Warning: Permanently added '10.128.1.176' (ED25519) to the list of known hosts. executing program [ 93.080944][ T5834] [ 93.083323][ T5834] ====================================================== [ 93.090352][ T5834] WARNING: possible circular locking dependency detected [ 93.097387][ T5834] 6.16.0-rc1-syzkaller #0 Not tainted [ 93.102760][ T5834] ------------------------------------------------------ [ 93.109778][ T5834] syz-executor966/5834 is trying to acquire lock: [ 93.116196][ T5834] ffffffff8e2666d0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_inc+0x12/0x30 [ 93.125732][ T5834] [ 93.125732][ T5834] but task is already holding lock: [ 93.133098][ T5834] ffff888025d1a9c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 93.141832][ T5834] [ 93.141832][ T5834] which lock already depends on the new lock. [ 93.141832][ T5834] [ 93.152325][ T5834] [ 93.152325][ T5834] the existing dependency chain (in reverse order) is: [ 93.161342][ T5834] [ 93.161342][ T5834] -> #3 (&q->rq_qos_mutex){+.+.}-{4:4}: [ 93.169093][ T5834] __mutex_lock+0x199/0xb90 [ 93.174139][ T5834] wbt_init+0x393/0x540 [ 93.178827][ T5834] queue_wb_lat_store+0x354/0x3d0 [ 93.184398][ T5834] queue_attr_store+0x279/0x320 [ 93.189795][ T5834] sysfs_kf_write+0xf2/0x150 [ 93.194925][ T5834] kernfs_fop_write_iter+0x351/0x510 [ 93.200755][ T5834] vfs_write+0x6c4/0x1150 [ 93.205632][ T5834] ksys_write+0x12a/0x250 [ 93.210501][ T5834] do_syscall_64+0xcd/0x490 [ 93.215535][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.221962][ T5834] [ 93.221962][ T5834] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 93.230590][ T5834] blk_alloc_queue+0x619/0x760 [ 93.235897][ T5834] blk_mq_alloc_queue+0x175/0x290 [ 93.241468][ T5834] __blk_mq_alloc_disk+0x29/0x120 [ 93.247036][ T5834] loop_add+0x49e/0xb70 [ 93.251756][ T5834] loop_init+0x164/0x270 [ 93.256550][ T5834] do_one_initcall+0x120/0x6e0 [ 93.261849][ T5834] kernel_init_freeable+0x5c2/0x900 [ 93.267597][ T5834] kernel_init+0x1c/0x2b0 [ 93.272467][ T5834] ret_from_fork+0x5d4/0x6f0 [ 93.277598][ T5834] ret_from_fork_asm+0x1a/0x30 [ 93.282891][ T5834] [ 93.282891][ T5834] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 93.290116][ T5834] fs_reclaim_acquire+0x102/0x150 [ 93.295673][ T5834] __kmalloc_cache_node_noprof+0x53/0x420 [ 93.301931][ T5834] create_worker+0x10f/0x7e0 [ 93.307070][ T5834] workqueue_prepare_cpu+0xb5/0x160 [ 93.312804][ T5834] cpuhp_invoke_callback+0x3d5/0xa10 [ 93.318621][ T5834] __cpuhp_invoke_callback_range+0x101/0x210 [ 93.325135][ T5834] _cpu_up+0x3f5/0x930 [ 93.329738][ T5834] cpu_up+0x1dc/0x240 [ 93.334255][ T5834] cpuhp_bringup_mask+0xd8/0x210 [ 93.339728][ T5834] bringup_nonboot_cpus+0x176/0x1c0 [ 93.345462][ T5834] smp_init+0x34/0x160 [ 93.350061][ T5834] kernel_init_freeable+0x3a8/0x900 [ 93.355799][ T5834] kernel_init+0x1c/0x2b0 [ 93.360661][ T5834] ret_from_fork+0x5d4/0x6f0 [ 93.365786][ T5834] ret_from_fork_asm+0x1a/0x30 [ 93.371080][ T5834] [ 93.371080][ T5834] -> #0 (cpu_hotplug_lock){++++}-{0:0}: [ 93.378831][ T5834] __lock_acquire+0x126f/0x1c90 [ 93.384219][ T5834] lock_acquire+0x179/0x350 [ 93.389257][ T5834] cpus_read_lock+0x42/0x160 [ 93.394380][ T5834] static_key_slow_inc+0x12/0x30 [ 93.399853][ T5834] rq_qos_add+0x2f8/0x4b0 [ 93.404720][ T5834] wbt_init+0x3a9/0x540 [ 93.409407][ T5834] queue_wb_lat_store+0x354/0x3d0 [ 93.414980][ T5834] queue_attr_store+0x279/0x320 [ 93.420381][ T5834] sysfs_kf_write+0xf2/0x150 [ 93.425507][ T5834] kernfs_fop_write_iter+0x351/0x510 [ 93.431322][ T5834] vfs_write+0x6c4/0x1150 [ 93.436191][ T5834] ksys_write+0x12a/0x250 [ 93.441060][ T5834] do_syscall_64+0xcd/0x490 [ 