Warning: Permanently added '10.128.0.144' (ED25519) to the list of known hosts. 1970/01/01 00:00:32 parsed 1 programs [ 33.638514][ T6577] cgroup: Unknown subsys name 'net' [ 33.788865][ T6577] cgroup: Unknown subsys name 'cpuset' [ 33.790840][ T6577] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 33.952366][ T6577] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 39.980436][ T6587] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 40.202398][ T6600] chnl_net:caif_netlink_parms(): no params data found [ 40.224233][ T6600] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.224472][ T6600] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.224538][ T6600] bridge_slave_0: entered allmulticast mode [ 40.225055][ T6600] bridge_slave_0: entered promiscuous mode [ 40.226171][ T6600] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.226211][ T6600] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.226276][ T6600] bridge_slave_1: entered allmulticast mode [ 40.226698][ T6600] bridge_slave_1: entered promiscuous mode [ 40.238136][ T6600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.239275][ T6600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.270047][ T6600] team0: Port device team_slave_0 added [ 40.270812][ T6600] team0: Port device team_slave_1 added [ 40.277799][ T6600] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.277826][ T6600] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 40.277844][ T6600] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.278544][ T6600] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.278552][ T6600] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 40.278562][ T6600] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.297704][ T6600] hsr_slave_0: entered promiscuous mode [ 40.298063][ T6600] hsr_slave_1: entered promiscuous mode [ 40.345852][ T6600] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 40.349010][ T6600] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 40.351439][ T6600] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 40.353459][ T6600] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 40.363368][ T6600] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.363425][ T6600] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.363604][ T6600] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.363628][ T6600] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.383687][ T6600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.388660][ T1828] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.390464][ T1828] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.395253][ T6600] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.398765][ T1828] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.398814][ T1828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.459031][ T840] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.459068][ T840] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.513074][ T6600] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.524174][ T6600] veth0_vlan: entered promiscuous mode [ 40.525962][ T6600] veth1_vlan: entered promiscuous mode [ 40.535877][ T6600] veth0_macvtap: entered promiscuous mode [ 40.537044][ T6600] veth1_macvtap: