./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3344323843

<...>
Warning: Permanently added '10.128.0.170' (ED25519) to the list of known hosts.
execve("./syz-executor3344323843", ["./syz-executor3344323843"], 0x7ffc8e4d9410 /* 10 vars */) = 0
brk(NULL)                               = 0x555586938000
brk(0x555586938d00)                     = 0x555586938d00
arch_prctl(ARCH_SET_FS, 0x555586938380) = 0
set_tid_address(0x555586938650)         = 5214
set_robust_list(0x555586938660, 24)     = 0
rseq(0x555586938ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3344323843", 4096) = 28
getrandom("\x60\x55\xd0\x86\xa8\x41\xfe\x6b", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555586938d00
brk(0x555586959d00)                     = 0x555586959d00
brk(0x55558695a000)                     = 0x55558695a000
mprotect(0x7f5b6c491000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.OTl17I", 0700)       = 0
chmod("./syzkaller.OTl17I", 0777)       = 0
chdir("./syzkaller.OTl17I")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5215 attached
, child_tidptr=0x555586938650) = 5215
[pid  5215] set_robust_list(0x555586938660, 24) = 0
[pid  5215] chdir("./0")                = 0
[pid  5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5215] setpgid(0, 0)               = 0
[pid  5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5215] write(3, "1000", 4)         = 4
[pid  5215] close(3)                    = 0
[pid  5215] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5215] write(1, "executing program\n", 18executing program
) = 18
[pid  5215] memfd_create("syzkaller", 0) = 3
[pid  5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5b63e00000
[pid  5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5215] munmap(0x7f5b63e00000, 138412032) = 0
[pid  5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5215] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5215] close(3)                    = 0
[pid  5215] close(4)                    = 0
[pid  5215] mkdir("./file0", 0777)      = 0
[   60.256314][ T5215] loop0: detected capacity change from 0 to 32768
[   60.281827][ T5215] BTRFS: device fsid 92aec1fe-fee8-4e05-92dc-790b47b871d9 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor334 (5215)
[   60.312476][ T5215] BTRFS info (device loop0): first mount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9
[   60.323091][ T5215] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   60.332961][ T5215] BTRFS info (device loop0): using free-space-tree
[pid  5215] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  5215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5215] chdir("./file0")            = 0
[pid  5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5215] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5215] close(4)                    = 0
[pid  5215] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5215] openat(AT_FDCWD, "memory.events", O_WRONLY|O_TRUNC|O_NONBLOCK|O_DSYNC|O_DIRECT|FASYNC|0x4) = 5
[   60.501076][ T5215] 
[   60.503445][ T5215] =====================================
[   60.508990][ T5215] WARNING: bad unlock balance detected!
[   60.514542][ T5215] 6.11.0-rc1-syzkaller-00062-ge4fc196f5ba3 #0 Not tainted
[   60.521636][ T5215] -------------------------------------
[   60.527156][ T5215] syz-executor334/5215 is trying to release lock (&sb->s_type->i_mutex_key) at:
[   60.536186][ T5215] [<ffffffff83d47c3f>] btrfs_direct_write+0x91f/0xb40
[   60.542958][ T5215] but there are no more locks to release!
