f39300149ccc starts bisection 2025-01-14 15:45:22.436081051 +0800 CST m=+29.956022985 bisecting cause commit starting from 2144da25584eb10b84252230319b5783f6a83041 building syzkaller on HEAD ensuring issue is reproducible on original commit 2144da25584eb10b84252230319b5783f6a83041 testing commit 2144da25584eb10b84252230319b5783f6a83041 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 72a018727dc5f26f39fb9afa3c3466fc5ee9a2920d881bac048921604cb8bcd9 all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] check whether we can drop unnecessary instrumentation disabling configs for [BUG KASAN ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 2144da25584eb10b84252230319b5783f6a83041 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 5eaaae195280bd569165ae60f47adc8d201e619b5cb7cb2e1819e102d834360e all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN ATOMIC_SLEEP], they are not needed kconfig minimization: base=4514 full=4514 leaves diff=0 split chunks (needed=false): <0> split chunk #0 of len 0 into 3 parts disabling configs for [HANG LEAK UBSAN BUG KASAN ATOMIC_SLEEP], they are not needed picked [v6.12 v6.11 v6.10 v6.8 v6.6 v6.4 v6.2 v6.0 v5.17 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 35 release tags testing release v6.12 testing commit adc218676eef25575469234709c2d87185ca223a gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 123569f3c5dc773a228046b23c2579f93b489802aa8c81816760c93d72fc892e all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] testing release v6.11 testing commit 98f7e32f20d28ec452afb208f9cffc08448a2652 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 9b6b470beec4ea169676d758c2d1f067d581fa761c3bcf853d1dcb4dfff58468 all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] testing release v6.10 testing commit 0c3836482481200ead7b416ca80c68a29cfdaabd gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: c752e7f7c72a0ece8f10a2cc013ea6e5fc03f9becc2c19bbba4eab7839191fdb all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] testing release v6.8 testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: f7b80163c0bb3a69387b4316c73cd7e87e073c5750950c55189fa2a7087665e6 all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] testing release v6.6 testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: cf9718868b9435934e6b66aeff7dd155e98e9f6dda14efce295b1746e63d2d50 all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] testing release v6.4 testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 5c10ca80538a9bee7547e39f230824a54d06e78bfcb2e1c7f5df507709fc6b7f all runs: OK false negative chance: 0.000 # git bisect start ffc253263a1375a65fa6c9f62a893e9767fbebfa 6995e2de6891c724bfeb2db33d7b87775f913ad1 Bisecting: 14980 revisions left to test after this (roughly 14 steps) [d011151616e73de20c139580b73fa4c7042bd861] Merge branch 'kvm-x86-mmu-6.6' into HEAD testing commit d011151616e73de20c139580b73fa4c7042bd861 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: c9859f0b177b0cf3f8ddecb0ed83b6ef2ea73268db36e01f4e0fca2fa6d770a8 all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] # git bisect bad d011151616e73de20c139580b73fa4c7042bd861 Bisecting: 7672 revisions left to test after this (roughly 13 steps) [b775d6c5859affe00527cbe74263de05cfe6b9f9] Merge tag 'mips_6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux testing commit b775d6c5859affe00527cbe74263de05cfe6b9f9 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 