./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1793305746 <...> Warning: Permanently added '10.128.1.74' (ED25519) to the list of known hosts. execve("./syz-executor1793305746", ["./syz-executor1793305746"], 0x7ffcf529a260 /* 10 vars */) = 0 brk(NULL) = 0x555558867000 brk(0x555558867d00) = 0x555558867d00 arch_prctl(ARCH_SET_FS, 0x555558867380) = 0 set_tid_address(0x555558867650) = 5816 set_robust_list(0x555558867660, 24) = 0 rseq(0x555558867ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1793305746", 4096) = 28 getrandom("\x00\x26\xe3\x28\x04\x2a\xcc\xc3", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555558867d00 brk(0x555558888d00) = 0x555558888d00 brk(0x555558889000) = 0x555558889000 mprotect(0x7f5dd351f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 executing program write(1, "executing program\n", 18) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5dcb000000 write(3, "\x58\x46\x53\x42\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\xf6\x9d\xbd\x8c\x5d\x46\xbe\xb8\x8e\x92\xc0\xae\x88\xce\xb2\x00\x00\x00\x00\x00\x00\x40\x08\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x41\x00\x00\x00\x00\x00\x00\x00\x42\x00\x00\x00\x04\x00\x00\x40\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x04\x98"..., 33554432) = 33554432 munmap(0x7f5dcb000000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file0", 0777) = 0 [ 61.748971][ T5816] loop0: detected capacity change from 0 to 65536 [ 61.840204][ T5816] XFS (loop0): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 61.862547][ T5816] XFS (loop0): Ending clean mount [ 61.870977][ T5816] XFS (loop0): Quotacheck needed: Please wait. mount("/dev/loop0", "./file0", "xfs", 0, "grpquota,filestreams,logbufs=00000000000000000003,,nouuid") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 61.894575][ T5816] XFS (loop0): Quotacheck: Done. memfd_create("syzkaller", 0) = 4 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5dcb000000 write(4, "\xeb\x3c\x90\x6d\x6b\x66\x73\x2e\x66\x61\x74\x00\x02\x01\x01\x00\x02\x40\x00\x80\x00\xf8\x01\x00\x10\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x29\x24\x3a\xf1\x8a\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x46\x41\x54\x31\x32\x20\x20\x20\x0e\x1f\xbe\x5b\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00\xcd\x10\x5e\xeb\xf0\x32\xe4\xcd\x16\xcd\x19\xeb\xfe\x54\x68\x69\x73\x20\x69\x73\x20\x6e"..., 65536) = 65536 munmap(0x7f5dcb000000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) close(4) = 0 openat(AT_FDCWD, "/proc/sys/vm/drop_caches", O_WRONLY) = 4 [ 62.014609][ T5816] [ 62.016961][ T5816] ====================================================== [ 62.023960][ T5816] WARNING: possible circular locking dependency detected [ 62.030962][ T5816] 6.13.0-rc3-syzkaller #0 Not tainted [ 62.036307][ T5816] ------------------------------------------------------ [ 62.043300][ T5816] syz-executor179/5816 is trying to acquire lock: [ 62.049689][ T5816] ffff8880292b4170 (&lp->qli_lock){+.+.}-{3:3}, at: xfs_dquot_detach_buf+0x2f/0x1a0 [ 62.059086][ T5816] [ 62.059086][ T5816] but task is already holding lock: [ 62.066428][ T5816] ffff888032810830 (&l->lock){+.