XFS (loop2): no-recovery mounts must be read-only.
XFS (loop2): no-recovery mounts must be read-only.

======================================================
WARNING: possible circular locking dependency detected
4.19.0-rc7+ #59 Not tainted
------------------------------------------------------
syz-executor4/4889 is trying to acquire lock:
00000000d1141f63 (sb_internal){.+.+}, at: sb_start_intwrite include/linux/fs.h:1613 [inline]
00000000d1141f63 (sb_internal){.+.+}, at: ext4_evict_inode+0x5e5/0x1ad0 fs/ext4/inode.c:250

but task is already holding lock:
000000004057c5f1 (fs_reclaim){+.+.}, at: fs_reclaim_acquire.part.97+0x0/0x30 mm/internal.h:79

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (fs_reclaim){+.+.}:
       __fs_reclaim_acquire mm/page_alloc.c:3728 [inline]
       fs_reclaim_acquire.part.97+0x24/0x30 mm/page_alloc.c:3739
       fs_reclaim_acquire+0x14/0x20 mm/page_alloc.c:3740
       slab_pre_alloc_hook mm/slab.h:418 [inline]
       slab_alloc mm/slab.c:3378 [inline]
       kmem_cache_alloc_trace+0x2d/0x750 mm/slab.c:3618
       kmalloc include/linux/slab.h:513 [inline]
       kzalloc include/linux/slab.h:707 [inline]
       smk_fetch.part.24+0x5a/0xf0 security/smack/smack_lsm.c:273
       smk_fetch security/smack/smack_lsm.c:3548 [inline]
       smack_d_instantiate+0x94e/0xea0 security/smack/smack_lsm.c:3502
       security_d_instantiate+0x5c/0xf0 security/security.c:1287
       d_instantiate+0x5e/0xa0 fs/dcache.c:1870
       shmem_mknod+0x189/0x1f0 mm/shmem.c:2814
       vfs_mknod+0x445/0x800 fs/namei.c:3719
       handle_create+0x1ff/0x730 drivers/base/devtmpfs.c:211
       handle drivers/base/devtmpfs.c:374 [inline]
       devtmpfsd+0x27f/0x4c0 drivers/base/devtmpfs.c:400
       kthread+0x35a/0x420 kernel/kthread.c:246
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413

