./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1765652386 <...> [ 97.235273][ T1077] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.98' (ED25519) to the list of known hosts. execve("./syz-executor1765652386", ["./syz-executor1765652386"], 0x7ffec06c79a0 /* 10 vars */) = 0 brk(NULL) = 0x555592881000 brk(0x555592881d00) = 0x555592881d00 arch_prctl(ARCH_SET_FS, 0x555592881380) = 0 set_tid_address(0x555592881650) = 5868 set_robust_list(0x555592881660, 24) = 0 rseq(0x555592881ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1765652386", 4096) = 28 getrandom("\x1f\x37\xf7\xa6\x17\xa6\x21\xde", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555592881d00 brk(0x5555928a2d00) = 0x5555928a2d00 brk(0x5555928a3000) = 0x5555928a3000 mprotect(0x7f4224386000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f421be00000 write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 munmap(0x7f421be00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 [ 101.297935][ T5868] loop0: detected capacity change from 0 to 32768 mount("/dev/loop0", "./file1", "ocfs2", MS_DIRSYNC|MS_REC|MS_I_VERSION|MS_LAZYTIME, "acl,nointr,atime_quantum=00000000000000000007,localflocks,localalloc=00000000000000000003,localflock"...) = 0 openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 chdir("./file1") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 101.356943][ T5868] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 001) = 4 openat(AT_FDCWD, ".", O_RDONLY) = 5 [ 101.453369][ T5868] [ 101.456207][ T5868] ====================================================== [ 101.463687][ T5868] WARNING: possible circular locking dependency detected [ 101.472188][ T5868] 6.16.0-next-20250808-syzkaller #0 Not tainted [ 101.479741][ T5868] ------------------------------------------------------ [ 101.488700][ T5868] syz-executor176/5868 is trying to acquire lock: [ 101.496720][ T5868] ffff88807514df40 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640 [ 101.512314][ T5868] [ 101.512314][ T5868] but task is already holding lock: [ 101.520955][ T5868] ffff8880781b86f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0 [ 101.532053][ T5868] [ 101.532053][ T5868] which lock already depends on the new lock. [ 101.532053][ T5868] [ 101.543098][ T5868] [ 101.543098][ T5868] the existing dependency chain (in reverse order) is: [ 101.552594][ T5868] [ 101.552594][ T5868] -> #5 (&oi->ip_xattr_sem){++++}-{4:4}: [ 101.561327][ T5868] lock_acquire+0x120/0x360 [ 101.566669][ T5868] down_read+0x46/0x2e0 [ 101.571658][ T5868] ocfs2_init_acl+0x2f9/0x720 [ 101.578113][ T5868] ocfs2_mknod+0x1321/0x2050 [ 101.584224][ T5868] ocfs2_create+0x1a5/0x440 [ 101.590546][ T5868] path_openat+0x14f1/0x3830 [ 101.596595][ T5868] do_filp_open+0x1fa/0x410 [ 101.603465][ T5868] do_sys_openat2+0x121/0x1c0 [ 101.609873][ T5868] __x64_sys_openat+0x138/0x170 [ 101.616534][ T5868] do_syscall_64+0xfa/0x3b0 [ 101.622870][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.630368][ T5868] [ 101.630368][ T5868] -> #4 (jbd2_handle){.+.