[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 62.073366][ T8487] BTRFS: device fsid 3b7b29a3-d79d-449e-8760-f5c6064562ef devid 0 transid 5 /dev/loop4 scanned by syz-executor328 (8487) executing program executing program executing program [ 62.341469][ T8487] BTRFS: device fsid 3b7b29a3-d79d-449e-8760-f5c6064562ef devid 1 transid 5 /dev/loop4 scanned by syz-executor328 (8487) [ 62.371875][ T8492] BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 5 scanned by syz-executor328 (8492) executing program executing program [ 62.387358][ T8487] BTRFS info (device loop4): disk space caching is enabled [ 62.404152][ T8487] BTRFS info (device loop4): has skinny extents [ 62.413397][ T8488] BTRFS warning (device ): duplicate device /dev/loop1 devid 1 generation 5 scanned by syz-executor328 (8488) [ 62.427072][ T8486] BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 5 scanned by syz-executor328 (8486) executing program [ 62.441375][ T8487] BTRFS info (device loop4): flagging fs with big metadata feature executing program executing program executing program executing program [ 62.553784][ T8494] BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 5 scanned by syz-executor328 (8494) [ 62.580504][ T8512] BTRFS warning (device ): duplicate device /dev/loop2 devid 1 generation 5 scanned by systemd-udevd (8512) executing program executing program executing program [ 62.671601][ T242] BTRFS error (device loop4): bad tree block start, want 30556160 have 0 [ 62.685320][ T8487] BTRFS info (device loop4): read error corrected: ino 0 off 30556160 (dev /dev/loop4 sector 76064) executing program executing program [ 62.721034][ T8487] BTRFS info (device loop4): read error corrected: ino 0 off 30560256 (dev /dev/loop4 sector 76072) [ 62.753095][ T8543] BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 5 scanned by syz-executor328 (8543) [ 62.783205][ T8487] BTRFS info (device loop4): read error corrected: ino 0 off 30564352 (dev /dev/loop4 sector 76080) [ 62.845118][ T8487] BTRFS info (device loop4): read error corrected: ino 0 off 30568448 (dev /dev/loop4 sector 76088) [ 62.881170][ T242] BTRFS error (device loop4): bad tree block start, want 30474240 have 0 executing program executing program [ 62.891055][ T242] BTRFS error (device loop4): bad tree block start, want 30474240 have 0 [ 62.903135][ T8487] BTRFS warning (device loop4): failed to read root (objectid=7): -5 [ 62.940550][ T8487] BTRFS error (device loop4): open_ctree failed executing program executing program executing program executing program [ 63.043902][ T8542] BTRFS info (device loop4): disk space caching is enabled [ 63.051880][ T8542] BTRFS info (device loop4): has skinny extents [ 63.062117][ T8542] BTRFS info (device loop4): flagging fs with big metadata feature executing program executing program executing program executing program [ 63.196204][ T21] BTRFS error (device loop4): bad tree block start, want 30474240 have 0 [ 63.212567][ T64] BTRFS error (device loop4): bad tree block start, want 30474240 have 0 [ 63.231858][ T8542] BTRFS warning (device loop4): failed to read root (objectid=7): -5 executing program executing program executing program executing program [ 63.296857][ T8542] BTRFS error (device loop4): open_ctree failed [ 63.307779][ T8541] BTRFS info (device loop4): disk space caching is enabled [ 63.321475][ T8541] BTRFS info (device loop4): has skinny extents executing program executing program executing program executing program [ 63.350270][ T8541] BTRFS info (device loop4): flagging fs with big metadata feature executing program executing program executing program executing program executing program [ 63.460623][ T64] BTRFS error (device loop4): bad tree block start, want 30474240 have 0 [ 63.480315][ T64] BTRFS error (device loop4): bad tree block start, want 30474240 have 0 [ 63.488854][ T8541] BTRFS warning (device loop4): failed to read root (objectid=7): -5 executing program executing program executing program [ 63.521967][ T8541] BTRFS error (device loop4): open_ctree failed [ 63.544866][ T8552] BTRFS info (device loop4): disk space caching is enabled [ 63.553358][ T8552] BTRFS info (device loop4): has skinny extents [ 63.560257][ T8552] BTRFS info (device loop4): flagging fs with big metadata feature [ 63.626120][ T64] BTRFS error (device loop4): bad tree block start, want 30474240 have 0 [ 63.635576][ T21] BTRFS error (device loop4): bad tree block start, want 30474240 have 0 [ 63.644890][ T8552] BTRFS warning (device loop4): failed to read root (objectid=7): -5 executing program executing program [ 63.672692][ T8541] BTRFS warning (device loop4): duplicate device /dev/loop1 devid 1 generation 5 scanned by syz-executor328 (8541) [ 63.742118][ T8552] BTRFS error (device loop4): open_ctree failed [ 63.751697][ T8564] BTRFS info (device loop4): disk space caching is enabled [ 63.758922][ T8564] BTRFS info (device loop4): has skinny extents executing program [ 63.789992][ T8564] BTRFS info (device loop4): flagging fs with big metadata feature [ 63.815783][ T21] BTRFS error (device loop4): bad tree block start, want 30474240 have 0 [ 63.825998][ T8564] BTRFS warning (device loop4): failed to read root (objectid=7): -5 executing program [ 63.847225][ T8552] BTRFS warning (device loop4): duplicate device /dev/loop3 devid 1 generation 5 scanned by syz-executor328 (8552) executing program executing program executing program executing program executing program [ 63.904604][ T8564] BTRFS error (device loop4): open_ctree failed [ 63.924679][ T8565] BTRFS info (device loop4): disk space caching is enabled [ 63.943373][ T8565] BTRFS info (device loop4): has skinny extents executing program executing program executing program [ 63.966683][ T8565] BTRFS info (device loop4): flagging fs with big metadata feature executing program [ 64.021964][ T8565] BTRFS warning (device loop4): failed to read root (objectid=7): -5 executing program [ 64.067670][ T8565] BTRFS error (device loop4): open_ctree failed [ 64.083585][ T8701] BTRFS info (device loop4): disk space caching is enabled [ 64.094849][ T8701] BTRFS info (device loop4): has skinny extents [ 64.101763][ T8701] BTRFS info (device loop4): flagging fs with big metadata feature executing program [ 64.134318][ T8701] BTRFS warning (device loop4): failed to read root (objectid=7): -5 executing program [ 64.175632][ T8565] BTRFS warning (device loop4): duplicate device /dev/loop0 devid 1 generation 5 scanned by syz-executor328 (8565) [ 64.208302][ T8701] BTRFS error (device loop4): open_ctree