f39300149ccc starts bisection 2025-01-14 16:23:37.433909908 +0800 CST m=+24.829008845 bisecting cause commit starting from 2144da25584eb10b84252230319b5783f6a83041 building syzkaller on HEAD ensuring issue is reproducible on original commit 2144da25584eb10b84252230319b5783f6a83041 testing commit 2144da25584eb10b84252230319b5783f6a83041 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 0cd151041a59cf735d86dab71c17005d2d3f75521634d7be2fdb9ed30960a574 all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] check whether we can drop unnecessary instrumentation disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 2144da25584eb10b84252230319b5783f6a83041 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 8dfdd229bfa5aedba0101fe6b207809d58f2be897d35df780715462144be1d68 all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN ATOMIC_SLEEP], they are not needed kconfig minimization: base=4514 full=4514 leaves diff=0 split chunks (needed=false): <0> split chunk #0 of len 0 into 3 parts disabling configs for [KASAN ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed picked [v6.12 v6.11 v6.10 v6.8 v6.6 v6.4 v6.2 v6.0 v5.17 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 35 release tags testing release v6.12 testing commit adc218676eef25575469234709c2d87185ca223a gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: ff16dcfd1d0e6d66d20ff9d0d90616e488720314d0387b78ae87da729efa9722 all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] testing release v6.11 testing commit 98f7e32f20d28ec452afb208f9cffc08448a2652 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: c84d0fd7054ae0a479e66bcce13d6a909d4fb9466aea8415dab4768937738a2b all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] testing release v6.10 testing commit 0c3836482481200ead7b416ca80c68a29cfdaabd gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: c56f62495e1c914c8d317779248d8171ad254614adb3c7e4ecbdb778b3f62a2c all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] testing release v6.8 testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 2517941b9f39c8538a7ffdcad8f600ab7ebac8fc95fb808aa64506ad6a70bc0c all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] testing release v6.6 testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 1534f6c7d5c25b020b750599c8000c45f516b4069a6b0254e801f7599997b47a all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] testing release v6.4 testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 5ebee0544fd64d182219dd16a22ec48a5b6b8418b32cb22d7517eb04398aea20 all runs: OK false negative chance: 0.000 # git bisect start ffc253263a1375a65fa6c9f62a893e9767fbebfa 6995e2de6891c724bfeb2db33d7b87775f913ad1 Bisecting: 14980 revisions left to test after this (roughly 14 steps) [d011151616e73de20c139580b73fa4c7042bd861] Merge branch 'kvm-x86-mmu-6.6' into HEAD testing commit d011151616e73de20c139580b73fa4c7042bd861 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 8aad7eabca93d47df87d638e336fa80338ea0ea09a01d9ce1b425a76d63529c6 all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] # git bisect bad d011151616e73de20c139580b73fa4c7042bd861 Bisecting: 7672 revisions left to test after this (roughly 13 steps) [b775d6c5859affe00527cbe74263de05cfe6b9f9] Merge tag 'mips_6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux testing commit b775d6c5859affe00527cbe74263de05cfe6b9f9 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 4d2c4d4adeaae9f367c4641d7db76a5ddc3ceb4779a94c22d1cf9a6786c59fbe all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] # git bisect bad b775d6c5859affe00527cbe74263de05cfe6b9f9 Bisecting: 3061 