------------[ cut here ]------------
WARNING: CPU: 1 PID: 13 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 13 Comm: rcu_preempt Not tainted 5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000114812a x10: 0000000000000007 
x9 : 1fffe00001148132 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055cfe004a20 
x3 : 0000055cfefe9620 x2 : 0000055cfe004a20 
x1 : 0000055cfefe9620 x0 : 0000000000000002 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline]
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
 _raw_spin_unlock_irq+0x80/0x15c kernel/locking/spinlock.c:199
 finish_lock_switch kernel/sched/core.c:4074 [inline]
 finish_task_switch.isra.0+0x1b4/0x6f0 kernel/sched/core.c:4191
 context_switch kernel/sched/core.c:4325 [inline]
 __schedule+0x818/0x1bc4 kernel/sched/core.c:5073
 schedule+0xac/0x22c kernel/sched/core.c:5152
 schedule_timeout+0x104/0x1f0 kernel/time/timer.c:1892
 rcu_gp_fqs_loop kernel/rcu/tree.c:2005 [inline]
 rcu_gp_kthread+0x8ec/0x2e9c kernel/rcu/tree.c:2178
 kthread+0x320/0x3bc kernel/kthread.c:292
 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:1006
irq event stamp: 4641632
hardirqs last  enabled at (4641631): [<ffff800014426bcc>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last  enabled at (4641631): [<ffff800014426bcc>] _raw_spin_unlock_irq+0x78/0x15c kernel/locking/spinlock.c:199
hardirqs last disabled at (4641632): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (4640400): [<ffff8000100109e0>] _stext+0x9e0/0x1084
softirqs last disabled at (4640361): [<ffff80001015c03c>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (4640361): [<ffff80001015c03c>] invoke_softirq kernel/softirq.c:440 [inline]
softirqs last disabled at (4640361): [<ffff80001015c03c>] __irq_exit_rcu+0x46c/0x510 kernel/softirq.c:637
---[ end trace 6167e4d48b6f80ec ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 13 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 13 Comm: rcu_preempt Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000114812a x10: 0000000000000007 
x9 : 1fffe00001148132 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d04f45e20 
x3 : 0000055d05f2aa20 x2 : 0000055d04f45e20 
x1 : 0000055d05f2aa20 x0 : 0000000000000007 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline]
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
 _raw_spin_unlock_irq+0x80/0x15c kernel/locking/spinlock.c:199
 finish_lock_switch kernel/sched/core.c:4074 [inline]
 finish_task_switch.isra.0+0x1b4/0x6f0 kernel/sched/core.c:4191
 context_switch kernel/sched/core.c:4325 [inline]
 __schedule+0x818/0x1bc4 kernel/sched/core.c:5073
 schedule+0xac/0x22c kernel/sched/core.c:5152
 schedule_timeout+0x104/0x1f0 kernel/time/timer.c:1892
 rcu_gp_fqs_loop kernel/rcu/tree.c:2005 [inline]
 rcu_gp_kthread+0x8ec/0x2e9c kernel/rcu/tree.c:2178
 kthread+0x320/0x3bc kernel/kthread.c:292
 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:1006
irq event stamp: 4641632
hardirqs last  enabled at (4641631): [<ffff800014426bcc>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last  enabled at (4641631): [<ffff800014426bcc>] _raw_spin_unlock_irq+0x78/0x15c kernel/locking/spinlock.c:199
hardirqs last disabled at (4641632): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (4640400): [<ffff8000100109e0>] _stext+0x9e0/0x1084
softirqs last disabled at (4640361): [<ffff80001015c03c>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (4640361): [<ffff80001015c03c>] invoke_softirq kernel/softirq.c:440 [inline]
softirqs last disabled at (4640361): [<ffff80001015c03c>] __irq_exit_rcu+0x46c/0x510 kernel/softirq.c:637
---[ end trace 6167e4d48b6f80ed ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 13 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 13 Comm: rcu_preempt Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000114812a x10: 0000000000000007 
x9 : 1fffe00001148132 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d09ebda20 
x3 : 0000055d0aea2620 x2 : 0000055d09ebda20 
x1 : 0000055d0aea2620 x0 : 0000000000000005 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline]
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
 _raw_spin_unlock_irq+0x80/0x15c kernel/locking/spinlock.c:199
 finish_lock_switch kernel/sched/core.c:4074 [inline]
 finish_task_switch.isra.0+0x1b4/0x6f0 kernel/sched/core.c:4191
 context_switch kernel/sched/core.c:4325 [inline]
 __schedule+0x818/0x1bc4 kernel/sched/core.c:5073
 schedule+0xac/0x22c kernel/sched/core.c:5152
 schedule_timeout+0x104/0x1f0 kernel/time/timer.c:1892
 rcu_gp_fqs_loop kernel/rcu/tree.c:2005 [inline]
 rcu_gp_kthread+0x8ec/0x2e9c kernel/rcu/tree.c:2178
 kthread+0x320/0x3bc kernel/kthread.c:292
 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:1006
irq event stamp: 4641632
hardirqs last  enabled at (4641631): [<ffff800014426bcc>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last  enabled at (4641631): [<ffff800014426bcc>] _raw_spin_unlock_irq+0x78/0x15c kernel/locking/spinlock.c:199
hardirqs last disabled at (4641632): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (4640400): [<ffff8000100109e0>] _stext+0x9e0/0x1084
softirqs last disabled at (4640361): [<ffff80001015c03c>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (4640361): [<ffff80001015c03c>] invoke_softirq kernel/softirq.c:440 [inline]
softirqs last disabled at (4640361): [<ffff80001015c03c>] __irq_exit_rcu+0x46c/0x510 kernel/softirq.c:637
---[ end trace 6167e4d48b6f80ee ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20329 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20329 Comm: syz-executor.0 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000275a472 x10: 0000000000000007 
x9 : 1fffe0000275a484 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d11de3a20 
x3 : 0000055d12dc8620 x2 : 0000055d11de3a20 
x1 : 0000055d12dc8620 x0 : 0000000000000008 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 flush_tlb_page_nosync arch/arm64/include/asm/tlbflush.h:262 [inline]
 flush_tlb_page arch/arm64/include/asm/tlbflush.h:269 [inline]
 ptep_clear_flush+0x110/0x1c0 mm/pgtable-generic.c:97
 wp_page_copy+0x574/0x16e0 mm/memory.c:2908
 do_wp_page+0x1d8/0xbbc mm/memory.c:3160
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_da+0x3c/0x50 arch/arm64/kernel/entry-common.c:314
 el0_sync_handler+0x168/0x1b0 arch/arm64/kernel/entry-common.c:441
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 1624
hardirqs last  enabled at (1623): [<ffff80001078c174>] mem_cgroup_charge+0x174/0x890 mm/memcontrol.c:6742
hardirqs last disabled at (1624): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (1268): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (1268): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (1268): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (1266): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f80ef ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20329 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20329 Comm: syz-executor.0 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000275a472 x10: 0000000000000007 
x9 : 1fffe0000275a484 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d16d5b620 
x3 : 0000055d17d40220 x2 : 0000055d16d5b620 
x1 : 0000055d17d40220 x0 : 0000000000000005 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 flush_tlb_page_nosync arch/arm64/include/asm/tlbflush.h:262 [inline]
 flush_tlb_page arch/arm64/include/asm/tlbflush.h:269 [inline]
 ptep_clear_flush+0x110/0x1c0 mm/pgtable-generic.c:97
 wp_page_copy+0x574/0x16e0 mm/memory.c:2908
 do_wp_page+0x1d8/0xbbc mm/memory.c:3160
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_da+0x3c/0x50 arch/arm64/kernel/entry-common.c:314
 el0_sync_handler+0x168/0x1b0 arch/arm64/kernel/entry-common.c:441
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 1624
hardirqs last  enabled at (1623): [<ffff80001078c174>] mem_cgroup_charge+0x174/0x890 mm/memcontrol.c:6742
hardirqs last disabled at (1624): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (1268): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (1268): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (1268): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (1266): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f80f0 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20329 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20329 Comm: syz-executor.0 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000275a472 x10: 0000000000000007 
x9 : 1fffe0000275a484 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d1acee620 
x3 : 0000055d1bcd3220 x2 : 0000055d1acee620 
x1 : 0000055d1bcd3220 x0 : 0000000000000004 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 flush_tlb_page_nosync arch/arm64/include/asm/tlbflush.h:262 [inline]
 flush_tlb_page arch/arm64/include/asm/tlbflush.h:269 [inline]
 ptep_clear_flush+0x110/0x1c0 mm/pgtable-generic.c:97
 wp_page_copy+0x574/0x16e0 mm/memory.c:2908
 do_wp_page+0x1d8/0xbbc mm/memory.c:3160
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_da+0x3c/0x50 arch/arm64/kernel/entry-common.c:314
 el0_sync_handler+0x168/0x1b0 arch/arm64/kernel/entry-common.c:441
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 1624
hardirqs last  enabled at (1623): [<ffff80001078c174>] mem_cgroup_charge+0x174/0x890 mm/memcontrol.c:6742
hardirqs last disabled at (1624): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (1268): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (1268): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (1268): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (1266): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f80f1 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7c2 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d26ba7620 
x3 : 0000055d27b8c220 x2 : 0000055d26ba7620 
x1 : 0000055d27b8c220 x0 : 000000000000000c 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 kasan_quarantine_put+0xac/0x254 mm/kasan/quarantine.c:220
 ____kasan_slab_free mm/kasan/common.c:362 [inline]
 ____kasan_slab_free+0x108/0x160 mm/kasan/common.c:325
 __kasan_slab_free+0x14/0x20 mm/kasan/common.c:367
 kasan_slab_free include/linux/kasan.h:199 [inline]
 slab_free_hook mm/slub.c:1563 [inline]
 slab_free_freelist_hook+0x8c/0x260 mm/slub.c:1601
 slab_free mm/slub.c:3162 [inline]
 kfree+0x154/0x7d0 mm/slub.c:4214
 free_rb_tree_fname+0x6c/0xc4 fs/ext4/dir.c:408
 ext4_htree_free_dir_info fs/ext4/dir.c:430 [inline]
 ext4_release_dir+0x3c/0x6c fs/ext4/dir.c:620
 __fput+0x1a0/0x6b0 fs/file_table.c:280
 ____fput+0x10/0x20 fs/file_table.c:313
 task_work_run+0xd4/0x20c kernel/task_work.c:140
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x12e4/0x25fc arch/arm64/kernel/signal.c:939
 work_pending+0xc/0x550
irq event stamp: 36593354
hardirqs last  enabled at (36593353): [<ffff80001073e2f8>] kasan_quarantine_put+0x108/0x254 mm/kasan/quarantine.c:220
