[alsa-devel] sound: spinlock lockup in sound/core/timer.c

Hello,

The following program hangs kernel dead:

// autogenerated by syzkaller (http://github.com/google/syzkaller) #include <unistd.h> #include <sys/syscall.h> #include <string.h> #include <stdint.h> #include <pthread.h>

long r[42];

void *thr(void *arg) { switch ((long)arg) { case 0: r[0] = syscall(SYS_mmap, 0x20000000ul, 0x2000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul); break; case 1: memcpy((void*)0x20000000, "\x2f\x64\x65\x76\x2f\x73\x6e\x64\x2f\x74\x69\x6d\x65\x72", 14); r[2] = open("/dev/snd/timer", 0x181400ul, 0); break; case 2: *(uint32_t*)0x20001000 = (uint32_t)0x1; *(uint32_t*)0x20001004 = (uint32_t)0xfffffffffffffffe; *(uint32_t*)0x20001008 = (uint32_t)0x0; *(uint32_t*)0x2000100c = (uint32_t)0x3; *(uint32_t*)0x20001010 = (uint32_t)0x0; *(uint8_t*)0x20001014 = (uint8_t)0x0; *(uint8_t*)0x20001015 = (uint8_t)0x0; *(uint8_t*)0x20001016 = (uint8_t)0x0; *(uint8_t*)0x20001017 = (uint8_t)0x0; *(uint8_t*)0x20001018 = (uint8_t)0x0; *(uint8_t*)0x20001019 = (uint8_t)0x0; *(uint8_t*)0x2000101a = (uint8_t)0x0; *(uint8_t*)0x2000101b = (uint8_t)0x0; *(uint8_t*)0x2000101c = (uint8_t)0x0; *(uint8_t*)0x2000101d = (uint8_t)0x0; *(uint8_t*)0x2000101e = (uint8_t)0x0; *(uint8_t*)0x2000101f = (uint8_t)0x0; *(uint8_t*)0x20001020 = (uint8_t)0x0; *(uint8_t*)0x20001021 = (uint8_t)0x0; *(uint8_t*)0x20001022 = (uint8_t)0x0; *(uint8_t*)0x20001023 = (uint8_t)0x0; *(uint8_t*)0x20001024 = (uint8_t)0x0; *(uint8_t*)0x20001025 = (uint8_t)0x0; *(uint8_t*)0x20001026 = (uint8_t)0x0; *(uint8_t*)0x20001027 = (uint8_t)0x0; *(uint8_t*)0x20001028 = (uint8_t)0x0; *(uint8_t*)0x20001029 = (uint8_t)0x0; *(uint8_t*)0x2000102a = (uint8_t)0x0; *(uint8_t*)0x2000102b = (uint8_t)0x0; *(uint8_t*)0x2000102c = (uint8_t)0x0; *(uint8_t*)0x2000102d = (uint8_t)0x0; *(uint8_t*)0x2000102e = (uint8_t)0x0; *(uint8_t*)0x2000102f = (uint8_t)0x0; *(uint8_t*)0x20001030 = (uint8_t)0x0; *(uint8_t*)0x20001031 = (uint8_t)0x0; *(uint8_t*)0x20001032 = (uint8_t)0x0; *(uint8_t*)0x20001033 = (uint8_t)0x0; r[40] = syscall(SYS_ioctl, r[2], 0x40345410ul, 0x20001000ul, 0, 0, 0); break; case 3: r[41] = syscall(SYS_ioctl, r[2], 0x54a0ul, 0, 0, 0, 0); break; } return 0; }

int main() { long i; pthread_t th[4];

memset(r, -1, sizeof(r)); for (i = 0; i < 4; i++) { pthread_create(&th[i], 0, thr, (void*)i); usleep(10000); } for (i = 0; i < 4; i++) { pthread_create(&th[i], 0, thr, (void*)i); if (i%2==0) usleep(10000); } usleep(100000); return 0; }