revisions left to test after this (roughly 12 steps) [3a8a670eeeaa40d87bd38a587438952741980c18] Merge tag 'net-next-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 3a8a670eeeaa40d87bd38a587438952741980c18 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 199e2b803acc17c4f1dbfeab9c309f346b829c85bc9cc029737816d8182a8b10 all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] # git bisect bad 3a8a670eeeaa40d87bd38a587438952741980c18 Bisecting: 2103 revisions left to test after this (roughly 11 steps) [6e17c6de3ddf3073741d9c91a796ee696914d8a0] Merge tag 'mm-stable-2023-06-24-19-15' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm testing commit 6e17c6de3ddf3073741d9c91a796ee696914d8a0 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: df0a75c37fc5256647d567ab83452dbf5bc4c59372bedaf7410bccd0ee95968b all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] # git bisect bad 6e17c6de3ddf3073741d9c91a796ee696914d8a0 Bisecting: 1048 revisions left to test after this (roughly 10 steps) [2605e80d3438c77190f55b821c6575048c68268e] Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit 2605e80d3438c77190f55b821c6575048c68268e gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 47801fec3391d0ffe4e80c474b3dcc7eab19e5e5b9151dd3d4e0f79c644cc856 all runs: OK false negative chance: 0.000 # git bisect good 2605e80d3438c77190f55b821c6575048c68268e Bisecting: 515 revisions left to test after this (roughly 9 steps) [72dc6db7e3b692f46f3386b8dd5101d3f431adef] Merge tag 'wq-for-6.5-cleanup-ordered' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq testing commit 72dc6db7e3b692f46f3386b8dd5101d3f431adef gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 2a14d5a901a5909a9800e97532aa4cfd2e74ed3ffdc5764b21edf8a197341a65 all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] # git bisect bad 72dc6db7e3b692f46f3386b8dd5101d3f431adef Bisecting: 263 revisions left to test after this (roughly 8 steps) [a3540495324af9b7fa95b62da2ccbf7cdb4e3622] Merge tag 'docs-6.5' of git://git.lwn.net/linux testing commit a3540495324af9b7fa95b62da2ccbf7cdb4e3622 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: e3312c1573eab6f12c297128f495d421f05d6e26066c08a3401effc9aedf6d89 all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] # git bisect bad a3540495324af9b7fa95b62da2ccbf7cdb4e3622 Bisecting: 138 revisions left to test after this (roughly 7 steps) [1ef6663a587ba3e57dc5065a477db1c64481eedd] Merge tag 'tag-chrome-platform-for-v6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux testing commit 1ef6663a587ba3e57dc5065a477db1c64481eedd gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 743fd3e3c23ff9530b09ae047e7de6f7c8fda78898acb12e3fb45030448725b2 all runs: OK false negative chance: 0.000 # git bisect good 1ef6663a587ba3e57dc5065a477db1c64481eedd Bisecting: 85 revisions left to test after this (roughly 6 steps) [dd58d666ac08eb5eb81e4956172fc52b3bf0ab38] selftests/nolibc: make sure gcc always use little endian on MIPS testing commit dd58d666ac08eb5eb81e4956172fc52b3bf0ab38 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 8cb52db3d5b1fd184673aba1180bcb6dda729439fa91f6d81825b5874733d751 all runs: OK false negative chance: 0.000 # git bisect good dd58d666ac08eb5eb81e4956172fc52b3bf0ab38 Bisecting: 50 revisions left to test after this (roughly 6 steps) [b19edac5992da0188be98454ca592621d3d89844] Merge tag 'nolibc.2023.06.22a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu testing commit b19edac5992da0188be98454ca592621d3d89844 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: e3312c1573eab6f12c297128f495d421f05d6e26066c08a3401effc9aedf6d89 