======================================================
WARNING: possible circular locking dependency detected
5.15.110-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.4/12652 is trying to acquire lock:
ffff0000d06c06f8 (&sb->s_type->i_mutex_key#38){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
ffff0000d06c06f8 (&sb->s_type->i_mutex_key#38){+.+.}-{3:3}, at: hugetlbfs_file_mmap+0x298/0x4c0 fs/hugetlbfs/inode.c:175
but task is already holding lock:
ffff0000d2e70118 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable+0x28/0x8c include/linux/mmap_lock.h:87
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&mm->mmap_lock){++++}-{3:3}:
down_write+0x110/0x260 kernel/locking/rwsem.c:1541
mmap_write_lock include/linux/mmap_lock.h:71 [inline]
mpol_rebind_mm+0x40/0x298 mm/mempolicy.c:381
cpuset_attach+0x370/0x4c8 kernel/cgroup/cpuset.c:2289
cgroup_migrate_execute+0x6f8/0xda8 kernel/cgroup/cgroup.c:2559
cgroup_migrate+0x1c8/0x1e0 kernel/cgroup/cgroup.c:2821
cgroup_attach_task+0x52c/0x940 kernel/cgroup/cgroup.c:2854
__cgroup1_procs_write+0x308/0x41c kernel/cgroup/cgroup-v1.c:528
cgroup1_procs_write+0x38/0x4c kernel/cgroup/cgroup-v1.c:541
cgroup_file_write+0x258/0x5ac kernel/cgroup/cgroup.c:3932
kernfs_fop_write_iter+0x334/0x48c fs/kernfs/file.c:296
call_write_iter include/linux/fs.h:2103 [inline]
new_sync_write fs/read_write.c:507 [inline]
vfs_write+0x87c/0xb3c fs/read_write.c:594
ksys_write+0x15c/0x26c fs/read_write.c:647
__do_sys_write fs/read_write.c:659 [inline]
__se_sys_write fs/read_write.c:656 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:656
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
-> #2 (&cpuset_rwsem){++++}-{0:0}:
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
cpuset_read_lock+0xe4/0x368 kernel/cgroup/cpuset.c:356
__sched_setscheduler+0x4b8/0x1680 kernel/sched/core.c:7409
_sched_setscheduler kernel/sched/core.c:7586 [inline]
sched_setscheduler_nocheck+0x14c/0x258 kernel/sched/core.c:7633
__kthread_create_on_node+0x2f8/0x3d4 kernel/kthread.c:413
kthread_create_on_node+0xf0/0x140 kernel/kthread.c:453
cryptomgr_schedule_test crypto/algboss.c:219 [inline]
cryptomgr_notify+0x110/0xb48 crypto/algboss.c:240
notifier_call_chain kernel/notifier.c:83 [inline]
blocking_notifier_call_chain+0xf0/0x198 kernel/notifier.c:318
crypto_probing_notify+0x34/0x94 crypto/api.c:251
crypto_wait_for_test crypto/algapi.c:396 [inline]
crypto_register_alg+0x24c/0x3a8 crypto/algapi.c:429
crypto_register_kpp+0x70/0xa8 crypto/kpp.c:104
dh_init+0x1c/0x28 crypto/dh.c:265
do_one_initcall+0x234/0x990 init/main.c:1306
do_initcall_level+0x154/0x214 init/main.c:1379
do_initcalls+0x58/0xac init/main.c:1395
do_basic_setup+0x8c/0xa0 init/main.c:1414
kernel_init_freeable+0x470/0x650 init/main.c:1619
kernel_init+0x24/0x294 init/main.c:1510
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
-> #1 ((crypto_chain).rwsem){++++}-{3:3}:
down_read+0xbc/0x11c kernel/locking/rwsem.c:1488
blocking_notifier_call_chain+0x60/0x198 kernel/notifier.c:317
crypto_probing_notify crypto/api.c:251 [inline]
crypto_alg_mod_lookup+0x290/0x63c crypto/api.c:281
crypto_has_alg+0x38/0x168 crypto/api.c:581
validate_hash_algo security/integrity/ima/ima_appraise.c:623 [inline]
ima_inode_setxattr+0x60c/0x798 security/integrity/ima/ima_appraise.c:655
security_inode_setxattr+0x188/0x200 security/security.c:1370
__vfs_setxattr_locked+0xb4/0x218 fs/xattr.c:268
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
__do_sys_fsetxattr fs/xattr.c:667 [inline]
__se_sys_fsetxattr fs/xattr.c:656 [inline]
__arm64_sys_fsetxattr+0x1a8/0x224 fs/xattr.c:656
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
-> #0 (&sb->s_type->i_mutex_key#38){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
down_write+0x110/0x260 kernel/locking/rwsem.c:1541
inode_lock include/linux/fs.h:787 [inline]
hugetlbfs_file_mmap+0x298/0x4c0 fs/hugetlbfs/inode.c:175
call_mmap include/linux/fs.h:2108 [inline]
shm_mmap+0xcc/0x19c ipc/shm.c:593
call_mmap include/linux/fs.h:2108 [inline]
mmap_region+0xcb4/0x12f0 mm/mmap.c:1791
do_mmap+0x6c0/0xcec mm/mmap.c:1575
do_shmat+0x790/0xa34 ipc/shm.c:1655
__do_sys_shmat ipc/shm.c:1691 [inline]
__se_sys_shmat ipc/shm.c:1686 [inline]
__arm64_sys_shmat+0xf8/0x178 ipc/shm.c:1686
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
other info that might help us debug this:
Chain exists of:
&sb->s_type->i_mutex_key#38 --> &cpuset_rwsem --> &mm->mmap_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&mm->mmap_lock);
lock(&cpuset_rwsem);
lock(&mm->mmap_lock);
lock(&sb->s_type->i_mutex_key#38);
*** DEADLOCK ***
1 lock held by syz-executor.4/12652:
#0: ffff0000d2e70118 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable+0x28/0x8c include/linux/mmap_lock.h:87
stack backtrace:
CPU: 0 PID: 12652 Comm: syz-executor.4 Not tainted 5.15.110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
down_write+0x110/0x260 kernel/locking/rwsem.c:1541
inode_lock include/linux/fs.h:787 [inline]
hugetlbfs_file_mmap+0x298/0x4c0 fs/hugetlbfs/inode.c:175
call_mmap include/linux/fs.h:2108 [inline]
shm_mmap+0xcc/0x19c ipc/shm.c:593
call_mmap include/linux/fs.h:2108 [inline]
mmap_region+0xcb4/0x12f0 mm/mmap.c:1791
do_mmap+0x6c0/0xcec mm/mmap.c:1575
do_shmat+0x790/0xa34 ipc/shm.c:1655
__do_sys_shmat ipc/shm.c:1691 [inline]
__se_sys_shmat ipc/shm.c:1686 [inline]
__arm64_sys_shmat+0xf8/0x178 ipc/shm.c:1686
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584