Warning: Permanently added '10.128.0.139' (ED25519) to the list of known hosts. executing program [ 52.184627][ T4163] loop0: detected capacity change from 0 to 32768 [ 52.273601][ T4163] (syz-executor350,4163,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 52.288594][ T4163] (syz-executor350,4163,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 52.313998][ T4163] JBD2: Ignoring recovery information on journal [ 52.338792][ T4163] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 52.352622][ T146] ocfs2: Finishing quota recovery on device (7,0) for slot 0 [ 52.375750][ T4163] [ 52.378203][ T4163] ====================================================== [ 52.385196][ T4163] WARNING: possible circular locking dependency detected [ 52.392203][ T4163] 5.15.178-syzkaller #0 Not tainted [ 52.397369][ T4163] ------------------------------------------------------ [ 52.404369][ T4163] syz-executor350/4163 is trying to acquire lock: [ 52.410755][ T4163] ffff8880226b8938 ((wq_completion)ocfs2_wq){+.+.}-{0:0}, at: flush_workqueue+0x154/0x1610 [ 52.420754][ T4163] [ 52.420754][ T4163] but task is already holding lock: [ 52.428091][ T4163] ffff88801abd40e0 (&type->s_umount_key#46){++++}-{3:3}, at: deactivate_super+0xa9/0xe0 [ 52.437803][ T4163] [ 52.437803][ T4163] which lock already depends on the new lock. [ 52.437803][ T4163] [ 52.448183][ T4163] [ 52.448183][ T4163] the existing dependency chain (in reverse order) is: [ 52.457187][ T4163] [ 52.457187][ T4163] -> #2 (&type->s_umount_key#46){++++}-{3:3}: [ 52.465414][ T4163] lock_acquire+0x1db/0x4f0 [ 52.470419][ T4163] down_read+0x45/0x2e0 [ 52.475084][ T4163] ocfs2_finish_quota_recovery+0x15a/0x2260 [ 52.481478][ T4163] ocfs2_complete_recovery+0x173c/0x24a0 [ 52.487608][ T4163] process_one_work+0x8a1/0x10c0 [ 52.493043][ T4163] worker_thread+0xaca/0x1280 [ 52.498216][ T4163] kthread+0x3f6/0x4f0 [ 52.502786][ T4163] ret_from_fork+0x1f/0x30 [ 52.507700][ T4163] [ 52.507700][ T4163] -> #1 ((work_completion)(&journal->j_recovery_work)){+.+.}-{0:0}: [ 52.517830][ T4163] lock_acquire+0x1db/0x4f0 [ 52.522830][ T4163] process_one_work+0x7f1/0x10c0 [ 52.528268][ T4163] worker_thread+0xaca/0x1280 [ 52.533457][ T4163] kthread+0x3f6/0x4f0 [ 52.538022][ T4163] ret_from_fork+0x1f/0x30 [ 52.542934][ T4163] [ 52.542934][ T4163] -> #0 ((wq_completion)ocfs2_wq){+.+.}-{0:0}: [ 52.551250][ T4163] validate_chain+0x1649/0x5930 [ 52.556602][ T4163] __lock_acquire+0x1295/0x1ff0 [ 52.561959][ T4163] lock_acquire+0x1db/0x4f0 [ 52.566960][ T4163] flush_workqueue+0x170/0x1610 [ 52.572305][ T4163] ocfs2_shutdown_local_alloc+0x105/0xa90 [ 52.578521][ T4163] ocfs2_dismount_volume+0x1db/0x8b0 [ 52.584301][ T4163] generic_shutdown_super+0x130/0x310 [ 52.590169][ T4163] kill_block_super+0x7a/0xe0 [ 52.595359][ T4163] deactivate_locked_super+0xa0/0x110 [ 52.601229][ T4163] cleanup_mnt+0x44e/0x500 [ 52.606151][ T4163] task_work_run+0x129/0x1a0 [ 52.611243][ T4163] do_exit+0x6a3/0x2480 [ 52.615905][ T4163] do_group_exit+0x144/0x310 [ 52.620991][ T4163] __x64_sys_exit_group+0x3b/0x40 [ 52.626536][ T4163] do_syscall_64+0x3b/0xb0 [ 52.631453][ T4163] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 52.637846][ T4163] [ 52.637846][ T4163] other info that might help us debug this: [ 52.637846][ T4163] [ 52.648046][ T4163] Chain exists of: [ 52.648046][ T4163] (wq_completion)ocfs2_wq --> (work_completion)(&journal->j_recovery_work) --> &type->s_umount_key#46 [ 52.648046][ T4163] [ 52.664888][ T4163] Possible unsafe locking scenario: [ 52.664888][ T4163] [ 52.672328][ T4163] CPU0 CPU1 [ 52.677666][ T4163] ---- ---- [ 52.683002][ T4163] lock(&type->s_umount_key#46); [ 52.688023][ T4163] lock((work_completion)(&journal->j_recovery_work)); [ 52.697451][ T4163] lock(&type->s_umount_key#46); [ 52.704974][ T4163] lock((wq_completion)ocfs2_wq); [ 52.710059][ T4163] [ 52.710059][ T4163] *** DEADLOCK *** [ 52.710059][ T4163] [ 52.718185][ T4163] 1 lock held by syz-executor350/4163: [ 52.723613][ T4163] #0: ffff88801abd40e0 (&type->s_umount_key#46){++++}-{3:3}, at: deactivate_super+0xa9/0xe0 [ 52.733782][ T4163] [ 52.733782][ T4163] stack backtrace: [ 52.739656][ T4163] CPU: 0 PID: 4163 Comm: syz-executor350 Not tainted 5.15.178-syzkaller #0 [ 52.748227][ T4163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 52.758259][ T4163] Call Trace: [ 52.761518][ T4163] [ 52.764426][ T4163] dump_stack_lvl+0x1e3/0x2d0 [ 52.769082][ T4163] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 52.774691][ T4163] ? print_circular_bug+0x12b/0x1a0 [ 52.779867][ T4163] check_noncircular+0x2f8/0x3b0 [ 52.784782][ T4163] ? add_chain_block+0x850/0x850 [ 52.789702][ T4163] ? lockdep_lock+0x11f/0x2a0 [ 52.794359][ T4163] validate_chain+0x1649/0x5930 [ 52.799191][ T4163] ? reacquire_held_locks+0x660/0x660 [ 52.804541][ T4163] ? read_lock_is_recursive+0x10/0x10 [ 52.809891][ T4163] ? debug_object_assert_init+0x2bf/0x420 [ 52.815586][ T4163] ? do_raw_spin_lock+0x14a/0x370 [ 52.820612][ T4163] ? __lock_acquire+0x1ff0/0x1ff0 [ 52.825618][ T4163] ? do_raw_spin_unlock+0x137/0x8b0 [ 52.830799][ T4163] ? mark_lock+0x98/0x340 [ 52.835110][ T4163] __lock_acquire+0x1295/0x1ff0 [ 52.839941][ T4163] lock_acquire+0x1db/0x4f0 [ 52.844421][ T4163] ? flush_workqueue+0x154/0x1610 [ 52.849422][ T4163] ? read_lock_is_recursive+0x10/0x10 [ 52.854767][ T4163] ? lockdep_softirqs_off+0x420/0x420 [ 52.860115][ T4163] ? del_timer+0x183/0x310 [ 52.864531][ T4163] ? __init_swait_queue_head+0xaa/0x140 [ 52.870052][ T4163] flush_workqueue+0x170/0x1610 [ 52.874880][ T4163] ? flush_workqueue+0x154/0x1610 [ 52.879882][ T4163] ? print_irqtrace_events+0x210/0x210 [ 52.885321][ T4163] ? flush_work+0x20/0x20 [ 52.889627][ T4163] ? rcu_work_rcufn+0x140/0x140 [ 52.894463][ T4163] ? print_irqtrace_events+0x210/0x210 [ 52.899918][ T4163] ocfs2_shutdown_local_alloc+0x105/0xa90 [ 52.905616][ T4163] ? __cancel_work_timer+0x5e8/0x6a0 [ 52.910893][ T4163] ? ocfs2_local_alloc_count_bits+0x230/0x230 [ 52.916956][ T4163] ? cancel_work_sync+0x20/0x20 [ 52.921789][ T4163] ? do_raw_spin_unlock+0x137/0x8b0 [ 52.926993][ T4163] ? _atomic_dec_and_lock+0x96/0x130 [ 52.932261][ T4163] ? iput+0x371/0x8b0 [ 52.936222][ T4163] ? ocfs2_disable_quotas+0x1b8/0x210 [ 52.941573][ T4163] ocfs2_dismount_volume+0x1db/0x8b0 [ 52.946839][ T4163] ? ocfs2_enable_quotas+0x440/0x440 [ 52.952117][ T4163] ? clear_inode+0x150/0x150 [ 52.956702][ T4163] ? ocfs2_init_global_system_inodes+0x701/0x720 [ 52.963007][ T4163] ? ocfs2_init_global_system_inodes+0x701/0x720 [ 52.969317][ T4163] ? ocfs2_free_inode+0x20/0x20 [ 52.974154][ T4163] generic_shutdown_super+0x130/0x310 [ 52.979527][ T4163] kill_block_super+0x7a/0xe0 [ 52.984188][ T4163] deactivate_locked_super+0xa0/0x110 [ 52.989543][ T4163] cleanup_mnt+0x44e/0x500 [ 52.993945][ T4163] ? lockdep_hardirqs_on+0x94/0x130 [ 52.999130][ T4163] task_work_run+0x129/0x1a0 [ 53.003708][ T4163] do_exit+0x6a3/0x2480 [ 53.007850][ T4163] ? put_task_struct+0x80/0x80 [ 53.012599][ T4163] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 53.018562][ T4163] ? vtime_user_exit+0x2d1/0x400 [ 53.023494][ T4163] do_group_exit+0x144/0x310 [ 53.028075][ T4163] __x64_sys_exit_group+0x3b/0x40 [ 53.033101][ T4163] do_syscall_64+0x3b/0xb0 [ 53.037501][ T4163] ? clear_bhb_loop+0x15/0x70 [ 53.042169][ T4163] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 53.048053][ T4163] RIP: 0033:0x7f8daa1c4c09 [ 53.052475][ T4163] Code: Unable to access opcode bytes at RIP 0x7f8daa1c4bdf. [ 53.059818][ T4163] RSP: 002b:00007ffe2458e6c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 53.068228][ T4163] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f8daa1c4c09 [ 53.076195][ T4163] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 53.084149][ T4163] RBP: 00007f8daa2452b0 R08: ffffffffffffffb8 R09: 0000000000004701 [ 53.092105][ T4163] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8daa2452b0 [ 53.100055][ T4163] R13: 0000000000000000 R14: 00007f8daa246020 R15: 00007f8daa193130 [ 53.108009][ T4163] [ 53.115353][ T4163] ocfs2: Unmounting device (7,0) on (node local)