hardirqs last disabled at (36593354): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36592596): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (36592596): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (36592596): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (36592594): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f80f2 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7c2 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d2bb1f220 
x3 : 0000055d2cb03e20 x2 : 0000055d2bb1f220 
x1 : 0000055d2cb03e20 x0 : 0000000000000005 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 kasan_quarantine_put+0xac/0x254 mm/kasan/quarantine.c:220
 ____kasan_slab_free mm/kasan/common.c:362 [inline]
 ____kasan_slab_free+0x108/0x160 mm/kasan/common.c:325
 __kasan_slab_free+0x14/0x20 mm/kasan/common.c:367
 kasan_slab_free include/linux/kasan.h:199 [inline]
 slab_free_hook mm/slub.c:1563 [inline]
 slab_free_freelist_hook+0x8c/0x260 mm/slub.c:1601
 slab_free mm/slub.c:3162 [inline]
 kfree+0x154/0x7d0 mm/slub.c:4214
 free_rb_tree_fname+0x6c/0xc4 fs/ext4/dir.c:408
 ext4_htree_free_dir_info fs/ext4/dir.c:430 [inline]
 ext4_release_dir+0x3c/0x6c fs/ext4/dir.c:620
 __fput+0x1a0/0x6b0 fs/file_table.c:280
 ____fput+0x10/0x20 fs/file_table.c:313
 task_work_run+0xd4/0x20c kernel/task_work.c:140
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x12e4/0x25fc arch/arm64/kernel/signal.c:939
 work_pending+0xc/0x550
irq event stamp: 36593354
hardirqs last  enabled at (36593353): [<ffff80001073e2f8>] kasan_quarantine_put+0x108/0x254 mm/kasan/quarantine.c:220
hardirqs last disabled at (36593354): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36592596): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (36592596): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (36592596): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (36592594): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f80f3 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7c2 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d2fab2220 
x3 : 0000055d30a96e20 x2 : 0000055d2fab2220 
x1 : 0000055d30a96e20 x0 : 0000000000000004 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 kasan_quarantine_put+0xac/0x254 mm/kasan/quarantine.c:220
 ____kasan_slab_free mm/kasan/common.c:362 [inline]
 ____kasan_slab_free+0x108/0x160 mm/kasan/common.c:325
 __kasan_slab_free+0x14/0x20 mm/kasan/common.c:367
 kasan_slab_free include/linux/kasan.h:199 [inline]
 slab_free_hook mm/slub.c:1563 [inline]
 slab_free_freelist_hook+0x8c/0x260 mm/slub.c:1601
 slab_free mm/slub.c:3162 [inline]
 kfree+0x154/0x7d0 mm/slub.c:4214
 free_rb_tree_fname+0x6c/0xc4 fs/ext4/dir.c:408
 ext4_htree_free_dir_info fs/ext4/dir.c:430 [inline]
 ext4_release_dir+0x3c/0x6c fs/ext4/dir.c:620
 __fput+0x1a0/0x6b0 fs/file_table.c:280
 ____fput+0x10/0x20 fs/file_table.c:313
 task_work_run+0xd4/0x20c kernel/task_work.c:140
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 do_notify_resume+0x12e4/0x25fc arch/arm64/kernel/signal.c:939
 work_pending+0xc/0x550
irq event stamp: 36593354
hardirqs last  enabled at (36593353): [<ffff80001073e2f8>] kasan_quarantine_put+0x108/0x254 mm/kasan/quarantine.c:220
hardirqs last disabled at (36593354): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36592596): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (36592596): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (36592596): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (36592594): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f80f4 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7d1 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d399a1a20 
x3 : 0000055d3a986620 x2 : 0000055d399a1a20 
x1 : 0000055d3a986620 x0 : 000000000000000a 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 __raw_spin_unlock include/linux/spinlock_api_smp.h:151 [inline]
 _raw_spin_unlock+0x74/0x150 kernel/locking/spinlock.c:183
 spin_unlock include/linux/spinlock.h:394 [inline]
 __dentry_kill+0x41c/0x560 fs/dcache.c:592
 shrink_dentry_list+0xf4/0x310 fs/dcache.c:1174
 shrink_dcache_parent+0x184/0x29c fs/dcache.c:1625
 vfs_rmdir.part.0+0x178/0x370 fs/namei.c:3899
 vfs_rmdir fs/namei.c:3881 [inline]
 do_rmdir+0x2d0/0x354 fs/namei.c:3958
 __do_sys_unlinkat fs/namei.c:4133 [inline]
 __se_sys_unlinkat fs/namei.c:4127 [inline]
 __arm64_sys_unlinkat+0xbc/0xf0 fs/namei.c:4127
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36593460
hardirqs last  enabled at (36593459): [<ffff8000102eebd4>] __call_rcu kernel/rcu/tree.c:3073 [inline]
hardirqs last  enabled at (36593459): [<ffff8000102eebd4>] call_rcu+0x374/0x8b0 kernel/rcu/tree.c:3114
hardirqs last disabled at (36593460): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36593386): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (36593386): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (36593386): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (36593384): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f80f5 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7d1 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d3b96b220 
x3 : 0000055d3c94fe20 x2 : 0000055d3b96b220 
x1 : 0000055d3c94fe20 x0 : 0000000000000002 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 __raw_spin_unlock include/linux/spinlock_api_smp.h:151 [inline]
 _raw_spin_unlock+0x74/0x150 kernel/locking/spinlock.c:183
 spin_unlock include/linux/spinlock.h:394 [inline]
 __dentry_kill+0x41c/0x560 fs/dcache.c:592
 shrink_dentry_list+0xf4/0x310 fs/dcache.c:1174
 shrink_dcache_parent+0x184/0x29c fs/dcache.c:1625
 vfs_rmdir.part.0+0x178/0x370 fs/namei.c:3899
 vfs_rmdir fs/namei.c:3881 [inline]
 do_rmdir+0x2d0/0x354 fs/namei.c:3958
 __do_sys_unlinkat fs/namei.c:4133 [inline]
 __se_sys_unlinkat fs/namei.c:4127 [inline]
 __arm64_sys_unlinkat+0xbc/0xf0 fs/namei.c:4127
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36593460
hardirqs last  enabled at (36593459): [<ffff8000102eebd4>] __call_rcu kernel/rcu/tree.c:3073 [inline]
hardirqs last  enabled at (36593459): [<ffff8000102eebd4>] call_rcu+0x374/0x8b0 kernel/rcu/tree.c:3114
hardirqs last disabled at (36593460): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36593386): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (36593386): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (36593386): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (36593384): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f80f6 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7d1 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d418c7a20 
x3 : 0000055d428ac620 x2 : 0000055d418c7a20 
x1 : 0000055d428ac620 x0 : 0000000000000006 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 __raw_spin_unlock include/linux/spinlock_api_smp.h:151 [inline]
 _raw_spin_unlock+0x74/0x150 kernel/locking/spinlock.c:183
 spin_unlock include/linux/spinlock.h:394 [inline]
 __dentry_kill+0x41c/0x560 fs/dcache.c:592
 shrink_dentry_list+0xf4/0x310 fs/dcache.c:1174
 shrink_dcache_parent+0x184/0x29c fs/dcache.c:1625
 vfs_rmdir.part.0+0x178/0x370 fs/namei.c:3899
 vfs_rmdir fs/namei.c:3881 [inline]
 do_rmdir+0x2d0/0x354 fs/namei.c:3958
 __do_sys_unlinkat fs/namei.c:4133 [inline]
 __se_sys_unlinkat fs/namei.c:4127 [inline]
 __arm64_sys_unlinkat+0xbc/0xf0 fs/namei.c:4127
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36593460
hardirqs last  enabled at (36593459): [<ffff8000102eebd4>] __call_rcu kernel/rcu/tree.c:3073 [inline]
hardirqs last  enabled at (36593459): [<ffff8000102eebd4>] call_rcu+0x374/0x8b0 kernel/rcu/tree.c:3114
hardirqs last disabled at (36593460): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36593386): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (36593386): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (36593386): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (36593384): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f80f7 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7cc x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d4d780a20 
x3 : 0000055d4e765620 x2 : 0000055d4d780a20 
x1 : 0000055d4e765620 x0 : 000000000000000c 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline]
 lookup_bh_lru fs/buffer.c:1312 [inline]
 __find_get_block+0x248/0xbdc fs/buffer.c:1324
 __getblk_gfp+0x2c/0xa0 fs/buffer.c:1350
 sb_getblk include/linux/buffer_head.h:325 [inline]
 ext4_getblk+0x16c/0x514 fs/ext4/inode.c:855
 ext4_bread_batch+0x78/0x330 fs/ext4/inode.c:921
 __ext4_find_entry+0x374/0xb60 fs/ext4/namei.c:1522
 ext4_lookup_entry fs/ext4/namei.c:1623 [inline]
 ext4_lookup fs/ext4/namei.c:1691 [inline]
 ext4_lookup+0x138/0x584 fs/ext4/namei.c:1682
 __lookup_hash+0xf0/0x140 fs/namei.c:1530
 filename_create+0x130/0x354 fs/namei.c:3593
 user_path_create fs/namei.c:3650 [inline]
 do_mkdirat+0xac/0x240 fs/namei.c:3828
 __do_sys_mkdirat fs/namei.c:3851 [inline]
 __se_sys_mkdirat fs/namei.c:3849 [inline]
 __arm64_sys_mkdirat+0x6c/0x9c fs/namei.c:3849
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36593674
hardirqs last  enabled at (36593673): [<ffff800010896df4>] lookup_bh_lru fs/buffer.c:1312 [inline]
hardirqs last  enabled at (36593673): [<ffff800010896df4>] __find_get_block+0x240/0xbdc fs/buffer.c:1324
hardirqs last disabled at (36593674): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36593652): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (36593652): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (36593652): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (36593650): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f80f8 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7cc x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d5072ee20 
x3 : 0000055d51713a20 x2 : 0000055d5072ee20 
x1 : 0000055d51713a20 x0 : 0000000000000003 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline]
 lookup_bh_lru fs/buffer.c:1312 [inline]
 __find_get_block+0x248/0xbdc fs/buffer.c:1324
 __getblk_gfp+0x2c/0xa0 fs/buffer.c:1350
 sb_getblk include/linux/buffer_head.h:325 [inline]
 ext4_getblk+0x16c/0x514 fs/ext4/inode.c:855
 ext4_bread_batch+0x78/0x330 fs/ext4/inode.c:921
 __ext4_find_entry+0x374/0xb60 fs/ext4/namei.c:1522
 ext4_lookup_entry fs/ext4/namei.c:1623 [inline]
 ext4_lookup fs/ext4/namei.c:1691 [inline]
 ext4_lookup+0x138/0x584 fs/ext4/namei.c:1682
 __lookup_hash+0xf0/0x140 fs/namei.c:1530
 filename_create+0x130/0x354 fs/namei.c:3593
 user_path_create fs/namei.c:3650 [inline]
 do_mkdirat+0xac/0x240 fs/namei.c:3828
 __do_sys_mkdirat fs/namei.c:3851 [inline]
 __se_sys_mkdirat fs/namei.c:3849 [inline]
 __arm64_sys_mkdirat+0x6c/0x9c fs/namei.c:3849
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36593674
hardirqs last  enabled at (36593673): [<ffff800010896df4>] lookup_bh_lru fs/buffer.c:1312 [inline]
hardirqs last  enabled at (36593673): [<ffff800010896df4>] __find_get_block+0x240/0xbdc fs/buffer.c:1324
hardirqs last disabled at (36593674): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36593652): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (36593652): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (36593652): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (36593650): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f80f9 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7cc x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d546c1e20 
