Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.106' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.648348] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 [ 27.664149] BTRFS info (device loop0): enabling inode map caching [ 27.674312] BTRFS info (device loop0): trying to use backup root at mount time [ 27.681689] BTRFS info (device loop0): use zlib compression [ 27.688426] BTRFS info (device loop0): enabling ssd optimizations [ 27.695122] BTRFS info (device loop0): using spread ssd allocation scheme [ 27.702040] BTRFS info (device loop0): using free space tree [ 27.708080] BTRFS info (device loop0): has skinny extents [ 27.734978] FAULT_INJECTION: forcing a failure. [ 27.734978] name failslab, interval 1, probability 0, space 0, times 1 [ 27.752259] CPU: 0 PID: 7985 Comm: syz-executor224 Not tainted 4.14.305-syzkaller #0 [ 27.760152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 27.769483] Call Trace: [ 27.772047] dump_stack+0x1b2/0x281 [ 27.775651] should_fail.cold+0x10a/0x149 [ 27.779774] should_failslab+0xd6/0x130 [ 27.783724] __kmalloc+0x2c1/0x400 [ 27.787241] ? btrfs_rmap_block+0x18c/0x750 [ 27.791550] ? get_chunk_map+0xb6/0x130 [ 27.795509] btrfs_rmap_block+0x18c/0x750 [ 27.799639] exclude_super_stripes+0x102/0x480 [ 27.804209] ? update_block_group_flags+0x2d0/0x2d0 [ 27.809217] ? debug_mutex_init+0x28/0x60 [ 27.813341] btrfs_make_block_group+0x288/0x950 [ 27.817985] __btrfs_alloc_chunk+0x1194/0x18e0 [ 27.822548] ? find_free_dev_extent_start+0x7d0/0x7d0 [ 27.827712] ? _raw_read_unlock+0x29/0x40 [ 27.831847] do_chunk_alloc+0x2fa/0x800 [ 27.835802] ? delayed_ref_async_start+0x300/0x300 [ 27.840705] btrfs_alloc_data_chunk_ondemand+0x2de/0xc50 [ 27.846144] btrfs_check_data_free_space+0xc4/0x130 [ 27.851145] btrfs_delalloc_reserve_space+0x2a/0xa0 [ 27.856138] btrfs_truncate_block+0x1c0/0xda0 [ 27.860622] ? btrfs_rmdir+0x5e0/0x5e0 [ 27.864481] ? trace_hardirqs_on+0x10/0x10 [ 27.868703] btrfs_cont_expand+0x15c/0xc70 [ 27.872924] ? btrfs_free_path+0x45/0x60 [ 27.876959] ? check_preemption_disabled+0x35/0x240 [ 27.881950] ? percpu_counter_add_batch+0xf8/0x160 [ 27.886852] ? btrfs_truncate+0x7d0/0x7d0 [ 27.890974] btrfs_setattr+0x407/0x870 [ 27.894837] ? btrfs_cont_expand+0xc70/0xc70 [ 27.899221] notify_change+0x56b/0xd10 [ 27.903084] do_truncate+0xff/0x1a0 [ 27.906682] ? finish_open+0x170/0x170 [ 27.910559] ? apparmor_path_truncate+0x163/0x1d0 [ 27.915399] do_sys_ftruncate.constprop.0+0x3a3/0x480 [ 27.920561] ? compat_SyS_truncate+0x40/0x40 [ 27.924946] do_syscall_64+0x1d5/0x640 [ 27.928809] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.933971] RIP: 0033:0x7fbe9e35d109 [ 27.937654] RSP: 002b:00007ffd39821388 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 27.945332] RAX: ffffffffffffffda RBX: 00007ffd398213c8 RCX: 00007fbe9e35d109 [ 27.952582] RDX: 0000000000000390 RSI: 0000000002007ffb RDI: 0000000000000004 [ 27.959829] RBP: 00007ffd39821390 R08: 0000000000000002 R09: 0000000000003131 [ 27.967074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 27.974317] R13: 00007fbe9e3990e8 R14: 0000000000000000 R15: 0000000000000000 [ 27.992713] ------------[ cut here ]------------ [ 27.997474] kernel BUG at fs/btrfs/volumes.c:5965! [ 28.002409] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 28.007743] Modules linked in: [ 28.010912] CPU: 1 PID: 7985 Comm: syz-executor224 Not tainted 