entered promiscuous mode [ 40.541246][ T6600] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.542506][ T6600] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.545764][ T1828] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.548894][ T1828] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.549194][ T1828] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.549208][ T1828] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.794364][ T5945] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.853213][ T5945] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.908415][ T5945] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.954889][ T5945] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.141267][ T6164] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 41.142704][ T6164] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 41.143939][ T6164] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 41.146041][ T6164] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 41.147657][ T6164] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 41.359406][ T840] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.361832][ T840] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.371118][ T3606] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.372599][ T3606] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:00:41 executed programs: 0 [ 41.632786][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 41.634618][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 41.636372][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 41.638167][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 41.639775][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 41.702300][ T6683] chnl_net:caif_netlink_parms(): no params data found [ 41.724179][ T6683] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.724256][ T6683] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.724319][ T6683] bridge_slave_0: entered allmulticast mode [ 41.724779][ T6683] bridge_slave_0: entered promiscuous mode [ 41.725577][ T6683] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.725623][ T6683] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.725696][ T6683] bridge_slave_1: entered allmulticast mode [ 41.726116][ T6683] bridge_slave_1: entered promiscuous mode [ 41.738032][ T6683] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 41.739005][ T6683] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 41.746483][ T6683] team0: Port device team_slave_0 added [ 41.749511][ T6683] team0: Port device team_slave_1 added [ 41.756412][ T6683] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 41.756439][ T6683] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 41.756731][ T6683] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 41.758493][ T6683] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 41.758502][ T6683] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 41.758516][ T6683] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 41.776151][ T6683] hsr_slave_0: entered promiscuous mode [ 41.776515][ T6683] hsr_slave_1: entered promiscuous mode [ 41.776741][ T6683] debugfs: 'hsr0' already exists in 'hsr' [ 41.776791][ T6683] Cannot create hsr