program: syz_init_net_socket$ax25(0x3, 0x2, 0x3) r0 = signalfd4(0xffffffffffffffff, &(0x7f00000004c0), 0x8, 0x0) r1 = io_uring_setup(0x3e76, &(0x7f0000000000)={0x0, 0x0, 0x80, 0x3}) syz_mount_image$squashfs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000780)=ANY=[@ANYRES16=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRES32=0x0, @ANYRESDEC=0x0, @ANYRES64, @ANYBLOB="01ce6671a3b30f673148672100038bbb4413ea284b892438cdddda3da4c78d940655fbd68a286059c5766f98f85fb413503eaf8c90a24dda1e09f68cd741168d69dae50652ca7b67c5b0a27ab80ff9afa5000443de8c748e1d5beabee7c1346b215f641ae190d56ea4ab81bacd909929deb5757040e8d5b2752ea779c30f600bd516a68d881e7fc7289826d49e35134a94e27f115c8195a0f152cbd840ffdb008356c72319cceb43ccb1280556efdf0fdf582fd3cfc830dff1787f000000b7400f5aef57b6dcbfde7af6012383adb085c40e4c295c2a3be750a42400e58523d24b8eecd75caabcee22347bdb78b72b400d080a044ebde5d39ad91ff0ef75aa244381cf00cd6fe9b9a92a9968104bf02481022af426853287e521a4e3cfe480f984efcea1359ff932ebd3bc75aefea41074799f3502a7472a6686b4011a41d7f0cfb25b3dc3077b4e8ded17cfff2b1d59bc12f637c36690f5ca91ee999ec138f6ce66522e652939a37435edb78f9ae18489f9d2b73c81609399f0d123f1721171bd72c012623f04d8965d3e5785d057c15798ab36af821c9b308731422ba3858b9895ace14068ea58f8cb6060c205caf209a73628eff5b9270a4a55c2d7fc59a4fe6e023bd424d8b010e2232d1b2e6ca603b466b2c82afff4a8cc469e8664d54769fc97df122b3ff8c34354dad46f900eaf6e72e538c0595caa056984ab8974dadad47a42af7cdae5bde6a12f412fe2a876aa191e78e91fbf780e2f4a20f57d41376b29f990ce63aa6edf622d2203fee37df269abf869d13b175852b775fff70491d1e5d1311b7eef954a101ddb98c5ba2b312528485ece7aff23cc6fee599daea0fca71a5970cf0fc82b49640cc3fabbc401dead4f83aa0c4072a9e98ab5afb790be17961fc073e2f8ec00000000000000005089d6db5ad893ee9b22b9250d01980952d0a3e0076c877556fa43f90cb574fd6ad67398ac4d9f8ff4e3ef09f99220928602523adc2289b5130c5f8e48384eff563a10787b0199642385e811504e7168804114842d51f42dd6937515fa64b2fd14ef427072c6556b99171bd00165a9aada7173f001679ac791ee67188c670f583f7b1f8d", @ANYRES8=0x0, @ANYRES32], 0x1, 0x1d2, &(0x7f0000000580)="$eJzslU9rE0EYxn+zO2kazaFnrxbbi7bZgvgN7AfwAxjStRYT/3QDmlAweunFg/glCn4KD4LePYgIXupBQQ8VTxWJzM474ywNRMVQAvPA8j7vM++fmVlm5mZxr6gDP4/2OixRQtHkvVJoYEVZ7XjB2m9ix4JP2vot0Z+L/Si2GAzfPLF0eKvd7ea7xWAKUQqmxVTISUn/cbMJ5PXjqqL4tzqzJ/3U7uzJoacVpT4pRnI59VXMgnxvQqh8/t8tasx6FeCVH83pv+ndM/s7J8akkt6gui3zR5K/yiqQ66u4+ijha+m8PdrrGHJdbjGjbdnPHYkyxjgvg5hzGkagUsa+ji5vS1gB1vq9u2vFYHhxp9fezrfz21m2cXn91Vk5ouOHsNPN11UwjcQQjYc5p41gvAZ8+D0+IoAKpmZwBpTLdSnucl49HyQ2IAlywxq27gvfvy5aSo9rXGARuD8ywxl2t5Yx1TQ3zNI2UaTitHQwTzgmYbEcuNS5093aR6Fc2gHa12gdUvNOJo5plG9c8cvfF7ssdlPsgdhDse7tcm+SLit8EW91BAs8aPf7u+XjZZnXMq9lS75zIl3da6jcTOpERERERERERMwJfgUAAP//B6hPCg==") r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) r3 = inotify_init() inotify_add_watch(r3, &(0x7f0000000240)='./file0\x00', 