======================================================
WARNING: possible circular locking dependency detected
6.10.0-rc2-syzkaller-00007-gf06ce441457d #0 Not tainted
------------------------------------------------------
kswapd0/88 is trying to acquire lock:
ffff88802fc0c610 (sb_internal){.+.+}-{0:0}, at: __sb_start_write include/linux/fs.h:1655 [inline]
ffff88802fc0c610 (sb_internal){.+.+}-{0:0}, at: sb_start_intwrite include/linux/fs.h:1838 [inline]
ffff88802fc0c610 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x2f4/0xf50 fs/ext4/inode.c:212

but task is already holding lock:
ffffffff8e42b240 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat mm/vmscan.c:6798 [inline]
ffffffff8e42b240 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0xbe8/0x3700 mm/vmscan.c:7180

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (fs_reclaim){+.+.}-{0:0}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
       __fs_reclaim_acquire mm/page_alloc.c:3783 [inline]
       fs_reclaim_acquire+0x88/0x140 mm/page_alloc.c:3797
       might_alloc include/linux/sched/mm.h:334 [inline]
       slab_pre_alloc_hook mm/slub.c:3890 [inline]
       slab_alloc_node mm/slub.c:3980 [inline]
       __do_kmalloc_node mm/slub.c:4120 [inline]
       __kmalloc_node_noprof+0xb0/0x440 mm/slub.c:4128
       kmalloc_node_noprof include/linux/slab.h:681 [inline]
       kvmalloc_node_noprof+0x72/0x190 mm/util.c:634
       ext4_xattr_inode_cache_find fs/ext4/xattr.c:1535 [inline]
       ext4_xattr_inode_lookup_create+0x485/0x1ea0 fs/ext4/xattr.c:1581
       ext4_xattr_block_set+0x274/0x3980 fs/ext4/xattr.c:1910
       ext4_xattr_move_to_block fs/ext4/xattr.c:2663 [inline]
       ext4_xattr_make_inode_space fs/ext4/xattr.c:2738 [inline]
       ext4_expand_extra_isize_ea+0x12d7/0x1cf0 fs/ext4/xattr.c:2830
       __ext4_expand_extra_isize+0x2fb/0x3e0 fs/ext4/inode.c:5782
       ext4_try_to_expand_extra_isize fs/ext4/inode.c:5825 [inline]
       __ext4_mark_inode_dirty+0x524/0x880 fs/ext4/inode.c:5903
       ext4_dirty_inode+0xce/0x110 fs/ext4/inode.c:5935
       __mark_inode_dirty+0x327/0xe20 fs/fs-writeback.c:2486
       generic_update_time fs/inode.c:1907 [inline]
       inode_update_time fs/inode.c:1920 [inline]
       touch_atime+0x42c/0x670 fs/inode.c:1992
       file_accessed include/linux/fs.h:2458 [inline]
       filemap_read+0xdc5/0xfa0 mm/filemap.c:2693
       __kernel_read+0x51d/0x9c0 fs/read_write.c:434
       prepare_binprm fs/exec.c:1732 [inline]
       search_binary_handler fs/exec.c:1781 [inline]
       exec_binprm fs/exec.c:1839 [inline]
       bprm_execve+0xa2b/0x17c0 fs/exec.c:1891
       do_execveat_common+0x553/0x700 fs/exec.c:1998
       do_execve fs/exec.c:2072 [inline]
       __do_sys_execve fs/exec.c:2148 [inline]
       __se_sys_execve fs/exec.c:2143 [inline]
       __x64_sys_execve+0x92/0xb0 fs/exec.c:2143
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #2 (&ei->xattr_sem){++++}-{3:3}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
       down_write+0x3a/0x50 kernel/locking/rwsem.c:1579
       ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
       ext4_xattr_set_handle+0x277/0x1580 fs/ext4/xattr.c:2367
       __ext4_set_acl+0x532/0x620 fs/ext4/acl.c:217
       ext4_set_acl+0x468/0x760 fs/ext4/acl.c:259
       set_posix_acl fs/posix_acl.c:955 [inline]
       vfs_remove_acl+0x4cd/0x770 fs/posix_acl.c:1242
       ovl_do_remove_acl fs/overlayfs/overlayfs.h:352 [inline]
       ovl_workdir_create+0x52f/0x980 fs/overlayfs/super.c:340
       ovl_make_workdir fs/overlayfs/super.c:656 [inline]
       ovl_get_workdir+0x311/0x1920 fs/overlayfs/super.c:814
       ovl_fill_super+0x12a8/0x3560 fs/overlayfs/super.c:1382
       vfs_get_super fs/super.c:1269 [inline]
       get_tree_nodev+0xb9/0x140 fs/super.c:1288
       vfs_get_tree+0x92/0x2a0 fs/super.c:1780
       do_new_mount+0x2be/0xb40 fs/namespace.c:3352
       do_mount fs/namespace.c:3692 [inline]
       __do_sys_mount fs/namespace.c:3898 [inline]
       __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3875
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #1 (jbd2_handle){++++}-{0:0}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
       start_this_handle+0x205f/0x22a0 fs/jbd2/transaction.c:463
       jbd2__journal_start+0x2da/0x5d0 fs/jbd2/transaction.c:520
       __ext4_journal_start_sb+0x239/0x600 fs/ext4/ext4_jbd2.c:112
       ext4_sample_last_mounted fs/ext4/file.c:837 [inline]
       ext4_file_open+0x541/0x790 fs/ext4/file.c:865
       do_dentry_open+0x95c/0x1720 fs/open.c:955
       do_open fs/namei.c:3650 [inline]
       path_openat+0x289f/0x3280 fs/namei.c:3807
       do_filp_open+0x235/0x490 fs/namei.c:3834
       do_sys_openat2+0x13e/0x1d0 fs/open.c:1405
       do_sys_open fs/open.c:1420 [inline]
       __do_sys_openat fs/open.c:1436 [inline]
       __se_sys_openat fs/open.c:1431 [inline]
       __x64_sys_openat+0x247/0x2a0 fs/open.c:1431
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (sb_internal){.+.+}-{0:0}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain+0x18e0/0x5900 kernel/locking/lockdep.c:3869
       __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
       percpu_down_read+0x44/0x1b0 include/linux/percpu-rwsem.h:51
       __sb_start_write include/linux/fs.h:1655 [inline]
       sb_start_intwrite include/linux/fs.h:1838 [inline]
       ext4_evict_inode+0x2f4/0xf50 fs/ext4/inode.c:212
       evict+0x2aa/0x630 fs/inode.c:667
       __dentry_kill+0x20d/0x630 fs/dcache.c:603
       shrink_kill+0xa9/0x2c0 fs/dcache.c:1048
       shrink_dentry_list+0x2c0/0x5b0 fs/dcache.c:1075
       prune_dcache_sb+0x10f/0x180 fs/dcache.c:1156
       super_cache_scan+0x34f/0x4b0 fs/super.c:221
       do_shrink_slab+0x707/0x1160 mm/shrinker.c:435
       shrink_slab_memcg mm/shrinker.c:548 [inline]
       shrink_slab+0x87c/0x14d0 mm/shrinker.c:626
       shrink_one+0x453/0x880 mm/vmscan.c:4790
       shrink_many mm/vmscan.c:4851 [inline]
       lru_gen_shrink_node mm/vmscan.c:4951 [inline]
       shrink_node+0x37eb/0x3fe0 mm/vmscan.c:5910
       kswapd_shrink_node mm/vmscan.c:6720 [inline]
       balance_pgdat mm/vmscan.c:6911 [inline]
       kswapd+0x1882/0x3700 mm/vmscan.c:7180
       kthread+0x2f2/0x390 kernel/kthread.c:389
       ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

