================================
WARNING: inconsistent lock state
6.0.0-rc6-syzkaller-00344-g5e049663f678 #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz-executor.2/7646 [HC1[1]:SC1[1]:HE0:SE0] takes:
ffff88805634a818 (&clnt->lock){?.+.}-{2:2}, at: p9_tag_remove net/9p/client.c:367 [inline]
ffff88805634a818 (&clnt->lock){?.+.}-{2:2}, at: p9_req_put net/9p/client.c:375 [inline]
ffff88805634a818 (&clnt->lock){?.+.}-{2:2}, at: p9_req_put+0xc6/0x250 net/9p/client.c:372
{HARDIRQ-ON-W} state was registered at:
  lock_acquire kernel/locking/lockdep.c:5666 [inline]
  lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
  __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
  _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
  spin_lock include/linux/spinlock.h:349 [inline]
  p9_fd_request+0x85/0x330 net/9p/trans_fd.c:672
  p9_client_rpc+0x2f0/0xce0 net/9p/client.c:660
  p9_client_version net/9p/client.c:880 [inline]
  p9_client_create+0xaec/0x1070 net/9p/client.c:985
  v9fs_session_init+0x1e2/0x1810 fs/9p/v9fs.c:408
  v9fs_mount+0xba/0xc90 fs/9p/vfs_super.c:126
  legacy_get_tree+0x105/0x220 fs/fs_context.c:610
  vfs_get_tree+0x89/0x2f0 fs/super.c:1530
  do_new_mount fs/namespace.c:3040 [inline]
  path_mount+0x1326/0x1e20 fs/namespace.c:3370
  do_mount fs/namespace.c:3383 [inline]
  __do_sys_mount fs/namespace.c:3591 [inline]
  __se_sys_mount fs/namespace.c:3568 [inline]
  __ia32_sys_mount+0x27e/0x300 fs/namespace.c:3568
  do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
  __do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
  do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
  entry_SYSENTER_compat_after_hwframe+0x70/0x82
irq event stamp: 2119
hardirqs last  enabled at (2118): [<ffffffff89a00cc6>] asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
hardirqs last disabled at (2119): [<ffffffff897ffaa1>] common_interrupt+0x11/0xc0 arch/x86/kernel/irq.c:240
softirqs last  enabled at (2024): [<ffffffff81491843>] invoke_softirq kernel/softirq.c:445 [inline]
softirqs last  enabled at (2024): [<ffffffff81491843>] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
softirqs last disabled at (2109): [<ffffffff81491843>] invoke_softirq kernel/softirq.c:445 [inline]
softirqs last disabled at (2109): [<ffffffff81491843>] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&clnt->lock);
  <Interrupt>
    lock(&clnt->lock);

 *** DEADLOCK ***

5 locks held by syz-executor.2/7646:
 #0: ffffffff8bff2a88 (tracepoints_mutex){+.+.}-{3:3}, at: tracepoint_probe_unregister+0x2d/0xc30 kernel/tracepoint.c:548
 #1: ffffffff8be365b0 (cpu_hotplug_lock){++++}-{0:0}, at: __static_call_update+0x87/0x620 kernel/static_call_inline.c:128
 #2: ffffffff8c062d08 (static_call_mutex){+.+.}-{3:3}, at: static_call_lock kernel/static_call_inline.c:25 [inline]
 #2: ffffffff8c062d08 (static_call_mutex){+.+.}-{3:3}, at: __static_call_update+0x95/0x620 kernel/static_call_inline.c:129
 #3: ffffffff8be51908 (text_mutex){+.+.}-{3:3}, at: arch_static_call_transform+0x1f/0x90 arch/x86/kernel/static_call.c:114
 #4: ffff88801be34020 (&chan->lock#2){-.-.}-{2:2}, at: req_done+0xcf/0x2e0 net/9p/trans_virtio.c:139

