./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor740681994

<...>
[   92.006928][   T43] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.93' (ED25519) to the list of known hosts.
execve("./syz-executor740681994", ["./syz-executor740681994"], 0x7ffd331557b0 /* 10 vars */) = 0
brk(NULL)                               = 0x555575905000
brk(0x555575905e00)                     = 0x555575905e00
arch_prctl(ARCH_SET_FS, 0x555575905480) = 0
set_tid_address(0x555575905750)         = 5826
set_robust_list(0x555575905760, 24)     = 0
rseq(0x555575905da0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor740681994", 4096) = 27
getrandom("\x3b\xe8\x76\xe7\x87\xd3\x7d\x8b", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555575905e00
brk(0x555575926e00)                     = 0x555575926e00
brk(0x555575927000)                     = 0x555575927000
mprotect(0x7f5b933ba000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f5b9330f0c0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5b93317120}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f5b9330f0c0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5b93317120}, NULL, 8) = 0
executing program
write(1, "executing program\n", 18)     = 18
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5b8ae00000
write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216
munmap(0x7f5b8ae00000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
close(4)                                = 0
mkdir("./file1", 0777)                  = 0
[   93.543800][ T5826] loop0: detected capacity change from 0 to 32768
[   93.568898][ T5826] =======================================================
[   93.568898][ T5826] WARNING: The mand mount option has been deprecated and
[   93.568898][ T5826]          and is ignored by this kernel. Remove the mand
[   93.568898][ T5826]          option from the mount to silence this warning.
[   93.568898][ T5826] =======================================================
mount("/dev/loop0", "./file1", "ocfs2", MS_SYNCHRONOUS|MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_STRICTATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,preferred_slot=00000000000000000001,localflocks,"...) = 0
openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
chdir("./file1")                        = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = -1 EBUSY (Device or resource busy)
mkdir("./file0", 000)                   = 0
mkdir("./file4", 0777)                  = 0
[   93.643006][ T5826] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[   93.709599][ T5826] overlayfs: upper fs does not support tmpfile.
[   93.718755][ T5826] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   93.726236][ T5826] 
[   93.728578][ T5826] ======================================================
[   93.735592][ T5826] WARNING: possible circular locking dependency detected
[   93.742618][ T5826] 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 Not tainted
[   93.749719][ T5826] ------------------------------------------------------
[   93.756734][ T5826] syz-executor740/5826 is trying to acquire lock:
[   93.763139][ T5826] ffff88807daaa640 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[   93.776661][ T5826] 
[   93.776661][ T5826] but task is already holding lock:
[   93.784021][ T5826] ffff88807da72378 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0
[   93.793514][ T5826] 
[   93.793514][ T5826] which lock already depends on the new lock.
[   93.793514][ T5826] 
[   93.803918][ T5826] 
[   93.803918][ T5826] the existing dependency chain (in reverse order) is:
[   93.812932][ T5826] 
[   93.812932][ T5826] -> #4 (&oi->ip_xattr_sem){+.+.}-{4:4}:
[   93.820849][ T5826]        lock_acquire+0x120/0x360
[   93.825887][ T5826]        down_write+0x96/0x1f0
