===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 6.9.0-rc1-syzkaller-00061-g8d025e2092e2 #0 Not tainted ----------------------------------------------------- kworker/0:2/2679 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: ffff88802d400820 (&htab->buckets[i].lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffff88802d400820 (&htab->buckets[i].lock){+.-.}-{2:2}, at: sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 and this task is already holding: ffff88801fddc3f0 (&dev->event_lock){-.-.}-{2:2}, at: drm_atomic_helper_fake_vblank+0x168/0x2e0 drivers/gpu/drm/drm_atomic_helper.c:2465 which would create a new lock dependency: (&dev->event_lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+.-.}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&dev->event_lock){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 drm_handle_vblank+0x125/0xbf0 drivers/gpu/drm/drm_vblank.c:1885 vkms_vblank_simulate+0xed/0x3e0 drivers/gpu/drm/vkms/vkms_crtc.c:29 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x20c/0xcc0 kernel/time/hrtimer.c:1756 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1818 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x10f/0x450 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] default_idle+0xf/0x20 arch/x86/kernel/process.c:742 default_idle_call+0x6d/0xb0 kernel/sched/idle.c:117 cpuidle_idle_call kernel/sched/idle.c:191 [inline] do_idle+0x32c/0x3f0 kernel/sched/idle.c:332 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430 rest_init+0x16b/0x2b0 init/main.c:732 start_kernel+0x3a3/0x490 init/main.c:1074 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:507 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:488 common_startup_64+0x13e/0x148 to a HARDIRQ-irq-unsafe lock: (&htab->buckets[i].lock){+.-.}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_update_common+0x1fe/0xa60 net/core/sock_map.c:1007 sock_map_update_elem_sys+0x280/0x570 net/core/sock_map.c:581 bpf_map_update_value+0x36c/0x6c0 kernel/bpf/syscall.c:172 map_update_elem+0x623/0x910 kernel/bpf/syscall.c:1641 __sys_bpf+0xab9/0x4b40 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&htab->buckets[i].lock); local_irq_disable(); lock(&dev->event_lock); lock(&htab->buckets[i].lock); lock(&dev->event_lock); *** DEADLOCK *** 6 locks held by kworker/0:2/2679: #0: ffff888015488948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1296/0x1ac0 kernel/workqueue.c:3229 #1: ffffc9000db5fd80 ((work_completion)(&helper->damage_work)){+.+.}-{0:0}, at: process_one_work+0x906/0x1ac0 kernel/workqueue.c:3230 #2: ffffc9000db5fa18 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_atomic_helper_dirtyfb+0xb5/0x7b0 drivers/gpu/drm/drm_damage_helper.c:123 #3: ffff88801fdc40b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: modeset_lock+0x488/0x6c0 drivers/gpu/drm/drm_modeset_lock.c:314 #4: ffff88801fddc3f0 (&dev->event_lock){-.-.}-{2:2}, at: drm_atomic_helper_fake_vblank+0x168/0x2e0 drivers/gpu/drm/drm_atomic_helper.c:2465 #5: ffffffff8dbb14a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #5: ffffffff8dbb14a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline] #5: ffffffff8dbb14a0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] #5: ffffffff8dbb14a0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0xe4/0x420 kernel/trace/bpf_trace.c:2420 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&dev->event_lock){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 drm_handle_vblank+0x125/0xbf0 drivers/gpu/drm/drm_vblank.c:1885 vkms_vblank_simulate+0xed/0x3e0 drivers/gpu/drm/vkms/vkms_crtc.c:29 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x20c/0xcc0 kernel/time/hrtimer.c:1756 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1818 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x10f/0x450 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] default_idle+0xf/0x20 arch/x86/kernel/process.c:742 