hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue ====================================================== WARNING: possible circular locking dependency detected 4.14.303-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/12113 is trying to acquire lock: (&dquot->dq_lock){+.+.}, at: [] dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469 but task is already holding lock: (&ei->i_data_sem/2){++++}, at: [] ext4_map_blocks+0x623/0x1730 fs/ext4/inode.c:649 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&ei->i_data_sem/2){++++}: down_read+0x36/0x80 kernel/locking/rwsem.c:24 ext4_map_blocks+0x29f/0x1730 fs/ext4/inode.c:577 ext4_getblk+0x98/0x420 fs/ext4/inode.c:992 ext4_bread+0x6c/0x1b0 fs/ext4/inode.c:1042 ext4_quota_write+0x187/0x420 fs/ext4/super.c:5902 write_blk+0x106/0x1e0 fs/quota/quota_tree.c:72 get_free_dqblk+0xf3/0x330 fs/quota/quota_tree.c:133 do_insert_tree+0x34b/0x1060 fs/quota/quota_tree.c:343 do_insert_tree+0xe85/0x1060 fs/quota/quota_tree.c:374 dq_insert_tree fs/quota/quota_tree.c:400 [inline] qtree_write_dquot+0x18a/0x4e0 fs/quota/quota_tree.c:419 v2_write_dquot+0x10f/0x240 fs/quota/quota_v2.c:359 dquot_acquire+0x220/0x470 fs/quota/dquot.c:436 ext4_acquire_dquot+0x1b8/0x290 fs/ext4/super.c:5558 dqget+0x6a0/0xe90 fs/quota/dquot.c:897 __dquot_initialize+0x2fb/0xa70 fs/quota/dquot.c:1471 ext4_setattr+0x196/0x22f0 fs/ext4/inode.c:5496 notify_change+0x56b/0xd10 fs/attr.c:315 chown_common+0x40b/0x4b0 fs/open.c:631 SYSC_fchownat fs/open.c:661 [inline] SyS_fchownat+0xf6/0x190 fs/open.c:641 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 -> #1 (&s->s_dquot.dqio_sem){++++}: down_read+0x36/0x80 kernel/locking/rwsem.c:24 v2_read_dquot+0x49/0x120 fs/quota/quota_v2.c:333 dquot_acquire+0x10e/0x470 fs/quota/dquot.c:428 ext4_acquire_dquot+0x1b8/0x290 fs/ext4/super.c:5558 dqget+0x6a0/0xe90 fs/quota/dquot.c:897 __dquot_initialize+0x2fb/0xa70 fs/quota/dquot.c:1471 ext4_create+0x6e/0x520 fs/ext4/namei.c:2531 lookup_open+0x77a/0x1750 fs/namei.c:3241 do_last fs/namei.c:3334 [inline] path_openat+0xe08/0x2970 fs/namei.c:3571 do_filp_open+0x179/0x3c0 fs/namei.c:3605 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 -> #0 (&dquot->dq_lock){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469 ext4_write_dquot+0x1ac/0x240 fs/ext4/super.c:5542 ext4_mark_dquot_dirty+0xfe/0x190 fs/ext4/super.c:5593 mark_dquot_dirty fs/quota/dquot.c:341 [inline] mark_all_dquot_dirty fs/quota/dquot.c:379 [inline] __dquot_alloc_space+0x329/0x7b0 fs/quota/dquot.c:1703 dquot_alloc_space_nodirty include/linux/quotaops.h:295 [inline] dquot_alloc_space include/linux/quotaops.h:308 [inline] dquot_alloc_block include/linux/quotaops.h:332 [inline] ext4_mb_new_blocks+0x4ac/0x3db0 fs/ext4/mballoc.c:4571 ext4_ext_map_blocks+0x2845/0x6b10 fs/ext4/extents.c:4505 ext4_map_blocks+0x675/0x1730 fs/ext4/inode.c:656 ext4_getblk+0x98/0x420 fs/ext4/inode.c:992 ext4_bread+0x6c/0x1b0 fs/ext4/inode.c:1042 ext4_append+0x1ed/0x440 fs/ext4/namei.c:81 ext4_init_new_dir fs/ext4/namei.c:2680 [inline] ext4_mkdir+0x4c9/0xbd0 fs/ext4/namei.c:2727 vfs_mkdir+0x463/0x6e0 fs/namei.c:3851 SYSC_mkdirat fs/namei.c:3874 [inline] SyS_mkdirat+0x1fd/0x270 fs/namei.c:3858 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 other info that might help us debug this: Chain exists of: &dquot->dq_lock --> &s->s_dquot.dqio_sem --> &ei->i_data_sem/2 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ei->i_data_sem/2); lock(&s->s_dquot.dqio_sem); lock(&ei->i_data_sem/2); lock(&dquot->dq_lock); *** DEADLOCK *** 4 locks held by syz-executor.0/12113: #0: (sb_writers#3){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#3){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&type->i_mutex_dir_key#3/1){+.+.}, at: [] inode_lock_nested include/linux/fs.h:754 [inline] #1: (&type->i_mutex_dir_key#3/1){+.+.}, at: [] filename_create+0x12a/0x3f0 fs/namei.c:3676 #2: (&ei->i_data_sem/2){++++}, at: [] ext4_map_blocks+0x623/0x1730 fs/ext4/inode.c:649 #3: (dquot_srcu){....}, at: [] i_dquot fs/quota/dquot.c:922 [inline] #3: (dquot_srcu){....