all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] # git bisect bad b19edac5992da0188be98454ca592621d3d89844 Bisecting: 26 revisions left to test after this (roughly 4 steps) [6b706e5603c44ff0b6f43c2e26e0d590e1d265f8] rcu/kvfree: Make drain_page_cache() take early return if cache is disabled testing commit 6b706e5603c44ff0b6f43c2e26e0d590e1d265f8 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: c0327bd383828ddb6e6defd5620aae12ca92745d53ae38c0527c5f41216f2608 all runs: OK false negative chance: 0.000 # git bisect good 6b706e5603c44ff0b6f43c2e26e0d590e1d265f8 Bisecting: 18 revisions left to test after this (roughly 4 steps) [401b0de3ae4fa49d1014c8941e26d9a25f37e7cf] rcu-tasks: Stop rcu_tasks_invoke_cbs() from using never-onlined CPUs testing commit 401b0de3ae4fa49d1014c8941e26d9a25f37e7cf gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 70b89f1a507979cd68eeb8f0c4760a630bc31369af03fa7e90d04ef3762b3558 all runs: OK false negative chance: 0.000 # git bisect good 401b0de3ae4fa49d1014c8941e26d9a25f37e7cf Bisecting: 12 revisions left to test after this (roughly 3 steps) [ce2544b2d05ee84cb9be1e05bf3e1a98c72b15dc] torture: Remove duplicated argument -enable-kvm for ppc64 testing commit ce2544b2d05ee84cb9be1e05bf3e1a98c72b15dc gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 8cb52db3d5b1fd184673aba1180bcb6dda729439fa91f6d81825b5874733d751 all runs: OK false negative chance: 0.000 # git bisect good ce2544b2d05ee84cb9be1e05bf3e1a98c72b15dc Bisecting: 8 revisions left to test after this (roughly 3 steps) [e1bd2334f165aa7bef7f9fa2b0bef97a85614963] rcu: Add more RCU files to kernel-api.rst testing commit e1bd2334f165aa7bef7f9fa2b0bef97a85614963 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 8cb52db3d5b1fd184673aba1180bcb6dda729439fa91f6d81825b5874733d751 all runs: OK false negative chance: 0.000 # git bisect good e1bd2334f165aa7bef7f9fa2b0bef97a85614963 Bisecting: 4 revisions left to test after this (roughly 2 steps) [fbde57d2d2995375305917b3c944bc861beb84d4] rcu/nocb: Make shrinker iterate only over NOCB CPUs testing commit fbde57d2d2995375305917b3c944bc861beb84d4 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 42fd114ab2e5d277d98835d9b69e2ee23af26b3ad7faace4e83571deb7a17511 all runs: OK false negative chance: 0.000 # git bisect good fbde57d2d2995375305917b3c944bc861beb84d4 Bisecting: 2 revisions left to test after this (roughly 1 step) [edff5e9a99e0ed9463999455b2604c3154eb7ab3] rcu-tasks: Clarify the cblist_init_generic() function's pr_info() output testing commit edff5e9a99e0ed9463999455b2604c3154eb7ab3 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 0df46a9cdc4271e485cd6b1e894361434c6e2e6d8e43cdac2e25844864e3d20c all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] # git bisect bad edff5e9a99e0ed9463999455b2604c3154eb7ab3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [5fc8cbe4cf0fd34ded8045c385790c3bf04f6785] rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic() testing commit 5fc8cbe4cf0fd34ded8045c385790c3bf04f6785 gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 8cc956e30a3572433a3662c95df4e0073f62d9d2b551951bf223bf2bbcbe23d3 all runs: crashed: possible deadlock in ocfs2_init_acl representative crash: possible deadlock in ocfs2_init_acl, types: [LOCKDEP] # git bisect bad 5fc8cbe4cf0fd34ded8045c385790c3bf04f6785 5fc8cbe4cf0fd34ded8045c385790c3bf04f6785 is the first bad commit commit 5fc8cbe4cf0fd34ded8045c385790c3bf04f6785 Author: Shigeru Yoshida Date: Wed Aug 3 01:22:05 2022 +0900 rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic() pr_info() is called with rtp->cbs_gbl_lock spin lock locked. Because