./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4077175562 <...> Warning: Permanently added '10.128.0.155' (ED25519) to the list of known hosts. execve("./syz-executor4077175562", ["./syz-executor4077175562"], 0x7ffff0117260 /* 10 vars */) = 0 brk(NULL) = 0x55555716b000 brk(0x55555716bd00) = 0x55555716bd00 arch_prctl(ARCH_SET_FS, 0x55555716b380) = 0 set_tid_address(0x55555716b650) = 5020 set_robust_list(0x55555716b660, 24) = 0 rseq(0x55555716bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4077175562", 4096) = 28 getrandom("\x58\x1f\xf2\xf6\xe9\x63\xdb\x13", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555716bd00 brk(0x55555718cd00) = 0x55555718cd00 brk(0x55555718d000) = 0x55555718d000 mprotect(0x7f33e55a3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33dd0ee000 [ 66.821546][ T5020] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5020 'syz-executor407' write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 munmap(0x7f33dd0ee000, 20699119) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./bus", 0777) = 0 [ 66.975566][ T5020] loop0: detected capacity change from 0 to 40427 [ 66.987143][ T5020] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 66.995068][ T5020] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 67.008480][ T5020] F2FS-fs (loop0): Found nat_bits in checkpoint mount("/dev/loop0", "./bus", "f2fs", 0, "nobarrier,quota,noflush_merge,quota,flush_merge,nodiscard,active_logs=4,noextent_cache,user_xattr,ac"...) = 0 openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 chdir("./bus") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|FASYNC, 000) = 4 [ 67.031962][ T5020] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 67.039112][ T5020] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 67.055028][ T5020] [ 67.057381][ T5020] ====================================================== [ 67.064405][ T5020] WARNING: possible circular locking dependency detected [ 67.071432][ T5020] 6.5.0-rc7-syzkaller-00018-g89bf6209cad6 #0 Not tainted [ 67.078480][ T5020] ------------------------------------------------------ [ 67.085574][ T5020] syz-executor407/5020 is trying to acquire lock: [ 67.092006][ T5020] ffff8880757310a0 (&fi->i_xattr_sem){.+.+}-{3:3}, at: f2fs_getxattr+0xb1e/0x12c0 [ 67.101251][ T5020] [ 67.101251][ T5020] but task is already holding lock: [ 67.108594][ T5020] ffff888075731fb0 (&fi->i_sem){+.+.}-{3:3}, at: f2fs_do_tmpfile+0x22/0x1d0 [ 67.117286][ T5020] [ 67.117286][ T5020] which lock already depends on the new lock. [ 67.117286][ T5020] [ 67.127765][ T5020] [ 67.127765][ T5020] the existing dependency chain (in reverse order) is: [ 67.136869][ T5020] [ 67.136869][ T5020] -> #1 (&fi->i_sem){+.+.}-{3:3}: [ 67.144246][ T5020] down_write+0x93/0x200 [ 67.149161][ T5020] f2fs_add_inline_entry+0x300/0x6f0 [ 67.154970][ T5020] f2fs_add_dentry+0xa6/0x230 [ 67.160164][ T5020] f2fs_do_add_link+0x190/0x280 [ 67.165547][ T5020] f2fs_create+0x3b3/0x650 [ 67.170480][ T5020] lookup_open.isra.0+0x1049/0x1360 [ 67.176207][ T5020] path_openat+0x931/0x29c0 [ 67.181223][ T5020] do_filp_open+0x1de/0x430 [ 67.186319][ T5020] do_sys_openat2+0x176/0x1e0 [ 67.191515][ T5020] __x64_sys_openat+0x175/0x210 [ 67.196877][ T5020] do_syscall_64+0x38/0xb0 [ 67.201816][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.208254][ T5020] [ 67.208254][ T5020] -> #0 (&fi->i_xattr_sem){.+.+}-{3:3}: [ 67.216069][ T5020] __lock_acquire+0x2e3d/0x5de0 [ 67.221454][ T5020] lock_acquire+0x1ae/0x510 [ 67.226481][ T5020] down_read+0x9c/0x470 [ 67.231288][ T5020] f2fs_getxattr+0xb1e/0x12c0 [ 67.236476][ T5020] __f2fs_get_acl+0x5a/0x900 [ 67.241603][ T5020] f2fs_init_acl+0x15c/0xb30 [ 67.246703][ T5020] f2fs_init_inode_metadata+0x159/0x1290 [ 67.252844][ T5020] f2fs_do_tmpfile+0x31/0x1d0 [ 67.258028][ T5020] __f2fs_tmpfile+0x1e6/0x460 [ 67.263271][ T5020] f2fs_ioc_start_atomic_write+0xc8e/0x1270 [ 67.269673][ T5020] __f2fs_ioctl+0x24f5/0xa0f0 [ 67.274891][ T5020] f2fs_ioctl+0x192/0x220 [ 67.279820][ T5020] __x64_sys_ioctl+0x18f/0x210 [ 67.285187][ T5020] do_syscall_64+0x38/0xb0 [ 67.290116][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.296548][ T5020] [ 67.296548][ T5020] other info that might help us debug this: [ 67.296548][ T5020] [ 67.306777][ T5020] Possible unsafe locking scenario: [ 67.306777][ T5020] [ 67.314215][ T5020] CPU0 CPU1 [ 67.319588][ T5020] ---- ---- [ 67.324942][ T5020] lock(&fi->i_sem); [ 67.328917][ T5020] lock(&fi->i_xattr_sem); [ 67.335947][ T5020] lock(&fi->i_sem); [ 67.342439][ T5020] rlock(&fi->i_xattr_sem); [ 67.347027][ T5020] [ 67.347027][ T5020] *** DEADLOCK *** [ 67.347027][ T5020] [ 67.355156][ T5020] 5 locks held by syz-executor407/5020: [ 67.360722][ T5020] #0: ffff88807e9d2410 (sb_writers#9){.