ieee802154 phy1 wpan1: encryption failed: -22
syz-executor.3 (15932) used greatest stack depth: 22672 bytes left
hfs: uid requires an argument
hfs: unable to parse mount options
======================================================
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/15925 is trying to acquire lock:
00000000f61fbb04 (&fs_info->qgroup_ioctl_lock){+.+.}, at: btrfs_create_qgroup+0x5a/0x270 fs/btrfs/qgroup.c:1380

but task is already holding lock:
000000000f67d4d1 (sb_internal#2){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline]
000000000f67d4d1 (sb_internal#2){.+.+}, at: start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (sb_internal#2){.+.+}:
       sb_start_intwrite include/linux/fs.h:1626 [inline]
       start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528
       btrfs_quota_enable+0x169/0x10b0 fs/btrfs/qgroup.c:905
       btrfs_ioctl_quota_ctl fs/btrfs/ioctl.c:5233 [inline]
       btrfs_ioctl+0x622c/0x76d0 fs/btrfs/ioctl.c:6021
       vfs_ioctl fs/ioctl.c:46 [inline]
       file_ioctl fs/ioctl.c:501 [inline]
       do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
       ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
       __do_sys_ioctl fs/ioctl.c:712 [inline]
       __se_sys_ioctl fs/ioctl.c:710 [inline]
       __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&fs_info->qgroup_ioctl_lock){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:937 [inline]
       __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078
       btrfs_create_qgroup+0x5a/0x270 fs/btrfs/qgroup.c:1380
       btrfs_ioctl_qgroup_create fs/btrfs/ioctl.c:5335 [inline]
       btrfs_ioctl+0xcce/0x76d0 fs/btrfs/ioctl.c:6025
       vfs_ioctl fs/ioctl.c:46 [inline]
       file_ioctl fs/ioctl.c:501 [inline]
       do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
       ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
       __do_sys_ioctl fs/ioctl.c:712 [inline]
       __se_sys_ioctl fs/ioctl.c:710 [inline]
       __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

BTRFS error (device loop1): fail to start transaction for status update: -28
 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(sb_internal#2);
                               lock(&fs_info->qgroup_ioctl_lock);
                               lock(sb_internal#2);
  lock(&fs_info->qgroup_ioctl_lock);

 *** DEADLOCK ***

2 locks held by syz-executor.1/15925:
 #0: 00000000267d563c (sb_writers#19){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
 #0: 00000000267d563c (sb_writers#19){.+.+}, at: mnt_want_write_file+0x63/0x1d0 fs/namespace.c:418
 #1: 000000000f67d4d1 (sb_internal#2){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline]
 #1: 000000000f67d4d1 (sb_internal#2){.+.+}, at: start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528

stack backtrace:
CPU: 0 PID: 15925 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
 check_prev_add kernel/locking/lockdep.c:1866 [inline]
 check_prevs_add kernel/locking/lockdep.c:1979 [inline]
 validate_chain kernel/locking/lockdep.c:2420 [inline]
 __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 __mutex_lock_common kernel/locking/mutex.c:937 [inline]
 __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078
 btrfs_create_qgroup+0x5a/0x270 fs/btrfs/qgroup.c:1380
 btrfs_ioctl_qgroup_create fs/btrfs/ioctl.c:5335 [inline]
 btrfs_ioctl+0xcce/0x76d0 fs/btrfs/ioctl.c:6025
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
 __do_sys_ioctl fs/ioctl.c:712 [inline]
 __se_sys_ioctl fs/ioctl.c:710 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f38f1a260c9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f38eff98168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f38f1b45f80 RCX: 00007f38f1a260c9
RDX: 0000000020000140 RSI: 000000004010942a RDI: 0000000000000004
RBP: 00007f38f1a81ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffee23c8ddf R14: 00007f38eff98300 R15: 0000000000022000
device vxlan0 entered promiscuous mode
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
device vxlan0 entered promiscuous mode
new mount options do not match the existing superblock, will be ignored
BTRFS info (device loop1): enabling inode map caching
BTRFS warning (device loop1): excessive commit interval 620990646
BTRFS info (device loop1): force zlib compression, level 3
BTRFS info (device loop1): using free space tree
hfs: uid requires an argument
hfs: unable to parse mount options
BTRFS info (device loop1): has skinny extents
BTRFS error (device loop1): fail to start transaction for status update: -28
new mount options do not match the existing superblock, will be ignored
hfs: unable to parse mount options
BTRFS info (device loop1): enabling inode map caching
BTRFS warning (device loop1): excessive commit interval 620990646
BTRFS info (device loop1): force zlib compression, level 3
BTRFS info (device loop1): using free space tree
BTRFS info (device loop1): has skinny extents
BTRFS error (device loop1): fail to start transaction for status update: -28
BTRFS info (device loop1): enabling inode map caching
BTRFS warning (device loop1): excessive commit interval 620990646
BTRFS info (device loop1): force zlib compression, level 3
BTRFS info (device loop1): using free space tree
BTRFS info (device loop1): has skinny extents
BTRFS error (device loop1): fail to start transaction for status update: -28
audit: type=1804 audit(1674749450.959:13): pid=16334 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2723929743/syzkaller.2XOgi0/398/memory.events" dev="sda1" ino=14577 res=1
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 128 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
sd 0:0:1:0: [sg0] tag#1651 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#1651 CDB: Read TOC/PMA/ATIP
sd 0:0:1:0: [sg0] tag#1651 CDB[00]: 43 b5 fe 81 26 51 c5 27 1a dd fb 6d f0 08 bc 7f
sd 0:0:1:0: [sg0] tag#1651 CDB[10]: 7d f0 64 6f 55 a1 39 d4 bd d6 28 9a a2 d2 ac 25
sd 0:0:1:0: [sg0] tag#1651 CDB[20]: e5
sd 0:0:1:0: [sg0] tag#1651 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#1651 CDB: Read TOC/PMA/ATIP
sd 0:0:1:0: [sg0] tag#1651 CDB[00]: 43 b5 fe 81 26 51 c5 27 1a dd fb 6d f0 08 bc 7f
sd 0:0:1:0: [sg0] tag#1651 CDB[10]: 7d f0 64 6f 55 a1 39 d4 bd d6 28 9a a2 d2 ac 25
sd 0:0:1:0: [sg0] tag#1651 CDB[20]: e5
sd 0:0:1:0: [sg0] tag#1643 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#1643 CDB: Read TOC/PMA/ATIP
sd 0:0:1:0: [sg0] tag#1643 CDB[00]: 43 b5 fe 81 26 51 c5 27 1a dd fb 6d f0 08 bc 7f
sd 0:0:1:0: [sg0] tag#1643 CDB[10]: 7d f0 64 6f 55 a1 39 d4 bd d6 28 9a a2 d2 ac 25
sd 0:0:1:0: [sg0] tag#1643 CDB[20]: e5
sd 0:0:1:0: [sg0] tag#1643 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#1643 CDB: Read TOC/PMA/ATIP
sd 0:0:1:0: [sg0] tag#1643 CDB[00]: 43 b5 fe 81 26 51 c5 27 1a dd fb 6d f0 08 bc 7f
sd 0:0:1:0: [sg0] tag#1643 CDB[10]: 7d f0 64 6f 55 a1 39 d4 bd d6 28 9a a2 d2 ac 25
sd 0:0:1:0: [sg0] tag#1643 CDB[20]: e5
nla_parse: 19 callbacks suppressed
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
bridge0: port 2(bridge_slave_1) entered disabled state
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.