./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3102661152 <...> Warning: Permanently added '10.128.0.89' (ED25519) to the list of known hosts. execve("./syz-executor3102661152", ["./syz-executor3102661152"], 0x7fffff7288e0 /* 10 vars */) = 0 brk(NULL) = 0x55557c4b2000 brk(0x55557c4b2d00) = 0x55557c4b2d00 arch_prctl(ARCH_SET_FS, 0x55557c4b2380) = 0 set_tid_address(0x55557c4b2650) = 5829 set_robust_list(0x55557c4b2660, 24) = 0 rseq(0x55557c4b2ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3102661152", 4096) = 28 getrandom("\x2a\x17\xf6\x8e\xbb\xf3\xa4\x7e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557c4b2d00 brk(0x55557c4d3d00) = 0x55557c4d3d00 brk(0x55557c4d4000) = 0x55557c4d4000 mprotect(0x7f3c27d2c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 executing program write(1, "executing program\n", 18) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c1f800000 write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 munmap(0x7f3c1f800000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 [ 64.670527][ T5829] loop0: detected capacity change from 0 to 32768 [ 64.718738][ T5829] ======================================================= [ 64.718738][ T5829] WARNING: The mand mount option has been deprecated and [ 64.718738][ T5829] and is ignored by this kernel. Remove the mand [ 64.718738][ T5829] option from the mount to silence this warning. [ 64.718738][ T5829] ======================================================= mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,errors=remount-ro,acl"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 64.775813][ T5829] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 64.791810][ T5829] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. openat(AT_FDCWD, "./file1", O_RDONLY|O_CREAT|FASYNC, 000) = 4 [ 64.854467][ T5829] [ 64.857016][ T5829] ====================================================== [ 64.864562][ T5829] WARNING: possible circular locking dependency detected [ 64.872227][ T5829] 6.12.0-next-20241120-syzkaller #0 Not tainted [ 64.878651][ T5829] ------------------------------------------------------ [ 64.886047][ T5829] syz-executor310/5829 is trying to acquire lock: [ 64.892447][ T5829] ffff8880734e1800 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x192/0x4eb0 [ 64.905739][ T5829] [ 64.905739][ T5829] but task is already holding lock: [ 64.913837][ T5829] ffff8880734e5c78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x633/0x1930 [ 64.923444][ T5829] [ 64.923444][ T5829] which lock already depends on the new lock. [ 64.923444][ T5829] [ 64.933865][ T5829] [ 64.933865][ T5829] the existing dependency chain (in reverse order) is: [ 64.942892][ T5829] [ 64.942892][ T5829] -> #5 (&oi->ip_xattr_sem){++++}-{4:4}: [ 64.951232][ T5829] lock_acquire+0x1ed/0x550 [ 64.956256][ T5829] down_read+0xb1/0xa40 [ 64.960929][ T5829] ocfs2_init_acl+0x397/0x930 [ 64.966121][ T5829] ocfs2_mknod+0x1c05/0x2b40 [ 64.971243][ T5829] ocfs2_create+0x1ab/0x480 [ 64.976346][ T5829] path_openat+0x1c03/0x3590 [ 64.981483][ T5829] do_filp_open+0x27f/0x4e0 [ 64.986524][ T5829] do_sys_openat2+0x13e/0x1d0 [ 64.991800][ T5829] __x64_sys_openat+0x247/0x2a0 [ 64.997167][ T5829] do_syscall_64+0xf3/0x230 [ 65.002286][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.008712][ T5829] [ 65.008712][ T5829] -> #4 (jbd2_handle){.+.