netlink: 504 bytes leftover after parsing attributes in process `syz-executor.0'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21777 comm=syz-executor.0 ====================================================== WARNING: possible circular locking dependency detected 5.10.56 #1 Not tainted ------------------------------------------------------ syz-executor.7/7289 is trying to acquire lock: ffff88800f7b08e0 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf94/0x1390 fs/jbd2/transaction.c:449 but task is already holding lock: ffffffff84e8f900 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_release mm/page_alloc.c:4315 [inline] ffffffff84e8f900 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_release mm/page_alloc.c:4311 [inline] ffffffff84e8f900 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4339 [inline] ffffffff84e8f900 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4356 [inline] ffffffff84e8f900 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath.constprop.0+0x12f2/0x2210 mm/page_alloc.c:4760 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (fs_reclaim){+.+.}-{0:0}: __fs_reclaim_acquire mm/page_alloc.c:4296 [inline] fs_reclaim_acquire+0xc1/0xf0 mm/page_alloc.c:4307 slab_pre_alloc_hook mm/slab.h:510 [inline] slab_alloc_node mm/slub.c:2814 [inline] __kmalloc_node+0x5c/0x4a0 mm/slub.c:4006 kmalloc_node include/linux/slab.h:575 [inline] kvmalloc_node+0x61/0xf0 mm/util.c:575 kvmalloc include/linux/mm.h:765 [inline] ext4_xattr_inode_cache_find fs/ext4/xattr.c:1465 [inline] ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1508 [inline] ext4_xattr_set_entry+0x1e12/0x3880 fs/ext4/xattr.c:1649 ext4_xattr_block_set+0x5be/0x2f30 fs/ext4/xattr.c:1872 ext4_xattr_set_handle+0xd49/0x1310 fs/ext4/xattr.c:2394 ext4_xattr_set+0x13a/0x340 fs/ext4/xattr.c:2495 __vfs_setxattr+0x10f/0x170 fs/xattr.c:177 __vfs_setxattr_noperm+0x11a/0x4c0 fs/xattr.c:208 __vfs_setxattr_locked+0x1bf/0x250 fs/xattr.c:266 vfs_setxattr+0xe8/0x270 fs/xattr.c:283 setxattr+0x23d/0x330 fs/xattr.c:548 path_setxattr+0x170/0x190 fs/xattr.c:567 __do_sys_lsetxattr fs/xattr.c:589 [inline] __se_sys_lsetxattr fs/xattr.c:585 [inline] __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:585 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #1 (&ei->xattr_sem){++++}-{3:3}: down_write+0x92/0x150 kernel/locking/rwsem.c:1557 ext4_write_lock_xattr fs/ext4/xattr.h:142 [inline] ext4_xattr_set_handle+0x15e/0x1310 fs/ext4/xattr.c:2309 ext4_xattr_set+0x13a/0x340 fs/ext4/xattr.c:2495 __vfs_setxattr+0x10f/0x170 fs/xattr.c:177 __vfs_setxattr_noperm+0x11a/0x4c0 fs/xattr.c:208 __vfs_setxattr_locked+0x1bf/0x250 fs/xattr.c:266 vfs_setxattr+0xe8/0x270 fs/xattr.c:283 setxattr+0x23d/0x330 fs/xattr.c:548 path_setxattr+0x170/0x190 fs/xattr.c:567 __do_sys_lsetxattr fs/xattr.c:589 [inline] __se_sys_lsetxattr fs/xattr.c:585 [inline] __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:585 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #0 (jbd2_handle){++++}-{0:0}: check_prev_add kernel/locking/lockdep.c:2985 [inline] check_prevs_add kernel/locking/lockdep.c:3110 [inline] validate_chain kernel/locking/lockdep.c:3725 [inline] __lock_acquire+0x29f6/0x5b20 kernel/locking/lockdep.c:4950 