* [syzbot] [ocfs2?] possible deadlock in ocfs2_acquire_dquot
@ 2024-09-30 1:47 syzbot
2024-10-25 1:08 ` syzbot
2025-12-27 16:44 ` Forwarded: OCFS2 fix test syzbot
0 siblings, 2 replies; 4+ messages in thread
From: syzbot @ 2024-09-30 1:47 UTC (permalink / raw)
To: jlbec, joseph.qi, linux-kernel, mark, ocfs2-devel, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: e7ed34365879 Merge tag 'mailbox-v6.12' of git://git.kernel..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10af8ea9980000
kernel config: https://syzkaller.appspot.com/x/.config?x=84a3f3ed29aaafa0
dashboard link: https://syzkaller.appspot.com/bug?extid=51244a05705883616c95
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/eb021424c7db/disk-e7ed3436.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2f5f0d22ea96/vmlinux-e7ed3436.xz
kernel image: https://storage.googleapis.com/syzbot-assets/47176809b11c/bzImage-e7ed3436.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+51244a05705883616c95@syzkaller.appspotmail.com
ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
======================================================
WARNING: possible circular locking dependency detected
6.11.0-syzkaller-12113-ge7ed34365879 #0 Not tainted
------------------------------------------------------
syz.0.286/7825 is trying to acquire lock:
ffff88807a27a610 (sb_internal#4){.+.+}-{0:0}, at: ocfs2_acquire_dquot+0x6df/0xb80 fs/ocfs2/quota_global.c:855
but task is already holding lock:
ffff88805ca04da0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x225/0x2b0 fs/ocfs2/quota_global.c:314
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #6 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
down_write+0x99/0x220 kernel/locking/rwsem.c:1577
ocfs2_lock_global_qf+0x225/0x2b0 fs/ocfs2/quota_global.c:314
ocfs2_acquire_dquot+0x2b0/0xb80 fs/ocfs2/quota_global.c:823
dqget+0x770/0xeb0 fs/quota/dquot.c:976
__dquot_initialize+0x2e3/0xec0 fs/quota/dquot.c:1504
ocfs2_get_init_inode+0x158/0x1c0 fs/ocfs2/namei.c:202
ocfs2_mknod+0xcfa/0x2b40 fs/ocfs2/namei.c:308
ocfs2_mkdir+0x1ab/0x480 fs/ocfs2/namei.c:655
vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257
do_mkdirat+0x264/0x3a0 fs/namei.c:4280
__do_sys_mkdir fs/namei.c:4300 [inline]
__se_sys_mkdir fs/namei.c:4298 [inline]
__x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #5 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
down_write+0x99/0x220 kernel/locking/rwsem.c:1577
inode_lock include/linux/fs.h:815 [inline]
ocfs2_lock_global_qf+0x206/0x2b0 fs/ocfs2/quota_global.c:313
ocfs2_acquire_dquot+0x2b0/0xb80 fs/ocfs2/quota_global.c:823
dqget+0x770/0xeb0 fs/quota/dquot.c:976
__dquot_initialize+0x2e3/0xec0 fs/quota/dquot.c:1504
ocfs2_get_init_inode+0x158/0x1c0 fs/ocfs2/namei.c:202
ocfs2_mknod+0xcfa/0x2b40 fs/ocfs2/namei.c:308
ocfs2_mkdir+0x1ab/0x480 fs/ocfs2/namei.c:655
vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257
do_mkdirat+0x264/0x3a0 fs/namei.c:4280
__do_sys_mkdir fs/namei.c:4300 [inline]
__se_sys_mkdir fs/namei.c:4298 [inline]
__x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #4 (&dquot->dq_lock){+.+.}-{3:3}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
wait_on_dquot fs/quota/dquot.c:355 [inline]
dqget+0x6e6/0xeb0 fs/quota/dquot.c:971
dquot_transfer+0x2c2/0x6d0 fs/quota/dquot.c:2139
