ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. loop1: detected capacity change from 0 to 128 hpfs: Bad magic ... probably not HPFS ====================================================== WARNING: possible circular locking dependency detected 6.12.0-rc6 #1 Not tainted ------------------------------------------------------ syz.0.36/4078 is trying to acquire lock: ff11000104144e38 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_init_acl+0x2f7/0x7d0 fs/ocfs2/acl.c:366 but task is already holding lock: ff1100011ead2958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe55/0x1300 fs/jbd2/transaction.c:448 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #4 (jbd2_handle){++++}-{0:0}: start_this_handle+0xe5b/0x1300 fs/jbd2/transaction.c:448 jbd2__journal_start+0x394/0x6a0 fs/jbd2/transaction.c:505 jbd2_journal_start+0x2c/0x40 fs/jbd2/transaction.c:544 ocfs2_start_trans+0x3ba/0x960 fs/ocfs2/journal.c:352 ocfs2_symlink+0xd43/0x36e0 fs/ocfs2/namei.c:1926 vfs_symlink fs/namei.c:4615 [inline] vfs_symlink+0x3f7/0x670 fs/namei.c:4599 do_symlinkat+0x145/0x2a0 fs/namei.c:4641 __do_sys_symlink fs/namei.c:4662 [inline] __se_sys_symlink fs/namei.c:4660 [inline] __x64_sys_symlink+0x75/0x90 fs/namei.c:4660 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #3 (&journal->j_trans_barrier){.+.+}-{3:3}: down_read+0x9a/0x320 kernel/locking/rwsem.c:1524 ocfs2_start_trans+0x3af/0x960 fs/ocfs2/journal.c:350 ocfs2_symlink+0xd43/0x36e0 fs/ocfs2/namei.c:1926 vfs_symlink fs/namei.c:4615 [inline] vfs_symlink+0x3f7/0x670 fs/namei.c:4599 do_symlinkat+0x145/0x2a0 fs/namei.c:4641 __do_sys_symlink fs/namei.c:4662 [inline] __se_sys_symlink fs/namei.c:4660 [inline] __x64_sys_symlink+0x75/0x90 fs/namei.c:4660 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #2 (sb_internal#2){.+.+}-{0:0}: percpu_down_read include/linux/percpu-rwsem.h:51 [inline] __sb_start_write include/linux/fs.h:1716 [inline] sb_start_intwrite include/linux/fs.h:1899 [inline] ocfs2_start_trans+0x2a8/0x960 fs/ocfs2/journal.c:348 ocfs2_xattr_set+0x162e/0x27b0 fs/ocfs2/xattr.c:3644 ocfs2_xattr_user_set+0xbd/0x100 fs/ocfs2/xattr.c:7373 __vfs_setxattr+0x173/0x1e0 fs/xattr.c:200 __vfs_setxattr_noperm+0x129/0x670 fs/xattr.c:234 __vfs_setxattr_locked+0x1d7/0x260 fs/xattr.c:295 vfs_setxattr+0x143/0x360 fs/xattr.c:321 do_setxattr+0x171/0x1e0 fs/xattr.c:629 path_setxattr+0x209/0x260 fs/xattr.c:658 __do_sys_setxattr fs/xattr.c:676 [inline] __se_sys_setxattr fs/xattr.c:672 [inline] __x64_sys_setxattr+0xc4/0x160 fs/xattr.c:672 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}: down_write+0x92/0x1f0 kernel/locking/rwsem.c:1577 inode_lock include/linux/fs.h:815 [inline] ocfs2_reserve_suballoc_bits+0x119/0x4300 fs/ocfs2/suballoc.c:786 ocfs2_reserve_new_metadata_blocks+0x5c0/0xb50 fs/ocfs2/suballoc.c:982 ocfs2_init_xattr_set_ctxt fs/ocfs2/xattr.c:3278 [inline] ocfs2_xattr_set+0x1ada/0x27b0 fs/ocfs2/xattr.c:3635 ocfs2_xattr_user_set+0xbd/0x100 fs/ocfs2/xattr.c:7373 __vfs_setxattr+0x173/0x1e0 fs/xattr.c:200 __vfs_setxattr_noperm+0x129/0x670 fs/xattr.c:234 __vfs_setxattr_locked+0x1d7/0x260 fs/xattr.c:295 vfs_setxattr+0x143/0x360 fs/xattr.c:321 do_setxattr+0x171/0x1e0 fs/xattr.c:629 path_setxattr+0x209/0x260 fs/xattr.c:658 __do_sys_setxattr fs/xattr.c:676 [inline] __se_sys_setxattr fs/xattr.c:672 [inline] __x64_sys_setxattr+0xc4/0x160 fs/xattr.c:672 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&oi->ip_xattr_sem){++++}-{3:3}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2381/0x3a20 kernel/locking/lockdep.c:5202 lock_acquire kernel/locking/lockdep.c:5825 [inline] lock_acquire+0x19d/0x530 kernel/locking/lockdep.c:5790 down_read+0x9a/0x320 kernel/locking/rwsem.c:1524 ocfs2_init_acl+0x2f7/0x7d0 fs/ocfs2/acl.c:366 ocfs2_mknod+0xdac/0x24c0 fs/ocfs2/namei.c:408 ocfs2_create+0x167/0x420 fs/ocfs2/namei.c:672 lookup_open.isra.0+0x106e/0x1450 fs/namei.c:3595 open_last_lookups fs/namei.c:3694 [inline] path_openat+0xcb9/0x2940 fs/namei.c:3930 do_filp_open+0x1c7/0x410 fs/namei.c:3960 do_sys_openat2+0x164/0x1d0 fs/open.c:1415 do_sys_open fs/open.c:1430 [inline] __do_sys_openat fs/open.c:1446 [inline] __se_sys_openat fs/open.c:1441 [inline] __x64_sys_openat+0x140/0x1f0 fs/open.c:1441 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Chain exists of: &oi->ip_xattr_sem --> &journal->j_trans_barrier --> jbd2_handle Possible unsafe locking scenario: CPU0 CPU1 ---- ---- rlock(jbd2_handle); lock(&journal->j_trans_barrier); lock(jbd2_handle); rlock(&oi->ip_xattr_sem); *** DEADLOCK *** 8 locks held by syz.0.36/4078: #0: ff1100011993a3f8 (sb_writers#19){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3683 [inline] #0: ff1100011993a3f8 (sb_writers#19){.+.