./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor5047740 <...> Warning: Permanently added '10.128.1.148' (ED25519) to the list of known hosts. execve("./syz-executor5047740", ["./syz-executor5047740"], 0x7ffc61bd6480 /* 10 vars */) = 0 brk(NULL) = 0x555556767000 brk(0x555556767d00) = 0x555556767d00 arch_prctl(ARCH_SET_FS, 0x555556767380) = 0 set_tid_address(0x555556767650) = 5029 set_robust_list(0x555556767660, 24) = 0 rseq(0x555556767ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor5047740", 4096) = 25 getrandom("\x22\xcf\x23\x48\x74\x89\x2b\xf8", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556767d00 brk(0x555556788d00) = 0x555556788d00 brk(0x555556789000) = 0x555556789000 mprotect(0x7fca61b8f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca596de000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 munmap(0x7fca596de000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.621832][ T5029] syz-executor504[5029]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 54.673164][ T5029] loop0: detected capacity change from 0 to 8192 [ 54.685399][ T5029] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.698496][ T5029] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 54.707845][ T5029] REISERFS (device loop0): using ordered data mode [ 54.714370][ T5029] reiserfs: using flush barriers mount("/dev/loop0", "./file0", "reiserfs", 0, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 54.720485][ T5029] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.737192][ T5029] REISERFS (device loop0): checking transaction log (loop0) [ 54.746834][ T5029] REISERFS (device loop0): Using r5 hash to sort names [ 54.753971][ T5029] REISERFS (device loop0): using 3.5.x disk format [ 54.761190][ T5029] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 54.778575][ T5029] [ 54.780918][ T5029] ====================================================== [ 54.787933][ T5029] WARNING: possible circular locking dependency detected [ 54.794948][ T5029] 6.6.0-rc4-syzkaller-00284-gb9ddbb0cde2a #0 Not tainted [ 54.801990][ T5029] ------------------------------------------------------ [ 54.808999][ T5029] syz-executor504/5029 is trying to acquire lock: [ 54.815397][ T5029] ffff8880203e8410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write_file+0x61/0x200 [ 54.824648][ T5029] [ 54.824648][ T5029] but task is already holding lock: [ 54.831984][ T5029] ffff88814074a090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x7a/0xd0 [ 54.840917][ T5029] [ 54.840917][ T5029] which lock already depends on the new lock. [ 54.840917][ T5029] [ 54.851294][ T5029] [ 54.851294][ T5029] the existing dependency chain (in reverse order) is: [ 54.860279][ T5029] [ 54.860279][ T5029] -> #2 (&sbi->lock){+.+.}-{3:3}: [ 54.867464][ T5029] __mutex_lock+0x136/0xd60 [ 54.872475][ T5029] reiserfs_write_lock+0x7a/0xd0 [ 54.877918][ T5029] reiserfs_lookup+0x162/0x580 [ 54.883179][ T5029] __lookup_slow+0x282/0x3e0 [ 54.888266][ T5029] lookup_one_len+0x18b/0x2d0 [ 54.893440][ T5029] reiserfs_lookup_privroot+0x89/0x180 [ 54.899395][ T5029] reiserfs_fill_super+0x21c1/0x2620 [ 54.905194][ T5029] mount_bdev+0x237/0x300 [ 54.910024][ T5029] legacy_get_tree+0xef/0x190 [ 54.915199][ T5029] vfs_get_tree+0x8c/0x280 [ 54.920109][ T5029] do_new_mount+0x28f/0xae0 [ 54.925110][ T5029] __se_sys_mount+0x2d9/0x3c0 [ 54.930282][ T5029] do_syscall_64+0x41/0xc0 [ 54.935195][ T5029] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.941584][ T5029] [ 54.941584][ T5029] -> #1 (&type->i_mutex_dir_key#6){+.+.