ci starts bisection 2023-03-13 22:47:50.641850988 +0000 UTC m=+29677.531974383
bisecting fixing commit since 83abd4d4c4be8984ba5a3a813ccfedba79c7d6ad
building syzkaller on 9dfcf09cf38eb123a007af28c5ee2562718893a0
ensuring issue is reproducible on original commit 83abd4d4c4be8984ba5a3a813ccfedba79c7d6ad

testing commit 83abd4d4c4be8984ba5a3a813ccfedba79c7d6ad gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 463ddef2e507fea56020ca0aaf578bc0c78ed6fbc58250a03ed302e8c7da01a8
run #0: crashed: INFO: rcu detected stall in corrupted
run #1: crashed: INFO: rcu detected stall in corrupted
run #2: crashed: INFO: rcu detected stall in corrupted
run #3: crashed: INFO: rcu detected stall in corrupted
run #4: crashed: INFO: rcu detected stall in corrupted
run #5: crashed: INFO: rcu detected stall in corrupted
run #6: crashed: INFO: rcu detected stall in corrupted
run #7: crashed: INFO: rcu detected stall in corrupted
run #8: crashed: INFO: rcu detected stall in corrupted
run #9: crashed: INFO: rcu detected stall in corrupted
run #10: crashed: INFO: task hung in reiserfs_sync_fs
run #11: crashed: INFO: task hung in reiserfs_sync_file
run #12: crashed: INFO: task hung in reiserfs_sync_file
run #13: crashed: INFO: task hung in reiserfs_sync_file
run #14: crashed: INFO: task hung in reiserfs_sync_fs
run #15: crashed: INFO: task hung in reiserfs_sync_fs
run #16: crashed: INFO: task hung in reiserfs_sync_fs
run #17: crashed: INFO: task hung in reiserfs_sync_fs
run #18: crashed: INFO: task hung in reiserfs_sync_fs
run #19: crashed: INFO: task hung in reiserfs_sync_fs
testing current HEAD fc89d7fb499b0162e081f434d45e8d1b47e82ece
testing commit fc89d7fb499b0162e081f434d45e8d1b47e82ece gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 83c14fe7264e17b8d557cc6529b3e72acd9df0b8354823e82d53cc9422a6132d
run #0: crashed: INFO: task hung in generic_file_write_iter
run #1: crashed: INFO: task hung in reiserfs_sync_fs
run #2: crashed: INFO: task hung in reiserfs_sync_fs
run #3: crashed: INFO: task hung in reiserfs_sync_fs
run #4: crashed: INFO: task hung in reiserfs_sync_fs
run #5: crashed: INFO: task hung in reiserfs_sync_file
run #6: crashed: INFO: task hung in reiserfs_sync_fs
run #7: crashed: INFO: task hung in reiserfs_sync_fs
run #8: crashed: INFO: task hung in reiserfs_sync_fs
run #9: crashed: INFO: task hung in reiserfs_sync_fs
revisions tested: 2, total time: 38m10.338523384s (build: 23m41.086897008s, test: 13m15.823775443s)
the crash still happens on HEAD
commit msg: Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
crash: INFO: task hung in reiserfs_sync_fs
INFO: task kworker/1:0:22 blocked for more than 143 seconds.
      Not tainted 6.3.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:0     state:D stack:25856 pid:22    ppid:2      flags:0x00004000
Workqueue: events_long flush_old_commits
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5304 [inline]
 __schedule+0xc01/0x5730 kernel/sched/core.c:6622
 schedule+0xde/0x1a0 kernel/sched/core.c:6698
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa3b/0x1350 kernel/locking/mutex.c:747
 reiserfs_write_lock+0x6f/0xf0 fs/reiserfs/lock.c:27
 reiserfs_sync_fs+0x77/0xf0 fs/reiserfs/super.c:76
 flush_old_commits+0xcd/0x1a0 fs/reiserfs/super.c:111
 process_one_work+0x865/0x14b0 kernel/workqueue.c:2390
 worker_thread+0x59c/0xec0 kernel/workqueue.c:2537
 kthread+0x298/0x340 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
INFO: task syz-executor.4:8339 blocked for more than 143 seconds.
