./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3476805458
<...>
forked to background, child pid 3209
no interfaces have a carrier
[ 37.160226][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0
[ 37.178410][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.141' (ECDSA) to the list of known hosts.
execve("./syz-executor3476805458", ["./syz-executor3476805458"], 0x7ffdc4a46ef0 /* 10 vars */) = 0
brk(NULL) = 0x555556cbb000
brk(0x555556cbbc40) = 0x555556cbbc40
arch_prctl(ARCH_SET_FS, 0x555556cbb300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3476805458", 4096) = 28
brk(0x555556cdcc40) = 0x555556cdcc40
brk(0x555556cdd000) = 0x555556cdd000
mprotect(0x7f460095c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
memfd_create("syzkaller", 0) = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f45f8400000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
munmap(0x7f45f8400000, 16777216) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
ioctl(4, LOOP_SET_FD, 3) = 0
close(3) = 0
mkdir("./file0", 0777) = 0
syzkaller login: [ 58.074032][ T3641] loop0: detected capacity change from 0 to 32768
[ 58.086531][ T3641] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor347 (3641)
[ 58.105026][ T3641] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 58.114922][ T3641] BTRFS info (device loop0): force clearing of disk cache
[ 58.122227][ T3641] BTRFS info (device loop0): setting nodatasum
[ 58.128460][ T3641] BTRFS info (device loop0): allowing degraded mounts
[ 58.135268][ T3641] BTRFS info (device loop0): enabling disk space caching
[ 58.142462][ T3641] BTRFS info (device loop0): disk space caching is enabled
[ 58.166054][ T3641] BTRFS info (device loop0): enabling ssd optimizations
mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0") = 0
ioctl(4, LOOP_CLR_FD) = 0
close(4) = 0
open("./file0", O_RDONLY) = 4
ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 58.174508][ T3641] BTRFS info (device loop0): clearing free space tree
[ 58.181912][ T3641] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 58.191696][ T3641] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 58.212453][ T3641] BTRFS info (device loop0): checking UUID tree
creat("./bus", 000) = 5
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
write(6, "11", 2) = 2
[ 58.251210][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 58.267974][ T3641] FAULT_INJECTION: forcing a failure.
[ 58.267974][ T3641] name failslab, interval 1, probability 0, space 0, times 1
[ 58.281259][ T3641] CPU: 1 PID: 3641 Comm: syz-executor347 Not tainted 6.1.0-rc7-syzkaller-00102-g04aa64375f48 #0
[ 58.291709][ T3641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 58.301793][ T3641] Call Trace:
[ 58.305214][ T3641]
[ 58.308176][ T3641] dump_stack_lvl+0xd1/0x138
[ 58.312876][ T3641] should_fail_ex.cold+0x5/0xa
[ 58.317724][ T3641] should_failslab+0x9/0x20
[ 58.322310][ T3641] __kmem_cache_alloc_node+0x66/0x3e0
[ 58.327757][ T3641] ? ulist_add_merge.part.0+0x86/0x490
[ 58.333311][ T3641] kmalloc_trace+0x26/0x60
[ 58.337790][ T3641] ulist_add_merge.part.0+0x86/0x490
[ 58.343126][ T3641] ulist_add+0x106/0x160
[ 58.347428][ T3641] clear_state_bit+0x153/0x3a0
[ 58.352256][ T3641] __clear_extent_bit+0x578/0xca0
[ 58.357344][ T3641] clear_record_extent_bits+0x5c/0x70
[ 58.362813][ T3641] __btrfs_qgroup_release_data+0x1a2/0xa40
[ 58.368685][ T3641] ? btrfs_qgroup_account_extents+0xb60/0xb60
[ 58.374813][ T3641] ? btrfs_get_alloc_profile+0x2f4/0x7c0
[ 58.380515][ T3641] ? btrfs_reserve_extent+0x4de/0x690
[ 58.385960][ T3641] insert_prealloc_file_extent+0x182/0x420
[ 58.391813][ T3641] ? walk_down_tree+0x490/0x490
[ 58.396688][ T3641] ? insert_reserved_file_extent+0x910/0x910
[ 58.402708][ T3641] __btrfs_prealloc_file_range+0x298/0x940
[ 58.408622][ T3641] ? priority_reclaim_metadata_space+0x5f0/0x5f0
[ 58.415189][ T3641] ? async_cow_start+0xa0/0xa0
[ 58.420164][ T3641] btrfs_prealloc_file_range+0x42/0x50
[ 58.425889][ T3641] btrfs_fallocate+0x1926/0x27c0
[ 58.431084][ T3641] ? btrfs_replace_file_extents+0x14e0/0x14e0
[ 58.437365][ T3641] ? do_raw_spin_lock+0x124/0x2b0
[ 58.442951][ T3641] ? lock_release+0x810/0x810
[ 58.447663][ T3641] ? btrfs_replace_file_extents+0x14e0/0x14e0
[ 58.453742][ T3641] vfs_fallocate+0x48b/0xe00
[ 58.458364][ T3641] __x64_sys_fallocate+0xd3/0x140
[ 58.463400][ T3641] do_syscall_64+0x39/0xb0
[ 58.467832][ T3641] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.473857][ T3641] RIP: 0033:0x7f46008ead49
[ 58.478477][ T3641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.498252][ T3641] RSP: 002b:00007ffc429a2ff8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 58.506694][ T3641] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f46008ead49
[ 58.514668][ T3641] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[ 58.522645][ T3641] RBP: 00007ffc429a3000 R08: 0000000000000002 R09: 00007f4600003131
[ 58.530784][ T3641] R10: 0000000000280404 R11: 0000000000000246 R12: 0000000000000006
[ 58.538776][ T3641] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 58.546769][ T3641]
[ 58.550825][ T3641] ------------[ cut here ]------------
[ 58.556373][ T3641] kernel BUG at fs/btrfs/extent-io-tree.c:517!
