ci2 starts bisection 2025-11-01 09:44:31.940097259 +0000 UTC m=+147594.265928046
bisecting fixing commit since 98f47d0e9b8c557d3063d3ea661cbea1489af330
building syzkaller on a30356b7cec03128d4d1600947b636ea5206732f
ensuring issue is reproducible on original commit 98f47d0e9b8c557d3063d3ea661cbea1489af330

testing commit 98f47d0e9b8c557d3063d3ea661cbea1489af330 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: cd983098b5151a25e5c218e75c672bb01314b53d7b847462e0550e2f07991dd5
all runs: crashed: possible deadlock in ext4_xattr_set_entry
representative crash: possible deadlock in ext4_xattr_set_entry, types: [LOCKDEP]
check whether we can drop unnecessary instrumentation
disabling configs for [hang memleak ubsan bug_or_warning kasan atomic_sleep], they are not needed
testing commit 98f47d0e9b8c557d3063d3ea661cbea1489af330 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1635aa6c10d9f827a9e02719de89c5f26713fda5187fca5f8352ef608f5fa28f
all runs: crashed: possible deadlock in ext4_xattr_set_entry
representative crash: possible deadlock in ext4_xattr_set_entry, types: [LOCKDEP]
the bug reproduces without the instrumentation
disabling configs for [hang memleak ubsan bug_or_warning kasan atomic_sleep], they are not needed
kconfig minimization: base=3707 full=7306 leaves diff=2039
split chunks (needed=false): <2039>
split chunk #0 of len 2039 into 5 parts
testing without sub-chunk 1/5
disabling configs for [memleak ubsan bug_or_warning kasan atomic_sleep hang], they are not needed
testing commit 98f47d0e9b8c557d3063d3ea661cbea1489af330 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 488c4523abf30b40bce83f7dfdfe73cab6c8872e16dc8a4fda5a76a994d45da9
all runs: crashed: possible deadlock in ext4_xattr_set_entry
representative crash: possible deadlock in ext4_xattr_set_entry, types: [LOCKDEP]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [kasan atomic_sleep hang memleak ubsan bug_or_warning], they are not needed
testing commit 98f47d0e9b8c557d3063d3ea661cbea1489af330 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 65af59c6a3d31980fd35a1e355e8ceb28c2bab2c63c989575ae56eca84d3aa02
all runs: crashed: possible deadlock in ext4_xattr_set_entry
representative crash: possible deadlock in ext4_xattr_set_entry, types: [LOCKDEP]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [hang memleak ubsan bug_or_warning kasan atomic_sleep], they are not needed
testing commit 98f47d0e9b8c557d3063d3ea661cbea1489af330 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 53a5d3deb1cd72701b8640d3de073ee53ed49f7618f6fefb9d2c43d9866906d5
all runs: crashed: possible deadlock in ext4_xattr_set_entry
representative crash: possible deadlock in ext4_xattr_set_entry, types: [LOCKDEP]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [atomic_sleep hang memleak ubsan bug_or_warning kasan], they are not needed
testing commit 98f47d0e9b8c557d3063d3ea661cbea1489af330 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 83ef8f5a5819b9cbdf4f6428de6fa89efee92017f6d0f1cefcad9b2ab2a15c6a
all runs: crashed: possible deadlock in ext4_xattr_set_entry
representative crash: possible deadlock in ext4_xattr_set_entry, types: [LOCKDEP]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [atomic_sleep hang memleak ubsan bug_or_warning kasan], they are not needed
testing commit 98f47d0e9b8c557d3063d3ea661cbea1489af330 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 79f07b6ce802b32638206b3f4064d67268a9cffba819deba0b97cf9fb9dd9fb2
all runs: crashed: possible deadlock in ext4_xattr_set_entry
representative crash: possible deadlock in ext4_xattr_set_entry, types: [LOCKDEP]
the chunk can be dropped
disabling configs for [hang memleak ubsan bug_or_warning kasan atomic_sleep], they are not needed
testing current HEAD cc5ec87693063acebb60f587e8a019ba9b94ae0e
testing commit cc5ec87693063acebb60f587e8a019ba9b94ae0e gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3eee93073926e1a25d7034c5f4454932eef0da4575b43f2e3dabbcfc23f8f589
all runs: crashed: possible deadlock in ext4_xattr_set_entry
representative crash: possible deadlock in ext4_xattr_set_entry, types: [LOCKDEP]
crash still not fixed/happens on the oldest tested release
revisions tested: 8, total time: 1h26m9.1439575s (build: 31m55.762357378s, test: 52m1.107115367s)
crash still not fixed or there were kernel test errors
commit msg: Linux 5.15.196
crash: possible deadlock in ext4_xattr_set_entry
EXT4-fs (loop3): mounted filesystem without journal. Opts: i_version,nombcache,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,sysvgroups,,errors=continue. Quota mode: none.
======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz.3.20/2542 is trying to acquire lock:
ffff88810b266ab8 (&sb->s_type->i_mutex_key#7/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
ffff88810b266ab8 (&sb->s_type->i_mutex_key#7/1){+.+.}-{3:3}, at: ext4_xattr_inode_create fs/ext4/xattr.c:1475 [inline]
ffff88810b266ab8 (&sb->s_type->i_mutex_key#7/1){+.+.}-{3:3}, at: ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1557 [inline]
ffff88810b266ab8 (&sb->s_type->i_mutex_key#7/1){+.+.}-{3:3}, at: ext4_xattr_set_entry+0xfca/0x1330 fs/ext4/xattr.c:1685

