BTRFS info (device loop4): using free space tree REISERFS (device loop0): Using r5 hash to sort names REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. BTRFS info (device loop4): has skinny extents ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.4/9725 is trying to acquire lock: 0000000017b99a41 (&fs_info->qgroup_ioctl_lock){+.+.}, at: btrfs_limit_qgroup+0x63/0x7b0 fs/btrfs/qgroup.c:1467 but task is already holding lock: 0000000074013175 (sb_internal#2){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline] 0000000074013175 (sb_internal#2){.+.+}, at: start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (sb_internal#2){.+.+}: sb_start_intwrite include/linux/fs.h:1626 [inline] start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 btrfs_quota_enable+0x169/0x10b0 fs/btrfs/qgroup.c:905 btrfs_ioctl_quota_ctl fs/btrfs/ioctl.c:5233 [inline] btrfs_ioctl+0x622c/0x76d0 fs/btrfs/ioctl.c:6021 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&fs_info->qgroup_ioctl_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 btrfs_limit_qgroup+0x63/0x7b0 fs/btrfs/qgroup.c:1467 btrfs_ioctl_qgroup_limit fs/btrfs/ioctl.c:5386 [inline] btrfs_ioctl+0x3c0c/0x76d0 fs/btrfs/ioctl.c:6027 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sb_internal#2); lock(&fs_info->qgroup_ioctl_lock); BTRFS error (device loop4): fail to start transaction for status update: -28 lock(sb_internal#2); lock(&fs_info->qgroup_ioctl_lock); *** DEADLOCK *** 2 locks held by syz-executor.4/9725: #0: 00000000afd8ecb0 (sb_writers#17){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 00000000afd8ecb0 (sb_writers#17){.+.+}, at: mnt_want_write_file+0x63/0x1d0 fs/namespace.c:418 #1: 0000000074013175 (sb_internal#2){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline] #1: 0000000074013175 (sb_internal#2){.+.+}, at: start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 stack backtrace: CPU: 0 PID: 9725 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 btrfs_limit_qgroup+0x63/0x7b0 fs/btrfs/qgroup.c:1467 btrfs_ioctl_qgroup_limit fs/btrfs/ioctl.c:5386 [inline] btrfs_ioctl+0x3c0c/0x76d0 fs/btrfs/ioctl.c:6027 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f3c3b8c80c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3c39e3a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f3c3b9e7f80 RCX: 00007f3c3b8c80c9 RDX: 0000000020000040 RSI: 000000008030942b RDI: 0000000000000004 RBP: 00007f3c3b923ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcba46bfcf R14: 00007f3c39e3a300 R15: 0000000000022000 IPVS: ftp: loaded support on port[0] = 21 REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal REISERFS (device loop0): using ordered data mode reiserfs: using flush barriers REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 attempt to access beyond end of device loop5: rw=0, want=201326594, limit=1024 Buffer I/O error on dev loop5, logical block 100663296, async page read REISERFS (device loop0): checking transaction log (loop0) hfsplus: unable to mark blocks free: error -5 attempt to access beyond end of device hfsplus: can't free extent loop4: rw=0, want=201326594, limit=1024 Buffer I/O error on dev loop4, logical block 100663296, async page read hfsplus: unable to mark blocks free: error -5 hfsplus: can't free extent REISERFS (device loop0): Using r5 hash to sort names REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. F2FS-fs (loop1): Unrecognized mount option "data_flu*€"×ouser_xattr" or missing value F2FS-fs (loop1): Unrecognized mount option "data_flu*€"×ouser_xattr" or missing value XFS (loop3): Mounting V4 Filesystem XFS (loop3): Ending clean mount XFS (loop3): Quotacheck needed: Please wait. XFS (loop3): Quotacheck: Done. syz-executor.3 (9985) used greatest stack depth: 23144 bytes left XFS (loop3): Unmounting Filesystem XFS (loop3): Mounting V4 Filesystem XFS (loop3): Ending clean mount XFS (loop3): Quotacheck needed: Please wait. XFS (loop3): Quotacheck: Done. overlayfs: filesystem on './bus' not supported as upperdir overlayfs: filesystem on './bus' not supported as upperdir overlayfs: filesystem on './bus' not supported as upperdir overlayfs: filesystem on './bus' not supported as upperdir overlayfs: filesystem on './bus' not supported as upperdir XFS (loop3): Unmounting Filesystem F2FS-fs (loop4): Unrecognized mount option "data_flu*€"×ouser_xattr" or missing value F2FS-fs (loop4): Unrecognized mount option "data_flu*€"×ouser_xattr" or missing value XFS (loop1): Mounting V4 Filesystem XFS (loop1): Ending clean mount XFS (loop1): Quotacheck needed: Please wait. XFS (loop1): Quotacheck: Done. XFS (loop1): Unmounting Filesystem XFS (loop1): Mounting V4 Filesystem XFS (loop1): Ending clean mount XFS (loop3): Mounting V4 Filesystem XFS (loop1): Quotacheck needed: Please wait. XFS (loop1): Quotacheck: Done. XFS (loop3): Ending clean mount XFS (loop3): Quotacheck needed: Please wait. XFS (loop3): Quotacheck: Done. overlayfs: './file1' not a directory XFS (loop3): Unmounting Filesystem XFS (loop1): Unmounting Filesystem F2FS-fs (loop4): Unrecognized mount option "data_flu*€"×ouser_xattr" or missing value F2FS-fs (loop4): Unrecognized mount option "data_flu*€"×ouser_xattr" or missing value XFS (loop1): Mounting V4 Filesystem XFS (loop1): Ending clean mount XFS (loop1): Quotacheck needed: Please wait. XFS (loop1): Quotacheck: Done. F2FS-fs (loop4): Unrecognized mount option "data_flu*€"×ouser_xattr" or missing value F2FS-fs (loop4): Unrecognized mount option "data_flu*€"×ouser_xattr" or missing value XFS (loop1): Unmounting Filesystem audit: type=1804 audit(1673389966.441:3): pid=10373 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1369309680/syzkaller.cm3I4h/16/bus" dev="sda1" ino=13957 res=1 audit: type=1800 audit(1673389966.441:4): pid=10373 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=13957 res=0 F2FS-fs (loop4): Unrecognized mount option "data_flu*€"×ouser_xattr" or missing value F2FS-fs (loop4): Unrecognized mount option "data_flu*€"×ouser_xattr" or missing value XFS (loop1): Mounting V4 Filesystem XFS (loop1): Ending clean mount XFS (loop1): Quotacheck needed: Please wait. XFS (loop1): Quotacheck: Done. audit: type=1804 audit(1673389967.151:5): pid=10424 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1369309680/syzkaller.cm3I4h/17/bus" dev="sda1" ino=13979 res=1 audit: type=1800 audit(1673389967.151:6): pid=10424 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=13979 res=0 XFS (loop1): Unmounting Filesystem XFS (loop1): Mounting V4 Filesystem XFS (loop1): Ending clean mount XFS (loop1): Quotacheck needed: Please wait. XFS (loop1): Quotacheck: Done. XFS (loop1): Unmounting Filesystem F2FS-fs (loop4): Unrecognized mount option "data_flu*€"×ouser_xattr" or missing value F2FS-fs (loop4): Unrecognized mount option "data_flu*€"×ouser_xattr" or missing value audit: type=1804 audit(1673389968.312:7): pid=10500 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1369309680/syzkaller.cm3I4h/18/bus" dev="sda1" ino=14041 res=1