======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.4/4908 is trying to acquire lock:
ffff8000200c90f0 (&journal->j_mutex){+.+.}-{3:3}, at: reiserfs_mutex_lock_safe fs/reiserfs/reiserfs.h:814 [inline]
ffff8000200c90f0 (&journal->j_mutex){+.+.}-{3:3}, at: lock_journal fs/reiserfs/journal.c:534 [inline]
ffff8000200c90f0 (&journal->j_mutex){+.+.}-{3:3}, at: do_journal_begin_r+0x2d4/0xe0c fs/reiserfs/journal.c:3045

but task is already holding lock:
ffff0000d9414558 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x13c/0x358 mm/memory.c:2922

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (sb_pagefaults){.+.+}-{0:0}:
       percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
       __sb_start_write include/linux/fs.h:1811 [inline]
       sb_start_pagefault include/linux/fs.h:1910 [inline]
       filemap_page_mkwrite+0x1a4/0x9c0 mm/filemap.c:3367
       do_page_mkwrite+0x13c/0x358 mm/memory.c:2922
       do_shared_fault mm/memory.c:4328 [inline]
       do_fault mm/memory.c:4396 [inline]
       handle_pte_fault mm/memory.c:4650 [inline]
       __handle_mm_fault mm/memory.c:4785 [inline]
       handle_mm_fault+0x14e8/0x2a28 mm/memory.c:4883
       __do_page_fault arch/arm64/mm/fault.c:505 [inline]
       do_page_fault+0x67c/0xab0 arch/arm64/mm/fault.c:605
       do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686
       do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820
       el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:358
       el1h_64_sync_handler+0x50/0xac arch/arm64/kernel/entry-common.c:418
       el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:522
       reiserfs_ioctl+0x234/0x4b4 fs/reiserfs/ioctl.c:96
       vfs_ioctl fs/ioctl.c:51 [inline]
       __do_sys_ioctl fs/ioctl.c:874 [inline]
       __se_sys_ioctl fs/ioctl.c:860 [inline]
       __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:860
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181
       el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608
       el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
       el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

-> #1 (&sbi->lock){+.+.}-{3:3}:
       __mutex_lock_common+0x194/0x1f14 kernel/locking/mutex.c:596
       __mutex_lock kernel/locking/mutex.c:729 [inline]
       mutex_lock_nested+0xac/0x11c kernel/locking/mutex.c:743
       reiserfs_write_lock_nested+0x68/0xd8 fs/reiserfs/lock.c:78
       reiserfs_mutex_lock_safe fs/reiserfs/reiserfs.h:815 [inline]
       lock_journal fs/reiserfs/journal.c:534 [inline]
       do_journal_begin_r+0x2e0/0xe0c fs/reiserfs/journal.c:3045
       journal_begin+0x110/0x2f4 fs/reiserfs/journal.c:3253
       reiserfs_fill_super+0x119c/0x1bfc fs/reiserfs/super.c:2108
       mount_bdev+0x264/0x358 fs/super.c:1400
       get_super_block+0x44/0x58 fs/reiserfs/super.c:2608
       legacy_get_tree+0xd4/0x16c fs/fs_context.c:611
       vfs_get_tree+0x90/0x274 fs/super.c:1530
       do_new_mount+0x228/0x810 fs/namespace.c:3034
       path_mount+0x5bc/0x1008 fs/namespace.c:3364
       do_mount fs/namespace.c:3377 [inline]
       __do_sys_mount fs/namespace.c:3585 [inline]
       __se_sys_mount fs/namespace.c:3562 [inline]
       __arm64_sys_mount+0x514/0x5f0 fs/namespace.c:3562
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181
       el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608
       el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
       el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

