Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 34.676798] BTRFS: device fsid f90cac8b-044b-4fa8-8bee-4b8d3da88dc2 devid 1 transid 7 /dev/loop3 [ 34.699068] BTRFS warning (device ): duplicate device /dev/loop1 devid 1 generation 7 scanned by syz-executor581 (8127) [ 34.711801] BTRFS info (device loop3): turning on flush-on-commit [ 34.714669] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 7 scanned by syz-executor581 (8125) [ 34.729793] BTRFS info (device loop3): disk space caching is enabled [ 34.736796] BTRFS info (device loop3): has skinny extents executing program [ 34.786600] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 7 scanned by syz-executor581 (8136) [ 34.809628] BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 7 scanned by syz-executor581 (8137) [ 34.829916] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 7 scanned by syz-executor581 (8128) executing program [ 34.899166] BTRFS error (device loop3): bad tree block start, want 5267456 have 0 [ 34.907502] BTRFS warning (device loop3): failed to read root (objectid=7): -5 executing program executing program executing program executing program [ 34.975107] BTRFS warning (device loop3): duplicate device /dev/loop4 devid 1 generation 7 scanned by systemd-udevd (8133) [ 34.992174] BTRFS error (device loop3): open_ctree failed [ 35.001493] BTRFS: device fsid f90cac8b-044b-4fa8-8bee-4b8d3da88dc2 devid 0 transid 7 /dev/loop0 executing program [ 35.159346] BTRFS warning (device ): duplicate device /dev/loop1 devid 1 generation 7 scanned by syz-executor581 (8193) [ 35.171721] BTRFS info (device loop2): turning on flush-on-commit [ 35.179613] BTRFS info (device loop2): disk space caching is enabled [ 35.189268] BTRFS info (device loop2): has skinny extents executing program executing program executing program executing program executing program [ 35.198153] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 7 scanned by syz-executor581 (8192) [ 35.211755] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 7 scanned by syz-executor581 (8195) [ 35.225408] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 7 scanned by systemd-udevd (8133) [ 35.237878] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 7 scanned by syz-executor581 (8214) executing program executing program executing program executing program executing program [ 35.291129] BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 7 scanned by systemd-udevd (8178) [ 35.308557] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 7 scanned by systemd-udevd (8181) executing program executing program [ 35.356450] BTRFS warning (device ): duplicate device /dev/loop1 devid 1 generation 7 scanned by systemd-udevd (8148) [ 35.417186] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 7 scanned by syz-executor581 (8255) [ 35.438631] BTRFS error (device loop2): bad tree block start, want 5267456 have 0 [ 35.446648] BTRFS warning (device loop2): failed to read root (objectid=7): -5 [ 35.464851] BTRFS warning (device loop2): duplicate device /dev/loop5 devid 1 generation 7 scanned by syz-executor581 (8224) executing program executing program [ 35.525147] BTRFS warning (device loop2): duplicate device /dev/loop5 devid 1 generation 7 scanned by systemd-udevd (8133) [ 35.553442] BTRFS warning (device loop2): duplicate device /dev/loop4 devid 1 generation 7 scanned by syz-executor581 (8251) executing program [ 35.574942] BTRFS warning (device loop2): duplicate device /dev/loop4 devid 1 generation 7 scanned by systemd-udevd (8178) [ 35.611692] BTRFS error (device loop2): open_ctree failed executing program [ 35.623061] BTRFS warning (device loop2): duplicate device /dev/loop1 devid 1 generation 7 scanned by syz-executor581 (8266) [ 35.645842] BTRFS info (device loop2): disk space caching is enabled [ 35.659578] ================================================================== [ 35.659773] BTRFS info (device loop2): has skinny extents executing program executing program executing