./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3713115212 <...> Warning: Permanently added '10.128.0.205' (ED25519) to the list of known hosts. execve("./syz-executor3713115212", ["./syz-executor3713115212"], 0x7ffcf0f980d0 /* 10 vars */) = 0 brk(NULL) = 0x55558812e000 brk(0x55558812ed00) = 0x55558812ed00 arch_prctl(ARCH_SET_FS, 0x55558812e380) = 0 set_tid_address(0x55558812e650) = 5829 set_robust_list(0x55558812e660, 24) = 0 rseq(0x55558812eca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3713115212", 4096) = 28 getrandom("\x63\xfc\x65\x58\xcc\x81\x25\x07", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558812ed00 brk(0x55558814fd00) = 0x55558814fd00 brk(0x555588150000) = 0x555588150000 mprotect(0x7f9f45865000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9f3d200000 write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 munmap(0x7f9f3d200000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 [ 90.298726][ T5829] loop0: detected capacity change from 0 to 32768 mkdir("./file1", 0777) = 0 [ 90.340728][ T5829] ======================================================= [ 90.340728][ T5829] WARNING: The mand mount option has been deprecated and [ 90.340728][ T5829] and is ignored by this kernel. Remove the mand [ 90.340728][ T5829] option from the mount to silence this warning. [ 90.340728][ T5829] ======================================================= [ 90.389636][ T5829] JBD2: Ignoring recovery information on journal mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,coherency=full,coherency=full,localflocks,coh"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 [ 90.420931][ T5829] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 4 [ 90.514835][ T5829] [ 90.517215][ T5829] ====================================================== [ 90.524226][ T5829] WARNING: possible circular locking dependency detected [ 90.531249][ T5829] 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 Not tainted [ 90.538373][ T5829] ------------------------------------------------------ [ 90.545380][ T5829] syz-executor371/5829 is trying to acquire lock: [ 90.551783][ T5829] ffff88807abddbe0 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xbb/0x350 [ 90.562427][ T5829] [ 90.562427][ T5829] but task is already holding lock: [ 90.569783][ T5829] ffff88807abddc78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xaa/0x350 [ 90.580399][ T5829] [ 90.580399][ T5829] which lock already depends on the new lock. [ 90.580399][ T5829] [ 90.590792][ T5829] [ 90.590792][ T5829] the existing dependency chain (in reverse order) is: [ 90.599798][ T5829] [ 90.599798][ T5829] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}: [ 90.607629][ T5829] lock_acquire+0x116/0x2f0 [ 90.612664][ T5829] down_read+0xb3/0xa50 [ 90.617419][ T5829] ocfs2_init_acl+0x39d/0x960 [ 90.622666][ T5829] ocfs2_mknod+0x1c09/0x2b30 [ 90.627777][ T5829] ocfs2_create+0x1ad/0x480 [ 90.632800][ T5829] path_openat+0x194b/0x35d0 [ 90.637915][ T5829] do_filp_open+0x284/0x4e0 [ 90.642943][ T5829] do_sys_openat2+0x12b/0x1d0 [ 90.648144][ T5829] __x64_sys_open+0x226/0x280 [ 90.653377][ T5829] do_syscall_64+0xf3/0x230 [ 90.658405][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.664817][ T5829] [ 90.664817][ T5829] -> #3 (jbd2_handle){.+.+}-{0:0}: [ 90.672153][ T5829] lock_acquire+0x116/0x2f0 [ 90.677193][ T5829] start_this_handle+0x1ee4/0x21a0 [ 90.682824][ T5829] jbd2__journal_start+0x2da/0x5d0 [ 90.688466][ T5829] jbd2_journal_start+0x29/0x40 [ 90.693855][ T5829] ocfs2_start_trans+0x3cd/0x710 [ 90.699313][ T5829] ocfs2_reserve_suballoc_bits+0xa54/0x4f30 [ 90.705729][ T5829] ocfs2_reserve_new_metadata_blocks+0x41c/0x9b0 [ 90.712597][ T5829] ocfs2_mknod+0x143e/0x2b30 [ 90.717705][ T5829] ocfs2_create+0x1ad/0x480 [ 90.722724][ T5829] path_openat+0x194b/0x35d0 [ 90.727836][ T5829] do_filp_open+0x284/0x4e0 [ 90.732876][ T5829] do_sys_openat2+0x12b/0x1d0 [ 90.738069][ T5829] __x64_sys_open+0x226/0x280 [ 90.743278][ T5829] do_syscall_64+0xf3/0x230 [ 90.748301][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.754713][ T5829] [ 90.754713][ T5829] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 90.763249][ T5829] lock_acquire+0x116/0x2f0 [ 90.768269][ T5829] down_read+0xb3/0xa50 [ 90.772942][ T5829] ocfs2_start_trans+0x3c2/0x710 [ 