===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted ----------------------------------------------------- syz-executor.4/8641 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: ffff88805ff21200 (&stab->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffff88805ff21200 (&stab->lock){+.-.}-{2:2}, at: __sock_map_delete net/core/sock_map.c:414 [inline] ffff88805ff21200 (&stab->lock){+.-.}-{2:2}, at: sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 and this task is already holding: ffff88801fb283f0 (&dev->event_lock){-.-.}-{2:2}, at: drm_events_release drivers/gpu/drm/drm_file.c:204 [inline] ffff88801fb283f0 (&dev->event_lock){-.-.}-{2:2}, at: drm_file_free+0x1e7/0x900 drivers/gpu/drm/drm_file.c:246 which would create a new lock dependency: (&dev->event_lock){-.-.}-{2:2} -> (&stab->lock){+.-.}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&dev->event_lock){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 drm_handle_vblank+0xc8/0x4c0 drivers/gpu/drm/drm_vblank.c:1885 vkms_vblank_simulate+0xd6/0x360 drivers/gpu/drm/vkms/vkms_crtc.c:29 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x595/0xd00 kernel/time/hrtimer.c:1756 hrtimer_interrupt+0x396/0x990 kernel/time/hrtimer.c:1818 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x107/0x3a0 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] acpi_safe_halt+0x21/0x30 drivers/acpi/processor_idle.c:112 acpi_idle_enter+0xe4/0x140 drivers/acpi/processor_idle.c:707 cpuidle_enter_state+0x118/0x490 drivers/cpuidle/cpuidle.c:267 cpuidle_enter+0x5d/0xa0 drivers/cpuidle/cpuidle.c:388 call_cpuidle kernel/sched/idle.c:155 [inline] cpuidle_idle_call kernel/sched/idle.c:236 [inline] do_idle+0x375/0x5d0 kernel/sched/idle.c:332 cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:430 rest_init+0x2e0/0x300 init/main.c:730 arch_call_rest_init+0xe/0x10 init/main.c:831 start_kernel+0x47a/0x500 init/main.c:1077 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0x99/0xa0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x147 to a HARDIRQ-irq-unsafe lock: (&stab->lock){+.-.}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_map_update_common+0x1b6/0x5b0 net/core/sock_map.c:490 sock_map_update_elem_sys+0x55f/0x910 net/core/sock_map.c:579 map_update_elem+0x53a/0x6f0 kernel/bpf/syscall.c:1641 __sys_bpf+0x76f/0x810 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&stab->lock); local_irq_disable(); lock(&dev->event_lock); lock(&stab->lock); lock(&dev->event_lock); *** DEADLOCK *** 2 locks held by syz-executor.4/8641: #0: ffff88801fb283f0 (&dev->event_lock){-.-.}-{2:2}, at: drm_events_release drivers/gpu/drm/drm_file.c:204 [inline] #0: ffff88801fb283f0 (&dev->event_lock){-.-.}-{2:2}, at: drm_file_free+0x1e7/0x900 drivers/gpu/drm/drm_file.c:246 #1: ffffffff8e132020 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] #1: ffffffff8e132020 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] #1: ffffffff8e132020 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] #1: ffffffff8e132020 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 kernel/trace/bpf_trace.c:2420 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&dev->event_lock){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 drm_handle_vblank+0xc8/0x4c0 drivers/gpu/drm/drm_vblank.c:1885 vkms_vblank_simulate+0xd6/0x360 drivers/gpu/drm/vkms/vkms_crtc.c:29 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x595/0xd00 kernel/time/hrtimer.c:1756 hrtimer_interrupt+0x396/0x990 kernel/time/hrtimer.c:1818 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x107/0x3a0 