====================================================== WARNING: possible circular locking dependency detected syzkaller #0 Tainted: G L ------------------------------------------------------ syz.2.312/8424 is trying to acquire lock: ffff000108968660 (&oi->ip_alloc_sem){++++}-{4:4}, at: ocfs2_xattr_ibody_find+0x100/0x668 fs/ocfs2/xattr.c:2719 but task is already holding lock: ffff0001089686f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set_handle+0x2a8/0x5e4 fs/ocfs2/xattr.c:3531 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&oi->ip_xattr_sem){++++}-{4:4}: down_read+0x58/0x308 kernel/locking/rwsem.c:1537 ocfs2_xattr_get+0xe8/0x220 fs/ocfs2/xattr.c:1368 ocfs2_xattr_security_get+0x40/0x54 fs/ocfs2/xattr.c:7261 __vfs_getxattr+0x394/0x3c0 fs/xattr.c:423 smk_fetch+0xc4/0x150 security/smack/smack_lsm.c:289 smack_d_instantiate+0x53c/0x7a4 security/smack/smack_lsm.c:3653 security_d_instantiate+0x100/0x204 security/security.c:3601 d_instantiate+0x5c/0xac fs/dcache.c:1999 ocfs2_mknod+0x14fc/0x1cf0 fs/ocfs2/namei.c:454 ocfs2_mkdir+0x178/0x474 fs/ocfs2/namei.c:660 vfs_mkdir+0x408/0x48c fs/namei.c:5130 do_mkdirat+0x238/0x448 fs/namei.c:5164 __do_sys_mkdirat fs/namei.c:5186 [inline] __se_sys_mkdirat fs/namei.c:5184 [inline] __arm64_sys_mkdirat+0x8c/0xa4 fs/namei.c:5184 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}: down_read+0x58/0x308 kernel/locking/rwsem.c:1537 ocfs2_start_trans+0x35c/0x6b0 fs/ocfs2/journal.c:372 ocfs2_local_alloc_slide_window fs/ocfs2/localalloc.c:1254 [inline] ocfs2_reserve_local_alloc_bits+0xb90/0x26a8 fs/ocfs2/localalloc.c:669 ocfs2_reserve_clusters_with_limit+0x198/0x9e0 fs/ocfs2/suballoc.c:1169 ocfs2_reserve_clusters+0x3c/0x50 fs/ocfs2/suballoc.c:1230 ocfs2_mknod+0xbe0/0x1cf0 fs/ocfs2/namei.c:358 ocfs2_mkdir+0x178/0x474 fs/ocfs2/namei.c:660 vfs_mkdir+0x408/0x48c fs/namei.c:5130 do_mkdirat+0x238/0x448 fs/namei.c:5164 __do_sys_mkdirat fs/namei.c:5186 [inline] __se_sys_mkdirat fs/namei.c:5184 [inline] __arm64_sys_mkdirat+0x8c/0xa4 fs/namei.c:5184 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 -> #1 (sb_internal#5){.+.+}-{0:0}: percpu_down_read_internal include/linux/percpu-rwsem.h:53 [inline] percpu_down_read_freezable include/linux/percpu-rwsem.h:83 [inline] __sb_start_write include/linux/fs/super.h:19 [inline] sb_start_intwrite include/linux/fs/super.h:177 [inline] ocfs2_start_trans+0x1f4/0x6b0 fs/ocfs2/journal.c:370 ocfs2_setattr+0xa30/0x1818 fs/ocfs2/file.c:1269 notify_change+0xa0c/0xcb8 fs/attr.c:546 ovl_do_notify_change fs/overlayfs/overlayfs.h:203 [inline] ovl_workdir_create+0x614/0x768 fs/overlayfs/super.c:379 ovl_make_workdir fs/overlayfs/super.c:682 [inline] ovl_get_workdir fs/overlayfs/super.c:840 [inline] ovl_fill_super_creds fs/overlayfs/super.c:1453 [inline] ovl_fill_super+0x13f4/0x4cdc fs/overlayfs/super.c:1567 vfs_get_super fs/super.c:1324 [inline] get_tree_nodev+0xb4/0x144 fs/super.c:1343 ovl_get_tree+0x28/0x38 fs/overlayfs/params.c:708 vfs_get_tree+0x90/0x28c fs/super.c:1751 fc_mount fs/namespace.c:1199 [inline] do_new_mount_fc fs/namespace.c:3636 [inline] do_new_mount+0x284/0x944 fs/namespace.c:3712 path_mount+0x5b4/0xdfc fs/namespace.c:4022 do_mount fs/namespace.c:4035 [inline] __do_sys_mount fs/namespace.c:4224 [inline] __se_sys_mount fs/namespace.c:4201 [inline] __arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4201 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 -> #0 (&oi->ip_alloc_sem){++++}-{4:4}: check_prev_add kernel/locking/lockdep.c:3165 [inline] check_prevs_add kernel/locking/lockdep.c:3284 [inline] validate_chain kernel/locking/lockdep.c:3908 [inline] __lock_acquire+0x1774/0x30a4 kernel/locking/lockdep.c:5237 lock_acquire+0x140/0x2e0 kernel/locking/lockdep.c:5868 down_read+0x58/0x308 