[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.152' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 41.480357] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 [ 41.518254] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor737 (8104) [ 41.541164] BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor737 (8105) [ 41.558892] BTRFS info (device loop3): enabling inode map caching [ 41.565920] BTRFS info (device loop3): trying to use backup root at mount time [ 41.571182] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor737 (8113) [ 41.573852] BTRFS info (device loop3): use zlib compression, level 3 executing program executing program [ 41.591921] BTRFS info (device loop3): enabling ssd optimizations [ 41.599992] BTRFS warning (device ): duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor737 (8117) [ 41.601090] BTRFS info (device loop3): using spread ssd allocation scheme [ 41.626273] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor737 (8116) executing program executing program executing program [ 41.636489] BTRFS info (device loop3): using free space tree [ 41.647477] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 8 scanned by systemd-udevd (8132) [ 41.651119] BTRFS info (device loop3): has skinny extents [ 41.680114] BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 8 scanned by systemd-udevd (8137) [ 41.782606] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by systemd-udevd (8139) [ 41.817248] BTRFS warning (device ): duplicate device /dev/loop1 devid 1 generation 8 scanned by systemd-udevd (8141) [ 41.856654] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by systemd-udevd (8143) [ 42.036532] audit: type=1800 audit(1672591570.266:2): pid=8115 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor737" name="bus" dev="loop3" ino=263 res=0 [ 42.195952] [ 42.197715] ====================================================== [ 42.204042] WARNING: possible circular locking dependency detected [ 42.210392] 4.19.211-syzkaller #0 Not tainted [ 42.214881] ------------------------------------------------------ [ 42.221196] syz-executor737/8101 is trying to acquire lock: [ 42.226898] 00000000a858a2ed (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 [ 42.234367] [ 42.234367] but task is already holding lock: [ 42.240870] 00000000af53f1d2 (&fs_devs->device_list_mutex){+.+.}, at: close_fs_devices.part.0+0x2e/0x8e0 [ 42.250501] [ 42.250501] which lock already depends on the new lock. [ 42.250501] [ 42.258819] [ 42.258819] the existing dependency chain (in reverse order) is: [ 42.266441] [ 42.266441] -> #8 (&fs_devs->device_list_mutex){+.+.}: [ 42.273224] btrfs_finish_chunk_alloc+0x27b/0xf90 [ 42.278599] btrfs_create_pending_block_groups+0x242/0x590 [ 42.284754] __btrfs_end_transaction+0x21a/0xb00 [ 42.290214] flush_space+0xa41/0xee0 [ 42.294456] btrfs_async_reclaim_metadata_space+0x466/0x1050 [ 42.300787] process_one_work+0x864/0x1570 [ 42.305649] worker_thread+0x64c/0x1130 [ 42.310238] kthread+0x33f/0x460 [ 42.314125] ret_from_fork+0x24/0x30 [ 42.318340] [ 42.318340] -> #7 (sb_internal#2){.+.+}: [ 42.323876] start_transaction+0xa37/0xf90 [ 42.328648] btrfs_dirty_inode+0xe3/0x210 [ 42.333310] btrfs_update_time+0x33b/0x3d0 [ 42.338052] touch_atime+0x23c/0x2a0 [ 42.342264] btrfs_file_mmap+0x11b/0x160 [ 42.347083] mmap_region+0xc94/0x16b0 [ 42.351383] do_mmap+0x8e8/0x1080 [ 42.355337] vm_mmap_pgoff+0x197/0x200 [ 42.359726] ksys_mmap_pgoff+0x298/0x5a0 [ 42.364287] do_syscall_64+0xf9/0x620 [ 42.368587] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.374441] [ 42.374441] -> #6 (&mm->mmap_sem){++++}: [ 42.379968] _copy_to_user+0x29/0x100 [ 42.384277] _perf_ioctl+0x769/0x2300 [ 42.388712] perf_ioctl+0x55/0x80 [ 42.392669] do_vfs_ioctl+0xcdb/0x12e0 [ 42.397058] ksys_ioctl+0x9b/0xc0 [ 42.401016] __x64_sys_ioctl+0x6f/0xb0 [ 42.405413] do_syscall_64+0xf9/0x620 [ 42.409724] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.415409] [ 42.415409] -> #5 (&cpuctx_mutex){+.