Warning: Permanently added '[localhost]:25468' (ED25519) to the list of known hosts. 2025/10/04 18:58:46 parsed 1 programs syzkaller login: [ 84.091812][ T5319] cgroup: Unknown subsys name 'net' [ 84.153730][ T5319] cgroup: Unknown subsys name 'cpuset' [ 84.159234][ T5319] cgroup: Unknown subsys name 'rlimit' [ 85.766265][ T5319] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 91.113767][ T5334] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 91.952032][ T10] cfg80211: failed to load regulatory.db [ 93.692180][ T5366] chnl_net:caif_netlink_parms(): no params data found [ 93.822285][ T5366] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.825742][ T5366] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.829008][ T5366] bridge_slave_0: entered allmulticast mode [ 93.842011][ T5366] bridge_slave_0: entered promiscuous mode [ 93.851888][ T5366] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.854897][ T5366] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.857767][ T5366] bridge_slave_1: entered allmulticast mode [ 93.872400][ T5366] bridge_slave_1: entered promiscuous mode [ 93.912671][ T5366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.919196][ T5366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.982293][ T5366] team0: Port device team_slave_0 added [ 93.991546][ T5366] team0: Port device team_slave_1 added [ 94.032457][ T5366] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.035092][ T5366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.060239][ T5366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.079979][ T5366] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.083003][ T5366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.109918][ T5366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.173063][ T5366] hsr_slave_0: entered promiscuous mode [ 94.176254][ T5366] hsr_slave_1: entered promiscuous mode [ 94.459658][ T5366] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.477357][ T5366] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.493533][ T5366] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.512607][ T5366] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.567088][ T5366] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.570374][ T5366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.574045][ T5366] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.577146][ T5366] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.604101][ T1048] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.607755][ T1048] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.704646][ T5366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.730805][ T5366] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.758657][ T1048] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.761690][ T1048] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.768299][ T1048] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.771239][ T1048] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.998936][ T5366] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.036289][ T5366] veth0_vlan: entered promiscuous mode [ 95.045603][ T5366] veth1_vlan: entered promiscuous mode [ 95.073307][ T5366] veth0_macvtap: entered promiscuous mode [ 95.078931][ T5366] veth1_macvtap: entered promiscuous mode [ 95.096467][ T5366] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.108689][ T5366] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.119472][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.128339][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.146425][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.163290][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.270850][ T5366] syz-executor (5366) used greatest stack depth: 19960 bytes left [ 95.332260][ T43] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.444496][ T43] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.531745][ T43] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.642027][ T43] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.670039][ T43] bridge_slave_1: left allmulticast mode [ 97.672867][ T43] bridge_slave_1: left promiscuous mode [ 97.676087][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.832160][ T43] bridge_slave_0: left allmulticast mode [ 97.834670][ T43] bridge_slave_0: left promiscuous mode [ 97.837158][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.530074][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 98.536662][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 98.551766][ T43] bond0 (unregistering): Released all slaves [ 98.662468][ T43] hsr_slave_0: left promiscuous mode [ 98.670430][ T43] hsr_slave_1: left promiscuous mode [ 98.673458][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 98.676677][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 98.693260][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 98.696526][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 98.730393][ T43] veth1_macvtap: left promiscuous mode [ 98.733120][ T43] veth0_macvtap: left promiscuous mode [ 98.735673][ T43] veth1_vlan: left promiscuous mode [ 98.738125][ T43] veth0_vlan: left promiscuous mode [ 99.146934][ T43] team0 (unregistering): Port device team_slave_1 removed [ 99.165703][ T43] team0 (unregistering): Port device team_slave_0 removed [ 99.719041][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 99.723574][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 99.727093][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 99.731395][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 99.734880][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 100.652316][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.655759][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.755012][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.764863][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/10/04 18:59:07 executed programs: 0 [ 101.876401][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 101.881942][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 101.887590][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 101.893754][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 101.897021][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.103898][ T5461] chnl_net:caif_netlink_parms(): no params data found [ 102.195489][ T5461] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.198549][ T5461] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.202275][ T5461] bridge_slave_0: entered allmulticast mode [ 102.205880][ T5461] bridge_slave_0: entered promiscuous mode [ 102.210240][ T5461] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.213317][ T5461] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.216238][ T5461] bridge_slave_1: entered allmulticast mode [ 102.221665][ T5461] bridge_slave_1: entered promiscuous mode [ 102.244025][ T5461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.250725][ T5461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.275149][ T5461] team0: Port device team_slave_0 added [ 102.279733][ T5461] team0: Port device team_slave_1 added [ 102.301370][ T5461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.304454][ T5461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.315638][ T5461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.321974][ T5461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.324959][ T5461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.336693][ T5461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.368849][ T5461] hsr_slave_0: entered promiscuous mode [ 102.372237][ T5461] hsr_slave_1: entered promiscuous mode [ 102.835469][ T5461] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 102.853009][ T5461] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 102.865067][ T5461] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 102.882640][ T5461] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.038679][ T5461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.081463][ T5461] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.092657][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.095894][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.113577][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.116906][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.187521][ T5461] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 103.209919][ T5461] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 103.485644][ T5461] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.560704][ T5461] veth0_vlan: entered promiscuous mode [ 103.583305][ T5461] veth1_vlan: entered promiscuous mode [ 103.623555][ T5461] veth0_macvtap: entered promiscuous mode [ 103.651839][ T5461] veth1_macvtap: entered promiscuous mode [ 103.676716][ T5461] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.694580][ T5461] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.711437][ T43] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.715271][ T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.719081][ T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.755621][ T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.845277][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.848577][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.901995][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.905129][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.946631][ T48] Bluetooth: hci0: command tx timeout [ 104.138164][ T12] [ 104.139276][ T12] ===================================================== [ 104.142070][ T12] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 104.145328][ T12] syzkaller #0 Not tainted [ 104.147385][ T12] ----------------------------------------------------- [ 104.154687][ T12] kworker/u4:0/12 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 104.157833][ T12] ffffffff995aa110 (&p->sequence){+.-.}-{0:0}, at: __fprop_add_percpu_max+0x10d/0x210 [ 104.162023][ T12] [ 104.162023][ T12] and this task is already holding: [ 104.165443][ T12] ffff888040a24240 (&xa->xa_lock#12){-...}-{3:3}, at: __folio_end_writeback+0x1da/0x950 [ 104.169703][ T12] which would create a new lock dependency: [ 104.172182][ T12] (&xa->xa_lock#12){-...}-{3:3} -> (&p->sequence){+.-.}-{0:0} [ 104.175500][ T12] [ 104.175500][ T12] but this new dependency connects a HARDIRQ-irq-safe lock: [ 104.179545][ T12] (&xa->xa_lock#12){-...}-{3:3} [ 104.179570][ T12] [ 104.179570][ T12] ... which became HARDIRQ-irq-safe at: [ 104.185010][ T12] lock_acquire+0x120/0x360 [ 104.186720][ T12] _raw_spin_lock_irqsave+0xa7/0xf0 [ 104.188724][ T12] __folio_end_writeback+0x1da/0x950 [ 104.190954][ T12] folio_end_writeback_no_dropbehind+0x151/0x290 [ 104.193493][ T12] folio_end_writeback+0xea/0x220 [ 104.195685][ T12] end_bio_bh_io_sync+0xba/0x120 [ 104.197788][ T12] blk_update_request+0x57e/0xe60 [ 104.200027][ T12] scsi_end_request+0x7c/0x830 [ 104.202110][ T12] scsi_io_completion+0x131/0x390 [ 104.204248][ T12] ata_qc_complete_multiple+0x1ae/0x280 [ 104.206492][ T12] ahci_handle_port_interrupt+0x3d5/0x610 [ 104.208949][ T12] ahci_handle_port_intr+0x19f/0x2e0 [ 104.211306][ T12] ahci_single_level_irq_intr+0x9b/0xe0 [ 104.213312][ T12] __handle_irq_event_percpu+0x295/0xab0 [ 104.215540][ T12] handle_irq_event+0x8b/0x1e0 [ 104.217599][ T12] handle_edge_irq+0x23b/0xa10 [ 104.219848][ T12] __common_interrupt+0x141/0x1f0 [ 104.221986][ T12] common_interrupt+0xb6/0xe0 [ 104.224094][ T12] asm_common_interrupt+0x26/0x40 [ 104.226180][ T12] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 104.228476][ T12] ata_scsi_queuecmd+0x3f0/0x5c0 [ 104.230556][ T12] scsi_queue_rq+0x1c91/0x2cc0 [ 104.232680][ T12] blk_mq_dispatch_rq_list+0x4c0/0x1900 [ 104.235060][ T12] __blk_mq_sched_dispatch_requests+0xda4/0x1570 [ 104.237854][ T12] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 104.240442][ T12] blk_mq_run_hw_queue+0x404/0x4f0 [ 104.242801][ T12] blk_mq_dispatch_list+0xd0c/0xe00 [ 104.245098][ T12] blk_mq_flush_plug_list+0x469/0x550 [ 104.247388][ T12] __blk_flush_plug+0x3d3/0x4b0 [ 104.249601][ T12] blk_finish_plug+0x5e/0x90 [ 104.251685][ T12] wb_writeback+0xa80/0xaf0 [ 104.253746][ T12] wb_workfn+0xaef/0xef0 [ 104.255626][ T12] process_scheduled_works+0xade/0x17b0 [ 104.257908][ T12] worker_thread+0x8a0/0xda0 [ 104.259977][ T12] kthread+0x70e/0x8a0 [ 104.261843][ T12] ret_from_fork+0x436/0x7d0 [ 104.263983][ T12] ret_from_fork_asm+0x1a/0x30 [ 104.266555][ T12] [ 104.266555][ T12] to a HARDIRQ-irq-unsafe lock: [ 104.269389][ T12] (&p->sequence){+.-.}-{0:0} [ 104.269404][ T12] [ 104.269404][ T12] ... which became HARDIRQ-irq-unsafe at: [ 104.274885][ T12] ... [ 104.274893][ T12] lock_acquire+0x120/0x360 [ 104.277851][ T12] fprop_new_period+0x1a3/0x3a0 [ 104.279851][ T12] writeout_period+0x8b/0x130 [ 104.281931][ T12] call_timer_fn+0x17e/0x5f0 [ 104.284006][ T12] __run_timer_base+0x61a/0x860 [ 104.285964][ T12] run_timer_softirq+0x103/0x180 [ 104.288218][ T12] handle_softirqs+0x283/0x870 [ 104.290221][ T12] run_ksoftirqd+0x9b/0x100 [ 104.292234][ T12] smpboot_thread_fn+0x542/0xa60 [ 104.294366][ T12] kthread+0x70e/0x8a0 [ 104.296039][ T12] ret_from_fork+0x436/0x7d0 [ 104.298061][ T12] ret_from_fork_asm+0x1a/0x30 [ 104.300152][ T12] [ 104.300152][ T12] other info that might help us debug this: [ 104.300152][ T12] [ 104.304645][ T12] Possible interrupt unsafe locking scenario: [ 104.304645][ T12] [ 104.308156][ T12] CPU0 CPU1 [ 104.310294][ T12] ---- ---- [ 104.312475][ T12] lock(&p->sequence); [ 104.314109][ T12] local_irq_disable(); [ 104.316932][ T12] lock(&xa->xa_lock#12); [ 104.319930][ T12] lock(&p->sequence); [ 104.323288][ T12] [ 104.325216][ T12] lock(&xa->xa_lock#12); [ 104.327246][ T12] [ 104.327246][ T12] *** DEADLOCK *** [ 104.327246][ T12] [ 104.330959][ T12] 5 locks held by kworker/u4:0/12: [ 104.333317][ T12] #0: ffff888030f92948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 104.339002][ T12] #1: ffffc900001e7bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 104.344355][ T12] #2: ffff888000a240e0 (&type->s_umount_key#54){.+.+}-{4:4}, at: super_trylock_shared+0x20/0xf0 [ 104.348851][ T12] #3: ffff888040a24638 (&fi->lock){+.+.}-{3:3}, at: fuse_iomap_writeback_range+0x818/0x1800 [ 104.353350][ T12] #4: ffff888040a24240 (&xa->xa_lock#12){-...}-{3:3}, at: __folio_end_writeback+0x1da/0x950 [ 104.357765][ T12] [ 104.357765][ T12] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 104.363449][ T12] -> (&xa->xa_lock#12){-...}-{3:3} { [ 104.365697][ T12] IN-HARDIRQ-W at: [ 104.367531][ T12] lock_acquire+0x120/0x360 [ 104.370262][ T12] _raw_spin_lock_irqsave+0xa7/0xf0 [ 104.373209][ T12] __folio_end_writeback+0x1da/0x950 [ 104.376191][ T12] folio_end_writeback_no_dropbehind+0x151/0x290 [ 104.379615][ T12] folio_end_writeback+0xea/0x220 [ 104.382573][ T12] end_bio_bh_io_sync+0xba/0x120 [ 104.385369][ T12] blk_update_request+0x57e/0xe60 [ 104.388318][ T12] scsi_end_request+0x7c/0x830 [ 104.391048][ T12] scsi_io_completion+0x131/0x390 [ 104.393927][ T12] ata_qc_complete_multiple+0x1ae/0x280 [ 104.397080][ T12] ahci_handle_port_interrupt+0x3d5/0x610 [ 104.400310][ T12] ahci_handle_port_intr+0x19f/0x2e0 [ 104.403410][ T12] ahci_single_level_irq_intr+0x9b/0xe0 [ 104.406530][ T12] __handle_irq_event_percpu+0x295/0xab0 [ 104.409693][ T12] handle_irq_event+0x8b/0x1e0 [ 104.412411][ T12] handle_edge_irq+0x23b/0xa10 [ 104.415137][ T12] __common_interrupt+0x141/0x1f0 [ 104.417981][ T12] common_interrupt+0xb6/0xe0 [ 104.420555][ T12] asm_common_interrupt+0x26/0x40 [ 104.423490][ T12] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 104.426708][ T12] ata_scsi_queuecmd+0x3f0/0x5c0 [ 104.429565][ T12] scsi_queue_rq+0x1c91/0x2cc0 [ 104.432411][ T12] blk_mq_dispatch_rq_list+0x4c0/0x1900 [ 104.435466][ T12] __blk_mq_sched_dispatch_requests+0xda4/0x1570 [ 104.438861][ T12] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 104.442107][ T12] blk_mq_run_hw_queue+0x404/0x4f0 [ 104.445021][ T12] blk_mq_dispatch_list+0xd0c/0xe00 [ 104.448058][ T12] blk_mq_flush_plug_list+0x469/0x550 [ 104.451087][ T12] __blk_flush_plug+0x3d3/0x4b0 [ 104.453923][ T12] blk_finish_plug+0x5e/0x90 [ 104.456604][ T12] wb_writeback+0xa80/0xaf0 [ 104.459183][ T12] wb_workfn+0xaef/0xef0 [ 104.461765][ T12] process_scheduled_works+0xade/0x17b0 [ 104.464941][ T12] worker_thread+0x8a0/0xda0 [ 104.467628][ T12] kthread+0x70e/0x8a0 [ 104.470085][ T12] ret_from_fork+0x436/0x7d0 [ 104.472942][ T12] ret_from_fork_asm+0x1a/0x30 [ 104.475896][ T12] INITIAL USE at: [ 104.477707][ T12] lock_acquire+0x120/0x360 [ 104.480421][ T12] _raw_spin_lock_irq+0xa2/0xf0 [ 104.483351][ T12] shmem_add_to_page_cache+0x72d/0xba0 [ 104.486140][ T12] shmem_alloc_and_add_folio+0x846/0xf60 [ 104.489325][ T12] shmem_get_folio_gfp+0x59d/0x1660 [ 104.492343][ T12] shmem_read_folio_gfp+0x8a/0xe0 [ 104.495240][ T12] drm_gem_get_pages+0x223/0xa20 [ 104.498042][ T12] drm_gem_shmem_get_pages_locked+0x201/0x440 [ 104.501400][ T12] drm_gem_shmem_pin_locked+0x22c/0x460 [ 104.504492][ T12] drm_gem_shmem_vmap_locked+0x46b/0x790 [ 104.507610][ T12] drm_gem_vmap+0x10a/0x1d0 [ 104.510273][ T12] drm_client_buffer_vmap+0x43/0x80 [ 104.513270][ T12] drm_fbdev_shmem_driver_fbdev_probe+0x258/0x900 [ 104.516665][ T12] __drm_fb_helper_initial_config_and_unlock+0x1236/0x18a0 [ 104.520468][ T12] drm_fbdev_client_hotplug+0x16c/0x230 [ 104.523528][ T12] drm_client_register+0x172/0x210 [ 104.526384][ T12] drm_fbdev_client_setup+0x19f/0x3f0 [ 104.529287][ T12] drm_client_setup+0x107/0x220 [ 104.532048][ T12] vkms_init+0x3e0/0x4b0 [ 104.534644][ T12] do_one_initcall+0x233/0x820 [ 104.537429][ T12] do_initcall_level+0x104/0x190 [ 104.540287][ T12] do_initcalls+0x59/0xa0 [ 104.543012][ T12] kernel_init_freeable+0x334/0x4b0 [ 104.546021][ T12] kernel_init+0x1d/0x1d0 [ 104.548725][ T12] ret_from_fork+0x436/0x7d0 [ 104.551491][ T12] ret_from_fork_asm+0x1a/0x30 [ 104.554296][ T12] } [ 104.555476][ T12] ... key at: [] xa_init_flags.__key+0x0/0x20 [ 104.558998][ T12] [ 104.558998][ T12] the dependencies between the lock to be acquired [ 104.559006][ T12] and HARDIRQ-irq-unsafe lock: [ 104.565156][ T12] -> (&p->sequence){+.-.}-{0:0} { [ 104.567370][ T12] HARDIRQ-ON-W at: [ 104.569106][ T12] lock_acquire+0x120/0x360 [ 104.571872][ T12] fprop_new_period+0x1a3/0x3a0 [ 104.574776][ T12] writeout_period+0x8b/0x130 [ 104.577486][ T12] call_timer_fn+0x17e/0x5f0 [ 104.580185][ T12] __run_timer_base+0x61a/0x860 [ 104.582970][ T12] run_timer_softirq+0x103/0x180 [ 104.585885][ T12] handle_softirqs+0x283/0x870 [ 104.588951][ T12] run_ksoftirqd+0x9b/0x100 [ 104.591736][ T12] smpboot_thread_fn+0x542/0xa60 [ 104.594652][ T12] kthread+0x70e/0x8a0 [ 104.597148][ T12] ret_from_fork+0x436/0x7d0 [ 104.599877][ T12] ret_from_fork_asm+0x1a/0x30 [ 104.602740][ T12] IN-SOFTIRQ-W at: [ 104.604436][ T12] lock_acquire+0x120/0x360 [ 104.607062][ T12] fprop_new_period+0x1a3/0x3a0 [ 104.609808][ T12] writeout_period+0x8b/0x130 [ 104.612492][ T12] call_timer_fn+0x17e/0x5f0 [ 104.615123][ T12] __run_timer_base+0x61a/0x860 [ 104.617836][ T12] run_timer_softirq+0x103/0x180 [ 104.620568][ T12] handle_softirqs+0x283/0x870 [ 104.623353][ T12] run_ksoftirqd+0x9b/0x100 [ 104.625966][ T12] smpboot_thread_fn+0x542/0xa60 [ 104.628839][ T12] kthread+0x70e/0x8a0 [ 104.631329][ T12] ret_from_fork+0x436/0x7d0 [ 104.634038][ T12] ret_from_fork_asm+0x1a/0x30 [ 104.636868][ T12] INITIAL USE at: [ 104.638590][ T12] lock_acquire+0x120/0x360 [ 104.641217][ T12] fprop_new_period+0x1a3/0x3a0 [ 104.643972][ T12] writeout_period+0x8b/0x130 [ 104.646591][ T12] call_timer_fn+0x17e/0x5f0 [ 104.649222][ T12] __run_timer_base+0x61a/0x860 [ 104.652001][ T12] run_timer_softirq+0x103/0x180 [ 104.654831][ T12] handle_softirqs+0x283/0x870 [ 104.657433][ T12] run_ksoftirqd+0x9b/0x100 [ 104.659899][ T12] smpboot_thread_fn+0x542/0xa60 [ 104.662671][ T12] kthread+0x70e/0x8a0 [ 104.665170][ T12] ret_from_fork+0x436/0x7d0 [ 104.668042][ T12] ret_from_fork_asm+0x1a/0x30 [ 104.670752][ T12] INITIAL READ USE at: [ 104.672683][ T12] lock_acquire+0x120/0x360 [ 104.675539][ T12] fprop_fraction_percpu+0x170/0x400 [ 104.678638][ T12] __wb_calc_thresh+0x119/0x4a0 [ 104.681344][ T12] wb_over_bg_thresh+0x154/0x3d0 [ 104.684259][ T12] wb_workfn+0xb1c/0xef0 [ 104.686980][ T12] process_scheduled_works+0xade/0x17b0 [ 104.690212][ T12] worker_thread+0x8a0/0xda0 [ 104.693096][ T12] kthread+0x70e/0x8a0 [ 104.695768][ T12] ret_from_fork+0x436/0x7d0 [ 104.698645][ T12] ret_from_fork_asm+0x1a/0x30 [ 104.701762][ T12] } [ 104.702975][ T12] ... key at: [] fprop_global_init.__key.1+0x0/0x20 [ 104.706734][ T12] ... acquired at: [ 104.708408][ T12] lock_acquire+0x120/0x360 [ 104.710500][ T12] fprop_fraction_percpu+0x130/0x400 [ 104.712870][ T12] __fprop_add_percpu_max+0x10d/0x210 [ 104.715210][ T12] __wb_writeout_add+0xa5/0x290 [ 104.717429][ T12] __folio_end_writeback+0x4d5/0x950 [ 104.719801][ T12] folio_end_writeback_no_dropbehind+0x151/0x290 [ 104.722615][ T12] folio_end_writeback+0xea/0x220 [ 104.724758][ T12] fuse_flush_writepages+0x6c8/0x900 [ 104.727108][ T12] fuse_iomap_writeback_range+0x923/0x1800 [ 104.729700][ T12] iomap_writeback_folio+0xe72/0x1c80 [ 104.732084][ T12] iomap_writepages+0x162/0x2d0 [ 104.734295][ T12] fuse_writepages+0x2ad/0x380 [ 104.736495][ T12] do_writepages+0x32b/0x550 [ 104.738566][ T12] __writeback_single_inode+0x145/0xff0 [ 104.740957][ T12] writeback_sb_inodes+0x6c7/0x1010 [ 104.743319][ T12] __writeback_inodes_wb+0x111/0x240 [ 104.745659][ T12] wb_writeback+0x44f/0xaf0 [ 104.747628][ T12] wb_workfn+0xb63/0xef0 [ 104.749761][ T12] process_scheduled_works+0xade/0x17b0 [ 104.752588][ T12] worker_thread+0x8a0/0xda0 [ 104.754957][ T12] kthread+0x70e/0x8a0 [ 104.757038][ T12] ret_from_fork+0x436/0x7d0 [ 104.759283][ T12] ret_from_fork_asm+0x1a/0x30 [ 104.761569][ T12] [ 104.762825][ T12] [ 104.762825][ T12] stack backtrace: [ 104.765297][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:0 Not tainted syzkaller #0 PREEMPT(full) [ 104.765311][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 104.765319][ T12] Workqueue: writeback wb_workfn (flush-0:42) [ 104.765341][ T12] Call Trace: [ 104.765354][ T12] [ 104.765361][ T12] dump_stack_lvl+0x189/0x250 [ 104.765375][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 104.765387][ T12] ? __pfx__printk+0x10/0x10 [ 104.765405][ T12] validate_chain+0x1f05/0x2140 [ 104.765423][ T12] __lock_acquire+0xab9/0xd20 [ 104.765435][ T12] ? __fprop_add_percpu_max+0x10d/0x210 [ 104.765449][ T12] lock_acquire+0x120/0x360 [ 104.765459][ T12] ? __fprop_add_percpu_max+0x10d/0x210 [ 104.765475][ T12] ? __fprop_add_percpu_max+0x10d/0x210 [ 104.765487][ T12] fprop_fraction_percpu+0x130/0x400 [ 104.765502][ T12] ? __fprop_add_percpu_max+0x10d/0x210 [ 104.765517][ T12] ? __pfx_fprop_fraction_percpu+0x10/0x10 [ 104.765532][ T12] ? xas_load+0x593/0x5b0 [ 104.765547][ T12] __fprop_add_percpu_max+0x10d/0x210 [ 104.765561][ T12] ? percpu_counter_add_batch+0xea/0x1e0 [ 104.765572][ T12] __wb_writeout_add+0xa5/0x290 [ 104.765589][ T12] __folio_end_writeback+0x4d5/0x950 [ 104.765602][ T12] ? __pfx___folio_end_writeback+0x10/0x10 [ 104.765613][ T12] ? fuse_simple_background+0xdc4/0x1040 [ 104.765626][ T12] ? kmem_cache_free+0x19b/0x690 [ 104.765641][ T12] folio_end_writeback_no_dropbehind+0x151/0x290 [ 104.765656][ T12] folio_end_writeback+0xea/0x220 [ 104.765669][ T12] fuse_flush_writepages+0x6c8/0x900 [ 104.765682][ T12] ? __pfx___folio_start_writeback+0x10/0x10 [ 104.765694][ T12] fuse_iomap_writeback_range+0x923/0x1800 [ 104.765711][ T12] iomap_writeback_folio+0xe72/0x1c80 [ 104.765725][ T12] ? rcu_is_watching+0x15/0xb0 [ 104.765741][ T12] iomap_writepages+0x162/0x2d0 [ 104.765754][ T12] ? __pfx_iomap_writepages+0x10/0x10 [ 104.765765][ T12] ? stack_trace_save+0x9c/0xe0 [ 104.765777][ T12] ? __pfx_stack_trace_save+0x10/0x10 [ 104.765791][ T12] fuse_writepages+0x2ad/0x380 [ 104.765805][ T12] ? __pfx_fuse_writepages+0x10/0x10 [ 104.765818][ T12] ? validate_chain+0x897/0x2140 [ 104.765835][ T12] ? __pfx_fuse_writepages+0x10/0x10 [ 104.765847][ T12] do_writepages+0x32b/0x550 [ 104.765858][ T12] ? reacquire_held_locks+0x127/0x1d0 [ 104.765870][ T12] ? writeback_sb_inodes+0x384/0x1010 [ 104.765883][ T12] __writeback_single_inode+0x145/0xff0 [ 104.765895][ T12] ? do_raw_spin_unlock+0x4d/0x240 [ 104.765910][ T12] writeback_sb_inodes+0x6c7/0x1010 [ 104.765926][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 104.765943][ T12] ? __pfx_down_read_trylock+0x10/0x10 [ 104.765956][ T12] ? __pfx_move_expired_inodes+0x10/0x10 [ 104.765969][ T12] __writeback_inodes_wb+0x111/0x240 [ 104.765982][ T12] wb_writeback+0x44f/0xaf0 [ 104.765994][ T12] ? queue_io+0x391/0x590 [ 104.766005][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 104.766018][ T12] wb_workfn+0xb63/0xef0 [ 104.766044][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 104.766060][ T12] ? __lock_acquire+0xab9/0xd20 [ 104.766072][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 104.766085][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 104.766098][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 104.766109][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 104.766119][ T12] process_scheduled_works+0xade/0x17b0 [ 104.766135][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 104.766150][ T12] worker_thread+0x8a0/0xda0 [ 104.766166][ T12] kthread+0x70e/0x8a0 [ 104.766181][ T12] ? __pfx_worker_thread+0x10/0x10 [ 104.766192][ T12] ? __pfx_kthread+0x10/0x10 [ 104.766205][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 104.766217][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 104.766231][ T12] ? __pfx_kthread+0x10/0x10 [ 104.766243][ T12] ret_from_fork+0x436/0x7d0 [ 104.766254][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 104.766265][ T12] ? __pfx_kthread+0x10/0x10 [ 104.766278][ T12] ret_from_fork_asm+0x1a/0x30 [ 104.766296][ T12] [ 106.023612][ T48] Bluetooth: hci0: command tx timeout 2025/10/04 18:59:12 executed programs: 6 [ 108.100211][ T48] Bluetooth: hci0: command tx timeout [ 110.180149][ T48] Bluetooth: hci0: command tx timeout 2025/10/04 18:59:18 executed programs: 14 VM DIAGNOSIS: 18:59:09 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=0000000000000000 RCX=0000000000000000 RDX=00000000000003f9 RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f9 RSP=ffffc900001e6170 R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=ffffffff8510f230 R12=dffffc0000000000 R13=dffffc0000000000 R14=ffffffff998a7340 R15=0000000000000000 RIP=ffffffff8510f2ac RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88808d97e000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055ef78b5c950 CR3=0000000012200000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcc1c088 Opmask01=0000000000000007 Opmask02=00000000c0c00007 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100008781 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 75722f7261762f87 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100008781 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000ff00ff ffff000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000ff0000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4c90000000000000 0181000000000000 0000000000000000 0000000000706d63 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000732d 000055ef78b6d100 000055ef78b6d120 00646e6100706d63 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000005c02 000055c05799d100 000055c05799d10f 004b414e005f424c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055ef78b692f8 0000000000000000 000000000000000f 000055ef7800873d ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055ef78b63b58 0000000000000000 000000000000000f 0000000000875d81 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000