===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted ----------------------------------------------------- syz-executor.3/10519 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: ffff88807aab8a00 (&stab->lock ){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ){+...}-{2:2}, at: __sock_map_delete net/core/sock_map.c:414 [inline] ){+...}-{2:2}, at: sock_map_delete_elem+0xc8/0x150 net/core/sock_map.c:446 and this task is already holding: ffff88801f638358 (&dev->vblank_time_lock){-.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] ffff88801f638358 (&dev->vblank_time_lock){-.-.}-{2:2}, at: drm_vblank_enable+0xbf/0x500 drivers/gpu/drm/drm_vblank.c:1155 which would create a new lock dependency: (&dev->vblank_time_lock){-.-.}-{2:2} -> (&stab->lock){+...}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&dev->vblank_time_lock){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] drm_handle_vblank+0x132/0xbc0 drivers/gpu/drm/drm_vblank.c:1891 vkms_vblank_simulate+0xed/0x3e0 drivers/gpu/drm/vkms/vkms_crtc.c:29 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x20c/0xc20 kernel/time/hrtimer.c:1756 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1818 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x10f/0x410 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] acpi_safe_halt+0x1a/0x20 drivers/acpi/processor_idle.c:112 acpi_idle_enter+0xc5/0x160 drivers/acpi/processor_idle.c:707 cpuidle_enter_state+0x85/0x510 drivers/cpuidle/cpuidle.c:267 cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:388 cpuidle_idle_call kernel/sched/idle.c:236 [inline] do_idle+0x313/0x3f0 kernel/sched/idle.c:332 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430 rest_init+0x16f/0x2b0 init/main.c:730 arch_call_rest_init+0x13/0x40 init/main.c:831 start_kernel+0x3a3/0x490 init/main.c:1077 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x148 to a HARDIRQ-irq-unsafe lock: (&stab->lock){+...}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_map_update_common+0x197/0x870 net/core/sock_map.c:490 sock_map_update_elem_sys+0x3bb/0x570 net/core/sock_map.c:579 bpf_map_update_value+0x36c/0x6c0 kernel/bpf/syscall.c:172 map_update_elem+0x623/0x910 kernel/bpf/syscall.c:1641 __sys_bpf+0xab9/0x4b40 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&stab->lock); local_irq_disable(); lock(&dev->vblank_time_lock); lock(&stab->lock); lock(&dev->vblank_time_lock); *** DEADLOCK *** 11 locks held by syz-executor.3/10519: #0: ffff88801f6382f8 (&dev->clientlist_mutex){+.+.}-{3:3}, at: drm_client_dev_restore+0xd8/0x2a0 drivers/gpu/drm/drm_client.c:242 #1: ffff88801f674280 (&helper->lock){+.+.}-{3:3}, at: __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:242 [inline] #1: ffff88801f674280 (&helper->lock){+.+.}-{3:3}, at: __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:230 [inline] #1: ffff88801f674280 (&helper->lock){+.+.}-{3:3}, at: drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:278 [inline] #1: ffff88801f674280 (&helper->lock){+.+.}-{3:3}, at: drm_fb_helper_lastclose+0xbf/0x160 drivers/gpu/drm/drm_fb_helper.c:2005 #2: ffff88801f6381b0 (&dev->master_mutex){+.+.}-{3:3}, at: drm_master_internal_acquire+0x21/0x80 drivers/gpu/drm/drm_auth.c:452 #3: ffff88801f674098 (&client->modeset_mutex){+.+.}-{3:3}, at: drm_client_modeset_commit_locked+0x4c/0x580 drivers/gpu/drm/drm_client_modeset.c:1152 #4: ffffc9000398fc60 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_client_modeset_commit_atomic+0xd0/0x810 drivers/gpu/drm/drm_client_modeset.c:990 #5: ffff88801f6f40b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: modeset_lock+0x488/0x6c0 drivers/gpu/drm/drm_modeset_lock.c:314 #6: ffff88801f63a860 (&vkms_out->lock){-.-.}-{2:2}, at: drm_atomic_helper_commit_planes+0x1cf/0x1000 drivers/gpu/drm/drm_atomic_helper.c:2757 #7: ffff88801f6383f0 (&dev->event_lock){-.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #7: ffff88801f6383f0 (&dev->event_lock){-.-.}-{2:2}, at: vkms_crtc_atomic_flush+0x98/0x2b0 drivers/gpu/drm/vkms/vkms_crtc.c:253 #8: ffff88801f638398 (&dev->vbl_lock){..-.