From: syzbot <syzbot+78359d5fbb04318c35e9@syzkaller.appspotmail.com>
To: heming.zhao@suse.com, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [ocfs2?] possible deadlock in ocfs2_del_inode_from_orphan
Date: Mon, 23 Feb 2026 21:46:02 -0800 [thread overview]
Message-ID: <699d3b1a.a00a0220.121a60.00f6.GAE@google.com> (raw)
In-Reply-To: <oh26fpojbfgcs5gljzjz4vaqlqloz7wqnhlmdmlqzwnrvk7uyr@cxa3ek5uiy6t>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
possible deadlock in ocfs2_del_inode_from_orphan
(syz.0.44,6753,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
JBD2: Ignoring recovery information on journal
ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz.0.44/6753 is trying to acquire lock:
ffff88805e667000 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline]
ffff88805e667000 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_del_inode_from_orphan+0x12e/0x7a0 fs/ocfs2/namei.c:2731
but task is already holding lock:
ffff88805e66ba10 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_dio_end_io_write fs/ocfs2/aops.c:2297 [inline]
ffff88805e66ba10 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_dio_end_io+0x439/0x1210 fs/ocfs2/aops.c:2403
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}:
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
ocfs2_lock_global_qf+0x201/0x290 fs/ocfs2/quota_global.c:314
ocfs2_acquire_dquot+0x2a0/0xb70 fs/ocfs2/quota_global.c:828
dqget+0x7b6/0xf10 fs/quota/dquot.c:980
__dquot_initialize+0x3ba/0xd30 fs/quota/dquot.c:1508
ocfs2_get_init_inode+0x147/0x1c0 fs/ocfs2/namei.c:206
ocfs2_mknod+0xa67/0x2290 fs/ocfs2/namei.c:314
ocfs2_create+0x195/0x490 fs/ocfs2/namei.c:677
lookup_open fs/namei.c:4483 [inline]
open_last_lookups fs/namei.c:4583 [inline]
path_openat+0x13b4/0x38a0 fs/namei.c:4827
do_file_open+0x23e/0x4a0 fs/namei.c:4859
do_sys_openat2+0x113/0x200 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_openat fs/open.c:1388 [inline]
__se_sys_openat fs/open.c:1383 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1383
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #3 (&ocfs2_sysfile_lock_key[USER_QUOTA_SYSTEM_INODE]){+.+.}-{4:4}:
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
inode_lock include/linux/fs.h:1028 [inline]
ocfs2_lock_global_qf+0x1da/0x290 fs/ocfs2/quota_global.c:313
ocfs2_acquire_dquot+0x2a0/0xb70 fs/ocfs2/quota_global.c:828
dqget+0x7b6/0xf10 fs/quota/dquot.c:980
__dquot_initialize+0x3ba/0xd30 fs/quota/dquot.c:1508
ocfs2_get_init_inode+0x147/0x1c0 fs/ocfs2/namei.c:206
ocfs2_mknod+0xa67/0x2290 fs/ocfs2/namei.c:314
ocfs2_create+0x195/0x490 fs/ocfs2/namei.c:677
lookup_open fs/namei.c:4483 [inline]
open_last_lookups fs/namei.c:4583 [inline]
path_openat+0x13b4/0x38a0 fs/namei.c:4827
do_file_open+0x23e/0x4a0 fs/namei.c:4859
do_sys_openat2+0x113/0x200 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_openat fs/open.c:1388 [inline]
__se_sys_openat fs/open.c:1383 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1383
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #2 (&dquot->dq_lock){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/rtmutex_api.c:533 [inline]
mutex_lock_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:552
wait_on_dquot fs/quota/dquot.c:357 [inline]
dqget+0x72f/0xf10 fs/quota/dquot.c:975
__dquot_initialize+0x3ba/0xd30 fs/quota/dquot.c:1508
ocfs2_get_init_inode+0x147/0x1c0 fs/ocfs2/namei.c:206