[   60.548666][ T5215] 
[   60.548666][ T5215] other info that might help us debug this:
[   60.556727][ T5215] 1 lock held by syz-executor334/5215:
[   60.562176][ T5215]  #0: ffff888025b4c420 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x227/0xc90
[   60.571054][ T5215] 
[   60.571054][ T5215] stack backtrace:
[   60.576935][ T5215] CPU: 0 UID: 0 PID: 5215 Comm: syz-executor334 Not tainted 6.11.0-rc1-syzkaller-00062-ge4fc196f5ba3 #0
[   60.588037][ T5215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   60.598082][ T5215] Call Trace:
[   60.601347][ T5215]  <TASK>
[   60.604263][ T5215]  dump_stack_lvl+0x241/0x360
[   60.608940][ T5215]  ? __pfx_dump_stack_lvl+0x10/0x10
[   60.614128][ T5215]  ? __pfx__printk+0x10/0x10
[   60.618708][ T5215]  ? btrfs_direct_write+0x91f/0xb40
[   60.623892][ T5215]  print_unlock_imbalance_bug+0x256/0x2c0
[   60.629601][ T5215]  ? __pfx_print_unlock_imbalance_bug+0x10/0x10
[   60.635919][ T5215]  lock_release+0x5cb/0xa30
[   60.640540][ T5215]  ? mark_lock+0x9a/0x350
[   60.644867][ T5215]  ? btrfs_direct_write+0x91f/0xb40
[   60.650060][ T5215]  ? __pfx_lock_release+0x10/0x10
[   60.655077][ T5215]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.661056][ T5215]  ? kasan_quarantine_put+0xdc/0x230
[   60.666336][ T5215]  up_write+0x79/0x590
[   60.670401][ T5215]  ? iomap_dio_complete+0x6a9/0x960
[   60.675590][ T5215]  ? kfree+0x149/0x360
[   60.679657][ T5215]  ? __pfx_up_write+0x10/0x10
[   60.684319][ T5215]  ? iomap_dio_complete+0x6a9/0x960
[   60.689506][ T5215]  btrfs_direct_write+0x91f/0xb40
[   60.694524][ T5215]  ? __pfx_btrfs_direct_write+0x10/0x10
[   60.700061][ T5215]  ? __pfx_lock_acquire+0x10/0x10
[   60.705074][ T5215]  btrfs_do_write_iter+0x2a1/0x760
[   60.710181][ T5215]  ? rcu_read_lock_any_held+0xb7/0x160
[   60.715634][ T5215]  ? __pfx_btrfs_do_write_iter+0x10/0x10
[   60.721264][ T5215]  vfs_write+0xa72/0xc90
[   60.725493][ T5215]  ? __pfx_btrfs_file_write_iter+0x10/0x10
[   60.731287][ T5215]  ? __pfx_vfs_write+0x10/0x10
[   60.736057][ T5215]  ? lockdep_hardirqs_on+0x99/0x150
[   60.741260][ T5215]  ksys_write+0x1a0/0x2c0
[   60.745583][ T5215]  ? __pfx_ksys_write+0x10/0x10
[   60.750422][ T5215]  ? exc_page_fault+0x590/0x8c0
[   60.755264][ T5215]  do_syscall_64+0xf3/0x230
[   60.759776][ T5215]  ? clear_bhb_loop+0x35/0x90
[   60.764471][ T5215]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.770377][ T5215] RIP: 0033:0x7f5b6c418169
[   60.774790][ T5215] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   60.794388][ T5215] RSP: 002b:00007ffdb1dc3c98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   60.802792][ T5215] RAX: ffffffffffffffda RBX: 0073746e6576652e RCX: 00007f5b6c418169
[   60.810775][ T5215] RDX: 0000000000182000 RSI: 0000000020000000 RDI: 0000000000000005
[   60.818731][ T5215] RBP: 652e79726f6d656d R08: 0000000000000000 R09: 0000000000000000
[   60.826688][ T5215] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb1dc3ce0
[   60.834643][ T5215] R13: 00007ffdb1dc3d20 R14: 0000000001000000 R15: 0000000000000003
[   60.842604][ T5215]  </TASK>
[   60.846575][ T5215] ------------[ cut here ]------------
[   60.852099][ T5215] DEBUG_RWSEMS_WARN_ON((rwsem_owner(sem) != current) && !rwsem_test_oflags(sem, RWSEM_NONSPINNABLE)): count = 0x0, magic = 0xffff888075c915c8, owner = 0x0, curr 0xffff888025265a00, list empty
[   60.876593][ T5215] WARNING: CPU: 0 PID: 5215 at kernel/locking/rwsem.c:1370 up_write+0x502/0x590
[   60.885754][ T5215] Modules linked in:
