./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3169181626 <...> Warning: Permanently added '10.128.1.184' (ECDSA) to the list of known hosts. execve("./syz-executor3169181626", ["./syz-executor3169181626"], 0x7ffdcb316960 /* 10 vars */) = 0 brk(NULL) = 0x555556cc1000 brk(0x555556cc1c40) = 0x555556cc1c40 arch_prctl(ARCH_SET_FS, 0x555556cc1300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3169181626", 4096) = 28 brk(0x555556ce2c40) = 0x555556ce2c40 brk(0x555556ce3000) = 0x555556ce3000 mprotect(0x7f1ac58cb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1abd40d000 syzkaller login: [ 70.464153][ T5015] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5015 'syz-executor316' write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 munmap(0x7f1abd40d000, 20699119) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./bus", 0777) = 0 [ 70.662331][ T5015] loop0: detected capacity change from 0 to 40427 [ 70.674153][ T5015] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 70.682051][ T5015] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 70.694910][ T5015] F2FS-fs (loop0): Found nat_bits in checkpoint mount("/dev/loop0", "./bus", "f2fs", 0, "nobarrier,quota,noflush_merge,quota,flush_merge,nodiscard,active_logs=4,noextent_cache,user_xattr,ac"...) = 0 openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 chdir("./bus") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|FASYNC, 000) = 4 [ 70.733281][ T5015] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 70.740512][ T5015] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 70.761957][ T5015] [ 70.764331][ T5015] ====================================================== [ 70.771457][ T5015] WARNING: possible circular locking dependency detected [ 70.778482][ T5015] 6.5.0-rc1-syzkaller-00006-g3f01e9fed845 #0 Not tainted [ 70.785493][ T5015] ------------------------------------------------------ [ 70.792518][ T5015] syz-executor316/5015 is trying to acquire lock: [ 70.798923][ T5015] ffff8880793890a0 (&fi->i_xattr_sem){.+.+}-{3:3}, at: f2fs_getxattr+0xb8/0x1460 [ 70.808079][ T5015] [ 70.808079][ T5015] but task is already holding lock: [ 70.815455][ T5015] ffff8880793c16d8 (&fi->i_sem){+.+.}-{3:3}, at: f2fs_do_tmpfile+0x25/0x170 [ 70.824193][ T5015] [ 70.824193][ T5015] which lock already depends on the new lock. [ 70.824193][ T5015] [ 70.834607][ T5015] [ 70.834607][ T5015] the existing dependency chain (in reverse order) is: [ 70.843619][ T5015] [ 70.843619][ T5015] -> #1 (&fi->i_sem){+.+.}-{3:3}: [ 70.850836][ T5015] down_write+0x3a/0x50 [ 70.855512][ T5015] f2fs_add_inline_entry+0x3a8/0x760 [ 70.861328][ T5015] f2fs_add_dentry+0xba/0x1e0 [ 70.866525][ T5015] f2fs_do_add_link+0x21e/0x340 [ 70.871905][ T5015] f2fs_create+0x32c/0x530 [ 70.876843][ T5015] path_openat+0x13e7/0x3180 [ 70.881947][ T5015] do_filp_open+0x234/0x490 [ 70.886960][ T5015] do_sys_openat2+0x13e/0x1d0 [ 70.892155][ T5015] __x64_sys_openat+0x247/0x290 [ 70.897526][ T5015] do_syscall_64+0x41/0xc0 [ 70.902456][ T5015] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.908876][ T5015] [ 70.908876][ T5015] -> #0 (&fi->i_xattr_sem){.+.+}-{3:3}: [ 70.916604][ T5015] __lock_acquire+0x39ff/0x7f70 [ 70.921974][ T5015] lock_acquire+0x1e3/0x520 [ 70.926992][ T5015] down_read+0x47/0x2f0 [ 70.931659][ T5015] f2fs_getxattr+0xb8/0x1460 [ 70.936771][ T5015] __f2fs_get_acl+0x52/0x8e0 [ 70.941876][ T5015] f2fs_init_acl+0xd7/0x9a0 [ 70.946913][ T5015] f2fs_init_inode_metadata+0x824/0x1190 [ 70.953161][ T5015] f2fs_do_tmpfile+0x34/0x170 [ 70.958365][ T5015] __f2fs_tmpfile+0x1f9/0x380 [ 70.963608][ T5015] f2fs_ioc_start_atomic_write+0x4a3/0x9e0 [ 70.969934][ T5015] __f2fs_ioctl+0x1b5c/0xb770 [ 70.975151][ T5015] __se_sys_ioctl+0xf8/0x170 [ 70.980265][ T5015] do_syscall_64+0x41/0xc0 [ 70.985196][ T5015] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.991616][ T5015] [ 70.991616][ T5015] other info that might help us debug this: [ 70.991616][ T5015] [ 71.001835][ T5015] Possible unsafe locking scenario: [ 71.001835][ T5015] [ 71.009278][ T5015] CPU0 CPU1 [ 71.014649][ T5015] ---- ---- [ 71.020015][ T5015] lock(&fi->i_sem); [ 71.023994][ T5015] lock(&fi->i_xattr_sem); [ 71.031010][ T5015] lock(&fi->i_sem); [ 71.037506][ T5015] rlock(&fi->i_xattr_sem); [ 71.042190][ T5015] [ 71.042190][ T5015] *** DEADLOCK *** [ 71.042190][ T5015] [ 71.050332][ T5015] 5 locks held by syz-executor316/5015: [ 71.055868][ T5015] #0: ffff88807c5d0410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write_file+0x61/0x200 [ 71.065533][ T5015] #1: ffff8880793c0a28 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: f2fs_ioc_start_atomic_write+0x1b2/0x9e0 [ 71.077276][ T5015] #2: ffff8880793c1008 (&fi->i_gc_rwsem[WRITE]){+.