ocfs2_mknod+0xa67/0x2290 fs/ocfs2/namei.c:314
ocfs2_create+0x195/0x490 fs/ocfs2/namei.c:677
lookup_open fs/namei.c:4483 [inline]
open_last_lookups fs/namei.c:4583 [inline]
path_openat+0x13b4/0x38a0 fs/namei.c:4827
do_file_open+0x23e/0x4a0 fs/namei.c:4859
do_sys_openat2+0x113/0x200 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_openat fs/open.c:1388 [inline]
__se_sys_openat fs/open.c:1383 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1383
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #1 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
inode_lock include/linux/fs.h:1028 [inline]
ocfs2_remove_inode fs/ocfs2/inode.c:733 [inline]
ocfs2_wipe_inode fs/ocfs2/inode.c:896 [inline]
ocfs2_delete_inode fs/ocfs2/inode.c:1157 [inline]
ocfs2_evict_inode+0x1539/0x44c0 fs/ocfs2/inode.c:1299
evict+0x61e/0xb10 fs/inode.c:846
ocfs2_dentry_iput+0x24d/0x390 fs/ocfs2/dcache.c:407
__dentry_kill+0x1a2/0x5e0 fs/dcache.c:670
finish_dput+0xc9/0x480 fs/dcache.c:879
__fput+0x6a3/0xa90 fs/file_table.c:477
task_work_run+0x1d9/0x270 kernel/task_work.c:233
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
__exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
exit_to_user_mode_loop+0xed/0x480 kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
do_syscall_64+0x32d/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x15a5/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
inode_lock include/linux/fs.h:1028 [inline]
ocfs2_del_inode_from_orphan+0x12e/0x7a0 fs/ocfs2/namei.c:2731
ocfs2_dio_end_io_write fs/ocfs2/aops.c:2305 [inline]
ocfs2_dio_end_io+0x545/0x1210 fs/ocfs2/aops.c:2403
dio_complete+0x25e/0x790 fs/direct-io.c:281
__blockdev_direct_IO+0x2d0e/0x3330 fs/direct-io.c:1303
ocfs2_direct_IO+0x253/0x2c0 fs/ocfs2/aops.c:2440
generic_file_direct_write+0x1dc/0x3e0 mm/filemap.c:4248
__generic_file_write_iter+0x120/0x240 mm/filemap.c:4417
ocfs2_file_write_iter+0x1666/0x1ed0 fs/ocfs2/file.c:2476
iter_file_splice_write+0x9a6/0x10f0 fs/splice.c:736
do_splice_from fs/splice.c:936 [inline]
direct_splice_actor+0x104/0x160 fs/splice.c:1159
splice_direct_to_actor+0x545/0xc80 fs/splice.c:1103
do_splice_direct_actor fs/splice.c:1202 [inline]
do_splice_direct+0x19b/0x2a0 fs/splice.c:1228
do_sendfile+0x547/0x7e0 fs/read_write.c:1372
__do_sys_sendfile64 fs/read_write.c:1433 [inline]
__se_sys_sendfile64+0x144/0x1a0 fs/read_write.c:1419
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Chain exists of:
&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE] --> &ocfs2_sysfile_lock_key[USER_QUOTA_SYSTEM_INODE] --> &ocfs2_quota_ip_alloc_sem_key
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ocfs2_quota_ip_alloc_sem_key);
lock(&ocfs2_sysfile_lock_key[USER_QUOTA_SYSTEM_INODE]);
lock(&ocfs2_quota_ip_alloc_sem_key);
lock(&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]);
*** DEADLOCK ***
3 locks held by syz.0.44/6753:
#0: ffff88802bf78480 (sb_writers#12){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1158
#1: ffff88805e66bdc0 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline]
#1: ffff88805e66bdc0 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: ocfs2_file_write_iter+0x42c/0x1ed0 fs/ocfs2/file.c:2406
#2: ffff88805e66ba10 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_dio_end_io_write fs/ocfs2/aops.c:2297 [inline]
