[ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.114' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 532.748461][ T6857] BTRFS: device fsid abb5d618-46c7-4e89-943b-7a9d2665c168 devid 0 transid 0 /dev/loop5 scanned by syz-executor611 (6857) [ 532.770308][ T6859] BTRFS warning (device ): duplicate device fsid:devid for abb5d618-46c7-4e89-943b-7a9d2665c168:0 old:/dev/loop5 new:/dev/loop0 [ 532.797117][ T6857] BTRFS error (device loop5): superblock checksum mismatch [ 532.808818][ T6858] BTRFS warning (device ): duplicate device fsid:devid for abb5d618-46c7-4e89-943b-7a9d2665c168:0 old:/dev/loop5 new:/dev/loop1 [ 532.861821][ T6856] BTRFS warning (device ): duplicate device fsid:devid for abb5d618-46c7-4e89-943b-7a9d2665c168:0 old:/dev/loop5 new:/dev/loop2 [ 532.963459][ T6862] BTRFS warning (device ): duplicate device fsid:devid for abb5d618-46c7-4e89-943b-7a9d2665c168:0 old:/dev/loop5 new:/dev/loop4 [ 532.978646][ T6861] BTRFS warning (device ): duplicate device fsid:devid for abb5d618-46c7-4e89-943b-7a9d2665c168:0 old:/dev/loop5 new:/dev/loop3 [ 533.081638][ T6857] BTRFS error (device loop5): open_ctree failed [ 533.088445][ T6859] BTRFS: device fsid abb5d618-46c7-4e89-943b-7a9d2665c168 devid 1 transid 7 /dev/loop0 scanned by syz-executor611 (6859) executing program [ 533.153975][ T6858] BTRFS warning (device ): duplicate device fsid:devid for abb5d618-46c7-4e89-943b-7a9d2665c168:1 old:/dev/loop0 new:/dev/loop1 [ 533.173463][ T6859] BTRFS info (device loop0): disk space caching is enabled [ 533.182641][ T6856] BTRFS warning (device ): duplicate device fsid:devid for abb5d618-46c7-4e89-943b-7a9d2665c168:1 old:/dev/loop0 new:/dev/loop2 [ 533.183292][ T6859] BTRFS info (device loop0): has skinny extents executing program executing program [ 533.218901][ T6862] BTRFS warning (device ): duplicate device fsid:devid for abb5d618-46c7-4e89-943b-7a9d2665c168:1 old:/dev/loop0 new:/dev/loop4 [ 533.249275][ T6861] BTRFS warning (device ): duplicate device fsid:devid for abb5d618-46c7-4e89-943b-7a9d2665c168:1 old:/dev/loop0 new:/dev/loop3 executing program executing program executing program executing program [ 533.321419][ T6857] BTRFS warning (device ): duplicate device fsid:devid for abb5d618-46c7-4e89-943b-7a9d2665c168:1 old:/dev/loop0 new:/dev/loop5 executing program executing program executing program executing program executing program [ 533.378021][ T6880] BTRFS warning (device ): duplicate device fsid:devid for abb5d618-46c7-4e89-943b-7a9d2665c168:1 old:/dev/loop0 new:/dev/loop2 executing program executing program executing program [ 533.434269][ T6888] BTRFS warning (device ): duplicate device fsid:devid for abb5d618-46c7-4e89-943b-7a9d2665c168:1 old:/dev/loop0 new:/dev/loop1 [ 533.461848][ T6914] BTRFS warning (device ): duplicate device fsid:devid for abb5d618-46c7-4e89-943b-7a9d2665c168:1 old:/dev/loop0 new:/dev/loop5 executing program [ 533.481308][ T6919] BTRFS error (device loop0): bad tree block start, want 5267456 have 0 executing program executing program executing program executing program executing program executing program [ 533.518336][ T6859] BTRFS warning (device loop0): failed to read root (objectid=7): -5 [ 533.576287][ T6859] BTRFS error (device loop0): open_ctree failed [ 533.602593][ T6917] BTRFS info (device loop0): disk space caching is enabled [ 533.610948][ T6917] BTRFS info (device loop0): has skinny extents executing program [ 533.694772][ T6917] BTRFS error (device loop0): super_num_devices 1 mismatch with num_devices 1 found here [ 533.707429][ T6917] BTRFS error (device loop0): failed to read chunk tree: -22 [ 533.717991][ T6937] ================================================================== [ 533.726409][ T6937] BUG: KASAN: use-after-free in btrfs_printk+0x3eb/0x435 [ 533.733438][ T6937] Read of size 8 at addr ffff8880915106a8 by task syz-executor611/6937 [ 533.741666][ T6937] [ 533.744007][ T6937] CPU: 0 PID: 6937 Comm: syz-executor611 Not tainted 5.9.0-rc7-syzkaller #0 [ 533.752760][ T6937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 533.762819][ T6937] Call Trace: [ 