ci2 starts bisection 2024-12-08 13:04:05.558024157 +0000 UTC m=+153454.358689889 bisecting fixing commit since e526b12bf9169887f8cfe5afed2b10e56bdca4c3 building syzkaller on 90c93c40627cb0ac3c2c7cb99d807fd4c137adcb ensuring issue is reproducible on original commit e526b12bf9169887f8cfe5afed2b10e56bdca4c3 testing commit e526b12bf9169887f8cfe5afed2b10e56bdca4c3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: df3a1bbf6afe66c9e23cd0bf7b0453338df5b123924aca5c246e673e8877fcb5 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN ATOMIC_SLEEP], they are not needed testing commit e526b12bf9169887f8cfe5afed2b10e56bdca4c3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8688fe9c9652cc2eef3f50a1d31da32bc07eee3cd1b493a31d27a2779b4da11f all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] the bug reproduces without the instrumentation disabling configs for [BUG KASAN ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed kconfig minimization: base=3824 full=7524 leaves diff=1995 split chunks (needed=false): <1995> split chunk #0 of len 1995 into 5 parts testing without sub-chunk 1/5 disabling configs for [BUG KASAN ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit e526b12bf9169887f8cfe5afed2b10e56bdca4c3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d5e2c564941337e8fbf84ff9220c3a788463852680de97df8d1378d8851db9ee all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LEAK UBSAN BUG KASAN ATOMIC_SLEEP HANG], they are not needed testing commit e526b12bf9169887f8cfe5afed2b10e56bdca4c3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7f746be1649307c47c0feecf22d9430248b95097db60385cfa3f46abaf2ed0ba all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [KASAN ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit e526b12bf9169887f8cfe5afed2b10e56bdca4c3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cdef824d220155b383ca1627a0cbb2d9c9299512df47aeb82dbf185cd4a45d14 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [BUG KASAN ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit e526b12bf9169887f8cfe5afed2b10e56bdca4c3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0702d3defe3048ad7e70110e86353077ca7f8a4e1908fc8b68cf97163fdcbb09 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [BUG KASAN ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit e526b12bf9169887f8cfe5afed2b10e56bdca4c3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0f459f02c7d75891dabb3781cae83d66b25f906d3309125319ec09c8cdf70ab0 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] the chunk can be dropped disabling configs for [LEAK UBSAN BUG KASAN ATOMIC_SLEEP HANG], they are not needed determining the merge base between e526b12bf9169887f8cfe5afed2b10e56bdca4c3 and 7503345ac5f5e82fd9a36d6e6b447c016376403a 830b3c68c1fb1e9176028d02ef86f3cf76aa2476/Linux 6.1 is a merge base, check if it has the bug testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 27cfc3205a34f321f6c37bcf5e492b6ffe7ae6c5b7bc0220c2969a9886747933 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] testing current HEAD 7503345ac5f5e82fd9a36d6e6b447c016376403a testing commit 7503345ac5f5e82fd9a36d6e6b447c016376403a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a71fc8f1602446ef040a9435ecad056201c5e000c440f75451a840d91bddffc8 all runs: OK false negative chance: 0.000 # git bisect start 7503345ac5f5e82fd9a36d6e6b447c016376403a 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 Bisecting: 92504 revisions left to test after this (roughly 17 steps) [d934aef6bb9ec1b42dfe1f5c1f945fa0d2d0752c] Merge tag 'dmaengine-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit d934aef6bb9ec1b42dfe1f5c1f945fa0d2d0752c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 24208870804d69cd481c21bab9d5853c7a512c80b76096937e7e50d30ffc0418 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] # git bisect good d934aef6bb9ec1b42dfe1f5c1f945fa0d2d0752c Bisecting: 46293 revisions left to test after this (roughly 16 steps) [f0bae243b2bcf2b160ae547463bf542762beef8f] Merge tag 