./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2227589126 <...> Warning: Permanently added '10.128.0.140' (ED25519) to the list of known hosts. execve("./syz-executor2227589126", ["./syz-executor2227589126"], 0x7ffe30ddf890 /* 10 vars */) = 0 brk(NULL) = 0x555576a3b000 brk(0x555576a3bd00) = 0x555576a3bd00 arch_prctl(ARCH_SET_FS, 0x555576a3b380) = 0 set_tid_address(0x555576a3b650) = 5827 set_robust_list(0x555576a3b660, 24) = 0 rseq(0x555576a3bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2227589126", 4096) = 28 getrandom("\x75\x81\x3b\xa5\x87\xec\xed\x59", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555576a3bd00 brk(0x555576a5cd00) = 0x555576a5cd00 brk(0x555576a5d000) = 0x555576a5d000 mprotect(0x7f28998c3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 executing program write(1, "executing program\n", 18) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2891400000 write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 munmap(0x7f2891400000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file3", 0777) = 0 [ 61.314058][ T5827] loop0: detected capacity change from 0 to 32768 [ 61.357584][ T5827] ======================================================= [ 61.357584][ T5827] WARNING: The mand mount option has been deprecated and [ 61.357584][ T5827] and is ignored by this kernel. Remove the mand [ 61.357584][ T5827] option from the mount to silence this warning. [ 61.357584][ T5827] ======================================================= mount("/dev/loop0", "./file3", "ocfs2", MS_NOSUID|MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,heartbeat=none,coherency=full,coherency=full,resv_level=00000000000000000001,erro"...) = 0 openat(AT_FDCWD, "./file3", O_RDONLY|O_DIRECTORY) = 3 chdir("./file3") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 61.409641][ T5827] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 61.443643][ T5827] [ 61.445973][ T5827] ====================================================== [ 61.452969][ T5827] WARNING: possible circular locking dependency detected [ 61.459982][ T5827] 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 Not tainted [ 61.467084][ T5827] ------------------------------------------------------ [ 61.474078][ T5827] syz-executor222/5827 is trying to acquire lock: [ 61.480469][ T5827] ffff888072d05be0 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 61.491095][ T5827] [ 61.491095][ T5827] but task is already holding lock: [ 61.498456][ T5827] ffff888072d05c78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa5/0x330 [ 61.509050][ T5827] [ 61.509050][ T5827] which lock already depends on the new lock. [ 61.509050][ T5827] [ 61.519428][ T5827] [ 61.519428][ T5827] the existing dependency chain (in reverse order) is: [ 61.528422][ T5827] [ 61.528422][ T5827] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}: [ 61.536231][ T5827] lock_acquire+0x1ed/0x550 [ 61.541252][ T5827] down_read+0xb1/0xa40 [ 61.545932][ T5827] ocfs2_init_acl+0x397/0x930 [ 61.551460][ T5827] ocfs2_mknod+0x1c05/0x2b30 [ 61.556551][ T5827] ocfs2_create+0x1ab/0x470 [ 61.561555][ T5827] path_openat+0x1c03/0x3590 [ 61.566669][ T5827] do_filp_open+0x27f/0x4e0 [ 61.571674][ T5827] do_sys_openat2+0x13e/0x1d0 [ 61.576849][ T5827] __x64_sys_openat+0x247/0x2a0 [ 61.582199][ T5827] do_syscall_64+0xf3/0x230 [ 61.587206][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.593611][ T5827] [ 61.593611][ T5827] -> #3 (jbd2_handle){.+.