./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor859409338 <...> Warning: Permanently added '10.128.1.3' (ED25519) to the list of known hosts. execve("./syz-executor859409338", ["./syz-executor859409338"], 0x7ffcb58dc880 /* 10 vars */) = 0 brk(NULL) = 0x5555573fc000 brk(0x5555573fcd00) = 0x5555573fcd00 arch_prctl(ARCH_SET_FS, 0x5555573fc380) = 0 set_tid_address(0x5555573fc650) = 5029 set_robust_list(0x5555573fc660, 24) = 0 rseq(0x5555573fcca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor859409338", 4096) = 27 getrandom("\xc4\x43\x86\x9a\x13\xe9\xcc\xed", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555573fcd00 brk(0x55555741dd00) = 0x55555741dd00 brk(0x55555741e000) = 0x55555741e000 mprotect(0x7fc8512de000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc848e2d000 [ 73.063649][ T5029] syz-executor859[5029]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 munmap(0x7fc848e2d000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 73.127044][ T5029] loop0: detected capacity change from 0 to 8192 [ 73.141338][ T5029] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 73.154642][ T5029] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 73.164204][ T5029] REISERFS (device loop0): using ordered data mode [ 73.171665][ T5029] reiserfs: using flush barriers mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 ioctl(4, LOOP_CLR_FD) = 0 [ 73.178909][ T5029] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 73.196566][ T5029] REISERFS (device loop0): checking transaction log (loop0) [ 73.206782][ T5029] REISERFS (device loop0): Using tea hash to sort names [ 73.216510][ T5029] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. close(4) = 0 [ 73.231617][ T5029] [ 73.234182][ T5029] ====================================================== [ 73.242798][ T5029] WARNING: possible circular locking dependency detected [ 73.249853][ T5029] 6.6.0-rc7-syzkaller-00137-g750b95887e56 #0 Not tainted [ 73.257086][ T5029] ------------------------------------------------------ [ 73.264134][ T5029] syz-executor859/5029 is trying to acquire lock: [ 73.270572][ T5029] ffffc90003ab10f0 (&journal->j_mutex){+.+.}-{3:3}, at: do_journal_begin_r+0x352/0x1020 [ 73.280607][ T5029] [ 73.280607][ T5029] but task is already holding lock: [ 73.288120][ T5029] ffff888020630410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write_file+0x61/0x200 [ 73.297395][ T5029] [ 73.297395][ T5029] which lock already depends on the new lock. [ 73.297395][ T5029] [ 73.308341][ T5029] [ 73.308341][ T5029] the existing dependency chain (in reverse order) is: [ 73.317443][ T5029] [ 73.317443][ T5029] -> #2 (sb_writers#9){.+.+}-{0:0}: [ 73.324944][ T5029] sb_start_write+0x4d/0x1c0 [ 73.330068][ T5029] mnt_want_write_file+0x61/0x200 [ 73.335790][ T5029] reiserfs_ioctl+0x178/0x2f0 [ 73.341010][ T5029] __se_sys_ioctl+0xf8/0x170 [ 73.346205][ T5029] do_syscall_64+0x41/0xc0 [ 73.351251][ T5029] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.357762][ T5029] [ 73.357762][ T5029] -> #1 (&sbi->lock){+.+.}-{3:3}: [ 73.364987][ T5029] __mutex_lock+0x136/0xd60 [ 73.370036][ T5029] reiserfs_write_lock_nested+0x5f/0xd0 [ 73.376127][ T5029] do_journal_begin_r+0x35d/0x1020 [ 73.381781][ T5029] journal_begin+0x14c/0x360 [ 73.386900][ T5029] reiserfs_fill_super+0x1853/0x2620 [ 73.392743][ T5029] mount_bdev+0x237/0x300 [ 73.399281][ T5029] legacy_get_tree+0xef/0x190 [ 73.404781][ T5029] vfs_get_tree+0x8c/0x280 [ 73.410004][ T5029] do_new_mount+0x28f/0xae0 [ 73.415237][ T5029] __se_sys_mount+0x2d9/0x3c0 [ 73.421527][ T5029] do_syscall_64+0x41/0xc0 [ 73.426702][ T5029] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.433864][ T5029] [ 73.433864][ T5029] -> #0 (&journal->j_mutex){+.+.