ext4_setattr+0xaf3/0x1bc0 fs/ext4/inode.c:5368
notify_change+0xbca/0xe90 fs/attr.c:503
chown_common+0x501/0x850 fs/open.c:793
do_fchownat+0x16a/0x240 fs/open.c:824
__do_sys_lchown fs/open.c:849 [inline]
__se_sys_lchown fs/open.c:847 [inline]
__x64_sys_lchown+0x85/0xa0 fs/open.c:847
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #3 (&ei->xattr_sem){++++}-{3:3}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
down_write+0x99/0x220 kernel/locking/rwsem.c:1577
ext4_write_lock_xattr fs/ext4/xattr.h:154 [inline]
ext4_xattr_set_handle+0x277/0x1580 fs/ext4/xattr.c:2373
ext4_initxattrs+0xa3/0x120 fs/ext4/xattr_security.c:44
security_inode_init_security+0x29c/0x480 security/security.c:1846
__ext4_new_inode+0x3635/0x4380 fs/ext4/ialloc.c:1323
ext4_create+0x279/0x550 fs/ext4/namei.c:2834
lookup_open fs/namei.c:3595 [inline]
open_last_lookups fs/namei.c:3694 [inline]
path_openat+0x1c03/0x3590 fs/namei.c:3930
do_filp_open+0x235/0x490 fs/namei.c:3960
do_sys_openat2+0x13e/0x1d0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #2 (jbd2_handle){++++}-{0:0}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
start_this_handle+0x1eb4/0x2110 fs/jbd2/transaction.c:448
jbd2__journal_start+0x2da/0x5d0 fs/jbd2/transaction.c:505
jbd2_journal_start+0x29/0x40 fs/jbd2/transaction.c:544
ocfs2_start_trans+0x3c9/0x700 fs/ocfs2/journal.c:352
ocfs2_block_group_alloc fs/ocfs2/suballoc.c:685 [inline]
ocfs2_reserve_suballoc_bits+0x9f6/0x4eb0 fs/ocfs2/suballoc.c:832
ocfs2_reserve_new_metadata_blocks+0x41c/0x9c0 fs/ocfs2/suballoc.c:982
ocfs2_mknod+0x143a/0x2b40 fs/ocfs2/namei.c:345
ocfs2_create+0x1ab/0x480 fs/ocfs2/namei.c:672
lookup_open fs/namei.c:3595 [inline]
open_last_lookups fs/namei.c:3694 [inline]
path_openat+0x1c03/0x3590 fs/namei.c:3930
do_filp_open+0x235/0x490 fs/namei.c:3960
do_sys_openat2+0x13e/0x1d0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_creat fs/open.c:1506 [inline]
__se_sys_creat fs/open.c:1500 [inline]
__x64_sys_creat+0x123/0x170 fs/open.c:1500
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #1 (&journal->j_trans_barrier){.+.+}-{3:3}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
down_read+0xb1/0xa40 kernel/locking/rwsem.c:1524
ocfs2_start_trans+0x3be/0x700 fs/ocfs2/journal.c:350
ocfs2_block_group_alloc fs/ocfs2/suballoc.c:685 [inline]
ocfs2_reserve_suballoc_bits+0x9f6/0x4eb0 fs/ocfs2/suballoc.c:832
ocfs2_reserve_new_metadata_blocks+0x41c/0x9c0 fs/ocfs2/suballoc.c:982
ocfs2_mknod+0x143a/0x2b40 fs/ocfs2/namei.c:345
ocfs2_create+0x1ab/0x480 fs/ocfs2/namei.c:672
lookup_open fs/namei.c:3595 [inline]
open_last_lookups fs/namei.c:3694 [inline]
path_openat+0x1c03/0x3590 fs/namei.c:3930
do_filp_open+0x235/0x490 fs/namei.c:3960
do_sys_openat2+0x13e/0x1d0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_creat fs/open.c:1506 [inline]
__se_sys_creat fs/open.c:1500 [inline]
__x64_sys_creat+0x123/0x170 fs/open.c:1500
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (sb_internal#4){.+.+}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1716 [inline]
sb_start_intwrite include/linux/fs.h:1899 [inline]
ocfs2_start_trans+0x2b9/0x700 fs/ocfs2/journal.c:348
ocfs2_acquire_dquot+0x6df/0xb80 fs/ocfs2/quota_global.c:855
dqget+0x770/0xeb0 fs/quota/dquot.c:976
__dquot_initialize+0x2e3/0xec0 fs/quota/dquot.c:1504
ocfs2_get_init_inode+0x158/0x1c0 fs/ocfs2/namei.c:202
