./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3911797071 <...> Warning: Permanently added '10.128.10.49' (ED25519) to the list of known hosts. execve("./syz-executor3911797071", ["./syz-executor3911797071"], 0x7ffedf9afd80 /* 10 vars */) = 0 brk(NULL) = 0x555564446000 brk(0x555564446d00) = 0x555564446d00 arch_prctl(ARCH_SET_FS, 0x555564446380) = 0 set_tid_address(0x555564446650) = 5827 set_robust_list(0x555564446660, 24) = 0 rseq(0x555564446ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3911797071", 4096) = 28 getrandom("\x69\x43\x16\xc0\x79\x5c\x92\x9f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555564446d00 brk(0x555564467d00) = 0x555564467d00 brk(0x555564468000) = 0x555564468000 mprotect(0x7f450d495000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4504e00000 write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 munmap(0x7f4504e00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file0", 0777) = 0 [ 86.598685][ T5827] loop0: detected capacity change from 0 to 32768 [ 86.647720][ T5827] (syz-executor391,5827,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 86.663739][ T5827] (syz-executor391,5827,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 86.688522][ T5827] JBD2: Ignoring recovery information on journal mount("/dev/loop0", "./file0", "ocfs2", MS_RELATIME, "usrquota,coherency=full,errors=continue,heartbeat=none,errors=continue,nointr,grpquota,") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 86.721395][ T5827] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. creat("./file0", 000) = 4 [ 86.832957][ T5827] [ 86.835338][ T5827] ====================================================== [ 86.842365][ T5827] WARNING: possible circular locking dependency detected [ 86.849402][ T5827] 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 Not tainted [ 86.856517][ T5827] ------------------------------------------------------ [ 86.863538][ T5827] syz-executor391/5827 is trying to acquire lock: [ 86.869957][ T5827] ffff888074d55be0 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xbb/0x350 [ 86.880640][ T5827] [ 86.880640][ T5827] but task is already holding lock: [ 86.888015][ T5827] ffff888074d55c78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xaa/0x350 [ 86.898667][ T5827] [ 86.898667][ T5827] which lock already depends on the new lock. [ 86.898667][ T5827] [ 86.909080][ T5827] [ 86.909080][ T5827] the existing dependency chain (in reverse order) is: [ 86.918111][ T5827] [ 86.918111][ T5827] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}: [ 86.925959][ T5827] lock_acquire+0x116/0x2f0 [ 86.930999][ T5827] down_read+0xb3/0xa50 [ 86.935709][ T5827] ocfs2_init_acl+0x39d/0x960 [ 86.940926][ T5827] ocfs2_mknod+0x1c09/0x2b30 [ 86.946048][ T5827] ocfs2_create+0x1ad/0x480 [ 86.951083][ T5827] path_openat+0x194b/0x35d0 [ 86.956203][ T5827] do_filp_open+0x284/0x4e0 [ 86.961223][ T5827] do_sys_openat2+0x12b/0x1d0 [ 86.966414][ T5827] __x64_sys_creat+0x124/0x170 [ 86.971695][ T5827] do_syscall_64+0xf3/0x230 [ 86.976715][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.983142][ T5827] [ 86.983142][ T5827] -> #3 (jbd2_handle){.+.