unwind_get_return_address+0x51/0x90 arch/x86/kernel/unwind_orc.c:313
 arch_stack_walk+0x93/0xe0 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 ____kasan_kmalloc mm/kasan/common.c:513 [inline]
 ____kasan_kmalloc mm/kasan/common.c:472 [inline]
 __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:522
 kmalloc include/linux/slab.h:590 [inline]
 __io_queue_proc+0x2c8/0x8c0 fs/io_uring.c:5522
 poll_wait include/linux/poll.h:51 [inline]
 snd_pcm_oss_poll+0x2b6/0xb10 sound/core/oss/pcm_oss.c:2847
 vfs_poll include/linux/poll.h:90 [inline]
 __io_arm_poll_handler+0x3a1/0xcf0 fs/io_uring.c:5617
 io_arm_poll_handler+0x322/0x800 fs/io_uring.c:5683
 io_queue_sqe_arm_apoll+0x61/0x1a0 fs/io_uring.c:6995
 __io_queue_sqe fs/io_uring.c:7033 [inline]
 io_queue_sqe fs/io_uring.c:7060 [inline]
 io_submit_sqe fs/io_uring.c:7263 [inline]
 io_submit_sqes+0x796a/0x8a20 fs/io_uring.c:7369
 __do_sys_io_uring_enter+0xf6e/0x1f50 fs/io_uring.c:10070
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
RIP: 0023:0xf6f40549
Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f5f3a5fc EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000007045
RDX: 000000000000f2af RSI: 0000000000000001 RDI: 0000000020000180
RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	03 00                	add    (%rax),%eax
   2:	83 f8 07             	cmp    $0x7,%eax
   5:	89 c5                	mov    %eax,%ebp
   7:	0f 87 f5 00 00 00    	ja     0x102
   d:	48 8d 3c ed a0 28 56 	lea    -0x74a9d760(,%rbp,8),%rdi
  14:	8b
  15:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  1c:	fc ff df
  1f:	48 89 fa             	mov    %rdi,%rdx
  22:	48 c1 ea 03          	shr    $0x3,%rdx
  26:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
* 2a:	0f 85 ad 00 00 00    	jne    0xdd <-- trapping instruction
  30:	48 03 1c ed a0 28 56 	add    -0x74a9d760(,%rbp,8),%rbx
  37:	8b
  38:	48                   	rex.W
  39:	b8 00 00 00 00       	mov    $0x0,%eax
  3e:	00 fc                	add    %bh,%ah