ocfs2_mknod+0xcfa/0x2b40 fs/ocfs2/namei.c:308
ocfs2_mkdir+0x1ab/0x480 fs/ocfs2/namei.c:655
vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257
do_mkdirat+0x264/0x3a0 fs/namei.c:4280
__do_sys_mkdir fs/namei.c:4300 [inline]
__se_sys_mkdir fs/namei.c:4298 [inline]
__x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Chain exists of:
sb_internal#4 --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7 --> &ocfs2_quota_ip_alloc_sem_key
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ocfs2_quota_ip_alloc_sem_key);
lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7);
lock(&ocfs2_quota_ip_alloc_sem_key);
rlock(sb_internal#4);
*** DEADLOCK ***
6 locks held by syz.0.286/7825:
#0: ffff88807a27a420 (sb_writers#16){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:515
#1: ffff888059d289c0 (&type->i_mutex_dir_key#10/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:850 [inline]
#1: ffff888059d289c0 (&type->i_mutex_dir_key#10/1){+.+.}-{3:3}, at: filename_create+0x260/0x540 fs/namei.c:4026
#2: ffff8880574e1800 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline]
#2: ffff8880574e1800 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x192/0x4eb0 fs/ocfs2/suballoc.c:786
#3: ffff88805cbf20a8 (&dquot->dq_lock){+.+.}-{3:3}, at: ocfs2_acquire_dquot+0x2a3/0xb80 fs/ocfs2/quota_global.c:818
#4: ffff88805ca05100 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline]
#4: ffff88805ca05100 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}, at: ocfs2_lock_global_qf+0x206/0x2b0 fs/ocfs2/quota_global.c:313
#5: ffff88805ca04da0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x225/0x2b0 fs/ocfs2/quota_global.c:314
stack backtrace:
CPU: 0 UID: 0 PID: 7825 Comm: syz.0.286 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1716 [inline]
sb_start_intwrite include/linux/fs.h:1899 [inline]
ocfs2_start_trans+0x2b9/0x700 fs/ocfs2/journal.c:348
ocfs2_acquire_dquot+0x6df/0xb80 fs/ocfs2/quota_global.c:855
dqget+0x770/0xeb0 fs/quota/dquot.c:976
__dquot_initialize+0x2e3/0xec0 fs/quota/dquot.c:1504
ocfs2_get_init_inode+0x158/0x1c0 fs/ocfs2/namei.c:202
ocfs2_mknod+0xcfa/0x2b40 fs/ocfs2/namei.c:308
ocfs2_mkdir+0x1ab/0x480 fs/ocfs2/namei.c:655
vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257
do_mkdirat+0x264/0x3a0 fs/namei.c:4280
__do_sys_mkdir fs/namei.c:4300 [inline]
__se_sys_mkdir fs/namei.c:4298 [inline]
__x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f61b017dff9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f61afbff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00007f61b0335f80 RCX: 00007f61b017dff9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
RBP: 00007f61b01f0296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f61b0335f80 R15: 00007ffdf22d8ec8
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [syzbot] [ocfs2?] possible deadlock in ocfs2_acquire_dquot
2024-09-30 1:47 [syzbot] [ocfs2?] possible deadlock in ocfs2_acquire_dquot syzbot
@ 2024-10-25 1:08 ` syzbot
2025-12-27 16:44 ` Forwarded: OCFS2 fix test syzbot
1 sibling, 0 replies; 4+ messages in thread
From: syzbot @ 2024-10-25 1:08 UTC (permalink / raw)
To: jlbec, joseph.qi, linux-kernel, mark, ocfs2-devel, syzkaller-bugs
syzbot has found a reproducer for the following issue on:
