ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz.2.67/4698 is trying to acquire lock:
ffff0000e272ce38 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_init_acl+0x264/0x61c fs/ocfs2/acl.c:365

but task is already holding lock:
ffff00010285e990 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xfec/0x125c fs/jbd2/transaction.c:461

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (jbd2_handle){++++}-{0:0}:
       jbd2_journal_lock_updates+0xa8/0x318 fs/jbd2/transaction.c:880
       __ocfs2_flush_truncate_log+0x268/0x10a4 fs/ocfs2/alloc.c:6029
       ocfs2_flush_truncate_log+0x4c/0x6c fs/ocfs2/alloc.c:6076
       ocfs2_sync_fs+0x100/0x2c0 fs/ocfs2/super.c:402
       sync_filesystem+0x1a0/0x218 fs/sync.c:66
       generic_shutdown_super+0x74/0x32c fs/super.c:474
       kill_block_super+0x78/0xe0 fs/super.c:1470
       deactivate_locked_super+0xb4/0x128 fs/super.c:332
       deactivate_super+0xe4/0x104 fs/super.c:363
       cleanup_mnt+0x3a8/0x430 fs/namespace.c:1191
       __cleanup_mnt+0x20/0x30 fs/namespace.c:1198
       task_work_run+0x1f4/0x280 kernel/task_work.c:203
       exit_task_work include/linux/task_work.h:39 [inline]
       do_exit+0x54c/0x19ac kernel/exit.c:881
       do_group_exit+0x198/0x238 kernel/exit.c:1024
       get_signal+0x11f4/0x133c kernel/signal.c:2872
       do_signal arch/arm64/kernel/signal.c:1095 [inline]
       do_notify_resume+0x2a8/0x2c84 arch/arm64/kernel/signal.c:1148
       prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
       exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
       el0_da+0xb4/0x144 arch/arm64/kernel/entry-common.c:516
       el0t_64_sync_handler+0x90/0xf0 arch/arm64/kernel/entry-common.c:658
       el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

-> #2 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}:
       down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
       inode_lock include/linux/fs.h:758 [inline]
       ocfs2_try_to_free_truncate_log+0xb4/0x2f4 fs/ocfs2/alloc.c:6124
       ocfs2_write_begin_nolock+0x2a44/0x3a80 fs/ocfs2/aops.c:1872
       ocfs2_write_begin+0x1b4/0x318 fs/ocfs2/aops.c:1906
       generic_perform_write+0x240/0x508 mm/filemap.c:3862
       __generic_file_write_iter+0x130/0x250 mm/filemap.c:3960
       ocfs2_file_write_iter+0x13ac/0x1cd0 fs/ocfs2/file.c:2469
       __kernel_write_iter+0x1ec/0x54c fs/read_write.c:517
       dump_emit_page fs/coredump.c:950 [inline]
       dump_user_range+0x2f4/0x5c4 fs/coredump.c:977
       elf_core_dump+0x2900/0x2e14 fs/binfmt_elf.c:2354
       do_coredump+0x10dc/0x1c90 fs/coredump.c:824
       get_signal+0xdfc/0x133c kernel/signal.c:2858
       do_signal arch/arm64/kernel/signal.c:1095 [inline]
       do_notify_resume+0x2a8/0x2c84 arch/arm64/kernel/signal.c:1148
       prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
       exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
       el0_da+0xb4/0x144 arch/arm64/kernel/entry-common.c:516
       el0t_64_sync_handler+0x90/0xf0 arch/arm64/kernel/entry-common.c:658
       el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

-> #1 (&oi->ip_alloc_sem){++++}-{3:3}:
       down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
       ocfs2_try_remove_refcount_tree+0xb4/0x2e4 fs/ocfs2/refcounttree.c:932
       ocfs2_truncate_file+0xce0/0x14dc fs/ocfs2/file.c:517
       ocfs2_setattr+0x12a0/0x1950 fs/ocfs2/file.c:1212
       notify_change+0xb5c/0xe20 fs/attr.c:499
       do_truncate+0x188/0x20c fs/open.c:65
       do_coredump+0x1994/0x1c90 fs/coredump.c:801
       get_signal+0xdfc/0x133c kernel/signal.c:2858
       do_signal arch/arm64/kernel/signal.c:1095 [inline]
       do_notify_resume+0x2a8/0x2c84 arch/arm64/kernel/signal.c:1148
       prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
       exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
       el0_da+0xb4/0x144 arch/arm64/kernel/entry-common.c:516
       el0t_64_sync_handler+0x90/0xf0 arch/arm64/kernel/entry-common.c:658
       el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