+.}: [ 42.420952] perf_event_init_cpu+0xc4/0x170 [ 42.425959] perf_event_init+0x309/0x34e [ 42.430526] start_kernel+0x5b1/0x911 [ 42.434948] secondary_startup_64+0xa4/0xb0 [ 42.439890] [ 42.439890] -> #4 (pmus_lock){+.+.}: [ 42.445081] perf_event_init_cpu+0x2c/0x170 [ 42.449915] cpuhp_invoke_callback+0x201/0x1b80 [ 42.455091] _cpu_up+0x25c/0x540 [ 42.458970] do_cpu_up+0xdd/0x1b0 [ 42.462931] smp_init+0x1ed/0x202 [ 42.466979] kernel_init_freeable+0x62b/0xab7 [ 42.472018] kernel_init+0xd/0x1ba [ 42.476146] ret_from_fork+0x24/0x30 [ 42.480356] [ 42.480356] -> #3 (cpu_hotplug_lock.rw_sem){++++}: [ 42.486772] kmem_cache_create_usercopy+0x24/0x240 [ 42.492211] kmem_cache_create+0xd/0x10 [ 42.496701] bioset_init+0x473/0x810 [ 42.501078] init_bio+0x184/0x1e0 [ 42.505034] do_one_initcall+0xf1/0x740 [ 42.509512] kernel_init_freeable+0x9c5/0xab7 [ 42.514597] kernel_init+0xd/0x1ba [ 42.518729] ret_from_fork+0x24/0x30 [ 42.522939] [ 42.522939] -> #2 (bio_slab_lock){+.+.}: [ 42.528474] bioset_init+0x1ab/0x810 [ 42.532837] blk_alloc_queue_node+0x189/0xbf0 [ 42.537867] blk_mq_init_queue+0x44/0xa0 [ 42.542432] loop_add+0x2cb/0x8a0 [ 42.546391] loop_init+0x1ef/0x24a [ 42.550436] do_one_initcall+0xf1/0x740 [ 42.554923] kernel_init_freeable+0x9c5/0xab7 [ 42.559919] kernel_init+0xd/0x1ba [ 42.563957] ret_from_fork+0x24/0x30 [ 42.568171] [ 42.568171] -> #1 (loop_ctl_mutex){+.+.}: [ 42.573786] lo_open+0x19/0xd0 [ 42.577479] __blkdev_get+0x372/0x1480 [ 42.581873] blkdev_get+0xb0/0x940 [ 42.585909] blkdev_open+0x202/0x290 [ 42.590122] do_dentry_open+0x4aa/0x1160 [ 42.594689] path_openat+0x793/0x2df0 [ 42.598989] do_filp_open+0x18c/0x3f0 [ 42.603289] do_sys_open+0x3b3/0x520 [ 42.607503] do_syscall_64+0xf9/0x620 [ 42.611805] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.617576] [ 42.617576] -> #0 (&bdev->bd_mutex){+.+.}: [ 42.623273] __mutex_lock+0xd7/0x1190 [ 42.627572] blkdev_put+0x30/0x520 [ 42.631621] close_fs_devices.part.0+0x24d/0x8e0 [ 42.636879] btrfs_close_devices+0x95/0x1f0 [ 42.641708] close_ctree+0x3c8/0x850 [ 42.645927] generic_shutdown_super+0x144/0x370 [ 42.651097] kill_anon_super+0x36/0x60 [ 42.655490] btrfs_kill_super+0x49/0x550 [ 42.660050] deactivate_locked_super+0x94/0x160 [ 42.666102] deactivate_super+0x174/0x1a0 [ 42.670848] cleanup_mnt+0x1a8/0x290 [ 42.675323] task_work_run+0x148/0x1c0 [ 42.679719] exit_to_usermode_loop+0x251/0x2a0 [ 42.684803] do_syscall_64+0x538/0x620 [ 42.689191] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.694879] [ 42.694879] other info that might help us debug this: [ 42.694879] [ 42.702997] Chain exists of: [ 42.702997] &bdev->bd_mutex --> sb_internal#2 --> &fs_devs->device_list_mutex [ 42.702997] [ 42.714770] Possible unsafe locking scenario: [ 42.714770] [ 42.720806] CPU0 CPU1 [ 42.725586] ---- ---- [ 42.730236] lock(&fs_devs->device_list_mutex); [ 42.734971] lock(sb_internal#2); [ 42.741091] lock(&fs_devs->device_list_mutex); [ 42.748339] lock(&bdev->bd_mutex); [ 42.752060] [ 42.752060] *** DEADLOCK *** [ 42.752060] [ 42.758385] 3 locks held by syz-executor737/8101: [ 42.763341] #0: 000000008e50af7f (&type->s_umount_key#47){+.+.}, at: deactivate_super+0x16c/0x1a0 [ 42.772520] #1: 000000002d041dc8 (uuid_mutex){+.+.}, at: btrfs_close_devices+0x23/0x1f0 [ 42.780741] #2: 00000000af53f1d2 (&fs_devs->device_list_mutex){+.+.