./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2377849319
<...>
DUID 00:04:ac:03:58:10:d0:76:5c:28:30:a7:8a:8b:4a:a3:06:e2
forked to background, child pid 4650
[ 34.422330][ T4651] 8021q: adding VLAN 0 to HW filter on device bond0
[ 34.451801][ T4651] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.15.198' (ECDSA) to the list of known hosts.
execve("./syz-executor2377849319", ["./syz-executor2377849319"], 0x7ffe62a193c0 /* 10 vars */) = 0
brk(NULL) = 0x5555555a1000
brk(0x5555555a1d00) = 0x5555555a1d00
arch_prctl(ARCH_SET_FS, 0x5555555a13c0) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2377849319", 4096) = 28
brk(0x5555555c2d00) = 0x5555555c2d00
brk(0x5555555c3000) = 0x5555555c3000
mprotect(0x7f4210b02000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5083
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11) = 11
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2) = 2
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7) = 7
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "5083", 4) = 4
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=704, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5083}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x26\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 704
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5083}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
access("/proc/net", R_OK) = 0
access("/proc/net/unix", R_OK) = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5) = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5083}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5) = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5083}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5083}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5) = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5083}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5) = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5083}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3) = 0
close(4) = 0
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f4210a4ad10, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f4210a4c050}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f4210a4ad10, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f4210a4c050}, NULL, 8) = 0
getpid() = 5083
mkdir("./syzkaller.oEHulz", 0700) = 0
chmod("./syzkaller.oEHulz", 0777) = 0
chdir("./syzkaller.oEHulz") = 0
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4208640000
syzkaller login: [ 60.485658][ T5083] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5083 'syz-executor237'
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
munmap(0x7f4208640000, 16777216) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
[ 60.622199][ T5083] loop0: detected capacity change from 0 to 32768
[ 60.634070][ T5083] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor237 (5083)
[ 60.653194][ T5083] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 60.662864][ T5083] BTRFS info (device loop0): doing ref verification
mount("/dev/loop0", "./file0", "btrfs", MS_SYNCHRONOUS|MS_STRICTATIME, "datacow,ref_verify,nodatasum,max_inline=%m-3,noautodefrag,ssd,") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
write(4, "44", 2) = 2
[ 60.669600][ T5083] BTRFS info (device loop0): setting nodatasum
[ 60.675793][ T5083] BTRFS info (device loop0): max_inline at 0
[ 60.681831][ T5083] BTRFS info (device loop0): enabling ssd optimizations
[ 60.688820][ T5083] BTRFS info (device loop0): using free space tree
[ 60.708585][ T5083] BTRFS info (device loop0): auto enabling async discard
[ 60.730401][ T5083] FAULT_INJECTION: forcing a failure.
[ 60.730401][ T5083] name failslab, interval 1, probability 0, space 0, times 1
[ 60.743588][ T5083] CPU: 0 PID: 5083 Comm: syz-executor237 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 60.753533][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 60.763623][ T5083] Call Trace:
[ 60.766930][ T5083]
[ 60.769890][ T5083] dump_stack_lvl+0xd1/0x138