-> #0 (&oi->ip_xattr_sem){++++}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3090 [inline]
       check_prevs_add kernel/locking/lockdep.c:3209 [inline]
       validate_chain kernel/locking/lockdep.c:3825 [inline]
       __lock_acquire+0x27c8/0x6610 kernel/locking/lockdep.c:5049
       lock_acquire+0x20c/0x638 kernel/locking/lockdep.c:5662
       down_read+0x64/0x300 kernel/locking/rwsem.c:1520
       ocfs2_init_acl+0x264/0x61c fs/ocfs2/acl.c:365
       ocfs2_mknod+0x12b0/0x218c fs/ocfs2/namei.c:410
       ocfs2_create+0x19c/0x51c fs/ocfs2/namei.c:674
       lookup_open fs/namei.c:3490 [inline]
       open_last_lookups fs/namei.c:3558 [inline]
       path_openat+0xda8/0x27a0 fs/namei.c:3788
       do_filp_open+0x198/0x38c fs/namei.c:3818
       do_sys_openat2+0x134/0x3fc fs/open.c:1320
       do_sys_open fs/open.c:1336 [inline]
       __do_sys_openat fs/open.c:1352 [inline]
       __se_sys_openat fs/open.c:1347 [inline]
       __arm64_sys_openat+0x11c/0x150 fs/open.c:1347
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x290 arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x13c/0x258 arch/arm64/kernel/syscall.c:140
       do_el0_svc+0x5c/0x134 arch/arm64/kernel/syscall.c:204
       el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
       el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
       el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

other info that might help us debug this:

Chain exists of:
  &oi->ip_xattr_sem --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3 --> jbd2_handle

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(jbd2_handle);
                               lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3);
                               lock(jbd2_handle);
  lock(&oi->ip_xattr_sem);

 *** DEADLOCK ***

8 locks held by syz.2.67/4698:
 #0: ffff0000cca46460 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:402
 #1: ffff0000e272d108 (&type->i_mutex_dir_key#15){++++}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #1: ffff0000e272d108 (&type->i_mutex_dir_key#15){++++}-{3:3}, at: open_last_lookups fs/namei.c:3555 [inline]
 #1: ffff0000e272d108 (&type->i_mutex_dir_key#15){++++}-{3:3}, at: path_openat+0x5dc/0x27a0 fs/namei.c:3788
 #2: ffff0000e27e6d88 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #2: ffff0000e27e6d88 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x110/0x3d40 fs/ocfs2/suballoc.c:782
 #3: ffff0000e27e5f48 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #3: ffff0000e27e5f48 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x110/0x3d40 fs/ocfs2/suballoc.c:782
 #4: ffff0000e27a1808 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #4: ffff0000e27a1808 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}, at: ocfs2_reserve_local_alloc_bits+0xe4/0x2830 fs/ocfs2/localalloc.c:635
 #5: ffff0000cca46650 (sb_internal#4){.+.+}-{0:0}, at: ocfs2_mknod+0xd2c/0x218c fs/ocfs2/namei.c:361
 #6: ffff0000f3a120e8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x38c/0x6f4 fs/ocfs2/journal.c:374
 #7: ffff00010285e990 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xfec/0x125c fs/jbd2/transaction.c:461

stack backtrace:
CPU: 0 PID: 4698 Comm: syz.2.67 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/02/2026
Call trace:
 dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf4/0x15c lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 print_circular_bug+0x148/0x1b0 kernel/locking/lockdep.c:2048
 check_noncircular+0x264/0x2f8 kernel/locking/lockdep.c:2170
 check_prev_add kernel/locking/lockdep.c:3090 [inline]
 check_prevs_add kernel/locking/lockdep.c:3209 [inline]
 validate_chain kernel/locking/lockdep.c:3825 [inline]
 __lock_acquire+0x27c8/0x6610 kernel/locking/lockdep.c:5049
 lock_acquire+0x20c/0x638 kernel/locking/lockdep.c:5662
 down_read+0x64/0x300 kernel/locking/rwsem.c:1520
 ocfs2_init_acl+0x264/0x61c fs/ocfs2/acl.c:365
 ocfs2_mknod+0x12b0/0x218c fs/ocfs2/namei.c:410
 ocfs2_create+0x19c/0x51c fs/ocfs2/namei.c:674
 lookup_open fs/namei.c:3490 [inline]
 open_last_lookups fs/namei.c:3558 [inline]
 path_openat+0xda8/0x27a0 fs/namei.c:3788
 do_filp_open+0x198/0x38c fs/namei.c:3818
 do_sys_openat2+0x134/0x3fc fs/open.c:1320
 do_sys_open fs/open.c:1336 [inline]
 __do_sys_openat fs/open.c:1352 [inline]
 __se_sys_openat fs/open.c:1347 [inline]
 __arm64_sys_openat+0x11c/0x150 fs/open.c:1347
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x290 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x13c/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x5c/0x134 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585