======================================================== WARNING: possible irq lock inversion dependency detected 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted -------------------------------------------------------- kworker/u8:2/34 just changed the state of lock: ffff888029dc1910 (&group->lock#2){..-.}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0xa0/0xd0 sound/core/pcm_native.c:170 but this lock took another, SOFTIRQ-unsafe lock in the past: (&timer->lock){+.+.}-{2:2} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&timer->lock); local_irq_disable(); lock(&group->lock#2); lock(&timer->lock); lock(&group->lock#2); *** DEADLOCK *** 3 locks held by kworker/u8:2/34: #0: ffff88802ae6b148 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x1296/0x1a60 kernel/workqueue.c:3229 #1: ffffc90000aa7d80 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work+0x906/0x1a60 kernel/workqueue.c:3230 #2: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] #2: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] #2: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline] #2: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: batadv_nc_worker+0x168/0x10f0 net/batman-adv/network-coding.c:719 the shortest dependencies between 2nd lock and 1st lock: -> (&timer->lock){+.+.}-{2:2} { HARDIRQ-ON-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] class_spinlock_constructor include/linux/spinlock.h:561 [inline] snd_timer_close_locked+0x65/0xbd0 sound/core/timer.c:412 snd_timer_close+0x8b/0xf0 sound/core/timer.c:464 snd_seq_timer_close+0xa4/0x100 sound/core/seq/seq_timer.c:302 queue_delete+0x49/0xa0 sound/core/seq/seq_queue.c:126 snd_seq_queue_client_leave+0x37/0x1a0 sound/core/seq/seq_queue.c:543 seq_free_client1.part.0+0x10a/0x260 sound/core/seq/seq_clientmgr.c:285 seq_free_client1 sound/core/seq/seq_clientmgr.c:278 [inline] seq_free_client+0x74/0x170 sound/core/seq/seq_clientmgr.c:306 snd_seq_release+0x50/0xe0 sound/core/seq/seq_clientmgr.c:387 __fput+0x270/0xb80 fs/file_table.c:422 __fput_sync+0x47/0x50 fs/file_table.c:507 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x86/0x100 fs/open.c:1541 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 SOFTIRQ-ON-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] class_spinlock_constructor include/linux/spinlock.h:561 [inline] snd_timer_close_locked+0x65/0xbd0 sound/core/timer.c:412 snd_timer_close+0x8b/0xf0 sound/core/timer.c:464 snd_seq_timer_close+0xa4/0x100 sound/core/seq/seq_timer.c:302 queue_delete+0x49/0xa0 sound/core/seq/seq_queue.c:126 snd_seq_queue_client_leave+0x37/0x1a0 sound/core/seq/seq_queue.c:543 seq_free_client1.part.0+0x10a/0x260 sound/core/seq/seq_clientmgr.c:285 seq_free_client1 sound/core/seq/seq_clientmgr.c:278 [inline] seq_free_client+0x74/0x170 sound/core/seq/seq_clientmgr.c:306 snd_seq_release+0x50/0xe0 sound/core/seq/seq_clientmgr.c:387 __fput+0x270/0xb80 fs/file_table.c:422 __fput_sync+0x47/0x50 fs/file_table.c:507 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x86/0x100 fs/open.c:1541 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] class_spinlock_constructor include/linux/spinlock.h:561 [inline] snd_timer_close_locked+0x65/0xbd0 sound/core/timer.c:412 snd_timer_close+0x8b/0xf0 sound/core/timer.c:464 snd_seq_timer_close+0xa4/0x100 sound/core/seq/seq_timer.c:302 queue_delete+0x49/0xa0 sound/core/seq/seq_queue.c:126 snd_seq_queue_client_leave+0x37/0x1a0 sound/core/seq/seq_queue.c:543 seq_free_client1.part.0+0x10a/0x260 sound/core/seq/seq_clientmgr.c:285 seq_free_client1 sound/core/seq/seq_clientmgr.c:278 [inline] seq_free_client+0x74/0x170 sound/core/seq/seq_clientmgr.c:306 snd_seq_release+0x50/0xe0 sound/core/seq/seq_clientmgr.c:387 __fput+0x270/0xb80 fs/file_table.c:422 __fput_sync+0x47/0x50 fs/file_table.c:507 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x86/0x100 fs/open.c:1541 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 } ... key at: [] __key.6+0x0/0x40 ... acquired at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:574 [inline] snd_timer_notify+0x111/0x3e0 sound/core/timer.c:1040 snd_pcm_timer_notify sound/core/pcm_native.c:622 [inline] snd_pcm_post_stop+0x197/0x1f0 sound/core/pcm_native.c:1520 snd_pcm_action_single+0x10a/0x150 sound/core/pcm_native.c:1289 snd_pcm_action+0x70/0x90 sound/core/pcm_native.c:1370 snd_pcm_stop sound/core/pcm_native.c:1543 [inline] snd_pcm_drop+0x165/0x2b0 sound/core/pcm_native.c:2208 snd_pcm_kernel_ioctl+0x22d/0x2d0 sound/core/pcm_native.c:3444 snd_pcm_oss_sync+0x227/0x7f0 sound/core/oss/pcm_oss.c:1734 snd_pcm_oss_release+0x291/0x320 sound/core/oss/pcm_oss.c:2575 __fput+0x270/0xb80 fs/file_table.c:422 task_work_run+0x14e/0x250 kernel/task_work.c:180 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:108 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:201 [inline] syscall_exit_to_user_mode+0x275/0x2a0 kernel/entry/common.c:212 do_syscall_64+0xe2/0x260 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x6d/0x75 -> (&group->lock#2){..-.}-{2:2} { IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 _snd_pcm_stream_lock_irqsave+0xa0/0xd0 sound/core/pcm_native.c:170 class_pcm_stream_lock_irqsave_constructor include/sound/pcm.h:669 [inline] snd_pcm_period_elapsed+0x20/0x50 sound/core/pcm_lib.c:1904 dummy_hrtimer_callback+0x9d/0x1c0 sound/drivers/dummy.c:385 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x20c/0xc20 kernel/time/hrtimer.c:1756 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1773 __do_softirq+0x218/0x8de kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:633 [inline] irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 debug_lockdep_rcu_enabled+0x26/0x40 kernel/rcu/update.c:320 rcu_read_lock include/linux/rcupdate.h:751 [inline] batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline] batadv_nc_worker+0x173/0x10f0 net/batman-adv/network-coding.c:719 process_one_work+0x9a9/0x1a60 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c1/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] _raw_spin_lock_irq+0x36/0x50 kernel/locking/spinlock.c:170 spin_lock_irq include/linux/spinlock.h:376 [inline] snd_pcm_group_lock_irq sound/core/pcm_native.c:97 [inline] snd_pcm_stream_lock_irq sound/core/pcm_native.c:136 [inline] class_pcm_stream_lock_irq_constructor include/sound/pcm.h:666 [inline] snd_pcm_hw_params+0x151/0x1a30 sound/core/pcm_native.c:740 snd_pcm_kernel_ioctl+0x147/0x2d0 sound/core/pcm_native.c:3434 snd_pcm_oss_change_params_locked+0x146c/0x3aa0 sound/core/oss/pcm_oss.c:965 snd_pcm_oss_change_params sound/core/oss/pcm_oss.c:1105 [inline] snd_pcm_oss_make_ready+0xe6/0x1b0 sound/core/oss/pcm_oss.c:1164 snd_pcm_oss_sync+0x1d7/0x7f0 sound/core/oss/pcm_oss.c:1730 snd_pcm_oss_release+0x291/0x320 sound/core/oss/pcm_oss.c:2575 __fput+0x270/0xb80 fs/file_table.c:422 task_work_run+0x14e/0x250 kernel/task_work.c:180 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:108 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:201 [inline] syscall_exit_to_user_mode+0x275/0x2a0 kernel/entry/common.c:212 do_syscall_64+0xe2/0x260 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x6d/0x75 } ... key at: [] __key.5+0x0/0x40 ... acquired at: mark_usage kernel/locking/lockdep.c:4567 [inline] __lock_acquire+0x13d4/0x3b30 kernel/locking/lockdep.c:5091 lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 _snd_pcm_stream_lock_irqsave+0xa0/0xd0 sound/core/pcm_native.c:170 class_pcm_stream_lock_irqsave_constructor