./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2536079184 <...> Warning: Permanently added '10.128.0.151' (ECDSA) to the list of known hosts. execve("./syz-executor2536079184", ["./syz-executor2536079184"], 0x7ffc044d0680 /* 10 vars */) = 0 brk(NULL) = 0x555556a42000 brk(0x555556a42c40) = 0x555556a42c40 arch_prctl(ARCH_SET_FS, 0x555556a42300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556a425d0) = 5061 set_robust_list(0x555556a425e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f0ea243f9d0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f0ea24400a0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f0ea243fa70, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0ea24400a0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2536079184", 4096) = 28 brk(0x555556a63c40) = 0x555556a63c40 brk(0x555556a64000) = 0x555556a64000 mprotect(0x7f0ea2507000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5061 mkdir("./syzkaller.JTr61S", 0700) = 0 chmod("./syzkaller.JTr61S", 0777) = 0 chdir("./syzkaller.JTr61S") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a425d0) = 5062 ./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x555556a425e0, 24) = 0 [pid 5062] chdir("./0") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] futex(0x7f0ea250d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0ea240e000 [pid 5062] mprotect(0x7f0ea240f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] clone(child_stack=0x7f0ea242e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5064], tls=0x7f0ea242e700, child_tidptr=0x7f0ea242e9d0) = 5064 [pid 5062] futex(0x7f0ea250d7e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5064 attached ) = 0 [pid 5064] set_robust_list(0x7f0ea242e9e0, 24) = 0 [pid 5062] futex(0x7f0ea250d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] memfd_create("syzkaller", 0) = 3 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e9a00e000 [pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5064] munmap(0x7f0e9a00e000, 16777216) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5064] close(3) = 0 [pid 5064] mkdir("./file0", 0777) = 0 [ 53.129482][ T5064] loop0: detected capacity change from 0 to 32768 [ 53.140241][ T5064] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor253 (5064) [ 53.158441][ T5064] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 53.167814][ T5064] BTRFS info (device loop0): force clearing of disk cache [ 53.174964][ T5064] BTRFS info (device loop0): setting nodatasum [ 53.181153][ T5064] BTRFS info (device loop0): allowing degraded mounts [ 53.187990][ T5064] BTRFS info (device loop0): enabling disk space caching [ 53.195045][ T5064] BTRFS info (device loop0): disk space caching is enabled [ 53.216806][ T5064] BTRFS info (device loop0): enabling ssd optimizations [pid 5064] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] chdir("./file0") = 0 [pid 5064] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] close(4) = 0 [pid 5064] futex(0x7f0ea250d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] futex(0x7f0ea250d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f0ea250d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] futex(0x7f0ea250d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 0 [pid 5064] open("./file0", O_RDONLY) = 4 [pid 5064] futex(0x7f0ea250d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f0ea250d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f0ea250d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 1 [ 53.223887][ T5064] BTRFS info (device loop0): auto enabling async discard [ 53.232136][ T5064] BTRFS info (device loop0): clearing free space tree [ 53.239429][ T5064] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 53.249255][ T5064] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 53.270029][ T5064] BTRFS info (device loop0): checking UUID tree [pid 5064] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5064] futex(0x7f0ea250d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f0ea250d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f0ea250d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 1 [pid 5064] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5064] futex(0x7f0ea250d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f0ea250d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f0ea250d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 