./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2962213223 <...> Warning: Permanently added '10.128.1.114' (ECDSA) to the list of known hosts. execve("./syz-executor2962213223", ["./syz-executor2962213223"], 0x7ffdb1c5d9f0 /* 10 vars */) = 0 brk(NULL) = 0x555557124000 brk(0x555557124d40) = 0x555557124d40 arch_prctl(ARCH_SET_FS, 0x555557124400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555571246d0) = 4995 set_robust_list(0x5555571246e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f74440be100, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f74440bd650}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f74440be1a0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f74440bd650}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2962213223", 4096) = 28 brk(0x555557145d40) = 0x555557145d40 brk(0x555557146000) = 0x555557146000 mprotect(0x7f7444184000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f74440b7280, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f74440bd650}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f74440b7280, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f74440bd650}, NULL, 8) = 0 futex(0x7f744418a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f744408c000 mprotect(0x7f744408d000, 131072, PROT_READ|PROT_WRITE) = 0 clone(child_stack=0x7f74440ac2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4996], tls=0x7f74440ac700, child_tidptr=0x7f74440ac9d0) = 4996 ./strace-static-x86_64: Process 4996 attached [pid 4995] futex(0x7f744418a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4995] futex(0x7f744418a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4996] set_robust_list(0x7f74440ac9e0, 24) = 0 [pid 4996] memfd_create("syzkaller", 0) = 3 [pid 4996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f743bc8c000 syzkaller login: [ 60.492734][ T4996] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4996 'syz-executor296' [pid 4996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4996] munmap(0x7f743bc8c000, 16777216) = 0 [pid 4996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4996] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4996] close(3) = 0 [pid 4996] mkdir("./file0", 0777) = 0 [ 60.659377][ T4996] loop0: detected capacity change from 0 to 32768 [ 60.671136][ T4996] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor296 (4996) [ 60.689574][ T4996] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 60.698540][ T4996] BTRFS info (device loop0): using free space tree [pid 4996] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 4996] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4996] chdir("./file0") = 0 [pid 4996] ioctl(4, LOOP_CLR_FD) = 0 [pid 4996] close(4) = 0 [pid 4996] futex(0x7f744418a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4995] <... futex resumed>) = 0 [pid 4995] futex(0x7f744418a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4995] futex(0x7f744418a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4996] <... futex resumed>) = 1 [ 60.718888][ T4996] BTRFS info (device loop0): enabling ssd optimizations [ 60.725932][ T4996] BTRFS info (device loop0): auto enabling async discard [pid 4996] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 4996] futex(0x7f744418a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4996] futex(0x7f744418a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4995] <... futex resumed>) = 0 [pid 4995] futex(0x7f744418a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4995] futex(0x7f744418a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4996] <... futex resumed>) = 0 [pid 4996] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4996] futex(0x7f744418a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4996] futex(0x7f744418a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4995] <... futex resumed>) = 0 [pid 4995] futex(0x7f744418a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4995] futex(0x7f744418a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4996] <... futex