4.14.305-syzkaller #0 [ 28.018763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 28.028087] task: ffff888096ef2340 task.stack: ffff888091a70000 [ 28.034121] RIP: 0010:btrfs_rmap_block+0x61a/0x750 [ 28.039041] RSP: 0018:ffff888091a77650 EFLAGS: 00010297 [ 28.044377] RAX: ffff888096ef2340 RBX: 0000000000000001 RCX: 0000000000000000 [ 28.051620] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000286 [ 28.058880] RBP: ffff888097bc0e80 R08: 0000000000000000 R09: 0000000000000000 [ 28.066122] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000005 [ 28.073364] R13: 0000000000000000 R14: ffff8880b3aa6040 R15: 00000000007e0000 [ 28.080609] FS: 000055555726d3c0(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 28.088825] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.094694] CR2: 000055b8b894f8e0 CR3: 00000000b05bb000 CR4: 00000000003406e0 [ 28.101956] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.109197] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.116453] Call Trace: [ 28.119022] exclude_super_stripes+0x102/0x480 [ 28.123585] ? update_block_group_flags+0x2d0/0x2d0 [ 28.128574] ? debug_mutex_init+0x28/0x60 [ 28.132696] btrfs_make_block_group+0x288/0x950 [ 28.137340] __btrfs_alloc_chunk+0x1194/0x18e0 [ 28.141897] ? find_free_dev_extent_start+0x7d0/0x7d0 [ 28.147066] ? _raw_read_unlock+0x29/0x40 [ 28.151185] do_chunk_alloc+0x2fa/0x800 [ 28.155149] ? delayed_ref_async_start+0x300/0x300 [ 28.160053] btrfs_alloc_data_chunk_ondemand+0x2de/0xc50 [ 28.165479] btrfs_check_data_free_space+0xc4/0x130 [ 28.170472] btrfs_delalloc_reserve_space+0x2a/0xa0 [ 28.175463] btrfs_truncate_block+0x1c0/0xda0 [ 28.179935] ? btrfs_rmdir+0x5e0/0x5e0 [ 28.183794] ? trace_hardirqs_on+0x10/0x10 [ 28.188002] btrfs_cont_expand+0x15c/0xc70 [ 28.192206] ? btrfs_free_path+0x45/0x60 [ 28.196255] ? check_preemption_disabled+0x35/0x240 [ 28.201243] ? percpu_counter_add_batch+0xf8/0x160 [ 28.206144] ? btrfs_truncate+0x7d0/0x7d0 [ 28.210267] btrfs_setattr+0x407/0x870 [ 28.214145] ? btrfs_cont_expand+0xc70/0xc70 [ 28.218526] notify_change+0x56b/0xd10 [ 28.222393] do_truncate+0xff/0x1a0 [ 28.225991] ? finish_open+0x170/0x170 [ 28.229852] ? apparmor_path_truncate+0x163/0x1d0 [ 28.234667] do_sys_ftruncate.constprop.0+0x3a3/0x480 [ 28.239858] ? compat_SyS_truncate+0x40/0x40 [ 28.244260] do_syscall_64+0x1d5/0x640 [ 28.248135] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.253312] RIP: 0033:0x7fbe9e35d109 [ 28.256997] RSP: 002b:00007ffd39821388 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 28.264676] RAX: ffffffffffffffda RBX: 00007ffd398213c8 RCX: 00007fbe9e35d109 [ 28.271916] RDX: 0000000000000390 RSI: 0000000002007ffb RDI: 0000000000000004 [ 28.279173] RBP: 00007ffd39821390 R08: 0000000000000002 R09: 0000000000003131 [ 28.286433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 28.293672] R13: 00007fbe9e3990e8 R14: 0000000000000000 R15: 0000000000000000 [ 28.300916] Code: 0f af 64 24 38 4c 89 64 24 38 e9 5f fb ff ff e8 4d e0 ad fe 0f 0b e9 7e fd ff ff 41 bc fb ff ff ff e9 d9 fe ff ff e8 36 e0 ad fe <0f> 0b e8 2f e0 ad fe 44 8d 63 fe 48 8b 44 24 20 44 89 e1 31 d2 [ 28.319989] RIP: btrfs_rmap_block+0x61a/0x750 RSP: ffff888091a77650 [ 28.327603] ---[ end trace 232f6eecee309a2e ]--- [ 28.332392] Kernel panic - not syncing: Fatal exception [ 28.337955] Kernel Offset: disabled [ 28.341562] Rebooting in 86400 seconds..