JBD2: Ignoring recovery information on journal ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. loop0: detected capacity change from 0 to 512 ====================================================== WARNING: possible circular locking dependency detected 6.12.0-rc6 #1 Not tainted ------------------------------------------------------ syz.6.101/4836 is trying to acquire lock: ff110001317e5be0 (&oi->ip_alloc_sem){++++}-{3:3}, at: ocfs2_try_remove_refcount_tree+0xa6/0x310 fs/ocfs2/refcounttree.c:932 but task is already holding lock: loop7: detected capacity change from 0 to 32768 ff110001317e5c78 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_try_remove_refcount_tree+0x9e/0x310 fs/ocfs2/refcounttree.c:931 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&oi->ip_xattr_sem){++++}-{3:3}: down_read+0x9a/0x320 kernel/locking/rwsem.c:1524 ocfs2_init_acl+0x2f7/0x7d0 fs/ocfs2/acl.c:366 ocfs2_mknod+0xdac/0x24c0 fs/ocfs2/namei.c:408 ocfs2_create+0x167/0x420 fs/ocfs2/namei.c:672 lookup_open.isra.0+0x106e/0x1450 fs/namei.c:3595 open_last_lookups fs/namei.c:3694 [inline] path_openat+0xcb9/0x2940 fs/namei.c:3930 do_filp_open+0x1c7/0x410 fs/namei.c:3960 do_sys_openat2+0x164/0x1d0 fs/open.c:1415 do_sys_open fs/open.c:1430 [inline] __do_sys_creat fs/open.c:1508 [inline] __se_sys_creat fs/open.c:1502 [inline] __x64_sys_creat+0xcd/0x120 fs/open.c:1502 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #2 (jbd2_handle){++++}-{0:0}: jbd2_journal_lock_updates+0xa5/0x310 fs/jbd2/transaction.c:865 __ocfs2_flush_truncate_log+0x27d/0x11d0 fs/ocfs2/alloc.c:6029 ocfs2_flush_truncate_log+0x4d/0x70 fs/ocfs2/alloc.c:6076 ocfs2_sync_fs+0x1ca/0x3d0 fs/ocfs2/super.c:402 sync_filesystem+0x1d3/0x2a0 fs/sync.c:66 generic_shutdown_super+0x84/0x4f0 fs/super.c:621 kill_block_super+0x3b/0x90 fs/super.c:1710 deactivate_locked_super+0xbc/0x1a0 fs/super.c:473 deactivate_super+0xb1/0xd0 fs/super.c:506 cleanup_mnt+0x2df/0x430 fs/namespace.c:1373 task_work_run+0x169/0x260 kernel/task_work.c:239 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x1d0/0x1e0 kernel/entry/common.c:218 do_syscall_64+0xce/0x1d0 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}: down_write+0x92/0x1f0 kernel/locking/rwsem.c:1577 inode_lock include/linux/fs.h:815 [inline] ocfs2_remove_btree_range+0x318/0x1710 fs/ocfs2/alloc.c:5742 ocfs2_commit_truncate+0x6da/0x1b30 fs/ocfs2/alloc.c:7353 ocfs2_truncate_file+0x47d/0x17d0 fs/ocfs2/file.c:509 ocfs2_setattr+0x140c/0x2320 fs/ocfs2/file.c:1212 notify_change+0x6d3/0x1270 fs/attr.c:503 do_truncate+0x143/0x200 fs/open.c:65 handle_truncate fs/namei.c:3395 [inline] do_open fs/namei.c:3778 [inline] path_openat+0x22a6/0x2940 fs/namei.c:3933 do_filp_open+0x1c7/0x410 fs/namei.c:3960 do_sys_openat2+0x164/0x1d0 fs/open.c:1415 do_sys_open fs/open.c:1430 [inline] __do_sys_creat fs/open.c:1508 [inline] __se_sys_creat fs/open.c:1502 [inline] __x64_sys_creat+0xcd/0x120 fs/open.c:1502 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&oi->ip_alloc_sem){++++}-{3:3}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2381/0x3a20 kernel/locking/lockdep.c:5202 lock_acquire kernel/locking/lockdep.c:5825 [inline] lock_acquire+0x19d/0x530 kernel/locking/lockdep.c:5790 down_write+0x92/0x1f0 kernel/locking/rwsem.c:1577 ocfs2_try_remove_refcount_tree+0xa6/0x310 fs/ocfs2/refcounttree.c:932 ocfs2_truncate_file+0x9c7/0x17d0 fs/ocfs2/file.c:521 ocfs2_setattr+0x140c/0x2320 fs/ocfs2/file.c:1212 notify_change+0x6d3/0x1270 fs/attr.c:503 do_truncate+0x143/0x200 fs/open.c:65 handle_truncate fs/namei.c:3395 [inline] do_open fs/namei.c:3778 [inline] path_openat+0x22a6/0x2940 fs/namei.c:3933 do_filp_open+0x1c7/0x410 fs/namei.c:3960 do_sys_openat2+0x164/0x1d0 fs/open.c:1415 do_sys_open fs/open.c:1430 [inline] __do_sys_creat fs/open.c:1508 [inline] __se_sys_creat fs/open.c:1502 [inline] __x64_sys_creat+0xcd/0x120 fs/open.c:1502 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Chain exists of: &oi->ip_alloc_sem --> jbd2_handle --> &oi->ip_xattr_sem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&oi->ip_xattr_sem); lock(jbd2_handle); lock(&oi->ip_xattr_sem); lock(&oi->ip_alloc_sem); *** DEADLOCK *** 3 locks held by syz.6.101/4836: #0: ff110001673bc3f8 (sb_writers#22){.