'pci-v6.10-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit f0bae243b2bcf2b160ae547463bf542762beef8f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 04df470d3c86049fbef59f8f840d75683cf33c41f8a1edf04fc76571bbe28826 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] # git bisect good f0bae243b2bcf2b160ae547463bf542762beef8f Bisecting: 23168 revisions left to test after this (roughly 15 steps) [a940d9a43e623d1ba1e5c499aa843516656c0ae4] Merge tag 'soc-arm-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit a940d9a43e623d1ba1e5c499aa843516656c0ae4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cce510937e1949c19c240a2e51fd9f53d2810eaab58c9c0887102c69c54d9929 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] # git bisect good a940d9a43e623d1ba1e5c499aa843516656c0ae4 Bisecting: 11583 revisions left to test after this (roughly 14 steps) [1ed92616a1423d4197a1037c14d076e058a62587] Merge tag 'drm-msm-next-2024-11-04' of https://gitlab.freedesktop.org/drm/msm into drm-next determine whether the revision contains the guilty commit revision a940d9a43e623d1ba1e5c499aa843516656c0ae4 crashed and is reachable testing commit 1ed92616a1423d4197a1037c14d076e058a62587 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ffa86ae9c86f8eb34eb749c61d5a057c62b586e08799385398f3f814fbb68193 all runs: OK false negative chance: 0.000 # git bisect bad 1ed92616a1423d4197a1037c14d076e058a62587 Bisecting: 5729 revisions left to test after this (roughly 13 steps) [9ab27b018649c9504e894496cb4d7d8afcffd897] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit 9ab27b018649c9504e894496cb4d7d8afcffd897 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b9cce9dff7ddebee1fa877cada5cf1a67548629f168d8155ac28fcea0833ee72 all runs: OK false negative chance: 0.000 # git bisect bad 9ab27b018649c9504e894496cb4d7d8afcffd897 Bisecting: 2636 revisions left to test after this (roughly 12 steps) [de848da12f752170c2ebe114804a985314fd5a6a] Merge tag 'drm-next-2024-09-19' of https://gitlab.freedesktop.org/drm/kernel determine whether the revision contains the guilty commit revision d934aef6bb9ec1b42dfe1f5c1f945fa0d2d0752c crashed and is reachable testing commit de848da12f752170c2ebe114804a985314fd5a6a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d1f5849722c864135f720cbd1b8baf3a213df65bedbdc6a1184d38e9625d0ebe all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] # git bisect good de848da12f752170c2ebe114804a985314fd5a6a Bisecting: 1290 revisions left to test after this (roughly 10 steps) [88264981f2082248e892a706b2c5004650faac54] Merge tag 'sched_ext-for-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit 88264981f2082248e892a706b2c5004650faac54 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: db22a5ef2655241dc82df628ed6f862349a9d53540ee588b54cda748096b536f all runs: OK false negative chance: 0.000 # git bisect bad 88264981f2082248e892a706b2c5004650faac54 Bisecting: 601 revisions left to test after this (roughly 9 steps) [617a814f14b8914271f7a70366d72c6196d17663] Merge tag 'mm-stable-2024-09-20-02-31' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm determine whether the revision contains the guilty commit revision d934aef6bb9ec1b42dfe1f5c1f945fa0d2d0752c crashed and is reachable testing commit 617a814f14b8914271f7a70366d72c6196d17663 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 123a17c08c528d154586471a300f3ef135489b0da188940f784abff6ea8bcab3 all runs: OK false negative chance: 0.000 # git bisect bad 617a814f14b8914271f7a70366d72c6196d17663 Bisecting: 371 revisions left to test after this (roughly 9 steps) [ec0db74b4b1f249ffca4df450f54c17573114045] mm: restart if multiple traversals raced determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit ec0db74b4b1f249ffca4df450f54c17573114045 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c384f54eb6b2852b2dc799d16cc8b18a6927a673342ecd7f68e93d403fbbff8b all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] # git bisect good ec0db74b4b1f249ffca4df450f54c17573114045 