./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1613673148 <...> Warning: Permanently added '10.128.0.133' (ED25519) to the list of known hosts. execve("./syz-executor1613673148", ["./syz-executor1613673148"], 0x7ffe87b3eff0 /* 10 vars */) = 0 brk(NULL) = 0x55555c698000 brk(0x55555c698d00) = 0x55555c698d00 arch_prctl(ARCH_SET_FS, 0x55555c698380) = 0 set_tid_address(0x55555c698650) = 5226 set_robust_list(0x55555c698660, 24) = 0 rseq(0x55555c698ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1613673148", 4096) = 28 getrandom("\x04\x40\x4b\xbc\xdf\xc9\xee\x63", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555c698d00 brk(0x55555c6b9d00) = 0x55555c6b9d00 brk(0x55555c6ba000) = 0x55555c6ba000 mprotect(0x7f29e79ca000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f29df400000 write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 munmap(0x7f29df400000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 [ 71.549509][ T5226] loop0: detected capacity change from 0 to 32768 [ 71.587682][ T5226] ======================================================= [ 71.587682][ T5226] WARNING: The mand mount option has been deprecated and [ 71.587682][ T5226] and is ignored by this kernel. Remove the mand [ 71.587682][ T5226] option from the mount to silence this warning. [ 71.587682][ T5226] ======================================================= mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<mmap_lock){++++}-{3:3}, at: __might_fault+0xaa/0x120 [ 71.741410][ T5226] [ 71.741410][ T5226] but task is already holding lock: [ 71.748761][ T5226] ffff8880720d0660 (&oi->ip_alloc_sem){++++}-{3:3}, at: ocfs2_fiemap+0x377/0xf80 [ 71.757920][ T5226] [ 71.757920][ T5226] which lock already depends on the new lock. [ 71.757920][ T5226] [ 71.768310][ T5226] [ 71.768310][ T5226] the existing dependency chain (in reverse order) is: [ 71.777308][ T5226] [ 71.777308][ T5226] -> #2 (&oi->ip_alloc_sem){++++}-{3:3}: [ 71.785123][ T5226] lock_acquire+0x1ed/0x550 [ 71.790152][ T5226] down_write+0x99/0x220 [ 71.794918][ T5226] ocfs2_page_mkwrite+0x346/0xed0 [ 71.800457][ T5226] do_page_mkwrite+0x198/0x480 [ 71.805742][ T5226] handle_pte_fault+0x11fa/0x6800 [ 71.811288][ T5226] handle_mm_fault+0x1053/0x1ad0 [ 71.816743][ T5226] exc_page_fault+0x2b9/0x8c0 [ 71.821940][ T5226] asm_exc_page_fault+0x26/0x30 [ 71.827309][ T5226] [ 71.827309][ T5226] -> #1 (sb_pagefaults){.+.+}-{0:0}: [ 71.834778][ T5226] lock_acquire+0x1ed/0x550 [ 71.839803][ T5226] ocfs2_page_mkwrite+0x222/0xed0 [ 71.845362][ T5226] do_page_mkwrite+0x198/0x480 [ 71.850648][ T5226] handle_pte_fault+0x11fa/0x6800 [ 71.856191][ T5226] handle_mm_fault+0x1053/0x1ad0 [ 71.861644][ T5226] exc_page_fault+0x2b9/0x8c0 [ 71.866844][ T5226] asm_exc_page_fault+0x26/0x30 [ 71.872217][ T5226] [ 71.872217][ T5226] -> #0 (&mm->mmap_lock){++++}-{3:3}: [ 71.879778][ T5226] validate_chain+0x18ef/0x5920 [ 71.885142][ T5226] __lock_acquire+0x1384/0x2050 [ 71.890513][ T5226] lock_acquire+0x1ed/0x550 [ 71.895538][ T5226] __might_fault+0xc6/0x120 [ 71.900558][ T5226] _copy_to_user+0x2a/0xb0 [ 71.905496][ T5226] fiemap_fill_next_extent+0x235/0x410 [ 71.911473][ T5226] ocfs2_fiemap+0x9f1/0xf80 [ 71.916492][ T5226] do_vfs_ioctl+0x1bf8/0x2e40 [ 71.921785][ T5226] __se_sys_ioctl+0x81/0x170 [ 71.926893][ T5226] do_syscall_64+0xf3/0x230 [ 71.931910][ T5226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.938325][ T5226] [ 71.938325][ T5226] other info that might help us debug this: [ 71.938325][ T5226] [ 71.948544][ T5226] Chain exists of: [ 71.948544][ T5226] &mm->mmap_lock --> sb_pagefaults --> &oi->ip_alloc_sem [ 71.948544][ T5226] [ 71.961501][ T5226] Possible unsafe locking scenario: [ 71.961501][ T5226] [ 71.968942][ T5226] CPU0 CPU1 [ 71.974296][ T5226] ---- ---- [ 71.979649][ T5226] rlock(&oi->ip_alloc_sem); [ 71.984324][ T5226] lock(sb_pagefaults); [ 71.991084][ T5226] lock(&oi->ip_alloc_sem); [ 71.998193][ T5226] rlock(&mm->mmap_lock); [ 72.002608][ T5226] [ 72.002608][ T5226] *** DEADLOCK *** [ 72.002608][ T5226] [ 