0x4000842) getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000) sendmsg$L2TP_CMD_SESSION_CREATE(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020025bd7000fcdbdf250500000005000500010000000600030021000000080009000100000006001a004e23000014001f000000000000000000000000000000ebce0500130003000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c000}, 0x4002800) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00', 0x29, 0x2, 0x0, 0x0, 0xfe01, 0xe8}, &(0x7f00000000c0)=0x20) ioctl$PPPIOCGDEBUG(r0, 0x80047441, &(0x7f0000000240)) dup2(r0, r1) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) setsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, 0x0, 0x0) socket(0x10, 0x803, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00', 0x0}) r8 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$rxrpc(0xffffffffffffffff, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}}, 0x24) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_buf(r9, 0x29, 0x30, &(0x7f0000000040)=""/150, &(0x7f0000000100)=0x96) syz_emit_ethernet(0x5e, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60cb763e00283aff1b2120f0000000000000000000000000ff020000000000000000000000000001860090780000000000000000000000001803007c4de20278ab96e88afd5c976b4c1ce4a9a7a1aafb"], 0x0) ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r7}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) r11 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r11, 0x890b, &(0x7f0000000540)={@private2, @rand_addr=' \x01\x00', @rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r10}) r12 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c5642, 0x1f9) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r12, 0x0) [ 140.628750][ T5108] Bluetooth: hci0: command tx timeout [ 141.729817][ T5121] loop0: detected capacity change from 0 to 8 [ 141.774353][ T5121] SQUASHFS error: Unable to read directory block [631:72] [ 141.844274][ T73] [ 141.845267][ T73] ====================================================== [ 141.847732][ T73] WARNING: possible circular locking dependency detected [ 141.849996][ T73] 6.11.0-syzkaller-08481-g88264981f208 #0 Not tainted [ 141.852372][ T73] ------------------------------------------------------ [ 141.855032][ T73] kswapd0/73 is trying to acquire lock: [ 141.857042][ T73] ffff8880121ea130 (&group->mark_mutex){+.+.}-{3:3}, at: fsnotify_destroy_mark+0x38/0x3c0 [ 141.860736][ T73] [ 141.860736][ T73] but task is already holding lock: [ 141.863462][ T73] ffffffff8ea36740 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0xbf1/0x3700 [ 141.866499][ T73] [ 141.866499][ T73] which lock already depends on the new lock. [ 141.866499][ T73] [ 141.870279][ T73] [ 141.870279][ T73] the existing dependency chain (in reverse order) is: [ 141.873411][ T73] [ 141.873411][ T73] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 141.875863][ T73] lock_acquire+0x1ed/0x550 [ 141.877650][ T73] fs_reclaim_acquire+0x88/0x140 [ 141.879570][ T73] kmem_cache_alloc_noprof+0x3d/0x2a0 [ 141.881661][ T73] __se_sys_inotify_add_watch+0x728/0x1060 [ 141.883898][ T73] do_syscall_64+0xf3/0x230 [ 141.885759][ T73] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.888040][ T73] [ 141.888040][ T73] -> #0 (&group->mark_mutex){+.