Bisecting: 169 revisions left to test after this (roughly 8 steps) [2004cef11ea072838f99bd95cefa5c8e45df0847] Merge tag 'sched-core-2024-09-19' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit 2004cef11ea072838f99bd95cefa5c8e45df0847 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9149126f90c03328b1350df373e1c12ab907502371ea79a08810cf2ccef7666a all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] # git bisect good 2004cef11ea072838f99bd95cefa5c8e45df0847 Bisecting: 84 revisions left to test after this (roughly 6 steps) [a2187431c395cdfbf144e3536f25468c64fc7cfa] ext4: fix error message when rejecting the default hash determine whether the revision contains the guilty commit revision f0bae243b2bcf2b160ae547463bf542762beef8f crashed and is reachable testing commit a2187431c395cdfbf144e3536f25468c64fc7cfa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0a208c23c6085e034a087236c6fca9fbe0f6a8fce450c90e49b7f32bb16e099c all runs: OK false negative chance: 0.000 # git bisect bad a2187431c395cdfbf144e3536f25468c64fc7cfa Bisecting: 42 revisions left to test after this (roughly 5 steps) [6e124d5b4b02229f8aaa206b1952db31d1687523] ext4: drop ext4_es_delayed_clu() determine whether the revision contains the guilty commit revision f0bae243b2bcf2b160ae547463bf542762beef8f crashed and is reachable testing commit 6e124d5b4b02229f8aaa206b1952db31d1687523 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4e8aa5c0672f2f0cef7f00ee3b18480e2ab4c627de3acc3dc4d0741378de9c25 all runs: OK false negative chance: 0.000 # git bisect bad 6e124d5b4b02229f8aaa206b1952db31d1687523 Bisecting: 20 revisions left to test after this (roughly 4 steps) [7a6443e1dad70281f99f0bd394d7fd342481a632] ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() determine whether the revision contains the guilty commit revision d934aef6bb9ec1b42dfe1f5c1f945fa0d2d0752c crashed and is reachable testing commit 7a6443e1dad70281f99f0bd394d7fd342481a632 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7296ddf780922462bfdaad3c4205b305dff107ed39ecc76752f61e30d8bb75dd all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] # git bisect good 7a6443e1dad70281f99f0bd394d7fd342481a632 Bisecting: 10 revisions left to test after this (roughly 3 steps) [1862304b062acb15e05b4e51270dc92de4b7635b] jbd2: correct comment jbd2_mark_journal_empty determine whether the revision contains the guilty commit revision 7a6443e1dad70281f99f0bd394d7fd342481a632 crashed and is reachable testing commit 1862304b062acb15e05b4e51270dc92de4b7635b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 67e0ad4c4699c288ebe0cd53ff85a673ed25664b1bdd0dc11b18e533d2944811 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] # git bisect good 1862304b062acb15e05b4e51270dc92de4b7635b Bisecting: 5 revisions left to test after this (roughly 3 steps) [130078d020e0214809f2e13cf4fb80c646020e94] ext4: factor out ext4_map_create_blocks() to allocate new blocks determine whether the revision contains the guilty commit revision 1862304b062acb15e05b4e51270dc92de4b7635b crashed and is reachable testing commit 130078d020e0214809f2e13cf4fb80c646020e94 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4f454866a59ab3077ce8731bd40049a1174199986738d08c55d85a00ca3c24d4 all runs: OK false negative chance: 0.000 # git bisect bad 130078d020e0214809f2e13cf4fb80c646020e94 Bisecting: 2 revisions left to test after this (roughly 1 step) [d1bc560e9a9c78d0b2314692847fc8661e0aeb99] ext4: nested locking for xattr inode determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit d1bc560e9a9c78d0b2314692847fc8661e0aeb99 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d1cd72ee8bbc34efafa54076ea713161dbacce65e9a93059d2236222440bb83e all runs: OK false negative chance: 0.000 # git bisect bad d1bc560e9a9c78d0b2314692847fc8661e0aeb99 Bisecting: 0 revisions left to test after this (roughly 0 steps) [6140ceb9b224fd178f405a7805d3fd82d2d02c39] jbd2: remove unneeded check of ret in jbd2_fc_get_buf determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit 6140ceb9b224fd178f405a7805d3fd82d2d02c39 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a36c2a2e77dce4b4e9761464c0a590fd0e59c19d8e0f268b4cb71a5802534c25 all runs: crashed: possible deadlock in ext4_xattr_inode_iget representative crash: possible deadlock in ext4_xattr_inode_iget, types: [LOCKDEP] # git bisect good 6140ceb9b224fd178f405a7805d3fd82d2d02c39 d1bc560e9a9c78d0b2314692847fc8661e0aeb99 is the first bad commit commit d1bc560e9a9c78d0b2314692847fc8661e0aeb99 Author: Wojciech Gładysz Date: Thu Aug 1 16:38:27 2024 +0200 ext4: nested locking for xattr inode Add nested locking with I_MUTEX_XATTR subclass to avoid lockdep warning while handling xattr inode on file open syscall at ext4_xattr_inode_iget. Backtrace EXT4-fs (loop0): Ignoring removed oldalloc option ====================================================== WARNING: possible circular locking dependency detected 5.10.0-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor543/2794 is trying to acquire lock: ffff8880215e1a48 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:782 [inline] ffff8880215e1a48 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: ext4_xattr_inode_iget+0x42a/0x5c0 fs/ext4/xattr.c:425 but task is already holding lock: ffff8880215e3278 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x136d/0x19c0 fs/ext4/inode.c:5559 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&ei->i_data_sem/3){++++}-{3:3}: lock_acquire+0x197/0x480 kernel/locking/lockdep.c:5566 down_write+0x93/0x180 kernel/locking/rwsem.c:1564 ext4_update_i_disksize fs/ext4/ext4.h:3267 [inline] ext4_xattr_inode_write fs/ext4/xattr.c:1390 [inline] ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1538 [inline] ext4_xattr_set_entry+0x331a/0x3d80 fs/ext4/xattr.c:1662 ext4_xattr_ibody_set+0x124/0x390 fs/ext4/xattr.c:2228 ext4_xattr_set_handle+0xc27/0x14e0 fs/ext4/xattr.c:2385 ext4_xattr_set+0x219/0x390 fs/ext4/xattr.c:2498 ext4_xattr_user_set+0xc9/0xf0 fs/ext4/xattr_user.c:40 __vfs_setxattr+0x404/0x450 fs/xattr.c:177 __vfs_setxattr_noperm+0x11d/0x4f0 fs/xattr.c:208 __vfs_setxattr_locked+0x1f9/0x210 fs/xattr.c:266 vfs_setxattr+0x112/0x2c0 fs/xattr.c:283 setxattr+0x1db/0x3e0 fs/xattr.c:548 path_setxattr+0x15a/0x240 fs/xattr.c:567 __do_sys_setxattr fs/xattr.c:582 [inline] __se_sys_setxattr fs/xattr.c:578 [inline] __x64_sys_setxattr+0xc5/0xe0 fs/xattr.c:578 do_syscall_64+0x6d/0xa0 arch/x86/entry/common.c:62 entry_SYSCALL_64_after_hwframe+0x61/0xcb -> #0 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}: check_prev_add kernel/locking/lockdep.c:2988 [inline] check_prevs_add kernel/locking/lockdep.c:3113 [inline] validate_chain+0x1695/0x58f0 kernel/locking/lockdep.c:3729 __lock_acquire+0x12fd/0x20d0 kernel/locking/lockdep.c:4955 lock_acquire+0x197/0x480 kernel/locking/lockdep.c:5566 down_write+0x93/0x180 kernel/locking/rwsem.c:1564 inode_lock include/linux/fs.h:782 [inline] ext4_xattr_inode_iget+0x42a/0x5c0 fs/ext4/xattr.c:425 ext4_xattr_inode_get+0x138/0x410 fs/ext4/xattr.c:485 ext4_xattr_move_to_block fs/ext4/xattr.c:2580 [inline] ext4_xattr_make_inode_space fs/ext4/xattr.c:2682 [inline] ext4_expand_extra_isize_ea+0xe70/0x1bb0 fs/ext4/xattr.c:2774 __ext4_expand_extra_isize+0x304/0x3f0 fs/ext4/inode.c:5898 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5941 [inline] __ext4_mark_inode_dirty+0x591/0x810 fs/ext4/inode.c:6018 ext4_setattr+0x1400/0x19c0 fs/ext4/inode.c:5562 notify_change+0xbb6/0xe60 fs/attr.c:435 do_truncate+0x1de/0x2c0 fs/open.c:64 handle_truncate fs/namei.c:2970 [inline] do_open fs/namei.c:3311 [inline] path_openat+0x29f3/0x3290 fs/namei.c:3425 do_filp_open+0x20b/0x450 fs/namei.c:3452 do_sys_openat2+0x124/0x460 fs/open.c:1207 do_sys_open fs/open.c:1223 [inline] __do_sys_open fs/open.c:1231 [inline] __se_sys_open fs/open.c:1227 [inline] __x64_sys_open+0x221/0x270 fs/open.c:1227 do_syscall_64+0x6d/0xa0 arch/x86/entry/common.c:62 entry_SYSCALL_64_after_hwframe+0x61/0xcb