program: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) socket(0x10, 0x803, 0x0) socket(0x10, 0x803, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/vlan/vlan0\x00') preadv(r1, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/216, 0xd8}], 0x1, 0xa3, 0xd) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f00000002c0)='blkio.throttle.write_iops_device\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f00000000c0)=ANY=[], 0x6a) (fail_nth: 4) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) [ 84.850645][ T45] Bluetooth: hci0: command tx timeout [ 84.921116][ T5320] [ 84.922394][ T5320] ====================================================== [ 84.925065][ T5320] WARNING: possible circular locking dependency detected [ 84.927857][ T5320] syzkaller #0 Not tainted [ 84.930287][ T5320] ------------------------------------------------------ [ 84.933491][ T5320] syz.0.0/5320 is trying to acquire lock: [ 84.936142][ T5320] ffffffff8e85f908 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x218/0x19c0 [ 84.940549][ T5320] [ 84.940549][ T5320] but task is already holding lock: [ 84.944446][ T5320] ffff8880328eb990 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: blk_throtl_init+0x279/0x410 [ 84.949608][ T5320] [ 84.949608][ T5320] which lock already depends on the new lock. [ 84.949608][ T5320] [ 84.954294][ T5320] [ 84.954294][ T5320] the existing dependency chain (in reverse order) is: [ 84.958888][ T5320] [ 84.958888][ T5320] -> #2 (&q->q_usage_counter(io)#17){++++}-{0:0}: [ 84.963361][ T5320] blk_alloc_queue+0x546/0x680 [ 84.965844][ T5320] __blk_mq_alloc_disk+0x197/0x390 [ 84.968737][ T5320] loop_add+0x482/0xb40 [ 84.971300][ T5320] loop_init+0xd9/0x170 [ 84.973711][ T5320] do_one_initcall+0x250/0x8d0 [ 84.976181][ T5320] do_initcall_level+0x104/0x190 [ 84.979413][ T5320] do_initcalls+0x59/0xa0 [ 84.982262][ T5320] kernel_init_freeable+0x2a6/0x3e0 [ 84.985363][ T5320] kernel_init+0x1d/0x1d0 [ 84.987958][ T5320] ret_from_fork+0x51e/0xb90 [ 84.990616][ T5320] ret_from_fork_asm+0x1a/0x30 [ 84.993049][ T5320] [ 84.993049][ T5320] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 84.996823][ T5320] fs_reclaim_acquire+0x71/0x100 [ 84.999206][ T5320] prepare_alloc_pages+0x152/0x650 [ 85.002194][ T5320] __alloc_frozen_pages_noprof+0x12f/0x380 [ 85.005639][ T5320] __alloc_pages_noprof+0xa/0x30 [ 85.008352][ T5320] pcpu_populate_chunk+0x182/0xb30 [ 85.011031][ T5320] pcpu_alloc_noprof+0xc6c/0x19c0 [ 85.013582][ T5320] iommu_dma_init_fq+0x279/0x610 [ 85.016043][ T5320] iommu_setup_dma_ops+0x6c3/0x1870 [ 85.018674][ T5320] bus_iommu_probe+0x296/0x470 [ 85.021165][ T5320] iommu_device_register+0x1af/0x210 [ 85.023893][ T5320] intel_iommu_init+0x6e3/0xa60 [ 85.027069][ T5320] pci_iommu_init+0x38/0x70 [ 85.029490][ T5320] do_one_initcall+0x250/0x8d0 [ 85.032096][ T5320] do_initcall_level+0x104/0x190 [ 85.034654][ T5320] do_initcalls+0x59/0xa0 [ 85.037319][ T5320] kernel_init_freeable+0x2a6/0x3e0 [ 85.040845][ T5320] kernel_init+0x1d/0x1d0 [ 