+.+}-{0:0}, at: do_open fs/namei.c:3767 [inline] #0: ff110001673bc3f8 (sb_writers#22){.+.+}-{0:0}, at: path_openat+0x117d/0x2940 fs/namei.c:3933 #1: ff110001317e5f40 (&sb->s_type->i_mutex_key#23){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline] #1: ff110001317e5f40 (&sb->s_type->i_mutex_key#23){+.+.}-{3:3}, at: do_truncate+0x131/0x200 fs/open.c:63 #2: ff110001317e5c78 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_try_remove_refcount_tree+0x9e/0x310 fs/ocfs2/refcounttree.c:931 stack backtrace: CPU: 0 UID: 0 PID: 4836 Comm: syz.6.101 Not tainted 6.12.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xca/0x120 lib/dump_stack.c:120 print_circular_bug+0x53f/0x820 kernel/locking/lockdep.c:2074 check_noncircular+0x2f9/0x3e0 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2381/0x3a20 kernel/locking/lockdep.c:5202 lock_acquire kernel/locking/lockdep.c:5825 [inline] lock_acquire+0x19d/0x530 kernel/locking/lockdep.c:5790 down_write+0x92/0x1f0 kernel/locking/rwsem.c:1577 ocfs2_try_remove_refcount_tree+0xa6/0x310 fs/ocfs2/refcounttree.c:932 ocfs2_truncate_file+0x9c7/0x17d0 fs/ocfs2/file.c:521 ocfs2_setattr+0x140c/0x2320 fs/ocfs2/file.c:1212 notify_change+0x6d3/0x1270 fs/attr.c:503 do_truncate+0x143/0x200 fs/open.c:65 handle_truncate fs/namei.c:3395 [inline] do_open fs/namei.c:3778 [inline] path_openat+0x22a6/0x2940 fs/namei.c:3933 do_filp_open+0x1c7/0x410 fs/namei.c:3960 do_sys_openat2+0x164/0x1d0 fs/open.c:1415 do_sys_open fs/open.c:1430 [inline] __do_sys_creat fs/open.c:1508 [inline] __se_sys_creat fs/open.c:1502 [inline] __x64_sys_creat+0xcd/0x120 fs/open.c:1502 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fa562f3b39d Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa561b8eb78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 RAX: ffffffffffffffda RBX: 00007fa5630f3f80 RCX: 00007fa562f3b39d RDX: 0000000000000000 RSI: 0000000000000100 RDI: 0000000020000100 RBP: 00007fa562fb0584 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fa5630f3f80 R15: 00007fa561b8ed40 XFS (loop7): Mounting V5 Filesystem 41ca08f1-94d2-48aa-bd9e-c0e7c187d3a2 loop0: detected capacity change from 0 to 2048 UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) XFS (loop7): Metadata CRC error detected at xfs_agf_read_verify+0x211/0x270 fs/xfs/libxfs/xfs_alloc.c:3318, xfs_agf block 0x1 XFS (loop7): Unmount and run xfs_repair XFS (loop7): First 128 bytes of corrupted metadata buffer: 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 10 00 XAGF............ 00000010: 00 00 00 3f 00 00 00 02 00 00 00 04 00 00 00 01 ...?............ 00000020: 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 06 ................ 00000030: 00 00 00 06 00 00 0c cf 00 00 0c ca 00 00 00 00 ................ 00000040: 41 ca 08 f1 94 d2 48 aa bd 9e c0 e7 c1 87 d3 a2 A.....H......... 00000050: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ XFS (loop7): metadata I/O error in "xfs_read_agf+0x252/0x550" at daddr 0x1 len 1 error 74 XFS (loop7): Error -117 reserving per-AG metadata reserve pool. XFS (loop7): Corruption of in-memory data (0x8) detected at xfs_fs_reserve_ag_blocks+0x1dc/0x210 fs/xfs/xfs_fsops.c:546 (fs/xfs/xfs_fsops.c:546). Shutting down filesystem. XFS (loop7): Please unmount the filesystem and rectify the problem(s) XFS (loop7): Ending clean mount SELinux: (dev loop7, type xfs) getxattr errno 5 XFS (loop7): Unmounting Filesystem 41ca08f1-94d2-48aa-bd9e-c0e7c187d3a2 EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. (syz.6.101,4836,1):ocfs2_dio_end_io:2423 ERROR: Direct IO failed, bytes = -4 ocfs2: Unmounting device (7,6) on (node local)