Warning: Permanently added '10.128.1.33' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 535.832950][ T6856] BTRFS: device fsid 8ae5b401-4ad8-4168-8672-01e7db0b90b5 devid 1 transid 5 /dev/loop0 scanned by syz-executor800 (6856) [ 535.853695][ T6856] BTRFS info (device loop0): disk space caching is enabled [ 535.861669][ T6856] BTRFS info (device loop0): has skinny extents [ 535.883082][ T6861] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop4 [ 535.927626][ T6862] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop5 [ 536.037052][ T6863] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop3 [ 536.074643][ T6866] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop1 [ 536.180890][ T6864] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop2 [ 536.202759][ T29] BTRFS error (device loop0): bad tree block start, want 30425088 have 0 [ 536.217813][ T29] BTRFS error (device loop0): bad tree block start, want 30425088 have 0 [ 536.229156][ T6856] BTRFS warning (device loop0): failed to read root (objectid=7): -5 executing program executing program executing program executing program executing program [ 536.484863][ T6856] BTRFS error (device loop0): open_ctree failed [ 536.497638][ T6923] BTRFS info (device loop2): disk space caching is enabled [ 536.522980][ T6923] BTRFS info (device loop2): has skinny extents [ 536.554241][ T6929] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop2 new:/dev/loop3 [ 536.581764][ T6932] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop2 new:/dev/loop4 [ 536.677555][ T6931] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop2 new:/dev/loop5 [ 536.692899][ T6930] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop2 new:/dev/loop1 executing program [ 536.791136][ T6904] BTRFS error (device loop2): bad tree block start, want 30425088 have 0 [ 536.800793][ T29] BTRFS error (device loop2): bad tree block start, want 30425088 have 0 [ 536.812445][ T6923] BTRFS warning (device loop2): failed to read root (objectid=7): -5 executing program executing program executing program executing program executing program [ 536.951505][ T6978] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop4 [ 536.967416][ T6923] BTRFS error (device loop2): open_ctree failed [ 536.979310][ T6970] BTRFS info (device loop0): disk space caching is enabled [ 536.988905][ T6970] BTRFS info (device loop0): has skinny extents executing program [ 537.035333][ T6880] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop2 executing program executing program executing program [ 537.106960][ T6982] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop1 [ 537.158732][ T6983] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop5 [ 537.217680][ T29] BTRFS error (device loop0): bad tree block start, want 30425088 have 0 [ 537.226823][ T29] BTRFS error (device loop0): bad tree block start, want 30425088 have 0 [ 537.237360][ T6970] BTRFS warning (device loop0): failed to read root (objectid=7): -5 executing program [ 537.307419][ T6899] BTRFS warning (device loop0): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop4 executing program [ 537.345634][ T7016] BTRFS warning (device loop0): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop2 executing program executing program [ 537.442588][ T6983] BTRFS: device fsid 8ae5b401-4ad8-4168-8672-01e7db0b90b5 devid 0 transid 5 /dev/loop5 scanned by syz-executor800 (6983) [ 537.455937][ T6970] BTRFS error (device loop0): open_ctree failed executing program executing program executing program executing program executing program [ 537.514915][ T6984] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:0 old:/dev/loop5 new:/dev/loop3 [ 537.527972][ T6983] BTRFS error (device loop5): superblock checksum mismatch [ 537.544595][ T6912] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop2 executing program executing program executing program executing program [ 537.614297][ T7028] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop4 executing program executing program [ 537.726680][ T6892] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop0 new:/dev/loop4 executing program executing program executing program [ 537.764270][ T7032] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:0 old:/dev/loop5 new:/dev/loop1 executing program executing program executing program [ 537.899467][ T6983] BTRFS error (device loop5): open_ctree failed [ 537.911212][ T7051] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop3 new:/dev/loop2 [ 537.935438][ T7047] BTRFS error (device loop5): superblock checksum mismatch executing program executing program executing program [ 537.966335][ T6996] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop3 new:/dev/loop0 executing program executing program executing program executing program [ 538.025019][ T7058] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop3 new:/dev/loop4 executing program executing program executing program executing program [ 538.089113][ T7047] BTRFS error (device loop5): open_ctree failed [ 538.100099][ T6912] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop1 new:/dev/loop2 [ 538.118816][ T7065] BTRFS error (device loop5): superblock checksum mismatch executing program executing program executing program executing program executing program [ 538.206012][ T6892] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop1 new:/dev/loop4 executing program executing program [ 538.267249][ T7065] BTRFS error (device loop5): open_ctree failed [ 538.280484][ T7047] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:0 old:/dev/loop5 new:/dev/loop3 [ 538.303453][ T7085] BTRFS error (device loop5): superblock checksum mismatch executing program executing program executing program [ 538.465970][ T7085] BTRFS error (device loop5): open_ctree failed executing program [ 538.562530][ T7095] BTRFS info (device loop2): disk space caching is enabled [ 538.569967][ T7095] BTRFS info (device loop2): has skinny extents [ 538.580684][ T7100] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop2 new:/dev/loop4 [ 538.596331][ T7104] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop2 new:/dev/loop5 [ 538.718035][ T7112] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop2 new:/dev/loop3 [ 538.754442][ T7095] BTRFS error (device loop2): super_num_devices 1 mismatch with num_devices 1 found here executing program [ 538.765581][ T7095] BTRFS error (device loop2): failed to read chunk tree: -22 [ 538.784283][ T6886] BTRFS warning (device ): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop2 new:/dev/loop3 [ 538.810261][ T7095] BTRFS error (device loop2): open_ctree failed executing program executing program [ 538.830096][ T7100] BTRFS info (device loop2): disk space caching is enabled [ 538.849199][ T7100] BTRFS info (device loop2): has skinny extents [ 538.871800][ T393] BTRFS error (device loop2): bad tree block start, want 30425088 have 0 [ 538.888867][ T7025] BTRFS error (device loop2): bad tree block start, want 30425088 have 0 [ 538.899610][ T7100] BTRFS warning (device loop2): failed to read root (objectid=7): -5 executing program [ 538.945527][ T7145] BTRFS warning (device loop2): duplicate device fsid:devid for 8ae5b401-4ad8-4168-8672-01e7db0b90b5:1 old:/dev/loop2 new:/dev/loop3 [ 538.986252][ T7100] BTRFS error (device loop2): open_ctree failed [ 538.997050][ T7065] BTRFS info (device loop2): disk space caching is enabled [ 539.005108][ T7065] BTRFS info (device loop2): has skinny extents executing program executing program [ 539.075774][ T7065] BTRFS error (device loop2): super_num_devices 1 mismatch with num_devices 1 found here [ 539.108643][ T7065] BTRFS error (device loop2): failed to read chunk tree: -22 executing program [ 539.145887][ T7203] ================================================================== [ 539.154349][ T7203] BUG: KASAN: use-after-free in btrfs_printk+0x3eb/0x435 [ 539.161376][ T7203] Read of size 8 at addr ffff888085f906a8 by task syz-executor800/7203 [ 539.169610][ T7203] [ 539.171947][ T7203] CPU: 1 PID: 7203 Comm: syz-executor800 Not tainted 5.9.0-rc8-syzkaller #0 [ 539.180633][ T7203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 539.190698][ T7203] Call Trace: executing program executing program [ 539.194119][ T7203] dump_stack+0x1d6/0x29e [ 539.198545][ T7203] print_address_description+0x66/0x620 [ 539.204238][ T7203] ? printk+0x62/0x83 [ 539.208333][ T7203] ? _raw_spin_lock_irqsave+0x84/0xd0 [ 539.213717][ T7203] ? vprintk_emit+0x2f0/0x370 [ 539.218404][ T7203] kasan_report+0x132/0x1d0 [ 539.222916][ T7203] ? btrfs_printk+0x3eb/0x435 [ 539.227602][ T7203] btrfs_printk+0x3eb/0x435 [ 539.232212][ T7203] ? rcu_lock_acquire+0x5/0x30 [ 