./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3873587628

<...>
forked to background, child pid 3207
no interfaces have a carrier
[   27.703684][ T3208] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.716903][ T3208] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts.
execve("./syz-executor3873587628", ["./syz-executor3873587628"], 0x7ffd77eb8090 /* 10 vars */) = 0
brk(NULL)                               = 0x555556fb3000
brk(0x555556fb3d00)                     = 0x555556fb3d00
arch_prctl(ARCH_SET_FS, 0x555556fb33c0) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3873587628", 4096) = 28
brk(0x555556fd4d00)                     = 0x555556fd4d00
brk(0x555556fd5000)                     = 0x555556fd5000
mprotect(0x7f72f6f55000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 3628
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "3628", 4)                     = 4
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f72f6e9f470, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f72f6ea08f0}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f72f6e9f470, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f72f6ea08f0}, NULL, 8) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fb3690) = 3629
./strace-static-x86_64: Process 3629 attached
[pid  3629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3629] setpgid(0, 0)               = 0
[pid  3629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3629] write(3, "1000", 4)         = 4
[pid  3629] close(3)                    = 0
[pid  3629] memfd_create("syzkaller", 0) = 3
[pid  3629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f72eea95000
[pid  3629] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3629] munmap(0x7f72eea95000, 16777216) = 0
[pid  3629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3629] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3629] close(3)                    = 0
[pid  3629] mkdir("./file0", 0777)      = 0
syzkaller login: [   49.650677][ T3629] loop0: detected capacity change from 0 to 32768
[   49.662353][ T3629] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor387 (3629)
[   49.681701][ T3629] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm
[   49.690264][ T3629] BTRFS info (device loop0): using free space tree
[pid  3629] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  3629] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3629] chdir("./file0")            = 0
[pid  3629] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3629] close(4)                    = 0
[pid  3629] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  3629] fallocate(4, 0, 0, 1048820) = 0
[pid  3629] read(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 8224
[pid  3629] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  3629] write(5, "20", 2)           = 2
[   49.711644][ T3629] BTRFS info (device loop0): enabling ssd optimizations
[   49.735522][   T27] audit: type=1800 audit(1670694034.443:2): pid=3629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor387" name="bus" dev="loop0" ino=263 res=0 errno=0
[   49.756319][ T3629] FAULT_INJECTION: forcing a failure.
[   49.756319][ T3629] name failslab, interval 1, probability 0, space 0, times 1
[   49.769133][ T3629] CPU: 0 PID: 3629 Comm: syz-executor387 Not tainted 6.1.0-rc8-syzkaller-00152-g3ecc37918c80 #0
[   49.779552][ T3629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   49.789598][ T3629] Call Trace:
[   49.792862][ T3629]  <TASK>
[   49.795781][ T3629]  dump_stack_lvl+0xd1/0x138
[   49.800396][ T3629]  should_fail_ex.cold+0x5/0xa
[   49.805156][ T3629]  ? alloc_extent_state+0x25/0x430
