./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3528451173 <...> Warning: Permanently added '10.128.10.45' (ED25519) to the list of known hosts. execve("./syz-executor3528451173", ["./syz-executor3528451173"], 0x7ffdf6f67a10 /* 10 vars */) = 0 brk(NULL) = 0x555556298000 brk(0x555556298d00) = 0x555556298d00 arch_prctl(ARCH_SET_FS, 0x555556298380) = 0 set_tid_address(0x555556298650) = 5017 set_robust_list(0x555556298660, 24) = 0 rseq(0x555556298ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3528451173", 4096) = 28 getrandom("\x04\xea\xce\x87\xed\x59\xb1\x39", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556298d00 brk(0x5555562b9d00) = 0x5555562b9d00 brk(0x5555562ba000) = 0x5555562ba000 mprotect(0x7fe30b11d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe302c67000 [ 70.199139][ T5017] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5017 'syz-executor352' write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 munmap(0x7fe302c67000, 20699119) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./bus", 0777) = 0 [ 70.415957][ T5017] loop0: detected capacity change from 0 to 40427 [ 70.428230][ T5017] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 70.436166][ T5017] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 70.451323][ T5017] F2FS-fs (loop0): Found nat_bits in checkpoint mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 chdir("./bus") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 creat("./bus", 000) = 4 [ 70.490403][ T5017] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 70.497632][ T5017] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 70.531148][ T5017] [ 70.533534][ T5017] ====================================================== [ 70.540576][ T5017] WARNING: possible circular locking dependency detected [ 70.547607][ T5017] 6.5.0-rc3-syzkaller-00275-gffabf7c73176 #0 Not tainted [ 70.554628][ T5017] ------------------------------------------------------ [ 70.561638][ T5017] syz-executor352/5017 is trying to acquire lock: [ 70.568045][ T5017] ffff888075a490a0 (&fi->i_xattr_sem){.+.+}-{3:3}, at: f2fs_getxattr+0xb8/0x1460 [ 70.577240][ T5017] [ 70.577240][ T5017] but task is already holding lock: [ 70.584596][ T5017] ffff888075a496d8 (&fi->i_sem){+.+.}-{3:3}, at: f2fs_do_tmpfile+0x25/0x170 [ 70.593301][ T5017] [ 70.593301][ T5017] which lock already depends on the new lock. [ 70.593301][ T5017] [ 70.603706][ T5017] [ 70.603706][ T5017] the existing dependency chain (in reverse order) is: [ 70.612724][ T5017] [ 70.612724][ T5017] -> #1 (&fi->i_sem){+.+.}-{3:3}: [ 70.619942][ T5017] down_write+0x3a/0x50 [ 70.624623][ T5017] f2fs_add_inline_entry+0x3a8/0x760 [ 70.630440][ T5017] f2fs_add_dentry+0xba/0x1e0 [ 70.635637][ T5017] f2fs_do_add_link+0x21e/0x340 [ 70.641054][ T5017] f2fs_create+0x32c/0x530 [ 70.646171][ T5017] path_openat+0x13e7/0x3180 [ 70.651280][ T5017] do_filp_open+0x234/0x490 [ 70.656302][ T5017] do_sys_openat2+0x13e/0x1d0 [ 70.661501][ T5017] __x64_sys_creat+0x123/0x160 [ 70.666790][ T5017] do_syscall_64+0x41/0xc0 [ 70.671723][ T5017] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.678153][ T5017] [ 70.678153][ T5017] -> #0 (&fi->i_xattr_sem){.