./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3788013287 <...> Warning: Permanently added '10.128.1.31' (ED25519) to the list of known hosts. execve("./syz-executor3788013287", ["./syz-executor3788013287"], 0x7ffee4febb50 /* 10 vars */) = 0 brk(NULL) = 0x5555569fd000 brk(0x5555569fdd00) = 0x5555569fdd00 arch_prctl(ARCH_SET_FS, 0x5555569fd380) = 0 set_tid_address(0x5555569fd650) = 5057 set_robust_list(0x5555569fd660, 24) = 0 rseq(0x5555569fdca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3788013287", 4096) = 28 getrandom("\x4e\xc9\x9e\xc7\xbe\x67\x30\xd1", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555569fdd00 brk(0x555556a1ed00) = 0x555556a1ed00 brk(0x555556a1f000) = 0x555556a1f000 mprotect(0x7f815d142000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8154c90000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 munmap(0x7f8154c90000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 57.943307][ T5057] loop0: detected capacity change from 0 to 8192 [ 57.965110][ T5057] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 57.978295][ T5057] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal mount("/dev/loop0", "./file0", "reiserfs", MS_RDONLY|MS_NOSUID|MS_DIRSYNC|MS_REC|MS_SILENT|MS_RELATIME|MS_STRICTATIME, "") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 mkdir(".", 0777) = -1 EEXIST (File exists) [ 57.987588][ T5057] REISERFS (device loop0): using ordered data mode [ 57.994429][ T5057] reiserfs: using flush barriers [ 58.000729][ T5057] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 58.017507][ T5057] REISERFS (device loop0): checking transaction log (loop0) [ 58.027216][ T5057] REISERFS (device loop0): Using r5 hash to sort names mount(NULL, ".", 0x200000c0, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0 openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 chdir(".") = 0 open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 5 open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 7 [ 58.060096][ T5057] reiserfs: enabling write barrier flush mode [ 58.072662][ T5057] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. ioctl(7, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 8 mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 8, 0) = 0x20000000 ftruncate(6, 33587195) = 0 [ 58.174857][ T5057] [ 58.177196][ T5057] ====================================================== [ 58.184192][ T5057] WARNING: possible circular locking dependency detected [ 58.191185][ T5057] 6.7.0-rc1-syzkaller #0 Not tainted [ 58.196445][ T5057] ------------------------------------------------------ [ 58.203437][ T5057] syz-executor378/5057 is trying to acquire lock: [ 58.209824][ T5057] ffff88807afc7090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x7a/0xd0 [ 58.219280][ T5057] [ 58.219280][ T5057] but task is already holding lock: [ 58.226650][ T5057] ffff88801ece2510 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x197/0x470 [ 58.235690][ T5057] [ 58.235690][ T5057] which lock already depends on the new lock. [ 58.235690][ T5057] [ 58.246076][ T5057] [ 58.246076][ T5057] the existing dependency chain (in reverse order) is: [ 58.255071][ T5057] [ 58.255071][ T5057] -> #2 (sb_pagefaults){.+.+}-{0:0}: [ 58.262531][ T5057] filemap_page_mkwrite+0x16f/0x640 [ 58.268239][ T5057] do_page_mkwrite+0x197/0x470 [ 58.273509][ T5057] handle_mm_fault+0x22d4/0x6650 [ 58.278953][ T5057] exc_page_fault+0x2ac/0x860 [ 58.284151][ T5057] asm_exc_page_fault+0x26/0x30 [ 58.289509][ T5057] rep_movs_alternative+0x4a/0x70 [ 58.295043][ T5057] _copy_to_iter+0x257/0x1ce0 [ 58.300225][ T5057] copy_page_to_iter+0xb1/0x160 [ 58.305586][ T5057] filemap_read+0x876/0x10b0 [ 58.310683][ T5057] vfs_read+0x78b/0xb00 [ 58.315341][ T5057] ksys_read+0x1a0/0x2c0 [ 58.320086][ T5057] do_syscall_64+0x44/0x110 [ 58.325100][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 58.331499][ T5057] [ 58.331499][ T5057] -> #1 (&mm->mmap_lock){++++}-{3:3}: [ 58.339048][ T5057] __might_fault+0xc1/0x120 [ 58.344058][ T5057] reiserfs_ioctl+0x125/0x2f0 [ 58.349239][ T5057] __se_sys_ioctl+0xf8/0x170 [ 58.354333][ T5057] do_syscall_64+0x44/0x110 [ 58.359340][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 58.365741][ T5057] [ 58.365741][ T5057] -> #0 (&sbi->lock){+.