x3 : 0000055d556a6a20 x2 : 0000055d546c1e20 
x1 : 0000055d556a6a20 x0 : 0000000000000004 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline]
 lookup_bh_lru fs/buffer.c:1312 [inline]
 __find_get_block+0x248/0xbdc fs/buffer.c:1324
 __getblk_gfp+0x2c/0xa0 fs/buffer.c:1350
 sb_getblk include/linux/buffer_head.h:325 [inline]
 ext4_getblk+0x16c/0x514 fs/ext4/inode.c:855
 ext4_bread_batch+0x78/0x330 fs/ext4/inode.c:921
 __ext4_find_entry+0x374/0xb60 fs/ext4/namei.c:1522
 ext4_lookup_entry fs/ext4/namei.c:1623 [inline]
 ext4_lookup fs/ext4/namei.c:1691 [inline]
 ext4_lookup+0x138/0x584 fs/ext4/namei.c:1682
 __lookup_hash+0xf0/0x140 fs/namei.c:1530
 filename_create+0x130/0x354 fs/namei.c:3593
 user_path_create fs/namei.c:3650 [inline]
 do_mkdirat+0xac/0x240 fs/namei.c:3828
 __do_sys_mkdirat fs/namei.c:3851 [inline]
 __se_sys_mkdirat fs/namei.c:3849 [inline]
 __arm64_sys_mkdirat+0x6c/0x9c fs/namei.c:3849
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36593674
hardirqs last  enabled at (36593673): [<ffff800010896df4>] lookup_bh_lru fs/buffer.c:1312 [inline]
hardirqs last  enabled at (36593673): [<ffff800010896df4>] __find_get_block+0x240/0xbdc fs/buffer.c:1324
hardirqs last disabled at (36593674): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36593652): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (36593652): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (36593652): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (36593650): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f80fa ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7cc x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d5f596220 
x3 : 0000055d6057ae20 x2 : 0000055d5f596220 
x1 : 0000055d6057ae20 x0 : 000000000000000b 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x94/0x180 kernel/locking/spinlock.c:191
 __debug_check_no_obj_freed lib/debugobjects.c:997 [inline]
 debug_check_no_obj_freed+0x1e4/0x420 lib/debugobjects.c:1018
 slab_free_hook mm/slub.c:1555 [inline]
 slab_free_freelist_hook+0x1c4/0x260 mm/slub.c:1601
 slab_free mm/slub.c:3162 [inline]
 kmem_cache_free+0xc4/0x70c mm/slub.c:3178
 merge_or_add_vmap_area mm/vmalloc.c:814 [inline]
 free_vmap_area_noflush+0x6b4/0xb20 mm/vmalloc.c:1436
 free_unmap_vmap_area mm/vmalloc.c:1455 [inline]
 remove_vm_area+0x164/0x1d4 mm/vmalloc.c:2188
 vm_remove_mappings mm/vmalloc.c:2215 [inline]
 __vunmap+0x268/0x870 mm/vmalloc.c:2277
 __vfree+0xc0/0x170 mm/vmalloc.c:2333
 vfree+0xf4/0x150 mm/vmalloc.c:2364
 copy_entries_to_user net/ipv4/netfilter/ip_tables.c:867 [inline]
 get_entries net/ipv4/netfilter/ip_tables.c:1023 [inline]
 do_ipt_get_ctl+0x674/0xa30 net/ipv4/netfilter/ip_tables.c:1662
 nf_getsockopt+0x78/0xf0 net/netfilter/nf_sockopt.c:116
 ip_getsockopt net/ipv4/ip_sockglue.c:1777 [inline]
 ip_getsockopt+0x1bc/0x2b0 net/ipv4/ip_sockglue.c:1756
 tcp_getsockopt+0x70/0xd0 net/ipv4/tcp.c:4239
 sock_common_getsockopt+0x70/0xd0 net/core/sock.c:3230
 __sys_getsockopt+0x138/0x42c net/socket.c:2161
 __do_sys_getsockopt net/socket.c:2176 [inline]
 __se_sys_getsockopt net/socket.c:2173 [inline]
 __arm64_sys_getsockopt+0xa4/0x100 net/socket.c:2173
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36594646
hardirqs last  enabled at (36594645): [<ffff800014427438>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (36594645): [<ffff800014427438>] _raw_spin_unlock_irqrestore+0x108/0x180 kernel/locking/spinlock.c:191
hardirqs last disabled at (36594646): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36594610): [<ffff8000136574a4>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
softirqs last  enabled at (36594610): [<ffff8000136574a4>] release_sock+0x164/0x214 net/core/sock.c:3085
softirqs last disabled at (36594608): [<ffff800013657368>] spin_lock_bh include/linux/spinlock.h:359 [inline]
softirqs last disabled at (36594608): [<ffff800013657368>] release_sock+0x28/0x214 net/core/sock.c:3072
---[ end trace 6167e4d48b6f80fb ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7cc x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d6450de20 
x3 : 0000055d654f2a20 x2 : 0000055d6450de20 
x1 : 0000055d654f2a20 x0 : 0000000000000005 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x94/0x180 kernel/locking/spinlock.c:191
 __debug_check_no_obj_freed lib/debugobjects.c:997 [inline]
 debug_check_no_obj_freed+0x1e4/0x420 lib/debugobjects.c:1018
 slab_free_hook mm/slub.c:1555 [inline]
 slab_free_freelist_hook+0x1c4/0x260 mm/slub.c:1601
 slab_free mm/slub.c:3162 [inline]
 kmem_cache_free+0xc4/0x70c mm/slub.c:3178
 merge_or_add_vmap_area mm/vmalloc.c:814 [inline]
 free_vmap_area_noflush+0x6b4/0xb20 mm/vmalloc.c:1436
 free_unmap_vmap_area mm/vmalloc.c:1455 [inline]
 remove_vm_area+0x164/0x1d4 mm/vmalloc.c:2188
 vm_remove_mappings mm/vmalloc.c:2215 [inline]
 __vunmap+0x268/0x870 mm/vmalloc.c:2277
 __vfree+0xc0/0x170 mm/vmalloc.c:2333
 vfree+0xf4/0x150 mm/vmalloc.c:2364
 copy_entries_to_user net/ipv4/netfilter/ip_tables.c:867 [inline]
 get_entries net/ipv4/netfilter/ip_tables.c:1023 [inline]
 do_ipt_get_ctl+0x674/0xa30 net/ipv4/netfilter/ip_tables.c:1662
 nf_getsockopt+0x78/0xf0 net/netfilter/nf_sockopt.c:116
 ip_getsockopt net/ipv4/ip_sockglue.c:1777 [inline]
 ip_getsockopt+0x1bc/0x2b0 net/ipv4/ip_sockglue.c:1756
 tcp_getsockopt+0x70/0xd0 net/ipv4/tcp.c:4239
 sock_common_getsockopt+0x70/0xd0 net/core/sock.c:3230
 __sys_getsockopt+0x138/0x42c net/socket.c:2161
 __do_sys_getsockopt net/socket.c:2176 [inline]
 __se_sys_getsockopt net/socket.c:2173 [inline]
 __arm64_sys_getsockopt+0xa4/0x100 net/socket.c:2173
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36594646
hardirqs last  enabled at (36594645): [<ffff800014427438>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (36594645): [<ffff800014427438>] _raw_spin_unlock_irqrestore+0x108/0x180 kernel/locking/spinlock.c:191
hardirqs last disabled at (36594646): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36594610): [<ffff8000136574a4>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
softirqs last  enabled at (36594610): [<ffff8000136574a4>] release_sock+0x164/0x214 net/core/sock.c:3085
softirqs last disabled at (36594608): [<ffff800013657368>] spin_lock_bh include/linux/spinlock.h:359 [inline]
softirqs last disabled at (36594608): [<ffff800013657368>] release_sock+0x28/0x214 net/core/sock.c:3072
---[ end trace 6167e4d48b6f80fc ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7cc x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d674bc220 
x3 : 0000055d684a0e20 x2 : 0000055d674bc220 
x1 : 0000055d684a0e20 x0 : 0000000000000003 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x94/0x180 kernel/locking/spinlock.c:191
 __debug_check_no_obj_freed lib/debugobjects.c:997 [inline]
 debug_check_no_obj_freed+0x1e4/0x420 lib/debugobjects.c:1018
 slab_free_hook mm/slub.c:1555 [inline]
 slab_free_freelist_hook+0x1c4/0x260 mm/slub.c:1601
 slab_free mm/slub.c:3162 [inline]
 kmem_cache_free+0xc4/0x70c mm/slub.c:3178
 merge_or_add_vmap_area mm/vmalloc.c:814 [inline]
 free_vmap_area_noflush+0x6b4/0xb20 mm/vmalloc.c:1436
 free_unmap_vmap_area mm/vmalloc.c:1455 [inline]
 remove_vm_area+0x164/0x1d4 mm/vmalloc.c:2188
 vm_remove_mappings mm/vmalloc.c:2215 [inline]
 __vunmap+0x268/0x870 mm/vmalloc.c:2277
 __vfree+0xc0/0x170 mm/vmalloc.c:2333
 vfree+0xf4/0x150 mm/vmalloc.c:2364
 copy_entries_to_user net/ipv4/netfilter/ip_tables.c:867 [inline]
 get_entries net/ipv4/netfilter/ip_tables.c:1023 [inline]
 do_ipt_get_ctl+0x674/0xa30 net/ipv4/netfilter/ip_tables.c:1662
 nf_getsockopt+0x78/0xf0 net/netfilter/nf_sockopt.c:116
 ip_getsockopt net/ipv4/ip_sockglue.c:1777 [inline]
 ip_getsockopt+0x1bc/0x2b0 net/ipv4/ip_sockglue.c:1756
 tcp_getsockopt+0x70/0xd0 net/ipv4/tcp.c:4239
 sock_common_getsockopt+0x70/0xd0 net/core/sock.c:3230
 __sys_getsockopt+0x138/0x42c net/socket.c:2161
 __do_sys_getsockopt net/socket.c:2176 [inline]
 __se_sys_getsockopt net/socket.c:2173 [inline]
 __arm64_sys_getsockopt+0xa4/0x100 net/socket.c:2173
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36594646
hardirqs last  enabled at (36594645): [<ffff800014427438>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (36594645): [<ffff800014427438>] _raw_spin_unlock_irqrestore+0x108/0x180 kernel/locking/spinlock.c:191
hardirqs last disabled at (36594646): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36594610): [<ffff8000136574a4>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
softirqs last  enabled at (36594610): [<ffff8000136574a4>] release_sock+0x164/0x214 net/core/sock.c:3085
softirqs last disabled at (36594608): [<ffff800013657368>] spin_lock_bh include/linux/spinlock.h:359 [inline]
softirqs last disabled at (36594608): [<ffff800013657368>] release_sock+0x28/0x214 net/core/sock.c:3072
---[ end trace 6167e4d48b6f80fd ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7cc x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d703c6e20 
x3 : 0000055d713aba20 x2 : 0000055d703c6e20 
x1 : 0000055d713aba20 x0 : 0000000000000009 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 flush_tlb_page_nosync arch/arm64/include/asm/tlbflush.h:262 [inline]
 flush_tlb_page arch/arm64/include/asm/tlbflush.h:269 [inline]
 ptep_set_access_flags+0x1b0/0x240 arch/arm64/mm/fault.c:226
 wp_page_reuse+0xfc/0x250 mm/memory.c:2812
 do_wp_page+0x8c8/0xbbc mm/memory.c:3147
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_da+0x3c/0x50 arch/arm64/kernel/entry-common.c:314
 el0_sync_handler+0x168/0x1b0 arch/arm64/kernel/entry-common.c:441
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36595606
hardirqs last  enabled at (36595605): [<ffff800010664f00>] count_memcg_events include/linux/memcontrol.h:997 [inline]
hardirqs last  enabled at (36595605): [<ffff800010664f00>] count_memcg_event_mm.part.0+0x130/0x1f0 include/linux/memcontrol.h:1020
hardirqs last disabled at (36595606): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36595494): [<ffff800013b30a88>] xt_replace_table+0x2d4/0x75c net/netfilter/x_tables.c:1383
softirqs last disabled at (36595492): [<ffff800013b309ac>] xt_jumpstack_alloc net/netfilter/x_tables.c:1318 [inline]
softirqs last disabled at (36595492): [<ffff800013b309ac>] xt_replace_table+0x1f8/0x75c net/netfilter/x_tables.c:1358
---[ end trace 6167e4d48b6f80fe ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7cc x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d72390620 
x3 : 0000055d73375220 x2 : 0000055d72390620 
x1 : 0000055d73375220 x0 : 0000000000000002 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 flush_tlb_page_nosync arch/arm64/include/asm/tlbflush.h:262 [inline]
 flush_tlb_page arch/arm64/include/asm/tlbflush.h:269 [inline]
 ptep_set_access_flags+0x1b0/0x240 arch/arm64/mm/fault.c:226
 wp_page_reuse+0xfc/0x250 mm/memory.c:2812
 do_wp_page+0x8c8/0xbbc mm/memory.c:3147
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_da+0x3c/0x50 arch/arm64/kernel/entry-common.c:314
 el0_sync_handler+0x168/0x1b0 arch/arm64/kernel/entry-common.c:441
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36595606
