bisecting cause commit starting from dff9f829e5b0181d4ed9d35aa62d695292399b54
building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7
testing commit dff9f829e5b0181d4ed9d35aa62d695292399b54 with gcc (GCC) 8.1.0
kernel signature: 9ee56a66bb75911255e72ad80f7ad4c3404ec36aad50f28e7b0ac6907b154cde
all runs: crashed: possible deadlock in snd_pcm_period_elapsed
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: a2338114ad2a5542c5089691bcbf9c511ac51e722f14ee186bb6f59a00fb4f4d
all runs: OK
# git bisect start dff9f829e5b0181d4ed9d35aa62d695292399b54 bcf876870b95592b52519ed4aafcf9d95999bc9c
Bisecting: 10341 revisions left to test after this (roughly 13 steps)
[60e76bb8a4e4c5398ea9053535e1fd0c9d6bb06e] Merge tag 'm68knommu-for-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu
testing commit 60e76bb8a4e4c5398ea9053535e1fd0c9d6bb06e with gcc (GCC) 8.1.0
kernel signature: c57984946284fd381f3d3eef49b57114813af2bd014c96114b1f3b5d5f086fa1
all runs: OK
# git bisect good 60e76bb8a4e4c5398ea9053535e1fd0c9d6bb06e
Bisecting: 5167 revisions left to test after this (roughly 12 steps)
[527df692cfab7997f5ae751230b4d9460aea3886] Merge remote-tracking branch 'reset/reset/next' into master
testing commit 527df692cfab7997f5ae751230b4d9460aea3886 with gcc (GCC) 8.1.0
kernel signature: edf1ffb7bd85b09c91c34965513ca44e90585335e108b4cb4afcf110a612becb
all runs: OK
# git bisect good 527df692cfab7997f5ae751230b4d9460aea3886
Bisecting: 2718 revisions left to test after this (roughly 11 steps)
[361c081229eab84ba908ea588640a938a3241c51] Merge remote-tracking branch 'drm/drm-next' into master
testing commit 361c081229eab84ba908ea588640a938a3241c51 with gcc (GCC) 8.1.0
kernel signature: 2c527314bc6fb4df8a923dea86f7a93a3286ab329c1c1ab115d278f7d9b52b7b
all runs: OK
# git bisect good 361c081229eab84ba908ea588640a938a3241c51
Bisecting: 1294 revisions left to test after this (roughly 10 steps)
[d495341ab2349464465fb0f10fa2afe66a85ccd1] Merge remote-tracking branch 'tip/auto-latest' into master
testing commit d495341ab2349464465fb0f10fa2afe66a85ccd1 with gcc (GCC) 8.1.0
kernel signature: 97e30e104442a5a344e6f3e6437a749960e345e166739c4aac18295e1c94e048
all runs: crashed: possible deadlock in snd_pcm_period_elapsed
# git bisect bad d495341ab2349464465fb0f10fa2afe66a85ccd1
Bisecting: 602 revisions left to test after this (roughly 10 steps)
[b2116983c2c5cbcb14bdbae2509cfe9b0c6efce1] Merge remote-tracking branch 'sound-asoc/for-next' into master
testing commit b2116983c2c5cbcb14bdbae2509cfe9b0c6efce1 with gcc (GCC) 8.1.0
kernel signature: 8566b18e476ff7a8b528b43f20bf560244b83c13b13bdc646bf11cbefa44b471
all runs: OK
# git bisect good b2116983c2c5cbcb14bdbae2509cfe9b0c6efce1
Bisecting: 308 revisions left to test after this (roughly 8 steps)
[ebb8a0cbdc21217d8e06b4c638c575bbf5d2bfc1] Merge remote-tracking branch 'safesetid/safesetid-next' into master
testing commit ebb8a0cbdc21217d8e06b4c638c575bbf5d2bfc1 with gcc (GCC) 8.1.0
kernel signature: 736f2b6175554594fb62db12c9afe5e66483b4c8924a1f81ca1775410f007926
all runs: OK
# git bisect good ebb8a0cbdc21217d8e06b4c638c575bbf5d2bfc1
Bisecting: 154 revisions left to test after this (roughly 7 steps)
[c5d4d36a386d54c0720993f9567b6a502da74902] Merge branch 'locking/core'
testing commit c5d4d36a386d54c0720993f9567b6a502da74902 with gcc (GCC) 8.1.0
kernel signature: cc9008f4272ab96a62efcf5e58790f7b6cbeb499c393c8f267b8cdcb23dfa2ec
all runs: crashed: possible deadlock in snd_pcm_period_elapsed