program executing program executing program [ 35.667036] BUG: KASAN: use-after-free in btrfs_printk+0x34f/0x3d0 [ 35.667050] Read of size 8 at addr ffff8880af10da60 by task systemd-udevd/8148 [ 35.667053] [ 35.667066] CPU: 1 PID: 8148 Comm: systemd-udevd Not tainted 4.19.157-syzkaller #0 [ 35.667073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.667078] Call Trace: [ 35.667093] dump_stack+0x1fc/0x2fe [ 35.667112] print_address_description.cold+0x54/0x219 [ 35.667129] kasan_report_error.cold+0x8a/0x1c7 [ 35.667142] ? btrfs_printk+0x34f/0x3d0 [ 35.725117] __asan_report_load8_noabort+0x88/0x90 [ 35.730034] ? btrfs_printk+0x34f/0x3d0 [ 35.733989] btrfs_printk+0x34f/0x3d0 [ 35.737777] ? btrfs_show_devname.cold+0x18/0x18 [ 35.742521] ? __mutex_unlock_slowpath+0xea/0x610 [ 35.747362] ? lock_acquire+0x170/0x3c0 [ 35.751320] ? device_list_add+0x77d/0xdd0 [ 35.755541] device_list_add.cold+0x1a0/0x376 [ 35.760108] ? btrfs_rm_dev_replace_free_srcdev+0x450/0x450 [ 35.765808] btrfs_scan_one_device+0x33f/0xd00 [ 35.770375] ? lock_downgrade+0x720/0x720 [ 35.774514] ? lock_acquire+0x170/0x3c0 [ 35.778475] ? device_list_add+0xdd0/0xdd0 [ 35.782727] ? __might_fault+0x192/0x1d0 [ 35.786788] ? _copy_from_user+0xd2/0x130 [ 35.790922] btrfs_control_ioctl+0x16b/0x2a0 [ 35.795310] ? btrfs_statfs+0x1460/0x1460 [ 35.799438] do_vfs_ioctl+0xcdb/0x12e0 [ 35.803313] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 35.808508] ? debug_check_no_obj_freed+0x201/0x482 [ 35.813524] ? ioctl_preallocate+0x200/0x200 [ 35.817926] ? putname+0xe1/0x120 [ 35.821375] ? __secure_computing+0x104/0x360 [ 35.825855] ? syscall_trace_enter+0x3b7/0xd60 [ 35.830421] ? syscall_slow_exit_work+0x630/0x630 [ 35.835250] ksys_ioctl+0x9b/0xc0 [ 35.838688] __x64_sys_ioctl+0x6f/0xb0 [ 35.842606] do_syscall_64+0xf9/0x620 [ 35.846392] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.851562] RIP: 0033:0x7f4a15b0a017 [ 35.855257] Code: 00 00 00 48 8b 05 81 7e 2b 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 7e 2b 00 f7 d8 64 89 01 48 [ 35.874152] RSP: 002b:00007ffc91e5fae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 35.881844] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4a15b0a017 [ 35.889124] RDX: 00007ffc91e5fb00 RSI: 0000000090009427 RDI: 000000000000000f [ 35.896439] RBP: 00007ffc91e5fb00 R08: 0000000000000000 R09: 0000000000000048 [ 35.903691] R10: 0000000000000001 R11: 0000000000000246 R12: 000000000000000f [ 35.910943] R13: 0000000000000000 R14: 0000555c56597de0 R15: 0000555c56582c00 [ 35.918201] [ 35.919809] Allocated by task 8194: [ 35.923420] __kmalloc_node+0x4c/0x70 [ 35.927202] kvmalloc_node+0xb4/0xf0 [ 35.930900] btrfs_mount_root+0x13f/0x1830 [ 35.935120] mount_fs+0xa3/0x30c [ 35.938469] vfs_kern_mount.part.0+0x68/0x470 [ 35.942962] vfs_kern_mount+0x3c/0x60 [ 35.946745] btrfs_mount+0x23a/0xa93 [ 35.950450] mount_fs+0xa3/0x30c [ 35.953813] vfs_kern_mount.part.0+0x68/0x470 [ 35.958292] do_mount+0x113c/0x2f10 [ 35.961914] ksys_mount+0xcf/0x130 [ 35.965434] __x64_sys_mount+0xba/0x150 [ 35.969413] do_syscall_64+0xf9/0x620 [ 35.973197] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.978363] [ 35.979991] Freed by task 8194: [ 35.983272] kfree+0xcc/0x210 [ 35.986359] kvfree+0x59/0x60 [ 35.989447] deactivate_locked_super+0x94/0x160 [ 35.994108] btrfs_mount_root+0x10a0/0x1830 [ 35.998429] mount_fs+0xa3/0x30c [ 36.001779] vfs_kern_mount.part.0+0x68/0x470 [ 36.006253] vfs_kern_mount+0x3c/0x60 [ 36.010043] btrfs_mount+0x23a/0xa93 [ 36.013749] mount_fs+0xa3/0x30c [ 36.017100] vfs_kern_mount.part.0+0x68/0x470 [ 36.021595] do_mount+0x113c/0x2f10 [ 36.025202] ksys_mount+0xcf/0x130 [ 36.028723] __x64_sys_mount+0xba/0x150 [ 36.032688] do_syscall_64+0xf9/0x620 [ 36.036477] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.041671] [ 36.043298] The buggy address belongs to the object at ffff8880af10d440 [ 36.043298] which belongs to the cache kmalloc-8192 of size 8192 [ 36.056125] The buggy address is located 1568 bytes inside of [ 