REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
======================================================
WARNING: possible circular locking dependency detected
REISERFS (device loop2): using ordered data mode
4.14.307-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.4/16449 is trying to acquire lock:
 (&dquot->dq_lock){+.+.}, at: [<ffffffff819de50d>] dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469

but task is already holding lock:
 (&ei->i_data_sem/2){++++}, at: [<ffffffff81ba73d3>] ext4_map_blocks+0x623/0x1730 fs/ext4/inode.c:649

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&ei->i_data_sem/2){++++}:
       down_read+0x36/0x80 kernel/locking/rwsem.c:24
       ext4_map_blocks+0x29f/0x1730 fs/ext4/inode.c:577
       ext4_getblk+0x340/0x420 fs/ext4/inode.c:992
       ext4_bread+0x6c/0x1b0 fs/ext4/inode.c:1042
       ext4_quota_read+0x1e4/0x2a0 fs/ext4/super.c:5856
reiserfs: using flush barriers
       find_tree_dqentry+0x70/0x750 fs/quota/quota_tree.c:625
       find_tree_dqentry+0x4ee/0x750 fs/quota/quota_tree.c:643
       find_dqentry fs/quota/quota_tree.c:655 [inline]
       qtree_read_dquot+0xfb/0x6a0 fs/quota/quota_tree.c:675
       v2_read_dquot+0xce/0x120 fs/quota/quota_v2.c:334
       dquot_acquire+0x10e/0x470 fs/quota/dquot.c:428
       ext4_acquire_dquot+0x1b8/0x290 fs/ext4/super.c:5558
       dqget+0x6a0/0xe90 fs/quota/dquot.c:897
       __dquot_initialize+0x2fb/0xa70 fs/quota/dquot.c:1471
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
       ext4_orphan_cleanup fs/ext4/super.c:2606 [inline]
       ext4_fill_super+0x7261/0xb3c0 fs/ext4/super.c:4475
       mount_bdev+0x2b3/0x360 fs/super.c:1134
       mount_fs+0x92/0x2a0 fs/super.c:1237
       vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
       vfs_kern_mount fs/namespace.c:1036 [inline]
       do_new_mount fs/namespace.c:2572 [inline]
       do_mount+0xe65/0x2a30 fs/namespace.c:2905
       SYSC_mount fs/namespace.c:3121 [inline]
       SyS_mount+0xa8/0x120 fs/namespace.c:3098
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

-> #1 (&s->s_dquot.dqio_sem){++++}:
REISERFS (device loop2): checking transaction log (loop2)
       down_read+0x36/0x80 kernel/locking/rwsem.c:24
       v2_read_dquot+0x49/0x120 fs/quota/quota_v2.c:333
       dquot_acquire+0x10e/0x470 fs/quota/dquot.c:428
       ext4_acquire_dquot+0x1b8/0x290 fs/ext4/super.c:5558
       dqget+0x6a0/0xe90 fs/quota/dquot.c:897
       __dquot_initialize+0x2fb/0xa70 fs/quota/dquot.c:1471
       ext4_orphan_cleanup fs/ext4/super.c:2606 [inline]
       ext4_fill_super+0x7261/0xb3c0 fs/ext4/super.c:4475
       mount_bdev+0x2b3/0x360 fs/super.c:1134
       mount_fs+0x92/0x2a0 fs/super.c:1237
       vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
       vfs_kern_mount fs/namespace.c:1036 [inline]
       do_new_mount fs/namespace.c:2572 [inline]
       do_mount+0xe65/0x2a30 fs/namespace.c:2905
       SYSC_mount fs/namespace.c:3121 [inline]
       SyS_mount+0xa8/0x120 fs/namespace.c:3098
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
REISERFS (device loop2): Using r5 hash to sort names
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

