REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop0): checking transaction log (loop0) REISERFS (device loop0): Using r5 hash to sort names REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. ====================================================== WARNING: possible circular locking dependency detected 4.14.302-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/9814 is trying to acquire lock: (&journal->j_mutex){+.+.}, at: [] reiserfs_mutex_lock_safe fs/reiserfs/reiserfs.h:816 [inline] (&journal->j_mutex){+.+.}, at: [] lock_journal fs/reiserfs/journal.c:537 [inline] (&journal->j_mutex){+.+.}, at: [] do_journal_begin_r+0x26b/0xde0 fs/reiserfs/journal.c:3054 but task is already holding lock: (sb_writers#14){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] (sb_writers#14){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 fs/namespace.c:497 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (sb_writers#14){.+.+}: percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x64/0x260 fs/super.c:1342 sb_start_write include/linux/fs.h:1551 [inline] mnt_want_write_file+0xfd/0x3b0 fs/namespace.c:497 reiserfs_ioctl+0x18e/0x8b0 fs/reiserfs/ioctl.c:110 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 -> #1 (&sbi->lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 reiserfs_write_lock_nested+0x59/0xd0 fs/reiserfs/lock.c:78 reiserfs_mutex_lock_safe fs/reiserfs/reiserfs.h:817 [inline] lock_journal fs/reiserfs/journal.c:537 [inline] do_journal_begin_r+0x276/0xde0 fs/reiserfs/journal.c:3054 journal_begin+0x162/0x3d0 fs/reiserfs/journal.c:3262 reiserfs_fill_super+0x18f4/0x2990 fs/reiserfs/super.c:2117 mount_bdev+0x2b3/0x360 fs/super.c:1134 mount_fs+0x92/0x2a0 fs/super.c:1237 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046 vfs_kern_mount fs/namespace.c:1036 [inline] do_new_mount fs/namespace.c:2572 [inline] do_mount+0xe65/0x2a30 fs/namespace.c:2905 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 -> #0 (&journal->j_mutex){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 reiserfs_mutex_lock_safe fs/reiserfs/reiserfs.h:816 [inline] lock_journal fs/reiserfs/journal.c:537 [inline] do_journal_begin_r+0x26b/0xde0 fs/reiserfs/journal.c:3054 journal_begin+0x162/0x3d0 fs/reiserfs/journal.c:3262 reiserfs_dirty_inode+0xd9/0x200 fs/reiserfs/super.c:716 __mark_inode_dirty+0x11e/0xf40 fs/fs-writeback.c:2134 mark_inode_dirty include/linux/fs.h:2026 [inline] reiserfs_ioctl+0x6f6/0x8b0 fs/reiserfs/ioctl.c:118 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 other info that might help us debug this: Chain exists of: &journal->j_mutex --> &sbi->lock --> sb_writers#14 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sb_writers#14); lock(&sbi->lock); lock(sb_writers#14); lock(&journal->j_mutex); *** DEADLOCK *** 1 lock held by syz-executor.0/9814: #0: (sb_writers#14){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#14){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 fs/namespace.c:497 stack backtrace: CPU: 0 PID: 9814 Comm: syz-executor.0 Not tainted 4.14.302-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 reiserfs_mutex_lock_safe fs/reiserfs/reiserfs.h:816 [inline] lock_journal fs/reiserfs/journal.c:537 [inline] do_journal_begin_r+0x26b/0xde0 fs/reiserfs/journal.c:3054 journal_begin+0x162/0x3d0 fs/reiserfs/journal.c:3262 reiserfs_dirty_inode+0xd9/0x200 fs/reiserfs/super.c:716 __mark_inode_dirty+0x11e/0xf40 fs/fs-writeback.c:2134 mark_inode_dirty include/linux/fs.h:2026 [inline] reiserfs_ioctl+0x6f6/0x8b0 fs/reiserfs/ioctl.c:118 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f72d8ee80d9 RSP: 002b:00007f72d745a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f72d9007f80 RCX: 00007f72d8ee80d9 RDX: 0000000020000380 RSI: 0000000040087602 RDI: 0000000000000004 RBP: 00007f72d8f43ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdef9d884f R14: 00007f72d745a300 R15: 0000000000022000 BTRFS info (device loop4): enabling inode map caching BTRFS info (device loop4): using free space tree BTRFS error (device loop4): cannot mount because of unsupported optional features (0x800) BTRFS error (device loop4): open_ctree failed BTRFS info (device loop4): enabling inode map caching BTRFS info (device loop4): using free space tree BTRFS error (device loop4): cannot mount because of unsupported optional features (0x800) BTRFS error (device loop4): open_ctree failed BTRFS info (device loop4): enabling inode map caching BTRFS info (device loop4): using free space tree BTRFS error (device loop4): cannot mount because of unsupported optional features (0x800) BTRFS error (device loop4): open_ctree failed BTRFS info (device loop4): enabling inode map caching BTRFS info (device loop4): using free space tree BTRFS error (device loop4): cannot mount because of unsupported optional features (0x800) BTRFS error (device loop4): open_ctree failed kauditd_printk_skb: 3 callbacks suppressed audit: type=1800 audit(1671635726.264:15): pid=9787 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="sda1" ino=13955 res=0 audit: type=1800 audit(1671635726.324:16): pid=9892 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="sda1" ino=13976 res=0 audit: type=1800 audit(1671635726.344:17): pid=9895 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="sda1" ino=13938 res=0 REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal REISERFS (device loop0): using ordered data mode reiserfs: using flush barriers audit: type=1800 audit(1671635726.344:18): pid=9896 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=13940 res=0 REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 audit: type=1800 audit(1671635726.344:19): pid=9893 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=13941 res=0 L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. REISERFS (device loop0): checking transaction log (loop0) REISERFS (device loop0): Using r5 hash to sort names REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. BTRFS info (device loop3): enabling inode map caching BTRFS info (device loop3): using free space tree BTRFS error (device loop3): cannot mount because of unsupported optional features (0x800) BTRFS error (device loop3): open_ctree failed BTRFS info (device loop3): enabling inode map caching BTRFS info (device loop3): using free space tree BTRFS error (device loop3): cannot mount because of unsupported optional features (0x800) audit: type=1800 audit(1671635727.425:20): pid=9893 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=13941 res=0 BTRFS error (device loop3): open_ctree failed BTRFS info (device loop3): enabling inode map caching BTRFS info (device loop3): using free space tree BTRFS error (device loop3): cannot mount because of unsupported optional features (0x800) audit: type=1800 audit(1671635727.545:21): pid=9895 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="sda1" ino=13938 res=0 BTRFS error (device loop3): open_ctree failed BTRFS info (device loop3): enabling inode map caching BTRFS info (device loop3): using free space tree BTRFS error (device loop3): cannot mount because of unsupported optional features (0x800) REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal BTRFS error (device loop3): open_ctree failed REISERFS (device loop0): using ordered data mode reiserfs: using flush barriers REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 audit: type=1800 audit(1671635727.785:22): pid=9896 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="sda1" ino=13940 res=0 REISERFS (device loop0): checking transaction log (loop0) REISERFS (device loop0): Using r5 hash to sort names REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. audit: type=1800 audit(1671635727.965:23): pid=9892 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="sda1" ino=13976 res=0 audit: type=1800 audit(1671635728.005:24): pid=10013 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="sda1" ino=13996 res=0 REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal REISERFS (device loop0): using ordered data mode reiserfs: using flush barriers REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop0): checking transaction log (loop0) REISERFS (device loop0): Using r5 hash to sort names REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. BTRFS info (device loop2): enabling inode map caching BTRFS info (device loop2): using free space tree BTRFS error (device loop2): cannot mount because of unsupported optional features (0x800) BTRFS error (device loop2): open_ctree failed BTRFS info (device loop2): enabling inode map caching BTRFS info (device loop2): using free space tree BTRFS error (device loop2): cannot mount because of unsupported optional features (0x800) BTRFS error (device loop2): open_ctree failed device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode EXT4-fs warning (device sda1): ext4_group_add:1669: No reserved GDT blocks, can't resize IPVS: ftp: loaded support on port[0] = 21 EXT4-fs warning (device sda1): ext4_group_add:1669: No reserved GDT blocks, can't resize IPVS: ftp: loaded support on port[0] = 21 EXT4-fs warning (device sda1): ext4_group_add:1669: No reserved GDT blocks, can't resize EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue ubi0: attaching mtd0 ubi0: scanning is finished ubi0: empty MTD device detected kauditd_printk_skb: 3 callbacks suppressed audit: type=1800 audit(1671635733.565:28): pid=10512 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="loop4" ino=19 res=0 NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds audit: type=1800 audit(1671635733.565:29): pid=10524 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="loop0" ino=18 res=0 audit: type=1800 audit(1671635733.565:30): pid=10524 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="loop0" ino=18 res=0 ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 ubi0: VID header offset: 64 (aligned 64), data offset: 128 ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2354210051 ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 ubi0: background thread "ubi_bgt0d" started, PID 10539 EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue audit: type=1800 audit(1671635733.805:31): pid=10545 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="loop4" ino=19 res=0 EXT4-fs warning (device sda1): ext4_group_add:1669: No reserved GDT blocks, can't resize ubi: mtd0 is already attached to ubi0 EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue audit: type=1800 audit(1671635734.405:32): pid=10568 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="loop0" ino=18 res=0 NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds audit: type=1800 audit(1671635734.425:33): pid=10573 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="loop4" ino=19 res=0 audit: type=1800 audit(1671635734.445:34): pid=10568 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="loop0" ino=18 res=0 ubi: mtd0 is already attached to ubi0 print_req_error: I/O error, dev loop4, sector 0 EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue audit: type=1800 audit(1671635734.635:35): pid=10599 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="loop4" ino=19 res=0 NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds audit: type=1800 audit(1671635734.785:36): pid=10612 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="loop0" ino=18 res=0 ubi: mtd0 is already attached to ubi0 audit: type=1800 audit(1671635734.815:37): pid=10612 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="loop0" ino=18 res=0 ubi: mtd0 is already attached to ubi0