36.056125] 8192-byte region [ffff8880af10d440, ffff8880af10f440) [ 36.068171] The buggy address belongs to the page: [ 36.073087] page:ffffea0002bc4300 count:1 mapcount:0 mapping:ffff88813bff2080 index:0x0 compound_mapcount: 0 [ 36.083071] flags: 0xfff00000008100(slab|head) [ 36.087648] raw: 00fff00000008100 ffffea0002bdc208 ffffea0002bdaa08 ffff88813bff2080 [ 36.095531] raw: 0000000000000000 ffff8880af10d440 0000000100000001 0000000000000000 [ 36.103389] page dumped because: kasan: bad access detected [ 36.109101] [ 36.110708] Memory state around the buggy address: [ 36.115618] ffff8880af10d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb executing program [ 36.122974] ffff8880af10d980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.130324] >ffff8880af10da00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.137669] ^ [ 36.144140] ffff8880af10da80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.151479] ffff8880af10db00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.158817] ================================================================== [ 36.166153] Disabling lock debugging due to kernel taint executing program executing program executing program executing program executing program [ 36.175853] Kernel panic - not syncing: panic_on_warn set ... [ 36.175853] [ 36.183237] CPU: 1 PID: 8148 Comm: systemd-udevd Tainted: G B 4.19.157-syzkaller #0 [ 36.192328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.201677] Call Trace: [ 36.204267] dump_stack+0x1fc/0x2fe [ 36.207897] panic+0x26a/0x50e [ 36.211096] ? __warn_printk+0xf3/0xf3 [ 36.214980] ? preempt_schedule_common+0x45/0xc0 [ 36.219723] ? ___preempt_schedule+0x16/0x18 executing program executing program executing program executing program executing program executing program [ 36.224126] ? trace_hardirqs_on+0x55/0x210 [ 36.228448] kasan_end_report+0x43/0x49 [ 36.232411] kasan_report_error.cold+0xa7/0x1c7 [ 36.237252] ? btrfs_printk+0x34f/0x3d0 [ 36.241219] __asan_report_load8_noabort+0x88/0x90 [ 36.246142] ? btrfs_printk+0x34f/0x3d0 [ 36.250132] btrfs_printk+0x34f/0x3d0 [ 36.253926] ? btrfs_show_devname.cold+0x18/0x18 [ 36.258699] ? __mutex_unlock_slowpath+0xea/0x610 [ 36.263538] ? lock_acquire+0x170/0x3c0 [ 36.267506] ? device_list_add+0x77d/0xdd0 [ 36.271728] device_list_add.cold+0x1a0/0x376 [ 36.276224] ? btrfs_rm_dev_replace_free_srcdev+0x450/0x450 [ 36.281954] btrfs_scan_one_device+0x33f/0xd00 [ 36.286524] ? lock_downgrade+0x720/0x720 [ 36.290666] ? lock_acquire+0x170/0x3c0 [ 36.294648] ? device_list_add+0xdd0/0xdd0 [ 36.298900] ? __might_fault+0x192/0x1d0 [ 36.302948] ? _copy_from_user+0xd2/0x130 [ 36.307089] btrfs_control_ioctl+0x16b/0x2a0 [ 36.311489] ? btrfs_statfs+0x1460/0x1460 [ 36.315638] do_vfs_ioctl+0xcdb/0x12e0 [ 36.319531] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 36.324717] ? debug_check_no_obj_freed+0x201/0x482 [ 36.329722] ? ioctl_preallocate+0x200/0x200 [ 36.334124] ? putname+0xe1/0x120 [ 36.337580] ? __secure_computing+0x104/0x360 [ 36.342068] ? syscall_trace_enter+0x3b7/0xd60 [ 36.346647] ? syscall_slow_exit_work+0x630/0x630 [ 36.351488] ksys_ioctl+0x9b/0xc0 [ 36.354931] __x64_sys_ioctl+0x6f/0xb0 [ 36.358816] do_syscall_64+0xf9/0x620 [ 36.362620] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.367805] RIP: 0033:0x7f4a15b0a017 [ 36.371519] Code: 00 00 00 48 8b 05 81 7e 2b 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 7e 2b 00 f7 d8 64 89 01 48 [ 36.390453] RSP: 002b:00007ffc91e5fae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 36.398164] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4a15b0a017 [ 36.405436] RDX: 00007ffc91e5fb00 RSI: 0000000090009427 RDI: 000000000000000f [ 36.412778] RBP: 00007ffc91e5fb00 R08: 0000000000000000 R09: 0000000000000048 [ 36.420096] R10: 0000000000000001 R11: 0000000000000246 R12: 000000000000000f [ 36.427367] R13: 0000000000000000 R14: 0000555c56597de0 R15: 0000555c56582c00 [ 36.435416] Kernel Offset: disabled [ 36.439031] Rebooting in 86400 seconds..