loop1: detected capacity change from 0 to 4096
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
======================================================
WARNING: possible circular locking dependency detected
5.12.0-rc8-syzkaller-00011-g18a3c5f7abfd #0 Not tainted
------------------------------------------------------
syz-executor.1/14984 is trying to acquire lock:
ffffffe02ae960a8 (&dquot->dq_lock){+.+.}-{3:3}, at: dquot_commit+0x44/0x23c fs/quota/dquot.c:476

but task is already holding lock:
ffffffe02ae8dc30 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_map_blocks+0x45a/0xd9c fs/ext4/inode.c:631

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&ei->i_data_sem/2){++++}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:2998 [inline]
       check_prevs_add kernel/locking/lockdep.c:3060 [inline]
       validate_chain kernel/locking/lockdep.c:3675 [inline]
       __lock_acquire+0x29aa/0x2d7c kernel/locking/lockdep.c:4901
       lock_acquire.part.0+0x15a/0x47c kernel/locking/lockdep.c:5511
       lock_acquire+0x44/0x5a kernel/locking/lockdep.c:5484
       down_read+0x46/0x1a4 kernel/locking/rwsem.c:1353
       ext4_map_blocks+0x210/0xd9c fs/ext4/inode.c:561
       ext4_getblk+0xa2/0x472 fs/ext4/inode.c:848
       ext4_bread+0x2c/0x140 fs/ext4/inode.c:900
       ext4_quota_write+0x13e/0x44c fs/ext4/super.c:6569
       write_blk+0x98/0x10c fs/quota/quota_tree.c:73
       get_free_dqblk+0xa6/0x1f8 fs/quota/quota_tree.c:102
       do_insert_tree+0x5aa/0xa88 fs/quota/quota_tree.c:309
       do_insert_tree+0xa42/0xa88 fs/quota/quota_tree.c:340
       do_insert_tree+0xa42/0xa88 fs/quota/quota_tree.c:340
       do_insert_tree+0xa42/0xa88 fs/quota/quota_tree.c:340
       dq_insert_tree fs/quota/quota_tree.c:366 [inline]
       qtree_write_dquot+0xe6/0x2aa fs/quota/quota_tree.c:385
       v2_write_dquot+0xa4/0x12c fs/quota/quota_v2.c:358
       dquot_acquire+0x174/0x298 fs/quota/dquot.c:443
       ext4_acquire_dquot+0x164/0x1be fs/ext4/super.c:6228
       dqget+0x3f2/0x838 fs/quota/dquot.c:901
       __dquot_initialize+0x29a/0x6f4 fs/quota/dquot.c:1479
       dquot_initialize+0x1c/0x26 fs/quota/dquot.c:1537
       ext4_tmpfile+0x4a/0x2fe fs/ext4/namei.c:2684
       vfs_tmpfile+0x12e/0x20e fs/namei.c:3415
       do_tmpfile fs/namei.c:3450 [inline]
       path_openat+0xf50/0x1690 fs/namei.c:3491
       do_filp_open+0xa4/0x1a0 fs/namei.c:3527
       do_sys_openat2+0x102/0x26a fs/open.c:1187
       do_sys_open fs/open.c:1203 [inline]
       __do_sys_openat fs/open.c:1219 [inline]
       sys_openat+0x80/0xee fs/open.c:1214
       ret_from_syscall+0x0/0x2

-> #1 (&s->s_dquot.dqio_sem){++++}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:2998 [inline]
       check_prevs_add kernel/locking/lockdep.c:3060 [inline]
       validate_chain kernel/locking/lockdep.c:3675 [inline]
       __lock_acquire+0x29aa/0x2d7c kernel/locking/lockdep.c:4901
       lock_acquire.part.0+0x15a/0x47c kernel/locking/lockdep.c:5511
       lock_acquire+0x44/0x5a kernel/locking/lockdep.c:5484
       down_read+0x46/0x1a4 kernel/locking/rwsem.c:1353
       v2_read_dquot+0x38/0x96 fs/quota/quota_v2.c:332
       dquot_acquire+0xb4/0x298 fs/quota/dquot.c:434
       ext4_acquire_dquot+0x164/0x1be fs/ext4/super.c:6228
       dqget+0x3f2/0x838 fs/quota/dquot.c:901
       __dquot_initialize+0x29a/0x6f4 fs/quota/dquot.c:1479
       dquot_initialize+0x1c/0x26 fs/quota/dquot.c:1537
       ext4_tmpfile+0x4a/0x2fe fs/ext4/namei.c:2684
       vfs_tmpfile+0x12e/0x20e fs/namei.c:3415
       do_tmpfile fs/namei.c:3450 [inline]
       path_openat+0xf50/0x1690 fs/namei.c:3491
       do_filp_open+0xa4/0x1a0 fs/namei.c:3527
       do_sys_openat2+0x102/0x26a fs/open.c:1187
       do_sys_open fs/open.c:1203 [inline]
       __do_sys_openat fs/open.c:1219 [inline]
       sys_openat+0x80/0xee fs/open.c:1214
       ret_from_syscall+0x0/0x2

