====================================================== WARNING: possible circular locking dependency detected syzkaller #0 Tainted: G L ------------------------------------------------------ kworker/u9:2/4708 is trying to acquire lock: ffff0000c1919210 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_link_sibling+0x290/0x370 fs/kernfs/dir.c:411 but task is already holding lock: ffff0000c1919180 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_add_one+0x40/0x398 fs/kernfs/dir.c:826 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #9 (&root->kernfs_rwsem){++++}-{4:4}: down_write+0x50/0xc0 kernel/locking/rwsem.c:1625 kernfs_add_one+0x40/0x398 fs/kernfs/dir.c:826 kernfs_create_dir_ns+0xe0/0x138 fs/kernfs/dir.c:1131 sysfs_create_dir_ns+0x120/0x1f4 fs/sysfs/dir.c:59 create_dir lib/kobject.c:73 [inline] kobject_add_internal+0x290/0x6f0 lib/kobject.c:240 kobject_add_varg+0x9c/0xe8 lib/kobject.c:374 kobject_add+0x110/0x1c8 lib/kobject.c:426 device_add+0x394/0x9f0 drivers/base/core.c:3629 device_register+0x28/0x38 drivers/base/core.c:3788 register_cpu+0x270/0x524 drivers/base/cpu.c:431 arch_register_cpu+0x160/0x224 arch/arm64/kernel/smp.c:530 acpi_processor_hotadd_init drivers/acpi/acpi_processor.c:248 [inline] acpi_processor_get_info drivers/acpi/acpi_processor.c:370 [inline] acpi_processor_add+0x8f0/0x13f0 drivers/acpi/acpi_processor.c:441 acpi_scan_attach_handler drivers/acpi/scan.c:2323 [inline] acpi_bus_attach+0x464/0x7e0 drivers/acpi/scan.c:2372 acpi_dev_for_one_check+0xa0/0xb4 drivers/acpi/bus.c:1196 device_for_each_child+0xf4/0x184 drivers/base/core.c:4035 acpi_dev_for_each_child+0x98/0xe4 drivers/acpi/bus.c:1208 acpi_bus_attach+0x20c/0x7e0 drivers/acpi/scan.c:2393 acpi_dev_for_one_check+0xa0/0xb4 drivers/acpi/bus.c:1196 device_for_each_child+0xf4/0x184 drivers/base/core.c:4035 acpi_dev_for_each_child+0x98/0xe4 drivers/acpi/bus.c:1208 acpi_bus_attach+0x20c/0x7e0 drivers/acpi/scan.c:2393 acpi_bus_scan+0x104/0x310 drivers/acpi/scan.c:2743 acpi_scan_init+0x168/0x3cc drivers/acpi/scan.c:2869 acpi_init+0x15c/0x1f4 drivers/acpi/bus.c:1523 do_one_initcall+0x274/0xc38 init/main.c:1392 do_initcall_level+0x12c/0x1c4 init/main.c:1454 do_initcalls+0x70/0xd0 init/main.c:1470 do_basic_setup+0x7c/0x90 init/main.c:1490 kernel_init_freeable+0x268/0x3a8 init/main.c:1703 kernel_init+0x24/0x1dc init/main.c:1593 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842 -> #8 (cpu_hotplug_lock){++++}-{0:0}: percpu_down_read_internal include/linux/percpu-rwsem.h:53 [inline] percpu_down_read include/linux/percpu-rwsem.h:77 [inline] cpus_read_lock+0x58/0x25c kernel/cpu.c:490 static_key_disable+0x1c/0x38 kernel/jump_label.c:247 __do_once_sleepable_done+0x4c/0x74 lib/once.c:96 __inet_hash_connect+0x1658/0x165c net/ipv4/inet_hashtables.c:1083 inet_hash_connect+0x128/0x230 net/ipv4/inet_hashtables.c:1275 tcp_v4_connect+0xa14/0x1478 net/ipv4/tcp_ipv4.c:306 __inet_stream_connect+0x1f4/0xc14 