resumed>) = 0 [pid 4996] fallocate(5, 0, 0, 1048816) = 0 [pid 4996] futex(0x7f744418a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4995] <... futex resumed>) = 0 [pid 4995] futex(0x7f744418a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4995] futex(0x7f744418a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4996] <... futex resumed>) = 1 [pid 4996] sendfile(4, 5, NULL, 142606348 [pid 4995] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4995] futex(0x7f744418a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4995] futex(0x7f744418a6fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f743cc6b000 [pid 4995] mprotect(0x7f743cc6c000, 131072, PROT_READ|PROT_WRITE) = 0 [ 60.754897][ T27] audit: type=1800 audit(1687076947.944:2): pid=4996 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor296" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 60.780138][ T27] audit: type=1800 audit(1687076947.964:3): pid=4996 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor296" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4995] clone(child_stack=0x7f743cc8b2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5015], tls=0x7f743cc8b700, child_tidptr=0x7f743cc8b9d0) = 5015 [pid 4995] futex(0x7f744418a6f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4995] futex(0x7f744418a6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5015 attached [pid 5015] set_robust_list(0x7f743cc8b9e0, 24) = 0 [pid 5015] open(".", O_RDONLY) = 6 [pid 5015] futex(0x7f744418a6fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4995] <... futex resumed>) = 0 [pid 5015] futex(0x7f744418a6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4995] futex(0x7f744418a6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4995] <... futex resumed>) = 0 [pid 5015] ioctl(6, BTRFS_IOC_BALANCE_V2, {flags=0} [ 60.879699][ T5015] BTRFS info (device loop0): balance: start [ 60.880907][ T12] ------------[ cut here ]------------ [ 60.891488][ T12] BTRFS: Transaction aborted (error -28) [ 60.892685][ T5015] BTRFS info (device loop0: state A): balance: ended with status: 0 [ 60.897873][ T12] WARNING: CPU: 1 PID: 12 at fs/btrfs/inode.c:3188 btrfs_finish_ordered_io+0x1aa0/0x1dd0 [ 60.915295][ T12] Modules linked in: [ 60.919231][ T12] CPU: 1 PID: 12 Comm: kworker/u4:1 Not tainted 6.4.0-rc6-syzkaller-00269-g1b29d271614a #0 [ 60.929292][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 60.939431][ T12] Workqueue: btrfs-endio-write btrfs_work_helper [ 60.945843][ T12] RIP: 0010:btrfs_finish_ordered_io+0x1aa0/0x1dd0 [ 60.952358][ T12] Code: 48 c7 c7 60 2f 2a 8b 44 89 fe e8 bb 72 c9 fd 0f 0b e9 f2 fe ff ff e8 9f f3 01 fe 48 c7 c7 60 2f 2a 8b 44 89 fe e8 a0 72 c9 fd <0f> 0b e9 16 ff ff ff e8 84 f3 01 fe 48 c7 c7 60 2f 2a 8b 44 89 fe [ 60.972057][ T12] RSP: 0018:ffffc90000117a00 EFLAGS: 00010246 [pid 4995] futex(0x7f744418a6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 60.978171][ T12] RAX: b091832ec0083800 RBX: ffff888075eb1370 RCX: ffff888014a5d940 [ 60.986251][ T12] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 60.994343][ T12] RBP: ffffc90000117bd8 R08: ffffffff81530142 R09: fffffbfff2065667 [ 61.002407][ T12] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888076f36000 [ 61.010613][ T12] R13: ffff888075c20150 R14: 0000000000000000 R15: 00000000ffffffe4 [ 61.018674][ T12] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 61.027746][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.034458][ T12] CR2: 00007f78a30b10e0 CR3: 000000002c0ee000 CR4: 00000000003506e0 [ 61.042511][ T12] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 61.050527][ T12] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 61.058611][ T12] Call Trace: [ 61.061937][ T12] [ 61.064881][ T12] ? __warn+0x162/0x4a0 [ 61.069062][ T12] ? btrfs_finish_ordered_io+0x1aa0/0x1dd0 [ 61.074951][ T12] ? report_bug+0x2b3/0x500 [ 