Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 65.316974][ T6873] BTRFS: device fsid e8bfd771-5790-43b1-af19-d2dcfab1b0f9 devid 1 transid 5 /dev/loop0 scanned by syz-executor813 (6873) [ 65.338034][ T6873] BTRFS info (device loop0): disk space caching is enabled [ 65.345485][ T6873] BTRFS info (device loop0): has skinny extents [ 65.367715][ T21] ================================================================== [ 65.376636][ T21] BUG: KASAN: stack-out-of-bounds in read_extent_buffer+0x114/0x150 [ 65.385294][ T21] Write of size 8 at addr ffffc90000dd79f0 by task kworker/u4:1/21 [ 65.393518][ T21] [ 65.395836][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.9.0-rc5-next-20200917-syzkaller #0 [ 65.405299][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.415479][ T21] Workqueue: btrfs-endio-meta btrfs_work_helper [ 65.422157][ T21] Call Trace: [ 65.425869][ T21] dump_stack+0x198/0x1fb [ 65.430400][ T21] ? read_extent_buffer+0x114/0x150 [ 65.435693][ T21] ? read_extent_buffer+0x114/0x150 [ 65.441166][ T21] print_address_description.constprop.0.cold+0x5/0x497 [ 65.448623][ T21] ? check_preemption_disabled+0x50/0x130 [ 65.454609][ T21] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 65.461482][ T21] ? vprintk_func+0x95/0x1e0 [ 65.466600][ T21] ? read_extent_buffer+0x114/0x150 [ 65.471901][ T21] ? read_extent_buffer+0x114/0x150 [ 65.477091][ T21] kasan_report.cold+0x1f/0x37 [ 65.482732][ T21] ? read_extent_buffer+0x114/0x150 [ 65.488008][ T21] check_memory_region+0x13d/0x180 [ 65.493136][ T21] memcpy+0x39/0x60 [ 65.500157][ T21] read_extent_buffer+0x114/0x150 [ 65.505187][ T21] btree_readpage_end_io_hook+0x7de/0x950 [ 65.510917][ T21] ? btrfs_set_buffer_lockdep_class+0x1b0/0x1b0 [ 65.517246][ T21] ? stack_trace_save+0x8c/0xc0 [ 65.522098][ T21] ? stack_trace_consume_entry+0x160/0x160 [ 65.527990][ T21] ? add_lock_to_list.constprop.0+0x185/0x520 [ 65.534481][ T21] end_bio_extent_readpage+0x4de/0x10c0 [ 65.541155][ T21] ? btrfs_submit_read_repair+0x1360/0x1360 [ 65.547056][ T21] ? iolatency_pd_stat+0x590/0x590 [ 65.552521][ T21] ? btrfs_submit_read_repair+0x1360/0x1360 [ 65.558529][ T21] bio_endio+0x3d3/0x7a0 [ 65.562817][ T21] ? btrfs_submit_read_repair+0x1360/0x1360 [ 65.568936][ T21] end_workqueue_fn+0x114/0x170 [ 65.574151][ T21] btrfs_work_helper+0x20a/0xd20 [ 65.579196][ T21] ? lock_is_held_type+0xbb/0xf0 [ 65.584331][ T21] process_one_work+0x933/0x15a0 [ 65.589295][ T21] ? pwq_dec_nr_in_flight+0x320/0x320 [ 65.594693][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 65.599662][ T21] worker_thread+0x64c/0x1120 [ 65.604479][ T21] ? process_one_work+0x15a0/0x15a0 [ 65.609792][ T21] kthread+0x3af/0x4a0 [ 65.613880][ T21] ? __kthread_bind_mask+0xc0/0xc0 [ 65.619050][ T21] ret_from_fork+0x1f/0x30 [ 65.623515][ T21] [ 65.626019][ T21] [ 65.628354][ T21] addr ffffc90000dd79f0 is located in stack of task kworker/u4:1/21 at offset 48 in frame: [ 65.640565][ T21] btree_readpage_end_io_hook+0x0/0x950 [ 65.646327][ T21] [ 65.648662][ T21] this frame has 4 objects: [ 65.653234][ T21] [48, 52) 'val' [ 65.653243][ T21] [64, 80) 'fsid' [ 