./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1953478863 <...> [ 28.548099][ T4652] dhcpcd-run-hook (4652) used greatest stack depth: 16688 bytes left forked to background, child pid 4648 [ 30.418794][ T4649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.428198][ T4649] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. execve("./syz-executor1953478863", ["./syz-executor1953478863"], 0x7ffef9d1fd00 /* 10 vars */) = 0 brk(NULL) = 0x555555d99000 brk(0x555555d99c40) = 0x555555d99c40 arch_prctl(ARCH_SET_FS, 0x555555d99300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555d995d0) = 5069 set_robust_list(0x555555d995e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f7030d747d0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f7030d74ea0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f7030d74870, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f7030d74ea0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1953478863", 4096) = 28 brk(0x555555dbac40) = 0x555555dbac40 brk(0x555555dbb000) = 0x555555dbb000 mprotect(0x7f7030e3b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5069 mkdir("./syzkaller.mO4CQv", 0700) = 0 chmod("./syzkaller.mO4CQv", 0777) = 0 chdir("./syzkaller.mO4CQv") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d995d0) = 5071 ./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x555555d995e0, 24) = 0 [pid 5071] chdir("./0") = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] futex(0x7f7030e417ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7030d43000 [pid 5071] mprotect(0x7f7030d44000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5071] clone(child_stack=0x7f7030d633f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5072], tls=0x7f7030d63700, child_tidptr=0x7f7030d639d0) = 5072 [pid 5071] futex(0x7f7030e417a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f7030e417ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x7f7030d639e0, 24) = 0 [pid 5072] memfd_create("syzkaller", 0) = 3 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7028943000 [pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5072] munmap(0x7f7028943000, 16777216) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5072] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5072] close(3) = 0 [pid 5072] mkdir("./file0", 0777) = 0 syzkaller login: [ 50.788993][ T5072] loop0: detected capacity change from 0 to 32768 [ 50.800438][ T5072] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor195 (5072) [ 50.819551][ T5072] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 50.828470][ T5072] BTRFS info (device loop0): using free space tree [pid 5072] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5072] chdir("./file0") = 0 [pid 5072] ioctl(4, LOOP_CLR_FD) = 0 [pid 5072] close(4) = 0 [pid 5072] futex(0x7f7030e417ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f7030e417a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f7030e417ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... futex resumed>) = 1 [pid 5072] open(".", O_RDONLY) = 4 [pid 5072] futex(0x7f7030e417ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f7030e417a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f7030e417ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... futex resumed>) = 1 [pid 5072] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5072] futex(0x7f7030e417ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f7030e417a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f7030e417ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... futex resumed>) = 1 [pid 5072] openat(-1, "/proc/self/exe", O_RDONLY) = 6 [pid 5072] futex(0x7f7030e417ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f7030e417a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f7030e417ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... futex resumed>) = 1 [ 50.850699][ T5072] BTRFS info (device loop0): enabling ssd optimizations [ 50.857658][ T5072] BTRFS info (device loop0): auto enabling async discard [ 50.879424][ T27] audit: type=1800 audit(1671968475.777:2): pid=5072 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor195" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5072] sendfile(5, 6, NULL, 140737974943952 [pid 5071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5071] futex(0x7f7030e417bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7029922000 [pid 5071] mprotect(0x7f7029923000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5071] clone(child_stack=0x7f70299423f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5090 attached , parent_tid=[5090], tls=0x7f7029942700, child_tidptr=0x7f70299429d0) = 5090 [pid 5071] futex(0x7f7030e417b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f7030e417bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] set_robust_list(0x7f70299429e0, 24) = 0 [pid 5090] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=0} [pid 5071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 50.998681][ T5090] BTRFS info (device loop0): balance: start [ 50.999016][ T56] ------------[ cut here ]------------ [ 51.005091][ T5090] BTRFS info (device loop0: state A): balance: ended with status: 0 [ 51.011992][ T56] BTRFS: Transaction aborted (error -28) [ 