audit: type=1804 audit(1621006950.184:364): pid=10099 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir128680014/syzkaller.8cC9RF/795/bus" dev="sda1" ino=14546 res=1 ====================================================== WARNING: possible circular locking dependency detected 4.14.232-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.3/10075 is trying to acquire lock: (&dquot->dq_lock){+.+.}, at: [] dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469 but task is already holding lock: (&ei->i_data_sem/2){++++}, at: [] ext4_map_blocks+0x623/0x1730 fs/ext4/inode.c:649 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&ei->i_data_sem/2){++++}: down_read+0x36/0x80 kernel/locking/rwsem.c:24 ext4_map_blocks+0x29f/0x1730 fs/ext4/inode.c:577 ext4_getblk+0x98/0x3f0 fs/ext4/inode.c:992 ext4_bread+0x6c/0x1a0 fs/ext4/inode.c:1042 ext4_quota_write+0x1dd/0x490 fs/ext4/super.c:5880 write_blk+0x106/0x1e0 fs/quota/quota_tree.c:72 get_free_dqblk+0xf3/0x2a0 fs/quota/quota_tree.c:101 do_insert_tree+0x68d/0xfc0 fs/quota/quota_tree.c:308 do_insert_tree+0xdb4/0xfc0 fs/quota/quota_tree.c:339 do_insert_tree+0xdb4/0xfc0 fs/quota/quota_tree.c:339 do_insert_tree+0xdb4/0xfc0 fs/quota/quota_tree.c:339 dq_insert_tree fs/quota/quota_tree.c:365 [inline] qtree_write_dquot+0x18a/0x4e0 fs/quota/quota_tree.c:384 v2_write_dquot+0x10f/0x240 fs/quota/quota_v2.c:359 dquot_acquire+0x220/0x470 fs/quota/dquot.c:436 ext4_acquire_dquot+0x1b8/0x290 fs/ext4/super.c:5538 dqget+0x6a0/0xe90 fs/quota/dquot.c:892 __dquot_initialize+0x2fb/0xa70 fs/quota/dquot.c:1466 ext4_create+0x6e/0x520 fs/ext4/namei.c:2488 lookup_open+0x77a/0x1750 fs/namei.c:3241 do_last fs/namei.c:3334 [inline] path_openat+0xe08/0x2970 fs/namei.c:3569 do_filp_open+0x179/0x3c0 fs/namei.c:3603 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #1 (&s->s_dquot.dqio_sem){++++}: down_read+0x36/0x80 kernel/locking/rwsem.c:24 v2_read_dquot+0x49/0x120 fs/quota/quota_v2.c:333 dquot_acquire+0x10e/0x470 fs/quota/dquot.c:428 ext4_acquire_dquot+0x1b8/0x290 fs/ext4/super.c:5538 dqget+0x6a0/0xe90 fs/quota/dquot.c:892 __dquot_initialize+0x2fb/0xa70 fs/quota/dquot.c:1466 ext4_create+0x6e/0x520 fs/ext4/namei.c:2488 lookup_open+0x77a/0x1750 fs/namei.c:3241 do_last fs/namei.c:3334 [inline] path_openat+0xe08/0x2970 fs/namei.c:3569 do_filp_open+0x179/0x3c0 fs/namei.c:3603 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #0 (&dquot->dq_lock){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469 ext4_write_dquot+0x1ac/0x240 fs/ext4/super.c:5522 ext4_mark_dquot_dirty+0xfe/0x190 fs/ext4/super.c:5573 mark_dquot_dirty fs/quota/dquot.c:341 [inline] mark_all_dquot_dirty fs/quota/dquot.c:379 [inline] __dquot_alloc_space+0x329/0x7b0 fs/quota/dquot.c:1698 dquot_alloc_space_nodirty include/linux/quotaops.h:295 [inline] dquot_alloc_space include/linux/quotaops.h:308 [inline] dquot_alloc_block include/linux/quotaops.h:332 [inline] ext4_mb_new_blocks+0x4ac/0x3db0 fs/ext4/mballoc.c:4561 ext4_ext_map_blocks+0x2845/0x6b10 fs/ext4/extents.c:4499 ext4_map_blocks+0x675/0x1730 fs/ext4/inode.c:656 _ext4_get_block+0x187/0x480 fs/ext4/inode.c:809 __block_write_begin_int+0x35c/0x1090 fs/buffer.c:2038 ext4_write_begin+0x43e/0x1260 fs/ext4/inode.c:1344 ext4_da_write_begin+0x628/0xe70 fs/ext4/inode.c:3058 generic_perform_write+0x1c9/0x420 