Hastebin

1
======================================================
WARNING: possible circular locking dependency detected
6.12.18-android16-1-maybe-dirty-4k #1 Tainted: G            E     
------------------------------------------------------
syz.5.1961/6820 is trying to acquire lock:
ffffff81011cf160 (&type->i_mutex_dir_key#10){++++}-{4:4}, at: inode_lock proc/self/cwd/common/include/linux/fs.h:815 [inline]
ffffff81011cf160 (&type->i_mutex_dir_key#10){++++}-{4:4}, at: vfs_rmdir+0x118/0x488 proc/self/cwd/common/fs/namei.c:4329

but task is already holding lock:
ffffff810107e160 (&type->i_mutex_dir_key#9/1){+.+.}-{4:4}, at: inode_lock_nested proc/self/cwd/common/include/linux/fs.h:850 [inline]
ffffff810107e160 (&type->i_mutex_dir_key#9/1){+.+.}-{4:4}, at: do_rmdir+0x144/0x45c proc/self/cwd/common/fs/namei.c:4387

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&type->i_mutex_dir_key#9/1){+.+.}-{4:4}:
       down_write_nested+0x80/0x560 proc/self/cwd/common/kernel/locking/rwsem.c:1740
       inode_lock_nested proc/self/cwd/common/include/linux/fs.h:850 [inline]
       incfs_lookup_dentry+0x58/0xd4 proc/self/cwd/common/fs/incfs/data_mgmt.c:209
       dir_lookup+0x270/0x4a8 proc/self/cwd/common/fs/incfs/vfs.c:1005
       lookup_open proc/self/cwd/common/fs/namei.c:3573 [inline]
       open_last_lookups proc/self/cwd/common/fs/namei.c:3694 [inline]
       path_openat+0xec0/0x29e0 proc/self/cwd/common/fs/namei.c:3930
       do_filp_open+0x128/0x2e0 proc/self/cwd/common/fs/namei.c:3960
       do_sys_openat2+0xe0/0x15c proc/self/cwd/common/fs/open.c:1438
       do_sys_open proc/self/cwd/common/fs/open.c:1453 [inline]
       __do_sys_openat proc/self/cwd/common/fs/open.c:1469 [inline]
       __se_sys_openat proc/self/cwd/common/fs/open.c:1464 [inline]
       __arm64_sys_openat+0x128/0x164 proc/self/cwd/common/fs/open.c:1464
       __invoke_syscall proc/self/cwd/common/arch/arm64/kernel/syscall.c:35 [inline]
       invoke_syscall+0xa4/0x288 proc/self/cwd/common/arch/arm64/kernel/syscall.c:49
       el0_svc_common+0x138/0x24c proc/self/cwd/common/arch/arm64/kernel/syscall.c:132
       do_el0_svc+0x50/0x64 proc/self/cwd/common/arch/arm64/kernel/syscall.c:151
       el0_svc+0x58/0xb4 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:715
       el0t_64_sync_handler+0x98/0x108 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:733
       el0t_64_sync+0x19c/0x1a0 proc/self/cwd/common/arch/arm64/kernel/entry.S:598

-> #0 (&type->i_mutex_dir_key#10){++++}-{4:4}:
       check_prev_add proc/self/cwd/common/kernel/locking/lockdep.c:3161 [inline]
       check_prevs_add proc/self/cwd/common/kernel/locking/lockdep.c:3280 [inline]
       validate_chain proc/self/cwd/common/kernel/locking/lockdep.c:3904 [inline]
       __lock_acquire+0x2920/0x6cd8 proc/self/cwd/common/kernel/locking/lockdep.c:5202
       lock_acquire+0x1d8/0x574 proc/self/cwd/common/kernel/locking/lockdep.c:5825
       down_write+0x7c/0x55c proc/self/cwd/common/kernel/locking/rwsem.c:1622
       inode_lock proc/self/cwd/common/include/linux/fs.h:815 [inline]
       vfs_rmdir+0x118/0x488 proc/self/cwd/common/fs/namei.c:4329
       do_rmdir+0x1c4/0x45c proc/self/cwd/common/fs/namei.c:4399
       __do_sys_unlinkat proc/self/cwd/common/fs/namei.c:4575 [inline]
       __se_sys_unlinkat proc/self/cwd/common/fs/namei.c:4569 [inline]
       __arm64_sys_unlinkat+0xd0/0x108 proc/self/cwd/common/fs/namei.c:4569
       __invoke_syscall proc/self/cwd/common/arch/arm64/kernel/syscall.c:35 [inline]
       invoke_syscall+0xa4/0x288 proc/self/cwd/common/arch/arm64/kernel/syscall.c:49
       el0_svc_common+0x138/0x24c proc/self/cwd/common/arch/arm64/kernel/syscall.c:132
       do_el0_svc+0x50/0x64 proc/self/cwd/common/arch/arm64/kernel/syscall.c:151
       el0_svc+0x58/0xb4 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:715
       el0t_64_sync_handler+0x98/0x108 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:733
       el0t_64_sync+0x19c/0x1a0 proc/self/cwd/common/arch/arm64/kernel/entry.S:598