1 [pid 5064] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 6 [pid 5064] futex(0x7f0ea250d7ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f0ea250d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f0ea250d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 1 [ 53.299094][ T27] audit: type=1800 audit(1672240476.020:2): pid=5064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor253" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5064] write(6, "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 280) = 280 [pid 5064] futex(0x7f0ea250d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] futex(0x7f0ea250d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f0ea250d7e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5064] open("./bus", O_RDONLY [pid 5062] futex(0x7f0ea250d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... open resumed>) = 7 [pid 5064] futex(0x7f0ea250d7ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] futex(0x7f0ea250d7e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f0ea250d7e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5064] sendfile(6, 7, NULL, 281474978811909 [ 53.359234][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 53.374480][ T27] audit: type=1804 audit(1672240476.100:3): pid=5064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor253" name="/root/syzkaller.JTr61S/0/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5062] futex(0x7f0ea250d7ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5062] futex(0x7f0ea250d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e9afed000 [pid 5062] mprotect(0x7f0e9afee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] clone(child_stack=0x7f0e9b00d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5083], tls=0x7f0e9b00d700, child_tidptr=0x7f0e9b00d9d0) = 5083 [pid 5062] futex(0x7f0ea250d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f0ea250d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x7f0e9b00d9e0, 24) = 0 [pid 5083] openat(AT_FDCWD, ".", O_RDONLY) = 8 [pid 5083] futex(0x7f0ea250d7fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5083] futex(0x7f0ea250d7f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f0ea250d7f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] futex(0x7f0ea250d7fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 0 [pid 5083] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5062] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5062] futex(0x7f0ea250d80c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e9afcc000 [pid 5062] mprotect(0x7f0e9afcd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] clone(child_stack=0x7f0e9afec3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5084], tls=0x7f0e9afec700, child_tidptr=0x7f0e9afec9d0) = 5084 [pid 5062] futex(0x7f0ea250d808, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f0ea250d80c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x7f0e9afec9e0, 24) = 0 [pid 5084] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5062] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 53.500164][ T5083] BTRFS info (device loop0): balance: start -d -m -s [ 53.521338][ T5083] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5084] <... ioctl resumed>) = 0 [pid 5084] futex(0x7f0ea250d80c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.611449][ T5083] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 53.622078][ T5083] BTRFS critical (device loop0): trying to drop 2 refs but we only have 1 for bytenr 5251072 [ 53.633596][ T5083] ------------[ cut here ]------------ [ 53.639781][ T5083] BTRFS: Transaction aborted (error -117) [ 53.646673][ T5083] WARNING: CPU: 0 PID: 5083 at fs/btrfs/extent-tree.c:3109 __btrfs_free_extent.cold+0xe71/0x1176 [ 53.658133][ T5083] Modules linked in: [ 53.662660][ T5083] CPU: 0 PID: 5083 Comm: syz-executor253 Not tainted 6.2.0-rc1-syzkaller #0 [ 53.672248][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 53.683378][ T5083] RIP: 0010:__btrfs_free_extent.cold+0xe71/0x1176 [ 53.689885][ T5083] Code: ff 31 ff 89 c3 89 c6 e8 4f 12 b7 f7 84 db 0f 84 65 01 00 00 e8 d2 15 b7 f7 be 8b ff ff ff 48 c7 c7 a0 33 94 8a e8 81 f5 f4 ff <0f> 0b e8 ba 15 