./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor237249161
<...>
DUID 00:04:7c:8f:25:e4:1e:61:d4:15:b8:1c:50:2a:7f:f5:0b:01
forked to background, child pid 3209
[ 29.644028][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0
[ 29.659189][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.68' (ECDSA) to the list of known hosts.
execve("./syz-executor237249161", ["./syz-executor237249161"], 0x7fff3ae03610 /* 10 vars */) = 0
brk(NULL) = 0x555555b36000
brk(0x555555b36c40) = 0x555555b36c40
arch_prctl(ARCH_SET_FS, 0x555555b36300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor237249161", 4096) = 27
brk(0x555555b57c40) = 0x555555b57c40
brk(0x555555b58000) = 0x555555b58000
mprotect(0x7f6e9c3d9000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 3631
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11) = 11
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2) = 2
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7) = 7
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "3631", 4) = 4
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 3631
mkdir("./syzkaller.xUrgdM", 0700) = 0
chmod("./syzkaller.xUrgdM", 0777) = 0
chdir("./syzkaller.xUrgdM") = 0
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6e93f19000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
munmap(0x7f6e93f19000, 16777216) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
syzkaller login: [ 57.793804][ T3631] loop0: detected capacity change from 0 to 32768
[ 57.804331][ T3631] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor237 (3631)
[ 57.828050][ T3631] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 57.836885][ T3631] BTRFS info (device loop0): using free space tree
mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
[ 57.856394][ T3631] BTRFS info (device loop0): enabling ssd optimizations
open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
fallocate(4, 0, 0, 1048820) = 0
read(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 8224
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
write(5, "21", 2) = 2
[ 57.890575][ T27] audit: type=1800 audit(1670641047.172:2): pid=3631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor237" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 57.932538][ T3631] FAULT_INJECTION: forcing a failure.
[ 57.932538][ T3631] name failslab, interval 1, probability 0, space 0, times 1
[ 57.945390][ T3631] CPU: 1 PID: 3631 Comm: syz-executor237 Not tainted 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0
[ 57.955820][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 57.965884][ T3631] Call Trace:
[ 57.969174][ T3631]
[ 57.972123][ T3631] dump_stack_lvl+0x1b1/0x28e
[ 57.976838][ T3631] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 57.982309][ T3631] ? panic+0x710/0x710
[ 57.986400][ T3631] ? read_lock_is_recursive+0x10/0x10
[ 57.991798][ T3631] should_fail_ex+0x395/0x4c0
[ 57.996498][ T3631] ? __clear_extent_bit+0xa36/0xc60
[ 58.001724][ T3631] should_failslab+0x5/0x20
[ 58.006247][ T3631] kmem_cache_alloc+0x68/0x300
[ 58.011037][ T3631] __clear_extent_bit+0xa36/0xc60
[ 58.016095][ T3631] try_release_extent_mapping+0x4e5/0x560
[ 58.021842][ T3631] ? find_get_entries+0x630/0x630
[ 58.026884][ T3631] btrfs_release_folio+0x126/0x340
[ 58.032010][ T3631] mapping_evict_folio+0x24d/0x570
[ 58.037119][ T3631] invalidate_mapping_pagevec+0x37d/0x7c0
