./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3997545222 <...> Warning: Permanently added '10.128.1.63' (ED25519) to the list of known hosts. execve("./syz-executor3997545222", ["./syz-executor3997545222"], 0x7ffc1fd1a410 /* 10 vars */) = 0 brk(NULL) = 0x55555708d000 brk(0x55555708dd00) = 0x55555708dd00 arch_prctl(ARCH_SET_FS, 0x55555708d380) = 0 set_tid_address(0x55555708d650) = 5015 set_robust_list(0x55555708d660, 24) = 0 rseq(0x55555708dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3997545222", 4096) = 28 getrandom("\xed\x38\xcc\x4b\x18\x86\xdf\x36", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555708dd00 brk(0x5555570aed00) = 0x5555570aed00 brk(0x5555570af000) = 0x5555570af000 mprotect(0x7f4cf6416000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4cedf5e000 [ 72.706846][ T5015] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5015 'syz-executor399' write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 munmap(0x7f4cedf5e000, 32394836) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./mnt", 0777) = 0 [ 73.034097][ T5015] loop0: detected capacity change from 0 to 63271 [ 73.046951][ T5015] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 73.056071][ T5015] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 73.066574][ T5015] F2FS-fs (loop0): invalid crc value [ 73.075803][ T5015] F2FS-fs (loop0): Found nat_bits in checkpoint mount("/dev/loop0", "./mnt", "f2fs", MS_SYNCHRONOUS, "") = 0 openat(AT_FDCWD, "./mnt", O_RDONLY|O_DIRECTORY) = 3 chdir("./mnt") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 openat(AT_FDCWD, ".", O_RDONLY) = 4 mkdirat(4, "./bus", 000) = 0 [ 73.114800][ T5015] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 73.122218][ T5015] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 73.152642][ T5015] [ 73.155032][ T5015] ====================================================== [ 73.162073][ T5015] WARNING: possible circular locking dependency detected [ 73.169467][ T5015] 6.5.0-rc1-syzkaller-00006-g3f01e9fed845 #0 Not tainted [ 73.176535][ T5015] ------------------------------------------------------ [ 73.183556][ T5015] syz-executor399/5015 is trying to acquire lock: [ 73.189968][ T5015] ffff888075c80e00 (&fi->i_sem){+.+.}-{3:3}, at: f2fs_add_inline_entry+0x3a8/0x760 [ 73.199305][ T5015] [ 73.199305][ T5015] but task is already holding lock: [ 73.206675][ T5015] ffff888075c807c8 (&fi->i_xattr_sem){.+.+}-{3:3}, at: f2fs_add_dentry+0x9f/0x1e0 [ 73.215956][ T5015] [ 73.215956][ T5015] which lock already depends on the new lock. [ 73.215956][ T5015] [ 73.226366][ T5015] [ 73.226366][ T5015] the existing dependency chain (in reverse order) is: [ 73.235473][ T5015] [ 73.235473][ T5015] -> #1 (&fi->i_xattr_sem){.+.+}-{3:3}: [ 73.243221][ T5015] down_read+0x47/0x2f0 [ 73.247912][ T5015] f2fs_getxattr+0xb8/0x1460 [ 73.253048][ T5015] __f2fs_get_acl+0x52/0x8e0 [ 73.258195][ T5015] f2fs_init_acl+0xd7/0x9a0 [ 73.263243][ T5015] f2fs_init_inode_metadata+0x824/0x1190 [ 73.269415][ T5015] f2fs_add_regular_entry+0x904/0xe30 [ 73.275318][ T5015] f2fs_add_dentry+0xf7/0x1e0 [ 73.280526][ T5015] f2fs_do_add_link+0x21e/0x340 [ 73.285902][ T5015] f2fs_mkdir+0x2f5/0x530 [ 73.290850][ T5015] vfs_mkdir+0x29d/0x450 [ 73.295637][ T5015] do_mkdirat+0x264/0x520 [ 73.300504][ T5015] __x64_sys_mkdirat+0x89/0xa0 [ 73.305804][ T5015] do_syscall_64+0x41/0xc0 [ 73.310764][ T5015] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.317201][ T5015] [ 73.317201][ T5015] -> #0 (&fi->i_sem){+.+.