+}-{0:0}: [ 101.638486][ T5868] lock_acquire+0x120/0x360 [ 101.645889][ T5868] start_this_handle+0x1fa7/0x21c0 [ 101.652526][ T5868] jbd2__journal_start+0x2c1/0x5b0 [ 101.660387][ T5868] jbd2_journal_start+0x2a/0x40 [ 101.666932][ T5868] ocfs2_start_trans+0x376/0x6d0 [ 101.673472][ T5868] ocfs2_mknod+0xe93/0x2050 [ 101.679200][ T5868] ocfs2_create+0x1a5/0x440 [ 101.685447][ T5868] path_openat+0x14f1/0x3830 [ 101.691223][ T5868] do_filp_open+0x1fa/0x410 [ 101.697247][ T5868] do_sys_openat2+0x121/0x1c0 [ 101.703498][ T5868] __x64_sys_openat+0x138/0x170 [ 101.709945][ T5868] do_syscall_64+0xfa/0x3b0 [ 101.716156][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.723292][ T5868] [ 101.723292][ T5868] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 101.732640][ T5868] lock_acquire+0x120/0x360 [ 101.738346][ T5868] down_read+0x46/0x2e0 [ 101.743649][ T5868] ocfs2_start_trans+0x36a/0x6d0 [ 101.750533][ T5868] ocfs2_mknod+0xe93/0x2050 [ 101.756368][ T5868] ocfs2_create+0x1a5/0x440 [ 101.761849][ T5868] path_openat+0x14f1/0x3830 [ 101.767546][ T5868] do_filp_open+0x1fa/0x410 [ 101.773584][ T5868] do_sys_openat2+0x121/0x1c0 [ 101.779348][ T5868] __x64_sys_openat+0x138/0x170 [ 101.785464][ T5868] do_syscall_64+0xfa/0x3b0 [ 101.791578][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.798716][ T5868] [ 101.798716][ T5868] -> #2 (sb_internal#2){.+.+}-{0:0}: [ 101.807401][ T5868] lock_acquire+0x120/0x360 [ 101.813042][ T5868] ocfs2_start_trans+0x26b/0x6d0 [ 101.819336][ T5868] ocfs2_mknod+0xe93/0x2050 [ 101.825527][ T5868] ocfs2_create+0x1a5/0x440 [ 101.831398][ T5868] path_openat+0x14f1/0x3830 [ 101.837673][ T5868] do_filp_open+0x1fa/0x410 [ 101.843527][ T5868] do_sys_openat2+0x121/0x1c0 [ 101.850017][ T5868] __x64_sys_openat+0x138/0x170 [ 101.856206][ T5868] do_syscall_64+0xfa/0x3b0 [ 101.862963][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.871985][ T5868] [ 101.871985][ T5868] -> #1 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}: [ 101.883532][ T5868] lock_acquire+0x120/0x360 [ 101.889405][ T5868] down_write+0x96/0x1f0 [ 101.894625][ T5868] ocfs2_reserve_local_alloc_bits+0x125/0x24e0 [ 101.902346][ T5868] ocfs2_reserve_clusters_with_limit+0x1be/0xba0 [ 101.910578][ T5868] ocfs2_mknod+0xe32/0x2050 [ 101.916058][ T5868] ocfs2_create+0x1a5/0x440 [ 101.921932][ T5868] path_openat+0x14f1/0x3830 [ 101.928557][ T5868] do_filp_open+0x1fa/0x410 [ 101.935464][ T5868] do_sys_openat2+0x121/0x1c0 [ 101.941473][ T5868] __x64_sys_openat+0x138/0x170 [ 101.948205][ T5868] do_syscall_64+0xfa/0x3b0 [ 101.954026][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.961250][ T5868] [ 101.961250][ T5868] -> #0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}: [ 101.973865][ T5868] validate_chain+0xb9b/0x2140 [ 101.979460][ T5868] __lock_acquire+0xab9/0xd20 [ 101.985285][ T5868] lock_acquire+0x120/0x360 [ 101.991307][ T5868] down_write+0x96/0x1f0 [ 101.996629][ T5868] ocfs2_reserve_suballoc_bits+0x15e/0x4640 [ 102.004347][ T5868] ocfs2_reserve_new_metadata_blocks+0x403/0x940 [ 102.011955][ T5868] ocfs2_init_xattr_set_ctxt+0x307/0x700 [ 102.020148][ T5868] ocfs2_xattr_set+0xb70/0x11f0 [ 102.026866][ T5868] ocfs2_set_acl+0x701/0x7b0 [ 102.032633][ T5868] ocfs2_iop_set_acl+0x1aa/0x2a0 [ 102.039940][ T5868] vfs_set_acl+0x884/0xb00 [ 102.046311][ T5868] do_set_acl+0xf6/0x190 [ 102.052700][ T5868] file_setxattr+0x234/0x2b0 [ 102.058619][ T5868] path_setxattrat+0x327/0x3a0 [ 102.068434][ T5868] __x64_sys_fsetxattr+0xbc/0xe0 [ 102.075197][ T5868] do_syscall_64+0xfa/0x3b0 [ 102.081673][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.089588][ T5868] [ 102.089588][ T5868] other info that might help us debug this: [ 102.089588][ T5868] [ 102.101303][ T5868] Chain exists of: [ 102.101303][ T5868] &ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE] --> jbd2_handle --> &oi->ip_xattr_sem [ 102.101303][ T5868] [ 102.121074][ T5868] Possible unsafe locking scenario: [ 102.121074][ T5868] [ 102.130858][ T5868] CPU0 CPU1 [ 102.137151][ T5868] ---- ---- [ 102.143548][ T5868] lock(&oi->ip_xattr_sem); [ 102.152438][ T5868] lock(jbd2_handle); [ 102.160400][ T5868] lock(&oi->ip_xattr_sem); [ 102.168930][ T5868] lock(&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]); [ 102.177555][ T5868] [ 102.177555][ T5868] *** DEADLOCK *** [ 102.177555][ T5868] [ 102.186744][ T5868] 3 locks held by syz-executor176/5868: [ 102.193652][ T5868] #0: ffff888079d98428 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write_file+0x60/0x200 [ 102.204252][ T5868] #1: ffff8880781b89c0 (&type->i_mutex_dir_key#6){+.+.}-{4:4}, at: vfs_set_acl+0x3cd/0xb00 [ 102.216368][ T5868] #2: ffff8880781b86f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0 [ 102.228073][ T5868] [ 102.228073][ T5868] stack backtrace: [ 102.234957][ T5868] CPU: 0 UID: 0 PID: 5868 Comm: syz-executor176 Not tainted 6.16.0-next-20250808-syzkaller #0 PREEMPT(full) [ 102.234980][ T5868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 102.234997][ T5868] Call Trace: [ 102.235005][ T5868] [ 102.235012][ T5868] dump_stack_lvl+0x189/0x250 [ 102.235036][ T5868] ? __pfx_dump_stack_lvl+0x10/0x10 [ 102.235054][ T5868] ? __pfx__printk+0x10/0x10 [ 102.235077][ T5868] ? print_lock_name+0xde/0x100 [ 102.235098][ T5868] print_circular_bug+0x2ee/0x310 [ 102.235117][ T5868] check_noncircular+0x134/0x160 [ 102.235136][ T5868] validate_chain+0xb9b/0x2140 [ 102.235161][ T5868] __lock_acquire+0xab9/0xd20 [ 102.235186][ T5868] ? ocfs2_reserve_suballoc_bits+0x15e/0x4640 [ 102.235206][ T5868] lock_acquire+0x120/0x360 [ 102.235227][ T5868] ? ocfs2_reserve_suballoc_bits+0x15e/0x4640 [ 102.235250][ T5868] down_write+0x96/0x1f0 [ 102.235264][ T5868] ? ocfs2_reserve_suballoc_bits+0x15e/0x4640 [ 102.235281][ T5868] ? __pfx_down_write+0x10/0x10 [ 102.235298][ T5868] ocfs2_reserve_suballoc_bits+0x15e/0x4640 [ 102.235322][ T5868] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 102.235342][ T5868] ? lockdep_hardirqs_on+0x9c/0x150 [ 102.235363][ T5868] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 102.235382][ T5868] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 102.235403][ T5868] ? __pfx_ocfs2_reserve_suballoc_bits+0x10/0x10 [ 102.235421][ T5868] ? stack_depot_save_flags+0x41b/0x860 [ 102.235445][ T5868] ? kasan_save_track+0x4f/0x80 [ 102.235464][ T5868] ? kasan_save_track+0x3e/0x80 [ 102.235482][ T5868] ? __kasan_kmalloc+0x93/0xb0 [ 102.235501][ T5868] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 102.235522][ T5868] ? ocfs2_reserve_new_metadata_blocks+0x113/0x940 [ 102.235539][ T5868] ? ocfs2_init_xattr_set_ctxt+0x307/0x700 [ 102.235560][ T5868] ? ocfs2_xattr_set+0xb70/0x11f0 [ 102.235578][ T5868] ? ocfs2_set_acl+0x701/0x7b0 [ 