syzbot

======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:1/144 is trying to acquire lock:
ffff888079e2c990 (jbd2_handle){++++}-{0:0}, at: wait_transaction_locked+0x19f/0x270 fs/jbd2/transaction.c:178

but task is already holding lock:
ffff8880789e94e8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x3a6/0x6f0 fs/ocfs2/journal.c:374

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #5 (&journal->j_trans_barrier){.+.+}-{3:3}:
       down_read+0x44/0x2e0 kernel/locking/rwsem.c:1498
       ocfs2_start_trans+0x3a6/0x6f0 fs/ocfs2/journal.c:374
       ocfs2_modify_bh+0xe0/0x4c0 fs/ocfs2/quota_local.c:101
       ocfs2_local_read_info+0x13c8/0x1750 fs/ocfs2/quota_local.c:764
       dquot_load_quota_sb+0x756/0xac0 fs/quota/dquot.c:2463
       dquot_load_quota_inode+0x2d8/0x5d0 fs/quota/dquot.c:2500
       ocfs2_enable_quotas+0x1c5/0x490 fs/ocfs2/super.c:927
       ocfs2_fill_super+0x3cd2/0x50f0 fs/ocfs2/super.c:1140
       mount_bdev+0x287/0x3c0 fs/super.c:1400
       legacy_get_tree+0xe6/0x180 fs/fs_context.c:611
       vfs_get_tree+0x88/0x270 fs/super.c:1530
       do_new_mount+0x24a/0xa40 fs/namespace.c:3034
       do_mount fs/namespace.c:3377 [inline]
       __do_sys_mount fs/namespace.c:3585 [inline]
       __se_sys_mount+0x2e3/0x3d0 fs/namespace.c:3562
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> #4 (sb_internal#4){.+.+}-{0:0}:
       percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
       __sb_start_write include/linux/fs.h:1811 [inline]
       sb_start_intwrite include/linux/fs.h:1928 [inline]
       ocfs2_start_trans+0x2a7/0x6f0 fs/ocfs2/journal.c:372
       ocfs2_acquire_dquot+0x688/0xb10 fs/ocfs2/quota_global.c:848
       dqget+0x778/0xeb0 fs/quota/dquot.c:988
       dquot_set_dqblk+0x27/0xf90 fs/quota/dquot.c:2826
       quota_setquota+0x4d6/0x590 fs/quota/quota.c:309
       __do_sys_quotactl fs/quota/quota.c:959 [inline]
       __se_sys_quotactl+0x28b/0x6f0 fs/quota/quota.c:915
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> #3 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}:
       down_write+0x38/0x60 kernel/locking/rwsem.c:1551
       ocfs2_create_local_dquot+0x199/0x1850 fs/ocfs2/quota_local.c:1224
       ocfs2_acquire_dquot+0x7ed/0xb10 fs/ocfs2/quota_global.c:871
       dqget+0x778/0xeb0 fs/quota/dquot.c:988
       dquot_set_dqblk+0x27/0xf90 fs/quota/dquot.c:2826
       quota_setquota+0x4d6/0x590 fs/quota/quota.c:309
       __do_sys_quotactl fs/quota/quota.c:959 [inline]
       __se_sys_quotactl+0x28b/0x6f0 fs/quota/quota.c:915
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> #2 (
&dquot->dq_lock){+.+.}-{3:3}:
       __mutex_lock_common+0x1e3/0x2400 kernel/locking/mutex.c:596
       __mutex_lock kernel/locking/mutex.c:729 [inline]
       mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
       dquot_commit+0x5a/0x410 fs/quota/dquot.c:507
       ext4_write_dquot+0x1f0/0x360 fs/ext4/super.c:6210
       mark_dquot_dirty fs/quota/dquot.c:372 [inline]
       mark_all_dquot_dirty+0xf9/0x400 fs/quota/dquot.c:412
       __dquot_alloc_space+0x5d0/0xe20 fs/quota/dquot.c:1752
       dquot_alloc_space_nodirty include/linux/quotaops.h:297 [inline]
       dquot_alloc_space include/linux/quotaops.h:310 [inline]
       dquot_alloc_block include/linux/quotaops.h:334 [inline]
       ext4_mb_new_blocks+0xf81/0x4980 fs/ext4/mballoc.c:5750
       ext4_ext_map_blocks+0x191c/0x6580 fs/ext4/extents.c:4341
       ext4_map_blocks+0x98e/0x1b30 fs/ext4/inode.c:673
       _ext4_get_block+0x1e7/0x540 fs/ext4/inode.c:816
       ext4_block_write_begin+0x61b/0x1220 fs/ext4/inode.c:1101
       ext4_write_begin+0x6c8/0x15d0 fs/ext4/ext4_jbd2.h:-1
       ext4_da_write_begin+0x43b/0xb40 fs/ext4/inode.c:2975
       pagecache_write+0x195/0x310 fs/ext4/verity.c:82
       build_merkle_tree_level fs/verity/enable.c:122 [inline]
       build_merkle_tree fs/verity/enable.c:183 [inline]
       enable_verity+0x11d8/0x1e90 fs/verity/enable.c:269
       fsverity_ioctl_enable+0x40c/0x4b0 fs/verity/enable.c:393
       __ext4_ioctl fs/ext4/ioctl.c:1259 [inline]
       ext4_ioctl+0x1818/0x3820 fs/ext4/ioctl.c:1282
       vfs_ioctl fs/ioctl.c:51 [inline]
       __do_sys_ioctl fs/ioctl.c:874 [inline]
       __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> #1 (&ei->i_data_sem){++++}-{3:3}:
       down_write+0x38/0x60 kernel/locking/rwsem.c:1551
       ext4_truncate+0x97f/0x10f0 fs/ext4/inode.c:4251
       ext4_setattr+0xffe/0x19e0 fs/ext4/inode.c:5601
       notify_change+0xbcd/0xee0 fs/attr.c:505
       do_truncate+0x1ac/0x240 fs/open.c:65
       do_sys_ftruncate+0x31b/0x3d0 fs/open.c:193
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> #0 (jbd2_handle){++++}-{0:0}:
       check_prev_add kernel/locking/lockdep.c:3053 [inline]
       check_prevs_add kernel/locking/lockdep.c:3172 [inline]
       validate_chain kernel/locking/lockdep.c:3788 [inline]
       __lock_acquire+0x2c42/0x7d10 kernel/locking/lockdep.c:5012
       lock_acquire+0x19e/0x400 kernel/locking/lockdep.c:5623
       wait_transaction_locked+0x1bb/0x270 fs/jbd2/transaction.c:178
       add_transaction_credits+0x103/0xc80 fs/jbd2/transaction.c:242
       start_this_handle+0x74d/0x15c0 fs/jbd2/transaction.c:423
       jbd2__journal_start+0x2b7/0x5a0 fs/jbd2/transaction.c:521
       jbd2_journal_start+0x26/0x30 fs/jbd2/transaction.c:560
       ocfs2_start_trans+0x3b2/0x6f0 fs/ocfs2/journal.c:376
       ocfs2_release_dquot+0x462/0xbe0 fs/ocfs2/quota_global.c:749
       quota_release_workfn+0x35e/0x610 fs/quota/dquot.c:848
       process_one_work+0x85f/0x1010 kernel/workqueue.c:2310
       worker_thread+0xaa6/0x1290 kernel/workqueue.c:2457
       kthread+0x436/0x520 kernel/kthread.c:334
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287