net/ipv4/af_inet.c:684 inet_stream_connect+0x74/0xb0 net/ipv4/af_inet.c:755 __sys_connect_file+0x13c/0x184 net/socket.c:2148 __sys_connect+0x114/0x194 net/socket.c:2167 __do_sys_connect net/socket.c:2173 [inline] __se_sys_connect net/socket.c:2170 [inline] __arm64_sys_connect+0x7c/0x94 net/socket.c:2170 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xec/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x4c/0x5c arch/arm64/kernel/syscall.c:140 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 -> #7 (sk_lock-AF_INET){+.+.}-{0:0}: lock_sock_nested+0x58/0x110 net/core/sock.c:3787 lock_sock include/net/sock.h:1713 [inline] inet_shutdown+0x74/0x354 net/ipv4/af_inet.c:915 kernel_sock_shutdown+0x6c/0x80 net/socket.c:3785 nbd_mark_nsock_dead+0x280/0x4f4 drivers/block/nbd.c:318 recv_work+0x1d58/0x1e74 drivers/block/nbd.c:1021 process_one_work kernel/workqueue.c:3314 [inline] process_scheduled_works+0x788/0x10b8 kernel/workqueue.c:3397 worker_thread+0x798/0xbd0 kernel/workqueue.c:3478 kthread+0x304/0x3d4 kernel/kthread.c:436 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842 -> #6 (&nsock->tx_lock){+.+.}-{4:4}: __mutex_lock_common kernel/locking/mutex.c:646 [inline] __mutex_lock+0x164/0xed0 kernel/locking/mutex.c:820 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873 nbd_handle_cmd drivers/block/nbd.c:1143 [inline] nbd_queue_rq+0x1f4/0xbd8 drivers/block/nbd.c:1207 blk_mq_dispatch_rq_list+0x3d4/0x13a8 block/blk-mq.c:2148 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:168 [inline] blk_mq_do_dispatch_sched block/blk-mq-sched.c:182 [inline] __blk_mq_sched_dispatch_requests+0xa48/0x10e8 block/blk-mq-sched.c:307 blk_mq_sched_dispatch_requests+0xa8/0x158 block/blk-mq-sched.c:329 blk_mq_run_hw_queue+0x300/0x4dc block/blk-mq.c:2387 blk_mq_dispatch_list+0xa28/0xb2c block/blk-mq.c:-1 blk_mq_flush_plug_list+0x3ac/0x494 block/blk-mq.c:2997 __blk_flush_plug+0x364/0x440 block/blk-core.c:1230 blk_finish_plug block/blk-core.c:1257 [inline] __submit_bio+0x3a0/0x480 block/blk-core.c:649 __submit_bio_noacct_mq block/blk-core.c:722 [inline] submit_bio_noacct_nocheck+0x288/0xaac block/blk-core.c:753 submit_bio_noacct+0xd7c/0x17f0 block/blk-core.c:884 submit_bio+0x38c/0x528 block/blk-core.c:926 blk_crypto_submit_bio include/linux/blk-crypto.h:203 [inline] submit_bh_wbc+0x4c8/0x5ac fs/buffer.c:2737 submit_bh fs/buffer.c:2742 [inline] block_read_full_folio+0x47c/0x754 fs/buffer.c:2344 blkdev_read_folio+0x28/0x38 block/fops.c:494 filemap_read_folio+0xf0/0x2fc mm/filemap.c:2502 do_read_cache_folio+0x35c/0x5a8 mm/filemap.c:4107 read_cache_folio+0x68/0x88 mm/filemap.c:4139 read_mapping_folio include/linux/pagemap.h:1017 [inline] read_part_sector+0xcc/0x708 block/partitions/core.c:724 adfspart_check_ICS+0xa4/0x720 block/partitions/acorn.c:356 check_partition block/partitions/core.c:143 [inline] blk_add_partitions block/partitions/core.c:591 [inline] bdev_disk_changed+0x6c4/0x11ec