Warning: Permanently added '10.128.0.85' (ED25519) to the list of known hosts. executing program [ 81.359363][ T5834] [ 81.361732][ T5834] ====================================================== [ 81.368862][ T5834] WARNING: possible circular locking dependency detected [ 81.375938][ T5834] 6.14.0-syzkaller-05877-g1a9239bb4253 #0 Not tainted [ 81.382810][ T5834] ------------------------------------------------------ [ 81.389910][ T5834] syz-executor161/5834 is trying to acquire lock: [ 81.396344][ T5834] ffff8881437b1958 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310 [ 81.406229][ T5834] [ 81.406229][ T5834] but task is already holding lock: [ 81.413617][ T5834] ffff8881437b1428 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 81.424922][ T5834] [ 81.424922][ T5834] which lock already depends on the new lock. [ 81.424922][ T5834] [ 81.435349][ T5834] [ 81.435349][ T5834] the existing dependency chain (in reverse order) is: [ 81.444373][ T5834] [ 81.444373][ T5834] -> #2 (&q->q_usage_counter(io)#29){++++}-{0:0}: [ 81.453070][ T5834] blk_alloc_queue+0x619/0x760 [ 81.458389][ T5834] blk_mq_alloc_queue+0x179/0x290 [ 81.464032][ T5834] __blk_mq_alloc_disk+0x29/0x120 [ 81.469603][ T5834] loop_add+0x496/0xb70 [ 81.474304][ T5834] loop_init+0x164/0x270 [ 81.479088][ T5834] do_one_initcall+0x120/0x6e0 [ 81.484402][ T5834] kernel_init_freeable+0x5c2/0x900 [ 81.490200][ T5834] kernel_init+0x1c/0x2b0 [ 81.495100][ T5834] ret_from_fork+0x45/0x80 [ 81.500044][ T5834] ret_from_fork_asm+0x1a/0x30 [ 81.505345][ T5834] [ 81.505345][ T5834] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 81.512587][ T5834] fs_reclaim_acquire+0x102/0x150 [ 81.518156][ T5834] blk_mq_alloc_and_init_hctx+0x503/0x11c0 [ 81.524567][ T5834] blk_mq_realloc_hw_ctxs+0x8f6/0xc00 [ 81.530537][ T5834] blk_mq_init_allocated_queue+0x3af/0x1230 [ 81.536978][ T5834] blk_mq_alloc_queue+0x1c2/0x290 [ 81.542547][ T5834] __blk_mq_alloc_disk+0x29/0x120 [ 81.548183][ T5834] loop_add+0x496/0xb70 [ 81.552888][ T5834] loop_init+0x164/0x270 [ 81.557678][ T5834] do_one_initcall+0x120/0x6e0 [ 81.562982][ T5834] kernel_init_freeable+0x5c2/0x900 [ 81.568827][ T5834] kernel_init+0x1c/0x2b0 [ 81.573731][ T5834] ret_from_fork+0x45/0x80 [ 81.578691][ T5834] ret_from_fork_asm+0x1a/0x30 [ 81.584009][ T5834] [ 81.584009][ T5834] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 81.591882][ T5834] __lock_acquire+0x1173/0x1ba0 [ 81.597294][ T5834] lock_acquire+0x179/0x350 [ 81.602350][ T5834] __mutex_lock+0x19a/0xb00 [ 81.607389][ T5834] queue_requests_store+0x1c7/0x310 [ 81.613136][ T5834] queue_attr_store+0x270/0x310 [ 81.618537][ T5834] sysfs_kf_write+0x117/0x170 [ 81.623753][ T5834] kernfs_fop_write_iter+0x349/0x510 [ 81.629577][ T5834] iter_file_splice_write+0x91c/0x1150 [ 81.635579][ T5834] direct_splice_actor+0x18f/0x6c0 [ 81.641239][ T5834] splice_direct_to_actor+0x342/0xa30 [ 81.647193][ T5834] do_splice_direct+0x174/0x240 [ 81.652628][ T5834] do_sendfile+0xafd/0xe50 [ 81.657640][ T5834] __x64_sys_sendfile64+0x1d8/0x220 [ 81.663371][ T5834] do_syscall_64+0xcd/0x260 [ 81.668399][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.674904][ T5834] [ 81.674904][ T5834] other info that might help us debug this: [ 81.674904][ T5834] [ 81.685245][ T5834] Chain exists of: [ 81.685245][ T5834] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#29 [ 81.685245][ T5834] [ 81.699021][ T5834] Possible unsafe locking scenario: [ 81.699021][ T5834] [ 81.706470][ T5834] CPU0 CPU1 [ 81.711839][ T5834] ---- ---- [ 81.717288][ T5834] lock(&q->q_usage_counter(io)#29); [ 81.722761][ T5834] lock(fs_reclaim); [ 81.729284][ T5834] lock(&q->q_usage_counter(io)#29); [ 81.737210][ T5834] lock(&q->elevator_lock); [ 81.741811][ T5834] [ 81.741811][ T5834] *** DEADLOCK *** [ 81.741811][ T5834] [ 81.749954][ T5834] 5 locks held by syz-executor161/5834: [ 81.755594][ T5834] #0: ffff88803625a420 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x342/0xa30 [ 81.765830][ T5834] #1: ffff888028f3e488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x287/0x510 [ 81.775621][ T5834] #2: ffff888022fb55a8 (kn->active#47){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x510 [ 81.785682][ T5834] #3: ffff8881437b1428 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 81.797382][ T5834] #4: ffff8881437b1460 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 81.809341][ T5834] [ 81.809341][ T5834] stack backtrace: [ 81.815255][ T5834] CPU: 0 UID: 0 PID: 5834 Comm: syz-executor161 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 81.815286][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 81.815302][ T5834] Call Trace: [ 81.815311][ T5834] [ 81.815323][ T5834] dump_stack_lvl+0x116/0x1f0 [ 81.815352][ T5834] print_circular_bug+0x275/0x350 [ 81.815382][ T5834] check_noncircular+0x14c/0x170 [ 81.815414][ T5834] __lock_acquire+0x1173/0x1ba0 [ 81.815446][ T5834] ? __lock_acquire+0xaa4/0x1ba0 [ 81.815476][ T5834] lock_acquire+0x179/0x350 [ 81.815506][ T5834] ? queue_requests_store+0x1c7/0x310 [ 81.815528][ T5834] ? __pfx___might_resched+0x10/0x10 [ 81.815558][ T5834] __mutex_lock+0x19a/0xb00 [ 81.815578][ T5834] ? queue_requests_store+0x1c7/0x310 [ 81.815600][ T5834] ? mark_held_locks+0x49/0x80 [ 81.815628][ T5834] ? queue_requests_store+0x1c7/0x310 [ 81.815649][ T5834] ? lockdep_hardirqs_on+0x7c/0x110 [ 81.815692][ T5834] ? __pfx___mutex_lock+0x10/0x10 [ 81.815713][ T5834] ? blk_mq_freeze_queue_wait+0xad/0x1b0 [ 81.815748][ T5834] ? __pfx_autoremove_wake_function+0x10/0x10 [ 81.815778][ T5834] ? queue_requests_store+0x1c7/0x310 [ 81.815799][ T5834] queue_requests_store+0x1c7/0x310 [ 81.815820][ T5834] ? __pfx_queue_requests_store+0x10/0x10 [ 81.815842][ T5834] ? __mutex_trylock_common+0xe9/0x250 [ 81.815874][ T5834] ? __pfx_queue_requests_store+0x10/0x10 [ 81.815895][ T5834] queue_attr_store+0x270/0x310 [ 81.815930][ T5834] ? __pfx_queue_attr_store+0x10/0x10 [ 81.815964][ T5834] ? __lock_acquire+0x5ca/0x1ba0 [ 81.815994][ T5834] ? kernfs_fop_write_iter+0x287/0x510 [ 81.816026][ T5834] ? __pfx_queue_attr_store+0x10/0x10 [ 81.816061][ T5834] sysfs_kf_write+0x117/0x170 [ 81.816088][ T5834] kernfs_fop_write_iter+0x349/0x510 [ 81.816113][ T5834] ? __pfx_sysfs_kf_write+0x10/0x10 [ 81.816141][ T5834] iter_file_splice_write+0x91c/0x1150 [ 81.816179][ T5834] ? __pfx_iter_file_splice_write+0x10/0x10 [ 81.816213][ T5834] ? __pfx_copy_splice_read+0x10/0x10 [ 81.816247][ T5834] ? __pfx_iter_file_splice_write+0x10/0x10 [ 81.816279][ T5834] direct_splice_actor+0x18f/0x6c0 [ 81.816311][ T5834] splice_direct_to_actor+0x342/0xa30 [ 81.816341][ T5834] ? __pfx_direct_splice_actor+0x10/0x10 [ 81.816373][ T5834] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 81.816406][ T5834] do_splice_direct+0x174/0x240 [ 81.816435][ T5834] ? __pfx_do_splice_direct+0x10/0x10 [ 81.816465][ T5834] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 81.816496][ T5834] ? rw_verify_area+0xcf/0x680 [ 81.816523][ T5834] do_sendfile+0xafd/0xe50 [ 81.816552][ T5834] ? __pfx_do_sendfile+0x10/0x10 [ 81.816584][ T5834] __x64_sys_sendfile64+0x1d8/0x220 [ 81.816605][ T5834] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 81.816682][ T5834] do_syscall_64+0xcd/0x260 [ 81.816725][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.816749][ T5834] RIP: 0033:0x7f5e82d252e9 [ 81.816774][ T5834] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 81.816800][ T5834] RSP: 002b:00007ffe14bb84d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 81.816822][ T5834] RAX: ffffffffffffffda RBX: 00007ffe14bb86a8 RCX: 00007f5e82d252e9 [ 81.816837][ T5834] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 81.816850][ T5834] RBP: 00007f5e82d98610 R08: 0000000000000000 R09: 00007ffe14bb86a8 [ 81.816865][ T5834] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 81.816878][ T5834] R13: 00007ffe14bb8698 R14: 0000000000000001 R15: 0000000