      Not tainted 6.3.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4  state:D stack:24968 pid:8339  ppid:5503   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5304 [inline]
 __schedule+0xc01/0x5730 kernel/sched/core.c:6622
 schedule+0xde/0x1a0 kernel/sched/core.c:6698
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
 rwsem_down_write_slowpath+0x3e2/0x1220 kernel/locking/rwsem.c:1178
 __down_write_common kernel/locking/rwsem.c:1306 [inline]
 __down_write kernel/locking/rwsem.c:1315 [inline]
 down_write+0x1d2/0x200 kernel/locking/rwsem.c:1574
 inode_lock include/linux/fs.h:758 [inline]
 reiserfs_sync_file+0x8c/0x2d0 fs/reiserfs/file.c:155
 generic_write_sync include/linux/fs.h:2452 [inline]
 generic_file_write_iter+0x1fb/0x2c0 mm/filemap.c:4090
 call_write_iter include/linux/fs.h:1851 [inline]
 do_iter_readv_writev+0x191/0x2e0 fs/read_write.c:735
 do_iter_write+0x124/0x620 fs/read_write.c:861
 iter_file_splice_write+0x591/0xaa0 fs/splice.c:778
 do_splice_from fs/splice.c:856 [inline]
 direct_splice_actor+0xff/0x1d0 fs/splice.c:1022
 splice_direct_to_actor+0x2bf/0x790 fs/splice.c:977
 do_splice_direct+0x14c/0x260 fs/splice.c:1065
 do_sendfile+0x93d/0x1170 fs/read_write.c:1255
 __do_sys_sendfile64 fs/read_write.c:1323 [inline]
 __se_sys_sendfile64 fs/read_write.c:1309 [inline]
 __x64_sys_sendfile64+0x18a/0x1d0 fs/read_write.c:1309
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f2588e8c0c9
RSP: 002b:00007f2589b45168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f2588fabf80 RCX: 00007f2588e8c0c9
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007f2588ee7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 000080001d00c0d0 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe0465eb4f R14: 00007f2589b45300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.4:8351 blocked for more than 144 seconds.
      Not tainted 6.3.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4  state:D stack:24224 pid:8351  ppid:5503   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5304 [inline]
 __schedule+0xc01/0x5730 kernel/sched/core.c:6622
 schedule+0xde/0x1a0 kernel/sched/core.c:6698
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6757
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa3b/0x1350 kernel/locking/mutex.c:747
 reiserfs_write_lock+0x6f/0xf0 fs/reiserfs/lock.c:27
 reiserfs_get_block+0x1be/0x3920 fs/reiserfs/inode.c:680
 do_mpage_readpage+0x635/0x1570 fs/mpage.c:208
 mpage_readahead+0x2c5/0x510 fs/mpage.c:356
 read_pages+0x175/0xbb0 mm/readahead.c:161
 page_cache_ra_unbounded+0x2d2/0x500 mm/readahead.c:270
 page_cache_sync_readahead include/linux/pagemap.h:1214 [inline]
 filemap_get_pages+0x253/0x1330 mm/filemap.c:2598
 filemap_read+0x2d8/0xa60 mm/filemap.c:2693
 __kernel_read+0x280/0x740 fs/read_write.c:428
 integrity_kernel_read+0x6c/0x90 security/integrity/iint.c:199
 ima_calc_file_hash_tfm+0x253/0x340 security/integrity/ima/ima_crypto.c:485
 ima_calc_file_shash security/integrity/ima/ima_crypto.c:516 [inline]
 ima_calc_file_hash+0x12a/0x3b0 security/integrity/ima/ima_crypto.c:573
 ima_collect_measurement+0x48b/0x650 security/integrity/ima/ima_api.c:293
 process_measurement+0x898/0x1450 security/integrity/ima/ima_main.c:341
 ima_file_check+0xb5/0x100 security/integrity/ima/ima_main.c:539
 do_open fs/namei.c:3562 [inline]
 path_openat+0x10ca/0x2280 fs/namei.c:3715
 do_filp_open+0x1a9/0x3e0 fs/namei.c:3742
 do_sys_openat2+0x11e/0x3f0 fs/open.c:1348
 do_sys_open fs/open.c:1364 [inline]
 __do_sys_open fs/open.c:1372 [inline]
 __se_sys_open fs/open.c:1368 [inline]
 __x64_sys_open+0x101/0x1a0 fs/open.c:1368
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f2588e8c0c9
RSP: 002b:00007f2589b24168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007f2588fac050 RCX: 00007f2588e8c0c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000200
RBP: 00007f2588ee7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe0465eb4f R14: 00007f2589b24300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.4:8352 blocked for more than 145 seconds.