[ 58.042835][ T3631] ? truncate_inode_pages_final+0x90/0x90
[ 58.048551][ T3631] ? filemap_fdatawait_range+0x30/0x30
[ 58.054016][ T3631] ? filemap_fdatawrite_range+0x175/0x200
[ 58.059736][ T3631] ? filemap_fdatawrite+0x1d0/0x1d0
[ 58.064939][ T3631] ? up_read+0x20/0x20
[ 58.068998][ T3631] ? btrfs_write_check+0x4a9/0x540
[ 58.074151][ T3631] btrfs_do_write_iter+0x112e/0x1260
[ 58.079446][ T3631] ? btrfs_check_nocow_unlock+0x40/0x40
[ 58.084992][ T3631] vfs_write+0x7dc/0xc50
[ 58.089238][ T3631] ? file_end_write+0x230/0x230
[ 58.094108][ T3631] ? ptrace_stop+0x74d/0x970
[ 58.098699][ T3631] ? _raw_spin_unlock_irq+0x2a/0x40
[ 58.103891][ T3631] ? __fdget_pos+0x252/0x2e0
[ 58.108475][ T3631] ksys_write+0x177/0x2a0
[ 58.112800][ T3631] ? __ia32_sys_read+0x80/0x80
[ 58.117556][ T3631] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 58.123536][ T3631] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 58.129508][ T3631] do_syscall_64+0x3d/0xb0
[ 58.133914][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.139809][ T3631] RIP: 0033:0x7f6e9c36da99
[ 58.144231][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.163842][ T3631] RSP: 002b:00007fff1ac1ba08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 58.172252][ T3631] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f6e9c36da99
[ 58.180213][ T3631] RDX: 0000000000000090 RSI: 0000000020000840 RDI: 0000000000000004
[ 58.188176][ T3631] RBP: 0000000000000005 R08: 0000000000000002 R09: 0000000031003132
[ 58.196226][ T3631] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff1ac1bb10
[ 58.204201][ T3631] R13: 00007fff1ac1ba10 R14: 00007f6e9c3aa0e8 R15: 00007fff1ac1ba30
[ 58.212181][ T3631]
[ 58.215808][ T3631] ------------[ cut here ]------------
[ 58.221331][ T3631] kernel BUG at fs/btrfs/extent-io-tree.c:660!
[ 58.227526][ T3631] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 58.233586][ T3631] CPU: 1 PID: 3631 Comm: syz-executor237 Not tainted 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0
[ 58.243987][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 58.254029][ T3631] RIP: 0010:__clear_extent_bit+0xc56/0xc60
[ 58.259821][ T3631] Code: b0 0a 2f fe 48 8b 3b 48 c7 c6 16 53 b1 8c ba 47 01 00 00 89 e9 49 c7 c0 40 c9 3b 8b 31 c0 e8 a1 d9 e0 06 0f 0b e8 0a e6 da fd <0f> 0b 0f 1f 84 00 00 00 00 00 55 41 57 41 56 41 55 41 54 53 41 89
[ 58.279409][ T3631] RSP: 0018:ffffc90003b0f7a8 EFLAGS: 00010293
[ 58.285457][ T3631] RAX: ffffffff83afba96 RBX: 0000000000002000 RCX: ffff88802444ba80
[ 58.293411][ T3631] RDX: 0000000000000000 RSI: ffffffff8aedc420 RDI: ffffffff8b4b3fa0
[ 58.301360][ T3631] RBP: 0000000000002fff R08: 00000000ffffffff R09: fffffbfff1a42ecf
[ 58.309405][ T3631] R10: fffffbfff1a42ecf R11: 1ffffffff1a42ece R12: 000000000004ffff
[ 58.317360][ T3631] R13: ffff888028f02840 R14: 0000000000000000 R15: dffffc0000000000
[ 58.325307][ T3631] FS: 0000555555b36300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 58.334216][ T3631] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 58.340783][ T3631] CR2: 0000000020004000 CR3: 00000000759ff000 CR4: 00000000003506e0
[ 58.348737][ T3631] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 58.356688][ T3631] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 58.364642][ T3631] Call Trace:
[ 58.367905][ T3631]
[ 58.370826][ T3631] try_release_extent_mapping+0x4e5/0x560