+.}-{3:3}: [ 141.890681][ T73] validate_chain+0x18ef/0x5920 [ 141.892548][ T73] __lock_acquire+0x1384/0x2050 [ 141.894497][ T73] lock_acquire+0x1ed/0x550 [ 141.896283][ T73] __mutex_lock+0x136/0xd70 [ 141.898149][ T73] fsnotify_destroy_mark+0x38/0x3c0 [ 141.900185][ T73] fsnotify_destroy_marks+0x14a/0x660 [ 141.902197][ T73] dentry_unlink_inode+0x2e0/0x430 [ 141.904000][ T73] __dentry_kill+0x20d/0x630 [ 141.905908][ T73] shrink_kill+0xa9/0x2c0 [ 141.907533][ T73] shrink_dentry_list+0x2c0/0x5b0 [ 141.909434][ T73] prune_dcache_sb+0x10f/0x180 [ 141.911284][ T73] super_cache_scan+0x34f/0x4b0 [ 141.913089][ T73] do_shrink_slab+0x701/0x1160 [ 141.914998][ T73] shrink_slab+0x1093/0x14d0 [ 141.916796][ T73] shrink_one+0x43b/0x850 [ 141.918317][ T73] shrink_node+0x3799/0x3de0 [ 141.920123][ T73] kswapd+0x1ca3/0x3700 [ 141.921925][ T73] kthread+0x2f0/0x390 [ 141.923655][ T73] ret_from_fork+0x4b/0x80 [ 141.925478][ T73] ret_from_fork_asm+0x1a/0x30 [ 141.927433][ T73] [ 141.927433][ T73] other info that might help us debug this: [ 141.927433][ T73] [ 141.931208][ T73] Possible unsafe locking scenario: [ 141.931208][ T73] [ 141.934043][ T73] CPU0 CPU1 [ 141.935794][ T73] ---- ---- [ 141.937791][ T73] lock(fs_reclaim); [ 141.939355][ T73] lock(&group->mark_mutex); [ 141.941984][ T73] lock(fs_reclaim); [ 141.944267][ T73] lock(&group->mark_mutex); [ 141.945939][ T73] [ 141.945939][ T73] *** DEADLOCK *** [ 141.945939][ T73] [ 141.948722][ T73] 2 locks held by kswapd0/73: [ 141.950337][ T73] #0: ffffffff8ea36740 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0xbf1/0x3700 [ 141.953323][ T73] #1: ffff88804af020e0 (&type->s_umount_key#47){.+.+}-{3:3}, at: super_cache_scan+0x94/0x4b0 [ 141.957155][ T73] [ 141.957155][ T73] stack backtrace: [ 141.959457][ T73] CPU: 0 UID: 0 PID: 73 Comm: kswapd0 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 141.962971][ T73] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 141.966367][ T73] Call Trace: [ 141.967473][ T73] [ 141.968458][ T73] dump_stack_lvl+0x241/0x360 [ 141.970238][ T73] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.972326][ T73] ? __pfx__printk+0x10/0x10 [ 141.974086][ T73] print_circular_bug+0x13a/0x1b0 [ 141.976046][ T73] check_noncircular+0x36a/0x4a0 [ 141.977763][ T73] ? __pfx_check_noncircular+0x10/0x10 [ 141.979524][ T73] validate_chain+0x18ef/0x5920 [ 141.981152][ T73] ? __pfx_validate_chain+0x10/0x10 [ 141.982935][ T73] ? __pfx_validate_chain+0x10/0x10 [ 141.984818][ T73] ? __pfx_validate_chain+0x10/0x10 [ 141.986446][ T73] ? mark_lock+0x9a/0x360 [ 141.987920][ T73] __lock_acquire+0x1384/0x2050 [ 141.989706][ T73] lock_acquire+0x1ed/0x550 [ 141.991335][ T73] ? fsnotify_destroy_mark+0x38/0x3c0 [ 141.993138][ T73] ? __pfx_lock_acquire+0x10/0x10 [ 141.995014][ T73] ? __pfx___might_resched+0x10/0x10 [ 141.997031][ T73] __mutex_lock+0x136/0xd70 [ 141.998830][ T73] ? fsnotify_destroy_mark+0x38/0x3c0 [ 142.000630][ T73] ? fsnotify_destroy_mark+0x38/0x3c0 [ 142.002634][ T73] ? __pfx___mutex_lock+0x10/0x10 [ 142.004388][ T73] ? __pfx_lock_release+0x10/0x10 [ 142.006319][ T73] fsnotify_destroy_mark+0x38/0x3c0 [ 142.008327][ T73] ? fsnotify_grab_connector+0x3e/0x240 [ 142.010385][ T73] fsnotify_destroy_marks+0x14a/0x660 [ 142.012170][ T73] dentry_unlink_inode+0x2e0/0x430 [ 142.013781][ T73] __dentry_kill+0x20d/0x630 [ 142.015232][ T73] ? shrink_kill+0x8d/0x2c0 [ 142.016624][ T73] shrink_kill+0xa9/0x2c0 [ 142.017989][ T73] shrink_dentry_list+0x2c0/0x5b0 [ 142.019587][ T73] prune_dcache_sb+0x10f/0x180 [ 142.021149][ T73] ? __pfx_prune_dcache_sb+0x10/0x10 [ 142.022945][ T73] ? list_lru_count_one+0x29/0x2e0 [ 142.024994][ T73] ? list_lru_count_one+0x283/0x2e0 [ 142.027060][ T73] ? list_lru_count_one+0x29/0x2e0 [ 142.029045][ T73] super_cache_scan+0x34f/0x4b0 [ 142.031030][ T73] do_shrink_slab+0x701/0x1160 [ 142.032820][ T73] ? shrink_slab+0x12b/0x14d0 [ 142.034691][ T73] shrink_slab+0x1093/0x14d0 [ 142.036525][ T73] ? shrink_slab+0x12b/0x14d0 [ 142.038423][ T73] ? __pfx_shrink_slab+0x10/0x10 [ 142.040410][ T73] ? shrink_node+0x3547/0x3de0 [ 142.042388][ T73] ? __pfx_lock_release+0x10/0x10 [ 142.044445][ T73] shrink_one+0x43b/0x850 [ 142.046217][ T73] ? shrink_node+0x3547/0x3de0 [ 142.048166][ T73] shrink_node+0x3799/0x3de0 [ 142.050116][ T73] ? shrink_node+0x3547/0x3de0 [ 142.052073][ T73] ? __pfx_lock_acquire+0x10/0x10 [ 142.054108][ T73] ? mem_cgroup_iter+0x3d/0x420 [ 142.056206][ T73] ? __pfx_lock_release+0x10/0x10 [ 142.058486][ T73] ? __pfx_shrink_node+0x10/0x10 [ 142.060717][ T73] ? mem_cgroup_iter+0x3d/0x420 [ 142.062884][ T73] kswapd+0x1ca3/0x3700 [ 142.064885][ T73] ? kswapd+0xbf1/0x3700 [ 142.066820][ T73] ? __pfx_kswapd+0x10/0x10 [ 142.068638][ T73] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 142.070988][ T73] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 142.073309][ T73] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 142.075372][ T73] ? __pfx_autoremove_wake_function+0x10/0x10 [ 142.077547][ T73] ? __kthread_parkme+0x169/0x1d0 [ 142.079574][ T73] ? __pfx_kswapd+0x10/0x10 [ 142.081335][ T73] kthread+0x2f0/0x390 [ 142.082914][ T73] ? __pfx_kswapd+0x10/0x10 [ 142.084459][ T73] ? __pfx_kthread+0x10/0x10 [ 142.086188][ T73] ret_from_fork+0x4b/0x80 [ 142.087899][ T73] ? __pfx_kthread+0x10/0x10 [ 142.089677][ T73] ret_from_fork_asm+0x1a/0x30 [ 142.091571][ T73]