INFO: rcu_sched detected stalls on CPUs/tasks: (detected by 1, t=26002 jiffies, g=16336, c=16335, q=82) All QSes seen, last rcu_sched kthread activity 26002 (4294782026-4294756024), jiffies_till_next_fqs=3, root ->qsmask 0x0 a.out R running task 30168 32322 30913 0x0000000a ffff880034627600 ffff88003ed07ca8 ffffffff813e63b9 00000000fffcc6b8 00000000fffcc6b8 ffff88003ed20f40 00000000fffd2c4a dffffc0000000000 0000000000000000 ffff88003ed07d80 ffffffff814b21ca 0000000000000000 Call Trace: <IRQ> [<ffffffff813e63b9>] sched_show_task+0x269/0x3b0 kernel/sched/core.c:5036 [< inline >] print_other_cpu_stall kernel/rcu/tree.c:1318 [< inline >] check_cpu_stall kernel/rcu/tree.c:1424 [< inline >] __rcu_pending kernel/rcu/tree.c:3906 [< inline >] rcu_pending kernel/rcu/tree.c:3970 [<ffffffff814b21ca>] rcu_check_callbacks+0x1dfa/0x1e10 kernel/rcu/tree.c:2795 [<ffffffff814c195a>] update_process_times+0x3a/0x70 kernel/time/timer.c:1420 [<ffffffff814eaebf>] tick_sched_handle.isra.20+0xaf/0xe0 kernel/time/tick-sched.c:151 [<ffffffff814eb5e5>] tick_sched_timer+0x75/0x100 kernel/time/tick-sched.c:1086 [< inline >] __run_hrtimer kernel/time/hrtimer.c:1229 [<ffffffff814c3723>] __hrtimer_run_queues+0x363/0xc10 kernel/time/hrtimer.c:1293 [<ffffffff814c5732>] hrtimer_interrupt+0x182/0x430 kernel/time/hrtimer.c:1327 [<ffffffff8124e10f>] local_apic_timer_interrupt+0x6f/0xe0 arch/x86/kernel/apic/apic.c:907 [<ffffffff81251576>] smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:931 [<ffffffff86273dec>] apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:520 [<ffffffff814f99bc>] smp_call_function_many+0x59c/0x720 kernel/smp.c:435 [<ffffffff81291e96>] native_flush_tlb_others+0xd6/0x370 arch/x86/mm/tlb.c:154 [< inline >] flush_tlb_others ./arch/x86/include/asm/paravirt.h:329 [<ffffffff812925fc>] flush_tlb_mm_range+0x10c/0x550 arch/x86/mm/tlb.c:220 [<ffffffff816d3a32>] tlb_flush_mmu_tlbonly+0x1e2/0x3f0 mm/memory.c:242 [< inline >] tlb_flush_mmu mm/memory.c:263 [<ffffffff816d6acb>] tlb_finish_mmu+0x1b/0xa0 mm/memory.c:275 [<ffffffff816ea5ad>] unmap_region+0x22d/0x300 mm/mmap.c:2418 [<ffffffff816f2682>] do_munmap+0x712/0xf60 mm/mmap.c:2612 [<ffffffff816f3e90>] mmap_region+0x1d0/0x11a0 mm/mmap.c:1566 [<ffffffff816f55b3>] do_mmap+0x753/0x980 mm/mmap.c:1402 [< inline >] do_mmap_pgoff include/linux/mm.h:1925 [<ffffffff816aa44f>] vm_mmap_pgoff+0x15f/0x1b0 mm/util.c:328 [< inline >] SYSC_mmap_pgoff mm/mmap.c:1452 [<ffffffff816ef9b8>] SyS_mmap_pgoff+0xc8/0x580 mm/mmap.c:1410 [< inline >] SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [<ffffffff811afa46>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 [<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185 rcu_sched kthread starved for 26002 jiffies! g16336 c16335 f0x2 RCU_GP_WAIT_FQS(3) ->state=0x100 rcu_sched W ffff88003dfdfa98 29272 8 2 0x00000000 ffff88003dfdfa98 ffff88003ec16d40 ffff88003dfc6718 00ffed0007bfbf6f ffff88003ec20a70 ffff88003ec20a48 ffff88003ec200d8 ffff88003dfc5f08 ffff88003ec200c0 ffffffff874ddc40 ffff88003dfc5f00 ffff88003dfd8000 Call Trace: [<ffffffff86263a57>] schedule+0x97/0x1c0 kernel/sched/core.c:3311 [<ffffffff8626fbbb>] schedule_timeout+0x36b/0x920 kernel/time/timer.c:1531 [<ffffffff814ae693>] rcu_gp_kthread+0xae3/0x1b70 kernel/rcu/tree.c:2125 [<ffffffff813b2cef>] kthread+0x23f/0x2d0 drivers/block/aoe/aoecmd.c:1303 [<ffffffff862733af>] ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 BUG: spinlock lockup suspected on CPU#2, a.out/32321 lock: 0xffff88006928dc18, .magic: dead4ead, .owner: a.out/32313, .owner_cpu: 0 CPU: 2 PID: 32321 Comm: a.out Not tainted 4.4.0+ #242 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 00000000ffffffff ffff8800339879b8 ffffffff82926eed ffff88006928dc18 ffff880063472f80 ffff8800333c4740 ffff8800339879f0 ffffffff81462f0d ffffffff84ebd130 0000000000000000 ffff88006928dc18 ffff88006928dc28 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [<ffffffff82926eed>] dump_stack+0x6f/0xa2 lib/dump_stack.c:50 [<ffffffff81462f0d>] spin_dump+0x14d/0x280 kernel/locking/spinlock_debug.c:67 [< inline >] __spin_lock_debug kernel/locking/spinlock_debug.c:117 [<ffffffff8146322d>] do_raw_spin_lock+0x15d/0x2b0 kernel/locking/spinlock_debug.c:137 [< inline >] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:119 [<ffffffff862729c7>] _raw_spin_lock_irqsave+0xa7/0xd0 kernel/locking/spinlock.c:159 [<ffffffff84ebd130>] _snd_timer_stop+0xa0/0x450 sound/core/timer.c:499 [<ffffffff84ebd504>] snd_timer_stop+0x24/0x140 sound/core/timer.c:535 [< inline >] snd_timer_user_start sound/core/timer.c:1725 [<ffffffff84ec4224>] snd_timer_user_ioctl+0x684/0x2540 sound/core/timer.c:1818 [< inline >] vfs_ioctl fs/ioctl.c:43 [<ffffffff817cbd3c>] do_vfs_ioctl+0x18c/0xfa0 fs/ioctl.c:674 [< inline >] SYSC_ioctl fs/ioctl.c:689 [<ffffffff817ccbdf>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:680 [<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185 Sending NMI to all CPUs: NMI backtrace for cpu 0 CPU: 0 PID: 32313 Comm: a.out Not tainted 4.4.0+ #242 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff880063472f80 ti: ffff880064cd8000 task.ti: ffff880064cd8000 RIP: 0010:[<ffffffff8144b9b0>] [<ffffffff8144b9b0>] trace_hardirqs_off_caller+0x80/0x3d0 RSP: 0018:ffff880064cdf918 EFLAGS: 00000002 RAX: 0000000000000004 RBX: ffff880063472f80 RCX: ffff880063472f80 RDX: 0000000000000000 RSI: ffff880063473798 RDI: ffff88006347379c RBP: ffff880064cdf930 R08: 0000000000000001 R09: 0000000000000002 R10: 0000000000000001 R11: 0000000000000001 R12: ffff880063472f80 R13: ffffffff86272b66 R14: 00000000ffffffff R15: ffff88006d717dc0 FS: 00007fcc8e404700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007f274232de78 CR3: 000000006698e000 CR4: 00000000000006f0 Stack: 0000000000000086 ffff88006d717dc0 ffff880033a05c58 ffff880064cdf940 ffffffff8144bd0d ffff880064cdf960 