./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1876726449

<...>
[   86.849743][    T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.168' (ED25519) to the list of known hosts.
execve("./syz-executor1876726449", ["./syz-executor1876726449"], 0x7ffc71f10f40 /* 10 vars */) = 0
brk(NULL)                               = 0x555559039000
brk(0x555559039d00)                     = 0x555559039d00
arch_prctl(ARCH_SET_FS, 0x555559039380) = 0
set_tid_address(0x555559039650)         = 5844
set_robust_list(0x555559039660, 24)     = 0
rseq(0x555559039ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1876726449", 4096) = 28
getrandom("\x66\x36\x84\xf3\xeb\xad\x29\x7f", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555559039d00
brk(0x55555905ad00)                     = 0x55555905ad00
brk(0x55555905b000)                     = 0x55555905b000
mprotect(0x7f211680f000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5846 attached
, child_tidptr=0x555559039650) = 5846
[pid  5846] set_robust_list(0x555559039660, 24) = 0
[pid  5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5846] setpgid(0, 0)               = 0
[pid  5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5846] write(3, "1000", 4)         = 4
executing program
[pid  5846] close(3)                    = 0
[pid  5846] write(1, "executing program\n", 18) = 18
[pid  5846] memfd_create("syzkaller", 0) = 3
[pid  5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f210e351000
[pid  5846] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216
[pid  5846] munmap(0x7f210e351000, 138412032) = 0
[pid  5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5846] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5846] close(3)                    = 0
[pid  5846] close(4)                    = 0
[pid  5846] mkdir("./file1", 0777)      = 0
[   89.104490][ T5846] loop0: detected capacity change from 0 to 32768
[   89.127750][ T5846] =======================================================
[   89.127750][ T5846] WARNING: The mand mount option has been deprecated and
[   89.127750][ T5846]          and is ignored by this kernel. Remove the mand
[   89.127750][ T5846]          option from the mount to silence this warning.
[   89.127750][ T5846] =======================================================
[   89.176546][ T5846] JBD2: Ignoring recovery information on journal
[pid  5846] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,dir_resv_level=00000000000000000003,resv_level=00000000000000000006,coherency=ful"...) = 0
[pid  5846] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5846] chdir("./file1")            = 0
[pid  5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5846] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5846] mmap(0x200000000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x200000000000
[pid  5846] ftruncate(4, 49530)         = 0
[   89.225523][ T5846] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   89.315858][ T5846] 
[   89.315870][ T5846] ======================================================
[   89.315876][ T5846] WARNING: possible circular locking dependency detected
[   89.315891][ T5846] 6.16.0-syzkaller-12063-g37816488247d #0 Tainted: G        W          
[   89.315901][ T5846] ------------------------------------------------------
[   89.315907][ T5846] syz-executor187/5846 is trying to acquire lock:
[   89.315913][ T5846] ffff8880388d5c50 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xb0/0x130
[   89.315946][ T5846] 
[   89.315946][ T5846] but task is already holding lock:
[   89.315949][ T5846] ffff88803d7f3ad0 (&oi->ip_alloc_sem){++++}-{4:4}, at: ocfs2_fiemap+0x2b0/0xc90
[   89.315972][ T5846] 
[   89.315972][ T5846] which lock already depends on the new lock.
[   89.315972][ T5846] 
[   89.315975][ T5846] 
[   89.315975][ T5846] the existing dependency chain (in reverse order) is:
[   89.315979][ T5846] 
[   89.315979][ T5846] -> #2 (&oi->ip_alloc_sem){++++}-{4:4}:
[   89.315992][ T5846]        lock_acquire+0x120/0x360
[   89.316004][ T5846]        down_write+0x3a/0x50
[   89.316014][ T5846]        ocfs2_page_mkwrite+0x301/0xc50
[   89.316025][ T5846]        do_page_mkwrite+0x150/0x310
[   89.316033][ T5846]        handle_mm_fault+0x124b/0x3400
[   89.316045][ T5846]        do_user_addr_fault+0x764/0x1390
[   89.316056][ T5846]        exc_page_fault+0x76/0xf0
[   89.316065][ T5846]        asm_exc_page_fault+0x26/0x30
[   89.316073][ T5846] 
[   89.316073][ T5846] -> #1 (sb_pagefaults){.+.+}-{0:0}:
[   89.316085][ T5846]        lock_acquire+0x120/0x360
[   89.316095][ T5846]        ocfs2_page_mkwrite+0x1dc/0xc50
[   89.316106][ T5846]        do_page_mkwrite+0x150/0x310
[   89.316114][ T5846]        handle_mm_fault+0x124b/0x3400
[   89.316125][ T5846]        do_user_addr_fault+0x764/0x1390
[   89.316135][ T5846]        exc_page_fault+0x76/0xf0
[   89.316142][ T5846]        asm_exc_page_fault+0x26/0x30
[   89.316150][ T5846] 
[   89.316150][ T5846] -> #0 (&mm->mmap_lock){++++}-{4:4}:
[   89.316165][ T5846]        validate_chain+0xb9b/0x2140
[   89.316177][ T5846]        __lock_acquire+0xab9/0xd20
