./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1428207873 <...> Warning: Permanently added '10.128.0.65' (ED25519) to the list of known hosts. execve("./syz-executor1428207873", ["./syz-executor1428207873"], 0x7ffe4c684fc0 /* 10 vars */) = 0 brk(NULL) = 0x55555b867000 brk(0x55555b867d00) = 0x55555b867d00 arch_prctl(ARCH_SET_FS, 0x55555b867380) = 0 set_tid_address(0x55555b867650) = 5822 set_robust_list(0x55555b867660, 24) = 0 rseq(0x55555b867ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1428207873", 4096) = 28 getrandom("\xbb\x9d\x44\xee\x16\xb7\x2a\x90", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555b867d00 brk(0x55555b888d00) = 0x55555b888d00 brk(0x55555b889000) = 0x55555b889000 mprotect(0x7f21dc84f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f21d4200000 write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216 munmap(0x7f21d4200000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file0", 0777) = 0 [ 86.766541][ T5822] loop0: detected capacity change from 0 to 32768 [ 86.810640][ T5822] ======================================================= [ 86.810640][ T5822] WARNING: The mand mount option has been deprecated and [ 86.810640][ T5822] and is ignored by this kernel. Remove the mand [ 86.810640][ T5822] option from the mount to silence this warning. [ 86.810640][ T5822] ======================================================= [ 86.855344][ T5822] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 86.909624][ T5822] XFS (loop0): Ending clean mount [ 86.920630][ T5822] XFS (loop0): Quotacheck needed: Please wait. mount("/dev/loop0", "./file0", "xfs", MS_MANDLOCK|MS_NODIRATIME, "lazytime,uqnoenforce,quota,filestreams,grpquota,allocsize=09m,largeio,,nouuid") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "/proc/sys/vm/drop_caches", O_WRONLY) = 4 [ 86.951194][ T5822] XFS (loop0): Quotacheck: Done. [ 87.028337][ T5822] [ 87.030727][ T5822] ====================================================== [ 87.037744][ T5822] WARNING: possible circular locking dependency detected [ 87.044858][ T5822] 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 Not tainted [ 87.052092][ T5822] ------------------------------------------------------ [ 87.059684][ T5822] syz-executor142/5822 is trying to acquire lock: [ 87.066293][ T5822] ffff888074eb8170 (&lp->qli_lock){+.+.}-{3:3}, at: xfs_dquot_detach_buf+0x2f/0x1a0 [ 87.075770][ T5822] [ 87.075770][ T5822] but task is already holding lock: [ 87.083159][ T5822] ffff888032c74830 (&l->lock){+.+.}-{3:3}, at: lock_list_lru_of_memcg+0x24b/0x4e0 [ 87.092415][ T5822] [ 87.092415][ T5822] which lock already depends on the new lock. [ 87.092415][ T5822] [ 87.102908][ T5822] [ 87.102908][ T5822] the existing dependency chain (in reverse order) is: [ 87.111954][ T5822] [ 87.111954][ T5822] -> #3 (&l->lock){+.+.