program: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/vlan/vlan0\x00') preadv(r0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/216, 0xd8}], 0x1, 0xa3, 0xd) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f00000002c0)='blkio.throttle.write_iops_device\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f00000000c0)=ANY=[], 0x6a) (fail_nth: 4) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) [ 73.732857][ T5302] Bluetooth: hci0: command tx timeout [ 73.836929][ T5323] [ 73.838122][ T5323] ====================================================== [ 73.841096][ T5323] WARNING: possible circular locking dependency detected [ 73.843875][ T5323] syzkaller #0 Not tainted [ 73.845705][ T5323] ------------------------------------------------------ [ 73.848590][ T5323] syz.0.0/5323 is trying to acquire lock: [ 73.850940][ T5323] ffffffff8e658f68 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x272/0x18d0 [ 73.854754][ T5323] [ 73.854754][ T5323] but task is already holding lock: [ 73.857808][ T5323] ffff888035b41cf8 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: blk_throtl_init+0x279/0x410 [ 73.862409][ T5323] [ 73.862409][ T5323] which lock already depends on the new lock. [ 73.862409][ T5323] [ 73.866934][ T5323] [ 73.866934][ T5323] the existing dependency chain (in reverse order) is: [ 73.870654][ T5323] [ 73.870654][ T5323] -> #2 (&q->q_usage_counter(io)#17){++++}-{0:0}: [ 73.874204][ T5323] blk_alloc_queue+0x52f/0x610 [ 73.876540][ T5323] __blk_mq_alloc_disk+0x197/0x390 [ 73.878884][ T5323] loop_add+0x482/0xb40 [ 73.881001][ T5323] loop_init+0xd9/0x170 [ 73.883086][ T5323] do_one_initcall+0x250/0x840 [ 73.885342][ T5323] do_initcall_level+0x104/0x190 [ 73.887630][ T5323] do_initcalls+0x59/0xa0 [ 73.889706][ T5323] kernel_init_freeable+0x2a6/0x3d0 [ 73.892118][ T5323] kernel_init+0x1d/0x1d0 [ 73.894251][ T5323] ret_from_fork+0x51b/0xa40 [ 73.896574][ T5323] ret_from_fork_asm+0x1a/0x30 [ 73.898859][ T5323] [ 73.898859][ T5323] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 73.901919][ T5323] fs_reclaim_acquire+0x71/0x100 [ 73.904225][ T5323] prepare_alloc_pages+0x152/0x650 [ 73.906577][ T5323] __alloc_frozen_pages_noprof+0x12f/0x380 [ 73.909140][ T5323] __alloc_pages_noprof+0xa/0x30 [ 73.911392][ T5323] pcpu_populate_chunk+0x182/0xb30 [ 73.913885][ T5323] pcpu_alloc_noprof+0xc4a/0x18d0 [ 73.916186][ T5323] iommu_dma_init_fq+0x279/0x610 [ 73.918457][ T5323] iommu_setup_dma_ops+0x6ce/0x1880 [ 73.920841][ T5323] bus_iommu_probe+0x25c/0x410 [ 73.923018][ T5323] iommu_device_register+0x1af/0x210 [ 73.925487][ T5323] intel_iommu_init+0x6e3/0xa60 [ 73.927745][ T5323] pci_iommu_init+0x38/0x70 [ 73.929954][ T5323] do_one_initcall+0x250/0x840 [ 73.932249][ T5323] do_initcall_level+0x104/0x190 [ 73.934551][ T5323] do_initcalls+0x59/0xa0 [ 73.936423][ T5323] kernel_init_freeable+0x2a6/0x3d0 [ 73.938702][ T5323] kernel_init+0x1d/0x1d0 [ 73.940770][ T5323] ret_from_fork+0x51b/0xa40 [ 73.943164][ T5323] ret_from_fork_asm+0x1a/0x30 [ 73.945467][ T5323] [ 73.945467][ T5323] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 73.948760][ T5323] __lock_acquire+0x15a5/0x2cf0 [ 73.950959][ T5323] lock_acquire+0x106/0x330 [ 73.953027][ T5323] __mutex_lock+0x19f/0x1300 [ 73.955248][ T5323] pcpu_alloc_noprof+0x272/0x18d0 [ 73.957562][ T5323] __percpu_counter_init_many+0x43/0x380 [ 73.960116][ T5323] blkg_rwstat_init+0x2c/0x170 [ 73.962324][ T5323] throtl_pd_alloc+0xb6/0x460 [ 73.964658][ T5323] blkcg_activate_policy+0x692/0xb40 [ 73.967287][ T5323] blk_throtl_init+0x2f6/0x410 [ 73.969701][ T5323] tg_set_conf+0x1d6/0x4c0 [ 73.971796][ T5323] cgroup_file_write+0x36f/0x790 [ 73.974134][ T5323] kernfs_fop_write_iter+0x3af/0x540 [ 73.976656][ T5323] vfs_write+0x61d/0xb90 [ 73.978673][ T5323] ksys_write+0x150/0x270 [ 73.980831][ T5323] do_syscall_64+0xe2/0xf80 [ 73.983010][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.985775][ T5323] [ 73.985775][ T5323] other info that might help us debug this: [ 73.985775][ T5323] [ 73.990174][ T5323] Chain exists of: [ 73.990174][ T5323] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#17 [ 73.990174][ T5323] [ 73.995623][ T5323] Possible unsafe locking scenario: [ 73.995623][ T5323] [ 73.998942][ T5323] CPU0 CPU1 [ 74.001216][ T5323] ---- ---- [ 74.003592][ T5323] lock(&q->q_usage_counter(io)#17); [ 74.006013][ T5323] lock(fs_reclaim); [ 74.008869][ T5323] lock(&q->q_usage_counter(io)#17); [ 74.012284][ T5323] lock(pcpu_alloc_mutex); [ 74.014205][ T5323] [ 74.014205][ T5323] *** DEADLOCK *** [ 74.014205][ T5323] [ 74.017648][ T5323] 7 locks held by syz.0.0/5323: [ 74.019650][ T5323] #0: ffff888034dac478 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x246/0x320 [ 74.023422][ T5323] #1: ffff888039188420 (sb_writers#10){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 74.027093][ T5323] #2: ffff888012094488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1de/0x540 [ 74.031009][ T5323] #3: ffff8880380432d8 (kn->active#65){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x231/0x540 [ 74.035446][ T5323] #4: ffff888035b41f00 (&q->rq_qos_mutex){+.+.}-{4:4}, at: blkg_conf_open_bdev+0x2b0/0x3c0 [ 74.039762][ T5323] #5: ffff888035b41cf8 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: blk_throtl_init+0x279/0x410 [ 74.044347][ T5323] #6: ffff888035b41d30 (&q->q_usage_counter(queue)){+.+.}-{0:0}, at: blk_throtl_init+0x279/0x410 [ 74.048769][ T5323] [ 74.048769][ T5323] stack backtrace: [ 74.051402][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.051417][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 74.051425][ T5323] Call Trace: [ 74.051434][ T5323] [ 74.051440][ T5323] dump_stack_lvl+0xe8/0x150 [ 74.051457][ T5323] print_circular_bug+0x2e1/0x300 [ 74.051471][ T5323] check_noncircular+0x12e/0x150 [ 74.051483][ T5323] __lock_acquire+0x15a5/0x2cf0 [ 74.051504][ T5323] ? pcpu_alloc_noprof+0x272/0x18d0 [ 74.051520][ T5323] lock_acquire+0x106/0x330 [ 74.051534][ T5323] ? pcpu_alloc_noprof+0x272/0x18d0 [ 74.051552][ T5323] __mutex_lock+0x19f/0x1300 [ 74.051564][ T5323] ? pcpu_alloc_noprof+0x272/0x18d0 [ 74.051579][ T5323] ? kasan_save_track+0x4f/0x80 [ 74.051593][ T5323] ? kasan_save_track+0x3e/0x80 [ 74.051607][ T5323] ? __kasan_kmalloc+0x93/0xb0 [ 74.051622][ T5323] ? __kmalloc_cache_node_noprof+0x455/0x6d0 [ 74.051637][ T5323] ? blkcg_activate_policy+0x692/0xb40 [ 74.051653][ T5323] ? blk_throtl_init+0x2f6/0x410 [ 74.051664][ T5323] ? tg_set_conf+0x1d6/0x4c0 [ 74.051676][ T5323] ? pcpu_alloc_noprof+0x272/0x18d0 [ 74.051690][ T5323] ? kernfs_fop_write_iter+0x3af/0x540 [ 74.051700][ T5323] ? vfs_write+0x61d/0xb90 [ 74.051713][ T5323] ? ksys_write+0x150/0x270 [ 74.051725][ T5323] ? do_syscall_64+0xe2/0xf80 [ 74.051736][ T5323] ? __pfx___mutex_lock+0x10/0x10 [ 74.051750][ T5323] pcpu_alloc_noprof+0x272/0x18d0 [ 74.051770][ T5323] __percpu_counter_init_many+0x43/0x380 [ 74.051781][ T5323] ? __kmalloc_cache_node_noprof+0x455/0x6d0 [ 74.051798][ T5323] blkg_rwstat_init+0x2c/0x170 [ 74.051809][ T5323] throtl_pd_alloc+0xb6/0x460 [ 74.051820][ T5323] ? __pfx_throtl_pd_alloc+0x10/0x10 [ 74.051830][ T5323] blkcg_activate_policy+0x692/0xb40 [ 74.051849][ T5323] blk_throtl_init+0x2f6/0x410 [ 74.051861][ T5323] tg_set_conf+0x1d6/0x4c0 [ 74.051873][ T5323] ? kernfs_root+0x1c/0x230 [ 74.051887][ T5323] ? __pfx_tg_set_conf+0x10/0x10 [ 74.051899][ T5323] ? kernfs_root+0x1c/0x230 [ 74.051911][ T5323] ? kernfs_root+0x1c/0x230 [ 74.051922][ T5323] ? kernfs_root+0x1c/0x230 [ 74.051934][ T5323] ? kernfs_root+0x1ea/0x230 [ 74.051945][ T5323] ? __pfx_tg_set_conf_uint+0x10/0x10 [ 74.051983][ T5323] cgroup_file_write+0x36f/0x790 [ 74.051996][ T5323] ? __pfx_cgroup_file_write+0x10/0x10 [ 74.052005][ T5323] ? rcu_is_watching+0x15/0xb0 [ 74.052019][ T5323] ? __pfx_cgroup_file_write+0x10/0x10 [ 74.052028][ T5323] kernfs_fop_write_iter+0x3af/0x540 [ 74.052042][ T5323] vfs_write+0x61d/0xb90 [ 74.052052][ T5323] ? __pfx_vfs_write+0x10/0x10 [ 74.052061][ T5323] ? __fget_files+0x2a/0x420 [ 74.052069][ T5323] ksys_write+0x150/0x270 [ 74.052077][ T5323] ? __pfx_ksys_write+0x10/0x10 [ 74.052087][ T5323] do_syscall_64+0xe2/0xf80 [ 74.052094][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.052101][ T5323] ? trace_irq_disable+0x37/0x100 [ 74.052108][ T5323] ? clear_bhb_loop+0x60/0xb0 [ 74.052115][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.052122][ T5323] RIP: 0033:0x7fdbf719aeb9 [ 74.052131][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.052138][ T5323] RSP: 002b:00007fdbf80f7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 74.052168][ T5323] RAX: ffffffffffffffda RBX: 00007fdbf7415fa0 RCX: 00007fdbf719aeb9 [ 74.052173][ T5323] RDX: 000000000000006a RSI: 00002000000000c0 RDI: 0000000000000005 [ 74.052177][ T5323] RBP: 00007fdbf80f7090 R08: 0000000000000000 R09: 0000000000000000 [ 74.052182][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 74.052186][ T5323] R13: 00007fdbf7416038 R14: 00007fdbf7415fa0 R15: 00007ffd3f088438 [ 74.052194][ T5323]