pr_info() calls printk() that might sleep, this will result in BUG like below: [ 0.206455] cblist_init_generic: Setting adjustable number of callback queues. [ 0.206463] [ 0.206464] ============================= [ 0.206464] [ BUG: Invalid wait context ] [ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted [ 0.206466] ----------------------------- [ 0.206466] swapper/0/1 is trying to lock: [ 0.206467] ffffffffa0167a58 (&port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0 [ 0.206473] other info that might help us debug this: [ 0.206473] context-{5:5} [ 0.206474] 3 locks held by swapper/0/1: [ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0 [ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e [ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330 [ 0.206485] stack backtrace: [ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5 [ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014 [ 0.206489] Call Trace: [ 0.206490] [ 0.206491] dump_stack_lvl+0x6a/0x9f [ 0.206493] __lock_acquire.cold+0x2d7/0x2fe [ 0.206496] ? stack_trace_save+0x46/0x70 [ 0.206497] lock_acquire+0xd1/0x2f0 [ 0.206499] ? serial8250_console_write+0x327/0x4a0 [ 0.206500] ? __lock_acquire+0x5c7/0x2720 [ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90 [ 0.206504] ? serial8250_console_write+0x327/0x4a0 [ 0.206506] serial8250_console_write+0x327/0x4a0 [ 0.206508] console_emit_next_record.constprop.0+0x180/0x330 [ 0.206511] console_unlock+0xf7/0x1f0 [ 0.206512] vprintk_emit+0xf7/0x330 [ 0.206514] _printk+0x63/0x7e [ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32 [ 0.206518] rcu_init_tasks_generic+0x5/0xd9 [ 0.206522] kernel_init_freeable+0x15b/0x2a2 [ 0.206523] ? rest_init+0x160/0x160 [ 0.206526] kernel_init+0x11/0x120 [ 0.206527] ret_from_fork+0x1f/0x30 [ 0.206530] [ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1. This patch moves pr_info() so that it is called without rtp->cbs_gbl_lock locked. Signed-off-by: Shigeru Yoshida Tested-by: "Zhang, Qiang1" Signed-off-by: Paul E. McKenney kernel/rcu/tasks.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) accumulated error probability: 0.00 parent commit ac9a78681b921877518763ba0e89202254349d1b wasn't tested testing commit ac9a78681b921877518763ba0e89202254349d1b gcc compiler: gcc (Ubuntu 11.4.0-2ubuntu1~20.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34 kernel signature: 8cb52db3d5b1fd184673aba1180bcb6dda729439fa91f6d81825b5874733d751 culprit signature: 8cc956e30a3572433a3662c95df4e0073f62d9d2b551951bf223bf2bbcbe23d3 parent signature: 8cb52db3d5b1fd184673aba1180bcb6dda729439fa91f6d81825b5874733d751 revisions tested: 25, total time: 3h15m8.153104146s (build: 2h21m0.956633765s, test: 25m14.540284594s) first bad commit: 5fc8cbe4cf0fd34ded8045c385790c3bf04f6785 rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic() recipients (to): ["paulmck@kernel.org" "qiang1.zhang@intel.com" "syoshida@redhat.com"] recipients (cc): [] crash: possible deadlock in ocfs2_init_acl audit: type=1400 audit(1736854443.303:11): avc: denied { associate } for pid=1339 comm="syz-executor142" name="file0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 ====================================================== WARNING: possible circular locking dependency detected 6.4.0-rc1-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor142/1339 is trying to acquire lock: ff1100010c4786f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_init_acl+0x1f8/0x5f0 fs/ocfs2/acl.c:366 but task is already holding lock: ff1100010c8cd990 (jbd2_handle){++++}-{0:0}, at: update_t_max_wait fs/jbd2/transaction.c:151 [inline] ff1100010c8cd990 