./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1615765716

<...>
Warning: Permanently added '10.128.0.182' (ED25519) to the list of known hosts.
execve("./syz-executor1615765716", ["./syz-executor1615765716"], 0x7ffc6d1ba2d0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555737e000
brk(0x55555737ed00)                     = 0x55555737ed00
arch_prctl(ARCH_SET_FS, 0x55555737e380) = 0
set_tid_address(0x55555737e650)         = 5056
set_robust_list(0x55555737e660, 24)     = 0
rseq(0x55555737eca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1615765716", 4096) = 28
getrandom("\x54\xe3\x26\x5c\xab\x2f\x29\xcd", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55555737ed00
brk(0x55555739fd00)                     = 0x55555739fd00
brk(0x5555573a0000)                     = 0x5555573a0000
mprotect(0x7ff7432ce000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff73ae1d000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
munmap(0x7ff73ae1d000, 138412032)       = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
[   56.124146][ T5056] loop0: detected capacity change from 0 to 8192
[   56.145883][ T5056] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   56.158982][ T5056] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
[   56.168572][ T5056] REISERFS (device loop0): using ordered data mode
[   56.175112][ T5056] reiserfs: using flush barriers
[   56.181159][ T5056] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   56.197879][ T5056] REISERFS (device loop0): checking transaction log (loop0)
[   56.207050][ T5056] REISERFS (device loop0): Using tea hash to sort names
[   56.214867][ T5056] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
close(4)                                = 0
open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 4
[   56.230017][   T28] audit: type=1800 audit(1704023007.354:2): pid=5056 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor161" name="bus" dev="loop0" ino=4106498 res=0 errno=0
[   56.250832][ T5056] 
[   56.253171][ T5056] ======================================================
[   56.260184][ T5056] WARNING: possible circular locking dependency detected
[   56.267194][ T5056] 6.7.0-rc7-syzkaller-00049-g453f5db0619e #0 Not tainted
[   56.274216][ T5056] ------------------------------------------------------
[   56.281231][ T5056] syz-executor161/5056 is trying to acquire lock:
[   56.287635][ T5056] ffff888076328418 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write_file+0x61/0x200
[   56.296859][ T5056] 
[   56.296859][ T5056] but task is already holding lock:
[   56.304206][ T5056] ffff88807dbc7090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x7a/0xd0
[   56.313145][ T5056] 
[   56.313145][ T5056] which lock already depends on the new lock.
[   56.313145][ T5056] 
[   56.323528][ T5056] 
[   56.323528][ T5056] the existing dependency chain (in reverse order) is:
[   56.332518][ T5056] 
[   56.332518][ T5056] -> #2 (&sbi->lock){+.+.}-{3:3}:
[   56.339701][ T5056]        lock_acquire+0x1e3/0x530
[   56.344714][ T5056]        __mutex_lock+0x136/0xd60
[   56.349730][ T5056]        reiserfs_write_lock+0x7a/0xd0
[   56.355173][ T5056]        reiserfs_lookup+0x162/0x580
[   56.360516][ T5056]        __lookup_slow+0x282/0x3e0
[   56.365608][ T5056]        lookup_one_len+0x188/0x2c0
[   56.370783][ T5056]        reiserfs_lookup_privroot+0x89/0x180
[   56.376751][ T5056]        reiserfs_fill_super+0x21c1/0x2620
[   56.382541][ T5056]        mount_bdev+0x237/0x300
[   56.387368][ T5056]        legacy_get_tree+0xef/0x190
[   56.392544][ T5056]        vfs_get_tree+0x8c/0x2a0
[   56.397456][ T5056]        do_new_mount+0x28f/0xae0
[   56.402457][ T5056]        __se_sys_mount+0x2d9/0x3c0
[   56.407631][ T5056]        do_syscall_64+0x45/0x110
[   56.412633][ T5056]        entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   56.419027][ T5056] 
[   56.419027][ T5056] -> #1 (&type->i_mutex_dir_key#6){+.+.}-{3:3}:
[   56.427431][ T5056]        lock_acquire+0x1e3/0x530
[   56.432434][ T5056]        down_write+0x3a/0x50
[   56.437094][ T5056]        path_openat+0x7bc/0x3290
[   56.442103][ T5056]        do_filp_open+0x234/0x490
[   56.447102][ T5056]        do_sys_openat2+0x13e/0x1d0