      Not tainted 6.3.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4  state:D stack:28560 pid:8352  ppid:5503   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5304 [inline]
 __schedule+0xc01/0x5730 kernel/sched/core.c:6622
 schedule+0xde/0x1a0 kernel/sched/core.c:6698
 io_schedule+0xbe/0x130 kernel/sched/core.c:8884
 folio_wait_bit_common+0x2af/0x730 mm/filemap.c:1301
 __folio_lock mm/filemap.c:1664 [inline]
 folio_lock include/linux/pagemap.h:952 [inline]
 folio_lock include/linux/pagemap.h:948 [inline]
 __filemap_get_folio+0x7a5/0x960 mm/filemap.c:1936
 pagecache_get_page+0x13/0x190 mm/folio-compat.c:99
 find_or_create_page include/linux/pagemap.h:632 [inline]
 grab_cache_page include/linux/pagemap.h:754 [inline]
 grab_tail_page fs/reiserfs/inode.c:2201 [inline]
 reiserfs_truncate_file+0x477/0xd10 fs/reiserfs/inode.c:2269
 reiserfs_setattr+0xa47/0xfd0 fs/reiserfs/inode.c:3395
 notify_change+0x7fb/0xda0 fs/attr.c:482
 do_truncate+0xf2/0x1a0 fs/open.c:66
 vfs_truncate+0x30b/0x410 fs/open.c:112
 do_sys_truncate.part.0+0xda/0xf0 fs/open.c:135
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f2588e8c0c9
RSP: 002b:00007f2589b03168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007f2588fac120 RCX: 00007f2588e8c0c9
RDX: 0000000000000000 RSI: 0000000000000006 RDI: 00000000200001c0
RBP: 00007f2588ee7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe0465eb4f R14: 00007f2589b03300 R15: 0000000000022000
 </TASK>

Showing all locks held in the system:
4 locks held by kworker/0:0/7:
 #0: ffff888011471538 ((wq_completion)events_long){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888011471538 ((wq_completion)events_long){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888011471538 ((wq_completion)events_long){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888011471538 ((wq_completion)events_long){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:639 [inline]
 #0: ffff888011471538 ((wq_completion)events_long){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:666 [inline]
 #0: ffff888011471538 ((wq_completion)events_long){+.+.}-{0:0}, at: process_one_work+0x78a/0x14b0 kernel/workqueue.c:2361
 #1: ffffc900000c7db8 ((work_completion)(&(&sbi->old_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x14b0 kernel/workqueue.c:2365
 #2: ffff888020abc0e0 (&type->s_umount_key#49){++++}-{3:3}, at: flush_old_commits+0x75/0x1a0 fs/reiserfs/super.c:97
 #3: ffff88801c5b2090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x6f/0xf0 fs/reiserfs/lock.c:27
1 lock held by rcu_tasks_kthre/12:
 #0: 
ffffffff8b78cbb0
 (
rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 kernel/rcu/tasks.h:510
1 lock held by rcu_tasks_trace/13:
 #0: 
ffffffff8b78c8b0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 kernel/rcu/tasks.h:510
4 locks held by kworker/1:0/22:
 #0: ffff888011471538 ((wq_completion)events_long){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888011471538 ((wq_completion)events_long){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888011471538 ((wq_completion)events_long){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888011471538 ((wq_completion)events_long){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:639 [inline]
 #0: ffff888011471538 ((wq_completion)events_long){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:666 [inline]
 #0: ffff888011471538 ((wq_completion)events_long){+.+.}-{0:0}, at: process_one_work+0x78a/0x14b0 kernel/workqueue.c:2361
 #1: ffffc900001c7db8 ((work_completion)(&(&sbi->old_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x14b0 kernel/workqueue.c:2365
