Warning: Permanently added '10.128.0.209' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 79.418616][ T28] audit: type=1400 audit(1601158198.745:8): avc: denied { execmem } for pid=6879 comm="syz-executor957" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 79.452641][ T6887] BTRFS: device fsid bcf1fbd4-13db-4201-9e12-df4f107bfa73 devid 0 transid 7 /dev/loop0 scanned by syz-executor957 (6887) executing program [ 79.814920][ T6887] BTRFS: device fsid bcf1fbd4-13db-4201-9e12-df4f107bfa73 devid 1 transid 7 /dev/loop0 scanned by syz-executor957 (6887) executing program [ 79.852225][ T6888] BTRFS warning (device ): duplicate device fsid:devid for bcf1fbd4-13db-4201-9e12-df4f107bfa73:1 old:/dev/loop0 new:/dev/loop4 [ 79.868959][ T6887] BTRFS info (device loop0): disk space caching is enabled [ 79.879900][ T6887] BTRFS info (device loop0): has skinny extents [ 79.886007][ T6892] BTRFS warning (device ): duplicate device fsid:devid for bcf1fbd4-13db-4201-9e12-df4f107bfa73:1 old:/dev/loop0 new:/dev/loop2 executing program executing program [ 79.934649][ T6893] BTRFS warning (device ): duplicate device fsid:devid for bcf1fbd4-13db-4201-9e12-df4f107bfa73:1 old:/dev/loop0 new:/dev/loop3 [ 79.951389][ T6891] BTRFS warning (device ): duplicate device fsid:devid for bcf1fbd4-13db-4201-9e12-df4f107bfa73:1 old:/dev/loop0 new:/dev/loop1 executing program executing program executing program executing program [ 80.059211][ T6910] BTRFS warning (device ): duplicate device fsid:devid for bcf1fbd4-13db-4201-9e12-df4f107bfa73:1 old:/dev/loop0 new:/dev/loop4 [ 80.097416][ T261] BTRFS error (device loop0): bad tree block start, want 30457856 have 0 executing program [ 80.125973][ T261] BTRFS error (device loop0): bad tree block start, want 30457856 have 0 [ 80.136033][ T6887] BTRFS warning (device loop0): failed to read root (objectid=7): -5 [ 80.203230][ T6887] BTRFS error (device loop0): open_ctree failed [ 80.212733][ T6913] BTRFS info (device loop0): disk space caching is enabled [ 80.221414][ T6913] BTRFS info (device loop0): has skinny extents [ 80.229403][ T6951] ================================================================== [ 80.237679][ T6951] BUG: KASAN: use-after-free in btrfs_printk+0x38b/0x40c [ 80.244784][ T6951] Read of size 8 at addr ffff88809e0386a8 by task syz-executor957/6951 [ 80.253009][ T6951] [ 80.255342][ T6951] CPU: 1 PID: 6951 Comm: syz-executor957 Not tainted 5.9.0-rc6-syzkaller #0 [ 80.264004][ T6951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.274051][ T6951] Call Trace: [ 80.277342][ T6951] dump_stack+0x198/0x1fd [ 80.281675][ T6951] ? btrfs_printk+0x38b/0x40c [ 80.286382][ T6951] ? btrfs_printk+0x38b/0x40c [ 80.291062][ T6951] print_address_description.constprop.0.cold+0xae/0x497 [ 80.298089][ T6951] ? btrfs_printk+0x38b/0x40c [ 80.302885][ T6951] ? lockdep_hardirqs_off+0x96/0xd0 [ 80.308091][ T6951] ? vprintk_func+0x95/0x1d4 [ 80.312717][ T6951] ? btrfs_printk+0x38b/0x40c [ 80.317411][ T6951] ? btrfs_printk+0x38b/0x40c [ 80.322090][ T6951] kasan_report.cold+0x1f/0x37 [ 80.326945][ T6951] ? btrfs_printk+0x38b/0x40c [ 80.331625][ T6951] btrfs_printk+0x38b/0x40c [ 80.336137][ T6951] ? btrfs_put_super+0x38/0x38 [ 80.340900][ T6951] ? device_list_add+0xe79/0x1570 [ 80.346057][ T6951] ? lock_release+0x8f0/0x8f0 [ 80.350739][ T6951] ? __mutex_unlock_slowpath+0xe2/0x610 [ 80.356289][ T6951] ? _atomic_dec_and_lock+0x92/0x100 [ 80.361583][ T6951] ? wait_for_completion+0x260/0x260 [ 80.366880][ T6951] device_list_add.cold+0x58/0x2d2 [ 80.372002][ T6951] ? btrfs_alloc_device+0x5d0/0x5d0 [ 80.377207][ T6951] ? do_read_cache_page+0xe6/0x1390 [ 80.382417][ T6951] btrfs_scan_one_device+0x339/0x4a0 [ 80.387704][ T6951] ? device_list_add+0x1570/0x1570 [ 80.392854][ T6951] ? check_preemption_disabled+0x50/0x130 [ 80.398571][ T6951] ? kfree+0x221/0x2b0 [ 80.402640][ T6951] ? btrfs_mount_root+0x73d/0xbb0 [ 80.407663][ T6951] ? lockdep_hardirqs_on+0x53/0x100 [ 80.412868][ T6951] btrfs_mount_root+0x4d5/0xbb0 [ 80.417729][ T6951] ? parse_rescue_options+0x250/0x250 [ 80.423101][ T6951] ? lock_is_held_type+0xbb/0xf0 [ 80.428046][ T6951] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 80.433589][ T6951] ? vfs_parse_fs_string+0xf3/0x150 [ 80.438785][ T6951] ? kfree+0x259/0x2b0 [ 80.442856][ T6951] ? vfs_parse_fs_string+0xf8/0x150 [ 80.448053][ T6951] ? vfs_parse_fs_param+0x550/0x550 [ 80.453258][ T6951] ? parse_rescue_options+0x250/0x250 [ 80.458633][ T6951] legacy_get_tree+0x105/0x220 [ 80.463400][ T6951] vfs_get_tree+0x89/0x2f0 [ 80.467831][ T6951] vfs_kern_mount.part.0+0xd3/0x170 [ 80.473032][ T6951] vfs_kern_mount+0x3c/0x60 [ 80.477538][ T6951] btrfs_mount+0x234/0xaa0 [ 80.481956][ T6951] ? btrfs_show_options+0x1080/0x1080 [ 80.487330][ T6951] ? cred_has_capability.isra.0+0x14e/0x2b0 [ 80.493227][ T6951] ? check_nnp_nosuid.isra.0+0x2a0/0x2a0 [ 80.498869][ T6951] ? rcu_read_lock_sched_held+0x3/0xb0 [ 80.504326][ T6951] ? kfree+0x259/0x2b0 [ 80.508404][ T6951] ? vfs_parse_fs_string+0xf8/0x150 [ 80.513619][ T6951] ? cap_capable+0x1f1/0x270 [ 80.518224][ T6951] ? btrfs_show_options+0x1080/0x1080 [ 80.523597][ T6951] legacy_get_tree+0x105/0x220 [ 80.528367][ T6951] vfs_get_tree+0x89/0x2f0 [ 80.532784][ T6951] path_mount+0x1387/0x20a0 [ 80.537292][ T6951] ? strncpy_from_user+0x2bf/0x3e0 [ 80.542408][ T6951] ? copy_mount_string+0x40/0x40 [ 80.547356][ T6951] ? getname_flags.part.0+0x1dd/0x4f0 [ 80.552738][ T6951] __x64_sys_mount+0x27f/0x300 [ 80.557505][ T6951] ? copy_mnt_ns+0xa60/0xa60 [ 80.562099][ T6951] ? check_preemption_disabled+0x50/0x130 [ 80.567826][ T6951] ? syscall_enter_from_user_mode+0x1d/0x60 [ 80.573726][ T6951] do_syscall_64+0x2d/0x70 [ 80.578145][ T6951] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 80.584032][ T6951] RIP: 0033:0x4494ca [ 80.587960][ T6951] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 aa a2 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 80.607562][ T6951] RSP: 002b:00007ffcd7890af8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 80.615977][ T6951] RAX: ffffffffffffffda RBX: 00007ffcd7890b50 RCX: 00000000004494ca [ 80.624054][ T6951] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcd7890b10 [ 80.632023][ T6951] RBP: 00007ffcd7890b10 R08: 00007ffcd7890b50 R09: 0000000000000000 [ 80.640017][ T6951] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000087 [ 80.647987][ T6951] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 80.655975][ T6951] [ 80.658320][ T6951] Allocated by task 6887: [ 80.662656][ T6951] kasan_save_stack+0x1b/0x40 [ 80.667339][ T6951] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 80.672974][ T6951] kvmalloc_node+0xb4/0xf0 [ 80.677407][ T6951] btrfs_mount_root+0x117/0xbb0 [ 80.682256][ T6951] legacy_get_tree+0x105/0x220 [ 80.687017][ T6951] vfs_get_tree+0x89/0x2f0 [ 80.691434][ T6951] vfs_kern_mount.part.0+0xd3/0x170 [ 80.696753][ T6951] vfs_kern_mount+0x3c/0x60 [ 80.701253][ T6951] btrfs_mount+0x234/0xaa0 [ 80.705668][ T6951] legacy_get_tree+0x105/0x220 [ 80.710429][ T6951] vfs_get_tree+0x89/0x2f0 [ 80.714842][ T6951] path_mount+0x1387/0x20a0 [ 80.719351][ T6951] __x64_sys_mount+0x27f/0x300 [ 80.724116][ T6951] do_syscall_64+0x2d/0x70 [ 