+.}-{3:3}, at: lock_list_lru_of_memcg+0x24b/0x4e0 [ 62.075629][ T5816] [ 62.075629][ T5816] which lock already depends on the new lock. [ 62.075629][ T5816] [ 62.086012][ T5816] [ 62.086012][ T5816] the existing dependency chain (in reverse order) is: [ 62.095003][ T5816] [ 62.095003][ T5816] -> #3 (&l->lock){+.+.}-{3:3}: [ 62.102020][ T5816] lock_acquire+0x1ed/0x550 [ 62.107029][ T5816] _raw_spin_lock+0x2e/0x40 [ 62.112040][ T5816] lock_list_lru_of_memcg+0x24b/0x4e0 [ 62.117912][ T5816] list_lru_add+0x59/0x270 [ 62.122859][ T5816] xfs_buf_rele+0x4ca/0x15b0 [ 62.127951][ T5816] xfs_imap_lookup+0x26a/0x750 [ 62.133220][ T5816] xfs_imap+0x54d/0x1090 [ 62.137983][ T5816] xfs_iget+0xaf6/0x2ec0 [ 62.142726][ T5816] xfs_mountfs+0x13df/0x2410 [ 62.147818][ T5816] xfs_fs_fill_super+0x12db/0x1590 [ 62.153428][ T5816] get_tree_bdev_flags+0x48c/0x5c0 [ 62.159041][ T5816] vfs_get_tree+0x90/0x2b0 [ 62.163962][ T5816] do_new_mount+0x2be/0xb40 [ 62.168976][ T5816] __se_sys_mount+0x2d6/0x3c0 [ 62.174155][ T5816] do_syscall_64+0xf3/0x230 [ 62.179163][ T5816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.185559][ T5816] [ 62.185559][ T5816] -> #2 (&bch->bc_lock){+.+.}-{3:3}: [ 62.193006][ T5816] lock_acquire+0x1ed/0x550 [ 62.198010][ T5816] _raw_spin_lock+0x2e/0x40 [ 62.203025][ T5816] _atomic_dec_and_lock+0xb8/0x130 [ 62.208641][ T5816] xfs_buf_rele+0x178/0x15b0 [ 62.213734][ T5816] xfs_imap_lookup+0x26a/0x750 [ 62.218999][ T5816] xfs_imap+0x54d/0x1090 [ 62.223738][ T5816] xfs_iget+0xaf6/0x2ec0 [ 62.228479][ T5816] xfs_mountfs+0x13df/0x2410 [ 62.233569][ T5816] xfs_fs_fill_super+0x12db/0x1590 [ 62.239184][ T5816] get_tree_bdev_flags+0x48c/0x5c0 [ 62.244796][ T5816] vfs_get_tree+0x90/0x2b0 [ 62.249718][ T5816] do_new_mount+0x2be/0xb40 [ 62.254723][ T5816] __se_sys_mount+0x2d6/0x3c0 [ 62.259897][ T5816] do_syscall_64+0xf3/0x230 [ 62.264904][ T5816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.271303][ T5816] [ 62.271303][ T5816] -> #1 (&bp->b_lock){+.+.}-{3:3}: [ 62.278578][ T5816] lock_acquire+0x1ed/0x550 [ 62.283584][ T5816] _raw_spin_lock+0x2e/0x40 [ 62.288590][ T5816] xfs_buf_rele+0x164/0x15b0 [ 62.293681][ T5816] xfs_dquot_attach_buf+0x33e/0x560 [ 62.299382][ T5816] xfs_qm_quotacheck_dqadjust+0x13f/0x5e0 [ 62.305598][ T5816] xfs_qm_dqusage_adjust+0x6a8/0x850 [ 62.311386][ T5816] xfs_iwalk_ag_recs+0x4e3/0x820 [ 62.316827][ T5816] xfs_iwalk_run_callbacks+0x218/0x470 [ 62.322786][ T5816] xfs_iwalk_ag+0xa9a/0xbb0 [ 62.327791][ T5816] xfs_iwalk_ag_work+0xfb/0x1b0 [ 62.333142][ T5816] xfs_pwork_work+0x7f/0x190 [ 62.338233][ T5816] process_scheduled_works+0xa66/0x1840 [ 62.344279][ T5816] worker_thread+0x870/0xd30 [ 62.349366][ T5816] kthread+0x2f0/0x390 [ 62.353932][ T5816] ret_from_fork+0x4b/0x80 [ 62.358851][ T5816] ret_from_fork_asm+0x1a/0x30 [ 62.364117][ T5816] [ 62.364117][ T5816] -> #0 (&lp->qli_lock){+.+.