[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.36' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.747571] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 28.757566] REISERFS (device loop0): using ordered data mode [ 28.763793] reiserfs: using flush barriers [ 28.769182] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 28.784959] REISERFS (device loop0): checking transaction log (loop0) [ 28.793460] REISERFS (device loop0): Using rupasov hash to sort names [ 28.800720] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 28.810209] [ 28.811828] ====================================================== [ 28.818135] WARNING: possible circular locking dependency detected [ 28.824521] 4.14.299-syzkaller #0 Not tainted [ 28.828999] ------------------------------------------------------ [ 28.835347] syz-executor989/7957 is trying to acquire lock: [ 28.841212] (&journal->j_mutex){+.+.}, at: [] do_journal_begin_r+0x26b/0xde0 [ 28.850116] [ 28.850116] but task is already holding lock: [ 28.856054] (sb_writers#10){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 [ 28.864518] [ 28.864518] which lock already depends on the new lock. [ 28.864518] [ 28.872803] [ 28.872803] the existing dependency chain (in reverse order) is: [ 28.880479] [ 28.880479] -> #2 (sb_writers#10){.+.+}: [ 28.885999] __sb_start_write+0x64/0x260 [ 28.890549] mnt_want_write_file+0xfd/0x3b0 [ 28.895362] reiserfs_ioctl+0x18e/0x8b0 [ 28.899827] do_vfs_ioctl+0x75a/0xff0 [ 28.904120] SyS_ioctl+0x7f/0xb0 [ 28.907979] do_syscall_64+0x1d5/0x640 [ 28.912360] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.918037] [ 28.918037] -> #1 (&sbi->lock){+.+.}: [ 28.923290] __mutex_lock+0xc4/0x1310 [ 28.927583] reiserfs_write_lock_nested+0x59/0xd0 [ 28.932923] do_journal_begin_r+0x276/0xde0 [ 28.937738] journal_begin+0x162/0x3d0 [ 28.942115] reiserfs_fill_super+0x18f4/0x2990 [ 28.947186] mount_bdev+0x2b3/0x360 [ 28.951306] mount_fs+0x92/0x2a0 [ 28.955165] vfs_kern_mount.part.0+0x5b/0x470 [ 28.960164] do_mount+0xe65/0x2a30 [ 28.964196] SyS_mount+0xa8/0x120 [ 28.968155] do_syscall_64+0x1d5/0x640 [ 28.972535] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.978212] [ 28.978212] -> #0 (&journal->j_mutex){+.+.}: [ 28.984073] lock_acquire+0x170/0x3f0 [ 28.988366] __mutex_lock+0xc4/0x1310 [ 28.992831] do_journal_begin_r+0x26b/0xde0 [ 28.997642] journal_begin+0x162/0x3d0 [ 29.002079] reiserfs_dirty_inode+0xd9/0x200 [ 29.006979] __mark_inode_dirty+0x11e/0xf40 [ 29.011805] reiserfs_ioctl+0x6f6/0x8b0 [ 29.016290] do_vfs_ioctl+0x75a/0xff0 [ 29.020592] SyS_ioctl+0x7f/0xb0 [ 29.024453] do_syscall_64+0x1d5/0x640 [ 29.028831] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.034508] [ 29.034508] other info that might help us debug this: [ 29.034508] [ 29.042626] Chain exists of: [ 29.042626] &journal->j_mutex --> &sbi->lock --> sb_writers#10 [ 29.042626] [ 29.053094] Possible unsafe locking scenario: [ 29.053094] [ 29.059120] CPU0 CPU1 [ 29.063756] ---- ---- [ 29.068392] lock(sb_writers#10); [ 29.071901] lock(&sbi->lock); [ 29.077669] lock(sb_writers#10); [ 29.083700] lock(&journal->j_mutex); [ 29.087555] [ 29.087555] *** DEADLOCK *** [ 29.087555] [ 29.093586] 1 lock held by syz-executor989/7957: [ 29.098309] #0: (sb_writers#10){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 [ 29.107217] [ 29.107217] stack backtrace: [ 29.111686] CPU: 0 PID: 7957 Comm: syz-executor989 Not tainted 4.14.299-syzkaller #0 [ 29.119534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.128856] Call Trace: [ 29.131417] dump_stack+0x1b2/0x281 [ 29.135015] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.140791] __lock_acquire+0x2e0e/0x3f20 [ 29.144909] ? trace_hardirqs_on+0x10/0x10 [ 29.149124] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 29.155004] ? unwind_next_frame+0xe54/0x17d0 [ 29.159646] ? unwind_next_frame+0xe54/0x17d0 [ 29.164128] ? deref_stack_reg+0x124/0x1a0 [ 29.168343] lock_acquire+0x170/0x3f0 [ 29.172209] ? do_journal_begin_r+0x26b/0xde0 [ 29.176677] ? do_journal_begin_r+0x26b/0xde0 [ 29.181173] __mutex_lock+0xc4/0x1310 [ 29.184946] ? do_journal_begin_r+0x26b/0xde0 [ 29.189414] ? do_journal_begin_r+0x26b/0xde0 [ 29.193883] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 29.199305] ? __mutex_unlock_slowpath+0x75/0x770 [ 29.204123] ? wait_for_completion_io+0x10/0x10 [ 29.208767] ? __lock_acquire+0x2190/0x3f20 [ 29.213060] do_journal_begin_r+0x26b/0xde0 [ 29.217453] ? do_journal_end+0x4310/0x4310 [ 29.221747] ? trace_hardirqs_on+0x10/0x10 [ 29.225955] ? reiserfs_write_lock+0x75/0xf0 [ 29.230336] ? __mutex_lock+0x360/0x1310 [ 29.234368] journal_begin+0x162/0x3d0 [ 29.238251] reiserfs_dirty_inode+0xd9/0x200 [ 29.242726] ? reiserfs_unfreeze+0xa0/0xa0 [ 29.246941] ? mark_held_locks+0xa6/0xf0 [ 29.250978] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.256488] ? reiserfs_unfreeze+0xa0/0xa0 [ 29.260698] __mark_inode_dirty+0x11e/0xf40 [ 29.264996] reiserfs_ioctl+0x6f6/0x8b0 [ 29.268945] ? reiserfs_unpack+0x510/0x510 [ 29.273256] do_vfs_ioctl+0x75a/0xff0 [ 29.277037] ? ioctl_preallocate+0x1a0/0x1a0 [ 29.281436] ? lock_acquire+0x170/0x3f0 [ 29.285395] ? dnotify_flush+0x19/0x2c0 [ 29.289345] ? fput_many+0xe/0x140 [ 29.292856] ? filp_close+0x102/0x140 [ 29.296631] ? security_file_ioctl+0x