default_idle_call+0x6d/0xb0 kernel/sched/idle.c:117 cpuidle_idle_call kernel/sched/idle.c:191 [inline] do_idle+0x32c/0x3f0 kernel/sched/idle.c:332 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430 rest_init+0x16b/0x2b0 init/main.c:732 start_kernel+0x3a3/0x490 init/main.c:1074 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:507 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:488 common_startup_64+0x13e/0x148 IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 drm_handle_vblank+0x125/0xbf0 drivers/gpu/drm/drm_vblank.c:1885 vkms_vblank_simulate+0xed/0x3e0 drivers/gpu/drm/vkms/vkms_crtc.c:29 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x20c/0xcc0 kernel/time/hrtimer.c:1756 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1818 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x10f/0x450 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 check_kcov_mode kernel/kcov.c:173 [inline] __sanitizer_cov_trace_pc+0x29/0x60 kernel/kcov.c:207 arch_stack_walk+0xf8/0x170 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579 poison_slab_object mm/kasan/common.c:240 [inline] __kasan_slab_free+0x11d/0x1a0 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2106 [inline] slab_free mm/slub.c:4280 [inline] kmem_cache_free+0x12e/0x380 mm/slub.c:4344 i_callback+0x43/0x70 fs/inode.c:250 rcu_do_batch kernel/rcu/tree.c:2196 [inline] rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2471 __do_softirq+0x218/0x922 kernel/softirq.c:554 run_ksoftirqd kernel/softirq.c:924 [inline] run_ksoftirqd+0x35/0x60 kernel/softirq.c:916 smpboot_thread_fn+0x661/0xa10 kernel/smpboot.c:164 kthread+0x2c1/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] vkms_crtc_atomic_flush+0x98/0x2b0 drivers/gpu/drm/vkms/vkms_crtc.c:253 drm_atomic_helper_commit_planes+0x61c/0x1000 drivers/gpu/drm/drm_atomic_helper.c:2820 vkms_atomic_commit_tail+0x5e/0x240 drivers/gpu/drm/vkms/vkms_drv.c:73 commit_tail+0x284/0x410 drivers/gpu/drm/drm_atomic_helper.c:1832 drm_atomic_helper_commit+0x2fd/0x380 drivers/gpu/drm/drm_atomic_helper.c:2072 drm_atomic_commit+0x227/0x300 drivers/gpu/drm/drm_atomic.c:1514 drm_client_modeset_commit_atomic+0x6c6/0x810 drivers/gpu/drm/drm_client_modeset.c:1051 drm_client_modeset_commit_locked+0x14d/0x580 drivers/gpu/drm/drm_client_modeset.c:1154 drm_client_modeset_commit+0x4f/0x80 drivers/gpu/drm/drm_client_modeset.c:1180 __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:251 [inline] __drm_fb_helper_restore_fbdev_mode_unlocked+0x130/0x180 drivers/gpu/drm/drm_fb_helper.c:230 drm_fb_helper_set_par+0xd8/0x120 drivers/gpu/drm/drm_fb_helper.c:1344 fbcon_init+0x880/0x1890 drivers/video/fbdev/core/fbcon.c:1093 visual_init+0x31d/0x620 drivers/tty/vt/vt.c:1011 do_bind_con_driver.isra.0+0x57a/0xbf0 drivers/tty/vt/vt.c:3823 do_take_over_console+0x4f4/0x650 drivers/tty/vt/vt.c:4389 do_fbcon_takeover+0xe8/0x210 drivers/video/fbdev/core/fbcon.c:531 do_fb_registered drivers/video/fbdev/core/fbcon.c:2968 [inline] fbcon_fb_registered+0x375/0x670 drivers/video/fbdev/core/fbcon.c:2988 do_register_framebuffer drivers/video/fbdev/core/fbmem.c:449 [inline] register_framebuffer+0x485/0x840 drivers/video/fbdev/core/fbmem.c:515 __drm_fb_helper_initial_config_and_unlock+0xd82/0x1650 drivers/gpu/drm/drm_fb_helper.c:1871 drm_fb_helper_initial_config drivers/gpu/drm/drm_fb_helper.c:1936 [inline] drm_fb_helper_initial_config+0x44/0x60 drivers/gpu/drm/drm_fb_helper.c:1928 drm_fbdev_generic_client_hotplug+0x1a6/0x280 drivers/gpu/drm/drm_fbdev_generic.c:279 drm_client_register+0x195/0x280 drivers/gpu/drm/drm_client.c:141 drm_fbdev_generic_setup+0x184/0x340 drivers/gpu/drm/drm_fbdev_generic.c:341 vkms_create drivers/gpu/drm/vkms/vkms_drv.c:226 [inline] vkms_init+0x62d/0x760 drivers/gpu/drm/vkms/vkms_drv.c:252 do_one_initcall+0x128/0x700 init/main.c:1238 do_initcall_level init/main.c:1300 [inline] do_initcalls init/main.c:1316 [inline] do_basic_setup init/main.c:1335 [inline] kernel_init_freeable+0x69d/0xca0 init/main.c:1548 kernel_init+0x1c/0x2b0 init/main.c:1437 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 } ... key at: [] __key.5+0x0/0x40 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (&htab->buckets[i].lock){+.