ocfs2: Slot 0 on device (7,0) was already allocated to this node!
ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz.0.16/5125 is trying to acquire lock:
ffff0000c1cd8650 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_orphan_for_truncate fs/ocfs2/file.c:392 [inline]
ffff0000c1cd8650 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_truncate_file+0x5c8/0x13d0 fs/ocfs2/file.c:496

but task is already holding lock:
ffff0000df6e94a0 (&oi->ip_alloc_sem){++++}-{3:3}, at: ocfs2_truncate_file+0x304/0x13d0 fs/ocfs2/file.c:467

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&oi->ip_alloc_sem){++++}-{3:3}:
       down_read+0xc0/0x38c kernel/locking/rwsem.c:1498
       ocfs2_read_virt_blocks+0x21c/0x868 fs/ocfs2/extent_map.c:984
       ocfs2_read_dir_block fs/ocfs2/dir.c:508 [inline]
       ocfs2_find_entry_el fs/ocfs2/dir.c:715 [inline]
       ocfs2_find_entry+0x2e8/0x1be0 fs/ocfs2/dir.c:1091
       ocfs2_rename+0x1950/0x3020 fs/ocfs2/namei.c:1568
       vfs_rename+0x95c/0xde0 fs/namei.c:4840
       do_renameat2+0x774/0xcfc fs/namei.c:4993
       __do_sys_renameat2 fs/namei.c:5026 [inline]
       __se_sys_renameat2 fs/namei.c:5023 [inline]
       __arm64_sys_renameat2+0xe0/0xfc fs/namei.c:5023
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181
       el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608
       el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
       el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

-> #1 (&journal->j_trans_barrier){.+.+}-{3:3}:
       down_read+0xc0/0x38c kernel/locking/rwsem.c:1498
       ocfs2_start_trans+0x430/0x798 fs/ocfs2/journal.c:374
       ocfs2_local_alloc_slide_window fs/ocfs2/localalloc.c:1258 [inline]
       ocfs2_reserve_local_alloc_bits+0xb34/0x2568 fs/ocfs2/localalloc.c:668
       ocfs2_reserve_clusters_with_limit+0x188/0xa28 fs/ocfs2/suballoc.c:1162
       ocfs2_reserve_clusters+0x3c/0x50 fs/ocfs2/suballoc.c:1223
       ocfs2_mknod+0xccc/0x2080 fs/ocfs2/namei.c:354
       ocfs2_mkdir+0x180/0x470 fs/ocfs2/namei.c:657
       vfs_mkdir+0x314/0x4d4 fs/namei.c:4073
       do_mkdirat+0x1c0/0x514 fs/namei.c:4098
       __do_sys_mkdirat fs/namei.c:4113 [inline]
       __se_sys_mkdirat fs/namei.c:4111 [inline]
       __arm64_sys_mkdirat+0x90/0xa8 fs/namei.c:4111
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181
       el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608
       el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
       el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

-> #0 (sb_internal#2){.+.+}-{0:0}:
       check_prev_add kernel/locking/lockdep.c:3053 [inline]
       check_prevs_add kernel/locking/lockdep.c:3172 [inline]
       validate_chain kernel/locking/lockdep.c:3788 [inline]
       __lock_acquire+0x2870/0x67ec kernel/locking/lockdep.c:5012
       lock_acquire+0x1f4/0x618 kernel/locking/lockdep.c:5623
       percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
       __sb_start_write include/linux/fs.h:1811 [inline]
       sb_start_intwrite include/linux/fs.h:1928 [inline]
       ocfs2_start_trans+0x2c4/0x798 fs/ocfs2/journal.c:372
       ocfs2_orphan_for_truncate fs/ocfs2/file.c:392 [inline]
       ocfs2_truncate_file+0x5c8/0x13d0 fs/ocfs2/file.c:496
       ocfs2_setattr+0x1100/0x1720 fs/ocfs2/file.c:1215
       notify_change+0xa08/0xcd8 fs/attr.c:505
       do_truncate+0x188/0x20c fs/open.c:65
       handle_truncate fs/namei.c:3273 [inline]
       do_open fs/namei.c:3620 [inline]
       path_openat+0x2158/0x2718 fs/namei.c:3750
       do_filp_open+0x184/0x368 fs/namei.c:3777
       do_sys_openat2+0x134/0x3f4 fs/open.c:1255
       do_sys_open fs/open.c:1271 [inline]
       __do_sys_openat fs/open.c:1287 [inline]
       __se_sys_openat fs/open.c:1282 [inline]
       __arm64_sys_openat+0x118/0x14c fs/open.c:1282
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181
       el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608
       el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
       el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

other info that might help us debug this:

Chain exists of:
  sb_internal#2 --> &journal->j_trans_barrier --> &oi->ip_alloc_sem

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&oi->ip_alloc_sem);
                               lock(&journal->j_trans_barrier);
                               lock(&oi->ip_alloc_sem);
  lock(sb_internal#2);

 *** DEADLOCK ***

3 locks held by syz.0.16/5125:
 #0: ffff0000c1cd8460 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:386
 #1: ffff0000df6e9808 (&sb->s_type->i_mutex_key#23){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff0000df6e9808 (&sb->s_type->i_mutex_key#23){+.+.}-{3:3}, at: do_truncate+0x174/0x20c fs/open.c:63
 #2: ffff0000df6e94a0 (&oi->ip_alloc_sem){++++}-{3:3}, at: ocfs2_truncate_file+0x304/0x13d0 fs/ocfs2/file.c:467

stack backtrace:
CPU: 0 PID: 5125 Comm: syz.0.16 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026
Call trace:
 dump_backtrace+0x0/0x458 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf4/0x15c lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 print_circular_bug+0x148/0x1b0 kernel/locking/lockdep.c:2011
 check_noncircular+0x264/0x2f8 kernel/locking/lockdep.c:2133
 check_prev_add kernel/locking/lockdep.c:3053 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire+0x2870/0x67ec kernel/locking/lockdep.c:5012
 lock_acquire+0x1f4/0x618 kernel/locking/lockdep.c:5623
 percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
 __sb_start_write include/linux/fs.h:1811 [inline]
 sb_start_intwrite include/linux/fs.h:1928 [inline]
 ocfs2_start_trans+0x2c4/0x798 fs/ocfs2/journal.c:372
 ocfs2_orphan_for_truncate fs/ocfs2/file.c:392 [inline]
 ocfs2_truncate_file+0x5c8/0x13d0 fs/ocfs2/file.c:496
 ocfs2_setattr+0x1100/0x1720 fs/ocfs2/file.c:1215
 notify_change+0xa08/0xcd8 fs/attr.c:505
 do_truncate+0x188/0x20c fs/open.c:65
 handle_truncate fs/namei.c:3273 [inline]
 do_open fs/namei.c:3620 [inline]
 path_openat+0x2158/0x2718 fs/namei.c:3750
 do_filp_open+0x184/0x368 fs/namei.c:3777
 do_sys_openat2+0x134/0x3f4 fs/open.c:1255
 do_sys_open fs/open.c:1271 [inline]
 __do_sys_openat fs/open.c:1287 [inline]
 __se_sys_openat fs/open.c:1282 [inline]
 __arm64_sys_openat+0x118/0x14c fs/open.c:1282
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584