debugfs directory [ 43.697335][ T6164] Bluetooth: hci0: command tx timeout [ 44.308432][ T5945] bridge_slave_1: left allmulticast mode [ 44.308474][ T5945] bridge_slave_1: left promiscuous mode [ 44.308824][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.313464][ T5945] bridge_slave_0: left allmulticast mode [ 44.313502][ T5945] bridge_slave_0: left promiscuous mode [ 44.313573][ T5945] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.461352][ T5945] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 44.508570][ T5945] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 44.557902][ T5945] bond0 (unregistering): Released all slaves [ 44.624924][ T5945] hsr_slave_0: left promiscuous mode [ 44.626500][ T5945] hsr_slave_1: left promiscuous mode [ 44.627561][ T5945] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 44.627580][ T5945] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 44.628377][ T5945] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 44.628389][ T5945] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 44.635232][ T5945] veth1_macvtap: left promiscuous mode [ 44.635309][ T5945] veth0_macvtap: left promiscuous mode [ 44.635700][ T5945] veth1_vlan: left promiscuous mode [ 44.635747][ T5945] veth0_vlan: left promiscuous mode [ 44.762933][ T5945] team0 (unregistering): Port device team_slave_1 removed [ 44.771747][ T5945] team0 (unregistering): Port device team_slave_0 removed [ 45.087944][ T6683] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 45.089100][ T6683] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 45.091180][ T6683] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 45.093217][ T6683] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 45.152891][ T6683] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.160343][ T6683] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.164889][ T3606] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.164930][ T3606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.177668][ T840] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.177715][ T840] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.383220][ T6683] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.395695][ T6683] veth0_vlan: entered promiscuous mode [ 45.398491][ T6683] veth1_vlan: entered promiscuous mode [ 45.411887][ T6683] veth0_macvtap: entered promiscuous mode [ 45.414767][ T6683] veth1_macvtap: entered promiscuous mode [ 45.425401][ T6683] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.430005][ T6683] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.433928][ T840] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.434069][ T840] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.434094][ T840] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.434111][ T840] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.474653][ T1828] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.474689][ T1828] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.484733][ T3606] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.484768][ T3606] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.675528][ T6758] [ 45.676017][ T6758] ===================================================== [ 45.677077][ T6758] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 45.678217][ T6758] syzkaller #0 Not tainted [ 45.678873][ T6758] ----------------------------------------------------- [ 45.679864][ T6758] syz.0.17/6758 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 45.680857][ T6758] ffff800097625150 (&p->sequence){+.