[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.915850] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 27.926710] REISERFS (device loop0): using ordered data mode [ 27.932502] reiserfs: using flush barriers [ 27.938663] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 27.954860] REISERFS (device loop0): checking transaction log (loop0) [ 27.962642] REISERFS (device loop0): Using rupasov hash to sort names [ 27.970325] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 27.980182] [ 27.981806] ====================================================== [ 27.988107] WARNING: possible circular locking dependency detected [ 27.994410] 4.14.299-syzkaller #0 Not tainted [ 27.998883] ------------------------------------------------------ [ 28.005186] syz-executor197/7970 is trying to acquire lock: [ 28.010865] (&journal->j_mutex){+.+.}, at: [] do_journal_begin_r+0x26b/0xde0 [ 28.019770] [ 28.019770] but task is already holding lock: [ 28.025707] (sb_writers#10){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 [ 28.034177] [ 28.034177] which lock already depends on the new lock. [ 28.034177] [ 28.042465] [ 28.042465] the existing dependency chain (in reverse order) is: [ 28.050054] [ 28.050054] -> #2 (sb_writers#10){.+.+}: [ 28.055573] __sb_start_write+0x64/0x260 [ 28.060147] mnt_want_write_file+0xfd/0x3b0 [ 28.064964] reiserfs_ioctl+0x18e/0x8b0 [ 28.069430] do_vfs_ioctl+0x75a/0xff0 [ 28.073720] SyS_ioctl+0x7f/0xb0 [ 28.077579] do_syscall_64+0x1d5/0x640 [ 28.081963] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.087641] [ 28.087641] -> #1 (&sbi->lock){+.+.}: [ 28.092897] __mutex_lock+0xc4/0x1310 [ 28.097194] reiserfs_write_lock_nested+0x59/0xd0 [ 28.102534] do_journal_begin_r+0x276/0xde0 [ 28.107365] journal_begin+0x162/0x3d0 [ 28.111763] reiserfs_fill_super+0x18f4/0x2990 [ 28.116865] mount_bdev+0x2b3/0x360 [ 28.120996] mount_fs+0x92/0x2a0 [ 28.124861] vfs_kern_mount.part.0+0x5b/0x470 [ 28.129854] do_mount+0xe65/0x2a30 [ 28.133900] SyS_mount+0xa8/0x120 [ 28.137849] do_syscall_64+0x1d5/0x640 [ 28.142229] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.147904] [ 28.147904] -> #0 (&journal->j_mutex){+.+.}: [ 28.153772] lock_acquire+0x170/0x3f0 [ 28.158065] __mutex_lock+0xc4/0x1310 [ 28.162357] do_journal_begin_r+0x26b/0xde0 [ 28.167169] journal_begin+0x162/0x3d0 [ 28.171550] reiserfs_dirty_inode+0xd9/0x200 [ 28.176452] __mark_inode_dirty+0x11e/0xf40 [ 28.181266] reiserfs_ioctl+0x6f6/0x8b0 [ 28.185733] do_vfs_ioctl+0x75a/0xff0 [ 28.190022] SyS_ioctl+0x7f/0xb0 [ 28.193880] do_syscall_64+0x1d5/0x640 [ 28.198263] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.203939] [ 28.203939] other info that might help us debug this: [ 28.203939] [ 28.212049] Chain exists of: [ 28.212049] &journal->j_mutex --> &sbi->lock --> sb_writers#10 [ 28.212049] [ 28.222513] Possible unsafe locking scenario: [ 28.222513] [ 28.228537] CPU0 CPU1 [ 28.233173] ---- ---- [ 28.237805] lock(sb_writers#10); [ 28.241317] lock(&sbi->lock); [ 28.247174] lock(sb_writers#10); [ 28.253217] lock(&journal->j_mutex); [ 28.257073] [ 28.257073] *** DEADLOCK *** [ 28.257073] [ 28.263101] 1 lock held by syz-executor197/7970: [ 28.267823] #0: (sb_writers#10){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 [ 28.276723] [ 28.276723] stack backtrace: [ 28.281192] CPU: 0 PID: 7970 Comm: syz-executor197 Not tainted 4.14.299-syzkaller #0 [ 28.289040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.298362] Call Trace: [ 28.300926] dump_stack+0x1b2/0x281 [ 28.304528] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.310296] __lock_acquire+0x2e0e/0x3f20 [ 28.314415] ? trace_hardirqs_on+0x10/0x10 [ 28.318622] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 28.324479] ? unwind_next_frame+0xe54/0x17d0 [ 28.328944] ? unwind_next_frame+0xe54/0x17d0 [ 28.333411] ? deref_stack_reg+0x124/0x1a0 [ 28.337620] lock_acquire+0x170/0x3f0 [ 28.341391] ? do_journal_begin_r+0x26b/0xde0 [ 28.345858] ? do_journal_begin_r+0x26b/0xde0 [ 28.350330] __mutex_lock+0xc4/0x1310 [ 28.354102] ? do_journal_begin_r+0x26b/0xde0 [ 28.358566] ? do_journal_begin_r+0x26b/0xde0 [ 28.363033] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 28.368454] ? __mutex_unlock_slowpath+0x75/0x770 [ 28.373265] ? wait_for_completion_io+0x10/0x10 [ 28.377908] ? __lock_acquire+0x2190/0x3f20 [ 28.382201] do_journal_begin_r+0x26b/0xde0 [ 28.386494] ? do_journal_end+0x4310/0x4310 [ 28.390789] ? trace_hardirqs_on+0x10/0x10 [ 28.394994] ? reiserfs_write_lock+0x75/0xf0 [ 28.399380] ? __mutex_lock+0x360/0x1310 [ 28.403412] journal_begin+0x162/0x3d0 [ 28.407275] reiserfs_dirty_inode+0xd9/0x200 [ 28.411656] ? reiserfs_unfreeze+0xa0/0xa0 [ 28.415867] ? mark_held_locks+0xa6/0xf0 [ 28.419900] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.425326] ? reiserfs_unfreeze+0xa0/0xa0 [ 28.429535] __mark_inode_dirty+0x11e/0xf40 [ 28.433830] reiserfs_ioctl+0x6f6/0x8b0 [ 28.437773] ? reiserfs_unpack+0x510/0x510 [ 28.441976] do_vfs_ioctl+0x75a/0xff0 [ 28.445747] ? ioctl_preallocate+0x1a0/0x1a0 [ 28.450127] ? lock_acquire+0x170/0x3f0 [ 28.454070] ? dnotify_flush+0x19/0x2c0 [ 28.458014] ? fput_many+0xe/0x140 [ 28.461525] ? filp_close+0x102/0x140 [ 28.465307] ? security_file_ioct