include/sound/pcm.h:669 [inline] snd_pcm_period_elapsed+0x20/0x50 sound/core/pcm_lib.c:1904 dummy_hrtimer_callback+0x9d/0x1c0 sound/drivers/dummy.c:385 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x20c/0xc20 kernel/time/hrtimer.c:1756 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1773 __do_softirq+0x218/0x8de kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:633 [inline] irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 debug_lockdep_rcu_enabled+0x26/0x40 kernel/rcu/update.c:320 rcu_read_lock include/linux/rcupdate.h:751 [inline] batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline] batadv_nc_worker+0x173/0x10f0 net/batman-adv/network-coding.c:719 process_one_work+0x9a9/0x1a60 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c1/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 stack backtrace: CPU: 0 PID: 34 Comm: kworker/u8:2 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: bat_events batadv_nc_worker Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_irq_inversion_bug.part.0+0x3e9/0x5a0 kernel/locking/lockdep.c:4080 print_irq_inversion_bug kernel/locking/lockdep.c:4033 [inline] check_usage_forwards kernel/locking/lockdep.c:4111 [inline] mark_lock_irq kernel/locking/lockdep.c:4243 [inline] mark_lock+0x574/0xc60 kernel/locking/lockdep.c:4678 mark_usage kernel/locking/lockdep.c:4567 [inline] __lock_acquire+0x13d4/0x3b30 kernel/locking/lockdep.c:5091 lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 _snd_pcm_stream_lock_irqsave+0xa0/0xd0 sound/core/pcm_native.c:170 class_pcm_stream_lock_irqsave_constructor include/sound/pcm.h:669 [inline] snd_pcm_period_elapsed+0x20/0x50 sound/core/pcm_lib.c:1904 dummy_hrtimer_callback+0x9d/0x1c0 sound/drivers/dummy.c:385 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x20c/0xc20 kernel/time/hrtimer.c:1756 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1773 __do_softirq+0x218/0x8de kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:633 [inline] irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:debug_lockdep_rcu_enabled+0x26/0x40 kernel/rcu/update.c:320 Code: 90 90 90 90 f3 0f 1e fa 8b 05 d2 27 cc 04 85 c0 74 20 8b 05 94 5a cc 04 85 c0 74 16 65 48 8b 05 10 8b 31 75 8b 80 d4 0a 00 00 <85> c0 0f 94 c0 0f b6 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 RSP: 0018:ffffc90000aa7b88 EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffff888076afdcd0 RCX: 000000004963e913 RDX: 0000000000000001 RSI: ffffffff8b0cba40 RDI: ffffffff8b6e88a0 RBP: 000000000000039a R08: 0000000000000000 R09: fffffbfff27b4e30 R10: ffffffff93da7187 R11: 0000000000000002 R12: ffff888060bdd100 R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000001 rcu_read_lock include/linux/rcupdate.h:751 [inline] batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline] batadv_nc_worker+0x173/0x10f0 net/batman-adv/network-coding.c:719 process_one_work+0x9a9/0x1a60 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c1/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 ---------------- Code disassembly (best guess): 0: 90 nop 1: 90 nop 2: 90 nop 3: 90 nop 4: f3 0f 1e fa endbr64 8: 8b 05 d2 27 cc 04 mov 0x4cc27d2(%rip),%eax # 0x4cc27e0 e: 85 c0 test %eax,%eax 10: 74 20 je 0x32 12: 8b 05 94 5a cc 04 mov 0x4cc5a94(%rip),%eax # 0x4cc5aac 18: 85 c0 test %eax,%eax 1a: 74 16 je 0x32 1c: 65 48 8b 05 10 8b 31 mov %gs:0x75318b10(%rip),%rax # 0x75318b34 23: 75 24: 8b 80 d4 0a 00 00 mov 0xad4(%rax),%eax * 2a: 85 c0 test %eax,%eax <-- trapping instruction 2c: 0f 94 c0 sete %al 2f: 0f b6 c0 movzbl %al,%eax 32: c3 ret 33: cc int3 34: cc int3 35: cc int3 36: cc int3 37: 66 data16 38: 2e cs 39: 0f .byte 0xf 3a: 1f (bad) 3b: 84 00 test %al,(%rax) 3d: 00 00 add %al,(%rax)