lock_acquire kernel/locking/lockdep.c:5560 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5525 start_this_handle+0xfc7/0x1390 fs/jbd2/transaction.c:451 jbd2__journal_start+0x38c/0x880 fs/jbd2/transaction.c:508 __ext4_journal_start_sb+0x210/0x420 fs/ext4/ext4_jbd2.c:105 __ext4_journal_start fs/ext4/ext4_jbd2.h:328 [inline] ext4_dirty_inode+0xbc/0x130 fs/ext4/inode.c:5949 __mark_inode_dirty+0x492/0xf10 fs/fs-writeback.c:2246 mark_inode_dirty_sync include/linux/fs.h:2188 [inline] iput.part.0+0x57/0x780 fs/inode.c:1679 iput+0x58/0x70 fs/inode.c:1672 dentry_unlink_inode+0x2b4/0x3e0 fs/dcache.c:374 __dentry_kill+0x36f/0x5c0 fs/dcache.c:579 shrink_dentry_list+0x12f/0x4a0 fs/dcache.c:1141 prune_dcache_sb+0xe7/0x140 fs/dcache.c:1222 super_cache_scan+0x331/0x580 fs/super.c:105 do_shrink_slab+0x3bc/0x8d0 mm/vmscan.c:513 shrink_slab+0x16f/0x5f0 mm/vmscan.c:674 shrink_node_memcgs mm/vmscan.c:2654 [inline] shrink_node+0x8a7/0x1cf0 mm/vmscan.c:2769 shrink_zones mm/vmscan.c:2972 [inline] do_try_to_free_pages+0x38b/0x1420 mm/vmscan.c:3027 try_to_free_pages+0x285/0x610 mm/vmscan.c:3266 __perform_reclaim mm/page_alloc.c:4335 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:4356 [inline] __alloc_pages_slowpath.constprop.0+0x81e/0x2210 mm/page_alloc.c:4760 __alloc_pages_nodemask+0x54f/0x680 mm/page_alloc.c:4970 alloc_pages_current+0x187/0x280 mm/mempolicy.c:2271 alloc_pages include/linux/gfp.h:547 [inline] alloc_slab_page mm/slub.c:1613 [inline] allocate_slab+0x297/0x380 mm/slub.c:1764 new_slab mm/slub.c:1817 [inline] new_slab_objects mm/slub.c:2576 [inline] ___slab_alloc+0x46c/0x700 mm/slub.c:2739 __slab_alloc mm/slub.c:2779 [inline] slab_alloc_node mm/slub.c:2854 [inline] slab_alloc mm/slub.c:2897 [inline] kmem_cache_alloc+0x33f/0x350 mm/slub.c:2902 getname_flags.part.0+0x50/0x4f0 fs/namei.c:138 getname_flags include/linux/audit.h:320 [inline] getname+0x8e/0xd0 fs/namei.c:209 do_sys_openat2+0xf5/0x420 fs/open.c:1174 do_sys_open fs/open.c:1196 [inline] __do_sys_openat fs/open.c:1212 [inline] __se_sys_openat fs/open.c:1207 [inline] __x64_sys_openat+0x13f/0x1f0 fs/open.c:1207 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 other info that might help us debug this: Chain exists of: jbd2_handle --> &ei->xattr_sem --> fs_reclaim Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(fs_reclaim); lock(&ei->xattr_sem); lock(fs_reclaim); lock(jbd2_handle); *** DEADLOCK *** 3 locks held by syz-executor.7/7289: #0: ffffffff84e8f900 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_release mm/page_alloc.c:4315 [inline] #0: ffffffff84e8f900 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_release mm/page_alloc.c:4311 [inline] #0: ffffffff84e8f900 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4339 [inline] #0: ffffffff84e8f900 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4356 [inline] #0: ffffffff84e8f900 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath.constprop.0+0x12f2/0x2210 mm/page_alloc.c:4760 #1: ffffffff84e6c090 (shrinker_rwsem){++++}-{3:3}, at: shrink_slab+0xc7/0x5f0 mm/vmscan.c:664 #2: ffff88800f79c0e0 (&type->s_umount_key#42){++++}-{3:3}, at: trylock_super fs/super.c:418 [inline] #2: ffff88800f79c0e0 (&type->s_umount_key#42){++++}-{3:3}, at: