./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2063827108 <...> [ 86.959486][ T8] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.253' (ED25519) to the list of known hosts. execve("./syz-executor2063827108", ["./syz-executor2063827108"], 0x7fff8ecc0450 /* 10 vars */) = 0 brk(NULL) = 0x5555815e4000 brk(0x5555815e4d00) = 0x5555815e4d00 arch_prctl(ARCH_SET_FS, 0x5555815e4380) = 0 set_tid_address(0x5555815e4650) = 5827 set_robust_list(0x5555815e4660, 24) = 0 rseq(0x5555815e4ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2063827108", 4096) = 28 getrandom("\x44\xf2\xf4\xa0\x90\xd9\x65\xea", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555815e4d00 brk(0x555581605d00) = 0x555581605d00 brk(0x555581606000) = 0x555581606000 mprotect(0x7f15e9558000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 executing program write(1, "executing program\n", 18) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f15e1000000 write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 munmap(0x7f15e1000000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 [ 90.016959][ T5827] loop0: detected capacity change from 0 to 32768 [ 90.061473][ T5827] ======================================================= [ 90.061473][ T5827] WARNING: The mand mount option has been deprecated and [ 90.061473][ T5827] and is ignored by this kernel. Remove the mand [ 90.061473][ T5827] option from the mount to silence this warning. [ 90.061473][ T5827] ======================================================= mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "coherency=buffered,heartbeat=none,coherency=full,errors=continue,journal_async_commit,localflocks,in"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, ".", O_RDONLY) = 4 openat(4, "blkio.bfq.io_merged", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 90.115858][ T5827] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 90.152540][ T5827] [ 90.154899][ T5827] ====================================================== [ 90.161933][ T5827] WARNING: possible circular locking dependency detected [ 90.168961][ T5827] 6.13.0-rc3-syzkaller-00017-gf44d154d6e3d #0 Not tainted [ 90.176055][ T5827] ------------------------------------------------------ [ 90.183064][ T5827] syz-executor206/5827 is trying to acquire lock: [ 90.189480][ T5827] ffff8880748f5be0 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 90.200146][ T5827] [ 90.200146][ T5827] but task is already holding lock: [ 90.207499][ T5827] ffff8880748f5c78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa5/0x330 [ 90.218115][ T5827] [ 90.218115][ T5827] which lock already depends on the new lock. [ 90.218115][ T5827] [ 90.228505][ T5827] [ 90.228505][ T5827] the existing dependency chain (in reverse order) is: [ 90.237540][ T5827] [ 90.237540][ T5827] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}: [ 90.245458][ T5827] lock_acquire+0x1ed/0x550 [ 90.250492][ T5827] down_read+0xb1/0xa40 [ 90.255192][ T5827] ocfs2_init_acl+0x397/0x930 [ 90.260399][ T5827] ocfs2_mknod+0x1c05/0x2b30 [ 90.265512][ T5827] ocfs2_create+0x1ab/0x470 [ 90.270536][ T5827] path_openat+0x1c03/0x3590 [ 90.275650][ T5827] do_filp_open+0x27f/0x4e0 [ 90.280679][ T5827] do_sys_openat2+0x13e/0x1d0 [ 90.285878][ T5827] __x64_sys_openat+0x247/0x2a0 [ 90.291252][ T5827] do_syscall_64+0xf3/0x230 [ 90.296285][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.302711][ T5827] [ 90.302711][ T5827] -> #3 (jbd2_handle){.