hardirqs last  enabled at (36595605): [<ffff800010664f00>] count_memcg_events include/linux/memcontrol.h:997 [inline]
hardirqs last  enabled at (36595605): [<ffff800010664f00>] count_memcg_event_mm.part.0+0x130/0x1f0 include/linux/memcontrol.h:1020
hardirqs last disabled at (36595606): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36595494): [<ffff800013b30a88>] xt_replace_table+0x2d4/0x75c net/netfilter/x_tables.c:1383
softirqs last disabled at (36595492): [<ffff800013b309ac>] xt_jumpstack_alloc net/netfilter/x_tables.c:1318 [inline]
softirqs last disabled at (36595492): [<ffff800013b309ac>] xt_replace_table+0x1f8/0x75c net/netfilter/x_tables.c:1358
---[ end trace 6167e4d48b6f80ff ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7cc x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d76323620 
x3 : 0000055d77308220 x2 : 0000055d76323620 
x1 : 0000055d77308220 x0 : 0000000000000004 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 flush_tlb_page_nosync arch/arm64/include/asm/tlbflush.h:262 [inline]
 flush_tlb_page arch/arm64/include/asm/tlbflush.h:269 [inline]
 ptep_set_access_flags+0x1b0/0x240 arch/arm64/mm/fault.c:226
 wp_page_reuse+0xfc/0x250 mm/memory.c:2812
 do_wp_page+0x8c8/0xbbc mm/memory.c:3147
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_da+0x3c/0x50 arch/arm64/kernel/entry-common.c:314
 el0_sync_handler+0x168/0x1b0 arch/arm64/kernel/entry-common.c:441
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36595606
hardirqs last  enabled at (36595605): [<ffff800010664f00>] count_memcg_events include/linux/memcontrol.h:997 [inline]
hardirqs last  enabled at (36595605): [<ffff800010664f00>] count_memcg_event_mm.part.0+0x130/0x1f0 include/linux/memcontrol.h:1020
hardirqs last disabled at (36595606): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36595494): [<ffff800013b30a88>] xt_replace_table+0x2d4/0x75c net/netfilter/x_tables.c:1383
softirqs last disabled at (36595492): [<ffff800013b309ac>] xt_jumpstack_alloc net/netfilter/x_tables.c:1318 [inline]
softirqs last disabled at (36595492): [<ffff800013b309ac>] xt_replace_table+0x1f8/0x75c net/netfilter/x_tables.c:1358
---[ end trace 6167e4d48b6f8100 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7d1 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d7f22e220 
x3 : 0000055d80212e20 x2 : 0000055d7f22e220 
x1 : 0000055d80212e20 x0 : 0000000000000009 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 flush_tlb_page_nosync arch/arm64/include/asm/tlbflush.h:262 [inline]
 flush_tlb_page arch/arm64/include/asm/tlbflush.h:269 [inline]
 ptep_set_access_flags+0x1b0/0x240 arch/arm64/mm/fault.c:226
 wp_page_reuse+0xfc/0x250 mm/memory.c:2812
 do_wp_page+0x8c8/0xbbc mm/memory.c:3147
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el1_abort+0x3c/0x60 arch/arm64/kernel/entry-common.c:171
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:263
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:719
 __arch_copy_to_user+0x100/0x220 arch/arm64/lib/copy_template.S:135
 copy_page_to_iter_iovec lib/iov_iter.c:260 [inline]
 copy_page_to_iter+0x278/0xb90 lib/iov_iter.c:979
 pipe_read+0x394/0xe6c fs/pipe.c:290
 call_read_iter include/linux/fs.h:2110 [inline]
 new_sync_read+0x3e0/0x4f0 fs/read_write.c:415
 vfs_read+0x244/0x420 fs/read_write.c:496
 ksys_read+0x188/0x1d0 fs/read_write.c:634
 __do_sys_read fs/read_write.c:644 [inline]
 __se_sys_read fs/read_write.c:642 [inline]
 __arm64_sys_read+0x6c/0xa0 fs/read_write.c:642
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36596018
hardirqs last  enabled at (36596017): [<ffff800010664f00>] count_memcg_events include/linux/memcontrol.h:997 [inline]
hardirqs last  enabled at (36596017): [<ffff800010664f00>] count_memcg_event_mm.part.0+0x130/0x1f0 include/linux/memcontrol.h:1020
hardirqs last disabled at (36596018): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36595944): [<ffff8000136574a4>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
softirqs last  enabled at (36595944): [<ffff8000136574a4>] release_sock+0x164/0x214 net/core/sock.c:3085
softirqs last disabled at (36595942): [<ffff800013657368>] spin_lock_bh include/linux/spinlock.h:359 [inline]
softirqs last disabled at (36595942): [<ffff800013657368>] release_sock+0x28/0x214 net/core/sock.c:3072
---[ end trace 6167e4d48b6f8101 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7d1 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d821dc620 
x3 : 0000055d831c1220 x2 : 0000055d821dc620 
x1 : 0000055d831c1220 x0 : 0000000000000003 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 flush_tlb_page_nosync arch/arm64/include/asm/tlbflush.h:262 [inline]
 flush_tlb_page arch/arm64/include/asm/tlbflush.h:269 [inline]
 ptep_set_access_flags+0x1b0/0x240 arch/arm64/mm/fault.c:226
 wp_page_reuse+0xfc/0x250 mm/memory.c:2812
 do_wp_page+0x8c8/0xbbc mm/memory.c:3147
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el1_abort+0x3c/0x60 arch/arm64/kernel/entry-common.c:171
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:263
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:719
 __arch_copy_to_user+0x100/0x220 arch/arm64/lib/copy_template.S:135
 copy_page_to_iter_iovec lib/iov_iter.c:260 [inline]
 copy_page_to_iter+0x278/0xb90 lib/iov_iter.c:979
 pipe_read+0x394/0xe6c fs/pipe.c:290
 call_read_iter include/linux/fs.h:2110 [inline]
 new_sync_read+0x3e0/0x4f0 fs/read_write.c:415
 vfs_read+0x244/0x420 fs/read_write.c:496
 ksys_read+0x188/0x1d0 fs/read_write.c:634
 __do_sys_read fs/read_write.c:644 [inline]
 __se_sys_read fs/read_write.c:642 [inline]
 __arm64_sys_read+0x6c/0xa0 fs/read_write.c:642
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36596018
hardirqs last  enabled at (36596017): [<ffff800010664f00>] count_memcg_events include/linux/memcontrol.h:997 [inline]
hardirqs last  enabled at (36596017): [<ffff800010664f00>] count_memcg_event_mm.part.0+0x130/0x1f0 include/linux/memcontrol.h:1020
hardirqs last disabled at (36596018): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36595944): [<ffff8000136574a4>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
softirqs last  enabled at (36595944): [<ffff8000136574a4>] release_sock+0x164/0x214 net/core/sock.c:3085
softirqs last disabled at (36595942): [<ffff800013657368>] spin_lock_bh include/linux/spinlock.h:359 [inline]
softirqs last disabled at (36595942): [<ffff800013657368>] release_sock+0x28/0x214 net/core/sock.c:3072
---[ end trace 6167e4d48b6f8102 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3295 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 3295 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000203c7ba x10: 0000000000000007 
x9 : 1fffe0000203c7d1 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d8616f620 
x3 : 0000055d87154220 x2 : 0000055d8616f620 
x1 : 0000055d87154220 x0 : 0000000000000004 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 flush_tlb_page_nosync arch/arm64/include/asm/tlbflush.h:262 [inline]
 flush_tlb_page arch/arm64/include/asm/tlbflush.h:269 [inline]
 ptep_set_access_flags+0x1b0/0x240 arch/arm64/mm/fault.c:226
 wp_page_reuse+0xfc/0x250 mm/memory.c:2812
 do_wp_page+0x8c8/0xbbc mm/memory.c:3147
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el1_abort+0x3c/0x60 arch/arm64/kernel/entry-common.c:171
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:263
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:719
 __arch_copy_to_user+0x100/0x220 arch/arm64/lib/copy_template.S:135
 copy_page_to_iter_iovec lib/iov_iter.c:260 [inline]
 copy_page_to_iter+0x278/0xb90 lib/iov_iter.c:979
 pipe_read+0x394/0xe6c fs/pipe.c:290
 call_read_iter include/linux/fs.h:2110 [inline]
 new_sync_read+0x3e0/0x4f0 fs/read_write.c:415
 vfs_read+0x244/0x420 fs/read_write.c:496
 ksys_read+0x188/0x1d0 fs/read_write.c:634
 __do_sys_read fs/read_write.c:644 [inline]
 __se_sys_read fs/read_write.c:642 [inline]
 __arm64_sys_read+0x6c/0xa0 fs/read_write.c:642
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 36596018
hardirqs last  enabled at (36596017): [<ffff800010664f00>] count_memcg_events include/linux/memcontrol.h:997 [inline]
hardirqs last  enabled at (36596017): [<ffff800010664f00>] count_memcg_event_mm.part.0+0x130/0x1f0 include/linux/memcontrol.h:1020
hardirqs last disabled at (36596018): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (36595944): [<ffff8000136574a4>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
softirqs last  enabled at (36595944): [<ffff8000136574a4>] release_sock+0x164/0x214 net/core/sock.c:3085
softirqs last disabled at (36595942): [<ffff800013657368>] spin_lock_bh include/linux/spinlock.h:359 [inline]
softirqs last disabled at (36595942): [<ffff800013657368>] release_sock+0x28/0x214 net/core/sock.c:3072
---[ end trace 6167e4d48b6f8103 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20331 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20331 Comm: syz-executor.0 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000003 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe00001748472 x10: 0000000000000007 
x9 : 1fffe00001748484 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d8f07a220 
x3 : 0000055d9005ee20 x2 : 0000055d8f07a220 
x1 : 0000055d9005ee20 x0 : 0000000000000009 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 lock_page_memcg+0x180/0x450 mm/memcontrol.c:2154
 page_remove_rmap+0x28/0xb24 mm/rmap.c:1348
 zap_pte_range mm/memory.c:1270 [inline]
 zap_pmd_range mm/memory.c:1374 [inline]
 zap_pud_range mm/memory.c:1403 [inline]
 zap_p4d_range mm/memory.c:1424 [inline]
 unmap_page_range+0x6b8/0x14f0 mm/memory.c:1445
 unmap_single_vma mm/memory.c:1490 [inline]
 unmap_vmas+0x1a4/0x3a4 mm/memory.c:1522
 exit_mmap+0x1dc/0x3e0 mm/mmap.c:3224
 __mmput+0xa8/0x33c kernel/fork.c:1090
 mmput+0x80/0x90 kernel/fork.c:1111
 exit_mm kernel/exit.c:501 [inline]
 do_exit+0x854/0x2290 kernel/exit.c:812
 do_group_exit+0xcc/0x23c kernel/exit.c:922
 get_signal+0x384/0x19a0 kernel/signal.c:2779
 do_signal arch/arm64/kernel/signal.c:882 [inline]
 do_notify_resume+0x3cc/0x25fc arch/arm64/kernel/signal.c:936
 work_pending+0xc/0x550
irq event stamp: 526
hardirqs last  enabled at (525): [<ffff80001077a504>] lock_page_memcg+0x274/0x450 mm/memcontrol.c:2154
hardirqs last disabled at (526): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (8): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (8): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (8): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (6): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f8104 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20331 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20331 Comm: syz-executor.0 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000003 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe00001748472 x10: 0000000000000007 
x9 : 1fffe00001748484 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d95fbb620 
x3 : 0000055d96fa0220 x2 : 0000055d95fbb620 
x1 : 0000055d96fa0220 x0 : 0000000000000007 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 lock_page_memcg+0x180/0x450 mm/memcontrol.c:2154
 page_remove_rmap+0x28/0xb24 mm/rmap.c:1348