failed [ 64.218503][ T8616] BTRFS info (device loop4): disk space caching is enabled [ 64.229532][ T8616] BTRFS info (device loop4): has skinny extents [ 64.242917][ T8616] BTRFS info (device loop4): flagging fs with big metadata feature [ 64.265672][ T8616] BTRFS warning (device loop4): failed to read root (objectid=7): -5 executing program executing program [ 64.282370][ T8701] BTRFS warning (device loop4): duplicate device /dev/loop1 devid 1 generation 5 scanned by syz-executor328 (8701) executing program [ 64.327446][ T8616] BTRFS error (device loop4): open_ctree failed [ 64.342289][ T8714] BTRFS info (device loop4): disk space caching is enabled [ 64.349518][ T8714] BTRFS info (device loop4): has skinny extents [ 64.369727][ T8714] BTRFS info (device loop4): flagging fs with big metadata feature executing program executing program [ 64.393482][ T8616] ================================================================== [ 64.401774][ T8616] BUG: KASAN: use-after-free in btrfs_printk+0x38b/0x40c [ 64.408893][ T8616] Read of size 8 at addr ffff8880153dc6a0 by task syz-executor328/8616 [ 64.417128][ T8616] [ 64.419471][ T8616] CPU: 0 PID: 8616 Comm: syz-executor328 Not tainted 5.10.0-rc1-next-20201030-syzkaller #0 [ 64.429445][ T8616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.439505][ T8616] Call Trace: [ 64.442808][ T8616] dump_stack+0x107/0x163 [ 64.447149][ T8616] ? btrfs_printk+0x38b/0x40c [ 64.451834][ T8616] ? btrfs_printk+0x38b/0x40c [ 64.456523][ T8616] print_address_description.constprop.0.cold+0xae/0x4c8 [ 64.463550][ T8616] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 64.468933][ T8616] ? vprintk_func+0x95/0x1e0 [ 64.473533][ T8616] ? btrfs_printk+0x38b/0x40c [ 64.478213][ T8616] ? btrfs_printk+0x38b/0x40c [ 64.482907][ T8616] kasan_report.cold+0x1f/0x37 [ 64.487683][ T8616] ? btrfs_printk+0x38b/0x40c [ 64.492370][ T8616] btrfs_printk+0x38b/0x40c [ 64.496903][ T8616] ? btrfs_put_super+0x38/0x38 [ 64.501678][ T8616] ? lock_release+0x710/0x710 [ 64.506481][ T8616] ? __mutex_unlock_slowpath+0xe2/0x610 [ 64.512034][ T8616] ? mntput+0x67/0x90 [ 64.516034][ T8616] ? wait_for_completion_io+0x260/0x260 [ 64.521607][ T8616] device_list_add.cold+0x99/0x31e [ 64.526734][ T8616] ? btrfs_alloc_device+0x5d0/0x5d0 [ 64.531942][ T8616] ? do_read_cache_page+0xe6/0x1390 [ 64.537156][ T8616] btrfs_scan_one_device+0x339/0x4a0 [ 64.542448][ T8616] ? device_list_add+0x1400/0x1400 [ 64.547572][ T8616] ? btrfs_mount_root+0x73d/0xbb0 [ 64.552611][ T8616] ? kfree+0xdb/0x360 [ 64.556612][ T8616] btrfs_mount_root+0x4d5/0xbb0 [ 64.561481][ T8616] ? parse_rescue_options+0x250/0x250 [ 64.567823][ T8616] ? rcu_read_lock_sched_held+0x3a/0x70 [ 64.573375][ T8616] ? kfree+0x2d3/0x360 [ 64.577460][ T8616] ? vfs_parse_fs_string+0xf8/0x150 [ 64.582667][ T8616] ? vfs_parse_fs_param+0x550/0x550 [ 64.587875][ T8616] ? parse_rescue_options+0x250/0x250 executing program [ 64.593262][ T8616] legacy_get_tree+0x105/0x220 [ 64.598067][ T8616] vfs_get_tree+0x89/0x2f0 [ 64.602495][ T8616] vfs_kern_mount.part.0+0xd3/0x170 [ 64.607703][ T8616] vfs_kern_mount+0x3c/0x60 [ 64.612217][ T8616] btrfs_mount+0x234/0xa60 [ 64.616650][ T8616] ? btrfs_show_options+0x1080/0x1080 [ 64.622044][ T8616] ? rcu_read_lock_sched_held+0x3a/0x70 [ 