BTRFS warning (device loop5): excessive commit interval 622039222 BTRFS info (device loop5): force zlib compression, level 3 BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.5/16305 is trying to acquire lock: 000000009916cdf1 (&fs_info->qgroup_ioctl_lock){+.+.}, at: btrfs_qgroup_inherit+0xde/0x1c60 fs/btrfs/qgroup.c:2284 but task is already holding lock: 000000008109e170 (sb_internal#3){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline] 000000008109e170 (sb_internal#3){.+.+}, at: start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 input: syz0 as /devices/virtual/input/input87 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (sb_internal#3){.+.+}: sb_start_intwrite include/linux/fs.h:1626 [inline] start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 btrfs_quota_enable+0x169/0x10b0 fs/btrfs/qgroup.c:905 btrfs_ioctl_quota_ctl fs/btrfs/ioctl.c:5233 [inline] btrfs_ioctl+0x622c/0x76d0 fs/btrfs/ioctl.c:6021 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&fs_info->qgroup_ioctl_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 btrfs_qgroup_inherit+0xde/0x1c60 fs/btrfs/qgroup.c:2284 create_subvol+0x3aa/0x1850 fs/btrfs/ioctl.c:617 btrfs_mksubvol+0xe1d/0x1160 fs/btrfs/ioctl.c:1007 btrfs_ioctl_snap_create_transid+0x2a7/0x430 fs/btrfs/ioctl.c:1771 btrfs_ioctl_snap_create+0x114/0x170 fs/btrfs/ioctl.c:1819 btrfs_ioctl+0x274b/0x76d0 fs/btrfs/ioctl.c:5932 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sb_internal#3); lock(&fs_info->qgroup_ioctl_lock); lock(sb_internal#3); lock(&fs_info->qgroup_ioctl_lock); *** DEADLOCK *** 4 locks held by syz-executor.5/16305: #0: 0000000076f319d7 (sb_writers#20){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 0000000076f319d7 (sb_writers#20){.+.+}, at: mnt_want_write_file+0x63/0x1d0 fs/namespace.c:418 #1: 000000004ccdfbbd (&type->i_mutex_dir_key#11/1){+.+.}, at: btrfs_mksubvol+0x156/0x1160 fs/btrfs/ioctl.c:975 #2: 00000000d359d6fd (&fs_info->subvol_sem){++++}, at: btrfs_mksubvol+0x35b/0x1160 fs/btrfs/ioctl.c:998 #3: 000000008109e170 (sb_internal#3){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline] #3: 000000008109e170 (sb_internal#3){.+.+}, at: start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 stack backtrace: CPU: 0 PID: 16305 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 btrfs_qgroup_inherit+0xde/0x1c60 fs/btrfs/qgroup.c:2284 create_subvol+0x3aa/0x1850 fs/btrfs/ioctl.c:617 btrfs_mksubvol+0xe1d/0x1160 fs/btrfs/ioctl.c:1007 btrfs_ioctl_snap_create_transid+0x2a7/0x430 fs/btrfs/ioctl.c:1771 btrfs_ioctl_snap_create+0x114/0x170 fs/btrfs/ioctl.c:1819 btrfs_ioctl+0x274b/0x76d0 fs/btrfs/ioctl.c:5932 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f2c3eb650c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2c3d0d7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f2c3ec84f80 RCX: 00007f2c3eb650c9 RDX: 00000000200000c0 RSI: 000000005000940e RDI: 0000000000000005 RBP: 00007f2c3ebc0ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff73b6102f R14: 00007f2c3d0d7300 R15: 0000000000022000 BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor.2 (16379) BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 8 scanned by systemd-udevd (16424) audit: type=1804 audit(1674105670.718:143): pid=16275 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1574063330/syzkaller.5QCWSV/203/bus" dev="sda1" ino=13884 res=1 audit: type=1804 audit(1674105670.788:144): pid=16437 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir1574063330/syzkaller.5QCWSV/203/bus" dev="sda1" ino=13884 res=1 input: syz0 as /devices/virtual/input/input88 netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. audit: type=1804 audit(1674105671.008:145): pid=16470 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1574063330/syzkaller.5QCWSV/204/bus" dev="sda1" ino=13888 res=1 audit: type=1804 audit(1674105671.038:146): pid=16458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir1574063330/syzkaller.5QCWSV/204/bus" dev="sda1" ino=13888 res=1 audit: type=1804 audit(1674105671.038:147): pid=16458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir1574063330/syzkaller.5QCWSV/204/bus" dev="sda1" ino=13888 res=1 audit: type=1804 audit(1674105671.038:148): pid=16458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir1574063330/syzkaller.5QCWSV/204/bus" dev="sda1" ino=13888 res=1 BTRFS info (device loop5): unrecognized mount option '' audit: type=1804 audit(1674105671.038:149): pid=16458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir1574063330/syzkaller.5QCWSV/204/bus" dev="sda1" ino=13888 res=1 BTRFS error (device loop5): open_ctree failed audit: type=1804 audit(1674105671.038:150): pid=16458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir1574063330/syzkaller.5QCWSV/204/bus" dev="sda1" ino=13888 res=1 audit: type=1804 audit(1674105671.038:151): pid=16458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir1574063330/syzkaller.5QCWSV/204/bus" dev="sda1" ino=13888 res=1 input: syz0 as /devices/virtual/input/input89 audit: type=1804 audit(1674105671.038:152): pid=16458 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir1574063330/syzkaller.5QCWSV/204/bus" dev="sda1" ino=13888 res=1 BTRFS info (device loop2): unrecognized mount option 'user_subvol_rmßapjowepkxS?