 zap_pte_range mm/memory.c:1270 [inline]
 zap_pmd_range mm/memory.c:1374 [inline]
 zap_pud_range mm/memory.c:1403 [inline]
 zap_p4d_range mm/memory.c:1424 [inline]
 unmap_page_range+0x6b8/0x14f0 mm/memory.c:1445
 unmap_single_vma mm/memory.c:1490 [inline]
 unmap_vmas+0x1a4/0x3a4 mm/memory.c:1522
 exit_mmap+0x1dc/0x3e0 mm/mmap.c:3224
 __mmput+0xa8/0x33c kernel/fork.c:1090
 mmput+0x80/0x90 kernel/fork.c:1111
 exit_mm kernel/exit.c:501 [inline]
 do_exit+0x854/0x2290 kernel/exit.c:812
 do_group_exit+0xcc/0x23c kernel/exit.c:922
 get_signal+0x384/0x19a0 kernel/signal.c:2779
 do_signal arch/arm64/kernel/signal.c:882 [inline]
 do_notify_resume+0x3cc/0x25fc arch/arm64/kernel/signal.c:936
 work_pending+0xc/0x550
irq event stamp: 526
hardirqs last  enabled at (525): [<ffff80001077a504>] lock_page_memcg+0x274/0x450 mm/memcontrol.c:2154
hardirqs last disabled at (526): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (8): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (8): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (8): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (6): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f8105 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20331 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20331 Comm: syz-executor.0 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000003 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe00001748472 x10: 0000000000000007 
x9 : 1fffe00001748484 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055d9cefca20 
x3 : 0000055d9dee1620 x2 : 0000055d9cefca20 
x1 : 0000055d9dee1620 x0 : 0000000000000007 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 lock_page_memcg+0x180/0x450 mm/memcontrol.c:2154
 page_remove_rmap+0x28/0xb24 mm/rmap.c:1348
 zap_pte_range mm/memory.c:1270 [inline]
 zap_pmd_range mm/memory.c:1374 [inline]
 zap_pud_range mm/memory.c:1403 [inline]
 zap_p4d_range mm/memory.c:1424 [inline]
 unmap_page_range+0x6b8/0x14f0 mm/memory.c:1445
 unmap_single_vma mm/memory.c:1490 [inline]
 unmap_vmas+0x1a4/0x3a4 mm/memory.c:1522
 exit_mmap+0x1dc/0x3e0 mm/mmap.c:3224
 __mmput+0xa8/0x33c kernel/fork.c:1090
 mmput+0x80/0x90 kernel/fork.c:1111
 exit_mm kernel/exit.c:501 [inline]
 do_exit+0x854/0x2290 kernel/exit.c:812
 do_group_exit+0xcc/0x23c kernel/exit.c:922
 get_signal+0x384/0x19a0 kernel/signal.c:2779
 do_signal arch/arm64/kernel/signal.c:882 [inline]
 do_notify_resume+0x3cc/0x25fc arch/arm64/kernel/signal.c:936
 work_pending+0xc/0x550
irq event stamp: 526
hardirqs last  enabled at (525): [<ffff80001077a504>] lock_page_memcg+0x274/0x450 mm/memcontrol.c:2154
hardirqs last disabled at (526): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (8): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (8): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (8): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (6): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f8106 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20331 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20331 Comm: syz-executor.0 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe00001748472 x10: 0000000000000007 
x9 : 1fffe0000174847a x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055da8db5a20 
x3 : 0000055da9d9a620 x2 : 0000055da8db5a20 
x1 : 0000055da9d9a620 x0 : 000000000000000c 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x94/0x180 kernel/locking/spinlock.c:191
 __debug_check_no_obj_freed lib/debugobjects.c:997 [inline]
 debug_check_no_obj_freed+0x1e4/0x420 lib/debugobjects.c:1018
 free_pages_prepare mm/page_alloc.c:1276 [inline]
 __free_pages_ok+0x334/0xff0 mm/page_alloc.c:1540
 free_compound_page+0x8c/0xd4 mm/page_alloc.c:668
 free_transhuge_page+0x25c/0x3b0 mm/huge_memory.c:2808
 destroy_compound_page include/linux/mm.h:930 [inline]
 __put_compound_page+0x84/0xec mm/swap.c:110
 release_pages+0x408/0x1250 mm/swap.c:899
 free_pages_and_swap_cache+0x168/0x200 mm/swap_state.c:329
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xac/0x410 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1336 [inline]
 zap_pmd_range mm/memory.c:1374 [inline]
 zap_pud_range mm/memory.c:1403 [inline]
 zap_p4d_range mm/memory.c:1424 [inline]
 unmap_page_range+0xbe0/0x14f0 mm/memory.c:1445
 unmap_single_vma mm/memory.c:1490 [inline]
 unmap_vmas+0x1a4/0x3a4 mm/memory.c:1522
 exit_mmap+0x1dc/0x3e0 mm/mmap.c:3224
 __mmput+0xa8/0x33c kernel/fork.c:1090
 mmput+0x80/0x90 kernel/fork.c:1111
 exit_mm kernel/exit.c:501 [inline]
 do_exit+0x854/0x2290 kernel/exit.c:812
 do_group_exit+0xcc/0x23c kernel/exit.c:922
 get_signal+0x384/0x19a0 kernel/signal.c:2779
 do_signal arch/arm64/kernel/signal.c:882 [inline]
 do_notify_resume+0x3cc/0x25fc arch/arm64/kernel/signal.c:936
 work_pending+0xc/0x550
irq event stamp: 1638
hardirqs last  enabled at (1637): [<ffff800014427438>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (1637): [<ffff800014427438>] _raw_spin_unlock_irqrestore+0x108/0x180 kernel/locking/spinlock.c:191
hardirqs last disabled at (1638): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (640): [<ffff8000100109e0>] _stext+0x9e0/0x1084
softirqs last disabled at (527): [<ffff80001015c03c>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (527): [<ffff80001015c03c>] invoke_softirq kernel/softirq.c:440 [inline]
softirqs last disabled at (527): [<ffff80001015c03c>] __irq_exit_rcu+0x46c/0x510 kernel/softirq.c:637
---[ end trace 6167e4d48b6f8107 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20331 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20331 Comm: syz-executor.0 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe00001748472 x10: 0000000000000007 
x9 : 1fffe0000174847a x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055dafcf6e20 
x3 : 0000055db0cdba20 x2 : 0000055dafcf6e20 
x1 : 0000055db0cdba20 x0 : 0000000000000007 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x94/0x180 kernel/locking/spinlock.c:191
 __debug_check_no_obj_freed lib/debugobjects.c:997 [inline]
 debug_check_no_obj_freed+0x1e4/0x420 lib/debugobjects.c:1018
 free_pages_prepare mm/page_alloc.c:1276 [inline]
 __free_pages_ok+0x334/0xff0 mm/page_alloc.c:1540
 free_compound_page+0x8c/0xd4 mm/page_alloc.c:668
 free_transhuge_page+0x25c/0x3b0 mm/huge_memory.c:2808
 destroy_compound_page include/linux/mm.h:930 [inline]
 __put_compound_page+0x84/0xec mm/swap.c:110
 release_pages+0x408/0x1250 mm/swap.c:899
 free_pages_and_swap_cache+0x168/0x200 mm/swap_state.c:329
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xac/0x410 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1336 [inline]
 zap_pmd_range mm/memory.c:1374 [inline]
 zap_pud_range mm/memory.c:1403 [inline]
 zap_p4d_range mm/memory.c:1424 [inline]
 unmap_page_range+0xbe0/0x14f0 mm/memory.c:1445
 unmap_single_vma mm/memory.c:1490 [inline]
 unmap_vmas+0x1a4/0x3a4 mm/memory.c:1522
 exit_mmap+0x1dc/0x3e0 mm/mmap.c:3224
 __mmput+0xa8/0x33c kernel/fork.c:1090
 mmput+0x80/0x90 kernel/fork.c:1111
 exit_mm kernel/exit.c:501 [inline]
 do_exit+0x854/0x2290 kernel/exit.c:812
 do_group_exit+0xcc/0x23c kernel/exit.c:922
 get_signal+0x384/0x19a0 kernel/signal.c:2779
 do_signal arch/arm64/kernel/signal.c:882 [inline]
 do_notify_resume+0x3cc/0x25fc arch/arm64/kernel/signal.c:936
 work_pending+0xc/0x550
irq event stamp: 1638
hardirqs last  enabled at (1637): [<ffff800014427438>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (1637): [<ffff800014427438>] _raw_spin_unlock_irqrestore+0x108/0x180 kernel/locking/spinlock.c:191
hardirqs last disabled at (1638): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (640): [<ffff8000100109e0>] _stext+0x9e0/0x1084
softirqs last disabled at (527): [<ffff80001015c03c>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (527): [<ffff80001015c03c>] invoke_softirq kernel/softirq.c:440 [inline]
softirqs last disabled at (527): [<ffff80001015c03c>] __irq_exit_rcu+0x46c/0x510 kernel/softirq.c:637
---[ end trace 6167e4d48b6f8108 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20331 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20331 Comm: syz-executor.0 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe00001748472 x10: 0000000000000007 
x9 : 1fffe0000174847a x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055db2ca5220 
x3 : 0000055db3c89e20 x2 : 0000055db2ca5220 
x1 : 0000055db3c89e20 x0 : 0000000000000003 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x94/0x180 kernel/locking/spinlock.c:191
 __debug_check_no_obj_freed lib/debugobjects.c:997 [inline]
 debug_check_no_obj_freed+0x1e4/0x420 lib/debugobjects.c:1018
 free_pages_prepare mm/page_alloc.c:1276 [inline]
 __free_pages_ok+0x334/0xff0 mm/page_alloc.c:1540
 free_compound_page+0x8c/0xd4 mm/page_alloc.c:668
 free_transhuge_page+0x25c/0x3b0 mm/huge_memory.c:2808
 destroy_compound_page include/linux/mm.h:930 [inline]
 __put_compound_page+0x84/0xec mm/swap.c:110
 release_pages+0x408/0x1250 mm/swap.c:899
 free_pages_and_swap_cache+0x168/0x200 mm/swap_state.c:329
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xac/0x410 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1336 [inline]
 zap_pmd_range mm/memory.c:1374 [inline]
 zap_pud_range mm/memory.c:1403 [inline]
 zap_p4d_range mm/memory.c:1424 [inline]
 unmap_page_range+0xbe0/0x14f0 mm/memory.c:1445
 unmap_single_vma mm/memory.c:1490 [inline]
 unmap_vmas+0x1a4/0x3a4 mm/memory.c:1522
 exit_mmap+0x1dc/0x3e0 mm/mmap.c:3224
 __mmput+0xa8/0x33c kernel/fork.c:1090
 mmput+0x80/0x90 kernel/fork.c:1111
 exit_mm kernel/exit.c:501 [inline]
 do_exit+0x854/0x2290 kernel/exit.c:812
 do_group_exit+0xcc/0x23c kernel/exit.c:922
 get_signal+0x384/0x19a0 kernel/signal.c:2779
 do_signal arch/arm64/kernel/signal.c:882 [inline]
 do_notify_resume+0x3cc/0x25fc arch/arm64/kernel/signal.c:936
 work_pending+0xc/0x550
irq event stamp: 1638
hardirqs last  enabled at (1637): [<ffff800014427438>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (1637): [<ffff800014427438>] _raw_spin_unlock_irqrestore+0x108/0x180 kernel/locking/spinlock.c:191
hardirqs last disabled at (1638): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (640): [<ffff8000100109e0>] _stext+0x9e0/0x1084
softirqs last disabled at (527): [<ffff80001015c03c>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (527): [<ffff80001015c03c>] invoke_softirq kernel/softirq.c:440 [inline]
softirqs last disabled at (527): [<ffff80001015c03c>] __irq_exit_rcu+0x46c/0x510 kernel/softirq.c:637
---[ end trace 6167e4d48b6f8109 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20332 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20332 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000003 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000275a12a x10: 0000000000000007 
x9 : 1fffe0000275a137 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055dbcb94a20 
x3 : 0000055dbdb79620 x2 : 0000055dbcb94a20 
x1 : 0000055dbdb79620 x0 : 000000000000000a 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __call_rcu kernel/rcu/tree.c:3073 [inline]
 call_rcu+0x2b4/0x8b0 kernel/rcu/tree.c:3114
 put_task_struct_rcu_user+0x7c/0xac kernel/exit.c:179