block/partitions/core.c:695 blkdev_get_whole+0x15c/0x240 block/bdev.c:756 bdev_open+0x2b4/0x880 block/bdev.c:965 blkdev_open+0x2d4/0x408 block/fops.c:697 do_dentry_open+0x5c4/0xfb8 fs/open.c:947 vfs_open+0x44/0x2dc fs/open.c:1079 do_open fs/namei.c:4699 [inline] path_openat+0x22d4/0x2b88 fs/namei.c:4858 do_file_open+0x1c8/0x2e8 fs/namei.c:4887 do_sys_openat2+0x114/0x1e8 fs/open.c:1364 do_sys_open+0xac/0xdc fs/open.c:1370 __do_sys_openat fs/open.c:1386 [inline] __se_sys_openat fs/open.c:1381 [inline] __arm64_sys_openat+0xa0/0xbc fs/open.c:1381 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xec/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x4c/0x5c arch/arm64/kernel/syscall.c:140 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 -> #5 (&cmd->lock){+.+.}-{4:4}: __mutex_lock_common kernel/locking/mutex.c:646 [inline] __mutex_lock+0x164/0xed0 kernel/locking/mutex.c:820 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873 nbd_queue_rq+0xb0/0xbd8 drivers/block/nbd.c:1199 blk_mq_dispatch_rq_list+0x3d4/0x13a8 block/blk-mq.c:2148 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:168 [inline] blk_mq_do_dispatch_sched block/blk-mq-sched.c:182 [inline] __blk_mq_sched_dispatch_requests+0xa48/0x10e8 block/blk-mq-sched.c:307 blk_mq_sched_dispatch_requests+0xa8/0x158 block/blk-mq-sched.c:329 blk_mq_run_hw_queue+0x300/0x4dc block/blk-mq.c:2387 blk_mq_dispatch_list+0xa28/0xb2c block/blk-mq.c:-1 blk_mq_flush_plug_list+0x3ac/0x494 block/blk-mq.c:2997 __blk_flush_plug+0x364/0x440 block/blk-core.c:1230 blk_finish_plug block/blk-core.c:1257 [inline] __submit_bio+0x3a0/0x480 block/blk-core.c:649 __submit_bio_noacct_mq block/blk-core.c:722 [inline] submit_bio_noacct_nocheck+0x288/0xaac block/blk-core.c:753 submit_bio_noacct+0xd7c/0x17f0 block/blk-core.c:884 submit_bio+0x38c/0x528 block/blk-core.c:926 blk_crypto_submit_bio include/linux/blk-crypto.h:203 [inline] submit_bh_wbc+0x4c8/0x5ac fs/buffer.c:2737 submit_bh fs/buffer.c:2742 [inline] block_read_full_folio+0x47c/0x754 fs/buffer.c:2344 blkdev_read_folio+0x28/0x38 block/fops.c:494 filemap_read_folio+0xf0/0x2fc mm/filemap.c:2502 do_read_cache_folio+0x35c/0x5a8 mm/filemap.c:4107 read_cache_folio+0x68/0x88 mm/filemap.c:4139 read_mapping_folio include/linux/pagemap.h:1017 [inline] read_part_sector+0xcc/0x708 block/partitions/core.c:724 adfspart_check_ICS+0xa4/0x720 block/partitions/acorn.c:356 check_partition block/partitions/core.c:143 [inline] blk_add_partitions block/partitions/core.c:591 [inline] bdev_disk_changed+0x6c4/0x11ec block/partitions/core.c:695 blkdev_get_whole+0x15c/0x240 block/bdev.c:756 bdev_open+0x2b4/0x880 block/bdev.c:965 blkdev_open+0x2d4/0x408 block/fops.c:697 do_dentry_open+0x5c4/0xfb8 fs/open.c:947 vfs_open+0x44/0x2dc fs/open.c:1079 do_open fs/namei.c:4699 [inline] path_openat+0x22d4/0x2b88 fs/namei.c:4858 do_file_open+0x1c8/0x2e8 fs/namei.c:4887 do_sys_openat2+0x114/0x1e8 fs/open.c:1364 do_sys_open+0xac/0xdc fs/open.c:1370 __do_sys_openat fs/open.c:1386 [inline] __se_sys_openat fs/open.c:1381 [inline] __arm64_sys_openat+0xa0/0xbc fs/open.c:1381 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xec/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x4c/0x5c arch/arm64/kernel/syscall.c:140 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 -> #4 (set->srcu){.