Warning: Permanently added '10.128.1.41' (ED25519) to the list of known hosts. executing program [ 92.500154][ T5831] [ 92.502512][ T5831] ====================================================== [ 92.509542][ T5831] WARNING: possible circular locking dependency detected [ 92.516568][ T5831] 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 Not tainted [ 92.523676][ T5831] ------------------------------------------------------ [ 92.530691][ T5831] syz-executor338/5831 is trying to acquire lock: [ 92.537102][ T5831] ffffffff8e2666d0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_inc+0x12/0x30 [ 92.546625][ T5831] [ 92.546625][ T5831] but task is already holding lock: [ 92.553986][ T5831] ffff888142f029c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 92.562725][ T5831] [ 92.562725][ T5831] which lock already depends on the new lock. [ 92.562725][ T5831] [ 92.573143][ T5831] [ 92.573143][ T5831] the existing dependency chain (in reverse order) is: [ 92.582169][ T5831] [ 92.582169][ T5831] -> #3 (&q->rq_qos_mutex){+.+.}-{4:4}: [ 92.589918][ T5831] __mutex_lock+0x199/0xb90 [ 92.594966][ T5831] wbt_init+0x393/0x540 [ 92.599674][ T5831] queue_wb_lat_store+0x354/0x3d0 [ 92.605248][ T5831] queue_attr_store+0x279/0x320 [ 92.610640][ T5831] sysfs_kf_write+0xf2/0x150 [ 92.615759][ T5831] kernfs_fop_write_iter+0x351/0x510 [ 92.621577][ T5831] vfs_write+0x6c4/0x1150 [ 92.626447][ T5831] ksys_write+0x12a/0x250 [ 92.631312][ T5831] do_syscall_64+0xcd/0x490 [ 92.636346][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.642787][ T5831] [ 92.642787][ T5831] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 92.651493][ T5831] blk_alloc_queue+0x619/0x760 [ 92.656785][ T5831] blk_mq_alloc_queue+0x175/0x290 [ 92.662344][ T5831] __blk_mq_alloc_disk+0x29/0x120 [ 92.667904][ T5831] loop_add+0x49e/0xb70 [ 92.672586][ T5831] loop_init+0x164/0x270 [ 92.677366][ T5831] do_one_initcall+0x120/0x6e0 [ 92.682681][ T5831] kernel_init_freeable+0x5c2/0x900 [ 92.688414][ T5831] kernel_init+0x1c/0x2b0 [ 92.693276][ T5831] ret_from_fork+0x5d4/0x6f0 [ 92.698401][ T5831] ret_from_fork_asm+0x1a/0x30 [ 92.703691][ T5831] [ 92.703691][ T5831] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 92.710909][ T5831] fs_reclaim_acquire+0x102/0x150 [ 92.716474][ T5831] __kmalloc_cache_node_noprof+0x53/0x420 [ 92.722752][ T5831] create_worker+0x10f/0x7e0 [ 92.727883][ T5831] workqueue_prepare_cpu+0xb5/0x160 [ 92.733615][ T5831] cpuhp_invoke_callback+0x3d5/0xa10 [ 92.739430][ T5831] __cpuhp_invoke_callback_range+0x101/0x210 [ 92.745938][ T5831] _cpu_up+0x3f5/0x930 [ 92.750552][ T5831] cpu_up+0x1dc/0x240 [ 92.755062][ T5831] cpuhp_bringup_mask+0xd8/0x210 [ 92.760539][ T5831] bringup_nonboot_cpus+0x176/0x1c0 [ 92.766274][ T5831] smp_init+0x34/0x160 [ 92.770865][ T5831] kernel_init_freeable+0x3a8/0x900 [ 92.776603][ T5831] kernel_init+0x1c/0x2b0 [ 92.781462][ T5831] ret_from_fork+0x5d4/0x6f0 [ 92.786673][ T5831] ret_from_fork_asm+0x1a/0x30 [ 92.791962][ T5831] [ 92.791962][ T5831] -> #0 (cpu_hotplug_lock){++++}-{0:0}: [ 92.799709][ T5831] __lock_acquire+0x126f/0x1c90 [ 92.805092][ T5831] lock_acquire+0x179/0x350 [ 92.810134][ T5831] cpus_read_lock+0x42/0x160 [ 92.815255][ T5831] static_key_slow_inc+0x12/0x30 [ 92.820733][ T5831] rq_qos_add+0x2f8/0x4b0 [ 92.825601][ T5831] wbt_init+0x3a9/0x540 [ 92.830299][ T5831] queue_wb_lat_store+0x354/0x3d0 [ 92.835869][ T5831] queue_attr_store+0x279/0x320 [ 92.841255][ T5831] sysfs_kf_write+0xf2/0x150 [ 92.846377][ T5831] kernfs_fop_write_iter+0x351/0x510 [ 92.852190][ T5831] vfs_write+0x6c4/0x1150 [ 92.857085][ T5831] ksys_write+0x12a/0x250 [ 92.861963][ T5831] do_syscall_64+0xcd/0x490 [ 