}-{3:3}: [ 87.118998][ T5822] lock_acquire+0x1ed/0x550 [ 87.124034][ T5822] _raw_spin_lock+0x2e/0x40 [ 87.129087][ T5822] lock_list_lru_of_memcg+0x24b/0x4e0 [ 87.134993][ T5822] list_lru_add+0x59/0x270 [ 87.139966][ T5822] xfs_buf_rele+0x4ca/0x15b0 [ 87.145119][ T5822] xfs_imap_lookup+0x26a/0x750 [ 87.150537][ T5822] xfs_imap+0x54d/0x1090 [ 87.155328][ T5822] xfs_iget+0xaf6/0x2ec0 [ 87.160110][ T5822] xfs_mountfs+0x13df/0x2410 [ 87.165324][ T5822] xfs_fs_fill_super+0x12db/0x1590 [ 87.170970][ T5822] get_tree_bdev_flags+0x48c/0x5c0 [ 87.176671][ T5822] vfs_get_tree+0x90/0x2b0 [ 87.181622][ T5822] do_new_mount+0x2be/0xb40 [ 87.186666][ T5822] __se_sys_mount+0x2d6/0x3c0 [ 87.191877][ T5822] do_syscall_64+0xf3/0x230 [ 87.196930][ T5822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.203477][ T5822] [ 87.203477][ T5822] -> #2 (&bch->bc_lock){+.+.}-{3:3}: [ 87.210972][ T5822] lock_acquire+0x1ed/0x550 [ 87.216016][ T5822] _raw_spin_lock+0x2e/0x40 [ 87.221077][ T5822] _atomic_dec_and_lock+0xb8/0x130 [ 87.226727][ T5822] xfs_buf_rele+0x178/0x15b0 [ 87.231855][ T5822] xfs_imap_lookup+0x26a/0x750 [ 87.237330][ T5822] xfs_imap+0x54d/0x1090 [ 87.242118][ T5822] xfs_iget+0xaf6/0x2ec0 [ 87.246915][ T5822] xfs_mountfs+0x13df/0x2410 [ 87.252051][ T5822] xfs_fs_fill_super+0x12db/0x1590 [ 87.257725][ T5822] get_tree_bdev_flags+0x48c/0x5c0 [ 87.263393][ T5822] vfs_get_tree+0x90/0x2b0 [ 87.268381][ T5822] do_new_mount+0x2be/0xb40 [ 87.273427][ T5822] __se_sys_mount+0x2d6/0x3c0 [ 87.278653][ T5822] do_syscall_64+0xf3/0x230 [ 87.283705][ T5822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.290145][ T5822] [ 87.290145][ T5822] -> #1 (&bp->b_lock){+.+.}-{3:3}: [ 87.297462][ T5822] lock_acquire+0x1ed/0x550 [ 87.302536][ T5822] _raw_spin_lock+0x2e/0x40 [ 87.307573][ T5822] xfs_buf_rele+0x164/0x15b0 [ 87.312702][ T5822] xfs_dquot_attach_buf+0x33e/0x560 [ 87.318544][ T5822] xfs_qm_quotacheck_dqadjust+0x13f/0x5e0 [ 87.324828][ T5822] xfs_qm_dqusage_adjust+0x5e1/0x850 [ 87.330756][ T5822] xfs_iwalk_ag_recs+0x4e3/0x820 [ 87.336245][ T5822] xfs_iwalk_run_callbacks+0x218/0x470 [ 87.342275][ T5822] xfs_iwalk_ag+0xa9a/0xbb0 [ 87.347322][ T5822] xfs_iwalk_ag_work+0xfb/0x1b0 [ 87.352707][ T5822] xfs_pwork_work+0x7f/0x190 [ 87.357834][ T5822] process_scheduled_works+0xa66/0x1840 [ 87.363981][ T5822] worker_thread+0x870/0xd30 [ 87.369116][ T5822] kthread+0x2f0/0x390 [ 87.373721][ T5822] ret_from_fork+0x4b/0x80 [ 87.378781][ T5822] ret_from_fork_asm+0x1a/0x30 [ 87.384100][ T5822] [ 87.384100][ T5822] -> #0 (&lp->qli_lock){+.+.}-{3:3}: [ 87.391596][ T5822] validate_chain+0x18ef/0x5920 [ 87.397111][ T5822] __lock_acquire+0x1397/0x2100 [ 87.402596][ T5822] lock_acquire+0x1ed/0x550 [ 87.407725][ T5822] _raw_spin_lock+0x2e/0x40 [ 87.412759][ T5822] xfs_dquot_detach_buf+0x2f/0x1a0 [ 87.418430][ T5822] xfs_qm_dquot_isolate+0x49d/0x1420 [ 87.424255][ T5822] __list_lru_walk_one+0x170/0x470 [ 87.429930][ T5822] list_lru_walk_one+0x3c/0x50 [ 87.435224][ T5822] xfs_qm_shrink_scan+0x1e1/0x400 [ 87.440795][ T5822] do_shrink_slab+0x72d/0x1160 [ 87.446095][ T5822] shrink_slab+0x1093/0x14d0 [ 