[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.443321] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 35.452160] REISERFS (device loop0): using ordered data mode [ 35.458458] reiserfs: using flush barriers [ 35.464161] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 35.479904] REISERFS (device loop0): checking transaction log (loop0) [ 35.532683] REISERFS (device loop0): Using r5 hash to sort names [ 35.539499] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 35.550603] [ 35.552238] ====================================================== [ 35.558545] WARNING: possible circular locking dependency detected [ 35.564853] 4.19.211-syzkaller #0 Not tainted [ 35.569334] ------------------------------------------------------ [ 35.575659] syz-executor330/8133 is trying to acquire lock: [ 35.581341] 0000000059bcfc14 (sb_writers#11){.+.+}, at: mnt_want_write_file+0x63/0x1d0 [ 35.589384] [ 35.589384] but task is already holding lock: [ 35.595329] 00000000af3d9cfa (&sbi->lock){+.+.}, at: reiserfs_write_lock+0x75/0xf0 [ 35.603018] [ 35.603018] which lock already depends on the new lock. [ 35.603018] [ 35.611308] [ 35.611308] the existing dependency chain (in reverse order) is: [ 35.618995] [ 35.618995] -> #2 (&sbi->lock){+.+.}: [ 35.624258] reiserfs_write_lock+0x75/0xf0 [ 35.628991] reiserfs_lookup+0x171/0x490 [ 35.633548] __lookup_slow+0x246/0x4a0 [ 35.637930] lookup_one_len+0x163/0x190 [ 35.642400] reiserfs_lookup_privroot+0x92/0x280 [ 35.647654] reiserfs_fill_super+0x1f12/0x2d80 [ 35.652730] mount_bdev+0x2fc/0x3b0 [ 35.656854] mount_fs+0xa3/0x310 [ 35.660716] vfs_kern_mount.part.0+0x68/0x470 [ 35.665710] do_mount+0x115c/0x2f50 [ 35.669832] ksys_mount+0xcf/0x130 [ 35.673868] __x64_sys_mount+0xba/0x150 [ 35.678339] do_syscall_64+0xf9/0x620 [ 35.682638] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.688327] [ 35.688327] -> #1 (&type->i_mutex_dir_key#7){+.+.}: [ 35.694891] path_openat+0x1071/0x2df0 [ 35.699276] do_filp_open+0x18c/0x3f0 [ 35.703591] do_sys_open+0x3b3/0x520 [ 35.707802] do_syscall_64+0xf9/0x620 [ 35.712105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.717930] [ 35.717930] -> #0 (sb_writers#11){.+.+}: [ 35.723453] __sb_start_write+0x6e/0x2a0 [ 35.728013] mnt_want_write_file+0x63/0x1d0 [ 35.732832] reiserfs_ioctl+0x1a7/0x9a0 [ 35.737303] do_vfs_ioctl+0xcdb/0x12e0 [ 35.741684] ksys_ioctl+0x9b/0xc0 [ 35.745631] __x64_sys_ioctl+0x6f/0xb0 [ 35.750016] do_syscall_64+0xf9/0x620 [ 35.754312] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.760028] [ 35.760028] other info that might help us debug this: [ 35.760028] [ 35.768147] Chain exists of: [ 35.768147] sb_writers#11 --> &type->i_mutex_dir_key#7 --> &sbi->lock [ 35.768147] [ 35.779223] Possible unsafe locking scenario: [ 35.779223] [ 35.785252] CPU0 CPU1 [ 35.789892] ---- ---- [ 35.794536] lock(&sbi->lock); [ 35.797789] lock(&type->i_mutex_dir_key#7); [ 35.804784] lock(&sbi->lock); [ 35.810813] lock(sb_writers#11); [ 35.814338] [ 35.814338] *** DEADLOCK *** [ 35.814338] [ 35.820380] 1 lock held by syz-executor330/8133: [ 35.825106] #0: 00000000af3d9cfa (&sbi->lock){+.+.}, at: reiserfs_write_lock+0x75/0xf0 [ 35.833240] [ 35.833240] stack backtrace: [ 35.837723] CPU: 0 PID: 8133 Comm: syz-executor330 Not tainted 4.19.211-syzkaller #0 [ 35.845588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 35.854918] Call Trace: [ 35.857491] dump_stack+0x1fc/0x2ef [ 35.861098] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 35.866872] __lock_acquire+0x30c9/0x3ff0 [ 35.870999] ? lock_acquire+0x170/0x3c0 [ 35.874952] ? reiserfs_write_lock+0x75/0xf0 [ 35.879334] ? mark_held_locks+0xf0/0xf0 [ 35.883373] ? __mutex_lock+0x368/0x1190 [ 35.887413] ? mark_held_locks+0xf0/0xf0 [ 35.891457] ? reiserfs_write_lock+0x75/0xf0 [ 35.895842] ? mutex_trylock+0x1a0/0x1a0 [ 35.899965] ? debug_object_activate+0x12f/0x450 [ 35.904698] lock_acquire+0x170/0x3c0 [ 35.908475] ? mnt_want_write_file+0x63/0x1d0 [ 35.912963] __sb_start_write+0x6e/0x2a0 [ 35.917096] ? mnt_want_write_file+0x63/0x1d0 [ 35.921565] mnt_want_write_file+0x63/0x1d0 [ 35.925863] reiserfs_ioctl+0x1a7/0x9a0 [ 35.929812] ? reiserfs_unpack+0x5c0/0x5c0 [ 35.934023] do_vfs_ioctl+0xcdb/0x12e0 [ 35.937895] ? ioctl_preallocate+0x200/0x200 [ 35.942290] ? task_work_run+0x11c/0x1c0 [ 35.946328] ? blkcg_maybe_throttle_current+0x56c/0xc10 [ 35.951675] ? lock_downgrade+0x720/0x720 [ 35.955822] ? lock_acquire+0x170/0x3c0 [ 35.959771] ? task_work_run+0x64/0x1c0 [ 35.963721] ? blkcg_schedule_throttle+0x1f0/0x1f0 [ 35.968628] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 35.973187] ? _raw_spin_unlock_irq+0x5a/0x80 [ 35.977658] ksys_ioctl+0x9b/0xc0 [ 35.981087] __x64_sys_ioctl+0x6f/0xb0 [ 35.984951] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 35.989595] do_syscall_64+0xf9/0x620 [ 35.993374] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.998539] RIP: 0033:0x7fc2d7674ae9 [ 36.002228] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 36.021105] RSP: 002b:00007ffdda966738 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 36.028788] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f