}-{3:3}: [ 62.371586][ T5816] validate_chain+0x18ef/0x5920 [ 62.376944][ T5816] __lock_acquire+0x1397/0x2100 [ 62.382301][ T5816] lock_acquire+0x1ed/0x550 [ 62.387304][ T5816] _raw_spin_lock+0x2e/0x40 [ 62.392307][ T5816] xfs_dquot_detach_buf+0x2f/0x1a0 [ 62.397937][ T5816] xfs_qm_dquot_isolate+0x49d/0x1420 [ 62.403728][ T5816] __list_lru_walk_one+0x170/0x470 [ 62.409339][ T5816] list_lru_walk_one+0x3c/0x50 [ 62.414600][ T5816] xfs_qm_shrink_scan+0x1e1/0x400 [ 62.420128][ T5816] do_shrink_slab+0x72d/0x1160 [ 62.425395][ T5816] shrink_slab+0x1093/0x14d0 [ 62.430484][ T5816] drop_slab+0x142/0x280 [ 62.435229][ T5816] drop_caches_sysctl_handler+0xbc/0x160 [ 62.441362][ T5816] proc_sys_call_handler+0x5ec/0x920 [ 62.447147][ T5816] do_iter_readv_writev+0x600/0x880 [ 62.452865][ T5816] vfs_writev+0x376/0xba0 [ 62.457695][ T5816] do_writev+0x1b6/0x360 [ 62.462431][ T5816] do_syscall_64+0xf3/0x230 [ 62.467437][ T5816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.473840][ T5816] [ 62.473840][ T5816] other info that might help us debug this: [ 62.473840][ T5816] [ 62.484045][ T5816] Chain exists of: [ 62.484045][ T5816] &lp->qli_lock --> &bch->bc_lock --> &l->lock [ 62.484045][ T5816] [ 62.496103][ T5816] Possible unsafe locking scenario: [ 62.496103][ T5816] [ 62.503528][ T5816] CPU0 CPU1 [ 62.508875][ T5816] ---- ---- [ 62.514219][ T5816] lock(&l->lock); [ 62.518008][ T5816] lock(&bch->bc_lock); [ 62.524748][ T5816] lock(&l->lock); [ 62.531054][ T5816] lock(&lp->qli_lock); [ 62.535273][ T5816] [ 62.535273][ T5816] *** DEADLOCK *** [ 62.535273][ T5816] [ 62.543392][ T5816] 3 locks held by syz-executor179/5816: [ 62.548936][ T5816] #0: ffff888023dba420 (sb_writers#3){.+.+}-{0:0}, at: vfs_writev+0x2d1/0xba0 [ 62.557881][ T5816] #1: ffff888032810830 (&l->lock){+.+.}-{3:3}, at: lock_list_lru_of_memcg+0x24b/0x4e0 [ 62.567515][ T5816] #2: ffff8880292b4258 (&xfs_dquot_group_class){+.+.}-{4:4}, at: xfs_qm_dquot_isolate+0x8d/0x1420 [ 62.578195][ T5816] [ 62.578195][ T5816] stack backtrace: [ 62.584076][ T5816] CPU: 0 UID: 0 PID: 5816 Comm: syz-executor179 Not tainted 6.13.0-rc3-syzkaller #0 [ 62.593420][ T5816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 62.603458][ T5816] Call Trace: [ 62.606722][ T5816] [ 62.609638][ T5816] dump_stack_lvl+0x241/0x360 [ 62.614294][ T5816] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.619497][ T5816] ? __pfx__printk+0x10/0x10 [ 62.624069][ T5816] print_circular_bug+0x13a/0x1b0 [ 62.629098][ T5816] check_noncircular+0x36a/0x4a0 [ 62.634016][ T5816] ? __pfx_check_noncircular+0x10/0x10 [ 62.639455][ T5816] ? queued_spin_lock_slowpath+0x42/0x50 [ 62.645067][ T5816] ? lockdep_lock+0x1b0/0x2b0 [ 62.649726][ T5816] ? validate_chain+0x15c0/0x5920 [ 62.654728][ T5816] ? __lock_acquire+0x1397/0x2100 [ 62.659734][ T5816] validate_chain+0x18ef/0x5920 [ 62.664568][ T5816] ? __pfx_validate_chain+0x10/0x10 [ 62.669753][ T5816] ? __lock_acquire+0x1397/0x2100 [ 62.674756][ T5816] ? mark_lock+0x9a/0x360 [ 62.679067][ T5816] __lock_acquire+0x1397/0x2100 [ 62.683901][ T5816] lock_acquire+0x1ed/0x550 [ 62.688391][ T5816] ? xfs_dquot_detach_buf+0x2f/0x1a0 [ 62.693659][ T5816] ? __pfx_lock_acquire+0x10/0x10 [ 62.698663][ T5816] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 62.704538][ T5816] ? lockdep_hardirqs_on+0x99/0x150 [ 62.709718][ T5816] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 