./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2032645304 <...> [ 28.831653][ T4648] dhcpcd-run-hook (4648) used greatest stack depth: 16688 bytes left forked to background, child pid 4644 [ 30.706495][ T4645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.716117][ T4645] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.15.219' (ECDSA) to the list of known hosts. execve("./syz-executor2032645304", ["./syz-executor2032645304"], 0x7fff65f09d40 /* 10 vars */) = 0 brk(NULL) = 0x55555600b000 brk(0x55555600bc40) = 0x55555600bc40 arch_prctl(ARCH_SET_FS, 0x55555600b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2032645304", 4096) = 28 brk(0x55555602cc40) = 0x55555602cc40 brk(0x55555602d000) = 0x55555602d000 mprotect(0x7f8ec4b59000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8ebc69a000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7f8ebc69a000, 16777216) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 syzkaller login: [ 56.059824][ T5066] loop0: detected capacity change from 0 to 32768 [ 56.071009][ T5066] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor203 (5066) [ 56.089351][ T5066] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 56.098273][ T5066] BTRFS info (device loop0): setting nodatacow, compression disabled close(4) = 0 mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 56.237063][ T5066] dump_stack_lvl+0x1b1/0x290 [ 56.241793][ T5066] ? nf_tcp_handle_invalid+0x630/0x630 [ 56.247373][ T5066] ? panic+0x710/0x710 [ 56.251483][ T5066] should_fail_ex+0x3aa/0x4e0 [ 56.256185][ T5066] ? ulist_add_merge+0x15f/0x4b0 [ 56.261140][ T5066] should_failslab+0x5/0x20 [ 56.265662][ T5066] __kmem_cache_alloc_node+0x68/0x340 [ 56.271054][ T5066] ? read_lock_is_recursive+0x10/0x10 [ 56.276448][ T5066] ? ulist_add_merge+0x15f/0x4b0 [ 56.281405][ T5066] kmalloc_trace+0x26/0x60 [ 56.285850][ T5066] ulist_add_merge+0x15f/0x4b0 [ 56.290637][ T5066] insert_state_fast+0x159/0x250 [ 56.295595][ T5066] __set_extent_bit+0x16f2/0x1c90 [ 56.301868][ T5066] ? rcu_read_lock_sched_held+0x87/0x110 [ 56.307525][ T5066] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 56.313531][ T5066] ? asm_exc_page_fault+0x22/0x30 [ 56.318584][ T5066] set_record_extent_bits+0x52/0x80 [ 56.323822][ T5066] qgroup_reserve_data+0x27b/0x6f0 [ 56.328984][ T5066] btrfs_qgroup_reserve_data+0x2a/0xc0 [ 56.334477][ T5066] btrfs_check_data_free_space+0x144/0x240 [ 56.340295][ T5066] btrfs_buffered_write+0x580/0x1730 [ 56.345591][ T5066] ? btrfs_do_write_iter+0x1280/0x1280 [ 56.351063][ T5066] btrfs_do_write_iter+0x421/0x1280 [ 56.356271][ T5066] ? rcu_read_lock_any_held+0xb1/0x130 [ 56.361739][ T5066] ? btrfs_check_nocow_unlock+0x40/0x40 [ 56.367282][ T5066] vfs_write+0x7dc/0xc50 [ 56.371515][ T5066] ? file_end_write+0x230/0x230 [ 56.376350][ T5066] ? ptrace_stop+0x74d/0x970 [ 56.380933][ T5066] ? _raw_spin_unlock_irq+0x2a/0x40 [ 56.386207][ T5066] ? __fdget_pos+0x252/0x2e0 [ 56.390794][ T5066] ksys_write+0x177/0x2a0 [ 56.395116][ T5066] ? __ia32_sys_read+0x80/0x80 [ 56.399866][ T5066] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 56.405834][ T5066] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 56.411803][ T5066] do_syscall_64+0x3d/0xb0 [ 56.416208][ T5066] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.422182][ T5066] RIP: 0033:0x7f8ec4ae6db9 [ 56.426585][ T5066] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 56.446625][ T5066] RSP: 002b:00007ffc02595288 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.455030][ T5066] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f8ec4ae6db9 [ 56.463005][ T5066] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000005 [ 56.471158][ T5066] RBP: 00007ffc02595290 R08: 0000000000000001 R09: 00007f8ec4aa0035 [ 56.479125][ T5066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 56.487098][ T5066] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 56.495548][ T5066] [ 56.498844][ T5066] ------------[ cut here ]------------ [ 56.504392][ T5066] kernel BUG at fs/btrfs/extent-io-tree.c:379! [ 56.510681][ T5066] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 56.516837][ T5066] CPU: 1 PID: 5066 Comm: syz-executor203 Not tainted 6.2.0-rc3-syzkaller-00008-g1fe4fd6f5cad #0 [ 56.527222][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 56.537301][ T5066] RIP: 0010:insert_state_fast+0x242/0x250 [ 56.543005][ T5066] Code: 2d fe e9 77 ff ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 