}-{3:3}: [ 73.442266][ T5029] __lock_acquire+0x39ff/0x7f70 [ 73.448032][ T5029] lock_acquire+0x1e3/0x520 [ 73.453253][ T5029] __mutex_lock+0x136/0xd60 [ 73.458840][ T5029] do_journal_begin_r+0x352/0x1020 [ 73.465283][ T5029] journal_begin+0x14c/0x360 [ 73.470417][ T5029] reiserfs_dirty_inode+0x120/0x240 [ 73.476178][ T5029] __mark_inode_dirty+0x305/0xd90 [ 73.481728][ T5029] reiserfs_ioctl+0x24e/0x2f0 [ 73.487197][ T5029] __se_sys_ioctl+0xf8/0x170 [ 73.492508][ T5029] do_syscall_64+0x41/0xc0 [ 73.497456][ T5029] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.503893][ T5029] [ 73.503893][ T5029] other info that might help us debug this: [ 73.503893][ T5029] [ 73.515457][ T5029] Chain exists of: [ 73.515457][ T5029] &journal->j_mutex --> &sbi->lock --> sb_writers#9 [ 73.515457][ T5029] [ 73.530615][ T5029] Possible unsafe locking scenario: [ 73.530615][ T5029] [ 73.538780][ T5029] CPU0 CPU1 [ 73.544337][ T5029] ---- ---- [ 73.549803][ T5029] rlock(sb_writers#9); [ 73.554085][ T5029] lock(&sbi->lock); [ 73.560603][ T5029] lock(sb_writers#9); [ 73.567380][ T5029] lock(&journal->j_mutex); [ 73.572081][ T5029] [ 73.572081][ T5029] *** DEADLOCK *** [ 73.572081][ T5029] [ 73.580237][ T5029] 1 lock held by syz-executor859/5029: [ 73.585718][ T5029] #0: ffff888020630410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write_file+0x61/0x200 [ 73.595497][ T5029] [ 73.595497][ T5029] stack backtrace: [ 73.601490][ T5029] CPU: 1 PID: 5029 Comm: syz-executor859 Not tainted 6.6.0-rc7-syzkaller-00137-g750b95887e56 #0 [ 73.612443][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 73.622524][ T5029] Call Trace: [ 73.625851][ T5029] [ 73.628802][ T5029] dump_stack_lvl+0x1e7/0x2d0 [ 73.633546][ T5029] ? nf_tcp_handle_invalid+0x650/0x650 [ 73.639056][ T5029] ? print_circular_bug+0x12b/0x1a0 [ 73.644541][ T5029] check_noncircular+0x375/0x4a0 [ 73.649491][ T5029] ? print_deadlock_bug+0x600/0x600 [ 73.654709][ T5029] ? lockdep_lock+0x123/0x2b0 [ 73.659388][ T5029] ? mark_lock+0x9a/0x340 [ 73.663718][ T5029] ? _find_first_zero_bit+0xd4/0x100 [ 73.669025][ T5029] __lock_acquire+0x39ff/0x7f70 [ 73.673896][ T5029] ? __kernel_text_address+0xd/0x40 [ 73.679193][ T5029] ? arch_stack_walk+0x162/0x1a0 [ 73.684142][ T5029] ? verify_lock_unused+0x140/0x140 [ 73.689351][ T5029] ? stack_trace_save+0x117/0x1c0 [ 73.694431][ T5029] ? reacquire_held_locks+0x3a9/0x660 [ 73.700182][ T5029] ? mnt_want_write_file+0x61/0x200 [ 73.706095][ T5029] ? print_deadlock_bug+0x600/0x600 [ 73.711499][ T5029] ? print_unlock_imbalance_bug+0x2c0/0x2c0 [ 73.717398][ T5029] lock_acquire+0x1e3/0x520 [ 73.721907][ T5029] ? do_journal_begin_r+0x352/0x1020 [ 73.727221][ T5029] ? read_lock_is_recursive+0x20/0x20 [ 73.732696][ T5029] ? reiserfs_write_unlock_nested+0xd5/0x120 [ 73.738805][ T5029] ? __might_sleep+0xc0/0xc0 [ 73.743534][ T5029] __mutex_lock+0x136/0xd60 [ 73.748060][ T5029] ? do_journal_begin_r+0x352/0x1020 [ 73.753368][ T5029] ? mutex_unlock+0x10/0x10 [ 73.757893][ T5029] ? do_journal_begin_r+0x352/0x1020 [ 73.763198][ T5029] ? mutex_lock_nested+0x20/0x20 [ 73.768164][ T5029] ? reiserfs_write_unlock_nested+0xd5/0x120 [ 73.774153][ T5029] do_journal_begin_r+0x352/0x1020 [ 73.779286][ T5029] ? journal_join_abort+0xe0/0xe0 [ 73.784318][ T5029] ? ktime_get_coarse_real_ts64+0x3a/0x120 [ 73.790213][ T5029] ? lockdep_hardirqs_on+0x98/0x140 [ 73.795420][ T5029] journal_begin+0x14c/0x360 [ 73.800021][ T5029] reiserfs_dirty_inode+0x120/0x240 [ 73.806917][ T5029] ? reiserfs_free_inode+0x30/0x30 [ 73.812252][ T5029] ? inode_set_ctime_current+0x1e0/0x2f0 [ 73.817908][ T5029] ? reiserfs_free_inode+0x30/0x30 [ 73.823347][ T5029] __mark_inode_dirty+0x305/0xd90 [ 73.828581][ T5029] ? __might_fault+0xc1/0x120 [ 73.833572][ T5029] reiserfs_ioctl+0x24e/0x2f0 [ 73.838357][ T5029] ? __se_sys_ioctl+0xed/0x170 [ 73.843935][ T5029] ? reiserfs_unpack+0x610/0x610 [ 73.849087][ T5029] __se_sys_ioctl+0xf8/0x170 [ 73.853901][ T5029] do_syscall_64+0x41/0xc0 [ 73.858345][ T5029] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.864273][ T5029] RIP: 0033:0x7fc85126a5c9 [ 73.868790][ T5029] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.888407][ T5029] RSP: 002b:00007fff48885988 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.896824][ T5029] RAX: ffffffffffffffda RBX: 00007fff48885b58 RCX: 00007fc85126a5c9 [ 73.904792][ T5029] RDX: 0000000020000000 RSI: 0000000040087602 RDI: 0000000000000003 [ 73.912784][ T5029] RBP: 00007fc8512de610 R08: 000000000000111c R09: 00007fff48885b58 [ 73.920749][ T5029] R10: 00007fff48885840 R11: 0000000000000246 R12: 0000000000000001 ioctl(3, FS_IOC_SETVERSION, 0x20000000) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 73.928754][ T5029] R13: 00007fff48885b48 R14: 0000000000000001 R15: 0000