./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2187186758 <...> Warning: Permanently added '10.128.1.42' (ECDSA) to the list of known hosts. execve("./syz-executor2187186758", ["./syz-executor2187186758"], 0x7fff74084530 /* 10 vars */) = 0 brk(NULL) = 0x55555698c000 brk(0x55555698cc40) = 0x55555698cc40 arch_prctl(ARCH_SET_FS, 0x55555698c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2187186758", 4096) = 28 brk(0x5555569adc40) = 0x5555569adc40 brk(0x5555569ae000) = 0x5555569ae000 mprotect(0x7f0b7b7f6000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b73338000 [ 81.940039][ T5030] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5030 'syz-executor218' write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 munmap(0x7f0b73338000, 20699119) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 82.184537][ T5030] loop0: detected capacity change from 0 to 40427 [ 82.205282][ T5030] F2FS-fs (loop0): Found nat_bits in checkpoint mount("/dev/loop0", "./file0", "f2fs", 0, "nolazytime,data_flush,noinline_xattr,jqfmt=vfsv1,") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 mkdir("./file1", 000) = 0 mkdirat(AT_FDCWD, "./file0", 000) = 0 mkdirat(AT_FDCWD, "./bus", 000) = 0 [ 82.251535][ T5030] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 82.287129][ T5030] [ 82.289523][ T5030] ====================================================== [ 82.296575][ T5030] WARNING: possible circular locking dependency detected [ 82.303725][ T5030] 6.4.0-next-20230703-syzkaller #0 Not tainted [ 82.309910][ T5030] ------------------------------------------------------ [ 82.316929][ T5030] syz-executor218/5030 is trying to acquire lock: [ 82.323345][ T5030] ffff8880752cb160 (&fi->i_sem){+.+.}-{3:3}, at: f2fs_add_inline_entry+0x2c4/0x6c0 [ 82.332808][ T5030] [ 82.332808][ T5030] but task is already holding lock: [ 82.340185][ T5030] ffff8880752c9978 (&fi->i_xattr_sem){.+.+}-{3:3}, at: f2fs_add_dentry+0x92/0x240 [ 82.349452][ T5030] [ 82.349452][ T5030] which lock already depends on the new lock. [ 82.349452][ T5030] [ 82.359869][ T5030] [ 82.359869][ T5030] the existing dependency chain (in reverse order) is: [ 82.369091][ T5030] [ 82.369091][ T5030] -> #1 (&fi->i_xattr_sem){.+.+}-{3:3}: [ 82.376849][ T5030] down_read+0x9c/0x480 [ 82.381563][ T5030] f2fs_getxattr+0xb96/0xfd0 [ 82.386694][ T5030] __f2fs_get_acl+0x59/0x610 [ 82.391922][ T5030] f2fs_init_acl+0x152/0xb40 [ 82.397068][ T5030] f2fs_init_inode_metadata+0x15d/0x1260 [ 82.403251][ T5030] f2fs_add_regular_entry+0x776/0xb70 [ 82.409171][ T5030] f2fs_add_dentry+0x1e1/0x240 [ 82.414480][ T5030] f2fs_do_add_link+0x183/0x270 [ 82.419883][ T5030] f2fs_mkdir+0x387/0x630 [ 82.424765][ T5030] vfs_mkdir+0x242/0x460 [ 82.429553][ T5030] do_mkdirat+0x28d/0x310 [ 82.434427][ T5030] __x64_sys_mkdir+0xf6/0x140 [ 82.439652][ T5030] do_syscall_64+0x39/0xb0 [ 82.444615][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.451069][ T5030] [ 82.451069][ T5030] -> #0 (&fi->i_sem){+.+.