./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1641486981 <...> Warning: Permanently added '10.128.0.216' (ED25519) to the list of known hosts. execve("./syz-executor1641486981", ["./syz-executor1641486981"], 0x7ffef6fd3e70 /* 10 vars */) = 0 brk(NULL) = 0x55558eea7000 brk(0x55558eea7d00) = 0x55558eea7d00 arch_prctl(ARCH_SET_FS, 0x55558eea7380) = 0 set_tid_address(0x55558eea7650) = 5831 set_robust_list(0x55558eea7660, 24) = 0 rseq(0x55558eea7ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1641486981", 4096) = 28 getrandom("\x84\x9f\xf8\x5e\x2d\x45\x76\x1b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558eea7d00 brk(0x55558eec8d00) = 0x55558eec8d00 brk(0x55558eec9000) = 0x55558eec9000 mprotect(0x7fa80bf9a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa803a00000 write(3, "\x58\x46\x53\x42\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\xdc\x47\xfc\x10\xd8\x4e\xed\xa5\x62\x11\xa8\x31\xb3\xf7\x91\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x24\x40\x00\x00\x00\x00\x00\x00\x24\x41\x00\x00\x00\x00\x00\x00\x24\x42\x00\x00\x00\x02\x00\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x12\x00"..., 16777216) = 16777216 munmap(0x7fa803a00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file0", 0777) = 0 [ 63.542927][ T5831] loop0: detected capacity change from 0 to 32768 [ 63.597564][ T5831] ======================================================= [ 63.597564][ T5831] WARNING: The mand mount option has been deprecated and [ 63.597564][ T5831] and is ignored by this kernel. Remove the mand [ 63.597564][ T5831] option from the mount to silence this warning. [ 63.597564][ T5831] ======================================================= [ 63.647600][ T5831] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 mount("/dev/loop0", "./file0", "xfs", MS_MANDLOCK|MS_NODIRATIME, "lazytime,uqnoenforce,quota,filestreams,grpquota,allocsize=09m,largeio,,nouuid") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "/proc/sys/vm/drop_caches", O_WRONLY) = 4 [ 63.693597][ T5831] XFS (loop0): Ending clean mount [ 63.703209][ T5831] XFS (loop0): Quotacheck needed: Please wait. [ 63.728217][ T5831] XFS (loop0): Quotacheck: Done. [ 63.834411][ T5831] [ 63.836772][ T5831] ====================================================== [ 63.843768][ T5831] WARNING: possible circular locking dependency detected [ 63.850770][ T5831] 6.13.0-rc3-next-20241219-syzkaller #0 Not tainted [ 63.857331][ T5831] ------------------------------------------------------ [ 63.864328][ T5831] syz-executor164/5831 is trying to acquire lock: [ 63.870717][ T5831] ffff888075a8c170 (&lp->qli_lock){+.+.}-{3:3}, at: xfs_dquot_detach_buf+0x2f/0x1a0 [ 63.880134][ T5831] [ 63.880134][ T5831] but task is already holding lock: [ 63.887474][ T5831] ffff888034810c30 (&l->lock){+.+.}-{3:3}, at: lock_list_lru_of_memcg+0x24b/0x4e0 [ 63.896680][ T5831] [ 63.896680][ T5831] which lock already depends on the new lock. [ 63.896680][ T5831] [ 63.907067][ T5831] [ 63.907067][ T5831] the existing dependency chain (in reverse order) is: [ 63.916067][ T5831] [ 63.916067][ T5831] -> #3 (&l->lock){+.