Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.825301] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 32.834061] REISERFS (device loop0): using ordered data mode [ 32.839866] reiserfs: using flush barriers [ 32.845898] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 32.861951] REISERFS (device loop0): checking transaction log (loop0) [ 32.869751] REISERFS (device loop0): Using rupasov hash to sort names [ 32.877611] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 32.887176] [ 32.888851] ====================================================== [ 32.895166] WARNING: possible circular locking dependency detected [ 32.901474] 4.19.211-syzkaller #0 Not tainted [ 32.905956] ------------------------------------------------------ [ 32.912260] syz-executor389/8120 is trying to acquire lock: [ 32.917952] 00000000d84f69ec (&journal->j_mutex){+.+.}, at: do_journal_begin_r+0x298/0x10b0 [ 32.926431] [ 32.926431] but task is already holding lock: [ 32.932383] 00000000ee5b1aaa (sb_writers#11){.+.+}, at: mnt_want_write_file+0x63/0x1d0 [ 32.940428] [ 32.940428] which lock already depends on the new lock. [ 32.940428] [ 32.948719] [ 32.948719] the existing dependency chain (in reverse order) is: [ 32.956363] [ 32.956363] -> #2 (sb_writers#11){.+.+}: [ 32.961896] mnt_want_write_file+0x63/0x1d0 [ 32.966736] reiserfs_ioctl+0x1a7/0x9a0 [ 32.971213] do_vfs_ioctl+0xcdb/0x12e0 [ 32.975611] ksys_ioctl+0x9b/0xc0 [ 32.979566] __x64_sys_ioctl+0x6f/0xb0 [ 32.983954] do_syscall_64+0xf9/0x620 [ 32.988256] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.993940] [ 32.993940] -> #1 (&sbi->lock){+.+.}: [ 32.999209] reiserfs_write_lock_nested+0x65/0xe0 [ 33.004547] do_journal_begin_r+0x2a2/0x10b0 [ 33.009452] journal_begin+0x162/0x400 [ 33.013847] reiserfs_fill_super+0x1a81/0x2d80 [ 33.018930] mount_bdev+0x2fc/0x3b0 [ 33.023059] mount_fs+0xa3/0x310 [ 33.026933] vfs_kern_mount.part.0+0x68/0x470 [ 33.031931] do_mount+0x115c/0x2f50 [ 33.036062] ksys_mount+0xcf/0x130 [ 33.040103] __x64_sys_mount+0xba/0x150 [ 33.044577] do_syscall_64+0xf9/0x620 [ 33.048877] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.054560] [ 33.054560] -> #0 (&journal->j_mutex){+.+.}: [ 33.060427] __mutex_lock+0xd7/0x1190 [ 33.064726] do_journal_begin_r+0x298/0x10b0 [ 33.069629] journal_begin+0x162/0x400 [ 33.074015] reiserfs_dirty_inode+0xff/0x250 [ 33.078922] __mark_inode_dirty+0x16b/0x1140 [ 33.083829] reiserfs_ioctl+0x7dc/0x9a0 [ 33.088299] do_vfs_ioctl+0xcdb/0x12e0 [ 33.092683] ksys_ioctl+0x9b/0xc0 [ 33.096635] __x64_sys_ioctl+0x6f/0xb0 [ 33.101049] do_syscall_64+0xf9/0x620 [ 33.105350] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.111034] [ 33.111034] other info that might help us debug this: [ 33.111034] [ 33.119150] Chain exists of: [ 33.119150] &journal->j_mutex --> &sbi->lock --> sb_writers#11 [ 33.119150] [ 33.129621] Possible unsafe locking scenario: [ 33.129621] [ 33.135654] CPU0 CPU1 [ 33.140296] ---- ---- [ 33.144934] lock(sb_writers#11); [ 33.148447] lock(&sbi->lock); [ 33.154222] lock(sb_writers#11); [ 33.160254] lock(&journal->j_mutex); [ 33.164116] [ 33.164116] *** DEADLOCK *** [ 33.164116] [ 33.170152] 1 lock held by syz-executor389/8120: [ 33.174880] #0: 00000000ee5b1aaa (sb_writers#11){.+.+}, at: mnt_want_write_file+0x63/0x1d0 [ 33.183358] [ 33.183358] stack backtrace: [ 33.187833] CPU: 0 PID: 8120 Comm: syz-executor389 Not tainted 4.19.211-syzkaller #0 [ 33.195688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 33.205022] Call Trace: [ 33.207599] dump_stack+0x1fc/0x2ef [ 33.211213] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 33.217012] __lock_acquire+0x30c9/0x3ff0 [ 33.221139] ? mark_held_locks+0xf0/0xf0 [ 33.225177] ? mark_held_locks+0xf0/0xf0 [ 33.229221] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 33.235083] lock_acquire+0x170/0x3c0 [ 33.238877] ? do_journal_begin_r+0x298/0x10b0 [ 33.243452] ? do_journal_begin_r+0x298/0x10b0 [ 33.248021] __mutex_lock+0xd7/0x1190 [ 33.251814] ? do_journal_begin_r+0x298/0x10b0 [ 33.256386] ? lock_downgrade+0x720/0x720 [ 33.260515] ? do_journal_begin_r+0x298/0x10b0 [ 33.265087] ? mutex_trylock+0x1a0/0x1a0 [ 33.269132] ? __mutex_unlock_slowpath+0xea/0x610 [ 33.273957] ? wait_for_completion_io+0x10/0x10 [ 33.278616] do_journal_begin_r+0x298/0x10b0 [ 33.283006] ? do_journal_end+0x4840/0x4840 [ 33.287396] ? mark_held_locks+0xf0/0xf0 [ 33.291452] ? current_time+0x6f/0x1c0 [ 33.295323] journal_begin+0x162/0x400 [ 33.299193] reiserfs_dirty_inode+0xff/0x250 [ 33.303583] ? reiserfs_unfreeze+0xa0/0xa0 [ 33.307800] ? check_preemption_disabled+0x41/0x280 [ 33.312797] ? reiserfs_unfreeze+0xa0/0xa0 [ 33.317010] __mark_inode_dirty+0x16b/0x1140 [ 33.321404] reiserfs_ioctl+0x7dc/0x9a0 [ 33.325360] ? reiserfs_unpack+0x5c0/0x5c0 [ 33.329748] do_vfs_ioctl+0xcdb/0x12e0 [ 33.333613] ? do_mount+0x163/0x2f50 [ 33.337308] ? ioctl_preallocate+0x200/0x200 [ 33.341694] ? getname_flags+0x2cf/0x590 [ 33.345731] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 33.350723] ? copy_mount_string+0x40/0x40 [ 33.354936] ? getname_flags+0x25b/0x590 [ 33.358976] ? check_preemption_disabled+0x41/0x280 [ 33.363971] ? ksys_mount+0xf4/0x130 [ 33.367661] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 33.372653] ksys_ioctl+0x9b/0xc0 [ 33.376087] __x64_sys_ioctl+0x6f/0xb0 [ 33.379952] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 33.384512] do_syscall_64+0xf9/0x620 [ 33.388291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.393456] RIP: 0033:0x7fc11de70179 [ 33.397162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.416042] RSP: 002b:00007ffc764fff28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 33.423730] RAX: ffffffffffffffda RBX: 000000