HEAD commit: ce8e69898653 Merge remote-tracking branch 'tip/irq/core' i..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=12bfe65f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=cf20d4aad28662c6
dashboard link: https://syzkaller.appspot.com/bug?extid=51244a05705883616c95
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15ca5e40580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14583287980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c4140162bfaa/disk-ce8e6989.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9cc02a082c01/vmlinux-ce8e6989.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4ca0d2cc7b00/Image-ce8e6989.gz.xz
mounted in repro #1: https://storage.googleapis.com/syzbot-assets/fae7f4b73536/mount_0.gz
mounted in repro #2: https://storage.googleapis.com/syzbot-assets/60abe9617ec0/mount_3.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+51244a05705883616c95@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
6.12.0-rc4-syzkaller-gce8e69898653 #0 Not tainted
------------------------------------------------------
syz-executor217/6496 is trying to acquire lock:
ffff0000d451e610 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_acquire_dquot+0x3c4/0xa8c fs/ocfs2/quota_global.c:855
but task is already holding lock:
ffff0000e202dbe0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x1d4/0x260 fs/ocfs2/quota_global.c:314
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #6 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}:
down_write+0x50/0xc0 kernel/locking/rwsem.c:1577
ocfs2_lock_global_qf+0x1d4/0x260 fs/ocfs2/quota_global.c:314
ocfs2_acquire_dquot+0x268/0xa8c fs/ocfs2/quota_global.c:823
dqget+0x660/0xcec fs/quota/dquot.c:976
__dquot_initialize+0x344/0xc04 fs/quota/dquot.c:1504
dquot_initialize+0x24/0x34 fs/quota/dquot.c:1566
ocfs2_get_init_inode+0x14c/0x1b8 fs/ocfs2/namei.c:202
ocfs2_mknod+0x878/0x243c fs/ocfs2/namei.c:308
ocfs2_create+0x194/0x4e0 fs/ocfs2/namei.c:672
lookup_open fs/namei.c:3595 [inline]
open_last_lookups fs/namei.c:3694 [inline]
path_openat+0x13e4/0x2b14 fs/namei.c:3930
do_filp_open+0x1bc/0x3cc fs/namei.c:3960
do_sys_openat2+0x124/0x1b8 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1441
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
-> #5 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}:
down_write+0x50/0xc0 kernel/locking/rwsem.c:1577
inode_lock include/linux/fs.h:815 [inline]
ocfs2_lock_global_qf+0x1b8/0x260 fs/ocfs2/quota_global.c:313
ocfs2_acquire_dquot+0x268/0xa8c fs/ocfs2/quota_global.c:823
dqget+0x660/0xcec fs/quota/dquot.c:976
__dquot_initialize+0x344/0xc04 fs/quota/dquot.c:1504
dquot_initialize+0x24/0x34 fs/quota/dquot.c:1566
ocfs2_get_init_inode+0x14c/0x1b8 fs/ocfs2/namei.c:202
ocfs2_mknod+0x878/0x243c fs/ocfs2/namei.c:308
ocfs2_create+0x194/0x4e0 fs/ocfs2/namei.c:672
lookup_open fs/namei.c:3595 [inline]
open_last_lookups fs/namei.c:3694 [inline]
path_openat+0x13e4/0x2b14 fs/namei.c:3930
do_filp_open+0x1bc/0x3cc fs/namei.c:3960
do_sys_openat2+0x124/0x1b8 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1441
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
-> #4 (&dquot->dq_lock){+.+.}-{3:3}:
__mutex_lock_common+0x190/0x21a0 kernel/locking/mutex.c:608
__mutex_lock kernel/locking/mutex.c:752 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:804
wait_on_dquot fs/quota/dquot.c:355 [inline]