+.+}-{0:0}: srcu_lock_sync include/linux/srcu.h:199 [inline] __synchronize_srcu+0xc8/0x268 kernel/rcu/srcutree.c:1481 synchronize_srcu+0x41c/0x5d4 kernel/rcu/srcutree.c:-1 blk_mq_wait_quiesce_done+0x88/0xac block/blk-mq.c:284 blk_mq_quiesce_queue+0x70/0x8c block/blk-mq.c:304 elevator_switch+0x128/0x38c block/elevator.c:576 elevator_change+0x204/0x35c block/elevator.c:681 elevator_set_default+0x190/0x2b0 block/elevator.c:754 blk_register_queue+0x2fc/0x3d4 block/blk-sysfs.c:987 __add_disk+0x558/0xb44 block/genhd.c:528 add_disk_fwnode+0xd4/0x404 block/genhd.c:597 device_add_disk+0x38/0x4c block/genhd.c:627 add_disk include/linux/blkdev.h:794 [inline] nbd_dev_add+0x598/0x880 drivers/block/nbd.c:1984 nbd_init+0x15c/0x174 drivers/block/nbd.c:2692 do_one_initcall+0x274/0xc38 init/main.c:1392 do_initcall_level+0x12c/0x1c4 init/main.c:1454 do_initcalls+0x70/0xd0 init/main.c:1470 do_basic_setup+0x7c/0x90 init/main.c:1490 kernel_init_freeable+0x268/0x3a8 init/main.c:1703 kernel_init+0x24/0x1dc init/main.c:1593 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842 -> #3 (&q->elevator_lock){+.+.}-{4:4}: __mutex_lock_common kernel/locking/mutex.c:646 [inline] __mutex_lock+0x164/0xed0 kernel/locking/mutex.c:820 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873 elevator_change+0x188/0x35c block/elevator.c:679 elevator_set_none+0xa8/0x13c block/elevator.c:769 blk_mq_elv_switch_none block/blk-mq.c:5134 [inline] __blk_mq_update_nr_hw_queues block/blk-mq.c:5179 [inline] blk_mq_update_nr_hw_queues+0x4c4/0x11e0 block/blk-mq.c:5244 nbd_start_device+0x15c/0xa44 drivers/block/nbd.c:1489 nbd_genl_connect+0xffc/0x15d4 drivers/block/nbd.c:2239 genl_family_rcv_msg_doit+0x1e4/0x2d4 net/netlink/genetlink.c:1114 genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline] genl_rcv_msg+0x43c/0x620 net/netlink/genetlink.c:1209 netlink_rcv_skb+0x238/0x414 net/netlink/af_netlink.c:2555 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1218 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x600/0x7f8 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x648/0x948 net/netlink/af_netlink.c:1899 sock_sendmsg_nosec net/socket.c:787 [inline] __sock_sendmsg+0xc8/0x138 net/socket.c:802 ____sys_sendmsg+0x3d0/0x6c8 net/socket.c:2698 ___sys_sendmsg+0x198/0x224 net/socket.c:2752 __sys_sendmsg+0x160/0x214 net/socket.c:2784 __do_sys_sendmsg net/socket.c:2789 [inline] __se_sys_sendmsg net/socket.c:2787 [inline] __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2787 