./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4248823066 <...> DUID 00:04:2f:bc:f2:2f:e4:1d:55:f7:99:3b:0f:15:66:5c:e9:07 forked to background, child pid 3185 [ 25.929585][ T3186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.940701][ T3186] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. execve("./syz-executor4248823066", ["./syz-executor4248823066"], 0x7fff4ba15bc0 /* 10 vars */) = 0 brk(NULL) = 0x555555912000 brk(0x555555912c40) = 0x555555912c40 arch_prctl(ARCH_SET_FS, 0x555555912300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4248823066", 4096) = 28 brk(0x555555933c40) = 0x555555933c40 brk(0x555555934000) = 0x555555934000 mprotect(0x7fd1f82ba000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 ftruncate(3, 262144) = 0 pwrite64(3, "\x20\x00\x00\x00\x80\x00\x00\x00\x06\x00\x00\x00\x6a\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x40\x00\x00\x00\x40\x00\x00\x20\x00\x00\x00\xd9\xf4\x65\x5f\xd9\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd9\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x28\x02\x00\x00\x02\x84", 98, 1024) = 98 pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x6a\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\xbc\x0f", 32, 2048) = 32 pwrite64(3, "\xff\xff\x3f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 2048, 4096) = 2048 pwrite64(3, "\xed\x41\x00\x00\x00\x08\x00\x00\xd9\xf4\x65\x5f\xd9\xf4\x65\x5f\xd9\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x04\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x08", 41, 8448) = 41 pwrite64(3, "\xed\x41\x00\x00\x3c\x00\x00\x00\xd9\xf4\x65\x5f\xd9\xf4\x65\x5f\xd9\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x10\x03\x00\x00\x00\x02\x00\x00\x00\x0d\x00\x00\x00\x10\x00\x05\x01\x66\x69\x6c\x65\x30\x00\x00\x00\x0e\x00\x00\x00\x28\x00\x05\x07\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 184, 11008) = 184 pwrite64(3, "\x02\x00\x00\x00\x0c\x00\x01\x02\x2e\x00\x00\x00\x02\x00\x00\x00\x0c\x00\x02\x02\x2e\x2e\x00\x00\x0b\x00\x00\x00\x14\x00\x0a\x02\x6c\x6f\x73\x74\x2b\x66\x6f\x75\x6e\x64\x00\x00\x0c\x00\x00\x00\x10\x00\x05\x02\x66\x69\x6c\x65\x30", 57, 16384) = 57 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 close(3) = 0 setxattr("./file0/file0", "trusted.overlay.upper", "\x00\xfb\x25\x00\x00\x75\xd8\xe6\x27\x56\x59\x5e\xbe\xa5\x7f\x2d\x02\xda\xa2\x11\x7f\x0e\x54\xdd\x0f\x94\x3a\xf2\x74\xd4\x6d\x3e\xac\x4b\xed\x8c\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4097, 0) = 0 syzkaller login: [ 49.338174][ T3607] loop0: detected capacity change from 0 to 512 [ 49.353502][ T3607] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 49.370545][ T3607] [ 49.373260][ T3607] ====================================================== [ 49.380283][ T3607] WARNING: possible circular locking dependency detected [ 49.387303][ T3607] 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0 Not tainted [ 49.394048][ T3607] ------------------------------------------------------ [ 49.401069][ T3607] syz-executor424/3607 is trying to acquire lock: [ 49.407471][ T3607] ffff8880741414d8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_get+0x103/0x7f0 [ 49.416992][ T3607] [ 49.416992][ T3607] but task is already holding lock: [ 49.424334][ T3607] ffff888074141810 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: chown_common+0x3f5/0x8a0 [ 49.433895][ T3607] [ 49.433895][ T3607] which lock already depends on the new lock. [ 49.433895][ T3607] [ 49.444284][ T3607] [ 49.444284][ T3607] the existing dependency chain (in reverse order) is: [ 49.453270][ T3607] [ 49.453270][ T3607] -> #1 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}: [ 49.461515][ T3607] lock_acquire+0x1a7/0x400 [ 49.466519][ T3607] down_write+0x95/0x170 [ 49.471266][ T3607] ext4_xattr_set_entry+0x316d/0x3ae0 [ 49.477137][ T3607] ext4_xattr_ibody_set+0x128/0x360 [ 49.482835][ T3607] ext4_xattr_set_handle+0xc59/0x1590 [ 49.488705][ T3607] ext4_xattr_set+0x23e/0x3e0 [ 49.493887][ T3607] __vfs_setxattr+0x3f4/0x430 [ 49.499064][ T3607] __vfs_setxattr_noperm+0x128/0x5d0 [ 49.504849][ T3607] vfs_setxattr+0x2bc/0x4e0 [ 49.509853][ T3607] path_setxattr+0x3b0/0x4b0 [ 49.514941][ T3607] __x64_sys_setxattr+0xb7/0xd0 [ 49.520401][ T3607] do_syscall_64+0x2b/0x70 [ 49.525315][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.531733][ T3607] [ 49.531733][ T3607] -> #0 (&ei->xattr_sem){++++}-{3:3}: [ 49.539715][ T3607] validate_chain+0x1872/0x6600 [ 49.545065][ T3607] __lock_acquire+0x1292/0x1f60 [ 49.550415][ T3607] lock_acquire+0x1a7/0x400 [ 49.555427][ T3607] down_read+0x39/0x50 [ 49.559990][ T3607] ext4_xattr_get+0x103/0x7f0 [ 49.565164][ T3607] __vfs_getxattr+0x3de/0x410 [ 49.570336][ T3607] cap_inode_need_killpriv+0x41/0x60 [ 49.576124][ T3607] security_inode_need_killpriv+0x50/0xb0 [ 49.582342][ T3607] notify_change+0x4e1/0x10f0 [ 49.587528][ T3607] chown_common+0x576/0x8a0 [ 49.592539][ T3607] do_fchownat+0x175/0x250 [ 49.597460][ T3607] __x64_sys_fchownat+0xb1/0xc0 [ 49.602822][ T3607] do_syscall_64+0x2b/0x70 [ 49.607734][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.614123][ T3607] [ 49.614123][ T3607] other info that might help us debug this: [ 49.614123][ T3607] [ 49.624324][ T3607] Possible unsafe locking scenario: [ 49.624324][ T3607] [ 49.631757][ T3607] CPU0 CPU1 [ 49.637107][ T3607] ---- ---- [ 49.642479][ T3607] lock(&ea_inode->i_rwsem#7/1); [ 49.647502][ T3607] lock(&ei->xattr_sem); [ 49.654427][ T3607] lock(&ea_inode->i_rwsem#7/1); [ 49.661962][ T3607] lock(&ei->xattr_sem); [ 49.666288][ T3607] [ 49.666288][ T3607] *** DEADLOCK *** [ 49.666288][ T3607] [ 49.674418][ T3607] 2 locks held by syz-executor424/3607: [ 49.679942][ T3607] #0: ffff888022e78460 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 [ 49.689057][ T3607] #1: ffff888074141810 (&ea_inode->i_rwsem#7/1){+.+.