# git bisect bad c5d4d36a386d54c0720993f9567b6a502da74902
Bisecting: 75 revisions left to test after this (roughly 6 steps)
[ca08e5d7fd94742477eca8529a08404a997dfa26] Merge branch 'x86/cache'
testing commit ca08e5d7fd94742477eca8529a08404a997dfa26 with gcc (GCC) 8.1.0
kernel signature: f950a57f6b887922ff0bdf2154f26a796deddf6b2e2b1c6f45819671c975c1e6
all runs: OK
# git bisect good ca08e5d7fd94742477eca8529a08404a997dfa26
Bisecting: 37 revisions left to test after this (roughly 5 steps)
[1b45c8ca41d48cc24f1967b9f026bc42aa04ad50] Merge branch 'ras/core'
testing commit 1b45c8ca41d48cc24f1967b9f026bc42aa04ad50 with gcc (GCC) 8.1.0
kernel signature: 47d22f6293762ace70cc275423d7e227a824f38b8a904a1d4117132c19fb022d
all runs: OK
# git bisect good 1b45c8ca41d48cc24f1967b9f026bc42aa04ad50
Bisecting: 18 revisions left to test after this (roughly 4 steps)
[31e0d747708272356bee9b6a1b90c1e6525b0f6d] lockdep/selftest: Unleash irq_read_recursion2 and add more
testing commit 31e0d747708272356bee9b6a1b90c1e6525b0f6d with gcc (GCC) 8.1.0
kernel signature: 89e97b852f4b99eb05aebea962777ee6e96ae7bf9b43247d4a4e2b118e03ad58
all runs: crashed: possible deadlock in snd_pcm_period_elapsed
# git bisect bad 31e0d747708272356bee9b6a1b90c1e6525b0f6d
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[bd76eca10de2eb9998d5125b08e8997cbf5508d5] lockdep: Reduce the size of lock_list::distance
testing commit bd76eca10de2eb9998d5125b08e8997cbf5508d5 with gcc (GCC) 8.1.0
kernel signature: dc4de21ea9fd8b37cceaca2ac9dee3b87d5b30e489ded1e3da9e75b62319370f
all runs: crashed: possible deadlock in snd_pcm_period_elapsed
# git bisect bad bd76eca10de2eb9998d5125b08e8997cbf5508d5
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[92b4e9f11a636d1723cc0866bf8b9111b1e24339] Documentation/locking/locktypes: Fix local_locks documentation
testing commit 92b4e9f11a636d1723cc0866bf8b9111b1e24339 with gcc (GCC) 8.1.0
kernel signature: e7a43d0f83f8f2fcbe66ee794d337188e40dc202311024f2348e0e9db289c08e
all runs: OK
# git bisect good 92b4e9f11a636d1723cc0866bf8b9111b1e24339
Bisecting: 2 revisions left to test after this (roughly 1 step)
[224ec489d3cdb0af6794e257eeee39d98dc9c5b2] lockdep/Documention: Recursive read lock detection reasoning
testing commit 224ec489d3cdb0af6794e257eeee39d98dc9c5b2 with gcc (GCC) 8.1.0
kernel signature: 968c2da88be84d335b2d9cf087296bb2739cbd658e038c9779743c818445e29a
all runs: crashed: possible deadlock in snd_pcm_period_elapsed
# git bisect bad 224ec489d3cdb0af6794e257eeee39d98dc9c5b2
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[e918188611f073063415f40fae568fa4d86d9044] locking: More accurate annotations for read_lock()
testing commit e918188611f073063415f40fae568fa4d86d9044 with gcc (GCC) 8.1.0
kernel signature: fc7aa3eb667d4e0ebaa8c8b225b775277d91afabd889865bc80a6a9ae227cdd7
all runs: crashed: possible deadlock in snd_pcm_period_elapsed
# git bisect bad e918188611f073063415f40fae568fa4d86d9044
e918188611f073063415f40fae568fa4d86d9044 is the first bad commit
commit e918188611f073063415f40fae568fa4d86d9044
Author: Boqun Feng <boqun.feng@gmail.com>
Date:   Fri Aug 7 15:42:20 2020 +0800

    locking: More accurate annotations for read_lock()
    
    On the archs using QUEUED_RWLOCKS, read_lock() is not always a recursive
    read lock, actually it's only recursive if in_interrupt() is true. So
    change the annotation accordingly to catch more deadlocks.
