[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 31.346358] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 31.355052] REISERFS (device loop0): using ordered data mode [ 31.360850] reiserfs: using flush barriers [ 31.367487] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 31.384139] REISERFS (device loop0): checking transaction log (loop0) [ 31.392140] REISERFS (device loop0): Using rupasov hash to sort names [ 31.400210] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 31.410276] [ 31.411922] ====================================================== [ 31.418241] WARNING: possible circular locking dependency detected [ 31.424558] 4.14.299-syzkaller #0 Not tainted [ 31.429048] ------------------------------------------------------ [ 31.435444] syz-executor396/7995 is trying to acquire lock: [ 31.441332] (&journal->j_mutex){+.+.}, at: [] do_journal_begin_r+0x26b/0xde0 [ 31.450174] [ 31.450174] but task is already holding lock: [ 31.456142] (sb_writers#10){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 [ 31.464883] [ 31.464883] which lock already depends on the new lock. [ 31.464883] [ 31.473250] [ 31.473250] the existing dependency chain (in reverse order) is: [ 31.481036] [ 31.481036] -> #2 (sb_writers#10){.+.+}: [ 31.487623] __sb_start_write+0x64/0x260 [ 31.492191] mnt_want_write_file+0xfd/0x3b0 [ 31.497116] reiserfs_ioctl+0x18e/0x8b0 [ 31.501686] do_vfs_ioctl+0x75a/0xff0 [ 31.506003] SyS_ioctl+0x7f/0xb0 [ 31.509923] do_syscall_64+0x1d5/0x640 [ 31.514320] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 31.520107] [ 31.520107] -> #1 (&sbi->lock){+.+.}: [ 31.525472] __mutex_lock+0xc4/0x1310 [ 31.529781] reiserfs_write_lock_nested+0x59/0xd0 [ 31.535132] do_journal_begin_r+0x276/0xde0 [ 31.539957] journal_begin+0x162/0x3d0 [ 31.544436] reiserfs_fill_super+0x18f4/0x2990 [ 31.549530] mount_bdev+0x2b3/0x360 [ 31.554104] mount_fs+0x92/0x2a0 [ 31.557979] vfs_kern_mount.part.0+0x5b/0x470 [ 31.562981] do_mount+0xe65/0x2a30 [ 31.567028] SyS_mount+0xa8/0x120 [ 31.570995] do_syscall_64+0x1d5/0x640 [ 31.575394] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 31.581084] [ 31.581084] -> #0 (&journal->j_mutex){+.+.}: [ 31.586968] lock_acquire+0x170/0x3f0 [ 31.591358] __mutex_lock+0xc4/0x1310 [ 31.595667] do_journal_begin_r+0x26b/0xde0 [ 31.600502] journal_begin+0x162/0x3d0 [ 31.604953] reiserfs_dirty_inode+0xd9/0x200 [ 31.609861] __mark_inode_dirty+0x11e/0xf40 [ 31.614683] reiserfs_ioctl+0x6f6/0x8b0 [ 31.619157] do_vfs_ioctl+0x75a/0xff0 [ 31.623567] SyS_ioctl+0x7f/0xb0 [ 31.627437] do_syscall_64+0x1d5/0x640 [ 31.631825] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 31.637508] [ 31.637508] other info that might help us debug this: [ 31.637508] [ 31.645714] Chain exists of: [ 31.645714] &journal->j_mutex --> &sbi->lock --> sb_writers#10 [ 31.645714] [ 31.656290] Possible unsafe locking scenario: [ 31.656290] [ 31.662349] CPU0 CPU1 [ 31.666997] ---- ---- [ 31.671643] lock(sb_writers#10); [ 31.675261] lock(&sbi->lock); [ 31.681041] lock(sb_writers#10); [ 31.687168] lock(&journal->j_mutex); [ 31.691040] [ 31.691040] *** DEADLOCK *** [ 31.691040] [ 31.697083] 1 lock held by syz-executor396/7995: [ 31.701825] #0: (sb_writers#10){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 [ 31.710845] [ 31.710845] stack backtrace: [ 31.715327] CPU: 1 PID: 7995 Comm: syz-executor396 Not tainted 4.14.299-syzkaller #0 [ 31.723187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 31.732519] Call Trace: [ 31.735092] dump_stack+0x1b2/0x281 [ 31.738704] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 31.744568] __lock_acquire+0x2e0e/0x3f20 [ 31.748703] ? trace_hardirqs_on+0x10/0x10 [ 31.752919] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 31.758798] ? unwind_next_frame+0xe54/0x17d0 [ 31.763276] ? unwind_next_frame+0xe54/0x17d0 [ 31.767753] ? deref_stack_reg+0x124/0x1a0 [ 31.771968] lock_acquire+0x170/0x3f0 [ 31.775768] ? do_journal_begin_r+0x26b/0xde0 [ 31.780242] ? do_journal_begin_r+0x26b/0xde0 [ 31.784717] __mutex_lock+0xc4/0x1310 [ 31.788586] ? do_journal_begin_r+0x26b/0xde0 [ 31.793077] ? do_journal_begin_r+0x26b/0xde0 [ 31.797570] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 31.803001] ? __mutex_unlock_slowpath+0x75/0x770 [ 31.807825] ? wait_for_completion_io+0x10/0x10 [ 31.812500] ? __lock_acquire+0x2190/0x3f20 [ 31.816803] do_journal_begin_r+0x26b/0xde0 [ 31.821119] ? do_journal_end+0x4310/0x4310 [ 31.825422] ? trace_hardirqs_on+0x10/0x10 [ 31.829646] ? reiserfs_write_lock+0x75/0xf0 [ 31.834034] ? __mutex_lock+0x360/0x1310 [ 31.838073] journal_begin+0x162/0x3d0 [ 31.841943] reiserfs_dirty_inode+0xd9/0x200 [ 31.846334] ? reiserfs_unfreeze+0xa0/0xa0 [ 31.850548] ? mark_held_locks+0xa6/0xf0 [ 31.854591] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 31.860023] ? reiserfs_unfreeze+0xa0/0xa0 [ 31.864236] __mark_inode_dirty+0x11e/0xf40 [ 31.868539] reiserfs_ioctl+0x6f6/0x8b0 [ 31.872500] ? reiserfs_unpack+0x510/0x510 [ 31.876718] do_vfs_ioctl+0x75a/0xff0 [ 31.880768] ? ioctl_preallocate+0x1a0/0x1a0 [ 31.885264] ? lock_acquire+0x170/0x3f0 [ 31.889218] ? dnotify_flush+0x19/0x2c0 [ 31.893172] ? fput_many+0xe/0x140 [ 31.896689] ? filp_cl