syzbot

================================
WARNING: inconsistent lock state
6.8.0-rc6-syzkaller-00037-g805d849d7c3c #0 Not tainted
--------------------------------
inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
syz-executor318/5183 [HC0[0]:SC0[0]:HE0:SE1] takes:
ffffffff8e602d58 (sync_timeline_list_lock){?...}-{2:2}
, at: spin_lock_irq include/linux/spinlock.h:376 [inline]
, at: sync_info_debugfs_show+0x31/0x200 drivers/dma-buf/sync_debug.c:147
{IN-HARDIRQ-W} state was registered at:
  lock_acquire kernel/locking/lockdep.c:5754 [inline]
  lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719
  __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
  _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
  sync_timeline_debug_remove+0x29/0x1a0 drivers/dma-buf/sync_debug.c:31
  sync_timeline_free drivers/dma-buf/sw_sync.c:125 [inline]
  kref_put include/linux/kref.h:65 [inline]
  sync_timeline_put drivers/dma-buf/sw_sync.c:137 [inline]
  timeline_fence_release+0x262/0x340 drivers/dma-buf/sw_sync.c:165
  dma_fence_release+0x2ff/0x520 drivers/dma-buf/dma-fence.c:560
  kref_put include/linux/kref.h:65 [inline]
  dma_fence_put include/linux/dma-fence.h:297 [inline]
  dma_fence_put include/linux/dma-fence.h:294 [inline]
  dma_fence_array_release+0x1fa/0x2e0 drivers/dma-buf/dma-fence-array.c:120
  dma_fence_release+0x2ff/0x520 drivers/dma-buf/dma-fence.c:560
  kref_put include/linux/kref.h:65 [inline]
  dma_fence_put include/linux/dma-fence.h:297 [inline]
  dma_fence_put include/linux/dma-fence.h:294 [inline]
  irq_dma_fence_array_work+0xa9/0xd0 drivers/dma-buf/dma-fence-array.c:52
  irq_work_single+0x1be/0x260 kernel/irq_work.c:221
  irq_work_run_list+0x92/0xc0 kernel/irq_work.c:252
  irq_work_run+0x58/0xd0 kernel/irq_work.c:261
  __sysvec_irq_work+0x82/0x3a0 arch/x86/kernel/irq_work.c:22
  sysvec_irq_work+0x90/0xb0 arch/x86/kernel/irq_work.c:17
  asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
  __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
  _raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202
  spin_unlock_irq include/linux/spinlock.h:401 [inline]
  sw_sync_debugfs_release+0x164/0x240 drivers/dma-buf/sw_sync.c:359
  __fput+0x270/0xb80 fs/file_table.c:376
  task_work_run+0x14f/0x250 kernel/task_work.c:180
  resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
  exit_to_user_mode_loop kernel/entry/common.c:108 [inline]
  exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
  __syscall_exit_to_user_mode_work kernel/entry/common.c:201 [inline]
  syscall_exit_to_user_mode+0x278/0x2a0 kernel/entry/common.c:212
  do_syscall_64+0xe5/0x270 arch/x86/entry/common.c:89
  entry_SYSCALL_64_after_hwframe+0x6f/0x77
irq event stamp: 486
hardirqs last  enabled at (485): [<ffffffff81da5526>] ___slab_alloc+0xf36/0x19a0 mm/slub.c:3467
hardirqs last disabled at (486): [<ffffffff8ac7c7b5>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:117 [inline]
hardirqs last disabled at (486): [<ffffffff8ac7c7b5>] _raw_spin_lock_irq+0x45/0x50 kernel/locking/spinlock.c:170
softirqs last  enabled at (0): [<ffffffff814ed49f>] copy_process+0x245f/0x97b0 kernel/fork.c:2443
softirqs last disabled at (0): [<0000000000000000>] 0x0

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(sync_timeline_list_lock);
  <Interrupt>
    lock(sync_timeline_list_lock);

 *** DEADLOCK ***

2 locks held by syz-executor318/5183:
 #0: ffff88801a16cfa8 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xde/0x12c0 fs/seq_file.c:182
 #1: ffffffff8e602d58 (sync_timeline_list_lock){?...}-{2:2}, at: spin_lock_irq include/linux/spinlock.h:376 [inline]
 #1: ffffffff8e602d58 (sync_timeline_list_lock){?...}-{2:2}, at: sync_info_debugfs_show+0x31/0x200 drivers/dma-buf/sync_debug.c:147

stack backtrace:
CPU: 2 PID: 5183 Comm: syz-executor318 Not tainted 6.8.0-rc6-syzkaller-00037-g805d849d7c3c #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
 print_usage_bug kernel/locking/lockdep.c:3971 [inline]
 valid_state kernel/locking/lockdep.c:4013 [inline]
 mark_lock_irq kernel/locking/lockdep.c:4216 [inline]
 mark_lock+0x923/0xc60 kernel/locking/lockdep.c:4678
 mark_held_locks+0x9f/0xe0 kernel/locking/lockdep.c:4274
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:4292 [inline]
 lockdep_hardirqs_on_prepare kernel/locking/lockdep.c:4359 [inline]
 lockdep_hardirqs_on_prepare+0x139/0x420 kernel/locking/lockdep.c:4311
 trace_hardirqs_on+0x36/0x40 kernel/trace/trace_preemptirq.c:61
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
 _raw_spin_unlock_irq+0x23/0x50 kernel/locking/spinlock.c:202
 spin_unlock_irq include/linux/spinlock.h:401 [inline]
 sync_print_obj drivers/dma-buf/sync_debug.c:118 [inline]
 sync_info_debugfs_show+0xef/0x200 drivers/dma-buf/sync_debug.c:153
 seq_read_iter+0x4fa/0x12c0 fs/seq_file.c:230
 seq_read+0x392/0x4e0 fs/seq_file.c:162
 vfs_read+0x1d4/0xb80 fs/read_write.c:474
 ksys_read+0x12f/0x260 fs/read_write.c:619
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd5/0x270 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f6e74389d69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffe162c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6e74389d69
RDX: 0000000000002020 RSI: 0000000020002200 RDI: 0000000000000003
RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000f049
R13: 00007fffe162c17c R14: 00007fffe162c190 R15: 00007fffe162c180
 </TASK>