ci starts bisection 2024-09-26 02:34:21.237437653 +0000 UTC m=+114.624325579 bisecting cause commit starting from 2b7275670032a98cba266bd1b8905f755b3e650f building syzkaller on 349a68c4b056a06438a1e75e9b8a3a583b06d511 ensuring issue is reproducible on original commit 2b7275670032a98cba266bd1b8905f755b3e650f testing commit 2b7275670032a98cba266bd1b8905f755b3e650f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d677b6f2081b86e79d602820393e4bf58bb73ace87efc5ac7c41a3b6288f7141 all runs: crashed: possible deadlock in ext4_xattr_inode_lookup_create representative crash: possible deadlock in ext4_xattr_inode_lookup_create, types: [LOCKDEP] check whether we can drop unnecessary instrumentation disabling configs for [BUG KASAN ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 2b7275670032a98cba266bd1b8905f755b3e650f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 83ed15758b201f22945eebe83b732dddfed2c0b6894cd14cfbef13b0de5e0a20 all runs: crashed: possible deadlock in ext4_xattr_inode_lookup_create representative crash: possible deadlock in ext4_xattr_inode_lookup_create, types: [LOCKDEP] the bug reproduces without the instrumentation disabling configs for [KASAN ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed kconfig minimization: base=4045 full=8195 leaves diff=2111 split chunks (needed=false): <2111> split chunk #0 of len 2111 into 5 parts testing without sub-chunk 1/5 disabling configs for [LEAK UBSAN BUG KASAN ATOMIC_SLEEP HANG], they are not needed testing commit 2b7275670032a98cba266bd1b8905f755b3e650f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3de585e63b85fc9e60b2231d92132c6d9675014359f089b143629097e6569823 all runs: crashed: possible deadlock in ext4_xattr_inode_lookup_create representative crash: possible deadlock in ext4_xattr_inode_lookup_create, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 2b7275670032a98cba266bd1b8905f755b3e650f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e421357d737bcd0d504c5e4192b51a52556851fb6b1dc905577539ab2ed41fb7 all runs: crashed: possible deadlock in ext4_xattr_inode_lookup_create representative crash: possible deadlock in ext4_xattr_inode_lookup_create, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN BUG KASAN ATOMIC_SLEEP], they are not needed testing commit 2b7275670032a98cba266bd1b8905f755b3e650f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 52b152da5e4590cabfdd1a258bb070bae5c94e3b0fc18660ceee31027bba0476 all runs: crashed: possible deadlock in ext4_xattr_inode_lookup_create representative crash: possible deadlock in ext4_xattr_inode_lookup_create, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN BUG KASAN ATOMIC_SLEEP], they are not needed testing commit 2b7275670032a98cba266bd1b8905f755b3e650f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: abb484826fe0c6f40303415b5eda03e976ae9400bf8c9513e5b60487680ab228 all runs: crashed: possible deadlock in ext4_xattr_inode_lookup_create representative crash: possible deadlock in ext4_xattr_inode_lookup_create, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN BUG KASAN ATOMIC_SLEEP], they are not needed testing commit 2b7275670032a98cba266bd1b8905f755b3e650f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 813623f0157f4494e0701103612e55d8ebf8088b42846d141cd916a755e71120 all runs: crashed: possible deadlock in ext4_xattr_inode_lookup_create representative crash: possible deadlock in ext4_xattr_inode_lookup_create, types: [LOCKDEP] the chunk can be dropped disabling configs for [KASAN ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed picked [v6.11 v6.10 v6.9 v6.7 v6.5 v6.3 v6.1 v5.19 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 34 release tags testing release v6.11 testing commit 98f7e32f20d28ec452afb208f9cffc08448a2652 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3ee26b2f4605332d1755451c957b5db0a6adc0423a882370ef00366eecafc95b all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] testing