====================================================== WARNING: possible circular locking dependency detected 4.14.232-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.3/18466 is trying to acquire lock: (&dquot->dq_lock){+.+.}, at: [] dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469 but task is already holding lock: (&ei->i_data_sem/2){++++}, at: [] ext4_map_blocks+0x623/0x1730 fs/ext4/inode.c:649 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&ei->i_data_sem/2){++++}: down_read+0x36/0x80 kernel/locking/rwsem.c:24 ext4_map_blocks+0x29f/0x1730 fs/ext4/inode.c:577 ext4_getblk+0x98/0x3f0 fs/ext4/inode.c:992 ext4_bread+0x6c/0x1a0 fs/ext4/inode.c:1042 ext4_quota_write+0x1dd/0x490 fs/ext4/super.c:5880 write_blk+0x106/0x1e0 fs/quota/quota_tree.c:72 get_free_dqblk+0xf3/0x2a0 fs/quota/quota_tree.c:101 do_insert_tree+0x68d/0xfc0 fs/quota/quota_tree.c:308 do_insert_tree+0xdb4/0xfc0 fs/quota/quota_tree.c:339 do_insert_tree+0xdb4/0xfc0 fs/quota/quota_tree.c:339 do_insert_tree+0xdb4/0xfc0 fs/quota/quota_tree.c:339 dq_insert_tree fs/quota/quota_tree.c:365 [inline] qtree_write_dquot+0x18a/0x4e0 fs/quota/quota_tree.c:384 v2_write_dquot+0x10f/0x240 fs/quota/quota_v2.c:359 dquot_acquire+0x220/0x470 fs/quota/dquot.c:436 ext4_acquire_dquot+0x1b8/0x290 fs/ext4/super.c:5538 dqget+0x6a0/0xe90 fs/quota/dquot.c:892 __dquot_initialize+0x2fb/0xa70 fs/quota/dquot.c:1466 ext4_create+0x6e/0x520 fs/ext4/namei.c:2488 lookup_open+0x77a/0x1750 fs/namei.c:3241 do_last fs/namei.c:3334 [inline] path_openat+0xe08/0x2970 fs/namei.c:3569 do_filp_open+0x179/0x3c0 fs/namei.c:3603 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #1 (&s->s_dquot.dqio_sem){++++}: down_read+0x36/0x80 kernel/locking/rwsem.c:24 v2_read_dquot+0x49/0x120 fs/quota/quota_v2.c:333 dquot_acquire+0x10e/0x470 fs/quota/dquot.c:428 ext4_acquire_dquot+0x1b8/0x290 fs/ext4/super.c:5538 dqget+0x6a0/0xe90 fs/quota/dquot.c:892 __dquot_initialize+0x2fb/0xa70 fs/quota/dquot.c:1466 ext4_create+0x6e/0x520 fs/ext4/namei.c:2488 lookup_open+0x77a/0x1750 fs/namei.c:3241 do_last fs/namei.c:3334 [inline] path_openat+0xe08/0x2970 fs/namei.c:3569 do_filp_open+0x179/0x3c0 fs/namei.c:3603 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #0 (&dquot->dq_lock){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469 ext4_write_dquot+0x1ac/0x240 fs/ext4/super.c:5522 ext4_mark_dquot_dirty+0xfe/0x190 fs/ext4/super.c:5573 mark_dquot_dirty fs/quota/dquot.c:341 [inline] mark_all_dquot_dirty fs/quota/dquot.c:379 [inline] __dquot_alloc_space+0x329/0x7b0 fs/quota/dquot.c:1698 dquot_alloc_space_nodirty include/linux/quotaops.h:295 [inline] dquot_alloc_space include/linux/quotaops.h:308 [inline] dquot_alloc_block include/linux/quotaops.h:332 [inline] ext4_mb_new_blocks+0x4ac/0x3db0 fs/ext4/mballoc.c:4561 ext4_ext_map_blocks+0x2845/0x6b10 fs/ext4/extents.c:4499 ext4_map_blocks+0x675/0x1730 fs/ext4/inode.c:656 _ext4_get_block+0x187/0x480 fs/ext4/inode.c:809 __block_write_begin_int+0x35c/0x1090 fs/buffer.c:2038 ext4_write_begin+0x43e/0x1260 fs/ext4/inode.c:1344 ext4_da_write_begin+0x628/0xe70 fs/ext4/inode.c:3058 generic_perform_write+0x1c9/0x420 mm/filemap.c:3055 __generic_file_write_iter+0x227/0x590 mm/filemap.c:3180 ext4_file_write_iter+0x276/0xd20 fs/ext4/file.c:270 call_write_iter include/linux/fs.h:1778 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x44c/0x630 fs/read_write.c:482 vfs_write+0x17f/0x4d0 fs/read_write.c:544 SYSC_write