87.451566][ T5822] drop_slab+0x142/0x280 [ 87.456370][ T5822] drop_caches_sysctl_handler+0xbc/0x160 [ 87.462561][ T5822] proc_sys_call_handler+0x5ec/0x920 [ 87.468418][ T5822] do_iter_readv_writev+0x600/0x880 [ 87.474239][ T5822] vfs_writev+0x376/0xba0 [ 87.479096][ T5822] do_writev+0x1b6/0x360 [ 87.483865][ T5822] do_syscall_64+0xf3/0x230 [ 87.488907][ T5822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.495344][ T5822] [ 87.495344][ T5822] other info that might help us debug this: [ 87.495344][ T5822] [ 87.505573][ T5822] Chain exists of: [ 87.505573][ T5822] &lp->qli_lock --> &bch->bc_lock --> &l->lock [ 87.505573][ T5822] [ 87.517674][ T5822] Possible unsafe locking scenario: [ 87.517674][ T5822] [ 87.525125][ T5822] CPU0 CPU1 [ 87.530497][ T5822] ---- ---- [ 87.535883][ T5822] lock(&l->lock); [ 87.539704][ T5822] lock(&bch->bc_lock); [ 87.546499][ T5822] lock(&l->lock); [ 87.552851][ T5822] lock(&lp->qli_lock); [ 87.557112][ T5822] [ 87.557112][ T5822] *** DEADLOCK *** [ 87.557112][ T5822] [ 87.565278][ T5822] 3 locks held by syz-executor142/5822: [ 87.570835][ T5822] #0: ffff888024448420 (sb_writers#3){.+.+}-{0:0}, at: vfs_writev+0x2d1/0xba0 [ 87.579843][ T5822] #1: ffff888032c74830 (&l->lock){+.+.}-{3:3}, at: lock_list_lru_of_memcg+0x24b/0x4e0 [ 87.589535][ T5822] #2: ffff888074eb8258 (&dqp->q_qlock){+.+.}-{4:4}, at: xfs_qm_dquot_isolate+0x8d/0x1420 [ 87.599633][ T5822] [ 87.599633][ T5822] stack backtrace: [ 87.605559][ T5822] CPU: 0 UID: 0 PID: 5822 Comm: syz-executor142 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 87.616691][ T5822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 87.626963][ T5822] Call Trace: [ 87.630251][ T5822] [ 87.633192][ T5822] dump_stack_lvl+0x241/0x360 [ 87.637915][ T5822] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.643149][ T5822] ? __pfx__printk+0x10/0x10 [ 87.647761][ T5822] print_circular_bug+0x13a/0x1b0 [ 87.652814][ T5822] check_noncircular+0x36a/0x4a0 [ 87.657772][ T5822] ? __pfx_check_noncircular+0x10/0x10 [ 87.663245][ T5822] ? queued_spin_lock_slowpath+0x42/0x50 [ 87.668892][ T5822] ? lockdep_lock+0x1b0/0x2b0 [ 87.673926][ T5822] ? validate_chain+0x15c0/0x5920 [ 87.678979][ T5822] validate_chain+0x18ef/0x5920 [ 87.683883][ T5822] ? __pfx_validate_chain+0x10/0x10 [ 87.689132][ T5822] ? arch_stack_walk+0xfd/0x150 [ 87.694006][ T5822] ? __lock_acquire+0x1397/0x2100 [ 87.699046][ T5822] ? mark_lock+0x9a/0x360 [ 87.703390][ T5822] __lock_acquire+0x1397/0x2100 [ 87.708257][ T5822] lock_acquire+0x1ed/0x550 [ 87.712769][ T5822] ? xfs_dquot_detach_buf+0x2f/0x1a0 [ 87.718067][ T5822] ? __pfx_lock_acquire+0x10/0x10 [ 87.723151][ T5822] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 87.729180][ T5822] ? lockdep_hardirqs_on+0x99/0x150 [ 87.734542][ T5822] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 87.740502][ T5822] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 87.746845][ T5822] ? __pfx___mutex_trylock_common+0x10/0x10 [ 