syzbot

============================================
WARNING: possible recursive locking detected
6.12.0-syzkaller-01892-g8f7c8b88bda4 #0 Not tainted
--------------------------------------------
syz.0.0/5329 is trying to acquire lock:
ffff888054a366c8 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]
ffff888054a366c8 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: bch2_symlink+0x176/0x310 fs/bcachefs/fs.c:803

but task is already holding lock:
ffff888054a348c8 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]
ffff888054a348c8 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: ovl_copy_up_workdir fs/overlayfs/copy_up.c:782 [inline]
ffff888054a348c8 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: ovl_do_copy_up fs/overlayfs/copy_up.c:1001 [inline]
ffff888054a348c8 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: ovl_copy_up_one fs/overlayfs/copy_up.c:1202 [inline]
ffff888054a348c8 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: ovl_copy_up_flags+0x1900/0x46f0 fs/overlayfs/copy_up.c:1257

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&sb->s_type->i_mutex_key#20);
  lock(&sb->s_type->i_mutex_key#20);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

5 locks held by syz.0.0/5329:
 #0: ffff888050cb4420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:515
 #1: ffff888054a2a9e0 (&ovl_i_mutex_key[depth]){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]
 #1: ffff888054a2a9e0 (&ovl_i_mutex_key[depth]){+.+.}-{4:4}, at: vfs_setxattr+0x1e1/0x430 fs/xattr.c:320
 #2: ffff888054a2ad98 (&ovl_i_lock_key[depth]){+.+.}-{4:4}, at: ovl_inode_lock_interruptible fs/overlayfs/overlayfs.h:649 [inline]
 #2: ffff888054a2ad98 (&ovl_i_lock_key[depth]){+.+.}-{4:4}, at: ovl_copy_up_start+0x53/0x310 fs/overlayfs/util.c:719
 #3: ffff88805227a420 (sb_writers#11){.+.+}-{0:0}, at: ovl_copy_up_workdir fs/overlayfs/copy_up.c:781 [inline]
 #3: ffff88805227a420 (sb_writers#11){.+.+}-{0:0}, at: ovl_do_copy_up fs/overlayfs/copy_up.c:1001 [inline]
 #3: ffff88805227a420 (sb_writers#11){.+.+}-{0:0}, at: ovl_copy_up_one fs/overlayfs/copy_up.c:1202 [inline]
 #3: ffff88805227a420 (sb_writers#11){.+.+}-{0:0}, at: ovl_copy_up_flags+0x18e9/0x46f0 fs/overlayfs/copy_up.c:1257
 #4: ffff888054a348c8 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]
 #4: ffff888054a348c8 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: ovl_copy_up_workdir fs/overlayfs/copy_up.c:782 [inline]
 #4: ffff888054a348c8 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: ovl_do_copy_up fs/overlayfs/copy_up.c:1001 [inline]
 #4: ffff888054a348c8 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: ovl_copy_up_one fs/overlayfs/copy_up.c:1202 [inline]
 #4: ffff888054a348c8 (&sb->s_type->i_mutex_key#20){++++}-{4:4}, at: ovl_copy_up_flags+0x1900/0x46f0 fs/overlayfs/copy_up.c:1257

stack backtrace:
CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037
 check_deadlock kernel/locking/lockdep.c:3089 [inline]
 validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891
 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
 down_write+0x99/0x220 kernel/locking/rwsem.c:1577
 inode_lock include/linux/fs.h:818 [inline]
 bch2_symlink+0x176/0x310 fs/bcachefs/fs.c:803
 vfs_symlink+0x137/0x2e0 fs/namei.c:4669
 ovl_do_symlink+0x85/0xd0 fs/overlayfs/overlayfs.h:267
 ovl_create_real+0x346/0x550 fs/overlayfs/dir.c:206
 ovl_copy_up_workdir fs/overlayfs/copy_up.c:783 [inline]
 ovl_do_copy_up fs/overlayfs/copy_up.c:1001 [inline]
 ovl_copy_up_one fs/overlayfs/copy_up.c:1202 [inline]
 ovl_copy_up_flags+0x193c/0x46f0 fs/overlayfs/copy_up.c:1257
 ovl_xattr_set+0x348/0x520 fs/overlayfs/xattrs.c:56
 ovl_own_xattr_set+0x173/0x1c0 fs/overlayfs/xattrs.c:213
 __vfs_setxattr+0x468/0x4a0 fs/xattr.c:200
 __vfs_setxattr_noperm+0x12e/0x660 fs/xattr.c:234
 vfs_setxattr+0x221/0x430 fs/xattr.c:321
 do_setxattr fs/xattr.c:636 [inline]
 filename_setxattr+0x2af/0x430 fs/xattr.c:665
 path_setxattrat+0x440/0x510 fs/xattr.c:713
 __do_sys_lsetxattr fs/xattr.c:754 [inline]
 __se_sys_lsetxattr fs/xattr.c:750 [inline]
 __x64_sys_lsetxattr+0xbf/0xe0 fs/xattr.c:750
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f00f757e819
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f00f6fdd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
RAX: ffffffffffffffda RBX: 00007f00f7736080 RCX: 00007f00f757e819
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000020000280
RBP: 00007f00f75f175e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f00f7736080 R15: 00007ffc0c696c88
 </TASK>
syz.0.0 (5329) used greatest stack depth: 15856 bytes left