last executing test programs: 292.979235ms ago: executing program 1 (id=182): lremovexattr(&(0x7f0000000000), &(0x7f0000000000)) 224.350669ms ago: executing program 1 (id=185): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1', 0x800, 0x0) 224.240903ms ago: executing program 2 (id=186): chown(&(0x7f0000000000), 0x0, 0x0) 223.825604ms ago: executing program 2 (id=189): syz_open_dev$dmmidi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$dmmidi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$dmmidi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$dmmidi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$dmmidi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$dmmidi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$dmmidi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$dmmidi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$dmmidi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$dmmidi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$dmmidi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$dmmidi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$dmmidi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$dmmidi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$dmmidi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$dmmidi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$dmmidi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$dmmidi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$dmmidi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$dmmidi(&(0x7f0000000500), 0x4, 0x800) 158.918836ms ago: executing program 2 (id=193): socket$key(0xf, 0x3, 0x2) 158.562949ms ago: executing program 0 (id=196): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio', 0x800, 0x0) 158.419941ms ago: executing program 2 (id=197): syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) 98.289231ms ago: executing program 0 (id=198): process_madvise(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 98.163635ms ago: executing program 2 (id=199): open_by_handle_at(0xffffffffffffffff, &(0x7f0000000000), 0x0) 98.033763ms ago: executing program 2 (id=200): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/rm_contexts', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/rm_contexts', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/rm_contexts', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/rm_contexts', 0x800, 0x0) 97.960087ms ago: executing program 0 (id=201): setpriority(0x0, 0x0, 0x0) 97.708752ms ago: executing program 1 (id=202): getegid() 23.704806ms ago: executing program 0 (id=204): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log', 0x0, 0x0) 23.350303ms ago: executing program 1 (id=205): getitimer(0x0, &(0x7f0000000000)) 23.205863ms ago: executing program 0 (id=206): getgroups(0x0, &(0x7f0000000000)) 22.990596ms ago: executing program 1 (id=207): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vndbinder', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vndbinder', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vndbinder', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vndbinder', 0x800, 0x0) 22.747532ms ago: executing program 0 (id=208): io_getevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0) 0s ago: executing program 1 (id=210): ppoll(&(0x7f0000000000), 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:65032' (ED25519) to the list of known hosts. syzkaller login: [ 50.348612][ T5771] cgroup: Unknown subsys name 'net' [ 50.475039][ T5771] cgroup: Unknown subsys name 'cpuset' [ 50.478792][ T5771] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 52.157336][ T5771] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 56.012189][ T5848] mmap: syz.1.19 (5848) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 56.641489][ T5939] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 57.870698][ T6047] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 57.955988][ T6047] [ 57.956773][ T6047] ====================================================== [ 57.958838][ T6047] WARNING: possible circular locking dependency detected [ 57.960848][ T6047] syzkaller #0 Not tainted [ 57.962237][ T6047] ------------------------------------------------------ [ 57.964260][ T6047] syz-executor/6047 is trying to acquire lock: [ 57.966048][ T6047] ffffffff8e04f760 (fs_reclaim){+.