./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4153209382 <...> Warning: Permanently added '10.128.0.22' (ED25519) to the list of known hosts. execve("./syz-executor4153209382", ["./syz-executor4153209382"], 0x7ffc22f5ae70 /* 10 vars */) = 0 brk(NULL) = 0x55555560d000 brk(0x55555560dd00) = 0x55555560dd00 arch_prctl(ARCH_SET_FS, 0x55555560d380) = 0 set_tid_address(0x55555560d650) = 5213 set_robust_list(0x55555560d660, 24) = 0 rseq(0x55555560dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4153209382", 4096) = 28 getrandom("\xa7\xe4\x97\x34\x2b\x31\xec\xae", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555560dd00 brk(0x55555562ed00) = 0x55555562ed00 brk(0x55555562f000) = 0x55555562f000 mprotect(0x7fd3a22d0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.ciUS0n", 0700) = 0 chmod("./syzkaller.ciUS0n", 0777) = 0 chdir("./syzkaller.ciUS0n") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5215 attached , child_tidptr=0x55555560d650) = 5215 [pid 5215] set_robust_list(0x55555560d660, 24) = 0 [pid 5215] chdir("./0") = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3executing program ) = 0 [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5215] write(1, "executing program\n", 18) = 18 [pid 5215] memfd_create("syzkaller", 0) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd399e00000 [pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5215] munmap(0x7fd399e00000, 138412032) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] close(4) = 0 [pid 5215] mkdir("./file0", 0777) = 0 [ 75.551883][ T5215] loop0: detected capacity change from 0 to 32768 [ 75.577053][ T5215] BTRFS: device fsid 92aec1fe-fee8-4e05-92dc-790b47b871d9 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor415 (5215) [ 75.608567][ T5215] BTRFS info (device loop0): first mount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9 [ 75.619130][ T5215] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 75.629219][ T5215] BTRFS info (device loop0): using free-space-tree [pid 5215] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./file0") = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_CLR_FD) = 0 [pid 5215] close(4) = 0 [pid 5215] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5215] openat(AT_FDCWD, "memory.events", O_WRONLY|O_TRUNC|O_NONBLOCK|O_DSYNC|O_DIRECT|FASYNC|0x4) = 5 [pid 5215] write(5, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6d\x65\x6d\x6f\x72\x79\x2e\x65\x76\x65\x6e\x74\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1581056) = 1581056 [pid 5215] exit_group(0) = ? [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555560e6f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 75.887603][ T5213] BTRFS info (device loop0): last unmount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555616730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555616730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55555560e6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5234 attached , child_tidptr=0x55555560d650) = 5234 [pid 5234] set_robust_list(0x55555560d660, 24) = 0 [pid 5234] chdir("./1") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5234] write(1, "executing program\n", 18) = 18 [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd399e00000 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5234] munmap(0x7fd399e00000, 138412032) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] close(4) = 0 [pid 5234] mkdir("./file0", 0777) = 0 [ 76.281934][ T5234] loop0: detected capacity change from 0 to 32768 [ 76.316562][ T5234] BTRFS: device fsid 92aec1fe-fee8-4e05-92dc-790b47b871d9 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor415 (5234) [ 76.337205][ T5234] BTRFS info (device loop0): first mount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9 [ 76.348587][ T5234] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 