680744a00253242f2d4321398faba4d90cb816087cebfc456bb43ad93869c7b8 all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] # git bisect bad b775d6c5859affe00527cbe74263de05cfe6b9f9 Bisecting: 3061 revisions left to test after this (roughly 12 steps) [3a8a670eeeaa40d87bd38a587438952741980c18] Merge tag 'net-next-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 3a8a670eeeaa40d87bd38a587438952741980c18 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: dd48c787acb270e85d061d3c92f4fbf1a8e7079b848e442716667bca47fa0e8b all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] # git bisect bad 3a8a670eeeaa40d87bd38a587438952741980c18 Bisecting: 2103 revisions left to test after this (roughly 11 steps) [6e17c6de3ddf3073741d9c91a796ee696914d8a0] Merge tag 'mm-stable-2023-06-24-19-15' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm testing commit 6e17c6de3ddf3073741d9c91a796ee696914d8a0 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 41777ec21c8ed4cb180e9fc1467d0afef7bfa765f0e9b9b64f60f752010dc1f7 all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] # git bisect bad 6e17c6de3ddf3073741d9c91a796ee696914d8a0 Bisecting: 1048 revisions left to test after this (roughly 10 steps) [2605e80d3438c77190f55b821c6575048c68268e] Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit 2605e80d3438c77190f55b821c6575048c68268e gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: d0c9427d78142b69e5e97ea41e2c28d1bc3e8a3f8608671b4df80d21597a0efe all runs: OK false negative chance: 0.000 # git bisect good 2605e80d3438c77190f55b821c6575048c68268e Bisecting: 515 revisions left to test after this (roughly 9 steps) [72dc6db7e3b692f46f3386b8dd5101d3f431adef] Merge tag 'wq-for-6.5-cleanup-ordered' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq testing commit 72dc6db7e3b692f46f3386b8dd5101d3f431adef gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 6997885ea63151909ee079ea19eb5ef2996ae23ab4cf2e92ebe712c00b2183a9 all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] # git bisect bad 72dc6db7e3b692f46f3386b8dd5101d3f431adef Bisecting: 263 revisions left to test after this (roughly 8 steps) [a3540495324af9b7fa95b62da2ccbf7cdb4e3622] Merge tag 'docs-6.5' of git://git.lwn.net/linux testing commit a3540495324af9b7fa95b62da2ccbf7cdb4e3622 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: f7effdec02e6c0af05e55e43098bfb83345f3beec0297dbb1c15af8a09baf0ca all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] # git bisect bad a3540495324af9b7fa95b62da2ccbf7cdb4e3622 Bisecting: 138 revisions left to test after this (roughly 7 steps) [1ef6663a587ba3e57dc5065a477db1c64481eedd] Merge tag 'tag-chrome-platform-for-v6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux testing commit 1ef6663a587ba3e57dc5065a477db1c64481eedd gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: d52e606688d4fa72110932c47b0e747f7ac046613d161bb59d0fd0406d0e5083 all runs: OK false negative chance: 0.000 # git bisect good 1ef6663a587ba3e57dc5065a477db1c64481eedd Bisecting: 85 revisions left to test after this (roughly 6 steps) [dd58d666ac08eb5eb81e4956172fc52b3bf0ab38] selftests/nolibc: make sure gcc always use little endian on MIPS testing commit dd58d666ac08eb5eb81e4956172fc52b3bf0ab38 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 8c3296a4a77d1ebfc93a0310f1d450a851319d84c5fa3d80c446ac944a64f884 all runs: OK false negative chance: 0.000 # git bisect good dd58d666ac08eb5eb81e4956172fc52b3bf0ab38 Bisecting: 