}-{3:3}: [ 54.949983][ T5029] down_write+0x3a/0x50 [ 54.954640][ T5029] path_openat+0x7c2/0x3180 [ 54.959638][ T5029] do_filp_open+0x234/0x490 [ 54.964638][ T5029] do_sys_openat2+0x13e/0x1d0 [ 54.970074][ T5029] __x64_sys_openat+0x247/0x290 [ 54.975424][ T5029] do_syscall_64+0x41/0xc0 [ 54.980334][ T5029] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.986724][ T5029] [ 54.986724][ T5029] -> #0 (sb_writers#9){.+.+}-{0:0}: [ 54.994083][ T5029] __lock_acquire+0x39ff/0x7f70 [ 54.999437][ T5029] lock_acquire+0x1e3/0x520 [ 55.004464][ T5029] sb_start_write+0x4d/0x1c0 [ 55.009555][ T5029] mnt_want_write_file+0x61/0x200 [ 55.015077][ T5029] reiserfs_ioctl+0x178/0x2f0 [ 55.020252][ T5029] __se_sys_ioctl+0xf8/0x170 [ 55.025340][ T5029] do_syscall_64+0x41/0xc0 [ 55.030269][ T5029] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.036675][ T5029] [ 55.036675][ T5029] other info that might help us debug this: [ 55.036675][ T5029] [ 55.046890][ T5029] Chain exists of: [ 55.046890][ T5029] sb_writers#9 --> &type->i_mutex_dir_key#6 --> &sbi->lock [ 55.046890][ T5029] [ 55.060001][ T5029] Possible unsafe locking scenario: [ 55.060001][ T5029] [ 55.067429][ T5029] CPU0 CPU1 [ 55.072776][ T5029] ---- ---- [ 55.078117][ T5029] lock(&sbi->lock); [ 55.082081][ T5029] lock(&type->i_mutex_dir_key#6); [ 55.089788][ T5029] lock(&sbi->lock); [ 55.096270][ T5029] rlock(sb_writers#9); [ 55.100491][ T5029] [ 55.100491][ T5029] *** DEADLOCK *** [ 55.100491][ T5029] [ 55.108609][ T5029] 1 lock held by syz-executor504/5029: [ 55.114043][ T5029] #0: ffff88814074a090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x7a/0xd0 [ 55.123418][ T5029] [ 55.123418][ T5029] stack backtrace: [ 55.129279][ T5029] CPU: 1 PID: 5029 Comm: syz-executor504 Not tainted 6.6.0-rc4-syzkaller-00284-gb9ddbb0cde2a #0 [ 55.139839][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 55.149870][ T5029] Call Trace: [ 55.153133][ T5029] [ 55.156043][ T5029] dump_stack_lvl+0x1e7/0x2d0 [ 55.160704][ T5029] ? nf_tcp_handle_invalid+0x650/0x650 [ 55.166147][ T5029] ? print_circular_bug+0x12b/0x1a0 [ 55.171324][ T5029] check_noncircular+0x375/0x4a0 [ 55.176242][ T5029] ? print_deadlock_bug+0x600/0x600 [ 55.181416][ T5029] ? lockdep_lock+0x123/0x2b0 [ 55.186072][ T5029] ? mark_lock+0x9a/0x340 [ 55.190378][ T5029] ? _find_first_zero_bit+0xd4/0x100 [ 55.195645][ T5029] __lock_acquire+0x39ff/0x7f70 [ 55.200479][ T5029] ? verify_lock_unused+0x140/0x140 [ 55.205653][ T5029] ? lockdep_hardirqs_on+0x98/0x140 [ 55.210838][ T5029] ? __mutex_trylock_common+0x182/0x2e0 [ 55.216366][ T5029] ? __might_sleep+0xc0/0xc0 [ 55.220948][ T5029] ? trace_raw_output_contention_end+0xd0/0xd0 [ 55.227098][ T5029] lock_acquire+0x1e3/0x520 [ 55.231584][ T5029] ? mnt_want_write_file+0x61/0x200 [ 55.236766][ T5029] ? read_lock_is_recursive+0x20/0x20 [ 55.242124][ T5029] ? __might_sleep+0xc0/0xc0 [ 55.246713][ T5029] ? mutex_lock_nested+0x20/0x20 [ 55.251661][ T5029] sb_start_write+0x4d/0x1c0 [ 55.256234][ T5029] ? mnt_want_write_file+0x61/0x200 [ 55.261413][ T5029] mnt_want_write_file+0x61/0x200 [ 55.266420][ T5029] reiserfs_ioctl+0x178/0x2f0 [ 55.271079][ T5029] ? __se_sys_ioctl+0xed/0x170 [ 55.275825][ T5029] ? reiserfs_unpack+0x610/0x610 [ 55.280743][ T5029] __se_sys_ioctl+0xf8/0x170 [ 55.285319][ T5029] do_syscall_64+0x41/0xc0 [ 55.289725][ T5029] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.295598][ T5029] RIP: 0033:0x7fca61b1b639 [ 55.299992][ T5029] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.319573][ T5029] RSP: 002b:00007ffed91ca878 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 ioctl(4, FS_IOC_SETVERSION, 0) = -1 EFAULT (Bad address) exit_group(0) = ? +++ exited with 0 +++ [ 55.327963][ T5029] RAX: fffffffff