}-{2:2}, at: drm_vblank_get+0xcc/0x280 drivers/gpu/drm/drm_vblank.c:1198 #9: ffff88801f638358 (&dev->vblank_time_lock){-.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #9: ffff88801f638358 (&dev->vblank_time_lock){-.-.}-{2:2}, at: drm_vblank_enable+0xbf/0x500 drivers/gpu/drm/drm_vblank.c:1155 #10: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] #10: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] #10: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] #10: ffffffff8d7b08e0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0xf8/0x440 kernel/trace/bpf_trace.c:2421 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&dev->vblank_time_lock){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] drm_handle_vblank+0x132/0xbc0 drivers/gpu/drm/drm_vblank.c:1891 vkms_vblank_simulate+0xed/0x3e0 drivers/gpu/drm/vkms/vkms_crtc.c:29 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x20c/0xc20 kernel/time/hrtimer.c:1756 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1818 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x10f/0x410 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] acpi_safe_halt+0x1a/0x20 drivers/acpi/processor_idle.c:112 acpi_idle_enter+0xc5/0x160 drivers/acpi/processor_idle.c:707 cpuidle_enter_state+0x85/0x510 drivers/cpuidle/cpuidle.c:267 cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:388 cpuidle_idle_call kernel/sched/idle.c:236 [inline] do_idle+0x313/0x3f0 kernel/sched/idle.c:332 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430 rest_init+0x16f/0x2b0 init/main.c:730 arch_call_rest_init+0x13/0x40 init/main.c:831 start_kernel+0x3a3/0x490 init/main.c:1077 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x148 IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] drm_handle_vblank+0x132/0xbc0 drivers/gpu/drm/drm_vblank.c:1891 vkms_vblank_simulate+0xed/0x3e0 drivers/gpu/drm/vkms/vkms_crtc.c:29 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x20c/0xc20 kernel/time/hrtimer.c:1756 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1818 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x10f/0x410 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x43/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 __sanitizer_cov_trace_pc+0x58/0x60 kernel/kcov.c:223 __orc_find+0xd7/0x130 arch/x86/kernel/unwind_orc.c:99 orc_find arch/x86/kernel/unwind_orc.c:233 [inline] unwind_next_frame+0xcf1/0x23a0 arch/x86/kernel/unwind_orc.c:494 arch_stack_walk+0x100/0x170 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579 poison_slab_object mm/kasan/common.c:240 [inline] __kasan_slab_free+0x11d/0x1a0 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2106 [inline] slab_free mm/slub.c:4280 [inline] kmem_cache_free+0x12e/0x360 mm/slub.c:4344 rcu_do_batch kernel/rcu/tree.c:2196 [inline] rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2471 __do_softirq+0x218/0x8de kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:633 [inline] irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] acpi_safe_halt+0x1a/0x20 drivers/acpi/processor_idle.c:112 acpi_idle_enter+0xc5/0x160 drivers/acpi/processor_idle.c:707 cpuidle_enter_state+0x85/0x510 drivers/cpuidle/cpuidle.c:267 cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:388 cpuidle_idle_call kernel/sched/idle.c:236 [inline] do_idle+0x313/0x3f0 kernel/sched/idle.c:332 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430 rest_init+0x16f/0x2b0 init/main.c:730 arch_call_rest_init+0x13/0x40 init/main.c:831 start_kernel+0x3a3/0x490 init/main.c:1077 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x148 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] drm_reset_vblank_timestamp drivers/gpu/drm/drm_vblank.c:233 [inline] drm_crtc_vblank_on+0x27b/0x690 drivers/gpu/drm/drm_vblank.c:1487 drm_atomic_helper_commit_modeset_enables+0x2c7/0xb00 drivers/gpu/drm/drm_atomic_helper.c:1487 vkms_atomic_commit_tail+0x69/0x240 drivers/gpu/drm/vkms/vkms_drv.c:75 commit_tail+0x284/0x410 drivers/gpu/drm/drm_atomic_helper.c:1832 drm_atomic_helper_commit+0x2fd/0x380 drivers/gpu/drm/drm_atomic_helper.c:2072 