-> #0 (&dquot->dq_lock){+.+.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
       dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469
       ext4_write_dquot+0x1ac/0x240 fs/ext4/super.c:5542
       ext4_mark_dquot_dirty+0xfe/0x190 fs/ext4/super.c:5593
       mark_dquot_dirty fs/quota/dquot.c:341 [inline]
       mark_all_dquot_dirty fs/quota/dquot.c:379 [inline]
       __dquot_alloc_space+0x329/0x7b0 fs/quota/dquot.c:1703
       dquot_alloc_space_nodirty include/linux/quotaops.h:295 [inline]
       dquot_alloc_space include/linux/quotaops.h:308 [inline]
       dquot_alloc_block include/linux/quotaops.h:332 [inline]
       ext4_mb_new_blocks+0x4ac/0x3db0 fs/ext4/mballoc.c:4571
reiserfs: enabling write barrier flush mode
       ext4_ext_map_blocks+0x2845/0x6b10 fs/ext4/extents.c:4505
       ext4_map_blocks+0x675/0x1730 fs/ext4/inode.c:656
       ext4_getblk+0x98/0x420 fs/ext4/inode.c:992
       ext4_bread+0x6c/0x1b0 fs/ext4/inode.c:1042
       ext4_append+0x1ed/0x440 fs/ext4/namei.c:81
       ext4_init_new_dir fs/ext4/namei.c:2680 [inline]
       ext4_mkdir+0x4c9/0xbd0 fs/ext4/namei.c:2727
       vfs_mkdir+0x463/0x6e0 fs/namei.c:3851
       SYSC_mkdirat fs/namei.c:3874 [inline]
       SyS_mkdirat+0x1fd/0x270 fs/namei.c:3858
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

other info that might help us debug this:

Chain exists of:
  &dquot->dq_lock --> &s->s_dquot.dqio_sem --> &ei->i_data_sem/2

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ei->i_data_sem/2);
                               lock(&s->s_dquot.dqio_sem);
                               lock(&ei->i_data_sem/2);
  lock(&dquot->dq_lock);

 *** DEADLOCK ***

4 locks held by syz-executor.4/16449:
 #0:  (sb_writers#3){.+.+}, at: [<ffffffff818e203a>] sb_start_write include/linux/fs.h:1551 [inline]
 #0:  (sb_writers#3){.+.+}, at: [<ffffffff818e203a>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
 #1: 
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
 (&type->i_mutex_dir_key#3/1){+.+.}, at: [<ffffffff818a990a>] inode_lock_nested include/linux/fs.h:754 [inline]
 (&type->i_mutex_dir_key#3/1){+.+.}, at: [<ffffffff818a990a>] filename_create+0x12a/0x3f0 fs/namei.c:3676
 #2:  (&ei->i_data_sem/2){++++}, at: [<ffffffff81ba73d3>] ext4_map_blocks+0x623/0x1730 fs/ext4/inode.c:649
 #3:  (dquot_srcu){....}, at: [<ffffffff819eab04>] i_dquot fs/quota/dquot.c:922 [inline]
 #3:  (dquot_srcu){....}, at: [<ffffffff819eab04>] __dquot_alloc_space+0x184/0x7b0 fs/quota/dquot.c:1663

stack backtrace:
CPU: 0 PID: 16449 Comm: syz-executor.4 Not tainted 4.14.307-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
 dquot_commit+0x4d/0x3a0 fs/quota/dquot.c:469
 ext4_write_dquot+0x1ac/0x240 fs/ext4/super.c:5542
 ext4_mark_dquot_dirty+0xfe/0x190 fs/ext4/super.c:5593
 mark_dquot_dirty fs/quota/dquot.c:341 [inline]
 mark_all_dquot_dirty fs/quota/dquot.c:379 [inline]
 __dquot_alloc_space+0x329/0x7b0 fs/quota/dquot.c:1703
 dquot_alloc_space_nodirty include/linux/quotaops.h:295 [inline]
 dquot_alloc_space include/linux/quotaops.h:308 [inline]
 dquot_alloc_block include/linux/quotaops.h:332 [inline]
 ext4_mb_new_blocks+0x4ac/0x3db0 fs/ext4/mballoc.c:4571
 ext4_ext_map_blocks+0x2845/0x6b10 fs/ext4/extents.c:4505
 ext4_map_blocks+0x675/0x1730 fs/ext4/inode.c:656
 ext4_getblk+0x98/0x420 fs/ext4/inode.c:992
 ext4_bread+0x6c/0x1b0 fs/ext4/inode.c:1042
 ext4_append+0x1ed/0x440 fs/ext4/namei.c:81
 ext4_init_new_dir fs/ext4/namei.c:2680 [inline]
 ext4_mkdir+0x4c9/0xbd0 fs/ext4/namei.c:2727
 vfs_mkdir+0x463/0x6e0 fs/namei.c:3851
 SYSC_mkdirat fs/namei.c:3874 [inline]
 SyS_mkdirat+0x1fd/0x270 fs/namei.c:3858
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7ff77cb9e0f9
RSP: 002b:00007ff772ced168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007ff77ccbe1f0 RCX: 00007ff77cb9e0f9
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c
RBP: 00007ff77cbf9ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff23c2ffcf R14: 00007ff772ced300 R15: 0000000000022000
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
ISO 9660 Extensions: Microsoft Joliet Level 0
rock: corrupted directory entry. extent=32, offset=2044, size=237
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
ISO 9660 Extensions: Microsoft Joliet Level 0
rock: corrupted directory entry. extent=32, offset=2044, size=237
ISO 9660 Extensions: Microsoft Joliet Level 0
rock: corrupted directory entry. extent=32, offset=2044, size=237
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
EXT4-fs (loop5): invalid inodes per group: 0

