./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor561805090 <...> ive=1 [ 45.503434][ T26] audit: type=1400 audit(1692547567.615:81): avc: denied { siginh } for pid=4863 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 46.400703][ T26] audit: type=1400 audit(1692547568.565:82): avc: denied { read } for pid=4451 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 Warning: Permanently added '10.128.0.139' (ED25519) to the list of known hosts. execve("./syz-executor561805090", ["./syz-executor561805090"], 0x7ffcde2e4090 /* 10 vars */) = 0 brk(NULL) = 0x555557009000 brk(0x555557009d40) = 0x555557009d40 arch_prctl(ARCH_SET_FS, 0x5555570093c0) = 0 set_tid_address(0x555557009690) = 5013 set_robust_list(0x5555570096a0, 24) = 0 rseq(0x555557009ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor561805090", 4096) = 27 getrandom("\x8b\x63\x6b\xaa\xb0\xe9\x58\xa0", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557009d40 brk(0x55555702ad40) = 0x55555702ad40 brk(0x55555702b000) = 0x55555702b000 mprotect(0x7f0ca07a9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 [ 59.704667][ T26] audit: type=1400 audit(1692547581.875:83): avc: denied { write } for pid=5010 comm="strace-static-x" path="pipe:[30123]" dev="pipefs" ino=30123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557009690) = 5014 ./strace-static-x86_64: Process 5014 attached [pid 5014] set_robust_list(0x5555570096a0, 24) = 0 [pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5014] setpgid(0, 0) = 0 [pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5014] write(3, "1000", 4) = 4 [pid 5014] close(3) = 0 [pid 5014] futex(0x7f0ca07af60c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] rt_sigaction(SIGRT_1, {sa_handler=0x7f0ca0749670, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0ca073ad20}, NULL, 8) = 0 [pid 5014] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0ca06c0000 [pid 5014] mprotect(0x7f0ca06c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0ca06e0990, parent_tid=0x7f0ca06e0990, exit_signal=0, stack=0x7f0ca06c0000, stack_size=0x20300, tls=0x7f0ca06e06c0} => {parent_tid=[5016]}, 88) = 5016 [pid 5014] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5014] futex(0x7f0ca07af608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f0ca07af60c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5016 attached [pid 5016] rseq(0x7f0ca06e0fe0, 0x20, 0, 0x53053053) = 0 [pid 5016] set_robust_list(0x7f0ca06e09a0, 24) = 0 [pid 5016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 59.736919][ T26] audit: type=1400 audit(1692547581.905:84): avc: denied { execmem } for pid=5013 comm="syz-executor561" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 59.758430][ T26] audit: type=1400 audit(1692547581.905:85): avc: denied { read write } for pid=5013 comm="syz-executor561" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5016] memfd_create("syzkaller", 0) = 3 [pid 5016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0c982c0000 [ 59.783422][ T26] audit: type=1400 audit(1692547581.905:86): avc: denied { open } for pid=5013 comm="syz-executor561" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 59.799676][ T5016] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5016 'syz-executor561' [ 59.809395][ T26] audit: type=1400 audit(1692547581.905:87): avc: denied { ioctl } for pid=5013 comm="syz-executor561" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 59.844256][ T26] audit: type=1400 audit(1692547582.015:88): avc: denied { append } for pid=4451 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 59.867126][ T26] audit: type=1400 audit(1692547582.015:89): avc: denied { open } for pid=4451 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 59.890274][ T26] audit: type=1400 audit(1692547582.015:90): avc: denied { getattr } for pid=4451 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [pid 5016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5016] munmap(0x7f0c982c0000, 16777216) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5016] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5016] close(3) = 0 [pid 5016] mkdir("./file0", 0777) = 0 [ 60.031403][ T5016] loop0: detected capacity change from 0 to 32768 [ 60.043105][ T26] audit: type=1400 audit(1692547582.215:91): avc: denied { mounton } for pid=5014 comm="syz-executor561" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 60.048040][ T5016] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor561 (5016) [ 60.086437][ T5016] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 60.095578][ T5016] BTRFS info (device loop0): using free space tree [ 60.118990][ T5016] BTRFS info (device loop0): enabling ssd optimizations [ 60.126250][ T5016] BTRFS info (device loop0): auto enabling async discard [pid 5016] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5016] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5016] chdir("./file0") = 0 [pid 5016] ioctl(4, LOOP_CLR_FD) = 0 [pid 5016] close(4) = 0 [pid 5016] futex(0x7f0ca07af60c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f0ca07af608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f0ca07af60c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... futex resumed>) = 1 [pid 5016] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 5016] futex(0x7f0ca07af60c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f0ca07af608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f0ca07af60c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... futex resumed>) = 1 [pid 5016] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5016] futex(0x7f0ca07af60c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f0ca07af608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f0ca07af60c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... futex resumed>) = 1 [pid 5016] fallocate(5, 0, 0, 1048816) = 0 [pid 5016] futex(0x7f0ca07af60c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f0ca07af608, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] sendfile(4, 5, NULL, 142606348 [pid 5014] <... futex resumed>) = 0 [ 60.138497][ T26] audit: type=1400 audit(1692547582.305:92): avc: denied { mount } for pid=5014 comm="syz-executor561" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 5014] futex(0x7f0ca07af60c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5014] futex(0x7f0ca07af61c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0c9929f000 [pid 5014] mprotect(0x7f0c992a0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0c992bf990, parent_tid=0x7f0c992bf990, exit_signal=0, stack=0x7f0c9929f000, stack_size=0x20300, tls=0x7f0c992bf6c0} => {parent_tid=[5033]}, 88) = 5033 [pid 5014] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5014] futex(0x7f0ca07af618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f0ca07af61c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5033 attached [pid 5033] rseq(0x7f0c992bffe0, 0x20, 0, 0x53053053) = 0 [pid 5033] set_robust_list(0x7f0c992bf9a0, 24) = 0 [pid 5033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5033] open(".", O_RDONLY) = 6 [pid 5033] futex(0x7f0ca07af61c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f0ca07af618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f0ca07af61c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 1 [pid 5033] ioctl(6, BTRFS_IOC_BALANCE_V2, {flags=0} [pid 5014] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5014] futex(0x7f0ca07af61c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5014] futex(0x7f0ca07af61c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 60.301898][ T5033] BTRFS info (device loop0): balance: start [ 60.309294][ T5033] BTRFS info (device loop0): balance: ended with status: 0 [ 60.309363][ T5016] ------------[ cut here ]------------ [ 60.322314][ T5016] BTRFS: Transaction aborted (error -28) [ 60.328842][ T5016] WARNING: CPU: 0 PID: 5016 at fs/btrfs/extent-tree.c:3055 __btrfs_free_extent+0x19ea/0x2c30 [ 60.339435][ T5016] Modules linked in: [ 60.343650][ T5016] CPU: 0 PID: 5016 Comm: syz-executor561 Not tainted 6.5.0-rc6-syzkaller-00253-g9e6c269de404 #0 [ 60.354328][ T5016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 60.364669][ T5016] RIP: 0010:__btrfs_free_extent+0x19ea/0x2c30 [ 60.370849][ T5016] Code: 00 e8 4a 1b 1a fe 0f 1f 44 00 00 bb 01 00 00 00 e9 f5 f7 ff ff e8 36 1b 1a fe 8b 74 24 58 48 c7 c7 40 f3 b4 8a e8 86 dc e0 fd <0f> 0b e9 eb f0 ff ff e8 1a 1b 1a fe 48 8b 54 24 30 48 b8 00 00 00 [ 60.390640][ T5016] RSP: 0018:ffffc900033fefe8 EFLAGS: 00010282 [ 60.396983][ T5016] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 60.405185][ T5016] RDX: ffff88802bbec1c0 RSI: ffffffff814be3c6 RDI: 0000000000000001 [ 60.413393][ T5016] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 60.421405][ T5016] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880241e6840 [ 60.429559][ T5016] R13: ffff8880763be6b8 R14: 00000000ffffffe4 R15: 0000000000520000 [ 60.437703][ T5016] FS: 00007f0ca06e06c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [pid 5014] exit_group(0) = ? [ 60.447017][ T5016] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.453706][ T5016] CR2: 000055f6f3f1c35a CR3: 00000000241ba000 CR4: 00000000003506f0 [ 60.461811][ T5016] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.470044][ T5016] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.478093][ T5016] Call Trace: [ 60.481589][ T5016] [ 60.484645][ T5016] ? __warn+0xe6/0x380 [ 60.488850][ T5016] ? preempt_schedule_notrace+0x5f/0xe0 [ 60.494564][ T5016] ? __btrfs_free_extent+0x19ea/0x2c30 [ 60.500076][ T5016] ? report_bug+0x3bc/0x580 [ 60.504831][ T5016] ? handle_bug+0x3c/0x70 [ 60.509286][ T5016] ? exc_invalid_op+0x17/0x40 [ 60.514165][ T5016] ? asm_exc_invalid_op+0x1a/0x20 [ 60.519231][ T5016] ? __warn_printk+0x1a6/0x350 [ 60.524079][ T5016] ? __btrfs_free_extent+0x19ea/0x2c30 [ 60.529578][ T5016] ? __btrfs_free_extent+0x19ea/0x2c30 [ 60.535109][ T5016] ? lookup_extent_backref+0x110/0x110 [ 60.540615][ T5016] ? __btrfs_run_delayed_refs+0x60b/0x3b80 [ 60.546533][ T5016] ? reacquire_held_locks+0x4b0/0x4b0 [ 60.551995][ T5016] ? _raw_read_unlock+0x28/0x40 [ 60.556887][ T5016] ? btrfs_merge_delayed_refs+0x47e/0x570 [ 60.562664][ T5016] __btrfs_run_delayed_refs+0xd3d/0x3b80 [ 60.568336][ T5016] ? check_ref_cleanup+0x3e0/0x3e0 [ 60.573689][ T5016] ? lock_sync+0x190/0x190 [ 60.578165][ T5016] btrfs_run_delayed_refs+0x1a1/0x510 [ 60.583607][ T5016] btrfs_commit_transaction+0x81a/0x3fd0 [ 60.589372][ T5016] ? create_pending_snapshots+0x2d0/0x2d0 [ 60.595171][ T5016] ? start_transaction+0x2a5/0x14d0 [ 60.600411][ T5016] btrfs_sync_file+0xfa1/0x1310 [ 60.605418][ T5016] ? start_ordered_ops.constprop.0+0x100/0x100 [ 60.613581][ T5016] ? find_held_lock+0x2d/0x110 [ 60.618387][ T5016] ? reacquire_held_locks+0x4b0/0x4b0 [ 60.623895][ T5016] ? do_raw_spin_lock+0x12e/0x2b0 [ 60.628990][ T5016] ? start_ordered_ops.constprop.0+0x100/0x100 [ 60.635263][ T5016] vfs_fsync_range+0x141/0x220 [ 60.640080][ T5016] btrfs_do_write_iter+0x5ea/0x11a0 [ 60.645389][ T5016] ? btrfs_fdatawrite_range+0x110/0x110 [ 60.651156][ T5016] ? preempt_count_sub+0x150/0x150 [ 60.656361][ T5016] do_iter_readv_writev+0x21e/0x3c0 [ 60.661682][ T5016] ? generic_copy_file_range+0x1d0/0x1d0 [ 60.667473][ T5016] ? avc_policy_seqno+0x9/0x10 [ 60.672366][ T5016] ? selinux_file_permission+0x126/0x590 [ 60.678147][ T5016] ? security_file_permission+0x94/0x100 [ 60.683881][ T5016] do_iter_write+0x17f/0x830 [ 60.688539][ T5016] vfs_iter_write+0x7a/0xb0 [ 60.693156][ T5016] iter_file_splice_write+0x698/0xbf0 [ 60.699008][ T5016] ? splice_from_pipe_next+0x5d0/0x5d0 [ 60.704788][ T5016] ? warn_unsupported+0xc0/0xc0 [ 60.709674][ T5016] ? security_file_permission+0xdc/0x100 [ 60.715574][ T5016] ? splice_from_pipe_next+0x5d0/0x5d0 [ 60.721150][ T5016] direct_splice_actor+0x118/0x180 [ 60.726330][ T5016] splice_direct_to_actor+0x347/0xa30 [ 60.731740][ T5016] ? folio_flags.constprop.0+0x150/0x150 [ 60.738767][ T5016] ? vfs_splice_read+0x3b0/0x3b0 [ 60.743798][ T5016] ? security_file_permission+0x94/0x100 [ 60.749471][ T5016] do_splice_direct+0x1af/0x280 [ 60.754417][ T5016] ? splice_direct_to_actor+0xa30/0xa30 [ 60.760091][ T5016] ? propagate_umount+0x1af0/0x1af0 [ 60.765459][ T5016] do_sendfile+0xb88/0x1390 [ 60.770002][ T5016] ? vfs_iocb_iter_write+0x4c0/0x4c0 [ 60.775370][ T5016] ? ptrace_notify+0xf4/0x130 [ 60.780082][ T5016] ? reacquire_held_locks+0x4b0/0x4b0 [ 60.785559][ T5016] __x64_sys_sendfile64+0x1d6/0x220 [ 60.790800][ T5016] ? __ia32_sys_sendfile+0x220/0x220 [ 60.796147][ T5016] ? lockdep_hardirqs_on+0x7d/0x100 [ 60.801380][ T5016] ? _raw_spin_unlock_irq+0x2e/0x50 [ 60.806675][ T5016] ? ptrace_notify+0xf4/0x130 [ 60.811378][ T5016] do_syscall_64+0x38/0xb0 [ 60.815935][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.821886][ T5016] RIP: 0033:0x7f0ca0723789 [ 60.826407][ T5016] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 60.846108][ T5016] RSP: 002b:00007f0ca06e0218 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 60.854673][ T5016] RAX: ffffffffffffffda RBX: 00007f0ca07af608 RCX: 00007f0ca0723789 [ 60.862706][ T5016] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 60.870709][ T5016] RBP: 00007f0ca07af600 R08: 0000000000000000 R09: 0000000000000000 [ 60.878779][ T5016] R10: 000000000880000c R11: 0000000000000246 R12: 00007f0ca077c66c [ 60.886819][ T5016] R13: 0000000020000600 R14: 00007f0ca07770c0 R15: 0030656c69662f2e [ 60.894962][ T5016] [ 60.898012][ T5016] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 60.905302][ T5016] CPU: 0 PID: 5016 Comm: syz-executor561 Not tainted 6.5.0-rc6-syzkaller-00253-g9e6c269de404 #0 [ 60.915724][ T5016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 60.925783][ T5016] Call Trace: [ 60.929069][ T5016] [ 60.932004][ T5016] dump_stack_lvl+0xd9/0x1b0 [ 60.936608][ T5016] panic+0x6a4/0x750 [ 60.940516][ T5016] ? panic_smp_self_stop+0xa0/0xa0 [ 60.946508][ T5016] ? show_trace_log_lvl+0x29d/0x3c0 [ 60.951838][ T5016] ? __btrfs_free_extent+0x19ea/0x2c30 [ 60.957495][ T5016] check_panic_on_warn+0xab/0xb0 [ 60.962543][ T5016] __warn+0xf2/0x380 [ 60.966455][ T5016] ? preempt_schedule_notrace+0x5f/0xe0 [ 60.972017][ T5016] ? __btrfs_free_extent+0x19ea/0x2c30 [ 60.977492][ T5016] report_bug+0x3bc/0x580 [ 60.981832][ T5016] handle_bug+0x3c/0x70 [ 60.986002][ T5016] exc_invalid_op+0x17/0x40 [ 60.990610][ T5016] asm_exc_invalid_op+0x1a/0x20 [ 60.995473][ T5016] RIP: 0010:__btrfs_free_extent+0x19ea/0x2c30 [ 61.001560][ T5016] Code: 00 e8 4a 1b 1a fe 0f 1f 44 00 00 bb 01 00 00 00 e9 f5 f7 ff ff e8 36 1b 1a fe 8b 74 24 58 48 c7 c7 40 f3 b4 8a e8 86 dc e0 fd <0f> 0b e9 eb f0 ff ff e8 1a 1b 1a fe 48 8b 54 24 30 48 b8 00 00 00 [ 61.021179][ T5016] RSP: 0018:ffffc900033fefe8 EFLAGS: 00010282 [ 61.027257][ T5016] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 61.035236][ T5016] RDX: ffff88802bbec1c0 RSI: ffffffff814be3c6 RDI: 0000000000000001 [ 61.043568][ T5016] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 61.051719][ T5016] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880241e6840 [ 61.059781][ T5016] R13: ffff8880763be6b8 R14: 00000000ffffffe4 