102.235594][ T5868] ? ocfs2_iop_set_acl+0x1aa/0x2a0 [ 102.235610][ T5868] ? vfs_set_acl+0x884/0xb00 [ 102.235630][ T5868] ? do_set_acl+0xf6/0x190 [ 102.235648][ T5868] ? file_setxattr+0x234/0x2b0 [ 102.235660][ T5868] ? path_setxattrat+0x327/0x3a0 [ 102.235677][ T5868] ? __x64_sys_fsetxattr+0xbc/0xe0 [ 102.235690][ T5868] ? do_syscall_64+0xfa/0x3b0 [ 102.235712][ T5868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.235742][ T5868] ? __kasan_kmalloc+0x93/0xb0 [ 102.235764][ T5868] ? ocfs2_reserve_new_metadata_blocks+0x113/0x940 [ 102.235783][ T5868] ocfs2_reserve_new_metadata_blocks+0x403/0x940 [ 102.235803][ T5868] ? __pfx_ocfs2_reserve_new_metadata_blocks+0x10/0x10 [ 102.235821][ T5868] ? __pfx_ocfs2_calc_xattr_set_need+0x10/0x10 [ 102.235846][ T5868] ? ocfs2_xattr_set+0xadd/0x11f0 [ 102.235874][ T5868] ocfs2_init_xattr_set_ctxt+0x307/0x700 [ 102.235897][ T5868] ? __pfx_ocfs2_init_xattr_set_ctxt+0x10/0x10 [ 102.235919][ T5868] ? ocfs2_xattr_set+0xb36/0x11f0 [ 102.235939][ T5868] ? up_write+0x1c4/0x420 [ 102.235955][ T5868] ? ocfs2_xattr_set+0x334/0x11f0 [ 102.235975][ T5868] ocfs2_xattr_set+0xb70/0x11f0 [ 102.236002][ T5868] ? __pfx_ocfs2_xattr_set+0x10/0x10 [ 102.236021][ T5868] ? vfs_set_acl+0x884/0xb00 [ 102.236039][ T5868] ? file_setxattr+0x234/0x2b0 [ 102.236051][ T5868] ? path_setxattrat+0x327/0x3a0 [ 102.236067][ T5868] ? __x64_sys_fsetxattr+0xbc/0xe0 [ 102.236080][ T5868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.236111][ T5868] ? rcu_is_watching+0x15/0xb0 [ 102.236126][ T5868] ? trace_kmalloc+0x1f/0xd0 [ 102.236144][ T5868] ? __kmalloc_noprof+0x29b/0x4f0 [ 102.236164][ T5868] ? ocfs2_set_acl+0x11c/0x7b0 [ 102.236182][ T5868] ocfs2_set_acl+0x701/0x7b0 [ 102.236203][ T5868] ocfs2_iop_set_acl+0x1aa/0x2a0 [ 102.236222][ T5868] ? __pfx_ocfs2_iop_set_acl+0x10/0x10 [ 102.236239][ T5868] ? __pfx_evm_inode_set_acl+0x10/0x10 [ 102.236259][ T5868] ? __pfx_down_write+0x10/0x10 [ 102.236272][ T5868] ? evm_revalidate_status+0x4f/0xb0 [ 102.236290][ T5868] ? posix_acl_valid+0x352/0x3e0 [ 102.236309][ T5868] vfs_set_acl+0x884/0xb00 [ 102.236332][ T5868] do_set_acl+0xf6/0x190 [ 102.236353][ T5868] file_setxattr+0x234/0x2b0 [ 102.236368][ T5868] path_setxattrat+0x327/0x3a0 [ 102.236388][ T5868] ? __pfx_path_setxattrat+0x10/0x10 [ 102.236417][ T5868] ? rcu_is_watching+0x15/0xb0 [ 102.236433][ T5868] __x64_sys_fsetxattr+0xbc/0xe0 [ 102.236449][ T5868] do_syscall_64+0xfa/0x3b0 [ 102.236471][ T5868] ? lockdep_hardirqs_on+0x9c/0x150 [ 102.236491][ T5868] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.236505][ T5868] ? clear_bhb_loop+0x60/0xb0 [ 102.236522][ T5868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.236537][ T5868] RIP: 0033:0x7f422430f7f9 [ 102.236558][ T5868] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 102.236570][ T5868] RSP: 002b:00007ffe307df808 EFLAGS: 00000246 ORIG_RAX: 00000000000000be [ 102.236587][ T5868] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f422430f7f9 fsetxattr(5, "system.posix_acl_access", "\x02\x00\x00\x00\x01\x00\x01\x00\x00\x00\x00\x00\x04\x00\x01\x00\x00\x00\x00\x00\x10\x00\x02\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00", 36, 0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 102.236597][ T5868] RDX: 000020000