dqget+0x5f0/0xcec fs/quota/dquot.c:971
dquot_transfer+0x3a8/0x5c0 fs/quota/dquot.c:2153
ext4_setattr+0x8bc/0x1624 fs/ext4/inode.c:5368
notify_change+0x9f0/0xca0 fs/attr.c:503
chown_common+0x438/0x700 fs/open.c:793
vfs_fchown fs/open.c:861 [inline]
ksys_fchown+0xe0/0x158 fs/open.c:872
__do_sys_fchown fs/open.c:880 [inline]
__se_sys_fchown fs/open.c:878 [inline]
__arm64_sys_fchown+0x7c/0x94 fs/open.c:878
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
-> #3 (&ei->xattr_sem){++++}-{3:3}:
down_write+0x50/0xc0 kernel/locking/rwsem.c:1577
ext4_write_lock_xattr fs/ext4/xattr.h:154 [inline]
ext4_xattr_set_handle+0x1dc/0x12d0 fs/ext4/xattr.c:2373
ext4_initxattrs+0xa4/0x11c fs/ext4/xattr_security.c:44
security_inode_init_security+0x73c/0x908 security/security.c:1848
ext4_init_security+0x44/0x58 fs/ext4/xattr_security.c:58
__ext4_new_inode+0x2be8/0x3830 fs/ext4/ialloc.c:1323
ext4_create+0x234/0x480 fs/ext4/namei.c:2834
lookup_open fs/namei.c:3595 [inline]
open_last_lookups fs/namei.c:3694 [inline]
path_openat+0x13e4/0x2b14 fs/namei.c:3930
do_filp_open+0x1bc/0x3cc fs/namei.c:3960
do_sys_openat2+0x124/0x1b8 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1441
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
-> #2 (jbd2_handle){.+.+}-{0:0}:
start_this_handle+0xf34/0x11c4 fs/jbd2/transaction.c:448
jbd2__journal_start+0x298/0x544 fs/jbd2/transaction.c:505
jbd2_journal_start+0x3c/0x4c fs/jbd2/transaction.c:544
ocfs2_start_trans+0x3d0/0x71c fs/ocfs2/journal.c:352
ocfs2_modify_bh+0xe4/0x484 fs/ocfs2/quota_local.c:101
ocfs2_local_read_info+0x1220/0x15bc fs/ocfs2/quota_local.c:771
dquot_load_quota_sb+0x6e4/0xb24 fs/quota/dquot.c:2458
dquot_load_quota_inode+0x280/0x4f4 fs/quota/dquot.c:2495
ocfs2_enable_quotas+0x17c/0x3cc fs/ocfs2/super.c:926
ocfs2_fill_super+0x3f04/0x49d0 fs/ocfs2/super.c:1141
mount_bdev+0x1d4/0x2a0 fs/super.c:1679
ocfs2_mount+0x44/0x58 fs/ocfs2/super.c:1188
legacy_get_tree+0xd4/0x16c fs/fs_context.c:662
vfs_get_tree+0x90/0x28c fs/super.c:1800
do_new_mount+0x278/0x900 fs/namespace.c:3507
path_mount+0x590/0xe04 fs/namespace.c:3834
do_mount fs/namespace.c:3847 [inline]
__do_sys_mount fs/namespace.c:4055 [inline]
__se_sys_mount fs/namespace.c:4032 [inline]
__arm64_sys_mount+0x45c/0x5a8 fs/namespace.c:4032
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
-> #1 (&journal->j_trans_barrier){.+.+}-{3:3}:
down_read+0x58/0x2fc kernel/locking/rwsem.c:1524
ocfs2_start_trans+0x3c4/0x71c fs/ocfs2/journal.c:350
ocfs2_modify_bh+0xe4/0x484 fs/ocfs2/quota_local.c:101
ocfs2_local_read_info+0x1220/0x15bc fs/ocfs2/quota_local.c:771
dquot_load_quota_sb+0x6e4/0xb24 fs/quota/dquot.c:2458
dquot_load_quota_inode+0x280/0x4f4 fs/quota/dquot.c:2495
ocfs2_enable_quotas+0x17c/0x3cc fs/ocfs2/super.c:926
ocfs2_fill_super+0x3f04/0x49d0 fs/ocfs2/super.c:1141
mount_bdev+0x1d4/0x2a0 fs/super.c:1679
ocfs2_mount+0x44/0x58 fs/ocfs2/super.c:1188
legacy_get_tree+0xd4/0x16c fs/fs_context.c:662
vfs_get_tree+0x90/0x28c fs/super.c:1800
do_new_mount+0x278/0x900 fs/namespace.c:3507
path_mount+0x590/0xe04 fs/namespace.c:3834
do_mount fs/namespace.c:3847 [inline]
__do_sys_mount fs/namespace.c:4055 [inline]
__se_sys_mount fs/namespace.c:4032 [inline]
__arm64_sys_mount+0x45c/0x5a8 fs/namespace.c:4032
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