release v6.10 testing commit 0c3836482481200ead7b416ca80c68a29cfdaabd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 20b4c51dbb151fc3fb97f6356e2c2e65703b16f7449535450b4e5fce3aed973a all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] testing release v6.9 testing commit a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9f8c0579beb4d85f65582a8390fe37a549d7d30ba8cd229473928aa8850e05b9 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] testing release v6.7 testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5047fa8b56fcf7ce681af92ca24cbe47dc6683e932fb5fa1c1ededd09e2ccbe4 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] testing release v6.5 testing commit 2dde18cd1d8fac735875f2e4987f11817cc0bc2c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d9dbbe258a65068c1be93a0d9f079d42b914f806e03ec2bf1980a9d6c58ccf2b all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] testing release v6.3 testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f0ec4414c7bc3c625a058a8c7bc67ab9591e958bb8be991a6e006682fe893e0e all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] testing release v6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3868a40d83281306be64bae1865e45e217fa13ff771e015be0753b639e4dc2c0 all runs: OK false negative chance: 0.000 # git bisect start 457391b0380335d5e9a5babdec90ac53928b23b4 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 Bisecting: 16238 revisions left to test after this (roughly 14 steps) [62be69397e53ab14f607698bb41343ce576713e8] Merge tag 'wireless-next-2023-01-23' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next testing commit 62be69397e53ab14f607698bb41343ce576713e8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 12bc2e398382b4fcfc30dc8a0dd704d6886dbfacf2d524aba5774b2042934955 all runs: OK false negative chance: 0.000 # git bisect good 62be69397e53ab14f607698bb41343ce576713e8 Bisecting: 7399 revisions left to test after this (roughly 13 steps) [a5c95ca18a98d742d0a4a04063c32556b5b66378] Merge tag 'drm-next-2023-02-23' of git://anongit.freedesktop.org/drm/drm testing commit a5c95ca18a98d742d0a4a04063c32556b5b66378 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0d2dd8e72360596e8d3068002a1ea9f4aaf43d517a3b7d542eacadaf3d4b1b9b all runs: OK false negative chance: 0.000 # git bisect good a5c95ca18a98d742d0a4a04063c32556b5b66378 Bisecting: 3619 revisions left to test after this (roughly 12 steps) [1ec35eadc3b448c91a6b763371a7073444e95f9d] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux testing commit 1ec35eadc3b448c91a6b763371a7073444e95f9d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 213c62706ccce356eb2c0a518ff5fb6da1fc92525b3265d95208afe3fef3db55 all runs: OK false negative chance: 0.000 # git bisect good 1ec35eadc3b448c91a6b763371a7073444e95f9d Bisecting: 1808 revisions left to test after this (roughly 11 steps) [3b11717f95b1880b9cab4b90bbaf61268e6bda2b] Merge tag 'vfs.misc.v6.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping testing commit 3b11717f95b1880b9cab4b90bbaf61268e6bda2b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: caacc141113483f9a9bb2d09ffd74ca8ebf088e26d868dd8ba5ae4c4d5184ae9 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] # git bisect bad 3b11717f95b1880b9cab4b90bbaf61268e6bda2b Bisecting: 896 revisions left to test after this (roughly 10 steps) [b07ce43db665a6b5a622d5bb1447950d7e1e3fb1] Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 testing commit b07ce43db665a6b5a622d5bb1447950d7e1e3fb1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 60c2247078889b3cd8a0831df1e532eda15e37beb69605778df188a01beefd62 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] # git bisect bad b07ce43db665a6b5a622d5bb1447950d7e1e3fb1 Bisecting: 445 revisions left to test after this (roughly 9 steps) [f3a2439f20d918930cc4ae8f76fe1c1afd26958f] Merge tag 'rproc-v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux testing commit