Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 525.392037][ T6848] BTRFS: device fsid b6c6de41-0f3d-4d56-a285-1537704be259 devid 0 transid 0 /dev/loop5 scanned by syz-executor751 (6848) [ 525.645472][ T6848] BTRFS: device fsid b6c6de41-0f3d-4d56-a285-1537704be259 devid 1 transid 7 /dev/loop5 scanned by syz-executor751 (6848) executing program [ 525.693449][ T6849] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:1 old:/dev/loop5 new:/dev/loop1 [ 525.713978][ T6848] BTRFS info (device loop5): disk space caching is enabled [ 525.721950][ T6848] BTRFS info (device loop5): has skinny extents [ 525.723359][ T6847] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:1 old:/dev/loop5 new:/dev/loop2 executing program executing program executing program [ 525.769075][ T6851] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:1 old:/dev/loop5 new:/dev/loop0 [ 525.792391][ T6853] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:1 old:/dev/loop5 new:/dev/loop4 executing program executing program executing program executing program executing program executing program [ 525.879208][ T6874] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:1 old:/dev/loop5 new:/dev/loop1 executing program executing program executing program executing program [ 525.936563][ T6868] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:1 old:/dev/loop5 new:/dev/loop2 executing program [ 526.034354][ T132] BTRFS error (device loop5): bad tree block start, want 5267456 have 0 [ 526.060453][ T6848] BTRFS warning (device loop5): failed to read root (objectid=7): -5 executing program [ 526.119658][ T6848] BTRFS error (device loop5): open_ctree failed [ 526.130325][ T6903] BTRFS info (device loop5): disk space caching is enabled executing program executing program [ 526.160012][ T6903] BTRFS info (device loop5): has skinny extents executing program executing program executing program executing program executing program [ 526.267915][ T6903] BTRFS error (device loop5): super_num_devices 1 mismatch with num_devices 1 found here [ 526.279290][ T6903] BTRFS error (device loop5): failed to read chunk tree: -22 executing program executing program [ 526.347191][ T6903] BTRFS error (device loop5): open_ctree failed [ 526.358931][ T6902] BTRFS info (device loop5): disk space caching is enabled [ 526.369462][ T6902] BTRFS info (device loop5): has skinny extents [ 526.404388][ T6903] ================================================================== [ 526.412747][ T6903] BUG: KASAN: use-after-free in btrfs_printk+0x3eb/0x435 [ 526.419771][ T6903] Read of size 8 at addr ffff8880884f86a8 by task syz-executor751/6903 [ 526.428005][ T6903] [ 526.430337][ T6903] CPU: 0 PID: 6903 Comm: syz-executor751 Not tainted 5.9.0-syzkaller #0 [ 526.438653][ T6903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 526.448708][ T6903] Call Trace: [ 526.452087][ T6903] dump_stack+0x1d6/0x29e [ 526.456499][ T6903] print_address_description+0x66/0x620 [ 526.462109][ T6903] ? printk+0x62/0x83 [ 526.466197][ T6903] ? _raw_spin_lock_irqsave+0x84/0xd0 [ 526.471570][ T6903] ? vprintk_emit+0x2f0/0x370 [ 526.476249][ T6903] kasan_report+0x132/0x1d0 [ 526.480752][ T6903] ? btrfs_printk+0x3eb/0x435 [ 526.485439][ T6903] btrfs_printk+0x3eb/0x435 [ 526.490027][ T6903] ? rcu_lock_acquire+0x5/0x30 [ 526.494811][ T6903] ? lock_is_held_type+0xb3/0xe0 [ 526.499744][ T6903] device_list_add+0x1a88/0x1d60 [ 526.504677][ T6903] btrfs_scan_one_device+0x196/0x490 [ 526.509944][ T6903] btrfs_mount_root+0x48f/0xb60 [ 526.514854][ T6903] ? vfs_parse_fs_string+0x150/0x1e0 [ 526.520161][ T6903] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 526.525722][ T6903] ? trace_kfree+0xb2/0x100 [ 526.530215][ T6903] ? vfs_parse_fs_string+0x150/0x1e0 [ 526.535479][ T6903] legacy_get_tree+0xea/0x180 [ 526.540132][ T6903] ? btrfs_control_open+0x40/0x40 [ 526.545168][ T6903] vfs_get_tree+0x88/0x270 [ 526.549581][ T6903] vfs_kern_mount+0xc9/0x160 [ 526.554153][ T6903] btrfs_mount+0x33c/0xae0 [ 526.558554][ T6903] ? vfs_parse_fs_string+0x150/0x1e0 [ 526.563828][ T6903] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 526.569401][ T6903] ? cap_capable+0x23f/0x280 [ 526.573991][ T6903] legacy_get_tree+0xea/0x180 [ 526.578654][ T6903] ? btrfs_resize_thread_pool+0x250/0x250 [ 526.584352][ T6903] vfs_get_tree+0x88/0x270 [ 526.588746][ T6903] path_mount+0x179d/0x29e0 [ 526.593240][ T6903] __se_sys_mount+0x126/0x180 [ 526.597901][ T6903] do_syscall_64+0x31/0x70 [ 526.602311][ T6903] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 526.608179][ T6903] RIP: 0033:0x44856a [ 526.612056][ T6903] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 aa a2 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 526.631750][ T6903] RSP: 002b:00007ffd8df3d128 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 526.640139][ T6903] RAX: ffffffffffffffda RBX: 00007ffd8df3d180 RCX: 000000000044856a [ 526.648088][ T6903] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd8df3d140 [ 526.656039][ T6903] RBP: 00007ffd8df3d140 R08: 00007ffd8df3d180 R09: 0000000000000000 [ 526.663989][ T6903] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000024 [ 526.671936][ T6903] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 526.679899][ T6903] [ 526.682205][ T6903] Allocated by task 6848: [ 526.686512][ T6903] __kasan_kmalloc+0x100/0x130 [ 526.691315][ T6903] kvmalloc_node+0x81/0x110 [ 526.695797][ T6903] btrfs_mount_root+0xd0/0xb60 [ 526.700551][ T6903] legacy_get_tree+0xea/0x180 [ 526.705211][ T6903] vfs_get_tree+0x88/0x270 [ 526.709625][ T6903] vfs_kern_mount+0xc9/0x160 [ 526.714199][ T6903] btrfs_mount+0x33c/0xae0 [ 526.718613][ T6903] legacy_get_tree+0xea/0x180 [ 526.723283][ T6903] vfs_get_tree+0x88/0x270 [ 526.727693][ T6903] path_mount+0x179d/0x29e0 [ 526.732181][ T6903] __se_sys_mount+0x126/0x180 [ 526.736847][ T6903] do_syscall_64+0x31/0x70 [ 526.741243][ T6903] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 526.747107][ T6903] [ 526.749413][ T6903] Freed by task 6848: [ 526.753374][ T6903] kasan_set_track+0x3d/0x70 [ 526.757938][ T6903] kasan_set_free_info+0x17/0x30 [ 526.762851][ T6903] __kasan_slab_free+0xdd/0x110 [ 526.767678][ T6903] kfree+0x113/0x200 [ 526.771635][ T6903] deactivate_locked_super+0xa7/0xf0 [ 526.776896][ T6903] btrfs_mount_root+0x72b/0xb60 [ 526.781724][ T6903] legacy_get_tree+0xea/0x180 [ 526.786394][ T6903] vfs_get_tree+0x88/0x270 [ 526.790785][ T6903] vfs_kern_mount+0xc9/0x160 [ 526.795351][ T6903] btrfs_mount+0x33c/0xae0 [ 526.799742][ T6903] legacy_get_tree+0xea/0x180 [ 526.804407][ T6903] vfs_get_tree+0x88/0x270 [ 526.808797][ T6903] path_mount+0x179d/0x29e0 [ 526.813277][ T6903] __se_sys_mount+0x126/0x180 [ 526.817929][ T6903] do_syscall_64+0x31/0x70 [ 526.822318][ T6903] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 526.828181][ T6903] [ 526.830487][ T6903] The buggy address belongs to the object at ffff8880884f8000 [ 526.830487][ T6903] which belongs to the cache kmalloc-16k of size 16384 [ 526.844688][ T6903] The buggy address is located 1704 bytes inside of [ 526.844688][ T6903] 16384-byte region [ffff8880884f8000, ffff8880884fc000) [ 526.858208][ T6903] The buggy address belongs to the page: [ 526.863838][ T6903] page:00000000ddf3db7b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x884f8 [ 526.873962][ T6903] head:00000000ddf3db7b order:3 compound_mapcount:0 