other info that might help us debug this:

Chain exists of:
  sb_internal --> &ei->xattr_sem --> fs_reclaim

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(fs_reclaim);
                               lock(&ei->xattr_sem);
                               lock(fs_reclaim);
  rlock(sb_internal);

 *** DEADLOCK ***

2 locks held by kswapd0/88:
 #0: ffffffff8e42b240 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat mm/vmscan.c:6798 [inline]
 #0: ffffffff8e42b240 (fs_reclaim){+.+.}-{0:0}, at: kswapd+0xbe8/0x3700 mm/vmscan.c:7180
 #1: ffff88802fc0c0e0 (&type->s_umount_key#32){++++}-{3:3}, at: super_trylock_shared fs/super.c:562 [inline]
 #1: ffff88802fc0c0e0 (&type->s_umount_key#32){++++}-{3:3}, at: super_cache_scan+0x94/0x4b0 fs/super.c:196

stack backtrace:
CPU: 0 PID: 88 Comm: kswapd0 Not tainted 6.10.0-rc2-syzkaller-00007-gf06ce441457d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain+0x18e0/0x5900 kernel/locking/lockdep.c:3869
 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
 percpu_down_read+0x44/0x1b0 include/linux/percpu-rwsem.h:51
 __sb_start_write include/linux/fs.h:1655 [inline]
 sb_start_intwrite include/linux/fs.h:1838 [inline]
 ext4_evict_inode+0x2f4/0xf50 fs/ext4/inode.c:212
 evict+0x2aa/0x630 fs/inode.c:667
 __dentry_kill+0x20d/0x630 fs/dcache.c:603
 shrink_kill+0xa9/0x2c0 fs/dcache.c:1048
 shrink_dentry_list+0x2c0/0x5b0 fs/dcache.c:1075
 prune_dcache_sb+0x10f/0x180 fs/dcache.c:1156
 super_cache_scan+0x34f/0x4b0 fs/super.c:221
 do_shrink_slab+0x707/0x1160 mm/shrinker.c:435
 shrink_slab_memcg mm/shrinker.c:548 [inline]
 shrink_slab+0x87c/0x14d0 mm/shrinker.c:626
 shrink_one+0x453/0x880 mm/vmscan.c:4790
 shrink_many mm/vmscan.c:4851 [inline]
 lru_gen_shrink_node mm/vmscan.c:4951 [inline]
 shrink_node+0x37eb/0x3fe0 mm/vmscan.c:5910
 kswapd_shrink_node mm/vmscan.c:6720 [inline]
 balance_pgdat mm/vmscan.c:6911 [inline]
 kswapd+0x1882/0x3700 mm/vmscan.c:7180
 kthread+0x2f2/0x390 kernel/kthread.c:389
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>