64.627604][ T8616] ? kfree+0x2d3/0x360 [ 64.631689][ T8616] ? logfc+0x590/0x590 [ 64.635776][ T8616] ? apparmor_capable+0x1d8/0x460 [ 64.640815][ T8616] ? btrfs_show_options+0x1080/0x1080 [ 64.646202][ T8616] legacy_get_tree+0x105/0x220 [ 64.650980][ T8616] vfs_get_tree+0x89/0x2f0 [ 64.655403][ T8616] path_mount+0x12ae/0x1e70 [ 64.659923][ T8616] ? strncpy_from_user+0x29e/0x3a0 [ 64.665042][ T8616] ? finish_automount+0xac0/0xac0 [ 64.670076][ T8616] ? getname_flags.part.0+0x1dd/0x4f0 [ 64.675469][ T8616] __x64_sys_mount+0x27f/0x300 [ 64.680244][ T8616] ? copy_mnt_ns+0xae0/0xae0 [ 64.684847][ T8616] ? syscall_enter_from_user_mode+0x1d/0x50 [ 64.690929][ T8616] do_syscall_64+0x2d/0x70 [ 64.695362][ T8616] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.701348][ T8616] RIP: 0033:0x44972a [ 64.705252][ T8616] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 aa a2 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 64.724868][ T8616] RSP: 002b:00007ffdcf74b928 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 64.733558][ T8616] RAX: ffffffffffffffda RBX: 00007ffdcf74b980 RCX: 000000000044972a [ 64.741629][ T8616] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffdcf74b940 [ 64.749609][ T8616] RBP: 00007ffdcf74b940 R08: 00007ffdcf74b980 R09: 0000000000000000 [ 64.757586][ T8616] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000053 [ 64.765564][ T8616] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 64.773587][ T8616] [ 64.775955][ T8616] The buggy address belongs to the page: [ 64.781599][ T8616] page:00000000c2378334 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x153dc [ 64.791756][ T8616] head:00000000c2378334 order:2 compound_mapcount:0 compound_pincount:0 [ 64.800082][ T8616] flags: 0xfff00000010000(head) [ 64.804941][ T8616] raw: 00fff00000010000 dead000000000100 dead000000000122 0000000000000000 [ 64.813532][ T8616] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 64.822116][ T8616] page dumped because: kasan: bad access detected [ 64.828702][ T8616] [ 64.831043][ T8616] Memory state around the buggy address: [ 64.836679][ T8616] ffff8880153dc580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.844832][ T8616] ffff8880153dc600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.852909][ T8616] >ffff8880153dc680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.860982][ T8616] ^ [ 64.866102][ T8616] ffff8880153dc700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.874171][ T8616] ffff8880153dc780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.882229][ T8616] ================================================================== executing program [ 64.890285][ T8616] Disabling lock debugging due to kernel taint [ 64.899858][ T8616] Kernel panic - not syncing: panic_on_warn set ... [ 64.906461][ T8616] CPU: 0 PID: 8616 Comm: syz-executor328 Tainted: G B 5.10.0-rc1-next-20201030-syzkaller #0 [ 64.917814][ T8616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.927861][ T8616] Call Trace: [ 64.931155][ T8616] dump_stack+0x107/0x163 [ 64.935490][ T8616] ? btrfs_printk+0x351/0x40c [ 64.940162][ T8616] panic+0x306/0x73d [ 64.944054][ T8616] ? __warn_printk+0xf3/0xf3 [ 64.948643][ T8616] ? preempt_schedule_common+0x59/0xc0 [ 64.954186][ T8616] ? btrfs_printk+0x38b/0x40c [ 64.958858][ T8616] ? preempt_schedule_thunk+0x16/0x18 [ 64.964228][ T8616] ? trace_hardirqs_on+0x51/0x1c0 [ 64.969259][ T8616] ? btrfs_printk+0x38b/0x40c [ 64.973932][ T8616] ? btrfs_printk+0x38b/0x40c [ 64.978605][ T8616] end_report+0x58/0x5e [ 64.982794][ T8616] kasan_report.cold+0xd/0x37 [ 64.987472][ T8616] ? btrfs_printk+0x38b/0x40c [ 64.992145][ T8616] btrfs_printk+0x38b/0x40c [ 64.996645][ T8616] ? btrfs_put_super+0x38/0x38 [ 65.001406][ T8616] ? lock_release+0x710/0x710 [ 65.006083][ T8616] ? __mutex_unlock_slowpath+0xe2/0x610 [ 65.011625][ T8616] ? mntput+0x67/0x90 [ 65.015606][ T8616] ? wait_for_completion_io+0x260/0x260 [ 65.021152][ T8616] device_list_add.cold+0x99/0x31e [ 65.026261][ T8616] ? btrfs_alloc_device+0x5d0/0x5d0 [ 65.031457][ T8616] ? do_read_cache_page+0xe6/0x1390 [ 65.036655][ T8616] btrfs_scan_one_device+0x339/0x4a0 [ 65.041936][ T8616] ? device_list_add+0x1400/0x1400 [ 65.047046][ T8616] ? btrfs_mount_root+0x73d/0xbb0 [ 65.052066][ T8616] ? kfree+0xdb/0x360 [ 65.056050][ T8616] btrfs_mount_root+0x4d5/0xbb0 [ 65.060898][ T8616] ? parse_rescue_options+0x250/0x250 [ 65.066267][ T8616] ? rcu_read_lock_sched_held+0x3a/0x70 [ 65.071806][ T8616] ? kfree+0x2d3/0x360 [ 65.075878][ T8616] ? vfs_parse_fs_string+0xf8/0x150 [ 65.081074][ T8616] ? vfs_parse_fs_param+0x550/0x550 [ 65.086270][ T8616] ? parse_rescue_options+0x250/0x250 [ 65.091637][ T8616] legacy_get_tree+0x105/0x220 [ 65.096396][ T8616] vfs_get_tree+0x89/0x2f0 [ 65.100809][ T8616] vfs_kern_mount.part.0+0xd3/0x170 [ 65.106012][ T8616] vfs_kern_mount+0x3c/0x60 [ 65.110597][ T8616] btrfs_mount+0x234/0xa60 [ 65.115014][ T8616] ? btrfs_show_options+0x1080/0x1080 [ 65.120389][ T8616] ? rcu_read_lock_sched_held+0x3a/0x70 [ 65.125933][ T8616] ? kfree+0x2d3/0x360 [ 65.130003][ T8616] ? logfc+0x590/0x590 [ 65.134072][ T8616] ? apparmor_capable+0x1d8/0x460 [ 65.139097][ T8616] ? btrfs_show_options+0x1080/0x1080 [ 65.144464][ T8616] legacy_get_tree+0x105/0x220 [ 65.149222][ T8616] vfs_get_tree+0x89/0x2f0 [ 65.153634][ T8616] path_mount+0x12ae/0x1e70 [ 65.158143][ T8616] ? strncpy_from_user+0x29e/0x3a0 [ 65.163247][ T8616] ? finish_automount+0xac0/0xac0 [ 65.168256][ T8616] ? getname_flags.part.0+0x1dd/0x4f0 [ 65.173699][ T8616] __x64_sys_mount+0x27f/0x300 [ 65.178498][ T8616] ? copy_mnt_ns+0xae0/0xae0 [ 65.183077][ T8616] ? syscall_enter_from_user_mode+0x1d/0x50 [ 65.188946][ T8616] do_syscall_64+0x2d/0x70 [ 65.193342][ T8616] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.199291][ T8616] RIP: 0033:0x44972a [ 65.203217][ T8616] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 aa a2 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 65.223063][ T8616] RSP: 002b:00007ffdcf74b928 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 65.231455][ T8616] RAX: ffffffffffffffda RBX: 00007ffdcf74b980 RCX: 000000000044972a [ 65.239409][ T8616] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffdcf74b940 [ 65.247365][ T8616] RBP: 00007ffdcf74b940 R08: 00007ffdcf74b980 R09: 0000000000000000 [ 65.255313][ T8616] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000053 [ 65.263279][ T8616] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 65.272004][ T8616] Kernel Offset: disabled [ 65.276403][ T8616] Rebooting in 86400 seconds..