Extracting prog: 1m40.756360017s
Minimizing prog: 1m33.989625736s
Simplifying prog options: 3m48.733360379s
Extracting C: 1m15.843566675s
Simplifying C: 0s
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-write$UHID_INPUT
detailed listing:
executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
write$UHID_INPUT(r0, &(0x7f0000002280)={0x8, {"437f7ec210d26c5c65cf41c4b619ff709ac90fbe7d436e34e50b64ad3f4574bbca1cea79263379b9fdd7f2afdb03dae19bfffa25bb2b1fbffb1d076fc8f29ce1fb2bd02946664854b38af67becf5b4acbb2d3601ce25c0f85a3550bbdc916deac27160f662efc481a31f1bb258916d879d53c09ced1ea74851b7aa2c4ec8eb4b6490d8692751aebd3a41675f63ae85b25f7698dedc8cf55b374ad40ec2669237d6d96cbf4ee2a3f46e3a93a991337e25c11ffc9538bab74b8360f1481810fcca20c8aa276af0ce23cfbf7d98e8cab7754f0f86ed0588a36dd8622872885ef5a8e70fe2742c5b892c9c42ee10bb00ec59f3a192a6eee5fd00ac80f56cfbae0272026e4fefd9e6e4c44e30758c8d3150b25cc04d3cd4af3a3a086f34acd1600e5857a90939724c96717f18efa44902b1adf74fdad21b41984e25106bab7a902de951aac7b3d9d29d9db797f4d1ac8b3e87055f47b0b5f41220d867155e93064c1fd4fe010d9fa56a149233aa857ed67643149ac3be60a66692807df6adcfc99cee4a4951ae91182a02ec1f6e95cc621b7b98a5f3e8c39ca1044e1c07b5ce60097d37d5355e369a5c3df7472494f90a5521c9c9082db0e4e152bd6fd509faa698d8040d74dd4fbd2e201bbf135a0977e91f3128b7eb6fae9f123d67e8424073c095eae08983631ab0820eed40e9844558afb138d20e664aec5bed9002720a20eaf536821f3cb9a24f233136941b3b004319f9c0e7b9818e91ed97b4277920bbe096dadfc3ebd720ab6612687de5cd481720d2cfd5d64b5e01988380f3e1d8608b70cfac85f77576ba44e3825a87dcd676edb7c6e639a7d075ea50e89e7e39cca2820684215782215177ef1a2ccc789276e6e8e4bd7e500dd94f1ff6e0eacbf291415ffe14eaf2da60646a722cd1b1a9aa38ee446e0ddab1d82620f38e3687694316a769ce394f0bf1558f4598f3aa830dc4aa6dd60384f692b6724802012567f4189329c06a1d74658471d9222d9a672d362bc5aa62fcf6067fd8c6ec6122f4c24daf0992de3d1e6cd953a5c64bf0c525200c83be66105876e7cce2fc0250167d2f891ef720f10a3f5a96813a93a58845ac14321758f671edd284237fad2c38cb63e1a4e852a94fb160ad154d0f43d8302fa660ccc9737a8e83c83bdb0543c2f1ff2fb5440132d48a9dda7191afe2c5ba7f12625273dd737767c4d9ef5636de49785c06b5c01f8c94c31bc5742bb0897efe4254c0f606bc5b5ae724c7fe2c87eace8ff11d2fcbe77e59670e9b29ec7da089913ad02f2c8a288675d51da762df93fbe2b6f848df784f8fbd15c43ac1c6f04975ee19832e622cc9bca4a42bf9f6a2e1c2ac7b75a8ef0a25e91cce80d79caa09b257e820118407e5016887f1f73755777f7d733c7a26f9f29f465bb8c43d705bf3a2f2557ade23bbf65b5a95acf9435cf541e2f5006c966d2ff177f60da63846f9914ba805d25cfcc96b8a34393d614aba8910671525910992987d88241557fd8c988f57014962efc795578e82046d1b102fe32fe323fd9c7109255f4b9c72a23701c3aa4c1e30772edce49bcfccbaf001319f0c162c97a89d58f52a5679f8423944bf374eb0792c78423f95e7901f59de053f9817b1236ec26509944643a7bd9e65c8688ecd7f02da5bef748a77ed6f35163146a6e6cf0c09d05cfa7dd8cd4ac2c9ef9f1855639f775b93fd066348f6cd97469ca480d91ce3e9701cbe70dd8ac57f2bcb83823e291cca06997369de0a07c742dafb72e871582e3a389ba26f44bced8a4eed524c19e52d7