f3a2439f20d918930cc4ae8f76fe1c1afd26958f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 868fc8712a3f8c771424f4bc4e4571612a27b3f84de9920ee909d70185a5dc85 all runs: OK false negative chance: 0.000 # git bisect good f3a2439f20d918930cc4ae8f76fe1c1afd26958f Bisecting: 258 revisions left to test after this (roughly 8 steps) [524af30c931382726b6a46ee4f392fb6e60f8a03] Merge tag 'qcom-drivers-for-6.3-3' of https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux into soc/drivers testing commit 524af30c931382726b6a46ee4f392fb6e60f8a03 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1bc3ffd3be0907b44936b822941e6fde0fc93c661de099644e182aaf71d761b4 all runs: OK false negative chance: 0.000 # git bisect good 524af30c931382726b6a46ee4f392fb6e60f8a03 Bisecting: 104 revisions left to test after this (roughly 7 steps) [5ca26d6039a6b42341f7f5cc8d10d30ca1561a7b] Merge tag 'net-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 5ca26d6039a6b42341f7f5cc8d10d30ca1561a7b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 380f4189c9475cfcec916ce2d1be214455b049145b7e47ceb95d757ced6d3166 all runs: OK false negative chance: 0.000 # git bisect good 5ca26d6039a6b42341f7f5cc8d10d30ca1561a7b Bisecting: 52 revisions left to test after this (roughly 6 steps) [6392e9ff8bba228746e37b78b960de6de855fc9d] f2fs: add a f2fs_curseg_valid_blocks helper testing commit 6392e9ff8bba228746e37b78b960de6de855fc9d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 273f8ed29e4aafed089082fc7b4265c37606e21a63b24b6960783e4f0c614a02 all runs: OK false negative chance: 0.000 # git bisect good 6392e9ff8bba228746e37b78b960de6de855fc9d Bisecting: 26 revisions left to test after this (roughly 5 steps) [7e986855fe13de2c8290c1102292d8e5f29dd769] f2fs: fix wrong segment count testing commit 7e986855fe13de2c8290c1102292d8e5f29dd769 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8fbf187499d1cf1fed67999607d1ca66f7d47fad951880ac7287103c40a5efe3 all runs: OK false negative chance: 0.000 # git bisect good 7e986855fe13de2c8290c1102292d8e5f29dd769 Bisecting: 13 revisions left to test after this (roughly 4 steps) [e6b9bd7290d334451ce054e98e752abc055e0034] jbd2: fix data missing when reusing bh which is ready to be checkpointed testing commit e6b9bd7290d334451ce054e98e752abc055e0034 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2d746b92c039235b10858094c38db280d68f4fadd42e37fbd60875e4cfcd76ed all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] # git bisect bad e6b9bd7290d334451ce054e98e752abc055e0034 Bisecting: 6 revisions left to test after this (roughly 3 steps) [1e9d62d252812575ded7c620d8fc67c32ff06c16] ext4: optimize ea_inode block expansion testing commit 1e9d62d252812575ded7c620d8fc67c32ff06c16 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 65f630c05ab8276426b2070257ac4e8cffc9e438951347568c2cbe2287689654 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] # git bisect bad 1e9d62d252812575ded7c620d8fc67c32ff06c16 Bisecting: 2 revisions left to test after this (roughly 2 steps) [934b0de1e9fdea93c4c7f2e18915c54fae67bdc6] ext4: don't show commit interval if it is zero testing commit 934b0de1e9fdea93c4c7f2e18915c54fae67bdc6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ec11c8b3da8a7b071b13ae81e934da514a5bff97c42e1e0344cf3e667f9bb72d all runs: OK false negative chance: 0.000 # git bisect good 934b0de1e9fdea93c4c7f2e18915c54fae67bdc6 Bisecting: 0 revisions left to test after this (roughly 1 step) [08abd0466ec9113908e674d042ec2a36dfc2875c] ext4: remove dead code in updating backup sb testing commit 08abd0466ec9113908e674d042ec2a36dfc2875c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 92e6bfd6cc5b0a8b64059213430d5f8f1c4ac7578d805ffb1355ae0c198a86cf all runs: OK false negative chance: 0.000 # git bisect good 08abd0466ec9113908e674d042ec2a36dfc2875c 1e9d62d252812575ded7c620d8fc67c32ff06c16 is the first bad commit commit 1e9d62d252812575ded7c620d8fc67c32ff06c16 Author: Jun Nie Date: Tue Jan 3 09:45:16 2023 +0800 ext4: optimize ea_inode block expansion Copy ea data from inode entry when expanding ea block if possible. Then remove the ea entry if expansion success. Thus memcpy to a temporary buffer may be avoided. If the expansion fails, we do not need to recovery the removed ea entry neither in this way. Reported-by: syzbot+2dacb8f015bf1420155f@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?id=3613786cb88c93aa1c6a279b1df6a7b201347d08 Link: https://lore.kernel.org/r/20230103014517.495275-2-jun.nie@linaro.org Cc: stable@kernel.org Signed-off-by: Jun Nie Signed-off-by: Theodore Ts'o fs/ext4/xattr.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) accumulated error probability: 0.00 culprit signature: 65f630c05ab8276426b2070257ac4e8cffc9e438951347568c2cbe2287689654 parent signature: 92e6bfd6cc5b0a8b64059213430d5f8f1c4ac7578d805ffb1355ae0c198a86cf revisions tested: 28, total time: 7h31m12.863483839s (build: 2h50m42.823479286s, test: 3h28m47.5860744s) first bad commit: 1e9d62d252812575ded7c620d8fc67c32ff06c16 ext4: optimize ea_inode block expansion recipients (to): ["adilger.kernel@dilger.ca" "jun.nie@linaro.org" "linux-ext4@vger.kernel.org" "tytso@mit.edu" "tytso@mit.edu"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: possible deadlock in ext4_xattr_inode_iget EXT4-fs: Ignoring removed orlov option EXT4-fs: Ignoring removed nomblk_io_submit option EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. ====================================================== WARNING: possible circular locking dependency detected 6.2.0-rc5-syzkaller #0 Not tainted ------------------------------------------------------ syz.0.15/2784 is trying to acquire lock: ffff8881142b5938 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:756 [inline] ffff8881142b5938 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: ext4_xattr_inode_iget+0x17e/0x1a0 fs/ext4/xattr.c:463 but task is already holding lock: ffff8881142b4e48 (&ei->i_data_sem){++++}-{3:3}, at: ext4_truncate+0x3e2/0x520 fs/ext4/inode.c:4337 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&ei->i_data_sem){++++}-{3:3}: down_write+0x2a/0xc0 kernel/locking/rwsem.c:1562 ext4_update_i_disksize fs/ext4/ext4.h:3383 [inline] ext4_xattr_inode_write fs/ext4/xattr.c:1451 [inline] ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1593 [inline] ext4_xattr_set_entry+0xc32/0x1130 fs/ext4/xattr.c:1718 ext4_xattr_ibody_set+0x57/0xb0 fs/ext4/xattr.c:2270 ext4_xattr_set_handle+0x435/0x6b0 fs/ext4/xattr.c:2427 ext4_xattr_set+0xf3/0x180 fs/ext4/xattr.c:2541 __vfs_setxattr+0x156/0x170 fs/xattr.c:202 __vfs_setxattr_noperm+0x92/0x1f0 fs/xattr.c:236 vfs_setxattr+0xe2/0x170 fs/xattr.c:323 do_setxattr fs/xattr.c:608 [inline] setxattr+0x114/0x170 fs/xattr.c:631 path_setxattr+0xab/0x120 fs/xattr.c:650 __do_sys_setxattr fs/xattr.c:666 [inline] __se_sys_setxattr fs/xattr.c:662 [inline] __x64_sys_setxattr+0x26/0x30 fs/xattr.c:662 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x46/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd -> #0 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}: check_prev_add kernel/locking/lockdep.c:3097 [inline] check_prevs_add kernel/locking/lockdep.c:3216 [inline] validate_chain kernel/locking/lockdep.c:3831 [inline] __lock_acquire+0x1265/0x25c0 kernel/locking/lockdep.c:5055 lock_acquire+0x10a/0x2e0 kernel/locking/lockdep.c:5668 down_write+0x2a/0xc0 kernel/locking/rwsem.c:1562 inode_lock include/linux/fs.h:756 [inline] ext4_xattr_inode_iget+0x17e/0x1a0 fs/ext4/xattr.c:463 ext4_xattr_inode_get+0x4d/0x140 fs/ext4/xattr.c:539 ext4_xattr_move_to_block fs/ext4/xattr.c:2622 [inline] ext4_xattr_make_inode_space fs/ext4/xattr.c:2724 [inline] ext4_expand_extra_isize_ea+0x46f/0x880 fs/ext4/xattr.c:2816 __ext4_expand_extra_isize+0xbc/0x140 fs/ext4/inode.c:5957 ext4_try_to_expand_extra_isize fs/ext4/inode.c:6000 [inline] __ext4_mark_inode_dirty+0x1a6/0x2a0 fs/ext4/inode.c:6078 