Hello,
syzbot found the following issue on:
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=130fb732c80000
kernel config:
https://syzkaller.appspot.com/x/.config?x=b57cfa804330c3b7
dashboard link:
https://syzkaller.appspot.com/bug?extid=d3ecdc484479fe6658f9
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+d3ecdc...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.15.98-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/29481 is trying to acquire lock:
ffff00011a8ebc98 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ffff00011a8ebc98 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2304
but task is already holding lock:
ffff00011a8ebfc0 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
ffff00011a8ebfc0 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:302
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}:
down_write+0x110/0x260 kernel/locking/rwsem.c:1533
inode_lock include/linux/fs.h:787 [inline]
ext4_xattr_inode_create fs/ext4/xattr.c:1457 [inline]
ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1540 [inline]
ext4_xattr_set_entry+0x2344/0x2be8 fs/ext4/xattr.c:1668
ext4_xattr_block_set+0x8f0/0x2d7c fs/ext4/xattr.c:1974
ext4_xattr_set_handle+0xb04/0x12d8 fs/ext4/xattr.c:2389
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2490
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_setxattr fs/xattr.c:646 [inline]
__se_sys_setxattr fs/xattr.c:642 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:642
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
-> #0 (&ei->xattr_sem){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x2b8/0x894 kernel/locking/lockdep.c:5622
down_write+0x110/0x260 kernel/locking/rwsem.c:1533
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2304
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2490
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_lsetxattr fs/xattr.c:653 [inline]
__se_sys_lsetxattr fs/xattr.c:649 [inline]
__arm64_sys_lsetxattr+0xbc/0xd8 fs/xattr.c:649
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ea_inode->i_rwsem#9/1);
lock(&ei->xattr_sem);
lock(&ea_inode->i_rwsem#9/1);
lock(&ei->xattr_sem);
*** DEADLOCK ***
2 locks held by syz-executor.1/29481:
#0: ffff0000d855a460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
#1: ffff00011a8ebfc0 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
#1: ffff00011a8ebfc0 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:302
stack backtrace:
CPU: 0 PID: 29481 Comm: syz-executor.1 Not tainted 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x2b8/0x894 kernel/locking/lockdep.c:5622
down_write+0x110/0x260 kernel/locking/rwsem.c:1533
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2304
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2490
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_lsetxattr fs/xattr.c:653 [inline]
__se_sys_lsetxattr fs/xattr.c:649 [inline]
__arm64_sys_lsetxattr+0xbc/0xd8 fs/xattr.c:649
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.