======================================================
WARNING: possible circular locking dependency detected
6.14.0-syzkaller-03576-g1e1ba8d23dae #0 Not tainted
------------------------------------------------------
syz.4.288/8709 is trying to acquire lock:
ffff888050abea20 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_lock_global_qf+0x23f/0x2c0 fs/ocfs2/quota_global.c:314

but task is already holding lock:
ffff888050abed80 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:867 [inline]
ffff888050abed80 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{4:4}, at: ocfs2_lock_global_qf+0x21c/0x2c0 fs/ocfs2/quota_global.c:313

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #7 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{4:4}:
       lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
       down_write+0x9c/0x220 kernel/locking/rwsem.c:1577
       inode_lock include/linux/fs.h:867 [inline]
       ocfs2_lock_global_qf+0x21c/0x2c0 fs/ocfs2/quota_global.c:313
       ocfs2_acquire_dquot+0x2ae/0xb80 fs/ocfs2/quota_global.c:828
       dqget+0x770/0xeb0 fs/quota/dquot.c:977
       __dquot_initialize+0x335/0xfc0 fs/quota/dquot.c:1505
       ocfs2_get_init_inode+0x15a/0x1d0 fs/ocfs2/namei.c:202
       ocfs2_mknod+0xcfe/0x2b30 fs/ocfs2/namei.c:310
       ocfs2_create+0x1ad/0x480 fs/ocfs2/namei.c:673
       lookup_open fs/namei.c:3666 [inline]
       open_last_lookups fs/namei.c:3765 [inline]
       path_openat+0x194b/0x35d0 fs/namei.c:4001
       do_filp_open+0x284/0x4e0 fs/namei.c:4031
       do_sys_openat2+0x12b/0x1d0 fs/open.c:1429
       do_sys_open fs/open.c:1444 [inline]
       __do_sys_openat fs/open.c:1460 [inline]
       __se_sys_openat fs/open.c:1455 [inline]
       __x64_sys_openat+0x249/0x2a0 fs/open.c:1455
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #6 (&dquot->dq_lock){+.+.}-{4:4}:
       lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
       __mutex_lock_common kernel/locking/mutex.c:587 [inline]
       __mutex_lock+0x1bf/0x1000 kernel/locking/mutex.c:732
       wait_on_dquot fs/quota/dquot.c:354 [inline]
       dqget+0x6e6/0xeb0 fs/quota/dquot.c:972
       dquot_transfer+0x4a8/0x6f0 fs/quota/dquot.c:2154
       ext4_setattr+0xb4a/0x1da0 fs/ext4/inode.c:5405
       notify_change+0xbca/0xe90 fs/attr.c:552
       chown_common+0x503/0x850 fs/open.c:782
       vfs_fchown fs/open.c:850 [inline]
       ksys_fchown+0xe2/0x150 fs/open.c:862
       __do_sys_fchown fs/open.c:867 [inline]
       __se_sys_fchown fs/open.c:865 [inline]
       __x64_sys_fchown+0x7a/0x90 fs/open.c:865
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #5 (&ei->xattr_sem){++++}-{4:4}:
       lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
       down_write+0x9c/0x220 kernel/locking/rwsem.c:1577
       ext4_write_lock_xattr fs/ext4/xattr.h:154 [inline]
       ext4_xattr_set_handle+0x281/0x1790 fs/ext4/xattr.c:2373
       ext4_initxattrs+0xa3/0x120 fs/ext4/xattr_security.c:44
       security_inode_init_security+0x29a/0x490 security/security.c:1852
       __ext4_new_inode+0x396a/0x4720 fs/ext4/ialloc.c:1324
       ext4_create+0x278/0x550 fs/ext4/namei.c:2841
       lookup_open fs/namei.c:3666 [inline]
       open_last_lookups fs/namei.c:3765 [inline]
       path_openat+0x194b/0x35d0 fs/namei.c:4001
       do_filp_open+0x284/0x4e0 fs/namei.c:4031
       do_sys_openat2+0x12b/0x1d0 fs/open.c:1429
       do_sys_open fs/open.c:1444 [inline]
       __do_sys_openat fs/open.c:1460 [inline]
       __se_sys_openat fs/open.c:1455 [inline]
       __x64_sys_openat+0x249/0x2a0 fs/open.c:1455
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #4 (jbd2_handle){++++}-{0:0}:
       lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
       start_this_handle+0x1f30/0x21e0 fs/jbd2/transaction.c:448
       jbd2__journal_start+0x2da/0x5d0 fs/jbd2/transaction.c:505
       jbd2_journal_start+0x29/0x40 fs/jbd2/transaction.c:544
       ocfs2_start_trans+0x3cd/0x710 fs/ocfs2/journal.c:352
       ocfs2_block_group_alloc fs/ocfs2/suballoc.c:685 [inline]
       ocfs2_reserve_suballoc_bits+0xa54/0x4f30 fs/ocfs2/suballoc.c:832
       ocfs2_reserve_new_metadata_blocks+0x41c/0x9b0 fs/ocfs2/suballoc.c:982
       ocfs2_expand_inline_dir fs/ocfs2/dir.c:2837 [inline]
       ocfs2_extend_dir+0xdfb/0x51b0 fs/ocfs2/dir.c:3199
       ocfs2_prepare_dir_for_insert+0x36af/0x5fc0 fs/ocfs2/dir.c:4304
       ocfs2_mknod+0xcb3/0x2b30 fs/ocfs2/namei.c:294
       vfs_mknod+0x36d/0x3b0 fs/namei.c:4193
       do_mknodat+0x473/0x600 fs/namei.c:-1
       __do_sys_mknod fs/namei.c:4276 [inline]
