Warning: Permanently added '10.128.0.77' (ED25519) to the list of known hosts. executing program [ 37.350454][ T6411] loop0: detected capacity change from 0 to 32768 [ 37.373796][ T6411] JBD2: Ignoring recovery information on journal [ 37.391946][ T6411] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 37.459558][ T6411] [ 37.460177][ T6411] ====================================================== [ 37.461719][ T6411] WARNING: possible circular locking dependency detected [ 37.463130][ T6411] 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 Not tainted [ 37.464454][ T6411] ------------------------------------------------------ [ 37.465858][ T6411] syz-executor397/6411 is trying to acquire lock: [ 37.467157][ T6411] ffff0000dd31dbe0 (&oi->ip_alloc_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xb4/0x2f0 [ 37.469364][ T6411] [ 37.469364][ T6411] but task is already holding lock: [ 37.470895][ T6411] ffff0000dd31dc78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa8/0x2f0 [ 37.473071][ T6411] [ 37.473071][ T6411] which lock already depends on the new lock. [ 37.473071][ T6411] [ 37.475169][ T6411] [ 37.475169][ T6411] the existing dependency chain (in reverse order) is: [ 37.477058][ T6411] [ 37.477058][ T6411] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}: [ 37.478657][ T6411] down_write+0x50/0xc0 [ 37.479614][ T6411] ocfs2_xattr_set_handle+0x40c/0x824 [ 37.480799][ T6411] ocfs2_init_security_set+0xb4/0xd8 [ 37.481963][ T6411] ocfs2_mknod+0x1408/0x2438 [ 37.482998][ T6411] ocfs2_create+0x194/0x4d4 [ 37.484079][ T6411] path_openat+0x13e4/0x2b14 [ 37.485166][ T6411] do_filp_open+0x1e8/0x404 [ 37.486204][ T6411] do_sys_openat2+0x124/0x1b8 [ 37.487247][ T6411] __arm64_sys_openat+0x1f0/0x240 [ 37.488401][ T6411] invoke_syscall+0x98/0x2b8 [ 37.489428][ T6411] el0_svc_common+0x130/0x23c [ 37.490465][ T6411] do_el0_svc+0x48/0x58 [ 37.491471][ T6411] el0_svc+0x54/0x168 [ 37.492364][ T6411] el0t_64_sync_handler+0x84/0x108 [ 37.493526][ T6411] el0t_64_sync+0x198/0x19c [ 37.494525][ T6411] [ 37.494525][ T6411] -> #3 (jbd2_handle){.+.+}-{0:0}: [ 37.496011][ T6411] start_this_handle+0xf34/0x11c4 [ 37.497117][ T6411] jbd2__journal_start+0x298/0x544 [ 37.498224][ T6411] jbd2_journal_start+0x3c/0x4c [ 37.499310][ T6411] ocfs2_start_trans+0x3d0/0x71c [ 37.500411][ T6411] ocfs2_reserve_suballoc_bits+0x840/0x4254 [ 37.501679][ T6411] ocfs2_reserve_new_metadata_blocks+0x384/0x848 [ 37.503064][ T6411] ocfs2_mknod+0xdc8/0x2438 [ 37.504081][ T6411] ocfs2_create+0x194/0x4d4 [ 37.505100][ T6411] path_openat+0x13e4/0x2b14 [ 37.506138][ T6411] do_filp_open+0x1e8/0x404 [ 37.507164][ T6411] do_sys_openat2+0x124/0x1b8 [ 37.508219][ T6411] __arm64_sys_openat+0x1f0/0x240 [ 37.509380][ T6411] invoke_syscall+0x98/0x2b8 [ 37.510382][ T6411] el0_svc_common+0x130/0x23c [ 37.511479][ T6411] do_el0_svc+0x48/0x58 [ 37.512406][ T6411] el0_svc+0x54/0x168 [ 37.513330][ T6411] el0t_64_sync_handler+0x84/0x108 [ 37.514458][ T6411] el0t_64_sync+0x198/0x19c [ 37.515456][ T6411] [ 37.515456][ T6411] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 37.517148][ T6411] down_read+0x58/0x2fc [ 37.518077][ T6411] ocfs2_start_trans+0x3c4/0x71c [ 37.519202][ T6411] ocfs2_reserve_suballoc_bits+0x840/0x4254 [ 37.520504][ T6411] ocfs2_reserve_new_metadata_blocks+0x384/0x848 [ 37.521928][ T6411] ocfs2_mknod+0xdc8/0x2438 [ 37.522951][ T6411] ocfs2_create+0x194/0x4d4 [ 37.524029][ T6411] path_openat+0x13e4/0x2b14 [ 37.525104][ T6411] do_filp_open+0x1e8/0x404 [ 37.526127][ T6411] do_sys_openat2+0x124/0x1b8 [ 37.527270][ T6411] __arm64_sys_openat+0x1f0/0x240 [ 37.528436][ T6411] invoke_syscall+0x98/0x2b8 [ 37.529503][ T6411] el0_svc_common+0x130/0x23c [ 37.530534][ T6411] do_el0_svc+0x48/0x58 [ 37.531484][ T6411] el0_svc+0x54/0x168 [ 37.532375][ T6411] el0t_64_sync_handler+0x84/0x108 [ 37.533488][ T6411] el0t_64_sync+0x198/0x19c [ 37.534517][ T6411] [ 37.534517][ T6411] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 37.536096][ T6411] lock_release+0x358/0x9e4 [ 37.537115][ T6411] up_write+0x88/0x760 [ 37.538067][ T6411] ocfs2_free_alloc_context+0x94/0x188 [ 37.539267][ T6411] ocfs2_write_begin_nolock+0x3dd8/0x3e90 [ 37.540484][ T6411] ocfs2_write_begin+0x1ac/0x38c [ 37.541595][ T6411] generic_perform_write+0x29c/0x868 [ 37.542730][ T6411] __generic_file_write_iter+0xfc/0x204 [ 37.543994][ T6411] ocfs2_file_write_iter+0x161c/0x1f3c [ 37.545246][ T6411] do_iter_readv_writev+0x490/0x6d4 [ 37.546428][ T6411] vfs_writev+0x410/0xbc8 [ 37.547465][ T6411] __arm64_sys_pwritev2+0x1d8/0x2ec [ 37.548629][ T6411] invoke_syscall+0x98/0x2b8 [ 37.549692][ T6411] el0_svc_common+0x130/0x23c [ 37.550749][ T6411] do_el0_svc+0x48/0x58 [ 37.551673][ T6411] el0_svc+0x54/0x168 [ 37.552672][ T6411] el0t_64_sync_handler+0x84/0x108 [ 37.553820][ T6411] el0t_64_sync+0x198/0x19c [ 37.555007][ T6411] [ 37.555007][ T6411] -> #0 (&oi->ip_alloc_sem){++++}-{4:4}: [ 37.556763][ T6411] __lock_acquire+0x34f0/0x7904 [ 37.557936][ T6411] lock_acquire+0x23c/0x724 [ 37.559005][ T6411] down_write+0x50/0xc0 [ 37.560090][ T6411] ocfs2_try_remove_refcount_tree+0xb4/0x2f0 [ 37.561468][ T6411] ocfs2_truncate_file+0xcec/0x14b4 [ 37.562712][ T6411] ocfs2_setattr+0x1328/0x19e4 [ 37.563815][ T6411] notify_change+0x9f0/0xca0 [ 37.564960][ T6411] do_truncate+0x1c0/0x28c [ 37.566050][ T6411] vfs_truncate+0x2b8/0x360 [ 37.567148][ T6411] do_sys_truncate+0xe8/0x1ac [ 37.568326][ T6411] __arm64_sys_truncate+0x5c/0x70 [ 37.569562][ T6411] invoke_syscall+0x98/0x2b8 [ 37.570758][ T6411] el0_svc_common+0x130/0x23c [ 37.571874][ T6411] do_el0_svc+0x48/0x58 [ 37.572984][ T6411] el0_svc+0x54/0x168 [ 37.573970][ T6411] el0t_64_sync_handler+0x84/0x108 [ 37.575202][ T6411] el0t_64_sync+0x198/0x19c [ 37.576327][ T6411] [ 37.576327][ T6411] other info that might help us debug this: [ 37.576327][ T6411] [ 37.578461][ T6411] Chain exists of: [ 37.578461][ T6411] &oi->ip_alloc_sem --> jbd2_handle --> &oi->ip_xattr_sem [ 37.578461][ T6411] [ 37.581310][ T6411] Possible unsafe locking scenario: [ 37.581310][ T6411] [ 37.582895][ T6411] CPU0 CPU1 [ 37.584019][ T6411] ---- ---- [ 37.585110][ T6411] lock(&oi->ip_xattr_sem); [ 37.586186][ T6411] lock(jbd2_handle); [ 37.587678][ T6411] lock(&oi->ip_xattr_sem); [ 37.589196][ T6411] lock(&oi->ip_alloc_sem); [ 37.590245][ T6411] [ 37.590245][ T6411] *** DEADLOCK *** [ 37.590245][ T6411] [ 37.592021][ T6411] 3 locks held by syz-executor397/6411: [ 37.593251][ T6411] #0: ffff0000c4742420 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c [ 37.595262][ T6411] #1: ffff0000dd31df40 (&sb->s_type->i_mutex_key#16){+.+.}-{4:4}, at: do_truncate+0x1ac/0x28c [ 37.597478][ T6411] #2: ffff0000dd31dc78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa8/0x2f0 [ 37.599784][ T6411] [ 37.599784][ T6411] stack backtrace: [ 37.601021][ T6411] CPU: 1 UID: 0 PID: 6411 Comm: syz-executor397 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 [ 37.603343][ T6411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 37.605629][ T6411] Call trace: [ 37.606299][ T6411] show_stack+0x2c/0x3c (C) [ 37.607279][ T6411] dump_stack_lvl+0xe4/0x150 [ 37.608341][ T6411] dump_stack+0x1c/0x28 [ 37.609255][ T6411] print_circular_bug+0x154/0x1c0 [ 37.610322][ T6411] check_noncircular+0x310/0x404 [ 37.611435][ T6411] __lock_acquire+0x34f0/0x7904 [ 37.612435][ T6411] lock_acquire+0x23c/0x724 [ 37.613487][ T6411] down_write+0x50/0xc0 [ 37.614424][ T6411] ocfs2_try_remove_refcount_tree+0xb4/0x2f0 [ 37.615808][ T6411] ocfs2_truncate_file+0xcec/0x14b4 [ 37.616876][ T6411] ocfs2_setattr+0x1328/0x19e4 [ 37.617939][ T6411] notify_change+0x9f0/0xca0 [ 37.618963][ T6411] do_truncate+0x1c0/0x28c [ 37.619949][ T6411] vfs_truncate+0x2b8/0x360 [ 37.620879][ T6411] do_sys_truncate+0xe8/0x1ac [ 37.621893][ T6411] __arm64_sys_truncate+0x5c/0x70 [ 37.623053][ T6411] invoke_syscall+0x98/0x2b8 [ 37.624028][ T6411] el0_svc_common+0x130/0x23c [ 37.625023][ T6411] do_el0_svc+0x48/0x58 [ 37.625938][ T6411] el0_svc+0x54/0x168 [ 37.626724][ T6411] el0t_64_sync_handler+0x84/0x108 [ 37.627828][ T6411] el0t_64_sync+0x198/0x19c