./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1687612648 <...> DUID 00:04:e3:a1:4c:5b:a4:47:39:93:9a:5d:f6:69:14:97:a9:57 forked to background, child pid 4671 [ 49.019612][ T4672] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.047289][ T4672] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts. execve("./syz-executor1687612648", ["./syz-executor1687612648"], 0x7ffc7427fbe0 /* 10 vars */) = 0 brk(NULL) = 0x555555e8c000 brk(0x555555e8cc40) = 0x555555e8cc40 arch_prctl(ARCH_SET_FS, 0x555555e8c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1687612648", 4096) = 28 brk(0x555555eadc40) = 0x555555eadc40 brk(0x555555eae000) = 0x555555eae000 mprotect(0x7efc2e5e8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efc2612e000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 munmap(0x7efc2612e000, 262144) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file1", 0777) = 0 syzkaller login: [ 80.600736][ T5006] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5006 'syz-executor168' [ 80.619802][ T5006] loop0: detected capacity change from 0 to 512 [ 80.632359][ T5006] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,nogrpid,debug_want_extra_isize=0x0000000000000066,dioread_no"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x76\x00\x00\xcd\xff\xff\xff\x5b\x8e\xf0\x8d\x43\x4b\x0b\x00\x00\xb2\x52\x00\x21\x64\x1d\x35\xee\xba\x27\x3f\xb1\x7d\x19\x03\x77\x06\xe3\x2a\xbb\xb7\x20\xe5\x4a\xb3\x74\x5b\x25\x5a\xd6\xc2\xd1\xf6\x92\xa2\xf0\x8f\x01\xa9\xce\x1d\x0e\x82\xcb\xbe\x6c\x55\x29\xb2\x55\x4f\x38\x49\xf5\x3f\x0c\x1f\x1f\x51\xad\xf5\x4a\xc8\x01\xcc\x23\xf7\xeb\xd5\x7c\x66\x6b\x5d\x6d\x62\x6d\x33\x36\xb5\x1f\x40\xb9"..., 886, 0) = 0 [ 80.651739][ T5006] EXT4-fs (loop0): 1 truncate cleaned up [ 80.657525][ T5006] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 80.682508][ T5006] [ 80.684895][ T5006] ====================================================== [ 80.691960][ T5006] WARNING: possible circular locking dependency detected [ 80.699006][ T5006] 6.3.0-next-20230505-syzkaller #0 Not tainted [ 80.705188][ T5006] ------------------------------------------------------ [ 80.712214][ T5006] syz-executor168/5006 is trying to acquire lock: [ 80.718644][ T5006] ffff888077185e00 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}, at: ext4_xattr_inode_iget+0x2b8/0x660 [ 80.729071][ T5006] [ 80.729071][ T5006] but task is already holding lock: [ 80.736440][ T5006] ffff888077185288 (&ei->i_data_sem){++++}-{3:3}, at: ext4_setattr+0x1925/0x26c0 [ 80.745609][ T5006] [ 80.745609][ T5006] which lock already depends on the new lock. [ 80.745609][ T5006] [ 80.756016][ T5006] [ 80.756016][ T5006] the existing dependency chain (in reverse order) is: [ 80.765033][ T5006] [ 80.765033][ T5006] -> #1 (&ei->i_data_sem){++++}-{3:3}: [ 80.772700][ T5006] down_write+0x92/0x200 [ 80.777510][ T5006] ext4_xattr_set_entry+0x30c5/0x39e0 [ 80.783428][ T5006] ext4_xattr_ibody_set+0x131/0x3a0 [ 80.789172][ T5006] ext4_xattr_set_handle+0x968/0x1510 [ 80.795261][ T5006] ext4_xattr_set+0x144/0x360 [ 80.800486][ T5006] __vfs_setxattr+0x173/0x1e0 [ 80.805701][ T5006] __vfs_setxattr_noperm+0x129/0x5f0 [ 80.811526][ T5006] __vfs_setxattr_locked+0x1d3/0x260 [ 80.817357][ T5006] vfs_setxattr+0x143/0x340 [ 80.822396][ T5006] do_setxattr+0x147/0x190 [ 80.827355][ T5006] setxattr+0x146/0x160 [ 80.832048][ T5006] path_setxattr+0x197/0x1c0 [ 80.837177][ T5006] __x64_sys_setxattr+0xc4/0x160 [ 80.842654][ T5006] do_syscall_64+0x39/0xb0 [ 80.847631][ T5006] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.854106][ T5006] [ 80.854106][ T5006] -> #0 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}: [ 80.862427][ T5006] __lock_acquire+0x2fcd/0x5f30 [ 80.867844][ T5006] lock_acquire.part.0+0x11c/0x370 [ 80.873510][ T5006] down_write+0x92/0x200 [ 80.878313][ T5006] ext4_xattr_inode_iget+0x2b8/0x660 [ 80.884197][ T5006] ext4_xattr_inode_get+0x162/0x830 [ 80.889944][ T5006] ext4_expand_extra_isize_ea+0xf6d/0x1880 [ 80.896296][ T5006] __ext4_expand_extra_isize+0x33e/0x470 [ 80.902480][ T5006] __ext4_mark_inode_dirty+0x51b/0x800 [ 80.908475][ T5006] ext4_setattr+0x199f/0x26c0 [ 80.913709][ T5006] notify_change+0xb2c/0x1180 [ 80.918938][ T5006] do_truncate+0x143/0x200 [ 80.923914][ T5006] path_openat+0x2083/0x2750 [ 80.929061][ T5006] do_filp_open+0x1ba/0x410 [ 80.934145][ T5006] do_sys_openat2+0x16d/0x4c0 [ 80.939362][ T5006] __x64_sys_creat+0xcd/0x120 [ 80.944598][ T5006] do_syscall_64+0x39/0xb0 [ 80.949557][ T5006] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.955997][ T5006] [ 80.955997][ T5006] other info that might help us debug this: [ 80.955997][ T5006] [ 80.966231][ T5006] Possible unsafe locking scenario: [ 80.966231][ T5006] [ 80.973687][ T5006] CPU0 CPU1 [ 80.979079][ T5006] ---- ---- [ 80.984497][ T5006] lock(&ei->i_data_sem); [ 80.988942][ T5006] lock(&ea_inode->i_rwsem#8/1); [ 80.996548][ T5006] lock(&ei->i_data_sem); [ 81.003503][ T5006] lock(&ea_inode->i_rwsem#8/1); [ 81.008563][ T5006] [ 81.008563][ T5006] *** DEADLOCK *** [ 81.008563][ T5006] [ 81.016717][ T5006] 5 locks held by syz-executor168/5006: [ 81.022270][ T5006] #0: ffff88801a7b4460 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x19a4/0x2750 [ 81.031578][ T5006] #1: ffff888077185400 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: do_truncate+0x131/0x200 [ 81.041910][ T5006] #2: ffff8880771855a0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_setattr+0x68f/0x26c0 [ 81.052140][ T5006] #3: ffff888077185288 (&ei->i_data_sem){++++}-{3:3}, at: ext4_setattr+0x1925/0x26c0 [ 81.061755][ T5006] #4: ffff8880771850c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x48f/0x800 [ 81.072073][ T5006] [ 81.072073][ T5006] stack backtrace: [ 81.077986][ T5006] CPU: 0 PID: 5006 Comm: syz-executor168 Not tainted 6.3.0-next-20230505-syzkaller #0 [ 81.087549][ T5006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 81.097618][ T5006] Call Trace: [ 81.100907][ T5006] [ 81.103855][ T5006] dump_stack_lvl+0xd9/0x150 [ 81.108479][ T5006] check_noncircular+0x25f/0x2e0 [ 81.113450][ T5006] ? print_circular_bug+0x730/0x730 [ 81.118685][ T5006] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 81.124710][ T5006] __lock_acquire+0x2fcd/0x5f30 [ 81.129606][ T5006] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 81.135629][ T5006] ? do_raw_spin_unlock+0x175/0x230 [ 81.140847][ T5006] lock_acquire.part.0+0x11c/0x370 [ 81.145993][ T5006] ? ext4_xattr_inode_iget+0x2b8/0x660 [ 81.151477][ T5006] ? lock_sync+0x190/0x190 [ 81.155929][ T5006] ? rcu_is_watching+0x12/0xb0 [ 81.160714][ T5006] ? trace_lock_acquire+0x12d/0x180 [ 81.165944][ T5006] ? ext4_xattr_inode_iget+0x2b8/0x660 [ 81.171425][ T5006] ? lock_acquire+0x32/0xc0 [ 81.175983][ T5006] ? ext4_xattr_inode_iget+0x2b8/0x660 [ 81.181469][ T5006] down_write+0x92/0x200 [ 81.185743][ T5006] ? ext4_xattr_inode_iget+0x2b8/0x660 [ 81.191228][ T5006] ? down_write_killable+0x250/0x250 [ 81.196558][ T5006] ext4_xattr_inode_iget+0x2b8/0x660 [ 81.201871][ T5006] ext4_xattr_inode_get+0x162/0x830 [ 81.207098][ T5006] ? ext4_xattr_inode_iget+0x660/0x660 [ 81.212587][ T5006] ? kvmalloc_node+0xa2/0x1a0 [ 81.217299][ T5006] ? rcu_is_watching+0x12/0xb0 [ 81.222109][ T5006] ? __kmalloc_node+0xfb/0x1a0 [ 81.226916][ T5006] ext4_expand_extra_isize_ea+0xf6d/0x1880 [ 81.232765][ T5006] ? ext4_xattr_set+0x360/0x360 [ 81.237680][ T5006] ? trace_lock_acquire+0x12d/0x180 [ 81.242913][ T5006] ? __ext4_mark_inode_dirty+0x48f/0x800 [ 81.248573][ T5006] ? dquot_initialize_needed+0x18c/0x290 [ 81.254242][ T5006] ? __ext4_mark_inode_dirty+0x48f/0x800 [ 81.259902][ T5006] __ext4_expand_extra_isize+0x33e/0x470 [ 81.265582][ T5006] __ext4_mark_inode_dirty+0x51b/0x800 [ 81.271092][ T5006] ? ext4_expand_extra_isize+0x5e0/0x5e0 [ 81.276834][ T5006] ? lock_acquire+0x32/0xc0 [ 81.281381][ T5006] ? down_write_killable+0x250/0x250 [ 81.286723][ T5006] ? __ext4_journal_start_sb+0x1fc/0x5d0 [ 81.292375][ T5006] ? ext4_setattr+0x807/0x26c0 [ 81.297169][ T5006] ext4_setattr+0x199f/0x26c0 [ 81.301877][ T5006] ? ext4_journalled_write_end+0xfb0/0xfb0 [ 81.307705][ T5006] notify_change+0xb2c/0x1180 [ 81.312403][ T5006] ? down_write+0x14f/0x200 [ 81.316953][ T5006] ? do_truncate+0x143/0x200 [ 81.321673][ T5006] do_truncate+0x143/0x200 [ 81.326131][ T5006] ? file_open_root+0x460/0x460 [ 81.331018][ T5006] ? common_perm_cond+0x230/0x830 [ 81.336074][ T5006] ? ext4_file_write_iter+0x1740/0x1740 [ 81.341660][ T5006] path_openat+0x2083/0x2750 [ 81.346295][ T5006] ? path_lookupat+0x840/0x840 [ 81.351097][ T5006] do_filp_open+0x1ba/0x410 [ 81.355639][ T5006] ? may_open_dev+0xf0/0xf0 [ 81.360183][ T5006] ? find_held_lock+0x2d/0x110 [ 81.364980][ T5006] ? do_raw_spin_lock+0x124/0x2b0 [ 81.370020][ T5006] ? spin_bug+0x1c0/0x1c0 [ 81.374369][ T5006] ? _raw_spin_unlock+0x28/0x40 [ 81.379242][ T5006] ? alloc_fd+0x2e4/0x750 [ 81.383596][ T5006] do_sys_openat2+0x16d/0x4c0 [ 81.388299][ T5006] ? find_held_lock+0x2d/0x110 [ 81.393091][ T5006] ? build_open_flags+0x720/0x720 [ 81.398146][ T5006] ? ptrace_notify+0xfe/0x140 [ 81.402855][ T5006] ? lock_downgrade+0x690/0x690 [ 81.407741][ T5006] __x64_sys_creat+0xcd/0x120 [ 81.412440][ T5006] ? __x64_compat_sys_openat+0x1f0/0x1f0 [ 81.418096][ T5006] ? _raw_spin_unlock_irq+0x2e/0x50 [ 81.423317][ T5006] ? ptrace_notify+0xfe/0x140 [ 81.428024][ T5006] ? syscall_trace_enter.constprop.0+0xb0/0x1e0 [ 81.434292][ T5006] do_syscall_64+0x39/0xb0 [ 81.438737][ T5006] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.444662][ T5006] RIP: 0033:0x7efc2e57ac09 [ 81.449093][ T5006] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 81.468726][ T5006] RSP: 002b:00007ffd62b7d568 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 81.477336][ T5006] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007efc2e57ac09 [ 81.485325][ T5006] RDX: 00007efc2e57ac09 RSI: 0000000000000000 RDI: 0000000020000400 [ 81.493314][ T5006] RBP: 00007efc2e53a210 R08: 0000000000000000 R09: 0000000000000000 creat("./file1", 000) = 4 exit_group(0) = ? +++ exited with 0 +++ [ 81.501300][ T5006] R10: 0000000000000000 R11: 0