[ 58.562678][ T3641] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 58.568772][ T3641] CPU: 1 PID: 3641 Comm: syz-executor347 Not tainted 6.1.0-rc7-syzkaller-00102-g04aa64375f48 #0
[ 58.579188][ T3641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 58.589252][ T3641] RIP: 0010:clear_state_bit+0x31d/0x3a0
[ 58.594815][ T3641] Code: 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 33 44 8b 7d 7c e9 af fe ff ff e8 dc c1 fb fd 0f 0b eb 97 e8 d3 c1 fb fd <0f> 0b 4c 89 f7 e8 69 94 48 fe e9 72 fd ff ff 4c 89 f7 e8 5c 94 48
[ 58.614427][ T3641] RSP: 0018:ffffc90003baf708 EFLAGS: 00010293
[ 58.620507][ T3641] RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
[ 58.628476][ T3641] RDX: ffff88801ef68000 RSI: ffffffff8384574d RDI: 0000000000000005
[ 58.636443][ T3641] RBP: ffff888075bd2d80 R08: 0000000000000005 R09: 0000000000000000
[ 58.644408][ T3641] R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff88806fc600c0
[ 58.652380][ T3641] R13: 0000000000000000 R14: ffff888075bd2dfc R15: 0000000000280fff
[ 58.660354][ T3641] FS: 0000555556cbb300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[ 58.669282][ T3641] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 58.675861][ T3641] CR2: 000055820bc03408 CR3: 00000000218ad000 CR4: 0000000000350ee0
[ 58.683827][ T3641] Call Trace:
[ 58.687099][ T3641]
[ 58.690029][ T3641] __clear_extent_bit+0x578/0xca0
[ 58.695062][ T3641] clear_record_extent_bits+0x5c/0x70
[ 58.700461][ T3641] __btrfs_qgroup_release_data+0x1a2/0xa40
[ 58.706269][ T3641] ? btrfs_qgroup_account_extents+0xb60/0xb60
[ 58.712340][ T3641] ? btrfs_get_alloc_profile+0x2f4/0x7c0
[ 58.717978][ T3641] ? btrfs_reserve_extent+0x4de/0x690
[ 58.723353][ T3641] insert_prealloc_file_extent+0x182/0x420
[ 58.729164][ T3641] ? walk_down_tree+0x490/0x490
[ 58.734017][ T3641] ? insert_reserved_file_extent+0x910/0x910
[ 58.740013][ T3641] __btrfs_prealloc_file_range+0x298/0x940
[ 58.745831][ T3641] ? priority_reclaim_metadata_space+0x5f0/0x5f0
[ 58.752180][ T3641] ? async_cow_start+0xa0/0xa0
[ 58.756951][ T3641] btrfs_prealloc_file_range+0x42/0x50
[ 58.762416][ T3641] btrfs_fallocate+0x1926/0x27c0
[ 58.767352][ T3641] ? btrfs_replace_file_extents+0x14e0/0x14e0
[ 58.773412][ T3641] ? do_raw_spin_lock+0x124/0x2b0
[ 58.778434][ T3641] ? lock_release+0x810/0x810
[ 58.783119][ T3641] ? btrfs_replace_file_extents+0x14e0/0x14e0
[ 58.789179][ T3641] vfs_fallocate+0x48b/0xe00
[ 58.793766][ T3641] __x64_sys_fallocate+0xd3/0x140
[ 58.798783][ T3641] do_syscall_64+0x39/0xb0
[ 58.803200][ T3641] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.809094][ T3641] RIP: 0033:0x7f46008ead49
[ 58.813500][ T3641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.833109][ T3641] RSP: 002b:00007ffc429a2ff8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 58.841520][ T3641] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f46008ead49
[ 58.849483][ T3641] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[ 58.857446][ T3641] RBP: 00007ffc429a3000 R08: 0000000000000002 R09: 00007f4600003131
[ 58.865408][ T3641] R10: 0000000000280404 R11: 0000000000000246 R12: 0000000000000006
[ 58.873370][ T3641] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 58.881341][ T3641]
[ 58.884349][ T3641] Modules linked in:
[ 58.888446][ T3641] ---[ end trace 0000000000000000 ]---
[ 58.893916][ T3641] RIP: 0010:clear_state_bit+0x31d/0x3a0
[ 58.899535][ T3641] Code: 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 33 44 8b 7d 7c e9 af fe ff ff e8 dc c1 fb fd 0f 0b eb 97 e8 d3 c1 fb fd <0f> 0b 4c 89 f7 e8 69 94 48 fe e9 72 fd ff ff 4c 89 f7 e8 5c 94 48
[ 58.919258][ T3641] RSP: 0018:ffffc90003baf708 EFLAGS: 00010293
[ 58.925346][ T3641] RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
[ 58.933360][ T3641] RDX: ffff88801ef68000 RSI: ffffffff8384574d RDI: 0000000000000005
[ 58.941370][ T3641] RBP: ffff888075bd2d80 R08: 0000000000000005 R09: 0000000000000000
[ 58.949454][ T3641] R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff88806fc600c0
[ 58.957489][ T3641] R13: 0000000000000000 R14: ffff888075bd2dfc R15: 0000000000280fff
[ 58.965448][ T3641] FS: 0000555556cbb300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[ 58.974412][ T3641] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 58.981068][ T3641] CR2: 000055820bc03408 CR3: 00000000218ad000 CR4: 0000000000350ee0
[ 58.989079][ T3641] Kernel panic - not syncing: Fatal exception
[ 58.996078][ T3641] Kernel Offset: disabled
[ 59.000405][ T3641] Rebooting in 86400 seconds..