Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 46.842796][ T6834] BTRFS: device fsid b6c6de41-0f3d-4d56-a285-1537704be259 devid 0 transid 0 /dev/loop0 scanned by syz-executor260 (6834) [ 46.871818][ T6841] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop4 [ 46.945359][ T6842] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop3 [ 46.971622][ T6843] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop1 [ 47.078559][ T6844] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop5 [ 47.128081][ T6845] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop2 executing program [ 47.219106][ T6841] BTRFS: device fsid b6c6de41-0f3d-4d56-a285-1537704be259 devid 1 transid 7 /dev/loop4 scanned by syz-executor260 (6841) executing program executing program [ 47.284316][ T6855] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:1 old:/dev/loop4 new:/dev/loop3 [ 47.305765][ T6841] BTRFS info (device loop4): disk space caching is enabled executing program [ 47.322206][ T6857] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:1 old:/dev/loop4 new:/dev/loop1 [ 47.322614][ T6841] BTRFS info (device loop4): has skinny extents [ 47.355622][ T6871] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:1 old:/dev/loop4 new:/dev/loop3 executing program executing program [ 47.400048][ T6883] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop2 [ 47.427130][ T6885] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop5 [ 47.545593][ T6904] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop1 executing program [ 47.591626][ T6841] BTRFS error (device loop4): super_num_devices 1 mismatch with num_devices 1 found here [ 47.614645][ T6841] BTRFS error (device loop4): failed to read chunk tree: -22 [ 47.661490][ T6905] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:1 old:/dev/loop4 new:/dev/loop3 [ 47.707203][ T6885] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:1 old:/dev/loop4 new:/dev/loop5 [ 47.777058][ T6841] BTRFS error (device loop4): open_ctree failed [ 47.780704][ T6932] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop2 [ 47.790254][ T6876] BTRFS info (device loop4): disk space caching is enabled executing program executing program [ 47.824262][ T6876] BTRFS info (device loop4): has skinny extents [ 47.846712][ T6921] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:1 old:/dev/loop4 new:/dev/loop1 executing program executing program executing program [ 47.990954][ T6932] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop2 executing program [ 48.119572][ T6876] BTRFS error (device loop4): open_ctree failed executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 49.010255][ T7059] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop3 [ 49.025383][ T7073] BTRFS info (device loop4): disk space caching is enabled [ 49.028268][ T7085] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop1 [ 49.034969][ T7073] BTRFS info (device loop4): has skinny extents executing program [ 49.146060][ T7065] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop2 [ 49.161362][ T7092] BTRFS warning (device ): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop5 [ 49.223460][ T89] BTRFS error (device loop4): bad tree block start, want 5267456 have 0 [ 49.232395][ T7073] BTRFS warning (device loop4): failed to read root (objectid=7): -5 executing program [ 49.269680][ T7085] BTRFS warning (device loop4): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop1 [ 49.293925][ T7122] BTRFS warning (device loop4): duplicate device fsid:devid for b6c6de41-0f3d-4d56-a285-1537704be259:0 old:/dev/loop0 new:/dev/loop3 executing program [ 49.328524][ T7073] BTRFS error (device loop4): open_ctree failed [ 49.339008][ T7077] BTRFS info (device loop4): disk space caching is enabled [ 49.346967][ T7077] BTRFS info (device loop4): has skinny extents executing program executing program [ 49.389464][ T7116] ================================================================== [ 49.397688][ T7116] BUG: KASAN: use-after-free in btrfs_printk+0x3eb/0x435 [ 49.404696][ T7116] Read of size 8 at addr ffff8880909906a8 by task syz-executor260/7116 [ 49.412914][ T7116] [ 49.415238][ T7116] CPU: 0 PID: 7116 Comm: