============================================
WARNING: possible recursive locking detected
5.16.0-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.5/11340 is trying to acquire lock:
ffff888042216130 (&runtime->sleep){..-.}-{2:2}, at: io_poll_double_wake+0x2ba/0x7c0 fs/io_uring.c:5467

but task is already holding lock:
ffff888041912130 (&runtime->sleep){..-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 kernel/sched/wait.c:137

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&runtime->sleep);
  lock(&runtime->sleep);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

4 locks held by syz-executor.5/11340:
 #0: ffff88801c2bd738 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline]
 #0: ffff88801c2bd738 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1323 [inline]
 #0: ffff88801c2bd738 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1467 [inline]
 #0: ffff88801c2bd738 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1496 [inline]
 #0: ffff88801c2bd738 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1517 [inline]
 #0: ffff88801c2bd738 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0x86b/0x29f0 mm/memory.c:1538
 #1: ffffffff8bb83da0 (rcu_read_lock){....}-{1:2}, at: folio_memcg_lock+0x0/0x3e0 include/linux/cgroup.h:312
 #2: ffff888021db6110 (&group->lock){..-.}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0x9f/0xd0 sound/core/pcm_native.c:170
 #3: ffff888041912130 (&runtime->sleep){..-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 kernel/sched/wait.c:137

stack backtrace:
CPU: 0 PID: 11340 Comm: syz-executor.5 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_deadlock_bug kernel/locking/lockdep.c:2956 [inline]
 check_deadlock kernel/locking/lockdep.c:2999 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire.cold+0x149/0x3ab kernel/locking/lockdep.c:5027
 lock_acquire kernel/locking/lockdep.c:5637 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
 io_poll_double_wake+0x2ba/0x7c0 fs/io_uring.c:5467
 __wake_up_common+0x147/0x650 kernel/sched/wait.c:108
 __wake_up_common_lock+0xd0/0x130 kernel/sched/wait.c:138
 snd_pcm_update_state+0x46a/0x540 sound/core/pcm_lib.c:204
 snd_pcm_update_hw_ptr0+0xa75/0x1a50 sound/core/pcm_lib.c:465
 snd_pcm_period_elapsed_under_stream_lock+0x15a/0x230 sound/core/pcm_lib.c:1817
 snd_pcm_period_elapsed+0x28/0x50 sound/core/pcm_lib.c:1849
 dummy_hrtimer_callback+0x94/0x1b0 sound/drivers/dummy.c:377
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x609/0xe50 kernel/time/hrtimer.c:1749
 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1766
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:lock_acquire+0x1ef/0x510 kernel/locking/lockdep.c:5605
Code: c6 a5 7e 83 f8 01 0f 85 b4 02 00 00 9c 58 f6 c4 02 0f 85 9f 02 00 00 48 83 7c 24 08 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24
RSP: 0018:ffffc90004b7f610 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 1ffff9200096fec4 RCX: 42f1125c69a15e59
RDX: 1ffff1100e713c2b RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8ff76a07
R10: fffffbfff1feed40 R11: 0000000000000000 R12: 0000000000000002
R13: 0000000000000000 R14: ffffffff8bb83da0 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:268 [inline]
 rcu_read_lock include/linux/rcupdate.h:688 [inline]
 folio_memcg_lock+0x3a/0x3e0 mm/memcontrol.c:2010
 page_remove_rmap+0x25/0x1480 mm/rmap.c:1348
 zap_pte_range mm/memory.c:1357 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0xf0e/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f0220926e99
Code: Unable to access opcode bytes at RIP 0x7f0220926e6f.
RSP: 002b:00007f021f29c168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
RAX: 00000000000000b4 RBX: 00007f0220a39f60 RCX: 00007f0220926e99
RDX: 0000000074000000 RSI: 00000000000000b4 RDI: 0000000000000006
RBP: 00007f0220980ff1 R08: 0000000000000000 R09: 0000000000002e00
R10: 3000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0220f6db1f R14: 00007f021f29c300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	a5                   	movsl  %ds:(%rsi),%es:(%rdi)
   1:	7e 83                	jle    0xffffff86
   3:	f8                   	clc
   4:	01 0f                	add    %ecx,(%rdi)
   6:	85 b4 02 00 00 9c 58 	test   %esi,0x589c0000(%rdx,%rax,1)
   d:	f6 c4 02             	test   $0x2,%ah
  10:	0f 85 9f 02 00 00    	jne    0x2b5
  16:	48 83 7c 24 08 00    	cmpq   $0x0,0x8(%rsp)
  1c:	74 01                	je     0x1f
  1e:	fb                   	sti
  1f:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  26:	fc ff df
* 29:	48 01 c3             	add    %rax,%rbx <-- trapping instruction
  2c:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  33:	48 c7 43 08 00 00 00 	movq   $0x0,0x8(%rbx)
  3a:	00
  3b:	48                   	rex.W
  3c:	8b                   	.byte 0x8b
  3d:	84                   	.byte 0x84
  3e:	24                   	.byte 0x24