ffffffff86272b66 1ffff1000c99bf30 ffff880033a05c28 ffff880064cdfa08 ffffffff814c2f00 ffff8800324ed998 Call Trace: [<ffffffff8144bd0d>] trace_hardirqs_off+0xd/0x10 kernel/locking/lockdep.c:2657 [< inline >] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [<ffffffff86272b66>] _raw_spin_unlock_irqrestore+0xa6/0xc0 kernel/locking/spinlock.c:191 [< inline >] unlock_hrtimer_base kernel/time/hrtimer.c:813 [<ffffffff814c2f00>] hrtimer_try_to_cancel+0x160/0x4a0 kernel/time/hrtimer.c:1047 [<ffffffff814c3262>] hrtimer_cancel+0x22/0x40 kernel/time/hrtimer.c:1065 [<ffffffff84ec6881>] snd_hrtimer_start+0x81/0x120 sound/core/hrtimer.c:93 [<ffffffff84ec0602>] snd_timer_start1+0x212/0x2b0 sound/core/timer.c:430 [<ffffffff84ec0c71>] snd_timer_start+0x121/0x1d0 sound/core/timer.c:473 [< inline >] snd_timer_user_start sound/core/timer.c:1728 [<ffffffff84ec42c0>] snd_timer_user_ioctl+0x720/0x2540 sound/core/timer.c:1818 [< inline >] vfs_ioctl fs/ioctl.c:43 [<ffffffff817cbd3c>] do_vfs_ioctl+0x18c/0xfa0 fs/ioctl.c:674 [< inline >] SYSC_ioctl fs/ioctl.c:689 [<ffffffff817ccbdf>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:680 [<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185 Code: 4c 8b 24 25 c0 4e 01 00 49 8d bc 24 1c 08 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 <83> c0 03 38 d0 7c 08 84 d2 0f 85 bf 02 00 00 41 8b b4 24 1c 08 NMI backtrace for cpu 1 CPU: 1 PID: 32322 Comm: a.out Not tainted 4.4.0+ #242 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff8800355fc740 ti: ffff880034620000 task.ti: ffff880034620000 RIP: 0010:[<ffffffff814f8f27>] [<ffffffff814f8f27>] smp_call_function_single+0x227/0x340 RSP: 0018:ffff880034627878 EFLAGS: 00000297 RAX: ffff8800355fc740 RBX: ffff8800346278f0 RCX: ffff8800355fcf60 RDX: 0000000000000000 RSI: ffff8800355fcf60 RDI: 0000000000000286 RBP: ffff880034627918 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 00000000ffffffff R14: 1ffff100068c4f12 R15: dffffc0000000000 FS: 00007fd5c724e700(0000) GS:ffff88003ed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007fd5c724de78 CR3: 0000000035627000 CR4: 00000000000006e0 Stack: ffff8800346279e0 ffffffff81291720 0000000200000040 0000000041b58ab3 ffffffff8733ad2f ffffffff814f8d00 ffffffff881ca238 0000000000000000 BUG: spinlock lockup suspected on CPU#3, a.out/32311 lock: 0xffff88006928dc18, .magic: dead4ead, .owner: a.out/32313, .owner_cpu: 0 CPU: 3 PID: 32311 Comm: a.out Not tainted 4.4.0+ #242 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 00000000ffffffff ffff88006d707c60 ffffffff82926eed ffff88006928dc18 ffff880063472f80 ffff8800634717c0 ffff88006d707c98 ffffffff81462f0d ffffffff84ebe3b7 ffffffff00000000 ffff88006928dc18 ffff88006928dc28 Call Trace: <IRQ> [< inline >] __dump_stack lib/dump_stack.c:15 <IRQ> [<ffffffff82926eed>] dump_stack+0x6f/0xa2 lib/dump_stack.c:50 [<ffffffff81462f0d>] spin_dump+0x14d/0x280 kernel/locking/spinlock_debug.c:67 [< inline >] __spin_lock_debug kernel/locking/spinlock_debug.c:117 [<ffffffff8146322d>] do_raw_spin_lock+0x15d/0x2b0 kernel/locking/spinlock_debug.c:137 [< inline >] __raw_spin_lock include/linux/spinlock_api_smp.h:145 [<ffffffff86271f2b>] _raw_spin_lock+0x3b/0x50 kernel/locking/spinlock.c:151 [< inline >] spin_lock include/linux/spinlock.h:302 [<ffffffff84ebe3b7>] snd_timer_interrupt+0x677/0xbf0 sound/core/timer.c:745 [<ffffffff84ec6b26>] snd_hrtimer_callback+0x166/0x230 sound/core/hrtimer.c:54 [< inline >] __run_hrtimer kernel/time/hrtimer.c:1229 [<ffffffff814c3723>] __hrtimer_run_queues+0x363/0xc10 kernel/time/hrtimer.c:1293 [<ffffffff814c5732>] hrtimer_interrupt+0x182/0x430 kernel/time/hrtimer.c:1327 [<ffffffff8124e10f>] local_apic_timer_interrupt+0x6f/0xe0 arch/x86/kernel/apic/apic.c:907 [<ffffffff81251576>] smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:931 [<ffffffff86273dec>] apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:520 [< inline >] spin_unlock_irqrestore include/linux/spinlock.h:362 [<ffffffff84ec0c7f>] snd_timer_start+0x12f/0x1d0 sound/core/timer.c:474 [< inline >] snd_timer_user_start sound/core/timer.c:1728 [<ffffffff84ec42c0>] snd_timer_user_ioctl+0x720/0x2540 sound/core/timer.c:1818 [< inline >] vfs_ioctl fs/ioctl.c:43 [<ffffffff817cbd3c>] do_vfs_ioctl+0x18c/0xfa0 fs/ioctl.c:674 [< inline >] SYSC_ioctl fs/ioctl.c:689 [<ffffffff817ccbdf>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:680 [<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185 ffffffff81291720 ffff8800346279e0 0000000000000003 fffffbfff1039670 Call Trace: [<ffffffff814f99bc>] smp_call_function_many+0x59c/0x720 kernel/smp.c:435 [<ffffffff81291e96>] native_flush_tlb_others+0xd6/0x370 arch/x86/mm/tlb.c:154 [< inline >] flush_tlb_others ./arch/x86/include/asm/paravirt.h:329 [<ffffffff812925fc>] flush_tlb_mm_range+0x10c/0x550 arch/x86/mm/tlb.c:220 [<ffffffff816d3a32>] tlb_flush_mmu_tlbonly+0x1e2/0x3f0 mm/memory.c:242 [< inline >] tlb_flush_mmu mm/memory.c:263 [<ffffffff816d6acb>] tlb_finish_mmu+0x1b/0xa0 mm/memory.c:275 [<ffffffff816ea5ad>] unmap_region+0x22d/0x300 mm/mmap.c:2418 [<ffffffff816f2682>] do_munmap+0x712/0xf60 mm/mmap.c:2612 [<ffffffff816f3e90>] mmap_region+0x1d0/0x11a0 mm/mmap.c:1566 [<ffffffff816f55b3>] do_mmap+0x753/0x980 mm/mmap.c:1402 [< inline >] do_mmap_pgoff include/linux/mm.h:1925 [<ffffffff816aa44f>] vm_mmap_pgoff+0x15f/0x1b0 mm/util.c:328 [< inline >] SYSC_mmap_pgoff mm/mmap.c:1452 [<ffffffff816ef9b8>] SyS_mmap_pgoff+0xc8/0x580 mm/mmap.c:1410 [< inline >] SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [<ffffffff811afa46>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 [<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185 Code: 60 ff ff ff 48 8b 95 68 ff ff ff 48 8d 73 c0 8b bd 74 ff ff ff e8 9a f9 ff ff 41 89 c4 8b 43 d8 a8 01 74 9a e8 1b b3 07 00 f3 90 <8b> 43 d8 a8 01 75 f2 eb 8a e8 0b b3 07 00 48 c7 c7 60 57 56 87 NMI backtrace for cpu 2 CPU: 2 PID: 32321 Comm: a.out Not tainted 4.4.0+ #242 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff8800333c4740 ti: ffff880033980000 task.ti: ffff880033980000 RIP: 0010:[<ffffffff81261bb6>] [<ffffffff81261bb6>] flat_send_IPI_mask+0x156/0x290 RSP: 0018:ffff880033987940 EFLAGS: 00000046 RAX: 0000000000000000 RBX: 0000000000000c00 RCX: 0000000000000000 RDX: 0000000000000c00 RSI: 0000000000000000 RDI: ffffffffff5fc300 RBP: ffff880033987968 R08: 0000000000000001 R09: 0000000000000000 R10: fffffbfff10e18f2 R11: 1ffffffff12758b5 R12: 0000000000000086 R13: 000000000f000000 R14: ffffffff87561c60 R15: 0000000000000002 FS: 00007fd5c7a4f700(0000) GS:ffff88006d600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007f2a48ebde78 CR3: 0000000035627000 CR4: 00000000000006e0 Stack: ffffffff87561c60 ffffffff881ce320 0000000000000040 fffffbfff1039670 ffff88006d71a460 ffff880033987988 ffffffff812576bb ffffffff86603680 dffffc0000000000 ffff8800339879e0 ffffffff82932402 ffffffff82926f05 Call Trace: [<ffffffff812576bb>] nmi_raise_cpu_backtrace+0x5b/0x70 arch/x86/kernel/apic/hw_nmi.c:33 [<ffffffff82932402>] nmi_trigger_all_cpu_backtrace+0x4b2/0x540 lib/nmi_backtrace.c:85 [<ffffffff81257704>] arch_trigger_all_cpu_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 [< inline >] trigger_all_cpu_backtrace include/linux/nmi.h:41 [< inline >] __spin_lock_debug kernel/locking/spinlock_debug.c:119 [<ffffffff81463237>] do_raw_spin_lock+0x167/0x2b0 kernel/locking/spinlock_debug.c:137 [< inline >] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:119 [<ffffffff862729c7>] _raw_spin_lock_irqsave+0xa7/0xd0 kernel/locking/spinlock.c:159 [<ffffffff84ebd130>] _snd_timer_stop+0xa0/0x450 sound/core/timer.c:499 [<ffffffff84ebd504>] snd_timer_stop+0x24/0x140 sound/core/timer.c:535 [< inline >] snd_timer_user_start sound/core/timer.c:1725 [<ffffffff84ec4224>] snd_timer_user_ioctl+0x684/0x2540 sound/core/timer.c:1818 [< inline >] vfs_ioctl fs/ioctl.c:43 [<ffffffff817cbd3c>] do_vfs_ioctl+0x18c/0xfa0 fs/ioctl.c:674 [< inline >] SYSC_ioctl fs/ioctl.c:689 [<ffffffff817ccbdf>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:680 [<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185 Code: 00 c3 5f ff 80 e6 10 75 e1 41 c1 e5 18 44 89 2c 25 10 c3 5f ff 44 89 fa 09 da 80 cf 04 41 83 ff 02 0f 44 d3 89 14 25 00 c3 5f ff <41> f7 c4 00 02 00 00 74 4a e8 fc fd 1e 00 48 c7 c7 68 57 56 87 NMI backtrace for cpu 3 CPU: 3 PID: 32311 Comm: a.out Not tainted 4.4.0+ #242 