-.}-{2:2} { HARDIRQ-ON-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_update_common+0x1fe/0xa60 net/core/sock_map.c:1007 sock_map_update_elem_sys+0x280/0x570 net/core/sock_map.c:581 bpf_map_update_value+0x36c/0x6c0 kernel/bpf/syscall.c:172 map_update_elem+0x623/0x910 kernel/bpf/syscall.c:1641 __sys_bpf+0xab9/0x4b40 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 ___bpf_prog_run+0x3e51/0xae80 kernel/bpf/core.c:1997 __bpf_prog_run32+0xc1/0x100 kernel/bpf/core.c:2236 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x151/0x420 kernel/trace/bpf_trace.c:2420 trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0x225/0x390 mm/slub.c:4377 security_cred_free+0xcd/0x130 security/security.c:3076 put_cred_rcu+0x6a/0x3d0 kernel/cred.c:78 rcu_do_batch kernel/rcu/tree.c:2196 [inline] rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2471 __do_softirq+0x218/0x922 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:633 [inline] irq_exit_rcu+0xb9/0x120 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 lock_acquire+0x1f2/0x560 kernel/locking/lockdep.c:5722 fs_reclaim_acquire mm/page_alloc.c:3715 [inline] fs_reclaim_acquire+0xca/0x160 mm/page_alloc.c:3706 might_alloc include/linux/sched/mm.h:312 [inline] slab_pre_alloc_hook mm/slub.c:3746 [inline] slab_alloc_node mm/slub.c:3827 [inline] kmalloc_node_trace+0x54/0x380 mm/slub.c:4005 kmalloc_node include/linux/slab.h:644 [inline] kzalloc_node include/linux/slab.h:760 [inline] __get_vm_area_node+0xe1/0x440 mm/vmalloc.c:3070 __vmalloc_node_range+0x279/0x14b0 mm/vmalloc.c:3762 __bpf_map_area_alloc+0xea/0x190 kernel/bpf/syscall.c:307 queue_stack_map_alloc+0xfb/0x1c0 kernel/bpf/queue_stack_maps.c:73 map_create+0x57b/0x1c30 kernel/bpf/syscall.c:1320 __sys_bpf+0xae9/0x4b40 kernel/bpf/syscall.c:5613 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_update_common+0x1fe/0xa60 net/core/sock_map.c:1007 sock_map_update_elem_sys+0x280/0x570 net/core/sock_map.c:581 bpf_map_update_value+0x36c/0x6c0 kernel/bpf/syscall.c:172 map_update_elem+0x623/0x910 kernel/bpf/syscall.c:1641 __sys_bpf+0xab9/0x4b40 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5736 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6d/0x75 } ... key at: [] __key.0+0x0/0x40 ... acquired at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 ___bpf_prog_run+0x3e51/0xae80 kernel/bpf/core.c:1997 __bpf_prog_run32+0xc1/0x100 kernel/bpf/core.c:2236 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x151/0x420 kernel/trace/bpf_trace.c:2420 trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0x225/0x390 mm/slub.c:4377 drm_send_event_helper+0x4c1/0x5f0 drivers/gpu/drm/drm_file.c:770 drm_crtc_send_vblank_event+0x14e/0x1d0 drivers/gpu/drm/drm_vblank.c:1129 drm_atomic_helper_fake_vblank+0x1ab/0x2e0 drivers/gpu/drm/drm_atomic_helper.c:2467 drm_atomic_helper_commit_tail+0x7c/0xf0 drivers/gpu/drm/drm_atomic_helper.c:1753 commit_tail+0x356/0x410 drivers/gpu/drm/drm_atomic_helper.c:1834 drm_atomic_helper_commit+0x2fd/0x380 drivers/gpu/drm/drm_atomic_helper.c:2072 drm_atomic_commit+0x227/0x300 drivers/gpu/drm/drm_atomic.c:1514 drm_atomic_helper_dirtyfb+0x615/0x7b0 drivers/gpu/drm/drm_damage_helper.c:181 drm_fbdev_generic_helper_fb_dirty+0x7ad/0xbd0 drivers/gpu/drm/drm_fbdev_generic.c:230 drm_fb_helper_fb_dirty drivers/gpu/drm/drm_fb_helper.c:390 [inline] drm_fb_helper_damage_work+0x285/0x5e0 drivers/gpu/drm/drm_fb_helper.c:413 process_one_work+0x9a9/0x1ac0 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c1/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 stack backtrace: CPU: 0 PID: 2679 Comm: kworker/0:2 Not tainted 