EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
======================================================
WARNING: possible circular locking dependency detected
4.14.305-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/13680 is trying to acquire lock:
 (&dquot->dq_lock){+.+.}, at: [<ffffffff819de3ed>] dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469

but task is already holding lock:
 (&ei->i_data_sem/2){++++}, at: [<ffffffff81ba70c3>] ext4_map_blocks+0x623/0x1730 fs/ext4/inode.c:649

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&ei->i_data_sem/2){++++}:
       down_read+0x36/0x80 kernel/locking/rwsem.c:24
       ext4_map_blocks+0x29f/0x1730 fs/ext4/inode.c:577
       ext4_getblk+0x98/0x420 fs/ext4/inode.c:992
       ext4_bread+0x6c/0x1b0 fs/ext4/inode.c:1042
       ext4_quota_write+0x187/0x420 fs/ext4/super.c:5902
       write_blk+0x106/0x1e0 fs/quota/quota_tree.c:72
       get_free_dqblk+0xf3/0x330 fs/quota/quota_tree.c:133
       do_insert_tree+0x34b/0x1060 fs/quota/quota_tree.c:343
       do_insert_tree+0xe85/0x1060 fs/quota/quota_tree.c:374
       dq_insert_tree fs/quota/quota_tree.c:400 [inline]
       qtree_write_dquot+0x18a/0x4e0 fs/quota/quota_tree.c:419
       v2_write_dquot+0x10f/0x240 fs/quota/quota_v2.c:359
       dquot_acquire+0x220/0x470 fs/quota/dquot.c:436
       ext4_acquire_dquot+0x1b8/0x290 fs/ext4/super.c:5558
       dqget+0x6a0/0xe90 fs/quota/dquot.c:897
       __dquot_initialize+0x2fb/0xa70 fs/quota/dquot.c:1471
       ext4_create+0x6e/0x520 fs/ext4/namei.c:2531
       lookup_open+0x77a/0x1750 fs/namei.c:3241
       do_last fs/namei.c:3334 [inline]
       path_openat+0xe08/0x2970 fs/namei.c:3571
       do_filp_open+0x179/0x3c0 fs/namei.c:3605
       do_sys_open+0x296/0x410 fs/open.c:1081
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

-> #1 (&s->s_dquot.dqio_sem){++++}:
       down_read+0x36/0x80 kernel/locking/rwsem.c:24
       v2_read_dquot+0x49/0x120 fs/quota/quota_v2.c:333
       dquot_acquire+0x10e/0x470 fs/quota/dquot.c:428
       ext4_acquire_dquot+0x1b8/0x290 fs/ext4/super.c:5558
       dqget+0x6a0/0xe90 fs/quota/dquot.c:897
       __dquot_initialize+0x2fb/0xa70 fs/quota/dquot.c:1471
       ext4_create+0x6e/0x520 fs/ext4/namei.c:2531
       lookup_open+0x77a/0x1750 fs/namei.c:3241
       do_last fs/namei.c:3334 [inline]
       path_openat+0xe08/0x2970 fs/namei.c:3571
       do_filp_open+0x179/0x3c0 fs/namei.c:3605
       do_sys_open+0x296/0x410 fs/open.c:1081
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

-> #0 (&dquot->dq_lock){+.+.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
       dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469
       ext4_write_dquot+0x1ac/0x240 fs/ext4/super.c:5542
       ext4_mark_dquot_dirty+0xfe/0x190 fs/ext4/super.c:5593
       mark_dquot_dirty fs/quota/dquot.c:341 [inline]
       mark_all_dquot_dirty fs/quota/dquot.c:379 [inline]
       __dquot_alloc_space+0x329/0x7b0 fs/quota/dquot.c:1703
       dquot_alloc_space_nodirty include/linux/quotaops.h:295 [inline]
       dquot_alloc_space include/linux/quotaops.h:308 [inline]
       dquot_alloc_block include/linux/quotaops.h:332 [inline]
       ext4_mb_new_blocks+0x4ac/0x3db0 fs/ext4/mballoc.c:4571
       ext4_ext_map_blocks+0x2845/0x6b10 fs/ext4/extents.c:4505
       ext4_map_blocks+0x675/0x1730 fs/ext4/inode.c:656
       ext4_getblk+0x98/0x420 fs/ext4/inode.c:992
       ext4_bread+0x6c/0x1b0 fs/ext4/inode.c:1042
       ext4_append+0x1ed/0x440 fs/ext4/namei.c:81
ntfs: volume version 3.1.
       ext4_init_new_dir fs/ext4/namei.c:2680 [inline]
       ext4_mkdir+0x4c9/0xbd0 fs/ext4/namei.c:2727
       vfs_mkdir+0x463/0x6e0 fs/namei.c:3851
       SYSC_mkdirat fs/namei.c:3874 [inline]
       SyS_mkdirat+0x1fd/0x270 fs/namei.c:3858
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

other info that might help us debug this:

