./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor333738423 <...> DUID 00:04:e3:38:52:80:67:3f:e9:c9:a2:47:22:a3:59:23:7d:1e forked to background, child pid 3209 [ 30.670219][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.683694][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.253' (ECDSA) to the list of known hosts. execve("./syz-executor333738423", ["./syz-executor333738423"], 0x7ffdbf6b9d00 /* 10 vars */) = 0 brk(NULL) = 0x55555737d000 brk(0x55555737dc40) = 0x55555737dc40 arch_prctl(ARCH_SET_FS, 0x55555737d300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor333738423", 4096) = 27 brk(0x55555739ec40) = 0x55555739ec40 brk(0x55555739f000) = 0x55555739f000 mprotect(0x7fe7070de000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6fec00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 munmap(0x7fe6fec00000, 4194304) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 syzkaller login: [ 54.369794][ T3631] loop0: detected capacity change from 0 to 8192 [ 54.381036][ T3631] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.394293][ T3631] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 54.404272][ T3631] REISERFS (device loop0): using ordered data mode [ 54.412296][ T3631] reiserfs: using flush barriers [ 54.418547][ T3631] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.435078][ T3631] REISERFS (device loop0): checking transaction log (loop0) mount("/dev/loop0", "./file0", "reiserfs", 0, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 dup2(4, 5) = 5 [ 54.481091][ T3631] REISERFS (device loop0): Using r5 hash to sort names [ 54.488902][ T3631] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 54.517502][ T3631] [ 54.519880][ T3631] ====================================================== [ 54.527037][ T3631] WARNING: possible circular locking dependency detected [ 54.534075][ T3631] 6.1.0-rc6-syzkaller-00176-g08ad43d554ba #0 Not tainted [ 54.541094][ T3631] ------------------------------------------------------ [ 54.548095][ T3631] syz-executor333/3631 is trying to acquire lock: [ 54.554503][ T3631] ffff888026314460 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write_file+0x5a/0x1f0 [ 54.563731][ T3631] [ 54.563731][ T3631] but task is already holding lock: [ 54.571180][ T3631] ffff88801f5e2090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x77/0xd0 [ 54.580150][ T3631] [ 54.580150][ T3631] which lock already depends on the new lock. [ 54.580150][ T3631] [ 54.590541][ T3631] [ 54.590541][ T3631] the existing dependency chain (in reverse order) is: [ 54.599534][ T3631] [ 54.599534][ T3631] -> #2 (&sbi->lock){+.+.}-{3:3}: [ 54.606874][ T3631] lock_acquire+0x182/0x3c0 [ 54.611908][ T3631] __mutex_lock_common+0x1bd/0x26e0 [ 54.617641][ T3631] mutex_lock_nested+0x17/0x20 [ 54.622937][ T3631] reiserfs_write_lock+0x77/0xd0 [ 54.628412][ T3631] reiserfs_lookup+0x147/0x490 [ 54.633702][ T3631] __lookup_slow+0x266/0x3a0 [ 54.638808][ T3631] lookup_one_len+0x430/0x690 [ 54.643995][ T3631] reiserfs_lookup_privroot+0x85/0x1e0 [ 54.649982][ T3631] reiserfs_fill_super+0x2071/0x24a0 [ 54.655803][ T3631] mount_bdev+0x26c/0x3a0 [ 54.660665][ T3631] legacy_get_tree+0xea/0x180 [ 54.665874][ T3631] vfs_get_tree+0x88/0x270 [ 54.670812][ T3631] do_new_mount+0x289/0xad0 [ 54.675829][ T3631] __se_sys_mount+0x2d3/0x3c0 [ 54.681018][ T3631] do_syscall_64+0x3d/0xb0 [ 54.685988][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.692391][ T3631] [ 54.692391][ T3631] -> #1 (&type->i_mutex_dir_key#6){+.+.