[   56.452279][ T5056]        __x64_sys_open+0x225/0x270
[   56.457453][ T5056]        do_syscall_64+0x45/0x110
[   56.462456][ T5056]        entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   56.468858][ T5056] 
[   56.468858][ T5056] -> #0 (sb_writers#9){.+.+}-{0:0}:
[   56.476227][ T5056]        validate_chain+0x1909/0x5ab0
[   56.481580][ T5056]        __lock_acquire+0x1345/0x1fd0
[   56.486930][ T5056]        lock_acquire+0x1e3/0x530
[   56.491938][ T5056]        sb_start_write+0x4d/0x1c0
[   56.497057][ T5056]        mnt_want_write_file+0x61/0x200
[   56.502584][ T5056]        reiserfs_ioctl+0x178/0x2f0
[   56.507758][ T5056]        __se_sys_ioctl+0xf8/0x170
[   56.512847][ T5056]        do_syscall_64+0x45/0x110
[   56.517849][ T5056]        entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   56.524240][ T5056] 
[   56.524240][ T5056] other info that might help us debug this:
[   56.524240][ T5056] 
[   56.534443][ T5056] Chain exists of:
[   56.534443][ T5056]   sb_writers#9 --> &type->i_mutex_dir_key#6 --> &sbi->lock
[   56.534443][ T5056] 
[   56.547545][ T5056]  Possible unsafe locking scenario:
[   56.547545][ T5056] 
[   56.554968][ T5056]        CPU0                    CPU1
[   56.560316][ T5056]        ----                    ----
[   56.565661][ T5056]   lock(&sbi->lock);
[   56.569622][ T5056]                                lock(&type->i_mutex_dir_key#6);
[   56.577318][ T5056]                                lock(&sbi->lock);
[   56.583798][ T5056]   rlock(sb_writers#9);
[   56.588021][ T5056] 
[   56.588021][ T5056]  *** DEADLOCK ***
[   56.588021][ T5056] 
[   56.596137][ T5056] 1 lock held by syz-executor161/5056:
[   56.601568][ T5056]  #0: ffff88807dbc7090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x7a/0xd0
[   56.610936][ T5056] 
[   56.610936][ T5056] stack backtrace:
[   56.616798][ T5056] CPU: 1 PID: 5056 Comm: syz-executor161 Not tainted 6.7.0-rc7-syzkaller-00049-g453f5db0619e #0
[   56.627183][ T5056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   56.637214][ T5056] Call Trace:
[   56.640473][ T5056]  <TASK>
[   56.643392][ T5056]  dump_stack_lvl+0x1e7/0x2d0
[   56.648051][ T5056]  ? nf_tcp_handle_invalid+0x650/0x650
[   56.653492][ T5056]  ? print_circular_bug+0x12b/0x1a0
[   56.658672][ T5056]  check_noncircular+0x366/0x490
[   56.663587][ T5056]  ? print_deadlock_bug+0x610/0x610
[   56.668763][ T5056]  ? lockdep_lock+0x123/0x2b0
[   56.673421][ T5056]  ? _find_first_zero_bit+0xd4/0x100
[   56.678690][ T5056]  validate_chain+0x1909/0x5ab0
[   56.683524][ T5056]  ? reacquire_held_locks+0x690/0x690
[   56.688877][ T5056]  ? mark_lock+0x9a/0x350
[   56.693184][ T5056]  ? mark_lock+0x9a/0x350
[   56.697492][ T5056]  ? __lock_acquire+0x1345/0x1fd0
[   56.702500][ T5056]  ? mark_lock+0x9a/0x350
[   56.706807][ T5056]  __lock_acquire+0x1345/0x1fd0
[   56.711636][ T5056]  lock_acquire+0x1e3/0x530
[   56.716121][ T5056]  ? mnt_want_write_file+0x61/0x200
[   56.721299][ T5056]  ? read_lock_is_recursive+0x20/0x20
[   56.726647][ T5056]  ? __might_sleep+0xe0/0xe0
[   56.731220][ T5056]  ? mutex_lock_nested+0x20/0x20
[   56.736141][ T5056]  sb_start_write+0x4d/0x1c0
[   56.740710][ T5056]  ? mnt_want_write_file+0x61/0x200
[   56.745899][ T5056]  mnt_want_write_file+0x61/0x200
[   56.750914][ T5056]  reiserfs_ioctl+0x178/0x2f0
[   56.755575][ T5056]  ? __se_sys_ioctl+0xed/0x170
[   56.760317][ T5056]  ? reiserfs_unpack+0x610/0x610
[   56.765235][ T5056]  __se_sys_ioctl+0xf8/0x170
[   56.769804][ T5056]  do_syscall_64+0x45/0x110
[   56.774289][ T5056]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   56.780163][ T5056] RIP: 0033:0x7ff74325a639
[   56.784554][ T5056] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   56.804142][ T5056] RSP: 002b:00007ffe9d108718 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   56.812545][ T5056] RAX: ffffffffffffffda RBX: 00007ffe9d1088e8 RCX: 00007ff74325a639
[   56.820495][ T5056] RDX: 0000000000000000 RSI: 0000000040087602 RDI: 0000000000000004
ioctl(4, FS_IOC_SETVERSION, 0)          = -1 EFAULT (Bad address)
exit_group(0)                           = ?
+++ exited with 0 +++
[   56.828445][ T5056] RBP: 00007ff7432ce610 R08: 0