-.}-{0:0}, at: __fprop_add_percpu_max+0x130/0x1f4 [ 45.682334][ T6758] [ 45.682334][ T6758] and this task is already holding: [ 45.683381][ T6758] ffff0000e5368240 (&xa->xa_lock#10){-...}-{3:3}, at: __folio_end_writeback+0x10c/0x6f8 [ 45.684817][ T6758] which would create a new lock dependency: [ 45.685667][ T6758] (&xa->xa_lock#10){-...}-{3:3} -> (&p->sequence){+.-.}-{0:0} [ 45.686784][ T6758] [ 45.686784][ T6758] but this new dependency connects a HARDIRQ-irq-safe lock: [ 45.688107][ T6758] (&xa->xa_lock#10){-...}-{3:3} [ 45.688141][ T6758] [ 45.688141][ T6758] ... which became HARDIRQ-irq-safe at: [ 45.689913][ T6758] lock_acquire+0x140/0x2e0 [ 45.690568][ T6758] _raw_spin_lock_irqsave+0x5c/0x7c [ 45.691380][ T6758] __folio_end_writeback+0x10c/0x6f8 [ 45.692199][ T6758] folio_end_writeback_no_dropbehind+0xd0/0x204 [ 45.693083][ T6758] folio_end_writeback+0xd8/0x248 [ 45.693832][ T6758] end_buffer_async_write+0x20c/0x350 [ 45.694624][ T6758] end_bio_bh_io_sync+0xb0/0x184 [ 45.695384][ T6758] bio_endio+0x8d4/0x910 [ 45.696034][ T6758] blk_mq_end_request_batch+0x49c/0x105c [ 45.696912][ T6758] nvme_irq+0x1ec/0x240 [ 45.697548][ T6758] __handle_irq_event_percpu+0x20c/0x8e4 [ 45.698337][ T6758] handle_irq_event+0x9c/0x1d0 [ 45.699090][ T6758] handle_fasteoi_irq+0x328/0x8d8 [ 45.699762][ T6758] generic_handle_domain_irq+0xe0/0x140 [ 45.700562][ T6758] gic_handle_irq+0x6c/0x18c [ 45.701236][ T6758] call_on_irq_stack+0x30/0x48 [ 45.701933][ T6758] do_interrupt_handler+0xd4/0x138 [ 45.702694][ T6758] el1_interrupt+0x3c/0x60 [ 45.703327][ T6758] el1h_64_irq_handler+0x18/0x24 [ 45.704009][ T6758] el1h_64_irq+0x6c/0x70 [ 45.704638][ T6758] arch_local_irq_enable+0x8/0xc [ 45.705400][ T6758] do_idle+0x1e0/0x474 [ 45.705988][ T6758] cpu_startup_entry+0x5c/0x74 [ 45.706743][ T6758] secondary_start_kernel+0x1bc/0x1e4 [ 45.707595][ T6758] __secondary_switched+0xc0/0xc4 [ 45.708399][ T6758] [ 45.708399][ T6758] to a HARDIRQ-irq-unsafe lock: [ 45.709461][ T6758] (&p->sequence){+.-.}-{0:0} [ 45.709484][ T6758] [ 45.709484][ T6758] ... which became HARDIRQ-irq-unsafe at: [ 45.711267][ T6758] ... [ 45.711275][ T6758] lock_acquire+0x140/0x2e0 [ 45.712266][ T6758] fprop_new_period+0x3b8/0x718 [ 45.712967][ T6758] writeout_period+0x94/0x11c [ 45.713634][ T6758] call_timer_fn+0x19c/0x814 [ 45.714255][ T6758] __run_timer_base+0x51c/0x76c [ 45.715031][ T6758] run_timer_softirq+0x11c/0x194 [ 45.715814][ T6758] handle_softirqs+0x31c/0xc88 [ 45.716509][ T6758] __do_softirq+0x14/0x20 [ 45.717113][ T6758] ____do_softirq+0x14/0x20 [ 45.717772][ T6758] call_on_irq_stack+0x30/0x48 [ 45.718514][ T6758] do_softirq_own_stack+0x20/0x2c [ 45.719275][ T6758] __irq_exit_rcu+0x1b0/0x478 [ 45.719994][ T6758] irq_exit_rcu+0x14/0x84 [ 45.720640][ T6758] el1_interrupt+0x40/0x60 [ 45.721316][ T6758] el1h_64_irq_handler+0x18/0x24 [ 45.722070][ T6758] el1h_64_irq+0x6c/0x70 [ 45.722799][ T6758] arch_local_irq_restore+0x8/0xc [ 45.723552][ T6758] __might_resched+0x48/0x4c4 [ 45.724252][ T6758] __might_sleep+0x88/0x110 [ 45.724944][ T6758] __might_fault+0x7c/0x124 [ 45.725593][ T6758] __arm64_sys_rt_sigreturn+0x4c0/0x28d8 [ 45.726328][ T6758] invoke_syscall+0x98/0x254 [ 45.727016][ T6758] el0_svc_common+0xe8/0x23c [ 45.727686][ T6758] do_el0_svc+0x48/0x58 [ 45.728308][ T6758] el0_svc+0x5c/0x26c [ 45.728906][ T6758] el0t_64_sync_handler+0x84/0x12c [ 45.729659][ T6758] el0t_64_sync+0x198/0x19c [ 45.730313][ T6758] [ 45.730313][ T6758] other info that might help us debug this: [ 45.730313][ T6758] [ 45.731717][ T6758] Possible interrupt unsafe locking scenario: [ 45.731717][ T6758] [ 45.732899][ T6758] CPU0 CPU1 [ 45.733686][ T6758] ---- ---- [ 45.734407][ T6758] lock(&p->sequence); [ 45.734984][ T6758] local_irq_disable(); [ 45.735960][ T6758] lock(&xa->xa_lock#10); [ 45.736944][ T6758] lock(&p->sequence); [ 45.737876][ T6758] [ 45.738367][ T6758] lock(&xa->xa_lock#10); [ 45.739088][ T6758] [ 45.739088][ T6758] *** DEADLOCK *** [ 45.739088][ T6758] [ 45.740298][ T6758] 4 locks held by syz.0.17/6758: [ 45.741009][ T6758] #0: ffff0000c7332420 (sb_writers#11){.+.+}-{0:0}, at: vfs_writev+0x21c/0x7cc [ 45.742368][ T6758] #1: ffff0000e5368148 (&sb->s_type->i_mutex_key#22){+.+.}-{4:4}, at: fuse_fsync+0xf0/0x2b8 [ 45.743800][ T6758] #2: ffff0000e5368638 (&fi->lock){+.+.}-{3:3}, at: fuse_iomap_writeback_range+0x674/0x149c [ 45.745315][ T6758] #3: ffff0000e5368240 (&xa->xa_lock#10){-...}-{3:3}, at: __folio_end_writeback+0x10c/0x6f8 [ 45.746782][ T6758] [ 45.746782][ T6758] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 45.748326][ T6758] -> (&xa->xa_lock#10){-...}-{3:3} { [ 45.749124][ T6758] IN-HARDIRQ-W at: [ 45.749718][ T6758] lock_acquire+0x140/0x2e0 [ 45.750614][ T6758] _raw_spin_lock_irqsave+0x5c/0x7c [ 45.751613][ T6758] __folio_end_writeback+0x10c/0x6f8 [ 45.752599][ T6758] folio_end_writeback_no_dropbehind+0xd0/0x204 [ 45.753651][ T6758] folio_end_writeback+0xd8/0x248 [ 45.754545][ T6758] end_buffer_async_write+0x20c/0x350 [ 45.755541][ T6758] end_bio_bh_io_sync+0xb0/0x184 [ 45.756544][ T6758] bio_endio+0x8d4/0x910 [ 45.757492][ T6758] blk_mq_end_request_batch+0x49c/0x105c [ 45.758559][ T6758] nvme_irq+0x1ec/0x240 [ 45.759405][ T6758] __handle_irq_event_percpu+0x20c/0x8e4 [ 45.760467][ T6758] handle_irq_event+0x9c/0x1d0 [ 45.761393][ T6758] handle_fasteoi_irq+0x328/0x8d8 [ 45.762459][ T6758] generic_handle_domain_irq+0xe0/0x140 [ 45.763538][ T6758] gic_handle_irq+0x6c/0x18c [ 45.764500][ T6758] call_on_irq_stack+0x30/0x48 [ 45.765427][ T6758] do_interrupt_handler+0xd4/0x138 [ 45.766465][ T6758] el1_interrupt+0x3c/0x60 [ 45.767340][ T6758] el1h_64_irq_handler+0x18/0x24 [ 45.768312][ T6758] el1h_64_irq+0x6c/0x70 [ 45.769190][ T6758] arch_local_irq_enable+0x8/0xc [ 45.770170][ T6758] do_idle+0x1e0/0x474 [ 45.770985][ T6758] cpu_startup_entry+0x5c/0x74 [ 45.771944][ T6758] secondary_start_kernel+0x1bc/0x1e4 [ 45.772909][ T6758] __secondary_switched+0xc0/0xc4 [ 45.773983][ T6758] INITIAL USE at: [ 45.774570][ T6758] lock_acquire+0x140/0x2e0 [ 45.775506][ T6758] _raw_spin_lock_irq+0x58/0x70 [ 45.776459][ T6758] shmem_add_to_page_cache+0x564/0xa24 [ 45.777224][ T6164] Bluetooth: hci0: command tx timeout [ 45.778205][ T6758] shmem_alloc_and_add_folio+0x758/0x10c4 [ 45.779263][ T6758] shmem_get_folio_gfp+0x4d4/0x159c [ 45.780229][ T6758] shmem_read_folio_gfp+0x8c/0xf0 [ 45.781199][ T6758] drm_gem_get_pages+0x1cc/0x7c0 [ 45.782092][ T6758] drm_gem_shmem_get_pages_locked+0x1d4/0x364 [ 45.783204][ T6758] drm_gem_shmem_pin_locked+0x1f8/0x410 [ 45.784228][ T6758] drm_gem_shmem_vmap_locked+0x3cc/0x658 [ 45.785371][ T6758] drm_gem_shmem_object_vmap+0x28/0x38 [ 45.786408][ T6758] drm_gem_vmap+0x104/0x1d8 [ 45.787282][ T6758] drm_client_buffer_vmap+0x68/0xb0 [ 45.788252][ T6758] drm_fbdev_shmem_driver_fbdev_probe+0x1f4/0x700 [ 45.789368][ T6758] __drm_fb_helper_initial_config_and_unlock+0x108c/0x1728 [ 45.790602][ T6758] drm_fb_helper_initial_config+0x3c/0x58 [ 45.791660][ T6758] drm_fbdev_client_hotplug+0x154/0x22c [ 45.792708][ T6758] drm_client_register+0x13c/0x1d4 [ 45.793624][ T6758] drm_fbdev_client_setup+0x194/0x3d0 [ 45.794653][ T6758] drm_client_setup+0x114/0x228 [ 45.795574][ T6758] vkms_create+0x370/0x420 [ 45.796415][ T6758] vkms_init+0x64/0x9c [ 45.797219][ T6758] do_one_initcall+0x248/0x9b4 [ 45.798100][ T6758] do_initcall_level+0x128/0x1c4 [ 45.798997][ T6758] do_initcalls+0x70/0xd0 [ 45.799827][ T6758] do_basic_setup+0x78/0x8c [ 45.800725][ T6758] kernel_init_freeable+0x268/0x39c [ 45.801663][ T6758] kernel_init+0x24/0x1dc [ 45.802536][ T6758] ret_from_fork+0x10/0x20 [ 45.803432][ T6758] } [ 45.803793][ T6758] ... key at: [] xa_init_flags.__key+0x0/0x20 [ 45.804936][ T6758] [ 45.804936][ T6758] the dependencies between the lock to be acquired [ 45.804946][ T6758] and HARDIRQ-irq-unsafe lock: [ 45.806782][ T6758] -> (&p->sequence){+.-.}-{0:0} { [ 45.807551][ T6758] HARDIRQ-ON-W at: [ 45.808142][ T6758] lock_acquire+0x140/0x2e0 [ 45.809056][ T6758] fprop_new_period+0x3b8/0x718 [ 45.809965][ T6758] writeout_period+0x94/0x11c [ 45.810854][ T6758] call_timer_fn+0x19c/0x814 [ 45.811781][ T6758] __run_timer_base+0x51c/0x76c [ 45.812749][ T6758] run_timer_softirq+0x11c/0x194 [ 45.813705][ T6758] handle_softirqs+0x31c/0xc88 [ 45.814694][ T6758] __do_softirq+0x14/0x20 [ 45.815668][ T6758] ____do_softirq+0x14/0x20 [ 45.816651][ T6758] call_on_irq_stack+0x30/0x48 [ 45.817655][ T6758] do_softirq_own_stack+0x20/0x2c [ 45.818645][ T6758] __irq_exit_rcu+0x1b0/0x478 [ 45.819580][ T6758] irq_exit_rcu+0x14/0x84 [ 45.820446][ T6758] el1_interrupt+0x40/0x60 [ 45.821357][ T6758] el1h_64_irq_handler+0x18/0x24 [ 45.822364][ T6758] el1h_64_irq+0x6c/0x70 [ 45.823299][ T6758] arch_local_irq_restore+0x8/0xc [ 45.824283][ T6758] __might_resched+0x48/0x4c4 [ 45.825228][ T6758] __might_sleep+0x88/0x110 [ 45.826169][ T6758] __might_fault+0x7c/0x124 [ 45.827098][ T6758] __arm64_sys_rt_sigreturn+0x4c0/0x28d8 [ 45.828255][ T6758] invoke_syscall+0x98/0x254 [ 45.829186][ T6758] el0_svc_common+0xe8/0x23c [ 45.830157][ T6758] do_el0_svc+0x48/0x58 [ 45.830994][ T6758] el0_svc+0x5c/0x26c [ 45.831861][ T6758] el0t_64_sync_handler+0x84/0x12c [ 45.832890][ T6758] el0t_64_sync+0x198/0x19c [ 45.833858][ T6758] IN-SOFTIRQ-W at: [ 45.834480][ T6758] lock_acquire+0x140/0x2e0 [ 45.835443][ T6758] fprop_new_period+0x3b8/0x718 [ 45.836680][ T6758] writeout_period+0x94/0x11c [ 45.837614][ T6758] call_timer_fn+0x19c/0x814 [ 45.838517][ T6758] __run_timer_base+0x51c/0x76c [ 45.839489][ T6758] run_timer_softirq+0x11c/0x194 [ 45.840477][ T6758] handle_softirqs+0x31c/0xc88 [ 45.841499][ T6758] __do_softirq+0x14/0x20 [ 45.842503][ T6758] ____do_softirq+0x14/0x20 [ 45.843461][ T6758] call_on_irq_stack+0x30/0x48 [ 45.844398][ T6758] do_softirq_own_stack+0x20/0x2c [ 45.845329][ T6758] __irq_exit_rcu+0x1b0/0x478 [ 45.846246][ T6758] irq_exit_rcu+0x14/0x84 [ 45.847158][ T6758] el1_interrupt+0x40/0x60 [ 45.848110][ T6758] el1h_64_irq_handler+0x18/0x24 [ 45.849145][ T6758] el1h_64_irq+0x6c/0x70 [ 45.850036][ T6758] arch_local_irq_restore+0x8/0xc [ 45.850966][ T6758] __might_resched+0x48/0x4c4 [ 45.851900][ T6758] __might_sleep+0x88/0x110 [ 45.852786][ T6758] __might_fault+0x7c/0x124 [ 45.853586][ T6758] __arm64_sys_rt_sigreturn+0x4c0/0x28d8 [ 45.854669][ T6758] invoke_syscall+0x98/0x254 [ 45.855571][ T6758] el0_svc_common+0xe8/0x23c [ 45.856559][ T6758] do_el0_svc+0x48/0x58 [ 45.857403][ T6758] el0_svc+0x5c/0x26c [ 45.858242][ T6758] el0t_64_sync_handler+0x84/0x12c [ 45.859240][ T6758] el0t_64_sync+0x198/0x19c [ 45.860131][ T6758] INITIAL USE at: [ 45.860779][ T6758] lock_acquire+0x140/0x2e0 [ 45.861626][ T6758] fprop_new_period+0x3b8/0x718 [ 45.862579][ T6758] writeout_period+0x94/0x11c [ 45.863499][ T6758] call_timer_fn+0x19c/0x814 [ 45.864374][ T6758] __run_timer_base+0x51c/0x76c [ 45.865380][ T6758] run_timer_softirq+0x11c/0x194 [ 45.866324][ T6758] handle_softirqs+0x31c/0xc88 [ 45.867162][ T6758] __do_softirq+0x14/0x20 [ 45.868024][ T6758] ____do_softirq+0x14/0x20 [ 45.868893][ T6758] call_on_irq_stack+0x30/0x48 [ 45.869881][ T6758] do_softirq_own_stack+0x20/0x2c [ 45.870738][ T6758] __irq_exit_rcu+0x1b0/0x478 [ 45.871579][ T6758] irq_exit_rcu+0x14/0x84 [ 45.872457][ T6758] el1_interrupt+0x40/0x60 [ 45.873345][ T6758] el1h_64_irq_handler+0x18/0x24 [ 45.874287][ T6758] el1h_64_irq+0x6c/0x70 [ 45.875182][ T6758] arch_local_irq_restore+0x8/0xc [ 45.876136][ T6758] __might_resched+0x48/0x4c4 [ 45.877085][ T6758] __might_sleep+0x88/0x110 [ 45.877951][ T6758] __might_fault+0x7c/0x124 [ 45.878851][ T6758] __arm64_sys_rt_sigreturn+0x4c0/0x28d8 [ 45.879856][ T6758] invoke_syscall+0x98/0x254 [ 45.880715][ T6758] el0_svc_common+0xe8/0x23c [ 45.881625][ T6758] do_el0_svc+0x48/0x58 [ 45.882464][ T6758] el0_svc+0x5c/0x26c [ 45.883248][ T6758] el0t_64_sync_handler+0x84/0x12c [ 45.884139][ T6758] el0t_64_sync+0x198/0x19c [ 45.884958][ T6758] INITIAL READ USE at: [ 45.885596][ T6758] lock_acquire+0x140/0x2e0 [ 45.886501][ T6758] fprop_fraction_percpu+0xac/0x270 [ 45.887501][ T6758] __wb_calc_thresh+0xfc/0x3b0 [ 45.888406][ T6758] domain_over_bg_thresh+0xb8/0x1f0 [ 45.889507][ T6758] wb_over_bg_thresh+0xf8/0x17c [ 45.890458][ T6758] wb_workfn+0xa30/0xdc0 [ 45.891358][ T6758] process_one_work+0x7c0/0x1558 [ 45.892296][ T6758] worker_thread+0x958/0xed8 [ 45.893209][ T6758] kthread+0x5fc/0x75c [ 45.894102][ T6758] ret_from_fork+0x10/0x20 [ 45.895053][ T6758] } [ 45.895399][ T6758] ... key at: [] fprop_global_init.