539.237009][ T7203] ? lock_is_held_type+0xb3/0xe0 [ 539.241956][ T7203] device_list_add+0x1a88/0x1d60 [ 539.246908][ T7203] btrfs_scan_one_device+0x196/0x490 [ 539.252203][ T7203] btrfs_mount_root+0x48f/0xb60 [ 539.257193][ T7203] ? vfs_parse_fs_string+0x150/0x1e0 [ 539.262544][ T7203] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 539.268145][ T7203] ? trace_kfree+0xb2/0x100 [ 539.272660][ T7203] ? vfs_parse_fs_string+0x150/0x1e0 [ 539.277977][ T7203] legacy_get_tree+0xea/0x180 [ 539.282671][ T7203] ? btrfs_control_open+0x40/0x40 [ 539.287764][ T7203] vfs_get_tree+0x88/0x270 [ 539.292260][ T7203] vfs_kern_mount+0xc9/0x160 executing program [ 539.297032][ T7203] btrfs_mount+0x33c/0xae0 [ 539.301458][ T7203] ? vfs_parse_fs_string+0x150/0x1e0 [ 539.306749][ T7203] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 539.312418][ T7203] ? cap_capable+0x23f/0x280 [ 539.317025][ T7203] legacy_get_tree+0xea/0x180 [ 539.321705][ T7203] ? btrfs_resize_thread_pool+0x250/0x250 [ 539.327431][ T7203] vfs_get_tree+0x88/0x270 [ 539.331853][ T7203] path_mount+0x179d/0x29e0 [ 539.336372][ T7203] __se_sys_mount+0x126/0x180 [ 539.341057][ T7203] do_syscall_64+0x31/0x70 [ 539.345478][ T7203] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 539.351367][ T7203] RIP: 0033:0x44840a [ 539.355257][ T7203] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 aa a2 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 539.374894][ T7203] RSP: 002b:00007ffcc4ba5e78 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 539.383313][ T7203] RAX: ffffffffffffffda RBX: 00007ffcc4ba5ee0 RCX: 000000000044840a [ 539.391298][ T7203] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcc4ba5ea0 [ 539.399272][ T7203] RBP: 00007ffcc4ba5ea0 R08: 00007ffcc4ba5ee0 R09: 0000000000000000 [ 539.407249][ T7203] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000001a [ 539.415220][ T7203] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 539.423212][ T7203] [ 539.425972][ T7203] Allocated by task 7100: [ 539.430309][ T7203] __kasan_kmalloc+0x100/0x130 [ 539.435281][ T7203] kvmalloc_node+0x81/0x110 [ 539.439874][ T7203] btrfs_mount_root+0xd0/0xb60 [ 539.444641][ T7203] legacy_get_tree+0xea/0x180 [ 539.449319][ T7203] vfs_get_tree+0x88/0x270 [ 539.453737][ T7203] vfs_kern_mount+0xc9/0x160 [ 539.458326][ T7203] btrfs_mount+0x33c/0xae0 [ 539.462747][ T7203] legacy_get_tree+0xea/0x180 [ 539.467424][ T7203] vfs_get_tree+0x88/0x270 [ 539.471838][ T7203] path_mount+0x179d/0x29e0 [ 539.476339][ T7203] __se_sys_mount+0x126/0x180 [ 539.481015][ T7203] do_syscall_64+0x31/0x70 [ 539.485430][ T7203] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 539.491310][ T7203] [ 539.493635][ T7203] Freed by task 7100: executing program executing program executing program executing program [ 539.497622][ T7203] kasan_set_track+0x3d/0x70 [ 539.502214][ T7203] kasan_set_free_info+0x17/0x30 [ 539.507152][ T7203] __kasan_slab_free+0xdd/0x110 [ 539.512001][ T7203] kfree+0x113/0x200 [ 539.515895][ T7203] deactivate_locked_super+0xa7/0xf0 [ 539.521180][ T7203] btrfs_mount_root+0x72b/0xb60 [ 539.526056][ T7203] legacy_get_tree+0xea/0x180 [ 539.530742][ T7203] vfs_get_tree+0x88/0x270 [ 539.535160][ T7203] vfs_kern_mount+0xc9/0x160 [ 539.539792][ T7203] btrfs_mount+0x33c/0xae0 executing program executing program executing program executing program executing program [ 539.544257][ T7203] legacy_get_tree+0xea/0x180 [ 539.548935][ T7203] vfs_get_tree+0x88/0x270 [ 539.553358][ T7203] path_mount+0x179d/0x29e0 [ 539.557859][ T7203] __se_sys_mount+0x126/0x180 [ 539.562525][ T7203] do_syscall_64+0x31/0x70 [ 539.566942][ T7203] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 539.572827][ T7203] [ 539.575165][ T7203] The buggy address belongs to the object at ffff888085f90000 [ 539.575165][ T7203] which belongs to the cache kmalloc-16k of size 16384 [ 539.589403][ T7203] The buggy address is located 1704 bytes inside of executing program executing program executing program executing program executing program [ 539.589403][ T7203] 16384-byte region [ffff888085f90000, ffff888085f94000) [ 539.602934][ T7203] The buggy address belongs to the page: [ 539.608579][ T7203] page:00000000d16a734c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x85f90 [ 539.618740][ T7203] head:00000000d16a734c order:3 compound_mapcount:0 