+.}-{0:0}, at: prepare_alloc_pages+0x152/0x650 [ 57.968680][ T6047] [ 57.968680][ T6047] but task is already holding lock: [ 57.970782][ T6047] ffffffff8e02dde8 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x25b/0x1750 [ 57.973449][ T6047] [ 57.973449][ T6047] which lock already depends on the new lock. [ 57.973449][ T6047] [ 57.976408][ T6047] [ 57.976408][ T6047] the existing dependency chain (in reverse order) is: [ 57.978928][ T6047] [ 57.978928][ T6047] -> #2 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 57.981156][ T6047] __mutex_lock+0x187/0x1350 [ 57.982672][ T6047] pcpu_alloc_noprof+0x25b/0x1750 [ 57.984262][ T6047] blk_stat_alloc_callback+0xd5/0x220 [ 57.985976][ T6047] wbt_init+0xa3/0x500 [ 57.987324][ T6047] wbt_enable_default+0x25d/0x350 [ 57.988917][ T6047] blk_register_queue+0x36a/0x3f0 [ 57.990456][ T6047] __add_disk+0x677/0xd50 [ 57.991867][ T6047] add_disk_fwnode+0xfc/0x480 [ 57.993334][ T6047] loop_add+0x7f0/0xad0 [ 57.994649][ T6047] loop_init+0xd9/0x170 [ 57.995966][ T6047] do_one_initcall+0x1fb/0x820 [ 57.997439][ T6047] do_initcall_level+0x104/0x190 [ 57.998949][ T6047] do_initcalls+0x59/0xa0 [ 58.000315][ T6047] kernel_init_freeable+0x334/0x4b0 [ 58.001884][ T6047] kernel_init+0x1d/0x1d0 [ 58.003248][ T6047] ret_from_fork+0x599/0xb30 [ 58.004686][ T6047] ret_from_fork_asm+0x1a/0x30 [ 58.006184][ T6047] [ 58.006184][ T6047] -> #1 (&q->q_usage_counter(io)#17){++++}-{0:0}: [ 58.008527][ T6047] blk_alloc_queue+0x538/0x620 [ 58.010024][ T6047] __blk_mq_alloc_disk+0x15c/0x340 [ 58.011588][ T6047] loop_add+0x411/0xad0 [ 58.012895][ T6047] loop_init+0xd9/0x170 [ 58.014206][ T6047] do_one_initcall+0x1fb/0x820 [ 58.015731][ T6047] do_initcall_level+0x104/0x190 [ 58.017278][ T6047] do_initcalls+0x59/0xa0 [ 58.018706][ T6047] kernel_init_freeable+0x334/0x4b0 [ 58.020322][ T6047] kernel_init+0x1d/0x1d0 [ 58.021718][ T6047] ret_from_fork+0x599/0xb30 [ 58.023155][ T6047] ret_from_fork_asm+0x1a/0x30 [ 58.024637][ T6047] [ 58.024637][ T6047] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 58.026682][ T6047] __lock_acquire+0x15a6/0x2cf0 [ 58.028214][ T6047] lock_acquire+0x117/0x340 [ 58.029641][ T6047] fs_reclaim_acquire+0x72/0x100 [ 58.031159][ T6047] prepare_alloc_pages+0x152/0x650 [ 58.032752][ T6047] __alloc_frozen_pages_noprof+0x123/0x370 [ 58.034526][ T6047] __alloc_pages_noprof+0xa/0x30 [ 58.036094][ T6047] pcpu_populate_chunk+0x182/0xb30 [ 58.037695][ T6047] pcpu_alloc_noprof+0xcb6/0x1750 [ 58.039287][ T6047] xt_percpu_counter_alloc+0x161/0x220 [ 58.041008][ T6047] translate_table+0x1323/0x2040 [ 58.042528][ T6047] ip6t_register_table+0x106/0x7d0 [ 58.044161][ T6047] ip6table_nat_table_init+0x43/0x2e0 [ 58.045854][ T6047] xt_find_table_lock+0x30c/0x3e0 [ 58.047421][ T6047] xt_request_find_table_lock+0x26/0x100 [ 58.049146][ T6047] do_ip6t_get_ctl+0x730/0x1180 [ 58.050659][ T6047] nf_getsockopt+0x26e/0x290 [ 58.052094][ T6047] ipv6_getsockopt+0x1ed/0x290 [ 58.053575][ T6047] do_sock_getsockopt+0x2b4/0x3d0 [ 58.055128][ T6047] __x64_sys_getsockopt+0x1a5/0x250 [ 58.056726][ T6047] do_syscall_64+0xfa/0xf80 [ 58.058136][ T6047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.059949][ T6047] [ 58.059949][ T6047] other info that might help us debug this: [ 58.059949][ T6047] [ 58.062767][ T6047] Chain exists of: [ 58.062767][ T6047] fs_reclaim --> &q->q_usage_counter(io)#17 --> pcpu_alloc_mutex [ 58.062767][ T6047] [ 58.066490][ T6047] Possible unsafe locking scenario: [ 58.066490][ T6047] [ 58.068634][ T6047] CPU0 CPU1 [ 58.070117][ T6047] ---- ---- [ 58.071618][ T6047] lock(pcpu_alloc_mutex); [ 58.072924][ T6047] lock(&q->q_usage_counter(io)#17); [ 58.075105][ T6047] lock(pcpu_alloc_mutex); [ 58.077054][ T6047] lock(fs_reclaim); [ 58.078182][ T6047] [ 58.078182][ T6047] *** DEADLOCK *** [ 58.078182][ T6047] [ 58.080413][ T6047] 1 lock held by syz-executor/6047: [ 58.081898][ T6047] #0: ffffffff8e02dde8 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0x25b/0x1750 [ 58.084702][ T6047] [ 58.084702][ T6047] stack backtrace: [ 58.086372][ T6047] CPU: 0 UID: 0 PID: 6047 