+}-{0:0}: [ 65.015995][ T5829] lock_acquire+0x1ed/0x550 [ 65.021041][ T5829] start_this_handle+0x1eb4/0x2110 [ 65.026746][ T5829] jbd2__journal_start+0x2da/0x5d0 [ 65.032632][ T5829] jbd2_journal_start+0x29/0x40 [ 65.038013][ T5829] ocfs2_start_trans+0x3c9/0x700 [ 65.043477][ T5829] ocfs2_mknod+0x150c/0x2b40 [ 65.048708][ T5829] ocfs2_create+0x1ab/0x480 [ 65.053757][ T5829] path_openat+0x1c03/0x3590 [ 65.058871][ T5829] do_filp_open+0x27f/0x4e0 [ 65.063981][ T5829] do_sys_openat2+0x13e/0x1d0 [ 65.069175][ T5829] __x64_sys_openat+0x247/0x2a0 [ 65.074566][ T5829] do_syscall_64+0xf3/0x230 [ 65.079644][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.086241][ T5829] [ 65.086241][ T5829] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 65.095352][ T5829] lock_acquire+0x1ed/0x550 [ 65.100661][ T5829] down_read+0xb1/0xa40 [ 65.105335][ T5829] ocfs2_start_trans+0x3be/0x700 [ 65.110822][ T5829] ocfs2_mknod+0x150c/0x2b40 [ 65.116224][ T5829] ocfs2_create+0x1ab/0x480 [ 65.121355][ T5829] path_openat+0x1c03/0x3590 [ 65.126633][ T5829] do_filp_open+0x27f/0x4e0 [ 65.131647][ T5829] do_sys_openat2+0x13e/0x1d0 [ 65.136838][ T5829] __x64_sys_openat+0x247/0x2a0 [ 65.142209][ T5829] do_syscall_64+0xf3/0x230 [ 65.147396][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.154340][ T5829] [ 65.154340][ T5829] -> #2 (sb_internal#2){.+.+}-{0:0}: [ 65.161825][ T5829] lock_acquire+0x1ed/0x550 [ 65.166859][ T5829] ocfs2_start_trans+0x2b9/0x700 [ 65.172320][ T5829] ocfs2_mknod+0x150c/0x2b40 [ 65.177423][ T5829] ocfs2_create+0x1ab/0x480 [ 65.182465][ T5829] path_openat+0x1c03/0x3590 [ 65.187568][ T5829] do_filp_open+0x27f/0x4e0 [ 65.192576][ T5829] do_sys_openat2+0x13e/0x1d0 [ 65.197761][ T5829] __x64_sys_openat+0x247/0x2a0 [ 65.203122][ T5829] do_syscall_64+0xf3/0x230 [ 65.208134][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.215172][ T5829] [ 65.215172][ T5829] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{4:4}: [ 65.226055][ T5829] lock_acquire+0x1ed/0x550 [ 65.231162][ T5829] down_write+0x99/0x220 [ 65.235912][ T5829] ocfs2_reserve_local_alloc_bits+0x132/0x2870 [ 65.242667][ T5829] ocfs2_reserve_clusters_with_limit+0x1b8/0xb60 [ 65.249596][ T5829] ocfs2_mknod+0x1486/0x2b40 [ 65.254762][ T5829] ocfs2_create+0x1ab/0x480 [ 65.259822][ T5829] path_openat+0x1c03/0x3590 [ 65.264958][ T5829] do_filp_open+0x27f/0x4e0 [ 65.269975][ T5829] do_sys_openat2+0x13e/0x1d0 [ 65.275164][ T5829] __x64_sys_openat+0x247/0x2a0 [ 65.280523][ T5829] do_syscall_64+0xf3/0x230 [ 65.285534][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.291945][ T5829] [ 65.291945][ T5829] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{4:4}: [ 65.302523][ T5829] validate_chain+0x18ef/0x5920 [ 65.307905][ T5829] __lock_acquire+0x1397/0x2100 [ 65.313338][ T5829] lock_acquire+0x1ed/0x550 [ 65.318382][ T5829] down_write+0x99/0x220 [ 65.323144][ T5829] ocfs2_reserve_suballoc_bits+0x192/0x4eb0 [ 65.329637][ T5829] ocfs2_reserve_new_metadata_blocks+0x41c/0x9c0 [ 65.336477][ T5829] ocfs2_init_xattr_set_ctxt+0x3a6/0x900 [ 65.343694][ T5829] ocfs2_xattr_set+0xf4e/0x1930 [ 65.349067][ T5829] __vfs_setxattr+0x468/0x4a0 [ 65.354584][ T5829] __vfs_setxattr_noperm+0x12e/0x660 [ 65.360496][ T5829] vfs_setxattr+0x221/0x430 [ 65.365519][ T5829] file_setxattr+0x1e2/0x2b0 [ 65.370629][ T5829] path_setxattrat+0x483/0x510 [ 65.375993][ T5829] __x64_sys_fsetxattr+0xbc/0xe0 [ 65.381462][ T5829] do_syscall_64+0xf3/0x230 [ 