62.715594][ T5816] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 62.721938][ T5816] ? __pfx___mutex_trylock_common+0x10/0x10 [ 62.727816][ T5816] _raw_spin_lock+0x2e/0x40 [ 62.732300][ T5816] ? xfs_dquot_detach_buf+0x2f/0x1a0 [ 62.737561][ T5816] xfs_dquot_detach_buf+0x2f/0x1a0 [ 62.742670][ T5816] xfs_qm_dquot_isolate+0x49d/0x1420 [ 62.747942][ T5816] ? __lock_acquire+0x1397/0x2100 [ 62.752945][ T5816] ? __pfx_xfs_qm_dquot_isolate+0x10/0x10 [ 62.758648][ T5816] ? lock_list_lru_of_memcg+0x2e/0x4e0 [ 62.764104][ T5816] ? lock_list_lru_of_memcg+0x4a9/0x4e0 [ 62.769646][ T5816] __list_lru_walk_one+0x170/0x470 [ 62.774740][ T5816] ? __pfx_xfs_qm_dquot_isolate+0x10/0x10 [ 62.780449][ T5816] ? __pfx_xfs_qm_dquot_isolate+0x10/0x10 [ 62.786151][ T5816] list_lru_walk_one+0x3c/0x50 [ 62.790893][ T5816] xfs_qm_shrink_scan+0x1e1/0x400 [ 62.795908][ T5816] ? __pfx_xfs_qm_shrink_scan+0x10/0x10 [ 62.801436][ T5816] ? list_lru_count_one+0x29/0x2e0 [ 62.806530][ T5816] do_shrink_slab+0x72d/0x1160 [ 62.811286][ T5816] ? shrink_slab+0x12b/0x14d0 [ 62.815944][ T5816] shrink_slab+0x1093/0x14d0 [ 62.820518][ T5816] ? shrink_slab+0x12b/0x14d0 [ 62.825174][ T5816] ? __pfx_lock_release+0x10/0x10 [ 62.830183][ T5816] ? __pfx_shrink_slab+0x10/0x10 [ 62.835103][ T5816] ? mem_cgroup_iter+0x3d/0x420 [ 62.839933][ T5816] drop_slab+0x142/0x280 [ 62.844159][ T5816] drop_caches_sysctl_handler+0xbc/0x160 [ 62.849775][ T5816] ? __pfx_drop_caches_sysctl_handler+0x10/0x10 [ 62.855994][ T5816] proc_sys_call_handler+0x5ec/0x920 [ 62.861262][ T5816] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 62.867080][ T5816] do_iter_readv_writev+0x600/0x880 [ 62.872266][ T5816] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 62.877964][ T5816] ? rcu_read_lock_any_held+0xb7/0x160 [ 62.883407][ T5816] vfs_writev+0x376/0xba0 [ 62.887721][ T5816] ? __pfx_vfs_writev+0x10/0x10 [ 62.892552][ T5816] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 62.898860][ T5816] ? _raw_spin_unlock_irq+0x23/0x50 [ 62.904042][ T5816] ? lockdep_hardirqs_on+0x99/0x150 [ 62.909225][ T5816] do_writev+0x1b6/0x360 [ 62.913450][ T5816] ? __pfx_do_writev+0x10/0x10 [ 62.918192][ T5816] ? do_syscall_64+0x100/0x230 [ 62.922950][ T5816] do_syscall_64+0xf3/0x230 [ 62.927436][ T5816] ? clear_bhb_loop+0x35/0x90 [ 62.932096][ T5816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.937982][ T5816] RIP: 0033:0x7f5dd34a0ab9 [ 62.942381][ T5816] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.961964][ T5816] RSP: 002b:00007ffd98ced508 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 62.970362][ T5816] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f5dd34a0ab9 [ 62.978314][ T5816] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004 [ 62.986262][ T5816] RBP: 00007f5dd351f610 R08: 0000000000000000 R09: 00007ffd98ced6d8 [ 62.994212][ T5816] R10: 00000000000001e3 R11: 0000000000000246 R12: 0000000000000001 [ 63.002163][ T5816] R13: 00007ffd98ced6c8 R14: 0000000000000001 R15: 0000000000000001 [ 63.010118][ T5816] writev(4, [{iov_base="2", iov_len=1}], 1) = 1 exit_group(0) = ? +++ exited with 0 +++