de322085418c5c1dc42616c34b2018e4e0518b9beeecacc4566eb922308b532f39d5d02becc70b9fb681c6b57ced6eb99249b67738c0f64eb0c5d1ca56acf7efaa07de76306071e77cd766d22b6948ee04854a8247a9ece95f488590bc97f6d0c7676c8cbfbc12e22b4b48b78c6f8687089241578cf231989967e04ff1bcb1d06226322dcd9e62196698700112642c652826d18bfc5b9aaceb313a535eca99d6b4c563843d772e266fa3d186b5a746b0bd23944f600d1888a0fba1d4d94e6f82693d8c651295178890f2cad197f65eb86438785628a4b8e8d4c5900dac141aae79da3a83e6c7ce2aff7b302dba638b7f4f31713f26f44d8f76e6523f85e4676d59d172f9d52fab4366ac73ce20a2eaa673fa91251c907df450aa48d35f157a5ba47fbba9a809b4542ed56f6b80d2484b3cb39080b712359da0dec245159365ddd915bf1def30a83a16633570e44b12b37bedeee4257a9fa74f2ac99281911ee248c4297041abb80c395611ec73bbbf663191caf0ec58d0cd6278711884232829daac78560325833809fbb0f0d91b449a62a38ba206972767997b2e9efd9bc9a54d586db33d0f59ddab2d71042a7f5cefdb6e9c9da7ad8368db3186d8f99375806da9ef435f8327194a03c51c6ebecdb227d0cd0088a6e11afd8c0a5da91c1a4816ed3a7de40908a27a5fe7c6f9d264a3f2ee14b66ddd2444b3dc43205b502282b7e6b05832886761f9d543430012ea3705376e47a601be9544ec02adc5965c1a86ea3f2091f614d7be98a7eaa19dac7c178b7d9456000c611c66f9420d4d72b1e2634181313386533d57fd595a98771967933cb359be095d28eb88070f4712e0e5ac632060818853dd55ee04b29a75ff33c450086cee601e7af2884277c6dae93c11bdb7b7f7f8975f392dedf5e2ecca739113b127097443fdebb607add10aeea23119cc12787e944ef05d5a083679de2a87dab55d29e8a91630ce3dac1140144747eb4c59ca9faea413e91348802a7e22bf017c35811bc0712a43b6d9209f2fe869fe9aaefab047a36d8d1cc1d581427ee86936d98eb5f3e3b4b3469193b919795662422d9bf383f88562f8d79210dfa65c3620555b01186d9baa2c816fa54364819c70ecbd8a5f980fcd9a94145ec052ff4057d54adee9ad4ea653febc4c1656521f645c143b0bdc4c84b3b598ccb1e353a278858ec30d398f97834dc1f5d0eada8d11d305016ff99cb9b8a9e9fd96eb86c18fc0de75d8fe26394d1a2cf61a7eff7e080211429ee3da6e0914b012079cdca264c9fd859966217e43716bc0b5d032af02e1cf438aa7335caa52b08486cc81254f36a22fbdbf0882eeeb2728c29244082c51153621ff282d31e95b7781a61238d7a53a880227152c7d3670ba052a9b0514a1c8b915bc222b2cd21dbaf1d3640bf521d66259c2c20c7ab88b7ace9adcaba636235c512154b8ddb5ee73847805f419ffb0f4ceb58f6e6c9c4d227e89959f85a37c645b1c22b818eb5f21dd1431922517ddc887eb926d76b6be5c65ad8d7d2460edfd59498515902663603ef47b087d317058eee82f6ce003d81b84a893abd4f0ece0bcd28cd297a627f8fb0849222313919a565bfc3a7f4ef60474811aa76375d5b62471a600dadab6a90da5fc83c4181e825ef5ed2c6b569771f46aee5dd3985040c2f1638ad8dbf87528491cf608c0fb1c6c763f3a5bf165916a233fb185d0bef5fd13ad0d457951166c96f24c651ac123a114877a9508b444b39363c9f0cf9dc1e73b54f32260233b3d964e4c2c1e160cb7017239d8fdecfc5d22fd202e7da06aa14a101c14b1325995466591f8d02ecc7291ef9264eef602cadc53525dd48f6f98e2ae92a6ecc6cb553d9b01d506cf3cd5856fd981397a8f0a3712cc412fd8157bf568bf2f4c37f0cb5e16c446a316d1e10dfccba723df7cd99566bd2619350451744b28348214b7c1d0deb3f12001f54e588cb954074b7b6d8ca4ba1ee0adf132662996de93adb65763c1727cbe54cf537317fa0f8726dd0f6fb560efe8431a6e9b8aa0e1f4135965480d56e3525b5d8a5288f6c89ac1d95002d62ec90dd25b16093fe7d445ef0c8ce0f4bf72644697f4134cea27727f7b955c050a5e865d50178b82809f551abbd18035d893ee55373818b998748e20d91b6045513deb51a0a3ea5e1c8c897263c8ee584c66c09d6e29b9dcff073bd9f4fbe95e81f31e0640cbaabf117bc05687b8ed152b07886c9186be1f2bd917a6cbe5e032afb39dcfe4f907b08cabaee46c527e3317ee178221e83df1e367bab6f68ba7f9bd0a6a0f77f345b6ca8195a763e4ef9970bce70df3c9d0d2a7b481a49331576054677d945d1171009594a329189f9f2ec9d1ecb925dcc4c3a04d8ce00363e4d0f5d35abbae08e888b82062e755d17a683292604131f28e086ab4ca1f97f208e3e257d04318301725209cf093cce1a934f9426aa828b70243af26da5a538d97986825582a7b09aa2417c4ee1b8d1191efd9126d18ac5604b7ede736c70f26bfee1970f42f28389b9392647d03492238564e122907ce16d324ba1df22adc96f89fde1d25c69a71c6b712786852468bfe25c39cb441b7654315441a30050a1b1cb705fa954a43dceba1318bfc52d462343c5ebdd99a86e66b41897a889b419f5fae61959e82337bf85a1694aa145c4ce139f28d29382209d2d82ba9779872304841e7454c4696e6786379948b4cf9c0cc69456b26ba79e2714a91cf0f32334fa26b6fe9ba02251b4583f2ec758dbb517aa927a8fa3c9cac05b43fdbffefc0fb38379e4bd77492a63da64cecc971e178d0cce51259d59170bcc07927d87c0159866343e9e05bda8ee0991232d490a1c75f0a15168a177dfe21a423aeebbb1aecc6f2dfc165877737d0a599e1fa803c473416c17bdc41b97ab1826c3d3646535bf8572f5be4841dc746baf90ffd0ea7cd9ba8124263bdbabdbeb0ee84e7d3e7a291088449ea146932e7d3b49924ebd69a50f54ae45fdc725c867425cfbcd57e34a7857a4a1f7a4e614487de02ecfc542fe79c052232fcbbed48f761427e9f10359b733d009369f22cc8f453ec0fff415f5573496fa1ddcd4505944c913b5732ea036c1cd32b0ba37192fdf630b36b84a182ca59877bebea631d28fbbda37c09635b37a381b8723fd262c035c58363c4a084a8e48549db3e6378e56ace916cb348e9252452a6b6e7028152552c40f10ba078503530931638af5280e6af22d7f486a854ed7fd228206686d9c49686418c955509954002a77a05404b5a54019282353b166e91bee481c09fe22f6cd103380c80f1a989f41d4b101af5e1d35a409c3f6603dd6a7cdec764d1c675cca074f579827a2af162967a6dead5baeb60340296887a663f1378051df028e892c305f7a69ae5979341dd911195fe95d03dc9934ccfc5a92ae8cd6e82a46b7fc994b52b0e6b6f1fe1524acf35420d0e83e11a1a6e065b7ddeb9f5aaa8f6472038f40fb967265229e66da1f20ec31c788edbf4fae44fe45fe819af67e2cd23cd95c1ffc8faad4db4ccc83a7c02ba8e79bd5df5941ce26bee20cbe0b1b6d6f279e61b9b3d7fa22e805b0d1099685d2321645e7440be0be849ff42b8217e23457d6c3cee396f3fcffde7ac6ed4261ab6b5b476573cb4ccf3456cb4954db7bb8d2823c5e30b52f21038c86750654e91090a07d8d25cbe6fc4db99e5de9c2bb92d38b663fc17eb497b1a5781facce90905656177cb51cc7c623b8078d9de4b1374b7b56b9c7b46ad49e63280dce2c6a06c562ee92651f00dca318c175fa4e7dc8efe92ded5972ef4d2080ce8a37b1d3382f0679d8c57cc06efb8fa05bb8db708f6a6336fc7b47b63514fcdbb3c52212d2c06dd0e624450ec909c3960bc133696912f657b3024d270551682d4c59cb0ea2e763c34d235646dda5e4836ba5744f70e6a89acaf54f9802bdb9ffe9925b74b1393a54d4e7530ebcef1bb66b", 0xfffffffffffffdc3}}, 0x1006)
program crashed: possible deadlock in zswap_store
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=42.860982664s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat
detailed listing:
executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
program crashed: possible deadlock in zswap_store
testing program (duration=42.860982664s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat
detailed listing:
executing program 0:
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
program crashed: possible deadlock in zswap_store
extracting C reproducer
testing compiled C program (duration=42.860982664s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat
program did not crash
simplifying guilty program options
testing program (duration=42.860982664s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat
detailed listing:
executing program 0:
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
program crashed: possible deadlock in zswap_store
extracting C reproducer
testing compiled C program (duration=42.860982664s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat
program did not crash
testing program (duration=42.860982664s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat
detailed listing:
executing program 0:
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
program did not crash
testing program (duration=42.860982664s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat
detailed listing:
executing program 0:
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
program did not crash
reproducing took 7m56.536612751s
repro crashed as (corrupted=false):
======================================================
WARNING: possible circular locking dependency detected
6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 Not tainted
------------------------------------------------------
syz-executor/5348 is trying to acquire lock:
ffffe8ffffc37f50 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:899 [inline]
ffffe8ffffc37f50 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:931 [inline]
ffffe8ffffc37f50 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1456 [inline]
ffffe8ffffc37f50 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xa3b/0x1c30 mm/zswap.c:1563
but task is already holding lock:
ffffffff8ea36f00 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
ffffffff8ea36f00 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xd4/0x3c0 mm/page_alloc.c:3951
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (fs_reclaim){+.+.}-{0:0}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__fs_reclaim_acquire mm/page_alloc.c:3853 [inline]
fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3867
might_alloc include/linux/sched/mm.h:318 [inline]
slab_pre_alloc_hook mm/slub.c:4070 [inline]
slab_alloc_node mm/slub.c:4148 [inline]
__kmalloc_cache_node_noprof+0x40/0x3a0 mm/slub.c:4337
kmalloc_node_noprof include/linux/slab.h:924 [inline]
zswap_cpu_comp_prepare+0xdc/0x400 mm/zswap.c:828
cpuhp_invoke_callback+0x415/0x830 kernel/cpu.c:204