+}-{0:0}: [ 61.600890][ T5827] lock_acquire+0x1ed/0x550 [ 61.605907][ T5827] start_this_handle+0x1eb4/0x2110 [ 61.611532][ T5827] jbd2__journal_start+0x2da/0x5d0 [ 61.617175][ T5827] jbd2_journal_start+0x29/0x40 [ 61.622645][ T5827] ocfs2_start_trans+0x3c9/0x700 [ 61.628106][ T5827] ocfs2_reserve_suballoc_bits+0x9f6/0x4e70 [ 61.634502][ T5827] ocfs2_reserve_new_metadata_blocks+0x41c/0x9c0 [ 61.641355][ T5827] ocfs2_mknod+0x143a/0x2b30 [ 61.646450][ T5827] ocfs2_create+0x1ab/0x470 [ 61.651453][ T5827] path_openat+0x1c03/0x3590 [ 61.656543][ T5827] do_filp_open+0x27f/0x4e0 [ 61.661548][ T5827] do_sys_openat2+0x13e/0x1d0 [ 61.666725][ T5827] __x64_sys_openat+0x247/0x2a0 [ 61.672074][ T5827] do_syscall_64+0xf3/0x230 [ 61.677117][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.683524][ T5827] [ 61.683524][ T5827] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 61.692017][ T5827] lock_acquire+0x1ed/0x550 [ 61.697039][ T5827] down_read+0xb1/0xa40 [ 61.701699][ T5827] ocfs2_start_trans+0x3be/0x700 [ 61.707225][ T5827] ocfs2_reserve_suballoc_bits+0x9f6/0x4e70 [ 61.713622][ T5827] ocfs2_reserve_new_metadata_blocks+0x41c/0x9c0 [ 61.720453][ T5827] ocfs2_mknod+0x143a/0x2b30 [ 61.725541][ T5827] ocfs2_create+0x1ab/0x470 [ 61.730546][ T5827] path_openat+0x1c03/0x3590 [ 61.735658][ T5827] do_filp_open+0x27f/0x4e0 [ 61.740662][ T5827] do_sys_openat2+0x13e/0x1d0 [ 61.745844][ T5827] __x64_sys_openat+0x247/0x2a0 [ 61.751201][ T5827] do_syscall_64+0xf3/0x230 [ 61.756211][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.762608][ T5827] [ 61.762608][ T5827] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 61.770070][ T5827] lock_acquire+0x1ed/0x550 [ 61.775078][ T5827] ocfs2_start_trans+0x2b9/0x700 [ 61.780520][ T5827] ocfs2_truncate_file+0x69a/0x1560 [ 61.786396][ T5827] ocfs2_setattr+0x1890/0x1ef0 [ 61.791660][ T5827] notify_change+0xbca/0xe90 [ 61.796750][ T5827] do_truncate+0x220/0x310 [ 61.801665][ T5827] path_openat+0x2e1e/0x3590 [ 61.806753][ T5827] do_filp_open+0x27f/0x4e0 [ 61.811757][ T5827] do_sys_openat2+0x13e/0x1d0 [ 61.816930][ T5827] __x64_sys_openat+0x247/0x2a0 [ 61.822277][ T5827] do_syscall_64+0xf3/0x230 [ 61.827285][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.833681][ T5827] [ 61.833681][ T5827] -> #0 (&oi->ip_alloc_sem){+.+.}-{4:4}: [ 61.841479][ T5827] validate_chain+0x18ef/0x5920 [ 61.846833][ T5827] __lock_acquire+0x1397/0x2100 [ 61.852189][ T5827] lock_acquire+0x1ed/0x550 [ 61.857197][ T5827] down_write+0x99/0x220 [ 61.861942][ T5827] ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 61.868424][ T5827] ocfs2_truncate_file+0xe1b/0x1560 [ 61.874124][ T5827] ocfs2_setattr+0x1890/0x1ef0 [ 61.879383][ T5827] notify_change+0xbca/0xe90 [ 61.884473][ T5827] do_truncate+0x220/0x310 [ 61.889392][ T5827] path_openat+0x2e1e/0x3590 [ 61.894486][ T5827] do_filp_open+0x27f/0x4e0 [ 61.899488][ T5827] do_sys_openat2+0x13e/0x1d0 [ 61.904662][ T5827] __x64_sys_openat+0x247/0x2a0 [ 61.910007][ T5827] do_syscall_64+0xf3/0x230 [ 61.915012][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.921412][ T5827] [ 61.921412][ T5827] other info that might help us debug this: [ 61.921412][ T5827] [ 61.931620][ T5827] Chain exists of: [ 61.931620][ T5827] &oi->ip_alloc_sem --> jbd2_handle --> &oi->ip_xattr_sem [ 61.931620][ T5827] [ 61.944633][ T5827] Possible unsafe locking scenario: [ 61.944633][ T5827] [ 61.952060][ T5827] CPU0 CPU1 [ 61.957410][ T5827] ---- ---- [ 61.962749][ T5827] lock(&oi->ip_xattr_sem); [ 61.967323][ T5827] lock(jbd2_handle); [ 61.973888][ T5827] lock(&oi->ip_xattr_sem); [ 61.981002][ T5827] lock(&oi->ip_alloc_sem); [ 61.985589][ T5827] [ 61.985589][ T5827] *** DEADLOCK *** [ 61.985589][ T5827] [ 61.993731][ T5827] 3 locks held by syz-executor222/5827: [ 61.999253][ T5827] #0: ffff888076746420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 62.008388][ T5827] #1: ffff888072d05f40 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: do_truncate+0x20c/0x310 [ 62.018722][ T5827] #2: ffff888072d05c78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa5/0x330 [ 62.029745][ T5827] [ 62.029745][ T5827] stack backtrace: [ 62.035623][ T5827] CPU: 0 UID: 0 PID: 5827 Comm: syz-executor222 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 62.046704][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 62.056749][ T5827] Call Trace: [ 62.060008][ T5827] [ 62.062921][ T5827] dump_stack_lvl+0x241/0x360 [ 62.067582][ T5827] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.072762][ T5827] ? __pfx__printk+0x10/0x10 [ 62.077332][ T5827] print_circular_bug+0x13a/0x1b0 [ 62.082342][ T5827] check_noncircular+0x36a/0x4a0 [ 62.087261][ T5827] ? __pfx_check_noncircular+0x10/0x10 [ 62.092706][ T5827] ? lockdep_lock+0x123/0x2b0 [ 62.097366][ T5827] validate_chain+0x18ef/0x5920 [ 62.102207][ T5827] ? __pfx_validate_chain+0x10/0x10 [ 62.107386][ T5827] ? do_sys_openat2+0x13e/0x1d0 [ 62.112216][ T5827] ? do_syscall_64+0xf3/0x230 [ 62.116873][ T5827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.122923][ T5827] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 62.128891][ T5827] ? mark_lock+0x9a/0x360 [ 62.133224][ T5827] __lock_acquire+0x1397/0x2100 [ 62.138061][ T5827] lock_acquire+0x1ed/0x550 [ 62.142544][ T5827] ? ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 62.149113][ T5827] ? __pfx_lock_acquire+0x10/0x10 [ 62.154122][ T5827] ? __pfx___might_resched+0x10/0x10 [ 62.159398][ T5827] ? ocfs2_truncate_file+0xd45/0x1560 [ 62.164778][ T5827] ? __pfx_lock_release+0x10/0x10 [ 62.169788][ T5827] down_write+0x99/0x220 [ 62.174032][ T5827] ? ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 62.180254][ T5827] ? __pfx_down_write+0x10/0x10 [ 62.185099][ T5827] ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 62.191061][ T5827] ? __pfx_ocfs2_try_remove_refcount_tree+0x10/0x10 [ 62.197638][ T5827] ? ocfs2_metadata_cache_get_super+0x43/0x80 [ 62.203702][ T5827] ? ocfs2_inode_cache_get_super+0xd/0x40 [ 62.209403][ T5827] ocfs2_truncate_file+0xe1b/0x1560 [ 62.214598][ T5827] ? ocfs2_inode_lock_tracker+0x45a/0x760 [ 62.220310][ T5827] ? __pfx_ocfs2_truncate_file+0x10/0x10 [ 62.225931][ T5827] ? do_raw_spin_unlock+0x13c/0x8b0 [ 62.231136][ T5827] ? __asan_memset+0x23/0x50 [ 62.235713][ T5827] ? _raw_spin_unlock+0x28/0x50 [ 62.240548][ T5827] ? ocfs2_inode_lock_tracker+0x45a/0x760 [ 62.246254][ T5827] ? __pfx_ocfs2_inode_lock_tracker+0x10/0x10 [ 62.252305][ T5827] ? ocfs2_rw_lock+0x13e/0x260 [ 62.257048][ T5827] ? __pfx_ocfs2_rw_lock+0x10/0x10 [ 62.262140][ T5827] ? setattr_prepare+0x1f5/0xb20 [ 62.267060][ T5827] ? inode_newsize_ok+0x11a/0x1c0 [ 62.272068][ T5827] ocfs2_setattr+0x1890/0x1ef0 [ 62.276820][ T5827] ? __pfx_ocfs2_setattr+0x10/0x10 [ 62.281915][ T5827] ? __pfx_smack_inode_setattr+0x10/0x10 [ 62.287531][ T5827] ? current_time+0x282/0x3c0 [ 62.292195][ T5827] ? evm_inode_setattr+0x1b2/0x7d0 [ 62.297288][ T5827] ? security_inode_setattr+0xdb/0x350 [ 62.302723][ T5827] ? __pfx_ocfs2_setattr+0x10/0x10 [ 62.307809][ T5827] notify_change+0xbca/0xe90 [ 62.312400][ T5827] do_truncate+0x220/0x310 [ 62.316825][ T5827] ? __pfx_do_truncate+0x10/0x10 [ 62.321751][ T5827] path_openat+0x2e1e/0x3590 [ 62.326336][ T5827] ? __pfx_path_openat+0x10/0x10 [ 62.331261][ T5827] do_filp_open+0x27f/0x4e0 [ 62.335748][ T5827] ? __pfx_do_filp_open+0x10/0x10 [ 62.340751][ T5827] ? do_raw_spin_lock+0x14f/0x370 [ 62.345767][ T5827] do_sys_openat2+0x13e/0x1d0 [ 62.350428][ T5827] ? __pfx_do_sys_openat2+0x10/0x10 [ 62.355606][ T5827] ? lockdep_hardirqs_on+0x99/0x150 [ 62.360790][ T5827] ? _raw_spin_unlock_irq+0x2e/0x50 [ 62.365990][ T5827] ? ptrace_notify+0x279/0x380 [ 62.370736][ T5827] __x64_sys_openat+0x247/0x2a0 [ 62.375564][ T5827] ? __pfx___x64_sys_openat+0x10/0x10 [ 62.380921][ T5827] ? do_syscall_64+0x100/0x230 [ 62.385666][ T5827] do_syscall_64+0xf3/0x230 [ 62.390157][ T5827] ? clear_bhb_loop+0x35/0x90 [ 62.394821][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.400715][ T5827] RIP: 0033:0x7f289984ca79 [ 62.405128][ T5827] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.424720][ T5827] RSP: 002b:00007ffec1cc8388 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 62.433137][ T5827] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f289984ca79 [ 62.441103][ T5827] RDX: 0000000000000242 RSI: 0000000020000080 RDI: 00000000ffffff9c [ 62.449066][ T5827] RBP: 00007f28998c3610 R08: 0000000000000000 R09: 0000000000000000 openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_TRUNC, 000) = 5 exit_group(0) = ? +++ exited with 0 +++ [ 62.457033][ T5827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001