    
    Note we used to treat read_lock() as pure recursive read locks in
    lib/locking-seftest.c, and this is useful, especially for the lockdep
    development selftest, so we keep this via a variable to force switching
    lock annotation for read_lock().
    
    Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
    Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
    Link: https://lkml.kernel.org/r/20200807074238.1632519-2-boqun.feng@gmail.com

 include/linux/lockdep.h  | 23 ++++++++++++++++++++++-
 kernel/locking/lockdep.c | 14 ++++++++++++++
 lib/locking-selftest.c   | 11 +++++++++++
 3 files changed, 47 insertions(+), 1 deletion(-)
culprit signature: fc7aa3eb667d4e0ebaa8c8b225b775277d91afabd889865bc80a6a9ae227cdd7
parent  signature: e7a43d0f83f8f2fcbe66ee794d337188e40dc202311024f2348e0e9db289c08e
revisions tested: 16, total time: 3h20m8.853718199s (build: 1h19m32.614418578s, test: 1h58m53.794667208s)
first bad commit: e918188611f073063415f40fae568fa4d86d9044 locking: More accurate annotations for read_lock()
recipients (to): ["boqun.feng@gmail.com" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "peterz@infradead.org" "peterz@infradead.org" "will@kernel.org"]
recipients (cc): []
crash: possible deadlock in snd_pcm_period_elapsed
========================================================
WARNING: possible irq lock inversion dependency detected
5.9.0-rc2-syzkaller #0 Not tainted
--------------------------------------------------------
syz-executor.4/6956 just changed the state of lock:
ffff888217776d08 (&group->lock){..-.}-{2:2}, at: snd_pcm_period_elapsed+0x15/0xb0 sound/core/pcm_lib.c:1799
but this lock took another, SOFTIRQ-READ-unsafe lock in the past:
 (&card->ctl_files_rwlock){.+.+}-{2:2}


and interrupts could create inverse lock ordering between them.


other info that might help us debug this:
 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&card->ctl_files_rwlock);
                               local_irq_disable();
                               lock(&group->lock);
                               lock(&card->ctl_files_rwlock);
  <Interrupt>
    lock(&group->lock);

 *** DEADLOCK ***

3 locks held by syz-executor.4/6956:
 #0: ffffffff845329a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff845329a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560
 #1: ffffffff842f5dc0 (rcu_read_lock){....}-{1:2}, at: mutex_spin_on_owner+0x0/0x170 kernel/locking/mutex.c:423
 #2: ffffc90000d08ea8 ((&dpcm->timer)){+.-.}-{0:0}, at: call_timer_fn+0x0/0x330 kernel/time/timer.c:1110

the shortest dependencies between 2nd lock and 1st lock:
 -> (&card->ctl_files_rwlock){.+.+}-{2:2} {
    HARDIRQ-ON-R at:
                      lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020
                      __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                      _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
                      snd_ctl_notify+0x5e/0x200 sound/core/control.c:153
                      __snd_ctl_add_replace+0x1ca/0x230 sound/core/control.c:382
                      snd_ctl_add_replace+0x3d/0x80 sound/core/control.c:399
                      snd_card_dummy_new_mixer sound/drivers/dummy.c:885 [inline]
                      snd_dummy_probe+0x302/0x440 sound/drivers/dummy.c:1080
                      platform_drv_probe+0x2d/0x70 drivers/base/platform.c:747
                      really_probe+0x29e/0x2e0 drivers/base/dd.c:557
                      driver_probe_device+0x49/0xa0 drivers/base/dd.c:738
                      bus_for_each_drv+0x74/0xc0 drivers/base/bus.c:431
                      __device_attach+0xdd/0x140 drivers/base/dd.c:912
                      bus_probe_device+0x94/0xb0 drivers/base/bus.c:491
                      device_add+0x40a/0x780 drivers/base/core.c:2930
                      platform_device_add+0x106/0x1f0 drivers/base/platform.c:597
                      platform_device_register_full+0xc2/0x120 drivers/base/platform.c:720
