./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3956585428 <...> DUID 00:04:7c:8f:25:e4:1e:61:d4:15:b8:1c:50:2a:7f:f5:0b:01 forked to background, child pid 3210 [ 29.856362][ T3211] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.865437][ T3211] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.125' (ECDSA) to the list of known hosts. execve("./syz-executor3956585428", ["./syz-executor3956585428"], 0x7fff460e9d60 /* 10 vars */) = 0 brk(NULL) = 0x555555fd9000 brk(0x555555fd9c40) = 0x555555fd9c40 arch_prctl(ARCH_SET_FS, 0x555555fd9300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3956585428", 4096) = 28 brk(0x555555ffac40) = 0x555555ffac40 brk(0x555555ffb000) = 0x555555ffb000 mprotect(0x7f04395f4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fd95d0) = 3639 ./strace-static-x86_64: Process 3639 attached [pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3639] setpgid(0, 0) = 0 [pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3639] write(3, "1000", 4) = 4 [pid 3639] close(3) = 0 [pid 3639] memfd_create("syzkaller", 0) = 3 [pid 3639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0431000000 [pid 3639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3639] munmap(0x7f0431000000, 16777216) = 0 [pid 3639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3639] close(3) = 0 [pid 3639] mkdir("./file0", 0777) = 0 syzkaller login: [ 52.470167][ T3639] loop0: detected capacity change from 0 to 32768 [ 52.482385][ T3639] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor395 (3639) [ 52.502751][ T3639] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 52.511591][ T3639] BTRFS info (device loop0): using free space tree [pid 3639] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 3639] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3639] chdir("./file0") = 0 [pid 3639] ioctl(4, LOOP_CLR_FD) = 0 [pid 3639] close(4) = 0 [pid 3639] creat("./bus", 000) = 4 [ 52.533639][ T3639] BTRFS info (device loop0): enabling ssd optimizations [pid 3639] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 010) = 5 [pid 3639] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 3639] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 52.580086][ T27] audit: type=1800 audit(1669413462.838:2): pid=3639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor395" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 3639] fallocate(4, 0, 0, 2622468) = 0 [pid 3639] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 3639] write(7, "4", 1) = 1 [ 52.644149][ T1040] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 52.655678][ T3639] ------------[ cut here ]------------ [ 52.661312][ T3639] kernel BUG at fs/btrfs/extent-io-tree.c:381! [ 52.667568][ T3639] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 52.673641][ T3639] CPU: 0 PID: 3639 Comm: syz-executor395 Not tainted 6.1.0-rc6-syzkaller-00176-g08ad43d554ba #0 [ 52.684065][ T3639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 52.694127][ T3639] RIP: 0010:insert_state_fast+0x242/0x250 [ 52.699879][ T3639] Code: 2e fe e9 77 ff ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 72 fe ff ff 4c 89 e7 e8 68 c6 2e fe e9 65 fe ff ff e8 7e ae da fd <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55 41 [ 52.719493][ T3639] RSP: 0018:ffffc90003caf698 EFLAGS: 00010293 [ 52.725575][ T3639] RAX: ffffffff83afe9f2 RBX: dffffc0000000000 RCX: ffff8880769f1d40 [ 52.733555][ T3639] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 52.741534][ T3639] RBP: 00000000fffffff4 R08: ffffffff83afe914 R09: 00000000ffffffff [ 52.749495][ T3639] R10: fffffbfff1a42e97 R11: 1ffffffff1a42e96 R12: 0000000000000000 [ 52.757457][ T3639] R13: ffff88801dd5a888 R14: ffff88807efe6600 R15: 0000000000001000 [ 52.765421][ T3639] FS: 0000555555fd9300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 52.774345][ T3639] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.780915][ T3639] CR2: 00007f2046350028 CR3: 0000000027a45000 CR4: 00000000003506f0 [ 52.788882][ T3639] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.796838][ T3639] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.804796][ T3639] Call Trace: [ 52.808063][ T3639] [ 52.810988][ T3639] __set_extent_bit+0x1547/0x19a0 [ 52.816010][ T3639] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 52.821978][ T3639] ? __kmem_cache_alloc_node+0x211/0x310 [ 52.827601][ T3639] ? qgroup_reserve_data+0x1d7/0x6f0 [ 52.832882][ T3639] set_record_extent_bits+0x50/0x80 [ 52.838073][ T3639] qgroup_reserve_data+0x27b/0x6f0 [ 52.843181][ T3639] btrfs_qgroup_reserve_data+0x2a/0xc0 [ 52.848633][ T3639] btrfs_check_data_free_space+0x144/0x240 [ 52.854431][ T3639] btrfs_buffered_write+0x56c/0x16f0 [ 52.859711][ T3639] ? __file_remove_privs+0x29b/0x6c0 [ 52.864995][ T3639] ? btrfs_do_write_iter+0x1260/0x1260 [ 52.870442][ T3639] ? __up_read+0x251/0x690 [ 52.874849][ T3639] ? up_read+0x20/0x20 [ 52.878901][ T3639] ? btrfs_write_check+0x4a9/0x540 [ 52.884004][ T3639] btrfs_do_write_iter+0xeb4/0x1260 [ 52.889197][ T3639] ? btrfs_check_nocow_unlock+0x40/0x40 [ 52.894752][ T3639] vfs_write+0x7dc/0xc50 [ 52.899011][ T3639] ? file_end_write+0x230/0x230 [ 52.903959][ T3639] ? ptrace_stop+0x74d/0x970 [ 52.908551][ T3639] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.913753][ T3639] ? __fdget_pos+0x252/0x2e0 [ 52.918342][ T3639] ksys_write+0x177/0x2a0 [ 52.922666][ T3639] ? __ia32_sys_read+0x80/0x80 [ 52.927423][ T3639] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 52.933395][ T3639] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 52.939365][ T3639] do_syscall_64+0x3d/0xb0 [ 52.943773][ T3639] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.949663][ T3639] RIP: 0033:0x7f0439581609 [ 52.954076][ T3639] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.973685][ T3639] RSP: 002b:00007ffd0997e468 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 52.982096][ T3639] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0439581609 [ 52.990065][ T3639] RDX: 0000000000000049 RSI: 0000000020000180 RDI: 0000000000000005 [ 52.998037][ T3639] RBP: 00007ffd0997e480 R08: 0000000000000001 R09: 000000000000000d [ 53.006009][ T3639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 53.013983][ T3639] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000 [ 53.021959][ T3639] [ 53.024971][ T3639] Modules linked in: [ 53.029086][ T3639] ---[ end trace 0000000000000000 ]--- [ 53.034527][ T3639] RIP: 0010:insert_state_fast+0x242/0x250 [ 53.040285][ T3639] Code: 2e fe e9 77 ff ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 72 fe ff ff 4c 89 e7 e8 68 c6 2e fe e9 65 fe ff ff e8 7e ae da fd <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55 41 [ 53.059983][ T3639] RSP: 0018:ffffc90003caf698 EFLAGS: 00010293 [ 53.066094][ T3639] RAX: ffffffff83afe9f2 RBX: dffffc0000000000 RCX: ffff8880769f1d40 [ 53.074068][ T3639] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 53.082049][ T3639] RBP: 00000000fffffff4 R08: ffffffff83afe914 R09: 00000000ffffffff [ 53.090062][ T3639] R10: fffffbfff1a42e97 R11: 1ffffffff1a42e96 R12: 0000000000000000 [ 53.098069][ T3639] R13: ffff88801dd5a888 R14: ffff88807efe6600 R15: 0000000000001000 [ 53.106161][ T3639] FS: 0000555555fd9300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 53.115112][ T3639] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.121687][ T3639] CR2: 00007f2046350028 CR3: 0000000027a45000 CR4: 00000000003506f0 [ 53.129679][ T3639] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.137682][ T3639] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.145674][ T3639] Kernel panic - not syncing: Fatal exception [ 53.151901][ T3639] Kernel Offset: disabled [ 53.156218][ T3639] Rebooting in 86400 seconds..