-> #2 (&isp->smk_lock){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:925 [inline]
       __mutex_lock+0x166/0x1700 kernel/locking/mutex.c:1072
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
       smack_d_instantiate+0x136/0xea0 security/smack/smack_lsm.c:3369
       security_d_instantiate+0x5c/0xf0 security/security.c:1287
       d_instantiate_new+0x70/0x160 fs/dcache.c:1889
       ext4_add_nondir+0x81/0x90 fs/ext4/namei.c:2415
       ext4_symlink+0x752/0x1130 fs/ext4/namei.c:3162
       vfs_symlink+0x37a/0x5d0 fs/namei.c:4127
       do_symlinkat+0x242/0x2d0 fs/namei.c:4154
       __do_sys_symlink fs/namei.c:4173 [inline]
       __se_sys_symlink fs/namei.c:4171 [inline]
       __x64_sys_symlink+0x59/0x80 fs/namei.c:4171
       do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #1 (jbd2_handle){++++}:
       start_this_handle+0x5b8/0x1250 fs/jbd2/transaction.c:385
       jbd2__journal_start+0x3c9/0xa90 fs/jbd2/transaction.c:439
       __ext4_journal_start_sb+0x1a5/0x5f0 fs/ext4/ext4_jbd2.c:81
       ext4_sample_last_mounted fs/ext4/file.c:414 [inline]
       ext4_file_open+0x53e/0x730 fs/ext4/file.c:439
       do_dentry_open+0x499/0x1250 fs/open.c:771
       vfs_open+0xa0/0xd0 fs/open.c:880
       do_last fs/namei.c:3418 [inline]
       path_openat+0x12bf/0x5160 fs/namei.c:3534
       do_filp_open+0x255/0x380 fs/namei.c:3564
       do_open_execat+0x221/0x8e0 fs/exec.c:853
       __do_execve_file.isra.33+0x173f/0x2540 fs/exec.c:1755
       do_execveat_common fs/exec.c:1866 [inline]
       do_execve fs/exec.c:1883 [inline]
       __do_sys_execve fs/exec.c:1964 [inline]
       __se_sys_execve fs/exec.c:1959 [inline]
       __x64_sys_execve+0x8f/0xc0 fs/exec.c:1959
       do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (sb_internal){.+.+}:
       lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3900
       percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
       percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
       __sb_start_write+0x214/0x370 fs/super.c:1387
       sb_start_intwrite include/linux/fs.h:1613 [inline]
       ext4_evict_inode+0x5e5/0x1ad0 fs/ext4/inode.c:250
       evict+0x4b9/0x980 fs/inode.c:558
       iput_final fs/inode.c:1547 [inline]
       iput+0x679/0xa90 fs/inode.c:1573
       dentry_unlink_inode+0x461/0x5e0 fs/dcache.c:374
       __dentry_kill+0x44c/0x7a0 fs/dcache.c:566
       dentry_kill+0xc9/0x5a0 fs/dcache.c:685
       dput.part.26+0x660/0x790 fs/dcache.c:846
       dput+0x15/0x20 fs/dcache.c:828
       ovl_destroy_inode+0x3d/0x170 fs/overlayfs/super.c:204
       destroy_inode+0x159/0x200 fs/inode.c:267
       evict+0x5e0/0x980 fs/inode.c:575
       iput_final fs/inode.c:1547 [inline]
       iput+0x679/0xa90 fs/inode.c:1573
       dentry_unlink_inode+0x461/0x5e0 fs/dcache.c:374
       __dentry_kill+0x44c/0x7a0 fs/dcache.c:566
       shrink_dentry_list+0x32f/0x800 fs/dcache.c:1079
       prune_dcache_sb+0x12f/0x1c0 fs/dcache.c:1171
       super_cache_scan+0x270/0x480 fs/super.c:102
       do_shrink_slab+0x4e7/0xd20 mm/vmscan.c:547
       shrink_slab_memcg mm/vmscan.c:612 [inline]
       shrink_slab+0x6f6/0x8c0 mm/vmscan.c:684
       shrink_node+0x431/0x16b0 mm/vmscan.c:2745
       shrink_zones mm/vmscan.c:2974 [inline]
       do_try_to_free_pages+0x3e7/0x1290 mm/vmscan.c:3036
       try_to_free_pages+0x4d0/0xb90 mm/vmscan.c:3251
       __perform_reclaim mm/page_alloc.c:3769 [inline]
       __alloc_pages_direct_reclaim mm/page_alloc.c:3790 [inline]
       __alloc_pages_slowpath+0x993/0x2d80 mm/page_alloc.c:4191
       __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
       alloc_pages_current+0x10c/0x210 mm/mempolicy.c:2093
       alloc_pages include/linux/gfp.h:509 [inline]
       __page_cache_alloc+0x38f/0x5b0 mm/filemap.c:946
       __do_page_cache_readahead+0x383/0x980 mm/readahead.c:195
       ra_submit mm/internal.h:66 [inline]
       do_sync_mmap_readahead mm/filemap.c:2444 [inline]
       filemap_fault+0xf4d/0x25f0 mm/filemap.c:2520
       __do_fault+0x100/0x6b0 mm/memory.c:3240
       do_shared_fault mm/memory.c:3707 [inline]
       do_fault mm/memory.c:3756 [inline]
       handle_pte_fault mm/memory.c:3983 [inline]
       __handle_mm_fault+0x3515/0x53e0 mm/memory.c:4107
       handle_mm_fault+0x54f/0xc70 mm/memory.c:4144
       __do_page_fault+0x67d/0xed0 arch/x86/mm/fault.c:1395
       do_page_fault+0xf2/0x7e0 arch/x86/mm/fault.c:1470
       page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1161

other info that might help us debug this:

Chain exists of:
  sb_internal --> &isp->smk_lock --> fs_reclaim

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(fs_reclaim);
                               lock(&isp->smk_lock);
                               lock(fs_reclaim);
  lock(sb_internal);

 *** DEADLOCK ***

4 locks held by syz-executor4/4889:
 #0: 000000003572b526 (&mm->mmap_sem){++++}, at: __do_page_fault+0x3e3/0xed0 arch/x86/mm/fault.c:1324
 #1: 000000004057c5f1 (fs_reclaim){+.+.}, at: fs_reclaim_acquire.part.97+0x0/0x30 mm/internal.h:79
 #2: 0000000052e04665 (shrinker_rwsem){++++}, at: shrink_slab_memcg mm/vmscan.c:589 [inline]
 #2: 0000000052e04665 (shrinker_rwsem){++++}, at: shrink_slab+0x1d1/0x8c0 mm/vmscan.c:684
 #3: 0000000013d0db23 (&type->s_umount_key#48){++++}, at: trylock_super+0x22/0x110 fs/super.c:412

