./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3756533699 <...> Warning: Permanently added '10.128.1.118' (ED25519) to the list of known hosts. execve("./syz-executor3756533699", ["./syz-executor3756533699"], 0x7fff96287d50 /* 10 vars */) = 0 brk(NULL) = 0x55555c561000 brk(0x55555c561d00) = 0x55555c561d00 arch_prctl(ARCH_SET_FS, 0x55555c561380) = 0 set_tid_address(0x55555c561650) = 5831 set_robust_list(0x55555c561660, 24) = 0 rseq(0x55555c561ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3756533699", 4096) = 28 getrandom("\xd5\x13\x42\xa9\x77\x6b\xea\x4f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555c561d00 brk(0x55555c582d00) = 0x55555c582d00 brk(0x55555c583000) = 0x55555c583000 mprotect(0x7fa43edd8000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa436800000 write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 munmap(0x7fa436800000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 [ 88.850709][ T5831] loop0: detected capacity change from 0 to 32768 [ 88.895202][ T5831] ======================================================= [ 88.895202][ T5831] WARNING: The mand mount option has been deprecated and [ 88.895202][ T5831] and is ignored by this kernel. Remove the mand [ 88.895202][ T5831] option from the mount to silence this warning. [ 88.895202][ T5831] ======================================================= mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "coherency=buffered,heartbeat=none,coherency=full,errors=continue,journal_async_commit,localflocks,in"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0777) = 4 [ 88.973399][ T5831] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 89.033636][ T30] audit: type=1800 audit(1744707365.460:2): pid=5831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor375" name="file1" dev="loop0" ino=17058 res=0 errno=0 [ 89.045580][ T5831] [ 89.056961][ T5831] ====================================================== [ 89.064007][ T5831] WARNING: possible circular locking dependency detected [ 89.071033][ T5831] 6.15.0-rc1-next-20250411-syzkaller #0 Not tainted [ 89.077616][ T5831] ------------------------------------------------------ [ 89.084624][ T5831] syz-executor375/5831 is trying to acquire lock: [ 89.091025][ T5831] ffff88807bb8ed80 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x19a/0x50e0 [ 89.104303][ T5831] [ 89.104303][ T5831] but task is already holding lock: [ 89.111664][ T5831] ffff88807bb4bff8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x635/0x1940 [ 89.121189][ T5831] [ 89.121189][ T5831] which lock already depends on the new lock. [ 89.121189][ T5831] [ 89.131587][ T5831] [ 89.131587][ T5831] the existing dependency chain (in reverse order) is: [ 89.140608][ T5831] [ 89.140608][ T5831] -> #5 (&oi->ip_xattr_sem){++++}-{4:4}: [ 89.148433][ T5831] lock_acquire+0x116/0x2f0 [ 89.153467][ T5831] down_read+0xb3/0xa50 [ 89.158172][ T5831] ocfs2_init_acl+0x39d/0x960 [ 89.163398][ T5831] ocfs2_mknod+0x1c09/0x2b30 [ 89.168515][ T5831] ocfs2_create+0x1ad/0x480 [ 89.173551][ T5831] path_openat+0x194b/0x35d0 [ 89.178664][ T5831] do_filp_open+0x284/0x4e0 [ 89.183780][ T5831] do_sys_openat2+0x12b/0x1d0 [ 89.189000][ T5831] __x64_sys_openat+0x249/0x2a0 [ 89.194375][ T5831] do_syscall_64+0xf3/0x230 [ 89.199419][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.205832][ T5831] [ 89.205832][ T5831] -> #4 (jbd2_handle){.