80.728544][ T6951] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 80.734436][ T6951] [ 80.736756][ T6951] Freed by task 6887: [ 80.740735][ T6951] kasan_save_stack+0x1b/0x40 [ 80.745407][ T6951] kasan_set_track+0x1c/0x30 [ 80.749998][ T6951] kasan_set_free_info+0x1b/0x30 [ 80.754932][ T6951] __kasan_slab_free+0xd8/0x120 [ 80.759774][ T6951] kfree+0x10e/0x2b0 [ 80.763667][ T6951] kvfree+0x42/0x50 [ 80.767491][ T6951] deactivate_locked_super+0x94/0x160 [ 80.772876][ T6951] btrfs_mount_root+0x772/0xbb0 [ 80.777728][ T6951] legacy_get_tree+0x105/0x220 [ 80.782486][ T6951] vfs_get_tree+0x89/0x2f0 [ 80.786900][ T6951] vfs_kern_mount.part.0+0xd3/0x170 [ 80.792096][ T6951] vfs_kern_mount+0x3c/0x60 [ 80.796597][ T6951] btrfs_mount+0x234/0xaa0 [ 80.801013][ T6951] legacy_get_tree+0x105/0x220 [ 80.805765][ T6951] vfs_get_tree+0x89/0x2f0 [ 80.810167][ T6951] path_mount+0x1387/0x20a0 [ 80.814684][ T6951] __x64_sys_mount+0x27f/0x300 [ 80.819442][ T6951] do_syscall_64+0x2d/0x70 [ 80.823864][ T6951] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 80.829744][ T6951] [ 80.832072][ T6951] The buggy address belongs to the object at ffff88809e038000 [ 80.832072][ T6951] which belongs to the cache kmalloc-16k of size 16384 [ 80.846340][ T6951] The buggy address is located 1704 bytes inside of [ 80.846340][ T6951] 16384-byte region [ffff88809e038000, ffff88809e03c000) [ 80.859956][ T6951] The buggy address belongs to the page: [ 80.865599][ T6951] page:00000000c4e1c7cd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9e038 [ 80.875747][ T6951] head:00000000c4e1c7cd order:3 compound_mapcount:0 compound_pincount:0 [ 80.884095][ T6951] flags: 0xfffe0000010200(slab|head) [ 80.889387][ T6951] raw: 00fffe0000010200 ffffea0002289608 ffffea00023b5408 ffff8880aa040b00 [ 80.897975][ T6951] raw: 0000000000000000 ffff88809e038000 0000000100000001 0000000000000000 [ 80.906549][ T6951] page dumped because: kasan: bad access detected [ 80.912950][ T6951] [ 80.915273][ T6951] Memory state around the buggy address: [ 80.920909][ T6951] ffff88809e038580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.928979][ T6951] ffff88809e038600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.938176][ T6951] >ffff88809e038680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.946232][ T6951] ^ executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 80.951638][ T6951] ffff88809e038700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.959693][ T6951] ffff88809e038780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.967740][ T6951] ================================================================== [ 80.975799][ T6951] Disabling lock debugging due to kernel taint executing program [ 81.005095][ T6951] Kernel panic - not syncing: panic_on_warn set ... [ 81.011756][ T6951] CPU: 1 PID: 6951 Comm: syz-executor957 Tainted: G B 5.9.0-rc6-syzkaller #0 [ 81.021822][ T6951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.031865][ T6951] Call Trace: [ 81.035152][ T6951] dump_stack+0x198/0x1fd [ 81.039478][ T6951] ? btrfs_printk+0x2a8/0x40c [ 81.044184][ T6951] panic+0x382/0x7fb [ 81.048075][ T6951] ? __warn_printk+0xf3/0xf3 executing program executing program executing program executing program executing program executing program [ 81.052666][ T6951] ? preempt_schedule_common+0x59/0xc0 [ 81.058126][ T6951] ? btrfs_printk+0x38b/0x40c [ 81.062786][ T6951] ? preempt_schedule_thunk+0x16/0x18 [ 81.068288][ T6951] ? trace_hardirqs_on+0x55/0x220 [ 81.073315][ T6951] ? btrfs_printk+0x38b/0x40c [ 81.078059][ T6951] ? btrfs_printk+0x38b/0x40c [ 81.082779][ T6951] end_report+0x4d/0x53 [ 81.086925][ T6951] kasan_report.cold+0xd/0x37 [ 81.091580][ T6951] ? btrfs_printk+0x38b/0x40c [ 81.096232][ T6951] btrfs_printk+0x38b/0x40c [ 81.100719][ T6951] ? btrfs_put_super+0x38/0x38 executing program executing program executing program [ 81.105477][ T6951] ? device_list_add+0xe79/0x1570 [ 81.110505][ T6951] ? lock_release+0x8f0/0x8f0 [ 81.115174][ T6951] ? __mutex_unlock_slowpath+0xe2/0x610 [ 81.120704][ T6951] ? _atomic_dec_and_lock+0x92/0x100 [ 81.125968][ T6951] ? wait_for_completion+0x260/0x260 [ 81.131239][ T6951] device_list_add.cold+0x58/0x2d2 [ 81.136344][ T6951] ? btrfs_alloc_device+0x5d0/0x5d0 [ 81.141534][ T6951] ? do_read_cache_page+0xe6/0x1390 [ 81.146719][ T6951] btrfs_scan_one_device+0x339/0x4a0 [ 81.151986][ T6951] ? device_list_add+0x1570/0x1570 [ 81.157086][ T6951] ? check_preemption_disabled+0x50/0x130 [ 81.162814][ T6951] ? kfree+0x221/0x2b0 [ 81.166875][ T6951] ? btrfs_mount_root+0x73d/0xbb0 [ 81.171874][ T6951] ? lockdep_hardirqs_on+0x53/0x100 [ 81.177149][ T6951] btrfs_mount_root+0x4d5/0xbb0 [ 81.182073][ T6951] ? parse_rescue_options+0x250/0x250 [ 81.187438][ T6951] ? lock_is_held_type+0xbb/0xf0 [ 81.192375][ T6951] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 81.197903][ T6951] ? vfs_parse_fs_string+0xf3/0x150 [ 81.203082][ T6951] ? kfree+0x259/0x2b0 [ 81.207157][ T6951] ? vfs_parse_fs_string+0xf8/0x150 [ 81.212331][ T6951] ? vfs_parse_fs_param+0x550/0x550 [ 81.217518][ T6951] ? parse_rescue_options+0x250/0x250 [ 81.222877][ T6951] legacy_get_tree+0x105/0x220 [ 81.227633][ T6951] vfs_get_tree+0x89/0x2f0 [ 81.232045][ T6951] vfs_kern_mount.part.0+0xd3/0x170 [ 81.237239][ T6951] vfs_kern_mount+0x3c/0x60 [ 81.241734][ T6951] btrfs_mount+0x234/0xaa0 [ 81.246161][ T6951] ? btrfs_show_options+0x1080/0x1080 [ 81.251612][ T6951] ? cred_has_capability.isra.0+0x14e/0x2b0 [ 81.257505][ T6951] ? check_nnp_nosuid.isra.0+0x2a0/0x2a0 [ 81.263124][ T6951] ? rcu_read_lock_sched_held+0x3/0xb0 [ 81.268573][ T6951] ? kfree+0x259/0x2b0 [ 81.272639][ T6951] ? vfs_parse_fs_string+0xf8/0x150 [ 81.277831][ T6951] ? cap_capable+0x1f1/0x270 [ 81.282419][ T6951] ? btrfs_show_options+0x1080/0x1080 [ 81.287791][ T6951] legacy_get_tree+0x105/0x220 [ 81.292548][ T6951] vfs_get_tree+0x89/0x2f0 [ 81.296956][ T6951] path_mount+0x1387/0x20a0 [ 81.301449][ T6951] ? strncpy_from_user+0x2bf/0x3e0 [ 81.306561][ T6951] ? copy_mount_string+0x40/0x40 [ 81.311489][ T6951] ? getname_flags.part.0+0x1dd/0x4f0 [ 81.316847][ T6951] __x64_sys_mount+0x27f/0x300 [ 81.321593][ T6951] ? copy_mnt_ns+0xa60/0xa60 [ 81.326173][ T6951] ? check_preemption_disabled+0x50/0x130 [ 81.331908][ T6951] ? syscall_enter_from_user_mode+0x1d/0x60 [ 81.337806][ T6951] do_syscall_64+0x2d/0x70 [ 81.342231][ T6951] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 81.348348][ T6951] RIP: 0033:0x4494ca [ 81.352228][ T6951] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 aa a2 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 81.371827][ T6951] RSP: 002b:00007ffcd7890af8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 81.380412][ T6951] RAX: ffffffffffffffda RBX: 00007ffcd7890b50 RCX: 00000000004494ca [ 81.388371][ T6951] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcd7890b10 [ 81.396351][ T6951] RBP: 00007ffcd7890b10 R08: 00007ffcd7890b50 R09: 0000000000000000 [ 81.404305][ T6951] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000087 [ 81.412255][ T6951] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 81.421595][ T6951] Kernel Offset: disabled [ 81.425913][ T6951] Rebooting in 86400 seconds..