93.446095][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.452526][ T5834] [ 93.452526][ T5834] other info that might help us debug this: [ 93.452526][ T5834] [ 93.462748][ T5834] Chain exists of: [ 93.462748][ T5834] cpu_hotplug_lock --> &q->q_usage_counter(io)#18 --> &q->rq_qos_mutex [ 93.462748][ T5834] [ 93.476939][ T5834] Possible unsafe locking scenario: [ 93.476939][ T5834] [ 93.484384][ T5834] CPU0 CPU1 [ 93.489754][ T5834] ---- ---- [ 93.495120][ T5834] lock(&q->rq_qos_mutex); [ 93.499635][ T5834] lock(&q->q_usage_counter(io)#18); [ 93.507554][ T5834] lock(&q->rq_qos_mutex); [ 93.514596][ T5834] rlock(cpu_hotplug_lock); [ 93.519197][ T5834] [ 93.519197][ T5834] *** DEADLOCK *** [ 93.519197][ T5834] [ 93.527343][ T5834] 6 locks held by syz-executor966/5834: [ 93.532913][ T5834] #0: ffff888036170428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 93.541919][ T5834] #1: ffff8880350a8c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 93.551717][ T5834] #2: ffff888141331008 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 93.561764][ T5834] #3: ffff888025d1a7c8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 93.573468][ T5834] #4: ffff888025d1a800 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 93.585426][ T5834] #5: ffff888025d1a9c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 93.594586][ T5834] [ 93.594586][ T5834] stack backtrace: [ 93.600487][ T5834] CPU: 0 UID: 0 PID: 5834 Comm: syz-executor966 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 93.600514][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 93.600530][ T5834] Call Trace: [ 93.600541][ T5834] [ 93.600552][ T5834] dump_stack_lvl+0x116/0x1f0 [ 93.600615][ T5834] print_circular_bug+0x275/0x350 [ 93.600646][ T5834] check_noncircular+0x14c/0x170 [ 93.600679][ T5834] __lock_acquire+0x126f/0x1c90 [ 93.600714][ T5834] lock_acquire+0x179/0x350 [ 93.600743][ T5834] ? static_key_slow_inc+0x12/0x30 [ 93.600776][ T5834] ? __pfx___might_resched+0x10/0x10 [ 93.600807][ T5834] cpus_read_lock+0x42/0x160 [ 93.600830][ T5834] ? static_key_slow_inc+0x12/0x30 [ 93.600861][ T5834] static_key_slow_inc+0x12/0x30 [ 93.600892][ T5834] rq_qos_add+0x2f8/0x4b0 [ 93.600925][ T5834] wbt_init+0x3a9/0x540 [ 93.600950][ T5834] queue_wb_lat_store+0x354/0x3d0 [ 93.600988][ T5834] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 93.601027][ T5834] ? __mutex_trylock_common+0xe9/0x250 [ 93.601062][ T5834] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 93.601099][ T5834] queue_attr_store+0x279/0x320 [ 93.601137][ T5834] ? __pfx_queue_attr_store+0x10/0x10 [ 93.601173][ T5834] ? __lock_acquire+0x622/0x1c90 [ 93.601210][ T5834] ? find_held_lock+0x2b/0x80 [ 93.601231][ T5834] ? sysfs_file_kobj+0xe4/0x290 [ 93.601259][ T5834] ? __pfx_queue_attr_store+0x10/0x10 [ 93.601296][ T5834] sysfs_kf_write+0xf2/0x150 [ 93.601324][ T5834] kernfs_fop_write_iter+0x351/0x510 [ 93.601348][ T5834] ? __pfx_sysfs_kf_write+0x10/0x10 [ 93.601376][ T5834] vfs_write+0x6c4/0x1150 [ 93.601409][ T5834] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 93.601435][ T5834] ? __pfx_vfs_write+0x10/0x10 [ 93.601469][ T5834] ? find_held_lock+0x2b/0x80 [ 93.601493][ T5834] ? find_held_lock+0x2b/0x80 [ 93.601516][ T5834] ksys_write+0x12a/0x250 [ 93.601548][ T5834] ? __pfx_ksys_write+0x10/0x10 [ 93.601589][ T5834] do_syscall_64+0xcd/0x490 [ 93.601611][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.601635][ T5834] RIP: 0033:0x7fd083326329 [ 93.601659][ T5834] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 93.601681][ T5834] RSP: 002b:00007ffd743f1218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 93.601702][ T5834] RAX: ffffffffffffffda RBX: 00007ffd743f13