compound_pincount:0 [ 526.882265][ T6903] flags: 0xfffe0000010200(slab|head) [ 526.887562][ T6903] raw: 00fffe0000010200 ffffea0002213a08 ffffea0002a24e08 ffff8880aa440b00 [ 526.896137][ T6903] raw: 0000000000000000 ffff8880884f8000 0000000100000001 0000000000000000 [ 526.904698][ T6903] page dumped because: kasan: bad access detected [ 526.911086][ T6903] [ 526.913392][ T6903] Memory state around the buggy address: [ 526.919012][ T6903] ffff8880884f8580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 526.927061][ T6903] ffff8880884f8600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 526.935096][ T6903] >ffff8880884f8680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 526.943131][ T6903] ^ [ 526.948483][ T6903] ffff8880884f8700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb executing program [ 526.956518][ T6903] ffff8880884f8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 526.964564][ T6903] ================================================================== [ 526.972600][ T6903] Disabling lock debugging due to kernel taint [ 526.981822][ T6903] Kernel panic - not syncing: panic_on_warn set ... [ 526.988425][ T6903] CPU: 0 PID: 6903 Comm: syz-executor751 Tainted: G B 5.9.0-syzkaller #0 [ 526.998125][ T6903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 527.008163][ T6903] Call Trace: [ 527.011443][ T6903] dump_stack+0x1d6/0x29e [ 527.015835][ T6903] panic+0x2c0/0x800 [ 527.019716][ T6903] ? trace_hardirqs_on+0x30/0x80 [ 527.024622][ T6903] kasan_report+0x1c9/0x1d0 [ 527.029107][ T6903] ? btrfs_printk+0x3eb/0x435 [ 527.033767][ T6903] btrfs_printk+0x3eb/0x435 [ 527.038241][ T6903] ? rcu_lock_acquire+0x5/0x30 [ 527.043013][ T6903] ? lock_is_held_type+0xb3/0xe0 [ 527.047921][ T6903] device_list_add+0x1a88/0x1d60 [ 527.052829][ T6903] btrfs_scan_one_device+0x196/0x490 [ 527.058305][ T6903] btrfs_mount_root+0x48f/0xb60 [ 527.063140][ T6903] ? vfs_parse_fs_string+0x150/0x1e0 [ 527.068400][ T6903] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 527.073960][ T6903] ? trace_kfree+0xb2/0x100 [ 527.078444][ T6903] ? vfs_parse_fs_string+0x150/0x1e0 [ 527.083700][ T6903] legacy_get_tree+0xea/0x180 [ 527.088358][ T6903] ? btrfs_control_open+0x40/0x40 [ 527.093350][ T6903] vfs_get_tree+0x88/0x270 [ 527.097801][ T6903] vfs_kern_mount+0xc9/0x160 [ 527.102368][ T6903] btrfs_mount+0x33c/0xae0 [ 527.106754][ T6903] ? vfs_parse_fs_string+0x150/0x1e0 [ 527.112005][ T6903] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 527.117529][ T6903] ? cap_capable+0x23f/0x280 [ 527.122086][ T6903] legacy_get_tree+0xea/0x180 [ 527.126729][ T6903] ? btrfs_resize_thread_pool+0x250/0x250 [ 527.132425][ T6903] vfs_get_tree+0x88/0x270 [ 527.136809][ T6903] path_mount+0x179d/0x29e0 [ 527.141281][ T6903] __se_sys_mount+0x126/0x180 [ 527.145928][ T6903] do_syscall_64+0x31/0x70 [ 527.150311][ T6903] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 527.156170][ T6903] RIP: 0033:0x44856a [ 527.160036][ T6903] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 aa a2 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 527.179620][ T6903] RSP: 002b:00007ffd8df3d128 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 527.188094][ T6903] RAX: ffffffffffffffda RBX: 00007ffd8df3d180 RCX: 000000000044856a [ 527.196121][ T6903] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd8df3d140 [ 527.204073][ T6903] RBP: 00007ffd8df3d140 R08: 00007ffd8df3d180 R09: 0000000000000000 [ 527.212012][ T6903] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000024 [ 527.219971][ T6903] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 527.229264][ T6903] Kernel Offset: disabled [ 527.233577][ T6903] Rebooting in 86400 seconds..