kernel/locking/rwsem.c:1537 ocfs2_xattr_ibody_find+0x100/0x668 fs/ocfs2/xattr.c:2719 ocfs2_xattr_set_handle+0x2bc/0x5e4 fs/ocfs2/xattr.c:3533 ocfs2_init_security_set+0xb4/0xd8 fs/ocfs2/xattr.c:7337 ocfs2_mknod+0x104c/0x1cf0 fs/ocfs2/namei.c:423 ocfs2_create+0x178/0x474 fs/ocfs2/namei.c:677 lookup_open fs/namei.c:4440 [inline] open_last_lookups fs/namei.c:4540 [inline] path_openat+0x143c/0x3114 fs/namei.c:4784 do_filp_open+0x18c/0x36c fs/namei.c:4814 do_sys_openat2+0x11c/0x1f0 fs/open.c:1430 do_sys_open fs/open.c:1436 [inline] __do_sys_openat fs/open.c:1452 [inline] __se_sys_openat fs/open.c:1447 [inline] __arm64_sys_openat+0x120/0x158 fs/open.c:1447 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 other info that might help us debug this: Chain exists of: &oi->ip_alloc_sem --> &journal->j_trans_barrier --> &oi->ip_xattr_sem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&oi->ip_xattr_sem); lock(&journal->j_trans_barrier); lock(&oi->ip_xattr_sem); rlock(&oi->ip_alloc_sem); *** DEADLOCK *** 9 locks held by syz.2.312/8424: #0: ffff0000d636e420 (sb_writers#25){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:499 #1: ffff0000f958c2c0 (&type->i_mutex_dir_key#17){++++}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline] #1: ffff0000f958c2c0 (&type->i_mutex_dir_key#17){++++}-{4:4}, at: open_last_lookups fs/namei.c:4537 [inline] #1: ffff0000f958c2c0 (&type->i_mutex_dir_key#17){++++}-{4:4}, at: path_openat+0x868/0x3114 fs/namei.c:4784 #2: ffff0001089642c0 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline] #2: ffff0001089642c0 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x130/0x3ea0 fs/ocfs2/suballoc.c:789 #3: ffff000108963480 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline] #3: ffff000108963480 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x130/0x3ea0 fs/ocfs2/suballoc.c:789 #4: ffff000108965f40 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline] #4: ffff000108965f40 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x104/0x26a8 fs/ocfs2/localalloc.c:636 #5: ffff0000d636e610 (sb_internal#5){.+.+}-{0:0}, at: ocfs2_mknod+0xc30/0x1cf0 fs/ocfs2/namei.c:365 #6: ffff0000d4b7c8e8 (&journal->j_trans_barrier){.+.+}-{4:4}, at: ocfs2_start_trans+0x35c/0x6b0 fs/ocfs2/journal.c:372 #7: ffff0000c6e48950 (jbd2_handle#2){.+.+}-{0:0}, at: start_this_handle+0xe4c/0x10dc fs/jbd2/transaction.c:442 #8: ffff0001089686f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set_handle+0x2a8/0x5e4 fs/ocfs2/xattr.c:3531 stack backtrace: CPU: 0 UID: 0 PID: 8424 Comm: syz.2.312 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 print_circular_bug+0x324/0x32c kernel/locking/lockdep.c:2043 check_noncircular+0x154/0x174 kernel/locking/lockdep.c:2175 check_prev_add kernel/locking/lockdep.c:3165 [inline] check_prevs_add kernel/locking/lockdep.c:3284 [inline] validate_chain kernel/locking/lockdep.c:3908 [inline] __lock_acquire+0x1774/0x30a4 kernel/locking/lockdep.c:5237 lock_acquire+0x140/0x2e0 kernel/locking/lockdep.c:5868 down_read+0x58/0x308 kernel/locking/rwsem.c:1537 ocfs2_xattr_ibody_find+0x100/0x668 fs/ocfs2/xattr.c:2719 ocfs2_xattr_set_handle+0x2bc/0x5e4 fs/ocfs2/xattr.c:3533 ocfs2_init_security_set+0xb4/0xd8 fs/ocfs2/xattr.c:7337 ocfs2_mknod+0x104c/0x1cf0 fs/ocfs2/namei.c:423 ocfs2_create+0x178/0x474 fs/ocfs2/namei.c:677 lookup_open fs/namei.c:4440 [inline] open_last_lookups fs/namei.c:4540 [inline] path_openat+0x143c/0x3114 fs/namei.c:4784 do_filp_open+0x18c/0x36c fs/namei.c:4814 do_sys_openat2+0x11c/0x1f0 fs/open.c:1430 do_sys_open fs/open.c:1436 [inline] __do_sys_openat fs/open.c:1452 [inline] __se_sys_openat fs/open.c:1447 [inline] __arm64_sys_openat+0x120/0x158 fs/open.c:1447 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596