90.778415][ T5829] ocfs2_reserve_suballoc_bits+0xa54/0x4f30 [ 90.784843][ T5829] ocfs2_reserve_new_metadata_blocks+0x41c/0x9b0 [ 90.791702][ T5829] ocfs2_mknod+0x143e/0x2b30 [ 90.796841][ T5829] ocfs2_create+0x1ad/0x480 [ 90.801864][ T5829] path_openat+0x194b/0x35d0 [ 90.806988][ T5829] do_filp_open+0x284/0x4e0 [ 90.812014][ T5829] do_sys_openat2+0x12b/0x1d0 [ 90.817211][ T5829] __x64_sys_open+0x226/0x280 [ 90.822403][ T5829] do_syscall_64+0xf3/0x230 [ 90.827430][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.833866][ T5829] [ 90.833866][ T5829] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 90.841364][ T5829] lock_acquire+0x116/0x2f0 [ 90.846384][ T5829] ocfs2_start_trans+0x2bd/0x710 [ 90.851841][ T5829] ocfs2_truncate_file+0x69c/0x1560 [ 90.857581][ T5829] ocfs2_setattr+0x1894/0x1ef0 [ 90.862857][ T5829] notify_change+0xbca/0xe90 [ 90.867992][ T5829] do_truncate+0x222/0x310 [ 90.872922][ T5829] path_openat+0x2e4f/0x35d0 [ 90.878030][ T5829] do_filp_open+0x284/0x4e0 [ 90.883051][ T5829] do_sys_openat2+0x12b/0x1d0 [ 90.888245][ T5829] __x64_sys_open+0x226/0x280 [ 90.893434][ T5829] do_syscall_64+0xf3/0x230 [ 90.898581][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.904986][ T5829] [ 90.904986][ T5829] -> #0 (&oi->ip_alloc_sem){+.+.}-{4:4}: [ 90.912803][ T5829] validate_chain+0xa69/0x24e0 [ 90.918091][ T5829] __lock_acquire+0xad5/0xd80 [ 90.923371][ T5829] lock_acquire+0x116/0x2f0 [ 90.928387][ T5829] down_write+0x9c/0x220 [ 90.933148][ T5829] ocfs2_try_remove_refcount_tree+0xbb/0x350 [ 90.939645][ T5829] ocfs2_truncate_file+0xe1d/0x1560 [ 90.945394][ T5829] ocfs2_setattr+0x1894/0x1ef0 [ 90.950670][ T5829] notify_change+0xbca/0xe90 [ 90.955808][ T5829] do_truncate+0x222/0x310 [ 90.960743][ T5829] path_openat+0x2e4f/0x35d0 [ 90.965851][ T5829] do_filp_open+0x284/0x4e0 [ 90.970872][ T5829] do_sys_openat2+0x12b/0x1d0 [ 90.976070][ T5829] __x64_sys_open+0x226/0x280 [ 90.981267][ T5829] do_syscall_64+0xf3/0x230 [ 90.986299][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.992718][ T5829] [ 90.992718][ T5829] other info that might help us debug this: [ 90.992718][ T5829] [ 91.002944][ T5829] Chain exists of: [ 91.002944][ T5829] &oi->ip_alloc_sem --> jbd2_handle --> &oi->ip_xattr_sem [ 91.002944][ T5829] [ 91.016014][ T5829] Possible unsafe locking scenario: [ 91.016014][ T5829] [ 91.023456][ T5829] CPU0 CPU1 [ 91.028812][ T5829] ---- ---- [ 91.034194][ T5829] lock(&oi->ip_xattr_sem); [ 91.038780][ T5829] lock(jbd2_handle); [ 91.045397][ T5829] lock(&oi->ip_xattr_sem); [ 91.052522][ T5829] lock(&oi->ip_alloc_sem); [ 91.057113][ T5829] [ 91.057113][ T5829] *** DEADLOCK *** [ 91.057113][ T5829] [ 91.065245][ T5829] 3 locks held by syz-executor371/5829: [ 91.070779][ T5829] #0: ffff888055428420 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 91.079937][ T5829] #1: ffff88807abddf40 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: do_truncate+0x20e/0x310 [ 91.090304][ T5829] #2: ffff88807abddc78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xaa/0x350 [ 91.101356][ T5829] [ 91.101356][ T5829] stack backtrace: [ 91.107255][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor371 Not tainted 6.15.0-rc1-syzkaller-00325-g7cdabafc0012 #0 PREEMPT(full) [ 91.107278][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 91.107291][ T5829] Call Trace: [ 91.107299][ T5829] [ 91.107306][ T5829] dump_stack_lvl+0x241/0x360 [ 91.107332][ T5829] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.107351][ T5829] ? __pfx__printk+0x10/0x10 [ 91.107370][ T5829] ? print_lock+0x171/0x1a0 [ 91.107387][ T5829] print_circular_bug+0x2e1/0x300 [ 91.107406][ T5829] check_noncircular+0x142/0x160 [ 91.107426][ T5829] validate_chain+0xa69/0x24e0 [ 91.107452][ T5829] __lock_acquire+0xad5/0xd80 [ 91.107468][ T5829] lock_acquire+0x116/0x2f0 [ 91.107480][ T5829] ? ocfs2_try_remove_refcount_tree+0xbb/0x350 [ 91.107503][ T5829] down_write+0x9c/0x220 [ 91.107523][ T5829] ? ocfs2_try_remove_refcount_tree+0xbb/0x350 [ 91.107541][ T5829] ? __pfx_down_write+0x10/0x10 [ 91.107560][ T5829] ? ocfs2_truncate_file+0xd47/0x1560 [ 91.107576][ T5829] ocfs2_try_remove_refcount_tree+0xbb/0x350 [ 91.107596][ T5829] ? __pfx_ocfs2_try_remove_refcount_tree+0x10/0x10 [ 91.107615][ T5829] ? ocfs2_metadata_cache_get_super+0x43/0x80 [ 