}, at: [] __dquot_alloc_space+0x184/0x7b0 fs/quota/dquot.c:1663 stack backtrace: CPU: 1 PID: 12113 Comm: syz-executor.0 Not tainted 4.14.303-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469 ext4_write_dquot+0x1ac/0x240 fs/ext4/super.c:5542 ext4_mark_dquot_dirty+0xfe/0x190 fs/ext4/super.c:5593 mark_dquot_dirty fs/quota/dquot.c:341 [inline] mark_all_dquot_dirty fs/quota/dquot.c:379 [inline] __dquot_alloc_space+0x329/0x7b0 fs/quota/dquot.c:1703 dquot_alloc_space_nodirty include/linux/quotaops.h:295 [inline] dquot_alloc_space include/linux/quotaops.h:308 [inline] dquot_alloc_block include/linux/quotaops.h:332 [inline] ext4_mb_new_blocks+0x4ac/0x3db0 fs/ext4/mballoc.c:4571 ext4_ext_map_blocks+0x2845/0x6b10 fs/ext4/extents.c:4505 ext4_map_blocks+0x675/0x1730 fs/ext4/inode.c:656 ext4_getblk+0x98/0x420 fs/ext4/inode.c:992 ext4_bread+0x6c/0x1b0 fs/ext4/inode.c:1042 ext4_append+0x1ed/0x440 fs/ext4/namei.c:81 ext4_init_new_dir fs/ext4/namei.c:2680 [inline] ext4_mkdir+0x4c9/0xbd0 fs/ext4/namei.c:2727 vfs_mkdir+0x463/0x6e0 fs/namei.c:3851 SYSC_mkdirat fs/namei.c:3874 [inline] SyS_mkdirat+0x1fd/0x270 fs/namei.c:3858 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fe70c9760c9 RSP: 002b:00007fe702ae6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 00007fe70ca96120 RCX: 00007fe70c9760c9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c RBP: 00007fe70c9d1ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffca3207dbf R14: 00007fe702ae6300 R15: 0000000000022000 sched: RT throttling activated XFS (loop2): Mounting V4 Filesystem XFS (loop2): Ending clean mount IPVS: ftp: loaded support on port[0] = 21 dsmark: reclassify loop, rule prio 0, protocol 800 hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected XFS (loop2): Unmounting Filesystem hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected XFS (loop3): Mounting V4 Filesystem XFS (loop3): Ending clean mount syz-executor.3 (12191) used greatest stack depth: 22384 bytes left XFS (loop3): Unmounting Filesystem XFS (loop2): Mounting V4 Filesystem XFS (loop2): Ending clean mount XFS (loop2): Unmounting Filesystem dsmark: reclassify loop, rule prio 0, protocol 800 dsmark: reclassify loop, rule prio 0, protocol 800 dsmark: reclassify loop, rule prio 0, protocol 800 dsmark: reclassify loop, rule prio 0, protocol 800 dsmark: reclassify loop, rule prio 0, protocol 800 ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid. ntfs: (device loop1): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. ntfs: (device loop1): ntfs_fill_super(): Not an NTFS volume. dsmark: reclassify loop, rule prio 0, protocol 800 ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid. ntfs: (device loop1): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. ntfs: (device loop1): ntfs_fill_super(): Not an NTFS volume. dsmark: reclassify loop, rule prio 0, protocol 800 ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid. dsmark: reclassify loop, rule prio 0, protocol 800 ntfs: (device loop1): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. ntfs: (device loop1): ntfs_fill_super(): Not an NTFS volume. dsmark: reclassify loop, rule prio 0, protocol 800 ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid. nla_parse: 12 callbacks suppressed netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. EXT4-fs (loop4): Unrecognized mount option "18446744073709551615" or missing value netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. EXT4-fs (loop4): Unrecognized mount option "18446744073709551615" or missing value netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. print_req_error: I/O error, dev loop4, sector 0 Buffer I/O error on dev loop4, logical block 0, async page read print_req_error: I/O error, dev loop4, sector 4 Buffer I/O error on dev loop4, logical block 2, async page read print_req_error: I/O error, dev loop4, sector 6 Buffer I/O error on dev loop4, logical block 3, async page read netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. EXT4-fs (loop4): Unrecognized mount option "18446744073709551615" or missing value netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. kauditd_printk_skb: 6 callbacks suppressed audit: type=1800 audit(1674127044.165:26): pid=12583 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=14320 res=0 audit: type=1800 audit(1674127044.175:27): pid=12586 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=14321 res=0