50 revisions left to test after this (roughly 6 steps) [b19edac5992da0188be98454ca592621d3d89844] Merge tag 'nolibc.2023.06.22a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu testing commit b19edac5992da0188be98454ca592621d3d89844 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: f7effdec02e6c0af05e55e43098bfb83345f3beec0297dbb1c15af8a09baf0ca all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] # git bisect bad b19edac5992da0188be98454ca592621d3d89844 Bisecting: 26 revisions left to test after this (roughly 4 steps) [6b706e5603c44ff0b6f43c2e26e0d590e1d265f8] rcu/kvfree: Make drain_page_cache() take early return if cache is disabled testing commit 6b706e5603c44ff0b6f43c2e26e0d590e1d265f8 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 65117daf0c6bee699480afdf451c40abe418e21fb6bce9d9257b1b7215f82d20 all runs: OK false negative chance: 0.000 # git bisect good 6b706e5603c44ff0b6f43c2e26e0d590e1d265f8 Bisecting: 18 revisions left to test after this (roughly 4 steps) [401b0de3ae4fa49d1014c8941e26d9a25f37e7cf] rcu-tasks: Stop rcu_tasks_invoke_cbs() from using never-onlined CPUs testing commit 401b0de3ae4fa49d1014c8941e26d9a25f37e7cf gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 5ad0e02351067b35e495221b8ff88b6007a608ce4626bbadd47ed8693c657a36 all runs: OK false negative chance: 0.000 # git bisect good 401b0de3ae4fa49d1014c8941e26d9a25f37e7cf Bisecting: 12 revisions left to test after this (roughly 3 steps) [ce2544b2d05ee84cb9be1e05bf3e1a98c72b15dc] torture: Remove duplicated argument -enable-kvm for ppc64 testing commit ce2544b2d05ee84cb9be1e05bf3e1a98c72b15dc gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 8c3296a4a77d1ebfc93a0310f1d450a851319d84c5fa3d80c446ac944a64f884 all runs: OK false negative chance: 0.000 # git bisect good ce2544b2d05ee84cb9be1e05bf3e1a98c72b15dc Bisecting: 8 revisions left to test after this (roughly 3 steps) [e1bd2334f165aa7bef7f9fa2b0bef97a85614963] rcu: Add more RCU files to kernel-api.rst testing commit e1bd2334f165aa7bef7f9fa2b0bef97a85614963 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 8c3296a4a77d1ebfc93a0310f1d450a851319d84c5fa3d80c446ac944a64f884 all runs: OK false negative chance: 0.000 # git bisect good e1bd2334f165aa7bef7f9fa2b0bef97a85614963 Bisecting: 4 revisions left to test after this (roughly 2 steps) [fbde57d2d2995375305917b3c944bc861beb84d4] rcu/nocb: Make shrinker iterate only over NOCB CPUs testing commit fbde57d2d2995375305917b3c944bc861beb84d4 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 4923a22b3317e4f4084414af5b0cf2ffd4b1273d4a0c06836cdafc59d9969b65 all runs: OK false negative chance: 0.000 # git bisect good fbde57d2d2995375305917b3c944bc861beb84d4 Bisecting: 2 revisions left to test after this (roughly 1 step) [edff5e9a99e0ed9463999455b2604c3154eb7ab3] rcu-tasks: Clarify the cblist_init_generic() function's pr_info() output testing commit edff5e9a99e0ed9463999455b2604c3154eb7ab3 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: c343626c8a8a88010110ec5ac37831da9f858fe29e3fd0b6b77ab598cfe664b7 all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] # git bisect bad edff5e9a99e0ed9463999455b2604c3154eb7ab3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [5fc8cbe4cf0fd34ded8045c385790c3bf04f6785] rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic() testing commit 5fc8cbe4cf0fd34ded8045c385790c3bf04f6785 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: d76beac4989f4d83b21124f4674881e9e64b7c05b7d997b9b6bd8cfa910afc6f all runs: crashed: possible deadlock in ocfs2_write_begin_nolock representative crash: possible deadlock in ocfs2_write_begin_nolock, types: [LOCKDEP] # git bisect bad 5fc8cbe4cf0fd34ded8045c385790c3bf04f6785 5fc8cbe4cf0fd34ded8045c385790c3bf04f6785 is the first bad commit commit 5fc8cbe4cf0fd34ded8045c385790c3bf04f6785 Author: Shigeru Yoshida Date: Wed Aug 3 01:22:05 2022 +0900 rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic() pr_info() is called with rtp->cbs_gbl_lock spin lock locked. Because pr_info() calls printk() that might sleep, this will result in BUG like below: [ 0.206455] cblist_init_generic: Setting adjustable number of callback queues. [ 0.206463] [ 0.206464] ============================= [ 0.206464] [ BUG: Invalid wait context ] [ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted [ 0.206466] ----------------------------- [ 0.206466] swapper/0/1 is trying to lock: [ 0.206467] ffffffffa0167a58 (&port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0 [ 0.206473] other info that might help us debug this: [ 0.206473] context-{5:5} [ 0.206474] 3 locks held by swapper/0/1: [ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0 [ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e [ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330 [ 0.206485] stack backtrace: [ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5 [ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014 [ 0.206489] Call Trace: [ 0.206490] [ 0.206491] dump_stack_lvl+0x6a/0x9f [ 0.206493] __lock_acquire.cold+0x2d7/0x2fe [ 0.206496] ? stack_trace_save+0x46/0x70 [ 0.206497] lock_acquire+0xd1/0x2f0 [ 0.206499] ? serial8250_console_write+0x327/0x4a0 [ 0.206500] ? __lock_acquire+0x5c7/0x2720 [ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90 [ 0.206504] ? serial8250_console_write+0x327/0x4a0 [ 0.206506] serial8250_console_write+0x327/0x4a0 [ 0.206508] console_emit_next_record.constprop.0+0x180/0x330 [ 0.206511] console_unlock+0xf7/0x1f0 [ 0.206512] vprintk_emit+0xf7/0x330 [ 0.206514] _printk+0x63/0x7e [ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32 [ 0.206518] rcu_init_tasks_generic+0x5/0xd9 [ 0.206522] kernel_init_freeable+0x15b/0x2a2 [ 0.206523] ? rest_init+0x160/0x160 [ 0.206526] kernel_init+0x11/0x120 [ 0.206527] ret_from_fork+0x1f/0x30 [ 0.206530] [ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1. This patch moves pr_info() so that it is called without rtp->cbs_gbl_lock locked. Signed-off-by: Shigeru Yoshida Tested-by: "Zhang, Qiang1" Signed-off-by: Paul E. McKenney kernel/rcu/tasks.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) accumulated error probability: 0.00 parent commit ac9a78681b921877518763ba0e89202254349d1b wasn't tested testing commit ac9a78681b921877518763ba0e89202254349d1b gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 8c3296a4a77d1ebfc93a0310f1d450a851319d84c5fa3d80c446ac944a64f884 culprit signature: d76beac4989f4d83b21124f4674881e9e64b7c05b7d997b9b6bd8cfa910afc6f parent signature: 8c3296a4a77d1ebfc93a0310f1d450a851319d84c5fa3d80c446ac944a64f884 revisions tested: 25, total time: 3h8m41.3799608s (build: 2h14m0.817623743s, test: 24m49.809803689s) first bad commit: 5fc8cbe4cf0fd34ded8045c385790c3bf04f6785 rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic() recipients (to): ["paulmck@kernel.org" "qiang1.zhang@intel.com" "syoshida@redhat.com"] recipients (cc): [] crash: possible deadlock