[ 60.774549][ T5083] should_fail_ex.cold+0x5/0xa
[ 60.779363][ T5083] ? btrfs_add_delayed_tree_ref+0x23f/0x1090
[ 60.785387][ T5083] should_failslab+0x9/0x20
[ 60.789941][ T5083] kmem_cache_alloc+0x5a/0x320
[ 60.794763][ T5083] btrfs_add_delayed_tree_ref+0x23f/0x1090
[ 60.800619][ T5083] ? do_raw_spin_unlock+0x175/0x230
[ 60.805877][ T5083] ? btrfs_delete_ref_head+0x2c0/0x2c0
[ 60.811400][ T5083] btrfs_free_tree_block+0x24c/0x990
[ 60.816737][ T5083] ? btrfs_finish_extent_commit+0x7e0/0x7e0
[ 60.822672][ T5083] ? update_ref_for_cow+0x540/0xb30
[ 60.827941][ T5083] ? btrfs_tree_mod_log_insert_root+0x5cd/0x9f0
[ 60.834224][ T5083] ? memcpy+0x3d/0x60
[ 60.838267][ T5083] __btrfs_cow_block+0x1033/0x1420
[ 60.843442][ T5083] ? update_ref_for_cow+0xb30/0xb30
[ 60.848694][ T5083] ? btrfs_qgroup_add_swapped_blocks+0x990/0x990
[ 60.855094][ T5083] btrfs_cow_block+0x2fa/0x970
[ 60.859936][ T5083] btrfs_search_slot+0x11c7/0x2c90
[ 60.865115][ T5083] ? split_leaf+0x13c0/0x13c0
[ 60.869836][ T5083] ? find_held_lock+0x2d/0x110
[ 60.874662][ T5083] ? btrfs_create_new_inode+0x6f9/0x26f0
[ 60.880341][ T5083] ? lock_downgrade+0x6e0/0x6e0
[ 60.885233][ T5083] ? do_raw_spin_lock+0x124/0x2b0
[ 60.890312][ T5083] ? rwlock_bug.part.0+0x90/0x90
[ 60.895306][ T5083] btrfs_insert_empty_items+0xbd/0x1c0
[ 60.900804][ T5083] ? do_raw_spin_unlock+0x175/0x230
[ 60.906054][ T5083] btrfs_create_new_inode+0x7be/0x26f0
[ 60.911556][ T5083] ? btrfs_link+0x7f0/0x7f0
[ 60.916065][ T5083] ? record_root_in_trans+0x2f7/0x3e0
[ 60.921458][ T5083] btrfs_create_common+0x1d4/0x260
[ 60.926570][ T5083] ? btrfs_tmpfile+0x420/0x420
[ 60.931341][ T5083] ? do_raw_spin_unlock+0x175/0x230
[ 60.936537][ T5083] ? _raw_spin_unlock+0x28/0x40
[ 60.941384][ T5083] ? inode_init_owner+0x377/0x440
[ 60.946414][ T5083] btrfs_create+0x116/0x160
[ 60.950913][ T5083] ? btrfs_mkdir+0x100/0x100
[ 60.955501][ T5083] lookup_open.isra.0+0xee7/0x1270
[ 60.960621][ T5083] ? link_path_walk.part.0+0xdf0/0xdf0
[ 60.966079][ T5083] ? rcu_read_lock_sched_held+0x3e/0x70
[ 60.971626][ T5083] ? lock_acquire+0x32/0xc0
[ 60.976123][ T5083] ? path_openat+0x914/0x2b40
[ 60.980824][ T5083] path_openat+0x97a/0x2b40
[ 60.985337][ T5083] ? path_lookupat+0x840/0x840
[ 60.990099][ T5083] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 60.996086][ T5083] do_filp_open+0x1ba/0x410
[ 61.000593][ T5083] ? may_open_dev+0xf0/0xf0
[ 61.005094][ T5083] ? find_held_lock+0x2d/0x110
[ 61.009869][ T5083] ? do_raw_spin_lock+0x124/0x2b0
[ 61.014888][ T5083] ? rwlock_bug.part.0+0x90/0x90
[ 61.019832][ T5083] ? _raw_spin_unlock+0x28/0x40
[ 61.024681][ T5083] ? alloc_fd+0x2e4/0x6e0
[ 61.029012][ T5083] do_sys_openat2+0x16d/0x4c0
[ 61.033688][ T5083] ? build_open_flags+0x6f0/0x6f0
[ 61.038714][ T5083] ? ptrace_notify+0xfe/0x140
[ 61.043387][ T5083] ? lock_downgrade+0x6e0/0x6e0
[ 61.048235][ T5083] __x64_sys_openat+0x143/0x1f0
[ 61.053085][ T5083] ? __ia32_sys_open+0x1c0/0x1c0
[ 61.058015][ T5083] ? _raw_spin_unlock_irq+0x23/0x50
[ 61.063212][ T5083] ? lockdep_hardirqs_on+0x7d/0x100
[ 61.068413][ T5083] ? _raw_spin_unlock_irq+0x2e/0x50
[ 61.073610][ T5083] ? ptrace_notify+0xfe/0x140
[ 61.078300][ T5083] do_syscall_64+0x39/0xb0
[ 61.082741][ T5083] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.088629][ T5083] RIP: 0033:0x7f4210a957d9
[ 61.093036][ T5083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.112650][ T5083] RSP: 002b:00007ffec1c6cea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 61.121061][ T5083] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4210a957d9
[ 61.129029][ T5083] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c
[ 61.137000][ T5083] RBP: 00007ffec1c6cef0 R08: 0000000000000002 R09: aaaaaaaaaaaa0102
[ 61.144962][ T5083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 61.152927][ T5083] R13: 00007f4210b0877c R14: 0000000000000003 R15: 0000000000000001
[ 61.160912][ T5083]
[ 61.168711][ T5083] ------------[ cut here ]------------
[ 61.174197][ T5083] kernel BUG at fs/btrfs/extent-tree.c:3284!