super_cache_scan+0x71/0x580 fs/super.c:80 stack backtrace: CPU: 1 PID: 7289 Comm: syz-executor.7 Not tainted 5.10.56 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:118 check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2120 check_prev_add kernel/locking/lockdep.c:2985 [inline] check_prevs_add kernel/locking/lockdep.c:3110 [inline] validate_chain kernel/locking/lockdep.c:3725 [inline] __lock_acquire+0x29f6/0x5b20 kernel/locking/lockdep.c:4950 lock_acquire kernel/locking/lockdep.c:5560 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5525 start_this_handle+0xfc7/0x1390 fs/jbd2/transaction.c:451 jbd2__journal_start+0x38c/0x880 fs/jbd2/transaction.c:508 __ext4_journal_start_sb+0x210/0x420 fs/ext4/ext4_jbd2.c:105 __ext4_journal_start fs/ext4/ext4_jbd2.h:328 [inline] ext4_dirty_inode+0xbc/0x130 fs/ext4/inode.c:5949 __mark_inode_dirty+0x492/0xf10 fs/fs-writeback.c:2246 mark_inode_dirty_sync include/linux/fs.h:2188 [inline] iput.part.0+0x57/0x780 fs/inode.c:1679 iput+0x58/0x70 fs/inode.c:1672 dentry_unlink_inode+0x2b4/0x3e0 fs/dcache.c:374 __dentry_kill+0x36f/0x5c0 fs/dcache.c:579 shrink_dentry_list+0x12f/0x4a0 fs/dcache.c:1141 prune_dcache_sb+0xe7/0x140 fs/dcache.c:1222 super_cache_scan+0x331/0x580 fs/super.c:105 do_shrink_slab+0x3bc/0x8d0 mm/vmscan.c:513 shrink_slab+0x16f/0x5f0 mm/vmscan.c:674 shrink_node_memcgs mm/vmscan.c:2654 [inline] shrink_node+0x8a7/0x1cf0 mm/vmscan.c:2769 shrink_zones mm/vmscan.c:2972 [inline] do_try_to_free_pages+0x38b/0x1420 mm/vmscan.c:3027 try_to_free_pages+0x285/0x610 mm/vmscan.c:3266 __perform_reclaim mm/page_alloc.c:4335 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:4356 [inline] __alloc_pages_slowpath.constprop.0+0x81e/0x2210 mm/page_alloc.c:4760 __alloc_pages_nodemask+0x54f/0x680 mm/page_alloc.c:4970 alloc_pages_current+0x187/0x280 mm/mempolicy.c:2271 alloc_pages include/linux/gfp.h:547 [inline] alloc_slab_page mm/slub.c:1613 [inline] allocate_slab+0x297/0x380 mm/slub.c:1764 new_slab mm/slub.c:1817 [inline] new_slab_objects mm/slub.c:2576 [inline] ___slab_alloc+0x46c/0x700 mm/slub.c:2739 __slab_alloc mm/slub.c:2779 [inline] slab_alloc_node mm/slub.c:2854 [inline] slab_alloc mm/slub.c:2897 [inline] kmem_cache_alloc+0x33f/0x350 mm/slub.c:2902 getname_flags.part.0+0x50/0x4f0 fs/namei.c:138 getname_flags include/linux/audit.h:320 [inline] getname+0x8e/0xd0 fs/namei.c:209 do_sys_openat2+0xf5/0x420 fs/open.c:1174 do_sys_open fs/open.c:1196 [inline] __do_sys_openat fs/open.c:1212 [inline] __se_sys_openat fs/open.c:1207 [inline] __x64_sys_openat+0x13f/0x1f0 fs/open.c:1207 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x466148 Code: 24 18 31 c0 41 83 e2 40 75 40 89 f0 25 00 00 41 00 3d 00 00 41 00 74 32 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 40 48 8b 4c 24 18 64 48 2b 0c 25 28 00 00 00 RSP: 002b:00007ffe081087b0 EFLAGS: 00000287 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00000000000004bf RCX: 0000000000466148 RDX: 0000000000090800 RSI: 00007ffe081099b0 RDI: 00000000ffffff9c RBP: 00007ffe0810998c R08: 0000000000090800 R09: 00007ffe081099b0 R10: 0000000000000000 R11: 0000000000000287 R12: 00000000004bee70 R13: 00007ffe081099b0 R14: 0000000000000002 R15: 00007ffe081099f0