======================================================
WARNING: possible circular locking dependency detected
6.9.0-rc6-syzkaller-00046-g18daea77cca6 #0 Not tainted
------------------------------------------------------
syz-executor.4/6149 is trying to acquire lock:
ffff0000e599fa20 (&type->i_mutex_dir_key#8/2){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:830 [inline]
ffff0000e599fa20 (&type->i_mutex_dir_key#8/2){+.+.}-{3:3}, at: xattr_rmdir fs/reiserfs/xattr.c:107 [inline]
ffff0000e599fa20 (&type->i_mutex_dir_key#8/2){+.+.}-{3:3}, at: delete_one_xattr+0xe8/0x2c8 fs/reiserfs/xattr.c:339

but task is already holding lock:
ffff0000e599f380 (&type->i_mutex_dir_key#8/3){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:830 [inline]
ffff0000e599f380 (&type->i_mutex_dir_key#8/3){+.+.}-{3:3}, at: reiserfs_for_each_xattr+0x788/0x8d8 fs/reiserfs/xattr.c:310

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&type->i_mutex_dir_key#8/3){+.+.}-{3:3}:
       down_write_nested+0x58/0xcc kernel/locking/rwsem.c:1695
       inode_lock_nested include/linux/fs.h:830 [inline]
       open_xa_root fs/reiserfs/xattr.c:128 [inline]
       open_xa_dir+0x11c/0x578 fs/reiserfs/xattr.c:153
       xattr_lookup+0x3c/0x268 fs/reiserfs/xattr.c:396
       reiserfs_xattr_set_handle+0xe0/0xe8c fs/reiserfs/xattr.c:535
       reiserfs_xattr_set+0x398/0x4b0 fs/reiserfs/xattr.c:635
       trusted_set+0x98/0xec fs/reiserfs/xattr_trusted.c:31
       __vfs_setxattr+0x3d8/0x400 fs/xattr.c:200
       __vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:234
       __vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:295
       vfs_setxattr+0x1a8/0x344 fs/xattr.c:321
       do_setxattr fs/xattr.c:629 [inline]
       setxattr+0x208/0x29c fs/xattr.c:652
       path_setxattr+0x17c/0x258 fs/xattr.c:671
       __do_sys_lsetxattr fs/xattr.c:694 [inline]
       __se_sys_lsetxattr fs/xattr.c:690 [inline]
       __arm64_sys_lsetxattr+0xbc/0xd8 fs/xattr.c:690
       __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
       invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
       el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
       do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
       el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
       el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

-> #1 (&type->i_mutex_dir_key#8){+.+.}-{3:3}:
       down_write+0x50/0xc0 kernel/locking/rwsem.c:1579
       inode_lock include/linux/fs.h:795 [inline]
       vfs_rename+0x5e4/0xc84 fs/namei.c:4845
       do_renameat2+0x9c8/0xe40 fs/namei.c:5037
       __do_sys_renameat2 fs/namei.c:5071 [inline]
       __se_sys_renameat2 fs/namei.c:5068 [inline]
       __arm64_sys_renameat2+0xe0/0xfc fs/namei.c:5068
       __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
       invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
       el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
       do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
       el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
       el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