 finish_task_switch.isra.0+0x4d0/0x6f0 kernel/sched/core.c:4233
 context_switch kernel/sched/core.c:4325 [inline]
 __schedule+0x818/0x1bc4 kernel/sched/core.c:5073
 preempt_schedule_irq+0x84/0x2b0 kernel/sched/core.c:5530
 arm64_preempt_schedule_irq+0x4c/0x270 arch/arm64/kernel/process.c:743
 el1_irq+0xcc/0x14c arch/arm64/kernel/entry.S:726
 find_vma+0x7c/0x13c mm/mmap.c:2321
 __do_page_fault arch/arm64/mm/fault.c:485 [inline]
 do_page_fault+0x1d0/0x8c0 arch/arm64/mm/fault.c:607
 do_translation_fault+0x1a4/0x210 arch/arm64/mm/fault.c:688
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_ia+0x4c/0x70 arch/arm64/kernel/entry-common.c:331
 el0_sync_handler+0x180/0x1b0 arch/arm64/kernel/entry-common.c:444
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 252
hardirqs last  enabled at (251): [<ffff8000102eebd4>] __call_rcu kernel/rcu/tree.c:3073 [inline]
hardirqs last  enabled at (251): [<ffff8000102eebd4>] call_rcu+0x374/0x8b0 kernel/rcu/tree.c:3114
hardirqs last disabled at (252): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (210): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (210): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (210): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (208): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f810a ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20332 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20332 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000003 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000275a12a x10: 0000000000000007 
x9 : 1fffe0000275a137 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055dbfb42e20 
x3 : 0000055dc0b27a20 x2 : 0000055dbfb42e20 
x1 : 0000055dc0b27a20 x0 : 0000000000000003 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __call_rcu kernel/rcu/tree.c:3073 [inline]
 call_rcu+0x2b4/0x8b0 kernel/rcu/tree.c:3114
 put_task_struct_rcu_user+0x7c/0xac kernel/exit.c:179
 finish_task_switch.isra.0+0x4d0/0x6f0 kernel/sched/core.c:4233
 context_switch kernel/sched/core.c:4325 [inline]
 __schedule+0x818/0x1bc4 kernel/sched/core.c:5073
 preempt_schedule_irq+0x84/0x2b0 kernel/sched/core.c:5530
 arm64_preempt_schedule_irq+0x4c/0x270 arch/arm64/kernel/process.c:743
 el1_irq+0xcc/0x14c arch/arm64/kernel/entry.S:726
 find_vma+0x7c/0x13c mm/mmap.c:2321
 __do_page_fault arch/arm64/mm/fault.c:485 [inline]
 do_page_fault+0x1d0/0x8c0 arch/arm64/mm/fault.c:607
 do_translation_fault+0x1a4/0x210 arch/arm64/mm/fault.c:688
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_ia+0x4c/0x70 arch/arm64/kernel/entry-common.c:331
 el0_sync_handler+0x180/0x1b0 arch/arm64/kernel/entry-common.c:444
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 252
hardirqs last  enabled at (251): [<ffff8000102eebd4>] __call_rcu kernel/rcu/tree.c:3073 [inline]
hardirqs last  enabled at (251): [<ffff8000102eebd4>] call_rcu+0x374/0x8b0 kernel/rcu/tree.c:3114
hardirqs last disabled at (252): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (210): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (210): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (210): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (208): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f810b ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20332 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20332 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000003 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000275a12a x10: 0000000000000007 
x9 : 1fffe0000275a137 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055dc4abaa20 
x3 : 0000055dc5a9f620 x2 : 0000055dc4abaa20 
x1 : 0000055dc5a9f620 x0 : 0000000000000005 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
 __call_rcu kernel/rcu/tree.c:3073 [inline]
 call_rcu+0x2b4/0x8b0 kernel/rcu/tree.c:3114
 put_task_struct_rcu_user+0x7c/0xac kernel/exit.c:179
 finish_task_switch.isra.0+0x4d0/0x6f0 kernel/sched/core.c:4233
 context_switch kernel/sched/core.c:4325 [inline]
 __schedule+0x818/0x1bc4 kernel/sched/core.c:5073
 preempt_schedule_irq+0x84/0x2b0 kernel/sched/core.c:5530
 arm64_preempt_schedule_irq+0x4c/0x270 arch/arm64/kernel/process.c:743
 el1_irq+0xcc/0x14c arch/arm64/kernel/entry.S:726
 find_vma+0x7c/0x13c mm/mmap.c:2321
 __do_page_fault arch/arm64/mm/fault.c:485 [inline]
 do_page_fault+0x1d0/0x8c0 arch/arm64/mm/fault.c:607
 do_translation_fault+0x1a4/0x210 arch/arm64/mm/fault.c:688
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_ia+0x4c/0x70 arch/arm64/kernel/entry-common.c:331
 el0_sync_handler+0x180/0x1b0 arch/arm64/kernel/entry-common.c:444
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 252
hardirqs last  enabled at (251): [<ffff8000102eebd4>] __call_rcu kernel/rcu/tree.c:3073 [inline]
hardirqs last  enabled at (251): [<ffff8000102eebd4>] call_rcu+0x374/0x8b0 kernel/rcu/tree.c:3114
hardirqs last disabled at (252): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (210): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (210): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (210): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (208): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f810c ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20332 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20332 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000275a12a x10: 0000000000000007 
x9 : 1fffe0000275a137 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055dce9aa220 
x3 : 0000055dcf98ee20 x2 : 0000055dce9aa220 
x1 : 0000055dcf98ee20 x0 : 000000000000000a 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 link_path_walk.part.0+0x1bc/0x960 fs/namei.c:2210
 link_path_walk fs/namei.c:2194 [inline]
 path_parentat+0x94/0x174 fs/namei.c:2473
 filename_parentat+0x130/0x420 fs/namei.c:2495
 filename_create+0x94/0x354 fs/namei.c:3575
 user_path_create fs/namei.c:3650 [inline]
 do_symlinkat+0xbc/0x224 fs/namei.c:4192
 __do_sys_symlinkat fs/namei.c:4218 [inline]
 __se_sys_symlinkat fs/namei.c:4215 [inline]
 __arm64_sys_symlinkat+0x6c/0xa0 fs/namei.c:4215
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 864
hardirqs last  enabled at (863): [<ffff8000107e6dd4>] seqcount_lockdep_reader_access+0x194/0x244 include/linux/seqlock.h:105
hardirqs last disabled at (864): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (372): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (372): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (372): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (370): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f810d ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20332 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20332 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000275a12a x10: 0000000000000007 
x9 : 1fffe0000275a137 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055dd58eb620 
x3 : 0000055dd68d0220 x2 : 0000055dd58eb620 
x1 : 0000055dd68d0220 x0 : 0000000000000007 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 link_path_walk.part.0+0x1bc/0x960 fs/namei.c:2210
 link_path_walk fs/namei.c:2194 [inline]
 path_parentat+0x94/0x174 fs/namei.c:2473
 filename_parentat+0x130/0x420 fs/namei.c:2495
 filename_create+0x94/0x354 fs/namei.c:3575
 user_path_create fs/namei.c:3650 [inline]
 do_symlinkat+0xbc/0x224 fs/namei.c:4192
 __do_sys_symlinkat fs/namei.c:4218 [inline]
 __se_sys_symlinkat fs/namei.c:4215 [inline]
 __arm64_sys_symlinkat+0x6c/0xa0 fs/namei.c:4215
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 864
hardirqs last  enabled at (863): [<ffff8000107e6dd4>] seqcount_lockdep_reader_access+0x194/0x244 include/linux/seqlock.h:105
hardirqs last disabled at (864): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (372): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (372): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (372): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (370): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f810e ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20332 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20332 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000275a12a x10: 0000000000000007 
x9 : 1fffe0000275a137 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055ddb847e20 
x3 : 0000055ddc82ca20 x2 : 0000055ddb847e20 
x1 : 0000055ddc82ca20 x0 : 0000000000000006 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 link_path_walk.part.0+0x1bc/0x960 fs/namei.c:2210
 link_path_walk fs/namei.c:2194 [inline]
 path_parentat+0x94/0x174 fs/namei.c:2473
 filename_parentat+0x130/0x420 fs/namei.c:2495
 filename_create+0x94/0x354 fs/namei.c:3575
 user_path_create fs/namei.c:3650 [inline]
 do_symlinkat+0xbc/0x224 fs/namei.c:4192
 __do_sys_symlinkat fs/namei.c:4218 [inline]
 __se_sys_symlinkat fs/namei.c:4215 [inline]
 __arm64_sys_symlinkat+0x6c/0xa0 fs/namei.c:4215
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 864
hardirqs last  enabled at (863): [<ffff8000107e6dd4>] seqcount_lockdep_reader_access+0x194/0x244 include/linux/seqlock.h:105
hardirqs last disabled at (864): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (372): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (372): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (372): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (370): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f810f ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20332 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20332 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000275a12a x10: 0000000000000007 
x9 : 1fffe0000275a13c x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055dea6af220 
x3 : 0000055deb693e20 x2 : 0000055dea6af220 
x1 : 0000055deb693e20 x0 : 000000000000000f 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 flush_tlb_page_nosync arch/arm64/include/asm/tlbflush.h:262 [inline]
 flush_tlb_page arch/arm64/include/asm/tlbflush.h:269 [inline]
 ptep_clear_flush+0x110/0x1c0 mm/pgtable-generic.c:97
 wp_page_copy+0x574/0x16e0 mm/memory.c:2908
 do_wp_page+0x1d8/0xbbc mm/memory.c:3160
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_da+0x3c/0x50 arch/arm64/kernel/entry-common.c:314
 el0_sync_handler+0x168/0x1b0 arch/arm64/kernel/entry-common.c:441
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 1328
hardirqs last  enabled at (1327): [<ffff80001078c174>] mem_cgroup_charge+0x174/0x890 mm/memcontrol.c:6742
hardirqs last disabled at (1328): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (1190): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (1190): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (1190): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (1188): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f8110 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20332 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20332 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000275a12a x10: 0000000000000007 
x9 : 1fffe0000275a13c x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055dec678a20 
x3 : 0000055ded65d620 x2 : 0000055dec678a20 
