program: syz_mount_image$squashfs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000780)=ANY=[@ANYRES16=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRES32=0x0, @ANYRESDEC=0x0, @ANYRES64, @ANYBLOB="01ce6671a3b30f673148672100038bbb4413ea284b892438cdddda3da4c78d940655fbd68a286059c5766f98f85fb413503eaf8c90a24dda1e09f68cd741168d69dae50652ca7b67c5b0a27ab80ff9afa5000443de8c748e1d5beabee7c1346b215f641ae190d56ea4ab81bacd909929deb5757040e8d5b2752ea779c30f600bd516a68d881e7fc7289826d49e35134a94e27f115c8195a0f152cbd840ffdb008356c72319cceb43ccb1280556efdf0fdf582fd3cfc830dff1787f000000b7400f5aef57b6dcbfde7af6012383adb085c40e4c295c2a3be750a42400e58523d24b8eecd75caabcee22347bdb78b72b400d080a044ebde5d39ad91ff0ef75aa244381cf00cd6fe9b9a92a9968104bf02481022af426853287e521a4e3cfe480f984efcea1359ff932ebd3bc75aefea41074799f3502a7472a6686b4011a41d7f0cfb25b3dc3077b4e8ded17cfff2b1d59bc12f637c36690f5ca91ee999ec138f6ce66522e652939a37435edb78f9ae18489f9d2b73c81609399f0d123f1721171bd72c012623f04d8965d3e5785d057c15798ab36af821c9b308731422ba3858b9895ace14068ea58f8cb6060c205caf209a73628eff5b9270a4a55c2d7fc59a4fe6e023bd424d8b010e2232d1b2e6ca603b466b2c82afff4a8cc469e8664d54769fc97df122b3ff8c34354dad46f900eaf6e72e538c0595caa056984ab8974dadad47a42af7cdae5bde6a12f412fe2a876aa191e78e91fbf780e2f4a20f57d41376b29f990ce63aa6edf622d2203fee37df269abf869d13b175852b775fff70491d1e5d1311b7eef954a101ddb98c5ba2b312528485ece7aff23cc6fee599daea0fca71a5970cf0fc82b49640cc3fabbc401dead4f83aa0c4072a9e98ab5afb790be17961fc073e2f8ec00000000000000005089d6db5ad893ee9b22b9250d01980952d0a3e0076c877556fa43f90cb574fd6ad67398ac4d9f8ff4e3ef09f99220928602523adc2289b5130c5f8e48384eff563a10787b0199642385e811504e7168804114842d51f42dd6937515fa64b2fd14ef427072c6556b99171bd00165a9aada7173f001679ac791ee67188c670f583f7b1f8d", @ANYRES8=0x0, @ANYRES32], 0x1, 0x1d2, &(0x7f0000000580)="$eJzslU9rE0EYxn+zO2kazaFnrxbbi7bZgvgN7AfwAxjStRYT/3QDmlAweunFg/glCn4KD4LePYgIXupBQQ8VTxWJzM474ywNRMVQAvPA8j7vM++fmVlm5mZxr6gDP4/2OixRQtHkvVJoYEVZ7XjB2m9ix4JP2vot0Z+L/Si2GAzfPLF0eKvd7ea7xWAKUQqmxVTISUn/cbMJ5PXjqqL4tzqzJ/3U7uzJoacVpT4pRnI59VXMgnxvQqh8/t8tasx6FeCVH83pv+ndM/s7J8akkt6gui3zR5K/yiqQ66u4+ijha+m8PdrrGHJdbjGjbdnPHYkyxjgvg5hzGkagUsa+ji5vS1gB1vq9u2vFYHhxp9fezrfz21m2cXn91Vk5ouOHsNPN11UwjcQQjYc5p41gvAZ8+D0+IoAKpmZwBpTLdSnucl49HyQ2IAlywxq27gvfvy5aSo9rXGARuD8ywxl2t5Yx1TQ3zNI2UaTitHQwTzgmYbEcuNS5093aR6Fc2gHa12gdUvNOJo5plG9c8cvfF7ssdlPsgdhDse7tcm+SLit8EW91BAs8aPf7u+XjZZnXMq9lS75zIl3da6jcTOpERERERERERMwJfgUAAP//B6hPCg==") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000240)='./file0\x00', 0x4000842) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x141842, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x4, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000380)={r3, &(0x7f0000000300), &(0x7f0000000340)=""/55}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000a80)={r3, &(0x7f0000000940)="18", &(0x7f0000000980)=""/235}, 0x20) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000140)={0x0, &(0x7f0000000200)=""/169, &(0x7f0000000300), &(0x7f0000000040), 0x2, r3}, 0x38) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000200)={'#! ', './file0'}, 0xb) copy_file_range(r4, &(0x7f00000001c0), r2, 0x0, 0xffffffffa003e45b, 0x700000000000000) [ 80.037211][ T5096] Bluetooth: hci0: command tx timeout [ 81.023822][ T5110] loop0: detected capacity change