 #2: ffff88807c7ae0e0 (&type->s_umount_key#49){++++}-{3:3}, at: flush_old_commits+0x75/0x1a0 fs/reiserfs/super.c:97
 #3: ffff88802a575090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x6f/0xf0 fs/reiserfs/lock.c:27
1 lock held by khungtaskd/27:
 #0: ffffffff8b78d700 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340 kernel/locking/lockdep.c:6495
2 locks held by kworker/u4:2/40:
 #0: ffff8880b9a3c218 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2f/0x120 kernel/sched/core.c:539
 #1: ffffc90000b17db8 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x14b0 kernel/workqueue.c:2365
2 locks held by getty/4756:
 #0: ffff888026dc2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x23/0x80 drivers/tty/tty_ldisc.c:244
 #1: ffffc900015902f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xb73/0x1040 drivers/tty/n_tty.c:2177
2 locks held by syz-executor.3/5502:
 #0: ffff88805981c0e0 (&type->s_umount_key#49){++++}-{3:3}, at: deactivate_super+0x63/0x80 fs/super.c:361
 #1: ffffffff8b7989f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:293 [inline]
 #1: ffffffff8b7989f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x64a/0x770 kernel/rcu/tree_exp.h:989
2 locks held by kworker/0:9/5750:
 #0: ffff888011472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888011472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888011472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888011472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:639 [inline]
 #0: ffff888011472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:666 [inline]
 #0: ffff888011472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x78a/0x14b0 kernel/workqueue.c:2361
 #1: ffffc900039ffdb8 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x14b0 kernel/workqueue.c:2365
2 locks held by syz-executor.4/8339:
 #0: ffff88807c7ae460 (sb_writers#13){.+.+}-{0:0}, at: __do_sys_sendfile64 fs/read_write.c:1323 [inline]
 #0: ffff88807c7ae460 (sb_writers#13){.+.+}-{0:0}, at: __se_sys_sendfile64 fs/read_write.c:1309 [inline]
 #0: ffff88807c7ae460 (sb_writers#13){.+.+}-{0:0}, at: __x64_sys_sendfile64+0x18a/0x1d0 fs/read_write.c:1309
 #1: ffff8880703202e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #1: ffff8880703202e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: reiserfs_sync_file+0x8c/0x2d0 fs/reiserfs/file.c:155
3 locks held by syz-executor.4/8351:
 #0: ffff88801efa7e00 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x580/0x1450 security/integrity/ima/ima_main.c:262
 #1: ffff888070320480 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:813 [inline]
 #1: ffff888070320480 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: page_cache_ra_unbounded+0x150/0x500 mm/readahead.c:226
 #2: ffff88802a575090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x6f/0xf0 fs/reiserfs/lock.c:27
4 locks held by syz-executor.4/8352:
 #0: ffff88807c7ae460 (sb_writers#13){.+.+}-{0:0}, at: vfs_truncate+0xc0/0x410 fs/open.c:85
 #1: ffff8880703202e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #1: ffff8880703202e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: do_truncate+0xe0/0x1a0 fs/open.c:64
 #2: ffff8880703200b8 (&ei->tailpack){+.+.}-{3:3}, at: reiserfs_setattr+0xa13/0xfd0 fs/reiserfs/inode.c:3393
 #3: ffff88802a575090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x6f/0xf0 fs/reiserfs/lock.c:27
2 locks held by syz-executor.2/8551:
 #0: ffff888020abc460 (sb_writers#13){.+.+}-{0:0}, at: __do_sys_sendfile64 fs/read_write.c:1323 [inline]
 #0: ffff888020abc460 (sb_writers#13){.+.+}-{0:0}, at: __se_sys_sendfile64 fs/read_write.c:1309 [inline]