[   89.316187][ T5846]        lock_acquire+0x120/0x360
[   89.316197][ T5846]        __might_fault+0xcc/0x130
[   89.316209][ T5846]        _copy_to_user+0x2c/0xb0
[   89.316221][ T5846]        fiemap_fill_next_extent+0x1c0/0x390
[   89.316232][ T5846]        ocfs2_fiemap+0x888/0xc90
[   89.316240][ T5846]        do_vfs_ioctl+0x1188/0x1440
[   89.316249][ T5846]        __se_sys_ioctl+0x82/0x170
[   89.316258][ T5846]        do_syscall_64+0xfa/0x3b0
[   89.316269][ T5846]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.316277][ T5846] 
[   89.316277][ T5846] other info that might help us debug this:
[   89.316277][ T5846] 
[   89.316280][ T5846] Chain exists of:
[   89.316280][ T5846]   &mm->mmap_lock --> sb_pagefaults --> &oi->ip_alloc_sem
[   89.316280][ T5846] 
[   89.316295][ T5846]  Possible unsafe locking scenario:
[   89.316295][ T5846] 
[   89.316303][ T5846]        CPU0                    CPU1
[   89.316308][ T5846]        ----                    ----
[   89.316312][ T5846]   rlock(&oi->ip_alloc_sem);
[   89.316322][ T5846]                                lock(sb_pagefaults);
[   89.316333][ T5846]                                lock(&oi->ip_alloc_sem);
[   89.316344][ T5846]   rlock(&mm->mmap_lock);
[   89.316354][ T5846] 
[   89.316354][ T5846]  *** DEADLOCK ***
[   89.316354][ T5846] 
[   89.316359][ T5846] 1 lock held by syz-executor187/5846:
[   89.316368][ T5846]  #0: ffff88803d7f3ad0 (&oi->ip_alloc_sem){++++}-{4:4}, at: ocfs2_fiemap+0x2b0/0xc90
[   89.316412][ T5846] 
[   89.316412][ T5846] stack backtrace:
[   89.316421][ T5846] CPU: 1 UID: 0 PID: 5846 Comm: syz-executor187 Tainted: G        W           6.16.0-syzkaller-12063-g37816488247d #0 PREEMPT_{RT,(full)} 
[   89.316436][ T5846] Tainted: [W]=WARN
[   89.316439][ T5846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   89.316447][ T5846] Call Trace:
[   89.316451][ T5846]  <TASK>
[   89.316455][ T5846]  dump_stack_lvl+0x189/0x250
[   89.316470][ T5846]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.316483][ T5846]  ? __pfx__printk+0x10/0x10
[   89.316494][ T5846]  ? print_lock_name+0xde/0x100
[   89.316503][ T5846]  print_circular_bug+0x2ee/0x310
[   89.316518][ T5846]  check_noncircular+0x134/0x160
[   89.316533][ T5846]  validate_chain+0xb9b/0x2140
[   89.316546][ T5846]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[   89.316560][ T5846]  ? rt_mutex_slowunlock+0x493/0x8a0
[   89.316575][ T5846]  __lock_acquire+0xab9/0xd20
[   89.316587][ T5846]  ? __might_fault+0xb0/0x130
[   89.316600][ T5846]  lock_acquire+0x120/0x360
[   89.316611][ T5846]  ? __might_fault+0xb0/0x130
[   89.316624][ T5846]  ? __lock_acquire+0xab9/0xd20
[   89.316636][ T5846]  ? __might_fault+0xb0/0x130
[   89.316648][ T5846]  __might_fault+0xcc/0x130
[   89.316660][ T5846]  ? __might_fault+0xb0/0x130
[   89.316673][ T5846]  _copy_to_user+0x2c/0xb0
[   89.316686][ T5846]  fiemap_fill_next_extent+0x1c0/0x390
[   89.316698][ T5846]  ? __pfx_fiemap_fill_next_extent+0x10/0x10
[   89.316710][ T5846]  ? fiemap_prep+0x1c7/0x250
[   89.316720][ T5846]  ocfs2_fiemap+0x888/0xc90
[   89.316732][ T5846]  ? __pfx_ocfs2_fiemap+0x10/0x10
[   89.316741][ T5846]  ? __might_fault+0xb0/0x130
[   89.316758][ T5846]  do_vfs_ioctl+0x1188/0x1440
[   89.316769][ T5846]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   89.316779][ T5846]  ? __pfx_smack_log+0x10/0x10
[   89.316791][ T5846]  ? smk_access+0x14c/0x4e0
[   89.316803][ T5846]  ? smk_tskacc+0x2fc/0x370
[   89.316815][ T5846]  ? smack_file_ioctl+0x2ac/0x340
[   89.316829][ T5846]  ? __pfx_smack_file_ioctl+0x10/0x10
[   89.316845][ T5846]  ? bpf_lsm_file_ioctl+0x9/0x20
[   89.316857][ T5846]  __se_sys_ioctl+0x82/0x170
[   89.316867][ T5846]  do_syscall_64+0xfa/0x3b0
[   89.316877][ T5846]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.316887][ T5846]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.316896][ T5846]  ? clear_bhb_loop+0x60/0xb0
[   89.316906][ T5846]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.316916][ T5846] RIP: 0033:0x7f2116797bd9
[   89.316929][ T5846] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   89.316937][ T5846] RSP: 002b:00007ffc08175d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   89.316947][ T5846] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2116797bd9
[   89.316954][ T5846] RDX: 0000200000000380 RSI: 00000000c020660b RDI: 0000000000000004
[   89.316961][ T5846] RBP: 00007f211680f5f0 R08: 0000000000000000 R09: 0000000000000000
[   89.316967][ T5846] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc08175d40
[   89.316973][ T5846] R13: 00007ffc08175f68 R14: 431bde82d7b634db R15: 00007f21167e003b
[   89.316983][ T5846]  </TASK>
[pid  5846] ioctl(4, FS_IOC_FIEMAP, 0x200000000380 <unfinished ...>
[pid  5844] kill(-5846, SIGKILL)        = 0
[pid  5844] kill(5846, SIGKILL)         = 0
[pid  5844] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5844] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid  5844] getdents64(3, 0x55555903a6f0 /* 2 entries */, 32768) = 48
[pid  5844] getdents64(3, 0x55555903a6f0 /* 0 entries */, 32768) = 0
[pid  5844] close(3)                    = 0