72 fe ff ff 4c 89 e7 e8 08 06 2d fe e9 65 fe ff ff e8 7e 5c d7 fd <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55 41 [ 56.562592][ T5066] RSP: 0018:ffffc90003cdf690 EFLAGS: 00010293 [ 56.568637][ T5066] RAX: ffffffff83b47ee2 RBX: dffffc0000000000 RCX: ffff88801ed1d7c0 [ 56.576676][ T5066] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 56.584628][ T5066] RBP: 00000000fffffff4 R08: ffffffff83b47e04 R09: 00000000ffffffff [ 56.592579][ T5066] R10: fffffbfff1a8331b R11: 1ffffffff1a8331a R12: 0000000000000000 [ 56.600789][ T5066] R13: ffff888019cd6808 R14: ffff88807d740b40 R15: 0000000000000800 [ 56.609000][ T5066] FS: 000055555600b300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 56.617916][ T5066] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.624569][ T5066] CR2: 0000000020017000 CR3: 0000000020491000 CR4: 00000000003506e0 [ 56.632538][ T5066] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.640604][ T5066] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.648574][ T5066] Call Trace: [ 56.651840][ T5066] [ 56.654855][ T5066] __set_extent_bit+0x16f2/0x1c90 [ 56.659882][ T5066] ? rcu_read_lock_sched_held+0x87/0x110 [ 56.665501][ T5066] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 56.671462][ T5066] ? asm_exc_page_fault+0x22/0x30 [ 56.676480][ T5066] set_record_extent_bits+0x52/0x80 [ 56.681660][ T5066] qgroup_reserve_data+0x27b/0x6f0 [ 56.686756][ T5066] btrfs_qgroup_reserve_data+0x2a/0xc0 [ 56.692219][ T5066] btrfs_check_data_free_space+0x144/0x240 [ 56.698125][ T5066] btrfs_buffered_write+0x580/0x1730 [ 56.703411][ T5066] ? btrfs_do_write_iter+0x1280/0x1280 [ 56.708874][ T5066] btrfs_do_write_iter+0x421/0x1280 [ 56.714075][ T5066] ? rcu_read_lock_any_held+0xb1/0x130 [ 56.719532][ T5066] ? btrfs_check_nocow_unlock+0x40/0x40 [ 56.725082][ T5066] vfs_write+0x7dc/0xc50 [ 56.729329][ T5066] ? file_end_write+0x230/0x230 [ 56.734188][ T5066] ? ptrace_stop+0x74d/0x970 [ 56.738785][ T5066] ? _raw_spin_unlock_irq+0x2a/0x40 [ 56.744005][ T5066] ? __fdget_pos+0x252/0x2e0 [ 56.748595][ T5066] ksys_write+0x177/0x2a0 [ 56.752933][ T5066] ? __ia32_sys_read+0x80/0x80 [ 56.757710][ T5066] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 56.763672][ T5066] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 56.769635][ T5066] do_syscall_64+0x3d/0xb0 [ 56.774054][ T5066] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.779952][ T5066] RIP: 0033:0x7f8ec4ae6db9 [ 56.784459][ T5066] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 56.804162][ T5066] RSP: 002b:00007ffc02595288 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.812562][ T5066] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f8ec4ae6db9 [ 56.820515][ T5066] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000005 [ 56.828556][ T5066] RBP: 00007ffc02595290 R08: 0000000000000001 R09: 00007f8ec4aa0035 [ 56.836599][ T5066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 56.844577][ T5066] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 56.852530][ T5066] [ 56.855531][ T5066] Modules linked in: [ 56.859445][ T5066] ---[ end trace 0000000000000000 ]--- [ 56.864920][ T5066] RIP: 0010:insert_state_fast+0x242/0x250 [ 56.870773][ T5066] Code: 2d fe e9 77 ff ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 72 fe ff ff 4c 89 e7 e8 08 06 2d fe e9 65 fe ff ff e8 7e 5c d7 fd <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55 41 [ 56.890485][ T5066] RSP: 0018:ffffc90003cdf690 EFLAGS: 00010293 [ 56.896578][ T5066] RAX: ffffffff83b47ee2 RBX: dffffc0000000000 RCX: ffff88801ed1d7c0 [ 56.904538][ T5066] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 56.912569][ T5066] RBP: 00000000fffffff4 R08: ffffffff83b47e04 R09: 00000000ffffffff [ 56.920579][ T5066] R10: fffffbfff1a8331b R11: 1ffffffff1a8331a R12: 0000000000000000 [ 56.928573][ T5066] R13: ffff888019cd6808 R14: ffff88807d740b40 R15: 0000000000000800 [ 56.936783][ T5066] FS: 000055555600b300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 56.945739][ T5066] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.952333][ T5066] CR2: 0000000020017000 CR3: 0000000020491000 CR4: 00000000003506e0 [ 56.960486][ T5066] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.968475][ T5066] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.976460][ T5066] Kernel panic - not syncing: Fatal exception [ 56.982812][ T5066] Kernel Offset: disabled [ 56.987220][ T5066] Rebooting in 86400 seconds..