fs/read_write.c:590 [inline] SyS_write+0xf2/0x210 fs/read_write.c:582 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb other info that might help us debug this: Chain exists of: &dquot->dq_lock --> &s->s_dquot.dqio_sem --> &ei->i_data_sem/2 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ei->i_data_sem/2); lock(&s->s_dquot.dqio_sem); lock(&ei->i_data_sem/2); lock(&dquot->dq_lock); *** DEADLOCK *** 5 locks held by syz-executor.3/18466: #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0x1fb/0x2b0 fs/file.c:769 #1: (sb_writers#3){.+.+}, at: [] file_start_write include/linux/fs.h:2712 [inline] #1: (sb_writers#3){.+.+}, at: [] vfs_write+0x3d8/0x4d0 fs/read_write.c:543 #2: (&sb->s_type->i_mutex_key#10){++++}, at: [] inode_trylock include/linux/fs.h:739 [inline] #2: (&sb->s_type->i_mutex_key#10){++++}, at: [] ext4_file_write_iter+0x1cc/0xd20 fs/ext4/file.c:236 #3: (&ei->i_data_sem/2){++++}, at: [] ext4_map_blocks+0x623/0x1730 fs/ext4/inode.c:649 #4: (dquot_srcu){....}, at: [] i_dquot fs/quota/dquot.c:917 [inline] #4: (dquot_srcu){....}, at: [] __dquot_alloc_space+0x184/0x7b0 fs/quota/dquot.c:1658 stack backtrace: CPU: 1 PID: 18466 Comm: syz-executor.3 Not tainted 4.14.232-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469 ext4_write_dquot+0x1ac/0x240 fs/ext4/super.c:5522 ext4_mark_dquot_dirty+0xfe/0x190 fs/ext4/super.c:5573 mark_dquot_dirty fs/quota/dquot.c:341 [inline] mark_all_dquot_dirty fs/quota/dquot.c:379 [inline] __dquot_alloc_space+0x329/0x7b0 fs/quota/dquot.c:1698 dquot_alloc_space_nodirty include/linux/quotaops.h:295 [inline] dquot_alloc_space include/linux/quotaops.h:308 [inline] dquot_alloc_block include/linux/quotaops.h:332 [inline] ext4_mb_new_blocks+0x4ac/0x3db0 fs/ext4/mballoc.c:4561 ext4_ext_map_blocks+0x2845/0x6b10 fs/ext4/extents.c:4499 ext4_map_blocks+0x675/0x1730 fs/ext4/inode.c:656 _ext4_get_block+0x187/0x480 fs/ext4/inode.c:809 __block_write_begin_int+0x35c/0x1090 fs/buffer.c:2038 ext4_write_begin+0x43e/0x1260 fs/ext4/inode.c:1344 ext4_da_write_begin+0x628/0xe70 fs/ext4/inode.c:3058 generic_perform_write+0x1c9/0x420 mm/filemap.c:3055 __generic_file_write_iter+0x227/0x590 mm/filemap.c:3180 ext4_file_write_iter+0x276/0xd20 fs/ext4/file.c:270 call_write_iter include/linux/fs.h:1778 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x44c/0x630 fs/read_write.c:482 vfs_write+0x17f/0x4d0 fs/read_write.c:544 SYSC_write fs/read_write.c:590 [inline] SyS_write+0xf2/0x210 fs/read_write.c:582 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x4665d9 RSP: 002b:00007fd0c1abe188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665d9 RDX: 000000000d4ba0ff RSI: 00000000200009c0 RDI: 0000000000000004 RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffd5766f21f R14: 00007fd0c1abe300 R15: 0000000000022000 EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue audit: type=1800 audit(1621139147.798:110): pid=18549 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="loop2" ino=17 res=0 audit: type=1804 audit(1621139147.828:111): pid=18549 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir526989588/syzkaller.3BXVc4/223/file0/file0" dev="loop2" ino=17 res=1 audit: type=1800 audit(1621139147.828:112): pid=18549 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="loop2" ino=17 res=0 EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1621139147.828:113): pid=18549 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir526989588/syzkaller.3BXVc4/223/file0/file0" dev="loop2" ino=17 res=1 audit: type=1804 audit(1621139147.868:114): pid=18582 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir526989588/syzkaller.3BXVc4/223/file0/file0" dev="loop2" ino=17 res=1 audit: type=1804 audit(1621139147.868:115): pid=18549 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir526989588/syzkaller.3BXVc4/223/file0/file0" dev="loop2" ino=17 res=1 audit: type=1800 audit(1621139148.108:116): pid=18608 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="loop2" ino=17 res=0 audit: type=1804 audit(1621139148.118:117): pid=18608 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir526989588/syzkaller.3BXVc4/224/file0/file0" dev="loop2" ino=17 res=1 EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue audit: type=1800 audit(1621139148.118:118): pid=18608 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="loop2" ino=17 res=0 EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1621139148.118:119): pid=18608 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir526989588/syzkaller.3BXVc4/224/file0/file0" dev="loop2" ino=17 res=1 EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz1 hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz1 EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue divide error: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 18815 Comm: syz-executor.1 Not tainted 4.14.232-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88804c07c6c0 task.stack: ffff88804b240000 RIP: 0010:fbcon_init+0xcb4/0x1cc0 drivers/video/fbdev/core/fbcon.c:1065 RSP: 0018:ffff88804b2477e0 EFLAGS: 00010246 RAX: 00000000000003c0 RBX: ffff888238fa77c0 RCX: ffffc900070fc000 RDX: 0000000000000000 RSI: ffff88804bb3e3f4 RDI: ffff888238fa7978 RBP: ffff88804bb3e040 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: ffff88804c07c6c0 R12: ffff888238ff8980 R13: 0000000000000000 R14: ffff88804bb3e374 R15: 00000000000003c0 FS: 00007fe95c0ae700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe95c0add58 CR3: 00000000a9111000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: visual_init+0x332/0x5e0 drivers/tty/vt/vt.c:746 vc_allocate+0x2c5/0x640 drivers/tty/vt/vt.c:802 con_install+0x4d/0x450 drivers/tty/vt/vt.c:2899 tty_driver_install_tty drivers/tty/tty_io.c:1225 [inline] tty_init_dev.part.0+0x99/0x400 drivers/tty/tty_io.c:1338 tty_init_dev drivers/tty/tty_io.c:1328 [inline] tty_open_by_driver drivers/tty/tty_io.c:1973 [inline] tty_open+0x669/0x8b0 drivers/tty/tty_io.c:2021 chrdev_open+0x23c/0x6d0 fs/char_dev.c:423 do_dentry_open+0x44b/0xec0 fs/open.c:777 vfs_open+0x105/0x220 fs/open.c:888 do_last fs/namei.c:3428 [inline] path_openat+0x628/0x2970 fs/namei.c:3569 do_filp_open+0x179/0x3c0 fs/namei.c:3603 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x4196c4 RSP: 002b:00007fe95c0adcc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 00000000004196c4 RDX: 0000000000000002 RSI: 00007fe95c0add60 RDI: 00000000ffffff9c RBP: 00007fe95c0add60 R08: 0000000000000000 R09: 000000000000000e R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 R13: 00007fff6c56f79f R14: 00007fe95c0ae300 R15: 0000000000022000 Code: 54 24 30 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 8d 0d 00 00 31 d2 44 89 f8 48 8b 74 24 38 b5 b0 03 00 00 48 89 f2 48 c1 ea 03 89 44 24 30 48 b8 00 00 RIP: fbcon_init+0xcb4/0x1cc0 drivers/video/fbdev/core/fbcon.c:1065 RSP: ffff88804b2477e0 ---[ end trace 28845fb464afd750 ]---