drm_atomic_commit+0x227/0x300 drivers/gpu/drm/drm_atomic.c:1514 drm_client_modeset_commit_atomic+0x6c6/0x810 drivers/gpu/drm/drm_client_modeset.c:1051 drm_client_modeset_commit_locked+0x14d/0x580 drivers/gpu/drm/drm_client_modeset.c:1154 drm_client_modeset_commit+0x4f/0x80 drivers/gpu/drm/drm_client_modeset.c:1180 __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:251 [inline] __drm_fb_helper_restore_fbdev_mode_unlocked+0x130/0x180 drivers/gpu/drm/drm_fb_helper.c:230 drm_fb_helper_set_par+0xd8/0x120 drivers/gpu/drm/drm_fb_helper.c:1344 fbcon_init+0x884/0x1910 drivers/video/fbdev/core/fbcon.c:1094 visual_init+0x328/0x630 drivers/tty/vt/vt.c:1023 do_bind_con_driver.isra.0+0x57a/0xbf0 drivers/tty/vt/vt.c:3643 do_take_over_console+0x4f4/0x650 drivers/tty/vt/vt.c:4222 do_fbcon_takeover+0xe8/0x210 drivers/video/fbdev/core/fbcon.c:532 do_fb_registered drivers/video/fbdev/core/fbcon.c:3000 [inline] fbcon_fb_registered+0x375/0x670 drivers/video/fbdev/core/fbcon.c:3020 do_register_framebuffer drivers/video/fbdev/core/fbmem.c:449 [inline] register_framebuffer+0x4b2/0x860 drivers/video/fbdev/core/fbmem.c:515 __drm_fb_helper_initial_config_and_unlock+0xd82/0x1650 drivers/gpu/drm/drm_fb_helper.c:1871 drm_fb_helper_initial_config drivers/gpu/drm/drm_fb_helper.c:1936 [inline] drm_fb_helper_initial_config+0x44/0x60 drivers/gpu/drm/drm_fb_helper.c:1928 drm_fbdev_generic_client_hotplug+0x1a6/0x280 drivers/gpu/drm/drm_fbdev_generic.c:279 drm_client_register+0x195/0x280 drivers/gpu/drm/drm_client.c:141 drm_fbdev_generic_setup+0x184/0x340 drivers/gpu/drm/drm_fbdev_generic.c:341 vkms_create drivers/gpu/drm/vkms/vkms_drv.c:226 [inline] vkms_init+0x62d/0x760 drivers/gpu/drm/vkms/vkms_drv.c:252 do_one_initcall+0x128/0x690 init/main.c:1241 do_initcall_level init/main.c:1303 [inline] do_initcalls init/main.c:1319 [inline] do_basic_setup init/main.c:1338 [inline] kernel_init_freeable+0x69d/0xc40 init/main.c:1550 kernel_init+0x1c/0x2a0 init/main.c:1439 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 } ... key at: [] __key.4+0x0/0x40 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (&stab->lock){+...}-{2:2} { HARDIRQ-ON-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_map_update_common+0x197/0x870 net/core/sock_map.c:490 sock_map_update_elem_sys+0x3bb/0x570 net/core/sock_map.c:579 bpf_map_update_value+0x36c/0x6c0 kernel/bpf/syscall.c:172 map_update_elem+0x623/0x910 kernel/bpf/syscall.c:1641 __sys_bpf+0xab9/0x4b40 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_map_update_common+0x197/0x870 net/core/sock_map.c:490 sock_map_update_elem_sys+0x3bb/0x570 net/core/sock_map.c:579 bpf_map_update_value+0x36c/0x6c0 kernel/bpf/syscall.c:172 map_update_elem+0x623/0x910 kernel/bpf/syscall.c:1641 __sys_bpf+0xab9/0x4b40 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 } ... key at: [] __key.1+0x0/0x40 ... acquired at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0xc8/0x150 net/core/sock_map.c:446 ___bpf_prog_run+0x3e51/0xae80 kernel/bpf/core.c:1997 __bpf_prog_run32+0xc1/0x100 kernel/bpf/core.c:2236 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run3+0x167/0x440 kernel/trace/bpf_trace.c:2421 __bpf_trace_hrtimer_init+0x101/0x140 include/trace/events/timer.h:193 trace_hrtimer_init include/trace/events/timer.h:193 [inline] debug_init kernel/time/hrtimer.c:472 [inline] hrtimer_init+0x17c/0x210 kernel/time/hrtimer.c:1599 vkms_enable_vblank+0xba/0x1a0 drivers/gpu/drm/vkms/vkms_crtc.c:71 __enable_vblank drivers/gpu/drm/drm_vblank.c:1142 [inline] drm_vblank_enable+0x305/0x500 drivers/gpu/drm/drm_vblank.c:1165 drm_vblank_get+0x174/0x280 drivers/gpu/drm/drm_vblank.c:1201 vkms_crtc_atomic_flush+0xa0/0x2b0 drivers/gpu/drm/vkms/vkms_crtc.c:255 drm_atomic_helper_commit_planes+0x61c/0x1000 drivers/gpu/drm/drm_atomic_helper.c:2820 vkms_atomic_commit_tail+0x5e/0x240 drivers/gpu/drm/vkms/vkms_drv.c:73 commit_tail+0x284/0x410 drivers/gpu/drm/drm_atomic_helper.c:1832 drm_atomic_helper_commit+0x2fd/0x380 drivers/gpu/drm/drm_atomic_helper.c:2072 drm_atomic_commit+0x227/0x300 drivers/gpu/drm/drm_atomic.c:1514 