+}-{0:0}: [ 86.990437][ T5827] lock_acquire+0x116/0x2f0 [ 86.995467][ T5827] start_this_handle+0x1ee4/0x21a0 [ 87.001117][ T5827] jbd2__journal_start+0x2da/0x5d0 [ 87.006741][ T5827] jbd2_journal_start+0x29/0x40 [ 87.012213][ T5827] ocfs2_start_trans+0x3cd/0x710 [ 87.017665][ T5827] ocfs2_modify_bh+0xef/0x4d0 [ 87.022853][ T5827] ocfs2_local_read_info+0x15ab/0x1a10 [ 87.028825][ T5827] dquot_load_quota_sb+0x771/0xbd0 [ 87.034451][ T5827] dquot_load_quota_inode+0x323/0x610 [ 87.040337][ T5827] ocfs2_enable_quotas+0x16b/0x450 [ 87.045966][ T5827] ocfs2_fill_super+0x5cf1/0x74e0 [ 87.051611][ T5827] get_tree_bdev_flags+0x490/0x5c0 [ 87.057238][ T5827] vfs_get_tree+0x90/0x2b0 [ 87.062179][ T5827] do_new_mount+0x2cf/0xb70 [ 87.067196][ T5827] __se_sys_mount+0x38c/0x400 [ 87.072392][ T5827] do_syscall_64+0xf3/0x230 [ 87.077412][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.083819][ T5827] [ 87.083819][ T5827] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 87.092336][ T5827] lock_acquire+0x116/0x2f0 [ 87.097368][ T5827] down_read+0xb3/0xa50 [ 87.102042][ T5827] ocfs2_start_trans+0x3c2/0x710 [ 87.107490][ T5827] ocfs2_modify_bh+0xef/0x4d0 [ 87.112697][ T5827] ocfs2_local_read_info+0x15ab/0x1a10 [ 87.118690][ T5827] dquot_load_quota_sb+0x771/0xbd0 [ 87.124317][ T5827] dquot_load_quota_inode+0x323/0x610 [ 87.130200][ T5827] ocfs2_enable_quotas+0x16b/0x450 [ 87.135839][ T5827] ocfs2_fill_super+0x5cf1/0x74e0 [ 87.141379][ T5827] get_tree_bdev_flags+0x490/0x5c0 [ 87.147021][ T5827] vfs_get_tree+0x90/0x2b0 [ 87.151951][ T5827] do_new_mount+0x2cf/0xb70 [ 87.156964][ T5827] __se_sys_mount+0x38c/0x400 [ 87.162152][ T5827] do_syscall_64+0xf3/0x230 [ 87.167169][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.173572][ T5827] [ 87.173572][ T5827] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 87.181040][ T5827] lock_acquire+0x116/0x2f0 [ 87.186067][ T5827] ocfs2_start_trans+0x2bd/0x710 [ 87.191519][ T5827] ocfs2_truncate_file+0x69c/0x1560 [ 87.197221][ T5827] ocfs2_setattr+0x1894/0x1ef0 [ 87.202491][ T5827] notify_change+0xbca/0xe90 [ 87.207601][ T5827] do_truncate+0x222/0x310 [ 87.212529][ T5827] path_openat+0x2e4f/0x35d0 [ 87.217633][ T5827] do_filp_open+0x284/0x4e0 [ 87.222646][ T5827] do_sys_openat2+0x12b/0x1d0 [ 87.227843][ T5827] __x64_sys_creat+0x124/0x170 [ 87.233128][ T5827] do_syscall_64+0xf3/0x230 [ 87.238160][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.244568][ T5827] [ 87.244568][ T5827] -> #0 (&oi->ip_alloc_sem){+.+.}-{4:4}: [ 87.252408][ T5827] validate_chain+0xa69/0x24e0 [ 87.257731][ T5827] __lock_acquire+0xad5/0xd80 [ 87.262930][ T5827] lock_acquire+0x116/0x2f0 [ 87.267950][ T5827] down_write+0x9c/0x220 [ 87.272716][ T5827] ocfs2_try_remove_refcount_tree+0xbb/0x350 [ 87.279219][ T5827] ocfs2_truncate_file+0xe1d/0x1560 [ 87.284954][ T5827] ocfs2_setattr+0x1894/0x1ef0 [ 87.290232][ T5827] notify_change+0xbca/0xe90 [ 87.295346][ T5827] do_truncate+0x222/0x310 [ 87.300278][ T5827] path_openat+0x2e4f/0x35d0 [ 87.305402][ T5827] do_filp_open+0x284/0x4e0 [ 87.310420][ T5827] do_sys_openat2+0x12b/0x1d0 [ 87.315613][ T5827] __x64_sys_creat+0x124/0x170 [ 87.320889][ T5827] do_syscall_64+0xf3/0x230 [ 87.325906][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.332333][ T5827] [ 87.332333][ T5827] other info that might help us debug this: [ 87.332333][ T5827] [ 87.342568][ T5827] Chain exists of: [ 87.342568][ T5827] &oi->ip_alloc_sem --> jbd2_handle --> &oi->ip_xattr_sem [ 87.342568][ T5827] [ 87.355600][ T5827] Possible unsafe locking scenario: [ 87.355600][ T5827] [ 87.363037][ T5827] CPU0 CPU1 [ 87.368388][ T5827] ---- ---- [ 87.373742][ T5827] lock(&oi->ip_xattr_sem); [ 87.378331][ T5827] lock(jbd2_handle); [ 87.384915][ T5827] lock(&oi->ip_xattr_sem); [ 87.392015][ T5827] lock(&oi->ip_alloc_sem); [ 87.396598][ T5827] [ 87.396598][ T5827] *** DEADLOCK *** [ 87.396598][ T5827] [ 87.404726][ T5827] 3 locks held by syz-executor391/5827: [ 87.410255][ T5827] #0: ffff88807e7f4420 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 87.419427][ T5827] #1: ffff888074d55f40 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: do_truncate+0x20e/0x310 [ 87.429810][ T5827] #2: ffff888074d55c78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xaa/0x350 [ 87.440854][ T5827] [ 87.440854][ T5827] stack backtrace: [ 87.446757][ T5827] CPU: 1 UID: 0 PID: 5827 Comm: syz-executor391 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 87.446775][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 87.446787][ T5827] Call Trace: [ 87.446794][ T5827] [ 87.446800][ T5827] dump_stack_lvl+0x241/0x360 [ 87.446825][ T5827] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.446844][ T5827] ? __pfx__printk+0x10/0x10 [ 87.446863][ T5827] ? print_lock+0x171/0x1a0 [ 87.446880][ T5827] print_circular_bug+0x2e1/0x300 [ 87.446911][ T5827] check_noncircular+0x142/0x160 [ 87.446930][ T5827] validate_chain+0xa69/0x24e0 [ 87.446955][ T5827] __lock_acquire+0xad5/0xd80 [ 87.446971][ T5827] lock_acquire+0x116/0x2f0 [ 87.446982][ T5827] ? ocfs2_try_remove_refcount_tree+0xbb/0x350 [ 87.447003][ T5827] down_write+0x9c/0x220 [ 87.447022][ T5827] ? ocfs2_try_remove_refcount_tree+0xbb/0x350 [ 87.447039][ T5827] ? __pfx_down_write+0x10/0x10 [ 87.447057][ T5827] ? ocfs2_truncate_file+0xd47/0x1560 [ 87.447072][ T5827] ocfs2_try_remove_refcount_tree+0xbb/0x350 [ 87.447091][ T5827] ? __pfx_ocfs2_try_remove_refcount_tree+0x10/0x10 [ 87.447109][ T5827] ? ocfs2_metadata_cache_get_super+0x43/0x80 [ 87.447124][ T5827] ? ocfs2_inode_cache_get_super+0xd/0x40 [ 87.447142][ T5827] ocfs2_truncate_file+0xe1d/0x1560 [ 87.447159][ T5827] ? __pfx_ocfs2_truncate_file+0x10/0x10 [ 87.447171][ T5827] ? do_raw_spin_unlock+0x13c/0x8b0 [ 87.447192][ T5827] ? _raw_spin_unlock+0x28/0x50 [ 87.447205][ T5827] ? ocfs2_inode_lock_tracker+0x46e/0x780 [ 87.447223][ T5827] ? __pfx_ocfs2_inode_lock_tracker+0x10/0x10 [ 87.447238][ T5827] ? ocfs2_rw_lock+0x142/0x260 [ 87.447253][ T5827] ? __pfx_ocfs2_rw_lock+0x10/0x10 [ 87.447272][ T5827] ? jbd2_journal_begin_ordered_truncate+0xc0/0x160 [ 87.447296][ T5827] ocfs2_setattr+0x1894/0x1ef0 [ 87.447314][ T5827] ? __pfx_ocfs2_setattr+0x10/0x10 [ 87.447331][ T5827] ? __pfx_smack_inode_setattr+0x10/0x10 [ 87.447351][ T5827] ? current_time+0x27b/0x3b0 [ 87.447368][ T5827] ? evm_inode_setattr+0x1b2/0x7d0 [ 87.447392][ T5827] ? security_inode_setattr+0xdb/0x350 [ 87.447409][ T5827] ? __pfx_ocfs2_setattr+0x10/0x10 [ 87.447422][ T5827] notify_change+0xbca/0xe90 [ 87.447447][ T5827] do_truncate+0x222/0x310 [ 87.447466][ T5827] ? __pfx_do_truncate+0x10/0x10 [ 87.447491][ T5827] path_openat+0x2e4f/0x35d0 [ 87.447514][ T5827] ? stack_depot_save_flags+0x44/0x940 [ 87.447532][ T5827] ? kasan_save_track+0x51/0x80 [ 87.447552][ T5827] ? __pfx_path_openat+0x10/0x10 [ 87.447569][ T5827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.447589][ T5827] do_filp_open+0x284/0x4e0 [ 87.447608][ T5827] ? __pfx_do_filp_open+0x10/0x10 [ 87.447625][ T5827] ? do_raw_spin_lock+0x151/0x370 [ 87.447656][ T5827] do_sys_openat2+0x12b/0x1d0 [ 87.447671][ T5827] ? _raw_spin_unlock_irq+0x23/0x50 [ 87.447685][ T5827] ? __pfx_do_sys_openat2+0x10/0x10 [ 87.447700][ T5827] ? ptrace_notify+0x282/0x390 [ 87.447723][ T5827] __x64_sys_creat+0x124/0x170 [ 87.447739][ T5827] ? __pfx___x64_sys_creat+0x10/0x10 [ 87.447759][ T5827] do_syscall_64+0xf3/0x230 [ 87.447777][ T5827] ? clear_bhb_loop+0x45/0xa0 [ 87.447792][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.447809][ T5827] RIP: 0033:0x7f450d41d739 [ 87.447828][ T5827] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 87.447839][ T5827] RSP: 002b:00007ffee78e4448 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 creat("./file0", 040) = 5 exit_group(0) = ? +++ exited with 0 +++ [ 87.447853]