in ocfs2_write_begin_nolock audit: type=1400 audit(1736851566.685:11): avc: denied { associate } for pid=1338 comm="syz-executor116" name="file1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 ====================================================== WARNING: possible circular locking dependency detected 6.4.0-rc1-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor116/1338 is trying to acquire lock: ff110001100b5628 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_write_begin_inline fs/ocfs2/aops.c:1482 [inline] ff110001100b5628 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_try_to_write_inline_data fs/ocfs2/aops.c:1585 [inline] ff110001100b5628 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_write_begin_nolock+0xc4d/0x3700 fs/ocfs2/aops.c:1671 but task is already holding lock: ff11000113033d60 (&oi->ip_alloc_sem){++++}-{4:4}, at: ocfs2_write_begin+0x13a/0x2d0 fs/ocfs2/aops.c:1903 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #4 (&oi->ip_alloc_sem){++++}-{4:4}: down_write+0x29/0xb0 kernel/locking/rwsem.c:1573 ocfs2_try_remove_refcount_tree+0x50/0x1f0 fs/ocfs2/refcounttree.c:931 ocfs2_xattr_set+0xdcc/0x1cf0 fs/ocfs2/xattr.c:3661 ocfs2_set_acl+0x2b4/0x2d0 fs/ocfs2/acl.c:254 ocfs2_iop_set_acl+0x127/0x190 fs/ocfs2/acl.c:286 set_posix_acl+0x115/0x160 fs/posix_acl.c:956 vfs_remove_acl+0x25d/0x360 fs/posix_acl.c:1243 removexattr+0xd0/0x130 fs/xattr.c:916 path_removexattr+0xf9/0x110 fs/xattr.c:932 __do_sys_lremovexattr fs/xattr.c:952 [inline] __se_sys_lremovexattr fs/xattr.c:949 [inline] __x64_sys_lremovexattr+0x1c/0x30 fs/xattr.c:949 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd -> #3 (&oi->ip_xattr_sem){++++}-{4:4}: down_read+0x2c/0x40 kernel/locking/rwsem.c:1520 ocfs2_init_acl+0x1f8/0x5f0 fs/ocfs2/acl.c:366 ocfs2_mknod+0x8a6/0x1a60 fs/ocfs2/namei.c:408 ocfs2_mkdir+0x92/0x260 fs/ocfs2/namei.c:655 vfs_mkdir+0x28a/0x380 fs/namei.c:4115 do_mkdirat+0xbd/0x1a0 fs/namei.c:4138 __do_sys_mkdirat fs/namei.c:4153 [inline] __se_sys_mkdirat fs/namei.c:4151 [inline] __x64_sys_mkdirat+0x71/0xa0 fs/namei.c:4151 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd -> #2 (jbd2_handle){++++}-{0:0}: start_this_handle+0x27d/0x8c0 fs/jbd2/transaction.c:463 jbd2__journal_start+0x139/0x2f0 fs/jbd2/transaction.c:520 jbd2_journal_start+0x2c/0x40 fs/jbd2/transaction.c:559 ocfs2_start_trans+0x1e4/0x540 fs/ocfs2/journal.c:355 ocfs2_mknod+0x7a8/0x1a60 fs/ocfs2/namei.c:359 ocfs2_mkdir+0x92/0x260 fs/ocfs2/namei.c:655 vfs_mkdir+0x28a/0x380 fs/namei.c:4115 do_mkdirat+0xbd/0x1a0 fs/namei.c:4138 __do_sys_mkdirat fs/namei.c:4153 [inline] __se_sys_mkdirat fs/namei.c:4151 [inline] __x64_sys_mkdirat+0x71/0xa0 fs/namei.c:4151 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd -> #1 (&journal->j_trans_barrier){.+.+}-{4:4}: down_read+0x2c/0x40 kernel/locking/rwsem.c:1520 ocfs2_start_trans+0x1da/0x540 fs/ocfs2/journal.c:353 ocfs2_mknod+0x7a8/0x1a60 fs/ocfs2/namei.c:359 ocfs2_mkdir+0x92/0x260 fs/ocfs2/namei.c:655 vfs_mkdir+0x28a/0x380 fs/namei.c:4115 do_mkdirat+0xbd/0x1a0 fs/namei.c:4138 __do_sys_mkdirat fs/namei.c:4153 [inline] __se_sys_mkdirat fs/namei.c:4151 [inline] __x64_sys_mkdirat+0x71/0xa0 fs/namei.c:4151 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd -> #0 (sb_internal#2){.+.