ISO 9660 Extensions: Microsoft Joliet Level 0
rock: corrupted directory entry. extent=32, offset=2044, size=237
ISO 9660 Extensions: Microsoft Joliet Level 0
rock: corrupted directory entry. extent=32, offset=2044, size=237
EXT4-fs (loop5): invalid inodes per group: 0

ISO 9660 Extensions: Microsoft Joliet Level 0
ISO 9660 Extensions: Microsoft Joliet Level 0
rock: corrupted directory entry. extent=32, offset=2044, size=237
rock: corrupted directory entry. extent=32, offset=2044, size=237
EXT4-fs (loop5): invalid inodes per group: 0

EXT4-fs (loop5): invalid inodes per group: 0

print_req_error: I/O error, dev loop5, sector 4
Buffer I/O error on dev loop5, logical block 1, async page read
print_req_error: I/O error, dev loop0, sector 0
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
base_sock_release(ffff88805ce08900) sk=ffff8880a62f7240
EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
base_sock_release(ffff88805ced4ac0) sk=ffff888055f723c0
base_sock_release(ffff88805cf085c0) sk=ffff88808d9ca9c0
EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
base_sock_release(ffff88805ccf6180) sk=ffff8880a495b3c0
base_sock_release(ffff88805cf1e100) sk=ffff8880b0211280
audit: type=1800 audit(1677341801.948:134): pid=16999 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14688 res=0
EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
base_sock_release(ffff88805cc54480) sk=ffff888095282d40
base_sock_release(ffff88805cc15600) sk=ffff88809f22a3c0
netlink: 755 bytes leftover after parsing attributes in process `syz-executor.5'.
vhci_hcd: default hub control req: 0000 v0000 i0000 l0
NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
netlink: 755 bytes leftover after parsing attributes in process `syz-executor.5'.
NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
vhci_hcd: default hub control req: 0000 v0000 i0000 l0
audit: type=1800 audit(1677341802.818:135): pid=17079 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=13840 res=0
vhci_hcd: default hub control req: 0000 v0000 i0000 l0
audit: type=1800 audit(1677341803.258:136): pid=17107 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="file0" dev="sda1" ino=14667 res=0
netlink: 755 bytes leftover after parsing attributes in process `syz-executor.5'.
NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
netlink: 755 bytes leftover after parsing attributes in process `syz-executor.4'.
vhci_hcd: default hub control req: 0000 v0000 i0000 l0
NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
netlink: 755 bytes leftover after parsing attributes in process `syz-executor.0'.
audit: type=1800 audit(1677341803.778:137): pid=17140 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=14657 res=0
netlink: 755 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 755 bytes leftover after parsing attributes in process `syz-executor.4'.
audit: type=1800 audit(1677341804.148:138): pid=17152 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="file0" dev="sda1" ino=14698 res=0
NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
netlink: 755 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 755 bytes leftover after parsing attributes in process `syz-executor.0'.