stack backtrace:
CPU: 1 PID: 7646 Comm: syz-executor.2 Not tainted 6.0.0-rc6-syzkaller-00344-g5e049663f678 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_usage_bug kernel/locking/lockdep.c:3961 [inline]
 valid_state kernel/locking/lockdep.c:3973 [inline]
 mark_lock_irq kernel/locking/lockdep.c:4176 [inline]
 mark_lock.part.0.cold+0x18/0xd8 kernel/locking/lockdep.c:4632
 mark_lock kernel/locking/lockdep.c:4596 [inline]
 mark_usage kernel/locking/lockdep.c:4524 [inline]
 __lock_acquire+0x14a2/0x56d0 kernel/locking/lockdep.c:5007
 lock_acquire kernel/locking/lockdep.c:5666 [inline]
 lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
 p9_tag_remove net/9p/client.c:367 [inline]
 p9_req_put net/9p/client.c:375 [inline]
 p9_req_put+0xc6/0x250 net/9p/client.c:372
 req_done+0x1de/0x2e0 net/9p/trans_virtio.c:148
 vring_interrupt drivers/virtio/virtio_ring.c:2462 [inline]
 vring_interrupt+0x29d/0x3d0 drivers/virtio/virtio_ring.c:2437
 __handle_irq_event_percpu+0x227/0x870 kernel/irq/handle.c:158
 handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
 handle_irq_event+0xa7/0x1e0 kernel/irq/handle.c:210
 handle_edge_irq+0x25f/0xd00 kernel/irq/chip.c:819
 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
 handle_irq arch/x86/kernel/irq.c:231 [inline]
 __common_interrupt+0x9d/0x210 arch/x86/kernel/irq.c:250
 common_interrupt+0x4d/0xc0 arch/x86/kernel/irq.c:240
 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:640
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202
Code: 0f 1f 44 00 00 55 48 8b 74 24 08 48 89 fd 48 83 c7 18 e8 0e 0e dc f7 48 89 ef e8 96 8f dc f7 e8 91 18 ff f7 fb bf 01 00 00 00 <e8> 56 51 cf f7 65 8b 05 6f 07 7f 76 85 c0 74 02 5d c3 e8 ce 0c 7d
RSP: 0018:ffffc90000538e08 EFLAGS: 00000206
RAX: 0000000000000844 RBX: ffffffff87d37b90 RCX: 1ffffffff211cc76
RDX: 0000000000000000 RSI: 0000000000000102 RDI: 0000000000000001
RBP: ffff88802c9283c0 R08: 0000000000000001 R09: ffffffff908e5947
R10: 0000000000000001 R11: 0000000000000001 R12: ffffc90000538ea0
R13: 0000000000000000 R14: dffffc0000000000 R15: ffff88802c9283c0
 expire_timers kernel/time/timer.c:1518 [inline]
 __run_timers.part.0+0x664/0xa80 kernel/time/timer.c:1790
 __run_timers kernel/time/timer.c:1768 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1106
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:default_send_IPI_allbutself+0x5d/0xe0 arch/x86/kernel/apic/ipi.c:233
Code: 1a f3 90 0f b6 45 00 84 c0 74 04 3c 03 7e 76 8b 04 25 00 c3 5f ff f6 c4 10 75 e6 81 cb 00 00 0c 00 89 df 89 3c 25 00 c3 5f ff <5b> 5d c3 48 c7 c0 c0 2a a2 8b 48 ba 00 00 00 00 00 fc ff df 48 c1
RSP: 0018:ffffc9000351f8c8 EFLAGS: 00000206
RAX: 00000000000c00fc RBX: 00000000000c00fc RCX: 1ffffffff1bbdc6e
RDX: 1ffffffff1744565 RSI: 0000000000000004 RDI: 00000000000c00fc
RBP: fffffbffffebf860 R08: 0000000000000000 R09: ffffffff8ddee373
R10: fffffbfff1bbdc6e R11: 0000000000000000 R12: ffff88802c93b0d0
R13: ffffffff8ddee580 R14: 1ffff1100592761a R15: 00000000ffffffff
 kvm_smp_send_call_func_ipi+0x3a/0x230 arch/x86/kernel/kvm.c:636
 arch_send_call_function_ipi_mask arch/x86/include/asm/smp.h:124 [inline]
 smp_call_function_many_cond+0xe9d/0x1430 kernel/smp.c:970
 on_each_cpu_cond_mask+0x56/0xa0 kernel/smp.c:1154
 on_each_cpu include/linux/smp.h:71 [inline]
 text_poke_sync arch/x86/kernel/alternative.c:1302 [inline]
 text_poke_bp_batch+0x3f6/0x6c0 arch/x86/kernel/alternative.c:1543
 text_poke_bp+0xad/0x110 arch/x86/kernel/alternative.c:1706
 arch_static_call_transform+0x77/0x90 arch/x86/kernel/static_call.c:123
 __static_call_update+0x3ff/0x620 kernel/static_call_inline.c:198
 tracepoint_update_call kernel/tracepoint.c:317 [inline]
 tracepoint_remove_func kernel/tracepoint.c:419 [inline]
 tracepoint_probe_unregister+0x6bd/0xc30 kernel/tracepoint.c:551
 bpf_raw_tp_link_release+0x51/0xa0 kernel/bpf/syscall.c:3130
 bpf_link_free+0xe6/0x1b0 kernel/bpf/syscall.c:2713
 bpf_link_put+0x161/0x1b0 kernel/bpf/syscall.c:2739
 bpf_link_release+0x33/0x40 kernel/bpf/syscall.c:2748
 __fput+0x277/0x9d0 fs/file_table.c:320
 task_work_run+0xdd/0x1a0 kernel/task_work.c:177
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:169 [inline]
 exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294
 __do_fast_syscall_32+0x72/0xf0 arch/x86/entry/common.c:181
 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
 entry_SYSENTER_compat_after_hwframe+0x70/0x82
RIP: 0023:0xf7f62549
Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000ffed38a0 EFLAGS: 00000282 ORIG_RAX: 0000000000000006
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000002
RDX: 0000000000000000 RSI: 00000000f6f4a000 RDI: 0000000000000000
RBP: 00000000f6f80948 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   5:	55                   	push   %rbp
   6:	48 8b 74 24 08       	mov    0x8(%rsp),%rsi
   b:	48 89 fd             	mov    %rdi,%rbp
   e:	48 83 c7 18          	add    $0x18,%rdi
  12:	e8 0e 0e dc f7       	callq  0xf7dc0e25
  17:	48 89 ef             	mov    %rbp,%rdi
  1a:	e8 96 8f dc f7       	callq  0xf7dc8fb5
  1f:	e8 91 18 ff f7       	callq  0xf7ff18b5
  24:	fb                   	sti
  25:	bf 01 00 00 00       	mov    $0x1,%edi
* 2a:	e8 56 51 cf f7       	callq  0xf7cf5185 <-- trapping instruction
  2f:	65 8b 05 6f 07 7f 76 	mov    %gs:0x767f076f(%rip),%eax        # 0x767f07a5
  36:	85 c0                	test   %eax,%eax
  38:	74 02                	je     0x3c
  3a:	5d                   	pop    %rbp
  3b:	c3                   	retq
  3c:	e8                   	.byte 0xe8
  3d:	ce                   	(bad)
  3e:	0c 7d                	or     $0x7d,%al