but task is already holding lock:
ffff88810b264d38 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x5f4/0x9e0 fs/ext4/inode.c:5560

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&ei->i_data_sem/3){++++}-{3:3}:
       down_write+0x20/0xa0 kernel/locking/rwsem.c:1551
       ext4_update_i_disksize fs/ext4/ext4.h:3419 [inline]
       ext4_xattr_inode_write fs/ext4/xattr.c:1413 [inline]
       ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1561 [inline]
       ext4_xattr_set_entry+0x1207/0x1330 fs/ext4/xattr.c:1685
       ext4_xattr_ibody_set+0x4d/0xb0 fs/ext4/xattr.c:2253
       ext4_xattr_set_handle+0x346/0x650 fs/ext4/xattr.c:2410
       ext4_xattr_set+0x7c/0x150 fs/ext4/xattr.c:2523
       __vfs_setxattr+0x62/0x80 fs/xattr.c:182
       __vfs_setxattr_noperm+0x74/0x220 fs/xattr.c:216
       vfs_setxattr+0x99/0x180 fs/xattr.c:303
       setxattr+0x83/0xa0 fs/xattr.c:611
       path_setxattr+0xbe/0xe0 fs/xattr.c:630
       __do_sys_setxattr fs/xattr.c:646 [inline]
       __se_sys_setxattr fs/xattr.c:642 [inline]
       __x64_sys_setxattr+0x22/0x30 fs/xattr.c:642
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x33/0x80 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

-> #0 (&sb->s_type->i_mutex_key#7/1){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3053 [inline]
       check_prevs_add kernel/locking/lockdep.c:3172 [inline]
       validate_chain kernel/locking/lockdep.c:3788 [inline]
       __lock_acquire+0x10b6/0x1a40 kernel/locking/lockdep.c:5012
       lock_acquire kernel/locking/lockdep.c:5623 [inline]
       lock_acquire+0xbb/0x290 kernel/locking/lockdep.c:5588
       down_write+0x20/0xa0 kernel/locking/rwsem.c:1551
       inode_lock include/linux/fs.h:787 [inline]
       ext4_xattr_inode_create fs/ext4/xattr.c:1475 [inline]
       ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1557 [inline]
       ext4_xattr_set_entry+0xfca/0x1330 fs/ext4/xattr.c:1685
       ext4_xattr_block_set+0x20b/0xf90 fs/ext4/xattr.c:1936
       ext4_xattr_move_to_block fs/ext4/xattr.c:2633 [inline]
       ext4_xattr_make_inode_space fs/ext4/xattr.c:2708 [inline]
       ext4_expand_extra_isize_ea+0x39a/0x900 fs/ext4/xattr.c:2800
       __ext4_expand_extra_isize+0xc4/0x110 fs/ext4/inode.c:5901
       ext4_try_to_expand_extra_isize fs/ext4/inode.c:5944 [inline]
       __ext4_mark_inode_dirty+0x17b/0x220 fs/ext4/inode.c:6022
       ext4_setattr+0x623/0x9e0 fs/ext4/inode.c:5563
       notify_change+0x1f8/0x500 fs/attr.c:505
       do_truncate+0x7b/0xd0 fs/open.c:65
       handle_truncate fs/namei.c:3273 [inline]
       do_open fs/namei.c:3620 [inline]
       path_openat+0x868/0xb10 fs/namei.c:3750
       do_filp_open+0xa4/0x150 fs/namei.c:3777
       do_sys_openat2+0x92/0x160 fs/open.c:1253
       do_sys_open fs/open.c:1269 [inline]
       __do_sys_openat fs/open.c:1285 [inline]
       __se_sys_openat fs/open.c:1280 [inline]
       __x64_sys_openat+0x4f/0x90 fs/open.c:1280
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x33/0x80 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x66/0xd0

