From nobody Sun Feb 8 19:25:33 2026 Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com [209.85.218.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 692261D86DC for ; Sat, 27 Dec 2025 17:43:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766857385; cv=none; b=ceG/rbIxZF5JvYzeIIxnORgXQbJX5b7uuDnhJ4oY9tKtNTyUI9oJuAmuKdMUVws7z2XNEDmOBE4VTRBAoOBjhSQqu85mKQaThvpL3Z62Lcb4XaH0b5lFu5qhRBM9d348KJVnp277/rRukSkbzOkQzi1JdaiM9rTgE4EJbfJn7WI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766857385; c=relaxed/simple; bh=arJLIS3xL8O652kOhXAYNqd+jf5P514t+/AfZWo/zI8=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=UikXqj4mEbaEZL1dEAVYHOXDMgD/LOcF6GyXutwHYyVvrSAjJYtP0x3dF17/75ORPDXOrAfT2skH2K6snSOVEfy8J7l0ycW036XYeQ0jYgsCiNWnipOMYw9yWrLODJh2zx0UC7D/feN7yZ9NmzyJOTXQW+R+bXuKmR54ffnFtss= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=TVPy6JPQ; arc=none smtp.client-ip=209.85.218.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TVPy6JPQ" Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-b73a9592fb8so1521594866b.1 for ; Sat, 27 Dec 2025 09:43:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1766857382; x=1767462182; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=gSXaQ7IXj6RkdeOQrehfTxLs8tTRmxKEotG2v3wprbU=; b=TVPy6JPQoOLkw2ovfs0pDkMCYEBktykA13WuuCGotN/jKH1elncKOOgLyV9Bvvf3Po jNmFnI/mV12ZfZp5hrDBMq4NTqYRX36Z4y4W419ne+K7GIeJ/M+5UMJ8w5JEAHusS0hy nIe9NE7p8H7GJUSCHaiBBdRyk+GY/k4AXnNEHDFruvq7+eF4a3PVOzvEKMha8d1SdQ40 VR9VFtJyOIQLTZntEZahcE5hl/4NgctWmNKF6we6loaX65haXPPEJgTDY/quyiHJqeNk yunAoUiAH+RmwhS/n5QhDDqeC7tK6QtGCptdt2yeKda30hz4LiyjTig71jKUrWjdpWCv wMHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766857382; x=1767462182; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=gSXaQ7IXj6RkdeOQrehfTxLs8tTRmxKEotG2v3wprbU=; b=UtjJRBPJuPw14i1Zupa13bNpAa2N9J+yEOEdYQ593ddc/8/Me0HRdOqWlsbs6vJY3D r+2dwFKnN18TsHa0T6dfMe+45zejONuc+yboCs897tJBvcfa/uCl6Dk5Zn7EXXOStqhq breFHtUX+8MrVfJGT/FNgKQU7pYIpAiaUx9hP81gyT0f7KtgssLhnrfxsNuDAmjq4tzu 8i61PSJI0yFcNvE1olPfl3hHRrdqok5lQDV9DfHsfFQB7n+d6pP1s6fDka/KwVSlhGf/ UTdf6ofNc/J3CnkzoRSIGijj4iirxYUgBJY6eSvAvHbSHYnG/M1XLtYFUEDXnfQdePsO y4JQ== X-Forwarded-Encrypted: i=1; AJvYcCXsq7NRWbI5Xyb3B5gYq1nzFT+fos7FNnKtJBldeRykASxm2KOwtqSPL2IdhMtrbGBPQDDeVfJuJEZSjio=@vger.kernel.org X-Gm-Message-State: AOJu0Yw0E6w9EwnRhFM6treevNrXUoBWtX06Ls1LV2aadu3DEP61BZ+K SCehnwXJBdJQYUhxG5yRLOdKUCHt8rdlOTp4BZMHKTJhUeUsrgmd+qxc X-Gm-Gg: AY/fxX5eH3ACsFdLVo0rJGUhUijtOQVbZahYeR3Sqb0u6iqfKGk4FlPx1tzsonhZjXv vEKQcE0ELcXzVDqQKbQOgwsx5Qu7H2boB7zcIGht+jhAnHxw7FfgBiceEW/ARrZP6rYM3m87HfN y1ur61whsOLRHYrmketeigJsgNILECVwJncsz71pGq9S5q7G1Fo+B+HdJzC+YMLMbShsz8e6jDg 00cyA6wz8bwb/q9TBgfLGO6En4aL7v2KdAq/v5qkkMV64SawjW/DlFWnWMhsY2FS2ODR1a4+DDi 1tKYwGhJSjwXF1mQHMRSxQcemm4y3eooRSiW/V9TRIkQhpWydbKt99t5M9GmQDxVFjLuQjCSkpV 3nEt4JHJpl82RI4Qu4QPPgP5b5F9b31fomNvRnko9krIEhOJkFWz+2FIRC5FqiJBDh9Ab8EBmbX 69EFQeWo8nDcX8QQ== X-Google-Smtp-Source: AGHT+IF9toMKfHOr5wvZo5TAl984T9l70FGL4tb7U3M3rSJRyuQpV3XTy3AUnKWavM5kb4L5ZeIGlg== X-Received: by 2002:a17:907:1b0f:b0:b3f:f6d:1d9e with SMTP id a640c23a62f3a-b80203fd532mr3359548766b.6.1766857381662; Sat, 27 Dec 2025 09:43:01 -0800 (PST) Received: from prometheus ([85.11.110.37]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b8037f4ef1fsm2804535566b.64.2025.12.27.09.43.