./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3633098723 <...> Warning: Permanently added '10.128.0.8' (ED25519) to the list of known hosts. execve("./syz-executor3633098723", ["./syz-executor3633098723"], 0x7fff2233fa90 /* 10 vars */) = 0 brk(NULL) = 0x55555684f000 brk(0x55555684fd00) = 0x55555684fd00 arch_prctl(ARCH_SET_FS, 0x55555684f380) = 0 set_tid_address(0x55555684f650) = 5030 set_robust_list(0x55555684f660, 24) = 0 rseq(0x55555684fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3633098723", 4096) = 28 getrandom("\xa3\x5a\x56\x49\xf0\x97\x74\x28", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555684fd00 brk(0x555556870d00) = 0x555556870d00 brk(0x555556871000) = 0x555556871000 mprotect(0x7fc69a3f1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc691f40000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 munmap(0x7fc691f40000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 69.214151][ T5030] syz-executor363[5030]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 69.273215][ T5030] loop0: detected capacity change from 0 to 8192 [ 69.285354][ T5030] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 69.298754][ T5030] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 69.308332][ T5030] REISERFS (device loop0): using ordered data mode [ 69.314839][ T5030] reiserfs: using flush barriers mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 [ 69.321579][ T5030] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 69.338597][ T5030] REISERFS (device loop0): checking transaction log (loop0) [ 69.348025][ T5030] REISERFS (device loop0): Using tea hash to sort names [ 69.355908][ T5030] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 69.370021][ T5030] [ 69.372372][ T5030] ====================================================== [ 69.379402][ T5030] WARNING: possible circular locking dependency detected [ 69.386428][ T5030] 6.6.0-rc7-syzkaller-00151-g56567a20b22b #0 Not tainted [ 69.393481][ T5030] ------------------------------------------------------ [ 69.400508][ T5030] syz-executor363/5030 is trying to acquire lock: [ 69.406919][ T5030] ffffc900043210f0 (&journal->j_mutex){+.+.}-{3:3}, at: do_journal_begin_r+0x352/0x1020 [ 69.416681][ T5030] [ 69.416681][ T5030] but task is already holding lock: [ 69.424041][ T5030] ffff888028262410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write_file+0x61/0x200 [ 69.433258][ T5030] [ 69.433258][ T5030] which lock already depends on the new lock. [ 69.433258][ T5030] [ 69.443669][ T5030] [ 69.443669][ T5030] the existing dependency chain (in reverse order) is: [ 69.452668][ T5030] [ 69.452668][ T5030] -> #2 (sb_writers#9){.+.+}-{0:0}: [ 69.460060][ T5030] sb_start_write+0x4d/0x1c0 [ 69.465162][ T5030] mnt_want_write_file+0x61/0x200 [ 69.470715][ T5030] reiserfs_ioctl+0x178/0x2f0 [ 69.475922][ T5030] __se_sys_ioctl+0xf8/0x170 [ 69.481029][ T5030] do_syscall_64+0x41/0xc0 [ 69.485980][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.492387][ T5030] [ 69.492387][ T5030] -> #1 (&sbi->lock){+.+.}-{3:3}: [ 69.499589][ T5030] __mutex_lock+0x136/0xd60 [ 69.504606][ T5030] reiserfs_write_lock_nested+0x5f/0xd0 [ 69.510668][ T5030] do_journal_begin_r+0x35d/0x1020 [ 69.516291][ T5030] journal_begin+0x14c/0x360 [ 69.521412][ T5030] reiserfs_fill_super+0x1853/0x2620 [ 69.527217][ T5030] mount_bdev+0x237/0x300 [ 69.532058][ T5030] legacy_get_tree+0xef/0x190 [ 69.537253][ T5030] vfs_get_tree+0x8c/0x280 [ 69.542180][ T5030] do_new_mount+0x28f/0xae0 [ 69.547196][ T5030] __se_sys_mount+0x2d9/0x3c0 [ 69.552402][ T5030] do_syscall_64+0x41/0xc0 [ 69.557335][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.563740][ T5030] [ 69.563740][ T5030] -> #0 (&journal->j_mutex){+.+.