[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.114' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.875603] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 29.884137] REISERFS (device loop0): using ordered data mode [ 29.890511] reiserfs: using flush barriers [ 29.895929] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 29.911692] REISERFS (device loop0): checking transaction log (loop0) [ 29.919509] REISERFS (device loop0): Using rupasov hash to sort names [ 29.926792] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 29.936078] [ 29.937700] ====================================================== [ 29.943999] WARNING: possible circular locking dependency detected [ 29.950304] 4.14.299-syzkaller #0 Not tainted [ 29.954784] ------------------------------------------------------ [ 29.961082] syz-executor159/7981 is trying to acquire lock: [ 29.966763] (&journal->j_mutex){+.+.}, at: [] do_journal_begin_r+0x26b/0xde0 [ 29.975584] [ 29.975584] but task is already holding lock: [ 29.981533] (sb_writers#10){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 [ 29.990002] [ 29.990002] which lock already depends on the new lock. [ 29.990002] [ 29.998289] [ 29.998289] the existing dependency chain (in reverse order) is: [ 30.005878] [ 30.005878] -> #2 (sb_writers#10){.+.+}: [ 30.011432] __sb_start_write+0x64/0x260 [ 30.015991] mnt_want_write_file+0xfd/0x3b0 [ 30.020865] reiserfs_ioctl+0x18e/0x8b0 [ 30.025335] do_vfs_ioctl+0x75a/0xff0 [ 30.029629] SyS_ioctl+0x7f/0xb0 [ 30.034111] do_syscall_64+0x1d5/0x640 [ 30.038494] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.044173] [ 30.044173] -> #1 (&sbi->lock){+.+.}: [ 30.049427] __mutex_lock+0xc4/0x1310 [ 30.053821] reiserfs_write_lock_nested+0x59/0xd0 [ 30.059171] do_journal_begin_r+0x276/0xde0 [ 30.063994] journal_begin+0x162/0x3d0 [ 30.068383] reiserfs_fill_super+0x18f4/0x2990 [ 30.073458] mount_bdev+0x2b3/0x360 [ 30.077577] mount_fs+0x92/0x2a0 [ 30.081469] vfs_kern_mount.part.0+0x5b/0x470 [ 30.086463] do_mount+0xe65/0x2a30 [ 30.090503] SyS_mount+0xa8/0x120 [ 30.094456] do_syscall_64+0x1d5/0x640 [ 30.098840] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.104522] [ 30.104522] -> #0 (&journal->j_mutex){+.+.}: [ 30.110389] lock_acquire+0x170/0x3f0 [ 30.114684] __mutex_lock+0xc4/0x1310 [ 30.118979] do_journal_begin_r+0x26b/0xde0 [ 30.123795] journal_begin+0x162/0x3d0 [ 30.128175] reiserfs_dirty_inode+0xd9/0x200 [ 30.133077] __mark_inode_dirty+0x11e/0xf40 [ 30.137891] reiserfs_ioctl+0x6f6/0x8b0 [ 30.142360] do_vfs_ioctl+0x75a/0xff0 [ 30.146655] SyS_ioctl+0x7f/0xb0 [ 30.150517] do_syscall_64+0x1d5/0x640 [ 30.154898] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.160585] [ 30.160585] other info that might help us debug this: [ 30.160585] [ 30.168702] Chain exists of: [ 30.168702] &journal->j_mutex --> &sbi->lock --> sb_writers#10 [ 30.168702] [ 30.179173] Possible unsafe locking scenario: [ 30.179173] [ 30.185205] CPU0 CPU1 [ 30.189842] ---- ---- [ 30.194530] lock(sb_writers#10); [ 30.198043] lock(&sbi->lock); [ 30.203810] lock(sb_writers#10); [ 30.209882] lock(&journal->j_mutex); [ 30.213741] [ 30.213741] *** DEADLOCK *** [ 30.213741] [ 30.219806] 1 lock held by syz-executor159/7981: [ 30.224538] #0: (sb_writers#10){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 [ 30.233457] [ 30.233457] stack backtrace: [ 30.237933] CPU: 1 PID: 7981 Comm: syz-executor159 Not tainted 4.14.299-syzkaller #0 [ 30.245785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 30.255119] Call Trace: [ 30.257689] dump_stack+0x1b2/0x281 [ 30.261306] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 30.267090] __lock_acquire+0x2e0e/0x3f20 [ 30.271219] ? trace_hardirqs_on+0x10/0x10 [ 30.275429] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 30.281288] ? unwind_next_frame+0xe54/0x17d0 [ 30.285758] ? unwind_next_frame+0xe54/0x17d0 [ 30.290226] ? deref_stack_reg+0x124/0x1a0 [ 30.294433] lock_acquire+0x170/0x3f0 [ 30.298207] ? do_journal_begin_r+0x26b/0xde0 [ 30.302674] ? do_journal_begin_r+0x26b/0xde0 [ 30.307144] __mutex_lock+0xc4/0x1310 [ 30.310922] ? do_journal_begin_r+0x26b/0xde0 [ 30.315389] ? do_journal_begin_r+0x26b/0xde0 [ 30.319859] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 30.325367] ? __mutex_unlock_slowpath+0x75/0x770 [ 30.330183] ? wait_for_completion_io+0x10/0x10 [ 30.334826] ? __lock_acquire+0x2190/0x3f20 [ 30.339122] do_journal_begin_r+0x26b/0xde0 [ 30.343542] ? do_journal_end+0x4310/0x4310 [ 30.347844] ? trace_hardirqs_on+0x10/0x10 [ 30.352052] ? reiserfs_write_lock+0x75/0xf0 [ 30.356439] ? __mutex_lock+0x360/0x1310 [ 30.360473] journal_begin+0x162/0x3d0 [ 30.364347] reiserfs_dirty_inode+0xd9/0x200 [ 30.368735] ? reiserfs_unfreeze+0xa0/0xa0 [ 30.372953] ? mark_held_locks+0xa6/0xf0 [ 30.376995] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 30.382421] ? reiserfs_unfreeze+0xa0/0xa0 [ 30.386632] __mark_inode_dirty+0x11e/0xf40 [ 30.390934] reiserfs_ioctl+0x6f6/0x8b0 [ 30.394883] ? reiserfs_unpack+0x510/0x510 [ 30.399092] do_vfs_ioctl+0x75a/0xff0 [ 30.402866] ? getname_flags+0x2a2/0x550 [ 30.406905] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 30.411895] ? ioctl_preallocate+0x1a0/0x1a0 [ 30.416278] ? getname_flags+0x22e/0x550 [ 30.420314] ? do_sys_open+0x208/0x410 [ 30.424174] ? filp_open+0x60/0x60 [