audit: type=1800 audit(1672818008.969:51): pid=13924 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="file1" dev="sda1" ino=13889 res=0
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
======================================================
WARNING: possible circular locking dependency detected
4.14.302-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.2/13929 is trying to acquire lock:
 (&dquot->dq_lock){+.+.}, at: [<ffffffff819de44d>] dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469

but task is already holding lock:
 (&ei->i_data_sem/2){++++}, at: [<ffffffff81ba6ee3>] ext4_map_blocks+0x623/0x1730 fs/ext4/inode.c:649

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&ei->i_data_sem/2){++++}:
       down_read+0x36/0x80 kernel/locking/rwsem.c:24
       ext4_map_blocks+0x29f/0x1730 fs/ext4/inode.c:577
       ext4_getblk+0x98/0x420 fs/ext4/inode.c:992
       ext4_bread+0x6c/0x1b0 fs/ext4/inode.c:1042
       ext4_quota_write+0x187/0x420 fs/ext4/super.c:5902
       write_blk+0x106/0x1e0 fs/quota/quota_tree.c:72
       get_free_dqblk+0xf3/0x330 fs/quota/quota_tree.c:133
       do_insert_tree+0x34b/0x1060 fs/quota/quota_tree.c:343
       do_insert_tree+0xe85/0x1060 fs/quota/quota_tree.c:374
       dq_insert_tree fs/quota/quota_tree.c:400 [inline]
       qtree_write_dquot+0x18a/0x4e0 fs/quota/quota_tree.c:419
       v2_write_dquot+0x10f/0x240 fs/quota/quota_v2.c:359
       dquot_acquire+0x220/0x470 fs/quota/dquot.c:436
       ext4_acquire_dquot+0x1b8/0x290 fs/ext4/super.c:5558
       dqget+0x6a0/0xe90 fs/quota/dquot.c:897
       __dquot_initialize+0x2fb/0xa70 fs/quota/dquot.c:1471
       ext4_rmdir+0x13f/0xb00 fs/ext4/namei.c:3024
       vfs_rmdir.part.0+0x144/0x390 fs/namei.c:3910
       vfs_rmdir fs/namei.c:3895 [inline]
       do_rmdir+0x334/0x3c0 fs/namei.c:3970
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

-> #1 (&s->s_dquot.dqio_sem){++++}:
       down_read+0x36/0x80 kernel/locking/rwsem.c:24
       v2_read_dquot+0x49/0x120 fs/quota/quota_v2.c:333
       dquot_acquire+0x10e/0x470 fs/quota/dquot.c:428
       ext4_acquire_dquot+0x1b8/0x290 fs/ext4/super.c:5558
       dqget+0x6a0/0xe90 fs/quota/dquot.c:897
       __dquot_initialize+0x2fb/0xa70 fs/quota/dquot.c:1471
       ext4_rmdir+0xdc/0xb00 fs/ext4/namei.c:3021
       vfs_rmdir.part.0+0x144/0x390 fs/namei.c:3910
       vfs_rmdir fs/namei.c:3895 [inline]
       do_rmdir+0x334/0x3c0 fs/namei.c:3970
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

-> #0 (&dquot->dq_lock){+.+.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
       dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469
       ext4_write_dquot+0x1ac/0x240 fs/ext4/super.c:5542
       ext4_mark_dquot_dirty+0xfe/0x190 fs/ext4/super.c:5593
       mark_dquot_dirty fs/quota/dquot.c:341 [inline]
       mark_all_dquot_dirty fs/quota/dquot.c:379 [inline]
       __dquot_alloc_space+0x329/0x7b0 fs/quota/dquot.c:1703
       dquot_alloc_space_nodirty include/linux/quotaops.h:295 [inline]
       dquot_alloc_space include/linux/quotaops.h:308 [inline]
       dquot_alloc_block include/linux/quotaops.h:332 [inline]
       ext4_mb_new_blocks+0x4ac/0x3db0 fs/ext4/mballoc.c:4571
       ext4_ext_map_blocks+0x2845/0x6b10 fs/ext4/extents.c:4505
       ext4_map_blocks+0x675/0x1730 fs/ext4/inode.c:656
       ext4_getblk+0x98/0x420 fs/ext4/inode.c:992
       ext4_bread+0x6c/0x1b0 fs/ext4/inode.c:1042
       ext4_append+0x1ed/0x440 fs/ext4/namei.c:81
       ext4_init_new_dir fs/ext4/namei.c:2680 [inline]
       ext4_mkdir+0x4c9/0xbd0 fs/ext4/namei.c:2727
       vfs_mkdir+0x463/0x6e0 fs/namei.c:3851
       SYSC_mkdirat fs/namei.c:3874 [inline]
       SyS_mkdirat+0x1fd/0x270 fs/namei.c:3858
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

