./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2319311642 <...> Warning: Permanently added '10.128.1.20' (ED25519) to the list of known hosts. execve("./syz-executor2319311642", ["./syz-executor2319311642"], 0x7ffe57e07ac0 /* 10 vars */) = 0 brk(NULL) = 0x555557480000 brk(0x555557480d00) = 0x555557480d00 arch_prctl(ARCH_SET_FS, 0x555557480380) = 0 set_tid_address(0x555557480650) = 5024 set_robust_list(0x555557480660, 24) = 0 rseq(0x555557480ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2319311642", 4096) = 28 getrandom("\xf4\xc0\x3f\xb7\xe7\x82\x22\x7b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557480d00 brk(0x5555574a1d00) = 0x5555574a1d00 brk(0x5555574a2000) = 0x5555574a2000 mprotect(0x7ffaed0cb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ffae4c1a000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 munmap(0x7ffae4c1a000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 syzkaller login: [ 56.399446][ T5024] syz-executor231[5024]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 56.450529][ T5024] loop0: detected capacity change from 0 to 8192 [ 56.463357][ T5024] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 56.476387][ T5024] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 56.485823][ T5024] REISERFS (device loop0): using ordered data mode [ 56.492346][ T5024] reiserfs: using flush barriers mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 56.498480][ T5024] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 56.514971][ T5024] REISERFS (device loop0): checking transaction log (loop0) [ 56.524257][ T5024] REISERFS (device loop0): Using tea hash to sort names [ 56.532161][ T5024] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 56.552515][ T5024] [ 56.554861][ T5024] ====================================================== [ 56.561876][ T5024] WARNING: possible circular locking dependency detected [ 56.568895][ T5024] 6.6.0-rc7-syzkaller-00137-g750b95887e56 #0 Not tainted [ 56.575912][ T5024] ------------------------------------------------------ [ 56.582906][ T5024] syz-executor231/5024 is trying to acquire lock: [ 56.589300][ T5024] ffffc90003a910f0 (&journal->j_mutex){+.+.}-{3:3}, at: do_journal_begin_r+0x352/0x1020 [ 56.599044][ T5024] [ 56.599044][ T5024] but task is already holding lock: [ 56.606387][ T5024] ffff888020628410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write_file+0x61/0x200 [ 56.615589][ T5024] [ 56.615589][ T5024] which lock already depends on the new lock. [ 56.615589][ T5024] [ 56.625970][ T5024] [ 56.625970][ T5024] the existing dependency chain (in reverse order) is: [ 56.634959][ T5024] [ 56.634959][ T5024] -> #2 (sb_writers#9){.+.+}-{0:0}: [ 56.642329][ T5024] sb_start_write+0x4d/0x1c0 [ 56.647422][ T5024] mnt_want_write_file+0x61/0x200 [ 56.652948][ T5024] reiserfs_ioctl+0x178/0x2f0 [ 56.658126][ T5024] __se_sys_ioctl+0xf8/0x170 [ 56.663218][ T5024] do_syscall_64+0x41/0xc0 [ 56.668136][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.674539][ T5024] [ 56.674539][ T5024] -> #1 (&sbi->lock){+.+.}-{3:3}: [ 56.681721][ T5024] __mutex_lock+0x136/0xd60 [ 56.686729][ T5024] reiserfs_write_lock_nested+0x5f/0xd0 [ 56.692775][ T5024] do_journal_begin_r+0x35d/0x1020 [ 56.698389][ T5024] journal_begin+0x14c/0x360 [ 56.703476][ T5024] reiserfs_fill_super+0x1853/0x2620 [ 56.709260][ T5024] mount_bdev+0x237/0x300 [ 56.714098][ T5024] legacy_get_tree+0xef/0x190 [ 56.719279][ T5024] vfs_get_tree+0x8c/0x280 [ 56.724251][ T5024] do_new_mount+0x28f/0xae0 [ 56.729260][ T5024] __se_sys_mount+0x2d9/0x3c0 [ 56.734434][ T5024] do_syscall_64+0x41/0xc0 [ 56.739349][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.745740][ T5024] [ 56.745740][ T5024] -> #0 (&journal->j_mutex){+.+.