65.386489][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.392915][ T5829] [ 65.392915][ T5829] other info that might help us debug this: [ 65.392915][ T5829] [ 65.403319][ T5829] Chain exists of: [ 65.403319][ T5829] &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3 --> jbd2_handle --> &oi->ip_xattr_sem [ 65.403319][ T5829] [ 65.419498][ T5829] Possible unsafe locking scenario: [ 65.419498][ T5829] [ 65.426962][ T5829] CPU0 CPU1 [ 65.432417][ T5829] ---- ---- [ 65.437798][ T5829] lock(&oi->ip_xattr_sem); [ 65.442398][ T5829] lock(jbd2_handle); [ 65.448991][ T5829] lock(&oi->ip_xattr_sem); [ 65.456185][ T5829] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3); [ 65.463508][ T5829] [ 65.463508][ T5829] *** DEADLOCK *** [ 65.463508][ T5829] [ 65.471831][ T5829] 3 locks held by syz-executor310/5829: [ 65.477717][ T5829] #0: ffff8880356b0420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write_file+0x5e/0x200 [ 65.487388][ T5829] #1: ffff8880734e5f40 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: vfs_setxattr+0x1e1/0x430 [ 65.498103][ T5829] #2: ffff8880734e5c78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x633/0x1930 [ 65.508270][ T5829] [ 65.508270][ T5829] stack backtrace: [ 65.514162][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor310 Not tainted 6.12.0-next-20241120-syzkaller #0 [ 65.524489][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 65.534731][ T5829] Call Trace: [ 65.538181][ T5829] [ 65.541104][ T5829] dump_stack_lvl+0x241/0x360 [ 65.545819][ T5829] ? __pfx_dump_stack_lvl+0x10/0x10 [ 65.551007][ T5829] ? __pfx__printk+0x10/0x10 [ 65.555663][ T5829] print_circular_bug+0x13a/0x1b0 [ 65.560696][ T5829] check_noncircular+0x36a/0x4a0 [ 65.565631][ T5829] ? __pfx_check_noncircular+0x10/0x10 [ 65.571277][ T5829] ? lockdep_lock+0x123/0x2b0 [ 65.576038][ T5829] validate_chain+0x18ef/0x5920 [ 65.581143][ T5829] ? __pfx_validate_chain+0x10/0x10 [ 65.586338][ T5829] ? __pfx_validate_chain+0x10/0x10 [ 65.591527][ T5829] ? mark_lock+0x9a/0x360 [ 65.595940][ T5829] ? ocfs2_get_system_file_inode+0x1d4/0x7b0 [ 65.601913][ T5829] ? __pfx_lock_release+0x10/0x10 [ 65.607013][ T5829] ? mark_lock+0x9a/0x360 [ 65.611335][ T5829] __lock_acquire+0x1397/0x2100 [ 65.616174][ T5829] lock_acquire+0x1ed/0x550 [ 65.620664][ T5829] ? ocfs2_reserve_suballoc_bits+0x192/0x4eb0 [ 65.626811][ T5829] ? __pfx_lock_acquire+0x10/0x10 [ 65.632027][ T5829] ? __pfx___might_resched+0x10/0x10 [ 65.637305][ T5829] ? __pfx_ocfs2_get_system_file_inode+0x10/0x10 [ 65.643629][ T5829] ? __lock_acquire+0x1397/0x2100 [ 65.648646][ T5829] down_write+0x99/0x220 [ 65.652885][ T5829] ? ocfs2_reserve_suballoc_bits+0x192/0x4eb0 [ 65.658941][ T5829] ? __pfx_down_write+0x10/0x10 [ 65.663822][ T5829] ocfs2_reserve_suballoc_bits+0x192/0x4eb0 [ 65.669721][ T5829] ? mark_lock+0x9a/0x360 [ 65.674045][ T5829] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 65.680034][ T5829] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 65.686480][ T5829] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 65.692395][ T5829] ? lockdep_hardirqs_on+0x99/0x150 [ 65.697598][ T5829] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 65.703573][ T5829] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 65.709891][ T5829] ? __pfx_ocfs2_reserve_suballoc_bits+0x10/0x10 [ 65.716225][ T5829] ? stack_depot_save_flags+0x6e4/0x830 [ 65.722046][ T5829] ? kasan_save_track+0x51/0x80 [ 65.727247][ T5829] ? kasan_save_track+0x3f/0x80 [ 65.732109][ T5829] ? __kasan_kmalloc+0x98/0xb0 [ 65.736862][ T5829] ? __kmalloc_cache_noprof+0x243/0x390 [ 65.742507][ T5829] ? ocfs2_reserve_new_metadata_blocks+0x117/0x9c0 [ 65.749037][ T5829] ? ocfs2_init_xattr_set_ctxt+0x3a6/0x900 [ 65.754848][ T5829] ? ocfs2_xattr_set+0xf4e/0x1930 [ 65.759870][ T5829] ? __vfs_setxattr+0x468/0x4a0 [ 65.764709][ T5829] ? __vfs_setxattr_noperm+0x12e/0x660 [ 65.770166][ T5829] ? vfs_setxattr+0x221/0x430 [ 65.774832][ T5829] ? file_setxattr+0x1e2/0x2b0 [ 65.779606][ T5829] ? path_setxattrat+0x483/0x510 [ 65.784554][ T5829] ? __x64_sys_fsetxattr+0xbc/0xe0 [ 65.789661][ T5829] ? do_syscall_64+0xf3/0x230 [ 65.794330][ T5829] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.800415][ T5829] ? __kasan_kmalloc+0x98/0xb0 [ 65.805200][ T5829] ? __kmalloc_cache_noprof+0x243/0x390 [ 65.810913][ T5829] ? ocfs2_reserve_new_metadata_blocks+0x117/0x9c0 [ 65.817585][ T5829] ocfs2_reserve_new_metadata_blocks+0x41c/0x9c0 [ 65.823906][ T5829] ? __pfx_ocfs2_reserve_new_metadata_blocks+0x10/0x10 [ 65.830758][ T5829] ? __pfx_ocfs2_calc_xattr_set_need+0x10/0x10 [ 65.836921][ T5829] ? ocfs2_xattr_set+0xf00/0x1930 [ 65.841959][ T5829] ocfs2_init_xattr_set_ctxt+0x3a6/0x900 [ 65.847594][ T5829] ? __pfx_ocfs2_init_xattr_set_ctxt+0x10/0x10 [ 65.854027][ T5829] ? up_write+0x1a9/0x590 [ 65.858359][ T5829] ? __pfx_ocfs2_truncate_log_needs_flush+0x10/0x10 [ 65.865056][ T5829] ? __pfx_up_write+0x10/0x10 [ 65.869747][ T5829] ? __kmalloc_cache_noprof+0x243/0x390 [ 65.875294][ T5829] ? ocfs2_xattr_set+0x4d5/0x1930 [ 65.880333][ T5829] ocfs2_xattr_set+0xf4e/0x1930 [ 65.885289][ T5829] ? __pfx_ocfs2_xattr_set+0x10/0x10 [ 65.891129][ T5829] ? validate_chain+0x11e/0x5920 [ 65.896523][ T5829] ? __pfx_validate_chain+0x10/0x10 [ 65.901917][ T5829] ? mark_lock+0x9a/0x360 [ 65.906307][ T5829] ? aa_get_newest_label+0xff/0x6f0 [ 65.911595][ T5829] ? posix_xattr_acl+0x76/0xd0 [ 65.916387][ T5829] ? evm_protect_xattr+0x4be/0xb30 [ 65.921795][ T5829] ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10 [ 65.927783][ T5829] __vfs_setxattr+0x468/0x4a0 [ 65.932546][ T5829] __vfs_setxattr_noperm+0x12e/0x660 [ 65.938013][ T5829] vfs_setxattr+0x221/0x430 [ 65.942535][ T5829] ? __pfx_vfs_setxattr+0x10/0x10 [ 65.947579][ T5829] ? mnt_get_write_access+0x226/0x2b0 [ 65.953131][ T5829] file_setxattr+0x1e2/0x2b0 [ 65.957762][ T5829] path_setxattrat+0x483/0x510 [ 65.962626][ T5829] ? __pfx_path_setxattrat+0x10/0x10 [ 65.968082][ T5829] ? _raw_spin_unlock_irq+0x2e/0x50 [ 65.973269][ T5829] ? ptrace_notify+0x279/0x380 [ 65.978027][ T5829] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 65.984432][ T5829] __x64_sys_fsetxattr+0xbc/0xe0 [ 65.989728][ T5829] do_syscall_64+0xf3/0x230 [ 65.994245][ T5829] ? clear_bhb_loop+0x35/0x90 [ 65.998998][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.005332][ T5829] RIP: 0033:0x7f3c27cb56f9 [ 66.009881][ T5829] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 66.030014][ T5829] RSP: 002b:00007fff8e791858 EFLAGS: 00000246 ORIG_RAX: 00000000000000be [ 66.038756][ T5829] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f3c27cb56f9 [ 66.046817][ T5829] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 fsetxattr(4, "trusted.overlay.redirect", NULL, 0, 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 66.055041][ T5829] RBP: 00007f3c27d2c610 R08: 00000