-> #0 (&dquot->dq_lock){+.+.}-{3:3}:
       print_circular_bug+0xf2/0x36c kernel/locking/lockdep.c:1983
       check_noncircular+0x13a/0x15a kernel/locking/lockdep.c:2128
       check_prev_add kernel/locking/lockdep.c:2937 [inline]
       check_prevs_add kernel/locking/lockdep.c:3060 [inline]
       validate_chain kernel/locking/lockdep.c:3675 [inline]
       __lock_acquire+0x18ec/0x2d7c kernel/locking/lockdep.c:4901
       lock_acquire.part.0+0x15a/0x47c kernel/locking/lockdep.c:5511
       lock_acquire+0x44/0x5a kernel/locking/lockdep.c:5484
       __mutex_lock_common kernel/locking/mutex.c:949 [inline]
       __mutex_lock+0x92/0x99e kernel/locking/mutex.c:1096
       mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:1111
       dquot_commit+0x44/0x23c fs/quota/dquot.c:476
       ext4_write_dquot+0x13a/0x18c fs/ext4/super.c:6212
       ext4_mark_dquot_dirty fs/ext4/super.c:6260 [inline]
       ext4_mark_dquot_dirty+0x9e/0xe8 fs/ext4/super.c:6254
       mark_dquot_dirty fs/quota/dquot.c:347 [inline]
       mark_all_dquot_dirty fs/quota/dquot.c:385 [inline]
       __dquot_alloc_space+0x3cc/0x72a fs/quota/dquot.c:1709
       dquot_alloc_space_nodirty include/linux/quotaops.h:297 [inline]
       dquot_alloc_space include/linux/quotaops.h:310 [inline]
       dquot_alloc_block include/linux/quotaops.h:334 [inline]
       ext4_mb_new_blocks+0x3a0/0x3018 fs/ext4/mballoc.c:4944
       ext4_ext_map_blocks+0x17fc/0x3c42 fs/ext4/extents.c:4238
       ext4_map_blocks+0x49a/0xd9c fs/ext4/inode.c:638
       ext4_getblk+0xa2/0x472 fs/ext4/inode.c:848
       ext4_bread+0x2c/0x140 fs/ext4/inode.c:900
       ext4_append+0xb4/0x1cc fs/ext4/namei.c:67
       ext4_init_new_dir+0x152/0x342 fs/ext4/namei.c:2768
       ext4_mkdir+0x2a6/0x688 fs/ext4/namei.c:2814
       vfs_mkdir+0x10c/0x1ce fs/namei.c:3819
       do_mkdirat+0x1c6/0x1fc fs/namei.c:3844
       __do_sys_mkdirat fs/namei.c:3857 [inline]
       sys_mkdirat+0x2c/0x3a fs/namei.c:3855
       ret_from_syscall+0x0/0x2

other info that might help us debug this:

Chain exists of:
  &dquot->dq_lock --> &s->s_dquot.dqio_sem --> &ei->i_data_sem/2

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ei->i_data_sem/2);
                               lock(&s->s_dquot.dqio_sem);
                               lock(&ei->i_data_sem/2);
  lock(&dquot->dq_lock);

 *** DEADLOCK ***

4 locks held by syz-executor.1/14984:
 #0: ffffffe025154460 (sb_writers#4){.+.+}-{0:0}, at: filename_create+0x9a/0x26e fs/namei.c:3593
 #1: ffffffe02afb9878 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:810 [inline]
 #1: ffffffe02afb9878 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: filename_create+0xc0/0x26e fs/namei.c:3598
 #2: ffffffe02ae8dc30 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_map_blocks+0x45a/0xd9c fs/ext4/inode.c:631
 #3: ffffffe004361f88 (dquot_srcu){....}-{0:0}, at: __dquot_alloc_space+0xaa/0x72a fs/quota/dquot.c:1657