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xec/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x4c/0x5c arch/arm64/kernel/syscall.c:140 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 -> #2 (&q->q_usage_counter(io)#33){++++}-{0:0}: blk_alloc_queue+0x488/0x590 block/blk-core.c:461 blk_mq_alloc_queue+0x148/0x284 block/blk-mq.c:4453 __blk_mq_alloc_disk+0x38/0x10c block/blk-mq.c:4500 nbd_dev_add+0x3d0/0x880 drivers/block/nbd.c:1954 nbd_init+0x15c/0x174 drivers/block/nbd.c:2692 do_one_initcall+0x274/0xc38 init/main.c:1392 do_initcall_level+0x12c/0x1c4 init/main.c:1454 do_initcalls+0x70/0xd0 init/main.c:1470 do_basic_setup+0x7c/0x90 init/main.c:1490 kernel_init_freeable+0x268/0x3a8 init/main.c:1703 kernel_init+0x24/0x1dc init/main.c:1593 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842 -> #1 (fs_reclaim){+.+.}-{0:0}: __fs_reclaim_acquire mm/page_alloc.c:4320 [inline] fs_reclaim_acquire+0x90/0x110 mm/page_alloc.c:4334 might_alloc include/linux/sched/mm.h:317 [inline] slab_pre_alloc_hook mm/slub.c:4521 [inline] slab_alloc_node mm/slub.c:4876 [inline] kmem_cache_alloc_noprof+0x58/0x610 mm/slub.c:4906 __kernfs_iattrs+0xd8/0x2d8 fs/kernfs/inode.c:36 kernfs_iattrs fs/kernfs/inode.c:59 [inline] __kernfs_setattr+0x48/0x2ac fs/kernfs/inode.c:72 kernfs_iop_setattr+0xc4/0x11c fs/kernfs/inode.c:126 notify_change+0x928/0xb7c fs/attr.c:556 do_truncate+0x1a8/0x22c fs/open.c:68 handle_truncate fs/namei.c:4307 [inline] do_open fs/namei.c:4703 [inline] path_openat+0x245c/0x2b88 fs/namei.c:4858 do_file_open+0x1c8/0x2e8 fs/namei.c:4887 do_sys_openat2+0x114/0x1e8 fs/open.c:1364 do_sys_open+0xac/0xdc fs/open.c:1370 __do_sys_openat fs/open.c:1386 [inline] __se_sys_openat fs/open.c:1381 [inline] __arm64_sys_openat+0xa0/0xbc fs/open.c:1381 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xec/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x4c/0x5c arch/arm64/kernel/syscall.c:140 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: check_prev_add kernel/locking/lockdep.c:3165 [inline] check_prevs_add kernel/locking/lockdep.c:3284 [inline] validate_chain kernel/locking/lockdep.c:3908 [inline] __lock_acquire+0x17c0/0x2ebc kernel/locking/lockdep.c:5237 lock_acquire+0x140/0x364 kernel/locking/lockdep.c:5868 down_write+0x50/0xc0 kernel/locking/rwsem.c:1625 kernfs_link_sibling+0x290/0x370 fs/kernfs/dir.c:411 kernfs_add_one+0x1d4/0x398 fs/kernfs/dir.c:845 kernfs_create_dir_ns+0xe0/0x138 fs/kernfs/dir.c:1131 sysfs_create_dir_ns+0x120/0x1f4 fs/sysfs/dir.c:59 create_dir lib/kobject.c:73 [inline] kobject_add_internal+0x290/0x6f0 lib/kobject.c:240 kobject_add_varg+0x9c/0xe8 lib/kobject.c:374 kobject_add+0x110/0x1c8 lib/kobject.c:426 device_add+0x394/0x9f0 drivers/base/core.c:3629 hci_conn_add_sysfs+0xbc/0x1e8 net/bluetooth/hci_sysfs.c:48 hci_conn_complete_evt+0x6ec/0xe04 net/bluetooth/hci_event.c:3200 hci_event_func net/bluetooth/hci_event.c:7796 [inline] hci_event_packet+0x4e0/0x9c8 net/bluetooth/hci_event.c:7847 hci_rx_work+0x2f4/0xd78 