syz-executor260 Not tainted 5.9.0-rc8-syzkaller #0 [ 49.423930][ T7116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.433987][ T7116] Call Trace: executing program [ 49.437262][ T7116] dump_stack+0x1d6/0x29e [ 49.441585][ T7116] print_address_description+0x66/0x620 [ 49.447127][ T7116] ? printk+0x62/0x83 [ 49.451099][ T7116] ? _raw_spin_lock_irqsave+0x84/0xd0 [ 49.456476][ T7116] ? vprintk_emit+0x2f0/0x370 [ 49.461157][ T7116] kasan_report+0x132/0x1d0 [ 49.465662][ T7116] ? btrfs_printk+0x3eb/0x435 [ 49.470373][ T7116] btrfs_printk+0x3eb/0x435 [ 49.474882][ T7116] ? rcu_lock_acquire+0x5/0x30 [ 49.479659][ T7116] ? lock_is_held_type+0xb3/0xe0 [ 49.484637][ T7116] device_list_add+0x1a88/0x1d60 executing program [ 49.489678][ T7116] btrfs_scan_one_device+0x196/0x490 [ 49.494971][ T7116] btrfs_mount_root+0x48f/0xb60 [ 49.499838][ T7116] ? vfs_parse_fs_string+0x150/0x1e0 [ 49.505148][ T7116] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 49.510706][ T7116] ? trace_kfree+0xb2/0x100 [ 49.515188][ T7116] ? vfs_parse_fs_string+0x150/0x1e0 [ 49.520463][ T7116] legacy_get_tree+0xea/0x180 [ 49.525146][ T7116] ? btrfs_control_open+0x40/0x40 [ 49.530172][ T7116] vfs_get_tree+0x88/0x270 [ 49.534599][ T7116] vfs_kern_mount+0xc9/0x160 executing program [ 49.539224][ T7116] btrfs_mount+0x33c/0xae0 [ 49.543630][ T7116] ? vfs_parse_fs_string+0x150/0x1e0 [ 49.548903][ T7116] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 49.554447][ T7116] ? cap_capable+0x23f/0x280 [ 49.559075][ T7116] legacy_get_tree+0xea/0x180 [ 49.563770][ T7116] ? btrfs_resize_thread_pool+0x250/0x250 [ 49.569480][ T7116] vfs_get_tree+0x88/0x270 [ 49.573892][ T7116] path_mount+0x179d/0x29e0 [ 49.578410][ T7116] __se_sys_mount+0x126/0x180 [ 49.584403][ T7116] do_syscall_64+0x31/0x70 [ 49.588944][ T7116] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 49.594836][ T7116] RIP: 0033:0x44fcca [ 49.598732][ T7116] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad a0 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a a0 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 49.618365][ T7116] RSP: 002b:00007f08d7856af8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 49.626776][ T7116] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000044fcca [ 49.634748][ T7116] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f08d7856b50 [ 49.642718][ T7116] RBP: 00007f08d78576d4 R08: 00007f08d7856b90 R09: 0000000000000000 [ 49.650692][ T7116] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 49.658662][ T7116] R13: 0000000020000200 R14: 00007f08d7856b50 R15: 00007f08d7856b90 [ 49.666644][ T7116] [ 49.668975][ T7116] Allocated by task 7073: [ 49.673308][ T7116] __kasan_kmalloc+0x100/0x130 [ 49.678072][ T7116] kvmalloc_node+0x81/0x110 [ 49.682582][ T7116] btrfs_mount_root+0xd0/0xb60 [ 49.687371][ T7116] legacy_get_tree+0xea/0x180 [ 49.692048][ T7116] vfs_get_tree+0x88/0x270 [ 49.696461][ T7116] vfs_kern_mount+0xc9/0x160 [ 49.701051][ T7116] btrfs_mount+0x33c/0xae0 [ 49.705470][ T7116] legacy_get_tree+0xea/0x180 [ 49.710145][ T7116] vfs_get_tree+0x88/0x270 [ 49.714558][ T7116] path_mount+0x179d/0x29e0 [ 49.719064][ T7116] __se_sys_mount+0x126/0x180 [ 49.723742][ T7116] do_syscall_64+0x31/0x70 [ 49.728157][ T7116] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 49.734222][ T7116] [ 49.736546][ T7116] Freed by task 7073: [ 49.740534][ T7116] kasan_set_track+0x3d/0x70 [ 49.745128][ T7116] kasan_set_free_info+0x17/0x30 [ 49.750089][ T7116] __kasan_slab_free+0xdd/0x110 [ 49.754958][ T7116] kfree+0x113/0x200 [ 49.758849][ T7116] deactivate_locked_super+0xa7/0xf0 [ 49.764131][ T7116] btrfs_mount_root+0x72b/0xb60 [ 49.768981][ T7116] legacy_get_tree+0xea/0x180 [ 49.773654][ T7116] vfs_get_tree+0x88/0x270 [ 49.778067][ T7116] vfs_kern_mount+0xc9/0x160 [ 49.782656][ T7116] btrfs_mount+0x33c/0xae0 [ 49.787072][ T7116] legacy_get_tree+0xea/0x180 [ 49.791750][ T7116] vfs_get_tree+0x88/0x270 [ 49.796162][ T7116] path_mount+0x179d/0x29e0 [ 49.800661][ T7116] __se_sys_mount+0x126/0x180 [ 49.805337][ T7116] do_syscall_64+0x31/0x70 [ 49.809751][ T7116] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 49.815632][ T7116] [ 49.817962][ T7116] The buggy