 #0: ffff888020abc460 (sb_writers#13){.+.+}-{0:0}, at: __x64_sys_sendfile64+0x18a/0x1d0 fs/read_write.c:1309
 #1: ffff888078293e80 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #1: ffff888078293e80 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: reiserfs_sync_file+0x8c/0x2d0 fs/reiserfs/file.c:155
3 locks held by syz-executor.2/8563:
 #0: ffff888070af3bc0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x580/0x1450 security/integrity/ima/ima_main.c:262
 #1: ffff888078294020 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:813 [inline]
 #1: ffff888078294020 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: page_cache_ra_unbounded+0x150/0x500 mm/readahead.c:226
 #2: ffff88801c5b2090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x6f/0xf0 fs/reiserfs/lock.c:27
4 locks held by syz-executor.2/8564:
 #0: ffff888020abc460 (sb_writers#13){.+.+}-{0:0}, at: vfs_truncate+0xc0/0x410 fs/open.c:85
 #1: ffff888078293e80 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #1: ffff888078293e80 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: do_truncate+0xe0/0x1a0 fs/open.c:64
 #2: ffff888078293c58 (&ei->tailpack){+.+.}-{3:3}, at: reiserfs_setattr+0xa13/0xfd0 fs/reiserfs/inode.c:3393
 #3: ffff88801c5b2090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x6f/0xf0 fs/reiserfs/lock.c:27
2 locks held by syz-executor.5/9837:
1 lock held by syz-executor.5/9845:
 #0: ffff8880661502e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #0: ffff8880661502e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: process_measurement+0x2ee/0x1450 security/integrity/ima/ima_main.c:243
2 locks held by syz-executor.5/9847:
 #0: ffff888061230460 (sb_writers#13){.+.+}-{0:0}, at: vfs_truncate+0xc0/0x410 fs/open.c:85
 #1: ffff8880661502e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #1: ffff8880661502e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: do_truncate+0xe0/0x1a0 fs/open.c:64
3 locks held by syz-executor.1/9838:
 #0: ffff888062ba2460 (sb_writers#13){.+.+}-{0:0}, at: __do_sys_sendfile64 fs/read_write.c:1323 [inline]
 #0: ffff888062ba2460 (sb_writers#13){.+.+}-{0:0}, at: __se_sys_sendfile64 fs/read_write.c:1309 [inline]
 #0: ffff888062ba2460 (sb_writers#13){.+.+}-{0:0}, at: __x64_sys_sendfile64+0x18a/0x1d0 fs/read_write.c:1309
 #1: ffff888066150980 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #1: ffff888066150980 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: generic_file_write_iter+0x8d/0x2c0 mm/filemap.c:4083
 #2: ffff88806cbcf090 (&jl->j_commit_mutex){+.+.}-{3:3}, at: reiserfs_mutex_lock_safe fs/reiserfs/reiserfs.h:814 [inline]
 #2: ffff88806cbcf090 (&jl->j_commit_mutex){+.+.}-{3:3}, at: flush_commit_list.isra.0+0x1d3/0x1a80 fs/reiserfs/journal.c:1007
1 lock held by syz-executor.1/9844:
 #0: ffff888066150980 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #0: ffff888066150980 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: process_measurement+0x2ee/0x1450 security/integrity/ima/ima_main.c:243
2 locks held by syz-executor.1/9846:
 #0: ffff888062ba2460 (sb_writers#13){.+.+}-{0:0}, at: vfs_truncate+0xc0/0x410 fs/open.c:85
 #1: ffff888066150980 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #1: ffff888066150980 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: do_truncate+0xe0/0x1a0 fs/open.c:64
2 locks held by syz-executor.0/9840:
 #0: ffff888062fba460 (sb_writers#13){.+.+}-{0:0}, at: __do_sys_sendfile64 fs/read_write.c:1323 [inline]
 #0: ffff888062fba460 (sb_writers#13){.+.+}-{0:0}, at: __se_sys_sendfile64 fs/read_write.c:1309 [inline]
 #0: ffff888062fba460 (sb_writers#13){.+.+}-{0:0}, at: __x64_sys_sendfile64+0x18a/0x1d0 fs/read_write.c:1309