net/bluetooth/hci_core.c:4040 process_one_work kernel/workqueue.c:3314 [inline] process_scheduled_works+0x788/0x10b8 kernel/workqueue.c:3397 worker_thread+0x798/0xbd0 kernel/workqueue.c:3478 kthread+0x304/0x3d4 kernel/kthread.c:436 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842 other info that might help us debug this: Chain exists of: &root->kernfs_iattr_rwsem --> cpu_hotplug_lock --> &root->kernfs_rwsem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&root->kernfs_rwsem); lock(cpu_hotplug_lock); lock(&root->kernfs_rwsem); lock(&root->kernfs_iattr_rwsem); *** DEADLOCK *** 4 locks held by kworker/u9:2/4708: #0: ffff0000cb4d6140 ((wq_completion)hci5#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline] #0: ffff0000cb4d6140 ((wq_completion)hci5#2){+.+.}-{0:0}, at: process_scheduled_works+0x734/0x10b8 kernel/workqueue.c:3397 #1: ffff800096a47c40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline] #1: ffff800096a47c40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x73c/0x10b8 kernel/workqueue.c:3397 #2: ffff000113bc40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_conn_complete_evt+0xa4/0xe04 net/bluetooth/hci_event.c:3117 #3: ffff0000c1919180 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_add_one+0x40/0x398 fs/kernfs/dir.c:826 stack backtrace: CPU: 0 UID: 0 PID: 4708 Comm: kworker/u9:2 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/02/2026 Workqueue: hci5 hci_rx_work Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 print_circular_bug+0x328/0x330 kernel/locking/lockdep.c:2043 check_noncircular+0x158/0x174 kernel/locking/lockdep.c:2175 check_prev_add kernel/locking/lockdep.c:3165 [inline] check_prevs_add kernel/locking/lockdep.c:3284 [inline] validate_chain kernel/locking/lockdep.c:3908 [inline] __lock_acquire+0x17c0/0x2ebc kernel/locking/lockdep.c:5237 lock_acquire+0x140/0x364 kernel/locking/lockdep.c:5868 down_write+0x50/0xc0 kernel/locking/rwsem.c:1625 kernfs_link_sibling+0x290/0x370 fs/kernfs/dir.c:411 kernfs_add_one+0x1d4/0x398 fs/kernfs/dir.c:845 kernfs_create_dir_ns+0xe0/0x138 fs/kernfs/dir.c:1131 sysfs_create_dir_ns+0x120/0x1f4 fs/sysfs/dir.c:59 create_dir lib/kobject.c:73 [inline] kobject_add_internal+0x290/0x6f0 lib/kobject.c:240 kobject_add_varg+0x9c/0xe8 lib/kobject.c:374 kobject_add+0x110/0x1c8 lib/kobject.c:426 device_add+0x394/0x9f0 drivers/base/core.c:3629 hci_conn_add_sysfs+0xbc/0x1e8 net/bluetooth/hci_sysfs.c:48 hci_conn_complete_evt+0x6ec/0xe04 net/bluetooth/hci_event.c:3200 hci_event_func net/bluetooth/hci_event.c:7796 [inline] hci_event_packet+0x4e0/0x9c8 net/bluetooth/hci_event.c:7847 hci_rx_work+0x2f4/0xd78 net/bluetooth/hci_core.c:4040 process_one_work kernel/workqueue.c:3314 [inline] process_scheduled_works+0x788/0x10b8 kernel/workqueue.c:3397 worker_thread+0x798/0xbd0 kernel/workqueue.c:3478 kthread+0x304/0x3d4 kernel/kthread.c:436 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842