51.024677][ T56] WARNING: CPU: 1 PID: 56 at fs/btrfs/inode.c:3343 btrfs_finish_ordered_io+0x1ac9/0x1cb0 [ 51.035413][ T56] Modules linked in: [ 51.040143][ T56] CPU: 1 PID: 56 Comm: kworker/u4:4 Not tainted 6.1.0-syzkaller-14594-g72a85e2b0a1e #0 [ 51.050489][ T56] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 51.061085][ T56] Workqueue: btrfs-endio-write btrfs_work_helper [ 51.067705][ T56] RIP: 0010:btrfs_finish_ordered_io+0x1ac9/0x1cb0 [ 51.074500][ T56] Code: 8b 44 89 ee 31 c0 e8 26 e8 c5 fd 0f 0b b0 01 e9 4b ff ff ff e8 58 f8 fe fd 48 c7 c7 c0 9f 39 8b 44 89 ee 31 c0 e8 07 e8 c5 fd <0f> 0b e9 a6 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 11 ed ff [ 51.094662][ T56] RSP: 0018:ffffc900015779e0 EFLAGS: 00010246 [ 51.101139][ T56] RAX: 203bb8e87d482d00 RBX: 0000000000000024 RCX: ffff888017d91d40 [ 51.109706][ T56] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 51.117703][ T56] RBP: ffffc90001577bc0 R08: ffffffff816f2c9d R09: fffff520002aeef5 [ 51.125822][ T56] R10: fffff520002aeef5 R11: 1ffff920002aeef4 R12: 0000000000000000 [ 51.133899][ T56] R13: 00000000ffffffe4 R14: dffffc0000000000 R15: ffff88807292d540 [ 51.142053][ T56] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 51.151243][ T56] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.158379][ T56] CR2: 00007ffef9d1dda0 CR3: 00000000290a7000 CR4: 00000000003506e0 [ 51.166385][ T56] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.175650][ T56] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.183730][ T56] Call Trace: [ 51.187019][ T56] [ 51.190089][ T56] ? btrfs_writepage_fixup_worker+0x1140/0x1140 [pid 5071] exit_group(0) = ? [ 51.196348][ T56] ? rcu_read_lock_sched_held+0x87/0x110 [ 51.202045][ T56] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 51.208043][ T56] ? rcu_read_lock_sched_held+0x87/0x110 [ 51.213751][ T56] btrfs_work_helper+0x312/0x850 [ 51.218761][ T56] process_one_work+0x877/0xdb0 [ 51.223641][ T56] ? worker_detach_from_pool+0x260/0x260 [ 51.229568][ T56] ? _raw_spin_lock_irq+0xba/0xf0 [ 51.234619][ T56] ? _raw_spin_lock_irqsave+0x100/0x100 [ 51.240266][ T56] worker_thread+0xb14/0x1330 [ 51.245249][ T56] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 51.251626][ T56] kthread+0x266/0x300 [ 51.255725][ T56] ? rcu_lock_release+0x20/0x20 [ 51.260647][ T56] ? kthread_blkcg+0xd0/0xd0 [ 51.265253][ T56] ret_from_fork+0x1f/0x30 [ 51.269802][ T56] [ 51.272840][ T56] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 51.280120][ T56] CPU: 1 PID: 56 Comm: kworker/u4:4 Not tainted 6.1.0-syzkaller-14594-g72a85e2b0a1e #0 [ 51.289734][ T56] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 51.299781][ T56] Workqueue: btrfs-endio-write btrfs_work_helper [ 51.306116][ T56] Call Trace: [ 51.309401][ T56] [ 51.312330][ T56] dump_stack_lvl+0x1b1/0x290 [ 51.317019][ T56] ? nf_tcp_handle_invalid+0x630/0x630 [ 51.322591][ T56] ? panic+0x710/0x710 [ 51.326692][ T56] ? vscnprintf+0x59/0x80 [ 51.331045][ T56] ? btrfs_finish_ordered_io+0x1aa0/0x1cb0 [ 51.336878][ T56] panic+0x2d6/0x710 [ 51.340796][ T56] ? __warn+0x16d/0x2d0 [ 51.344944][ T56] ? memcpy_page_flushcache+0x100/0x100 [ 51.350489][ T56] ? ret_from_fork+0x1f/0x30 [ 51.355093][ T56] ? btrfs_finish_ordered_io+0x1ac9/0x1cb0 [ 51.360910][ T56] __warn+0x284/0x2d0 [ 51.364890][ T56] ? btrfs_finish_ordered_io+0x1ac9/0x1cb0 [ 51.370686][ T56] report_bug+0x1b3/0x2d0 [ 51.375022][ T56] handle_bug+0x3d/0x70 [ 51.379176][ T56] exc_invalid_op+0x16/0x40 [ 51.383672][ T56] asm_exc_invalid_op+0x16/0x20 [ 51.388515][ T56] RIP: 0010:btrfs_finish_ordered_io+0x1ac9/0x1cb0 [ 51.394918][ T56] Code: 8b 44 89 ee 31 c0 e8 26 e8 c5 fd 0f 0b b0 01 e9 4b ff ff ff e8 58 f8 fe fd 48 c7 c7 c0 9f 39 8b 44 89 ee 31 c0 e8 07 e8 c5 fd <0f> 0b e9 a6 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 11 ed ff [ 51.414524][ T56] RSP: 0018:ffffc900015779e0 EFLAGS: 00010246 [ 51.420602][ T56] RAX: 203bb8e87d482d00 RBX: 0000000000000024 RCX: ffff888017d91d40 [ 51.428568][ T56] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 51.436539][ T56] RBP: ffffc90001577bc0 R08: ffffffff816f2c9d R09: fffff520002aeef5 [ 51.444523][ T56] R10: fffff520002aeef5 R11: 1ffff920002aeef4 R12: 0000000000000000 [ 51.452481][ T56] R13: 00000000ffffffe4 R14: dffffc0000000000 R15: ffff88807292d540 [ 51.460447][ T56] ? __wake_up_klogd+0xcd/0x100 [ 51.465314][ T56] ? btrfs_writepage_fixup_worker+0x1140/0x1140 [ 51.471546][ T56] ? rcu_read_lock_sched_held+0x87/0x110 [ 51.477171][ T56] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 51.483153][ T56] ? rcu_read_lock_sched_held+0x87/0x110 [ 51.488796][ T56] btrfs_work_helper+0x312/0x850 [ 51.493752][ T56] process_one_work+0x877/0xdb0 [ 51.498631][ T56] ? worker_detach_from_pool+0x260/0x260 [ 51.504256][ T56] ? _raw_spin_lock_irq+0xba/0xf0 [ 51.509272][ T56] ? _raw_spin_lock_irqsave+0x100/0x100 [ 51.514822][ T56] worker_thread+0xb14/0x1330 [ 51.519508][ T56] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 51.525405][ T56] kthread+0x266/0x300 [ 51.529467][ T56] ? rcu_lock_release+0x20/0x20 [ 51.534308][ T56] ? kthread_blkcg+0xd0/0xd0 [ 51.538903][ T56] ret_from_fork+0x1f/0x30 [ 51.543326][ T56] [ 51.546503][ T56] Kernel Offset: disabled [ 51.550894][ T56] Rebooting in 86400 seconds..