from 0 to 8 [ 81.079382][ T5110] SQUASHFS error: Unable to read directory block [631:72] [ 81.095455][ T80] [ 81.096563][ T80] ====================================================== [ 81.099403][ T80] WARNING: possible circular locking dependency detected [ 81.102225][ T80] 6.11.0-rc7-syzkaller-00039-g77f587896757 #0 Not tainted [ 81.105054][ T80] ------------------------------------------------------ [ 81.107703][ T80] kswapd0/80 is trying to acquire lock: [ 81.109973][ T80] ffff888000297130 (&group->mark_mutex){+.+.}-{3:3}, at: fsnotify_destroy_mark+0x38/0x3c0 [ 81.113951][ T80] [ 81.113951][ T80] but task is already holding lock: [ 81.116840][ T80] ffffffff8ea2fde0 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0xbf1/0x3720 [ 81.120037][ T80] [ 81.120037][ T80] which lock already depends on the new lock. [ 81.120037][ T80] [ 81.124056][ T80] [ 81.124056][ T80] the existing dependency chain (in reverse order) is: [ 81.127644][ T80] [ 81.127644][ T80] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 81.130585][ T80] lock_acquire+0x1ed/0x550 [ 81.132587][ T80] fs_reclaim_acquire+0x88/0x140 [ 81.134775][ T80] kmem_cache_alloc_noprof+0x3d/0x2a0 [ 81.137097][ T80] __se_sys_inotify_add_watch+0x72e/0x1070 [ 81.139511][ T80] do_syscall_64+0xf3/0x230 [ 81.141597][ T80] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.144162][ T80] [ 81.144162][ T80] -> #0 (&group->mark_mutex){+.+.}-{3:3}: [ 81.147355][ T80] validate_chain+0x18e0/0x5900 [ 81.149521][ T80] __lock_acquire+0x137a/0x2040 [ 81.151728][ T80] lock_acquire+0x1ed/0x550 [ 81.153763][ T80] __mutex_lock+0x136/0xd70 [ 81.155759][ T80] fsnotify_destroy_mark+0x38/0x3c0 [ 81.158012][ T80] fsnotify_destroy_marks+0x14a/0x660 [ 81.160330][ T80] dentry_unlink_inode+0x2e0/0x430 [ 81.162577][ T80] __dentry_kill+0x20d/0x630 [ 81.164657][ T80] shrink_kill+0xa9/0x2c0 [ 81.166627][ T80] shrink_dentry_list+0x2c0/0x5b0 [ 81.168811][ T80] prune_dcache_sb+0x10f/0x180 [ 81.170969][ T80] super_cache_scan+0x34f/0x4b0 [ 81.173127][ T80] do_shrink_slab+0x701/0x1160 [ 81.175192][ T80] shrink_slab+0x1093/0x14d0 [ 81.177242][ T80] shrink_one+0x43b/0x850 [ 81.179159][ T80] shrink_node+0x3799/0x3de0 [ 81.181251][ T80] kswapd+0x1cbc/0x3720 [ 81.183135][ T80] kthread+0x2f0/0x390 [ 81.184996][ T80] ret_from_fork+0x4b/0x80 [ 81.186998][ T80] ret_from_fork_asm+0x1a/0x30 [ 81.189150][ T80] [ 81.189150][ T80] other info that might help us debug this: [ 81.189150][ T80] [ 81.193278][ T80] Possible unsafe locking scenario: [ 81.193278][ T80] [ 81.196261][ T80] CPU0 CPU1 [ 81.198401][ T80] ---- ---- [ 81.200315][ T80] lock(fs_reclaim); [ 81.201920][ T80] lock(&group->mark_mutex); [ 81.204826][ T80] lock(fs_reclaim); [ 81.207414][ T80] lock(&group->mark_mutex); [ 81.209350][ T80] [ 81.209350][ T80] *** DEADLOCK *** [ 81.209350][ T80] [ 81.212588][ T80] 2 locks held by kswapd0/80: [ 81.214476][ T80] #0: ffffffff8ea2fde0 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0xbf1/0x3720 [ 81.217853][ T80] #1: ffff88800080c0e0 (&type->s_umount_key#47){.+.