stack backtrace:
CPU: 0 PID: 14984 Comm: syz-executor.1 Not tainted 5.12.0-rc8-syzkaller-00011-g18a3c5f7abfd #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffe000009708>] walk_stackframe+0x0/0x23c arch/riscv/kernel/traps.c:202
[<ffffffe002a5dd2a>] dump_backtrace+0x40/0x4e arch/riscv/kernel/stacktrace.c:113
[<ffffffe002a5dd5a>] show_stack+0x22/0x2e arch/riscv/kernel/stacktrace.c:118
[<ffffffe002a67574>] __dump_stack lib/dump_stack.c:79 [inline]
[<ffffffe002a67574>] dump_stack+0x148/0x1d8 lib/dump_stack.c:120
[<ffffffe0000cdc26>] print_circular_bug+0x302/0x36c kernel/locking/lockdep.c:2006
[<ffffffe0000cddca>] check_noncircular+0x13a/0x15a kernel/locking/lockdep.c:2128
[<ffffffe0000d16f8>] check_prev_add kernel/locking/lockdep.c:2937 [inline]
[<ffffffe0000d16f8>] check_prevs_add kernel/locking/lockdep.c:3060 [inline]
[<ffffffe0000d16f8>] validate_chain kernel/locking/lockdep.c:3675 [inline]
[<ffffffe0000d16f8>] __lock_acquire+0x18ec/0x2d7c kernel/locking/lockdep.c:4901
[<ffffffe0000d389a>] lock_acquire.part.0+0x15a/0x47c kernel/locking/lockdep.c:5511
[<ffffffe0000d3c00>] lock_acquire+0x44/0x5a kernel/locking/lockdep.c:5484
[<ffffffe002a95e5e>] __mutex_lock_common kernel/locking/mutex.c:949 [inline]
[<ffffffe002a95e5e>] __mutex_lock+0x92/0x99e kernel/locking/mutex.c:1096
[<ffffffe002a9677e>] mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:1111
[<ffffffe00053de8e>] dquot_commit+0x44/0x23c fs/quota/dquot.c:476
[<ffffffe000686834>] ext4_write_dquot+0x13a/0x18c fs/ext4/super.c:6212
[<ffffffe000686924>] ext4_mark_dquot_dirty fs/ext4/super.c:6260 [inline]
[<ffffffe000686924>] ext4_mark_dquot_dirty+0x9e/0xe8 fs/ext4/super.c:6254
[<ffffffe000541d98>] mark_dquot_dirty fs/quota/dquot.c:347 [inline]
[<ffffffe000541d98>] mark_all_dquot_dirty fs/quota/dquot.c:385 [inline]
[<ffffffe000541d98>] __dquot_alloc_space+0x3cc/0x72a fs/quota/dquot.c:1709
[<ffffffe0006467ac>] dquot_alloc_space_nodirty include/linux/quotaops.h:297 [inline]
[<ffffffe0006467ac>] dquot_alloc_space include/linux/quotaops.h:310 [inline]
[<ffffffe0006467ac>] dquot_alloc_block include/linux/quotaops.h:334 [inline]
[<ffffffe0006467ac>] ext4_mb_new_blocks+0x3a0/0x3018 fs/ext4/mballoc.c:4944
[<ffffffe0005e81f8>] ext4_ext_map_blocks+0x17fc/0x3c42 fs/ext4/extents.c:4238
[<ffffffe000619808>] ext4_map_blocks+0x49a/0xd9c fs/ext4/inode.c:638
[<ffffffe00061b41e>] ext4_getblk+0xa2/0x472 fs/ext4/inode.c:848
[<ffffffe00061b81a>] ext4_bread+0x2c/0x140 fs/ext4/inode.c:900
[<ffffffe0006531e4>] ext4_append+0xb4/0x1cc fs/ext4/namei.c:67
[<ffffffe00065c7d2>] ext4_init_new_dir+0x152/0x342 fs/ext4/namei.c:2768
[<ffffffe00066014c>] ext4_mkdir+0x2a6/0x688 fs/ext4/namei.c:2814
[<ffffffe000413cc6>] vfs_mkdir+0x10c/0x1ce fs/namei.c:3819
[<ffffffe00041db46>] do_mkdirat+0x1c6/0x1fc fs/namei.c:3844
[<ffffffe00041f494>] __do_sys_mkdirat fs/namei.c:3857 [inline]
[<ffffffe00041f494>] sys_mkdirat+0x2c/0x3a fs/namei.c:3855
[<ffffffe000005578>] ret_from_syscall+0x0/0x2
EXT4-fs error (device loop1): ext4_find_dest_de:1948: inode #2: block 16: comm syz-executor.1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0, size=4096