 #1: ffff8880700f82e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #1: ffff8880700f82e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: generic_file_write_iter+0x8d/0x2c0 mm/filemap.c:4083
1 lock held by syz-executor.0/9848:
 #0: ffff8880700f82e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #0: ffff8880700f82e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: process_measurement+0x2ee/0x1450 security/integrity/ima/ima_main.c:243
2 locks held by syz-executor.0/9849:
 #0: ffff888062fba460 (sb_writers#13){.+.+}-{0:0}, at: vfs_truncate+0xc0/0x410 fs/open.c:85
 #1: ffff8880700f82e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
 #1: ffff8880700f82e0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: do_truncate+0xe0/0x1a0 fs/open.c:64
1 lock held by syz-executor.4/9851:

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted 6.3.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x64/0xb0 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x175/0x200 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x1bc/0x200 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
 watchdog+0x9f9/0xd80 kernel/hung_task.c:379
 kthread+0x298/0x340 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 9853 Comm: syz-executor.2 Not tainted 6.3.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:unwind_next_frame+0x45d/0x1ef0 arch/x86/kernel/unwind_orc.c:487
Code: 4f 01 48 c1 ea 03 0f b6 14 02 48 89 ce 48 c1 ee 03 0f b6 04 06 4c 89 fe 83 e6 07 40 38 f2 40 0f 9e c6 84 d2 0f 95 c2 40 84 d6 <0f> 85 f8 13 00 00 48 89 ca 83 e2 07 38 d0 0f 9e c2 84 c0 0f 95 c0
RSP: 0018:ffffc9000b2f7200 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff8df74b47
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff8d7a7bfc
RBP: ffffc9000b2f72b8 R08: ffffffff8df74b42 R09: ffffc9000b2f72a4
R10: fffff94000397136 R11: 0000000000086001 R12: ffffc9000b2f72c0
R13: ffffc9000b2f7270 R14: ffffc9000b2f72a5 R15: ffffffff8df74b46
FS:  00007f8cfceab700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f50973dd718 CR3: 0000000079de4000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 arch_stack_walk+0x81/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x90/0xc0 kernel/stacktrace.c:122
 save_stack+0x124/0x1a0 mm/page_owner.c:128
 __set_page_owner+0x19/0x60 mm/page_owner.c:192
 prep_new_page mm/page_alloc.c:2552 [inline]
 get_page_from_freelist+0x1190/0x2ec0 mm/page_alloc.c:4325
 __alloc_pages+0x1cb/0x530 mm/page_alloc.c:5591
 __folio_alloc+0x16/0x40 mm/page_alloc.c:5623
 vma_alloc_folio+0x11a/0x690 mm/mempolicy.c:2244
 shmem_alloc_folio+0xfd/0x1b0 mm/shmem.c:1574
 shmem_alloc_and_acct_folio+0xfb/0x5c0 mm/shmem.c:1598
 shmem_get_folio_gfp+0x8e6/0x14b0 mm/shmem.c:1937
 shmem_get_folio mm/shmem.c:2068 [inline]
 shmem_write_begin+0x123/0x300 mm/shmem.c:2561
 generic_perform_write+0x214/0x490 mm/filemap.c:3926
 __generic_file_write_iter+0x212/0x410 mm/filemap.c:4054
 generic_file_write_iter+0xc5/0x2c0 mm/filemap.c:4086
 call_write_iter include/linux/fs.h:1851 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x823/0xd80 fs/read_write.c:584
 ksys_write+0xf2/0x1c0 fs/read_write.c:637
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f8cfc03de4f
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48
RSP: 002b:00007f8cfceaaf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8cfc03de4f
RDX: 0000000000400000 RSI: 00007f8cf2fff000 RDI: 0000000000000003
RBP: 00007f8cf2fff000 R08: 0000000000000000 R09: 00000000000010f0
R10: 0000000000400000 R11: 0000000000000293 R12: 0000000000000000
R13: 00007f8cfceaafdc R14: 00007f8cfceaafe0 R15: 00000000200033c2
 </TASK>