65.656871][ T21] [96, 128) 'result' [ 65.660569][ T21] [160, 192) 'found' [ 65.664900][ T21] [ 65.671536][ T21] Memory state around the buggy address: [ 65.677176][ T21] ffffc90000dd7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.686004][ T21] ffffc90000dd7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.695034][ T21] >ffffc90000dd7980: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 [ 65.704641][ T21] ^ [ 65.715719][ T21] ffffc90000dd7a00: 00 00 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00 [ 65.724434][ T21] ffffc90000dd7a80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.732999][ T21] ================================================================== [ 65.741476][ T21] Disabling lock debugging due to kernel taint [ 65.748664][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 65.755301][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.9.0-rc5-next-20200917-syzkaller #0 [ 65.766172][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.776600][ T21] Workqueue: btrfs-endio-meta btrfs_work_helper [ 65.783442][ T21] Call Trace: [ 65.787069][ T21] dump_stack+0x198/0x1fb [ 65.791589][ T21] ? read_extent_buffer+0xa0/0x150 [ 65.797115][ T21] panic+0x382/0x7fb [ 65.803556][ T21] ? __warn_printk+0xf3/0xf3 [ 65.808773][ T21] ? preempt_schedule_common+0x59/0xc0 [ 65.814822][ T21] ? read_extent_buffer+0x114/0x150 [ 65.820300][ T21] ? preempt_schedule_thunk+0x16/0x18 [ 65.826105][ T21] ? trace_hardirqs_on+0x51/0x1c0 [ 65.831194][ T21] ? read_extent_buffer+0x114/0x150 [ 65.836561][ T21] ? read_extent_buffer+0x114/0x150 [ 65.841742][ T21] end_report+0x58/0x5e [ 65.846065][ T21] kasan_report.cold+0xd/0x37 [ 65.850908][ T21] ? read_extent_buffer+0x114/0x150 [ 65.856674][ T21] check_memory_region+0x13d/0x180 [ 65.861765][ T21] memcpy+0x39/0x60 [ 65.865636][ T21] read_extent_buffer+0x114/0x150 [ 65.870637][ T21] btree_readpage_end_io_hook+0x7de/0x950 [ 65.876333][ T21] ? btrfs_set_buffer_lockdep_class+0x1b0/0x1b0 [ 65.882761][ T21] ? stack_trace_save+0x8c/0xc0 [ 65.887593][ T21] ? stack_trace_consume_entry+0x160/0x160 [ 65.893673][ T21] ? add_lock_to_list.constprop.0+0x185/0x520 [ 65.900065][ T21] end_bio_extent_readpage+0x4de/0x10c0 [ 65.905604][ T21] ? btrfs_submit_read_repair+0x1360/0x1360 [ 65.911529][ T21] ? iolatency_pd_stat+0x590/0x590 [ 65.916709][ T21] ? btrfs_submit_read_repair+0x1360/0x1360 [ 65.922585][ T21] bio_endio+0x3d3/0x7a0 [ 65.926816][ T21] ? btrfs_submit_read_repair+0x1360/0x1360 [ 65.932680][ T21] end_workqueue_fn+0x114/0x170 [ 65.937519][ T21] btrfs_work_helper+0x20a/0xd20 [ 65.942432][ T21] ? lock_is_held_type+0xbb/0xf0 [ 65.947347][ T21] process_one_work+0x933/0x15a0 [ 65.952265][ T21] ? pwq_dec_nr_in_flight+0x320/0x320 [ 65.957626][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 65.962738][ T21] worker_thread+0x64c/0x1120 [ 65.967505][ T21] ? process_one_work+0x15a0/0x15a0 [ 65.972675][ T21] kthread+0x3af/0x4a0 [ 65.976725][ T21] ? __kthread_bind_mask+0xc0/0xc0 [ 65.981819][ T21] ret_from_fork+0x1f/0x30 [ 65.987957][ T21] Kernel Offset: disabled [ 65.992336][ T21] Rebooting in 86400 seconds..