-> #0 (&type->i_mutex_dir_key#8/2){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain kernel/locking/lockdep.c:3869 [inline]
       __lock_acquire+0x3384/0x763c kernel/locking/lockdep.c:5137
       lock_acquire+0x248/0x73c kernel/locking/lockdep.c:5754
       down_write_nested+0x58/0xcc kernel/locking/rwsem.c:1695
       inode_lock_nested include/linux/fs.h:830 [inline]
       xattr_rmdir fs/reiserfs/xattr.c:107 [inline]
       delete_one_xattr+0xe8/0x2c8 fs/reiserfs/xattr.c:339
       reiserfs_for_each_xattr+0x794/0x8d8 fs/reiserfs/xattr.c:312
       reiserfs_delete_xattrs+0x2c/0xa4 fs/reiserfs/xattr.c:365
       reiserfs_evict_inode+0x1dc/0x3f0 fs/reiserfs/inode.c:53
       evict+0x260/0x68c fs/inode.c:667
       iput_final fs/inode.c:1741 [inline]
       iput+0x760/0x844 fs/inode.c:1767
       d_delete_notify include/linux/fsnotify.h:307 [inline]
       vfs_rmdir+0x330/0x43c fs/namei.c:4219
       do_rmdir+0x2e0/0x720 fs/namei.c:4265
       __do_sys_unlinkat fs/namei.c:4441 [inline]
       __se_sys_unlinkat fs/namei.c:4435 [inline]
       __arm64_sys_unlinkat+0xe0/0xfc fs/namei.c:4435
       __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
       invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
       el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
       do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
       el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
       el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

other info that might help us debug this:

Chain exists of:
  &type->i_mutex_dir_key#8/2 --> &type->i_mutex_dir_key#8 --> &type->i_mutex_dir_key#8/3

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&type->i_mutex_dir_key#8/3);
                               lock(&type->i_mutex_dir_key#8);
                               lock(&type->i_mutex_dir_key#8/3);
  lock(&type->i_mutex_dir_key#8/2);

 *** DEADLOCK ***

3 locks held by syz-executor.4/6149:
 #0: ffff0000e498a420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:409
 #1: ffff0000e599dfa0 (&type->i_mutex_dir_key#8/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:830 [inline]
 #1: ffff0000e599dfa0 (&type->i_mutex_dir_key#8/1){+.+.}-{3:3}, at: do_rmdir+0x1d8/0x720 fs/namei.c:4253
 #2: ffff0000e599f380 (&type->i_mutex_dir_key#8/3){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:830 [inline]
 #2: ffff0000e599f380 (&type->i_mutex_dir_key#8/3){+.+.}-{3:3}, at: reiserfs_for_each_xattr+0x788/0x8d8 fs/reiserfs/xattr.c:310

stack backtrace:
CPU: 1 PID: 6149 Comm: syz-executor.4 Not tainted 6.9.0-rc6-syzkaller-00046-g18daea77cca6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:317
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:324
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:114
 dump_stack+0x1c/0x28 lib/dump_stack.c:123
 print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2060
 check_noncircular+0x310/0x404 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain kernel/locking/lockdep.c:3869 [inline]
 __lock_acquire+0x3384/0x763c kernel/locking/lockdep.c:5137
 lock_acquire+0x248/0x73c kernel/locking/lockdep.c:5754
 down_write_nested+0x58/0xcc kernel/locking/rwsem.c:1695
 inode_lock_nested include/linux/fs.h:830 [inline]
 xattr_rmdir fs/reiserfs/xattr.c:107 [inline]
 delete_one_xattr+0xe8/0x2c8 fs/reiserfs/xattr.c:339
 reiserfs_for_each_xattr+0x794/0x8d8 fs/reiserfs/xattr.c:312
 reiserfs_delete_xattrs+0x2c/0xa4 fs/reiserfs/xattr.c:365
 reiserfs_evict_inode+0x1dc/0x3f0 fs/reiserfs/inode.c:53
 evict+0x260/0x68c fs/inode.c:667
 iput_final fs/inode.c:1741 [inline]
 iput+0x760/0x844 fs/inode.c:1767
 d_delete_notify include/linux/fsnotify.h:307 [inline]
 vfs_rmdir+0x330/0x43c fs/namei.c:4219
 do_rmdir+0x2e0/0x720 fs/namei.c:4265
 __do_sys_unlinkat fs/namei.c:4441 [inline]
 __se_sys_unlinkat fs/namei.c:4435 [inline]
 __arm64_sys_unlinkat+0xe0/0xfc fs/namei.c:4435
 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598