87.752758][ T5822] _raw_spin_lock+0x2e/0x40 [ 87.757273][ T5822] ? xfs_dquot_detach_buf+0x2f/0x1a0 [ 87.762569][ T5822] xfs_dquot_detach_buf+0x2f/0x1a0 [ 87.767695][ T5822] xfs_qm_dquot_isolate+0x49d/0x1420 [ 87.773015][ T5822] ? __lock_acquire+0x1397/0x2100 [ 87.778144][ T5822] ? __pfx_xfs_qm_dquot_isolate+0x10/0x10 [ 87.783968][ T5822] ? lock_list_lru_of_memcg+0x2e/0x4e0 [ 87.789438][ T5822] ? lock_list_lru_of_memcg+0x4a9/0x4e0 [ 87.794995][ T5822] __list_lru_walk_one+0x170/0x470 [ 87.800135][ T5822] ? __pfx_xfs_qm_dquot_isolate+0x10/0x10 [ 87.805891][ T5822] ? __pfx_xfs_qm_dquot_isolate+0x10/0x10 [ 87.811633][ T5822] list_lru_walk_one+0x3c/0x50 [ 87.816435][ T5822] xfs_qm_shrink_scan+0x1e1/0x400 [ 87.821496][ T5822] ? __pfx_xfs_qm_shrink_scan+0x10/0x10 [ 87.827066][ T5822] ? list_lru_count_one+0x29/0x2e0 [ 87.832189][ T5822] do_shrink_slab+0x72d/0x1160 [ 87.836972][ T5822] ? shrink_slab+0x12b/0x14d0 [ 87.841672][ T5822] shrink_slab+0x1093/0x14d0 [ 87.846283][ T5822] ? shrink_slab+0x12b/0x14d0 [ 87.850992][ T5822] ? __pfx_lock_release+0x10/0x10 [ 87.856078][ T5822] ? __pfx_shrink_slab+0x10/0x10 [ 87.861052][ T5822] ? mem_cgroup_iter+0x3d/0x420 [ 87.865918][ T5822] drop_slab+0x142/0x280 [ 87.870191][ T5822] drop_caches_sysctl_handler+0xbc/0x160 [ 87.875850][ T5822] ? __pfx_drop_caches_sysctl_handler+0x10/0x10 [ 87.882145][ T5822] proc_sys_call_handler+0x5ec/0x920 [ 87.887445][ T5822] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 87.893265][ T5822] do_iter_readv_writev+0x600/0x880 [ 87.898493][ T5822] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 87.904316][ T5822] ? rcu_read_lock_any_held+0xb7/0x160 [ 87.909796][ T5822] vfs_writev+0x376/0xba0 [ 87.914138][ T5822] ? __pfx_vfs_writev+0x10/0x10 [ 87.919000][ T5822] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 87.925343][ T5822] ? _raw_spin_unlock_irq+0x23/0x50 [ 87.930585][ T5822] ? lockdep_hardirqs_on+0x99/0x150 [ 87.935807][ T5822] do_writev+0x1b6/0x360 [ 87.940127][ T5822] ? __pfx_do_writev+0x10/0x10 [ 87.944908][ T5822] ? do_syscall_64+0x100/0x230 [ 87.949698][ T5822] do_syscall_64+0xf3/0x230 [ 87.954219][ T5822] ? clear_bhb_loop+0x35/0x90 [ 87.958911][ T5822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.964835][ T5822] RIP: 0033:0x7f21dc7d2779 [ 87.969271][ T5822] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 87.988928][ T5822] RSP: 002b:00007ffdb6668618 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 87.997359][ T5822] RAX: ffffffffffffffda RBX: 00007ffdb66687e8 RCX: 00007f21dc7d2779 [ 88.005360][ T5822] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004 [ 88.013339][ T5822] RBP: 00007f21dc84f610 R08: 0000000000000000 R09: 00007ffdb66687e8 [ 88.021339][ T5822] R10: 0000000000009687 R11: 0000000000000246 R12: 0000000000000001 [ 88.029427][ T5822] R13: 00007ffdb66687d8 R14: 0000000000000001 R15: 0000000000000001 [ 88.037443][ T5822] writev(4, [{iov_base="2", iov_len=1}], 1) = 1 exit_group(0) = ? +++ exited with 0 +++