+.}-{3:3}, at: f2fs_ioc_start_atomic_write+0x276/0x9e0 [ 71.088584][ T5015] #3: ffff8880166903b0 (&sbi->cp_rwsem){.+.+}-{3:3}, at: __f2fs_tmpfile+0x1ce/0x380 [ 71.098065][ T5015] #4: ffff8880793c16d8 (&fi->i_sem){+.+.}-{3:3}, at: f2fs_do_tmpfile+0x25/0x170 [ 71.107197][ T5015] [ 71.107197][ T5015] stack backtrace: [ 71.113116][ T5015] CPU: 0 PID: 5015 Comm: syz-executor316 Not tainted 6.5.0-rc1-syzkaller-00006-g3f01e9fed845 #0 [ 71.123522][ T5015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 71.133596][ T5015] Call Trace: [ 71.136880][ T5015] [ 71.139845][ T5015] dump_stack_lvl+0x1e7/0x2d0 [ 71.144536][ T5015] ? nf_tcp_handle_invalid+0x650/0x650 [ 71.150000][ T5015] ? print_circular_bug+0x12b/0x1a0 [ 71.155199][ T5015] check_noncircular+0x375/0x4a0 [ 71.160137][ T5015] ? print_deadlock_bug+0x600/0x600 [ 71.165352][ T5015] ? lockdep_lock+0x123/0x2b0 [ 71.170052][ T5015] ? mark_lock+0x9a/0x340 [ 71.174380][ T5015] ? _find_first_zero_bit+0xd4/0x100 [ 71.179757][ T5015] __lock_acquire+0x39ff/0x7f70 [ 71.184642][ T5015] ? verify_lock_unused+0x140/0x140 [ 71.189867][ T5015] ? mark_lock+0x9a/0x340 [ 71.194205][ T5015] lock_acquire+0x1e3/0x520 [ 71.198709][ T5015] ? f2fs_getxattr+0xb8/0x1460 [ 71.203471][ T5015] ? read_lock_is_recursive+0x20/0x20 [ 71.208842][ T5015] ? __might_sleep+0xc0/0xc0 [ 71.213436][ T5015] ? percpu_counter_set+0x1a0/0x1a0 [ 71.218642][ T5015] ? filemap_dirty_folio+0x176/0x370 [ 71.223929][ T5015] down_read+0x47/0x2f0 [ 71.228079][ T5015] ? f2fs_getxattr+0xb8/0x1460 [ 71.232837][ T5015] ? f2fs_getxattr+0xa9/0x1460 [ 71.237598][ T5015] f2fs_getxattr+0xb8/0x1460 [ 71.242185][ T5015] ? f2fs_alloc_nid+0x750/0x750 [ 71.247034][ T5015] __f2fs_get_acl+0x52/0x8e0 [ 71.251618][ T5015] ? f2fs_put_dnode+0xd0/0xd0 [ 71.256298][ T5015] f2fs_init_acl+0xd7/0x9a0 [ 71.260841][ T5015] f2fs_init_inode_metadata+0x824/0x1190 [ 71.266473][ T5015] ? clear_nonspinnable+0x60/0x60 [ 71.271512][ T5015] f2fs_do_tmpfile+0x34/0x170 [ 71.276204][ T5015] __f2fs_tmpfile+0x1f9/0x380 [ 71.280884][ T5015] f2fs_ioc_start_atomic_write+0x4a3/0x9e0 [ 71.286718][ T5015] __f2fs_ioctl+0x1b5c/0xb770 [ 71.291405][ T5015] ? mark_lock+0x9a/0x340 [ 71.295737][ T5015] ? do_vfs_ioctl+0x1c49/0x2b30 [ 71.300608][ T5015] ? __x64_compat_sys_ioctl+0x90/0x90 [ 71.306065][ T5015] ? __lock_acquire+0x7f70/0x7f70 [ 71.311085][ T5015] ? lockdep_hardirqs_on+0x98/0x140 [ 71.316293][ T5015] ? __kmem_cache_free+0x25f/0x3b0 [ 71.321437][ T5015] ? f2fs_ioctl+0x1d0/0x1d0 [ 71.325980][ T5015] ? tomoyo_path_number_perm+0x663/0x840 [ 71.331607][ T5015] ? tomoyo_path_number_perm+0x6e4/0x840 [ 71.337254][ T5015] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 71.342708][ T5015] ? _raw_spin_lock_irqsave+0x120/0x120 [ 71.348536][ T5015] ? __asan_memset+0x23/0x40 [ 71.353123][ T5015] ? smack_file_ioctl+0x2a1/0x3a0 [ 71.358156][ T5015] ? smack_file_alloc_security+0xe0/0xe0 [ 71.363804][ T5015] ? do_notify_parent+0xf50/0xf50 [ 71.368825][ T5015] ? print_irqtrace_events+0x220/0x220 [ 71.374285][ T5015] ? f2fs_ioctl+0x139/0x1d0 [ 71.378783][ T5015] ? f2fs_precache_extents+0x3e0/0x3e0 [ 71.384253][ T5015] __se_sys_ioctl+0xf8/0x170 [ 71.388843][ T5015] do_syscall_64+0x41/0xc0 [ 71.393255][ T5015] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.399146][ T5015] RIP: 0033:0x7f1ac5859969 [ 71.403557][ T5015] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 71.423156][ T5015] RSP: 002b:00007ffd76ebba88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 ioctl(4, F2FS_IOC_START_ATOMIC_WRITE, 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 71.431583][ T5015] RAX: ffffffffffffffda RBX: 000000