+.+}-{0:0}, at: f2fs_ioc_start_atomic_write+0x1b1/0x1270 [ 67.371259][ T5020] #1: ffff888075731300 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: f2fs_ioc_start_atomic_write+0x1f2/0x1270 [ 67.383132][ T5020] #2: ffff8880757318e0 (&fi->i_gc_rwsem[WRITE]){+.+.}-{3:3}, at: f2fs_ioc_start_atomic_write+0x2ee/0x1270 [ 67.394784][ T5020] #3: ffff88802ca143b0 (&sbi->cp_rwsem){.+.+}-{3:3}, at: __f2fs_tmpfile+0x1bb/0x460 [ 67.404282][ T5020] #4: ffff888075731fb0 (&fi->i_sem){+.+.}-{3:3}, at: f2fs_do_tmpfile+0x22/0x1d0 [ 67.413610][ T5020] [ 67.413610][ T5020] stack backtrace: [ 67.419487][ T5020] CPU: 0 PID: 5020 Comm: syz-executor407 Not tainted 6.5.0-rc7-syzkaller-00018-g89bf6209cad6 #0 [ 67.429907][ T5020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 67.439953][ T5020] Call Trace: [ 67.443229][ T5020] [ 67.446158][ T5020] dump_stack_lvl+0xd9/0x1b0 [ 67.450826][ T5020] check_noncircular+0x311/0x3f0 [ 67.455763][ T5020] ? print_circular_bug+0x750/0x750 [ 67.460988][ T5020] ? kasan_save_stack+0x43/0x50 [ 67.465849][ T5020] __lock_acquire+0x2e3d/0x5de0 [ 67.470730][ T5020] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 67.476811][ T5020] ? mark_lock+0x105/0x1950 [ 67.481573][ T5020] ? print_usage_bug.part.0+0x670/0x670 [ 67.487137][ T5020] ? mark_lock+0x105/0x1950 [ 67.491634][ T5020] lock_acquire+0x1ae/0x510 [ 67.496130][ T5020] ? f2fs_getxattr+0xb1e/0x12c0 [ 67.501058][ T5020] ? lock_sync+0x190/0x190 [ 67.505471][ T5020] ? preempt_count_sub+0x150/0x150 [ 67.510590][ T5020] ? reacquire_held_locks+0x4b0/0x4b0 [ 67.515955][ T5020] down_read+0x9c/0x470 [ 67.520105][ T5020] ? f2fs_getxattr+0xb1e/0x12c0 [ 67.524947][ T5020] ? down_write+0x200/0x200 [ 67.529467][ T5020] ? percpu_counter_add_batch+0x112/0x1f0 [ 67.535205][ T5020] ? lockdep_hardirqs_on+0x7d/0x100 [ 67.540407][ T5020] f2fs_getxattr+0xb1e/0x12c0 [ 67.545187][ T5020] ? f2fs_init_security+0x40/0x40 [ 67.550205][ T5020] __f2fs_get_acl+0x5a/0x900 [ 67.554815][ T5020] ? f2fs_new_node_page+0xe50/0xe50 [ 67.560006][ T5020] f2fs_init_acl+0x15c/0xb30 [ 67.564588][ T5020] ? lock_sync+0x190/0x190 [ 67.569002][ T5020] f2fs_init_inode_metadata+0x159/0x1290 [ 67.574718][ T5020] ? preempt_count_sub+0x150/0x150 [ 67.579832][ T5020] ? f2fs_do_make_empty_dir+0x1d0/0x1d0 [ 67.585366][ T5020] ? down_write+0x14f/0x200 [ 67.589874][ T5020] ? down_write_killable_nested+0x250/0x250 [ 67.595884][ T5020] ? do_raw_spin_unlock+0x173/0x230 [ 67.601085][ T5020] f2fs_do_tmpfile+0x31/0x1d0 [ 67.605757][ T5020] __f2fs_tmpfile+0x1e6/0x460 [ 67.610548][ T5020] f2fs_ioc_start_atomic_write+0xc8e/0x1270 [ 67.616465][ T5020] ? tomoyo_path_number_perm+0x180/0x590 [ 67.622112][ T5020] __f2fs_ioctl+0x24f5/0xa0f0 [ 67.626792][ T5020] ? tomoyo_path_number_perm+0x190/0x590 [ 67.632436][ T5020] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 67.638342][ T5020] ? lock_acquire+0x1ae/0x510 [ 67.643020][ T5020] ? f2fs_precache_extents+0x230/0x230 [ 67.648476][ T5020] ? do_vfs_ioctl+0x379/0x1910 [ 67.653239][ T5020] ? vfs_fileattr_set+0xbf0/0xbf0 [ 67.658265][ T5020] ? find_held_lock+0x2d/0x110 [ 67.663122][ T5020] f2fs_ioctl+0x192/0x220 [ 67.667480][ T5020] ? __f2fs_ioctl+0xa0f0/0xa0f0 [ 67.672358][ T5020] __x64_sys_ioctl+0x18f/0x210 [ 67.677120][ T5020] do_syscall_64+0x38/0xb0 [ 67.681529][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.687679][ T5020] RIP: 0033:0x7f33e552b7b9 [ 67.692088][ T5020] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 67.711949][ T5020] RSP: 002b:00007ffda8c0cb98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 67.720372][ T5020] RAX: ffffffffffffffda RBX: 00007ffda8c0cd68 RCX: 00007f33e552b7b9 ioctl(4, F2FS_IOC_START_ATOMIC_WRITE, 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 67.728356][ T5020] RDX: 0000000000000000 RSI: 000000000000f501 RDI: 00000000