#2: ffff88805e66ba10 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_dio_end_io+0x439/0x1210 fs/ocfs2/aops.c:2403
stack backtrace:
CPU: 1 UID: 0 PID: 6753 Comm: syz.0.44 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
print_circular_bug+0x2e1/0x300 kernel/locking/lockdep.c:2043
check_noncircular+0x12e/0x150 kernel/locking/lockdep.c:2175
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x15a5/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
down_write+0x3a/0x50 kernel/locking/rwsem.c:1590
inode_lock include/linux/fs.h:1028 [inline]
ocfs2_del_inode_from_orphan+0x12e/0x7a0 fs/ocfs2/namei.c:2731
ocfs2_dio_end_io_write fs/ocfs2/aops.c:2305 [inline]
ocfs2_dio_end_io+0x545/0x1210 fs/ocfs2/aops.c:2403
dio_complete+0x25e/0x790 fs/direct-io.c:281
__blockdev_direct_IO+0x2d0e/0x3330 fs/direct-io.c:1303
ocfs2_direct_IO+0x253/0x2c0 fs/ocfs2/aops.c:2440
generic_file_direct_write+0x1dc/0x3e0 mm/filemap.c:4248
__generic_file_write_iter+0x120/0x240 mm/filemap.c:4417
ocfs2_file_write_iter+0x1666/0x1ed0 fs/ocfs2/file.c:2476
iter_file_splice_write+0x9a6/0x10f0 fs/splice.c:736
do_splice_from fs/splice.c:936 [inline]
direct_splice_actor+0x104/0x160 fs/splice.c:1159
splice_direct_to_actor+0x545/0xc80 fs/splice.c:1103
do_splice_direct_actor fs/splice.c:1202 [inline]
do_splice_direct+0x19b/0x2a0 fs/splice.c:1228
do_sendfile+0x547/0x7e0 fs/read_write.c:1372
__do_sys_sendfile64 fs/read_write.c:1433 [inline]
__se_sys_sendfile64+0x144/0x1a0 fs/read_write.c:1419
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8cb2c5bf79
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8cb22b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f8cb2ed5fa0 RCX: 00007f8cb2c5bf79
RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
RBP: 00007f8cb2cf27e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000120fffe82 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8cb2ed6038 R14: 00007f8cb2ed5fa0 R15: 00007ffcf6581c38
</TASK>
Tested on:
commit: 7dff99b3 Remove WARN_ALL_UNSEEDED_RANDOM kernel config..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17a6455a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=cdc0fa200f7ea4d0
dashboard link: https://syzkaller.appspot.com/bug?extid=78359d5fbb04318c35e9
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=17da2152580000
next parent reply other threads:[~2026-02-24 5:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <oh26fpojbfgcs5gljzjz4vaqlqloz7wqnhlmdmlqzwnrvk7uyr@cxa3ek5uiy6t>
2026-02-24 5:46 ` syzbot [this message]
[not found] <a7w3563ajutp2yexhvpwdntif75zuyxn76yezxs7sa5r4fgbzg@ro7v6isoyp4e>
2026-03-02 5:53 ` [syzbot] [ocfs2?] possible deadlock in ocfs2_del_inode_from_orphan syzbot
[not found] <dvzyokzoiuibgprc7aoz5myhf4ml7w44swrwclqnpxwybckjdl@kvmw645tetpv>
2026-02-24 7:00 ` syzbot
[not found] <20260223035943.22844-1-activprithvi@gmail.com>
2026-02-23 4:56 ` syzbot
[not found] <20260223033802.13422-1-activprithvi@gmail.com>
2026-02-23 3:51 ` syzbot
2026-01-06 11:30 Syzbot test for ocfs2: Fix " Prithvi Tambewagh
2026-01-06 11:59 ` [syzbot] [ocfs2?] possible " syzbot
-- strict thread matches above, loose matches on Subject: below --
2024-10-03 2:18 syzbot
2024-12-19 8:16 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=699d3b1a.a00a0220.121a60.00f6.GAE@google.com \
--to=syzbot+78359d5fbb04318c35e9@syzkaller.appspotmail.com \
--cc=heming.zhao@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.