[v6.1] WARNING in vkms_get_vblank_timestamp

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit: 61adba85cc40 Linux 6.1.81
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1593d31a180000
kernel config: https://syzkaller.appspot.com/x/.config?x=8da5a35c67a34fd5
dashboard link: https://syzkaller.appspot.com/bug?extid=7ff1b5bce8646c58d994
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/61c8045dd77d/disk-61adba85.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1620a2c15322/vmlinux-61adba85.xz
kernel image: https://storage.googleapis.com/syzbot-assets/68d3cf583201/Image-61adba85.gz.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7ff1b5...@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 1 PID: 8631 at drivers/gpu/drm/vkms/vkms_crtc.c:103 vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103
Modules linked in:
CPU: 1 PID: 8631 Comm: syz-executor.4 Not tainted 6.1.81-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103
lr : vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103
sp : ffff80001f9a6fd0
x29: ffff80001f9a6fd0 x28: ffff80001f9a7090 x27: ffff0000cdca0ee8
x26: ffff80001f9a7080 x25: 1ffff00003f34e12 x24: 0000000000000000
x23: ffff0000cdca0000 x22: dfff800000000000 x21: 000000208e258589
x20: 000000208e258589 x19: ffff80001f9a7090 x18: ffff80001f9a69a0
x17: 0048000000000326 x16: ffff80000831d00c x15: 0000000000000000
x14: 1ffff00002b060b0 x13: dfff800000000000 x12: ffff700003f34e0c
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff80000ba4d394
x8 : ffff0000d6141bc0 x7 : ffff80000b894290 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff80001f9a7090 x1 : 000000208e258589 x0 : 000000208e258589
Call trace:
vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103
drm_get_last_vbltimestamp drivers/gpu/drm/drm_vblank.c:881 [inline]
drm_update_vblank_count+0x23c/0xb24 drivers/gpu/drm/drm_vblank.c:303
drm_vblank_disable_and_save+0xc8/0x344 drivers/gpu/drm/drm_vblank.c:477
drm_crtc_vblank_off+0x258/0x7b8 drivers/gpu/drm/drm_vblank.c:1325
vkms_crtc_atomic_disable+0x20/0x30 drivers/gpu/drm/vkms/vkms_crtc.c:234
disable_outputs drivers/gpu/drm/drm_atomic_helper.c:1227 [inline]
drm_atomic_helper_commit_modeset_disables+0xab0/0x15bc drivers/gpu/drm/drm_atomic_helper.c:1431
vkms_atomic_commit_tail+0x5c/0x20c drivers/gpu/drm/vkms/vkms_drv.c:71
commit_tail+0x274/0x3b8 drivers/gpu/drm/drm_atomic_helper.c:1803
drm_atomic_helper_commit+0x5fc/0x644 drivers/gpu/drm/drm_atomic_helper.c:2043
drm_atomic_commit+0x24c/0x2a0 drivers/gpu/drm/drm_atomic.c:1452
drm_client_modeset_commit_atomic+0x5a4/0x730 drivers/gpu/drm/drm_client_modeset.c:1055
drm_client_modeset_commit_locked+0xd0/0x4a8 drivers/gpu/drm/drm_client_modeset.c:1158
drm_client_modeset_commit+0x50/0x7c drivers/gpu/drm/drm_client_modeset.c:1184
__drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:253 [inline]
drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:280 [inline]
drm_fb_helper_lastclose drivers/gpu/drm/drm_fb_helper.c:2106 [inline]
drm_fbdev_client_restore+0xe8/0x17c drivers/gpu/drm/drm_fb_helper.c:2518
drm_client_dev_restore+0x12c/0x24c drivers/gpu/drm/drm_client.c:247
drm_lastclose drivers/gpu/drm/drm_file.c:462 [inline]
drm_release+0x4dc/0x624 drivers/gpu/drm/drm_file.c:493
__fput+0x30c/0x7bc fs/file_table.c:320
____fput+0x20/0x30 fs/file_table.c:348
task_work_run+0x240/0x2f0 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x2148/0x3474 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 2156
hardirqs last enabled at (2155): [<ffff8000122297ec>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last enabled at (2155): [<ffff8000122297ec>] _raw_spin_unlock_irq+0x3c/0x90 kernel/locking/spinlock.c:202
hardirqs last disabled at (2156): [<ffff8000122295ac>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:117 [inline]
hardirqs last disabled at (2156): [<ffff8000122295ac>] _raw_spin_lock_irq+0x34/0x9c kernel/locking/spinlock.c:170
softirqs last enabled at (2000): [<ffff800008033178>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (1998): [<ffff800008033144>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit: 61adba85cc40 Linux 6.1.81
git tree: linux-6.1.y

console output: https://syzkaller.appspot.com/x/log.txt?x=163b2e86180000

kernel config: https://syzkaller.appspot.com/x/.config?x=8da5a35c67a34fd5
dashboard link: https://syzkaller.appspot.com/bug?extid=7ff1b5bce8646c58d994
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15d2d2c9180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=176f944e180000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/61c8045dd77d/disk-61adba85.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1620a2c15322/vmlinux-61adba85.xz
kernel image: https://storage.googleapis.com/syzbot-assets/68d3cf583201/Image-61adba85.gz.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7ff1b5...@syzkaller.appspotmail.com