-> #0 (sb_internal#2){.+.+}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x33f8/0x77c8 kernel/locking/lockdep.c:5202
lock_acquire+0x240/0x728 kernel/locking/lockdep.c:5825
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1716 [inline]
sb_start_intwrite include/linux/fs.h:1899 [inline]
ocfs2_start_trans+0x244/0x71c fs/ocfs2/journal.c:348
ocfs2_acquire_dquot+0x3c4/0xa8c fs/ocfs2/quota_global.c:855
dqget+0x660/0xcec fs/quota/dquot.c:976
__dquot_initialize+0x344/0xc04 fs/quota/dquot.c:1504
dquot_initialize+0x24/0x34 fs/quota/dquot.c:1566
ocfs2_get_init_inode+0x14c/0x1b8 fs/ocfs2/namei.c:202
ocfs2_mknod+0x878/0x243c fs/ocfs2/namei.c:308
ocfs2_create+0x194/0x4e0 fs/ocfs2/namei.c:672
lookup_open fs/namei.c:3595 [inline]
open_last_lookups fs/namei.c:3694 [inline]
path_openat+0x13e4/0x2b14 fs/namei.c:3930
do_filp_open+0x1bc/0x3cc fs/namei.c:3960
do_sys_openat2+0x124/0x1b8 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1441
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
other info that might help us debug this:
Chain exists of:
sb_internal#2 --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3 --> &ocfs2_quota_ip_alloc_sem_key
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ocfs2_quota_ip_alloc_sem_key);
lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3);
lock(&ocfs2_quota_ip_alloc_sem_key);
rlock(sb_internal#2);
*** DEADLOCK ***
6 locks held by syz-executor217/6496:
#0: ffff0000d451e420 (sb_writers#10){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:515
#1: ffff0000e20289c0 (&type->i_mutex_dir_key#8){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline]
#1: ffff0000e20289c0 (&type->i_mutex_dir_key#8){+.+.}-{3:3}, at: open_last_lookups fs/namei.c:3691 [inline]
#1: ffff0000e20289c0 (&type->i_mutex_dir_key#8){+.+.}-{3:3}, at: path_openat+0x684/0x2b14 fs/namei.c:3930
#2: ffff0000e21a9800 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline]
#2: ffff0000e21a9800 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x164/0x4288 fs/ocfs2/suballoc.c:786
#3: ffff0000e20400a8 (&dquot->dq_lock){+.+.}-{3:3}, at: ocfs2_acquire_dquot+0x25c/0xa8c fs/ocfs2/quota_global.c:818
#4: ffff0000e202df40 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline]
#4: ffff0000e202df40 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}, at: ocfs2_lock_global_qf+0x1b8/0x260 fs/ocfs2/quota_global.c:313
#5: ffff0000e202dbe0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_lock_global_qf+0x1d4/0x260 fs/ocfs2/quota_global.c:314
stack backtrace:
CPU: 1 UID: 0 PID: 6496 Comm: syz-executor217 Not tainted 6.12.0-rc4-syzkaller-gce8e69898653 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call trace:
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:484 (C)
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120
dump_stack+0x1c/0x28 lib/dump_stack.c:129
print_circular_bug+0x154/0x1c0 kernel/locking/lockdep.c:2074
check_noncircular+0x310/0x404 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x33f8/0x77c8 kernel/locking/lockdep.c:5202
lock_acquire+0x240/0x728 kernel/locking/lockdep.c:5825
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1716 [inline]
sb_start_intwrite include/linux/fs.h:1899 [inline]
ocfs2_start_trans+0x244/0x71c fs/ocfs2/journal.c:348