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x20c/0x8c0 fs/jbd2/transaction.c:449 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #4 (jbd2_handle){++++}-{0:0}: start_this_handle+0x27d/0x8c0 fs/jbd2/transaction.c:463 jbd2__journal_start+0x139/0x2f0 fs/jbd2/transaction.c:520 jbd2_journal_start+0x2c/0x40 fs/jbd2/transaction.c:559 ocfs2_start_trans+0x1e4/0x540 fs/ocfs2/journal.c:355 ocfs2_symlink+0x861/0x24b0 fs/ocfs2/namei.c:1909 vfs_symlink fs/namei.c:4475 [inline] vfs_symlink+0x207/0x2e0 fs/namei.c:4459 do_symlinkat+0xaf/0x180 fs/namei.c:4501 __do_sys_symlink fs/namei.c:4522 [inline] __se_sys_symlink fs/namei.c:4520 [inline] __x64_sys_symlink+0x40/0x50 fs/namei.c:4520 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}: down_read+0x2c/0x40 kernel/locking/rwsem.c:1520 ocfs2_start_trans+0x1da/0x540 fs/ocfs2/journal.c:353 ocfs2_symlink+0x861/0x24b0 fs/ocfs2/namei.c:1909 vfs_symlink fs/namei.c:4475 [inline] vfs_symlink+0x207/0x2e0 fs/namei.c:4459 do_symlinkat+0xaf/0x180 fs/namei.c:4501 __do_sys_symlink fs/namei.c:4522 [inline] __se_sys_symlink fs/namei.c:4520 [inline] __x64_sys_symlink+0x40/0x50 fs/namei.c:4520 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd -> #2 (sb_internal#2){.+.+}-{0:0}: percpu_down_read include/linux/percpu-rwsem.h:51 [inline] __sb_start_write include/linux/fs.h:1494 [inline] sb_start_intwrite include/linux/fs.h:1616 [inline] ocfs2_start_trans+0x152/0x540 fs/ocfs2/journal.c:351 ocfs2_xattr_set+0xef1/0x1cf0 fs/ocfs2/xattr.c:3635 __vfs_setxattr+0x103/0x140 fs/xattr.c:201 __vfs_setxattr_noperm+0xa9/0x310 fs/xattr.c:235 __vfs_setxattr_locked+0x15f/0x190 fs/xattr.c:296 vfs_setxattr+0xc7/0x220 fs/xattr.c:322 do_setxattr+0xb5/0xc0 fs/xattr.c:630 setxattr+0xc1/0xe0 fs/xattr.c:653 path_setxattr+0x11c/0x140 fs/xattr.c:672 __do_sys_lsetxattr fs/xattr.c:695 [inline] __se_sys_lsetxattr fs/xattr.c:691 [inline] __x64_sys_lsetxattr+0x29/0x40 fs/xattr.c:691 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{4:4}: down_write+0x29/0xb0 kernel/locking/rwsem.c:1573 inode_lock include/linux/fs.h:775 [inline] ocfs2_reserve_suballoc_bits+0x83/0x2440 fs/ocfs2/suballoc.c:782 ocfs2_reserve_new_metadata_blocks+0x2ec/0x5b0 fs/ocfs2/suballoc.c:978 ocfs2_init_xattr_set_ctxt fs/ocfs2/xattr.c:3269 [inline] ocfs2_xattr_set+0x11c2/0x1cf0 fs/ocfs2/xattr.c:3626 __vfs_setxattr+0x103/0x140 fs/xattr.c:201 __vfs_setxattr_noperm+0xa9/0x310 fs/xattr.c:235 __vfs_setxattr_locked+0x15f/0x190 fs/xattr.c:296 vfs_setxattr+0xc7/0x220 fs/xattr.c:322 do_setxattr+0xb5/0xc0 fs/xattr.c:630 setxattr+0xc1/0xe0 fs/xattr.c:653 path_setxattr+0x11c/0x140 fs/xattr.c:672 __do_sys_lsetxattr fs/xattr.c:695 [inline] __se_sys_lsetxattr fs/xattr.c:691 [inline] __x64_sys_lsetxattr+0x29/0x40 fs/xattr.c:691 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd -> #0 (&oi->ip_xattr_sem){++++}-{4:4}: check_prev_add kernel/locking/lockdep.c:3108 [inline] check_prevs_add kernel/locking/lockdep.c:3227 [inline] validate_chain kernel/locking/lockdep.c:3842 [inline] __lock_acquire+0x10fe/0x1c20 kernel/locking/lockdep.c:5074 lock_acquire kernel/locking/lockdep.c:5691 [inline] lock_acquire+0xc1/0x2b0 kernel/locking/lockdep.c:5656 down_read+0x2c/0x40 kernel/locking/rwsem.c:1520 ocfs2_init_acl+0x1f8/0x5f0 fs/ocfs2/acl.c:366 ocfs2_mknod+0x8a6/0x1a60 fs/ocfs2/namei.c:408 ocfs2_create+0x94/0x260 fs/ocfs2/namei.c:672 lookup_open.isra.0+0x824/0x920 fs/namei.c:3492 open_last_lookups fs/namei.c:3560 [inline] path_openat+0x5b6/0x11d0 fs/namei.c:3788 do_filp_open+0xce/0x1c0 fs/namei.c:3818 do_sys_openat2+0xf0/0x260 fs/open.c:1356 do_sys_open fs/open.c:1372 [inline] __do_sys_openat