}, at: close_fs_devices.part.0+0x2e/0x8e0 [ 42.790875] [ 42.790875] stack backtrace: [ 42.795355] CPU: 1 PID: 8101 Comm: syz-executor737 Not tainted 4.19.211-syzkaller #0 [ 42.803213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 42.812554] Call Trace: [ 42.815127] dump_stack+0x1fc/0x2ef [ 42.818739] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 42.826171] __lock_acquire+0x30c9/0x3ff0 [ 42.830398] ? find_get_entries+0xaa/0xa90 [ 42.834614] ? mark_held_locks+0xf0/0xf0 [ 42.838655] lock_acquire+0x170/0x3c0 [ 42.842445] ? blkdev_put+0x30/0x520 [ 42.846137] ? blkdev_put+0x30/0x520 [ 42.849829] __mutex_lock+0xd7/0x1190 [ 42.853610] ? blkdev_put+0x30/0x520 [ 42.857300] ? blkdev_put+0x30/0x520 [ 42.861079] ? mutex_trylock+0x1a0/0x1a0 [ 42.865131] ? __mutex_unlock_slowpath+0xea/0x610 [ 42.870178] blkdev_put+0x30/0x520 [ 42.873703] close_fs_devices.part.0+0x24d/0x8e0 [ 42.878446] ? destroy_inode+0xb9/0x110 [ 42.882405] btrfs_close_devices+0x95/0x1f0 [ 42.886708] close_ctree+0x3c8/0x850 [ 42.890403] ? btrfs_cleanup_transaction.isra.0+0x1260/0x1260 [ 42.896268] ? dispose_list+0x1f0/0x1f0 [ 42.900223] ? __sync_blockdev+0xa6/0xd0 [ 42.904269] ? btrfs_set_super+0x70/0x70 [ 42.908312] generic_shutdown_super+0x144/0x370 [ 42.912968] kill_anon_super+0x36/0x60 [ 42.916848] btrfs_kill_super+0x49/0x550 [ 42.920898] ? unregister_shrinker+0x1cb/0x300 [ 42.925537] deactivate_locked_super+0x94/0x160 [ 42.930274] deactivate_super+0x174/0x1a0 [ 42.934400] ? deactivate_locked_super+0x160/0x160 [ 42.939316] ? dput+0x31/0x640 [ 42.942533] cleanup_mnt+0x1a8/0x290 [ 42.946229] task_work_run+0x148/0x1c0 [ 42.950118] exit_to_usermode_loop+0x251/0x2a0 [ 42.954692] do_syscall_64+0x538/0x620 [ 42.958570] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.963893] RIP: 0033:0x7f514c20dca7 [ 42.968195] Code: ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 42.987084] RSP: 002b:00007ffe8b6245f8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 42.994779] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f514c20dca7 [ 43.002030] RDX: 00007ffe8b6246b7 RSI: 000000000000000a RDI: 00007ffe8b6246b0 [ 43.009280] RBP: 00007ffe8b6246b0 R08: 00000000ffffffff R09: 00007ffe8b624490 [ 43.016614] R10: 0000555556b46683 R11: 0000000000000202 R12: 00007ffe8b625770 [ 43.023880] R13: 0000555556b465f0 R14: 00007ffe8b624620 R15: 00007ffe8b625790 executing program [ 43.108105] BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor737 (8149) [ 43.120734] BTRFS info (device loop0): enabling inode map caching [ 43.127558] BTRFS info (device loop0): trying to use backup root at mount time [ 43.142145] BTRFS warning (device ): duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor737 (8154) executing program [ 43.155906] BTRFS info (device loop0): use zlib compression, level 3 [ 43.163355] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor737 (8152) [ 43.176812] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor737 (8155) [ 43.180047] BTRFS info (device loop0): enabling ssd optimizations [ 43.193439] BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 8 scanned by systemd-udevd (8139) executing program executing program executing program [ 43.211891] BTRFS info (device loop0): using spread ssd allocation scheme [ 43.223778] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by systemd-udevd (8127) [ 43.233145] BTRFS info (device loop0): using free space tree [ 43.255282] BTRFS info (device loop0): has skinny extents [ 43.317510] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by systemd-udevd (8144) [ 43.368968] BTRFS warning (device ): duplicate device /dev/loop1 devid 1 generation 8 scanned by systemd-udevd (8143) executing program [ 43.452210] BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor737 (8198) [ 43.489132] BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by systemd-udevd (8132) [ 43.580604] audit: type=1800 audit(1672591571.807:3): pid=8147 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor737" name="bus" dev="loop0" ino=263 res=0 [ 43.690223] BTRFS info (device loop1): enabling inode map caching [ 43.712507] BTRFS info (device loop1): trying to use backup root at mount time [ 43.727843] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor737 (8204) executing program executing program [ 43.749453] BTRFS info (device