mm/filemap.c:3055 __generic_file_write_iter+0x227/0x590 mm/filemap.c:3180 ext4_file_write_iter+0x276/0xd20 fs/ext4/file.c:270 call_write_iter include/linux/fs.h:1778 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x44c/0x630 fs/read_write.c:482 vfs_write+0x17f/0x4d0 fs/read_write.c:544 SYSC_write fs/read_write.c:590 [inline] SyS_write+0xf2/0x210 fs/read_write.c:582 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb other info that might help us debug this: Chain exists of: &dquot->dq_lock --> &s->s_dquot.dqio_sem --> &ei->i_data_sem/2 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ei->i_data_sem/2); lock(&s->s_dquot.dqio_sem); lock(&ei->i_data_sem/2); lock(&dquot->dq_lock); *** DEADLOCK *** 5 locks held by syz-executor.3/10075: #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0x1fb/0x2b0 fs/file.c:769 #1: (sb_writers#3){.+.+}, at: [] file_start_write include/linux/fs.h:2712 [inline] #1: (sb_writers#3){.+.+}, at: [] vfs_write+0x3d8/0x4d0 fs/read_write.c:543 #2: (&sb->s_type->i_mutex_key#10){++++}, at: [] inode_trylock include/linux/fs.h:739 [inline] #2: (&sb->s_type->i_mutex_key#10){++++}, at: [] ext4_file_write_iter+0x1cc/0xd20 fs/ext4/file.c:236 #3: (&ei->i_data_sem/2){++++}, at: [] ext4_map_blocks+0x623/0x1730 fs/ext4/inode.c:649 #4: (dquot_srcu){....}, at: [] i_dquot fs/quota/dquot.c:917 [inline] #4: (dquot_srcu){....}, at: [] __dquot_alloc_space+0x184/0x7b0 fs/quota/dquot.c:1658 stack backtrace: CPU: 0 PID: 10075 Comm: syz-executor.3 Not tainted 4.14.232-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469 ext4_write_dquot+0x1ac/0x240 fs/ext4/super.c:5522 ext4_mark_dquot_dirty+0xfe/0x190 fs/ext4/super.c:5573 mark_dquot_dirty fs/quota/dquot.c:341 [inline] mark_all_dquot_dirty fs/quota/dquot.c:379 [inline] __dquot_alloc_space+0x329/0x7b0 fs/quota/dquot.c:1698 dquot_alloc_space_nodirty include/linux/quotaops.h:295 [inline] dquot_alloc_space include/linux/quotaops.h:308 [inline] dquot_alloc_block include/linux/quotaops.h:332 [inline] ext4_mb_new_blocks+0x4ac/0x3db0 fs/ext4/mballoc.c:4561 ext4_ext_map_blocks+0x2845/0x6b10 fs/ext4/extents.c:4499 ext4_map_blocks+0x675/0x1730 fs/ext4/inode.c:656 _ext4_get_block+0x187/0x480 fs/ext4/inode.c:809 __block_write_begin_int+0x35c/0x1090 fs/buffer.c:2038 ext4_write_begin+0x43e/0x1260 fs/ext4/inode.c:1344 ext4_da_write_begin+0x628/0xe70 fs/ext4/inode.c:3058 generic_perform_write+0x1c9/0x420 mm/filemap.c:3055 __generic_file_write_iter+0x227/0x590 mm/filemap.c:3180 ext4_file_write_iter+0x276/0xd20 fs/ext4/file.c:270 call_write_iter include/linux/fs.h:1778 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x44c/0x630 fs/read_write.c:482 vfs_write+0x17f/0x4d0 fs/read_write.c:544 SYSC_write fs/read_write.c:590 [inline] SyS_write+0xf2/0x210 fs/read_write.c:582 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x4665d9 RSP: 002b:00007ff898812188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665d9 RDX: 000000000d4ba0ff RSI: 00000000200009c0 RDI: 0000000000000006 RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007fff9d11ae6f R14: 00007ff898812300 R15: 0000000000022000 audit: type=1804 audit(1621006951.444:365): pid=10135 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir128680014/syzkaller.8cC9RF/796/bus" dev="sda1" ino=13930 