[   49.810262][ T3629]  should_failslab+0x9/0x20
[   49.814755][ T3629]  kmem_cache_alloc+0x5a/0x3d0
[   49.819510][ T3629]  ? rwlock_bug.part.0+0x90/0x90
[   49.824447][ T3629]  alloc_extent_state+0x25/0x430
[   49.829379][ T3629]  __clear_extent_bit+0x70f/0xca0
[   49.834403][ T3629]  try_release_extent_mapping+0x539/0x690
[   49.840119][ T3629]  ? find_get_entries+0x530/0x530
[   49.845332][ T3629]  btrfs_release_folio+0xc8/0x130
[   49.850349][ T3629]  ? btrfs_opendir+0x150/0x150
[   49.855105][ T3629]  filemap_release_folio+0x13f/0x1b0
[   49.860389][ T3629]  mapping_evict_folio+0x1fe/0x280
[   49.865500][ T3629]  invalidate_mapping_pagevec+0x19f/0x490
[   49.871214][ T3629]  ? invalidate_inode_page+0x160/0x160
[   49.876662][ T3629]  ? __filemap_fdatawait_range+0x2b7/0x740
[   49.882471][ T3629]  ? filemap_get_read_batch+0x8d0/0x8d0
[   49.888021][ T3629]  ? up_write+0x520/0x520
[   49.892353][ T3629]  btrfs_do_write_iter+0xfdc/0x1450
[   49.897548][ T3629]  ? btrfs_fdatawrite_range+0x110/0x110
[   49.903182][ T3629]  vfs_write+0x9ed/0xdd0
[   49.907542][ T3629]  ? kernel_write+0x630/0x630
[   49.912214][ T3629]  ? find_held_lock+0x2d/0x110
[   49.916976][ T3629]  ? lock_downgrade+0x6e0/0x6e0
[   49.921827][ T3629]  ? __fget_light+0x20a/0x270
[   49.926498][ T3629]  ksys_write+0x12b/0x250
[   49.930824][ T3629]  ? __ia32_sys_read+0xb0/0xb0
[   49.935580][ T3629]  ? lockdep_hardirqs_on+0x7d/0x100
[   49.940767][ T3629]  ? _raw_spin_unlock_irq+0x2e/0x50
[   49.945959][ T3629]  ? ptrace_notify+0xfe/0x140
[   49.950820][ T3629]  do_syscall_64+0x39/0xb0
[   49.955232][ T3629]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   49.961118][ T3629] RIP: 0033:0x7f72f6eea6c9
[   49.965523][ T3629] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   49.985120][ T3629] RSP: 002b:00007ffe31004eb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   49.993526][ T3629] RAX: ffffffffffffffda RBX: 00007ffe31004f28 RCX: 00007f72f6eea6c9
[   50.001511][ T3629] RDX: 0000000000000004 RSI: 0000000020000000 RDI: 0000000000000004
[   50.009558][ T3629] RBP: 00007ffe31004ec0 R08: 0000000000000002 R09: 0000000000003032
[   50.017634][ T3629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   50.025601][ T3629] R13: 00007ffe31005000 R14: 431bde82d7b634db R15: 00007ffe31004f00
[   50.033580][ T3629]  </TASK>
[   50.037291][ T3629] ------------[ cut here ]------------
[   50.042802][ T3629] kernel BUG at fs/btrfs/extent-io-tree.c:639!
[   50.048971][ T3629] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   50.055039][ T3629] CPU: 0 PID: 3629 Comm: syz-executor387 Not tainted 6.1.0-rc8-syzkaller-00152-g3ecc37918c80 #0
[   50.065454][ T3629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   50.075516][ T3629] RIP: 0010:__clear_extent_bit+0x722/0xca0
[   50.081334][ T3629] Code: fa ff ff e9 70 fb ff ff e8 2b 93 fb fd bf 20 0a 00 00 e8 31 ca ff ff 48 85 c0 48 89 44 24 18 0f 85 40 fc ff ff e8 0e 93 fb fd <0f> 0b e8 07 93 fb fd 48 89 ef e8 2f d0 ff ff e9 3a fb ff ff e8 f5
[   50.100950][ T3629] RSP: 0018:ffffc90003bdf8b8 EFLAGS: 00010293
[   50.107023][ T3629] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[   50.115008][ T3629] RDX: ffff88801e470000 RSI: ffffffff83848af2 RDI: 0000000000000000
[   50.122992][ T3629] RBP: ffff88801f426a80 R08: 00000000ffffffff R09: ffffffff8c6f8c73
[   50.130975][ T3629] R10: fffffbfff18df18e R11: 0000000000000000 R12: 0000000000002000
[   50.138965][ T3629] R13: 000000000004ffff R14: 0000000000000000 R15: 0000000000002fff