fs/open.c:1388 [inline] __se_sys_openat fs/open.c:1383 [inline] __x64_sys_openat+0x83/0xf0 fs/open.c:1383 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd other info that might help us debug this: Chain exists of: &oi->ip_xattr_sem --> &journal->j_trans_barrier --> jbd2_handle Possible unsafe locking scenario: CPU0 CPU1 ---- ---- rlock(jbd2_handle); lock(&journal->j_trans_barrier); lock(jbd2_handle); rlock(&oi->ip_xattr_sem); *** DEADLOCK *** 8 locks held by syz-executor142/1339: #0: ff110001085df438 (sb_writers#17){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3549 [inline] #0: ff110001085df438 (sb_writers#17){.+.+}-{0:0}, at: path_openat+0x11af/0x11d0 fs/namei.c:3788 #1: ff1100010c4789c8 (&type->i_mutex_dir_key#9){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:775 [inline] #1: ff1100010c4789c8 (&type->i_mutex_dir_key#9){+.+.}-{4:4}, at: open_last_lookups fs/namei.c:3557 [inline] #1: ff1100010c4789c8 (&type->i_mutex_dir_key#9){+.+.}-{4:4}, at: path_openat+0x596/0x11d0 fs/namei.c:3788 #2: ff1100010c47f7c8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:775 [inline] #2: ff1100010c47f7c8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x83/0x2440 fs/ocfs2/suballoc.c:782 #3: ff1100010c47ea08 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:775 [inline] #3: ff1100010c47ea08 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x83/0x2440 fs/ocfs2/suballoc.c:782 #4: ff11000112141788 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:775 [inline] #4: ff11000112141788 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x7d/0x4c0 fs/ocfs2/localalloc.c:635 #5: ff110001085df628 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_mknod+0x7a8/0x1a60 fs/ocfs2/namei.c:359 #6: ff1100010873f6e8 (&journal->j_trans_barrier){.+.+}-{4:4}, at: ocfs2_start_trans+0x1da/0x540 fs/ocfs2/journal.c:353 #7: ff1100010c8cd990 (jbd2_handle){++++}-{0:0}, at: update_t_max_wait fs/jbd2/transaction.c:151 [inline] #7: ff1100010c8cd990 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x20c/0x8c0 fs/jbd2/transaction.c:449 stack backtrace: CPU: 1 PID: 1339 Comm: syz-executor142 Not tainted 6.4.0-rc1-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106 check_noncircular+0x106/0x120 kernel/locking/lockdep.c:2188 check_prev_add kernel/locking/lockdep.c:3108 [inline] check_prevs_add kernel/locking/lockdep.c:3227 [inline] validate_chain kernel/locking/lockdep.c:3842 [inline] __lock_acquire+0x10fe/0x1c20 kernel/locking/lockdep.c:5074 lock_acquire kernel/locking/lockdep.c:5691 [inline] lock_acquire+0xc1/0x2b0 kernel/locking/lockdep.c:5656 down_read+0x2c/0x40 kernel/locking/rwsem.c:1520 ocfs2_init_acl+0x1f8/0x5f0 fs/ocfs2/acl.c:366 ocfs2_mknod+0x8a6/0x1a60 fs/ocfs2/namei.c:408 ocfs2_create+0x94/0x260 fs/ocfs2/namei.c:672 lookup_open.isra.0+0x824/0x920 fs/namei.c:3492 open_last_lookups fs/namei.c:3560 [inline] path_openat+0x5b6/0x11d0 fs/namei.c:3788 do_filp_open+0xce/0x1c0 fs/namei.c:3818 do_sys_openat2+0xf0/0x260 fs/open.c:1356 do_sys_open fs/open.c:1372 [inline] __do_sys_openat fs/open.c:1388 [inline] __se_sys_openat fs/open.c:1383 [inline] __x64_sys_openat+0x83/0xf0 fs/open.c:1383 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x73/0xdd RIP: 0033:0x7f6474e6752d Code: c3 e8 b7 2c 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd373021f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f6474e6752d RDX: 0000000000000042 RSI: 0000000020001400 RDI: ffffffffffffff9c RBP: 00007f6474e1c960 R08: 00000000000005d5 R09: 0000000000000000 R10: 00000000000001ff R11: 0000000000000246 R12: 00007f6474eb507f R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000