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] acpi_safe_halt+0x21/0x30 drivers/acpi/processor_idle.c:112 acpi_idle_enter+0xe4/0x140 drivers/acpi/processor_idle.c:707 cpuidle_enter_state+0x118/0x490 drivers/cpuidle/cpuidle.c:267 cpuidle_enter+0x5d/0xa0 drivers/cpuidle/cpuidle.c:388 call_cpuidle kernel/sched/idle.c:155 [inline] cpuidle_idle_call kernel/sched/idle.c:236 [inline] do_idle+0x375/0x5d0 kernel/sched/idle.c:332 cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:430 rest_init+0x2e0/0x300 init/main.c:730 arch_call_rest_init+0xe/0x10 init/main.c:831 start_kernel+0x47a/0x500 init/main.c:1077 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0x99/0xa0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x147 IN-SOFTIRQ-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 drm_handle_vblank+0xc8/0x4c0 drivers/gpu/drm/drm_vblank.c:1885 vkms_vblank_simulate+0xd6/0x360 drivers/gpu/drm/vkms/vkms_crtc.c:29 __run_hrtimer kernel/time/hrtimer.c:1692 [inline] __hrtimer_run_queues+0x595/0xd00 kernel/time/hrtimer.c:1756 hrtimer_interrupt+0x396/0x990 kernel/time/hrtimer.c:1818 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x107/0x3a0 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 lock_acquire+0x25b/0x530 kernel/locking/lockdep.c:5758 put_task_struct include/linux/sched/task.h:137 [inline] delayed_put_task_struct+0x109/0x2d0 kernel/exit.c:229 rcu_do_batch kernel/rcu/tree.c:2196 [inline] rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471 __do_softirq+0x2bc/0x943 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] acpi_safe_halt+0x21/0x30 drivers/acpi/processor_idle.c:112 acpi_idle_enter+0xe4/0x140 drivers/acpi/processor_idle.c:707 cpuidle_enter_state+0x118/0x490 drivers/cpuidle/cpuidle.c:267 cpuidle_enter+0x5d/0xa0 drivers/cpuidle/cpuidle.c:388 call_cpuidle kernel/sched/idle.c:155 [inline] cpuidle_idle_call kernel/sched/idle.c:236 [inline] do_idle+0x375/0x5d0 kernel/sched/idle.c:332 cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:430 rest_init+0x2e0/0x300 init/main.c:730 arch_call_rest_init+0xe/0x10 init/main.c:831 start_kernel+0x47a/0x500 init/main.c:1077 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0x99/0xa0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x147 INITIAL USE at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] vkms_crtc_atomic_flush+0x8d/0x1c0 drivers/gpu/drm/vkms/vkms_crtc.c:253 drm_atomic_helper_commit_planes+0xaf1/0xe00 drivers/gpu/drm/drm_atomic_helper.c:2820 vkms_atomic_commit_tail+0x5d/0x200 drivers/gpu/drm/vkms/vkms_drv.c:73 commit_tail+0x2a9/0x3c0 drivers/gpu/drm/drm_atomic_helper.c:1832 drm_atomic_helper_commit+0x953/0x9f0 drivers/gpu/drm/drm_atomic_helper.c:2072 drm_atomic_commit+0x2ac/0x310 drivers/gpu/drm/drm_atomic.c:1514 drm_client_modeset_commit_atomic+0x676/0x7e0 drivers/gpu/drm/drm_client_modeset.c:1051 drm_client_modeset_commit_locked+0xe0/0x520 drivers/gpu/drm/drm_client_modeset.c:1154 drm_client_modeset_commit+0x4a/0x70 drivers/gpu/drm/drm_client_modeset.c:1180 __drm_fb_helper_restore_fbdev_mode_unlocked+0xc3/0x170 drivers/gpu/drm/drm_fb_helper.c:251 drm_fb_helper_set_par+0xaf/0x100 drivers/gpu/drm/drm_fb_helper.c:1344 fbcon_init+0x1129/0x2190 drivers/video/fbdev/core/fbcon.c:1094 visual_init+0x2e6/0x650 drivers/tty/vt/vt.c:1023 do_bind_con_driver+0x863/0xf60 drivers/tty/vt/vt.c:3643 do_take_over_console+0x5e7/0x750 drivers/tty/vt/vt.c:4222 do_fbcon_takeover+0x11a/0x200 drivers/video/fbdev/core/fbcon.c:532 do_fb_registered drivers/video/fbdev/core/fbcon.c:3000 [inline] fbcon_fb_registered+0x352/0x600 drivers/video/fbdev/core/fbcon.c:3020 do_register_framebuffer drivers/video/fbdev/core/fbmem.c:449 [inline] register_framebuffer+0x6b2/0x8d0 drivers/video/fbdev/core/fbmem.c:515 __drm_fb_helper_initial_config_and_unlock+0x172d/0x1e30 drivers/gpu/drm/drm_fb_helper.c:1871 drm_fbdev_generic_client_hotplug+0x16e/0x230 drivers/gpu/drm/drm_fbdev_generic.c:279 drm_client_register+0x17f/0x210 drivers/gpu/drm/drm_client.c:141 vkms_create drivers/gpu/drm/vkms/vkms_drv.c:226 [inline] vkms_init+0x5f5/0x730 drivers/gpu/drm/vkms/vkms_drv.c:252 do_one_initcall+0x238/0x830 init/main.c:1241 do_initcall_level+0x157/0x210 init/main.c:1303 do_initcalls+0x3f/0x80 init/main.c:1319 kernel_init_freeable+0x435/0x5d0 init/main.c:1550 kernel_init+0x1d/0x2a0 init/main.c:1439 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 } ... key at: [] drm_dev_init.__key.17+0x0/0x20 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (&stab->lock){+.-.}-{2:2} { HARDIRQ-ON-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_map_update_common+0x1b6/0x5b0 net/core/sock_map.c:490 sock_map_update_elem_sys+0x55f/0x910 net/core/sock_map.c:579 map_update_elem+0x53a/0x6f0 kernel/bpf/syscall.c:1641 __sys_bpf+0x76f/0x810 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 IN-SOFTIRQ-W at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 bpf_prog_9dc0996bccb7470f+0x68/0x6c bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x204/0x420 kernel/trace/bpf_trace.c:2420 trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0x291/0x380 mm/slub.c:4377 deferred_put_nlk_sk+0x45/0x270 net/netlink/af_netlink.c:732 rcu_do_batch kernel/rcu/tree.c:2196 [inline] rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471 __do_softirq+0x2bc/0x943 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xd8/0x140 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] klist_next+0x291/0x330 lib/klist.c:401 class_dev_iter_next drivers/base/class.c:344 [inline] class_find_device+0x1d5/0x390 drivers/base/class.c:452 class_find_device_by_devt include/linux/device/class.h:145 [inline] tty_get_device drivers/tty/tty_io.c:3099 [inline] alloc_tty_struct+0x67c/0x7d0 drivers/tty/tty_io.c:3146 pty_common_install+0x15f/0x710 drivers/tty/pty.c:379 tty_driver_install_tty drivers/tty/tty_io.c:1310 [inline] tty_init_dev+0xc1/0x4c0 drivers/tty/tty_io.c:1422 ptmx_open+0xda/0x2c0 drivers/tty/pty.c:824 chrdev_open+0x5b0/0x630 fs/char_dev.c:414 do_dentry_open+0x907/0x15a0 fs/open.c:955 do_open fs/namei.c:3642 [inline] path_openat+0x2860/0x3240 fs/namei.c:3799 do_filp_open+0x235/0x490 fs/namei.c:3826 do_sys_openat2+0x13e/0x1d0 fs/open.c:1406 do_sys_open fs/open.c:1421 [inline] __do_sys_openat fs/open.c:1437 [inline] __se_sys_openat fs/open.c:1432 [inline] __x64_sys_openat+0x247/0x2a0 fs/open.c:1432 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 INITIAL USE at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_map_update_common+0x1b6/0x5b0 net/core/sock_map.c:490 sock_map_update_elem_sys+0x55f/0x910 net/core/sock_map.c:579 map_update_elem+0x53a/0x6f0 kernel/bpf/syscall.c:1641 __sys_bpf+0x76f/0x810 kernel/bpf/syscall.c:5619 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 } ... key at: [] sock_map_alloc.