76.357914][ T5234] BTRFS info (device loop0): using free-space-tree [pid 5234] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5234] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./file0") = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_CLR_FD) = 0 [pid 5234] close(4) = 0 [pid 5234] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5234] openat(AT_FDCWD, "memory.events", O_WRONLY|O_TRUNC|O_NONBLOCK|O_DSYNC|O_DIRECT|FASYNC|0x4) = 5 [ 76.496545][ T5234] [ 76.498914][ T5234] ===================================== [ 76.504459][ T5234] WARNING: bad unlock balance detected! [ 76.510098][ T5234] 6.11.0-rc1-syzkaller-00062-ge4fc196f5ba3 #0 Not tainted [ 76.517187][ T5234] ------------------------------------- [ 76.522708][ T5234] syz-executor415/5234 is trying to release lock (&sb->s_type->i_mutex_key) at: [ 76.531718][ T5234] [] btrfs_direct_write+0x91f/0xb40 [ 76.538493][ T5234] but there are no more locks to release! [ 76.544185][ T5234] [ 76.544185][ T5234] other info that might help us debug this: [ 76.552222][ T5234] 1 lock held by syz-executor415/5234: [ 76.557657][ T5234] #0: ffff88802b62c420 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 [ 76.566522][ T5234] [ 76.566522][ T5234] stack backtrace: [ 76.572403][ T5234] CPU: 0 UID: 0 PID: 5234 Comm: syz-executor415 Not tainted 6.11.0-rc1-syzkaller-00062-ge4fc196f5ba3 #0 [ 76.583500][ T5234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 76.593544][ T5234] Call Trace: [ 76.596810][ T5234] [ 76.599730][ T5234] dump_stack_lvl+0x241/0x360 [ 76.604407][ T5234] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.609592][ T5234] ? __pfx__printk+0x10/0x10 [ 76.614183][ T5234] ? btrfs_direct_write+0x91f/0xb40 [ 76.619387][ T5234] print_unlock_imbalance_bug+0x256/0x2c0 [ 76.625106][ T5234] ? __kernel_text_address+0xd/0x40 [ 76.630300][ T5234] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.636363][ T5234] ? __pfx_print_unlock_imbalance_bug+0x10/0x10 [ 76.642596][ T5234] ? arch_stack_walk+0x16d/0x1b0 [ 76.647555][ T5234] lock_release+0x5cb/0xa30 [ 76.652053][ T5234] ? mark_lock+0x9a/0x350 [ 76.656370][ T5234] ? btrfs_direct_write+0x91f/0xb40 [ 76.661553][ T5234] ? __pfx_lock_release+0x10/0x10 [ 76.666561][ T5234] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 76.672536][ T5234] ? kasan_quarantine_put+0xdc/0x230 [ 76.677809][ T5234] up_write+0x79/0x590 [ 76.681871][ T5234] ? iomap_dio_complete+0x6a9/0x960 [ 76.687072][ T5234] ? kfree+0x149/0x360 [ 76.691145][ T5234] ? __pfx_up_write+0x10/0x10 [ 76.695813][ T5234] ? iomap_dio_complete+0x6a9/0x960 [ 76.701007][ T5234] btrfs_direct_write+0x91f/0xb40 [ 76.706026][ T5234] ? __pfx_btrfs_direct_write+0x10/0x10 [ 76.711567][ T5234] ? __pfx_lock_acquire+0x10/0x10 [ 76.716588][ T5234] btrfs_do_write_iter+0x2a1/0x760 [ 76.721698][ T5234] ? rcu_read_lock_any_held+0xb7/0x160 [ 76.727151][ T5234] ? __pfx_btrfs_do_write_iter+0x10/0x10 [ 76.732776][ T5234] vfs_write+0xa72/0xc90 [ 76.737010][ T5234] ? __pfx_btrfs_file_write_iter+0x10/0x10 [ 76.742808][ T5234] ? __pfx_vfs_write+0x10/0x10 [ 76.747560][ T5234] ? lockdep_hardirqs_on+0x99/0x150 [ 76.752748][ T5234] ksys_write+0x1a0/0x2c0 [ 76.757067][ T5234] ? __pfx_ksys_write+0x10/0x10 [ 76.761902][ T5234] ? exc_page_fault+0x590/0x8c0 [ 76.766739][ T5234] do_syscall_64+0xf3/0x230 [ 76.771230][ T5234] ? clear_bhb_loop+0x35/0x90 [ 76.775898][ T5234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.781788][ T5234] RIP: 0033:0x7fd3a2257169 [ 76.786192][ T5234] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 76.805782][ T5234] RSP: 002b:00007ffdab477838 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 76.814194][ T5234] RAX: ffffffffffffffda RBX: 0073746e6576652e RCX: 00007fd3a2257169 [ 76.822160][ T5234] RDX: 0000000000182000 RSI: 0000000020000000 RDI: 0000000000000005 [ 76.830127][ T5234] RBP: 652e79726f6d656d R08: 0000000000000000 R09: 0000000000000000 [ 76.838084][ T5234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdab477880 [ 76.846040][ T5234] R13: 00007ffdab4778c0 R14: 0000000001000000 R15: 0000000000000003 [ 76.854000][ T5234] [ 76.857973][ T5234] ------------[ cut here ]------------ [ 76.863495][ T5234] DEBUG_RWSEMS_WARN_ON((rwsem_owner(sem) != current) && !rwsem_test_oflags(sem, RWSEM_NONSPINNABLE)): count = 0x0, magic = 0xffff88806c231e70, owner = 0x0, curr 0xffff88802a4c8000, list empty [ 76.887771][ T5234] WARNING: CPU: 0 PID: 5234 at kernel/locking/rwsem.c:1370 up_write+0x502/0x590 [ 76.896867][ T5234] Modules linked in: [ 76.900806][ T5234] CPU: 0 UID: 0 PID: 5234 Comm: syz-executor415 Not tainted 6.11.0-rc1-syzkaller-00062-ge4fc196f5ba3 #0 [ 76.911924][ T5234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 76.921988][ T5234] RIP: 0010:up_write+0x502/0x590 [ 76.926930][ T5234] Code: c7 c7 a0 c8 ea 8b 48 c7 c6 20 cb ea 8b 48 8b 54 24 28 48 8b 4c 24 18 4d 89 e0 4c 8b 4c 24 30 53 e8 d3 9c e6 ff 48 83 c4 08 90 <0f> 0b 90 90 e9 6a fd ff ff 48 c7 c1 00 a9 f6 8f 80 e1 07 80 c1 03 [ 76.929096][ T58] cfg80211: failed to load regulatory.db [ 76.946664][ T5234] RSP: 0018:ffffc90003617920 EFLAGS: 00010292 [ 76.958355][ T5234] RAX: bdd8e33238706500 RBX: ffffffff8beac980 RCX: ffff88802a4c8000 [ 76.966332][ T5234] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 76.974428][ T5234] RBP: ffffc900036179f0 R08: ffffffff81559202 R09: fffffbfff1cb9f80 [ 76.982499][ T5234] R10: dffffc0000000000 R11: fffffbfff1cb9f80 R12: 0000000000000000 [ 76.990494][ T5234] R13: ffff88806c231e70 R14: 1ffff920006c2f2c R15: dffffc0000000000 [ 76.998485][ T5234] FS: 000055555560d380(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 77.007502][ T5234] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.014105][ T5234] CR2: 000055b06c84a018 CR3: 000000006bfc0000 CR4: 00000000003506f0 [ 77.022109][ T5234] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 77.030116][ T5234] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.038094][ T5234] Call Trace: [ 77.041396][ T5234] [ 77.044328][ T5234] ? __warn+0x163/0x4e0 [ 77.048504][ T5234] ? up_write+0x502/0x590 [ 77.052837][ T5234] ? report_bug+0x2b3/0x500 [ 77.057336][ T5234] ? up_write+0x502/0x590 [ 77.061684][ T5234] ? handle_bug+0x3e/0x70 [ 77.066018][ T5234] ? exc_invalid_op+0x1a/0x50 [ 77.070710][ T5234] ? asm_exc_invalid_op+0x1a/0x20 [ 77.075736][ T5234] ? __warn_printk+0x292/0x360 [ 77.080523][ T5234] ? up_write+0x502/0x590 [ 77.084852][ T5234] ? __pfx_up_write+0x10/0x10 [ 77.089541][ T5234] ? iomap_dio_complete+0x6a9/0x960 [ 77.094739][ T5234] btrfs_direct_write+0x91f/0xb40 [ 77.099781][ T5234] ? __pfx_btrfs_direct_write+0x10/0x10 [ 77.105328][ T5234] ? __pfx_lock_acquire+0x10/0x10 [ 77.110363][ T5234] btrfs_do_write_iter+0x2a1/0x760 [ 77.115479][ T5234] ? rcu_read_lock_any_held+0xb7/0x160 [ 77.120951][ T5234] ? __pfx_btrfs_do_write_iter+0x10/0x10 [ 77.126586][ T5234] vfs_write+0xa72/0xc90 [ 77.130835][ T5234] ? __pfx_btrfs_file_write_iter+0x10/0x10 [ 77.136643][ T5234] ? __pfx_vfs_write+0x10/0x10 [ 77.141431][ T5234] ? lockdep_hardirqs_on+0x99/0x150 [ 77.146636][ T5234] ksys_write+0x1a0/0x2c0 [ 77.150995][ T5234] ? __pfx_ksys_write+0x10/0x10 [ 77.155845][ T5234] ? exc_page_fault+0x590/0x8c0 [ 77.160717][ T5234] do_syscall_64+0xf3/0x230 [ 77.165221][ T5234] ? clear_bhb_loop+0x35/0x90 [ 77.169910][ T5234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.175803][ T5234] RIP: 0033:0x7fd3a2257169 [ 77.180223][ T5234] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 77.199847][ T5234] RSP: 002b:00007ffdab477838 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 77.208366][ T5234] RAX: ffffffffffffffda RBX: 0073746e6576652e RCX: 00007fd3a2257169 [ 77.216337][ T5234] RDX: 0000000000182000 RSI: 0000000020000000 RDI: 0000000000000005 [ 77.224317][ T5234] RBP: 652e79726f6d656d R08: 0000000000000000 R09: 0000000000000000 [ 77.232297][ T5234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdab477880 [ 77.240275][ T5234] R13: 00007ffdab4778c0 R14: 0000000001000000 R15: 0000000000000003 [ 77.248243][ T5234] [ 77.251274][ T5234] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 77.258548][ T5234] CPU: 0 UID: 0 PID: 5234 Comm: syz-executor415 Not tainted 6.11.0-rc1-syzkaller-00062-ge4fc196f5ba3 #0 [ 77.269634][ T5234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 77.279671][ T5234] Call Trace: [ 77.282939][ T5234] [ 77.285854][ T5234] dump_stack_lvl+0x241/0x360 [ 77.290528][ T5234] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.295720][ T5234] ? __pfx__printk+0x10/0x10 [ 77.300297][ T5234] ? vscnprintf+0x5d/0x90 [ 77.304615][ T5234] panic+0x349/0x860 [ 77.308496][ T5234] ? __warn+0x172/0x4e0 [ 77.312634][ T5234] ? __pfx_panic+0x10/0x10 [ 77.317044][ T5234] __warn+0x346/0x4e0 [ 77.321008][ T5234] ? up_write+0x502/0x590 [ 77.325320][ T5234] report_bug+0x2b3/0x500 [ 77.329633][ T5234] ? up_write+0x502/0x590 [ 77.333949][ T5234] handle_bug+0x3e/0x70 [ 77.338091][ T5234] exc_invalid_op+0x1a/0x50 [ 77.342583][ T5234] asm_exc_invalid_op+0x1a/0x20 [ 77.347420][ T5234] RIP: 0010:up_write+0x502/0x590 [ 77.352341][ T5234] Code: c7 c7 a0 c8 ea 8b 48 c7 c6 20 cb ea 8b 48 8b 54 24 28 48 8b 4c 24 18 4d 89 e0 4c 8b 4c 24 30 53 e8 d3 9c e6 ff 48 83 c4 08 90 <0f> 0b 90 90 e9 6a fd ff ff 48 c7 c1 00 a9 f6 8f 80 e1 07 80 c1 03 [ 77.371929][ T5234] RSP: 0018:ffffc90003617920 EFLAGS: 00010292 [ 77.377980][ T5234] RAX: bdd8e33238706500 RBX: ffffffff8beac980 RCX: ffff88802a4c8000 [ 77.385933][ T5234] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 77.393885][ T5234] RBP: ffffc900036179f0 R08: ffffffff81559202 R09: fffffbfff1cb9f80 [ 77.401838][ T5234] R10: dffffc0000000000 R11: fffffbfff1cb9f80 R12: 0000000000000000 [ 77.409793][ T5234] R13: ffff88806c231e70 R14: 1ffff920006c2f2c R15: dffffc0000000000 [ 77.417751][ T5234] ? __warn_printk+0x292/0x360 [ 77.422505][ T5234] ? __pfx_up_write+0x10/0x10 [ 77.427164][ T5234] ? iomap_dio_complete+0x6a9/0x960 [ 77.432351][ T5234] btrfs_direct_write+0x91f/0xb40 [ 77.437366][ T5234] ? __pfx_btrfs_direct_write+0x10/0x10 [ 77.442902][ T5234] ? __pfx_lock_acquire+0x10/0x10 [ 77.447914][ T5234] btrfs_do_write_iter+0x2a1/0x760 [ 77.453014][ T5234] ? rcu_read_lock_any_held+0xb7/0x160 [ 77.458462][ T5234] ? __pfx_btrfs_do_write_iter+0x10/0x10 [ 77.464083][ T5234] vfs_write+0xa72/0xc90 [ 77.468313][ T5234] ? __pfx_btrfs_file_write_iter+0x10/0x10 [ 77.474115][ T5234] ? __pfx_vfs_write+0x10/0x10 [ 77.478864][ T5234] ? lockdep_hardirqs_on+0x99/0x150 [ 77.484053][ T5234] ksys_write+0x1a0/0x2c0 [ 77.488367][ T5234] ? __pfx_ksys_write+0x10/0x10 [ 77.493201][ T5234] ? exc_page_fault+0x590/0x8c0 [ 77.498040][ T5234] do_syscall_64+0xf3/0x230 [ 77.502529][ T5234] ? clear_bhb_loop+0x35/0x90 [ 77.507194][ T5234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.513083][ T5234] RIP: 0033:0x7fd3a2257169 [ 77.517571][ T5234] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 77.537157][ T5234] RSP: 002b:00007ffdab477838 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 77.545553][ T5234] RAX: ffffffffffffffda RBX: 0073746e6576652e RCX: 00007fd3a2257169 [ 77.553508][ T5234] RDX: 0000000000182000 RSI: 0000000020000000 RDI: 0000000000000005 [ 77.561461][ T5234] RBP: 652e79726f6d656d R08: 0000000000000000 R09: 0000000000000000 [ 77.569415][ T5234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdab477880 [ 77.577367][ T5234] R13: 00007ffdab4778c0 R14: 0000000001000000 R15: 0000000000000003 [ 77.585332][ T5234] [ 77.588553][ T5234] Kernel Offset: disabled [ 77.592862][ T5234] Rebooting in 86400 seconds..