x1 : 0000055ded65d620 x0 : 0000000000000002 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 flush_tlb_page_nosync arch/arm64/include/asm/tlbflush.h:262 [inline]
 flush_tlb_page arch/arm64/include/asm/tlbflush.h:269 [inline]
 ptep_clear_flush+0x110/0x1c0 mm/pgtable-generic.c:97
 wp_page_copy+0x574/0x16e0 mm/memory.c:2908
 do_wp_page+0x1d8/0xbbc mm/memory.c:3160
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_da+0x3c/0x50 arch/arm64/kernel/entry-common.c:314
 el0_sync_handler+0x168/0x1b0 arch/arm64/kernel/entry-common.c:441
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 1328
hardirqs last  enabled at (1327): [<ffff80001078c174>] mem_cgroup_charge+0x174/0x890 mm/memcontrol.c:6742
hardirqs last disabled at (1328): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (1190): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (1190): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (1190): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (1188): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f8111 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20332 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20332 Comm: syz-executor.1 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe0000275a12a x10: 0000000000000007 
x9 : 1fffe0000275a13c x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055df060ba20 
x3 : 0000055df15f0620 x2 : 0000055df060ba20 
x1 : 0000055df15f0620 x0 : 0000000000000004 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 flush_tlb_page_nosync arch/arm64/include/asm/tlbflush.h:262 [inline]
 flush_tlb_page arch/arm64/include/asm/tlbflush.h:269 [inline]
 ptep_clear_flush+0x110/0x1c0 mm/pgtable-generic.c:97
 wp_page_copy+0x574/0x16e0 mm/memory.c:2908
 do_wp_page+0x1d8/0xbbc mm/memory.c:3160
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_da+0x3c/0x50 arch/arm64/kernel/entry-common.c:314
 el0_sync_handler+0x168/0x1b0 arch/arm64/kernel/entry-common.c:441
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 1328
hardirqs last  enabled at (1327): [<ffff80001078c174>] mem_cgroup_charge+0x174/0x890 mm/memcontrol.c:6742
hardirqs last disabled at (1328): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (1190): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (1190): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (1190): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (1188): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f8112 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 18934 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 18934 Comm: kworker/u4:4 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
Workqueue: events_power_efficient wg_ratelimiter_gc_entries
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe000019b47ba x10: 0000000000000007 
x9 : 1fffe000019b47cc x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055df9516620 
x3 : 0000055dfa4fb220 x2 : 0000055df9516620 
x1 : 0000055dfa4fb220 x0 : 0000000000000009 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
 lock_is_held include/linux/lockdep.h:278 [inline]
 ___might_sleep+0x45c/0x4e0 kernel/sched/core.c:8295
 wg_ratelimiter_gc_entries+0x224/0x5a0 drivers/net/wireguard/ratelimiter.c:78
 process_one_work+0x798/0x1764 kernel/workqueue.c:2275
 worker_thread+0x3d4/0xcd0 kernel/workqueue.c:2421
 kthread+0x320/0x3bc kernel/kthread.c:292
 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:1006
irq event stamp: 383290
hardirqs last  enabled at (383289): [<ffff80001032d0b0>] seqcount_lockdep_reader_access.constprop.0+0x19c/0x230 include/linux/seqlock.h:105
hardirqs last disabled at (383290): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (382154): [<ffff800010628540>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
softirqs last  enabled at (382154): [<ffff800010628540>] wb_wakeup_delayed+0xc0/0xf0 mm/backing-dev.c:271
softirqs last disabled at (382150): [<ffff8000106284e4>] spin_lock_bh include/linux/spinlock.h:359 [inline]
softirqs last disabled at (382150): [<ffff8000106284e4>] wb_wakeup_delayed+0x64/0xf0 mm/backing-dev.c:268
---[ end trace 6167e4d48b6f8113 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 18934 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 18934 Comm: kworker/u4:4 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
Workqueue: events_power_efficient wg_ratelimiter_gc_entries
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe000019b47ba x10: 0000000000000007 
x9 : 1fffe000019b47cc x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055dfb4dfe20 
x3 : 0000055dfc4c4a20 x2 : 0000055dfb4dfe20 
x1 : 0000055dfc4c4a20 x0 : 0000000000000002 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
 lock_is_held include/linux/lockdep.h:278 [inline]
 ___might_sleep+0x45c/0x4e0 kernel/sched/core.c:8295
 wg_ratelimiter_gc_entries+0x224/0x5a0 drivers/net/wireguard/ratelimiter.c:78
 process_one_work+0x798/0x1764 kernel/workqueue.c:2275
 worker_thread+0x3d4/0xcd0 kernel/workqueue.c:2421
 kthread+0x320/0x3bc kernel/kthread.c:292
 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:1006
irq event stamp: 383290
hardirqs last  enabled at (383289): [<ffff80001032d0b0>] seqcount_lockdep_reader_access.constprop.0+0x19c/0x230 include/linux/seqlock.h:105
hardirqs last disabled at (383290): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (382154): [<ffff800010628540>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
softirqs last  enabled at (382154): [<ffff800010628540>] wb_wakeup_delayed+0xc0/0xf0 mm/backing-dev.c:271
softirqs last disabled at (382150): [<ffff8000106284e4>] spin_lock_bh include/linux/spinlock.h:359 [inline]
softirqs last disabled at (382150): [<ffff8000106284e4>] wb_wakeup_delayed+0x64/0xf0 mm/backing-dev.c:268
---[ end trace 6167e4d48b6f8114 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 18934 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 18934 Comm: kworker/u4:4 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
Workqueue: events_power_efficient wg_ratelimiter_gc_entries
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe000019b47ba x10: 0000000000000007 
x9 : 1fffe000019b47cc x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055dfe48e220 
x3 : 0000055dff472e20 x2 : 0000055dfe48e220 
x1 : 0000055dff472e20 x0 : 0000000000000003 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
 lock_is_held include/linux/lockdep.h:278 [inline]
 ___might_sleep+0x45c/0x4e0 kernel/sched/core.c:8295
 wg_ratelimiter_gc_entries+0x224/0x5a0 drivers/net/wireguard/ratelimiter.c:78
 process_one_work+0x798/0x1764 kernel/workqueue.c:2275
 worker_thread+0x3d4/0xcd0 kernel/workqueue.c:2421
 kthread+0x320/0x3bc kernel/kthread.c:292
 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:1006
irq event stamp: 383290
hardirqs last  enabled at (383289): [<ffff80001032d0b0>] seqcount_lockdep_reader_access.constprop.0+0x19c/0x230 include/linux/seqlock.h:105
hardirqs last disabled at (383290): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (382154): [<ffff800010628540>] spin_unlock_bh include/linux/spinlock.h:399 [inline]
softirqs last  enabled at (382154): [<ffff800010628540>] wb_wakeup_delayed+0xc0/0xf0 mm/backing-dev.c:271
softirqs last disabled at (382150): [<ffff8000106284e4>] spin_lock_bh include/linux/spinlock.h:359 [inline]
softirqs last disabled at (382150): [<ffff8000106284e4>] wb_wakeup_delayed+0x64/0xf0 mm/backing-dev.c:268
---[ end trace 6167e4d48b6f8115 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 18934 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 18934 Comm: kworker/u4:4 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
Workqueue: events_power_efficient wg_ratelimiter_gc_entries
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe000019b47ba x10: 0000000000000007 
x9 : 1fffe000019b47d1 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055e0837da20 
x3 : 0000055e09362620 x2 : 0000055e0837da20 
x1 : 0000055e09362620 x0 : 000000000000000a 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 lock_is_held_type+0x140/0x1b0 kernel/locking/lockdep.c:5552
 lock_is_held include/linux/lockdep.h:278 [inline]
 rcu_read_lock_sched_held+0x5c/0xd0 kernel/rcu/update.c:125
 trace_lock_release include/trace/events/lock.h:58 [inline]
 lock_release+0x804/0xa80 kernel/locking/lockdep.c:5522
 __raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline]
 _raw_spin_unlock+0x6c/0x150 kernel/locking/spinlock.c:183
 spin_unlock include/linux/spinlock.h:394 [inline]
 wg_ratelimiter_gc_entries+0x2b8/0x5a0 drivers/net/wireguard/ratelimiter.c:76
 process_one_work+0x798/0x1764 kernel/workqueue.c:2275
 worker_thread+0x3d4/0xcd0 kernel/workqueue.c:2421
 kthread+0x320/0x3bc kernel/kthread.c:292
 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:1006
irq event stamp: 383396
hardirqs last  enabled at (383395): [<ffff8000144091e8>] exit_to_kernel_mode+0x38/0x230 arch/arm64/kernel/entry-common.c:63
hardirqs last disabled at (383396): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (383394): [<ffff8000100109e0>] _stext+0x9e0/0x1084
softirqs last disabled at (383291): [<ffff80001015c03c>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (383291): [<ffff80001015c03c>] invoke_softirq kernel/softirq.c:440 [inline]
softirqs last disabled at (383291): [<ffff80001015c03c>] __irq_exit_rcu+0x46c/0x510 kernel/softirq.c:637
---[ end trace 6167e4d48b6f8116 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 18934 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 18934 Comm: kworker/u4:4 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
Workqueue: events_power_efficient wg_ratelimiter_gc_entries
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe000019b47ba x10: 0000000000000007 
x9 : 1fffe000019b47d1 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055e0c310a20 
x3 : 0000055e0d2f5620 x2 : 0000055e0c310a20 
x1 : 0000055e0d2f5620 x0 : 0000000000000004 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 lock_is_held_type+0x140/0x1b0 kernel/locking/lockdep.c:5552
 lock_is_held include/linux/lockdep.h:278 [inline]
 rcu_read_lock_sched_held+0x5c/0xd0 kernel/rcu/update.c:125
 trace_lock_release include/trace/events/lock.h:58 [inline]
 lock_release+0x804/0xa80 kernel/locking/lockdep.c:5522
 __raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline]
 _raw_spin_unlock+0x6c/0x150 kernel/locking/spinlock.c:183
 spin_unlock include/linux/spinlock.h:394 [inline]
 wg_ratelimiter_gc_entries+0x2b8/0x5a0 drivers/net/wireguard/ratelimiter.c:76
 process_one_work+0x798/0x1764 kernel/workqueue.c:2275
 worker_thread+0x3d4/0xcd0 kernel/workqueue.c:2421
 kthread+0x320/0x3bc kernel/kthread.c:292
 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:1006
irq event stamp: 383396
hardirqs last  enabled at (383395): [<ffff8000144091e8>] exit_to_kernel_mode+0x38/0x230 arch/arm64/kernel/entry-common.c:63
hardirqs last disabled at (383396): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (383394): [<ffff8000100109e0>] _stext+0x9e0/0x1084
softirqs last disabled at (383291): [<ffff80001015c03c>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (383291): [<ffff80001015c03c>] invoke_softirq kernel/softirq.c:440 [inline]