loop1): use zlib compression, level 3 [ 43.770311] BTRFS info (device loop1): enabling ssd optimizations [ 43.776886] BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor737 (8201) executing program [ 43.803665] BTRFS info (device loop1): using spread ssd allocation scheme [ 43.811811] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by systemd-udevd (8132) [ 43.833069] BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 8 scanned by systemd-udevd (8139) [ 43.848198] BTRFS info (device loop1): using free space tree [ 43.866146] BTRFS info (device loop1): has skinny extents [ 43.891955] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor737 (8207) executing program [ 43.923519] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by systemd-udevd (8143) [ 44.039539] BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor737 (8234) executing program [ 44.094650] BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by systemd-udevd (8139) [ 44.117004] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor737 (8251) executing program [ 44.172089] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 8 scanned by systemd-udevd (8132) [ 44.191778] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor737 (8254) executing program [ 44.241355] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by systemd-udevd (8143) [ 44.262294] audit: type=1800 audit(1672591572.497:4): pid=8205 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor737" name="bus" dev="loop1" ino=263 res=0 [ 44.368380] BTRFS info (device loop2): enabling inode map caching [ 44.382408] BTRFS info (device loop2): trying to use backup root at mount time [ 44.408534] BTRFS info (device loop2): use zlib compression, level 3 executing program [ 44.430176] BTRFS info (device loop2): enabling ssd optimizations [ 44.447416] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor737 (8268) [ 44.469691] BTRFS info (device loop2): using spread ssd allocation scheme executing program [ 44.481883] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by systemd-udevd (8132) [ 44.504269] BTRFS info (device loop2): using free space tree [ 44.526447] BTRFS info (device loop2): has skinny extents [ 44.580740] BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor737 (8290) executing program [ 44.621918] BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by systemd-udevd (8139) [ 44.655238] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor737 (8294) executing program [ 44.702094] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 8 scanned by systemd-udevd (8132) [ 44.732061] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor737 (8300) executing program [ 44.784611] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by systemd-udevd (8143) [ 44.892052] audit: type=1800 audit(1672591573.127:5): pid=8258 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor737" name="bus" dev="loop2" ino=263 res=0 [ 44.991719] BTRFS info (device loop1): enabling inode map caching [ 44.994056] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor737 (8313) [ 45.005063] BTRFS info (device loop1): trying to use backup root at mount time executing program executing program [ 45.039267] BTRFS info (device loop1): use zlib compression, level 3 [ 45.051471] BTRFS info (device loop1): enabling ssd optimizations [ 45.057733] BTRFS info (device loop1): using spread ssd allocation scheme [ 45.068182] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by systemd-udevd (8144) executing program [ 45.092867] BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor737 (8333) [ 45.111423] BTRFS info (device loop1): using free space tree [ 45.117346] BTRFS info (device loop1): has skinny extents [ 45.123499] BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by systemd-udevd (8139) [ 45.210689] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor737 (8347) executing