syzbot

======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz-executor/5628 is trying to acquire lock:
ffff888048423fd8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: jfs_commit_inode+0x1f5/0x4b0 fs/jfs/inode.c:108

but task is already holding lock:
ffff8880534b4918 (&(log)->loglock){+.+.}-{4:4}, at: jfs_umount+0x189/0x430 fs/jfs/jfs_umount.c:66

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&(log)->loglock){+.+.}-{4:4}:
       __mutex_lock_common kernel/locking/mutex.c:646 [inline]
       __mutex_lock+0x1a4/0x1b10 kernel/locking/mutex.c:820
       lmLog+0x8c/0xb90 fs/jfs/jfs_logmgr.c:234
       dtLog fs/jfs/jfs_txnmgr.c:1620 [inline]
       txLog fs/jfs/jfs_txnmgr.c:1402 [inline]
       txCommit+0x326d/0x4a90 fs/jfs/jfs_txnmgr.c:1266
       jfs_unlink+0x7db/0xa20 fs/jfs/namei.c:557
       vfs_unlink+0x2f0/0xbd0 fs/namei.c:5498
       filename_unlinkat+0x408/0x730 fs/namei.c:5568
       __do_sys_unlink fs/namei.c:5603 [inline]
       __se_sys_unlink fs/namei.c:5600 [inline]
       __x64_sys_unlink+0x46/0x70 fs/namei.c:5600
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #1 (&jfs_ip->commit_mutex/1){+.+.}-{4:4}:
       __mutex_lock_common kernel/locking/mutex.c:646 [inline]
       __mutex_lock+0x1a4/0x1b10 kernel/locking/mutex.c:820
       jfs_unlink+0x2c7/0xa20 fs/jfs/namei.c:494
       vfs_unlink+0x2f0/0xbd0 fs/namei.c:5498
       filename_unlinkat+0x408/0x730 fs/namei.c:5568
       __do_sys_unlink fs/namei.c:5603 [inline]
       __se_sys_unlink fs/namei.c:5600 [inline]
       __x64_sys_unlink+0x46/0x70 fs/namei.c:5600
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&jfs_ip->commit_mutex){+.+.}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3165 [inline]
       check_prevs_add kernel/locking/lockdep.c:3284 [inline]
       validate_chain kernel/locking/lockdep.c:3908 [inline]
       __lock_acquire+0x14b8/0x2630 kernel/locking/lockdep.c:5237
       lock_acquire kernel/locking/lockdep.c:5868 [inline]
       lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825
       __mutex_lock_common kernel/locking/mutex.c:646 [inline]
       __mutex_lock+0x1a4/0x1b10 kernel/locking/mutex.c:820
       jfs_commit_inode+0x1f5/0x4b0 fs/jfs/inode.c:108
       jfs_write_inode+0xfb/0x230 fs/jfs/inode.c:138
       write_inode fs/fs-writeback.c:1584 [inline]
       __writeback_single_inode+0xcd4/0x1350 fs/fs-writeback.c:1827
       writeback_single_inode+0x4d3/0xf30 fs/fs-writeback.c:1883
       write_inode_now+0x174/0x1f0 fs/fs-writeback.c:2974
       iput_final fs/inode.c:1950 [inline]
       iput.part.0+0x7f3/0xf50 fs/inode.c:2009
       iput+0x35/0x40 fs/inode.c:1975
       diFreeSpecial+0x76/0x100 fs/jfs/jfs_imap.c:552
       jfs_umount+0x1a2/0x430 fs/jfs/jfs_umount.c:72
       jfs_put_super+0x88/0x1a0 fs/jfs/super.c:194
       generic_shutdown_super+0x167/0x360 fs/super.c:646
       kill_block_super+0x3b/0xa0 fs/super.c:1725
       deactivate_locked_super+0xc1/0x1b0 fs/super.c:476
       deactivate_super fs/super.c:509 [inline]
       deactivate_super+0xe7/0x110 fs/super.c:505
       cleanup_mnt+0x21f/0x450 fs/namespace.c:1312
       task_work_run+0x150/0x240 kernel/task_work.c:233
       resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
       __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
       exit_to_user_mode_loop+0x107/0x4f0 kernel/entry/common.c:98
       __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
       syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline]
       syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
       do_syscall_64+0x706/0xf80 arch/x86/entry/syscall_64.c:100
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  &jfs_ip->commit_mutex --> &jfs_ip->commit_mutex/1 --> &(log)->loglock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&(log)->loglock);
                               lock(&jfs_ip->commit_mutex/1);
                               lock(&(log)->loglock);
  lock(&jfs_ip->commit_mutex);