R15: 0000000000520000 [ 61.067762][ T5016] ? __warn_printk+0x1a6/0x350 [ 61.072567][ T5016] ? __btrfs_free_extent+0x19ea/0x2c30 [ 61.078046][ T5016] ? lookup_extent_backref+0x110/0x110 [ 61.083532][ T5016] ? __btrfs_run_delayed_refs+0x60b/0x3b80 [ 61.089352][ T5016] ? reacquire_held_locks+0x4b0/0x4b0 [ 61.094750][ T5016] ? _raw_read_unlock+0x28/0x40 [ 61.099623][ T5016] ? btrfs_merge_delayed_refs+0x47e/0x570 [ 61.105361][ T5016] __btrfs_run_delayed_refs+0xd3d/0x3b80 [ 61.111109][ T5016] ? check_ref_cleanup+0x3e0/0x3e0 [ 61.116264][ T5016] ? lock_sync+0x190/0x190 [ 61.120695][ T5016] btrfs_run_delayed_refs+0x1a1/0x510 [ 61.126082][ T5016] btrfs_commit_transaction+0x81a/0x3fd0 [ 61.131729][ T5016] ? create_pending_snapshots+0x2d0/0x2d0 [ 61.137459][ T5016] ? start_transaction+0x2a5/0x14d0 [ 61.142667][ T5016] btrfs_sync_file+0xfa1/0x1310 [ 61.147544][ T5016] ? start_ordered_ops.constprop.0+0x100/0x100 [ 61.153739][ T5016] ? find_held_lock+0x2d/0x110 [ 61.158689][ T5016] ? reacquire_held_locks+0x4b0/0x4b0 [ 61.164075][ T5016] ? do_raw_spin_lock+0x12e/0x2b0 [ 61.169118][ T5016] ? start_ordered_ops.constprop.0+0x100/0x100 [ 61.175296][ T5016] vfs_fsync_range+0x141/0x220 [ 61.180072][ T5016] btrfs_do_write_iter+0x5ea/0x11a0 [ 61.185290][ T5016] ? btrfs_fdatawrite_range+0x110/0x110 [ 61.191031][ T5016] ? preempt_count_sub+0x150/0x150 [ 61.196162][ T5016] do_iter_readv_writev+0x21e/0x3c0 [ 61.201386][ T5016] ? generic_copy_file_range+0x1d0/0x1d0 [ 61.207053][ T5016] ? avc_policy_seqno+0x9/0x10 [ 61.211837][ T5016] ? selinux_file_permission+0x126/0x590 [ 61.217582][ T5016] ? security_file_permission+0x94/0x100 [ 61.223226][ T5016] do_iter_write+0x17f/0x830 [ 61.227842][ T5016] vfs_iter_write+0x7a/0xb0 [ 61.232365][ T5016] iter_file_splice_write+0x698/0xbf0 [ 61.237761][ T5016] ? splice_from_pipe_next+0x5d0/0x5d0 [ 61.243330][ T5016] ? warn_unsupported+0xc0/0xc0 [ 61.248195][ T5016] ? security_file_permission+0xdc/0x100 [ 61.253931][ T5016] ? splice_from_pipe_next+0x5d0/0x5d0 [ 61.259402][ T5016] direct_splice_actor+0x118/0x180 [ 61.264698][ T5016] splice_direct_to_actor+0x347/0xa30 [ 61.270080][ T5016] ? folio_flags.constprop.0+0x150/0x150 [ 61.275811][ T5016] ? vfs_splice_read+0x3b0/0x3b0 [ 61.280769][ T5016] ? security_file_permission+0x94/0x100 [ 61.286413][ T5016] do_splice_direct+0x1af/0x280 [ 61.291274][ T5016] ? splice_direct_to_actor+0xa30/0xa30 [ 61.296832][ T5016] ? propagate_umount+0x1af0/0x1af0 [ 61.302043][ T5016] do_sendfile+0xb88/0x1390 [ 61.306573][ T5016] ? vfs_iocb_iter_write+0x4c0/0x4c0 [ 61.311966][ T5016] ? ptrace_notify+0xf4/0x130 [ 61.316651][ T5016] ? reacquire_held_locks+0x4b0/0x4b0 [ 61.322046][ T5016] __x64_sys_sendfile64+0x1d6/0x220 [ 61.327321][ T5016] ? __ia32_sys_sendfile+0x220/0x220 [ 61.332640][ T5016] ? lockdep_hardirqs_on+0x7d/0x100 [ 61.337854][ T5016] ? _raw_spin_unlock_irq+0x2e/0x50 [ 61.344112][ T5016] ? ptrace_notify+0xf4/0x130 [ 61.348797][ T5016] do_syscall_64+0x38/0xb0 [ 61.353233][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.359167][ T5016] RIP: 0033:0x7f0ca0723789 [ 61.363588][ T5016] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 61.383211][ T5016] RSP: 002b:00007f0ca06e0218 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 61.391817][ T5016] RAX: ffffffffffffffda RBX: 00007f0ca07af608 RCX: 00007f0ca0723789 [ 61.400060][ T5016] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 61.408125][ T5016] RBP: 00007f0ca07af600 R08: 0000000000000000 R09: 0000000000000000 [ 61.416158][ T5016] R10: 000000000880000c R11: 0000000000000246 R12: 00007f0ca077c66c [ 61.424139][ T5016] R13: 0000000020000600 R14: 00007f0ca07770c0 R15: 0030656c69662f2e [ 61.432142][ T5016] [ 61.435403][ T5016] Kernel Offset: disabled [ 61.439819][ T5016] Rebooting in 86400 seconds..