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&type->i_mutex_dir_key#9/1);
                               lock(&type->i_mutex_dir_key#10);
                               lock(&type->i_mutex_dir_key#9/1);
  lock(&type->i_mutex_dir_key#10);

 *** DEADLOCK ***

2 locks held by syz.5.1961/6820:
 #0: ffffff80cda1a450 (sb_writers#16){.+.+}-{0:0}, at: mnt_want_write+0x4c/0xa8 proc/self/cwd/common/fs/namespace.c:516
 #1: ffffff810107e160 (&type->i_mutex_dir_key#9/1){+.+.}-{4:4}, at: inode_lock_nested proc/self/cwd/common/include/linux/fs.h:850 [inline]
 #1: ffffff810107e160 (&type->i_mutex_dir_key#9/1){+.+.}-{4:4}, at: do_rmdir+0x144/0x45c proc/self/cwd/common/fs/namei.c:4387

stack backtrace:
CPU: 3 UID: 0 PID: 6820 Comm: syz.5.1961 Tainted: G            E      6.12.18-android16-1-maybe-dirty-4k #1 9af86685e3ad064a54655916afb3d22234382e37
Tainted: [E]=UNSIGNED_MODULE
Hardware name: linux,dummy-virt (DT)
Call trace:
 dump_backtrace+0x18c/0x1bc proc/self/cwd/common/arch/arm64/kernel/stacktrace.c:320
 show_stack+0x34/0x4c proc/self/cwd/common/arch/arm64/kernel/stacktrace.c:328
 __dump_stack proc/self/cwd/common/lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0xc8/0x118 proc/self/cwd/common/lib/dump_stack.c:120
 dump_stack+0x24/0x34 proc/self/cwd/common/lib/dump_stack.c:129
 print_circular_bug+0x158/0x1c4 proc/self/cwd/common/kernel/locking/lockdep.c:2074
 check_noncircular+0x214/0x2f4 proc/self/cwd/common/kernel/locking/lockdep.c:2206
 check_prev_add proc/self/cwd/common/kernel/locking/lockdep.c:3161 [inline]
 check_prevs_add proc/self/cwd/common/kernel/locking/lockdep.c:3280 [inline]
 validate_chain proc/self/cwd/common/kernel/locking/lockdep.c:3904 [inline]
 __lock_acquire+0x2920/0x6cd8 proc/self/cwd/common/kernel/locking/lockdep.c:5202
 lock_acquire+0x1d8/0x574 proc/self/cwd/common/kernel/locking/lockdep.c:5825
 down_write+0x7c/0x55c proc/self/cwd/common/kernel/locking/rwsem.c:1622
 inode_lock proc/self/cwd/common/include/linux/fs.h:815 [inline]
 vfs_rmdir+0x118/0x488 proc/self/cwd/common/fs/namei.c:4329
 do_rmdir+0x1c4/0x45c proc/self/cwd/common/fs/namei.c:4399
 __do_sys_unlinkat proc/self/cwd/common/fs/namei.c:4575 [inline]
 __se_sys_unlinkat proc/self/cwd/common/fs/namei.c:4569 [inline]
 __arm64_sys_unlinkat+0xd0/0x108 proc/self/cwd/common/fs/namei.c:4569
 __invoke_syscall proc/self/cwd/common/arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0xa4/0x288 proc/self/cwd/common/arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x138/0x24c proc/self/cwd/common/arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x50/0x64 proc/self/cwd/common/arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0xb4 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:715
 el0t_64_sync_handler+0x98/0x108 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:733
 el0t_64_sync+0x19c/0x1a0 proc/self/cwd/common/arch/arm64/kernel/entry.S:598

For immediate assistance, please email our customer support: [email protected]

Download RAW File