                      platform_device_register_resndata include/linux/platform_device.h:131 [inline]
                      platform_device_register_simple include/linux/platform_device.h:160 [inline]
                      alsa_card_dummy_init+0xc9/0x128 sound/drivers/dummy.c:1168
                      do_one_initcall+0x5e/0x36f init/main.c:1204
                      do_initcall_level init/main.c:1277 [inline]
                      do_initcalls init/main.c:1293 [inline]
                      do_basic_setup init/main.c:1313 [inline]
                      kernel_init_freeable+0x24d/0x292 init/main.c:1512
                      kernel_init+0x5/0xfa init/main.c:1402
                      ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
    SOFTIRQ-ON-R at:
                      lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020
                      __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                      _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
                      snd_ctl_notify+0x5e/0x200 sound/core/control.c:153
                      __snd_ctl_add_replace+0x1ca/0x230 sound/core/control.c:382
                      snd_ctl_add_replace+0x3d/0x80 sound/core/control.c:399
                      snd_card_dummy_new_mixer sound/drivers/dummy.c:885 [inline]
                      snd_dummy_probe+0x302/0x440 sound/drivers/dummy.c:1080
                      platform_drv_probe+0x2d/0x70 drivers/base/platform.c:747
                      really_probe+0x29e/0x2e0 drivers/base/dd.c:557
                      driver_probe_device+0x49/0xa0 drivers/base/dd.c:738
                      bus_for_each_drv+0x74/0xc0 drivers/base/bus.c:431
                      __device_attach+0xdd/0x140 drivers/base/dd.c:912
                      bus_probe_device+0x94/0xb0 drivers/base/bus.c:491
                      device_add+0x40a/0x780 drivers/base/core.c:2930
                      platform_device_add+0x106/0x1f0 drivers/base/platform.c:597
                      platform_device_register_full+0xc2/0x120 drivers/base/platform.c:720
                      platform_device_register_resndata include/linux/platform_device.h:131 [inline]
                      platform_device_register_simple include/linux/platform_device.h:160 [inline]
                      alsa_card_dummy_init+0xc9/0x128 sound/drivers/dummy.c:1168
                      do_one_initcall+0x5e/0x36f init/main.c:1204
                      do_initcall_level init/main.c:1277 [inline]
                      do_initcalls init/main.c:1293 [inline]
                      do_basic_setup init/main.c:1313 [inline]
                      kernel_init_freeable+0x24d/0x292 init/main.c:1512
                      kernel_init+0x5/0xfa init/main.c:1402
                      ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
    INITIAL USE at:
                     lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020
                     __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
                     _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
                     snd_ctl_notify+0x5e/0x200 sound/core/control.c:153
                     __snd_ctl_add_replace+0x1ca/0x230 sound/core/control.c:382
                     snd_ctl_add_replace+0x3d/0x80 sound/core/control.c:399
                     snd_card_dummy_new_mixer sound/drivers/dummy.c:885 [inline]
                     snd_dummy_probe+0x302/0x440 sound/drivers/dummy.c:1080
                     platform_drv_probe+0x2d/0x70 drivers/base/platform.c:747
                     really_probe+0x29e/0x2e0 drivers/base/dd.c:557
                     driver_probe_device+0x49/0xa0 drivers/base/dd.c:738
                     bus_for_each_drv+0x74/0xc0 drivers/base/bus.c:431
                     __device_attach+0xdd/0x140 drivers/base/dd.c:912
                     bus_probe_device+0x94/0xb0 drivers/base/bus.c:491
                     device_add+0x40a/0x780 drivers/base/core.c:2930