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ei->i_data_sem/3);
                               lock(&sb->s_type->i_mutex_key#7/1);
                               lock(&ei->i_data_sem/3);
  lock(&sb->s_type->i_mutex_key#7/1);

 *** DEADLOCK ***

5 locks held by syz.3.20/2542:
 #0: ffff8881168bf438 (sb_writers#4){.+.+}-{0:0}, at: do_open fs/namei.c:3609 [inline]
 #0: ffff8881168bf438 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x81b/0xb10 fs/namei.c:3750
 #1: ffff88810b264eb0 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff88810b264eb0 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: do_truncate+0x6b/0xd0 fs/open.c:63
 #2: ffff88810b265040 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_invalidate_lock include/linux/fs.h:832 [inline]
 #2: ffff88810b265040 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_setattr+0x364/0x9e0 fs/ext4/inode.c:5520
 #3: ffff88810b264d38 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x5f4/0x9e0 fs/ext4/inode.c:5560
 #4: ffff88810b264b88 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_trylock_xattr fs/ext4/xattr.h:162 [inline]
 #4: ffff88810b264b88 (&ei->xattr_sem){++++}-{3:3}, at: ext4_try_to_expand_extra_isize fs/ext4/inode.c:5941 [inline]
 #4: ffff88810b264b88 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x140/0x220 fs/ext4/inode.c:6022

stack backtrace:
CPU: 0 PID: 2542 Comm: syz.3.20 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106
 check_noncircular+0xcc/0xe0 kernel/locking/lockdep.c:2133
 check_prev_add kernel/locking/lockdep.c:3053 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire+0x10b6/0x1a40 kernel/locking/lockdep.c:5012
 lock_acquire kernel/locking/lockdep.c:5623 [inline]
 lock_acquire+0xbb/0x290 kernel/locking/lockdep.c:5588
 down_write+0x20/0xa0 kernel/locking/rwsem.c:1551
 inode_lock include/linux/fs.h:787 [inline]
 ext4_xattr_inode_create fs/ext4/xattr.c:1475 [inline]
 ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1557 [inline]
 ext4_xattr_set_entry+0xfca/0x1330 fs/ext4/xattr.c:1685
 ext4_xattr_block_set+0x20b/0xf90 fs/ext4/xattr.c:1936
 ext4_xattr_move_to_block fs/ext4/xattr.c:2633 [inline]
 ext4_xattr_make_inode_space fs/ext4/xattr.c:2708 [inline]
 ext4_expand_extra_isize_ea+0x39a/0x900 fs/ext4/xattr.c:2800
 __ext4_expand_extra_isize+0xc4/0x110 fs/ext4/inode.c:5901
 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5944 [inline]
 __ext4_mark_inode_dirty+0x17b/0x220 fs/ext4/inode.c:6022
 ext4_setattr+0x623/0x9e0 fs/ext4/inode.c:5563
 notify_change+0x1f8/0x500 fs/attr.c:505
 do_truncate+0x7b/0xd0 fs/open.c:65
 handle_truncate fs/namei.c:3273 [inline]
 do_open fs/namei.c:3620 [inline]
 path_openat+0x868/0xb10 fs/namei.c:3750
 do_filp_open+0xa4/0x150 fs/namei.c:3777
 do_sys_openat2+0x92/0x160 fs/open.c:1253
 do_sys_open fs/open.c:1269 [inline]
 __do_sys_openat fs/open.c:1285 [inline]
 __se_sys_openat fs/open.c:1280 [inline]
 __x64_sys_openat+0x4f/0x90 fs/open.c:1280
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x33/0x80 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fc15f0fd969
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc15eb6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fc15f324fa0 RCX: 00007fc15f0fd969
RDX: 0000000000000242 RSI: 0000200000000040 RDI: ffffffffffffff9c
RBP: 00007fc15f17fab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc15f324fa0 R15: 00007ffef849dae8
 </TASK>