./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor721298148 <...> Warning: Permanently added '10.128.0.193' (ECDSA) to the list of known hosts. execve("./syz-executor721298148", ["./syz-executor721298148"], 0x7ffd0c23f3d0 /* 10 vars */) = 0 brk(NULL) = 0x555555edc000 brk(0x555555edcc40) = 0x555555edcc40 arch_prctl(ARCH_SET_FS, 0x555555edc300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor721298148", 4096) = 27 brk(0x555555efdc40) = 0x555555efdc40 brk(0x555555efe000) = 0x555555efe000 mprotect(0x7f28aa578000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5003 attached , child_tidptr=0x555555edc5d0) = 5003 [pid 5003] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5003] setsid() = 1 [pid 5003] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5003] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5003] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5003] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5003] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5003] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5003] unshare(CLONE_NEWNS) = 0 [pid 5003] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5003] unshare(CLONE_NEWIPC) = 0 [pid 5003] unshare(CLONE_NEWCGROUP) = 0 [pid 5003] unshare(CLONE_NEWUTS) = 0 [pid 5003] unshare(CLONE_SYSVSEM) = 0 [pid 5003] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5003] write(3, "16777216", 8) = 8 [pid 5003] close(3) = 0 [pid 5003] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5003] write(3, "536870912", 9) = 9 [pid 5003] close(3) = 0 [pid 5003] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5003] write(3, "1024", 4) = 4 [pid 5003] close(3) = 0 [pid 5003] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5003] write(3, "8192", 4) = 4 [pid 5003] close(3) = 0 [pid 5003] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5003] write(3, "1024", 4) = 4 [pid 5003] close(3) = 0 [pid 5003] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5003] write(3, "1024", 4) = 4 [pid 5003] close(3) = 0 [pid 5003] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5003] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5003] close(3) = 0 [pid 5003] getpid() = 1 [pid 5003] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<i_mutex_dir_key#6/2){+.+.}-{3:3}, at: delete_one_xattr+0x141/0x2d0 [ 57.851527][ T5003] [ 57.851527][ T5003] but task is already holding lock: [ 57.858880][ T5003] ffff8880741e3140 (&type->i_mutex_dir_key#6/3){+.+.}-{3:3}, at: reiserfs_for_each_xattr+0x6fd/0x9a0 [ 57.869768][ T5003] [ 57.869768][ T5003] which lock already depends on the new lock. [ 57.869768][ T5003] [ 57.880157][ T5003] [ 57.880157][ T5003] the existing dependency chain (in reverse order) is: [ 57.889157][ T5003] [ 57.889157][ T5003] -> #2 (&type->i_mutex_dir_key#6/3){+.+.}-{3:3}: [ 57.897773][ T5003] down_write_nested+0x96/0x200 [ 57.903153][ T5003] open_xa_dir+0x127/0x840 [ 57.908114][ T5003] xattr_lookup+0x21/0x3d0 [ 57.913059][ T5003] reiserfs_xattr_set_handle+0xfb/0xb00 [ 57.919135][ T5003] reiserfs_xattr_set+0x454/0x5b0 [ 57.924693][ T5003] trusted_set+0xa7/0xd0 [ 57.929470][ T5003] __vfs_setxattr+0x173/0x1e0 [ 57.934662][ T5003] __vfs_setxattr_noperm+0x129/0x5f0 [ 57.940465][ T5003] __vfs_setxattr_locked+0x1d3/0x260 [ 57.946267][ T5003] vfs_setxattr+0x143/0x340 [ 57.951288][ T5003] ovl_fill_super+0x2276/0x7270 [ 57.956664][ T5003] mount_nodev+0x64/0x120 [ 57.961517][ T5003] legacy_get_tree+0x109/0x220 [ 57.966806][ T5003] vfs_get_tree+0x8d/0x350 [ 57.971746][ T5003] path_mount+0x134b/0x1e40 [ 57.976775][ T5003] __x64_sys_mount+0x283/0x300 [ 57.982066][ T5003] do_syscall_64+0x39/0xb0 [ 57.987022][ T5003] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.993445][ T5003] [ 57.993445][ T5003] -> #1 (&type->i_mutex_dir_key#6){++++}-{3:3}: [ 58.001875][ T5003] down_write+0x92/0x200 [ 58.006638][ T5003] vfs_rename+0x4f9/0x17a0 [ 58.011576][ T5003] do_renameat2+0xc04/0xd40 [ 58.016606][ T5003] __x64_sys_rename+0x81/0xa0 [ 58.021808][ T5003] do_syscall_64+0x39/0xb0 [ 58.026751][ T5003] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.033169][ T5003] [ 58.033169][ T5003] -> #0 (&type->i_mutex_dir_key#6/2){+.+.}-{3:3}: [ 58.041775][ T5003] __lock_acquire+0x2fcd/0x5f30 [ 58.047155][ T5003] lock_acquire.part.0+0x11c/0x370 [ 58.052789][ T5003] down_write_nested+0x96/0x200 [ 58.058161][ T5003] delete_one_xattr+0x141/0x2d0 [ 58.063538][ T5003] reiserfs_for_each_xattr+0x70e/0x9a0 [ 58.069524][ T5003] reiserfs_delete_xattrs+0x20/0xa0 [ 58.075246][ T5003] reiserfs_evict_inode+0x2e7/0x540 [ 58.080965][ T5003] evict+0x2ed/0x6b0 [ 58.085386][ T5003] iput+0x4a7/0x7a0 [ 58.089803][ T5003] dentry_unlink_inode+0x2b1/0x460 [ 58.095435][ T5003] __dentry_kill+0x3c0/0x640 [ 58.100543][ T5003] dput+0x6ac/0xe10 [ 58.104870][ T5003] cleanup_mnt+0x286/0x3d0 [ 58.109812][ T5003] task_work_run+0x16f/0x270 [ 58.114920][ T5003] do_exit+0xb0d/0x29f0 [ 58.119592][ T5003] do_group_exit+0xd4/0x2a0 [ 58.124615][ T5003] __x64_sys_exit_group+0x3e/0x50 [ 58.130162][ T5003] do_syscall_64+0x39/0xb0 [ 58.135107][ T5003] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.141528][ T5003] [ 58.141528][ T5003] other info that might help us debug this: [ 58.141528][ T5003] [ 58.151739][ T5003] Chain exists of: [ 58.151739][ T5003] &type->i_mutex_dir_key#6/2 --> &type->i_mutex_dir_key#6 --> &type->i_mutex_dir_key#6/3 [ 58.151739][ T5003] [ 58.167489][ T5003] Possible unsafe locking scenario: [ 58.167489][ T5003] [ 58.174925][ T5003] CPU0 CPU1 [ 58.180275][ T5003] ---- ---- [ 58.185625][ T5003] lock(&type->i_mutex_dir_key#6/3); [ 58.190999][ T5003] lock(&type->i_mutex_dir_key#6); [ 58.198714][ T5003] lock(&type->i_mutex_dir_key#6/3); [ 58.206610][ T5003] lock(&type->i_mutex_dir_key#6/2); [ 58.212021][ T5003] [ 58.212021][ T5003] *** DEADLOCK *** [ 58.212021][ T5003] [ 58.220158][ T5003] 1 lock held by syz-executor721/5003: [ 58.225610][ T5003] #0: ffff8880741e3140 (&type->i_mutex_dir_key#6/3){+.+.}-{3:3}, at: reiserfs_for_each_xattr+0x6fd/0x9a0 [ 58.236961][ T5003] [ 58.236961][ T5003] stack backtrace: [ 58.242837][ T5003] CPU: 1 PID: 5003 Comm: syz-executor721 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 58.252807][ T5003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 58.262855][ T5003] Call Trace: [ 58.266126][ T5003] [ 58.269049][ T5003] dump_stack_lvl+0xd9/0x150 [ 58.273655][ T5003] check_noncircular+0x25f/0x2e0 [ 58.278597][ T5003] ? register_lock_class+0xbe/0x1120 [ 58.283888][ T5003] ? print_circular_bug+0x730/0x730 [ 58.289099][ T5003] ? reacquire_held_locks+0x216/0x4e0 [ 58.294481][ T5003] ? is_dynamic_key.part.0+0x1f0/0x1f0 [ 58.299953][ T5003] __lock_acquire+0x2fcd/0x5f30 [ 58.304814][ T5003] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 58.310799][ T5003] ? wait_for_completion_io_timeout+0x20/0x20 [ 58.316869][ T5003] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 58.322858][ T5003] ? rcu_is_watching+0x12/0xb0 [ 58.327621][ T5003] ? find_held_lock+0x2d/0x110 [ 58.332392][ T5003] lock_acquire.part.0+0x11c/0x370 [ 58.337512][ T5003] ? delete_one_xattr+0x141/0x2d0 [ 58.342540][ T5003] ? lock_sync+0x190/0x190 [ 58.346963][ T5003] ? rcu_is_watching+0x12/0xb0 [ 58.351722][ T5003] ? trace_lock_acquire+0x12d/0x180 [ 58.356922][ T5003] ? delete_one_xattr+0x141/0x2d0 [ 58.361951][ T5003] ? lock_acquire+0x32/0xc0 [ 58.366458][ T5003] ? delete_one_xattr+0x141/0x2d0 [ 58.371483][ T5003] down_write_nested+0x96/0x200 [ 58.376337][ T5003] ? delete_one_xattr+0x141/0x2d0 [ 58.381364][ T5003] ? down_read_killable_nested+0x4f0/0x4f0 [ 58.387176][ T5003] ? down_write_nested+0x153/0x200 [ 58.392290][ T5003] ? down_read_killable_nested+0x4f0/0x4f0 [ 58.398098][ T5003] delete_one_xattr+0x141/0x2d0 [ 58.402952][ T5003] reiserfs_for_each_xattr+0x70e/0x9a0 [ 58.408412][ T5003] ? xattr_unlink+0x190/0x190 [ 58.413101][ T5003] ? open_xa_dir+0x840/0x840 [ 58.417699][ T5003] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 58.423684][ T5003] ? delete_one_xattr+0x2d0/0x2d0 [ 58.428719][ T5003] reiserfs_delete_xattrs+0x20/0xa0 [ 58.433924][ T5003] reiserfs_evict_inode+0x2e7/0x540 [ 58.439125][ T5003] ? reiserfs_bmap+0x1b0/0x1b0 [ 58.443893][ T5003] ? lock_downgrade+0x690/0x690 [ 58.448747][ T5003] ? cpuacct_css_alloc+0x160/0x160 [ 58.453865][ T5003] ? lock_acquire+0x32/0xc0 [ 58.458381][ T5003] ? inode_wait_for_writeback+0x1e/0x40 [ 58.463925][ T5003] ? reiserfs_bmap+0x1b0/0x1b0 [ 58.468689][ T5003] evict+0x2ed/0x6b0 [ 58.472593][ T5003] iput+0x4a7/0x7a0 [ 58.476409][ T5003] dentry_unlink_inode+0x2b1/0x460 [ 58.481522][ T5003] __dentry_kill+0x3c0/0x640 [ 58.486115][ T5003] ? dput+0x39/0xe10 [ 58.490011][ T5003] dput+0x6ac/0xe10 [ 58.493822][ T5003] cleanup_mnt+0x286/0x3d0 [ 58.498239][ T5003] task_work_run+0x16f/0x270 [ 58.502830][ T5003] ? task_work_cancel+0x30/0x30 [ 58.507685][ T5003] do_exit+0xb0d/0x29f0 [ 58.511839][ T5003] ? lock_downgrade+0x690/0x690 [ 58.516702][ T5003] ? do_raw_spin_lock+0x124/0x2b0 [ 58.521732][ T5003] ? mm_update_next_owner+0x7b0/0x7b0 [ 58.527102][ T5003] ? spin_bug+0x1c0/0x1c0 [ 58.531439][ T5003] ? _raw_spin_unlock_irq+0x23/0x50 [ 58.536642][ T5003] do_group_exit+0xd4/0x2a0 [ 58.541145][ T5003] __x64_sys_exit_group+0x3e/0x50 [ 58.546171][ T5003] do_syscall_64+0x39/0xb0 [ 58.550594][ T5003] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.556492][ T5003] RIP: 0033:0x7f28aa507bb9 [ 58.560899][ T5003] Code: Unable to access opcode bytes at 0x7f28aa507b8f. [ 58.567904][ T5003] RSP: 002b:00007fffad046f68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 58.576312][ T5003] RAX: ffffffffffffffda RBX: 00007f28aa57e330 RCX: 00007f28aa507bb9 [ 58.584277][ T5003] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 58.592240][ T5003] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007f28aa578e40 [ 58.600205][ T5003] R10: 00007f28aa578e40 R11: 0000000000000246 R12: 00007f28aa57e330 [pid 5003] +++ exited with 1 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5003, si_uid=0, si_status=1, si_utime=0, si_stime=23 /* 0.23 s */} --- exit_group(0) = ? +++ exited with 0 +++ [ 5