                     platform_device_add+0x106/0x1f0 drivers/base/platform.c:597
                     platform_device_register_full+0xc2/0x120 drivers/base/platform.c:720
                     platform_device_register_resndata include/linux/platform_device.h:131 [inline]
                     platform_device_register_simple include/linux/platform_device.h:160 [inline]
                     alsa_card_dummy_init+0xc9/0x128 sound/drivers/dummy.c:1168
                     do_one_initcall+0x5e/0x36f init/main.c:1204
                     do_initcall_level init/main.c:1277 [inline]
                     do_initcalls init/main.c:1293 [inline]
                     do_basic_setup init/main.c:1313 [inline]
                     kernel_init_freeable+0x24d/0x292 init/main.c:1512
                     kernel_init+0x5/0xfa init/main.c:1402
                     ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
  }
  ... key      at: [<ffffffff868a3bc0>] __key.32276+0x0/0x10
  ... acquired at:
   __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
   _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223
   snd_ctl_notify+0x5e/0x200 sound/core/control.c:153
   loopback_check_format sound/drivers/aloop.c:358 [inline]
   loopback_trigger+0x250/0x300 sound/drivers/aloop.c:387
   snd_pcm_action_single+0x25/0x70 sound/core/pcm_native.c:1207
   __snd_pcm_lib_xfer+0x3f3/0x7d9 sound/core/pcm_lib.c:2247
   snd_pcm_oss_write3+0x60/0xd0 sound/core/oss/pcm_oss.c:1221
   snd_pcm_plug_write_transfer+0xed/0x140 sound/core/oss/pcm_plugin.c:624
   snd_pcm_oss_write2+0xc1/0x140 sound/core/oss/pcm_oss.c:1353
   snd_pcm_oss_write1 sound/core/oss/pcm_oss.c:1419 [inline]
   snd_pcm_oss_write+0x19d/0x2d0 sound/core/oss/pcm_oss.c:2765
   vfs_write+0xc7/0x230 fs/read_write.c:576
   ksys_write+0x5a/0xd0 fs/read_write.c:631
   do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
   entry_SYSCALL_64_after_hwframe+0x44/0xa9

-> (&group->lock){..-.}-{2:2} {
   IN-SOFTIRQ-W at:
                    lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020
                    __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
                    _raw_spin_lock_irqsave+0x58/0x80 kernel/locking/spinlock.c:159
                    snd_pcm_period_elapsed+0x15/0xb0 sound/core/pcm_lib.c:1799
                    call_timer_fn+0xa7/0x330 kernel/time/timer.c:1413
                    expire_timers kernel/time/timer.c:1458 [inline]
                    __run_timers kernel/time/timer.c:1755 [inline]
                    run_timer_softirq+0x20d/0x580 kernel/time/timer.c:1768
                    __do_softirq+0xee/0x55a kernel/softirq.c:298
                    asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
                    __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
                    run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
                    do_softirq_own_stack+0x73/0x90 arch/x86/kernel/irq_64.c:77
                    invoke_softirq kernel/softirq.c:393 [inline]
                    __irq_exit_rcu kernel/softirq.c:423 [inline]
                    irq_exit_rcu+0xea/0x110 kernel/softirq.c:435
                    sysvec_apic_timer_interrupt+0x57/0xe0 arch/x86/kernel/apic/apic.c:1091
                    asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
                    rep_nop arch/x86/include/asm/vdso/processor.h:13 [inline]
                    cpu_relax arch/x86/include/asm/vdso/processor.h:18 [inline]
                    mutex_spin_on_owner+0xf7/0x170 kernel/locking/mutex.c:579
                    mutex_optimistic_spin kernel/locking/mutex.c:673 [inline]
                    __mutex_lock_common kernel/locking/mutex.c:959 [inline]
                    __mutex_lock+0x3d9/0x9f0 kernel/locking/mutex.c:1103
                    rtnl_lock net/core/rtnetlink.c:72 [inline]
                    rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560