program [ 45.263207] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by systemd-udevd (8132) [ 45.311554] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor737 (8344) executing program [ 45.361592] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 8 scanned by systemd-udevd (8144) [ 45.454123] audit: type=1800 audit(1672591573.687:6): pid=8311 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor737" name="bus" dev="loop1" ino=263 res=0 [ 45.478743] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor737 (8365) [ 45.560053] BTRFS info (device loop3): enabling inode map caching [ 45.576878] BTRFS info (device loop3): trying to use backup root at mount time [ 45.584786] BTRFS info (device loop3): use zlib compression, level 3 [ 45.591863] BTRFS info (device loop3): enabling ssd optimizations [ 45.598537] BTRFS info (device loop3): using spread ssd allocation scheme [ 45.606325] BTRFS info (device loop3): using free space tree [ 45.612524] BTRFS info (device loop3): has skinny extents [ 45.626099] BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor737 (8366) executing program executing program executing program executing program [ 45.668487] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor737 (8388) [ 45.698979] BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 8 scanned by systemd-udevd (8139) [ 45.737190] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by systemd-udevd (8132) [ 45.848333] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor737 (8398) [ 45.870197] audit: type=1800 audit(1672591574.097:7): pid=8368 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor737" name="bus" dev="loop3" ino=263 res=0 executing program [ 45.891597] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 8 scanned by systemd-udevd (8143) [ 45.903436] ================================================================== [ 45.910813] BUG: KASAN: use-after-free in caching_kthread+0x871/0x970 [ 45.917396] Read of size 8 at addr ffff88808f1386f0 by task btrfs-ino-cache/8452 [ 45.924925] [ 45.926570] CPU: 1 PID: 8452 Comm: btrfs-ino-cache Not tainted 4.19.211-syzkaller #0 [ 45.934447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 45.943796] Call Trace: [ 45.946392] dump_stack+0x1fc/0x2ef [ 45.950083] print_address_description.cold+0x54/0x219 [ 45.955408] kasan_report_error.cold+0x8a/0x1b9 [ 45.960088] ? caching_kthread+0x871/0x970 [ 45.964345] __asan_report_load8_noabort+0x88/0x90 [ 45.969284] ? caching_kthread+0x871/0x970 [ 45.973527] caching_kthread+0x871/0x970 [ 45.977602] ? finish_task_switch+0x146/0x760 [ 45.982114] ? finish_task_switch+0x118/0x760 [ 45.986630] ? switch_mm_irqs_off+0x764/0x1340 [ 45.991218] ? btrfs_unpin_free_ino+0x360/0x360 [ 45.995898] ? lock_acquire+0x170/0x3c0 [ 45.999925] ? __kthread_parkme+0x5d/0x1e0 [ 46.004165] ? trace_hardirqs_on+0x55/0x210 [ 46.008499] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 46.013607] ? __kthread_parkme+0x133/0x1e0 [ 46.017937] ? btrfs_unpin_free_ino+0x360/0x360 [ 46.022758] kthread+0x33f/0x460 [ 46.026315] ? kthread_park+0x180/0x180 [ 46.030292] ? kthread_park+0x180/0x180 [ 46.034275] ret_from_fork+0x24/0x30 [ 46.037990] [ 46.039629] Allocated by task 8368: [ 46.043274] kmem_cache_alloc_trace+0x12f/0x380 [ 46.048044] btrfs_read_tree_root+0x94/0x560 [ 46.052474] btrfs_get_fs_root+0x239/0x890 [ 46.056803] open_ctree+0x469c/0x61e0 [ 46.060699] btrfs_mount_root+0x12e5/0x1830 [ 46.065291] mount_fs+0xa3/0x310 [ 46.068674] vfs_kern_mount.part.0+0x68/0x470 [ 46.073181] vfs_kern_mount+0x3c/0x60 [ 46.076995] btrfs_mount+0x23a/0xaa0 [ 46.080738] mount_fs+0xa3/0x310 [ 46.084110] vfs_kern_mount.part.0+0x68/0x470 [ 46.089127] do_mount+0x115c/0x2f50 [ 46.092940] ksys_mount+0xcf/0x130 executing program [ 46.096487] __x64_sys_mount+0xba/0x150 [ 46.100468] do_syscall_64+0xf9/0x620 [ 46.104279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.109456] [ 