}-{3:3}: [ 73.324433][ T5015] __lock_acquire+0x39ff/0x7f70 [ 73.329825][ T5015] lock_acquire+0x1e3/0x520 [ 73.334860][ T5015] down_write+0x3a/0x50 [ 73.339547][ T5015] f2fs_add_inline_entry+0x3a8/0x760 [ 73.345362][ T5015] f2fs_add_dentry+0xba/0x1e0 [ 73.350570][ T5015] f2fs_do_add_link+0x21e/0x340 [ 73.355961][ T5015] f2fs_mkdir+0x2f5/0x530 [ 73.360834][ T5015] vfs_mkdir+0x29d/0x450 [ 73.365619][ T5015] do_mkdirat+0x264/0x520 [ 73.370481][ T5015] __x64_sys_mkdirat+0x89/0xa0 [ 73.375778][ T5015] do_syscall_64+0x41/0xc0 [ 73.380723][ T5015] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.387151][ T5015] [ 73.387151][ T5015] other info that might help us debug this: [ 73.387151][ T5015] [ 73.397402][ T5015] Possible unsafe locking scenario: [ 73.397402][ T5015] [ 73.404869][ T5015] CPU0 CPU1 [ 73.410243][ T5015] ---- ---- [ 73.415609][ T5015] rlock(&fi->i_xattr_sem); [ 73.420213][ T5015] lock(&fi->i_sem); [ 73.426719][ T5015] lock(&fi->i_xattr_sem); [ 73.433749][ T5015] lock(&fi->i_sem); [ 73.437734][ T5015] [ 73.437734][ T5015] *** DEADLOCK *** [ 73.437734][ T5015] [ 73.445879][ T5015] 4 locks held by syz-executor399/5015: [ 73.451426][ T5015] #0: ffff888076dfc410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 73.460586][ T5015] #1: ffff888075c80150 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: filename_create+0x260/0x530 [ 73.471227][ T5015] #2: ffff88807cc7c3b0 (&sbi->cp_rwsem){++++}-{3:3}, at: f2fs_mkdir+0x225/0x530 [ 73.480381][ T5015] #3: ffff888075c807c8 (&fi->i_xattr_sem){.+.+}-{3:3}, at: f2fs_add_dentry+0x9f/0x1e0 [ 73.490052][ T5015] [ 73.490052][ T5015] stack backtrace: [ 73.495941][ T5015] CPU: 0 PID: 5015 Comm: syz-executor399 Not tainted 6.5.0-rc1-syzkaller-00006-g3f01e9fed845 #0 [ 73.506353][ T5015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 73.516414][ T5015] Call Trace: [ 73.519700][ T5015] [ 73.522636][ T5015] dump_stack_lvl+0x1e7/0x2d0 [ 73.527328][ T5015] ? nf_tcp_handle_invalid+0x650/0x650 [ 73.532804][ T5015] ? print_circular_bug+0x12b/0x1a0 [ 73.538016][ T5015] check_noncircular+0x375/0x4a0 [ 73.542964][ T5015] ? __kernel_text_address+0xd/0x40 [ 73.548175][ T5015] ? print_deadlock_bug+0x600/0x600 [ 73.553384][ T5015] ? lockdep_lock+0x123/0x2b0 [ 73.558076][ T5015] ? mark_lock+0x9a/0x340 [ 73.562419][ T5015] ? _find_first_zero_bit+0xd4/0x100 [ 73.567728][ T5015] __lock_acquire+0x39ff/0x7f70 [ 73.572613][ T5015] ? verify_lock_unused+0x140/0x140 [ 73.577822][ T5015] ? rcu_lock_release+0x5/0x30 [ 73.582608][ T5015] ? f2fs_inode_chksum_verify+0xd9/0x360 [ 73.588273][ T5015] lock_acquire+0x1e3/0x520 [ 73.592783][ T5015] ? f2fs_add_inline_entry+0x3a8/0x760 [ 73.598256][ T5015] ? read_lock_is_recursive+0x20/0x20 [ 73.603639][ T5015] ? __might_sleep+0xc0/0xc0 [ 73.608238][ T5015] ? pagecache_get_page+0xeb/0x220 [ 73.613361][ T5015] ? f2fs_grab_cache_page+0x38/0x360 [ 73.618657][ T5015] ? _find_next_zero_bit+0x8c/0x140 [ 73.623875][ T5015] ? _find_next_bit+0xed/0x130 [ 73.628832][ T5015] down_write+0x3a/0x50 [ 73.632996][ T5015] ? f2fs_add_inline_entry+0x3a8/0x760 [ 73.638479][ T5015] f2fs_add_inline_entry+0x3a8/0x760 [ 73.643778][ T5015] ? f2fs_setup_filename+0x145/0x360 [ 73.649069][ T5015] ? do_convert_inline_dir+0x1cb0/0x1cb0 [ 73.654721][ T5015] ? down_read+0x1b5/0x2f0 [ 73.659150][ T5015] f2fs_add_dentry+0xba/0x1e0 [ 73.663834][ T5015] f2fs_do_add_link+0x21e/0x340 [ 73.668709][ T5015] ? __might_sleep+0xc0/0xc0 [ 73.673398][ T5015] ? f2fs_add_dentry+0x1e0/0x1e0 [ 73.678345][ T5015] ? f2fs_get_link+0x110/0x110 [ 73.683127][ T5015] ? down_read+0x1b5/0x2f0 [ 73.687547][ T5015] f2fs_mkdir+0x2f5/0x530 [ 73.691897][ T5015] vfs_mkdir+0x29d/0x450 [ 73.696169][ T5015] do_mkdirat+0x264/0x520 [ 73.700520][ T5015] ? vfs_mkdir+0x450/0x450 [ 73.704955][ T5015] ? getname_flags+0x1f0/0x4e0 [ 73.709747][ T5015] __x64_sys_mkdirat+0x89/0xa0 [ 73.714546][ T5015] do_syscall_64+0x41/0xc0 [ 73.718992][ T5015] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.724917][ T5015] RIP: 0033:0x7f4cf639b639 [ 73.729348][ T5015] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.748977][ T5015] RSP: 002b:00007ffec794db48 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 73.757469][ T5015] RAX: ffffffffffffffda RBX: 00007ffec794dd18 RCX: 00007f4cf639b639 mkdirat(4, "./bus/file0", 000) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 73.765554][ T5015] R