+}-{0:0}, at: path_openat+0x1d77/0x2940 fs/namei.c:3930 #1: ff11000104145100 (&type->i_mutex_dir_key#10){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline] #1: ff11000104145100 (&type->i_mutex_dir_key#10){+.+.}-{3:3}, at: open_last_lookups fs/namei.c:3691 [inline] #1: ff11000104145100 (&type->i_mutex_dir_key#10){+.+.}-{3:3}, at: path_openat+0xc50/0x2940 fs/namei.c:3930 #2: ff1100010075d100 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline] #2: ff1100010075d100 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x119/0x4300 fs/ocfs2/suballoc.c:786 #3: ff1100010075c2c0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline] #3: ff1100010075c2c0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x119/0x4300 fs/ocfs2/suballoc.c:786 #4: ff1100010075ed80 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline] #4: ff1100010075ed80 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}, at: ocfs2_reserve_local_alloc_bits+0xee/0xa10 fs/ocfs2/localalloc.c:636 #5: ff1100011993a5e8 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_mknod+0xc70/0x24c0 fs/ocfs2/namei.c:359 #6: ff1100011d70c8e8 (&journal->j_trans_barrier){.+.+}-{3:3}, at: ocfs2_start_trans+0x3af/0x960 fs/ocfs2/journal.c:350 #7: ff1100011ead2958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe55/0x1300 fs/jbd2/transaction.c:448 stack backtrace: CPU: 1 UID: 0 PID: 4078 Comm: syz.0.36 Not tainted 6.12.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xca/0x120 lib/dump_stack.c:120 print_circular_bug+0x53f/0x820 kernel/locking/lockdep.c:2074 check_noncircular+0x2f9/0x3e0 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2381/0x3a20 kernel/locking/lockdep.c:5202 lock_acquire kernel/locking/lockdep.c:5825 [inline] lock_acquire+0x19d/0x530 kernel/locking/lockdep.c:5790 down_read+0x9a/0x320 kernel/locking/rwsem.c:1524 ocfs2_init_acl+0x2f7/0x7d0 fs/ocfs2/acl.c:366 ocfs2_mknod+0xdac/0x24c0 fs/ocfs2/namei.c:408 ocfs2_create+0x167/0x420 fs/ocfs2/namei.c:672 lookup_open.isra.0+0x106e/0x1450 fs/namei.c:3595 open_last_lookups fs/namei.c:3694 [inline] path_openat+0xcb9/0x2940 fs/namei.c:3930 do_filp_open+0x1c7/0x410 fs/namei.c:3960 do_sys_openat2+0x164/0x1d0 fs/open.c:1415 do_sys_open fs/open.c:1430 [inline] __do_sys_openat fs/open.c:1446 [inline] __se_sys_openat fs/open.c:1441 [inline] __x64_sys_openat+0x140/0x1f0 fs/open.c:1441 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff28e25739d Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff28ceaab78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007ff28e40ff80 RCX: 00007ff28e25739d RDX: 0000000000000042 RSI: 0000000020000040 RDI: ffffffffffffff9c RBP: 00007ff28e2cc584 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000000001ff R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007ff28e40ff80 R15: 00007ff28ceaad40 UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list loop1: detected capacity change from 0 to 65536 XFS (loop1): Deprecated V4 format (crc=0) will not be supported after September 2030. XFS (loop1): Mounting V4 Filesystem 86ecfda0-089a-461f-b078-1b43afedebc1 loop2: detected capacity change from 0 to 32768 XFS (loop1): Ending clean mount xfs filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff) ocfs2: Unmounting device (7,0) on (node local) loop2: detected capacity change from 0 to 8192 REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal REISERFS (device loop2): using ordered data mode reiserfs: using flush barriers REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop2): checking transaction log (loop2) REISERFS warning: reiserfs-5086 is_leaf: item location seems wrong (second one): *3.6* [1 2 0x0 SD], item_len 3, item_location 4052, free_space(entry_count) 0 REISERFS error (device loop2): vs-5150 search_by_key: invalid format found in block 531. Fsck? REISERFS (device loop2): Remounting filesystem read-only REISERFS error (device loop2): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] audit: type=1400 audit(1736229268.030:8): avc: denied { open } for pid=4102 comm="syz.2.41" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 XFS (loop1): Unmounting Filesystem 86ecfda0-089a-461f-b078-1b43afedebc1 audit: type=1400 audit(1736229268.031:9): avc: denied { kernel } for pid=4102 comm="syz.2.41" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 loop7: detected capacity change from 0 to 131072 XFS (loop7): Mounting V5 Filesystem 22c32dcc-57bc-4919-aeb7-102e166434d7 XFS (loop7): Ending clean mount loop4: detected capacity change from 0 to 4096 loop4: detected capacity change from 0 to 732 fuse: Bad value for 'fd' 9pnet_fd: Insufficient options for proto=fd ISOFS: unable to read i-node block XFS (loop7): Unmounting Filesystem 22c32dcc-57bc-4919-aeb7-102e166434d7