------------[ cut here ]------------

WARNING: CPU: 0 PID: 4232 at drivers/gpu/drm/vkms/vkms_crtc.c:103 vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103
Modules linked in:
CPU: 0 PID: 4232 Comm: syz-executor318 Not tainted 6.1.81-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103
lr : vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103

sp : ffff80001dc071f0
x29: ffff80001dc071f0 x28: ffff80001dc072b0 x27: ffff0000cd494ee8
x26: ffff80001dc072a0 x25: 1ffff00003b80e56 x24: 0000000000000000
x23: ffff0000cd494000 x22: dfff800000000000 x21: 00000007bcb153c9
x20: 00000007bcb153c9 x19: ffff80001dc072b0 x18: ffff80001dc078c8
x17: 0000000000000000 x16: ffff80000831d00c x15: 0000000000000000
x14: 1ffff00002b060b0 x13: dfff800000000000 x12: ffff700003b80e50

x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff80000ba4d394

x8 : ffff0000dca2d340 x7 : ffff80000b8934b0 x6 : 0000000000000000

x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000

x2 : ffff80001dc072b0 x1 : 00000007bcb153c9 x0 : 00000007bcb153c9

Call trace:
vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103
drm_get_last_vbltimestamp drivers/gpu/drm/drm_vblank.c:881 [inline]
drm_update_vblank_count+0x23c/0xb24 drivers/gpu/drm/drm_vblank.c:303

drm_crtc_accurate_vblank_count+0x114/0x334 drivers/gpu/drm/drm_vblank.c:416
drm_crtc_arm_vblank_event+0xa8/0x1e0 drivers/gpu/drm/drm_vblank.c:1066
vkms_crtc_atomic_flush+0x1a8/0x1b4 drivers/gpu/drm/vkms/vkms_crtc.c:259
drm_atomic_helper_commit_planes+0x7d4/0x8e0 drivers/gpu/drm/drm_atomic_helper.c:2732
vkms_atomic_commit_tail+0x6c/0x20c drivers/gpu/drm/vkms/vkms_drv.c:73

commit_tail+0x274/0x3b8 drivers/gpu/drm/drm_atomic_helper.c:1803
drm_atomic_helper_commit+0x5fc/0x644 drivers/gpu/drm/drm_atomic_helper.c:2043
drm_atomic_commit+0x24c/0x2a0 drivers/gpu/drm/drm_atomic.c:1452

drm_atomic_helper_set_config+0xe8/0x198 drivers/gpu/drm/drm_atomic_helper.c:3176
drm_mode_setcrtc+0x918/0x13e8 drivers/gpu/drm/drm_crtc.c:886
drm_ioctl_kernel+0x2cc/0x458 drivers/gpu/drm/drm_ioctl.c:788
drm_ioctl+0x5a0/0xa2c drivers/gpu/drm/drm_ioctl.c:891
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637

el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

irq event stamp: 716
hardirqs last enabled at (715): [<ffff8000122297ec>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last enabled at (715): [<ffff8000122297ec>] _raw_spin_unlock_irq+0x3c/0x90 kernel/locking/spinlock.c:202
hardirqs last disabled at (716): [<ffff8000122295ac>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:117 [inline]
hardirqs last disabled at (716): [<ffff8000122295ac>] _raw_spin_lock_irq+0x34/0x9c kernel/locking/spinlock.c:170
softirqs last enabled at (482): [<ffff800008033178>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (480): [<ffff800008033144>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19

---[ end trace 0000000000000000 ]---

------------[ cut here ]------------
WARNING: CPU: 1 PID: 4232 at drivers/gpu/drm/vkms/vkms_crtc.c:103 vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103
Modules linked in:
CPU: 1 PID: 4232 Comm: syz-executor318 Tainted: G W 6.1.81-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103
lr : vkms_get_vblank_timestamp+0x1a4/0x1d4 drivers/gpu/drm/vkms/vkms_crtc.c:103

sp : ffff80001dc070b0
x29: ffff80001dc070b0 x28: ffff80001dc07170 x27: ffff0000cd494ee8
x26: ffff80001dc07160 x25: 1ffff00003b80e2e x24: 0000000000000000
x23: ffff0000cd494000 x22: dfff800000000000 x21: 00000007c2400989
x20: 00000007c2400989 x19: ffff80001dc07170 x18: ffff80001dc07060

x17: 0048000000000326 x16: ffff80000831d00c x15: 0000000000000000

x14: 1ffff00002b060b0 x13: dfff800000000000 x12: ffff700003b80e28

x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff80000ba4d394

x8 : ffff0000dca2d340 x7 : ffff80000b894290 x6 : 0000000000000000

x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000

x2 : ffff80001dc07170 x1 : 00000007c2400989 x0 : 00000007c2400989

exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0x554/0x1a88 kernel/exit.c:869
do_group_exit+0x194/0x22c kernel/exit.c:1019
__do_sys_exit_group kernel/exit.c:1030 [inline]
__se_sys_exit_group kernel/exit.c:1028 [inline]
__wake_up_parent+0x0/0x60 kernel/exit.c:1028
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637

el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

irq event stamp: 1510
hardirqs last enabled at (1509): [<ffff8000122297ec>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last enabled at (1509): [<ffff8000122297ec>] _raw_spin_unlock_irq+0x3c/0x90 kernel/locking/spinlock.c:202
hardirqs last disabled at (1510): [<ffff8000122295ac>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:117 [inline]
hardirqs last disabled at (1510): [<ffff8000122295ac>] _raw_spin_lock_irq+0x34/0x9c kernel/locking/spinlock.c:170
softirqs last enabled at (932): [<ffff800008033178>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (930): [<ffff800008033144>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19

---[ end trace 0000000000000000 ]---


---

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.