92.867014][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.873439][ T5831] [ 92.873439][ T5831] other info that might help us debug this: [ 92.873439][ T5831] [ 92.883661][ T5831] Chain exists of: [ 92.883661][ T5831] cpu_hotplug_lock --> &q->q_usage_counter(io)#18 --> &q->rq_qos_mutex [ 92.883661][ T5831] [ 92.897855][ T5831] Possible unsafe locking scenario: [ 92.897855][ T5831] [ 92.905308][ T5831] CPU0 CPU1 [ 92.910678][ T5831] ---- ---- [ 92.916046][ T5831] lock(&q->rq_qos_mutex); [ 92.920550][ T5831] lock(&q->q_usage_counter(io)#18); [ 92.928460][ T5831] lock(&q->rq_qos_mutex); [ 92.935496][ T5831] rlock(cpu_hotplug_lock); [ 92.940101][ T5831] [ 92.940101][ T5831] *** DEADLOCK *** [ 92.940101][ T5831] [ 92.948241][ T5831] 6 locks held by syz-executor338/5831: [ 92.953806][ T5831] #0: ffff888031750428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 92.962826][ T5831] #1: ffff888031686488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 92.972622][ T5831] #2: ffff8880260f23c8 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 92.982666][ T5831] #3: ffff888142f027c8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 92.994363][ T5831] #4: ffff888142f02800 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 93.006349][ T5831] #5: ffff888142f029c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 93.015633][ T5831] [ 93.015633][ T5831] stack backtrace: [ 93.021545][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: syz-executor338 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) [ 93.021575][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 93.021593][ T5831] Call Trace: [ 93.021611][ T5831] [ 93.021624][ T5831] dump_stack_lvl+0x116/0x1f0 [ 93.021665][ T5831] print_circular_bug+0x275/0x350 [ 93.021696][ T5831] check_noncircular+0x14c/0x170 [ 93.021727][ T5831] __lock_acquire+0x126f/0x1c90 [ 93.021762][ T5831] lock_acquire+0x179/0x350 [ 93.021790][ T5831] ? static_key_slow_inc+0x12/0x30 [ 93.021822][ T5831] ? __pfx___might_resched+0x10/0x10 [ 93.021848][ T5831] cpus_read_lock+0x42/0x160 [ 93.021871][ T5831] ? static_key_slow_inc+0x12/0x30 [ 93.021901][ T5831] static_key_slow_inc+0x12/0x30 [ 93.021931][ T5831] rq_qos_add+0x2f8/0x4b0 [ 93.021964][ T5831] wbt_init+0x3a9/0x540 [ 93.021988][ T5831] queue_wb_lat_store+0x354/0x3d0 [ 93.022026][ T5831] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 93.022064][ T5831] ? __mutex_trylock_common+0xe9/0x250 [ 93.022095][ T5831] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 93.022131][ T5831] queue_attr_store+0x279/0x320 [ 93.022168][ T5831] ? __pfx_queue_attr_store+0x10/0x10 [ 93.022203][ T5831] ? __lock_acquire+0x622/0x1c90 [ 93.022239][ T5831] ? find_held_lock+0x2b/0x80 [ 93.022259][ T5831] ? sysfs_file_kobj+0xe4/0x290 [ 93.022287][ T5831] ? __pfx_queue_attr_store+0x10/0x10 [ 93.022323][ T5831] sysfs_kf_write+0xf2/0x150 [ 93.022350][ T5831] kernfs_fop_write_iter+0x351/0x510 [ 93.022373][ T5831] ? __pfx_sysfs_kf_write+0x10/0x10 [ 93.022401][ T5831] vfs_write+0x6c4/0x1150 [ 93.022433][ T5831] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 93.022459][ T5831] ? __pfx_vfs_write+0x10/0x10 [ 93.022492][ T5831] ? find_held_lock+0x2b/0x80 [ 93.022515][ T5831] ? find_held_lock+0x2b/0x80 [ 93.022537][ T5831] ksys_write+0x12a/0x250 [ 93.022568][ T5831] ? __pfx_ksys_write+0x10/0x10 [ 93.022608][ T5831] do_syscall_64+0xcd/0x490 [ 93.022630][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.022654][ T5831] RIP: 0033:0x7f7751b93329 [ 93.022678][ T5831] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 93.022700][ T5831] RSP: 002b:00007ffc14f8b3a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 93.022721][ T5831] RAX