 *** DEADLOCK ***

2 locks held by syz-executor/5628:
 #0: ffff8880268020d8 (&type->s_umount_key#86){+.+.}-{4:4}, at: __super_lock fs/super.c:58 [inline]
 #0: ffff8880268020d8 (&type->s_umount_key#86){+.+.}-{4:4}, at: __super_lock_excl fs/super.c:73 [inline]
 #0: ffff8880268020d8 (&type->s_umount_key#86){+.+.}-{4:4}, at: deactivate_super fs/super.c:508 [inline]
 #0: ffff8880268020d8 (&type->s_umount_key#86){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 fs/super.c:505
 #1: ffff8880534b4918 (&(log)->loglock){+.+.}-{4:4}, at: jfs_umount+0x189/0x430 fs/jfs/jfs_umount.c:66

stack backtrace:
CPU: 1 UID: 0 PID: 5628 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_circular_bug.cold+0x178/0x1c7 kernel/locking/lockdep.c:2043
 check_noncircular+0x146/0x160 kernel/locking/lockdep.c:2175
 check_prev_add kernel/locking/lockdep.c:3165 [inline]
 check_prevs_add kernel/locking/lockdep.c:3284 [inline]
 validate_chain kernel/locking/lockdep.c:3908 [inline]
 __lock_acquire+0x14b8/0x2630 kernel/locking/lockdep.c:5237
 lock_acquire kernel/locking/lockdep.c:5868 [inline]
 lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825
 __mutex_lock_common kernel/locking/mutex.c:646 [inline]
 __mutex_lock+0x1a4/0x1b10 kernel/locking/mutex.c:820
 jfs_commit_inode+0x1f5/0x4b0 fs/jfs/inode.c:108
 jfs_write_inode+0xfb/0x230 fs/jfs/inode.c:138
 write_inode fs/fs-writeback.c:1584 [inline]
 __writeback_single_inode+0xcd4/0x1350 fs/fs-writeback.c:1827
 writeback_single_inode+0x4d3/0xf30 fs/fs-writeback.c:1883
 write_inode_now+0x174/0x1f0 fs/fs-writeback.c:2974
 iput_final fs/inode.c:1950 [inline]
 iput.part.0+0x7f3/0xf50 fs/inode.c:2009
 iput+0x35/0x40 fs/inode.c:1975
 diFreeSpecial+0x76/0x100 fs/jfs/jfs_imap.c:552
 jfs_umount+0x1a2/0x430 fs/jfs/jfs_umount.c:72
 jfs_put_super+0x88/0x1a0 fs/jfs/super.c:194
 generic_shutdown_super+0x167/0x360 fs/super.c:646
 kill_block_super+0x3b/0xa0 fs/super.c:1725
 deactivate_locked_super+0xc1/0x1b0 fs/super.c:476
 deactivate_super fs/super.c:509 [inline]
 deactivate_super+0xe7/0x110 fs/super.c:505
 cleanup_mnt+0x21f/0x450 fs/namespace.c:1312
 task_work_run+0x150/0x240 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
 exit_to_user_mode_loop+0x107/0x4f0 kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
 do_syscall_64+0x706/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f01bdf9e017
Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd3abf1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f01be032120 RCX: 00007f01bdf9e017
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd3abf1d20
RBP: 00007ffd3abf1d20 R08: 00007ffd3abf2d20 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd3abf2db0
R13: 00007f01be032120 R14: 0000000000036c67 R15: 00007ffd3abf2df0
 </TASK>