[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.95' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.731285] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 [ 27.746320] BTRFS info (device loop0): using free space tree [ 27.755629] BTRFS info (device loop0): has skinny extents [ 27.798643] [ 27.800295] ====================================================== [ 27.806595] WARNING: possible circular locking dependency detected [ 27.812887] 4.14.302-syzkaller #0 Not tainted [ 27.817352] ------------------------------------------------------ [ 27.823641] syz-executor417/8001 is trying to acquire lock: [ 27.829319] ("%s-%s""btrfs", name){+.+.}, at: [] flush_workqueue+0xcb/0x1310 [ 27.838135] [ 27.838135] but task is already holding lock: [ 27.844075] (&fs_info->scrub_lock){+.+.}, at: [] btrfs_scrub_dev+0x506/0xcd0 [ 27.852887] [ 27.852887] which lock already depends on the new lock. [ 27.852887] [ 27.861171] [ 27.861171] the existing dependency chain (in reverse order) is: [ 27.868759] [ 27.868759] -> #3 (&fs_info->scrub_lock){+.+.}: [ 27.874891] __mutex_lock+0xc4/0x1310 [ 27.879185] btrfs_scrub_dev+0x1f3/0xcd0 [ 27.883736] btrfs_ioctl+0xba8/0x5b20 [ 27.888033] do_vfs_ioctl+0x75a/0xff0 [ 27.892325] SyS_ioctl+0x7f/0xb0 [ 27.896183] do_syscall_64+0x1d5/0x640 [ 27.900564] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.906242] [ 27.906242] -> #2 (&fs_devs->device_list_mutex){+.+.}: [ 27.912971] __mutex_lock+0xc4/0x1310 [ 27.917295] reada_start_machine_worker+0x1d2/0xa90 [ 27.922803] normal_work_helper+0x304/0x1330 [ 27.927704] process_one_work+0x793/0x14a0 [ 27.932430] worker_thread+0x5cc/0xff0 [ 27.936808] kthread+0x30d/0x420 [ 27.940667] ret_from_fork+0x24/0x30 [ 27.944870] [ 27.944870] -> #1 ((&work->normal_work)){+.+.}: [ 27.950989] process_one_work+0x736/0x14a0 [ 27.955715] worker_thread+0x5cc/0xff0 [ 27.960091] kthread+0x30d/0x420 [ 27.963949] ret_from_fork+0x24/0x30 [ 27.968152] [ 27.968152] -> #0 ("%s-%s""btrfs", name){+.+.}: [ 27.974272] lock_acquire+0x170/0x3f0 [ 27.978567] flush_workqueue+0xfa/0x1310 [ 27.983119] drain_workqueue+0x177/0x3e0 [ 27.987672] destroy_workqueue+0x71/0x710 [ 27.992311] btrfs_destroy_workqueue+0xf8/0x630 [ 27.997470] scrub_workers_put+0x90/0x1a0 [ 28.002108] btrfs_scrub_dev+0x536/0xcd0 [ 28.006660] btrfs_ioctl+0xba8/0x5b20 [ 28.010953] do_vfs_ioctl+0x75a/0xff0 [ 28.015246] SyS_ioctl+0x7f/0xb0 [ 28.019107] do_syscall_64+0x1d5/0x640 [ 28.023485] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.029163] [ 28.029163] other info that might help us debug this: [ 28.029163] [ 28.037273] Chain exists of: [ 28.037273] "%s-%s""btrfs", name --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock [ 28.037273] [ 28.050077] Possible unsafe locking scenario: [ 28.050077] [ 28.056103] CPU0 CPU1 [ 28.060738] ---- ---- [ 28.065372] lock(&fs_info->scrub_lock); [ 28.069489] lock(&fs_devs->device_list_mutex); [ 28.076729] lock(&fs_info->scrub_lock); [ 28.083364] lock("%s-%s""btrfs", name); [ 28.087480] [ 28.087480] *** DEADLOCK *** [ 28.087480] [ 28.093507] 1 lock held by syz-executor417/8001: [ 28.098232] #0: (&fs_info->scrub_lock){+.+.}, at: [] btrfs_scrub_dev+0x506/0xcd0 [ 28.107482] [ 28.107482] stack backtrace: [ 28.111948] CPU: 0 PID: 8001 Comm: syz-executor417 Not tainted 4.14.302-syzkaller #0 [ 28.119798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.129129] Call Trace: [ 28.131691] dump_stack+0x1b2/0x281 [ 28.135380] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.141150] __lock_acquire+0x2e0e/0x3f20 [ 28.145273] ? trace_hardirqs_on+0x10/0x10 [ 28.149480] ? trace_hardirqs_on+0x10/0x10 [ 28.153706] ? __lock_acquire+0x5fc/0x3f20 [ 28.157911] lock_acquire+0x170/0x3f0 [ 28.161684] ? flush_workqueue+0xcb/0x1310 [ 28.165922] flush_workqueue+0xfa/0x1310 [ 28.169952] ? flush_workqueue+0xcb/0x1310 [ 28.174156] ? drain_workqueue+0xb4/0x3e0 [ 28.178296] ? lock_downgrade+0x740/0x740 [ 28.182414] ? check_flush_dependency+0x2a0/0x2a0 [ 28.187233] ? lock_acquire+0x170/0x3f0 [ 28.191183] drain_workqueue+0x177/0x3e0 [ 28.195218] destroy_workqueue+0x71/0x710 [ 28.199337] btrfs_destroy_workqueue+0xf8/0x630 [ 28.203978] scrub_workers_put+0x90/0x1a0 [ 28.208102] btrfs_scrub_dev+0x536/0xcd0 [ 28.212139] ? scrub_enumerate_chunks+0x10a0/0x10a0 [ 28.217130] ? __might_fault+0x177/0x1b0 [ 28.221166] ? _copy_from_user+0x96/0x100 [ 28.225286] btrfs_ioctl+0xba8/0x5b20 [ 28.229060] ? check_preemption_disabled+0x35/0x240 [ 28.234048] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 28.239729] ? kasan_slab_free+0xc3/0x1a0 [ 28.243848] ? kmem_cache_free+0x7c/0x2b0 [ 28.247966] ? putname+0xcd/0x110 [ 28.251388] ? do_sys_open+0x203/0x410 [ 28.255252] ? do_syscall_64+0x1d5/0x640 [ 28.259285] ? entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.264618] ? path_lookupat+0x780/0x780 [ 28.268649] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.273635] ? lock_acquire+0x170/0x3f0 [ 28.277580] ? lock_downgrade+0x740/0x740 [ 28.281708] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 28.286782] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.291771] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 28.297453] do_vfs_ioctl+0x75a/0xff0 [ 28.301227] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.306648] ? ioctl_preallocate+0x1a0/0x1a0 [ 28.311036] ? kmem_cache_free+0x23a/0x2b0 [ 28.315243] ? putname+0xcd/0x110 [ 28.318667] ? do_sys_open+0x208/0x410 [ 28.322523] ? filp_open+0x60/0x60 [ 28.326038] ? security_file_ioctl+0x83/0xb0 [ 28.330416] SyS_ioctl+0x7f/0xb0 [ 28.333752] ? do_vfs_ioctl+0xff0/0xff0 [ 28.337696] do_syscall_64+0x1d5/0x640 [ 28.341559] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.346720] RIP: 0033:0x7fe60f70d8c9 [ 28.35040