ext4_ext_truncate+0x2b/0xd0 fs/ext4/extents.c:4400 ext4_truncate+0x419/0x520 fs/ext4/inode.c:4342 ext4_evict_inode+0x4a7/0x5f0 fs/ext4/inode.c:286 evict+0xd1/0x2a0 fs/inode.c:664 __dentry_kill+0x122/0x1d0 fs/dcache.c:607 dentry_kill+0x62/0x120 dput+0xca/0x170 fs/dcache.c:913 do_renameat2+0x464/0x600 fs/namei.c:4932 __do_sys_renameat2 fs/namei.c:4963 [inline] __se_sys_renameat2 fs/namei.c:4960 [inline] __x64_sys_renameat2+0x4f/0x60 fs/namei.c:4960 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x46/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ei->i_data_sem); lock(&ea_inode->i_rwsem#7/1); lock(&ei->i_data_sem); lock(&ea_inode->i_rwsem#7/1); *** DEADLOCK *** 7 locks held by syz.0.15/2784: #0: ffff8881062d8438 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x12/0x40 fs/namespace.c:508 #1: ffff8881062d8720 (&type->s_vfs_rename_key){+.+.}-{3:3}, at: lock_rename+0x29/0xd0 fs/namei.c:2994 #2: ffff8881142b3cd0 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:791 [inline] #2: ffff8881142b3cd0 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: lock_rename+0x53/0xd0 fs/namei.c:2998 #3: ffff8881142b4648 (&type->i_mutex_dir_key#3/2){+.+.}-{3:3}, at: lock_rename+0xa4/0xd0 #4: ffff8881062d8628 (sb_internal){.+.+}-{0:0}, at: __sb_start_write include/linux/fs.h:1814 [inline] #4: ffff8881062d8628 (sb_internal){.+.+}-{0:0}, at: sb_start_intwrite include/linux/fs.h:1936 [inline] #4: ffff8881062d8628 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x177/0x5f0 fs/ext4/inode.c:240 #5: ffff8881142b4e48 (&ei->i_data_sem){++++}-{3:3}, at: ext4_truncate+0x3e2/0x520 fs/ext4/inode.c:4337 #6: ffff8881142b4c88 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_trylock_xattr fs/ext4/xattr.h:162 [inline] #6: ffff8881142b4c88 (&ei->xattr_sem){++++}-{3:3}, at: ext4_try_to_expand_extra_isize fs/ext4/inode.c:5997 [inline] #6: ffff8881142b4c88 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x170/0x2a0 fs/ext4/inode.c:6078 stack backtrace: CPU: 0 PID: 2784 Comm: syz.0.15 Not tainted 6.2.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8d/0xe0 lib/dump_stack.c:106 check_noncircular+0x10c/0x120 kernel/locking/lockdep.c:2177 check_prev_add kernel/locking/lockdep.c:3097 [inline] check_prevs_add kernel/locking/lockdep.c:3216 [inline] validate_chain kernel/locking/lockdep.c:3831 [inline] __lock_acquire+0x1265/0x25c0 kernel/locking/lockdep.c:5055 lock_acquire+0x10a/0x2e0 kernel/locking/lockdep.c:5668 down_write+0x2a/0xc0 kernel/locking/rwsem.c:1562 inode_lock include/linux/fs.h:756 [inline] ext4_xattr_inode_iget+0x17e/0x1a0 fs/ext4/xattr.c:463 ext4_xattr_inode_get+0x4d/0x140 fs/ext4/xattr.c:539 ext4_xattr_move_to_block fs/ext4/xattr.c:2622 [inline] ext4_xattr_make_inode_space fs/ext4/xattr.c:2724 [inline] ext4_expand_extra_isize_ea+0x46f/0x880 fs/ext4/xattr.c:2816 __ext4_expand_extra_isize+0xbc/0x140 fs/ext4/inode.c:5957 ext4_try_to_expand_extra_isize fs/ext4/inode.c:6000 [inline] __ext4_mark_inode_dirty+0x1a6/0x2a0 fs/ext4/inode.c:6078 ext4_ext_truncate+0x2b/0xd0 fs/ext4/extents.c:4400 ext4_truncate+0x419/0x520 fs/ext4/inode.c:4342 ext4_evict_inode+0x4a7/0x5f0 fs/ext4/inode.c:286 evict+0xd1/0x2a0 fs/inode.c:664 __dentry_kill+0x122/0x1d0 fs/dcache.c:607 dentry_kill+0x62/0x120 dput+0xca/0x170 fs/dcache.c:913 do_renameat2+0x464/0x600 fs/namei.c:4932 __do_sys_renameat2 fs/namei.c:4963 [inline] __se_sys_renameat2 fs/namei.c:4960 [inline] __x64_sys_renameat2+0x4f/0x60 fs/namei.c:4960 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x46/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd RIP: 0033:0x7fa9bdd8bef9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa9bd80d038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c RAX: ffffffffffffffda RBX: 00007fa9bdf43f80 RCX: 00007fa9bdd8bef9 RDX: 0000000000000005 RSI: 0000000020000080 RDI: 0000000000000006 RBP: 00007fa9bddfeb76 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fa9bdf43f80 R15: 00007ffe7f34d7a8