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 27 Dec 2025 09:43:01 -0800 (PST) From: Szymon Wilczek To: ocfs2-devel@lists.linux.dev Cc: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, Szymon Wilczek , syzbot+51244a05705883616c95@syzkaller.appspotmail.com Subject: [PATCH] ocfs2: fix circular locking dependency in ocfs2_acquire_dquot Date: Sat, 27 Dec 2025 18:42:51 +0100 Message-ID: <20251227174251.121668-1-swilczek.lx@gmail.com> X-Mailer: git-send-email 2.52.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move ocfs2_extend_no_holes() to execute before ocfs2_lock_global_qf() to fix a circular locking dependency reported by syzbot. The issue occurs because ocfs2_extend_no_holes() internally calls ocfs2_extend_allocation() which starts a transaction (acquiring sb_start_intwrite). When called while holding the global quota file lock, this conflicts with mount-time operations that acquire sb_internal first, creating the following circular dependency: sb_internal -> ocfs2_sysfile_lock_key -> ocfs2_quota_ip_alloc_sem_key By moving the quota file extension before acquiring the global quota file lock, we ensure that any internal transactions complete before quota locks are held, breaking the circular dependency. Reported-by: syzbot+51244a05705883616c95@syzkaller.appspotmail.com Tested-by: syzbot+51244a05705883616c95@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D51244a05705883616c95 Signed-off-by: Szymon Wilczek --- fs/ocfs2/quota_global.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/fs/ocfs2/quota_global.c b/fs/ocfs2/quota_global.c index e85b1ccf81be..136aaaae27f3 100644 --- a/fs/ocfs2/quota_global.c +++ b/fs/ocfs2/quota_global.c @@ -821,6 +821,19 @@ static int ocfs2_acquire_dquot(struct dquot *dquot) trace_ocfs2_acquire_dquot(from_kqid(&init_user_ns, dquot->dq_id), type); mutex_lock(&dquot->dq_lock); + /* + * Extend global quota file before acquiring global qf lock to avoid + * lock inversion with sb_internal (via ocfs2_start_trans). + */ + if (need_alloc) { + WARN_ON(journal_current_handle()); + status =3D ocfs2_extend_no_holes(gqinode, NULL, + i_size_read(gqinode) + (need_alloc << sb->s_blocksize_bits), + i_size_read(gqinode)); + if (status < 0) + goto out; + } + /* * We need an exclusive lock, because we're going to update use count * and instantiate possibly new dquot structure @@ -843,19 +856,8 @@ static int ocfs2_acquire_dquot(struct dquot *dquot) OCFS2_DQUOT(dquot)->dq_use_count++; OCFS2_DQUOT(dquot)->dq_origspace =3D dquot->dq_dqb.dqb_curspace; OCFS2_DQUOT(dquot)->dq_originodes =3D dquot->dq_dqb.dqb_curinodes; - if (!dquot->dq_off) { /* No real quota entry? */ + if (!dquot->dq_off) /* No real quota entry? */ ex =3D 1; - /* - * Add blocks to quota file before we start a transaction since - * locking allocators ranks above a transaction start - */ - WARN_ON(journal_current_handle()); - status =3D ocfs2_extend_no_holes(gqinode, NULL, - i_size_read(gqinode) + (need_alloc << sb->s_blocksize_bits), - i_size_read(gqinode)); - if (status < 0) - goto out_dq; - } =20 handle =3D ocfs2_start_trans(osb, ocfs2_calc_global_qinit_credits(sb, type)); --=20 2.52.0