b7 f7 48 8b 7c 24 20 44 0f b6 c3 b9 8b ff ff ff ba [ 53.710128][ T5083] RSP: 0018:ffffc90003c9f288 EFLAGS: 00010282 [ 53.716282][ T5083] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 53.724451][ T5083] RDX: ffff88807b999d40 RSI: ffffffff8166721c RDI: fffff52000793e43 [ 53.732538][ T5083] RBP: ffff88807db90d10 R08: 0000000000000005 R09: 0000000000000000 [ 53.740868][ T5083] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000001 [ 53.749222][ T5083] R13: 0000000000000000 R14: 0000000000502000 R15: ffff88807edef360 [ 53.757323][ T5083] FS: 00007f0e9b00d700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 53.766634][ T5083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.773509][ T5083] CR2: 00005562722c2960 CR3: 000000002b6ec000 CR4: 0000000000350ee0 [ 53.781748][ T5083] Call Trace: [ 53.785131][ T5083] [ 53.788114][ T5083] ? lookup_extent_backref+0x110/0x110 [ 53.794131][ T5083] ? __btrfs_run_delayed_refs+0x55c/0x3760 [ 53.799987][ T5083] ? lock_downgrade+0x6e0/0x6e0 [ 53.805237][ T5083] __btrfs_run_delayed_refs+0x803/0x3760 [pid 5084] futex(0x7f0ea250d808, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] exit_group(0) = ? [pid 5064] <... sendfile resumed>) = ? [pid 5084] <... futex resumed>) = ? [pid 5064] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ [ 53.811134][ T5083] ? check_ref_cleanup+0x3e0/0x3e0 [ 53.816381][ T5083] ? lock_release+0x810/0x810 [ 53.821099][ T5083] btrfs_run_delayed_refs+0x19a/0x490 [ 53.823137][ T5064] syz-executor253 (5064) used greatest stack depth: 20528 bytes left [ 53.828234][ T5083] btrfs_commit_transaction+0x1e94/0x36c0 [ 53.840894][ T5083] ? do_raw_spin_lock+0x124/0x2b0 [ 53.845973][ T5083] ? rwlock_bug.part.0+0x90/0x90 [ 53.850950][ T5083] ? join_transaction+0x43e/0x10e0 [ 53.856139][ T5083] ? btrfs_commit_transaction_async+0x3f0/0x3f0 [ 53.862423][ T5083] ? start_transaction+0x2aa/0x1410 [ 53.867709][ T5083] prepare_to_relocate+0x41d/0x6b0 [ 53.872881][ T5083] relocate_block_group+0x123/0xd60 [ 53.878105][ T5083] ? btrfs_relocate_block_group+0x512/0xda0 [ 53.884091][ T5083] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 53.889674][ T5083] ? relocate_data_extent+0x4b0/0x4b0 [ 53.895101][ T5083] ? btrfs_wait_ordered_extents+0xe20/0xe20 [ 53.901027][ T5083] btrfs_relocate_block_group+0x51a/0xda0 [ 53.906842][ T5083] btrfs_relocate_chunk+0x14a/0x350 [ 53.912083][ T5083] btrfs_balance+0x1caf/0x3b50 [ 53.916968][ T5083] ? find_held_lock+0x2d/0x110 [ 53.921814][ T5083] ? btrfs_relocate_chunk+0x350/0x350 [ 53.927298][ T5083] btrfs_ioctl+0xfda/0x5830 [ 53.931840][ T5083] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 53.937696][ T5083] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 53.944206][ T5083] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 53.950149][ T5083] ? do_vfs_ioctl+0x132/0x15b0 [ 53.954961][ T5083] ? vfs_fileattr_set+0xbe0/0xbe0 [ 53.960032][ T5083] ? find_held_lock+0x2d/0x110 [ 53.964917][ T5083] ? do_one_initcall+0x372/0x790 [ 53.969897][ T5083] ? __fget_files+0x26a/0x440 [ 53.974745][ T5083] ? bpf_lsm_file_ioctl+0x9/0x10 [ 53.979723][ T5083] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 53.986211][ T5083] __x64_sys_ioctl+0x197/0x210 [ 53.991165][ T5083] do_syscall_64+0x39/0xb0 [ 53.995621][ T5083] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.001547][ T5083] RIP: 0033:0x7f0ea2482a79 [ 54.006118][ T5083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 54.025882][ T5083] RSP: 002b:00007f0e9b00d2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 54.034451][ T5083] RAX: ffffffffffffffda RBX: 00007f0ea250d7f0 RCX: 00007f0ea2482a79 [ 54.042457][ T5083] RDX: 0000000020022300 RSI: 00000000c4009420 RDI: 0000000000000008 [ 54.050497][ T5083] RBP: 00007f0ea24da26c R08: 0000000000000000 R09: 0000000000000000 [ 54.058673][ T5083] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 54.066689][ T5083] R13: 00007f0ea24d9270 R14: 61635f7261656c63 R15: 00007f0ea250d7f8 [ 54.074760][ T5083] [ 54.077824][ T5083] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 54.085185][ T5083] CPU: 1 PID: 5083 Comm: syz-executor253 Not tainted 6.2.0-rc1-syzkaller #0 [ 54.093859][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.104388][ T5083] Call Trace: [ 54.107675][ T5083] [ 54.110965][ T5083] dump_stack_lvl+0xd1/0x138 [ 54.115579][ T5083] panic+0x2cc/0x626 [ 54.119486][ T5083] ? panic_print_sys_info.part.0+0x110/0x110 [ 54.125507][ T5083] ? __btrfs_free_extent.cold+0xe71/0x1176 [ 54.131311][ T5083] check_panic_on_warn.cold+0x19/0x35 [ 54.136706][ T5083] __warn+0xf2/0x1a0 [ 54.140616][ T5083] ? __btrfs_free_extent.cold+0xe71/0x1176 [ 54.146482][ T5083] report_bug+0x1c0/0x210 [ 54.150826][ T5083] handle_bug+0x3c/0x70 [ 54.154995][ T5083] exc_invalid_op+0x18/0x50 [ 54.159499][ T5083] asm_exc_invalid_op+0x1a/0x20 [ 54.164347][ T5083] RIP: 0010:__btrfs_free_extent.cold+0xe71/0x1176 [ 54.170766][ T5083] Code: ff 31 ff 89 c3 89 c6 e8 4f 12 b7 f7 84 db 0f 84 65 01 00 00 e8 d2 15 b7 f7 be 8b ff ff ff 48 c7 c7 a0 33 94 8a e8 81 f5 f4 ff <0f> 0b e8 ba 15 b7 f7 48 8b 7c 24 20 44 0f b6 c3 b9 8b ff ff ff ba [ 54.190395][ T5083] RSP: 0018:ffffc90003c9f288 EFLAGS: 00010282 [ 54.196466][ T5083] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 54.204434][ T5083] RDX: ffff88807b999d40 RSI: ffffffff8166721c RDI: fffff52000793e43 [ 54.212487][ T5083] RBP: ffff88807db90d10 R08: 0000000000000005 R09: 0000000000000000 [ 54.220548][ T5083] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000001 [ 54.228516][ T5083] R13: 0000000000000000 R14: 0000000000502000 R15: ffff88807edef360 [ 54.236665][ T5083] ? vprintk+0x8c/0xa0 [ 54.240738][ T5083] ? __btrfs_free_extent.cold+0xe71/0x1176 [ 54.246555][ T5083] ? lookup_extent_backref+0x110/0x110 [ 54.252015][ T5083] ? __btrfs_run_delayed_refs+0x55c/0x3760 [ 54.257826][ T5083] ? lock_downgrade+0x6e0/0x6e0 [ 54.262701][ T5083] __btrfs_run_delayed_refs+0x803/0x3760 [ 54.268467][ T5083] ? check_ref_cleanup+0x3e0/0x3e0 [ 54.273589][ T5083] ? lock_release+0x810/0x810 [ 54.278289][ T5083] btrfs_run_delayed_refs+0x19a/0x490 [ 54.283679][ T5083] btrfs_commit_transaction+0x1e94/0x36c0 [ 54.289397][ T5083] ? do_raw_spin_lock+0x124/0x2b0 [ 54.294515][ T5083] ? rwlock_bug.part.0+0x90/0x90 [ 54.299490][ T5083] ? join_transaction+0x43e/0x10e0 [ 54.304604][ T5083] ? btrfs_commit_transaction_async+0x3f0/0x3f0 [ 54.310848][ T5083] ? start_transaction+0x2aa/0x1410 [ 54.316073][ T5083] prepare_to_relocate+0x41d/0x6b0 [ 54.321190][ T5083] relocate_block_group+0x123/0xd60 [ 54.326395][ T5083] ? btrfs_relocate_block_group+0x512/0xda0 [ 54.332295][ T5083] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 54.337851][ T5083] ? relocate_data_extent+0x4b0/0x4b0 [ 54.343230][ T5083] ? btrfs_wait_ordered_extents+0xe20/0xe20 [ 54.349140][ T5083] btrfs_relocate_block_group+0x51a/0xda0 [ 54.354874][ T5083] btrfs_relocate_chunk+0x14a/0x350 [ 54.360076][ T5083] btrfs_balance+0x1caf/0x3b50 [ 54.364863][ T5083] ? find_held_lock+0x2d/0x110 [ 54.369645][ T5083] ? btrfs_relocate_chunk+0x350/0x350 [ 54.375037][ T5083] btrfs_ioctl+0xfda/0x5830 [ 54.379812][ T5083] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 54.385658][ T5083] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 54.392171][ T5083] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 54.398247][ T5083] ? do_vfs_ioctl+0x132/0x15b0 [ 54.403016][ T5083] ? vfs_fileattr_set+0xbe0/0xbe0 [ 54.408049][ T5083] ? find_held_lock+0x2d/0x110 [ 54.412826][ T5083] ? do_one_initcall+0x372/0x790 [ 54.417796][ T5083] ? __fget_files+0x26a/0x440 [ 54.422477][ T5083] ? bpf_lsm_file_ioctl+0x9/0x10 [ 54.427418][ T5083] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 54.433844][ T5083] __x64_sys_ioctl+0x197/0x210 [ 54.438605][ T5083] do_syscall_64+0x39/0xb0 [ 54.443025][ T5083] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.448912][ T5083] RIP: 0033:0x7f0ea2482a79 [ 54.453324][ T5083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 54.472926][ T5083] RSP: 002b:00007f0e9b00d2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 54.481333][ T5083] RAX: ffffffffffffffda RBX: 00007f0ea250d7f0 RCX: 00007f0ea2482a79 [ 54.489296][ T5083] RDX: 0000000020022300 RSI: 00000000c4009420 RDI: 0000000000000008 [ 54.497263][ T5083] RBP: 00007f0ea24da26c R08: 0000000000000000 R09: 0000000000000000 [ 54.505230][ T5083] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 54.513457][ T5083] R13: 00007f0ea24d9270 R14: 61635f7261656c63 R15: 00007f0ea250d7f8 [ 54.521441][ T5083] [ 54.525103][ T5083] Kernel Offset: disabled [ 54.529545][ T5083] Rebooting in 86400 seconds..