+.+}-{3:3}: [ 70.685895][ T5017] __lock_acquire+0x39ff/0x7f70 [ 70.691289][ T5017] lock_acquire+0x1e3/0x520 [ 70.696333][ T5017] down_read+0x47/0x2f0 [ 70.701010][ T5017] f2fs_getxattr+0xb8/0x1460 [ 70.706122][ T5017] __f2fs_get_acl+0x52/0x8e0 [ 70.711233][ T5017] f2fs_init_acl+0xd7/0x9a0 [ 70.716272][ T5017] f2fs_init_inode_metadata+0x824/0x1190 [ 70.722425][ T5017] f2fs_do_tmpfile+0x34/0x170 [ 70.727621][ T5017] __f2fs_tmpfile+0x1f9/0x380 [ 70.732822][ T5017] f2fs_ioc_start_atomic_write+0x4a3/0x9e0 [ 70.739154][ T5017] __f2fs_ioctl+0x1b5c/0xb770 [ 70.744355][ T5017] __se_sys_ioctl+0xf8/0x170 [ 70.749490][ T5017] do_syscall_64+0x41/0xc0 [ 70.754425][ T5017] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.760928][ T5017] [ 70.760928][ T5017] other info that might help us debug this: [ 70.760928][ T5017] [ 70.771171][ T5017] Possible unsafe locking scenario: [ 70.771171][ T5017] [ 70.778619][ T5017] CPU0 CPU1 [ 70.784066][ T5017] ---- ---- [ 70.789433][ T5017] lock(&fi->i_sem); [ 70.793521][ T5017] lock(&fi->i_xattr_sem); [ 70.800542][ T5017] lock(&fi->i_sem); [ 70.807042][ T5017] rlock(&fi->i_xattr_sem); [ 70.811642][ T5017] [ 70.811642][ T5017] *** DEADLOCK *** [ 70.811642][ T5017] [ 70.819880][ T5017] 5 locks held by syz-executor352/5017: [ 70.825493][ T5017] #0: ffff8880777c0410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write_file+0x61/0x200 [ 70.835190][ T5017] #1: ffff888078700a28 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: f2fs_ioc_start_atomic_write+0x1b2/0x9e0 [ 70.846962][ T5017] #2: ffff888078701008 (&fi->i_gc_rwsem[WRITE]){+.+.}-{3:3}, at: f2fs_ioc_start_atomic_write+0x276/0x9e0 [ 70.858315][ T5017] #3: ffff88807a2503b0 (&sbi->cp_rwsem){++++}-{3:3}, at: __f2fs_tmpfile+0x1ce/0x380 [ 70.867816][ T5017] #4: ffff888075a496d8 (&fi->i_sem){+.+.}-{3:3}, at: f2fs_do_tmpfile+0x25/0x170 [ 70.877045][ T5017] [ 70.877045][ T5017] stack backtrace: [ 70.882924][ T5017] CPU: 1 PID: 5017 Comm: syz-executor352 Not tainted 6.5.0-rc3-syzkaller-00275-gffabf7c73176 #0 [ 70.893347][ T5017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 70.903407][ T5017] Call Trace: [ 70.906686][ T5017] [ 70.909650][ T5017] dump_stack_lvl+0x1e7/0x2d0 [ 70.914333][ T5017] ? nf_tcp_handle_invalid+0x650/0x650 [ 70.919797][ T5017] ? print_circular_bug+0x12b/0x1a0 [ 70.925005][ T5017] check_noncircular+0x375/0x4a0 [ 70.929950][ T5017] ? print_deadlock_bug+0x600/0x600 [ 70.935155][ T5017] ? lockdep_lock+0x123/0x2b0 [ 70.939841][ T5017] ? mark_lock+0x9a/0x340 [ 70.944174][ T5017] ? _find_first_zero_bit+0xd4/0x100 [ 70.949470][ T5017] __lock_acquire+0x39ff/0x7f70 [ 70.954339][ T5017] ? verify_lock_unused+0x140/0x140 [ 70.959553][ T5017] ? mark_lock+0x9a/0x340 [ 70.963912][ T5017] lock_acquire+0x1e3/0x520 [ 70.968441][ T5017] ? f2fs_getxattr+0xb8/0x1460 [ 70.973212][ T5017] ? read_lock_is_recursive+0x20/0x20 [ 70.978591][ T5017] ? __might_sleep+0xc0/0xc0 [ 70.983189][ T5017] ? percpu_counter_set+0x1a0/0x1a0 [ 70.988477][ T5017] ? filemap_dirty_folio+0x176/0x370 [ 70.993768][ T5017] down_read+0x47/0x2f0 [ 70.997928][ T5017] ? f2fs_getxattr+0xb8/0x1460 [ 71.002711][ T5017] ? f2fs_getxattr+0xa9/0x1460 [ 71.007484][ T5017] f2fs_getxattr+0xb8/0x1460 [ 71.012096][ T5017] ? f2fs_alloc_nid+0x750/0x750 [ 71.016971][ T5017] __f2fs_get_acl+0x52/0x8e0 [ 71.021563][ T5017] ? f2fs_put_dnode+0xd0/0xd0 [ 71.026244][ T5017] f2fs_init_acl+0xd7/0x9a0 [ 71.030759][ T5017] f2fs_init_inode_metadata+0x824/0x1190 [ 71.036412][ T5017] ? clear_nonspinnable+0x60/0x60 [ 71.041620][ T5017] f2fs_do_tmpfile+0x34/0x170 [ 71.046300][ T5017] __f2fs_tmpfile+0x1f9/0x380 [ 71.050998][ T5017] f2fs_ioc_start_atomic_write+0x4a3/0x9e0 [ 71.056816][ T5017] __f2fs_ioctl+0x1b5c/0xb770 [ 71.061538][ T5017] ? mark_lock+0x9a/0x340 [ 71.065888][ T5017] ? do_vfs_ioctl+0x1c49/0x2b30 [ 71.070755][ T5017] ? __x64_compat_sys_ioctl+0x90/0x90 [ 71.076141][ T5017] ? __lock_acquire+0x7f70/0x7f70 [ 71.081174][ T5017] ? lockdep_hardirqs_on+0x98/0x140 [ 71.086384][ T5017] ? __kmem_cache_free+0x25f/0x3b0 [ 71.091506][ T5017] ? f2fs_ioctl+0x1d0/0x1d0 [ 71.096012][ T5017] ? tomoyo_path_number_perm+0x663/0x840 [ 71.101662][ T5017] ? tomoyo_path_number_perm+0x6e4/0x840 [ 71.107341][ T5017] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 71.112816][ T5017] ? _raw_spin_lock_irqsave+0x120/0x120 [ 71.118376][ T5017] ? __asan_memset+0x23/0x40 [ 71.122976][ T5017] ? smack_file_ioctl+0x2a1/0x3a0 [ 71.128137][ T5017] ? smack_file_alloc_security+0xe0/0xe0 [ 71.133779][ T5017] ? do_notify_parent+0xf50/0xf50 [ 71.138810][ T5017] ? print_irqtrace_events+0x220/0x220 [ 71.144287][ T5017] ? f2fs_ioctl+0x139/0x1d0 [ 71.148795][ T5017] ? f2fs_precache_extents+0x3e0/0x3e0 [ 71.154430][ T5017] __se_sys_ioctl+0xf8/0x170 [ 71.159132][ T5017] do_syscall_64+0x41/0xc0 [ 71.163547][ T5017] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.169445][ T5017] RIP: 0033:0x7fe30b0a4639 [ 71.173855][ T5017] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 71.193478][ T5017] RSP: 002b:00007fffff8600d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 71.201922][ T5017] RAX: ffffffffffffffda RBX: 00007fffff8602a8 RCX: 00007fe30b0a4639 [ 71.209923][ T5017] RDX: 0000000000000000 RSI: 000000000000f501 RDI: 0000000000000004 [ 71.217894][ T5017] RBP: 00007fe30b11d610 R08: 0000000000000000 R09: 00007fffff8602a8 [ 71.226135][ T5017] R10: 0061746f75712c74 R11: 0000000000000246 R12: 0000000000000001 ioctl(4, F2FS_IOC_START_ATOMIC_WRITE, 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [