Warning: Permanently added '10.128.0.194' (ED25519) to the list of known hosts. executing program [ 79.781294][ T4162] loop0: detected capacity change from 0 to 32768 [ 79.871878][ T4162] (syz-executor413,4162,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 79.887794][ T4162] (syz-executor413,4162,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 79.913845][ T4162] JBD2: Ignoring recovery information on journal [ 79.942058][ T4162] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 79.955947][ T1154] ocfs2: Finishing quota recovery on device (7,0) for slot 0 [ 79.989678][ T4162] [ 79.992073][ T4162] ====================================================== [ 79.999096][ T4162] WARNING: possible circular locking dependency detected [ 80.006137][ T4162] 5.15.179-syzkaller #0 Not tainted [ 80.011313][ T4162] ------------------------------------------------------ [ 80.018329][ T4162] syz-executor413/4162 is trying to acquire lock: [ 80.024731][ T4162] ffff88802b15d938 ((wq_completion)ocfs2_wq){+.+.}-{0:0}, at: flush_workqueue+0x154/0x1610 [ 80.034771][ T4162] [ 80.034771][ T4162] but task is already holding lock: [ 80.042129][ T4162] ffff888024d840e0 (&type->s_umount_key#46){++++}-{3:3}, at: deactivate_super+0xa9/0xe0 [ 80.051882][ T4162] [ 80.051882][ T4162] which lock already depends on the new lock. [ 80.051882][ T4162] [ 80.062271][ T4162] [ 80.062271][ T4162] the existing dependency chain (in reverse order) is: [ 80.071270][ T4162] [ 80.071270][ T4162] -> #2 (&type->s_umount_key#46){++++}-{3:3}: [ 80.079517][ T4162] lock_acquire+0x1db/0x4f0 [ 80.084554][ T4162] down_read+0x45/0x2e0 [ 80.089245][ T4162] ocfs2_finish_quota_recovery+0x15a/0x2260 [ 80.095874][ T4162] ocfs2_complete_recovery+0x173c/0x24a0 [ 80.102035][ T4162] process_one_work+0x8a1/0x10c0 [ 80.107497][ T4162] worker_thread+0xaca/0x1280 [ 80.112696][ T4162] kthread+0x3f6/0x4f0 [ 80.117286][ T4162] ret_from_fork+0x1f/0x30 [ 80.122247][ T4162] [ 80.122247][ T4162] -> #1 ((work_completion)(&journal->j_recovery_work)){+.+.}-{0:0}: [ 80.132405][ T4162] lock_acquire+0x1db/0x4f0 [ 80.137431][ T4162] process_one_work+0x7f1/0x10c0 [ 80.142884][ T4162] worker_thread+0xaca/0x1280 [ 80.148082][ T4162] kthread+0x3f6/0x4f0 [ 80.152661][ T4162] ret_from_fork+0x1f/0x30 [ 80.157592][ T4162] [ 80.157592][ T4162] -> #0 ((wq_completion)ocfs2_wq){+.+.}-{0:0}: [ 80.165941][ T4162] validate_chain+0x1649/0x5930 [ 80.171315][ T4162] __lock_acquire+0x1295/0x1ff0 [ 80.176675][ T4162] lock_acquire+0x1db/0x4f0 [ 80.181688][ T4162] flush_workqueue+0x170/0x1610 [ 80.187074][ T4162] ocfs2_shutdown_local_alloc+0x105/0xa90 [ 80.193300][ T4162] ocfs2_dismount_volume+0x1db/0x8b0 [ 80.199097][ T4162] generic_shutdown_super+0x130/0x310 [ 80.204976][ T4162] kill_block_super+0x7a/0xe0 [ 80.210167][ T4162] deactivate_locked_super+0xa0/0x110 [ 80.216057][ T4162] cleanup_mnt+0x44e/0x500 [ 80.220996][ T4162] task_work_run+0x129/0x1a0 [ 80.226100][ T4162] do_exit+0x6a3/0x2480 [ 80.230771][ T4162] do_group_exit+0x144/0x310 [ 80.235866][ T4162] __x64_sys_exit_group+0x3b/0x40 [ 80.241399][ T4162] do_syscall_64+0x3b/0xb0 [ 80.246327][ T4162] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 80.252729][ T4162] [ 80.252729][ T4162] other info that might help us debug this: [ 80.252729][ T4162] [ 80.262938][ T4162] Chain exists of: [ 80.262938][ T4162] (wq_completion)ocfs2_wq --> (work_completion)(&journal->j_recovery_work) --> &type->s_umount_key#46 [ 80.262938][ T4162] [ 80.279778][ T4162] Possible unsafe locking scenario: [ 80.279778][ T4162] [ 80.287216][ T4162] CPU0 CPU1 [ 80.292577][ T4162] ---- ---- [ 80.297923][ T4162] lock(&type->s_umount_key#46); [ 80.302950][ T4162] lock((work_completion)(&journal->j_recovery_work)); [ 80.312410][ T4162] lock(&type->s_umount_key#46); [ 80.319958][ T4162] lock((wq_completion)ocfs2_wq); [ 80.325053][ T4162] [ 80.325053][ T4162] *** DEADLOCK *** [ 80.325053][ T4162] [ 80.333181][ T4162] 1 lock held by syz-executor413/4162: [ 80.338635][ T4162] #0: ffff888024d840e0 (&type->s_umount_key#46){++++}-{3:3}, at: deactivate_super+0xa9/0xe0 [ 80.348819][ T4162] [ 80.348819][ T4162] stack backtrace: [ 80.354705][ T4162] CPU: 0 PID: 4162 Comm: syz-executor413 Not tainted 5.15.179-syzkaller #0 [ 80.363271][ T4162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 80.373316][ T4162] Call Trace: [ 80.376597][ T4162] [ 80.379520][ T4162] dump_stack_lvl+0x1e3/0x2d0 [ 80.384198][ T4162] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 80.389829][ T4162] ? print_circular_bug+0x12b/0x1a0 [ 80.395033][ T4162] check_noncircular+0x2f8/0x3b0 [ 80.399961][ T4162] ? add_chain_block+0x850/0x850 [ 80.404970][ T4162] ? queued_spin_lock_slowpath+0x42/0x50 [ 80.410602][ T4162] ? lockdep_lock+0x1a7/0x2a0 [ 80.415269][ T4162] validate_chain+0x1649/0x5930 [ 80.420124][ T4162] ? reacquire_held_locks+0x660/0x660 [ 80.425499][ T4162] ? read_lock_is_recursive+0x10/0x10 [ 80.430857][ T4162] ? debug_object_assert_init+0x2bf/0x420 [ 80.436577][ T4162] ? do_raw_spin_lock+0x14a/0x370 [ 80.441590][ T4162] ? __lock_acquire+0x1ff0/0x1ff0 [ 80.446606][ T4162] ? do_raw_spin_unlock+0x137/0x8b0 [ 80.451795][ T4162] ? mark_lock+0x98/0x340 [ 80.456111][ T4162] __lock_acquire+0x1295/0x1ff0 [ 80.460952][ T4162] lock_acquire+0x1db/0x4f0 [ 80.465455][ T4162] ? flush_workqueue+0x154/0x1610 [ 80.470470][ T4162] ? read_lock_is_recursive+0x10/0x10 [ 80.475832][ T4162] ? lockdep_softirqs_off+0x420/0x420 [ 80.481196][ T4162] ? del_timer+0x183/0x310 [ 80.485621][ T4162] ? __init_swait_queue_head+0xaa/0x140 [ 80.491167][ T4162] flush_workqueue+0x170/0x1610 [ 80.496009][ T4162] ? flush_workqueue+0x154/0x1610 [ 80.501020][ T4162] ? print_irqtrace_events+0x210/0x210 [ 80.506471][ T4162] ? flush_work+0x20/0x20 [ 80.510787][ T4162] ? rcu_work_rcufn+0x140/0x140 [ 80.515628][ T4162] ? print_irqtrace_events+0x210/0x210 [ 80.521076][ T4162] ocfs2_shutdown_local_alloc+0x105/0xa90 [ 80.526783][ T4162] ? __cancel_work_timer+0x5e8/0x6a0 [ 80.532057][ T4162] ? ocfs2_local_alloc_count_bits+0x230/0x230 [ 80.538110][ T4162] ? cancel_work_sync+0x20/0x20 [ 80.542949][ T4162] ? do_raw_spin_unlock+0x137/0x8b0 [ 80.548135][ T4162] ? _atomic_dec_and_lock+0x96/0x130 [ 80.553408][ T4162] ? iput+0x371/0x8b0 [ 80.557375][ T4162] ? ocfs2_disable_quotas+0x1b8/0x210 [ 80.562737][ T4162] ocfs2_dismount_volume+0x1db/0x8b0 [ 80.568029][ T4162] ? ocfs2_enable_quotas+0x440/0x440 [ 80.573303][ T4162] ? clear_inode+0x150/0x150 [ 80.577880][ T4162] ? ocfs2_alloc_inode+0x31/0x70 [ 80.582807][ T4162] ? ocfs2_alloc_inode+0x31/0x70 [ 80.587745][ T4162] ? ocfs2_free_inode+0x20/0x20 [ 80.592595][ T4162] generic_shutdown_super+0x130/0x310 [ 80.597955][ T4162] kill_block_super+0x7a/0xe0 [ 80.602618][ T4162] deactivate_locked_super+0xa0/0x110 [ 80.607979][ T4162] cleanup_mnt+0x44e/0x500 [ 80.612395][ T4162] ? lockdep_hardirqs_on+0x94/0x130 [ 80.617592][ T4162] task_work_run+0x129/0x1a0 [ 80.622173][ T4162] do_exit+0x6a3/0x2480 [ 80.626321][ T4162] ? put_task_struct+0x80/0x80 [ 80.631085][ T4162] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 80.637054][ T4162] ? vtime_user_exit+0x2d1/0x400 [ 80.641985][ T4162] do_group_exit+0x144/0x310 [ 80.646566][ T4162] __x64_sys_exit_group+0x3b/0x40 [ 80.651577][ T4162] do_syscall_64+0x3b/0xb0 [ 80.655994][ T4162] ? clear_bhb_loop+0x15/0x70 [ 80.660671][ T4162] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 80.666568][ T4162] RIP: 0033:0x7f8fd4e9fc09 [ 80.670972][ T4162] Code: Unable to access opcode bytes at RIP 0x7f8fd4e9fbdf. [ 80.678404][ T4162] RSP: 002b:00007ffdfb7c90e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 80.686807][ T4162] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f8fd4e9fc09 [ 80.694765][ T4162] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 80.702724][ T4162] RBP: 00007f8fd4f202b0 R08: ffffffffffffffb8 R09: 0000000000004701 [ 80.710685][ T4162] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8fd4f202b0 [ 80.718658][ T4162] R13: 0000000000000000 R14: 00007f8fd4f21020 R15: 00007f8fd4e6e130 [ 80.726624][ T4162] [ 80.737892][ T4162] ocfs2: Unmounting device (7,0) on (node local)