./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor391372189 <...> Warning: Permanently added '10.128.1.143' (ECDSA) to the list of known hosts. execve("./syz-executor391372189", ["./syz-executor391372189"], 0x7fffa462ea50 /* 10 vars */) = 0 brk(NULL) = 0x55555623d000 brk(0x55555623dc40) = 0x55555623dc40 arch_prctl(ARCH_SET_FS, 0x55555623d300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor391372189", 4096) = 27 brk(0x55555625ec40) = 0x55555625ec40 brk(0x55555625f000) = 0x55555625f000 mprotect(0x7f9a63efd000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9a5ba43000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 munmap(0x7f9a5ba43000, 4194304) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 syzkaller login: [ 53.842764][ T4998] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4998 'syz-executor391' ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 53.889916][ T4998] loop0: detected capacity change from 0 to 8192 [ 53.901547][ T4998] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 53.914816][ T4998] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 53.924215][ T4998] REISERFS (device loop0): using ordered data mode [ 53.930712][ T4998] reiserfs: using flush barriers mount("/dev/loop0", "./file0", "reiserfs", MS_RDONLY|MS_NOSUID|MS_DIRSYNC|MS_REC|MS_SILENT|MS_RELATIME|MS_STRICTATIME, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 mkdir(".", 0777) = -1 EEXIST (File exists) [ 53.936956][ T4998] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 53.953609][ T4998] REISERFS (device loop0): checking transaction log (loop0) [ 53.963062][ T4998] REISERFS (device loop0): Using r5 hash to sort names [ 53.973765][ T4998] reiserfs: enabling write barrier flush mode mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0 openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 chdir(".") = 0 open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 5 open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 7 ioctl(7, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 8 mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 8, 0) = 0x20000000 ftruncate(6, 33587195) = 0 [ 53.986085][ T4998] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 54.006557][ T4998] [ 54.008922][ T4998] ====================================================== [ 54.015935][ T4998] WARNING: possible circular locking dependency detected [ 54.022938][ T4998] 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0 Not tainted [ 54.029935][ T4998] ------------------------------------------------------ [ 54.036929][ T4998] syz-executor391/4998 is trying to acquire lock: [ 54.043314][ T4998] ffff8880156e3090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x7a/0xd0 [ 54.052465][ T4998] [ 54.052465][ T4998] but task is already holding lock: [ 54.059803][ T4998] ffff88807a6de558 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x1a4/0x600 [ 54.068830][ T4998] [ 54.068830][ T4998] which lock already depends on the new lock. [ 54.068830][ T4998] [ 54.079303][ T4998] [ 54.079303][ T4998] the existing dependency chain (in reverse order) is: [ 54.088384][ T4998] [ 54.088384][ T4998] -> #2 (sb_pagefaults){.+.+}-{0:0}: [ 54.095873][ T4998] lock_acquire+0x1e3/0x520 [ 54.100908][ T4998] filemap_page_mkwrite+0x16f/0x640 [ 54.106613][ T4998] do_page_mkwrite+0x1a4/0x600 [ 54.111895][ T4998] handle_mm_fault+0x2140/0x5860 [ 54.117526][ T4998] exc_page_fault+0x7d2/0x910 [ 54.122736][ T4998] asm_exc_page_fault+0x26/0x30 [ 54.128104][ T4998] rep_movs_alternative+0x4a/0xb0 [ 54.133647][ T4998] _copy_to_iter+0x267/0x1060 [ 54.138922][ T4998] copy_page_to_iter+0xe7/0x1d0 [ 54.144282][ T4998] filemap_read+0x8e5/0x1170 [ 54.149480][ T4998] vfs_read+0x788/0xb00 [ 54.154425][ T4998] ksys_read+0x1a0/0x2c0 [ 54.159284][ T4998] do_syscall_64+0x41/0xc0 [ 54.164210][ T4998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.170618][ T4998] [ 54.170618][ T4998] -> #1 (&mm->mmap_lock){++++}-{3:3}: [ 54.178162][ T4998] lock_acquire+0x1e3/0x520 [ 54.183271][ T4998] __might_fault+0xba/0x120 [ 54.188282][ T4998] reiserfs_ioctl+0x121/0x340 [ 54.193465][ T4998] __se_sys_ioctl+0xf1/0x160 [ 54.198566][ T4998] do_syscall_64+0x41/0xc0 [ 54.203572][ T4998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.209970][ T4998] [ 54.209970][ T4998] -> #0 (&sbi->lock){+.