======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz.4.352/6471 is trying to acquire lock:
ffff88807b8ccae0 (&sdp->sd_quota_mutex){+.+.}-{3:3}, at: do_qc+0xca/0x730 fs/gfs2/quota.c:678

but task is already holding lock:
ffff888055e1d080 (&ip->i_rw_mutex){++++}-{3:3}, at: sweep_bh_for_rgrps fs/gfs2/bmap.c:1514 [inline]
ffff888055e1d080 (&ip->i_rw_mutex){++++}-{3:3}, at: punch_hole+0x23a1/0x3520 fs/gfs2/bmap.c:1839

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&ip->i_rw_mutex){++++}-{3:3}:
       down_read+0x44/0x2e0 kernel/locking/rwsem.c:1498
       __gfs2_iomap_get+0x155/0x13e0 fs/gfs2/bmap.c:858
       gfs2_iomap_get fs/gfs2/bmap.c:1398 [inline]
       gfs2_block_map+0x229/0x670 fs/gfs2/bmap.c:1213
       bh_get+0x227/0x5f0 fs/gfs2/quota.c:385
       qdsb_get+0x21c/0x3c0 fs/gfs2/quota.c:518
       gfs2_quota_hold+0x194/0x5d0 fs/gfs2/quota.c:604
       punch_hole+0xd81/0x3520 fs/gfs2/bmap.c:1800
       evict_unlinked_inode+0x1a3/0x6c0 fs/gfs2/super.c:1302
       gfs2_evict_inode+0x6ad/0x11f0 fs/gfs2/super.c:1401
       evict+0x485/0x870 fs/inode.c:647
       __dentry_kill+0x431/0x650 fs/dcache.c:586
       dentry_kill+0xb8/0x290 fs/dcache.c:-1
       dput+0xd8/0x1a0 fs/dcache.c:893
       __fput+0x5ee/0x930 fs/file_table.c:319
       task_work_run+0x125/0x1a0 kernel/task_work.c:188
       exit_task_work include/linux/task_work.h:33 [inline]
       do_exit+0x61e/0x20a0 kernel/exit.c:883
       do_group_exit+0x12e/0x300 kernel/exit.c:997
       get_signal+0x6ca/0x12c0 kernel/signal.c:2900
       arch_do_signal_or_restart+0xc1/0x1300 arch/x86/kernel/signal.c:867
       handle_signal_work kernel/entry/common.c:154 [inline]
       exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
       exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
       __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
       syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
       do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> #0 (&sdp->sd_quota_mutex){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3053 [inline]
       check_prevs_add kernel/locking/lockdep.c:3172 [inline]
       validate_chain kernel/locking/lockdep.c:3788 [inline]
       __lock_acquire+0x2c33/0x7c60 kernel/locking/lockdep.c:5012
       lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
       __mutex_lock_common+0x1eb/0x2390 kernel/locking/mutex.c:596
       __mutex_lock kernel/locking/mutex.c:729 [inline]
       mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
       do_qc+0xca/0x730 fs/gfs2/quota.c:678
       gfs2_quota_change+0x2f5/0x8e0 fs/gfs2/quota.c:1295
       punch_hole+0x2f8b/0x3520 fs/gfs2/bmap.c:1940
       evict_unlinked_inode+0x1a3/0x6c0 fs/gfs2/super.c:1302
       gfs2_evict_inode+0x6ad/0x11f0 fs/gfs2/super.c:1401
       evict+0x485/0x870 fs/inode.c:647
       __dentry_kill+0x431/0x650 fs/dcache.c:586
       dentry_kill+0xb8/0x290 fs/dcache.c:-1
       dput+0xd8/0x1a0 fs/dcache.c:893
       __fput+0x5ee/0x930 fs/file_table.c:319
       task_work_run+0x125/0x1a0 kernel/task_work.c:188
       exit_task_work include/linux/task_work.h:33 [inline]
       do_exit+0x61e/0x20a0 kernel/exit.c:883
       do_group_exit+0x12e/0x300 kernel/exit.c:997
       get_signal+0x6ca/0x12c0 kernel/signal.c:2900
       arch_do_signal_or_restart+0xc1/0x1300 arch/x86/kernel/signal.c:867
       handle_signal_work kernel/entry/common.c:154 [inline]
       exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
       exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
       __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
       syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
       do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ip->i_rw_mutex);
                               lock(&sdp->sd_quota_mutex);
                               lock(&ip->i_rw_mutex);
  lock(&sdp->sd_quota_mutex);

 *** DEADLOCK ***

3 locks held by syz.4.352/6471:
 #0: ffff888022148650 (sb_internal#5){.+.+}-{0:0}, at: gfs2_trans_begin+0x6b/0xe0 fs/gfs2/trans.c:118
 #1: ffff88807b8cd0a8 (&sdp->sd_log_flush_lock){.+.+}-{3:3}, at: __gfs2_trans_begin+0x50f/0x880 fs/gfs2/trans.c:87
 #2: ffff888055e1d080 (&ip->i_rw_mutex){++++}-{3:3}, at: sweep_bh_for_rgrps fs/gfs2/bmap.c:1514 [inline]
 #2: ffff888055e1d080 (&ip->i_rw_mutex){++++}-{3:3}, at: punch_hole+0x23a1/0x3520 fs/gfs2/bmap.c:1839

stack backtrace:
CPU: 0 PID: 6471 Comm: syz.4.352 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 check_noncircular+0x274/0x310 kernel/locking/lockdep.c:2133
 check_prev_add kernel/locking/lockdep.c:3053 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire+0x2c33/0x7c60 kernel/locking/lockdep.c:5012
 lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
 __mutex_lock_common+0x1eb/0x2390 kernel/locking/mutex.c:596
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 do_qc+0xca/0x730 fs/gfs2/quota.c:678
 gfs2_quota_change+0x2f5/0x8e0 fs/gfs2/quota.c:1295
 punch_hole+0x2f8b/0x3520 fs/gfs2/bmap.c:1940
 evict_unlinked_inode+0x1a3/0x6c0 fs/gfs2/super.c:1302
 gfs2_evict_inode+0x6ad/0x11f0 fs/gfs2/super.c:1401
 evict+0x485/0x870 fs/inode.c:647
 __dentry_kill+0x431/0x650 fs/dcache.c:586
 dentry_kill+0xb8/0x290 fs/dcache.c:-1
 dput+0xd8/0x1a0 fs/dcache.c:893
 __fput+0x5ee/0x930 fs/file_table.c:319
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 exit_task_work include/linux/task_work.h:33 [inline]
 do_exit+0x61e/0x20a0 kernel/exit.c:883
 do_group_exit+0x12e/0x300 kernel/exit.c:997
 get_signal+0x6ca/0x12c0 kernel/signal.c:2900
 arch_do_signal_or_restart+0xc1/0x1300 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 00fb:0x294e66b3c7c44cb4
Code: Unable to access opcode bytes at RIP 0x294e66b3c7c44c8a.
RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753
RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e
RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd
RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d
R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1
R13: a8d7b5dbf29d588f R14: 9b8908dcbb4f02b4 R15: 107b9d1451766018
 </TASK>