REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal REISERFS (device loop2): using ordered data mode reiserfs: using flush barriers REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop2): checking transaction log (loop2) INFO: task kworker/1:3:7808 blocked for more than 140 seconds. Not tainted 4.14.300-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:3 D29072 7808 2 0x80000000 REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal Workqueue: events_long flush_old_commits Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 REISERFS (device loop4): using ordered data mode schedule+0x8d/0x1b0 kernel/sched/core.c:3431 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893 reiserfs: using flush barriers REISERFS (device loop2): Using r5 hash to sort names REISERFS (device loop2): using 3.5.x disk format REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27 REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. reiserfs_sync_fs+0x65/0xd0 fs/reiserfs/super.c:76 flush_old_commits+0xdd/0x1d0 fs/reiserfs/super.c:111 REISERFS (device loop4): checking transaction log (loop4) process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406 REISERFS (device loop4): Using r5 hash to sort names INFO: task kworker/1:1:8191 blocked for more than 140 seconds. REISERFS (device loop4): using 3.5.x disk format Not tainted 4.14.300-syzkaller #0 REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:1 D29288 8191 2 0x80000000 Workqueue: events_long flush_old_commits Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893 reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27 reiserfs_sync_fs+0x65/0xd0 fs/reiserfs/super.c:76 flush_old_commits+0xdd/0x1d0 fs/reiserfs/super.c:111 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406 REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal INFO: task syz-executor417:15145 blocked for more than 140 seconds. REISERFS (device loop3): using ordered data mode Not tainted 4.14.300-syzkaller #0 reiserfs: using flush barriers "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor417 D25624 15145 7977 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 REISERFS (device loop3): checking transaction log (loop3) __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline] rwsem_down_write_failed+0x343/0x6d0 kernel/locking/rwsem-xadd.c:617 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:56 inode_lock include/linux/fs.h:719 [inline] reiserfs_sync_file+0x9b/0x2d0 fs/reiserfs/file.c:161 vfs_fsync_range+0x103/0x260 fs/sync.c:196 generic_write_sync include/linux/fs.h:2684 [inline] generic_file_write_iter+0x410/0x650 mm/filemap.c:3212 call_write_iter include/linux/fs.h:1780 [inline] do_iter_readv_writev+0x4cf/0x5f0 fs/read_write.c:675 do_iter_write+0x152/0x550 fs/read_write.c:954 vfs_iter_write+0x70/0xa0 fs/read_write.c:967 iter_file_splice_write+0x52b/0xa90 fs/splice.c:749 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x115/0x160 fs/splice.c:1018 REISERFS (device loop3): Using r5 hash to sort names splice_direct_to_actor+0x27c/0x730 fs/splice.c:973 REISERFS (device loop3): using 3.5.x disk format REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal do_splice_direct+0x164/0x210 fs/splice.c:1061 REISERFS (device loop5): using ordered data mode do_sendfile+0x47f/0xb30 fs/read_write.c:1441 reiserfs: using flush barriers SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0xff/0x110 fs/read_write.c:1488 REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop5): checking transaction log (loop5) do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 INFO: task syz-executor417:15178 blocked for more than 140 seconds. Not tainted 4.14.300-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor417 D26416 15178 7977 0x80000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893 reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27 reiserfs_get_block+0x1a1/0x36b0 fs/reiserfs/inode.c:688 REISERFS (device loop5): Using r5 hash to sort names REISERFS (device loop5): using 3.5.x disk format REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. do_mpage_readpage+0x615/0x1470 fs/mpage.c:211 mpage_readpages+0x2d6/0x5f0 fs/mpage.c:383 REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal REISERFS (device loop2): using ordered data mode reiserfs: using flush barriers REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop2): checking transaction log (loop2) read_pages mm/readahead.c:121 [inline] __do_page_cache_readahead+0x522/0x940 mm/readahead.c:199 ra_submit mm/internal.h:66 [inline] ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486 page_cache_sync_readahead mm/readahead.c:518 [inline] page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503 generic_file_buffered_read mm/filemap.c:2003 [inline] generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273 call_read_iter include/linux/fs.h:1774 [inline] new_sync_read fs/read_write.c:401 [inline] __vfs_read+0x449/0x620 fs/read_write.c:413 REISERFS (device loop2): Using r5 hash to sort names REISERFS (device loop2): using 3.5.x disk format REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline] ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline] ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467 ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227 process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264 do_last fs/namei.c:3435 [inline] path_openat+0x10ad/0x2970 fs/namei.c:3571 do_filp_open+0x179/0x3c0 fs/namei.c:3605 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 INFO: task syz-executor417:15183 blocked for more than 140 seconds. Not tainted 4.14.300-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor417 D29936 15183 7977 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 io_schedule+0xb5/0x120 