res=1 audit: type=1804 audit(1621006951.774:366): pid=10151 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir823087695/syzkaller.GXLW16/810/bus" dev="sda1" ino=14552 res=1 audit: type=1804 audit(1621006952.374:367): pid=10196 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir128680014/syzkaller.8cC9RF/797/bus" dev="sda1" ino=14553 res=1 audit: type=1804 audit(1621006952.414:368): pid=10200 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir003348196/syzkaller.78Ba4J/600/bus" dev="sda1" ino=14577 res=1 audit: type=1804 audit(1621006953.004:369): pid=10221 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir823087695/syzkaller.GXLW16/811/bus" dev="sda1" ino=14609 res=1 audit: type=1804 audit(1621006953.324:370): pid=10243 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir128680014/syzkaller.8cC9RF/798/bus" dev="sda1" ino=14401 res=1 audit: type=1804 audit(1621006953.384:371): pid=10245 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir003348196/syzkaller.78Ba4J/601/bus" dev="sda1" ino=14553 res=1 audit: type=1804 audit(1621006953.944:372): pid=10261 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir823087695/syzkaller.GXLW16/812/bus" dev="sda1" ino=14414 res=1 audit: type=1804 audit(1621006954.264:373): pid=10281 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir128680014/syzkaller.8cC9RF/799/bus" dev="sda1" ino=13987 res=1 audit: type=1804 audit(1621006954.324:374): pid=10288 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir003348196/syzkaller.78Ba4J/602/bus" dev="sda1" ino=14553 res=1 kauditd_printk_skb: 8 callbacks suppressed audit: type=1804 audit(1621006956.824:383): pid=10375 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir823087695/syzkaller.GXLW16/815/bus" dev="sda1" ino=14407 res=1 audit: type=1804 audit(1621006957.114:384): pid=10398 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir128680014/syzkaller.8cC9RF/802/bus" dev="sda1" ino=14369 res=1 audit: type=1804 audit(1621006957.214:385): pid=10407 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir003348196/syzkaller.78Ba4J/605/bus" dev="sda1" ino=14513 res=1 audit: type=1804 audit(1621006957.274:386): pid=10409 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir095156053/syzkaller.NqR84Q/827/bus" dev="sda1" ino=14514 res=1 audit: type=1804 audit(1621006958.054:387): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir128680014/syzkaller.8cC9RF/803/bus" dev="sda1" ino=14513 res=1 ip_tables: iptables: counters copy to user failed while replacing table audit: type=1804 audit(1621006958.264:388): pid=10450 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir095156053/syzkaller.NqR84Q/828/bus" dev="sda1" ino=14375 res=1 ip_tables: iptables: counters copy to user failed while replacing table audit: type=1804 audit(1621006958.994:389): pid=10479 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir128680014/syzkaller.8cC9RF/804/bus" dev="sda1" ino=14370 res=1 audit: type=1804 audit(1621006959.235:390): pid=10489 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir095156053/syzkaller.NqR84Q/829/bus" dev="sda1" ino=14378 res=1 audit: type=1804 audit(1621006959.935:391): pid=10518 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir128680014/syzkaller.8cC9RF/805/bus" dev="sda1" ino=14372 res=1