Chain exists of:
  &dquot->dq_lock --> &s->s_dquot.dqio_sem --> &ei->i_data_sem/2

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ei->i_data_sem/2);
                               lock(&s->s_dquot.dqio_sem);
                               lock(&ei->i_data_sem/2);
  lock(&dquot->dq_lock);

 *** DEADLOCK ***

4 locks held by syz-executor.1/13680:
 #0:  (sb_writers#3){.+.+}, at: [<ffffffff818e1f2a>] sb_start_write include/linux/fs.h:1551 [inline]
 #0:  (sb_writers#3){.+.+}, at: [<ffffffff818e1f2a>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
 #1:  (&type->i_mutex_dir_key#3/1){+.+.}, at: [<ffffffff818a97fa>] inode_lock_nested include/linux/fs.h:754 [inline]
 #1:  (&type->i_mutex_dir_key#3/1){+.+.}, at: [<ffffffff818a97fa>] filename_create+0x12a/0x3f0 fs/namei.c:3676
 #2:  (&ei->i_data_sem/2){++++}, at: [<ffffffff81ba70c3>] ext4_map_blocks+0x623/0x1730 fs/ext4/inode.c:649
 #3:  (dquot_srcu){....}, at: [<ffffffff819ea9e4>] i_dquot fs/quota/dquot.c:922 [inline]
 #3:  (dquot_srcu){....}, at: [<ffffffff819ea9e4>] __dquot_alloc_space+0x184/0x7b0 fs/quota/dquot.c:1663

stack backtrace:
CPU: 1 PID: 13680 Comm: syz-executor.1 Not tainted 4.14.305-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
 dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469
 ext4_write_dquot+0x1ac/0x240 fs/ext4/super.c:5542
 ext4_mark_dquot_dirty+0xfe/0x190 fs/ext4/super.c:5593
 mark_dquot_dirty fs/quota/dquot.c:341 [inline]
 mark_all_dquot_dirty fs/quota/dquot.c:379 [inline]
 __dquot_alloc_space+0x329/0x7b0 fs/quota/dquot.c:1703
 dquot_alloc_space_nodirty include/linux/quotaops.h:295 [inline]
 dquot_alloc_space include/linux/quotaops.h:308 [inline]
 dquot_alloc_block include/linux/quotaops.h:332 [inline]
 ext4_mb_new_blocks+0x4ac/0x3db0 fs/ext4/mballoc.c:4571
 ext4_ext_map_blocks+0x2845/0x6b10 fs/ext4/extents.c:4505
 ext4_map_blocks+0x675/0x1730 fs/ext4/inode.c:656
 ext4_getblk+0x98/0x420 fs/ext4/inode.c:992
 ext4_bread+0x6c/0x1b0 fs/ext4/inode.c:1042
 ext4_append+0x1ed/0x440 fs/ext4/namei.c:81
 ext4_init_new_dir fs/ext4/namei.c:2680 [inline]
 ext4_mkdir+0x4c9/0xbd0 fs/ext4/namei.c:2727
 vfs_mkdir+0x463/0x6e0 fs/namei.c:3851
 SYSC_mkdirat fs/namei.c:3874 [inline]
 SyS_mkdirat+0x1fd/0x270 fs/namei.c:3858
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fa39ac400f9
RSP: 002b:00007fa390db0168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007fa39ad60120 RCX: 00007fa39ac400f9
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c
RBP: 00007fa39ac9bae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff0c54f04f R14: 00007fa390db0300 R15: 0000000000022000
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid.
ntfs: (device loop1): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover.
ntfs: (device loop1): ntfs_fill_super(): Not an NTFS volume.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid.
ntfs: (device loop1): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover.
ntfs: (device loop1): ntfs_fill_super(): Not an NTFS volume.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid.
ntfs: (device loop1): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover.
ntfs: (device loop1): ntfs_fill_super(): Not an NTFS volume.
ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid.
print_req_error: I/O error, dev loop1, sector 1
Buffer I/O error on dev loop1, logical block 1, async page read
print_req_error: I/O error, dev loop1, sector 2
Buffer I/O error on dev loop1, logical block 2, async page read
print_req_error: I/O error, dev loop1, sector 3
Buffer I/O error on dev loop1, logical block 3, async page read
print_req_error: I/O error, dev loop1, sector 4
Buffer I/O error on dev loop1, logical block 4, async page read
print_req_error: I/O error, dev loop1, sector 5
Buffer I/O error on dev loop1, logical block 5, async page read
print_req_error: I/O error, dev loop1, sector 6
Buffer I/O error on dev loop1, logical block 6, async page read
print_req_error: I/O error, dev loop1, sector 7
Buffer I/O error on dev loop1, logical block 7, async page read
block nbd3: shutting down sockets
hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1
hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
hid-generic 0000:0000:0000.0007: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz1
block nbd1: shutting down sockets
block nbd3: shutting down sockets
block nbd4: shutting down sockets
block nbd0: shutting down sockets