[   93.830672][ T5826]        ocfs2_xattr_set_handle+0x3b0/0x7a0
[   93.836588][ T5826]        ocfs2_init_security_set+0xbd/0xe0
[   93.842401][ T5826]        ocfs2_mknod+0x137f/0x2050
[   93.847528][ T5826]        ocfs2_mkdir+0x191/0x440
[   93.852485][ T5826]        vfs_mkdir+0x306/0x510
[   93.857266][ T5826]        do_mkdirat+0x247/0x590
[   93.862134][ T5826]        __x64_sys_mkdir+0x6c/0x80
[   93.867287][ T5826]        do_syscall_64+0xfa/0x3b0
[   93.872332][ T5826]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.878759][ T5826] 
[   93.878759][ T5826] -> #3 (jbd2_handle){.+.+}-{0:0}:
[   93.886083][ T5826]        lock_acquire+0x120/0x360
[   93.891131][ T5826]        start_this_handle+0x1fa7/0x21c0
[   93.896783][ T5826]        jbd2__journal_start+0x2c1/0x5b0
[   93.902448][ T5826]        jbd2_journal_start+0x2a/0x40
[   93.907850][ T5826]        ocfs2_start_trans+0x376/0x6d0
[   93.913330][ T5826]        ocfs2_reserve_suballoc_bits+0x711/0x4640
[   93.919787][ T5826]        ocfs2_reserve_new_metadata_blocks+0x403/0x940
[   93.926656][ T5826]        ocfs2_mknod+0xe08/0x2050
[   93.931697][ T5826]        ocfs2_mkdir+0x191/0x440
[   93.936662][ T5826]        vfs_mkdir+0x306/0x510
[   93.941440][ T5826]        do_mkdirat+0x247/0x590
[   93.946306][ T5826]        __x64_sys_mkdir+0x6c/0x80
[   93.951428][ T5826]        do_syscall_64+0xfa/0x3b0
[   93.956506][ T5826]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.962936][ T5826] 
[   93.962936][ T5826] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}:
[   93.971471][ T5826]        lock_acquire+0x120/0x360
[   93.976541][ T5826]        down_read+0x46/0x2e0
[   93.981227][ T5826]        ocfs2_start_trans+0x36a/0x6d0
[   93.986705][ T5826]        ocfs2_reserve_suballoc_bits+0x711/0x4640
[   93.993140][ T5826]        ocfs2_reserve_new_metadata_blocks+0x403/0x940
[   94.000019][ T5826]        ocfs2_mknod+0xe08/0x2050
[   94.005071][ T5826]        ocfs2_mkdir+0x191/0x440
[   94.010023][ T5826]        vfs_mkdir+0x306/0x510
[   94.014813][ T5826]        do_mkdirat+0x247/0x590
[   94.019676][ T5826]        __x64_sys_mkdir+0x6c/0x80
[   94.024819][ T5826]        do_syscall_64+0xfa/0x3b0
[   94.029860][ T5826]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.036285][ T5826] 
[   94.036285][ T5826] -> #1 (sb_internal#2){.+.+}-{0:0}:
[   94.043784][ T5826]        lock_acquire+0x120/0x360
[   94.048844][ T5826]        ocfs2_start_trans+0x26b/0x6d0
[   94.054332][ T5826]        ocfs2_mknod+0xe93/0x2050
[   94.059371][ T5826]        ocfs2_mkdir+0x191/0x440
[   94.064323][ T5826]        vfs_mkdir+0x306/0x510
[   94.069099][ T5826]        do_mkdirat+0x247/0x590
[   94.073964][ T5826]        __x64_sys_mkdir+0x6c/0x80
[   94.079096][ T5826]        do_syscall_64+0xfa/0x3b0
[   94.084137][ T5826]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.090567][ T5826] 
[   94.090567][ T5826] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{4:4}:
[   94.101104][ T5826]        validate_chain+0xb9b/0x2140
[   94.106409][ T5826]        __lock_acquire+0xab9/0xd20
[   94.111624][ T5826]        lock_acquire+0x120/0x360
[   94.116666][ T5826]        down_write+0x96/0x1f0
[   94.121438][ T5826]        ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[   94.128133][ T5826]        ocfs2_reserve_clusters_with_limit+0x1be/0xba0
[   94.135007][ T5826]        ocfs2_init_xattr_set_ctxt+0x376/0x700
[   94.141172][ T5826]        ocfs2_xattr_set+0xb70/0x11f0
[   94.146561][ T5826]        __vfs_setxattr+0x43c/0x480
[   94.151787][ T5826]        __vfs_setxattr_noperm+0x12d/0x660
[   94.157618][ T5826]        vfs_setxattr+0x16b/0x2f0
[   94.162657][ T5826]        ovl_get_workdir+0xbb7/0x1730
[   94.168049][ T5826]        ovl_fill_super+0x1386/0x35d0
[   94.173473][ T5826]        get_tree_nodev+0xbb/0x150