cpuhp_issue_call+0x46f/0x7e0
__cpuhp_state_add_instance_cpuslocked+0x1ed/0x500 kernel/cpu.c:2437
__cpuhp_state_add_instance+0x27/0x40 kernel/cpu.c:2458
cpuhp_state_add_instance include/linux/cpuhotplug.h:386 [inline]
zswap_pool_create+0x38c/0x680 mm/zswap.c:291
zswap_setup+0x32a/0x4b0 mm/zswap.c:1811
do_one_initcall+0x248/0x870 init/main.c:1266
do_initcall_level+0x157/0x210 init/main.c:1328
do_initcalls+0x3f/0x80 init/main.c:1344
kernel_init_freeable+0x435/0x5d0 init/main.c:1577
kernel_init+0x1d/0x2b0 init/main.c:1466
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #0 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
acomp_ctx_get_cpu_lock mm/zswap.c:899 [inline]
zswap_compress mm/zswap.c:931 [inline]
zswap_store_page mm/zswap.c:1456 [inline]
zswap_store+0xa3b/0x1c30 mm/zswap.c:1563
swap_writepage+0x647/0xce0 mm/page_io.c:279
shmem_writepage+0x1248/0x1610 mm/shmem.c:1579
pageout mm/vmscan.c:696 [inline]
shrink_folio_list+0x3b68/0x5ca0 mm/vmscan.c:1374
evict_folios+0x3c92/0x58c0 mm/vmscan.c:4600
try_to_shrink_lruvec+0x9a6/0xc70 mm/vmscan.c:4799
shrink_one+0x3b9/0x850 mm/vmscan.c:4844
shrink_many mm/vmscan.c:4907 [inline]
lru_gen_shrink_node mm/vmscan.c:4985 [inline]
shrink_node+0x37c5/0x3e50 mm/vmscan.c:5966
shrink_zones mm/vmscan.c:6225 [inline]
do_try_to_free_pages+0x78c/0x1cf0 mm/vmscan.c:6287
try_to_free_pages+0x47c/0x1050 mm/vmscan.c:6537
__perform_reclaim mm/page_alloc.c:3929 [inline]
__alloc_pages_direct_reclaim+0x178/0x3c0 mm/page_alloc.c:3951
__alloc_pages_slowpath+0x764/0x1020 mm/page_alloc.c:4382
__alloc_pages_noprof+0x49b/0x710 mm/page_alloc.c:4766
alloc_pages_mpol_noprof+0x3e1/0x780 mm/mempolicy.c:2269
folio_alloc_mpol_noprof mm/mempolicy.c:2288 [inline]
vma_alloc_folio_noprof+0x12e/0x230 mm/mempolicy.c:2318
folio_prealloc+0x2e/0x170
wp_page_copy mm/memory.c:3367 [inline]
do_wp_page+0x1253/0x49b0 mm/memory.c:3759
handle_pte_fault+0xfa5/0x5ed0 mm/memory.c:5817
__handle_mm_fault mm/memory.c:5944 [inline]
handle_mm_fault+0x1106/0x1bb0 mm/memory.c:6112
do_user_addr_fault arch/x86/mm/fault.c:1338 [inline]
handle_page_fault arch/x86/mm/fault.c:1481 [inline]
exc_page_fault+0x459/0x8b0 arch/x86/mm/fault.c:1539
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(fs_reclaim);
lock(&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex);
lock(fs_reclaim);
lock(&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex);
*** DEADLOCK ***
2 locks held by syz-executor/5348:
#0: ffff88801f9c23d0 (&vma->vm_lock->lock){++++}-{4:4}, at: vma_start_read include/linux/mm.h:717 [inline]
#0: ffff88801f9c23d0 (&vma->vm_lock->lock){++++}-{4:4}, at: lock_vma_under_rcu+0x34b/0x790 mm/memory.c:6278
#1: ffffffff8ea36f00 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
#1: ffffffff8ea36f00 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xd4/0x3c0 mm/page_alloc.c:3951
stack backtrace:
CPU: 0 UID: 0 PID: 5348 Comm: syz-executor Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
acomp_ctx_get_cpu_lock mm/zswap.c:899 [inline]
zswap_compress mm/zswap.c:931 [inline]
zswap_store_page mm/zswap.c:1456 [inline]
zswap_store+0xa3b/0x1c30 mm/zswap.c:1563
swap_writepage+0x647/0xce0 mm/page_io.c:279
shmem_writepage+0x1248/0x1610 mm/shmem.c:1579
pageout mm/vmscan.c:696 [inline]
shrink_folio_list+0x3b68/0x5ca0 mm/vmscan.c:1374
evict_folios+0x3c92/0x58c0 mm/vmscan.c:4600
try_to_shrink_lruvec+0x9a6/0xc70 mm/vmscan.c:4799
shrink_one+0x3b9/0x850 mm/vmscan.c:4844
shrink_many mm/vmscan.c:4907 [inline]
lru_gen_shrink_node mm/vmscan.c:4985 [inline]
shrink_node+0x37c5/0x3e50 mm/vmscan.c:5966
shrink_zones mm/vmscan.c:6225 [inline]
do_try_to_free_pages+0x78c/0x1cf0 mm/vmscan.c:6287
try_to_free_pages+0x47c/0x1050 mm/vmscan.c:6537
__perform_reclaim mm/page_alloc.c:3929 [inline]
__alloc_pages_direct_reclaim+0x178/0x3c0 mm/page_alloc.c:3951
__alloc_pages_slowpath+0x764/0x1020 mm/page_alloc.c:4382
__alloc_pages_noprof+0x49b/0x710 mm/page_alloc.c:4766
alloc_pages_mpol_noprof+0x3e1/0x780 mm/mempolicy.c:2269
folio_alloc_mpol_noprof mm/mempolicy.c:2288 [inline]
vma_alloc_folio_noprof+0x12e/0x230 mm/mempolicy.c:2318
folio_prealloc+0x2e/0x170
wp_page_copy mm/memory.c:3367 [inline]
do_wp_page+0x1253/0x49b0 mm/memory.c:3759
handle_pte_fault+0xfa5/0x5ed0 mm/memory.c:5817
__handle_mm_fault mm/memory.c:5944 [inline]
handle_mm_fault+0x1106/0x1bb0 mm/memory.c:6112
do_user_addr_fault arch/x86/mm/fault.c:1338 [inline]
handle_page_fault arch/x86/mm/fault.c:1481 [inline]
exc_page_fault+0x459/0x8b0 arch/x86/mm/fault.c:1539
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7fdec557c108
Code: 84 e4 74 66 e8 89 04 00 00 41 89 c4 85 c0 0f 84 4e 01 00 00 49 c7 c5 a8 ff ff ff 64 45 8b 75 00 48 89 da 89 ee bf 02 00 00 00 93 09 00 00 45 85 e4 79 05 64 45 89 75 00 48 8b 84 24 c8 00 00
RSP: 002b:00007ffd23e9ed50 EFLAGS: 00010202
RAX: 00000000000014e5 RBX: 0000000000000000 RCX: 00007fdec557c593
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00005555920627d0 R11: 0000000000000246 R12: 00000000000014e5
R13: ffffffffffffffa8 R14: 0000000000000009 R15: 0000000000000000
syz-executor (5348) used greatest stack depth: 16496 bytes left
final repro crashed as (corrupted=false):
======================================================
WARNING: possible circular locking dependency detected
6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 Not tainted
------------------------------------------------------
syz-executor/5348 is trying to acquire lock:
ffffe8ffffc37f50 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:899 [inline]
ffffe8ffffc37f50 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:931 [inline]
ffffe8ffffc37f50 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1456 [inline]
ffffe8ffffc37f50 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xa3b/0x1c30 mm/zswap.c:1563
but task is already holding lock:
