./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2460732495 <...> Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. execve("./syz-executor2460732495", ["./syz-executor2460732495"], 0x7ffce4fe1e90 /* 10 vars */) = 0 brk(NULL) = 0x5555562be000 brk(0x5555562bec40) = 0x5555562bec40 arch_prctl(ARCH_SET_FS, 0x5555562be300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2460732495", 4096) = 28 brk(0x5555562dfc40) = 0x5555562dfc40 brk(0x5555562e0000) = 0x5555562e0000 mprotect(0x7ff813fea000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 ftruncate(3, 262144) = 0 pwrite64(3, "\x20\x00\x00\x00\x80\x00\x00\x00\x06\x00\x00\x00\x6a\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x40\x00\x00\x00\x40\x00\x00\x20\x00\x00\x00\xd9\xf4\x65\x5f\xd9\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xd9\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x01\x00\x00\x28\x02\x00\x00\x02\x84", 98, 1024) = 98 pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x6a\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\xbc\x0f", 32, 2048) = 32 pwrite64(3, "\xff\xff\x3f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 2048, 4096) = 2048 pwrite64(3, "\xed\x41\x00\x00\x00\x08\x00\x00\xd9\xf4\x65\x5f\xd9\xf4\x65\x5f\xd9\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x04\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x08", 41, 8448) = 41 pwrite64(3, "\xed\x41\x00\x00\x3c\x00\x00\x00\xd9\xf4\x65\x5f\xd9\xf4\x65\x5f\xd9\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x10\x03\x00\x00\x00\x02\x00\x00\x00\x0d\x00\x00\x00\x10\x00\x05\x01\x66\x69\x6c\x65\x30\x00\x00\x00\x0e\x00\x00\x00\x28\x00\x05\x07\x66\x69\x6c\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 184, 11008) = 184 pwrite64(3, "\x02\x00\x00\x00\x0c\x00\x01\x02\x2e\x00\x00\x00\x02\x00\x00\x00\x0c\x00\x02\x02\x2e\x2e\x00\x00\x0b\x00\x00\x00\x14\x00\x0a\x02\x6c\x6f\x73\x74\x2b\x66\x6f\x75\x6e\x64\x00\x00\x0c\x00\x00\x00\x10\x00\x05\x02\x66\x69\x6c\x65\x30", 57, 16384) = 57 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 close(3) = 0 setxattr("./file0/file0", "trusted.overlay.upper", "\x00\xfb\x25\x00\x00\x75\xd8\xe6\x27\x56\x59\x5e\xbe\xa5\x7f\x2d\x02\xda\xa2\x11\x7f\x0e\x54\xdd\x0f\x94\x3a\xf2\x74\xd4\x6d\x3e\xac\x4b\xed\x8c\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4097, 0) = 0 syzkaller login: [ 50.832552][ T3601] loop0: detected capacity change from 0 to 512 [ 50.849061][ T3601] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 50.877170][ T3601] [ 50.879531][ T3601] ====================================================== [ 50.886543][ T3601] WARNING: possible circular locking dependency detected [ 50.893554][ T3601] 5.19.0-rc4-next-20220628-syzkaller #0 Not tainted [ 50.900119][ T3601] ------------------------------------------------------ [ 50.907118][ T3601] syz-executor246/3601 is trying to acquire lock: [ 50.913509][ T3601] ffff888075af28e8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_get+0x14e/0xa10 [ 50.922595][ T3601] [ 50.922595][ T3601] but task is already holding lock: [ 50.929939][ T3601] ffff888075af2c20 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: chown_common+0x364/0x710 [ 50.939501][ T3601] [ 50.939501][ T3601] which lock already depends on the new lock. [ 50.939501][ T3601] [ 50.949898][ T3601] [ 50.949898][ T3601] the existing dependency chain (in reverse order) is: [ 50.958907][ T3601] [ 50.958907][ T3601] -> #1 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}: [ 50.967150][ T3601] down_write+0x90/0x150 [ 50.971916][ T3601] ext4_xattr_set_entry+0x2ab3/0x3850 [ 50.977810][ T3601] ext4_xattr_ibody_set+0x78/0x2b0 [ 50.983447][ T3601] ext4_xattr_set_handle+0x964/0x1500 [ 50.989368][ T3601] ext4_xattr_set+0x13a/0x340 [ 50.994573][ T3601] __vfs_setxattr+0x115/0x180 [ 50.999763][ T3601] __vfs_setxattr_noperm+0x125/0x5f0 [ 51.005559][ T3601] __vfs_setxattr_locked+0x1cf/0x260 [ 51.011376][ T3601] vfs_setxattr+0x13f/0x330 [ 51.016409][ T3601] setxattr+0x146/0x160 [ 51.021104][ T3601] path_setxattr+0x197/0x1c0 [ 51.026225][ T3601] __x64_sys_setxattr+0xc0/0x160 [ 51.031690][ T3601] do_syscall_64+0x35/0xb0 [ 51.036626][ T3601] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.043052][ T3601] [ 51.043052][ T3601] -> #0 (&ei->xattr_sem){++++}-{3:3}: [ 51.050648][ T3601] __lock_acquire+0x2abe/0x5660 [ 51.056010][ T3601] lock_acquire+0x1ab/0x570 [ 51.061033][ T3601] down_read+0x98/0x440 [ 51.065711][ T3601] ext4_xattr_get+0x14e/0xa10 [ 51.070901][ T3601] __vfs_getxattr+0xd9/0x140 [ 51.076088][ T3601] cap_inode_need_killpriv+0x3c/0x60 [ 51.081881][ T3601] security_inode_need_killpriv+0x40/0x90 [ 51.088110][ T3601] notify_change+0x6e7/0x1440 [ 51.093311][ T3601] chown_common+0x61b/0x710 [ 51.098327][ T3601] do_fchownat+0x126/0x1e0 [ 51.103265][ T3601] __x64_sys_fchownat+0xba/0x150 [ 51.108727][ T3601] do_syscall_64+0x35/0xb0 [ 51.113649][ T3601] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.120062][ T3601] [ 51.120062][ T3601] other info that might help us debug this: [ 51.120062][ T3601] [ 51.130455][ T3601] Possible unsafe locking scenario: [ 51.130455][ T3601] [ 51.137905][ T3601] CPU0 CPU1 [ 51.143252][ T3601] ---- ---- [ 51.148619][ T3601] lock(&ea_inode->i_rwsem#9/1); [ 51.153655][ T3601] lock(&ei->xattr_sem); [ 51.160525][ T3601] lock(&ea_inode->i_rwsem#9/1); [ 51.168083][ T3601] lock(&ei->xattr_sem); [ 51.172399][ T3601] [ 51.172399][ T3601] *** DEADLOCK *** [ 51.172399][ T3601] [ 51.180521][ T3601] 2 locks held by syz-executor246/3601: [ 51.186079][ T3601] #0: ffff88801d65e460 (sb_writers#4){.+.+}-{0:0}, at: do_fchownat+0x101/0x1e0 [ 51.195129][ T3601] #1: ffff888075af2c20 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: chown_common+0x364/0x710 [ 51.205138][ T3601] [ 51.205138][ T3601] stack backtrace: [ 51.211019][ T3601] CPU: 0 PID: 3601 Comm: syz-executor246 Not tainted 5.19.0-rc4-next-20220628-syzkaller #0 [ 51.221002][ T3601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.231040][ T3601] Call Trace: [ 51.234303][ T3601] [ 51.237218][ T3601] dump_stack_lvl+0xcd/0x134 [ 51.241815][ T3601] check_noncircular+0x25f/0x2e0 [ 51.246739][ T3601] ? register_lock_class+0xbe/0x1130 [ 51.252010][ T3601] ? print_circular_bug+0x1e0/0x1e0 [ 51.257191][ T3601] ? is_bpf_text_address+0x99/0x170 [ 51.262391][ T3601] ? kernel_text_address+0x39/0x80 [ 51.267496][ T3601] ? __kernel_text_address+0x9/0x30 [ 51.272683][ T3601] ? unwind_get_return_address+0x51/0x90 [ 51.278306][ T3601] ? create_prof_cpu_mask+0x20/0x20 [ 51.283502][ T3601] __lock_acquire+0x2abe/0x5660 [ 51.288345][ T3601] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.294316][ T3601] ? _find_first_zero_bit+0x94/0xb0 [ 51.299515][ T3601] lock_acquire+0x1ab/0x570 [ 51.304010][ T3601] ? ext4_xattr_get+0x14e/0xa10 [ 51.308855][ T3601] ? lock_release+0x780/0x780 [ 51.313521][ T3601] down_read+0x98/0x440 [ 51.317669][ T3601] ? ext4_xattr_get+0x14e/0xa10 [ 51.322508][ T3601] ? rwsem_down_read_slowpath+0xb00/0xb00 [ 51.328237][ T3601] ? find_held_lock+0x2d/0x110 [ 51.333174][ T3601] ext4_xattr_get+0x14e/0xa10 [ 51.337843][ T3601] ? ext4_xattr_ibody_get+0x4a0/0x4a0 [ 51.343204][ T3601] ? ktime_get_coarse_real_ts64+0x1b7/0x200 [ 51.349094][ T3601] ? xattr_resolve_name+0x26e/0x3d0 [ 51.354301][ T3601] ? ext4_xattr_security_set+0x50/0x50 [ 51.359760][ T3601] __vfs_getxattr+0xd9/0x140 [ 51.364343][ T3601] ? __vfs_setxattr+0x180/0x180 [ 51.369186][ T3601] ? file_remove_privs+0x20/0x20 [ 51.374115][ T3601] cap_inode_need_killpriv+0x3c/0x60 [ 51.379393][ T3601] security_inode_need_killpriv+0x40/0x90 [ 51.385115][ T3601] notify_change+0x6e7/0x1440 [ 51.389786][ T3601] ? chown_common+0x61b/0x710 [ 51.394453][ T3601] chown_common+0x61b/0x710 [ 51.398945][ T3601] ? __ia32_sys_chmod+0x80/0x80 [ 51.403783][ T3601] ? lock_release+0x780/0x780 [ 51.408460][ T3601] ? __mnt_want_write+0x1fa/0x2e0 [ 51.413473][ T3601] do_fchownat+0x126/0x1e0 [ 51.417877][ T3601] ? chown_common+0x710/0x710 [ 51.422558][ T3601] ? lockdep_hardirqs_on+0x79/0x100 [ 51.427765][ T3601] __x64_sys_fchownat+0xba/0x150 [ 51.432707][ T3601] do_syscall_64+0x35/0xb0 [ 51.437212][ T3601] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 51.443112][ T3601] RIP: 0033:0x7ff813f7d0e9 [ 51.447516][ T3601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.467290][ T3601] RSP: 002b:00007ffc815d6a78 EFLAGS: 00000246 ORIG_RAX: 0000000000000104 fchownat(5, "./file0/file0", 0, 60929, AT_EMPTY_PATH) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 51.475704][ T3601] RAX: ffffffffffffffda RBX: