Warning: Permanently added '10.128.0.233' (ED25519) to the list of known hosts. executing program [ 38.459838][ T3973] loop0: detected capacity change from 0 to 8192 [ 38.464758][ T3973] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 38.467059][ T3973] REISERFS (device loop0): using ordered data mode [ 38.468574][ T3973] reiserfs: using flush barriers [ 38.470632][ T3973] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 38.474507][ T3973] REISERFS (device loop0): checking transaction log (loop0) [ 38.478448][ T3973] REISERFS (device loop0): Using r5 hash to sort names [ 38.480088][ T3973] REISERFS (device loop0): using 3.5.x disk format [ 38.482081][ T3973] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 38.486972][ T3973] [ 38.487511][ T3973] ====================================================== [ 38.489071][ T3973] WARNING: possible circular locking dependency detected [ 38.490600][ T3973] 5.15.145-syzkaller #0 Not tainted [ 38.491797][ T3973] ------------------------------------------------------ [ 38.493457][ T3973] syz-executor392/3973 is trying to acquire lock: [ 38.494874][ T3973] ffff0000c9672460 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write_file+0x64/0x1e8 [ 38.496865][ T3973] [ 38.496865][ T3973] but task is already holding lock: [ 38.498498][ T3973] ffff0000d7b85090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x7c/0xe8 [ 38.500558][ T3973] [ 38.500558][ T3973] which lock already depends on the new lock. [ 38.500558][ T3973] [ 38.502919][ T3973] [ 38.502919][ T3973] the existing dependency chain (in reverse order) is: [ 38.505023][ T3973] [ 38.505023][ T3973] -> #2 (&sbi->lock){+.+.}-{3:3}: [ 38.506630][ T3973] __mutex_lock_common+0x194/0x2154 [ 38.507974][ T3973] mutex_lock_nested+0xa4/0xf8 [ 38.509207][ T3973] reiserfs_write_lock+0x7c/0xe8 [ 38.510505][ T3973] reiserfs_lookup+0x130/0x3c4 [ 38.511773][ T3973] __lookup_slow+0x250/0x388 [ 38.512982][ T3973] lookup_one_len+0x178/0x28c [ 38.514141][ T3973] reiserfs_lookup_privroot+0x8c/0x204 [ 38.515549][ T3973] reiserfs_fill_super+0x1aec/0x1e8c [ 38.516930][ T3973] mount_bdev+0x274/0x370 [ 38.518058][ T3973] get_super_block+0x44/0x58 [ 38.519230][ T3973] legacy_get_tree+0xd4/0x16c [ 38.520296][ T3973] vfs_get_tree+0x90/0x274 [ 38.521556][ T3973] do_new_mount+0x25c/0x8c4 [ 38.522713][ T3973] path_mount+0x594/0x101c [ 38.523810][ T3973] __arm64_sys_mount+0x510/0x5e0 [ 38.525007][ T3973] invoke_syscall+0x98/0x2b8 [ 38.526160][ T3973] el0_svc_common+0x138/0x258 [ 38.527278][ T3973] do_el0_svc+0x58/0x14c [ 38.528465][ T3973] el0_svc+0x7c/0x1f0 [ 38.529522][ T3973] el0t_64_sync_handler+0x84/0xe4 [ 38.530761][ T3973] el0t_64_sync+0x1a0/0x1a4 [ 38.531951][ T3973] [ 38.531951][ T3973] -> #1 (&type->i_mutex_dir_key#6){+.+.}-{3:3}: [ 38.533928][ T3973] down_write+0x110/0x260 [ 38.534995][ T3973] path_openat+0x63c/0x26f0 [ 38.536233][ T3973] do_filp_open+0x1a8/0x3b4 [ 38.537482][ T3973] do_sys_openat2+0x128/0x3d8 [ 38.538736][ T3973] __arm64_sys_openat+0x1f0/0x240 [ 38.539928][ T3973] invoke_syscall+0x98/0x2b8 [ 38.541104][ T3973] el0_svc_common+0x138/0x258 [ 38.542336][ T3973] do_el0_svc+0x58/0x14c [ 38.543548][ T3973] el0_svc+0x7c/0x1f0 [ 38.544526][ T3973] el0t_64_sync_handler+0x84/0xe4 [ 38.545846][ T3973] el0t_64_sync+0x1a0/0x1a4 [ 38.547083][ T3973] [ 38.547083][ T3973] -> #0 (sb_writers#8){.+.+}-{0:0}: [ 38.548881][ T3973] __lock_acquire+0x32d4/0x7638 [ 38.550090][ T3973] lock_acquire+0x240/0x77c [ 38.551240][ T3973] sb_start_write+0xf0/0x3ac [ 38.552469][ T3973] mnt_want_write_file+0x64/0x1e8 [ 38.553802][ T3973] reiserfs_ioctl+0x188/0x4b8 [ 38.555009][ T3973] __arm64_sys_ioctl+0x14c/0x1c8 [ 38.556211][ T3973] invoke_syscall+0x98/0x2b8 [ 38.557330][ T3973] el0_svc_common+0x138/0x258 [ 38.558519][ T3973] do_el0_svc+0x58/0x14c [ 38.559737][ T3973] el0_svc+0x7c/0x1f0 [ 38.560762][ T3973] el0t_64_sync_handler+0x84/0xe4 [ 38.562055][ T3973] el0t_64_sync+0x1a0/0x1a4 [ 38.563253][ T3973] [ 38.563253][ T3973] other info that might help us debug this: [ 38.563253][ T3973] [ 38.565655][ T3973] Chain exists of: [ 38.565655][ T3973] sb_writers#8 --> &type->i_mutex_dir_key#6 --> &sbi->lock [ 38.565655][ T3973] [ 38.568749][ T3973] Possible unsafe locking scenario: [ 38.568749][ T3973] [ 38.570484][ T3973] CPU0 CPU1 [ 38.571670][ T3973] ---- ---- [ 38.572837][ T3973] lock(&sbi->lock); [ 38.573712][ T3973] lock(&type->i_mutex_dir_key#6); [ 38.575437][ T3973] lock(&sbi->lock); [ 38.576956][ T3973] lock(sb_writers#8); [ 38.578016][ T3973] [ 38.578016][ T3973] *** DEADLOCK *** [ 38.578016][ T3973] [ 38.579879][ T3973] 1 lock held by syz-executor392/3973: [ 38.581016][ T3973] #0: ffff0000d7b85090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x7c/0xe8 [ 38.583208][ T3973] [ 38.583208][ T3973] stack backtrace: [ 38.584513][ T3973] CPU: 0 PID: 3973 Comm: syz-executor392 Not tainted 5.15.145-syzkaller #0 [ 38.586495][ T3973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 38.588821][ T3973] Call trace: [ 38.589565][ T3973] dump_backtrace+0x0/0x530 [ 38.590561][ T3973] show_stack+0x2c/0x3c [ 38.591562][ T3973] dump_stack_lvl+0x108/0x170 [ 38.592640][ T3973] dump_stack+0x1c/0x58 [ 38.593547][ T3973] print_circular_bug+0x150/0x1b8 [ 38.594611][ T3973] check_noncircular+0x2cc/0x378 [ 38.595837][ T3973] __lock_acquire+0x32d4/0x7638 [ 38.597012][ T3973] lock_acquire+0x240/0x77c [ 38.598000][ T3973] sb_start_write+0xf0/0x3ac [ 38.599053][ T3973] mnt_want_write_file+0x64/0x1e8 [ 38.600245][ T3973] reiserfs_ioctl+0x188/0x4b8 [ 38.601469][ T3973] __arm64_sys_ioctl+0x14c/0x1c8 [ 38.602608][ T3973] invoke_syscall+0x98/0x2b8 [ 38.603664][ T3973] el0_svc_common+0x138/0x258 [ 38.604737][ T3973] do_el0_svc+0x58/0x14c [ 38.605726][ T3973] el0_svc+0x7c/0x1f0 [ 38.606576][ T3973] el0t_64_sync_handler+0x84/0xe4 [ 38.607703][ T3973] el0t_64_sync+0x1a0/0x1a4