other info that might help us debug this:

Chain exists of:
  jbd2_handle --> sb_internal#4 --> &journal->j_trans_barrier

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&journal->j_trans_barrier);
                               lock(sb_internal#4);
                               lock(&journal->j_trans_barrier);
  lock(jbd2_handle);

 *** DEADLOCK ***

7 locks held by kworker/u4:1/144:
 #0: ffff888016c79138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 kernel/workqueue.c:-1
 #1: ffffc900010afd00 ((quota_release_work).work){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 kernel/workqueue.c:2285
 #2: ffff88805980e2a8 (&dquot->dq_lock){+.+.}-{3:3}, at: ocfs2_release_dquot+0x245/0xbe0 fs/ocfs2/quota_global.c:729
 #3: ffff8880603aed88 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #3: ffff8880603aed88 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{3:3}, at: ocfs2_lock_global_qf+0x1d7/0x290 fs/ocfs2/quota_global.c:313
 #4: ffff8880603aea20 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x1fe/0x290 fs/ocfs2/quota_global.c:314
 #5: ffff88805f38e650 (sb_internal#4){.+.+}-{0:0}, at: ocfs2_release_dquot+0x462/0xbe0 fs/ocfs2/quota_global.c:749
 #6: ffff8880789e94e8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x3a6/0x6f0 fs/ocfs2/journal.c:374

stack backtrace:
CPU: 0 PID: 144 Comm: kworker/u4:1 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: events_unbound quota_release_workfn
Call Trace:
 <TASK>
 dump_stack_lvl+0x188/0x250 lib/dump_stack.c:106
 check_noncircular+0x296/0x330 kernel/locking/lockdep.c:2133
 check_prev_add kernel/locking/lockdep.c:3053 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire+0x2c42/0x7d10 kernel/locking/lockdep.c:5012
 lock_acquire+0x19e/0x400 kernel/locking/lockdep.c:5623
 wait_transaction_locked+0x1bb/0x270 fs/jbd2/transaction.c:178
 add_transaction_credits+0x103/0xc80 fs/jbd2/transaction.c:242
 start_this_handle+0x74d/0x15c0 fs/jbd2/transaction.c:423
 jbd2__journal_start+0x2b7/0x5a0 fs/jbd2/transaction.c:521
 jbd2_journal_start+0x26/0x30 fs/jbd2/transaction.c:560
 ocfs2_start_trans+0x3b2/0x6f0 fs/ocfs2/journal.c:376
 ocfs2_release_dquot+0x462/0xbe0 fs/ocfs2/quota_global.c:749
 quota_release_workfn+0x35e/0x610 fs/quota/dquot.c:848
 process_one_work+0x85f/0x1010 kernel/workqueue.c:2310
 worker_thread+0xaa6/0x1290 kernel/workqueue.c:2457
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>