+.}-{3:3}: [ 63.923095][ T5831] lock_acquire+0x1ed/0x550 [ 63.928111][ T5831] _raw_spin_lock+0x2e/0x40 [ 63.933131][ T5831] lock_list_lru_of_memcg+0x24b/0x4e0 [ 63.939017][ T5831] list_lru_add+0x59/0x270 [ 63.943948][ T5831] xfs_buf_rele+0x4ca/0x15b0 [ 63.949046][ T5831] xfs_imap_lookup+0x26a/0x750 [ 63.954321][ T5831] xfs_imap+0x54d/0x1090 [ 63.959073][ T5831] xfs_iget+0xaf6/0x2ec0 [ 63.963822][ T5831] xfs_mountfs+0x13df/0x2410 [ 63.968926][ T5831] xfs_fs_fill_super+0x12dd/0x15a0 [ 63.974548][ T5831] get_tree_bdev_flags+0x48c/0x5c0 [ 63.980169][ T5831] vfs_get_tree+0x90/0x2b0 [ 63.985096][ T5831] do_new_mount+0x2be/0xb40 [ 63.990109][ T5831] __se_sys_mount+0x2d6/0x3c0 [ 63.995293][ T5831] do_syscall_64+0xf3/0x230 [ 64.000310][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.006733][ T5831] [ 64.006733][ T5831] -> #2 (&bch->bc_lock){+.+.}-{3:3}: [ 64.014197][ T5831] lock_acquire+0x1ed/0x550 [ 64.019210][ T5831] _raw_spin_lock+0x2e/0x40 [ 64.024226][ T5831] _atomic_dec_and_lock+0xb8/0x130 [ 64.029854][ T5831] xfs_buf_rele+0x178/0x15b0 [ 64.034954][ T5831] xfs_imap_lookup+0x26a/0x750 [ 64.040227][ T5831] xfs_imap+0x54d/0x1090 [ 64.044975][ T5831] xfs_iget+0xaf6/0x2ec0 [ 64.049728][ T5831] xfs_mountfs+0x13df/0x2410 [ 64.054828][ T5831] xfs_fs_fill_super+0x12dd/0x15a0 [ 64.060447][ T5831] get_tree_bdev_flags+0x48c/0x5c0 [ 64.066069][ T5831] vfs_get_tree+0x90/0x2b0 [ 64.070993][ T5831] do_new_mount+0x2be/0xb40 [ 64.076002][ T5831] __se_sys_mount+0x2d6/0x3c0 [ 64.081185][ T5831] do_syscall_64+0xf3/0x230 [ 64.086202][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.092608][ T5831] [ 64.092608][ T5831] -> #1 (&bp->b_lock){+.+.}-{3:3}: [ 64.099899][ T5831] lock_acquire+0x1ed/0x550 [ 64.104916][ T5831] _raw_spin_lock+0x2e/0x40 [ 64.109927][ T5831] xfs_buf_rele+0x164/0x15b0 [ 64.115040][ T5831] xfs_dquot_attach_buf+0x33e/0x560 [ 64.120749][ T5831] xfs_qm_quotacheck_dqadjust+0x13f/0x5e0 [ 64.126982][ T5831] xfs_qm_dqusage_adjust+0x5e1/0x850 [ 64.132777][ T5831] xfs_iwalk_ag_recs+0x4e3/0x820 [ 64.138222][ T5831] xfs_iwalk_run_callbacks+0x218/0x470 [ 64.144191][ T5831] xfs_iwalk_ag+0xa9a/0xbb0 [ 64.149201][ T5831] xfs_iwalk_ag_work+0xfb/0x1b0 [ 64.154564][ T5831] xfs_pwork_work+0x7f/0x190 [ 64.159662][ T5831] process_scheduled_works+0xa66/0x1840 [ 64.165717][ T5831] worker_thread+0x870/0xd30 [ 64.170815][ T5831] kthread+0x7a9/0x920 [ 64.175395][ T5831] ret_from_fork+0x4b/0x80 [ 64.180341][ T5831] ret_from_fork_asm+0x1a/0x30 [ 64.185614][ T5831] [ 64.185614][ T5831] -> #0 (&lp->qli_lock){+.+.