ocfs2_acquire_dquot+0x3c4/0xa8c fs/ocfs2/quota_global.c:855
dqget+0x660/0xcec fs/quota/dquot.c:976
__dquot_initialize+0x344/0xc04 fs/quota/dquot.c:1504
dquot_initialize+0x24/0x34 fs/quota/dquot.c:1566
ocfs2_get_init_inode+0x14c/0x1b8 fs/ocfs2/namei.c:202
ocfs2_mknod+0x878/0x243c fs/ocfs2/namei.c:308
ocfs2_create+0x194/0x4e0 fs/ocfs2/namei.c:672
lookup_open fs/namei.c:3595 [inline]
open_last_lookups fs/namei.c:3694 [inline]
path_openat+0x13e4/0x2b14 fs/namei.c:3930
do_filp_open+0x1bc/0x3cc fs/namei.c:3960
do_sys_openat2+0x124/0x1b8 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1441
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 4+ messages in thread* Forwarded: OCFS2 fix test
2024-09-30 1:47 [syzbot] [ocfs2?] possible deadlock in ocfs2_acquire_dquot syzbot
2024-10-25 1:08 ` syzbot
@ 2025-12-27 16:44 ` syzbot
1 sibling, 0 replies; 4+ messages in thread
From: syzbot @ 2025-12-27 16:44 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject: OCFS2 fix test
Author: swilczek.lx@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
master
diff --git a/fs/ocfs2/quota_global.c b/fs/ocfs2/quota_global.c
index e85b1ccf81be..136aaaae27f3 100644
--- a/fs/ocfs2/quota_global.c
+++ b/fs/ocfs2/quota_global.c
@@ -821,6 +821,19 @@ static int ocfs2_acquire_dquot(struct dquot *dquot)
trace_ocfs2_acquire_dquot(from_kqid(&init_user_ns, dquot->dq_id),
type);
mutex_lock(&dquot->dq_lock);
+ /*
+ * Extend global quota file before acquiring global qf lock to avoid
+ * lock inversion with sb_internal (via ocfs2_start_trans).
+ */
+ if (need_alloc) {
+ WARN_ON(journal_current_handle());
+ status = ocfs2_extend_no_holes(gqinode, NULL,
+ i_size_read(gqinode) + (need_alloc << sb->s_blocksize_bits),
+ i_size_read(gqinode));
+ if (status < 0)
+ goto out;
+ }
+
/*
* We need an exclusive lock, because we're going to update use count
* and instantiate possibly new dquot structure
@@ -843,19 +856,8 @@ static int ocfs2_acquire_dquot(struct dquot *dquot)
OCFS2_DQUOT(dquot)->dq_use_count++;
OCFS2_DQUOT(dquot)->dq_origspace = dquot->dq_dqb.dqb_curspace;
OCFS2_DQUOT(dquot)->dq_originodes = dquot->dq_dqb.dqb_curinodes;
- if (!dquot->dq_off) { /* No real quota entry? */
+ if (!dquot->dq_off) /* No real quota entry? */
ex = 1;
- /*
- * Add blocks to quota file before we start a transaction since
- * locking allocators ranks above a transaction start
- */
- WARN_ON(journal_current_handle());
- status = ocfs2_extend_no_holes(gqinode, NULL,
- i_size_read(gqinode) + (need_alloc << sb->s_blocksize_bits),
- i_size_read(gqinode));
- if (status < 0)
- goto out_dq;
- }
handle = ocfs2_start_trans(osb,
ocfs2_calc_global_qinit_credits(sb, type));
^ permalink raw reply related [flat|nested] 4+ messages in thread
[parent not found: <CAJRoVwhAjDOoaFERGYdpiMTHgAu2=9H27Yjb1LbXtGtN80rXkw@mail.gmail.com>]
end of thread, other threads:[~2025-12-27 17:35 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-30 1:47 [syzbot] [ocfs2?] possible deadlock in ocfs2_acquire_dquot syzbot
2024-10-25 1:08 ` syzbot
2025-12-27 16:44 ` Forwarded: OCFS2 fix test syzbot
[not found] <CAJRoVwhAjDOoaFERGYdpiMTHgAu2=9H27Yjb1LbXtGtN80rXkw@mail.gmail.com>
2025-12-27 17:35 ` [syzbot] [ocfs2?] possible deadlock in ocfs2_acquire_dquot syzbot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.