[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.87' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.781386] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 33.790263] REISERFS (device loop0): using ordered data mode [ 33.797776] reiserfs: using flush barriers [ 33.803019] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 33.819626] REISERFS (device loop0): checking transaction log (loop0) [ 33.828250] REISERFS (device loop0): Using rupasov hash to sort names [ 33.835906] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 33.845720] [ 33.847357] ====================================================== [ 33.854023] WARNING: possible circular locking dependency detected [ 33.860339] 4.14.298-syzkaller #0 Not tainted [ 33.864829] ------------------------------------------------------ [ 33.871405] syz-executor310/7966 is trying to acquire lock: [ 33.877103] (&journal->j_mutex){+.+.}, at: [] do_journal_begin_r+0x26b/0xde0 [ 33.885938] [ 33.885938] but task is already holding lock: [ 33.891893] (sb_writers#10){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 [ 33.900379] [ 33.900379] which lock already depends on the new lock. [ 33.900379] [ 33.908776] [ 33.908776] the existing dependency chain (in reverse order) is: [ 33.916375] [ 33.916375] -> #2 (sb_writers#10){.+.+}: [ 33.921911] __sb_start_write+0x64/0x260 [ 33.926480] mnt_want_write_file+0xfd/0x3b0 [ 33.931308] reiserfs_ioctl+0x18e/0x8b0 [ 33.935785] do_vfs_ioctl+0x75a/0xff0 [ 33.940087] SyS_ioctl+0x7f/0xb0 [ 33.943960] do_syscall_64+0x1d5/0x640 [ 33.948352] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 33.954086] [ 33.954086] -> #1 (&sbi->lock){+.+.}: [ 33.959362] __mutex_lock+0xc4/0x1310 [ 33.963665] reiserfs_write_lock_nested+0x59/0xd0 [ 33.969098] do_journal_begin_r+0x276/0xde0 [ 33.973936] journal_begin+0x162/0x3d0 [ 33.978334] reiserfs_fill_super+0x18f4/0x2990 [ 33.983422] mount_bdev+0x2b3/0x360 [ 33.987561] mount_fs+0x92/0x2a0 [ 33.991518] vfs_kern_mount.part.0+0x5b/0x470 [ 33.996786] do_mount+0xe65/0x2a30 [ 34.000847] SyS_mount+0xa8/0x120 [ 34.004805] do_syscall_64+0x1d5/0x640 [ 34.009197] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 34.014884] [ 34.014884] -> #0 (&journal->j_mutex){+.+.}: [ 34.020765] lock_acquire+0x170/0x3f0 [ 34.025068] __mutex_lock+0xc4/0x1310 [ 34.029368] do_journal_begin_r+0x26b/0xde0 [ 34.034885] journal_begin+0x162/0x3d0 [ 34.039277] reiserfs_dirty_inode+0xd9/0x200 [ 34.044276] __mark_inode_dirty+0x11e/0xf40 [ 34.049107] reiserfs_ioctl+0x6f6/0x8b0 [ 34.053593] do_vfs_ioctl+0x75a/0xff0 [ 34.057907] SyS_ioctl+0x7f/0xb0 [ 34.061777] do_syscall_64+0x1d5/0x640 [ 34.066169] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 34.071866] [ 34.071866] other info that might help us debug this: [ 34.071866] [ 34.079991] Chain exists of: [ 34.079991] &journal->j_mutex --> &sbi->lock --> sb_writers#10 [ 34.079991] [ 34.090990] Possible unsafe locking scenario: [ 34.090990] [ 34.097025] CPU0 CPU1 [ 34.101756] ---- ---- [ 34.106402] lock(sb_writers#10); [ 34.109951] lock(&sbi->lock); [ 34.115728] lock(sb_writers#10); [ 34.121768] lock(&journal->j_mutex); [ 34.125636] [ 34.125636] *** DEADLOCK *** [ 34.125636] [ 34.131685] 1 lock held by syz-executor310/7966: [ 34.136510] #0: (sb_writers#10){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 [ 34.145428] [ 34.145428] stack backtrace: [ 34.149929] CPU: 1 PID: 7966 Comm: syz-executor310 Not tainted 4.14.298-syzkaller #0 [ 34.157787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 34.167118] Call Trace: [ 34.169699] dump_stack+0x1b2/0x281 [ 34.173322] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 34.179109] __lock_acquire+0x2e0e/0x3f20 [ 34.183241] ? trace_hardirqs_on+0x10/0x10 [ 34.187459] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 34.193337] ? unwind_next_frame+0xe54/0x17d0 [ 34.197819] ? unwind_next_frame+0xe54/0x17d0 [ 34.202295] ? deref_stack_reg+0x124/0x1a0 [ 34.206514] lock_acquire+0x170/0x3f0 [ 34.210296] ? do_journal_begin_r+0x26b/0xde0 [ 34.214776] ? do_journal_begin_r+0x26b/0xde0 [ 34.219252] __mutex_lock+0xc4/0x1310 [ 34.223035] ? do_journal_begin_r+0x26b/0xde0 [ 34.227514] ? do_journal_begin_r+0x26b/0xde0 [ 34.232003] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 34.237531] ? __mutex_unlock_slowpath+0x75/0x770 [ 34.242451] ? wait_for_completion_io+0x10/0x10 [ 34.247105] ? __lock_acquire+0x2190/0x3f20 [ 34.251410] do_journal_begin_r+0x26b/0xde0 [ 34.255725] ? do_journal_end+0x4310/0x4310 [ 34.260030] ? trace_hardirqs_on+0x10/0x10 [ 34.264251] ? reiserfs_write_lock+0x75/0xf0 [ 34.268696] ? __mutex_lock+0x360/0x1310 [ 34.272912] journal_begin+0x162/0x3d0 [ 34.276783] reiserfs_dirty_inode+0xd9/0x200 [ 34.281172] ? reiserfs_unfreeze+0xa0/0xa0 [ 34.285388] ? mark_held_locks+0xa6/0xf0 [ 34.289521] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 34.295154] ? reiserfs_unfreeze+0xa0/0xa0 [ 34.299376] __mark_inode_dirty+0x11e/0xf40 [ 34.303731] reiserfs_ioctl+0x6f6/0x8b0 [ 34.307705] ? reiserfs_unpack+0x510/0x510 [ 34.311950] do_vfs_ioctl+0x75a/0xff0 [ 34.315750] ? ioctl_preallocate+0x1a0/0x1a0 [ 34.320153] ? lock_acquire+0x170/0x3f0 [ 34.324116] ? dnotify_flush+0x19/0x2c0 [ 34.328076] ? fput_many+0xe/0x140 [ 34.331598] ? filp_close+