                    netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470
                    netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
                    netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330
                    netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919
                    sock_sendmsg_nosec net/socket.c:651 [inline]
                    sock_sendmsg+0x2b/0x40 net/socket.c:671
                    __sys_sendto+0xec/0x160 net/socket.c:1992
                    __do_sys_sendto net/socket.c:2004 [inline]
                    __se_sys_sendto net/socket.c:2000 [inline]
                    __x64_sys_sendto+0x1f/0x30 net/socket.c:2000
                    do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
                    entry_SYSCALL_64_after_hwframe+0x44/0xa9
   INITIAL USE at:
                   lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020
                   __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline]
                   _raw_spin_lock_irq+0x59/0x70 kernel/locking/spinlock.c:167
                   snd_pcm_hw_params+0x42/0x770 sound/core/pcm_native.c:672
                   snd_pcm_oss_change_params_locked+0x5fd/0xce0 sound/core/oss/pcm_oss.c:941
                   snd_pcm_oss_change_params+0x2c/0x60 sound/core/oss/pcm_oss.c:1084
                   snd_pcm_oss_make_ready+0x2d/0x80 sound/core/oss/pcm_oss.c:1143
                   snd_pcm_oss_sync.isra.34+0x93/0x260 sound/core/oss/pcm_oss.c:1708
                   snd_pcm_oss_release+0xa8/0xb0 sound/core/oss/pcm_oss.c:2546
                   __fput+0xaa/0x250 fs/file_table.c:281
                   task_work_run+0x68/0xb0 kernel/task_work.c:141
                   tracehook_notify_resume include/linux/tracehook.h:188 [inline]
                   exit_to_user_mode_loop kernel/entry/common.c:140 [inline]
                   exit_to_user_mode_prepare+0x219/0x220 kernel/entry/common.c:167
                   syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:242
                   entry_SYSCALL_64_after_hwframe+0x44/0xa9
 }
 ... key      at: [<ffffffff868a5270>] __key.50406+0x0/0x10
 ... acquired at:
   mark_lock_irq kernel/locking/lockdep.c:3579 [inline]
   mark_lock+0x1a0/0x2d0 kernel/locking/lockdep.c:4006
   mark_usage kernel/locking/lockdep.c:3905 [inline]
   __lock_acquire+0x80b/0x16e0 kernel/locking/lockdep.c:4380
   lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020
   __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
   _raw_spin_lock_irqsave+0x58/0x80 kernel/locking/spinlock.c:159
   snd_pcm_period_elapsed+0x15/0xb0 sound/core/pcm_lib.c:1799
   call_timer_fn+0xa7/0x330 kernel/time/timer.c:1413
   expire_timers kernel/time/timer.c:1458 [inline]
   __run_timers kernel/time/timer.c:1755 [inline]
   run_timer_softirq+0x20d/0x580 kernel/time/timer.c:1768
   __do_softirq+0xee/0x55a kernel/softirq.c:298
   asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
   __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
   run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
   do_softirq_own_stack+0x73/0x90 arch/x86/kernel/irq_64.c:77
   invoke_softirq kernel/softirq.c:393 [inline]
   __irq_exit_rcu kernel/softirq.c:423 [inline]
   irq_exit_rcu+0xea/0x110 kernel/softirq.c:435
   sysvec_apic_timer_interrupt+0x57/0xe0 arch/x86/kernel/apic/apic.c:1091
   asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
   rep_nop arch/x86/include/asm/vdso/processor.h:13 [inline]
   cpu_relax arch/x86/include/asm/vdso/processor.h:18 [inline]
   mutex_spin_on_owner+0xf7/0x170 kernel/locking/mutex.c:579
   mutex_optimistic_spin kernel/locking/mutex.c:673 [inline]
   __mutex_lock_common kernel/locking/mutex.c:959 [inline]
   __mutex_lock+0x3d9/0x9f0 kernel/locking/mutex.c:1103
   rtnl_lock net/core/rtnetlink.c:72 [inline]
   rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560
   netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470
   netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
   netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330
   netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919
   sock_sendmsg_nosec net/socket.c:651 [inline]
   sock_sendmsg+0x2b/0x40 net/socket.c:671
   __sys_sendto+0xec/0x160 net/socket.c:1992
   __do_sys_sendto net/socket.c:2004 [inline]
   __se_sys_sendto net/socket.c:2000 [inline]
   __x64_sys_sendto+0x1f/0x30 net/socket.c:2000
   do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
   entry_SYSCALL_64_after_hwframe+0x44/0xa9


stack backtrace:
CPU: 1 PID: 6956 Comm: syz-executor.4 Not tainted 5.9.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa3/0xcc lib/dump_stack.c:118
 print_irq_inversion_bug kernel/locking/lockdep.c:3429 [inline]
 check_usage_forwards.cold.65+0x20/0x29 kernel/locking/lockdep.c:3453
 mark_lock_irq kernel/locking/lockdep.c:3579 [inline]
 mark_lock+0x1a0/0x2d0 kernel/locking/lockdep.c:4006
 mark_usage kernel/locking/lockdep.c:3905 [inline]
 __lock_acquire+0x80b/0x16e0 kernel/locking/lockdep.c:4380
 lock_acquire+0xd7/0x3e0 kernel/locking/lockdep.c:5020
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x58/0x80 kernel/locking/spinlock.c:159
 snd_pcm_period_elapsed+0x15/0xb0 sound/core/pcm_lib.c:1799
 call_timer_fn+0xa7/0x330 kernel/time/timer.c:1413
 expire_timers kernel/time/timer.c:1458 [inline]
 __run_timers kernel/time/timer.c:1755 [inline]
 run_timer_softirq+0x20d/0x580 kernel/time/timer.c:1768
 __do_softirq+0xee/0x55a kernel/softirq.c:298
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 do_softirq_own_stack+0x73/0x90 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:393 [inline]
 __irq_exit_rcu kernel/softirq.c:423 [inline]
 irq_exit_rcu+0xea/0x110 kernel/softirq.c:435
 sysvec_apic_timer_interrupt+0x57/0xe0 arch/x86/kernel/apic/apic.c:1091
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
RIP: 0010:rep_nop arch/x86/include/asm/vdso/processor.h:13 [inline]
RIP: 0010:cpu_relax arch/x86/include/asm/vdso/processor.h:18 [inline]
RIP: 0010:mutex_spin_on_owner+0xf7/0x170 kernel/locking/mutex.c:579
Code: 22 81 48 c7 c7 c0 5d 2f 84 e8 75 7f 00 00 48 8d 65 e0 89 d8 5b 41 5c 41 5d 41 5e 5d c3 4d 85 e4 74 0d 4d 3b 66 50 75 ba f3 90 <e9> 57 ff ff ff 49 8b 06 a8 01 74 f2 eb aa e8 e6 d0 02 00 84 c0 0f
RSP: 0018:ffffc90000e97b70 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff888121b763c0 RCX: ffffffff8122dc40
RDX: 0000000000000001 RSI: ffffffff8401c9d1 RDI: 0000000000000000
RBP: ffffc90000e97b90 R08: 0000000000000028 R09: 0000000000000001
R10: ffff8881218a8680 R11: cb417b02b3c995b6 R12: 0000000000000000
R13: 0000000000000000 R14: ffffffff84532940 R15: ffffffff828913fa
 mutex_optimistic_spin kernel/locking/mutex.c:673 [inline]
 __mutex_lock_common kernel/locking/mutex.c:959 [inline]
 __mutex_lock+0x3d9/0x9f0 kernel/locking/mutex.c:1103
 rtnl_lock net/core/rtnetlink.c:72 [inline]
 rtnetlink_rcv_msg+0x14a/0x480 net/core/rtnetlink.c:5560
 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470
 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
 netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330
 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0x2b/0x40 net/socket.c:671
 __sys_sendto+0xec/0x160 net/socket.c:1992
 __do_sys_sendto net/socket.c:2004 [inline]
 __se_sys_sendto net/socket.c:2000 [inline]
 __x64_sys_sendto+0x1f/0x30 net/socket.c:2000
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x417087
Code: 2c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 81 19 00 00 c3 48 83 ec 08 e8 87 fa ff ff 48 89 04 24 49 89 ca b8 2c 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 cd fa ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffede1fe2f0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00000000016a3700 RCX: 0000000000417087
RDX: 000000000000002c RSI: 00000000016a3750 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffede1fe300 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00000000016a3750 R15: 0000000000000003