[   60.889707][ T5215] CPU: 0 UID: 0 PID: 5215 Comm: syz-executor334 Not tainted 6.11.0-rc1-syzkaller-00062-ge4fc196f5ba3 #0
[   60.900851][ T5215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   60.910937][ T5215] RIP: 0010:up_write+0x502/0x590
[   60.915867][ T5215] Code: c7 c7 a0 c8 ea 8b 48 c7 c6 20 cb ea 8b 48 8b 54 24 28 48 8b 4c 24 18 4d 89 e0 4c 8b 4c 24 30 53 e8 d3 9c e6 ff 48 83 c4 08 90 <0f> 0b 90 90 e9 6a fd ff ff 48 c7 c1 00 a9 f6 8f 80 e1 07 80 c1 03
[   60.935493][ T5215] RSP: 0018:ffffc90003507920 EFLAGS: 00010292
[   60.941575][ T5215] RAX: 889b6823d8081400 RBX: ffffffff8beac980 RCX: ffff888025265a00
[   60.949591][ T5215] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   60.957592][ T5215] RBP: ffffc900035079f0 R08: ffffffff81559202 R09: fffffbfff1cb9f80
[   60.965562][ T5215] R10: dffffc0000000000 R11: fffffbfff1cb9f80 R12: 0000000000000000
[   60.973821][ T5215] R13: ffff888075c915c8 R14: 1ffff920006a0f2c R15: dffffc0000000000
[   60.981861][ T5215] FS:  0000555586938380(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
[   60.990842][ T5215] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   60.997455][ T5215] CR2: 00007ffe3488bd28 CR3: 000000002503c000 CR4: 00000000003506f0
[   61.005430][ T5215] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   61.013448][ T5215] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   61.021439][ T5215] Call Trace:
[   61.024701][ T5215]  <TASK>
[   61.027652][ T5215]  ? __warn+0x163/0x4e0
[   61.031809][ T5215]  ? up_write+0x502/0x590
[   61.036146][ T5215]  ? report_bug+0x2b3/0x500
[   61.040666][ T5215]  ? up_write+0x502/0x590
[   61.044994][ T5215]  ? handle_bug+0x3e/0x70
[   61.049354][ T5215]  ? exc_invalid_op+0x1a/0x50
[   61.054033][ T5215]  ? asm_exc_invalid_op+0x1a/0x20
[   61.059166][ T5215]  ? __warn_printk+0x292/0x360
[   61.063928][ T5215]  ? up_write+0x502/0x590
[   61.068291][ T5215]  ? __pfx_up_write+0x10/0x10
[   61.072964][ T5215]  ? iomap_dio_complete+0x6a9/0x960
[   61.078191][ T5215]  btrfs_direct_write+0x91f/0xb40
[   61.083218][ T5215]  ? __pfx_btrfs_direct_write+0x10/0x10
[   61.088798][ T5215]  ? __pfx_lock_acquire+0x10/0x10
[   61.093830][ T5215]  btrfs_do_write_iter+0x2a1/0x760
[   61.098964][ T5215]  ? rcu_read_lock_any_held+0xb7/0x160
[   61.104432][ T5215]  ? __pfx_btrfs_do_write_iter+0x10/0x10
[   61.110102][ T5215]  vfs_write+0xa72/0xc90
[   61.114342][ T5215]  ? __pfx_btrfs_file_write_iter+0x10/0x10
[   61.120177][ T5215]  ? __pfx_vfs_write+0x10/0x10
[   61.124948][ T5215]  ? lockdep_hardirqs_on+0x99/0x150
[   61.130197][ T5215]  ksys_write+0x1a0/0x2c0
[   61.134526][ T5215]  ? __pfx_ksys_write+0x10/0x10
[   61.139401][ T5215]  ? exc_page_fault+0x590/0x8c0
[   61.144254][ T5215]  do_syscall_64+0xf3/0x230
[   61.148787][ T5215]  ? clear_bhb_loop+0x35/0x90
[   61.153472][ T5215]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.159384][ T5215] RIP: 0033:0x7f5b6c418169
[   61.163799][ T5215] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   61.183440][ T5215] RSP: 002b:00007ffdb1dc3c98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   61.191877][ T5215] RAX: ffffffffffffffda RBX: 0073746e6576652e RCX: 00007f5b6c418169
[   61.199877][ T5215] RDX: 0000000000182000 RSI: 0000000020000000 RDI: 0000000000000005
[   61.207979][ T5215] RBP: 652e79726f6d656d R08: 0000000000000000 R09: 0000000000000000
[   61.215946][ T5215] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb1dc3ce0
[   61.223956][ T5215] R13: 00007ffdb1dc3d20 R14: 0000000001000000 R15: 0000000000000003
[   61.231960][ T5215]  </TASK>