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 58.086382][ T6047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 58.086388][ T6047] Call Trace: [ 58.086393][ T6047] [ 58.086397][ T6047] dump_stack_lvl+0x189/0x250 [ 58.086410][ T6047] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.086418][ T6047] ? __pfx__printk+0x10/0x10 [ 58.086429][ T6047] ? print_lock_name+0xde/0x100 [ 58.086439][ T6047] print_circular_bug+0x2e2/0x300 [ 58.086450][ T6047] check_noncircular+0x12e/0x150 [ 58.086460][ T6047] __lock_acquire+0x15a6/0x2cf0 [ 58.086468][ T6047] ? is_bpf_text_address+0x26/0x2b0 [ 58.086480][ T6047] ? __lock_acquire+0x6b6/0x2cf0 [ 58.086488][ T6047] ? prepare_alloc_pages+0x152/0x650 [ 58.086496][ T6047] lock_acquire+0x117/0x340 [ 58.086503][ T6047] ? prepare_alloc_pages+0x152/0x650 [ 58.086512][ T6047] fs_reclaim_acquire+0x72/0x100 [ 58.086520][ T6047] ? prepare_alloc_pages+0x152/0x650 [ 58.086527][ T6047] prepare_alloc_pages+0x152/0x650 [ 58.086559][ T6047] __alloc_frozen_pages_noprof+0x123/0x370 [ 58.086573][ T6047] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 58.086589][ T6047] __alloc_pages_noprof+0xa/0x30 [ 58.086597][ T6047] pcpu_populate_chunk+0x182/0xb30 [ 58.086607][ T6047] pcpu_alloc_noprof+0xcb6/0x1750 [ 58.086616][ T6047] xt_percpu_counter_alloc+0x161/0x220 [ 58.086627][ T6047] translate_table+0x1323/0x2040 [ 58.086642][ T6047] ? __pfx_translate_table+0x10/0x10 [ 58.086654][ T6047] ? rcu_is_watching+0x15/0xb0 [ 58.086663][ T6047] ? trace_kmalloc+0x1f/0xb0 [ 58.086669][ T6047] ? __kvmalloc_node_noprof+0x5f5/0x920 [ 58.086677][ T6047] ? ip6t_register_table+0xf0/0x7d0 [ 58.086688][ T6047] ip6t_register_table+0x106/0x7d0 [ 58.086698][ T6047] ? __pfx_ip6t_register_table+0x10/0x10 [ 58.086708][ T6047] ? ip6t_alloc_initial_table+0x574/0x6d0 [ 58.086719][ T6047] ip6table_nat_table_init+0x43/0x2e0 [ 58.086726][ T6047] xt_find_table_lock+0x30c/0x3e0 [ 58.086735][ T6047] xt_request_find_table_lock+0x26/0x100 [ 58.086744][ T6047] do_ip6t_get_ctl+0x730/0x1180 [ 58.086755][ T6047] ? __pfx_do_ip6t_get_ctl+0x10/0x10 [ 58.086765][ T6047] ? __mutex_trylock_common+0x153/0x260 [ 58.086774][ T6047] ? __pfx___mutex_trylock_common+0x10/0x10 [ 58.086783][ T6047] ? rcu_is_watching+0x15/0xb0 [ 58.086792][ T6047] ? trace_contention_end+0x39/0x100 [ 58.086801][ T6047] ? nf_getsockopt+0x224/0x290 [ 58.086822][ T6047] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 58.086832][ T6047] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 58.086841][ T6047] ? __might_fault+0xb0/0x130 [ 58.086852][ T6047] nf_getsockopt+0x26e/0x290 [ 58.086860][ T6047] ipv6_getsockopt+0x1ed/0x290 [ 58.086872][ T6047] ? __pfx_ipv6_getsockopt+0x10/0x10 [ 58.086882][ T6047] ? sock_common_getsockopt+0x2d/0xb0 [ 58.086890][ T6047] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 58.086897][ T6047] do_sock_getsockopt+0x2b4/0x3d0 [ 58.086906][ T6047] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 58.086914][ T6047] ? do_syscall_64+0x80/0xf80 [ 58.086923][ T6047] ? exc_page_fault+0x82/0x100 [ 58.086932][ T6047] __x64_sys_getsockopt+0x1a5/0x250 [ 58.086940][ T6047] ? do_syscall_64+0x80/0xf80 [ 58.086948][ T6047] ? do_syscall_64+0x80/0xf80 [ 58.086956][ T6047] do_syscall_64+0xfa/0xf80 [ 58.086969][ T6047] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.086977][ T6047] ? exc_page_fault+0xab/0x100 [ 58.086984][ T6047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.086992][ T6047] RIP: 0033:0x7feba799150a [ 58.087001][ T6047] Code: ff c3 66 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb b8 0f 1f 44 00 00 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 [ 58.087014][ T6047] RSP: 002b:00007fff14c6a9e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 58.087022][ T6047] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007feba799150a [ 58.087028][ T6047] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 58.087032][ T6047] RBP: 0000000000000029 R08: 00007fff14c6aa0c R09: ffffffffff000000 [ 58.087037][ T6047] R10: 00007feba7bb6368 R11: 0000000000000246 R12: 00007feba7a30907 [ 58.087042][ T6047] R13: 00007feba7bb7e60 R14: 00007feba7bb6368 R15: 00007feba7bb6360 [ 58.087050][ T6047] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)