+.}-{3:3}: [ 54.217165][ T4998] validate_chain+0x166b/0x58f0 [ 54.222537][ T4998] __lock_acquire+0x1316/0x2070 [ 54.227906][ T4998] lock_acquire+0x1e3/0x520 [ 54.232913][ T4998] __mutex_lock_common+0x1d8/0x2530 [ 54.238621][ T4998] mutex_lock_nested+0x1b/0x20 [ 54.243895][ T4998] reiserfs_write_lock+0x7a/0xd0 [ 54.249338][ T4998] reiserfs_dirty_inode+0xf2/0x240 [ 54.254958][ T4998] __mark_inode_dirty+0x305/0xd90 [ 54.260492][ T4998] __file_update_time+0x221/0x240 [ 54.266033][ T4998] file_update_time+0x350/0x3c0 [ 54.271499][ T4998] filemap_page_mkwrite+0x27b/0x640 [ 54.277236][ T4998] do_page_mkwrite+0x1a4/0x600 [ 54.282528][ T4998] handle_mm_fault+0x2140/0x5860 [ 54.288019][ T4998] exc_page_fault+0x7d2/0x910 [ 54.293393][ T4998] asm_exc_page_fault+0x26/0x30 [ 54.298842][ T4998] rep_movs_alternative+0x4a/0xb0 [ 54.304458][ T4998] _copy_to_iter+0x267/0x1060 [ 54.309650][ T4998] copy_page_to_iter+0xe7/0x1d0 [ 54.315017][ T4998] filemap_read+0x8e5/0x1170 [ 54.320295][ T4998] vfs_read+0x788/0xb00 [ 54.324962][ T4998] ksys_read+0x1a0/0x2c0 [ 54.330151][ T4998] do_syscall_64+0x41/0xc0 [ 54.335069][ T4998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.341470][ T4998] [ 54.341470][ T4998] other info that might help us debug this: [ 54.341470][ T4998] [ 54.351678][ T4998] Chain exists of: [ 54.351678][ T4998] &sbi->lock --> &mm->mmap_lock --> sb_pagefaults [ 54.351678][ T4998] [ 54.364031][ T4998] Possible unsafe locking scenario: [ 54.364031][ T4998] [ 54.371564][ T4998] CPU0 CPU1 [ 54.376926][ T4998] ---- ---- [ 54.382271][ T4998] rlock(sb_pagefaults); [ 54.386615][ T4998] lock(&mm->mmap_lock); [ 54.393470][ T4998] lock(sb_pagefaults); [ 54.400244][ T4998] lock(&sbi->lock); [ 54.404285][ T4998] [ 54.404285][ T4998] *** DEADLOCK *** [ 54.404285][ T4998] [ 54.412538][ T4998] 2 locks held by syz-executor391/4998: [ 54.418092][ T4998] #0: ffff88802d568a68 (&mm->mmap_lock){++++}-{3:3}, at: exc_page_fault+0x1b9/0x910 [ 54.427597][ T4998] #1: ffff88807a6de558 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x1a4/0x600 [ 54.437268][ T4998] [ 54.437268][ T4998] stack backtrace: [ 54.443141][ T4998] CPU: 1 PID: 4998 Comm: syz-executor391 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0 [ 54.453758][ T4998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 54.463989][ T4998] Call Trace: [ 54.467386][ T4998] [ 54.470325][ T4998] dump_stack_lvl+0x1e7/0x2d0 [ 54.475722][ T4998] ? nf_tcp_handle_invalid+0x650/0x650 [ 54.482054][ T4998] ? print_circular_bug+0x12b/0x1a0 [ 54.487413][ T4998] check_noncircular+0x2fe/0x3b0 [ 54.492557][ T4998] ? stack_trace_save+0x1c0/0x1c0 [ 54.497958][ T4998] ? add_chain_block+0x850/0x850 [ 54.503170][ T4998] ? lockdep_lock+0x123/0x2b0 [ 54.508905][ T4998] ? arch_stack_walk+0xf7/0x140 [ 54.513768][ T4998] ? _find_first_zero_bit+0xd4/0x100 [ 54.519052][ T4998] validate_chain+0x166b/0x58f0 [ 54.524112][ T4998] ? lockdep_unlock+0x169/0x300 [ 54.529062][ T4998] ? reacquire_held_locks+0x660/0x660 [ 54.535122][ T4998] ? add_lock_to_list+0x1de/0x2e0 [ 54.540325][ T4998] ? validate_chain+0x13d5/0x58f0 [ 54.545359][ T4998] ? kernel_text_address+0xa3/0xe0 [ 54.550558][ T4998] ? mark_lock+0x9a/0x340 [ 54.554993][ T4998] __lock_acquire+0x1316/0x2070 [ 54.559926][ T4998] lock_acquire+0x1e3/0x520 [ 54.564436][ T4998] ? reiserfs_write_lock+0x7a/0xd0 [ 54.569540][ T4998] ? read_lock_is_recursive+0x20/0x20 [ 54.574899][ T4998] ? kernel_text_address+0xa3/0xe0 [ 54.580003][ T4998] ? __might_sleep+0xc0/0xc0 [ 54.584614][ T4998] ? __lock_acquire+0x1316/0x2070 [ 54.589636][ T4998] __mutex_lock_common+0x1d8/0x2530 [ 54.594821][ T4998] ? reiserfs_write_lock+0x7a/0xd0 [ 54.600031][ T4998] ? reiserfs_write_lock+0x7a/0xd0 [ 54.605216][ T4998] ? mark_lock+0x9a/0x340 [ 54.609534][ T4998] ? mutex_lock_io_nested+0x60/0x60 [ 54.614805][ T4998] ? print_irqtrace_events+0x220/0x220 [ 54.620258][ T4998] mutex_lock_nested+0x1b/0x20 [ 54.625009][ T4998] reiserfs_write_lock+0x7a/0xd0 [ 54.629936][ T4998] reiserfs_dirty_inode+0xf2/0x240 [ 54.635041][ T4998] ? reiserfs_free_inode+0x30/0x30 [ 54.640143][ T4998] ? inode_maybe_inc_iversion+0x1a3/0x1f0 [ 54.645850][ T4998] ? reiserfs_free_inode+0x30/0x30 [ 54.650950][ T4998] __mark_inode_dirty+0x305/0xd90 [ 54.655967][ T4998] __file_update_time+0x221/0x240 [ 54.661072][ T4998] file_update_time+0x350/0x3c0 [ 54.666012][ T4998] ? __file_remove_privs+0x640/0x640 [ 54.671284][ T4998] ? mapping_seek_hole_data+0x14e0/0x14e0 [ 54.676989][ T4998] filemap_page_mkwrite+0x27b/0x640 [ 54.682173][ T4998] ? do_page_mkwrite+0x1a4/0x600 [ 54.687399][ T4998] do_page_mkwrite+0x1a4/0x600 [ 54.692277][ T4998] handle_mm_fault+0x2140/0x5860 [ 54.697251][ T4998] ? numa_migrate_prep+0x380/0x380 [ 54.702570][ T4998] ? mtree_destroy+0x30/0x30 [ 54.707231][ T4998] ? exc_page_fault+0x12b/0x910 [ 54.712138][ T4998] exc_page_fault+0x7d2/0x910 [ 54.717264][ T4998] asm_exc_page_fault+0x26/0x30 [ 54.722393][ T4998] RIP: 0010:rep_movs_alternative+0x4a/0xb0 [ 54.728203][ T4998] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 0f 1f 00 4c 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 4c [ 54.748145][ T4998] RSP: 0018:ffffc90003a3f918 EFLAGS: 00050206 [ 54.754200][ T4998] RAX: ffffffff84316201 RBX: 0000000020001740 RCX: 0000000000001000 [ 54.762168][ T4998] RDX: 0000000000000000 RSI: ffff888072c6e000 RDI: 0000000020001740 [ 54.770215][ T4998] RBP: ffffc90003a3fa78 R08: dffffc0000000000 R09: ffffed100e58de00 [ 54.778183][ T4998] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000747fb3 [ 54.786153][ T4998] R13: ffff888072c6e000 R14: 0000000000001000 R15: ffffc90003a3fd98 [ 54.794126][ T4998] ? _copy_to_iter+0x1d1/0x1060 [ 54.799004][ T4998] _copy_to_iter+0x267/0x1060 [ 54.803679][ T4998] ? iov_iter_init+0x1e0/0x1e0 [ 54.808430][ T4998] ? __might_sleep+0xc0/0xc0 [ 54.813102][ T4998] ? page_copy_sane+0x46/0x270 [ 54.817855][ T4998] copy_page_to_iter+0xe7/0x1d0 [ 54.822722][ T4998] filemap_read+0x8e5/0x1170 [ 54.827319][ T4998] ? filemap_get_folios_tag+0x8b0/0x8b0 [ 54.832949][ T4998] ? generic_file_read_iter+0x94/0x540 [ 54.838411][ T4998] vfs_read+0x788/0xb00 [ 54.842684][ T4998] ? kernel_read+0x1f0/0x1f0 [ 54.847285][ T4998] ? lockdep_hardirqs_on+0x98/0x140 [ 54.852473][ T4998] ? __fdget_pos+0x265/0x2f0 [ 54.857050][ T4998] ksys_read+0x1a0/0x2c0 [ 54.861284][ T4998] ? vfs_write+0xb20/0xb20 [ 54.865691][ T4998] ? syscall_enter_from_user_mode+0x32/0x230 [ 54.871671][ T4998] ? syscall_enter_from_user_mode+0x8c/0x230 [ 54.877640][ T4998] do_syscall_64+0x41/0xc0 [ 54.882044][ T4998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.887925][ T4998] RIP: 0033:0x7f9a63e8fe29 [ 54.892331][ T4998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 54.912083][ T4998] RSP: 002b:00007fff6fab3538 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 54.920515][ T4998] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9a63e8fe29 [ 54.928501][ T4998] RDX: 0000000000002020 RSI: 0000000020001740 RDI: 0000000000000005 [ 54.936483][ T4998] RBP: 00007f9a63e4f430 R08: 0000000000000000 R09: 0000000000000000 read(5, 0x20001740, 8224) = 8224 exit_group(0) = ? +++ exited with 0 +++ [