stack backtrace:
CPU: 0 PID: 4889 Comm: syz-executor4 Not tainted 4.19.0-rc7+ #59
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
 print_circular_bug.isra.33.cold.54+0x1bd/0x27d kernel/locking/lockdep.c:1221
 check_prev_add kernel/locking/lockdep.c:1861 [inline]
 check_prevs_add kernel/locking/lockdep.c:1974 [inline]
 validate_chain kernel/locking/lockdep.c:2415 [inline]
 __lock_acquire+0x33e4/0x4ec0 kernel/locking/lockdep.c:3411
 lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3900
 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
 percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
 __sb_start_write+0x214/0x370 fs/super.c:1387
 sb_start_intwrite include/linux/fs.h:1613 [inline]
 ext4_evict_inode+0x5e5/0x1ad0 fs/ext4/inode.c:250
 evict+0x4b9/0x980 fs/inode.c:558
 iput_final fs/inode.c:1547 [inline]
 iput+0x679/0xa90 fs/inode.c:1573
 dentry_unlink_inode+0x461/0x5e0 fs/dcache.c:374
 __dentry_kill+0x44c/0x7a0 fs/dcache.c:566
 dentry_kill+0xc9/0x5a0 fs/dcache.c:685
 dput.part.26+0x660/0x790 fs/dcache.c:846
 dput+0x15/0x20 fs/dcache.c:828
 ovl_destroy_inode+0x3d/0x170 fs/overlayfs/super.c:204
 destroy_inode+0x159/0x200 fs/inode.c:267
 evict+0x5e0/0x980 fs/inode.c:575
 iput_final fs/inode.c:1547 [inline]
 iput+0x679/0xa90 fs/inode.c:1573
 dentry_unlink_inode+0x461/0x5e0 fs/dcache.c:374
 __dentry_kill+0x44c/0x7a0 fs/dcache.c:566
 shrink_dentry_list+0x32f/0x800 fs/dcache.c:1079
 prune_dcache_sb+0x12f/0x1c0 fs/dcache.c:1171
 super_cache_scan+0x270/0x480 fs/super.c:102
 do_shrink_slab+0x4e7/0xd20 mm/vmscan.c:547
 shrink_slab_memcg mm/vmscan.c:612 [inline]
 shrink_slab+0x6f6/0x8c0 mm/vmscan.c:684
 shrink_node+0x431/0x16b0 mm/vmscan.c:2745
 shrink_zones mm/vmscan.c:2974 [inline]
 do_try_to_free_pages+0x3e7/0x1290 mm/vmscan.c:3036
 try_to_free_pages+0x4d0/0xb90 mm/vmscan.c:3251
 __perform_reclaim mm/page_alloc.c:3769 [inline]
 __alloc_pages_direct_reclaim mm/page_alloc.c:3790 [inline]
 __alloc_pages_slowpath+0x993/0x2d80 mm/page_alloc.c:4191
 __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
 alloc_pages_current+0x10c/0x210 mm/mempolicy.c:2093
 alloc_pages include/linux/gfp.h:509 [inline]
 __page_cache_alloc+0x38f/0x5b0 mm/filemap.c:946
 __do_page_cache_readahead+0x383/0x980 mm/readahead.c:195
 ra_submit mm/internal.h:66 [inline]
 do_sync_mmap_readahead mm/filemap.c:2444 [inline]
 filemap_fault+0xf4d/0x25f0 mm/filemap.c:2520
 __do_fault+0x100/0x6b0 mm/memory.c:3240
 do_shared_fault mm/memory.c:3707 [inline]
 do_fault mm/memory.c:3756 [inline]
 handle_pte_fault mm/memory.c:3983 [inline]
 __handle_mm_fault+0x3515/0x53e0 mm/memory.c:4107
 handle_mm_fault+0x54f/0xc70 mm/memory.c:4144
 __do_page_fault+0x67d/0xed0 arch/x86/mm/fault.c:1395
 do_page_fault+0xf2/0x7e0 arch/x86/mm/fault.c:1470
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1161
RIP: 0033:0x4004d1
Code: Bad RIP value.
RSP: 002b:00007fffae686ca0 EFLAGS: 00010246
RAX: 0000000020002ff0 RBX: 000000000072c900 RCX: 0000000000000000
RDX: 000000000000001d RSI: 0000000000000000 RDI: 000000000239a848
RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000
R10: 00007fffae686da0 R11: 0000000000000246 R12: 000000000072bfac
R13: 00000000000003e8 R14: 00000000000fb104 R15: 00000000000fb0d7
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5371 Comm: syz-fuzzer Not tainted 4.19.0-rc7+ #59
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__rb_erase_augmented include/linux/rbtree_augmented.h:168 [inline]
RIP: 0010:rb_erase+0x306/0x3710 lib/rbtree.c:459
Code: c7 81 28 01 00 00 f2 f2 f2 f2 c7 81 2c 01 00 00 00 f2 f2 f2 48 89 f9 65 48 8b 1c 25 28 00 00 00 48 89 5d d0 31 db 48 c1 e9 03 <42> 80 3c 01 00 0f 85 41 1c 00 00 4c 8d 48 10 4c 8b 78 08 48 b9 00
