./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2366554208 <...> Warning: Permanently added '10.128.0.189' (ECDSA) to the list of known hosts. execve("./syz-executor2366554208", ["./syz-executor2366554208"], 0x7fff4af8dac0 /* 10 vars */) = 0 brk(NULL) = 0x5555556b3000 brk(0x5555556b3c40) = 0x5555556b3c40 arch_prctl(ARCH_SET_FS, 0x5555556b3300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2366554208", 4096) = 28 brk(0x5555556d4c40) = 0x5555556d4c40 brk(0x5555556d5000) = 0x5555556d5000 mprotect(0x7f5d816dc000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5d79200000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7f5d79200000, 16777216) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 syzkaller login: [ 56.106101][ T5294] loop0: detected capacity change from 0 to 32768 [ 56.121415][ T5294] BTRFS: device fsid 5ac8a51e-da3a-4998-8e66-e1df06b87bc8 devid 1 transid 8 /dev/loop0 scanned by syz-executor236 (5294) [ 56.143524][ T5294] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 56.153934][ T5294] BTRFS info (device loop0): using free space tree mount("/dev/loop0", "./file0", "btrfs", 0, "noflushoncommit,rescan_uuid_tree,noacl,noautodefrag,datacow,") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 lchown(".", -1, 0) = 0 [ 56.177163][ T5294] BTRFS info (device loop0): enabling ssd optimizations [ 56.184452][ T5294] BTRFS info (device loop0): auto enabling async discard [ 56.194685][ T5294] BTRFS info (device loop0): checking UUID tree ioctl(3, BTRFS_IOC_SUBVOL_SETFLAGS, BTRFS_SUBVOL_RDONLY) = 0 [ 56.250039][ T5294] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 56.261929][ T5294] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 56.270460][ T5294] CPU: 0 PID: 5294 Comm: syz-executor236 Not tainted 6.1.0-rc6-next-20221125-syzkaller #0 [ 56.280386][ T5294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 56.290466][ T5294] RIP: 0010:btrfs_ioctl_send+0x13ab/0x65a0 [ 56.296334][ T5294] Code: 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 49 1c 00 00 4d 8b ae c0 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 34 1c 00 00 4c 39 ed 49 8b 5d 00 49 bc 00 00 00 [ 56.316172][ T5294] RSP: 0018:ffffc90003bbf8c8 EFLAGS: 00010246 [ 56.323702][ T5294] RAX: dffffc0000000000 RBX: ffff88807735f140 RCX: 0000000000000000 [ 56.331883][ T5294] RDX: 0000000000000000 RSI: ffffffff8380b588 RDI: ffff88807735f000 [ 56.340139][ T5294] RBP: ffff88807735f1c0 R08: 0000000000000001 R09: 0000000000000000 [ 56.349021][ T5294] R10: 0000000000000000 R11: 0000000000000000 R12: ffffed100ee6be28 [ 56.357029][ T5294] R13: 0000000000000000 R14: ffff88807735f000 R15: 0000000000000000 [ 56.365034][ T5294] FS: 00005555556b3300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 56.373993][ T5294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.380751][ T5294] CR2: 00007fff4af8bff8 CR3: 000000007dbc9000 CR4: 00000000003506f0 [ 56.388926][ T5294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.396906][ T5294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.405067][ T5294] Call Trace: [ 56.408428][ T5294] [ 56.411403][ T5294] ? changed_cb+0x3610/0x3610 [ 56.416100][ T5294] ? __might_fault+0xd9/0x180 [ 56.420773][ T5294] ? lock_downgrade+0x6e0/0x6e0 [ 56.425711][ T5294] ? _copy_from_user+0x170/0x1f0 [ 56.430811][ T5294] _btrfs_ioctl_send+0x231/0x2e0 [ 56.435850][ T5294] ? exclop_start_or_cancel_reloc+0x230/0x230 [ 56.442194][ T5294] ? tomoyo_path_number_perm+0x242/0x570 [ 56.448297][ T5294] ? lock_downgrade+0x6e0/0x6e0 [ 56.453188][ T5294] ? __kmem_cache_free+0xaf/0x3b0 [ 56.458330][ T5294] btrfs_ioctl+0x4058/0x5870 [ 56.462926][ T5294] ? tomoyo_path_number_perm+0x166/0x570 [ 56.468933][ T5294] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 56.475253][ T5294] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 56.481697][ T5294] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 56.487686][ T5294] ? do_vfs_ioctl+0x137/0x1ae0 [ 56.492464][ T5294] ? vfs_fileattr_set+0xbe0/0xbe0 [ 56.497503][ T5294] ? find_held_lock+0x2d/0x110 [ 56.502389][ T5294] ? name_to_dev_t+0x12/0x990 [ 56.507171][ T5294] ? lock_downgrade+0x6e0/0x6e0 [ 56.512052][ T5294] ? bpf_lsm_file_ioctl+0x9/0x10 [ 56.516990][ T5294] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 56.523420][ T5294] __x64_sys_ioctl+0x197/0x210 [ 56.528659][ T5294] do_syscall_64+0x39/0xb0 [ 56.533274][ T5294] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.539455][ T5294] RIP: 0033:0x7f5d8166ab09 [ 56.543871][ T5294] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 56.564904][ T5294] RSP: 002b:00007fff55cc13f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.573683][ T5294] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5d8166ab09 [ 56.582789][ T5294] RDX: 0000000020000040 RSI: 0000000040489426 RDI: 0000000000000003 [ 56.591125][ T5294] RBP: 00007f5d8162a3d0 R08: 0000000000000000 R09: 0000000000000000 [ 56.599629][ T5294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d8162a460 [ 56.607886][ T5294] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 56.615871][ T5294] [ 56.619517][ T5294] Modules linked in: [ 56.624551][ T5294] ---[ end trace 0000000000000000 ]--- [ 56.630273][ T5294] RIP: 0010:btrfs_ioctl_send+0x13ab/0x65a0 [ 56.636463][ T5294] Code: 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 49 1c 00 00 4d 8b ae c0 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 34 1c 00 00 4c 39 ed 49 8b 5d 00 49 bc 00 00 00 [ 56.656460][ T5294] RSP: 0018:ffffc90003bbf8c8 EFLAGS: 00010246 [ 56.662636][ T5294] RAX: dffffc0000000000 RBX: ffff88807735f140 RCX: 0000000000000000 [ 56.671333][ T5294] RDX: 0000000000000000 RSI: ffffffff8380b588 RDI: ffff88807735f000 [ 56.680010][ T5294] RBP: ffff88807735f1c0 R08: 0000000000000001 R09: 0000000000000000 [ 56.688406][ T5294] R10: 0000000000000000 R11: 0000000000000000 R12: ffffed100ee6be28 [ 56.696423][ T5294] R13: 0000000000000000 R14: ffff88807735f000 R15: 0000000000000000 [ 56.705180][ T5294] FS: 00005555556b3300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 56.715492][ T5294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.722384][ T5294] CR2: 00007fff4af8bff8 CR3: 000000007dbc9000 CR4: 00000000003506f0 [ 56.730821][ T5294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.739363][ T5294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.747634][ T5294] Kernel panic - not syncing: Fatal exception [ 56.755003][ T5294] Kernel Offset: disabled [ 56.759497][ T5294] Rebooting in 86400 seconds..