       __se_sys_mknod fs/namei.c:4274 [inline]
       __x64_sys_mknod+0x8c/0xa0 fs/namei.c:4274
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #3 (&journal->j_trans_barrier){.+.+}-{4:4}:
       lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
       down_read+0xb3/0xae0 kernel/locking/rwsem.c:1524
       ocfs2_start_trans+0x3c2/0x710 fs/ocfs2/journal.c:350
       ocfs2_block_group_alloc fs/ocfs2/suballoc.c:685 [inline]
       ocfs2_reserve_suballoc_bits+0xa54/0x4f30 fs/ocfs2/suballoc.c:832
       ocfs2_reserve_new_metadata_blocks+0x41c/0x9b0 fs/ocfs2/suballoc.c:982
       ocfs2_expand_inline_dir fs/ocfs2/dir.c:2837 [inline]
       ocfs2_extend_dir+0xdfb/0x51b0 fs/ocfs2/dir.c:3199
       ocfs2_prepare_dir_for_insert+0x36af/0x5fc0 fs/ocfs2/dir.c:4304
       ocfs2_mknod+0xcb3/0x2b30 fs/ocfs2/namei.c:294
       vfs_mknod+0x36d/0x3b0 fs/namei.c:4193
       do_mknodat+0x473/0x600 fs/namei.c:-1
       __do_sys_mknod fs/namei.c:4276 [inline]
       __se_sys_mknod fs/namei.c:4274 [inline]
       __x64_sys_mknod+0x8c/0xa0 fs/namei.c:4274
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #2 (sb_internal#4){.+.+}-{0:0}:
       lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
       percpu_down_read include/linux/percpu-rwsem.h:52 [inline]
       __sb_start_write include/linux/fs.h:1775 [inline]
       sb_start_intwrite include/linux/fs.h:1958 [inline]
       ocfs2_start_trans+0x2bd/0x710 fs/ocfs2/journal.c:348
       ocfs2_xattr_free_block fs/ocfs2/xattr.c:2533 [inline]
       ocfs2_xattr_remove+0xb2f/0x18d0 fs/ocfs2/xattr.c:2600
       ocfs2_wipe_inode fs/ocfs2/inode.c:820 [inline]
       ocfs2_delete_inode fs/ocfs2/inode.c:1093 [inline]
       ocfs2_evict_inode+0x157a/0x47c0 fs/ocfs2/inode.c:1230
       evict+0x4f9/0x9b0 fs/inode.c:810
       do_unlinkat+0x4a6/0x7b0 fs/namei.c:4615
       __do_sys_unlink fs/namei.c:4654 [inline]
       __se_sys_unlink fs/namei.c:4652 [inline]
       __x64_sys_unlink+0x47/0x50 fs/namei.c:4652
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{4:4}:
       lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
       down_write+0x9c/0x220 kernel/locking/rwsem.c:1577
       inode_lock include/linux/fs.h:867 [inline]
       ocfs2_reserve_suballoc_bits+0x18d/0x4f30 fs/ocfs2/suballoc.c:786
       ocfs2_reserve_new_metadata_blocks+0x41c/0x9b0 fs/ocfs2/suballoc.c:982
       ocfs2_reserve_new_metadata fs/ocfs2/suballoc.c:1025 [inline]
       ocfs2_lock_allocators+0x2d8/0x680 fs/ocfs2/suballoc.c:2735
       ocfs2_extend_allocation+0x4ef/0x1bf0 fs/ocfs2/file.c:589
       ocfs2_allocate_unwritten_extents+0x388/0xa00 fs/ocfs2/file.c:1496
       __ocfs2_change_file_space+0x981/0xfd0 fs/ocfs2/file.c:2023
       ocfs2_fallocate+0x2e8/0x350 fs/ocfs2/file.c:2138
       vfs_fallocate+0x627/0x7a0 fs/open.c:338
       ksys_fallocate fs/open.c:362 [inline]
       __do_sys_fallocate fs/open.c:367 [inline]
       __se_sys_fallocate fs/open.c:365 [inline]
       __x64_sys_fallocate+0xbc/0x110 fs/open.c:365
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3166 [inline]
       check_prevs_add kernel/locking/lockdep.c:3285 [inline]
       validate_chain+0xa69/0x24e0 kernel/locking/lockdep.c:3909
       __lock_acquire+0xad5/0xd80 kernel/locking/lockdep.c:5235
       lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
       down_write+0x9c/0x220 kernel/locking/rwsem.c:1577
       ocfs2_lock_global_qf+0x23f/0x2c0 fs/ocfs2/quota_global.c:314
       ocfs2_acquire_dquot+0x2ae/0xb80 fs/ocfs2/quota_global.c:828
       dqget+0x770/0xeb0 fs/quota/dquot.c:977
       __dquot_initialize+0x335/0xfc0 fs/quota/dquot.c:1505
       ocfs2_get_init_inode+0x15a/0x1d0 fs/ocfs2/namei.c:202
       ocfs2_mknod+0xcfe/0x2b30 fs/ocfs2/namei.c:310
       ocfs2_create+0x1ad/0x480 fs/ocfs2/namei.c:673
       lookup_open fs/namei.c:3666 [inline]
       open_last_lookups fs/namei.c:3765 [inline]
       path_openat+0x194b/0x35d0 fs/namei.c:4001
       do_filp_open+0x284/0x4e0 fs/namei.c:4031
       do_sys_openat2+0x12b/0x1d0 fs/open.c:1429
       do_sys_open fs/open.c:1444 [inline]
       __do_sys_openat fs/open.c:1460 [inline]
       __se_sys_openat fs/open.c:1455 [inline]
       __x64_sys_openat+0x249/0x2a0 fs/open.c:1455
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  &ocfs2_quota_ip_alloc_sem_key --> &dquot->dq_lock --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7);
                               lock(&dquot->dq_lock);
                               lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7);
  lock(&ocfs2_quota_ip_alloc_sem_key);