__key.1+0x0/0x20 [ 45.896589][ T6758] ... acquired at: [ 45.897115][ T6758] fprop_fraction_percpu+0xf0/0x270 [ 45.897804][ T6758] __fprop_add_percpu_max+0x130/0x1f4 [ 45.898612][ T6758] __wb_writeout_add+0xbc/0x27c [ 45.899293][ T6758] __folio_end_writeback+0x380/0x6f8 [ 45.900108][ T6758] folio_end_writeback_no_dropbehind+0xd0/0x204 [ 45.901006][ T6758] folio_end_writeback+0xd8/0x248 [ 45.901786][ T6758] iomap_finish_folio_write+0x1c0/0x2a4 [ 45.902588][ T6758] fuse_flush_writepages+0x578/0x788 [ 45.903388][ T6758] fuse_iomap_writeback_range+0x744/0x149c [ 45.904233][ T6758] iomap_writeback_folio+0x1064/0x1fc4 [ 45.905057][ T6758] iomap_writepages+0x128/0x25c [ 45.905794][ T6758] fuse_writepages+0x208/0x2bc [ 45.906455][ T6758] do_writepages+0x270/0x468 [ 45.907075][ T6758] file_write_and_wait_range+0x1d0/0x2c4 [ 45.907869][ T6758] fuse_fsync+0x100/0x2b8 [ 45.908491][ T6758] vfs_fsync_range+0x160/0x19c [ 45.909179][ T6758] fuse_file_write_iter+0xa20/0xb88 [ 45.909862][ T6758] do_iter_readv_writev+0x4bc/0x720 [ 45.910614][ T6758] vfs_writev+0x29c/0x7cc [ 45.911255][ T6758] do_writev+0x128/0x290 [ 45.911829][ T6758] __arm64_sys_writev+0x80/0x94 [ 45.912515][ T6758] invoke_syscall+0x98/0x254 [ 45.913234][ T6758] el0_svc_common+0xe8/0x23c [ 45.913891][ T6758] do_el0_svc+0x48/0x58 [ 45.914494][ T6758] el0_svc+0x5c/0x26c [ 45.915061][ T6758] el0t_64_sync_handler+0x84/0x12c [ 45.915887][ T6758] el0t_64_sync+0x198/0x19c [ 45.916542][ T6758] [ 45.916904][ T6758] [ 45.916904][ T6758] stack backtrace: [ 45.917793][ T6758] CPU: 1 UID: 0 PID: 6758 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 45.919015][ T6758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 45.920472][ T6758] Call trace: [ 45.920912][ T6758] show_stack+0x2c/0x3c (C) [ 45.921553][ T6758] __dump_stack+0x30/0x40 [ 45.922198][ T6758] dump_stack_lvl+0xd8/0x12c [ 45.922804][ T6758] dump_stack+0x1c/0x28 [ 45.923349][ T6758] __lock_acquire+0x3058/0x30a4 [ 45.924045][ T6758] lock_acquire+0x140/0x2e0 [ 45.924738][ T6758] fprop_fraction_percpu+0xf0/0x270 [ 45.925461][ T6758] __fprop_add_percpu_max+0x130/0x1f4 [ 45.926205][ T6758] __wb_writeout_add+0xbc/0x27c [ 45.926888][ T6758] __folio_end_writeback+0x380/0x6f8 [ 45.927673][ T6758] folio_end_writeback_no_dropbehind+0xd0/0x204 [ 45.928560][ T6758] folio_end_writeback+0xd8/0x248 [ 45.929272][ T6758] iomap_finish_folio_write+0x1c0/0x2a4 [ 45.930089][ T6758] fuse_flush_writepages+0x578/0x788 [ 45.930840][ T6758] fuse_iomap_writeback_range+0x744/0x149c [ 45.931724][ T6758] iomap_writeback_folio+0x1064/0x1fc4 [ 45.932504][ T6758] iomap_writepages+0x128/0x25c [ 45.933146][ T6758] fuse_writepages+0x208/0x2bc [ 45.933789][ T6758] do_writepages+0x270/0x468 [ 45.934415][ T6758] file_write_and_wait_range+0x1d0/0x2c4 [ 45.935228][ T6758] fuse_fsync+0x100/0x2b8 [ 45.935841][ T6758] vfs_fsync_range+0x160/0x19c [ 45.936544][ T6758] fuse_file_write_iter+0xa20/0xb88 [ 45.937270][ T6758] do_iter_readv_writev+0x4bc/0x720 [ 45.938028][ T6758] vfs_writev+0x29c/0x7cc [ 45.938612][ T6758] do_writev+0x128/0x290 [ 45.939264][ T6758] __arm64_sys_writev+0x80/0x94 [ 45.939939][ T6758] invoke_syscall+0x98/0x254 [ 45.940619][ T6758] el0_svc_common+0xe8/0x23c [ 45.941289][ T6758] do_el0_svc+0x48/0x58 [ 45.941868][ T6758] el0_svc+0x5c/0x26c [ 45.942415][ T6758] el0t_64_sync_handler+0x84/0x12c [ 45.943121][ T6758] el0t_64_sync+0x198/0x19c