-> #0 (&journal->j_mutex){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3053 [inline]
       check_prevs_add kernel/locking/lockdep.c:3172 [inline]
       validate_chain kernel/locking/lockdep.c:3788 [inline]
       __lock_acquire+0x2870/0x67ec kernel/locking/lockdep.c:5012
       lock_acquire+0x1f4/0x618 kernel/locking/lockdep.c:5623
       __mutex_lock_common+0x194/0x1f14 kernel/locking/mutex.c:596
       __mutex_lock kernel/locking/mutex.c:729 [inline]
       mutex_lock_nested+0xac/0x11c kernel/locking/mutex.c:743
       reiserfs_mutex_lock_safe fs/reiserfs/reiserfs.h:814 [inline]
       lock_journal fs/reiserfs/journal.c:534 [inline]
       do_journal_begin_r+0x2d4/0xe0c fs/reiserfs/journal.c:3045
       journal_begin+0x110/0x2f4 fs/reiserfs/journal.c:3253
       reiserfs_dirty_inode+0x110/0x224 fs/reiserfs/super.c:710
       __mark_inode_dirty+0x2b0/0xf8c fs/fs-writeback.c:2480
       generic_update_time+0x208/0x230 fs/inode.c:1881
       inode_update_time fs/inode.c:1894 [inline]
       file_update_time+0x31c/0x39c fs/inode.c:2083
       filemap_page_mkwrite+0x324/0x9c0 mm/filemap.c:3368
       do_page_mkwrite+0x13c/0x358 mm/memory.c:2922
       do_shared_fault mm/memory.c:4328 [inline]
       do_fault mm/memory.c:4396 [inline]
       handle_pte_fault mm/memory.c:4650 [inline]
       __handle_mm_fault mm/memory.c:4785 [inline]
       handle_mm_fault+0x14e8/0x2a28 mm/memory.c:4883
       __do_page_fault arch/arm64/mm/fault.c:505 [inline]
       do_page_fault+0x67c/0xab0 arch/arm64/mm/fault.c:605
       do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686
       do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820
       el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:358
       el1h_64_sync_handler+0x50/0xac arch/arm64/kernel/entry-common.c:418
       el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:522
       reiserfs_ioctl+0x234/0x4b4 fs/reiserfs/ioctl.c:96
       vfs_ioctl fs/ioctl.c:51 [inline]
       __do_sys_ioctl fs/ioctl.c:874 [inline]
       __se_sys_ioctl fs/ioctl.c:860 [inline]
       __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:860
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181
       el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608
       el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
       el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

other info that might help us debug this:

Chain exists of:
  
&journal->j_mutex --> &sbi->lock
 --> sb_pagefaults

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(sb_pagefaults);
                               lock(&sbi->lock);
                               lock(sb_pagefaults);
  lock(&journal->j_mutex);

 *** DEADLOCK ***

2 locks held by syz-executor.4/4908:
 #0: ffff0000c9972958 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff0000c9972958 (&mm->mmap_lock){++++}-{3:3}, at: do_page_fault+0x364/0xab0 arch/arm64/mm/fault.c:586
 #1: ffff0000d9414558 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x13c/0x358 mm/memory.c:2922

stack backtrace:
CPU: 0 PID: 4908 Comm: syz-executor.4 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026
Call trace:
 dump_backtrace+0x0/0x458 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf4/0x15c lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 print_circular_bug+0x148/0x1b0 kernel/locking/lockdep.c:2011
 check_noncircular+0x264/0x2f8 kernel/locking/lockdep.c:2133
 check_prev_add kernel/locking/lockdep.c:3053 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire+0x2870/0x67ec kernel/locking/lockdep.c:5012
 lock_acquire+0x1f4/0x618 kernel/locking/lockdep.c:5623
 __mutex_lock_common+0x194/0x1f14 kernel/locking/mutex.c:596
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0xac/0x11c kernel/locking/mutex.c:743
 reiserfs_mutex_lock_safe fs/reiserfs/reiserfs.h:814 [inline]
 lock_journal fs/reiserfs/journal.c:534 [inline]
 do_journal_begin_r+0x2d4/0xe0c fs/reiserfs/journal.c:3045
 journal_begin+0x110/0x2f4 fs/reiserfs/journal.c:3253
 reiserfs_dirty_inode+0x110/0x224 fs/reiserfs/super.c:710
 __mark_inode_dirty+0x2b0/0xf8c fs/fs-writeback.c:2480
 generic_update_time+0x208/0x230 fs/inode.c:1881
 inode_update_time fs/inode.c:1894 [inline]
 file_update_time+0x31c/0x39c fs/inode.c:2083
 filemap_page_mkwrite+0x324/0x9c0 mm/filemap.c:3368
 do_page_mkwrite+0x13c/0x358 mm/memory.c:2922
 do_shared_fault mm/memory.c:4328 [inline]
 do_fault mm/memory.c:4396 [inline]
 handle_pte_fault mm/memory.c:4650 [inline]
 __handle_mm_fault mm/memory.c:4785 [inline]
 handle_mm_fault+0x14e8/0x2a28 mm/memory.c:4883
 __do_page_fault arch/arm64/mm/fault.c:505 [inline]
 do_page_fault+0x67c/0xab0 arch/arm64/mm/fault.c:605
 do_translation_fault+0xe0/0x130 arch/arm64/mm/fault.c:686
 do_mem_abort+0x6c/0x1ac arch/arm64/mm/fault.c:820
 el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:358
 el1h_64_sync_handler+0x50/0xac arch/arm64/kernel/entry-common.c:418
 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:522
 reiserfs_ioctl+0x234/0x4b4 fs/reiserfs/ioctl.c:96
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:860
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1d0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584