Öêhe' BTRFS error (device loop2): open_ctree failed netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. BTRFS info (device loop5): unrecognized mount option '' BTRFS error (device loop5): open_ctree failed netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'. input: syz0 as /devices/virtual/input/input90 netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. input: syz0 as /devices/virtual/input/input91 netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. input: syz0 as /devices/virtual/input/input92 netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'. input: syz0 as /devices/virtual/input/input93 input: syz0 as /devices/virtual/input/input94 input: syz0 as /devices/virtual/input/input95 netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. input: syz0 as /devices/virtual/input/input96 hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. input: syz0 as /devices/virtual/input/input97 input: syz0 as /devices/virtual/input/input98 input: syz0 as /devices/virtual/input/input99 input: syz0 as /devices/virtual/input/input100 input: syz0 as /devices/virtual/input/input101 input: syz0 as /devices/virtual/input/input102 input: syz0 as /devices/virtual/input/input103 netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'. uinput: write device info first input: syz0 as /devices/virtual/input/input104 BTRFS info (device loop1): enabling inode map caching uinput: write device info first uinput: write device info first BTRFS warning (device loop1): excessive commit interval 622039222 uinput: write device info first uinput: write device info first BTRFS info (device loop1): force zlib compression, level 3 BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents input: syz0 as /devices/virtual/input/input106 uinput: write device info first input: syz0 as /devices/virtual/input/input109 input: syz0 as /devices/virtual/input/input108 input: syz0 as /devices/virtual/input/input110 input: syz0 as /devices/virtual/input/input111 input: syz0 as /devices/virtual/input/input112 input: syz0 as /devices/virtual/input/input113 input: syz0 as /devices/virtual/input/input114 input: syz0 as /devices/virtual/input/input115 input: syz0 as /devices/virtual/input/input116 input: syz0 as /devices/virtual/input/input117 input: syz0 as /devices/virtual/input/input118 input: syz0 as /devices/virtual/input/input119 input: syz0 as /devices/virtual/input/input120 input: syz0 as /devices/virtual/input/input121 input: syz0 as /devices/virtual/input/input122 input: syz0 as /devices/virtual/input/input123 input: syz0 as /devices/virtual/input/input124 input: syz0 as /devices/virtual/input/input125 input: syz0 as /devices/virtual/input/input126 input: syz0 as /devices/virtual/input/input127 input: syz0 as /devices/virtual/input/input128 input: syz0 as /devices/virtual/input/input129 input: syz0 as /devices/virtual/input/input130 input: syz0 as /devices/virtual/input/input131 input: syz0 as /devices/virtual/input/input132 input: syz0 as /devices/virtual/input/input133 input: syz0 as /devices/virtual/input/input134 input: syz0 as /devices/virtual/input/input135 input: syz0 as /devices/virtual/input/input136 input: syz0 as /devices/virtual/input/input137 input: syz0 as /devices/virtual/input/input138 input: syz0 as /devices/virtual/input/input139 input: syz0 as /devices/virtual/input/input140 input: syz0 as /devices/virtual/input/input141 input: syz0 as /devices/virtual/input/input142 input: syz0 as /devices/virtual/input/input143 BTRFS info (device loop1): enabling inode map caching input: syz0 as /devices/virtual/input/input144 BTRFS warning (device loop1): excessive commit interval 622039222 input: syz0 as /devices/virtual/input/input145 BTRFS info (device loop1): force zlib compression, level 3 input: syz0 as /devices/virtual/input/input147 input: syz0 as /devices/virtual/input/input146 BTRFS info (device loop1): using free space tree input: syz0 as /devices/virtual/input/input148 BTRFS info (device loop1): has skinny extents input: syz0 as /devices/virtual/input/input149 input: syz0 as /devices/virtual/input/input150 input: syz0 as /devices/virtual/input/input151 input: syz0 as /devices/virtual/input/input152 input: syz0 as /devices/virtual/input/input153 input: syz0 as /devices/virtual/input/input155 input: syz0 as /devices/virtual/input/input154 input: syz0 as /devices/virtual/input/input156 input: syz0 as /devices/virtual/input/input157 input: syz0 as /devices/virtual/input/input158 input: syz0 as /devices/virtual/input/input159 input: syz0 as /devices/virtual/input/input160 input: syz0 as /devices/virtual/input/input161 input: syz0 as /devices/virtual/input/input162 input: syz0 as /devices/virtual/input/input163 input: syz0 as /devices/virtual/input/input164 input: syz0 as /devices/virtual/input/input165 input: syz0 as /devices/virtual/input/input166 input: syz0 as /devices/virtual/input/input167 input: syz0 as /devices/virtual/input/input168 input: syz0 as /devices/virtual/input/input169 input: syz0 as /devices/virtual/input/input170 input: syz0 as /devices/virtual/input/input171 input: syz0 as /devices/virtual/input/input172 input: syz0 as /devices/virtual/input/input173 input: syz0 as /devices/virtual/input/input174 input: syz0 as /devices/virtual/input/input175 input: syz0 as /devices/virtual/input/input176 input: syz0 as /devices/virtual/input/input177 input: syz0 as /devices/virtual/input/input178 input: syz0 as /devices/virtual/input/input179 input: syz0 as /devices/virtual/input/input180 input: syz0 as /devices/virtual/input/input181 input: syz0 as /devices/virtual/input/input182 input: syz0 as /devices/virtual/input/input183 input: syz0 as /devices/virtual/input/input184 nla_parse: 2 callbacks suppressed netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'. input: syz0 as /devices/virtual/input/input185 input: syz0 as /devices/virtual/input/input186 input: syz0 as /devices/virtual/input/input187 input: syz0 as /devices/virtual/input/input188 input: syz0 as /devices/virtual/input/input189 input: syz0 as /devices/virtual/input/input190 input: syz0 as /devices/virtual/input/input191 input: syz0 as /devices/virtual/input/input192 input: syz0 as /devices/virtual/input/input193 input: syz0 as /devices/virtual/input/input194 BTRFS info (device loop1): enabling inode map caching BTRFS warning (device loop1): excessive commit interval 622039222 BTRFS info (device loop1): force zlib compression, level 3 BTRFS info (device loop1): using free space tree input: syz0 as /devices/virtual/input/input197 BTRFS info (device loop1): has skinny extents input: syz0 as /devices/virtual/input/input198 input: syz0 as /devices/virtual/input/input199 input: syz0 as /devices/virtual/input/input200 input: syz0 as /devices/virtual/input/input201 input: syz0 as /devices/virtual/input/input202 netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'. input: syz0 as /devices/virtual/input/input203 input: syz0 as /devices/virtual/input/input204 input: syz0 as /devices/virtual/input/input205 input: syz0 as /devices/virtual/input/input206 input: syz0 as /devices/virtual/input/input207 input: syz0 as /devices/virtual/input/input208 input: syz0 as /devices/virtual/input/input209 input: syz0 as /devices/virtual/input/input210 input: syz0 as /devices/virtual/input/input211 input: syz0 as /devices/virtual/input/input212 input: syz0 as /devices/virtual/input/input213 BTRFS info (device loop1): enabling inode map caching BTRFS warning (device loop1): excessive commit interval 622039222 BTRFS info (device loop1): force zlib compression, level 3 BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents input: syz0 as /devices/virtual/input/input215 input: syz0 as /devices/virtual/input/input216 input: syz0 as /devices/virtual/input/input217 input: syz0 as /devices/virtual/input/input218 input: syz0 as /devices/virtual/input/input219 input: syz0 as /devices/virtual/input/input220 netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'. input: syz0 as /devices/virtual/input/input221 input: syz0 as /devices/virtual/input/input222 input: syz0 as /devices/virtual/input/input223 input: syz0 as /devices/virtual/input/input224 input: syz0 as /devices/virtual/input/input225 input: syz0 as /devices/virtual/input/input226 input: syz0 as /devices/virtual/input/input227 BTRFS info (device loop1): enabling inode map caching BTRFS warning (device loop1): excessive commit interval 622039222 BTRFS info (device loop1): force zlib compression, level 3 BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents input: syz0 as /devices/virtual/input/input228 input: syz0 as /devices/virtual/input/input229 input: syz0 as /devices/virtual/input/input230 input: syz0 as /devices/virtual/input/input231 input: syz0 as /devices/virtual/input/input232 input: syz0 as /devices/virtual/input/input233 input: syz0 as /devices/virtual/input/input234 netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'. input: syz0 as /devices/virtual/input/input235 input: syz0 as /devices/virtual/input/input236 input: syz0 as /devices/virtual/input/input238 input: syz0 as /devices/virtual/input/input239 input: syz0 as /devices/virtual/input/input240 input: syz0 as /devices/virtual/input/input241 input: syz0 as /devices/virtual/input/input242 netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. input: syz0 as /devices/virtual/input/input243 input: syz0 as /devices/virtual/input/input244 input: syz0 as /devices/virtual/input/input245 input: syz0 as /devices/virtual/input/input246 input: syz0 as /devices/virtual/input/input248