[ 61.180963][ T5083] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 61.187052][ T5083] CPU: 0 PID: 5083 Comm: syz-executor237 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 61.196927][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 61.206964][ T5083] RIP: 0010:btrfs_free_tree_block+0x266/0x990
[ 61.213026][ T5083] Code: 00 48 8b 74 24 10 31 d2 4c 89 e7 e8 64 36 17 00 31 ff 89 c6 89 44 24 10 e8 67 c7 22 fe 8b 44 24 10 85 c0 74 26 e8 aa ca 22 fe <0f> 0b e8 a3 ca 22 fe 48 89 ee 48 c7 c7 fa ff ff ff c6 44 24 58 01
[ 61.232622][ T5083] RSP: 0018:ffffc90003c6f178 EFLAGS: 00010293
[ 61.238678][ T5083] RAX: 0000000000000000 RBX: ffff888028161170 RCX: 0000000000000000
[ 61.246636][ T5083] RDX: ffff888021549d40 RSI: ffffffff835ee4d6 RDI: 0000000000000005
[ 61.254592][ T5083] RBP: 0000000000000005 R08: 0000000000000005 R09: 0000000000000000
[ 61.262549][ T5083] R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff888073524000
[ 61.270518][ T5083] R13: 1ffff9200078de33 R14: 0000000000000001 R15: ffff888022ed4000
[ 61.278495][ T5083] FS: 00005555555a13c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 61.287446][ T5083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 61.294051][ T5083] CR2: 00007f4208a8b000 CR3: 000000007c546000 CR4: 00000000003506f0
[ 61.302044][ T5083] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 61.310045][ T5083] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 61.318022][ T5083] Call Trace:
[ 61.321299][ T5083]
[ 61.324236][ T5083] ? btrfs_finish_extent_commit+0x7e0/0x7e0
[ 61.330143][ T5083] ? update_ref_for_cow+0x540/0xb30
[ 61.335364][ T5083] ? btrfs_tree_mod_log_insert_root+0x5cd/0x9f0
[ 61.341611][ T5083] ? memcpy+0x3d/0x60
[ 61.345640][ T5083] __btrfs_cow_block+0x1033/0x1420
[ 61.350802][ T5083] ? update_ref_for_cow+0xb30/0xb30
[ 61.356040][ T5083] ? btrfs_qgroup_add_swapped_blocks+0x990/0x990
[ 61.362407][ T5083] btrfs_cow_block+0x2fa/0x970
[ 61.367201][ T5083] btrfs_search_slot+0x11c7/0x2c90
[ 61.372326][ T5083] ? split_leaf+0x13c0/0x13c0
[ 61.377017][ T5083] ? find_held_lock+0x2d/0x110
[ 61.381810][ T5083] ? btrfs_create_new_inode+0x6f9/0x26f0
[ 61.387469][ T5083] ? lock_downgrade+0x6e0/0x6e0
[ 61.392341][ T5083] ? do_raw_spin_lock+0x124/0x2b0
[ 61.397384][ T5083] ? rwlock_bug.part.0+0x90/0x90
[ 61.402337][ T5083] btrfs_insert_empty_items+0xbd/0x1c0
[ 61.407806][ T5083] ? do_raw_spin_unlock+0x175/0x230
[ 61.413019][ T5083] btrfs_create_new_inode+0x7be/0x26f0
[ 61.418499][ T5083] ? btrfs_link+0x7f0/0x7f0
[ 61.423016][ T5083] ? record_root_in_trans+0x2f7/0x3e0
[ 61.428415][ T5083] btrfs_create_common+0x1d4/0x260
[ 61.433555][ T5083] ? btrfs_tmpfile+0x420/0x420
[ 61.438345][ T5083] ? do_raw_spin_unlock+0x175/0x230
[ 61.443558][ T5083] ? _raw_spin_unlock+0x28/0x40
[ 61.448422][ T5083] ? inode_init_owner+0x377/0x440
[ 61.453471][ T5083] btrfs_create+0x116/0x160
[ 61.457989][ T5083] ? btrfs_mkdir+0x100/0x100
[ 61.462591][ T5083] lookup_open.isra.0+0xee7/0x1270
[ 61.467733][ T5083] ? link_path_walk.part.0+0xdf0/0xdf0
[ 61.473208][ T5083] ? rcu_read_lock_sched_held+0x3e/0x70
[ 61.478765][ T5083] ? lock_acquire+0x32/0xc0
[ 61.483274][ T5083] ? path_openat+0x914/0x2b40