address belongs to the object at ffff888090990000 [ 49.817962][ T7116] which belongs to the cache kmalloc-16k of size 16384 [ 49.832188][ T7116] The buggy address is located 1704 bytes inside of [ 49.832188][ T7116] 16384-byte region [ffff888090990000, ffff888090994000) [ 49.846233][ T7116] The buggy address belongs to the page: [ 49.851868][ T7116] page:000000003746a8ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x90990 [ 49.862014][ T7116] head:000000003746a8ea order:3 compound_mapcount:0 compound_pincount:0 [ 49.870333][ T7116] flags: 0xfffe0000010200(slab|head) [ 49.875620][ T7116] raw: 00fffe0000010200 ffffea0002215008 ffffea00023f0a08 ffff8880aa440b00 [ 49.884241][ T7116] raw: 0000000000000000 ffff888090990000 0000000100000001 0000000000000000 [ 49.892841][ T7116] page dumped because: kasan: bad access detected [ 49.899246][ T7116] [ 49.901577][ T7116] Memory state around the buggy address: [ 49.907313][ T7116] ffff888090990580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.915374][ T7116] ffff888090990600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.923435][ T7116] >ffff888090990680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.931490][ T7116] ^ executing program [ 49.936857][ T7116] ffff888090990700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.944918][ T7116] ffff888090990780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.952998][ T7116] ================================================================== [ 49.961051][ T7116] Disabling lock debugging due to kernel taint [ 49.970430][ T7116] Kernel panic - not syncing: panic_on_warn set ... [ 49.977028][ T7116] CPU: 0 PID: 7116 Comm: syz-executor260 Tainted: G B 5.9.0-rc8-syzkaller #0 [ 49.987074][ T7116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.997145][ T7116] Call Trace: [ 50.000432][ T7116] dump_stack+0x1d6/0x29e [ 50.004779][ T7116] panic+0x2c0/0x800 [ 50.008668][ T7116] ? trace_hardirqs_on+0x30/0x80 [ 50.013601][ T7116] kasan_report+0x1c9/0x1d0 [ 50.018111][ T7116] ? btrfs_printk+0x3eb/0x435 [ 50.022787][ T7116] btrfs_printk+0x3eb/0x435 [ 50.027285][ T7116] ? rcu_lock_acquire+0x5/0x30 [ 50.032050][ T7116] ? lock_is_held_type+0xb3/0xe0 [ 50.036983][ T7116] device_list_add+0x1a88/0x1d60 [ 50.041917][ T7116] btrfs_scan_one_device+0x196/0x490 [ 50.047202][ T7116] btrfs_mount_root+0x48f/0xb60 [ 50.052073][ T7116] ? vfs_parse_fs_string+0x150/0x1e0 [ 50.057356][ T7116] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 50.062896][ T7116] ? trace_kfree+0xb2/0x100 [ 50.067398][ T7116] ? vfs_parse_fs_string+0x150/0x1e0 [ 50.072677][ T7116] legacy_get_tree+0xea/0x180 [ 50.077364][ T7116] ? btrfs_control_open+0x40/0x40 [ 50.082384][ T7116] vfs_get_tree+0x88/0x270 [ 50.086797][ T7116] vfs_kern_mount+0xc9/0x160 [ 50.091382][ T7116] btrfs_mount+0x33c/0xae0 [ 50.095803][ T7116] ? vfs_parse_fs_string+0x150/0x1e0 [ 50.101080][ T7116] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 50.107060][ T7116] ? cap_capable+0x23f/0x280 [ 50.111646][ T7116] legacy_get_tree+0xea/0x180 [ 50.116311][ T7116] ? btrfs_resize_thread_pool+0x250/0x250 [ 50.122023][ T7116] vfs_get_tree+0x88/0x270 [ 50.126432][ T7116] path_mount+0x179d/0x29e0 [ 50.130929][ T7116] __se_sys_mount+0x126/0x180 [ 50.135598][ T7116] do_syscall_64+0x31/0x70 [ 50.140009][ T7116] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 50.145889][ T7116] RIP: 0033:0x44fcca [ 50.149775][ T7116] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad a0 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a a0 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 50.169375][ T7116] RSP: 002b:00007f08d7856af8 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 50.177780][ T7116] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000044fcca [ 50.185745][ T7116] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f08d7856b50 [ 50.193707][ T7116] RBP: 00007f08d78576d4 R08: 00007f08d7856b90 R09: 0000000000000000 [ 50.201671][ T7116] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 50.209653][ T7116] R13: 0000000020000200 R14: 00007f08d7856b50 R15: 00007f08d7856b90 [ 50.218761][ T7116] Kernel Offset: disabled [ 50.223091][ T7116] Rebooting in 86400 seconds..