./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1843674868 <...> Warning: Permanently added '10.128.1.142' (ED25519) to the list of known hosts. execve("./syz-executor1843674868", ["./syz-executor1843674868"], 0x7fff3d4ed1a0 /* 10 vars */) = 0 brk(NULL) = 0x55558be2f000 brk(0x55558be2fd00) = 0x55558be2fd00 arch_prctl(ARCH_SET_FS, 0x55558be2f380) = 0 set_tid_address(0x55558be2f650) = 5848 set_robust_list(0x55558be2f660, 24) = 0 rseq(0x55558be2fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1843674868", 4096) = 28 getrandom("\xe3\x61\xfa\x3a\x2a\x07\x9b\x0d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558be2fd00 brk(0x55558be50d00) = 0x55558be50d00 brk(0x55558be51000) = 0x55558be51000 mprotect(0x7f3722e58000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 executing program write(1, "executing program\n", 18) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f371a800000 write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 munmap(0x7f371a800000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 [ 90.357761][ T5848] loop0: detected capacity change from 0 to 32768 [ 90.383866][ T5848] ======================================================= [ 90.383866][ T5848] WARNING: The mand mount option has been deprecated and [ 90.383866][ T5848] and is ignored by this kernel. Remove the mand mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,errors=remount-ro,acl"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) mkdirat(AT_FDCWD, "./file1", 000) = 0 mkdirat(AT_FDCWD, "./file0", 000) = 0 [ 90.383866][ T5848] option from the mount to silence this warning. [ 90.383866][ T5848] ======================================================= [ 90.438804][ T5848] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. mkdir("./bus", 000) = 0 [ 90.535710][ T5848] [ 90.538054][ T5848] ====================================================== [ 90.545051][ T5848] WARNING: possible circular locking dependency detected [ 90.552051][ T5848] 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 Not tainted [ 90.559157][ T5848] ------------------------------------------------------ [ 90.566169][ T5848] syz-executor184/5848 is trying to acquire lock: [ 90.572560][ T5848] ffff8880324c2618 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_setattr+0x969/0x1b40 [ 90.581553][ T5848] [ 90.581553][ T5848] but task is already holding lock: [ 90.588894][ T5848] ffff88807fabbf60 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_setattr+0x95a/0x1b40 [ 90.598227][ T5848] [ 90.598227][ T5848] which lock already depends on the new lock. [ 90.598227][ T5848] [ 90.608609][ T5848] [ 90.608609][ T5848] the existing dependency chain (in reverse order) is: [ 90.617602][ T5848] [ 90.617602][ T5848] -> #4 (&oi->ip_alloc_sem){+.+.}-{4:4}: [ 90.625419][ T5848] lock_acquire+0x120/0x360 [ 90.630427][ T5848] down_write+0x96/0x1f0 [ 90.635188][ T5848] ocfs2_try_remove_refcount_tree+0xb6/0x320 [ 90.641676][ T5848] ocfs2_xattr_set+0x595/0x11f0 [ 90.647037][ T5848] ocfs2_set_acl+0x701/0x7b0 [ 90.652134][ T5848] ocfs2_iop_set_acl+0x1aa/0x2a0 [ 90.657580][ T5848] vfs_remove_acl+0x48c/0x700 [ 90.662767][ T5848] ovl_workdir_create+0x4f3/0x7f0 [ 90.668305][ T5848] ovl_get_workdir+0x32c/0x1730 [ 90.673667][ T5848] ovl_fill_super+0x1386/0x35d0 [ 90.679029][ T5848] get_tree_nodev+0xbb/0x150 [ 90.684132][ T5848] vfs_get_tree+0x92/0x2b0 [ 90.689063][ T5848] do_new_mount+0x24a/0xa40 [ 90.694105][ T5848] __se_sys_mount+0x317/0x410 [ 90.699292][ T5848] do_syscall_64+0xfa/0x3b0 [ 90.704329][ T5848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.710727][ T5848] [ 90.710727][ T5848] -> #3 (&oi->ip_xattr_sem){++++}-{4:4}: [ 90.718545][ T5848] lock_acquire+0x120/0x360 [ 90.723555][ T5848] down_read+0x46/0x2e0 [ 90.728237][ T5848] ocfs2_init_acl+0x2f9/0x720 [ 90.733421][ T5848] ocfs2_mknod+0x1321/0x2050 [ 90.738515][ T5848] ocfs2_mkdir+0x191/0x440 [ 90.743454][ T5848] vfs_mkdir+0x306/0x510 [ 90.748205][ T5848] do_mkdirat+0x247/0x590 [ 90.753062][ T5848] __x64_sys_mkdirat+0x87/0xa0 [ 90.758338][ T5848] do_syscall_64+0xfa/0x3b0 [ 90.763350][ T5848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.769752][ T5848] [ 90.769752][ T5848] -> #2 (jbd2_handle){.+.+}-{0:0}: [ 90.777044][ T5848] lock_acquire+0x120/0x360 [ 90.782054][ T5848] start_this_handle+0x1fa7/0x21c0 [ 90.787672][ T5848] jbd2__journal_start+0x2c1/0x5b0 [ 90.793291][ T5848] jbd2_journal_start+0x2a/0x40 [ 90.798648][ T5848] ocfs2_start_trans+0x376/0x6d0 [ 90.804092][ T5848] ocfs2_mknod+0xe93/0x2050 [ 90.809096][ T5848] ocfs2_mkdir+0x191/0x440 [ 90.814017][ T5848] vfs_mkdir+0x306/0x510 [ 90.818768][ T5848] do_mkdirat+0x247/0x590 [ 90.823606][ T5848] __x64_sys_mkdirat+0x87/0xa0 [ 90.828880][ T5848] do_syscall_64+0xfa/0x3b0 [ 90.833890][ T5848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.840290][ T5848] [ 90.840290][ T5848] -> #1 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 90.848796][ T5848] lock_acquire+0x120/0x360 [ 90.853806][ T5848] down_read+0x46/0x2e0 [ 90.858470][ T5848] ocfs2_start_trans+0x36a/0x6d0 [ 90.863920][ T5848] ocfs2_mknod+0xe93/0x2050 [ 90.868938][ T5848] ocfs2_mkdir+0x191/0x440 [ 90.873859][ T5848] vfs_mkdir+0x306/0x510 [ 90.878615][ T5848] do_mkdirat+0x247/0x590 [ 90.883457][ T5848] __x64_sys_mkdirat+0x87/0xa0 [ 90.888729][ T5848] do_syscall_64+0xfa/0x3b0 [ 90.893745][ T5848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.900153][ T5848] [ 90.900153][ T5848] -> #0 (sb_internal#2){.+.+}-{0:0}: [ 90.907629][ T5848] validate_chain+0xb9b/0x2140 [ 90.912905][ T5848] __lock_acquire+0xab9/0xd20 [ 90.918089][ T5848] lock_acquire+0x120/0x360 [ 90.923101][ T5848] ocfs2_start_trans+0x26b/0x6d0 [ 90.928544][ T5848] ocfs2_setattr+0x969/0x1b40 [ 90.933733][ T5848] notify_change+0xb36/0xe40 [ 90.938835][ T5848] ovl_workdir_create+0x658/0x7f0 [ 90.944385][ T5848] ovl_get_workdir+0x32c/0x1730 [ 90.949745][ T5848] ovl_fill_super+0x1386/0x35d0 [ 90.955102][ T5848] get_tree_nodev+0xbb/0x150 [ 90.960214][ T5848] vfs_get_tree+0x92/0x2b0 [ 90.965151][ T5848] do_new_mount+0x24a/0xa40 [ 90.970172][ T5848] __se_sys_mount+0x317/0x410 [ 90.975351][ T5848] do_syscall_64+0xfa/0x3b0 [ 90.980362][ T5848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.986761][ T5848] [ 90.986761][ T5848] other info that might help us debug this: [ 90.986761][ T5848] [ 90.996987][ T5848] Chain exists of: [ 90.996987][ T5848] sb_internal#2 --> &oi->ip_xattr_sem --> &oi->ip_alloc_sem [ 90.996987][ T5848] [ 91.010204][ T5848] Possible unsafe locking scenario: [ 91.010204][ T5848] [ 91.017633][ T5848] CPU0 CPU1 [ 91.022981][ T5848] ---- ---- [ 91.028326][ T5848] lock(&oi->ip_alloc_sem); [ 91.032905][ T5848] lock(&oi->ip_xattr_sem); [ 91.040003][ T5848] lock(&oi->ip_alloc_sem); [ 91.047100][ T5848] rlock(sb_internal#2); [ 91.051431][ T5848] [ 91.051431][ T5848] *** DEADLOCK *** [ 91.051431][ T5848] [ 91.059552][ T5848] 5 locks held by syz-executor184/5848: [ 91.065077][ T5848] #0: ffff88807fe4c0e0 (&type->s_umount_key#42/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 [ 91.075208][ T5848] #1: ffff8880324c2428 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 91.084362][ T5848] #2: ffff88807fabb480 (&sb->s_type->i_mutex_key#15/1){+.