RSP: 0000:ffff8801beac5138 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 1ffff10037d58a2f RSI: ffffffff8afbc860 RDI: 0000000000000008
RBP: ffff8801beac5b40 R08: dffffc0000000000 R09: fffffbfff12d6990
R10: fffffbfff12d6990 R11: ffffffff896b4c83 R12: ffff8801788821f0
R13: dffffc0000000000 R14: ffff8801beac5b18 R15: ffff8801beac5c58
FS:  000000c420026068(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f73f8109620 CR3: 00000001d7918000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 integrity_inode_free+0x12f/0x320 security/integrity/iint.c:150
 security_inode_free+0x19/0x90 security/security.c:453
 __destroy_inode+0x328/0x820 fs/inode.c:238
 destroy_inode+0xda/0x200 fs/inode.c:265
 evict+0x5e0/0x980 fs/inode.c:575
 dispose_list+0x252/0x410 fs/inode.c:593
 prune_icache_sb+0x12f/0x1c0 fs/inode.c:781
 super_cache_scan+0x2bf/0x480 fs/super.c:104
 do_shrink_slab+0x4e7/0xd20 mm/vmscan.c:547
 shrink_slab_memcg mm/vmscan.c:612 [inline]
 shrink_slab+0x6f6/0x8c0 mm/vmscan.c:684
 shrink_node+0x431/0x16b0 mm/vmscan.c:2745
 shrink_zones mm/vmscan.c:2974 [inline]
 do_try_to_free_pages+0x3e7/0x1290 mm/vmscan.c:3036
 try_to_free_pages+0x4d0/0xb90 mm/vmscan.c:3251
 __perform_reclaim mm/page_alloc.c:3769 [inline]
 __alloc_pages_direct_reclaim mm/page_alloc.c:3790 [inline]
 __alloc_pages_slowpath+0x993/0x2d80 mm/page_alloc.c:4191
 __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390
 alloc_pages_current+0x10c/0x210 mm/mempolicy.c:2093
 alloc_pages include/linux/gfp.h:509 [inline]
 __page_cache_alloc+0x38f/0x5b0 mm/filemap.c:946
 page_cache_read mm/filemap.c:2385 [inline]
 filemap_fault+0x1594/0x25f0 mm/filemap.c:2569
 ext4_filemap_fault+0x82/0xad fs/ext4/inode.c:6259
 __do_fault+0x100/0x6b0 mm/memory.c:3240
 do_read_fault mm/memory.c:3652 [inline]
 do_fault mm/memory.c:3752 [inline]
 handle_pte_fault mm/memory.c:3983 [inline]
 __handle_mm_fault+0x3709/0x53e0 mm/memory.c:4107
 handle_mm_fault+0x54f/0xc70 mm/memory.c:4144
 __do_page_fault+0x67d/0xed0 arch/x86/mm/fault.c:1395
 do_page_fault+0xf2/0x7e0 arch/x86/mm/fault.c:1470
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1161
RIP: 0033:0x40f9c0
Code: 8b 44 24 20 48 8b 50 30 c6 82 ed 00 00 00 01 48 8b 54 24 38 48 89 14 24 c7 44 24 08 00 00 00 00 48 89 4c 24 10 e8 40 96 01 00 <48> 8b 05 a9 db 7b 00 48 8b 00 48 85 c0 75 4c 48 8b 44 24 20 48 8b
RSP: 002b:000000c420035ed8 EFLAGS: 00010212
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045ddf3
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000014cdf38
RBP: 000000c420035f00 R08: 0000000000000000 R09: 0000000000000000
R10: 000000c420035eb8 R11: 0000000000000246 R12: 0000000000430120
R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000000
Modules linked in:
---[ end trace cf4f38bf5a38e368 ]---
RIP: 0010:__rb_erase_augmented include/linux/rbtree_augmented.h:168 [inline]
RIP: 0010:rb_erase+0x306/0x3710 lib/rbtree.c:459
Code: c7 81 28 01 00 00 f2 f2 f2 f2 c7 81 2c 01 00 00 00 f2 f2 f2 48 89 f9 65 48 8b 1c 25 28 00 00 00 48 89 5d d0 31 db 48 c1 e9 03 <42> 80 3c 01 00 0f 85 41 1c 00 00 4c 8d 48 10 4c 8b 78 08 48 b9 00
RSP: 0000:ffff8801beac5138 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 1ffff10037d58a2f RSI: ffffffff8afbc860 RDI: 0000000000000008
RBP: ffff8801beac5b40 R08: dffffc0000000000 R09: fffffbfff12d6990
R10: fffffbfff12d6990 R11: ffffffff896b4c83 R12: ffff8801788821f0
R13: dffffc0000000000 R14: ffff8801beac5b18 R15: ffff8801beac5c58
FS:  000000c420026068(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f73f8109620 CR3: 00000001d7918000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400