kernel/sched/core.c:5035 wait_on_page_bit_common mm/filemap.c:1025 [inline] __lock_page+0x27b/0x380 mm/filemap.c:1197 lock_page include/linux/pagemap.h:480 [inline] pagecache_get_page+0x479/0xab0 mm/filemap.c:1478 find_or_create_page include/linux/pagemap.h:326 [inline] grab_cache_page include/linux/pagemap.h:384 [inline] grab_tail_page fs/reiserfs/inode.c:2210 [inline] reiserfs_truncate_file+0x5b2/0xdb0 fs/reiserfs/inode.c:2278 reiserfs_setattr+0xb2d/0xe00 fs/reiserfs/inode.c:3411 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 INFO: task syz-executor417:15368 blocked for more than 140 seconds. Not tainted 4.14.300-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kauditd_printk_skb: 64 callbacks suppressed audit: type=1804 audit(1670204237.077:4271): pid=24614 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor417" name="/root/syzkaller.Yt7dGq/306/file0/bus" dev="loop2" ino=2 res=1 syz-executor417 D25624 15368 7976 0x00000004 Call Trace: REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 audit: type=1800 audit(1670204237.077:4272): pid=24614 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor417" name="bus" dev="loop2" ino=2 res=0 REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers schedule+0x8d/0x1b0 kernel/sched/core.c:3431 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline] rwsem_down_write_failed+0x343/0x6d0 kernel/locking/rwsem-xadd.c:617 REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:56 inode_lock include/linux/fs.h:719 [inline] reiserfs_sync_file+0x9b/0x2d0 fs/reiserfs/file.c:161 vfs_fsync_range+0x103/0x260 fs/sync.c:196 generic_write_sync include/linux/fs.h:2684 [inline] generic_file_write_iter+0x410/0x650 mm/filemap.c:3212 REISERFS (device loop4): checking transaction log (loop4) call_write_iter include/linux/fs.h:1780 [inline] do_iter_readv_writev+0x4cf/0x5f0 fs/read_write.c:675 do_iter_write+0x152/0x550 fs/read_write.c:954 vfs_iter_write+0x70/0xa0 fs/read_write.c:967 iter_file_splice_write+0x52b/0xa90 fs/splice.c:749 REISERFS (device loop4): Using r5 hash to sort names do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x115/0x160 fs/splice.c:1018 REISERFS (device loop4): using 3.5.x disk format splice_direct_to_actor+0x27c/0x730 fs/splice.c:973 REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal audit: type=1800 audit(1670204237.387:4273): pid=24619 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor417" name="bus" dev="loop4" ino=2 res=0 do_splice_direct+0x164/0x210 fs/splice.c:1061 REISERFS (device loop3): using ordered data mode reiserfs: using flush barriers REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): checking transaction log (loop3) do_sendfile+0x47f/0xb30 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0xff/0x110 fs/read_write.c:1488 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 REISERFS (device loop3): Using r5 hash to sort names REISERFS (device loop3): using 3.5.x disk format REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. INFO: task syz-executor417:15391 blocked for more than 140 seconds. audit: type=1800 audit(1670204237.547:4274): pid=24627 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor417" name="bus" dev="loop3" ino=2 res=0 Not tainted 4.14.300-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor417 D26416 15391 7976 0x80000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893 reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27 reiserfs_get_block+0x1a1/0x36b0 fs/reiserfs/inode.c:688 do_mpage_readpage+0x615/0x1470 fs/mpage.c:211 REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal REISERFS (device loop5): using ordered data mode mpage_readpages+0x2d6/0x5f0 fs/mpage.c:383 reiserfs: using flush barriers audit: type=1804 audit(1670204237.807:4275): pid=24635 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor417" name="/root/syzkaller.h4TG3A/305/file0/bus" dev="loop4" ino=2 res=1 REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal REISERFS (device loop2): using ordered data mode audit: type=1800 audit(1670204237.807:4276): pid=24635 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor417" name="bus" dev="loop4" ino=2 res=0 reiserfs: using flush barriers REISERFS (device loop5): checking transaction log (loop5) REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 read_pages mm/readahead.c:121 [inline] __do_page_cache_readahead+0x522/0x940 mm/readahead.c:199 REISERFS (device loop2): checking transaction log (loop2) ra_submit mm/internal.h:66 [inline] ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486 page_cache_sync_readahead mm/readahead.c:518 [inline] page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503 generic_file_buffered_read mm/filemap.c:2003 [inline] generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273 call_read_iter include/linux/fs.h:1774 [inline] new_sync_read fs/read_write.c:401 [inline] __vfs_read+0x449/0x620 fs/read_write.c:413 audit: type=1804 audit(1670204237.987:4277): pid=24639 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor417" name="/root/syzkaller.uzVbHx/307/file0/bus" dev="loop3" ino=2 res=1 integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199 REISERFS (device loop5): Using r5 hash to sort names audit: type=1800 audit(1670204237.987:4278): pid=24639 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor417" name="bus" dev="loop3" ino=2 res=0 REISERFS (device loop5): using 3.5.x disk format REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline] ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline] ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467 REISERFS (device loop2): Using r5 hash to sort names ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227 REISERFS (device loop2): using 3.5.x disk format