+}-{0:0}: check_prev_add kernel/locking/lockdep.c:3108 [inline] check_prevs_add kernel/locking/lockdep.c:3227 [inline] validate_chain kernel/locking/lockdep.c:3842 [inline] __lock_acquire+0x10fe/0x1c20 kernel/locking/lockdep.c:5074 lock_acquire kernel/locking/lockdep.c:5691 [inline] lock_acquire+0xc1/0x2b0 kernel/locking/lockdep.c:5656 percpu_down_read include/linux/percpu-rwsem.h:51 [inline] __sb_start_write include/linux/fs.h:1494 [inline] sb_start_intwrite include/linux/fs.h:1616 [inline] ocfs2_start_trans+0x152/0x540 fs/ocfs2/journal.c:351 ocfs2_write_begin_inline fs/ocfs2/aops.c:1482 [inline] ocfs2_try_to_write_inline_data fs/ocfs2/aops.c:1585 [inline] ocfs2_write_begin_nolock+0xc4d/0x3700 fs/ocfs2/aops.c:1671 ocfs2_write_begin+0x158/0x2d0 fs/ocfs2/aops.c:1905 generic_perform_write+0x10b/0x2c0 mm/filemap.c:3923 __generic_file_write_iter+0x1d7/0x260 mm/filemap.c:4051 ocfs2_file_write_iter+0x772/0x1710 fs/ocfs2/file.c:2448 call_write_iter include/linux/fs.h:1868 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x489/0x6c0 fs/read_write.c:584 ksys_write+0xa7/0x170 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd other info that might help us debug this: Chain exists of: sb_internal#2 --> &oi->ip_xattr_sem --> &oi->ip_alloc_sem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&oi->ip_alloc_sem); lock(&oi->ip_xattr_sem); lock(&oi->ip_alloc_sem); rlock(sb_internal#2); *** DEADLOCK *** 3 locks held by syz-executor116/1338: #0: ff110001100b5438 (sb_writers#17){.+.+}-{0:0}, at: ksys_write+0xa7/0x170 fs/read_write.c:637 #1: ff110001130340c8 (&sb->s_type->i_mutex_key#21){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:775 [inline] #1: ff110001130340c8 (&sb->s_type->i_mutex_key#21){+.+.}-{4:4}, at: ocfs2_file_write_iter+0x159/0x1710 fs/ocfs2/file.c:2380 #2: ff11000113033d60 (&oi->ip_alloc_sem){++++}-{4:4}, at: ocfs2_write_begin+0x13a/0x2d0 fs/ocfs2/aops.c:1903 stack backtrace: CPU: 0 PID: 1338 Comm: syz-executor116 Not tainted 6.4.0-rc1-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106 check_noncircular+0x106/0x120 kernel/locking/lockdep.c:2188 check_prev_add kernel/locking/lockdep.c:3108 [inline] check_prevs_add kernel/locking/lockdep.c:3227 [inline] validate_chain kernel/locking/lockdep.c:3842 [inline] __lock_acquire+0x10fe/0x1c20 kernel/locking/lockdep.c:5074 lock_acquire kernel/locking/lockdep.c:5691 [inline] lock_acquire+0xc1/0x2b0 kernel/locking/lockdep.c:5656 percpu_down_read include/linux/percpu-rwsem.h:51 [inline] __sb_start_write include/linux/fs.h:1494 [inline] sb_start_intwrite include/linux/fs.h:1616 [inline] ocfs2_start_trans+0x152/0x540 fs/ocfs2/journal.c:351 ocfs2_write_begin_inline fs/ocfs2/aops.c:1482 [inline] ocfs2_try_to_write_inline_data fs/ocfs2/aops.c:1585 [inline] ocfs2_write_begin_nolock+0xc4d/0x3700 fs/ocfs2/aops.c:1671 ocfs2_write_begin+0x158/0x2d0 fs/ocfs2/aops.c:1905 generic_perform_write+0x10b/0x2c0 mm/filemap.c:3923 __generic_file_write_iter+0x1d7/0x260 mm/filemap.c:4051 ocfs2_file_write_iter+0x772/0x1710 fs/ocfs2/file.c:2448 call_write_iter include/linux/fs.h:1868 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x489/0x6c0 fs/read_write.c:584 ksys_write+0xa7/0x170 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd RIP: 0033:0x7ff07b78f2ed Code: c3 e8 b7 2c 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffcbb1b5ff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007ff07b78f2ed RDX: 0000000000000056 RSI: 0000000020000380 RDI: 0000000000000004 RBP: 0031656c69662f2e R08: 0000000000000014 R09: 0000000000000000 R10: 00007ff07b7dd07e R11: 0000000000000246 R12: 00007ff07b7447c0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000