other info that might help us debug this:

Chain exists of:
  &dquot->dq_lock --> &s->s_dquot.dqio_sem --> &ei->i_data_sem/2

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ei->i_data_sem/2);
                               lock(&s->s_dquot.dqio_sem);
                               lock(&ei->i_data_sem/2);
  lock(&dquot->dq_lock);

 *** DEADLOCK ***

4 locks held by syz-executor.2/13929:
 #0:  (sb_writers#3){.+.+}, at: [<ffffffff818e1ffa>] sb_start_write include/linux/fs.h:1551 [inline]
 #0:  (sb_writers#3){.+.+}, at: [<ffffffff818e1ffa>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
 #1:  (&type->i_mutex_dir_key#3/1){+.+.}, at: [<ffffffff818a98ca>] inode_lock_nested include/linux/fs.h:754 [inline]
 #1:  (&type->i_mutex_dir_key#3/1){+.+.}, at: [<ffffffff818a98ca>] filename_create+0x12a/0x3f0 fs/namei.c:3676
 #2:  (&ei->i_data_sem/2){++++}, at: [<ffffffff81ba6ee3>] ext4_map_blocks+0x623/0x1730 fs/ext4/inode.c:649
 #3:  (dquot_srcu){....}, at: [<ffffffff819eaa44>] i_dquot fs/quota/dquot.c:922 [inline]
 #3:  (dquot_srcu){....}, at: [<ffffffff819eaa44>] __dquot_alloc_space+0x184/0x7b0 fs/quota/dquot.c:1663

stack backtrace:
CPU: 0 PID: 13929 Comm: syz-executor.2 Not tainted 4.14.302-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
 dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469
 ext4_write_dquot+0x1ac/0x240 fs/ext4/super.c:5542
 ext4_mark_dquot_dirty+0xfe/0x190 fs/ext4/super.c:5593
 mark_dquot_dirty fs/quota/dquot.c:341 [inline]
 mark_all_dquot_dirty fs/quota/dquot.c:379 [inline]
 __dquot_alloc_space+0x329/0x7b0 fs/quota/dquot.c:1703
 dquot_alloc_space_nodirty include/linux/quotaops.h:295 [inline]
 dquot_alloc_space include/linux/quotaops.h:308 [inline]
 dquot_alloc_block include/linux/quotaops.h:332 [inline]
 ext4_mb_new_blocks+0x4ac/0x3db0 fs/ext4/mballoc.c:4571
 ext4_ext_map_blocks+0x2845/0x6b10 fs/ext4/extents.c:4505
 ext4_map_blocks+0x675/0x1730 fs/ext4/inode.c:656
 ext4_getblk+0x98/0x420 fs/ext4/inode.c:992
 ext4_bread+0x6c/0x1b0 fs/ext4/inode.c:1042
 ext4_append+0x1ed/0x440 fs/ext4/namei.c:81
 ext4_init_new_dir fs/ext4/namei.c:2680 [inline]
 ext4_mkdir+0x4c9/0xbd0 fs/ext4/namei.c:2727
 vfs_mkdir+0x463/0x6e0 fs/namei.c:3851
 SYSC_mkdirat fs/namei.c:3874 [inline]
 SyS_mkdirat+0x1fd/0x270 fs/namei.c:3858
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f709092b0c9
RSP: 002b:00007f7086a9b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007f7090a4b120 RCX: 00007f709092b0c9
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c
RBP: 00007f7090986ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff77bcae4f R14: 00007f7086a9b300 R15: 0000000000022000
audit: type=1800 audit(1672818010.439:52): pid=13946 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file1" dev="sda1" ino=13889 res=0
audit: type=1800 audit(1672818011.179:53): pid=13948 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file1" dev="sda1" ino=14435 res=0
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
audit: type=1800 audit(1672818011.950:54): pid=13966 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="file1" dev="sda1" ino=14425 res=0
audit: type=1800 audit(1672818012.140:55): pid=13967 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file1" dev="sda1" ino=14438 res=0
audit: type=1800 audit(1672818012.470:56): pid=13985 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="file1" dev="sda1" ino=13899 res=0
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
audit: type=1800 audit(1672818012.970:57): pid=14009 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file1" dev="sda1" ino=14442 res=0
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device loop3): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 210 with error 28
EXT4-fs (loop3): This should not happen!! Data will be lost

EXT4-fs (loop3): Total free blocks count 0
EXT4-fs (loop3): Free/Dirty block details
EXT4-fs (loop3): free_blocks=2415919104
EXT4-fs (loop3): dirty_blocks=224
EXT4-fs (loop3): Block reservation details
EXT4-fs (loop3): i_reserved_data_blocks=14
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device loop3): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1182 with error 28
EXT4-fs error (device loop0): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
EXT4-fs (loop3): This should not happen!! Data will be lost

EXT4-fs (loop3): Total free blocks count 0
EXT4-fs (loop3): Free/Dirty block details
EXT4-fs (loop3): free_blocks=2415919104
EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 924 with error 28
EXT4-fs (loop3): dirty_blocks=1184
EXT4-fs (loop3): Block reservation details
EXT4-fs (loop3): i_reserved_data_blocks=74
EXT4-fs (loop0): This should not happen!! Data will be lost

EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): Total free blocks count 0
EXT4-fs (loop0): Free/Dirty block details
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): free_blocks=2415919104
EXT4-fs error (device loop2): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
EXT4-fs (loop0): dirty_blocks=928
EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 378 with error 28
EXT4-fs (loop0): Block reservation details
EXT4-fs error (device loop4): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
EXT4-fs (loop0): i_reserved_data_blocks=58
EXT4-fs (loop2): This should not happen!! Data will be lost

EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 860 with error 28
EXT4-fs (loop2): Total free blocks count 0
EXT4-fs (loop2): Free/Dirty block details
EXT4-fs (loop4): This should not happen!! Data will be lost

EXT4-fs (loop2): free_blocks=2415919104
EXT4-fs (loop4): Total free blocks count 0
EXT4-fs (loop4): Free/Dirty block details
EXT4-fs (loop2): dirty_blocks=384
EXT4-fs (loop4): free_blocks=2415919104
EXT4-fs (loop4): dirty_blocks=864
EXT4-fs (loop2): Block reservation details
EXT4-fs (loop4): Block reservation details
EXT4-fs (loop2): i_reserved_data_blocks=24
EXT4-fs (loop4): i_reserved_data_blocks=54
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs error (device loop3): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1050 with error 28
EXT4-fs (loop3): This should not happen!! Data will be lost

EXT4-fs error (device loop0): ext4_mb_generate_buddy:754: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
EXT4-fs (loop3): Total free blocks count 0
EXT4-fs (loop3): Free/Dirty block details
EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 706 with error 28
EXT4-fs (loop3): free_blocks=2415919104
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop3): dirty_blocks=1056
EXT4-fs (loop0): This should not happen!! Data will be lost

EXT4-fs (loop3): Block reservation details
EXT4-fs (loop0): Total free blocks count 0
EXT4-fs (loop3): i_reserved_data_blocks=66
EXT4-fs (loop0): Free/Dirty block details
EXT4-fs (loop0): free_blocks=2415919104
EXT4-fs (loop0): dirty_blocks=720