533.766220][ T6937] dump_stack+0x1d6/0x29e [ 533.770634][ T6937] print_address_description+0x66/0x620 [ 533.776314][ T6937] ? printk+0x62/0x83 [ 533.780440][ T6937] ? _raw_spin_lock_irqsave+0x84/0xd0 [ 533.785832][ T6937] ? vprintk_emit+0x2f0/0x370 [ 533.790551][ T6937] kasan_report+0x132/0x1d0 [ 533.795080][ T6937] ? btrfs_printk+0x3eb/0x435 [ 533.799780][ T6937] btrfs_printk+0x3eb/0x435 [ 533.804410][ T6937] ? rcu_lock_acquire+0x5/0x30 [ 533.809248][ T6937] ? lock_is_held_type+0xb3/0xe0 [ 533.814203][ T6937] device_list_add+0x1a88/0x1d60 [ 533.819195][ T6937] btrfs_scan_one_device+0x196/0x490 [ 533.824527][ T6937] btrfs_mount_root+0x48f/0xb60 [ 533.829582][ T6937] ? vfs_parse_fs_string+0x150/0x1e0 [ 533.834944][ T6937] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 533.840534][ T6937] ? trace_kfree+0xb2/0x100 [ 533.845081][ T6937] ? vfs_parse_fs_string+0x150/0x1e0 [ 533.850387][ T6937] legacy_get_tree+0xea/0x180 [ 533.855086][ T6937] ? btrfs_control_open+0x40/0x40 [ 533.860197][ T6937] vfs_get_tree+0x88/0x270 [ 533.865066][ T6937] vfs_kern_mount+0xc9/0x160 [ 533.869666][ T6937] btrfs_mount+0x33c/0xae0 [ 533.874091][ T6937] ? vfs_parse_fs_string+0x150/0x1e0 [ 533.879378][ T6937] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 533.885041][ T6937] ? cap_capable+0x23f/0x280 [ 533.889652][ T6937] legacy_get_tree+0xea/0x180 [ 533.894332][ T6937] ? btrfs_resize_thread_pool+0x250/0x250 [ 533.900069][ T6937] vfs_get_tree+0x88/0x270 [ 533.904493][ T6937] path_mount+0x179d/0x29e0 [ 533.909016][ T6937] __se_sys_mount+0x126/0x180 [ 533.913705][ T6937] do_syscall_64+0x31/0x70 [ 533.918128][ T6937] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 533.924025][ T6937] RIP: 0033:0x44873a [ 533.927922][ T6937] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 aa a2 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 533.947541][ T6937] RSP: 002b:00007ffe9f6bb208 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 533.956031][ T6937] RAX: ffffffffffffffda RBX: 00007ffe9f6bb280 RCX: 000000000044873a [ 533.964041][ T6937] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe9f6bb240 [ 533.972052][ T6937] RBP: 00007ffe9f6bb240 R08: 00007ffe9f6bb280 R09: 0000000000000000 [ 533.980040][ T6937] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000034 [ 533.988033][ T6937] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 533.998464][ T6937] [ 534.000870][ T6937] Allocated by task 6859: [ 534.005206][ T6937] __kasan_kmalloc+0x100/0x130 [ 534.010076][ T6937] kvmalloc_node+0x81/0x110 [ 534.014602][ T6937] btrfs_mount_root+0xd0/0xb60 [ 534.019365][ T6937] legacy_get_tree+0xea/0x180 [ 534.024042][ T6937] vfs_get_tree+0x88/0x270 [ 534.028464][ T6937] vfs_kern_mount+0xc9/0x160 [ 534.033063][ T6937] btrfs_mount+0x33c/0xae0 [ 534.037511][ T6937] legacy_get_tree+0xea/0x180 [ 534.042191][ T6937] vfs_get_tree+0x88/0x270 [ 534.046962][ T6937] path_mount+0x179d/0x29e0 [ 534.051557][ T6937] __se_sys_mount+0x126/0x180 [ 534.056240][ T6937] do_syscall_64+0x31/0x70 [ 534.060660][ T6937] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.066552][ T6937] [ 534.069137][ T6937] Freed by task 6859: [ 534.073145][ T6937] kasan_set_track+0x3d/0x70 [ 534.077814][ T6937] kasan_set_free_info+0x17/0x30 [ 534.082753][ T6937] __kasan_slab_free+0xdd/0x110 [ 534.087626][ T6937] kfree+0x113/0x200 [ 534.091521][ T6937] deactivate_locked_super+0xa7/0xf0 [ 534.096809][ T6937] btrfs_mount_root+0x72b/0xb60 [ 534.101669][ T6937] legacy_get_tree+0xea/0x180 [ 534.106351][ T6937] vfs_get_tree+0x88/0x270 [ 534.110771][ T6937] vfs_kern_mount+0xc9/0x160 [ 534.115371][ T6937] btrfs_mount+0x33c/0xae0 [ 534.119795][ T6937] legacy_get_tree+0xea/0x180 [ 534.124479][ T6937] vfs_get_tree+0x88/0x270 [ 534.128898][ T6937] path_mount+0x179d/0x29e0 [ 534.133403][ T6937] __se_sys_mount+0x126/0x180 [ 534.138104][ T6937] do_syscall_64+0x31/0x70 [ 534.142522][ T6937] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.148403][ T6937] [ 534.150739][ T6937] The buggy address belongs to the object at ffff888091510000 [ 534.150739][ T6937] which belongs to the cache kmalloc-16k