compound_pincount:0 [ 539.627095][ T7203] flags: 0xfffe0000010200(slab|head) [ 539.632386][ T7203] raw: 00fffe0000010200 ffffea00025fe408 ffffea0002281a08 ffff8880aa440b00 executing program executing program executing program executing program [ 539.640981][ T7203] raw: 0000000000000000 ffff888085f90000 0000000100000001 0000000000000000 [ 539.649565][ T7203] page dumped because: kasan: bad access detected [ 539.655987][ T7203] [ 539.658310][ T7203] Memory state around the buggy address: [ 539.663955][ T7203] ffff888085f90580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 539.672037][ T7203] ffff888085f90600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 539.680101][ T7203] >ffff888085f90680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 539.688212][ T7203] ^ executing program executing program executing program executing program executing program executing program [ 539.693598][ T7203] ffff888085f90700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 539.701652][ T7203] ffff888085f90780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 539.709738][ T7203] ================================================================== [ 539.717803][ T7203] Disabling lock debugging due to kernel taint [ 539.734974][ T7203] Kernel panic - not syncing: panic_on_warn set ... executing program executing program executing program [ 539.741592][ T7203] CPU: 1 PID: 7203 Comm: syz-executor800 Tainted: G B 5.9.0-rc8-syzkaller #0 [ 539.751635][ T7203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 539.761793][ T7203] Call Trace: [ 539.765081][ T7203] dump_stack+0x1d6/0x29e [ 539.769541][ T7203] panic+0x2c0/0x800 [ 539.773502][ T7203] ? trace_hardirqs_on+0x30/0x80 [ 539.778471][ T7203] kasan_report+0x1c9/0x1d0 [ 539.782970][ T7203] ? btrfs_printk+0x3eb/0x435 [ 539.787640][ T7203] btrfs_printk+0x3eb/0x435 [ 539.792144][ T7203] ? rcu_lock_acquire+0x5/0x30 executing program executing program executing program executing program executing program executing program [ 539.796906][ T7203] ? lock_is_held_type+0xb3/0xe0 [ 539.801840][ T7203] device_list_add+0x1a88/0x1d60 [ 539.806767][ T7203] btrfs_scan_one_device+0x196/0x490 [ 539.812032][ T7203] btrfs_mount_root+0x48f/0xb60 [ 539.816861][ T7203] ? vfs_parse_fs_string+0x150/0x1e0 [ 539.822141][ T7203] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 539.827680][ T7203] ? trace_kfree+0xb2/0x100 [ 539.832180][ T7203] ? vfs_parse_fs_string+0x150/0x1e0 [ 539.837466][ T7203] legacy_get_tree+0xea/0x180 [ 539.842144][ T7203] ? btrfs_control_open+0x40/0x40 executing program executing program executing program executing program executing program executing program executing program [ 539.847183][ T7203] vfs_get_tree+0x88/0x270 [ 539.851599][ T7203] vfs_kern_mount+0xc9/0x160 [ 539.856208][ T7203] btrfs_mount+0x33c/0xae0 [ 539.860612][ T7203] ? vfs_parse_fs_string+0x150/0x1e0 [ 539.865880][ T7203] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 539.871436][ T7203] ? cap_capable+0x23f/0x280 [ 539.876011][ T7203] legacy_get_tree+0xea/0x180 [ 539.880680][ T7203] ? btrfs_resize_thread_pool+0x250/0x250 [ 539.886391][ T7203] vfs_get_tree+0x88/0x270 [ 539.890799][ T7203] path_mount+0x179d/0x29e0 executing program executing program executing program executing program executing program executing program executing program [ 539.895301][ T7203] __se_sys_mount+0x126/0x180 [ 539.899977][ T7203] do_syscall_64+0x31/0x70 [ 539.904395][ T7203] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 539.910277][ T7203] RIP: 0033:0x44840a [ 539.914165][ T7203] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 aa a2 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 539.933767][ T7203] RSP: 002b:00007ffcc4ba5e78 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 executing program executing program executing program executing program [ 539.942176][ T7203] RAX: ffffffffffffffda RBX: 00007ffcc4ba5ee0 RCX: 000000000044840a [ 539.950148][ T7203] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcc4ba5ea0 [ 539.958122][ T7203] RBP: 00007ffcc4ba5ea0 R08: 00007ffcc4ba5ee0 R09: 0000000000000000 [ 539.966092][ T7203] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000001a [ 539.974067][ T7203] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 539.983209][ T7203] Kernel Offset: disabled [ 539.987522][ T7203] Rebooting in 86400 seconds..