Warning: Permanently added '10.128.0.133' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.233697][ T3499] loop0: detected capacity change from 0 to 8192 [ 41.243823][ T3499] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 41.253211][ T3499] REISERFS (device loop0): using ordered data mode [ 41.259713][ T3499] reiserfs: using flush barriers [ 41.266050][ T3499] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 41.283774][ T3499] REISERFS (device loop0): checking transaction log (loop0) [ 41.294328][ T3499] REISERFS (device loop0): Using r5 hash to sort names [ 41.302890][ T3499] reiserfs: enabling write barrier flush mode [ 41.315236][ T3499] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 41.325605][ T3499] [ 41.327958][ T3499] ====================================================== [ 41.334968][ T3499] WARNING: possible circular locking dependency detected [ 41.341962][ T3499] 5.15.117-syzkaller #0 Not tainted [ 41.347133][ T3499] ------------------------------------------------------ [ 41.354124][ T3499] syz-executor416/3499 is trying to acquire lock: [ 41.360650][ T3499] ffff888140faf090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x76/0xd0 [ 41.369600][ T3499] [ 41.369600][ T3499] but task is already holding lock: [ 41.376937][ T3499] ffff8880708b02e0 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_unlinkat+0x260/0x940 [ 41.386748][ T3499] [ 41.386748][ T3499] which lock already depends on the new lock. [ 41.386748][ T3499] [ 41.397370][ T3499] [ 41.397370][ T3499] the existing dependency chain (in reverse order) is: [ 41.406468][ T3499] [ 41.406468][ T3499] -> #2 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}: [ 41.415050][ T3499] lock_acquire+0x1db/0x4f0 [ 41.420145][ T3499] down_write_nested+0xa0/0x180 [ 41.425494][ T3499] do_unlinkat+0x260/0x940 [ 41.430504][ T3499] __x64_sys_unlinkat+0xca/0xf0 [ 41.436025][ T3499] do_syscall_64+0x3d/0xb0 [ 41.440976][ T3499] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.447371][ T3499] [ 41.447371][ T3499] -> #1 (sb_writers#9){.+.+}-{0:0}: [ 41.454740][ T3499] lock_acquire+0x1db/0x4f0 [ 41.459742][ T3499] sb_start_write+0x4f/0x1c0 [ 41.464832][ T3499] mnt_want_write_file+0x5a/0x1f0 [ 41.470362][ T3499] reiserfs_ioctl+0x170/0x340 [ 41.475532][ T3499] __se_sys_ioctl+0xf1/0x160 [ 41.480625][ T3499] do_syscall_64+0x3d/0xb0 [ 41.485535][ T3499] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.491935][ T3499] [ 41.491935][ T3499] -> #0 (&sbi->lock){+.+.}-{3:3}: [ 41.499200][ T3499] validate_chain+0x1646/0x58b0 [ 41.504548][ T3499] __lock_acquire+0x1295/0x1ff0 [ 41.509909][ T3499] lock_acquire+0x1db/0x4f0 [ 41.514909][ T3499] __mutex_lock_common+0x1da/0x25a0 [ 41.520609][ T3499] mutex_lock_nested+0x17/0x20 [ 41.525866][ T3499] reiserfs_write_lock+0x76/0xd0 [ 41.531299][ T3499] reiserfs_lookup+0x15c/0x4b0 [ 41.536667][ T3499] __lookup_hash+0x117/0x240 [ 41.541769][ T3499] do_unlinkat+0x28e/0x940 [ 41.546686][ T3499] __x64_sys_unlinkat+0xca/0xf0 [ 41.552195][ T3499] do_syscall_64+0x3d/0xb0 [ 41.557131][ T3499] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.563534][ T3499] [ 41.563534][ T3499] other info that might help us debug this: [ 41.563534][ T3499] [ 41.574356][ T3499] Chain exists of: [ 41.574356][ T3499] &sbi->lock --> sb_writers#9 --> &type->i_mutex_dir_key#6/1 [ 41.574356][ T3499] [ 41.587644][ T3499] Possible unsafe locking scenario: [ 41.587644][ T3499] [ 41.595078][ T3499] CPU0 CPU1 [ 41.600417][ T3499] ---- ---- [ 41.605753][ T3499] lock(&type->i_mutex_dir_key#6/1); [ 41.611107][ T3499] lock(sb_writers#9); [ 41.617762][ T3499] lock(&type->i_mutex_dir_key#6/1); [ 41.625645][ T3499] lock(&sbi->lock); [ 41.629598][ T3499] [ 41.629598][ T3499] *** DEADLOCK *** [ 41.629598][ T3499] [ 41.637713][ T3499] 2 locks held by syz-executor416/3499: [ 41.643235][ T3499] #0: ffff888015b90460 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 [ 41.652342][ T3499] #1: ffff8880708b02e0 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_unlinkat+0x260/0x940 [ 41.662613][ T3499] [ 41.662613][ T3499] stack backtrace: [ 41.668473][ T3499] CPU: 1 PID: 3499 Comm: syz-executor416 Not tainted 5.15.117-syzkaller #0 [ 41.677040][ T3499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 41.687174][ T3499] Call Trace: [ 41.690451][ T3499] [ 41.693361][ T3499] dump_stack_lvl+0x1e3/0x2cb [ 41.698020][ T3499] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 41.703631][ T3499] ? print_circular_bug+0x12b/0x1a0 [ 41.708806][ T3499] check_noncircular+0x2f8/0x3b0 [ 41.713723][ T3499] ? add_chain_block+0x850/0x850 [ 41.718645][ T3499] ? lockdep_lock+0x11f/0x2a0 [ 41.723388][ T3499] validate_chain+0x1646/0x58b0 [ 41.728212][ T3499] ? unwind_next_frame+0x1437/0x1fa0 [ 41.733561][ T3499] ? __kernel_text_address+0x94/0x100 [ 41.738908][ T3499] ? unwind_get_return_address+0x49/0x80 [ 41.744519][ T3499] ? reacquire_held_locks+0x660/0x660 [ 41.750358][ T3499] ? arch_stack_walk+0xf3/0x140 [ 41.755292][ T3499] ? stack_trace_save+0x113/0x1c0 [ 41.760301][ T3499] ? stack_trace_snprint+0xe0/0xe0 [ 41.765389][ T3499] ? check_noncircular+0x1e1/0x3b0 [ 41.770479][ T3499] ? mark_lock+0x98/0x340 [ 41.774780][ T3499] __lock_acquire+0x1295/0x1ff0 [ 41.779612][ T3499] lock_acquire+0x1db/0x4f0 [ 41.784092][ T3499] ? reiserfs_write_lock+0x76/0xd0 [ 41.789454][ T3499] ? read_lock_is_recursive+0x10/0x10 [ 41.794993][ T3499] ? __might_sleep+0xc0/0xc0 [ 41.799570][ T3499] ? stack_trace_save+0x113/0x1c0 [ 41.804728][ T3499] ? reacquire_held_locks+0x660/0x660 [ 41.810096][ T3499] ? stack_trace_snprint+0xe0/0xe0 [ 41.815452][ T3499] ? lockdep_unlock+0x166/0x300 [ 41.820306][ T3499] __mutex_lock_common+0x1da/0x25a0 [ 41.825486][ T3499] ? reiserfs_write_lock+0x76/0xd0 [ 41.830577][ T3499] ? __x64_sys_unlinkat+0xca/0xf0 [ 41.835575][ T3499] ? do_syscall_64+0x3d/0xb0 [ 41.840137][ T3499] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.846181][ T3499] ? reiserfs_write_lock+0x76/0xd0 [ 41.851270][ T3499] ? mutex_lock_io_nested+0x60/0x60 [ 41.856442][ T3499] ? __lock_acquire+0x1295/0x1ff0 [ 41.861443][ T3499] mutex_lock_nested+0x17/0x20 [ 41.866184][ T3499] reiserfs_write_lock+0x76/0xd0 [ 41.871452][ T3499] reiserfs_lookup+0x15c/0x4b0 [ 41.876193][ T3499] ? reiserfs_find_entry+0x19b0/0x19b0 [ 41.881641][ T3499] ? __lock_acquire+0x1ff0/0x1ff0 [ 41.886638][ T3499] ? do_raw_spin_lock+0x14a/0x370 [ 41.891636][ T3499] ? _raw_spin_unlock+0x24/0x40 [ 41.896821][ T3499] ? d_alloc+0x194/0x1d0 [ 41.901041][ T3499] __lookup_hash+0x117/0x240 [ 41.905623][ T3499] do_unlinkat+0x28e/0x940 [ 41.910032][ T3499] ? fsnotify_link_count+0xf0/0xf0 [ 41.915141][ T3499] ? strncpy_from_user+0x209/0x370 [ 41.920776][ T3499] ? syscall_enter_from_user_mode+0x2e/0x230 [ 41.926899][ T3499] __x64_sys_unlinkat+0xca/0xf0 [ 41.931744][ T3499] do_syscall_64+0x3d/0xb0 [ 41.936149][ T3499] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.942047][ T3499] RIP: 0033:0x7f179e177909 [ 41.946452][ T3499] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 41.966430][ T3499] RSP: 002b:00007fff2418f508 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 41.974967][ T3499] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f179e177909 [ 41.983448][ T3499] RDX: 00000000000000