}-{3:3}: [ 69.571549][ T5030] __lock_acquire+0x39ff/0x7f70 [ 69.576911][ T5030] lock_acquire+0x1e3/0x520 [ 69.581946][ T5030] __mutex_lock+0x136/0xd60 [ 69.586964][ T5030] do_journal_begin_r+0x352/0x1020 [ 69.592588][ T5030] journal_begin+0x14c/0x360 [ 69.597691][ T5030] reiserfs_dirty_inode+0x120/0x240 [ 69.603405][ T5030] __mark_inode_dirty+0x305/0xd90 [ 69.608937][ T5030] reiserfs_ioctl+0x24e/0x2f0 [ 69.614126][ T5030] __se_sys_ioctl+0xf8/0x170 [ 69.619230][ T5030] do_syscall_64+0x41/0xc0 [ 69.624160][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.630566][ T5030] [ 69.630566][ T5030] other info that might help us debug this: [ 69.630566][ T5030] [ 69.640778][ T5030] Chain exists of: [ 69.640778][ T5030] &journal->j_mutex --> &sbi->lock --> sb_writers#9 [ 69.640778][ T5030] [ 69.653315][ T5030] Possible unsafe locking scenario: [ 69.653315][ T5030] [ 69.660752][ T5030] CPU0 CPU1 [ 69.666104][ T5030] ---- ---- [ 69.671457][ T5030] rlock(sb_writers#9); [ 69.675696][ T5030] lock(&sbi->lock); [ 69.682189][ T5030] lock(sb_writers#9); [ 69.688858][ T5030] lock(&journal->j_mutex); [ 69.693439][ T5030] [ 69.693439][ T5030] *** DEADLOCK *** [ 69.693439][ T5030] [ 69.701568][ T5030] 1 lock held by syz-executor363/5030: [ 69.707008][ T5030] #0: ffff888028262410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write_file+0x61/0x200 [ 69.716697][ T5030] [ 69.716697][ T5030] stack backtrace: [ 69.722570][ T5030] CPU: 1 PID: 5030 Comm: syz-executor363 Not tainted 6.6.0-rc7-syzkaller-00151-g56567a20b22b #0 [ 69.732965][ T5030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 69.743010][ T5030] Call Trace: [ 69.746282][ T5030] [ 69.749205][ T5030] dump_stack_lvl+0x1e7/0x2d0 [ 69.753883][ T5030] ? nf_tcp_handle_invalid+0x650/0x650 [ 69.759345][ T5030] ? print_circular_bug+0x12b/0x1a0 [ 69.764542][ T5030] check_noncircular+0x375/0x4a0 [ 69.769480][ T5030] ? print_deadlock_bug+0x600/0x600 [ 69.774674][ T5030] ? lockdep_lock+0x123/0x2b0 [ 69.779346][ T5030] ? mark_lock+0x9a/0x340 [ 69.783666][ T5030] ? _find_first_zero_bit+0xd4/0x100 [ 69.788953][ T5030] __lock_acquire+0x39ff/0x7f70 [ 69.793800][ T5030] ? __kernel_text_address+0xd/0x40 [ 69.798998][ T5030] ? arch_stack_walk+0x162/0x1a0 [ 69.803929][ T5030] ? verify_lock_unused+0x140/0x140 [ 69.809122][ T5030] ? stack_trace_save+0x117/0x1c0 [ 69.814145][ T5030] ? reacquire_held_locks+0x3a9/0x660 [ 69.819513][ T5030] ? mnt_want_write_file+0x61/0x200 [ 69.824723][ T5030] ? print_deadlock_bug+0x600/0x600 [ 69.829918][ T5030] ? print_unlock_imbalance_bug+0x2c0/0x2c0 [ 69.835805][ T5030] lock_acquire+0x1e3/0x520 [ 69.840302][ T5030] ? do_journal_begin_r+0x352/0x1020 [ 69.845585][ T5030] ? read_lock_is_recursive+0x20/0x20 [ 69.850951][ T5030] ? reiserfs_write_unlock_nested+0xd5/0x120 [ 69.856928][ T5030] ? __might_sleep+0xc0/0xc0 [ 69.861518][ T5030] __mutex_lock+0x136/0xd60 [ 69.866020][ T5030] ? do_journal_begin_r+0x352/0x1020 [ 69.871301][ T5030] ? mutex_unlock+0x10/0x10 [ 69.875803][ T5030] ? do_journal_begin_r+0x352/0x1020 [ 69.881082][ T5030] ? mutex_lock_nested+0x20/0x20 [ 69.886021][ T5030] ? reiserfs_write_unlock_nested+0xd5/0x120 [ 69.891999][ T5030] do_journal_begin_r+0x352/0x1020 [ 69.897123][ T5030] ? journal_join_abort+0xe0/0xe0 [ 69.902150][ T5030] ? ktime_get_coarse_real_ts64+0x3a/0x120 [ 69.907954][ T5030] ? lockdep_hardirqs_on+0x98/0x140 [ 69.913155][ T5030] journal_begin+0x14c/0x360 [ 69.917737][ T5030] reiserfs_dirty_inode+0x120/0x240 [ 69.922933][ T5030] ? reiserfs_free_inode+0x30/0x30 [ 69.928046][ T5030] ? inode_set_ctime_current+0x1e0/0x2f0 [ 69.933679][ T5030] ? reiserfs_free_inode+0x30/0x30 [ 69.938785][ T5030] __mark_inode_dirty+0x305/0xd90 [ 69.943799][ T5030] ? __might_fault+0xc1/0x120 [ 69.948471][ T5030] reiserfs_ioctl+0x24e/0x2f0 [ 69.953137][ T5030] ? __se_sys_ioctl+0xed/0x170 [ 69.957896][ T5030] ? reiserfs_unpack+0x610/0x610 [ 69.962824][ T5030] __se_sys_ioctl+0xf8/0x170 [ 69.967412][ T5030] do_syscall_64+0x41/0xc0 [ 69.971818][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.977704][ T5030] RIP: 0033:0x7fc69a37d5c9 [ 69.982105][ T5030] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 70.001699][ T5030] RSP: 002b:00007fff7102e1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.010101][ T5030] RAX: ffffffffffffffda RBX: 00007fff7102e3c8 RCX: 00007fc69a37d5c9 [ 70.018064][ T5030] RDX: 0000000020000000 RSI: 0000000040087602 RDI: 0000000000000003 ioctl(3, FS_IOC_SETVERSION, 0x20000000) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 70.