+.}-{4:4}, at: ovl_workdir_create+0x133/0x7f0 [ 91.095519][ T5848] #3: ffff88807fabc2c0 (&sb->s_type->i_mutex_key#17){+.+.}-{4:4}, at: ovl_workdir_create+0x5f7/0x7f0 [ 91.106507][ T5848] #4: ffff88807fabbf60 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_setattr+0x95a/0x1b40 [ 91.116258][ T5848] [ 91.116258][ T5848] stack backtrace: [ 91.122130][ T5848] CPU: 1 UID: 0 PID: 5848 Comm: syz-executor184 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) [ 91.122152][ T5848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 91.122163][ T5848] Call Trace: [ 91.122171][ T5848] [ 91.122179][ T5848] dump_stack_lvl+0x189/0x250 [ 91.122204][ T5848] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.122225][ T5848] ? __pfx__printk+0x10/0x10 [ 91.122250][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.122270][ T5848] ? print_lock_name+0xde/0x100 [ 91.122295][ T5848] print_circular_bug+0x2ee/0x310 [ 91.122320][ T5848] check_noncircular+0x134/0x160 [ 91.122345][ T5848] validate_chain+0xb9b/0x2140 [ 91.122367][ T5848] ? lockdep_unlock+0x89/0x120 [ 91.122389][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.122411][ T5848] __lock_acquire+0xab9/0xd20 [ 91.122432][ T5848] ? ocfs2_setattr+0x969/0x1b40 [ 91.122456][ T5848] lock_acquire+0x120/0x360 [ 91.122473][ T5848] ? ocfs2_setattr+0x969/0x1b40 [ 91.122498][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.122520][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.122540][ T5848] ? do_raw_spin_unlock+0x122/0x240 [ 91.122566][ T5848] ocfs2_start_trans+0x26b/0x6d0 [ 91.122586][ T5848] ? ocfs2_setattr+0x969/0x1b40 [ 91.122612][ T5848] ? __pfx_ocfs2_start_trans+0x10/0x10 [ 91.122631][ T5848] ? setattr_prepare+0x1e7/0xac0 [ 91.122658][ T5848] ocfs2_setattr+0x969/0x1b40 [ 91.122692][ T5848] ? __pfx_ocfs2_setattr+0x10/0x10 [ 91.122716][ T5848] ? ktime_get_coarse_real_ts64_mg+0x52/0x1e0 [ 91.122744][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.122764][ T5848] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 91.122789][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.122811][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.122833][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.122853][ T5848] ? ns_to_timespec64+0x21/0xb0 [ 91.122879][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.122899][ T5848] ? ktime_get_coarse_real_ts64_mg+0x175/0x1e0 [ 91.122928][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.122948][ T5848] ? current_time+0x222/0x370 [ 91.122966][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.122986][ T5848] ? evm_inode_setattr+0x1bd/0x7d0 [ 91.123007][ T5848] ? __pfx_current_time+0x10/0x10 [ 91.123027][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123047][ T5848] ? try_break_deleg+0x79/0x130 [ 91.123069][ T5848] ? __pfx_ocfs2_setattr+0x10/0x10 [ 91.123094][ T5848] notify_change+0xb36/0xe40 [ 91.123121][ T5848] ovl_workdir_create+0x658/0x7f0 [ 91.123145][ T5848] ? __pfx_ovl_workdir_create+0x10/0x10 [ 91.123170][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123190][ T5848] ? mnt_get_write_access+0x223/0x2a0 [ 91.123212][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123234][ T5848] ovl_get_workdir+0x32c/0x1730 [ 91.123257][ T5848] ? __pfx_ovl_get_workdir+0x10/0x10 [ 91.123278][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123298][ T5848] ? __lock_acquire+0xab9/0xd20 [ 91.123319][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123339][ T5848] ? do_raw_spin_lock+0x121/0x290 [ 91.123365][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123387][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123407][ T5848] ? do_raw_spin_unlock+0x122/0x240 [ 91.123436][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123456][ T5848] ? _raw_spin_unlock+0x28/0x50 [ 91.123472][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123492][ T5848] ? ovl_inuse_trylock+0xae/0xf0 [ 91.123511][ T5848] ovl_fill_super+0x1386/0x35d0 [ 91.123532][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123553][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123573][ T5848] ? rcu_is_watching+0x15/0xb0 [ 91.123596][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123617][ T5848] ? shrinker_register+0x124/0x230 [ 91.123639][ T5848] ? __pfx_ovl_fill_super+0x10/0x10 [ 91.123657][ T5848] ? __pfx___mutex_lock+0x10/0x10 [ 91.123684][ T5848] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 91.123707][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123727][ T5848] ? __raw_spin_lock_init+0x45/0x100 [ 91.123757][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123777][ T5848] ? sget_fc+0x962/0xa40 [ 91.123799][ T5848] ? __pfx_set_anon_super_fc+0x10/0x10 [ 91.123821][ T5848] ? __pfx_ovl_fill_super+0x10/0x10 [ 91.123840][ T5848] get_tree_nodev+0xbb/0x150 [ 91.123864][ T5848] vfs_get_tree+0x92/0x2b0 [ 91.123889][ T5848] do_new_mount+0x24a/0xa40 [ 91.123919][ T5848] __se_sys_mount+0x317/0x410 [ 91.123937][ T5848] ? __pfx___se_sys_mount+0x10/0x10 [ 91.123952][ T5848] ? rcu_is_watching+0x15/0xb0 [ 91.123974][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.123994][ T5848] ? __x64_sys_mount+0x20/0xc0 [ 91.124022][ T5848] do_syscall_64+0xfa/0x3b0 [ 91.124043][ T5848] ? lockdep_hardirqs_on+0x9c/0x150 [ 91.124061][ T5848] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.124078][ T5848] ? srso_alias_return_thunk+0x5/0xfbef5 [ 91.124098][ T5848] ? exc_page_fault+0x9f/0xf0 [ 91.124116][ T5848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.124134][ T5848] RIP: 0033:0x7f3722de1839 [ 91.124150][ T5848] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 mount(NULL, "./bus", "overlay", 0, "upperdir=./file1,lowerdir=./file0,workdir=./bus,") = -1 EINVAL (Invalid argument) exit_group(0) = ? [ 91.124164][ T5848] RSP: 002b:00007ffe609cac98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 91.124182][ T5848] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f3722de1839 [ 91.124195][ T5848] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 91.124207][ T5848] RBP: 00007f3722e58610 R08: 0000200000000380 R09: 0000000000000000 [ 91.124219][ T5848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.124229][ T5848] R13: 00007ffe609cae68 R14: 0000000000000001 R15: 0000000000000001 [ 91.124248][ T5848] +++ exited with 0 +++ [ 91.151587][ T9] cfg80211: failed to load regulatory.d