audit: type=1800 audit(1670204238.117:4279): pid=24647 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor417" name="bus" dev="loop5" ino=2 res=0 REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264 audit: type=1800 audit(1670204238.167:4280): pid=24648 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor417" name="bus" dev="loop2" ino=2 res=0 do_last fs/namei.c:3435 [inline] path_openat+0x10ad/0x2970 fs/namei.c:3571 do_filp_open+0x179/0x3c0 fs/namei.c:3605 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 INFO: task syz-executor417:15398 blocked for more than 140 seconds. Not tainted 4.14.300-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor417 D29776 15398 7976 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 io_schedule+0xb5/0x120 kernel/sched/core.c:5035 wait_on_page_bit_common mm/filemap.c:1025 [inline] __lock_page+0x27b/0x380 mm/filemap.c:1197 lock_page include/linux/pagemap.h:480 [inline] pagecache_get_page+0x479/0xab0 mm/filemap.c:1478 find_or_create_page include/linux/pagemap.h:326 [inline] grab_cache_page include/linux/pagemap.h:384 [inline] grab_tail_page fs/reiserfs/inode.c:2210 [inline] reiserfs_truncate_file+0x5b2/0xdb0 fs/reiserfs/inode.c:2278 reiserfs_setattr+0xb2d/0xe00 fs/reiserfs/inode.c:3411 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 Showing all locks held in the system: 1 lock held by khungtaskd/1532: #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548 1 lock held by in:imklog/7701: #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0x1fb/0x2b0 fs/file.c:819 4 locks held by kworker/1:3/7808: #0: ("events_long"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&(&sbi->old_work)->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (&type->s_umount_key#46){++++}, at: [] flush_old_commits+0x77/0x1d0 fs/reiserfs/super.c:97 #3: (&sbi->lock){+.+.}, at: [] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27 1 lock held by syz-executor417/7979: #0: (&type->s_umount_key#46){++++}, at: [] deactivate_super+0x77/0xa0 fs/super.c:349 4 locks held by kworker/1:1/8191: #0: ("events_long"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&(&sbi->old_work)->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (&type->s_umount_key#46){++++}, at: [] flush_old_commits+0x77/0x1d0 fs/reiserfs/super.c:97 #3: (&sbi->lock){+.+.}, at: [] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27 2 locks held by syz-executor417/15145: #0: (sb_writers#10){.+.+}, at: [] file_start_write include/linux/fs.h:2714 [inline] #0: (sb_writers#10){.+.+}, at: [] do_sendfile+0x84f/0xb30 fs/read_write.c:1440 #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] reiserfs_sync_file+0x9b/0x2d0 fs/reiserfs/file.c:161 2 locks held by syz-executor417/15178: #0: (&iint->mutex){+.+.}, at: [] process_measurement+0x270/0xb20 security/integrity/ima/ima_main.c:225 #1: (&sbi->lock){+.+.}, at: [] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27 4 locks held by syz-executor417/15183: #0: (sb_writers#10){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#10){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (&ei->tailpack){+.+.}, at: [] reiserfs_setattr+0xaf5/0xe00 fs/reiserfs/inode.c:3409 #3: (&sbi->lock){+.+.}, at: [] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27 2 locks held by syz-executor417/15368: #0: (sb_writers#10){.+.+}, at: [] file_start_write include/linux/fs.h:2714 [inline] #0: (sb_writers#10){.+.+}, at: [] do_sendfile+0x84f/0xb30 fs/read_write.c:1440 #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] reiserfs_sync_file+0x9b/0x2d0 fs/reiserfs/file.c:161 2 locks held by syz-executor417/15391: #0: (&iint->mutex){+.+.}, at: [] process_measurement+0x270/0xb20 security/integrity/ima/ima_main.c:225 #1: (&sbi->lock){+.+.}, at: [] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27 4 locks held by syz-executor417/15398: #0: (sb_writers#10){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#10){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (&ei->tailpack){+.+.}, at: [] reiserfs_setattr+0xaf5/0xe00 fs/reiserfs/inode.c:3409 #3: (&sbi->lock){+.+.}, at: [] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27 2 locks held by syz-executor417/24647: #0: (sb_writers#10){.+.+}, at: [] file_start_write include/linux/fs.h:2714 [inline] #0: (sb_writers#10){.+.+}, at: [] do_sendfile+0x84f/0xb30 fs/read_write.c:1440 #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] generic_file_write_iter+0x99/0x650 mm/filemap.c:3205 1 lock held by syz-executor417/24662: #0: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #0: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] process_measurement+0xac8/0xb20 security/integrity/ima/ima_main.c:206 2 locks held by syz-executor417/24664: #0: (sb_writers#10){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#10){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 2 locks held by syz-executor417/24648: #0: (sb_writers#10){.+.+}, at: [] file_start_write include/linux/fs.h:2714 [inline] #0: (sb_writers#10){.+.+}, at: [] do_sendfile+0x84f/0xb30 fs/read_write.c:1440 #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] generic_file_write_iter+0x99/0x650 mm/filemap.c:3205 1 lock held by syz-executor417/24663: #0: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #0: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] process_measurement+0xac8/0xb20 security/integrity/ima/ima_main.c:206 2 locks held by syz-executor417/24665: #0: (sb_writers#10){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#10){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1532 Comm: khungtaskd Not tainted 4.14.300-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline] watchdog+0x5b9/0xb40 kernel/hung_task.c:274 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff8724a73e