 *** DEADLOCK ***

5 locks held by syz.4.288/8709:
 #0: ffff88805305a420 (sb_writers#20){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:556
 #1: ffff888050ab9800 (&type->i_mutex_dir_key#14){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:867 [inline]
 #1: ffff888050ab9800 (&type->i_mutex_dir_key#14){+.+.}-{4:4}, at: open_last_lookups fs/namei.c:3762 [inline]
 #1: ffff888050ab9800 (&type->i_mutex_dir_key#14){+.+.}-{4:4}, at: path_openat+0x8af/0x35d0 fs/namei.c:4001
 #2: ffff888050acb480 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:867 [inline]
 #2: ffff888050acb480 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x18d/0x4f30 fs/ocfs2/suballoc.c:786
 #3: ffff888050af00a8 (&dquot->dq_lock){+.+.}-{4:4}, at: ocfs2_acquire_dquot+0x2a1/0xb80 fs/ocfs2/quota_global.c:823
 #4: ffff888050abed80 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:867 [inline]
 #4: ffff888050abed80 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{4:4}, at: ocfs2_lock_global_qf+0x21c/0x2c0 fs/ocfs2/quota_global.c:313

stack backtrace:
CPU: 1 UID: 0 PID: 8709 Comm: syz.4.288 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_circular_bug+0x2e1/0x300 kernel/locking/lockdep.c:2079
 check_noncircular+0x142/0x160 kernel/locking/lockdep.c:2211
 check_prev_add kernel/locking/lockdep.c:3166 [inline]
 check_prevs_add kernel/locking/lockdep.c:3285 [inline]
 validate_chain+0xa69/0x24e0 kernel/locking/lockdep.c:3909
 __lock_acquire+0xad5/0xd80 kernel/locking/lockdep.c:5235
 lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
 down_write+0x9c/0x220 kernel/locking/rwsem.c:1577
 ocfs2_lock_global_qf+0x23f/0x2c0 fs/ocfs2/quota_global.c:314
 ocfs2_acquire_dquot+0x2ae/0xb80 fs/ocfs2/quota_global.c:828
 dqget+0x770/0xeb0 fs/quota/dquot.c:977
 __dquot_initialize+0x335/0xfc0 fs/quota/dquot.c:1505
 ocfs2_get_init_inode+0x15a/0x1d0 fs/ocfs2/namei.c:202
 ocfs2_mknod+0xcfe/0x2b30 fs/ocfs2/namei.c:310
 ocfs2_create+0x1ad/0x480 fs/ocfs2/namei.c:673
 lookup_open fs/namei.c:3666 [inline]
 open_last_lookups fs/namei.c:3765 [inline]
 path_openat+0x194b/0x35d0 fs/namei.c:4001
 do_filp_open+0x284/0x4e0 fs/namei.c:4031
 do_sys_openat2+0x12b/0x1d0 fs/open.c:1429
 do_sys_open fs/open.c:1444 [inline]
 __do_sys_openat fs/open.c:1460 [inline]
 __se_sys_openat fs/open.c:1455 [inline]
 __x64_sys_openat+0x249/0x2a0 fs/open.c:1455
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3104f8d169
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3105d9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f31051a5fa0 RCX: 00007f3104f8d169
RDX: 0000000000183341 RSI: 0000200000000080 RDI: ffffffffffffff9c
RBP: 00007f310500e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f31051a5fa0 R15: 00007ffca81487d8
 </TASK>