+.}-{3:3}: [ 58.372940][ T5057] __lock_acquire+0x39ff/0x7f70 [ 58.378299][ T5057] lock_acquire+0x1e3/0x520 [ 58.383308][ T5057] __mutex_lock+0x136/0xd60 [ 58.388320][ T5057] reiserfs_write_lock+0x7a/0xd0 [ 58.393764][ T5057] reiserfs_dirty_inode+0xf2/0x240 [ 58.399385][ T5057] __mark_inode_dirty+0x305/0xd90 [ 58.404916][ T5057] file_update_time+0x191/0x1b0 [ 58.410270][ T5057] filemap_page_mkwrite+0x27b/0x640 [ 58.415985][ T5057] do_page_mkwrite+0x197/0x470 [ 58.421255][ T5057] handle_mm_fault+0x22d4/0x6650 [ 58.426695][ T5057] exc_page_fault+0x2ac/0x860 [ 58.431883][ T5057] asm_exc_page_fault+0x26/0x30 [ 58.437250][ T5057] rep_movs_alternative+0x4a/0x70 [ 58.442783][ T5057] _copy_to_iter+0x257/0x1ce0 [ 58.447964][ T5057] copy_page_to_iter+0xb1/0x160 [ 58.453317][ T5057] filemap_read+0x876/0x10b0 [ 58.458412][ T5057] vfs_read+0x78b/0xb00 [ 58.463073][ T5057] ksys_read+0x1a0/0x2c0 [ 58.467820][ T5057] do_syscall_64+0x44/0x110 [ 58.472831][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 58.479232][ T5057] [ 58.479232][ T5057] other info that might help us debug this: [ 58.479232][ T5057] [ 58.489448][ T5057] Chain exists of: [ 58.489448][ T5057] &sbi->lock --> &mm->mmap_lock --> sb_pagefaults [ 58.489448][ T5057] [ 58.501778][ T5057] Possible unsafe locking scenario: [ 58.501778][ T5057] [ 58.509216][ T5057] CPU0 CPU1 [ 58.514564][ T5057] ---- ---- [ 58.519910][ T5057] rlock(sb_pagefaults); [ 58.524224][ T5057] lock(&mm->mmap_lock); [ 58.531054][ T5057] lock(sb_pagefaults); [ 58.537802][ T5057] lock(&sbi->lock); [ 58.541772][ T5057] [ 58.541772][ T5057] *** DEADLOCK *** [ 58.541772][ T5057] [ 58.549918][ T5057] 2 locks held by syz-executor378/5057: [ 58.555440][ T5057] #0: ffff888078901e20 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x32/0x2d0 [ 58.565344][ T5057] #1: ffff88801ece2510 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x197/0x470 [ 58.574809][ T5057] [ 58.574809][ T5057] stack backtrace: [ 58.580678][ T5057] CPU: 1 PID: 5057 Comm: syz-executor378 Not tainted 6.7.0-rc1-syzkaller #0 [ 58.589330][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 58.599367][ T5057] Call Trace: [ 58.602633][ T5057] [ 58.605549][ T5057] dump_stack_lvl+0x1e7/0x2d0 [ 58.610221][ T5057] ? nf_tcp_handle_invalid+0x650/0x650 [ 58.615678][ T5057] ? print_circular_bug+0x12b/0x1a0 [ 58.620865][ T5057] check_noncircular+0x375/0x4a0 [ 58.625792][ T5057] ? __kernel_text_address+0xd/0x40 [ 58.630979][ T5057] ? unwind_get_return_address+0x91/0xc0 [ 58.636603][ T5057] ? print_deadlock_bug+0x600/0x600 [ 58.641792][ T5057] ? lockdep_lock+0x123/0x2b0 [ 58.646456][ T5057] ? mark_lock+0x9a/0x340 [ 58.650774][ T5057] ? _find_first_zero_bit+0xd4/0x100 [ 58.656046][ T5057] __lock_acquire+0x39ff/0x7f70 [ 58.660891][ T5057] ? verify_lock_unused+0x140/0x140 [ 58.666078][ T5057] ? verify_lock_unused+0x140/0x140 [ 58.671274][ T5057] ? verify_lock_unused+0x140/0x140 [ 58.676459][ T5057] ? lockdep_unlock+0x169/0x300 [ 58.681298][ T5057] ? lockdep_lock+0x2b0/0x2b0 [ 58.685967][ T5057] lock_acquire+0x1e3/0x520 [ 58.690457][ T5057] ? reiserfs_write_lock+0x7a/0xd0 [ 58.695557][ T5057] ? read_lock_is_recursive+0x20/0x20 [ 58.700916][ T5057] ? __might_sleep+0xc0/0xc0 [ 58.705497][ T5057] ? mark_lock+0x9a/0x340 [ 58.709817][ T5057] __mutex_lock+0x136/0xd60 [ 58.714309][ T5057] ? reiserfs_write_lock+0x7a/0xd0 [ 58.719409][ T5057] ? ktime_get_coarse_real_ts64+0x3a/0x120 [ 58.725209][ T5057] ? seqcount_lockdep_reader_access+0x157/0x220 [ 58.731435][ T5057] ? reiserfs_write_lock+0x7a/0xd0 [ 58.736531][ T5057] ? lockdep_hardirqs_on+0x98/0x140 [ 58.741717][ T5057] ? mutex_lock_nested+0x20/0x20 [ 58.746645][ T5057] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 58.752874][ T5057] ? inode_maybe_inc_iversion+0x1a3/0x1f0 [ 58.758583][ T5057] ? generic_set_encrypted_ci_d_ops+0x100/0x100 [ 58.764811][ T5057] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 58.771039][ T5057] reiserfs_write_lock+0x7a/0xd0 [ 58.775964][ T5057] reiserfs_dirty_inode+0xf2/0x240 [ 58.781063][ T5057] ? reiserfs_free_inode+0x30/0x30 [ 58.786166][ T5057] ? bmap+0xe0/0xe0 [ 58.789958][ T5057] ? reiserfs_free_inode+0x30/0x30 [ 58.795057][ T5057] __mark_inode_dirty+0x305/0xd90 [ 58.800078][ T5057] file_update_time+0x191/0x1b0 [ 58.804916][ T5057] filemap_page_mkwrite+0x27b/0x640 [ 58.810101][ T5057] ? do_page_mkwrite+0x197/0x470 [ 58.815055][ T5057] do_page_mkwrite+0x197/0x470 [ 58.819807][ T5057] handle_mm_fault+0x22d4/0x6650 [ 58.824733][ T5057] ? handle_mm_fault+0x11d/0x6650 [ 58.829752][ T5057] ? numa_migrate_prep+0x260/0x260 [ 58.834851][ T5057] ? mt_find+0x623/0x7c0 [ 58.839078][ T5057] ? mt_find+0x271/0x7c0 [ 58.843304][ T5057] ? __lock_acquire+0x7f70/0x7f70 [ 58.848314][ T5057] ? mtree_destroy+0x30/0x30 [ 58.852899][ T5057] ? lock_mm_and_find_vma+0x9c/0x2d0 [ 58.858188][ T5057] exc_page_fault+0x2ac/0x860 [ 58.862877][ T5057] asm_exc_page_fault+0x26/0x30 [ 58.867756][ T5057] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 58.873559][ T5057] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 85 c9 75 b3 [ 58.893156][ T5057] RSP: 0018:ffffc90003cdf8f8 EFLAGS: 00050206 [ 58.899220][ T5057] RAX: ffffffff84825701 RBX: 0000000020001740 RCX: 0000000000001000 [ 58.907178][ T5057] RDX: 0000000000000000 RSI: ffff888012a8c000 RDI: 0000000020001740 [ 58.915144][ T5057] RBP: ffffc90003cdfa78 R08: ffff888012a8cfff R09: 1ffff110025519ff [ 58.923103][ T5057] R10: dffffc0000000000 R11: ffffed1002551a00 R12: 0000000000001000 [ 58.931060][ T5057] R13: ffff888012a8c000 R14: ffffc90003cdfd98 R15: 1ffff9200079bfb3 [ 58.939020][ T5057] ? _copy_to_iter+0x1a1/0x1ce0 [ 58.943863][ T5057] _copy_to_iter+0x257/0x1ce0 [ 58.948529][ T5057] ? filemap_read+0x10b0/0x10b0 [ 58.953370][ T5057] ? iov_iter_init+0x1b0/0x1b0 [ 58.958118][ T5057] ? __might_sleep+0xc0/0xc0 [ 58.962696][ T5057] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 58.968663][ T5057] ? page_copy_sane+0x46/0x260 [ 58.973430][ T5057] copy_page_to_iter+0xb1/0x160 [ 58.978266][ T5057] filemap_read+0x876/0x10b0 [ 58.982850][ T5057] ? filemap_get_folios_contig+0xb70/0xb70 [ 58.988654][ T5057] ? generic_file_read_iter+0x98/0x550 [ 58.994120][ T5057] vfs_read+0x78b/0xb00 [ 58.998266][ T5057] ? kernel_read+0x1f0/0x1f0 [ 59.002846][ T5057] ? lockdep_hardirqs_on+0x98/0x140 [ 59.008045][ T5057] ? __fdget_pos+0x2c7/0x340 [ 59.012622][ T5057] ksys_read+0x1a0/0x2c0 [ 59.016851][ T5057] ? vfs_write+0xb20/0xb20 [ 59.021249][ T5057] ? syscall_enter_from_user_mode+0x32/0x230 [ 59.027222][ T5057] ? syscall_enter_from_user_mode+0x8c/0x230 [ 59.033210][ T5057] do_syscall_64+0x44/0x110 [ 59.037725][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 59.043617][ T5057] RIP: 0033:0x7f815d0cdc79 [ 59.048026][ T5057] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.067635][ T5057] RSP: 002b:00007ffeef630378 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 read(5, 0x20001740, 8224) = 8224 exit_group(0) = ? +++ exited with 0 +++ [ 59.076047][ T5057] RAX: ffff