softirqs last disabled at (383291): [<ffff80001015c03c>] __irq_exit_rcu+0x46c/0x510 kernel/softirq.c:637
---[ end trace 6167e4d48b6f8117 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 18934 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 18934 Comm: kworker/u4:4 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
Workqueue: events_power_efficient wg_ratelimiter_gc_entries
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: ffff00006ab3db48 
x17: 0000000000000000 x16: 0000000000000000 
x15: ffff800017306010 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe000019b47ba x10: 0000000000000007 
x9 : 1fffe000019b47d1 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055e0e2da220 
x3 : 0000055e0f2bee20 x2 : 0000055e0e2da220 
x1 : 0000055e0f2bee20 x0 : 0000000000000002 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 lock_is_held_type+0x140/0x1b0 kernel/locking/lockdep.c:5552
 lock_is_held include/linux/lockdep.h:278 [inline]
 rcu_read_lock_sched_held+0x5c/0xd0 kernel/rcu/update.c:125
 trace_lock_release include/trace/events/lock.h:58 [inline]
 lock_release+0x804/0xa80 kernel/locking/lockdep.c:5522
 __raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline]
 _raw_spin_unlock+0x6c/0x150 kernel/locking/spinlock.c:183
 spin_unlock include/linux/spinlock.h:394 [inline]
 wg_ratelimiter_gc_entries+0x2b8/0x5a0 drivers/net/wireguard/ratelimiter.c:76
 process_one_work+0x798/0x1764 kernel/workqueue.c:2275
 worker_thread+0x3d4/0xcd0 kernel/workqueue.c:2421
 kthread+0x320/0x3bc kernel/kthread.c:292
 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:1006
irq event stamp: 383396
hardirqs last  enabled at (383395): [<ffff8000144091e8>] exit_to_kernel_mode+0x38/0x230 arch/arm64/kernel/entry-common.c:63
hardirqs last disabled at (383396): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (383394): [<ffff8000100109e0>] _stext+0x9e0/0x1084
softirqs last disabled at (383291): [<ffff80001015c03c>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (383291): [<ffff80001015c03c>] invoke_softirq kernel/softirq.c:440 [inline]
softirqs last disabled at (383291): [<ffff80001015c03c>] __irq_exit_rcu+0x46c/0x510 kernel/softirq.c:637
---[ end trace 6167e4d48b6f8118 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20333 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20333 Comm: syz-executor.0 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe000017487ba x10: 0000000000000007 
x9 : 1fffe000017487c7 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055e171e4e20 
x3 : 0000055e181c9a20 x2 : 0000055e171e4e20 
x1 : 0000055e181c9a20 x0 : 0000000000000009 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 next_online_pgdat mm/mmzone.c:20 [inline]
 __next_zones_zonelist+0x0/0x180 mm/mmzone.c:37
 alloc_pages_vma+0xb4/0x510 mm/mempolicy.c:2240
 wp_page_copy+0x198/0x16e0 mm/memory.c:2853
 do_wp_page+0x1d8/0xbbc mm/memory.c:3160
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_da+0x3c/0x50 arch/arm64/kernel/entry-common.c:314
 el0_sync_handler+0x168/0x1b0 arch/arm64/kernel/entry-common.c:441
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 1140
hardirqs last  enabled at (1139): [<ffff800010664f00>] count_memcg_events include/linux/memcontrol.h:997 [inline]
hardirqs last  enabled at (1139): [<ffff800010664f00>] count_memcg_event_mm.part.0+0x130/0x1f0 include/linux/memcontrol.h:1020
hardirqs last disabled at (1140): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (586): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (586): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (586): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (584): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f8119 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20333 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20333 Comm: syz-executor.0 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe000017487ba x10: 0000000000000007 
x9 : 1fffe000017487c7 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055e191ae620 
x3 : 0000055e1a193220 x2 : 0000055e191ae620 
x1 : 0000055e1a193220 x0 : 0000000000000002 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 next_online_pgdat mm/mmzone.c:20 [inline]
 __next_zones_zonelist+0x0/0x180 mm/mmzone.c:37
 alloc_pages_vma+0xb4/0x510 mm/mempolicy.c:2240
 wp_page_copy+0x198/0x16e0 mm/memory.c:2853
 do_wp_page+0x1d8/0xbbc mm/memory.c:3160
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_da+0x3c/0x50 arch/arm64/kernel/entry-common.c:314
 el0_sync_handler+0x168/0x1b0 arch/arm64/kernel/entry-common.c:441
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 1140
hardirqs last  enabled at (1139): [<ffff800010664f00>] count_memcg_events include/linux/memcontrol.h:997 [inline]
hardirqs last  enabled at (1139): [<ffff800010664f00>] count_memcg_event_mm.part.0+0x130/0x1f0 include/linux/memcontrol.h:1020
hardirqs last disabled at (1140): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (586): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (586): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (586): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (584): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f811a ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20333 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20333 Comm: syz-executor.0 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe000017487ba x10: 0000000000000007 
x9 : 1fffe000017487c7 x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055e1c15ca20 
x3 : 0000055e1d141620 x2 : 0000055e1c15ca20 
x1 : 0000055e1d141620 x0 : 0000000000000003 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 next_online_pgdat mm/mmzone.c:20 [inline]
 __next_zones_zonelist+0x0/0x180 mm/mmzone.c:37
 alloc_pages_vma+0xb4/0x510 mm/mempolicy.c:2240
 wp_page_copy+0x198/0x16e0 mm/memory.c:2853
 do_wp_page+0x1d8/0xbbc mm/memory.c:3160
 handle_pte_fault mm/memory.c:4336 [inline]
 __handle_mm_fault+0x1020/0x21d4 mm/memory.c:4453
 handle_mm_fault+0x1cc/0x4dc mm/memory.c:4551
 __do_page_fault arch/arm64/mm/fault.c:507 [inline]
 do_page_fault+0x230/0x8c0 arch/arm64/mm/fault.c:607
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:821
 el0_da+0x3c/0x50 arch/arm64/kernel/entry-common.c:314
 el0_sync_handler+0x168/0x1b0 arch/arm64/kernel/entry-common.c:441
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 1140
hardirqs last  enabled at (1139): [<ffff800010664f00>] count_memcg_events include/linux/memcontrol.h:997 [inline]
hardirqs last  enabled at (1139): [<ffff800010664f00>] count_memcg_event_mm.part.0+0x130/0x1f0 include/linux/memcontrol.h:1020
hardirqs last disabled at (1140): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (586): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (586): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (586): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (584): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f811b ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 20333 at drivers/gpu/drm/vkms/vkms_crtc.c:21 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
Modules linked in:
CPU: 1 PID: 20333 Comm: syz-executor.0 Tainted: G        W         5.12.0-syzkaller-04637-gacd3d2859453 #0
Hardware name: linux,dummy-virt (DT)
pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO BTYPE=--)
pc : vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:21
lr : hrtimer_forward_now include/linux/hrtimer.h:510 [inline]
lr : vkms_vblank_simulate+0x90/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:19
sp : ffff8000180a7c10
x29: ffff8000180a7c10 x28: ffff00000d02de58 
x27: dfff800000000000 x26: ffff00006ab44540 
x25: 1fffe0000d5688b1 x24: 1fffe0000d5688aa 
x23: ffff00000d02cd30 x22: 0000000000fe4c00 
x21: ffff00006ab44540 x20: ffff00000d02ce58 
x19: ffff00000d02de58 x18: 0000000000000000 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000000 x14: 1ffff00003014f38 
x13: 0000000000000001 x12: 0000000000000033 
x11: 1fffe000017487ba x10: 0000000000000007 
x9 : 1fffe000017487cc x8 : ffff800015e59c00 
x7 : 00000000f1f1f1f1 x6 : dfff800000000000 
x5 : 7fffffffffffffff x4 : 0000055e28ffa620 
x3 : 0000055e29fdf220 x2 : 0000055e28ffa620 
x1 : 0000055e29fdf220 x0 : 000000000000000d 
Call trace:
 vkms_vblank_simulate+0x26c/0x2f4 drivers/gpu/drm/vkms/vkms_crtc.c:41
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x590/0xe40 kernel/time/hrtimer.c:1601
 hrtimer_interrupt+0x2e0/0x910 kernel/time/hrtimer.c:1663
 timer_handler drivers/clocksource/arm_arch_timer.c:656 [inline]
 arch_timer_handler_phys+0x4c/0x70 drivers/clocksource/arm_arch_timer.c:674
 handle_percpu_devid_irq+0x19c/0x330 kernel/irq/chip.c:930
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
 __handle_domain_irq+0x11c/0x1f0 kernel/irq/irqdesc.c:689
 handle_domain_irq include/linux/irqdesc.h:176 [inline]
 gic_handle_irq+0x5c/0x1b0 drivers/irqchip/irq-gic.c:370
 el1_irq+0xb4/0x14c arch/arm64/kernel/entry.S:726
 arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
 lock_is_held include/linux/lockdep.h:278 [inline]
 rcu_read_lock_sched_held+0x5c/0xd0 kernel/rcu/update.c:125
 trace_lock_release include/trace/events/lock.h:58 [inline]
 lock_release+0x804/0xa80 kernel/locking/lockdep.c:5522
 __raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline]
 _raw_spin_unlock+0x6c/0x150 kernel/locking/spinlock.c:183
 spin_unlock include/linux/spinlock.h:394 [inline]
 browse_rb mm/mmap.c:365 [inline]
 validate_mm+0x264/0x6b4 mm/mmap.c:425
 __vma_adjust+0x928/0x1d80 mm/mmap.c:1024
 vma_adjust include/linux/mm.h:2515 [inline]
 __split_vma+0x208/0x400 mm/mmap.c:2770
 split_vma+0x80/0xd0 mm/mmap.c:2802
 mprotect_fixup+0x370/0x550 mm/mprotect.c:467
 do_mprotect_pkey mm/mprotect.c:626 [inline]
 __do_sys_mprotect mm/mprotect.c:652 [inline]
 __se_sys_mprotect mm/mprotect.c:649 [inline]
 __arm64_sys_mprotect+0x328/0x710 mm/mprotect.c:649
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x1e4 arch/arm64/kernel/syscall.c:145
 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:184
 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:422
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:438
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:743
irq event stamp: 2008
hardirqs last  enabled at (2007): [<ffff80001072df4c>] mod_memcg_lruvec_state include/linux/memcontrol.h:979 [inline]
hardirqs last  enabled at (2007): [<ffff80001072df4c>] mod_objcg_state+0x14c/0x1e0 mm/slab.h:296
hardirqs last disabled at (2008): [<ffff8000144098b0>] enter_el1_irq_or_nmi+0x10/0x20 arch/arm64/kernel/entry-common.c:105
softirqs last  enabled at (1984): [<ffff80001001b07c>] test_and_clear_bit include/asm-generic/bitops/atomic.h:51 [inline]
softirqs last  enabled at (1984): [<ffff80001001b07c>] test_and_clear_ti_thread_flag include/linux/thread_info.h:112 [inline]
softirqs last  enabled at (1984): [<ffff80001001b07c>] fpsimd_restore_current_state+0x3c/0x120 arch/arm64/kernel/fpsimd.c:1172
softirqs last disabled at (1982): [<ffff800010019730>] get_cpu_fpsimd_context+0x0/0xa0 include/asm-generic/bitops/non-atomic.h:106
---[ end trace 6167e4d48b6f811c ]---