Warning: Permanently added '10.128.0.12' (ED25519) to the list of known hosts. executing program [ 93.486137][ T5835] [ 93.488514][ T5835] ====================================================== [ 93.495543][ T5835] WARNING: possible circular locking dependency detected [ 93.502583][ T5835] 6.15.0-rc2-syzkaller #0 Not tainted [ 93.507967][ T5835] ------------------------------------------------------ [ 93.514994][ T5835] syz-executor134/5835 is trying to acquire lock: [ 93.521417][ T5835] ffff8880260c0f98 (&q->elevator_lock){+.+.}-{4:4}, at: queue_wb_lat_store+0x187/0x3d0 [ 93.531157][ T5835] [ 93.531157][ T5835] but task is already holding lock: [ 93.538533][ T5835] ffff8880260c0a68 (&q->q_usage_counter(io)#62){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 93.549804][ T5835] [ 93.549804][ T5835] which lock already depends on the new lock. [ 93.549804][ T5835] [ 93.560249][ T5835] [ 93.560249][ T5835] the existing dependency chain (in reverse order) is: [ 93.569272][ T5835] [ 93.569272][ T5835] -> #2 (&q->q_usage_counter(io)#62){++++}-{0:0}: [ 93.577914][ T5835] blk_alloc_queue+0x619/0x760 [ 93.583233][ T5835] blk_mq_alloc_queue+0x179/0x290 [ 93.588795][ T5835] __blk_mq_alloc_disk+0x29/0x120 [ 93.594475][ T5835] nbd_dev_add+0x49d/0xbb0 [ 93.599439][ T5835] nbd_init+0x181/0x320 [ 93.604150][ T5835] do_one_initcall+0x120/0x6e0 [ 93.609499][ T5835] kernel_init_freeable+0x5c2/0x900 [ 93.615245][ T5835] kernel_init+0x1c/0x2b0 [ 93.620120][ T5835] ret_from_fork+0x45/0x80 [ 93.625074][ T5835] ret_from_fork_asm+0x1a/0x30 [ 93.630419][ T5835] [ 93.630419][ T5835] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 93.637661][ T5835] fs_reclaim_acquire+0x102/0x150 [ 93.643234][ T5835] kmem_cache_alloc_noprof+0x53/0x3b0 [ 93.649156][ T5835] __kernfs_new_node+0xd2/0x8a0 [ 93.654558][ T5835] kernfs_new_node+0x13c/0x1e0 [ 93.659861][ T5835] kernfs_create_dir_ns+0x4c/0x1a0 [ 93.665517][ T5835] sysfs_create_dir_ns+0x13a/0x2b0 [ 93.671184][ T5835] kobject_add_internal+0x2c4/0x9b0 [ 93.676956][ T5835] kobject_add+0x16e/0x240 [ 93.681906][ T5835] elv_register_queue+0xd3/0x2a0 [ 93.687380][ T5835] blk_register_queue+0x37e/0x500 [ 93.692950][ T5835] add_disk_fwnode+0x911/0x13a0 [ 93.698347][ T5835] nbd_dev_add+0x78e/0xbb0 [ 93.703359][ T5835] nbd_init+0x181/0x320 [ 93.708063][ T5835] do_one_initcall+0x120/0x6e0 [ 93.713382][ T5835] kernel_init_freeable+0x5c2/0x900 [ 93.719130][ T5835] kernel_init+0x1c/0x2b0 [ 93.723999][ T5835] ret_from_fork+0x45/0x80 [ 93.728958][ T5835] ret_from_fork_asm+0x1a/0x30 [ 93.734276][ T5835] [ 93.734276][ T5835] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 93.742125][ T5835] __lock_acquire+0x1173/0x1ba0 [ 93.747546][ T5835] lock_acquire+0x179/0x350 [ 93.752591][ T5835] __mutex_lock+0x199/0xb90 [ 93.757722][ T5835] queue_wb_lat_store+0x187/0x3d0 [ 93.763321][ T5835] queue_attr_store+0x270/0x310 [ 93.768726][ T5835] sysfs_kf_write+0xef/0x150 [ 93.773873][ T5835] kernfs_fop_write_iter+0x351/0x510 [ 93.779702][ T5835] vfs_write+0x5ba/0x1180 [ 93.784582][ T5835] ksys_write+0x12a/0x240 [ 93.789462][ T5835] do_syscall_64+0xcd/0x260 [ 93.794517][ T5835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.800949][ T5835] [ 93.800949][ T5835] other info that might help us debug this: [ 93.800949][ T5835] [ 93.811189][ T5835] Chain exists of: [ 93.811189][ T5835] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#62 [ 93.811189][ T5835] [ 93.824986][ T5835] Possible unsafe locking scenario: [ 93.824986][ T5835] [ 93.832447][ T5835] CPU0 CPU1 [ 93.837826][ T5835] ---- ---- [ 93.843199][ T5835] lock(&q->q_usage_counter(io)#62); [ 93.848601][ T5835] lock(fs_reclaim); [ 93.855124][ T5835] lock(&q->q_usage_counter(io)#62); [ 93.863044][ T5835] lock(&q->elevator_lock); [ 93.867651][ T5835] [ 93.867651][ T5835] *** DEADLOCK *** [ 93.867651][ T5835] [ 93.875801][ T5835] 6 locks held by syz-executor134/5835: [ 93.881378][ T5835] #0: ffff88802ae609b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 93.890507][ T5835] #1: ffff888024454420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x240 [ 93.899530][ T5835] #2: ffff888033450088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 93.909325][ T5835] #3: ffff888140fb55a8 (kn->active#47){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 93.919383][ T5835] #4: ffff8880260c0a68 (&q->q_usage_counter(io)#62){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 93.931090][ T5835] #5: ffff8880260c0aa0 (&q->q_usage_counter(queue)#14){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 93.943068][ T5835] [ 93.943068][ T5835] stack backtrace: [ 93.949069][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: syz-executor134 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 93.949111][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 93.949130][ T5835] Call Trace: [ 93.949139][ T5835] [ 93.949152][ T5835] dump_stack_lvl+0x116/0x1f0 [ 93.949194][ T5835] print_circular_bug+0x275/0x350 [ 93.949234][ T5835] check_noncircular+0x14c/0x170 [ 93.949276][ T5835] __lock_acquire+0x1173/0x1ba0 [ 93.949322][ T5835] lock_acquire+0x179/0x350 [ 93.949343][ T5835] ? queue_wb_lat_store+0x187/0x3d0 [ 93.949375][ T5835] ? __pfx___might_resched+0x10/0x10 [ 93.949410][ T5835] ? do_raw_spin_lock+0x12c/0x2b0 [ 93.949438][ T5835] __mutex_lock+0x199/0xb90 [ 93.949476][ T5835] ? queue_wb_lat_store+0x187/0x3d0 [ 93.949507][ T5835] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 93.949540][ T5835] ? queue_wb_lat_store+0x187/0x3d0 [ 93.949569][ T5835] ? lockdep_hardirqs_on+0x7c/0x110 [ 93.949603][ T5835] ? __pfx___mutex_lock+0x10/0x10 [ 93.949643][ T5835] ? __pfx_autoremove_wake_function+0x10/0x10 [ 93.949683][ T5835] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 93.949720][ T5835] ? queue_wb_lat_store+0x187/0x3d0 [ 93.949749][ T5835] queue_wb_lat_store+0x187/0x3d0 [ 93.949781][ T5835] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 93.949813][ T5835] ? __mutex_trylock_common+0xe9/0x250 [ 93.949836][ T5835] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 93.949866][ T5835] queue_attr_store+0x270/0x310 [ 93.949898][ T5835] ? __pfx_queue_attr_store+0x10/0x10 [ 93.949937][ T5835] ? find_held_lock+0x2b/0x80 [ 93.949967][ T5835] ? sysfs_file_kobj+0xe4/0x290 [ 93.950002][ T5835] ? __pfx_queue_attr_store+0x10/0x10 [ 93.950033][ T5835] sysfs_kf_write+0xef/0x150 [ 93.950067][ T5835] kernfs_fop_write_iter+0x351/0x510 [ 93.950116][ T5835] ? __pfx_sysfs_kf_write+0x10/0x10 [ 93.950152][ T5835] vfs_write+0x5ba/0x1180 [ 93.950188][ T5835] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 93.950220][ T5835] ? __pfx___mutex_lock+0x10/0x10 [ 93.950258][ T5835] ? __pfx_vfs_write+0x10/0x10 [ 93.950302][ T5835] ksys_write+0x12a/0x240 [ 93.950336][ T5835] ? __pfx_ksys_write+0x10/0x10 [ 93.950376][ T5835] do_syscall_64+0xcd/0x260 [ 93.950415][ T5835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.950441][ T5835] RIP: 0033:0x7f217454ee39 [ 93.950467][ T5835] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 93.950491][ T5835] RSP: 002b:00007f21744e8218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 93.950513][ T5835] RAX: ffffffffffffffda RBX: 00007f21745d8318 RCX: 00007f217454ee39 [ 93.950530][ T5835] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 93.950545][ T5835] RBP: 00007f21745d8310 R08: 00007ffee7802e27 R09: 0000000000000000 [ 93.950560][ T5835] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f21745a6004 [ 93.950575][ T5835] R13: 0000200000000150 R14: 0000200000000140 R15: 00000000fffffdef [ 93.950599][ T5835]