91.107631][ T5829] ? ocfs2_inode_cache_get_super+0xd/0x40 [ 91.107650][ T5829] ocfs2_truncate_file+0xe1d/0x1560 [ 91.107668][ T5829] ? __pfx_ocfs2_truncate_file+0x10/0x10 [ 91.107681][ T5829] ? do_raw_spin_unlock+0x13c/0x8b0 [ 91.107703][ T5829] ? _raw_spin_unlock+0x28/0x50 [ 91.107716][ T5829] ? ocfs2_inode_lock_tracker+0x46e/0x780 [ 91.107736][ T5829] ? __pfx_ocfs2_inode_lock_tracker+0x10/0x10 [ 91.107752][ T5829] ? ocfs2_rw_lock+0x142/0x260 [ 91.107767][ T5829] ? __pfx_ocfs2_rw_lock+0x10/0x10 [ 91.107781][ T5829] ? setattr_prepare+0x1f5/0xb20 [ 91.107804][ T5829] ? jbd2_journal_begin_ordered_truncate+0xc0/0x160 [ 91.107829][ T5829] ocfs2_setattr+0x1894/0x1ef0 [ 91.107847][ T5829] ? __pfx_ocfs2_setattr+0x10/0x10 [ 91.107866][ T5829] ? __pfx_smack_inode_setattr+0x10/0x10 [ 91.107887][ T5829] ? current_time+0x27b/0x3b0 [ 91.107905][ T5829] ? evm_inode_setattr+0x1b2/0x7d0 [ 91.107929][ T5829] ? security_inode_setattr+0xdb/0x350 [ 91.107948][ T5829] ? __pfx_ocfs2_setattr+0x10/0x10 [ 91.107961][ T5829] notify_change+0xbca/0xe90 [ 91.107987][ T5829] do_truncate+0x222/0x310 [ 91.108008][ T5829] ? __pfx_do_truncate+0x10/0x10 [ 91.108034][ T5829] path_openat+0x2e4f/0x35d0 [ 91.108059][ T5829] ? stack_depot_save_flags+0x44/0x940 [ 91.108081][ T5829] ? kasan_save_track+0x51/0x80 [ 91.108102][ T5829] ? __pfx_path_openat+0x10/0x10 [ 91.108120][ T5829] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.108141][ T5829] do_filp_open+0x284/0x4e0 [ 91.108161][ T5829] ? __pfx_do_filp_open+0x10/0x10 [ 91.108179][ T5829] ? do_raw_spin_lock+0x151/0x370 [ 91.108210][ T5829] do_sys_openat2+0x12b/0x1d0 [ 91.108226][ T5829] ? __pfx_do_sys_openat2+0x10/0x10 [ 91.108241][ T5829] ? lockdep_hardirqs_on+0x9d/0x150 [ 91.108258][ T5829] ? _raw_spin_unlock_irq+0x2e/0x50 [ 91.108272][ T5829] ? ptrace_notify+0x282/0x390 [ 91.108295][ T5829] __x64_sys_open+0x226/0x280 [ 91.108311][ T5829] ? __pfx___x64_sys_open+0x10/0x10 [ 91.108332][ T5829] do_syscall_64+0xf3/0x230 [ 91.108350][ T5829] ? clear_bhb_loop+0x45/0xa0 [ 91.108365][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.108383][ T5829] RIP: 0033:0x7f9f457eea79 [ 91.108400][ T5829] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 91.108411][ T5829] RSP: 002b:00007ffc9bc72008 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 91.108426][ T5829] RAX: ffffffffffffffda RBX: 0000000000000020 RCX: 00007f9f457eea79 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 5 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 6 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 7 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 8 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 9 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 10 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 11 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 12 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 13 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 14 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 15 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 16 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 17 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 18 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 19 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 20 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 21 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 22 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 23 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 24 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 25 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 26 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 27 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 28 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 29 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 30 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 31 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 32 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 33 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 34 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 35 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, 000) = 36 exit_group(0) = ? +++ exited with 0 +++ [ 91.108436][ T5829] RDX: 000000000000000