./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3009476583 <...> DUID 00:04:f8:b5:8a:47:ae:09:95:3a:43:2d:d7:42:86:31:94:89 forked to background, child pid 4645 [ 31.205106][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.226667][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts. execve("./syz-executor3009476583", ["./syz-executor3009476583"], 0x7fffb8449640 /* 10 vars */) = 0 brk(NULL) = 0x555555f68000 brk(0x555555f68c40) = 0x555555f68c40 arch_prctl(ARCH_SET_FS, 0x555555f68300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555f685d0) = 5066 set_robust_list(0x555555f685e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f6bed868750, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f6bed868e20}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f6bed8687f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6bed868e20}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3009476583", 4096) = 28 brk(0x555555f89c40) = 0x555555f89c40 brk(0x555555f8a000) = 0x555555f8a000 mprotect(0x7f6bed92e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=704, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5066}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x26\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 704 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5066}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 access("/proc/net", R_OK) = 0 access("/proc/net/unix", R_OK) = 0 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5066}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5066}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5066}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5066}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5066}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 futex(0x7f6bed9346ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6bed837000 mprotect(0x7f6bed838000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7f6bed8573f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5068], tls=0x7f6bed857700, child_tidptr=0x7f6bed8579d0) = 5068 futex(0x7f6bed9346e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7f6bed9346ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x7f6bed8579e0, 24) = 0 [pid 5068] memfd_create("syzkaller", 0) = 3 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6be5437000 [pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5068] munmap(0x7f6be5437000, 16777216) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5068] close(3) = 0 [pid 5068] mkdir("./file0", 0777) = 0 [pid 5068] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5068] chdir("./file0") = 0 [pid 5068] ioctl(4, LOOP_CLR_FD) = 0 [pid 5068] close(4) = 0 [pid 5068] futex(0x7f6bed9346ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] futex(0x7f6bed9346e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f6bed9346e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] futex(0x7f6bed9346ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 0 syzkaller login: [ 53.599918][ T5068] loop0: detected capacity change from 0 to 32768 [ 53.611451][ T5068] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor300 (5068) [ 53.629425][ T5068] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 53.638253][ T5068] BTRFS info (device loop0): using free space tree [pid 5068] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 5068] futex(0x7f6bed9346ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] futex(0x7f6bed9346e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f6bed9346e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] futex(0x7f6bed9346ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 