}-{3:3}: [ 54.700811][ T3631] lock_acquire+0x182/0x3c0 [ 54.706889][ T3631] down_write+0x9c/0x270 [ 54.711721][ T3631] path_openat+0x7b9/0x2df0 [ 54.716781][ T3631] do_filp_open+0x264/0x4f0 [ 54.721804][ T3631] do_sys_openat2+0x124/0x4e0 [ 54.727021][ T3631] __x64_sys_openat+0x243/0x290 [ 54.732426][ T3631] do_syscall_64+0x3d/0xb0 [ 54.737392][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.743905][ T3631] [ 54.743905][ T3631] -> #0 (sb_writers#9){.+.+}-{0:0}: [ 54.751395][ T3631] validate_chain+0x1898/0x6ae0 [ 54.756790][ T3631] __lock_acquire+0x1292/0x1f60 [ 54.762339][ T3631] lock_acquire+0x182/0x3c0 [ 54.767444][ T3631] sb_start_write+0x4d/0x1a0 [ 54.772577][ T3631] mnt_want_write_file+0x5a/0x1f0 [ 54.778236][ T3631] reiserfs_ioctl+0x16e/0x340 [ 54.783438][ T3631] __se_sys_ioctl+0xfb/0x170 [ 54.788548][ T3631] do_syscall_64+0x3d/0xb0 [ 54.793493][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.799912][ T3631] [ 54.799912][ T3631] other info that might help us debug this: [ 54.799912][ T3631] [ 54.810305][ T3631] Chain exists of: [ 54.810305][ T3631] sb_writers#9 --> &type->i_mutex_dir_key#6 --> &sbi->lock [ 54.810305][ T3631] [ 54.823479][ T3631] Possible unsafe locking scenario: [ 54.823479][ T3631] [ 54.830938][ T3631] CPU0 CPU1 [ 54.836307][ T3631] ---- ---- [ 54.841676][ T3631] lock(&sbi->lock); [ 54.845671][ T3631] lock(&type->i_mutex_dir_key#6); [ 54.853410][ T3631] lock(&sbi->lock); [ 54.859927][ T3631] lock(sb_writers#9); [ 54.864178][ T3631] [ 54.864178][ T3631] *** DEADLOCK *** [ 54.864178][ T3631] [ 54.872342][ T3631] 1 lock held by syz-executor333/3631: [ 54.877808][ T3631] #0: ffff88801f5e2090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x77/0xd0 [ 54.887211][ T3631] [ 54.887211][ T3631] stack backtrace: [ 54.893120][ T3631] CPU: 0 PID: 3631 Comm: syz-executor333 Not tainted 6.1.0-rc6-syzkaller-00176-g08ad43d554ba #0 [ 54.903550][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.913684][ T3631] Call Trace: [ 54.916981][ T3631] [ 54.919912][ T3631] dump_stack_lvl+0x1b1/0x28e [ 54.924591][ T3631] ? nf_tcp_handle_invalid+0x62e/0x62e [ 54.930045][ T3631] ? print_circular_bug+0x13e/0x1c0 [ 54.935938][ T3631] check_noncircular+0x2cc/0x390 [ 54.940868][ T3631] ? add_chain_block+0x850/0x850 [ 54.945828][ T3631] ? lockdep_lock+0x102/0x290 [ 54.950529][ T3631] ? reacquire_held_locks+0x650/0x650 [ 54.955911][ T3631] ? _find_first_zero_bit+0xe8/0x110 [ 54.961199][ T3631] validate_chain+0x1898/0x6ae0 [ 54.966054][ T3631] ? reacquire_held_locks+0x650/0x650 [ 54.971455][ T3631] ? reacquire_held_locks+0x650/0x650 [ 54.977639][ T3631] ? stack_trace_save+0x1e0/0x1e0 [ 54.982670][ T3631] ? rcu_read_lock_sched_held+0x87/0x110 [ 54.988317][ T3631] ? mark_lock+0x9a/0x350 [ 54.992657][ T3631] ? __lock_acquire+0x1292/0x1f60 [ 54.997694][ T3631] ? reacquire_held_locks+0x386/0x650 [ 55.003086][ T3631] ? reiserfs_write_lock_nested+0x5b/0xd0 [ 55.008843][ T3631] ? mark_lock+0x9a/0x350 [ 55.013219][ T3631] ? stack_trace_save+0x1e0/0x1e0 [ 55.018250][ T3631] ? rcu_read_lock_sched_held+0x87/0x110 [ 55.023912][ T3631] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 55.029898][ T3631] ? rcu_lock_release+0x5/0x20 [ 55.034686][ T3631] ? read_lock_is_recursive+0x10/0x10 [ 55.040067][ T3631] ? rcu_lock_release+0x5/0x20 [ 55.044837][ T3631] ? __lock_acquire+0x1f60/0x1f60 [ 55.049861][ T3631] ? deref_stack_reg+0x17a/0x210 [ 55.054796][ T3631] ? preempt_count_add+0x8d/0x180 [ 55.059815][ T3631] ? stack_trace_save+0x1e0/0x1e0 [ 55.064831][ T3631] ? is_bpf_text_address+0x253/0x270 [ 55.070104][ T3631] ? stack_trace_save+0x1e0/0x1e0 [ 55.075122][ T3631] ? stack_trace_save+0x1e0/0x1e0 [ 55.080135][ T3631] ? rcu_read_lock_sched_held+0x87/0x110 [ 