Warning: Permanently added '10.128.1.160' (ED25519) to the list of known hosts. executing program [ 51.866956][ T4169] loop0: detected capacity change from 0 to 32768 [ 51.973554][ T4169] (syz-executor253,4169,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 51.988617][ T4169] (syz-executor253,4169,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 52.013126][ T4169] JBD2: Ignoring recovery information on journal [ 52.038590][ T4169] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 52.052047][ T3041] ocfs2: Finishing quota recovery on device (7,0) for slot 0 [ 52.078087][ T4169] [ 52.080428][ T4169] ====================================================== [ 52.087420][ T4169] WARNING: possible circular locking dependency detected [ 52.094409][ T4169] 5.15.177-syzkaller #0 Not tainted [ 52.099577][ T4169] ------------------------------------------------------ [ 52.106566][ T4169] syz-executor253/4169 is trying to acquire lock: [ 52.112952][ T4169] ffff8880205e8138 ((wq_completion)ocfs2_wq){+.+.}-{0:0}, at: flush_workqueue+0x154/0x1610 [ 52.122981][ T4169] [ 52.122981][ T4169] but task is already holding lock: [ 52.130324][ T4169] ffff8881484d20e0 (&type->s_umount_key#46){++++}-{3:3}, at: deactivate_super+0xa9/0xe0 [ 52.140041][ T4169] [ 52.140041][ T4169] which lock already depends on the new lock. [ 52.140041][ T4169] [ 52.150416][ T4169] [ 52.150416][ T4169] the existing dependency chain (in reverse order) is: [ 52.159402][ T4169] [ 52.159402][ T4169] -> #2 (&type->s_umount_key#46){++++}-{3:3}: [ 52.167629][ T4169] lock_acquire+0x1db/0x4f0 [ 52.172634][ T4169] down_read+0x45/0x2e0 [ 52.177301][ T4169] ocfs2_finish_quota_recovery+0x15a/0x2260 [ 52.183702][ T4169] ocfs2_complete_recovery+0x173c/0x24a0 [ 52.189839][ T4169] process_one_work+0x8a1/0x10c0 [ 52.195276][ T4169] worker_thread+0xaca/0x1280 [ 52.200449][ T4169] kthread+0x3f6/0x4f0 [ 52.205015][ T4169] ret_from_fork+0x1f/0x30 [ 52.209928][ T4169] [ 52.209928][ T4169] -> #1 ((work_completion)(&journal->j_recovery_work)){+.+.}-{0:0}: [ 52.220151][ T4169] lock_acquire+0x1db/0x4f0 [ 52.225155][ T4169] process_one_work+0x7f1/0x10c0 [ 52.230589][ T4169] worker_thread+0xaca/0x1280 [ 52.235764][ T4169] kthread+0x3f6/0x4f0 [ 52.240327][ T4169] ret_from_fork+0x1f/0x30 [ 52.245241][ T4169] [ 52.245241][ T4169] -> #0 ((wq_completion)ocfs2_wq){+.+.}-{0:0}: [ 52.253552][ T4169] validate_chain+0x1649/0x5930 [ 52.258906][ T4169] __lock_acquire+0x1295/0x1ff0 [ 52.264251][ T4169] lock_acquire+0x1db/0x4f0 [ 52.269273][ T4169] flush_workqueue+0x170/0x1610 [ 52.274621][ T4169] ocfs2_shutdown_local_alloc+0x105/0xa90 [ 52.280842][ T4169] ocfs2_dismount_volume+0x1db/0x8b0 [ 52.286629][ T4169] generic_shutdown_super+0x130/0x310 [ 52.292510][ T4169] kill_block_super+0x7a/0xe0 [ 52.297688][ T4169] deactivate_locked_super+0xa0/0x110 [ 52.303555][ T4169] cleanup_mnt+0x44e/0x500 [ 52.308474][ T4169] task_work_run+0x129/0x1a0 [ 52.313565][ T4169] do_exit+0x6a3/0x2480 [ 52.318238][ T4169] do_group_exit+0x144/0x310 [ 52.323334][ T4169] __x64_sys_exit_group+0x3b/0x40 [ 52.328861][ T4169] do_syscall_64+0x3b/0xb0 [ 52.333780][ T4169] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 52.340176][ T4169] [ 52.340176][ T4169] other info that might help us debug this: [ 52.340176][ T4169] [ 52.350374][ T4169] Chain exists of: [ 52.350374][ T4169] (wq_completion)ocfs2_wq --> (work_completion)(&journal->j_recovery_work) --> &type->s_umount_key#46 [ 52.350374][ T4169] [ 52.367202][ T4169] Possible unsafe locking scenario: [ 52.367202][ T4169] [ 52.374622][ T4169] CPU0 CPU1 [ 52.379961][ T4169] ---- ---- [ 52.385306][ T4169] lock(&type->s_umount_key#46); [ 52.390344][ T4169] lock((work_completion)(&journal->j_recovery_work)); [ 52.399771][ T4169] lock(&type->s_umount_key#46); [ 52.407290][ T4169] lock((wq_completion)ocfs2_wq); [ 52.412378][ T4169] [ 52.412378][ T4169] *** DEADLOCK *** [ 52.412378][ T4169] [ 52.420529][ T4169] 1 lock held by syz-executor253/4169: [ 52.425962][ T4169] #0: ffff8881484d20e0 (&type->s_umount_key#46){++++}-{3:3}, at: deactivate_super+0xa9/0xe0 [ 52.436120][ T4169] [ 52.436120][ T4169] stack backtrace: [ 52.441996][ T4169] CPU: 0 PID: 4169 Comm: syz-executor253 Not tainted 5.15.177-syzkaller #0 [ 52.450557][ T4169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 52.460590][ T4169] Call Trace: [ 52.463849][ T4169] [ 52.466758][ T4169] dump_stack_lvl+0x1e3/0x2d0 [ 52.471423][ T4169] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 52.477034][ T4169] ? print_circular_bug+0x12b/0x1a0 [ 52.482211][ T4169] check_noncircular+0x2f8/0x3b0 [ 52.487130][ T4169] ? add_chain_block+0x850/0x850 [ 52.492045][ T4169] ? lockdep_lock+0x11f/0x2a0 [ 52.496703][ T4169] validate_chain+0x1649/0x5930 [ 52.501537][ T4169] ? reacquire_held_locks+0x660/0x660 [ 52.506887][ T4169] ? read_lock_is_recursive+0x10/0x10 [ 52.512234][ T4169] ? debug_object_assert_init+0x2bf/0x420 [ 52.517935][ T4169] ? do_raw_spin_lock+0x14a/0x370 [ 52.522937][ T4169] ? __lock_acquire+0x1ff0/0x1ff0 [ 52.527943][ T4169] ? do_raw_spin_unlock+0x137/0x8b0 [ 52.533133][ T4169] ? mark_lock+0x98/0x340 [ 52.537479][ T4169] __lock_acquire+0x1295/0x1ff0 [ 52.542320][ T4169] lock_acquire+0x1db/0x4f0 [ 52.546817][ T4169] ? flush_workqueue+0x154/0x1610 [ 52.551823][ T4169] ? read_lock_is_recursive+0x10/0x10 [ 52.557178][ T4169] ? lockdep_softirqs_off+0x420/0x420 [ 52.562533][ T4169] ? del_timer+0x183/0x310 [ 52.566941][ T4169] ? __init_swait_queue_head+0xaa/0x140 [ 52.572485][ T4169] flush_workqueue+0x170/0x1610 [ 52.577320][ T4169] ? flush_workqueue+0x154/0x1610 [ 52.582324][ T4169] ? print_irqtrace_events+0x210/0x210 [ 52.587765][ T4169] ? flush_work+0x20/0x20 [ 52.592077][ T4169] ? rcu_work_rcufn+0x140/0x140 [ 52.596913][ T4169] ? print_irqtrace_events+0x210/0x210 [ 52.602373][ T4169] ocfs2_shutdown_local_alloc+0x105/0xa90 [ 52.608113][ T4169] ? __cancel_work_timer+0x5e8/0x6a0 [ 52.613389][ T4169] ? ocfs2_local_alloc_count_bits+0x230/0x230 [ 52.619443][ T4169] ? cancel_work_sync+0x20/0x20 [ 52.624296][ T4169] ? do_raw_spin_unlock+0x137/0x8b0 [ 52.629479][ T4169] ? _atomic_dec_and_lock+0x96/0x130 [ 52.634755][ T4169] ? iput+0x371/0x8b0 [ 52.638721][ T4169] ? ocfs2_disable_quotas+0x1b8/0x210 [ 52.644073][ T4169] ocfs2_dismount_volume+0x1db/0x8b0 [ 52.649339][ T4169] ? ocfs2_enable_quotas+0x440/0x440 [ 52.654688][ T4169] ? clear_inode+0x150/0x150 [ 52.659258][ T4169] ? ocfs2_alloc_inode+0x21/0x70 [ 52.664191][ T4169] ? ocfs2_alloc_inode+0x21/0x70 [ 52.669118][ T4169] ? ocfs2_free_inode+0x20/0x20 [ 52.673970][ T4169] generic_shutdown_super+0x130/0x310 [ 52.679331][ T4169] kill_block_super+0x7a/0xe0 [ 52.683995][ T4169] deactivate_locked_super+0xa0/0x110 [ 52.689349][ T4169] cleanup_mnt+0x44e/0x500 [ 52.693744][ T4169] ? lockdep_hardirqs_on+0x94/0x130 [ 52.698927][ T4169] task_work_run+0x129/0x1a0 [ 52.703515][ T4169] do_exit+0x6a3/0x2480 [ 52.707676][ T4169] ? put_task_struct+0x80/0x80 [ 52.712449][ T4169] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 52.718413][ T4169] ? vtime_user_exit+0x2d1/0x400 [ 52.723334][ T4169] do_group_exit+0x144/0x310 [ 52.727914][ T4169] __x64_sys_exit_group+0x3b/0x40 [ 52.732943][ T4169] do_syscall_64+0x3b/0xb0 [ 52.737346][ T4169] ? clear_bhb_loop+0x15/0x70 [ 52.742006][ T4169] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 52.747897][ T4169] RIP: 0033:0x7f8555491b89 [ 52.752290][ T4169] Code: Unable to access opcode bytes at RIP 0x7f8555491b5f. [ 52.759634][ T4169] RSP: 002b:00007ffd1345ba48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 52.768030][ T4169] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f8555491b89 [ 52.775986][ T4169] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 52.783935][ T4169] RBP: 00007f85555122b0 R08: ffffffffffffffb8 R09: 0000000000004701 [ 52.791887][ T4169] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85555122b0 [ 52.799837][ T4169] R13: 0000000000000000 R14: 00007f8555513020 R15: 00007f85554600c0 [ 52.807811][ T4169] [ 52.816698][ T4169] ocfs2: Unmounting device (7,0) on (node local)