[   94.178600][ T5826]        vfs_get_tree+0x8f/0x2b0
[   94.183554][ T5826]        do_new_mount+0x24a/0xa40
[   94.188595][ T5826]        __se_sys_mount+0x317/0x410
[   94.193812][ T5826]        do_syscall_64+0xfa/0x3b0
[   94.198858][ T5826]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.205305][ T5826] 
[   94.205305][ T5826] other info that might help us debug this:
[   94.205305][ T5826] 
[   94.215542][ T5826] Chain exists of:
[   94.215542][ T5826]   &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5 --> jbd2_handle --> &oi->ip_xattr_sem
[   94.215542][ T5826] 
[   94.231339][ T5826]  Possible unsafe locking scenario:
[   94.231339][ T5826] 
[   94.238805][ T5826]        CPU0                    CPU1
[   94.244178][ T5826]        ----                    ----
[   94.249551][ T5826]   lock(&oi->ip_xattr_sem);
[   94.254160][ T5826]                                lock(jbd2_handle);
[   94.260765][ T5826]                                lock(&oi->ip_xattr_sem);
[   94.267888][ T5826]   lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5);
[   94.275194][ T5826] 
[   94.275194][ T5826]  *** DEADLOCK ***
[   94.275194][ T5826] 
[   94.283359][ T5826] 4 locks held by syz-executor740/5826:
[   94.288916][ T5826]  #0: ffff88803559c0e0 (&type->s_umount_key#43/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970
[   94.299059][ T5826]  #1: ffff888028202428 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[   94.308262][ T5826]  #2: ffff88807da72640 (&sb->s_type->i_mutex_key#16){++++}-{4:4}, at: vfs_setxattr+0x144/0x2f0
[   94.318745][ T5826]  #3: ffff88807da72378 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0
[   94.328691][ T5826] 
[   94.328691][ T5826] stack backtrace:
[   94.334604][ T5826] CPU: 1 UID: 0 PID: 5826 Comm: syz-executor740 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[   94.334625][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   94.334639][ T5826] Call Trace:
[   94.334651][ T5826]  <TASK>
[   94.334659][ T5826]  dump_stack_lvl+0x189/0x250
[   94.334688][ T5826]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.334712][ T5826]  ? __pfx__printk+0x10/0x10
[   94.334728][ T5826]  ? print_lock_name+0xde/0x100
[   94.334757][ T5826]  print_circular_bug+0x2ee/0x310
[   94.334791][ T5826]  check_noncircular+0x134/0x160
[   94.334824][ T5826]  validate_chain+0xb9b/0x2140
[   94.334850][ T5826]  ? __mutex_unlock_slowpath+0x1cd/0x700
[   94.334877][ T5826]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   94.334904][ T5826]  __lock_acquire+0xab9/0xd20
[   94.334927][ T5826]  ? ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[   94.334946][ T5826]  lock_acquire+0x120/0x360
[   94.334966][ T5826]  ? ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[   94.334987][ T5826]  ? is_bpf_text_address+0x26/0x2b0
[   94.335010][ T5826]  ? kernel_text_address+0xa5/0xe0
[   94.335031][ T5826]  down_write+0x96/0x1f0
[   94.335045][ T5826]  ? ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[   94.335064][ T5826]  ? __pfx_down_write+0x10/0x10
[   94.335083][ T5826]  ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[   94.335106][ T5826]  ? check_noncircular+0xe0/0x160
[   94.335132][ T5826]  ? lockdep_unlock+0x89/0x120
[   94.335150][ T5826]  ? validate_chain+0x897/0x2140
[   94.335174][ T5826]  ? __pfx_ocfs2_reserve_local_alloc_bits+0x10/0x10
[   94.335192][ T5826]  ? get_tree_nodev+0xbb/0x150
[   94.335216][ T5826]  ? __lock_acquire+0xab9/0xd20
[   94.335244][ T5826]  ? do_raw_spin_unlock+0x122/0x240
[   94.335261][ T5826]  ? _raw_spin_unlock+0x28/0x50
[   94.335279][ T5826]  ? ocfs2_alloc_should_use_local+0x152/0x310
[   94.335296][ T5826]  ? ocfs2_reserve_clusters_with_limit+0x16b/0xba0
[   94.335321][ T5826]  ocfs2_reserve_clusters_with_limit+0x1be/0xba0