+.+}-{0:0}: [ 90.310037][ T5827] lock_acquire+0x1ed/0x550 [ 90.315119][ T5827] start_this_handle+0x1eb4/0x2110 [ 90.320762][ T5827] jbd2__journal_start+0x2da/0x5d0 [ 90.326405][ T5827] jbd2_journal_start+0x29/0x40 [ 90.331783][ T5827] ocfs2_start_trans+0x3c9/0x700 [ 90.337269][ T5827] ocfs2_reserve_suballoc_bits+0x9f6/0x4e70 [ 90.343689][ T5827] ocfs2_reserve_new_metadata_blocks+0x41c/0x9c0 [ 90.350727][ T5827] ocfs2_mknod+0x143a/0x2b30 [ 90.355839][ T5827] ocfs2_create+0x1ab/0x470 [ 90.360865][ T5827] path_openat+0x1c03/0x3590 [ 90.365997][ T5827] do_filp_open+0x27f/0x4e0 [ 90.371028][ T5827] do_sys_openat2+0x13e/0x1d0 [ 90.376233][ T5827] __x64_sys_openat+0x247/0x2a0 [ 90.381605][ T5827] do_syscall_64+0xf3/0x230 [ 90.386638][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.393099][ T5827] [ 90.393099][ T5827] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 90.401626][ T5827] lock_acquire+0x1ed/0x550 [ 90.406656][ T5827] down_read+0xb1/0xa40 [ 90.411341][ T5827] ocfs2_start_trans+0x3be/0x700 [ 90.416804][ T5827] ocfs2_reserve_suballoc_bits+0x9f6/0x4e70 [ 90.423227][ T5827] ocfs2_reserve_new_metadata_blocks+0x41c/0x9c0 [ 90.430109][ T5827] ocfs2_mknod+0x143a/0x2b30 [ 90.435339][ T5827] ocfs2_create+0x1ab/0x470 [ 90.440369][ T5827] path_openat+0x1c03/0x3590 [ 90.445487][ T5827] do_filp_open+0x27f/0x4e0 [ 90.450768][ T5827] do_sys_openat2+0x13e/0x1d0 [ 90.455965][ T5827] __x64_sys_openat+0x247/0x2a0 [ 90.461341][ T5827] do_syscall_64+0xf3/0x230 [ 90.466375][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.472818][ T5827] [ 90.472818][ T5827] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 90.480308][ T5827] lock_acquire+0x1ed/0x550 [ 90.485337][ T5827] ocfs2_start_trans+0x2b9/0x700 [ 90.490821][ T5827] ocfs2_truncate_file+0x69a/0x1560 [ 90.496979][ T5827] ocfs2_setattr+0x1890/0x1ef0 [ 90.502274][ T5827] notify_change+0xbca/0xe90 [ 90.507395][ T5827] do_truncate+0x220/0x310 [ 90.512354][ T5827] path_openat+0x2e1e/0x3590 [ 90.517486][ T5827] do_filp_open+0x27f/0x4e0 [ 90.522516][ T5827] do_sys_openat2+0x13e/0x1d0 [ 90.527718][ T5827] __x64_sys_openat+0x247/0x2a0 [ 90.533090][ T5827] do_syscall_64+0xf3/0x230 [ 90.538124][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.544550][ T5827] [ 90.544550][ T5827] -> #0 (&oi->ip_alloc_sem){+.+.