of size 16384 [ 534.164968][ T6937] The buggy address is located 1704 bytes inside of [ 534.164968][ T6937] 16384-byte region [ffff888091510000, ffff888091514000) [ 534.178557][ T6937] The buggy address belongs to the page: [ 534.184222][ T6937] page:000000009073ec36 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x91510 [ 534.194354][ T6937] head:000000009073ec36 order:3 compound_mapcount:0 compound_pincount:0 [ 534.206720][ T6937] flags: 0xfffe0000010200(slab|head) [ 534.211995][ T6937] raw: 00fffe0000010200 ffffea0002221208 ffffea00029a8808 ffff8880aa440b00 [ 534.220577][ T6937] raw: 0000000000000000 ffff888091510000 0000000100000001 0000000000000000 [ 534.229148][ T6937] page dumped because: kasan: bad access detected [ 534.235635][ T6937] [ 534.237990][ T6937] Memory state around the buggy address: [ 534.243673][ T6937] ffff888091510580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 534.251723][ T6937] ffff888091510600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 534.259881][ T6937] >ffff888091510680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 534.267916][ T6937] ^ [ 534.273540][ T6937] ffff888091510700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 534.281594][ T6937] ffff888091510780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb executing program [ 534.289631][ T6937] ================================================================== [ 534.297673][ T6937] Disabling lock debugging due to kernel taint [ 534.305696][ T6937] Kernel panic - not syncing: panic_on_warn set ... [ 534.312288][ T6937] CPU: 0 PID: 6937 Comm: syz-executor611 Tainted: G B 5.9.0-rc7-syzkaller #0 [ 534.322337][ T6937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.332382][ T6937] Call Trace: [ 534.335670][ T6937] dump_stack+0x1d6/0x29e [ 534.340613][ T6937] panic+0x2c0/0x800 [ 534.344595][ T6937] ? trace_hardirqs_on+0x30/0x80 [ 534.349532][ T6937] kasan_report+0x1c9/0x1d0 [ 534.354037][ T6937] ? btrfs_printk+0x3eb/0x435 [ 534.358720][ T6937] btrfs_printk+0x3eb/0x435 [ 534.363197][ T6937] ? rcu_lock_acquire+0x5/0x30 [ 534.367942][ T6937] ? lock_is_held_type+0xb3/0xe0 [ 534.372863][ T6937] device_list_add+0x1a88/0x1d60 [ 534.377800][ T6937] btrfs_scan_one_device+0x196/0x490 [ 534.383091][ T6937] btrfs_mount_root+0x48f/0xb60 [ 534.387941][ T6937] ? vfs_parse_fs_string+0x150/0x1e0 [ 534.393214][ T6937] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 534.398746][ T6937] ? trace_kfree+0xb2/0x100 [ 534.403227][ T6937] ? vfs_parse_fs_string+0x150/0x1e0 [ 534.408492][ T6937] legacy_get_tree+0xea/0x180 [ 534.413152][ T6937] ? btrfs_control_open+0x40/0x40 [ 534.418150][ T6937] vfs_get_tree+0x88/0x270 [ 534.422545][ T6937] vfs_kern_mount+0xc9/0x160 [ 534.427264][ T6937] btrfs_mount+0x33c/0xae0 [ 534.431667][ T6937] ? vfs_parse_fs_string+0x150/0x1e0 [ 534.436984][ T6937] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 534.442523][ T6937] ? cap_capable+0x23f/0x280 [ 534.447099][ T6937] legacy_get_tree+0xea/0x180 [ 534.451766][ T6937] ? btrfs_resize_thread_pool+0x250/0x250 [ 534.457463][ T6937] vfs_get_tree+0x88/0x270 [ 534.461868][ T6937] path_mount+0x179d/0x29e0 [ 534.466424][ T6937] __se_sys_mount+0x126/0x180 [ 534.471082][ T6937] do_syscall_64+0x31/0x70 [ 534.475510][ T6937] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 534.481378][ T6937] RIP: 0033:0x44873a [ 534.485246][ T6937] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 aa a2 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 534.504827][ T6937] RSP: 002b:00007ffe9f6bb208 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 534.513211][ T6937] RAX: ffffffffffffffda RBX: 00007ffe9f6bb280 RCX: 000000000044873a [ 534.521170][ T6937] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe9f6bb240 [ 534.529112][ T6937] RBP: 00007ffe9f6bb240 R08: 00007ffe9f6bb280 R09: 0000000000000000 [ 534.537079][ T6937] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000034 [ 534.545027][ T6937] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 534.553655][ T6937] Kernel Offset: disabled [ 534.557984][ T6937] Rebooting in 86400 seconds..