+}-{3:3}, at: super_cache_scan+0x94/0x4b0 [ 81.222031][ T80] [ 81.222031][ T80] stack backtrace: [ 81.224399][ T80] CPU: 0 UID: 0 PID: 80 Comm: kswapd0 Not tainted 6.11.0-rc7-syzkaller-00039-g77f587896757 #0 [ 81.228321][ T80] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.232500][ T80] Call Trace: [ 81.233850][ T80] [ 81.235041][ T80] dump_stack_lvl+0x241/0x360 [ 81.236934][ T80] ? __pfx_dump_stack_lvl+0x10/0x10 [ 81.239045][ T80] ? print_circular_bug+0x130/0x1a0 [ 81.241160][ T80] check_noncircular+0x36a/0x4a0 [ 81.243070][ T80] ? __pfx_check_noncircular+0x10/0x10 [ 81.245269][ T80] validate_chain+0x18e0/0x5900 [ 81.247210][ T80] ? __pfx_validate_chain+0x10/0x10 [ 81.249226][ T80] ? __pfx_validate_chain+0x10/0x10 [ 81.251201][ T80] ? __pfx_validate_chain+0x10/0x10 [ 81.253083][ T80] ? mark_lock+0x9a/0x350 [ 81.254653][ T80] __lock_acquire+0x137a/0x2040 [ 81.256541][ T80] lock_acquire+0x1ed/0x550 [ 81.258333][ T80] ? fsnotify_destroy_mark+0x38/0x3c0 [ 81.260511][ T80] ? __pfx_lock_acquire+0x10/0x10 [ 81.262454][ T80] ? __pfx___might_resched+0x10/0x10 [ 81.264421][ T80] __mutex_lock+0x136/0xd70 [ 81.266210][ T80] ? fsnotify_destroy_mark+0x38/0x3c0 [ 81.268241][ T80] ? fsnotify_destroy_mark+0x38/0x3c0 [ 81.270379][ T80] ? __pfx___mutex_lock+0x10/0x10 [ 81.272344][ T80] ? __pfx_lock_release+0x10/0x10 [ 81.274317][ T80] fsnotify_destroy_mark+0x38/0x3c0 [ 81.276241][ T80] ? fsnotify_grab_connector+0x3e/0x240 [ 81.278333][ T80] fsnotify_destroy_marks+0x14a/0x660 [ 81.280429][ T80] dentry_unlink_inode+0x2e0/0x430 [ 81.282686][ T80] __dentry_kill+0x20d/0x630 [ 81.284490][ T80] ? shrink_kill+0x8d/0x2c0 [ 81.286293][ T80] shrink_kill+0xa9/0x2c0 [ 81.287954][ T80] shrink_dentry_list+0x2c0/0x5b0 [ 81.289933][ T80] prune_dcache_sb+0x10f/0x180 [ 81.291775][ T80] ? __pfx_prune_dcache_sb+0x10/0x10 [ 81.293906][ T80] ? list_lru_count_one+0x29/0x2e0 [ 81.295937][ T80] ? list_lru_count_one+0x283/0x2e0 [ 81.297933][ T80] ? list_lru_count_one+0x29/0x2e0 [ 81.299897][ T80] super_cache_scan+0x34f/0x4b0 [ 81.301799][ T80] do_shrink_slab+0x701/0x1160 [ 81.303693][ T80] ? shrink_slab+0x12b/0x14d0 [ 81.305575][ T80] shrink_slab+0x1093/0x14d0 [ 81.307334][ T80] ? shrink_slab+0x12b/0x14d0 [ 81.309175][ T80] ? __pfx_shrink_slab+0x10/0x10 [ 81.311105][ T80] ? shrink_node+0x3547/0x3de0 [ 81.312967][ T80] ? __pfx_lock_release+0x10/0x10 [ 81.314871][ T80] shrink_one+0x43b/0x850 [ 81.316637][ T80] ? shrink_node+0x3547/0x3de0 [ 81.318532][ T80] shrink_node+0x3799/0x3de0 [ 81.320403][ T80] ? shrink_node+0x3547/0x3de0 [ 81.322347][ T80] ? __pfx_lock_acquire+0x10/0x10 [ 81.324369][ T80] ? mem_cgroup_iter+0x3a/0x560 [ 81.326337][ T80] ? __pfx_lock_release+0x10/0x10 [ 81.328355][ T80] ? __pfx_shrink_node+0x10/0x10 [ 81.330351][ T80] ? mem_cgroup_iter+0x3a/0x560 [ 81.332250][ T80] ? mem_cgroup_iter+0x3e9/0x560 [ 81.334107][ T80] ? mem_cgroup_iter+0x3a/0x560 [ 81.336051][ T80] kswapd+0x1cbc/0x3720 [ 81.337735][ T80] ? kswapd+0xbf1/0x3720 [ 81.339461][ T80] ? __pfx_kswapd+0x10/0x10 [ 81.341266][ T80] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 81.343545][ T80] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 81.346018][ T80] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 81.348504][ T80] ? __pfx_autoremove_wake_function+0x10/0x10 [ 81.350930][ T80] ? __kthread_parkme+0x169/0x1d0 [ 81.352907][ T80] ? __pfx_kswapd+0x10/0x10 [ 81.354748][ T80] kthread+0x2f0/0x390 [ 81.356373][ T80] ? __pfx_kswapd+0x10/0x10 [ 81.358154][ T80] ? __pfx_kthread+0x10/0x10 [ 81.359988][ T80] ret_from_fork+0x4b/0x80 [ 81.361783][ T80] ? __pfx_kthread+0x10/0x10 [ 81.363610][ T80] ret_from_fork_asm+0x1a/0x30 [ 81.365521][ T80]