drm_client_modeset_commit_atomic+0x6c6/0x810 drivers/gpu/drm/drm_client_modeset.c:1051 drm_client_modeset_commit_locked+0x14d/0x580 drivers/gpu/drm/drm_client_modeset.c:1154 drm_client_modeset_commit+0x4f/0x80 drivers/gpu/drm/drm_client_modeset.c:1180 __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:251 [inline] __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:230 [inline] drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:278 [inline] drm_fb_helper_lastclose+0xc7/0x160 drivers/gpu/drm/drm_fb_helper.c:2005 drm_fbdev_generic_client_restore+0x2c/0x40 drivers/gpu/drm/drm_fbdev_generic.c:258 drm_client_dev_restore+0x188/0x2a0 drivers/gpu/drm/drm_client.c:247 drm_release+0x32f/0x3e0 drivers/gpu/drm/drm_file.c:437 __fput+0x270/0xb80 fs/file_table.c:422 __fput_sync+0x47/0x50 fs/file_table.c:507 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x86/0x100 fs/open.c:1541 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 stack backtrace: CPU: 0 PID: 10519 Comm: syz-executor.3 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline] check_irq_usage+0xe3c/0x1490 kernel/locking/lockdep.c:2865 check_prev_add kernel/locking/lockdep.c:3138 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain kernel/locking/lockdep.c:3869 [inline] __lock_acquire+0x248e/0x3b30 kernel/locking/lockdep.c:5137 lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0xc8/0x150 net/core/sock_map.c:446 ___bpf_prog_run+0x3e51/0xae80 kernel/bpf/core.c:1997 __bpf_prog_run32+0xc1/0x100 kernel/bpf/core.c:2236 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run3+0x167/0x440 kernel/trace/bpf_trace.c:2421 __bpf_trace_hrtimer_init+0x101/0x140 include/trace/events/timer.h:193 trace_hrtimer_init include/trace/events/timer.h:193 [inline] debug_init kernel/time/hrtimer.c:472 [inline] hrtimer_init+0x17c/0x210 kernel/time/hrtimer.c:1599 vkms_enable_vblank+0xba/0x1a0 drivers/gpu/drm/vkms/vkms_crtc.c:71 __enable_vblank drivers/gpu/drm/drm_vblank.c:1142 [inline] drm_vblank_enable+0x305/0x500 drivers/gpu/drm/drm_vblank.c:1165 drm_vblank_get+0x174/0x280 drivers/gpu/drm/drm_vblank.c:1201 vkms_crtc_atomic_flush+0xa0/0x2b0 drivers/gpu/drm/vkms/vkms_crtc.c:255 drm_atomic_helper_commit_planes+0x61c/0x1000 drivers/gpu/drm/drm_atomic_helper.c:2820 vkms_atomic_commit_tail+0x5e/0x240 drivers/gpu/drm/vkms/vkms_drv.c:73 commit_tail+0x284/0x410 drivers/gpu/drm/drm_atomic_helper.c:1832 drm_atomic_helper_commit+0x2fd/0x380 drivers/gpu/drm/drm_atomic_helper.c:2072 drm_atomic_commit+0x227/0x300 drivers/gpu/drm/drm_atomic.c:1514 drm_client_modeset_commit_atomic+0x6c6/0x810 drivers/gpu/drm/drm_client_modeset.c:1051 drm_client_modeset_commit_locked+0x14d/0x580 drivers/gpu/drm/drm_client_modeset.c:1154 drm_client_modeset_commit+0x4f/0x80 drivers/gpu/drm/drm_client_modeset.c:1180 __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:251 [inline] __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:230 [inline] drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:278 [inline] drm_fb_helper_lastclose+0xc7/0x160 drivers/gpu/drm/drm_fb_helper.c:2005 drm_fbdev_generic_client_restore+0x2c/0x40 drivers/gpu/drm/drm_fbdev_generic.c:258 drm_client_dev_restore+0x188/0x2a0 drivers/gpu/drm/drm_client.c:247 drm_release+0x32f/0x3e0 drivers/gpu/drm/drm_file.c:437 __fput+0x270/0xb80 fs/file_table.c:422 __fput_sync+0x47/0x50 fs/file_table.c:507 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x86/0x100 fs/open.c:1541 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7ff642e7ccda Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24 RSP: 002b:00007ffc84465df0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007ff642e7ccda RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000032 R08: 0000001b32620000 R09: 0000000000000022 R10: 000000008ad24e88 R11: 0000000000000293 R12: 00007ff642a00578 R13: ffffffffffffffff R14: 00007ff642a00000 R15: 000000000007ea00 ------------[ cut here ]------------ raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 0 PID: 10519 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x30 kernel/locking/irqflag-debug.c:10