85.043594][ T5320] ret_from_fork+0x51e/0xb90 [ 85.046419][ T5320] ret_from_fork_asm+0x1a/0x30 [ 85.049049][ T5320] [ 85.049049][ T5320] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 85.053508][ T5320] __lock_acquire+0x15a5/0x2cf0 [ 85.056295][ T5320] lock_acquire+0xf0/0x2e0 [ 85.058841][ T5320] __mutex_lock+0x19f/0x1300 [ 85.061515][ T5320] pcpu_alloc_noprof+0x218/0x19c0 [ 85.064607][ T5320] __percpu_counter_init_many+0x43/0x380 [ 85.067751][ T5320] blkg_rwstat_init+0x2c/0x170 [ 85.071054][ T5320] throtl_pd_alloc+0xb6/0x460 [ 85.073660][ T5320] blkcg_activate_policy+0x692/0xb40 [ 85.076291][ T5320] blk_throtl_init+0x2f6/0x410 [ 85.078620][ T5320] tg_set_conf+0x1d6/0x4c0 [ 85.081061][ T5320] cgroup_file_write+0x36f/0x790 [ 85.083696][ T5320] kernfs_fop_write_iter+0x3af/0x540 [ 85.086483][ T5320] vfs_write+0x61d/0xb90 [ 85.088667][ T5320] ksys_write+0x150/0x270 [ 85.091092][ T5320] do_syscall_64+0x14d/0xf80 [ 85.093864][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.096996][ T5320] [ 85.096996][ T5320] other info that might help us debug this: [ 85.096996][ T5320] [ 85.102348][ T5320] Chain exists of: [ 85.102348][ T5320] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#17 [ 85.102348][ T5320] [ 85.109793][ T5320] Possible unsafe locking scenario: [ 85.109793][ T5320] [ 85.113299][ T5320] CPU0 CPU1 [ 85.116296][ T5320] ---- ---- [ 85.118943][ T5320] lock(&q->q_usage_counter(io)#17); [ 85.121270][ T5320] lock(fs_reclaim); [ 85.123899][ T5320] lock(&q->q_usage_counter(io)#17); [ 85.127277][ T5320] lock(pcpu_alloc_mutex); [ 85.129607][ T5320] [ 85.129607][ T5320] *** DEADLOCK *** [ 85.129607][ T5320] [ 85.133998][ T5320] 7 locks held by syz.0.0/5320: [ 85.136541][ T5320] #0: ffff8880330967f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x246/0x320 [ 85.140823][ T5320] #1: ffff888038d3a420 (sb_writers#10){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 85.145851][ T5320] #2: ffff888038721888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1de/0x540 [ 85.150621][ T5320] #3: ffff8880425b7968 (kn->active#65){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x231/0x540 [ 85.155215][ T5320] #4: ffff8880328ebb98 (&q->rq_qos_mutex){+.+.}-{4:4}, at: blkg_conf_open_bdev+0x2b0/0x3c0 [ 85.161355][ T5320] #5: ffff8880328eb990 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: blk_throtl_init+0x279/0x410 [ 85.166426][ T5320] #6: ffff8880328eb9c8 (&q->q_usage_counter(queue)){+.+.}-{0:0}, at: blk_throtl_init+0x279/0x410 [ 85.171869][ T5320] [ 85.171869][ T5320] stack backtrace: [ 85.174794][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.174813][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.174819][ T5320] Call Trace: [ 85.174827][ T5320] [ 85.174833][ T5320] dump_stack_lvl+0xe8/0x150 [ 85.174855][ T5320] print_circular_bug+0x2e1/0x300 [ 85.174875][ T5320] check_noncircular+0x12e/0x150 [ 85.174890][ T5320] __lock_acquire+0x15a5/0x2cf0 [ 85.174905][ T5320] ? do_raw_spin_lock+0x12b/0x2f0 [ 85.174916][ T5320] lock_acquire+0xf0/0x2e0 [ 85.174928][ T5320] ? pcpu_alloc_noprof+0x218/0x19c0 [ 85.174944][ T5320] __mutex_lock+0x19f/0x1300 [ 85.174957][ T5320] ? pcpu_alloc_noprof+0x218/0x19c0 [ 85.174971][ T5320] ? kasan_save_track+0x4f/0x80 [ 85.174986][ T5320] ? kasan_save_track+0x3e/0x80 [ 85.175000][ T5320] ? __kasan_kmalloc+0x93/0xb0 [ 85.175008][ T5320] ? __kmalloc_cache_node_noprof+0x3ef/0x6b0 [ 85.175017][ T5320] ? blkcg_activate_policy+0x692/0xb40 [ 85.175028][ T5320] ? blk_throtl_init+0x2f6/0x410 [ 85.175039][ T5320] ? tg_set_conf+0x1d6/0x4c0 [ 85.175050][ T5320] ? pcpu_alloc_noprof+0x218/0x19c0 [ 85.175063][ T5320] ? kernfs_fop_write_iter+0x3af/0x540 [ 85.175072][ T5320] ? vfs_write+0x61d/0xb90 [ 85.175086][ T5320] ? ksys_write+0x150/0x270 [ 85.175094][ T5320] ? do_syscall_64+0x14d/0xf80 [ 85.175105][ T5320] ? __pfx___mutex_lock+0x10/0x10 [ 85.175119][ T5320] pcpu_alloc_noprof+0x218/0x19c0 [ 85.175136][ T5320] ? rcu_is_watching+0x15/0xb0 [ 85.175150][ T5320] __percpu_counter_init_many+0x43/0x380 [ 85.175165][ T5320] ? __kmalloc_cache_node_noprof+0x3ef/0x6b0 [ 85.175176][ T5320] blkg_rwstat_init+0x2c/0x170 [ 85.175187][ T5320] throtl_pd_alloc+0xb6/0x460 [ 85.175197][ T5320] ? __pfx_throtl_pd_alloc+0x10/0x10 [ 85.175207][ T5320] blkcg_activate_policy+0x692/0xb40 [ 85.175221][ T5320] blk_throtl_init+0x2f6/0x410 [ 85.175235][ T5320] tg_set_conf+0x1d6/0x4c0 [ 85.175248][ T5320] ? __pfx_tg_set_conf+0x10/0x10 [ 85.175261][ T5320] ? kernfs_root+0x1c/0x230 [ 85.175272][ T5320] ? kernfs_root+0x1c/0x230 [ 85.175283][ T5320] ? kernfs_root+0x1c/0x230 [ 85.175294][ T5320] ? kernfs_root+0x1ea/0x230 [ 85.175305][ T5320] ? __pfx_tg_set_conf_uint+0x10/0x10 [ 85.175317][ T5320] cgroup_file_write+0x36f/0x790 [ 85.175333][ T5320] ? __pfx_cgroup_file_write+0x10/0x10 [ 85.175347][ T5320] ? __pfx_cgroup_file_write+0x10/0x10 [ 85.175359][ T5320] kernfs_fop_write_iter+0x3af/0x540 [ 85.175369][ T5320] vfs_write+0x61d/0xb90 [ 85.175384][ T5320] ? __pfx_vfs_write+0x10/0x10 [ 85.175399][ T5320] ? __fget_files+0x2a/0x420 [ 85.175413][ T5320] ksys_write+0x150/0x270 [ 85.175422][ T5320] ? __pfx_ksys_write+0x10/0x10 [ 85.175438][ T5320] do_syscall_64+0x14d/0xf80 [ 85.175456][ T5320] ? trace_irq_disable+0x3b/0x150 [ 85.175465][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.175475][ T5320] ? clear_bhb_loop+0x40/0x90 [ 85.175485][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.175495][ T5320] RIP: 0033:0x7febbc79c799 [ 85.175507][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.175516][ T5320] RSP: 002b:00007febb8becfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 85.175528][ T5320] RAX: ffffffffffffffda RBX: 00007febbca15fa0 RCX: 00007febbc79c799 [ 85.175535][ T5320] RDX: 000000000000006a RSI: 00002000000000c0 RDI: 0000000000000007 [ 85.175542][ T5320] RBP: 00007febb8bed050 R08: 0000000000000000 R09: 0000000000000000 [ 85.175548][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 85.175555][ T5320] R13: 00007febbca16038 R14: 00007febbca15fa0 R15: 00007ffceefab578 [ 85.175564][ T5320]