other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ei->i_data_sem/3); lock(&ea_inode->i_rwsem#7/1); lock(&ei->i_data_sem/3); lock(&ea_inode->i_rwsem#7/1); *** DEADLOCK *** 5 locks held by syz-executor543/2794: #0: ffff888026fbc448 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x4a/0x2a0 fs/namespace.c:365 #1: ffff8880215e3488 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: inode_lock include/linux/fs.h:782 [inline] #1: ffff8880215e3488 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: do_truncate+0x1cf/0x2c0 fs/open.c:62 #2: ffff8880215e3310 (&ei->i_mmap_sem){++++}-{3:3}, at: ext4_setattr+0xec4/0x19c0 fs/ext4/inode.c:5519 #3: ffff8880215e3278 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x136d/0x19c0 fs/ext4/inode.c:5559 #4: ffff8880215e30c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_trylock_xattr fs/ext4/xattr.h:162 [inline] #4: ffff8880215e30c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_try_to_expand_extra_isize fs/ext4/inode.c:5938 [inline] #4: ffff8880215e30c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x4fb/0x810 fs/ext4/inode.c:6018 stack backtrace: CPU: 1 PID: 2794 Comm: syz-executor543 Not tainted 5.10.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x177/0x211 lib/dump_stack.c:118 print_circular_bug+0x146/0x1b0 kernel/locking/lockdep.c:2002 check_noncircular+0x2cc/0x390 kernel/locking/lockdep.c:2123 check_prev_add kernel/locking/lockdep.c:2988 [inline] check_prevs_add kernel/locking/lockdep.c:3113 [inline] validate_chain+0x1695/0x58f0 kernel/locking/lockdep.c:3729 __lock_acquire+0x12fd/0x20d0 kernel/locking/lockdep.c:4955 lock_acquire+0x197/0x480 kernel/locking/lockdep.c:5566 down_write+0x93/0x180 kernel/locking/rwsem.c:1564 inode_lock include/linux/fs.h:782 [inline] ext4_xattr_inode_iget+0x42a/0x5c0 fs/ext4/xattr.c:425 ext4_xattr_inode_get+0x138/0x410 fs/ext4/xattr.c:485 ext4_xattr_move_to_block fs/ext4/xattr.c:2580 [inline] ext4_xattr_make_inode_space fs/ext4/xattr.c:2682 [inline] ext4_expand_extra_isize_ea+0xe70/0x1bb0 fs/ext4/xattr.c:2774 __ext4_expand_extra_isize+0x304/0x3f0 fs/ext4/inode.c:5898 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5941 [inline] __ext4_mark_inode_dirty+0x591/0x810 fs/ext4/inode.c:6018 ext4_setattr+0x1400/0x19c0 fs/ext4/inode.c:5562 notify_change+0xbb6/0xe60 fs/attr.c:435 do_truncate+0x1de/0x2c0 fs/open.c:64 handle_truncate fs/namei.c:2970 [inline] do_open fs/namei.c:3311 [inline] path_openat+0x29f3/0x3290 fs/namei.c:3425 do_filp_open+0x20b/0x450 fs/namei.c:3452 do_sys_openat2+0x124/0x460 fs/open.c:1207 do_sys_open fs/open.c:1223 [inline] __do_sys_open fs/open.c:1231 [inline] __se_sys_open fs/open.c:1227 [inline] __x64_sys_open+0x221/0x270 fs/open.c:1227 do_syscall_64+0x6d/0xa0 arch/x86/entry/common.c:62 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7f0cde4ea229 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd81d1c978 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 0030656c69662f30 RCX: 00007f0cde4ea229 RDX: 0000000000000089 RSI: 00000000000a0a00 RDI: 00000000200001c0 RBP: 2f30656c69662f2e R08: 0000000000208000 R09: 0000000000208000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd81d1c9c0 R13: 00007ffd81d1ca00 R14: 0000000000080000 R15: 0000000000000003 EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2730: inode #13: comm syz-executor543: corrupted in-inode xattr Signed-off-by: Wojciech Gładysz Link: https://patch.msgid.link/20240801143827.19135-1-wojciech.gladysz@infogain.com Signed-off-by: Theodore Ts'o fs/ext4/xattr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) accumulated error probability: 0.00 culprit signature: d1cd72ee8bbc34efafa54076ea713161dbacce65e9a93059d2236222440bb83e parent signature: a36c2a2e77dce4b4e9761464c0a590fd0e59c19d8e0f268b4cb71a5802534c25 revisions tested: 26, total time: 4h33m24.186289201s (build: 1h35m17.016410285s, test: 2h44m38.710774021s) first good commit: d1bc560e9a9c78d0b2314692847fc8661e0aeb99 ext4: nested locking for xattr inode recipients (to): ["tytso@mit.edu" "wojciech.gladysz@infogain.com"] recipients (cc): []