====================================================== WARNING: possible circular locking dependency detected 5.10.90 #1 Not tainted ------------------------------------------------------ syz-executor.6/23633 is trying to acquire lock: ffffffff84e8fe60 (fs_reclaim){+.+.}-{0:0}, at: __need_fs_reclaim mm/page_alloc.c:4288 [inline] ffffffff84e8fe60 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_acquire+0xa1/0xf0 mm/page_alloc.c:4306 but task is already holding lock: ffff888017310aa0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:142 [inline] ffff888017310aa0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x15e/0x1310 fs/ext4/xattr.c:2309 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&ei->xattr_sem){++++}-{3:3}: down_write+0x92/0x150 kernel/locking/rwsem.c:1557 ext4_write_lock_xattr fs/ext4/xattr.h:142 [inline] ext4_xattr_set_handle+0x15e/0x1310 fs/ext4/xattr.c:2309 ext4_initxattrs+0xb5/0x120 fs/ext4/xattr_security.c:43 security_inode_init_security+0x1a7/0x350 security/security.c:1054 __ext4_new_inode+0x383b/0x5400 fs/ext4/ialloc.c:1319 ext4_create+0x2ce/0x4d0 fs/ext4/namei.c:2621 lookup_open.isra.0+0xe6b/0x1230 fs/namei.c:3099 open_last_lookups fs/namei.c:3169 [inline] path_openat+0x961/0x26c0 fs/namei.c:3357 do_filp_open+0x17e/0x3c0 fs/namei.c:3387 do_sys_openat2+0x16d/0x420 fs/open.c:1180 do_sys_open fs/open.c:1196 [inline] __do_sys_openat fs/open.c:1212 [inline] __se_sys_openat fs/open.c:1207 [inline] __x64_sys_openat+0x13f/0x1f0 fs/open.c:1207 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #1 (jbd2_handle){++++}-{0:0}: start_this_handle+0xfc7/0x1390 fs/jbd2/transaction.c:451 jbd2__journal_start+0x38c/0x880 fs/jbd2/transaction.c:508 __ext4_journal_start_sb+0x210/0x420 fs/ext4/ext4_jbd2.c:105 __ext4_journal_start fs/ext4/ext4_jbd2.h:328 [inline] ext4_dirty_inode+0xbc/0x130 fs/ext4/inode.c:5959 __mark_inode_dirty+0x492/0xf10 fs/fs-writeback.c:2246 mark_inode_dirty_sync include/linux/fs.h:2188 [inline] iput.part.0+0x57/0x780 fs/inode.c:1679 iput+0x58/0x70 fs/inode.c:1672 dentry_unlink_inode+0x2b4/0x3e0 fs/dcache.c:374 __dentry_kill+0x36f/0x5c0 fs/dcache.c:579 shrink_dentry_list+0x12f/0x4a0 fs/dcache.c:1141 prune_dcache_sb+0xe7/0x140 fs/dcache.c:1222 super_cache_scan+0x331/0x580 fs/super.c:105 do_shrink_slab+0x3bc/0x8d0 mm/vmscan.c:516 shrink_slab_memcg mm/vmscan.c:586 [inline] shrink_slab+0x384/0x5f0 mm/vmscan.c:665 shrink_node_memcgs mm/vmscan.c:2665 [inline] shrink_node+0x8a7/0x1cf0 mm/vmscan.c:2780 kswapd_shrink_node mm/vmscan.c:3523 [inline] balance_pgdat+0x71e/0x11a0 mm/vmscan.c:3681 kswapd+0x58c/0xc80 mm/vmscan.c:3938 kthread+0x38f/0x470 kernel/kthread.c:313 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:296 -> #0 (fs_reclaim){+.+.}-{0:0}: check_prev_add kernel/locking/lockdep.c:2986 [inline] check_prevs_add kernel/locking/lockdep.c:3111 [inline] validate_chain kernel/locking/lockdep.c:3726 [inline] __lock_acquire+0x29e3/0x5b00 kernel/locking/lockdep.c:4952 lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __fs_reclaim_acquire mm/page_alloc.c:4296 [inline] fs_reclaim_acquire+0xc1/0xf0 mm/page_alloc.c:4307 slab_pre_alloc_hook mm/slab.h:510 [inline] slab_alloc_node mm/slub.c:2821 [inline] __kmalloc_node+0x5c/0x4a0 mm/slub.c:4015 kmalloc_node include/linux/slab.h:575 [inline] kvmalloc_node+0x61/0x120 mm/util.c:575 kvmalloc include/linux/mm.h:765 [inline] ext4_xattr_inode_cache_find fs/ext4/xattr.c:1465 [inline] ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1508 [inline] ext4_xattr_set_entry+0x1e12/0x3850 