61.079505][ T12] ? btrfs_finish_ordered_io+0x1aa0/0x1dd0 [ 61.085372][ T12] ? handle_bug+0x3d/0x70 [ 61.089737][ T12] ? exc_invalid_op+0x1a/0x50 [ 61.094505][ T12] ? asm_exc_invalid_op+0x1a/0x20 [ 61.099570][ T12] ? __warn_printk+0x292/0x360 [ 61.104391][ T12] ? btrfs_finish_ordered_io+0x1aa0/0x1dd0 [ 61.110231][ T12] ? __lock_acquire+0x1316/0x2070 [ 61.115369][ T12] ? btrfs_finish_ordered_io+0x291/0x1dd0 [ 61.121132][ T12] ? btrfs_writepage_fixup_worker+0xfe0/0xfe0 [pid 4995] exit_group(0) = ? [ 61.127283][ T12] ? read_lock_is_recursive+0x20/0x20 [ 61.132744][ T12] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 61.138944][ T12] btrfs_work_helper+0x380/0xbe0 [ 61.143951][ T12] process_one_work+0x8a0/0x10e0 [ 61.148932][ T12] ? worker_detach_from_pool+0x290/0x290 [ 61.154645][ T12] ? _raw_spin_lock_irqsave+0x120/0x120 [ 61.160305][ T12] ? kthread_data+0x52/0xc0 [ 61.164872][ T12] ? wq_worker_running+0x9b/0x1a0 [ 61.169941][ T12] worker_thread+0xa63/0x1210 [ 61.174775][ T12] kthread+0x2b8/0x350 [ 61.178887][ T12] ? pr_cont_work+0x5e0/0x5e0 [ 61.183642][ T12] ? kthread_blkcg+0xd0/0xd0 [ 61.188256][ T12] ret_from_fork+0x1f/0x30 [ 61.192748][ T12] [ 61.195779][ T12] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 61.203048][ T12] CPU: 1 PID: 12 Comm: kworker/u4:1 Not tainted 6.4.0-rc6-syzkaller-00269-g1b29d271614a #0 [ 61.213013][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 61.223063][ T12] Workqueue: btrfs-endio-write btrfs_work_helper [ 61.229411][ T12] Call Trace: [ 61.232683][ T12] [ 61.235607][ T12] dump_stack_lvl+0x1e7/0x2d0 [ 61.240287][ T12] ? nf_tcp_handle_invalid+0x650/0x650 [ 61.245758][ T12] ? panic+0x770/0x770 [ 61.249838][ T12] ? vscnprintf+0x5d/0x80 [ 61.254172][ T12] panic+0x30f/0x770 [ 61.258083][ T12] ? __warn+0x171/0x4a0 [ 61.262255][ T12] ? __memcpy_flushcache+0x2b0/0x2b0 [ 61.267552][ T12] ? ret_from_fork+0x1f/0x30 [ 61.272160][ T12] __warn+0x314/0x4a0 [ 61.276145][ T12] ? btrfs_finish_ordered_io+0x1aa0/0x1dd0 [ 61.281965][ T12] report_bug+0x2b3/0x500 [ 61.286312][ T12] ? btrfs_finish_ordered_io+0x1aa0/0x1dd0 [ 61.292152][ T12] handle_bug+0x3d/0x70 [ 61.296326][ T12] exc_invalid_op+0x1a/0x50 [ 61.300857][ T12] asm_exc_invalid_op+0x1a/0x20 [ 61.305724][ T12] RIP: 0010:btrfs_finish_ordered_io+0x1aa0/0x1dd0 [ 61.312171][ T12] Code: 48 c7 c7 60 2f 2a 8b 44 89 fe e8 bb 72 c9 fd 0f 0b e9 f2 fe ff ff e8 9f f3 01 fe 48 c7 c7 60 2f 2a 8b 44 89 fe e8 a0 72 c9 fd <0f> 0b e9 16 ff ff ff e8 84 f3 01 fe 48 c7 c7 60 2f 2a 8b 44 89 fe [ 61.331800][ T12] RSP: 0018:ffffc90000117a00 EFLAGS: 00010246 [ 61.337906][ T12] RAX: b091832ec0083800 RBX: ffff888075eb1370 RCX: ffff888014a5d940 [ 61.345896][ T12] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 61.353881][ T12] RBP: ffffc90000117bd8 R08: ffffffff81530142 R09: fffffbfff2065667 [ 61.361864][ T12] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888076f36000 [ 61.369839][ T12] R13: ffff888075c20150 R14: 0000000000000000 R15: 00000000ffffffe4 [ 61.377815][ T12] ? __warn_printk+0x292/0x360 [ 61.382604][ T12] ? __lock_acquire+0x1316/0x2070 [ 61.387643][ T12] ? btrfs_finish_ordered_io+0x291/0x1dd0 [ 61.393370][ T12] ? btrfs_writepage_fixup_worker+0xfe0/0xfe0 [ 61.399448][ T12] ? read_lock_is_recursive+0x20/0x20 [ 61.404826][ T12] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 61.410816][ T12] btrfs_work_helper+0x380/0xbe0 [ 61.415772][ T12] process_one_work+0x8a0/0x10e0 [ 61.420737][ T12] ? worker_detach_from_pool+0x290/0x290 [ 61.426403][ T12] ? _raw_spin_lock_irqsave+0x120/0x120 [ 61.431971][ T12] ? kthread_data+0x52/0xc0 [ 61.436493][ T12] ? wq_worker_running+0x9b/0x1a0 [ 61.441547][ T12] worker_thread+0xa63/0x1210 [ 61.446312][ T12] kthread+0x2b8/0x350 [ 61.450393][ T12] ? pr_cont_work+0x5e0/0x5e0 [ 61.455093][ T12] ? kthread_blkcg+0xd0/0xd0 [ 61.459698][ T12] ret_from_fork+0x1f/0x30 [ 61.464135][ T12] [ 61.467315][ T12] Kernel Offset: disabled [ 61.471747][ T12] Rebooting in 86400 seconds..