[   61.234967][ T5215] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   61.242227][ T5215] CPU: 0 UID: 0 PID: 5215 Comm: syz-executor334 Not tainted 6.11.0-rc1-syzkaller-00062-ge4fc196f5ba3 #0
[   61.253313][ T5215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[   61.263351][ T5215] Call Trace:
[   61.266615][ T5215]  <TASK>
[   61.269528][ T5215]  dump_stack_lvl+0x241/0x360
[   61.274199][ T5215]  ? __pfx_dump_stack_lvl+0x10/0x10
[   61.279385][ T5215]  ? __pfx__printk+0x10/0x10
[   61.283966][ T5215]  ? vscnprintf+0x5d/0x90
[   61.288288][ T5215]  panic+0x349/0x860
[   61.292177][ T5215]  ? __warn+0x172/0x4e0
[   61.296319][ T5215]  ? __pfx_panic+0x10/0x10
[   61.300729][ T5215]  __warn+0x346/0x4e0
[   61.304700][ T5215]  ? up_write+0x502/0x590
[   61.309016][ T5215]  report_bug+0x2b3/0x500
[   61.313337][ T5215]  ? up_write+0x502/0x590
[   61.317655][ T5215]  handle_bug+0x3e/0x70
[   61.321801][ T5215]  exc_invalid_op+0x1a/0x50
[   61.326293][ T5215]  asm_exc_invalid_op+0x1a/0x20
[   61.331135][ T5215] RIP: 0010:up_write+0x502/0x590
[   61.336057][ T5215] Code: c7 c7 a0 c8 ea 8b 48 c7 c6 20 cb ea 8b 48 8b 54 24 28 48 8b 4c 24 18 4d 89 e0 4c 8b 4c 24 30 53 e8 d3 9c e6 ff 48 83 c4 08 90 <0f> 0b 90 90 e9 6a fd ff ff 48 c7 c1 00 a9 f6 8f 80 e1 07 80 c1 03
[   61.355654][ T5215] RSP: 0018:ffffc90003507920 EFLAGS: 00010292
[   61.361708][ T5215] RAX: 889b6823d8081400 RBX: ffffffff8beac980 RCX: ffff888025265a00
[   61.369666][ T5215] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   61.377623][ T5215] RBP: ffffc900035079f0 R08: ffffffff81559202 R09: fffffbfff1cb9f80
[   61.385578][ T5215] R10: dffffc0000000000 R11: fffffbfff1cb9f80 R12: 0000000000000000
[   61.393535][ T5215] R13: ffff888075c915c8 R14: 1ffff920006a0f2c R15: dffffc0000000000
[   61.401501][ T5215]  ? __warn_printk+0x292/0x360
[   61.406260][ T5215]  ? __pfx_up_write+0x10/0x10
[   61.410924][ T5215]  ? iomap_dio_complete+0x6a9/0x960
[   61.416112][ T5215]  btrfs_direct_write+0x91f/0xb40
[   61.421131][ T5215]  ? __pfx_btrfs_direct_write+0x10/0x10
[   61.426669][ T5215]  ? __pfx_lock_acquire+0x10/0x10
[   61.431681][ T5215]  btrfs_do_write_iter+0x2a1/0x760
[   61.436784][ T5215]  ? rcu_read_lock_any_held+0xb7/0x160
[   61.442240][ T5215]  ? __pfx_btrfs_do_write_iter+0x10/0x10
[   61.447864][ T5215]  vfs_write+0xa72/0xc90
[   61.452092][ T5215]  ? __pfx_btrfs_file_write_iter+0x10/0x10
[   61.457889][ T5215]  ? __pfx_vfs_write+0x10/0x10
[   61.462638][ T5215]  ? lockdep_hardirqs_on+0x99/0x150
[   61.467828][ T5215]  ksys_write+0x1a0/0x2c0
[   61.472161][ T5215]  ? __pfx_ksys_write+0x10/0x10
[   61.477012][ T5215]  ? exc_page_fault+0x590/0x8c0
[   61.481859][ T5215]  do_syscall_64+0xf3/0x230
[   61.486356][ T5215]  ? clear_bhb_loop+0x35/0x90
[   61.491032][ T5215]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.496923][ T5215] RIP: 0033:0x7f5b6c418169
[   61.501330][ T5215] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   61.520922][ T5215] RSP: 002b:00007ffdb1dc3c98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   61.529432][ T5215] RAX: ffffffffffffffda RBX: 0073746e6576652e RCX: 00007f5b6c418169
[   61.537394][ T5215] RDX: 0000000000182000 RSI: 0000000020000000 RDI: 0000000000000005
[   61.545351][ T5215] RBP: 652e79726f6d656d R08: 0000000000000000 R09: 0000000000000000
[   61.553311][ T5215] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb1dc3ce0
[   61.561276][ T5215] R13: 00007ffdb1dc3d20 R14: 0000000001000000 R15: 0000000000000003
[   61.569242][ T5215]  </TASK>
[   61.572473][ T5215] Kernel Offset: disabled
[   61.576786][ T5215] Rebooting in 86400 seconds..