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff8800634717c0 ti: ffff880065f40000 task.ti: ffff880065f40000 RIP: 0010:[<ffffffff82953fb8>] [<ffffffff82953fb8>] delay_tsc+0x18/0x70 RSP: 0018:ffff88006d707c88 EFLAGS: 00000086 RAX: 0000000071a66e06 RBX: ffff88006928dc18 RCX: 000000000000001e RDX: 0000000000000064 RSI: 0000006471a66dc4 RDI: 0000000000000001 RBP: ffff88006d707c88 R08: 0000000000000003 R09: 0000000000000001 R10: ffff8800634717c0 R11: 0000000000000000 R12: ffff88006928dc28 R13: 000000009a9d2d40 R14: ffff88006928dc20 R15: 000000009a8c7d02 FS: 00007fbb31057700(0000) GS:ffff88006d700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007fcc8e403e78 CR3: 0000000032e86000 CR4: 00000000000006e0 Stack: ffff88006d707c98 ffffffff82953f0a ffff88006d707cd0 ffffffff81463219 ffff88006928dc18 ffff8800324ee230 ffffed000d251b90 ffff8800324ee220 ffff8800324ee2b0 ffff88006d707cf0 ffffffff86271f2b ffffffff84ebe3b7 Call Trace: <IRQ> d [<ffffffff82953f0a>] __delay+0xa/0x10 arch/x86/lib/delay.c:153 [< inline >] __spin_lock_debug kernel/locking/spinlock_debug.c:114 [<ffffffff81463219>] do_raw_spin_lock+0x149/0x2b0 kernel/locking/spinlock_debug.c:137 [< inline >] __raw_spin_lock include/linux/spinlock_api_smp.h:145 [<ffffffff86271f2b>] _raw_spin_lock+0x3b/0x50 kernel/locking/spinlock.c:151 [< inline >] spin_lock include/linux/spinlock.h:302 [<ffffffff84ebe3b7>] snd_timer_interrupt+0x677/0xbf0 sound/core/timer.c:745 [<ffffffff84ec6b26>] snd_hrtimer_callback+0x166/0x230 sound/core/hrtimer.c:54 [< inline >] __run_hrtimer kernel/time/hrtimer.c:1229 [<ffffffff814c3723>] __hrtimer_run_queues+0x363/0xc10 kernel/time/hrtimer.c:1293 [<ffffffff814c5732>] hrtimer_interrupt+0x182/0x430 kernel/time/hrtimer.c:1327 [<ffffffff8124e10f>] local_apic_timer_interrupt+0x6f/0xe0 arch/x86/kernel/apic/apic.c:907 [<ffffffff81251576>] smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:931 [<ffffffff86273dec>] apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:520 [< inline >] spin_unlock_irqrestore include/linux/spinlock.h:362 [<ffffffff84ec0c7f>] snd_timer_start+0x12f/0x1d0 sound/core/timer.c:474 [< inline >] snd_timer_user_start sound/core/timer.c:1728 [<ffffffff84ec42c0>] snd_timer_user_ioctl+0x720/0x2540 sound/core/timer.c:1818 [< inline >] vfs_ioctl fs/ioctl.c:43 [<ffffffff817cbd3c>] do_vfs_ioctl+0x18c/0xfa0 fs/ioctl.c:674 [< inline >] SYSC_ioctl fs/ioctl.c:689 [<ffffffff817ccbdf>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:680 [<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185 Code: 48 8d 7a 01 ff 15 a9 ad f8 04 5d c3 0f 1f 80 00 00 00 00 55 65 ff 05 a8 0e 6c 7d 48 89 e5 65 44 8b 05 6d f1 6b 7d 0f ae e8 0f 31 <48> c1 e2 20 48 89 d6 48 09 c6 0f ae e8 0f 31 48 c1 e2 20 48 09

On commit 67990608c8b95d2b8ccc29932376ae73d5818727 (Jan 12).