}-{3:3}: [ 64.193076][ T5831] validate_chain+0x18ef/0x5920 [ 64.198446][ T5831] __lock_acquire+0x1397/0x2100 [ 64.203811][ T5831] lock_acquire+0x1ed/0x550 [ 64.208824][ T5831] _raw_spin_lock+0x2e/0x40 [ 64.213836][ T5831] xfs_dquot_detach_buf+0x2f/0x1a0 [ 64.219456][ T5831] xfs_qm_dquot_isolate+0x49d/0x1420 [ 64.225275][ T5831] __list_lru_walk_one+0x170/0x470 [ 64.230897][ T5831] list_lru_walk_one+0x3c/0x50 [ 64.236166][ T5831] xfs_qm_shrink_scan+0x1e1/0x400 [ 64.241702][ T5831] do_shrink_slab+0x72d/0x1160 [ 64.246975][ T5831] shrink_slab+0x1093/0x14d0 [ 64.252072][ T5831] drop_slab+0x142/0x280 [ 64.256830][ T5831] drop_caches_sysctl_handler+0xbc/0x160 [ 64.262974][ T5831] proc_sys_call_handler+0x5ec/0x920 [ 64.268766][ T5831] do_iter_readv_writev+0x600/0x880 [ 64.274490][ T5831] vfs_writev+0x38b/0xbc0 [ 64.279328][ T5831] do_writev+0x1b6/0x360 [ 64.284080][ T5831] do_syscall_64+0xf3/0x230 [ 64.289097][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.295500][ T5831] [ 64.295500][ T5831] other info that might help us debug this: [ 64.295500][ T5831] [ 64.305714][ T5831] Chain exists of: [ 64.305714][ T5831] &lp->qli_lock --> &bch->bc_lock --> &l->lock [ 64.305714][ T5831] [ 64.317784][ T5831] Possible unsafe locking scenario: [ 64.317784][ T5831] [ 64.325217][ T5831] CPU0 CPU1 [ 64.330567][ T5831] ---- ---- [ 64.335915][ T5831] lock(&l->lock); [ 64.339713][ T5831] lock(&bch->bc_lock); [ 64.346467][ T5831] lock(&l->lock); [ 64.352783][ T5831] lock(&lp->qli_lock); [ 64.357020][ T5831] [ 64.357020][ T5831] *** DEADLOCK *** [ 64.357020][ T5831] [ 64.365149][ T5831] 3 locks held by syz-executor164/5831: [ 64.370676][ T5831] #0: ffff888035a9c420 (sb_writers#3){.+.+}-{0:0}, at: vfs_writev+0x2d6/0xbc0 [ 64.379638][ T5831] #1: ffff888034810c30 (&l->lock){+.+.}-{3:3}, at: lock_list_lru_of_memcg+0x24b/0x4e0 [ 64.389290][ T5831] #2: ffff888075a8c258 (&dqp->q_qlock){+.+.}-{4:4}, at: xfs_qm_dquot_isolate+0x8d/0x1420 [ 64.399226][ T5831] [ 64.399226][ T5831] stack backtrace: [ 64.405119][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: syz-executor164 Not tainted 6.13.0-rc3-next-20241219-syzkaller #0 [ 64.405137][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 64.405148][ T5831] Call Trace: [ 64.405156][ T5831] [ 64.405163][ T5831] dump_stack_lvl+0x241/0x360 [ 64.405182][ T5831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 64.405196][ T5831] ? __pfx__printk+0x10/0x10 [ 64.405218][ T5831] print_circular_bug+0x13a/0x1b0 [ 64.405233][ T5831] check_noncircular+0x36a/0x4a0 [ 64.405253][ T5831] ? __pfx_check_noncircular+0x10/0x10 [ 64.405272][ T5831] ? lockdep_lock+0x123/0x2b0 [ 64.405293][ T5831] ? validate_chain+0x15c0/0x5920 [ 64.405314][ T5831] validate_chain+0x18ef/0x5920 [ 64.405339][ T5831] ? __pfx_validate_chain+0x10/0x10 [ 64.405358][ T5831] ? arch_stack_walk+0xfd/0x150 [ 64.405384][ T5831] ? __lock_acquire+0x1397/0x2100 [ 64.405400][ T5831] ? mark_lock+0x9a/0x360 [ 64.405418][ T5831] __lock_acquire+0x1397/0x2100 [ 64.405438][ T5831] lock_acquire+0x1ed/0x550 [ 64.405454][ T5831] ? xfs_dquot_detach_buf+0x2f/0x1a0 [ 64.405470][ T5831] ? __pfx_lock_acquire+0x10/0x10 [ 64.405487][ T5831] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 64.405503][ T5831] ? lockdep_hardirqs_on+0x99/0x150 [ 64.405521][ T5831] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 64.405537][ T5831] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 