ffffffff8ea36f00 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
ffffffff8ea36f00 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xd4/0x3c0 mm/page_alloc.c:3951
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (fs_reclaim){+.+.}-{0:0}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__fs_reclaim_acquire mm/page_alloc.c:3853 [inline]
fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3867
might_alloc include/linux/sched/mm.h:318 [inline]
slab_pre_alloc_hook mm/slub.c:4070 [inline]
slab_alloc_node mm/slub.c:4148 [inline]
__kmalloc_cache_node_noprof+0x40/0x3a0 mm/slub.c:4337
kmalloc_node_noprof include/linux/slab.h:924 [inline]
zswap_cpu_comp_prepare+0xdc/0x400 mm/zswap.c:828
cpuhp_invoke_callback+0x415/0x830 kernel/cpu.c:204
cpuhp_issue_call+0x46f/0x7e0
__cpuhp_state_add_instance_cpuslocked+0x1ed/0x500 kernel/cpu.c:2437
__cpuhp_state_add_instance+0x27/0x40 kernel/cpu.c:2458
cpuhp_state_add_instance include/linux/cpuhotplug.h:386 [inline]
zswap_pool_create+0x38c/0x680 mm/zswap.c:291
zswap_setup+0x32a/0x4b0 mm/zswap.c:1811
do_one_initcall+0x248/0x870 init/main.c:1266
do_initcall_level+0x157/0x210 init/main.c:1328
do_initcalls+0x3f/0x80 init/main.c:1344
kernel_init_freeable+0x435/0x5d0 init/main.c:1577
kernel_init+0x1d/0x2b0 init/main.c:1466
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #0 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
acomp_ctx_get_cpu_lock mm/zswap.c:899 [inline]
zswap_compress mm/zswap.c:931 [inline]
zswap_store_page mm/zswap.c:1456 [inline]
zswap_store+0xa3b/0x1c30 mm/zswap.c:1563
swap_writepage+0x647/0xce0 mm/page_io.c:279
shmem_writepage+0x1248/0x1610 mm/shmem.c:1579
pageout mm/vmscan.c:696 [inline]
shrink_folio_list+0x3b68/0x5ca0 mm/vmscan.c:1374
evict_folios+0x3c92/0x58c0 mm/vmscan.c:4600
try_to_shrink_lruvec+0x9a6/0xc70 mm/vmscan.c:4799
shrink_one+0x3b9/0x850 mm/vmscan.c:4844
shrink_many mm/vmscan.c:4907 [inline]
lru_gen_shrink_node mm/vmscan.c:4985 [inline]
shrink_node+0x37c5/0x3e50 mm/vmscan.c:5966
shrink_zones mm/vmscan.c:6225 [inline]
do_try_to_free_pages+0x78c/0x1cf0 mm/vmscan.c:6287
try_to_free_pages+0x47c/0x1050 mm/vmscan.c:6537
__perform_reclaim mm/page_alloc.c:3929 [inline]
__alloc_pages_direct_reclaim+0x178/0x3c0 mm/page_alloc.c:3951
__alloc_pages_slowpath+0x764/0x1020 mm/page_alloc.c:4382
__alloc_pages_noprof+0x49b/0x710 mm/page_alloc.c:4766
alloc_pages_mpol_noprof+0x3e1/0x780 mm/mempolicy.c:2269
folio_alloc_mpol_noprof mm/mempolicy.c:2288 [inline]
vma_alloc_folio_noprof+0x12e/0x230 mm/mempolicy.c:2318
folio_prealloc+0x2e/0x170
wp_page_copy mm/memory.c:3367 [inline]
do_wp_page+0x1253/0x49b0 mm/memory.c:3759
handle_pte_fault+0xfa5/0x5ed0 mm/memory.c:5817
__handle_mm_fault mm/memory.c:5944 [inline]
handle_mm_fault+0x1106/0x1bb0 mm/memory.c:6112
do_user_addr_fault arch/x86/mm/fault.c:1338 [inline]
handle_page_fault arch/x86/mm/fault.c:1481 [inline]
exc_page_fault+0x459/0x8b0 arch/x86/mm/fault.c:1539