}-{3:3}, at: chown_common+0x3f5/0x8a0 [ 49.699038][ T3607] [ 49.699038][ T3607] stack backtrace: [ 49.704901][ T3607] CPU: 0 PID: 3607 Comm: syz-executor424 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0 [ 49.715023][ T3607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 49.725056][ T3607] Call Trace: [ 49.728837][ T3607] [ 49.731759][ T3607] dump_stack_lvl+0x1e3/0x2cb [ 49.736423][ T3607] ? io_notif_register+0x5e7/0x5e7 [ 49.741713][ T3607] ? print_circular_bug+0x13e/0x1c0 [ 49.746927][ T3607] check_noncircular+0x2f9/0x3b0 [ 49.752200][ T3607] ? add_chain_block+0x850/0x850 [ 49.757276][ T3607] ? lockdep_lock+0x11d/0x2a0 [ 49.762407][ T3607] ? validate_chain+0x1450/0x6600 [ 49.767440][ T3607] validate_chain+0x1872/0x6600 [ 49.772301][ T3607] ? reacquire_held_locks+0x680/0x680 [ 49.777770][ T3607] ? __stack_depot_save+0x42e/0x490 [ 49.782975][ T3607] ? reacquire_held_locks+0x680/0x680 [ 49.788355][ T3607] ? kfree+0xda/0x210 [ 49.792362][ T3607] ? kasan_set_track+0x5e/0x70 [ 49.797864][ T3607] ? kasan_set_free_info+0x1f/0x40 [ 49.803089][ T3607] ? ____kasan_slab_free+0xd8/0x120 [ 49.808381][ T3607] ? slab_free_freelist_hook+0x12e/0x1a0 [ 49.814071][ T3607] ? tomoyo_path_number_perm+0x5ee/0x7b0 [ 49.819750][ T3607] ? security_path_chown+0xd5/0x160 [ 49.825562][ T3607] ? chown_common+0x524/0x8a0 [ 49.830688][ T3607] ? rcu_lock_release+0x5/0x20 [ 49.835735][ T3607] ? mark_lock+0x9a/0x350 [ 49.840069][ T3607] ? mark_lock+0x9a/0x350 [ 49.844403][ T3607] __lock_acquire+0x1292/0x1f60 [ 49.849281][ T3607] lock_acquire+0x1a7/0x400 [ 49.853774][ T3607] ? ext4_xattr_get+0x103/0x7f0 [ 49.858641][ T3607] ? read_lock_is_recursive+0x10/0x10 [ 49.864039][ T3607] ? print_irqtrace_events+0x220/0x220 [ 49.869505][ T3607] ? __might_sleep+0xc0/0xc0 [ 49.874697][ T3607] ? ktime_get_coarse_real_ts64+0x45/0x140 [ 49.880494][ T3607] ? seqcount_lockdep_reader_access+0x153/0x220 [ 49.886717][ T3607] ? lockdep_hardirqs_on+0x95/0x140 [ 49.891908][ T3607] ? seqcount_lockdep_reader_access+0x1d3/0x220 [ 49.898351][ T3607] ? ktime_get_real_ts64+0x4b0/0x4b0 [ 49.903662][ T3607] down_read+0x39/0x50 [ 49.907811][ T3607] ? ext4_xattr_get+0x103/0x7f0 [ 49.912662][ T3607] ext4_xattr_get+0x103/0x7f0 [ 49.917350][ T3607] ? ext4_initxattrs+0x110/0x110 [ 49.922471][ T3607] __vfs_getxattr+0x3de/0x410 [ 49.927238][ T3607] cap_inode_need_killpriv+0x41/0x60 [ 49.932788][ T3607] security_inode_need_killpriv+0x50/0xb0 [ 49.938781][ T3607] notify_change+0x4e1/0x10f0 [ 49.943525][ T3607] ? security_path_chown+0x11d/0x160 [ 49.948835][ T3607] chown_common+0x576/0x8a0 [ 49.953436][ T3607] ? __ia32_sys_chmod+0x190/0x190 [ 49.958475][ T3607] ? rcu_read_lock_any_held+0xb3/0x150 [ 49.963932][ T3607] ? __mnt_want_write+0x221/0x2a0 [ 49.968972][ T3607] do_fchownat+0x175/0x250 [ 49.973374][ T3607] ? chown_common+0x8a0/0x8a0 [ 49.978071][ T3607] ? vtime_user_exit+0x2b2/0x3e0 [ 49.983152][ T3607] ? __ct_user_exit+0x81/0xe0 [ 49.987902][ T3607] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 49.994407][ T3607] __x64_sys_fchownat+0xb1/0xc0 [ 49.999335][ T3607] do_syscall_64+0x2b/0x70 [ 50.003772][ T3607] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.009679][ T3607] RIP: 0033:0x7fd1f824d0e9 [ 50.014590][ T3607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 fchownat(5, "./file0/file0", 0, 60929, AT_EMPTY_PATH) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 50.034762][ T3607] RSP: 002b:00007ffd0eb20998 EFLAGS: 00000246 ORIG_RAX: 0