64.405554][ T5831] ? __pfx___mutex_trylock_common+0x10/0x10 [ 64.405575][ T5831] _raw_spin_lock+0x2e/0x40 [ 64.405590][ T5831] ? xfs_dquot_detach_buf+0x2f/0x1a0 [ 64.405602][ T5831] xfs_dquot_detach_buf+0x2f/0x1a0 [ 64.405617][ T5831] xfs_qm_dquot_isolate+0x49d/0x1420 [ 64.405635][ T5831] ? __lock_acquire+0x1397/0x2100 [ 64.405652][ T5831] ? __pfx_xfs_qm_dquot_isolate+0x10/0x10 [ 64.405669][ T5831] ? lock_list_lru_of_memcg+0x2e/0x4e0 [ 64.405689][ T5831] ? lock_list_lru_of_memcg+0x4a9/0x4e0 [ 64.405710][ T5831] __list_lru_walk_one+0x170/0x470 [ 64.405724][ T5831] ? __pfx_xfs_qm_dquot_isolate+0x10/0x10 [ 64.405742][ T5831] ? __pfx_xfs_qm_dquot_isolate+0x10/0x10 [ 64.405761][ T5831] list_lru_walk_one+0x3c/0x50 [ 64.405774][ T5831] xfs_qm_shrink_scan+0x1e1/0x400 [ 64.405792][ T5831] ? __pfx_xfs_qm_shrink_scan+0x10/0x10 [ 64.405812][ T5831] ? list_lru_count_one+0x29/0x2e0 [ 64.405825][ T5831] do_shrink_slab+0x72d/0x1160 [ 64.405844][ T5831] ? shrink_slab+0x12b/0x14d0 [ 64.405858][ T5831] shrink_slab+0x1093/0x14d0 [ 64.405875][ T5831] ? shrink_slab+0x12b/0x14d0 [ 64.405888][ T5831] ? __pfx_lock_release+0x10/0x10 [ 64.405903][ T5831] ? __pfx_shrink_slab+0x10/0x10 [ 64.405921][ T5831] ? mem_cgroup_iter+0x3d/0x420 [ 64.405936][ T5831] drop_slab+0x142/0x280 [ 64.405952][ T5831] drop_caches_sysctl_handler+0xbc/0x160 [ 64.405971][ T5831] ? __pfx_drop_caches_sysctl_handler+0x10/0x10 [ 64.405989][ T5831] proc_sys_call_handler+0x5ec/0x920 [ 64.406006][ T5831] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 64.406024][ T5831] do_iter_readv_writev+0x600/0x880 [ 64.406043][ T5831] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 64.406059][ T5831] ? rcu_read_lock_any_held+0xb7/0x160 [ 64.406077][ T5831] vfs_writev+0x38b/0xbc0 [ 64.406094][ T5831] ? __pfx_vfs_writev+0x10/0x10 [ 64.406110][ T5831] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 64.406128][ T5831] ? _raw_spin_unlock_irq+0x23/0x50 [ 64.406143][ T5831] ? lockdep_hardirqs_on+0x99/0x150 [ 64.406162][ T5831] do_writev+0x1b6/0x360 [ 64.406176][ T5831] ? __pfx_do_writev+0x10/0x10 [ 64.406188][ T5831] ? do_syscall_64+0x100/0x230 [ 64.406209][ T5831] do_syscall_64+0xf3/0x230 [ 64.406227][ T5831] ? clear_bhb_loop+0x35/0x90 [ 64.406246][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.406263][ T5831] RIP: 0033:0x7fa80bf1d779 [ 64.406279][ T5831] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 64.406297][ T5831] RSP: 002b:00007ffe9c9d6f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 64.406312][ T5831] RAX: ffffffffffffffda RBX: 00007ffe9c9d70f8 RCX: 00007fa80bf1d779 [ 64.406322][ T5831] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004 [ 64.406330][ T5831] RBP: 00007fa80bf9a610 R08: 0000000000000000 R09: 00007ffe9c9d70f8 [ 64.406339][ T5831] R10: 0000000000009687 R11: 0000000000000246 R12: 0000000000000001 [ 64.406348][ T5831] R13: 00007ffe9c9d70e8 R14: 0000000000000001 R15: 0000000000000001 [ 64.406361][ T5831] writev(4, [{iov_base="2", iov_len=1}], 1) = 1 exit_group(0) = ? +++ exited with 0 +++