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(fs_reclaim);
lock(&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex);
lock(fs_reclaim);
lock(&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex);
*** DEADLOCK ***
2 locks held by syz-executor/5348:
#0: ffff88801f9c23d0 (&vma->vm_lock->lock){++++}-{4:4}, at: vma_start_read include/linux/mm.h:717 [inline]
#0: ffff88801f9c23d0 (&vma->vm_lock->lock){++++}-{4:4}, at: lock_vma_under_rcu+0x34b/0x790 mm/memory.c:6278
#1: ffffffff8ea36f00 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
#1: ffffffff8ea36f00 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xd4/0x3c0 mm/page_alloc.c:3951
stack backtrace:
CPU: 0 UID: 0 PID: 5348 Comm: syz-executor Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
acomp_ctx_get_cpu_lock mm/zswap.c:899 [inline]
zswap_compress mm/zswap.c:931 [inline]
zswap_store_page mm/zswap.c:1456 [inline]
zswap_store+0xa3b/0x1c30 mm/zswap.c:1563
swap_writepage+0x647/0xce0 mm/page_io.c:279
shmem_writepage+0x1248/0x1610 mm/shmem.c:1579
pageout mm/vmscan.c:696 [inline]
shrink_folio_list+0x3b68/0x5ca0 mm/vmscan.c:1374
evict_folios+0x3c92/0x58c0 mm/vmscan.c:4600
try_to_shrink_lruvec+0x9a6/0xc70 mm/vmscan.c:4799
shrink_one+0x3b9/0x850 mm/vmscan.c:4844
shrink_many mm/vmscan.c:4907 [inline]
lru_gen_shrink_node mm/vmscan.c:4985 [inline]
shrink_node+0x37c5/0x3e50 mm/vmscan.c:5966
shrink_zones mm/vmscan.c:6225 [inline]
do_try_to_free_pages+0x78c/0x1cf0 mm/vmscan.c:6287
try_to_free_pages+0x47c/0x1050 mm/vmscan.c:6537
__perform_reclaim mm/page_alloc.c:3929 [inline]
__alloc_pages_direct_reclaim+0x178/0x3c0 mm/page_alloc.c:3951
__alloc_pages_slowpath+0x764/0x1020 mm/page_alloc.c:4382
__alloc_pages_noprof+0x49b/0x710 mm/page_alloc.c:4766
alloc_pages_mpol_noprof+0x3e1/0x780 mm/mempolicy.c:2269
folio_alloc_mpol_noprof mm/mempolicy.c:2288 [inline]
vma_alloc_folio_noprof+0x12e/0x230 mm/mempolicy.c:2318
folio_prealloc+0x2e/0x170
wp_page_copy mm/memory.c:3367 [inline]
do_wp_page+0x1253/0x49b0 mm/memory.c:3759
handle_pte_fault+0xfa5/0x5ed0 mm/memory.c:5817
__handle_mm_fault mm/memory.c:5944 [inline]
handle_mm_fault+0x1106/0x1bb0 mm/memory.c:6112
do_user_addr_fault arch/x86/mm/fault.c:1338 [inline]
handle_page_fault arch/x86/mm/fault.c:1481 [inline]
exc_page_fault+0x459/0x8b0 arch/x86/mm/fault.c:1539
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7fdec557c108
Code: 84 e4 74 66 e8 89 04 00 00 41 89 c4 85 c0 0f 84 4e 01 00 00 49 c7 c5 a8 ff ff ff 64 45 8b 75 00 48 89 da 89 ee bf 02 00 00 00 93 09 00 00 45 85 e4 79 05 64 45 89 75 00 48 8b 84 24 c8 00 00
RSP: 002b:00007ffd23e9ed50 EFLAGS: 00010202
RAX: 00000000000014e5 RBX: 0000000000000000 RCX: 00007fdec557c593
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00005555920627d0 R11: 0000000000000246 R12: 00000000000014e5
R13: ffffffffffffffa8 R14: 0000000000000009 R15: 0000000000000000
syz-executor (5348) used greatest stack depth: 16496 bytes left