+.+}-{0:0}: [ 89.213136][ T5831] lock_acquire+0x116/0x2f0 [ 89.218166][ T5831] start_this_handle+0x1ee4/0x21a0 [ 89.223799][ T5831] jbd2__journal_start+0x2da/0x5d0 [ 89.229453][ T5831] jbd2_journal_start+0x29/0x40 [ 89.234826][ T5831] ocfs2_start_trans+0x3cd/0x710 [ 89.240291][ T5831] ocfs2_mknod+0x1510/0x2b30 [ 89.245401][ T5831] ocfs2_create+0x1ad/0x480 [ 89.250427][ T5831] path_openat+0x194b/0x35d0 [ 89.255540][ T5831] do_filp_open+0x284/0x4e0 [ 89.260565][ T5831] do_sys_openat2+0x12b/0x1d0 [ 89.265766][ T5831] __x64_sys_openat+0x249/0x2a0 [ 89.271163][ T5831] do_syscall_64+0xf3/0x230 [ 89.276206][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.282619][ T5831] [ 89.282619][ T5831] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 89.291153][ T5831] lock_acquire+0x116/0x2f0 [ 89.296190][ T5831] down_read+0xb3/0xa50 [ 89.300873][ T5831] ocfs2_start_trans+0x3c2/0x710 [ 89.306352][ T5831] ocfs2_mknod+0x1510/0x2b30 [ 89.311459][ T5831] ocfs2_create+0x1ad/0x480 [ 89.316496][ T5831] path_openat+0x194b/0x35d0 [ 89.321617][ T5831] do_filp_open+0x284/0x4e0 [ 89.326642][ T5831] do_sys_openat2+0x12b/0x1d0 [ 89.331846][ T5831] __x64_sys_openat+0x249/0x2a0 [ 89.337239][ T5831] do_syscall_64+0xf3/0x230 [ 89.342289][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.348719][ T5831] [ 89.348719][ T5831] -> #2 (sb_internal#2){.+.+}-{0:0}: [ 89.356201][ T5831] lock_acquire+0x116/0x2f0 [ 89.361233][ T5831] ocfs2_start_trans+0x2bd/0x710 [ 89.366688][ T5831] ocfs2_mknod+0x1510/0x2b30 [ 89.372254][ T5831] ocfs2_create+0x1ad/0x480 [ 89.377283][ T5831] path_openat+0x194b/0x35d0 [ 89.382404][ T5831] do_filp_open+0x284/0x4e0 [ 89.387428][ T5831] do_sys_openat2+0x12b/0x1d0 [ 89.392635][ T5831] __x64_sys_openat+0x249/0x2a0 [ 89.398019][ T5831] do_syscall_64+0xf3/0x230 [ 89.403049][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.409463][ T5831] [ 89.409463][ T5831] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#4){+.+.}-{4:4}: [ 89.419992][ T5831] lock_acquire+0x116/0x2f0 [ 89.425027][ T5831] down_write+0x9c/0x220 [ 89.429797][ T5831] ocfs2_reserve_local_alloc_bits+0x12b/0x2800 [ 89.436482][ T5831] ocfs2_reserve_clusters_with_limit+0x1ba/0xb60 [ 89.443333][ T5831] ocfs2_mknod+0x148a/0x2b30 [ 89.448442][ T5831] ocfs2_create+0x1ad/0x480 [ 89.453465][ T5831] path_openat+0x194b/0x35d0 [ 89.458579][ T5831] do_filp_open+0x284/0x4e0 [ 89.463601][ T5831] do_sys_openat2+0x12b/0x1d0 [ 89.468802][ T5831] __x64_sys_openat+0x249/0x2a0 [ 89.474185][ T5831] do_syscall_64+0xf3/0x230 [ 89.479414][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.485827][ T5831] [ 89.485827][ T5831] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{4:4}: [ 89.496350][ T5831] validate_chain+0xa69/0x24e0 [ 89.501643][ T5831] __lock_acquire+0xad5/0xd80 [ 89.506843][ T5831] lock_acquire+0x116/0x2f0 [ 89.511873][ T5831] down_write+0x9c/0x220 [ 89.516638][ T5831] ocfs2_reserve_suballoc_bits+0x19a/0x50e0 [ 89.523055][ T5831] ocfs2_reserve_new_metadata_blocks+0x41c/0x9b0 [ 89.529904][ T5831] ocfs2_init_xattr_set_ctxt+0x3bb/0x900 [ 89.536064][ T5831] ocfs2_xattr_set+0xf52/0x1940 [ 89.541441][ T5831] __vfs_setxattr+0x468/0x4a0 [ 89.546644][ T5831] __vfs_setxattr_noperm+0x12e/0x660 [ 89.552457][ T5831] vfs_setxattr+0x223/0x430 [ 89.557490][ T5831] filename_setxattr+0x2dd/0x480 [ 89.562957][ T5831] path_setxattrat+0x3f7/0x4c0 [ 89.568325][ T5831] __x64_sys_lsetxattr+0xbf/0xe0 [ 89.573795][ T5831] do_syscall_64+0xf3/0x230 [ 89.578820][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.585236][ T5831] [ 89.585236][ T5831] other info that might help us debug this: [ 89.585236][ T5831] [ 89.595457][ T5831] Chain exists of: [ 89.595457][ T5831] &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3 --> jbd2_handle --> &oi->ip_xattr_sem [ 89.595457][ T5831] [ 89.611239][ T5831] Possible unsafe locking scenario: [ 89.611239][ T5831] [ 89.618690][ T5831] CPU0 CPU1 [ 89.624050][ T5831] ---- ---- [ 89.629417][ T5831] lock(&oi->ip_xattr_sem); [ 89.634016][ T5831] lock(jbd2_handle); [ 89.640608][ T5831] lock(&oi->ip_xattr_sem); [ 89.647724][ T5831] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3); [ 89.655018][ T5831] [ 89.655018][ T5831] *** DEADLOCK *** [ 89.655018][ T5831] [ 89.663180][ T5831] 3 locks held by syz-executor375/5831: [ 89.668728][ T5831] #0: ffff88805b82c428 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 89.677904][ T5831] #1: ffff88807bb4c2c0 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: vfs_setxattr+0x1e3/0x430 [ 89.688386][ T5831] #2: ffff88807bb4bff8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x635/0x1940 [ 89.698328][ T5831] [ 89.698328][ T5831] stack backtrace: [ 89.704236][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: syz-executor375 Not tainted 6.15.0-rc1-next-20250411-syzkaller #0 PREEMPT(full) [ 89.704256][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 89.704269][ T5831] Call Trace: [ 89.704281][ T5831] [ 89.704289][ T5831] dump_stack_lvl+0x241/0x360 [ 89.704320][ T5831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.704342][ T5831] ? __pfx__printk+0x10/0x10 [ 89.704364][ T5831] ? print_lock+0x171/0x1a0 [ 89.704381][ T5831] print_circular_bug+0x2e1/0x300 [ 89.704401][ T5831] check_noncircular+0x142/0x160 [ 89.704421][ T5831] validate_chain+0xa69/0x24e0 [ 89.704441][ T5831] ? do_raw_spin_lock+0x151/0x370 [ 89.704466][ T5831] __lock_acquire+0xad5/0xd80 [ 89.704482][ T5831] lock_acquire+0x116/0x2f0 [ 89.704504][ T5831] ? ocfs2_reserve_suballoc_bits+0x19a/0x50e0 [ 89.704523][ T5831] ? validate_chain+0x8a7/0x24e0 [ 89.704540][ T5831] down_write+0x9c/0x220 [ 89.704560][ T5831] ? ocfs2_reserve_suballoc_bits+0x19a/0x50e0 [ 89.704576][ T5831] ? __pfx_down_write+0x10/0x10 [ 89.704598][ T5831] ocfs2_reserve_suballoc_bits+0x19a/0x50e0 [ 89.704617][ T5831] ? __lock_acquire+0xad5/0xd80 [ 89.704631][ T5831] ? do_raw_spin_lock+0x151/0x370 [ 89.704655][ T5831] ? lockdep_hardirqs_on+0x9d/0x150 [ 89.704672][ T5831] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 89.704686][ T5831] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 89.704702][ T5831] ? __pfx_ocfs2_reserve_suballoc_bits+0x10/0x10 [ 89.704720][ T5831] ? stack_depot_save_flags+0x43f/0x940 [ 89.704746][ T5831] ? kasan_save_track+0x51/0x80 [ 89.704761][ T5831] ? kasan_save_track+0x3f/0x80 [ 89.704776][ T5831] ? __kasan_kmalloc+0x9d/0xb0 [ 89.704792][ T5831] ? __kmalloc_cache_noprof+0x236/0x370 [ 89.704812][ T5831] ? ocfs2_reserve_new_metadata_blocks+0x11a/0x9b0 [ 89.704827][ T5831] ? ocfs2_init_xattr_set_ctxt+0x3bb/0x900 [ 89.704846][ T5831] ? ocfs2_xattr_set+0xf52/0x1940 [ 89.704864][ T5831] ? __vfs_setxattr+0x468/0x4a0 [ 89.704885][ T5831] ? __vfs_setxattr_noperm+0x12e/0x660 [ 89.704905][ T5831] ? vfs_setxattr+0x223/0x430 [ 89.704925][ T5831] ? filename_setxattr+0x2dd/0x480 [ 89.704946][ T5831] ? path_setxattrat+0x3f7/0x4c0 [ 89.704961][ T5831] ? __x64_sys_lsetxattr+0xbf/0xe0 [ 89.704983][ T5831] ? do_syscall_64+0xf3/0x230 [ 89.705000][ T5831] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.705030][ T5831] ? __kasan_kmalloc+0x9d/0xb0 [ 89.705047][ T5831] ? __kmalloc_cache_noprof+0x236/0x370 [ 89.705067][ T5831] ? ocfs2_reserve_new_metadata_blocks+0x11a/0x9b0 [ 89.705084][ T5831] ocfs2_reserve_new_metadata_blocks+0x41c/0x9b0 [ 89.705103][ T5831] ? __pfx_ocfs2_reserve_new_metadata_blocks+0x10/0x10 [ 89.705120][ T5831] ? __pfx_ocfs2_calc_xattr_set_need+0x10/0x10 [ 89.705145][ T5831] ? __lock_acquire+0xad5/0xd80 [ 89.705160][ T5831] ocfs2_init_xattr_set_ctxt+0x3bb/0x900 [ 89.705182][ T5831] ? __pfx_ocfs2_init_xattr_set_ctxt+0x10/0x10 [ 89.705202][ T5831] ? up_write+0x1ab/0x590 [ 89.705220][ T5831] ? __pfx_ocfs2_truncate_log_needs_flush+0x10/0x10 [ 89.705239][ T5831] ? __pfx_up_write+0x10/0x10 [ 89.705257][ T5831] ? __kmalloc_cache_noprof+0x236/0x370 [ 89.705281][ T5831] ? ocfs2_xattr_set+0x4d7/0x1940 [ 89.705301][ T5831] ocfs2_xattr_set+0xf52/0x1940 [ 89.705326][ T5831] ? __pfx_ocfs2_xattr_set+0x10/0x10 [ 89.705349][ T5831] ? __pfx_stack_trace_save+0x10/0x10 [ 89.705386][ T5831] ? evm_protected_xattr_common+0x181/0x1a0 [ 89.705407][ T5831] ? evm_protect_xattr+0x787/0xb50 [ 89.705428][ T5831] ? __pfx_ocfs2_xattr_security_set+0x10/0x10 [ 89.705449][ T5831] __vfs_setxattr+0x468/0x4a0 [ 89.705474][ T5831] __vfs_setxattr_noperm+0x12e/0x660 [ 89.705499][ T5831] vfs_setxattr+0x223/0x430 [ 89.705523][ T5831] ? __pfx_vfs_setxattr+0x10/0x10 [ 89.705549][ T5831] filename_setxattr+0x2dd/0x480 [ 89.705574][ T5831] ? __pfx_filename_setxattr+0x10/0x10 [ 89.705598][ T5831] ? getname_flags+0x1e2/0x530 [ 89.705621][ T5831] path_setxattrat+0x3f7/0x4c0 [ 89.705639][ T5831] ? __pfx_path_setxattrat+0x10/0x10 [ 89.705673][ T5831] __x64_sys_lsetxattr+0xbf/0xe0 [ 89.705697][ T5831] do_syscall_64+0xf3/0x230 [ 89.705714][ T5831] ? clear_bhb_loop+0x45/0xa0 [ 89.705730][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.705749][ T5831] RIP: 0033:0x7fa43ed619f9 [ 89.705767][ T5831] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 89.705780][ T5831] RSP: 002b:00007ffee105be98 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd lsetxattr("./file1", "security.capability", NULL, 0, 0) = 0 exit_group(0) = ? +++ exited with 0 +++