}-{3:3}: [ 56.753533][ T5024] __lock_acquire+0x39ff/0x7f70 [ 56.758879][ T5024] lock_acquire+0x1e3/0x520 [ 56.763881][ T5024] __mutex_lock+0x136/0xd60 [ 56.768883][ T5024] do_journal_begin_r+0x352/0x1020 [ 56.774494][ T5024] journal_begin+0x14c/0x360 [ 56.779581][ T5024] reiserfs_dirty_inode+0x120/0x240 [ 56.785282][ T5024] __mark_inode_dirty+0x305/0xd90 [ 56.790805][ T5024] reiserfs_ioctl+0x24e/0x2f0 [ 56.795981][ T5024] __se_sys_ioctl+0xf8/0x170 [ 56.801070][ T5024] do_syscall_64+0x41/0xc0 [ 56.805999][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.812417][ T5024] [ 56.812417][ T5024] other info that might help us debug this: [ 56.812417][ T5024] [ 56.822625][ T5024] Chain exists of: [ 56.822625][ T5024] &journal->j_mutex --> &sbi->lock --> sb_writers#9 [ 56.822625][ T5024] [ 56.835115][ T5024] Possible unsafe locking scenario: [ 56.835115][ T5024] [ 56.842539][ T5024] CPU0 CPU1 [ 56.847880][ T5024] ---- ---- [ 56.853223][ T5024] rlock(sb_writers#9); [ 56.857458][ T5024] lock(&sbi->lock); [ 56.863935][ T5024] lock(sb_writers#9); [ 56.870595][ T5024] lock(&journal->j_mutex); [ 56.875250][ T5024] [ 56.875250][ T5024] *** DEADLOCK *** [ 56.875250][ T5024] [ 56.883372][ T5024] 1 lock held by syz-executor231/5024: [ 56.888806][ T5024] #0: ffff888020628410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write_file+0x61/0x200 [ 56.898443][ T5024] [ 56.898443][ T5024] stack backtrace: [ 56.904567][ T5024] CPU: 0 PID: 5024 Comm: syz-executor231 Not tainted 6.6.0-rc7-syzkaller-00137-g750b95887e56 #0 [ 56.914954][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 56.924989][ T5024] Call Trace: [ 56.928249][ T5024] [ 56.931159][ T5024] dump_stack_lvl+0x1e7/0x2d0 [ 56.935819][ T5024] ? nf_tcp_handle_invalid+0x650/0x650 [ 56.941256][ T5024] ? print_circular_bug+0x12b/0x1a0 [ 56.946435][ T5024] check_noncircular+0x375/0x4a0 [ 56.951350][ T5024] ? print_deadlock_bug+0x600/0x600 [ 56.956527][ T5024] ? lockdep_lock+0x123/0x2b0 [ 56.961180][ T5024] ? mark_lock+0x9a/0x340 [ 56.965494][ T5024] ? _find_first_zero_bit+0xd4/0x100 [ 56.970762][ T5024] __lock_acquire+0x39ff/0x7f70 [ 56.975593][ T5024] ? __kernel_text_address+0xd/0x40 [ 56.980943][ T5024] ? arch_stack_walk+0x162/0x1a0 [ 56.985856][ T5024] ? verify_lock_unused+0x140/0x140 [ 56.991034][ T5024] ? stack_trace_save+0x117/0x1c0 [ 56.996041][ T5024] ? reacquire_held_locks+0x3a9/0x660 [ 57.001391][ T5024] ? mnt_want_write_file+0x61/0x200 [ 57.006565][ T5024] ? print_deadlock_bug+0x600/0x600 [ 57.011741][ T5024] ? print_unlock_imbalance_bug+0x2c0/0x2c0 [ 57.017613][ T5024] lock_acquire+0x1e3/0x520 [ 57.022095][ T5024] ? do_journal_begin_r+0x352/0x1020 [ 57.027363][ T5024] ? read_lock_is_recursive+0x20/0x20 [ 57.032716][ T5024] ? reiserfs_write_unlock_nested+0xd5/0x120 [ 57.038674][ T5024] ? __might_sleep+0xc0/0xc0 [ 57.043248][ T5024] __mutex_lock+0x136/0xd60 [ 57.047730][ T5024] ? do_journal_begin_r+0x352/0x1020 [ 57.052993][ T5024] ? mutex_unlock+0x10/0x10 [ 57.057477][ T5024] ? do_journal_begin_r+0x352/0x1020 [ 57.062742][ T5024] ? mutex_lock_nested+0x20/0x20 [ 57.067662][ T5024] ? reiserfs_write_unlock_nested+0xd5/0x120 [ 57.073622][ T5024] do_journal_begin_r+0x352/0x1020 [ 57.078717][ T5024] ? journal_join_abort+0xe0/0xe0 [ 57.083721][ T5024] ? ktime_get_coarse_real_ts64+0x3a/0x120 [ 57.089505][ T5024] ? lockdep_hardirqs_on+0x98/0x140 [ 57.094686][ T5024] journal_begin+0x14c/0x360 [ 57.099254][ T5024] reiserfs_dirty_inode+0x120/0x240 [ 57.104436][ T5024] ? reiserfs_free_inode+0x30/0x30 [ 57.109527][ T5024] ? inode_set_ctime_current+0x1e0/0x2f0 [ 57.115143][ T5024] ? reiserfs_free_inode+0x30/0x30 [ 57.120235][ T5024] __mark_inode_dirty+0x305/0xd90 [ 57.125237][ T5024] ? __might_fault+0xc1/0x120 [ 57.129897][ T5024] reiserfs_ioctl+0x24e/0x2f0 [ 57.134563][ T5024] ? __se_sys_ioctl+0xed/0x170 [ 57.139307][ T5024] ? reiserfs_unpack+0x610/0x610 [ 57.144224][ T5024] __se_sys_ioctl+0xf8/0x170 [ 57.148794][ T5024] do_syscall_64+0x41/0xc0 [ 57.153191][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.159075][ T5024] RIP: 0033:0x7ffaed0575c9 [ 57.163469][ T5024] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.183139][ T5024] RSP: 002b:00007ffe2776b718 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.191530][ T5024] RAX: ffffffffffffffda RBX: 00007ffe2776b8e8 RCX: 00007ffaed0575c9 ioctl(3, FS_IOC_SETVERSION, 0x20000000) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 57.199479][ T5024] RDX: 0000000020000000 RSI: 0000000040087602 RDI: 00