0 [pid 5068] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 5 [pid 5068] futex(0x7f6bed9346ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f6bed9346e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f6bed9346ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 1 [pid 5068] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5068] futex(0x7f6bed9346ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f6bed9346e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f6bed9346ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 1 [pid 5068] fallocate(6, 0, 0, 1048816) = 0 [pid 5068] futex(0x7f6bed9346ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f6bed9346e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f6bed9346ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 1 [ 53.659139][ T5068] BTRFS info (device loop0): enabling ssd optimizations [ 53.666223][ T5068] BTRFS info (device loop0): auto enabling async discard [pid 5068] sendfile(4, 6, NULL, 142606348 [pid 5066] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5066] futex(0x7f6bed9346fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6be6416000 [pid 5066] mprotect(0x7f6be6417000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] clone(child_stack=0x7f6be64363f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5087], tls=0x7f6be6436700, child_tidptr=0x7f6be64369d0) = 5087 [pid 5066] futex(0x7f6bed9346f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f6bed9346fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x7f6be64369e0, 24) = 0 [pid 5087] open(".", O_RDONLY) = 7 [pid 5087] futex(0x7f6bed9346fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [pid 5066] futex(0x7f6bed9346f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] ioctl(7, BTRFS_IOC_BALANCE_V2, {flags=0} [pid 5066] <... futex resumed>) = 0 [ 53.691473][ T27] audit: type=1800 audit(1672678196.929:2): pid=5068 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor300" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 53.718658][ T27] audit: type=1800 audit(1672678196.959:3): pid=5068 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor300" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5066] futex(0x7f6bed9346fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 53.845567][ T5087] BTRFS info (device loop0): balance: start [ 53.853757][ T5068] ------------[ cut here ]------------ [ 53.860366][ T5087] BTRFS info (device loop0: state A): balance: ended with status: 0 [ 53.869254][ T5068] BTRFS: Transaction aborted (error -28) [ 53.875214][ T5068] WARNING: CPU: 1 PID: 5068 at fs/btrfs/extent-tree.c:3074 __btrfs_free_extent+0x237b/0x29d0 [ 53.885600][ T5068] Modules linked in: [ 53.890172][ T5068] CPU: 0 PID: 5068 Comm: syz-executor300 Not tainted 6.2.0-rc2-syzkaller #0 [ 53.899089][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 53.909307][ T5068] RIP: 0010:__btrfs_free_extent+0x237b/0x29d0 [ 53.915418][ T5068] Code: ba ff 0b 00 00 b9 fe ff ff ff e8 10 76 28 07 e9 b0 fb ff ff e8 06 bd 04 fe 48 c7 c7 a0 e3 38 8b 44 89 f6 31 c0 e8 c5 ac cb fd <0f> 0b e9 a9 e3 ff ff e8 e9 bc 04 fe 31 c0 4c 8b 6c 24 28 48 8b 7c [ 53.935959][ T5068] RSP: 0018:ffffc90003bfea60 EFLAGS: 00010246 [ 53.942079][ T5068] RAX: 0d7746c55be24500 RBX: ffff888028c9c001 RCX: ffff8880200d8000 [ 53.950371][ T5068] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 53.958525][ T5068] RBP: ffffc90003bfebe0 R08: ffffffff816f2c9d R09: ffffed1017324f5b [ 53.966637][ T5068] R10: ffffed1017324f5b R11: 1ffff11017324f5a R12: dffffc0000000000 [ 53.974677][ T5068] R13: ffff888028c01790 R14: 00000000ffffffe4 R15: dffffc0000000000 [ 53.982832][ T5068] FS: 00007f6bed857700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 53.991893][ T5068] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.998565][ T5068] CR2: 00005570f97a08a0 CR3: 0000000075f5d000 CR4: 00000000003506f0 [ 54.006608][ T5068] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.014594][ T5068] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.022646][ T5068] Call Trace: [ 54.026000][ T5068] [ 54.028941][ T5068] ? __btrfs_inc_extent_ref+0x5d0/0x5d0 [ 54.034495][ T5068] ? rcu_read_lock_sched_held+0x87/0x110 [ 54.040212][ T5068] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [pid 5066] exit_group(0) = ? [ 54.046287][ T5068] ? __lock_acquire+0x1292/0x1f60 [ 54.051345][ T5068] ? do_raw_spin_unlock+0x134/0x8a0 [ 54.056629][ T5068] btrfs_run_delayed_refs_for_head+0xe35/0x1e50 [ 54.062920][ T5068] ? read_lock_is_recursive+0x10/0x10 [ 54.068420][ T5068] ? btrfs_issue_discard+0x700/0x700 [ 54.073728][ T5068] ? read_lock_is_recursive+0x10/0x10 [ 54.079188][ T5068] ? __btrfs_run_delayed_refs+0x1d5/0x490 [ 54.084927][ T5068] ? do_raw_read_unlock+0x37/0x70 [ 54.090026][ T5068] ? _raw_read_unlock+0x24/0x40 [ 54.094891][ T5068] ? btrfs_tree_mod_log_lowest_seq+0x92/0xa0 [ 54.100959][ T5068] ? btrfs_merge_delayed_refs+0x5db/0x650 [ 54.106991][ T5068] ? do_raw_spin_unlock+0x134/0x8a0 [ 54.112203][ T5068] __btrfs_run_delayed_refs+0x25f/0x490 [ 54.117816][ T5068] ? btrfs_run_delayed_refs+0x480/0x480 [ 54.123376][ T5068] ? mark_lock+0x9a/0x350 [ 54.127796][ T5068] btrfs_run_delayed_refs+0x13b/0x480 [ 54.133179][ T5068] ? btrfs_trans_release_metadata+0x158/0x1c0 [ 54.139308][ T5068] btrfs_commit_transaction+0x23d/0x3340 [ 54.144960][ T5068] ? __lock_acquire+0x1f60/0x1f60 [ 54.150054][ T5068] ? do_raw_spin_lock+0x147/0x3a0 [ 54.155095][ T5068] ? btrfs_commit_transaction_async+0x440/0x440 [ 54.161405][ T5068] ? join_transaction+0xc34/0xe50 [ 54.166517][ T5068] ? join_transaction+0xc0e/0xe50 [ 54.171538][ T5068] ? btrfs_record_root_in_trans+0x129/0x180 [ 54.177508][ T5068] ? start_transaction+0x3dc/0x10f0 [ 54.182766][ T5068] btrfs_sync_file+0xeac/0x1190 [ 54.187726][ T5068] ? btrfs_release_file+0x120/0x120 [ 54.192960][ T5068] ? __lock_acquire+0x1f60/0x1f60 [ 54.198029][ T5068] ? do_raw_spin_lock+0x147/0x3a0 [ 54.203083][ T5068] ? do_raw_spin_unlock+0x134/0x8a0 [ 54.208411][ T5068] btrfs_do_write_iter+0xcd3/0x1280 [ 54.213644][ T5068] ? btrfs_check_nocow_unlock+0x40/0x40 [ 54.219288][ T5068] ? bpf_lsm_file_permission+0x5/0x10 [ 54.224681][ T5068] do_iter_write+0x6c2/0xc20 [ 54.229363][ T5068] ? rcu_read_lock_sched_held+0x87/0x110 [ 54.235006][ T5068] ? vfs_iter_write+0xa0/0xa0 [ 54.239746][ T5068] ? vfs_iter_write+0x69/0xa0 [ 54.244435][ T5068] iter_file_splice_write+0x7fc/0xfc0 [ 54.249913][ T5068] ? splice_from_pipe+0x200/0x200 [ 54.255733][ T5068] ? splice_shrink_spd+0xb0/0xb0 [ 54.260730][ T5068] ? splice_from_pipe+0x200/0x200 [ 54.265771][ T5068] direct_splice_actor+0xe6/0x1c0 [ 54.270875][ T5068] splice_direct_to_actor+0x4e4/0xc00 [ 54.276326][ T5068] ? do_splice_direct+0x3d0/0x3d0 [ 54.281344][ T5068] ? pipe_to_sendpage+0x340/0x340 [ 54.286453][ T5068] ? bpf_lsm_file_permission+0x5/0x10 [ 54.291835][ T5068] ? security_file_permission+0xe0/0x5c0 [ 54.297547][ T5068] do_splice_direct+0x279/0x3d0 [ 54.302425][ T5068] ? splice_direct_to_actor+0xc00/0xc00 [ 54.308078][ T5068] ? rcu_read_lock_any_held+0xb1/0x130 [ 54.313551][ T5068] ? apparmor_file_permission+0x1f0/0x310 [ 54.319419][ T5068] do_sendfile+0x5fb/0xf80 [ 54.323878][ T5068] ? ptrace_stop+0x74d/0x970 [ 54.328626][ T5068] ? do_pwritev+0x350/0x350 [ 54.333148][ T5068] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.338422][ T5068] ? ptrace_notify+0x245/0x340 [ 54.343203][ T5068] __se_sys_sendfile64+0x14f/0x1b0 [ 54.348406][ T5068] ? __x64_sys_sendfile64+0xa0/0xa0 [ 54.353615][ T5068] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 54.359656][ T5068] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 54.365647][ T5068] do_syscall_64+0x3d/0xb0 [ 54.370144][ T5068] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.376097][ T5068] RIP: 0033:0x7f6bed8aae09 [ 54.380518][ T5068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 54.400209][ T5068] RSP: 002b:00007f6bed8572f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 54.408678][ T5068] RAX: ffffffffffffffda RBX: 00007f6bed9346e0 RCX: 00007f6bed8aae09 [ 54.416744][ T5068] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 54.424718][ T5068] RBP: 00007f6bed90160c R08: 0000000000000000 R09: 0000000000000000 [ 54.432873][ T5068] R10: 000000000880000c R11: 0000000000000246 R12: 0000000020000600 [ 54.440939][ T5068] R13: 0030656c69662f2e R14: 0000000000000000 R15: 00007f6bed9346e8 [ 54.448987][ T5068] [ 54.452013][ T5068] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 54.459294][ T5068] CPU: 0 PID: 5068 Comm: syz-executor300 Not tainted 6.2.0-rc2-syzkaller #0 [ 54.467984][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.478033][ T5068] Call Trace: [ 54.481301][ T5068] [ 54.484218][ T5068] dump_stack_lvl+0x1b1/0x290 [ 54.488912][ T5068] ? nf_tcp_handle_invalid+0x630/0x630 [ 54.494360][ T5068] ? panic+0x710/0x710 [ 54.498417][ T5068] ? vscnprintf+0x59/0x80 [ 54.502731][ T5068] ? __btrfs_free_extent+0x2310/0x29d0 [ 54.508174][ T5068] panic+0x2d6/0x710 [ 54.512056][ T5068] ? __warn+0x16d/0x2d0 [ 54.516199][ T5068] ? memcpy_page_flushcache+0x100/0x100 [ 54.521738][ T5068] ? __btrfs_free_extent+0x237b/0x29d0 [ 54.527182][ T5068] __warn+0x284/0x2d0 [ 54.531153][ T5068] ? __btrfs_free_extent+0x237b/0x29d0 [ 54.536596][ T5068] report_bug+0x1b3/0x2d0 [ 54.540920][ T5068] handle_bug+0x3d/0x70 [ 54.545064][ T5068] exc_invalid_op+0x16/0x40 [ 54.549572][ T5068] asm_exc_invalid_op+0x16/0x20 [ 54.554426][ T5068] RIP: 0010:__btrfs_free_extent+0x237b/0x29d0 [ 54.560488][ T5068] Code: ba ff 0b 00 00 b9 fe ff ff ff e8 10 76 28 07 e9 b0 fb ff ff e8 06 bd 04 fe 48 c7 c7 a0 e3 38 8b 44 89 f6 31 c0 e8 c5 ac cb fd <0f> 0b e9 a9 e3 ff ff e8 e9 bc 04 fe 31 c0 4c 8b 6c 24 28 48 8b 7c [ 54.580084][ T5068] RSP: 0018:ffffc90003bfea60 EFLAGS: 00010246 [ 54.586146][ T5068] RAX: 0d7746c55be24500 RBX: ffff888028c9c001 RCX: ffff8880200d8000 [ 54.594111][ T5068] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 54.602074][ T5068] RBP: ffffc90003bfebe0 R08: ffffffff816f2c9d R09: ffffed1017324f5b [ 54.610039][ T5068] R10: ffffed1017324f5b R11: 1ffff11017324f5a R12: dffffc0000000000 [ 54.618002][ T5068] R13: ffff888028c01790 R14: 00000000ffffffe4 R15: dffffc0000000000 [ 54.625975][ T5068] ? __wake_up_klogd+0xcd/0x100 [ 54.630851][ T5068] ? __btrfs_inc_extent_ref+0x5d0/0x5d0 [ 54.636391][ T5068] ? rcu_read_lock_sched_held+0x87/0x110 [ 54.642017][ T5068] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 54.647997][ T5068] ? __lock_acquire+0x1292/0x1f60 [ 54.653015][ T5068] ? do_raw_spin_unlock+0x134/0x8a0 [ 54.658213][ T5068] btrfs_run_delayed_refs_for_head+0xe35/0x1e50 [ 54.664469][ T5068] ? read_lock_is_recursive+0x10/0x10 [ 54.669861][ T5068] ? btrfs_issue_discard+0x700/0x700 [ 54.675138][ T5068] ? read_lock_is_recursive+0x10/0x10 [ 54.680505][ T5068] ? __btrfs_run_delayed_refs+0x1d5/0x490 [ 54.686224][ T5068] ? do_raw_read_unlock+0x37/0x70 [ 54.691245][ T5068] ? _raw_read_unlock+0x24/0x40 [ 54.696092][ T5068] ? btrfs_tree_mod_log_lowest_seq+0x92/0xa0 [ 54.702070][ T5068] ? btrfs_merge_delayed_refs+0x5db/0x650 [ 54.707784][ T5068] ? do_raw_spin_unlock+0x134/0x8a0 [ 54.712985][ T5068] __btrfs_run_delayed_refs+0x25f/0x490 [ 54.719144][ T5068] ? btrfs_run_delayed_refs+0x480/0x480 [ 54.724688][ T5068] ? mark_lock+0x9a/0x350 [ 54.729018][ T5068] btrfs_run_delayed_refs+0x13b/0x480 [ 54.734388][ T5068] ? btrfs_trans_release_metadata+0x158/0x1c0 [ 54.740454][ T5068] btrfs_commit_transaction+0x23d/0x3340 [ 54.746092][ T5068] ? __lock_acquire+0x1f60/0x1f60 [ 54.751109][ T5068] ? do_raw_spin_lock+0x147/0x3a0 [ 54.756137][ T5068] ? btrfs_commit_transaction_async+0x440/0x440 [ 54.762383][ T5068] ? join_transaction+0xc34/0xe50 [ 54.767401][ T5068] ? join_transaction+0xc0e/0xe50 [ 54.772421][ T5068] ? btrfs_record_root_in_trans+0x129/0x180 [ 54.778317][ T5068] ? start_transaction+0x3dc/0x10f0 [ 54.783528][ T5068] btrfs_sync_file+0xeac/0x1190 [ 54.788391][ T5068] ? btrfs_release_file+0x120/0x120 [ 54.793594][ T5068] ? __lock_acquire+0x1f60/0x1f60 [ 54.798609][ T5068] ? do_raw_spin_lock+0x147/0x3a0 [ 54.803645][ T5068] ? do_raw_spin_unlock+0x134/0x8a0 [ 54.808845][ T5068] btrfs_do_write_iter+0xcd3/0x1280 [ 54.814094][ T5068] ? btrfs_check_nocow_unlock+0x40/0x40 [ 54.819642][ T5068] ? bpf_lsm_file_permission+0x5/0x10 [ 54.825015][ T5068] do_iter_write+0x6c2/0xc20 [ 54.830132][ T5068] ? rcu_read_lock_sched_held+0x87/0x110 [ 54.835763][ T5068] ? vfs_iter_write+0xa0/0xa0 [ 54.840444][ T5068] ? vfs_iter_write+0x69/0xa0 [ 54.845118][ T5068] iter_file_splice_write+0x7fc/0xfc0 [ 54.850509][ T5068] ? splice_from_pipe+0x200/0x200 [ 54.855534][ T5068] ? splice_shrink_spd+0xb0/0xb0 [ 54.860477][ T5068] ? splice_from_pipe+0x200/0x200 [ 54.865500][ T5068] direct_splice_actor+0xe6/0x1c0 [ 54.870523][ T5068] splice_direct_to_actor+0x4e4/0xc00 [ 54.875913][ T5068] ? do_splice_direct+0x3d0/0x3d0 [ 54.880936][ T5068] ? pipe_to_sendpage+0x340/0x340 [ 54.885957][ T5068] ? bpf_lsm_file_permission+0x5/0x10 [ 54.891324][ T5068] ? security_file_permission+0xe0/0x5c0 [ 54.896957][ T5068] do_splice_direct+0x279/0x3d0 [ 54.901810][ T5068] ? splice_direct_to_actor+0xc00/0xc00 [ 54.907350][ T5068] ? rcu_read_lock_any_held+0xb1/0x130 [ 54.912808][ T5068] ? apparmor_file_permission+0x1f0/0x310 [ 54.918531][ T5068] do_sendfile+0x5fb/0xf80 [ 54.922946][ T5068] ? ptrace_stop+0x74d/0x970 [ 54.927538][ T5068] ? do_pwritev+0x350/0x350 [ 54.932038][ T5068] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.937234][ T5068] ? ptrace_notify+0x245/0x340 [ 54.942001][ T5068] __se_sys_sendfile64+0x14f/0x1b0 [ 54.947114][ T5068] ? __x64_sys_sendfile64+0xa0/0xa0 [ 54.952310][ T5068] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 54.958286][ T5068] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 54.964260][ T5068] do_syscall_64+0x3d/0xb0 [ 54.968676][ T5068] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.974567][ T5068] RIP: 0033:0x7f6bed8aae09 [ 54.978980][ T5068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 54.998576][ T5068] RSP: 002b:00007f6bed8572f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 55.006985][ T5068] RAX: ffffffffffffffda RBX: 00007f6bed9346e0 RCX: 00007f6bed8aae09 [ 55.014948][ T5068] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 55.022914][ T5068] RBP: 00007f6bed90160c R08: 0000000000000000 R09: 0000000000000000 [ 55.030876][ T5068] R10: 000000000880000c R11: 0000000000000246 R12: 0000000020000600 [ 55.038837][ T5068] R13: 0030656c69662f2e R14: 0000000000000000 R15: 00007f6bed9346e8 [ 55.046816][ T5068] [ 55.049988][ T5068] Kernel Offset: disabled [ 55.054404][ T5068] Rebooting in 86400 seconds..