72.010740][ T5226] 1 lock held by syz-executor161/5226: [ 72.016187][ T5226] #0: ffff8880720d0660 (&oi->ip_alloc_sem){++++}-{3:3}, at: ocfs2_fiemap+0x377/0xf80 [ 72.025792][ T5226] [ 72.025792][ T5226] stack backtrace: [ 72.031683][ T5226] CPU: 0 UID: 0 PID: 5226 Comm: syz-executor161 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 [ 72.042815][ T5226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 72.052873][ T5226] Call Trace: [ 72.056151][ T5226] [ 72.059079][ T5226] dump_stack_lvl+0x241/0x360 [ 72.063776][ T5226] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.069028][ T5226] ? __pfx__printk+0x10/0x10 [ 72.073629][ T5226] print_circular_bug+0x13a/0x1b0 [ 72.078659][ T5226] check_noncircular+0x36a/0x4a0 [ 72.083603][ T5226] ? __pfx_check_noncircular+0x10/0x10 [ 72.089068][ T5226] ? lockdep_lock+0x123/0x2b0 [ 72.093765][ T5226] ? lockdep_unlock+0x16a/0x300 [ 72.098627][ T5226] ? __pfx_lockdep_unlock+0x10/0x10 [ 72.103839][ T5226] validate_chain+0x18ef/0x5920 [ 72.108703][ T5226] ? ocfs2_set_buffer_uptodate+0xb5/0x1350 [ 72.114521][ T5226] ? __pfx_validate_chain+0x10/0x10 [ 72.119727][ T5226] ? __mutex_unlock_slowpath+0x21d/0x750 [ 72.125365][ T5226] ? __pfx_validate_chain+0x10/0x10 [ 72.130582][ T5226] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 72.136568][ T5226] ? bdev_getblk+0x6e/0x550 [ 72.141087][ T5226] ? rcu_is_watching+0x15/0xb0 [ 72.145858][ T5226] ? ocfs2_read_blocks+0x123a/0x1600 [ 72.151159][ T5226] ? mark_lock+0x9a/0x360 [ 72.155495][ T5226] __lock_acquire+0x1384/0x2050 [ 72.160366][ T5226] lock_acquire+0x1ed/0x550 [ 72.164883][ T5226] ? __might_fault+0xaa/0x120 [ 72.169577][ T5226] ? __pfx_lock_acquire+0x10/0x10 [ 72.174615][ T5226] ? __pfx___might_resched+0x10/0x10 [ 72.179922][ T5226] ? __pfx___might_resched+0x10/0x10 [ 72.185227][ T5226] ? __might_fault+0xaa/0x120 [ 72.189911][ T5226] __might_fault+0xc6/0x120 [ 72.194426][ T5226] ? __might_fault+0xaa/0x120 [ 72.199111][ T5226] _copy_to_user+0x2a/0xb0 [ 72.203539][ T5226] fiemap_fill_next_extent+0x235/0x410 [ 72.209013][ T5226] ? __pfx_fiemap_fill_next_extent+0x10/0x10 [ 72.215008][ T5226] ? fiemap_prep+0x19e/0x240 [ 72.219654][ T5226] ocfs2_fiemap+0x9f1/0xf80 [ 72.224171][ T5226] ? __pfx_ocfs2_fiemap+0x10/0x10 [ 72.229206][ T5226] ? __might_fault+0xaa/0x120 [ 72.233898][ T5226] ? stack_depot_save_flags+0x29/0x830 [ 72.239383][ T5226] ? __might_fault+0xc6/0x120 [ 72.244075][ T5226] ? __pfx_ocfs2_fiemap+0x10/0x10 [ 72.249106][ T5226] do_vfs_ioctl+0x1bf8/0x2e40 [ 72.253796][ T5226] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 72.258829][ T5226] ? mark_lock+0x9a/0x360 [ 72.263172][ T5226] ? tomoyo_path_number_perm+0x208/0x880 [ 72.268811][ T5226] ? __pfx_lock_release+0x10/0x10 [ 72.273849][ T5226] ? lockdep_hardirqs_on+0x99/0x150 [ 72.279066][ T5226] ? kfree+0x1a0/0x440 [ 72.283140][ T5226] ? tomoyo_path_number_perm+0x68d/0x880 [ 72.288785][ T5226] ? tomoyo_path_number_perm+0x71a/0x880 [ 72.294432][ T5226] ? tomoyo_path_number_perm+0x208/0x880 [ 72.300073][ T5226] ? smack_log+0x123/0x540 [ 72.304504][ T5226] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 72.310492][ T5226] ? __pfx_smack_log+0x10/0x10 [ 72.315271][ T5226] ? smk_access+0x4ab/0x4e0 [ 72.319791][ T5226] ? smk_tskacc+0x300/0x370 [ 72.324311][ T5226] ? smack_file_ioctl+0x2f7/0x3a0 [ 72.329346][ T5226] ? __pfx_smack_file_ioctl+0x10/0x10 [ 72.334725][ T5226] ? __pfx_ptrace_notify+0x10/0x10 [ 72.339850][ T5226] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 72.346215][ T5226] __se_sys_ioctl+0x81/0x170 [ 72.350818][ T5226] do_syscall_64+0xf3/0x230 [ 72.355336][ T5226] ? clear_bhb_loop+0x35/0x90 [ 72.360023][ T5226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.365946][ T5226] RIP: 0033:0x7f29e7953939 [ 72.370371][ T5226] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 ioctl(5, FS_IOC_FIEMAP, {fm_start=8192, fm_length=17592186040320, fm_flags=0, fm_extent_count=4} => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 72.389990][ T5226] RSP: 002b:00007ffc2a87c3b8 EFLAGS