6.9.0-rc1-syzkaller-00061-g8d025e2092e2 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Workqueue: events drm_fb_helper_damage_work Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline] check_irq_usage+0xe3c/0x1490 kernel/locking/lockdep.c:2865 check_prev_add kernel/locking/lockdep.c:3138 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain kernel/locking/lockdep.c:3869 [inline] __lock_acquire+0x248e/0x3b30 kernel/locking/lockdep.c:5137 lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_delete_elem+0xcb/0x260 net/core/sock_map.c:939 ___bpf_prog_run+0x3e51/0xae80 kernel/bpf/core.c:1997 __bpf_prog_run32+0xc1/0x100 kernel/bpf/core.c:2236 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x151/0x420 kernel/trace/bpf_trace.c:2420 trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0x225/0x390 mm/slub.c:4377 drm_send_event_helper+0x4c1/0x5f0 drivers/gpu/drm/drm_file.c:770 drm_crtc_send_vblank_event+0x14e/0x1d0 drivers/gpu/drm/drm_vblank.c:1129 drm_atomic_helper_fake_vblank+0x1ab/0x2e0 drivers/gpu/drm/drm_atomic_helper.c:2467 drm_atomic_helper_commit_tail+0x7c/0xf0 drivers/gpu/drm/drm_atomic_helper.c:1753 commit_tail+0x356/0x410 drivers/gpu/drm/drm_atomic_helper.c:1834 drm_atomic_helper_commit+0x2fd/0x380 drivers/gpu/drm/drm_atomic_helper.c:2072 drm_atomic_commit+0x227/0x300 drivers/gpu/drm/drm_atomic.c:1514 drm_atomic_helper_dirtyfb+0x615/0x7b0 drivers/gpu/drm/drm_damage_helper.c:181 drm_fbdev_generic_helper_fb_dirty+0x7ad/0xbd0 drivers/gpu/drm/drm_fbdev_generic.c:230 drm_fb_helper_fb_dirty drivers/gpu/drm/drm_fb_helper.c:390 [inline] drm_fb_helper_damage_work+0x285/0x5e0 drivers/gpu/drm/drm_fb_helper.c:413 process_one_work+0x9a9/0x1ac0 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c1/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 ------------[ cut here ]------------ raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 0 PID: 2679 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x30 kernel/locking/irqflag-debug.c:10 Modules linked in: CPU: 0 PID: 2679 Comm: kworker/0:2 Not tainted 6.9.0-rc1-syzkaller-00061-g8d025e2092e2 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Workqueue: events drm_fb_helper_damage_work RIP: 0010:warn_bogus_irq_restore+0x29/0x30 kernel/locking/irqflag-debug.c:10 Code: 90 f3 0f 1e fa 90 80 3d 6c e3 ec 04 00 74 06 90 c3 cc cc cc cc c6 05 5d e3 ec 04 01 90 48 c7 c7 c0 c2 2c 8b e8 28 2c 72 f6 90 <0f> 0b 90 90 eb df 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc9000db5f760 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88801fddc3d8 RCX: ffffffff814fe149 RDX: ffff88802b4fa440 RSI: ffffffff814fe156 RDI: 0000000000000001 RBP: 0000000000000293 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 61636f6c5f776172 R12: 0000000000000293 R13: ffff888024ba4900 R14: ffff888020360040 R15: ffff8880207ad800 FS: 0000000000000000(0000) GS:ffff88806b000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd5dc9a8000 CR3: 000000000d97a000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] _raw_spin_unlock_irqrestore+0x74/0x80 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] drm_atomic_helper_fake_vblank+0x1f1/0x2e0 drivers/gpu/drm/drm_atomic_helper.c:2471 drm_atomic_helper_commit_tail+0x7c/0xf0 drivers/gpu/drm/drm_atomic_helper.c:1753 commit_tail+0x356/0x410 drivers/gpu/drm/drm_atomic_helper.c:1834 drm_atomic_helper_commit+0x2fd/0x380 drivers/gpu/drm/drm_atomic_helper.c:2072 drm_atomic_commit+0x227/0x300 drivers/gpu/drm/drm_atomic.c:1514 drm_atomic_helper_dirtyfb+0x615/0x7b0 drivers/gpu/drm/drm_damage_helper.c:181 drm_fbdev_generic_helper_fb_dirty+0x7ad/0xbd0 drivers/gpu/drm/drm_fbdev_generic.c:230 drm_fb_helper_fb_dirty drivers/gpu/drm/drm_fb_helper.c:390 [inline] drm_fb_helper_damage_work+0x285/0x5e0 drivers/gpu/drm/drm_fb_helper.c:413 process_one_work+0x9a9/0x1ac0 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c1/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243