[ 58.376543][ T3631] ? find_get_entries+0x630/0x630
[ 58.381552][ T3631] btrfs_release_folio+0x126/0x340
[ 58.386646][ T3631] mapping_evict_folio+0x24d/0x570
[ 58.391746][ T3631] invalidate_mapping_pagevec+0x37d/0x7c0
[ 58.397453][ T3631] ? truncate_inode_pages_final+0x90/0x90
[ 58.403160][ T3631] ? filemap_fdatawait_range+0x30/0x30
[ 58.408602][ T3631] ? filemap_fdatawrite_range+0x175/0x200
[ 58.414304][ T3631] ? filemap_fdatawrite+0x1d0/0x1d0
[ 58.419486][ T3631] ? up_read+0x20/0x20
[ 58.423537][ T3631] ? btrfs_write_check+0x4a9/0x540
[ 58.428634][ T3631] btrfs_do_write_iter+0x112e/0x1260
[ 58.433908][ T3631] ? btrfs_check_nocow_unlock+0x40/0x40
[ 58.439440][ T3631] vfs_write+0x7dc/0xc50
[ 58.443672][ T3631] ? file_end_write+0x230/0x230
[ 58.448506][ T3631] ? ptrace_stop+0x74d/0x970
[ 58.453109][ T3631] ? _raw_spin_unlock_irq+0x2a/0x40
[ 58.458297][ T3631] ? __fdget_pos+0x252/0x2e0
[ 58.462874][ T3631] ksys_write+0x177/0x2a0
[ 58.467192][ T3631] ? __ia32_sys_read+0x80/0x80
[ 58.471939][ T3631] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 58.477905][ T3631] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 58.483881][ T3631] do_syscall_64+0x3d/0xb0
[ 58.488298][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.494183][ T3631] RIP: 0033:0x7f6e9c36da99
[ 58.498584][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.518181][ T3631] RSP: 002b:00007fff1ac1ba08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 58.526605][ T3631] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f6e9c36da99
[ 58.534575][ T3631] RDX: 0000000000000090 RSI: 0000000020000840 RDI: 0000000000000004
[ 58.542542][ T3631] RBP: 0000000000000005 R08: 0000000000000002 R09: 0000000031003132
[ 58.550501][ T3631] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff1ac1bb10
[ 58.558461][ T3631] R13: 00007fff1ac1ba10 R14: 00007f6e9c3aa0e8 R15: 00007fff1ac1ba30
[ 58.566428][ T3631]
[ 58.569435][ T3631] Modules linked in:
[ 58.573457][ T3631] ---[ end trace 0000000000000000 ]---
[ 58.578940][ T3631] RIP: 0010:__clear_extent_bit+0xc56/0xc60
[ 58.584756][ T3631] Code: b0 0a 2f fe 48 8b 3b 48 c7 c6 16 53 b1 8c ba 47 01 00 00 89 e9 49 c7 c0 40 c9 3b 8b 31 c0 e8 a1 d9 e0 06 0f 0b e8 0a e6 da fd <0f> 0b 0f 1f 84 00 00 00 00 00 55 41 57 41 56 41 55 41 54 53 41 89
[ 58.604393][ T3631] RSP: 0018:ffffc90003b0f7a8 EFLAGS: 00010293
[ 58.610479][ T3631] RAX: ffffffff83afba96 RBX: 0000000000002000 RCX: ffff88802444ba80
[ 58.618460][ T3631] RDX: 0000000000000000 RSI: ffffffff8aedc420 RDI: ffffffff8b4b3fa0
[ 58.626437][ T3631] RBP: 0000000000002fff R08: 00000000ffffffff R09: fffffbfff1a42ecf
[ 58.634443][ T3631] R10: fffffbfff1a42ecf R11: 1ffffffff1a42ece R12: 000000000004ffff
[ 58.642424][ T3631] R13: ffff888028f02840 R14: 0000000000000000 R15: dffffc0000000000
[ 58.650425][ T3631] FS: 0000555555b36300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 58.659365][ T3631] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 58.665929][ T3631] CR2: 0000000020004000 CR3: 00000000759ff000 CR4: 00000000003506e0
[ 58.673920][ T3631] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 58.681912][ T3631] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 58.689934][ T3631] Kernel panic - not syncing: Fatal exception
[ 58.696149][ T3631] Kernel Offset: disabled
[ 58.700551][ T3631] Rebooting in 86400 seconds..