[   94.335347][ T5826]  ? __pfx_ocfs2_reserve_clusters_with_limit+0x10/0x10
[   94.335375][ T5826]  ? __pfx_ocfs2_calc_xattr_set_need+0x10/0x10
[   94.335394][ T5826]  ? __lock_acquire+0xab9/0xd20
[   94.335418][ T5826]  ocfs2_init_xattr_set_ctxt+0x376/0x700
[   94.335435][ T5826]  ? __pfx_ocfs2_init_xattr_set_ctxt+0x10/0x10
[   94.335452][ T5826]  ? ocfs2_xattr_set+0xb36/0x11f0
[   94.335467][ T5826]  ? up_write+0x1c4/0x420
[   94.335480][ T5826]  ? ocfs2_xattr_set+0x334/0x11f0
[   94.335494][ T5826]  ocfs2_xattr_set+0xb70/0x11f0
[   94.335517][ T5826]  ? __pfx_ocfs2_xattr_set+0x10/0x10
[   94.335531][ T5826]  ? up+0xde/0x150
[   94.335556][ T5826]  ? smack_log+0xef/0x3f0
[   94.335582][ T5826]  ? __pfx___console_unlock+0x10/0x10
[   94.335597][ T5826]  ? smk_access+0x14c/0x4e0
[   94.335623][ T5826]  ? smk_tskacc+0x2fc/0x370
[   94.335649][ T5826]  ? posix_xattr_acl+0x93/0xc0
[   94.335672][ T5826]  ? evm_protect_xattr+0x4d4/0xa90
[   94.335695][ T5826]  ? __pfx_evm_protect_xattr+0x10/0x10
[   94.335716][ T5826]  ? safesetid_security_capable+0xa9/0x1a0
[   94.335735][ T5826]  ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[   94.335751][ T5826]  __vfs_setxattr+0x43c/0x480
[   94.335775][ T5826]  __vfs_setxattr_noperm+0x12d/0x660
[   94.335799][ T5826]  vfs_setxattr+0x16b/0x2f0
[   94.335826][ T5826]  ? __pfx_vfs_setxattr+0x10/0x10
[   94.335847][ T5826]  ? up_write+0x1c4/0x420
[   94.335863][ T5826]  ovl_get_workdir+0xbb7/0x1730
[   94.335891][ T5826]  ? __pfx_ovl_get_workdir+0x10/0x10
[   94.335925][ T5826]  ? do_raw_spin_unlock+0x122/0x240
[   94.335942][ T5826]  ? _raw_spin_unlock+0x28/0x50
[   94.335960][ T5826]  ? ovl_inuse_trylock+0xae/0xf0
[   94.335983][ T5826]  ovl_fill_super+0x1386/0x35d0
[   94.336010][ T5826]  ? rcu_is_watching+0x15/0xb0
[   94.336036][ T5826]  ? shrinker_register+0x124/0x230
[   94.336064][ T5826]  ? __pfx_ovl_fill_super+0x10/0x10
[   94.336088][ T5826]  ? __pfx___mutex_lock+0x10/0x10
[   94.336111][ T5826]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   94.336137][ T5826]  ? __raw_spin_lock_init+0x45/0x100
[   94.336158][ T5826]  ? sget_fc+0x962/0xa40
[   94.336173][ T5826]  ? __pfx_set_anon_super_fc+0x10/0x10
[   94.336189][ T5826]  ? __pfx_ovl_fill_super+0x10/0x10
[   94.336212][ T5826]  get_tree_nodev+0xbb/0x150
[   94.336230][ T5826]  vfs_get_tree+0x8f/0x2b0
[   94.336249][ T5826]  do_new_mount+0x24a/0xa40
[   94.336273][ T5826]  __se_sys_mount+0x317/0x410
[   94.336296][ T5826]  ? __pfx___se_sys_mount+0x10/0x10
[   94.336320][ T5826]  ? __x64_sys_mount+0x20/0xc0
[   94.336341][ T5826]  do_syscall_64+0xfa/0x3b0
[   94.336364][ T5826]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.336385][ T5826]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.336402][ T5826]  ? clear_bhb_loop+0x60/0xb0
[   94.336419][ T5826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.336435][ T5826] RIP: 0033:0x7f5b93343139
[   94.336455][ T5826] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   94.336472][ T5826] RSP: 002b:00007ffd1291aef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   94.336489][ T5826] RAX: ffffffffffffffda RBX: 00007ffd1291af00 RCX: 00007f5b93343139
[   94.336501][ T5826] RDX: 0000200000000000 RSI: 0000200000000040 RDI: 0000000000000000
[   94.336512][ T5826] RBP: 00007ffd1291af08 R08: 0000200000000200 R09: 00007f5b9330f0c0
[   94.336523][ T5826] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000000
[   94.336533][ T5826] R13: 00007ffd1291b168 R14: 0000000000000001 R15: 0000000000000001
[   94.336549][ T5826]  </TASK>
mount(NULL, "./file0", "overlay", MS_POSIXACL, "workdir=./file0,lowerdir=.,upperdir=./file4,uuid=off,,") = -1 EINVAL (Invalid argument)
exit_group(0)                           = ?
+++ exited with 0 +++
[   94.859405][ T5826] overlayfs: upper fs missing required fea