[   50.146952][ T3629] FS:  0000555556fb33c0(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   50.155872][ T3629] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.162467][ T3629] CR2: 00005575fe304940 CR3: 000000007bef5000 CR4: 0000000000350ef0
[   50.170429][ T3629] Call Trace:
[   50.173692][ T3629]  <TASK>
[   50.176610][ T3629]  try_release_extent_mapping+0x539/0x690
[   50.182322][ T3629]  ? find_get_entries+0x530/0x530
[   50.187334][ T3629]  btrfs_release_folio+0xc8/0x130
[   50.192351][ T3629]  ? btrfs_opendir+0x150/0x150
[   50.197102][ T3629]  filemap_release_folio+0x13f/0x1b0
[   50.202383][ T3629]  mapping_evict_folio+0x1fe/0x280
[   50.207486][ T3629]  invalidate_mapping_pagevec+0x19f/0x490
[   50.213217][ T3629]  ? invalidate_inode_page+0x160/0x160
[   50.218663][ T3629]  ? __filemap_fdatawait_range+0x2b7/0x740
[   50.224468][ T3629]  ? filemap_get_read_batch+0x8d0/0x8d0
[   50.230013][ T3629]  ? up_write+0x520/0x520
[   50.234336][ T3629]  btrfs_do_write_iter+0xfdc/0x1450
[   50.239527][ T3629]  ? btrfs_fdatawrite_range+0x110/0x110
[   50.245059][ T3629]  vfs_write+0x9ed/0xdd0
[   50.249291][ T3629]  ? kernel_write+0x630/0x630
[   50.253955][ T3629]  ? find_held_lock+0x2d/0x110
[   50.258710][ T3629]  ? lock_downgrade+0x6e0/0x6e0
[   50.263728][ T3629]  ? __fget_light+0x20a/0x270
[   50.268393][ T3629]  ksys_write+0x12b/0x250
[   50.272802][ T3629]  ? __ia32_sys_read+0xb0/0xb0
[   50.277553][ T3629]  ? lockdep_hardirqs_on+0x7d/0x100
[   50.282735][ T3629]  ? _raw_spin_unlock_irq+0x2e/0x50
[   50.287918][ T3629]  ? ptrace_notify+0xfe/0x140
[   50.292677][ T3629]  do_syscall_64+0x39/0xb0
[   50.297086][ T3629]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.302969][ T3629] RIP: 0033:0x7f72f6eea6c9
[   50.307368][ T3629] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   50.326972][ T3629] RSP: 002b:00007ffe31004eb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   50.335371][ T3629] RAX: ffffffffffffffda RBX: 00007ffe31004f28 RCX: 00007f72f6eea6c9
[   50.343328][ T3629] RDX: 0000000000000004 RSI: 0000000020000000 RDI: 0000000000000004
[   50.351282][ T3629] RBP: 00007ffe31004ec0 R08: 0000000000000002 R09: 0000000000003032
[   50.359240][ T3629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   50.367194][ T3629] R13: 00007ffe31005000 R14: 431bde82d7b634db R15: 00007ffe31004f00
[   50.375156][ T3629]  </TASK>
[   50.378161][ T3629] Modules linked in:
[   50.382157][ T3629] ---[ end trace 0000000000000000 ]---
[   50.387708][ T3629] RIP: 0010:__clear_extent_bit+0x722/0xca0
[   50.393583][ T3629] Code: fa ff ff e9 70 fb ff ff e8 2b 93 fb fd bf 20 0a 00 00 e8 31 ca ff ff 48 85 c0 48 89 44 24 18 0f 85 40 fc ff ff e8 0e 93 fb fd <0f> 0b e8 07 93 fb fd 48 89 ef e8 2f d0 ff ff e9 3a fb ff ff e8 f5
[   50.413241][ T3629] RSP: 0018:ffffc90003bdf8b8 EFLAGS: 00010293
[   50.419321][ T3629] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[   50.427325][ T3629] RDX: ffff88801e470000 RSI: ffffffff83848af2 RDI: 0000000000000000
[   50.435564][ T3629] RBP: ffff88801f426a80 R08: 00000000ffffffff R09: ffffffff8c6f8c73
[   50.443562][ T3629] R10: fffffbfff18df18e R11: 0000000000000000 R12: 0000000000002000
[   50.451571][ T3629] R13: 000000000004ffff R14: 0000000000000000 R15: 0000000000002fff
[   50.459589][ T3629] FS:  0000555556fb33c0(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   50.468535][ T3629] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.475163][ T3629] CR2: 00005575fe304940 CR3: 000000007bef5000 CR4: 0000000000350ef0
[   50.483158][ T3629] Kernel panic - not syncing: Fatal exception
[   50.489896][ T3629] Kernel Offset: disabled
[   50.494214][ T3629] Rebooting in 86400 seconds..