[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.141' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 28.195448] BTRFS: device fsid f90cac8b-044b-4fa8-8bee-4b8d3da88dc2 devid 0 transid 0 /dev/loop3 executing program [ 28.267952] syz-executor213[7977]: segfault at 0 ip 00007faf5ad4bb40 sp 00007ffe5cb95708 error 4 in syz-executor2133033272[7faf5ace5000+88000] executing program [ 28.356928] BTRFS: device fsid f90cac8b-044b-4fa8-8bee-4b8d3da88dc2 devid 1 transid 7 /dev/loop0 [ 28.365968] syz-executor213[7971]: segfault at 0 ip 00007faf5ad4bb40 sp 00007ffe5cb95708 error 4 in syz-executor2133033272[7faf5ace5000+88000] [ 28.369871] syz-executor213[7979]: segfault at 0 ip 00007faf5ad4bb40 sp 00007ffe5cb95708 error 4 [ 28.379418] syz-executor213[7972]: segfault at 0 ip 00007faf5ad4bb40 sp 00007ffe5cb95708 error 4 in syz-executor2133033272[7faf5ace5000+88000] executing program [ 28.392324] syz-executor213[7970]: segfault at 0 ip 00007faf5ad4bb40 sp 00007ffe5cb95708 error 4 [ 28.406985] in syz-executor2133033272[7faf5ace5000+88000] [ 28.421192] in syz-executor2133033272[7faf5ace5000+88000] [ 28.434743] BTRFS info (device loop0): disk space caching is enabled [ 28.444027] BTRFS info (device loop0): has skinny extents [ 28.468510] BTRFS warning (device loop0): super block num_devices 1 mismatch with DEV_ITEM count 1, will be repaired on next transaction commit executing program executing program executing program [ 28.664507] BTRFS error (device loop0): bad tree block start 0 5279744 [ 28.671552] BTRFS warning (device loop0): failed to recover relocation: -5 [ 28.702618] ------------[ cut here ]------------ [ 28.707527] WARNING: CPU: 1 PID: 8005 at fs/btrfs/volumes.c:936 __btrfs_close_devices+0x888/0xb20 [ 28.716879] Kernel panic - not syncing: panic_on_warn set ... [ 28.716879] [ 28.724237] CPU: 1 PID: 8005 Comm: syz-executor213 Not tainted 4.14.285-syzkaller #0 [ 28.732113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.741463] Call Trace: [ 28.744058] dump_stack+0x1b2/0x281 [ 28.747684] panic+0x1f9/0x42d [ 28.750878] ? add_taint.cold+0x16/0x16 [ 28.754862] ? __btrfs_close_devices+0x888/0xb20 [ 28.759619] ? __btrfs_close_devices+0x888/0xb20 [ 28.764466] __warn.cold+0x20/0x44 [ 28.768006] ? ist_end_non_atomic+0x10/0x10 [ 28.772419] ? __btrfs_close_devices+0x888/0xb20 [ 28.777175] report_bug+0x208/0x250 [ 28.780800] do_error_trap+0x195/0x2d0 [ 28.784690] ? math_error+0x2d0/0x2d0 [ 28.788491] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 28.793677] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 28.798778] ? debug_object_active_state+0x236/0x330 [ 28.803876] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.808717] invalid_op+0x1b/0x40 executing program executing program executing program [ 28.812168] RIP: 0010:__btrfs_close_devices+0x888/0xb20 [ 28.817523] RSP: 0018:ffff8880b354f618 EFLAGS: 00010297 [ 28.822882] RAX: ffff8880a0b84380 RBX: dffffc0000000000 RCX: ffff8880b354f688 [ 28.830231] RDX: 0000000000000000 RSI: ffff8880a0b84c30 RDI: ffff88809ad027e0 [ 28.837492] RBP: ffff8880b1944900 R08: 0000000000000286 R09: 0000000000000000 [ 28.839270] print_req_error: I/O error, dev loop1, sector 0 [ 28.844752] R10: 0000000000000000 R11: 0000000000000000 R12: dead000000000200 [ 28.844763] R13: dead000000000100 R14: ffff8880b1fb0800 R15: ffff8880b19449a0 executing program [ 28.865131] ? __btrfs_close_devices+0x888/0xb20 [ 28.869980] ? kvfree+0x45/0x50 [ 28.873266] ? btrfs_alloc_device+0x580/0x580 [ 28.877348] print_req_error: I/O error, dev loop5, sector 0 [ 28.877783] btrfs_close_devices+0x24/0x140 [ 28.877794] open_ctree+0x241/0x7400 [ 28.877824] ? close_ctree+0x840/0x840 [ 28.895379] ? dlm_unlock_lock_handler+0x8d0/0x8d0 [ 28.900631] btrfs_mount+0x1915/0x1fe0 [ 28.904508] ? btrfs_get_subvol_name_from_objectid+0x8c0/0x8c0 [ 28.910479] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.915916] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 28.920926] ? __lockdep_init_map+0x100/0x560 [ 28.925562] ? __lockdep_init_map+0x100/0x560 [ 28.930082] mount_fs+0x92/0x2a0 [ 28.933431] vfs_kern_mount.part.0+0x5b/0x470 [ 28.937903] vfs_kern_mount+0x3c/0x60 [ 28.941701] btrfs_mount+0x42a/0x1fe0 [ 28.945483] ? lock_downgrade+0x740/0x740 [ 28.949610] ? _find_next_bit+0xdb/0x100 [ 28.953776] ? btrfs_get_subvol_name_from_objectid+0x8c0/0x8c0 [ 28.959822] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.965276] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 28.970363] ? __lockdep_init_map+0x100/0x560 [ 28.974836] ? __lockdep_init_map+0x100/0x560 [ 28.979394] mount_fs+0x92/0x2a0 [ 28.983578] vfs_kern_mount.part.0+0x5b/0x470 [ 28.988051] do_mount+0xe65/0x2a30 [ 28.991571] ? copy_mount_string+0x40/0x40 [ 28.995805] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.000797] ? copy_mnt_ns+0xa30/0xa30 [ 29.004662] ? copy_mount_options+0x1fa/0x2f0 [ 29.009151] ? copy_mnt_ns+0xa30/0xa30 [ 29.013058] SyS_mount+0xa8/0x120 [ 29.016491] ? copy_mnt_ns+0xa30/0xa30 [ 29.020444] do_syscall_64+0x1d5/0x640 [ 29.024311] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.029500] RIP: 0033:0x7faf5ad2a42a [ 29.033316] RSP: 002b:00007ffe5cb95738 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 29.041006] RAX: ffffffffffffffda RBX: 00007ffe5cb957d0 RCX: 00007faf5ad2a42a [ 29.048280] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe5cb95790 [ 29.055525] RBP: 00007ffe5cb95790 R08: 00007ffe5cb957d0 R09: 0000000000000000 [ 29.062776] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000001 [ 29.070028] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000020000100 [ 29.077642] Kernel Offset: disabled [ 29.081302] Rebooting in 86400 seconds..