}-{3:3}: [ 82.458394][ T5030] __lock_acquire+0x2e9d/0x5e20 [ 82.463798][ T5030] lock_acquire+0x1b1/0x520 [ 82.468855][ T5030] down_write+0x92/0x200 [ 82.473659][ T5030] f2fs_add_inline_entry+0x2c4/0x6c0 [ 82.479495][ T5030] f2fs_add_dentry+0xa6/0x240 [ 82.484809][ T5030] f2fs_do_add_link+0x183/0x270 [ 82.490207][ T5030] f2fs_mkdir+0x387/0x630 [ 82.495083][ T5030] vfs_mkdir+0x242/0x460 [ 82.499869][ T5030] ovl_mkdir_real+0xbc/0x390 [ 82.505027][ T5030] ovl_workdir_create+0x3d2/0x900 [ 82.510597][ T5030] ovl_fill_super+0xcb6/0x5c90 [ 82.515902][ T5030] vfs_get_super+0xea/0x280 [ 82.520984][ T5030] vfs_get_tree+0x8d/0x350 [ 82.525965][ T5030] path_mount+0x136e/0x1e70 [ 82.531011][ T5030] __x64_sys_mount+0x283/0x300 [ 82.536325][ T5030] do_syscall_64+0x39/0xb0 [ 82.541282][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.547721][ T5030] [ 82.547721][ T5030] other info that might help us debug this: [ 82.547721][ T5030] [ 82.557974][ T5030] Possible unsafe locking scenario: [ 82.557974][ T5030] [ 82.565443][ T5030] CPU0 CPU1 [ 82.570817][ T5030] ---- ---- [ 82.576191][ T5030] rlock(&fi->i_xattr_sem); [ 82.580798][ T5030] lock(&fi->i_sem); [ 82.587316][ T5030] lock(&fi->i_xattr_sem); [ 82.594356][ T5030] lock(&fi->i_sem); [ 82.598352][ T5030] [ 82.598352][ T5030] *** DEADLOCK *** [ 82.598352][ T5030] [ 82.606504][ T5030] 5 locks held by syz-executor218/5030: [ 82.612068][ T5030] #0: ffff8880780d60e0 (&type->s_umount_key#42/1){+.+.}-{3:3}, at: alloc_super+0x22e/0xb40 [ 82.622263][ T5030] #1: ffff8880271d6410 (sb_writers#9){.+.+}-{0:0}, at: ovl_fill_super+0xc8d/0x5c90 [ 82.631713][ T5030] #2: ffff8880752c9300 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: ovl_workdir_create+0x137/0x900 [ 82.642831][ T5030] #3: ffff8880786603b0 (&sbi->cp_rwsem){.+.+}-{3:3}, at: f2fs_mkdir+0x2a2/0x630 [ 82.652028][ T5030] #4: ffff8880752c9978 (&fi->i_xattr_sem){.+.+}-{3:3}, at: f2fs_add_dentry+0x92/0x240 [ 82.661736][ T5030] [ 82.661736][ T5030] stack backtrace: [ 82.667631][ T5030] CPU: 0 PID: 5030 Comm: syz-executor218 Not tainted 6.4.0-next-20230703-syzkaller #0 [ 82.677196][ T5030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 82.687358][ T5030] Call Trace: [ 82.690651][ T5030] [ 82.693597][ T5030] dump_stack_lvl+0xd9/0x150 [ 82.698239][ T5030] check_noncircular+0x2df/0x3b0 [ 82.703210][ T5030] ? register_lock_class+0xbe/0x1120 [ 82.708526][ T5030] ? print_circular_bug+0x740/0x740 [ 82.713755][ T5030] ? unwind_get_return_address+0x55/0xa0 [ 82.719436][ T5030] __lock_acquire+0x2e9d/0x5e20 [ 82.724330][ T5030] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 82.730346][ T5030] ? filemap_get_entry+0x225/0x430 [ 82.735487][ T5030] ? f2fs_inode_chksum_verify+0x1b4/0x3c0 [ 82.741244][ T5030] lock_acquire+0x1b1/0x520 [ 82.745776][ T5030] ? f2fs_add_inline_entry+0x2c4/0x6c0 [ 82.751266][ T5030] ? lock_sync+0x190/0x190 [ 82.755725][ T5030] down_write+0x92/0x200 [ 82.759999][ T5030] ? f2fs_add_inline_entry+0x2c4/0x6c0 [ 82.765499][ T5030] ? rwsem_down_write_slowpath+0x1220/0x1220 [ 82.771515][ T5030] ? f2fs_room_for_filename+0x50/0xc0 [ 82.778918][ T5030] f2fs_add_inline_entry+0x2c4/0x6c0 [ 82.784236][ T5030] ? f2fs_try_convert_inline_dir+0x3b0/0x3b0 [ 82.790256][ T5030] ? __f2fs_setup_filename+0x370/0x370 [ 82.795747][ T5030] f2fs_add_dentry+0xa6/0x240 [ 82.800453][ T5030] f2fs_do_add_link+0x183/0x270 [ 82.805328][ T5030] ? f2fs_add_dentry+0x240/0x240 [ 82.810294][ T5030] ? f2fs_mkdir+0x126/0x630 [ 82.814828][ T5030] ? f2fs_dquot_initialize+0x118/0x300 [ 82.820320][ T5030] f2fs_mkdir+0x387/0x630 [ 82.824681][ T5030] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 82.829728][ T5030] ? security_inode_mkdir+0xda/0x110 [ 82.835053][ T5030] vfs_mkdir+0x242/0x460 [ 82.839324][ T5030] ovl_mkdir_real+0xbc/0x390 [ 82.843974][ T5030] ovl_workdir_create+0x3d2/0x900 [ 82.849046][ T5030] ? __mnt_want_write+0x3f/0x2e0 [ 82.854027][ T5030] ? ovl_do_rename.constprop.0+0x270/0x270 [ 82.859865][ T5030] ? lock_sync+0x190/0x190 [ 82.864322][ T5030] ? __mnt_want_write+0x1fe/0x2e0 [ 82.869379][ T5030] ovl_fill_super+0xcb6/0x5c90 [ 82.874199][ T5030] ? find_held_lock+0x2d/0x110 [ 82.879287][ T5030] ? sget_fc+0x5f3/0x810 [ 82.883574][ T5030] ? ovl_dentry_weak_revalidate+0x50/0x50 [ 82.889332][ T5030] ? down_write+0x14f/0x200 [ 82.893889][ T5030] ? rwsem_down_write_slowpath+0x1220/0x1220 [ 82.899919][ T5030] ? up_write+0x1b4/0x520 [ 82.904280][ T5030] ? sget_fc+0x15a/0x810 [ 82.908553][ T5030] ? set_anon_super+0xb0/0xb0 [ 82.913260][ T5030] ? ovl_dentry_weak_revalidate+0x50/0x50 [ 82.919096][ T5030] vfs_get_super+0xea/0x280 [ 82.923904][ T5030] vfs_get_tree+0x8d/0x350 [ 82.928435][ T5030] path_mount+0x136e/0x1e70 [ 82.932969][ T5030] ? putname+0x102/0x140 [ 82.937247][ T5030] ? kmem_cache_free+0xf0/0x490 [ 82.942144][ T5030] ? finish_automount+0xa30/0xa30 [ 82.947207][ T5030] ? putname+0x102/0x140 [ 82.951478][ T5030] __x64_sys_mount+0x283/0x300 [ 82.956272][ T5030] ? copy_mnt_ns+0xb30/0xb30 [ 82.960896][ T5030] ? lockdep_hardirqs_on+0x7d/0x100 [ 82.966133][ T5030] ? _raw_spin_unlock_irq+0x2e/0x50 [ 82.971359][ T5030] ? ptrace_notify+0xfe/0x140 [ 82.976066][ T5030] do_syscall_64+0x39/0xb0 [ 82.980510][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.986436][ T5030] RIP: 0033:0x7f0b7b784909 [ 82.990877][ T5030] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 83.010596][ T5030] RSP: 002b:00007ffcdf3d7158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 83.019993][ T5030] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f0b7b784909 [ 83.028172][ T5030] RDX: 0000000020000280 RSI: 0000000020000040 RDI: 0000000000000000 [ 83.036163][ T5030] RBP: 00007f0b7b7441a0 R08: 0000000020000180 R09: 0000000000000000 [ 83.044167][ T5030] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0b7b744230 mount(NULL, "./bus", "overlay", 0, "workdir=./file1,lowerdir=./file0,upperdir=./bus,index=on") = 0 exit_group(0) = ? +++ exited with 0 +++ [ 83.052155][ T5030] R13: 0000000