55.085758][ T3631] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 55.091769][ T3631] ? rcu_lock_release+0x5/0x20 [ 55.096561][ T3631] ? read_lock_is_recursive+0x10/0x10 [ 55.101946][ T3631] ? rcu_lock_release+0x5/0x20 [ 55.106720][ T3631] ? __lock_acquire+0x1f60/0x1f60 [ 55.111745][ T3631] ? deref_stack_reg+0x17a/0x210 [ 55.116680][ T3631] ? stack_trace_save+0x1e0/0x1e0 [ 55.123371][ T3631] ? rcu_read_lock_sched_held+0x87/0x110 [ 55.129007][ T3631] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 55.135006][ T3631] ? rcu_lock_release+0x5/0x20 [ 55.139785][ T3631] ? read_lock_is_recursive+0x10/0x10 [ 55.145946][ T3631] ? rcu_lock_release+0x5/0x20 [ 55.150716][ T3631] ? __lock_acquire+0x1f60/0x1f60 [ 55.155764][ T3631] ? deref_stack_reg+0x17a/0x210 [ 55.160731][ T3631] ? preempt_count_add+0x8d/0x180 [ 55.165777][ T3631] ? stack_trace_save+0x1e0/0x1e0 [ 55.170843][ T3631] ? is_bpf_text_address+0x253/0x270 [ 55.176232][ T3631] ? stack_trace_save+0x1e0/0x1e0 [ 55.181288][ T3631] ? kernel_text_address+0x9e/0xd0 [ 55.186409][ T3631] ? __kernel_text_address+0x9/0x40 [ 55.191627][ T3631] ? unwind_get_return_address+0x48/0x80 [ 55.197266][ T3631] ? arch_stack_walk+0x98/0xe0 [ 55.202031][ T3631] ? stack_trace_save+0x104/0x1e0 [ 55.207067][ T3631] ? stack_trace_snprint+0xf0/0xf0 [ 55.212173][ T3631] ? __kmem_cache_free+0x71/0x110 [ 55.217278][ T3631] ? __stack_depot_save+0x36/0x4a0 [ 55.222409][ T3631] ? __kmem_cache_free+0x71/0x110 [ 55.227457][ T3631] ? kasan_set_track+0x52/0x60 [ 55.232250][ T3631] ? kasan_set_track+0x3d/0x60 [ 55.237457][ T3631] ? kasan_save_free_info+0x27/0x40 [ 55.242677][ T3631] ? ____kasan_slab_free+0xd6/0x120 [ 55.247894][ T3631] ? slab_free_freelist_hook+0x12e/0x1a0 [ 55.253564][ T3631] ? __kmem_cache_free+0x71/0x110 [ 55.258591][ T3631] ? tomoyo_path_number_perm+0x59e/0x760 [ 55.264225][ T3631] ? security_file_ioctl+0x55/0xb0 [ 55.269329][ T3631] ? __se_sys_ioctl+0x48/0x170 [ 55.274171][ T3631] ? do_syscall_64+0x3d/0xb0 [ 55.278750][ T3631] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.284810][ T3631] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 55.290784][ T3631] ? rcu_read_lock_sched_held+0x87/0x110 [ 55.296412][ T3631] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 55.302379][ T3631] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 55.308267][ T3631] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 55.314239][ T3631] ? mark_lock+0x9a/0x350 [ 55.318558][ T3631] ? __lock_acquire+0x1292/0x1f60 [ 55.323602][ T3631] ? mark_lock+0x9a/0x350 [ 55.327925][ T3631] __lock_acquire+0x1292/0x1f60 [ 55.332768][ T3631] lock_acquire+0x182/0x3c0 [ 55.337280][ T3631] ? mnt_want_write_file+0x5a/0x1f0 [ 55.342561][ T3631] ? read_lock_is_recursive+0x10/0x10 [ 55.347925][ T3631] ? __might_sleep+0xc0/0xc0 [ 55.352514][ T3631] ? mutex_lock_io_nested+0x60/0x60 [ 55.357711][ T3631] sb_start_write+0x4d/0x1a0 [ 55.362297][ T3631] ? mnt_want_write_file+0x5a/0x1f0 [ 55.367490][ T3631] mnt_want_write_file+0x5a/0x1f0 [ 55.373643][ T3631] reiserfs_ioctl+0x16e/0x340 [ 55.378312][ T3631] ? __se_sys_ioctl+0xf0/0x170 [ 55.383067][ T3631] ? reiserfs_unpack+0x390/0x390 [ 55.387997][ T3631] __se_sys_ioctl+0xfb/0x170 [ 55.392584][ T3631] do_syscall_64+0x3d/0xb0 [ 55.396990][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.402878][ T3631] RIP: 0033:0x7fe707070ad9 [ 55.407283][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 ioctl(5, FS_IOC_SETVERSION, 0) = -1 EFAULT (Bad address) exit_group(0) = ? +++ exited with 0 +++ [ 55.426951][ T3631] RSP: 002b:00007ffc4b3bbe28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010