fs/ext4/xattr.c:1649 ext4_xattr_ibody_set+0x78/0x2b0 fs/ext4/xattr.c:2225 ext4_xattr_set_handle+0x947/0x1310 fs/ext4/xattr.c:2382 ext4_xattr_set+0x13a/0x340 fs/ext4/xattr.c:2495 __vfs_setxattr+0x10f/0x170 fs/xattr.c:177 __vfs_setxattr_noperm+0x11a/0x4c0 fs/xattr.c:208 __vfs_setxattr_locked+0x1bf/0x250 fs/xattr.c:266 vfs_setxattr+0xe8/0x270 fs/xattr.c:283 setxattr+0x23d/0x330 fs/xattr.c:548 path_setxattr+0x170/0x190 fs/xattr.c:567 __do_sys_lsetxattr fs/xattr.c:589 [inline] __se_sys_lsetxattr fs/xattr.c:585 [inline] __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:585 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 other info that might help us debug this: Chain exists of: fs_reclaim --> jbd2_handle --> &ei->xattr_sem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ei->xattr_sem); lock(jbd2_handle); lock(&ei->xattr_sem); lock(fs_reclaim); *** DEADLOCK *** 3 locks held by syz-executor.6/23633: #0: ffff8880435de438 (sb_writers#3){.+.+}-{0:0}, at: path_setxattr+0xb5/0x190 fs/xattr.c:565 #1: ffff888017310e60 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: inode_lock include/linux/fs.h:774 [inline] #1: ffff888017310e60 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: vfs_setxattr+0xca/0x270 fs/xattr.c:282 #2: ffff888017310aa0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:142 [inline] #2: ffff888017310aa0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x15e/0x1310 fs/ext4/xattr.c:2309 stack backtrace: CPU: 1 PID: 23633 Comm: syz-executor.6 Not tainted 5.10.90 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:118 check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2121 check_prev_add kernel/locking/lockdep.c:2986 [inline] check_prevs_add kernel/locking/lockdep.c:3111 [inline] validate_chain kernel/locking/lockdep.c:3726 [inline] __lock_acquire+0x29e3/0x5b00 kernel/locking/lockdep.c:4952 lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __fs_reclaim_acquire mm/page_alloc.c:4296 [inline] fs_reclaim_acquire+0xc1/0xf0 mm/page_alloc.c:4307 slab_pre_alloc_hook mm/slab.h:510 [inline] slab_alloc_node mm/slub.c:2821 [inline] __kmalloc_node+0x5c/0x4a0 mm/slub.c:4015 kmalloc_node include/linux/slab.h:575 [inline] kvmalloc_node+0x61/0x120 mm/util.c:575 kvmalloc include/linux/mm.h:765 [inline] ext4_xattr_inode_cache_find fs/ext4/xattr.c:1465 [inline] ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1508 [inline] ext4_xattr_set_entry+0x1e12/0x3850 fs/ext4/xattr.c:1649 ext4_xattr_ibody_set+0x78/0x2b0 fs/ext4/xattr.c:2225 ext4_xattr_set_handle+0x947/0x1310 fs/ext4/xattr.c:2382 ext4_xattr_set+0x13a/0x340 fs/ext4/xattr.c:2495 __vfs_setxattr+0x10f/0x170 fs/xattr.c:177 __vfs_setxattr_noperm+0x11a/0x4c0 fs/xattr.c:208 __vfs_setxattr_locked+0x1bf/0x250 fs/xattr.c:266 vfs_setxattr+0xe8/0x270 fs/xattr.c:283 setxattr+0x23d/0x330 fs/xattr.c:548 path_setxattr+0x170/0x190 fs/xattr.c:567 __do_sys_lsetxattr fs/xattr.c:589 [inline] __se_sys_lsetxattr fs/xattr.c:585 [inline] __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:585 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f69bb19cb19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f69b8712188 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd RAX: ffffffffffffffda RBX: 00007f69bb2aff60 RCX: 00007f69bb19cb19 RDX: 0000000020001100 RSI: 0000000020000200 RDI: 0000000020000140 RBP: 00007f69bb1f6f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000801 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff57c8e97f R14: 00007f69b8712300 R15: 0000000000022000