====================================================== WARNING: possible circular locking dependency detected 5.15.116-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.4/5350 is trying to acquire lock: ffff0000c2d49718 (&sb->s_type->i_mutex_key#24){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline] ffff0000c2d49718 (&sb->s_type->i_mutex_key#24){+.+.}-{3:3}, at: hugetlbfs_file_mmap+0x298/0x4c0 fs/hugetlbfs/inode.c:175 but task is already holding lock: ffff0000d3426898 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:87 [inline] ffff0000d3426898 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x15c/0x2b4 mm/util.c:549 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&mm->mmap_lock){++++}-{3:3}: down_write+0x110/0x260 kernel/locking/rwsem.c:1541 mmap_write_lock include/linux/mmap_lock.h:71 [inline] mpol_rebind_mm+0x40/0x298 mm/mempolicy.c:381 cpuset_attach+0x370/0x4c8 kernel/cgroup/cpuset.c:2289 cgroup_migrate_execute+0x6f8/0xda8 kernel/cgroup/cgroup.c:2559 cgroup_migrate+0x1c8/0x1e0 kernel/cgroup/cgroup.c:2821 cgroup_attach_task+0x52c/0x940 kernel/cgroup/cgroup.c:2854 __cgroup1_procs_write+0x308/0x41c kernel/cgroup/cgroup-v1.c:528 cgroup1_procs_write+0x38/0x4c kernel/cgroup/cgroup-v1.c:541 cgroup_file_write+0x258/0x5ac kernel/cgroup/cgroup.c:3932 kernfs_fop_write_iter+0x334/0x48c fs/kernfs/file.c:296 call_write_iter include/linux/fs.h:2103 [inline] new_sync_write fs/read_write.c:507 [inline] vfs_write+0x87c/0xb3c fs/read_write.c:594 ksys_write+0x15c/0x26c fs/read_write.c:647 __do_sys_write fs/read_write.c:659 [inline] __se_sys_write fs/read_write.c:656 [inline] __arm64_sys_write+0x7c/0x90 fs/read_write.c:656 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 -> #2 (&cpuset_rwsem){++++}-{0:0}: percpu_down_read include/linux/percpu-rwsem.h:51 [inline] cpuset_read_lock+0xe4/0x368 kernel/cgroup/cpuset.c:356 __sched_setscheduler+0x4b8/0x1680 kernel/sched/core.c:7409 _sched_setscheduler kernel/sched/core.c:7586 [inline] sched_setscheduler_nocheck+0x14c/0x258 kernel/sched/core.c:7633 __kthread_create_on_node+0x2f8/0x3d4 kernel/kthread.c:413 kthread_create_on_node+0xf0/0x140 kernel/kthread.c:453 cryptomgr_schedule_test crypto/algboss.c:219 [inline] cryptomgr_notify+0x110/0xb48 crypto/algboss.c:240 notifier_call_chain kernel/notifier.c:83 [inline] blocking_notifier_call_chain+0xf0/0x198 kernel/notifier.c:318 crypto_probing_notify+0x34/0x94 crypto/api.c:251 crypto_wait_for_test crypto/algapi.c:396 [inline] crypto_register_alg+0x24c/0x3a8 crypto/algapi.c:429 crypto_register_kpp+0x70/0xa8 crypto/kpp.c:104 dh_init+0x1c/0x28 crypto/dh.c:265 do_one_initcall+0x234/0x990 init/main.c:1306 do_initcall_level+0x154/0x214 init/main.c:1379 do_initcalls+0x58/0xac init/main.c:1395 do_basic_setup+0x8c/0xa0 init/main.c:1414 kernel_init_freeable+0x470/0x650 init/main.c:1619 kernel_init+0x24/0x294 init/main.c:1510 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 -> #1 ((crypto_chain).rwsem){++++}-{3:3}: down_read+0xc0/0x398 kernel/locking/rwsem.c:1488 blocking_notifier_call_chain+0x60/0x198 kernel/notifier.c:317 crypto_probing_notify crypto/api.c:251 [inline] crypto_alg_mod_lookup+0x290/0x63c crypto/api.c:281 crypto_has_alg+0x38/0x168 crypto/api.c:581 validate_hash_algo security/integrity/ima/ima_appraise.c:623 [inline] ima_inode_setxattr+0x60c/0x798 security/integrity/ima/ima_appraise.c:655 security_inode_setxattr+0x188/0x200 security/security.c:1370 __vfs_setxattr_locked+0xb4/0x218 fs/xattr.c:268 vfs_setxattr+0x1a8/0x344 fs/xattr.c:303 do_setxattr fs/xattr.c:588 [inline] setxattr+0x250/0x2b4 fs/xattr.c:611 __do_sys_fsetxattr fs/xattr.c:667 [inline] __se_sys_fsetxattr fs/xattr.c:656 [inline] __arm64_sys_fsetxattr+0x1a8/0x224 fs/xattr.c:656 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 -> #0 (&sb->s_type->i_mutex_key#24){+.+.}-{3:3}: check_prev_add kernel/locking/lockdep.c:3053 [inline] check_prevs_add kernel/locking/lockdep.c:3172 [inline] validate_chain kernel/locking/lockdep.c:3787 [inline] __lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011 lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622 down_write+0x110/0x260 kernel/locking/rwsem.c:1541 inode_lock include/linux/fs.h:787 [inline] hugetlbfs_file_mmap+0x298/0x4c0 fs/hugetlbfs/inode.c:175 call_mmap include/linux/fs.h:2108 [inline] mmap_region+0xcb4/0x12f0 mm/mmap.c:1791 do_mmap+0x6c0/0xcec mm/mmap.c:1575 vm_mmap_pgoff+0x1a4/0x2b4 mm/util.c:551 ksys_mmap_pgoff+0x458/0x668 mm/mmap.c:1624 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#24 --> &cpuset_rwsem --> &mm->mmap_lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&mm->mmap_lock); lock(&cpuset_rwsem); lock(&mm->mmap_lock); lock(&sb->s_type->i_mutex_key#24); *** DEADLOCK *** 1 lock held by syz-executor.4/5350: #0: ffff0000d3426898 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:87 [inline] #0: ffff0000d3426898 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x15c/0x2b4 mm/util.c:549 stack backtrace: CPU: 0 PID: 5350 Comm: syz-executor.4 Not tainted 5.15.116-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011 check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133 check_prev_add kernel/locking/lockdep.c:3053 [inline] check_prevs_add kernel/locking/lockdep.c:3172 [inline] validate_chain kernel/locking/lockdep.c:3787 [inline] __lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011 lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622 down_write+0x110/0x260 kernel/locking/rwsem.c:1541 inode_lock include/linux/fs.h:787 [inline] hugetlbfs_file_mmap+0x298/0x4c0 fs/hugetlbfs/inode.c:175 call_mmap include/linux/fs.h:2108 [inline] mmap_region+0xcb4/0x12f0 mm/mmap.c:1791 do_mmap+0x6c0/0xcec mm/mmap.c:1575 vm_mmap_pgoff+0x1a4/0x2b4 mm/util.c:551 ksys_mmap_pgoff+0x458/0x668 mm/mmap.c:1624 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584