[ 61.487975][ T5083] path_openat+0x97a/0x2b40
[ 61.492500][ T5083] ? path_lookupat+0x840/0x840
[ 61.497279][ T5083] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 61.503272][ T5083] do_filp_open+0x1ba/0x410
[ 61.507795][ T5083] ? may_open_dev+0xf0/0xf0
[ 61.512315][ T5083] ? find_held_lock+0x2d/0x110
[ 61.517105][ T5083] ? do_raw_spin_lock+0x124/0x2b0
[ 61.522143][ T5083] ? rwlock_bug.part.0+0x90/0x90
[ 61.527094][ T5083] ? _raw_spin_unlock+0x28/0x40
[ 61.531960][ T5083] ? alloc_fd+0x2e4/0x6e0
[ 61.536302][ T5083] do_sys_openat2+0x16d/0x4c0
[ 61.540991][ T5083] ? build_open_flags+0x6f0/0x6f0
[ 61.546034][ T5083] ? ptrace_notify+0xfe/0x140
[ 61.550721][ T5083] ? lock_downgrade+0x6e0/0x6e0
[ 61.555581][ T5083] __x64_sys_openat+0x143/0x1f0
[ 61.560444][ T5083] ? __ia32_sys_open+0x1c0/0x1c0
[ 61.565390][ T5083] ? _raw_spin_unlock_irq+0x23/0x50
[ 61.570603][ T5083] ? lockdep_hardirqs_on+0x7d/0x100
[ 61.575814][ T5083] ? _raw_spin_unlock_irq+0x2e/0x50
[ 61.581023][ T5083] ? ptrace_notify+0xfe/0x140
[ 61.585713][ T5083] do_syscall_64+0x39/0xb0
[ 61.590147][ T5083] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.596051][ T5083] RIP: 0033:0x7f4210a957d9
[ 61.600468][ T5083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.620086][ T5083] RSP: 002b:00007ffec1c6cea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 61.628511][ T5083] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4210a957d9
[ 61.636489][ T5083] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c
[ 61.644466][ T5083] RBP: 00007ffec1c6cef0 R08: 0000000000000002 R09: aaaaaaaaaaaa0102
[ 61.652441][ T5083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 61.660415][ T5083] R13: 00007f4210b0877c R14: 0000000000000003 R15: 0000000000000001
[ 61.668397][ T5083]
[ 61.671415][ T5083] Modules linked in:
[ 61.678338][ T5083] ---[ end trace 0000000000000000 ]---
[ 61.683822][ T5083] RIP: 0010:btrfs_free_tree_block+0x266/0x990
[ 61.690068][ T5083] Code: 00 48 8b 74 24 10 31 d2 4c 89 e7 e8 64 36 17 00 31 ff 89 c6 89 44 24 10 e8 67 c7 22 fe 8b 44 24 10 85 c0 74 26 e8 aa ca 22 fe <0f> 0b e8 a3 ca 22 fe 48 89 ee 48 c7 c7 fa ff ff ff c6 44 24 58 01
[ 61.709879][ T5083] RSP: 0018:ffffc90003c6f178 EFLAGS: 00010293
[ 61.715984][ T5083] RAX: 0000000000000000 RBX: ffff888028161170 RCX: 0000000000000000
[ 61.724110][ T5083] RDX: ffff888021549d40 RSI: ffffffff835ee4d6 RDI: 0000000000000005
[ 61.732194][ T5083] RBP: 0000000000000005 R08: 0000000000000005 R09: 0000000000000000
[ 61.740258][ T5083] R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff888073524000
[ 61.748236][ T5083] R13: 1ffff9200078de33 R14: 0000000000000001 R15: ffff888022ed4000
[ 61.756327][ T5083] FS: 00005555555a13c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 61.765381][ T5083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 61.772073][ T5083] CR2: 00005625098b4098 CR3: 000000007c546000 CR4: 00000000003506e0
[ 61.780152][ T5083] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 61.788127][ T5083] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 61.796223][ T5083] Kernel panic - not syncing: Fatal exception
[ 61.802440][ T5083] Kernel Offset: disabled
[ 61.806756][ T5083] Rebooting in 86400 seconds..