}-{4:4}: [ 90.552392][ T5827] validate_chain+0x18ef/0x5920 [ 90.557772][ T5827] __lock_acquire+0x1397/0x2100 [ 90.563160][ T5827] lock_acquire+0x1ed/0x550 [ 90.568187][ T5827] down_write+0x99/0x220 [ 90.572952][ T5827] ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 90.579464][ T5827] ocfs2_truncate_file+0xe1b/0x1560 [ 90.585269][ T5827] ocfs2_setattr+0x1890/0x1ef0 [ 90.590554][ T5827] notify_change+0xbca/0xe90 [ 90.595675][ T5827] do_truncate+0x220/0x310 [ 90.600617][ T5827] path_openat+0x2e1e/0x3590 [ 90.605768][ T5827] do_filp_open+0x27f/0x4e0 [ 90.610801][ T5827] do_sys_openat2+0x13e/0x1d0 [ 90.615997][ T5827] __x64_sys_openat+0x247/0x2a0 [ 90.621371][ T5827] do_syscall_64+0xf3/0x230 [ 90.626406][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.632835][ T5827] [ 90.632835][ T5827] other info that might help us debug this: [ 90.632835][ T5827] [ 90.643064][ T5827] Chain exists of: [ 90.643064][ T5827] &oi->ip_alloc_sem --> jbd2_handle --> &oi->ip_xattr_sem [ 90.643064][ T5827] [ 90.656113][ T5827] Possible unsafe locking scenario: [ 90.656113][ T5827] [ 90.663560][ T5827] CPU0 CPU1 [ 90.668924][ T5827] ---- ---- [ 90.674284][ T5827] lock(&oi->ip_xattr_sem); [ 90.678971][ T5827] lock(jbd2_handle); [ 90.685591][ T5827] lock(&oi->ip_xattr_sem); [ 90.692706][ T5827] lock(&oi->ip_alloc_sem); [ 90.697305][ T5827] [ 90.697305][ T5827] *** DEADLOCK *** [ 90.697305][ T5827] [ 90.705443][ T5827] 3 locks held by syz-executor206/5827: [ 90.710984][ T5827] #0: ffff88807d9d8420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 90.720151][ T5827] #1: ffff8880748f5f40 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: do_truncate+0x20c/0x310 [ 90.730530][ T5827] #2: ffff8880748f5c78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa5/0x330 [ 90.741597][ T5827] [ 90.741597][ T5827] stack backtrace: [ 90.747512][ T5827] CPU: 0 UID: 0 PID: 5827 Comm: syz-executor206 Not tainted 6.13.0-rc3-syzkaller-00017-gf44d154d6e3d #0 [ 90.758622][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 90.768771][ T5827] Call Trace: [ 90.772056][ T5827] [ 90.774990][ T5827] dump_stack_lvl+0x241/0x360 [ 90.779681][ T5827] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.784893][ T5827] ? __pfx__printk+0x10/0x10 [ 90.789506][ T5827] print_circular_bug+0x13a/0x1b0 [ 90.794540][ T5827] check_noncircular+0x36a/0x4a0 [ 90.799488][ T5827] ? __pfx_check_noncircular+0x10/0x10 [ 90.804957][ T5827] ? lockdep_lock+0x123/0x2b0 [ 90.809659][ T5827] validate_chain+0x18ef/0x5920 [ 90.814526][ T5827] ? __pfx_validate_chain+0x10/0x10 [ 90.819739][ T5827] ? do_sys_openat2+0x13e/0x1d0 [ 90.824591][ T5827] ? do_syscall_64+0xf3/0x230 [ 90.829280][ T5827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.835366][ T5827] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 90.841370][ T5827] ? mark_lock+0x9a/0x360 [ 90.845714][ T5827] __lock_acquire+0x1397/0x2100 [ 90.850578][ T5827] lock_acquire+0x1ed/0x550 [ 90.855088][ T5827] ? ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 90.861252][ T5827] ? __pfx_lock_acquire+0x10/0x10 [ 90.866284][ T5827] ? __pfx___might_resched+0x10/0x10 [ 90.871588][ T5827] ? ocfs2_truncate_file+0xd45/0x1560 [ 90.876964][ T5827] ? __pfx_lock_release+0x10/0x10 [ 90.881994][ T5827] down_write+0x99/0x220 [ 90.886242][ T5827] ? ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 90.892407][ T5827] ? __pfx_down_write+0x10/0x10 [ 90.897264][ T5827] ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 90.903257][ T5827] ? __pfx_ocfs2_try_remove_refcount_tree+0x10/0x10 [ 90.909876][ T5827] ? ocfs2_metadata_cache_get_super+0x43/0x80 [ 90.915949][ T5827] ? ocfs2_inode_cache_get_super+0xd/0x40 [ 90.921675][ T5827] ocfs2_truncate_file+0xe1b/0x1560 [ 90.926877][ T5827] ? ocfs2_inode_lock_tracker+0x45a/0x760 [ 90.932616][ T5827] ? __pfx_ocfs2_truncate_file+0x10/0x10 [ 90.938254][ T5827] ? do_raw_spin_unlock+0x13c/0x8b0 [ 90.943462][ T5827] ? __asan_memset+0x23/0x50 [ 90.948062][ T5827] ? _raw_spin_unlock+0x28/0x50 [ 90.952919][ T5827] ? ocfs2_inode_lock_tracker+0x45a/0x760 [ 90.958650][ T5827] ? __pfx_ocfs2_inode_lock_tracker+0x10/0x10 [ 90.964726][ T5827] ? ocfs2_rw_lock+0x13e/0x260 [ 90.969500][ T5827] ? __pfx_ocfs2_rw_lock+0x10/0x10 [ 90.974617][ T5827] ? setattr_prepare+0x1f5/0xb20 [ 90.979564][ T5827] ? jbd2_journal_begin_ordered_truncate+0xc0/0x160 [ 90.986166][ T5827] ocfs2_setattr+0x1890/0x1ef0 [ 90.990938][ T5827] ? __pfx_ocfs2_setattr+0x10/0x10 [ 90.996056][ T5827] ? __pfx_smack_inode_setattr+0x10/0x10 [ 91.001743][ T5827] ? current_time+0x282/0x3c0 [ 91.006426][ T5827] ? evm_inode_setattr+0x1b2/0x7d0 [ 91.011543][ T5827] ? security_inode_setattr+0xdb/0x350 [ 91.017011][ T5827] ? __pfx_ocfs2_setattr+0x10/0x10 [ 91.022137][ T5827] notify_change+0xbca/0xe90 [ 91.026740][ T5827] do_truncate+0x220/0x310 [ 91.031167][ T5827] ? __pfx_do_truncate+0x10/0x10 [ 91.036126][ T5827] path_openat+0x2e1e/0x3590 [ 91.040735][ T5827] ? __pfx_path_openat+0x10/0x10 [ 91.045687][ T5827] do_filp_open+0x27f/0x4e0 [ 91.050287][ T5827] ? __pfx_do_filp_open+0x10/0x10 [ 91.055318][ T5827] ? do_raw_spin_lock+0x14f/0x370 [ 91.060367][ T5827] do_sys_openat2+0x13e/0x1d0 [ 91.065051][ T5827] ? __pfx_do_sys_openat2+0x10/0x10 [ 91.070282][ T5827] ? lockdep_hardirqs_on+0x99/0x150 [ 91.075486][ T5827] ? _raw_spin_unlock_irq+0x2e/0x50 [ 91.080706][ T5827] ? ptrace_notify+0x279/0x380 [ 91.085482][ T5827] __x64_sys_openat+0x247/0x2a0 [ 91.090359][ T5827] ? __pfx___x64_sys_openat+0x10/0x10 [ 91.095736][ T5827] ? do_syscall_64+0x100/0x230 [ 91.100519][ T5827] do_syscall_64+0xf3/0x230 [ 91.105034][ T5827] ? clear_bhb_loop+0x35/0x90 [ 91.109713][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.115643][ T5827] RIP: 0033:0x7f15e94e1a39 [ 91.120067][ T5827] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 91.139692][ T5827] RSP: 002b:00007ffc00e454c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 91.148130][ T5827] RAX: ffffffffffffffda RBX: 00007ffc00e45698 RCX: 00007f15e94e1a39 [ 91.156131][ T5827] RDX: 000000000000275a RSI: 00000000200000c0 RDI: 0000000000000004 openat(4, "blkio.bfq.io_merged", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 exit_group(0) = ? +++ exited with 0 +++ [ 91.164125][ T5827] RBP: 00007f15e9558610 R08: 00007ffc00e45698 R09: 00007ff