46.111080] Freed by task 8101: [ 46.114556] kfree+0xcc/0x210 [ 46.117664] btrfs_free_fs_root+0x1e6/0x260 [ 46.122082] btrfs_free_fs_roots+0x2ef/0x4d0 [ 46.126494] close_ctree+0x306/0x850 [ 46.130657] generic_shutdown_super+0x144/0x370 [ 46.135445] kill_anon_super+0x36/0x60 [ 46.139356] btrfs_kill_super+0x49/0x550 [ 46.143432] deactivate_locked_super+0x94/0x160 [ 46.148109] deactivate_super+0x174/0x1a0 [ 46.152265] cleanup_mnt+0x1a8/0x290 [ 46.155987] task_work_run+0x148/0x1c0 [ 46.159882] exit_to_usermode_loop+0x251/0x2a0 [ 46.164474] do_syscall_64+0x538/0x620 [ 46.168571] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.173753] [ 46.175381] The buggy address belongs to the object at ffff88808f138500 [ 46.175381] which belongs to the cache kmalloc-4096 of size 4096 [ 46.188327] The buggy address is located 496 bytes inside of [ 46.188327] 4096-byte region [ffff88808f138500, ffff88808f139500) [ 46.200480] The buggy address belongs to the page: [ 46.205425] page:ffffea00023c4e00 count:1 mapcount:0 mapping:ffff88813bff0dc0 index:0x0 compound_mapcount: 0 [ 46.215392] flags: 0xfff00000008100(slab|head) [ 46.219980] raw: 00fff00000008100 ffffea0002881508 ffffea00028ccf08 ffff88813bff0dc0 [ 46.228225] raw: 0000000000000000 ffff88808f138500 0000000100000001 0000000000000000 [ 46.236099] page dumped because: kasan: bad access detected [ 46.241802] [ 46.243432] Memory state around the buggy address: [ 46.248361] ffff88808f138580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.255777] ffff88808f138600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.263141] >ffff88808f138680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.270493] ^ [ 46.277510] ffff88808f138700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.284874] ffff88808f138780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.292328] ================================================================== [ 46.319810] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor737 (8442) [ 46.335673] audit: type=1800 audit(1672591574.137:8): pid=8454 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor737" name="bus" dev="sda1" ino=13892 res=0 [ 46.356685] BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor737 (8439) [ 46.410634] audit: type=1800 audit(1672591574.638:9): pid=8457 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor737" name="bus" dev="sda1" ino=13893 res=0 [ 46.417893] Kernel panic - not syncing: panic_on_warn set ... [ 46.417893] [ 46.437469] CPU: 0 PID: 8452 Comm: btrfs-ino-cache Tainted: G B 4.19.211-syzkaller #0 [ 46.446739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 46.456282] Call Trace: [ 46.458874] dump_stack+0x1fc/0x2ef [ 46.462504] panic+0x26a/0x50e [ 46.465722] ? __warn_printk+0xf3/0xf3 [ 46.469623] ? preempt_schedule_common+0x45/0xc0 [ 46.474397] ? ___preempt_schedule+0x16/0x18 [ 46.478812] ? trace_hardirqs_on+0x55/0x210 [ 46.483146] kasan_end_report+0x43/0x49 [ 46.487128] kasan_report_error.cold+0xa7/0x1b9 [ 46.491806] ? caching_kthread+0x871/0x970 [ 46.496088] __asan_report_load8_noabort+0x88/0x90 [ 46.501023] ? caching_kthread+0x871/0x970 [ 46.505264] caching_kthread+0x871/0x970 [ 46.509334] ? finish_task_switch+0x146/0x760 [ 46.513921] ? finish_task_switch+0x118/0x760 [ 46.518422] ? switch_mm_irqs_off+0x764/0x1340 [ 46.523013] ? btrfs_unpin_free_ino+0x360/0x360 [ 46.527865] ? lock_acquire+0x170/0x3c0 [ 46.531846] ? __kthread_parkme+0x5d/0x1e0 [ 46.536087] ? trace_hardirqs_on+0x55/0x210 [ 46.540438] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 46.545535] ? __kthread_parkme+0x133/0x1e0 [ 46.549841] ? btrfs_unpin_free_ino+0x360/0x360 [ 46.554641] kthread+0x33f/0x460 [ 46.557990] ? kthread_park+0x180/0x180 [ 46.561959] ? kthread_park+0x180/0x180 [ 46.565916] ret_from_fork+0x24/0x30 [ 46.569894] Kernel Offset: disabled [ 46.573517] Rebooting in 86400 seconds..