Warning: Permanently added '10.128.1.50' (ED25519) to the list of known hosts. executing program [ 60.745452][ T4164] loop0: detected capacity change from 0 to 32768 [ 60.833563][ T4164] (syz-executor302,4164,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 60.849792][ T4164] (syz-executor302,4164,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 60.877040][ T4164] JBD2: Ignoring recovery information on journal [ 60.907958][ T4164] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 60.923726][ T9] ocfs2: Finishing quota recovery on device (7,0) for slot 0 [ 60.963791][ T4164] [ 60.966152][ T4164] ====================================================== [ 60.973153][ T4164] WARNING: possible circular locking dependency detected [ 60.980162][ T4164] 5.15.180-syzkaller #0 Not tainted [ 60.985355][ T4164] ------------------------------------------------------ [ 60.992361][ T4164] syz-executor302/4164 is trying to acquire lock: [ 60.998964][ T4164] ffff88814c7f2938 ((wq_completion)ocfs2_wq){+.+.}-{0:0}, at: flush_workqueue+0x154/0x1610 [ 61.009114][ T4164] [ 61.009114][ T4164] but task is already holding lock: [ 61.016464][ T4164] ffff88802a8360e0 (&type->s_umount_key#46){++++}-{3:3}, at: deactivate_super+0xa9/0xe0 [ 61.026203][ T4164] [ 61.026203][ T4164] which lock already depends on the new lock. [ 61.026203][ T4164] [ 61.036610][ T4164] [ 61.036610][ T4164] the existing dependency chain (in reverse order) is: [ 61.045679][ T4164] [ 61.045679][ T4164] -> #2 (&type->s_umount_key#46){++++}-{3:3}: [ 61.054051][ T4164] lock_acquire+0x1db/0x4f0 [ 61.059409][ T4164] down_read+0x45/0x2e0 [ 61.064120][ T4164] ocfs2_finish_quota_recovery+0x15a/0x2260 [ 61.070620][ T4164] ocfs2_complete_recovery+0x173c/0x24a0 [ 61.076893][ T4164] process_one_work+0x8a1/0x10c0 [ 61.082365][ T4164] worker_thread+0xaca/0x1280 [ 61.087577][ T4164] kthread+0x3f6/0x4f0 [ 61.092158][ T4164] ret_from_fork+0x1f/0x30 [ 61.097090][ T4164] [ 61.097090][ T4164] -> #1 ((work_completion)(&journal->j_recovery_work)){+.+.}-{0:0}: [ 61.107243][ T4164] lock_acquire+0x1db/0x4f0 [ 61.112318][ T4164] process_one_work+0x7f1/0x10c0 [ 61.117771][ T4164] worker_thread+0xaca/0x1280 [ 61.123072][ T4164] kthread+0x3f6/0x4f0 [ 61.127665][ T4164] ret_from_fork+0x1f/0x30 [ 61.132675][ T4164] [ 61.132675][ T4164] -> #0 ((wq_completion)ocfs2_wq){+.+.}-{0:0}: [ 61.141097][ T4164] validate_chain+0x1649/0x5930 [ 61.146474][ T4164] __lock_acquire+0x1295/0x1ff0 [ 61.151832][ T4164] lock_acquire+0x1db/0x4f0 [ 61.156844][ T4164] flush_workqueue+0x170/0x1610 [ 61.162202][ T4164] ocfs2_shutdown_local_alloc+0x105/0xa90 [ 61.168427][ T4164] ocfs2_dismount_volume+0x1db/0x8b0 [ 61.174223][ T4164] generic_shutdown_super+0x130/0x310 [ 61.180125][ T4164] kill_block_super+0x7a/0xe0 [ 61.185329][ T4164] deactivate_locked_super+0xa0/0x110 [ 61.191207][ T4164] cleanup_mnt+0x44e/0x500 [ 61.196156][ T4164] task_work_run+0x129/0x1a0 [ 61.201261][ T4164] do_exit+0x6a3/0x2480 [ 61.205927][ T4164] do_group_exit+0x144/0x310 [ 61.211024][ T4164] __x64_sys_exit_group+0x3b/0x40 [ 61.216554][ T4164] do_syscall_64+0x3b/0xb0 [ 61.221493][ T4164] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 61.227906][ T4164] [ 61.227906][ T4164] other info that might help us debug this: [ 61.227906][ T4164] [ 61.238133][ T4164] Chain exists of: [ 61.238133][ T4164] (wq_completion)ocfs2_wq --> (work_completion)(&journal->j_recovery_work) --> &type->s_umount_key#46 [ 61.238133][ T4164] [ 61.255199][ T4164] Possible unsafe locking scenario: [ 61.255199][ T4164] [ 61.262660][ T4164] CPU0 CPU1 [ 61.268009][ T4164] ---- ---- [ 61.273362][ T4164] lock(&type->s_umount_key#46); [ 61.278379][ T4164] lock((work_completion)(&journal->j_recovery_work)); [ 61.287840][ T4164] lock(&type->s_umount_key#46); [ 61.295378][ T4164] lock((wq_completion)ocfs2_wq); [ 61.300476][ T4164] [ 61.300476][ T4164] *** DEADLOCK *** [ 61.300476][ T4164] [ 61.308600][ T4164] 1 lock held by syz-executor302/4164: [ 61.314043][ T4164] #0: ffff88802a8360e0 (&type->s_umount_key#46){++++}-{3:3}, at: deactivate_super+0xa9/0xe0 [ 61.324401][ T4164] [ 61.324401][ T4164] stack backtrace: [ 61.330310][ T4164] CPU: 0 PID: 4164 Comm: syz-executor302 Not tainted 5.15.180-syzkaller #0 [ 61.338982][ T4164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 61.349052][ T4164] Call Trace: [ 61.352320][ T4164] [ 61.355240][ T4164] dump_stack_lvl+0x1e3/0x2d0 [ 61.359931][ T4164] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 61.365557][ T4164] ? print_circular_bug+0x12b/0x1a0 [ 61.370745][ T4164] check_noncircular+0x2f8/0x3b0 [ 61.375674][ T4164] ? add_chain_block+0x850/0x850 [ 61.380609][ T4164] ? lockdep_lock+0x11f/0x2a0 [ 61.385298][ T4164] validate_chain+0x1649/0x5930 [ 61.390144][ T4164] ? reacquire_held_locks+0x660/0x660 [ 61.395510][ T4164] ? read_lock_is_recursive+0x10/0x10 [ 61.400869][ T4164] ? debug_object_assert_init+0x2bf/0x420 [ 61.406578][ T4164] ? do_raw_spin_lock+0x14a/0x370 [ 61.411696][ T4164] ? __lock_acquire+0x1ff0/0x1ff0 [ 61.416727][ T4164] ? do_raw_spin_unlock+0x137/0x8b0 [ 61.421917][ T4164] ? mark_lock+0x98/0x340 [ 61.426234][ T4164] __lock_acquire+0x1295/0x1ff0 [ 61.431105][ T4164] lock_acquire+0x1db/0x4f0 [ 61.435598][ T4164] ? flush_workqueue+0x154/0x1610 [ 61.440613][ T4164] ? read_lock_is_recursive+0x10/0x10 [ 61.445990][ T4164] ? lockdep_softirqs_off+0x420/0x420 [ 61.451348][ T4164] ? del_timer+0x183/0x310 [ 61.455880][ T4164] ? __init_swait_queue_head+0xaa/0x140 [ 61.461540][ T4164] flush_workqueue+0x170/0x1610 [ 61.466396][ T4164] ? flush_workqueue+0x154/0x1610 [ 61.471418][ T4164] ? print_irqtrace_events+0x210/0x210 [ 61.476868][ T4164] ? flush_work+0x20/0x20 [ 61.481202][ T4164] ? rcu_work_rcufn+0x140/0x140 [ 61.486043][ T4164] ? print_irqtrace_events+0x210/0x210 [ 61.491515][ T4164] ocfs2_shutdown_local_alloc+0x105/0xa90 [ 61.497233][ T4164] ? __cancel_work_timer+0x5e8/0x6a0 [ 61.502512][ T4164] ? ocfs2_local_alloc_count_bits+0x230/0x230 [ 61.508576][ T4164] ? cancel_work_sync+0x20/0x20 [ 61.513414][ T4164] ? do_raw_spin_unlock+0x137/0x8b0 [ 61.518604][ T4164] ? _atomic_dec_and_lock+0x96/0x130 [ 61.523973][ T4164] ? iput+0x371/0x8b0 [ 61.528056][ T4164] ? ocfs2_disable_quotas+0x1b8/0x210 [ 61.533419][ T4164] ocfs2_dismount_volume+0x1db/0x8b0 [ 61.538872][ T4164] ? ocfs2_enable_quotas+0x440/0x440 [ 61.544145][ T4164] ? clear_inode+0x150/0x150 [ 61.548745][ T4164] ? ocfs2_free_inode+0x11/0x20 [ 61.553690][ T4164] ? ocfs2_free_inode+0x11/0x20 [ 61.558617][ T4164] ? ocfs2_free_inode+0x20/0x20 [ 61.563572][ T4164] generic_shutdown_super+0x130/0x310 [ 61.569034][ T4164] kill_block_super+0x7a/0xe0 [ 61.573718][ T4164] deactivate_locked_super+0xa0/0x110 [ 61.579092][ T4164] cleanup_mnt+0x44e/0x500 [ 61.583517][ T4164] ? lockdep_hardirqs_on+0x94/0x130 [ 61.588710][ T4164] task_work_run+0x129/0x1a0 [ 61.593310][ T4164] do_exit+0x6a3/0x2480 [ 61.597469][ T4164] ? put_task_struct+0x80/0x80 [ 61.602242][ T4164] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 61.608318][ T4164] ? vtime_user_exit+0x2d1/0x400 [ 61.613260][ T4164] do_group_exit+0x144/0x310 [ 61.617846][ T4164] __x64_sys_exit_group+0x3b/0x40 [ 61.622876][ T4164] do_syscall_64+0x3b/0xb0 [ 61.627296][ T4164] ? clear_bhb_loop+0x15/0x70 [ 61.631967][ T4164] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 61.637853][ T4164] RIP: 0033:0x7f4c35f2dc09 [ 61.642270][ T4164] Code: Unable to access opcode bytes at RIP 0x7f4c35f2dbdf. [ 61.649631][ T4164] RSP: 002b:00007fff84147108 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 61.658066][ T4164] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f4c35f2dc09 [ 61.666119][ T4164] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 61.674087][ T4164] RBP: 00007f4c35fae2b0 R08: ffffffffffffffb8 R09: 0000000000004701 [ 61.682140][ T4164] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c35fae2b0 [ 61.690104][ T4164] R13: 0000000000000000 R14: 00007f4c35faf020 R15: 00007f4c35efc130 [ 61.698181][ T4164] [ 61.706683][ T4164] ocfs2: Unmounting device (7,0) on (node local)