__key+0x0/0x20 ... acquired at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 bpf_prog_9dc0996bccb7470f+0x68/0x6c bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x204/0x420 kernel/trace/bpf_trace.c:2420 trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0x291/0x380 mm/slub.c:4377 drm_events_release drivers/gpu/drm/drm_file.c:216 [inline] drm_file_free+0x4e2/0x900 drivers/gpu/drm/drm_file.c:246 drm_close_helper drivers/gpu/drm/drm_file.c:282 [inline] drm_release+0x32b/0x560 drivers/gpu/drm/drm_file.c:434 __fput+0x429/0x8a0 fs/file_table.c:422 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1541 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 stack backtrace: CPU: 0 PID: 8641 Comm: syz-executor.4 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline] check_irq_usage kernel/locking/lockdep.c:2865 [inline] check_prev_add kernel/locking/lockdep.c:3138 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x4dc7/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] __sock_map_delete net/core/sock_map.c:414 [inline] sock_map_delete_elem+0x97/0x140 net/core/sock_map.c:446 bpf_prog_9dc0996bccb7470f+0x68/0x6c bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x204/0x420 kernel/trace/bpf_trace.c:2420 trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0x291/0x380 mm/slub.c:4377 drm_events_release drivers/gpu/drm/drm_file.c:216 [inline] drm_file_free+0x4e2/0x900 drivers/gpu/drm/drm_file.c:246 drm_close_helper drivers/gpu/drm/drm_file.c:282 [inline] drm_release+0x32b/0x560 drivers/gpu/drm/drm_file.c:434 __fput+0x429/0x8a0 fs/file_table.c:422 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1541 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fea9287cd5a Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24 RSP: 002b:00007ffd8dfa86a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007fea9287cd5a RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 RBP: 00007fea929ad980 R08: 0000001b30960000 R09: 00007fea935a40b0 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000032a0e R13: ffffffffffffffff R14: 00007fea92400000 R15: 00000000000326cd ------------[ cut here ]------------ raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 0 PID: 8641 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x40 kernel/locking/irqflag-debug.c:10 Modules linked in: CPU: 0 PID: 8641 Comm: syz-executor.4 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:warn_bogus_irq_restore+0x29/0x40 kernel/locking/irqflag-debug.c:10 Code: 90 f3 0f 1e fa 90 80 3d bd 16 05 04 00 74 06 90 c3 cc cc cc cc c6 05 ae 16 05 04 01 90 48 c7 c7 e0 b9 aa 8b e8 88 34 ec f5 90 <0f> 0b 90 90 90 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f RSP: 0018:ffffc9001277fcd8 EFLAGS: 00010246 RAX: f0b8689661784200 RBX: 1ffff920024effa0 RCX: ffff888024a11e00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9001277fd68 R08: ffffffff8157cb22 R09: fffffbfff1bf9650 R10: dffffc0000000000 R11: fffffbfff1bf9650 R12: dffffc0000000000 R13: 1ffff920024eff9c R14: ffffc9001277fd00 R15: 0000000000000246 FS: 000055557f1e9480(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffec0000 CR3: 0000000075cb4000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] _raw_spin_unlock_irqrestore+0x120/0x140 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] drm_events_release drivers/gpu/drm/drm_file.c:219 [inline] drm_file_free+0x50f/0x900 drivers/gpu/drm/drm_file.c:246 drm_close_helper drivers/gpu/drm/drm_file.c:282 [inline] drm_release+0x32b/0x560 drivers/gpu/drm/drm_file.c:434 __fput+0x429/0x8a0 fs/file_table.c:422 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1541 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fea9287cd5a Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24 RSP: 002b:00007ffd8dfa86a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007fea9287cd5a RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 RBP: 00007fea929ad980 R08: 0000001b30960000 R09: 00007fea935a40b0 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000032a0e R13: ffffffffffffffff R14: 00007fea92400000 R15: 00000000000326cd