[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 73.633061] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 73.643038] REISERFS (device loop0): using ordered data mode [ 73.649107] reiserfs: using flush barriers [ 73.654212] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 73.670221] REISERFS (device loop0): checking transaction log (loop0) [ 73.678253] REISERFS (device loop0): Using rupasov hash to sort names [ 73.685556] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 73.694962] [ 73.696578] ====================================================== [ 73.702880] WARNING: possible circular locking dependency detected [ 73.709184] 4.14.298-syzkaller #0 Not tainted [ 73.713663] ------------------------------------------------------ [ 73.719963] syz-executor722/8009 is trying to acquire lock: [ 73.725642] (&journal->j_mutex){+.+.}, at: [] do_journal_begin_r+0x26b/0xde0 [ 73.734461] [ 73.734461] but task is already holding lock: [ 73.740404] (sb_writers#10){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 [ 73.748871] [ 73.748871] which lock already depends on the new lock. [ 73.748871] [ 73.757156] [ 73.757156] the existing dependency chain (in reverse order) is: [ 73.765094] [ 73.765094] -> #2 (sb_writers#10){.+.+}: [ 73.770610] __sb_start_write+0x64/0x260 [ 73.775166] mnt_want_write_file+0xfd/0x3b0 [ 73.779981] reiserfs_ioctl+0x18e/0x8b0 [ 73.784449] do_vfs_ioctl+0x75a/0xff0 [ 73.788742] SyS_ioctl+0x7f/0xb0 [ 73.792602] do_syscall_64+0x1d5/0x640 [ 73.796983] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 73.802662] [ 73.802662] -> #1 (&sbi->lock){+.+.}: [ 73.807919] __mutex_lock+0xc4/0x1310 [ 73.812211] reiserfs_write_lock_nested+0x59/0xd0 [ 73.817544] do_journal_begin_r+0x276/0xde0 [ 73.822357] journal_begin+0x162/0x3d0 [ 73.826739] reiserfs_fill_super+0x18f4/0x2990 [ 73.831814] mount_bdev+0x2b3/0x360 [ 73.835937] mount_fs+0x92/0x2a0 [ 73.839796] vfs_kern_mount.part.0+0x5b/0x470 [ 73.844783] do_mount+0xe65/0x2a30 [ 73.848813] SyS_mount+0xa8/0x120 [ 73.852767] do_syscall_64+0x1d5/0x640 [ 73.857149] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 73.862844] [ 73.862844] -> #0 (&journal->j_mutex){+.+.}: [ 73.868706] lock_acquire+0x170/0x3f0 [ 73.873000] __mutex_lock+0xc4/0x1310 [ 73.877292] do_journal_begin_r+0x26b/0xde0 [ 73.882364] journal_begin+0x162/0x3d0 [ 73.886744] reiserfs_dirty_inode+0xd9/0x200 [ 73.891680] __mark_inode_dirty+0x11e/0xf40 [ 73.896495] reiserfs_ioctl+0x6f6/0x8b0 [ 73.900962] do_vfs_ioctl+0x75a/0xff0 [ 73.905252] SyS_ioctl+0x7f/0xb0 [ 73.909111] do_syscall_64+0x1d5/0x640 [ 73.913493] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 73.919170] [ 73.919170] other info that might help us debug this: [ 73.919170] [ 73.927281] Chain exists of: [ 73.927281] &journal->j_mutex --> &sbi->lock --> sb_writers#10 [ 73.927281] [ 73.937744] Possible unsafe locking scenario: [ 73.937744] [ 73.943772] CPU0 CPU1 [ 73.948407] ---- ---- [ 73.953042] lock(sb_writers#10); [ 73.956552] lock(&sbi->lock); [ 73.962321] lock(sb_writers#10); [ 73.968349] lock(&journal->j_mutex); [ 73.972207] [ 73.972207] *** DEADLOCK *** [ 73.972207] [ 73.978236] 1 lock held by syz-executor722/8009: [ 73.982956] #0: (sb_writers#10){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 [ 73.991863] [ 73.991863] stack backtrace: [ 73.996340] CPU: 1 PID: 8009 Comm: syz-executor722 Not tainted 4.14.298-syzkaller #0 [ 74.004188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 74.013513] Call Trace: [ 74.016077] dump_stack+0x1b2/0x281 [ 74.019681] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 74.025452] __lock_acquire+0x2e0e/0x3f20 [ 74.029573] ? trace_hardirqs_on+0x10/0x10 [ 74.033781] ? deref_stack_reg+0x124/0x1a0 [ 74.037988] lock_acquire+0x170/0x3f0 [ 74.041762] ? do_journal_begin_r+0x26b/0xde0 [ 74.046228] ? do_journal_begin_r+0x26b/0xde0 [ 74.050694] __mutex_lock+0xc4/0x1310 [ 74.054468] ? do_journal_begin_r+0x26b/0xde0 [ 74.058935] ? do_journal_begin_r+0x26b/0xde0 [ 74.063403] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 74.068826] ? __mutex_unlock_slowpath+0x75/0x770 [ 74.073644] ? wait_for_completion_io+0x10/0x10 [ 74.078289] ? __lock_acquire+0x2190/0x3f20 [ 74.082584] do_journal_begin_r+0x26b/0xde0 [ 74.086885] ? do_journal_end+0x4310/0x4310 [ 74.091180] ? trace_hardirqs_on+0x10/0x10 [ 74.095390] journal_begin+0x162/0x3d0 [ 74.099255] reiserfs_dirty_inode+0xd9/0x200 [ 74.103638] ? reiserfs_unfreeze+0xa0/0xa0 [ 74.107847] ? mark_held_locks+0xa6/0xf0 [ 74.111884] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 74.117309] ? reiserfs_unfreeze+0xa0/0xa0 [ 74.121518] __mark_inode_dirty+0x11e/0xf40 [ 74.125814] reiserfs_ioctl+0x6f6/0x8b0 [ 74.129760] ? reiserfs_unpack+0x510/0x510 [ 74.133968]