./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1184661277 <...> DUID 00:04:7c:7c:42:18:3f:30:8d:b4:e2:57:c6:a5:0a:a4:65:8b forked to background, child pid 3209 [ 30.044783][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.055943][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.155' (ECDSA) to the list of known hosts. execve("./syz-executor1184661277", ["./syz-executor1184661277"], 0x7fffc79cb2d0 /* 10 vars */) = 0 brk(NULL) = 0x555557044000 brk(0x555557044c40) = 0x555557044c40 arch_prctl(ARCH_SET_FS, 0x555557044300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1184661277", 4096) = 28 brk(0x555557065c40) = 0x555557065c40 brk(0x555557066000) = 0x555557066000 mprotect(0x7fcc98e8c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 getpid() = 3631 mkdir("./syzkaller.ML92PJ", 0700) = 0 chmod("./syzkaller.ML92PJ", 0777) = 0 chdir("./syzkaller.ML92PJ") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570445d0) = 3632 ./strace-static-x86_64: Process 3632 attached [pid 3632] chdir("./0") = 0 [pid 3632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3632] setpgid(0, 0) = 0 [pid 3632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3632] write(3, "1000", 4) = 4 [pid 3632] close(3) = 0 [pid 3632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3632] memfd_create("syzkaller", 0) = 3 [pid 3632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcc90800000 [pid 3632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3632] munmap(0x7fcc90800000, 16777216) = 0 [pid 3632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3632] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3632] close(3) = 0 [pid 3632] mkdir("./file0", 0777) = 0 syzkaller login: [ 54.095586][ T3632] loop0: detected capacity change from 0 to 32768 [ 54.107238][ T3632] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor118 (3632) [ 54.126794][ T3632] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 54.135796][ T3632] BTRFS info (device loop0): using free space tree [pid 3632] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 3632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3632] chdir("./file0") = 0 [pid 3632] ioctl(4, LOOP_CLR_FD) = 0 [pid 3632] close(4) = 0 [ 54.158572][ T3632] BTRFS info (device loop0): enabling ssd optimizations [pid 3632] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 3632] fallocate(4, 0, 0, 1048820) = 0 [pid 3632] read(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 8224 [pid 3632] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 3632] write(5, "20", 2) = 2 [ 54.203805][ T27] audit: type=1800 audit(1669383906.097:2): pid=3632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor118" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 54.248247][ T3632] ------------[ cut here ]------------ [ 54.253963][ T3632] kernel BUG at fs/btrfs/extent-io-tree.c:639! [ 54.260144][ T3632] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 54.266226][ T3632] CPU: 0 PID: 3632 Comm: syz-executor118 Not tainted 6.1.0-rc6-syzkaller-00015-gc3eb11fbb826 #0 [ 54.276646][ T3632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.286709][ T3632] RIP: 0010:__clear_extent_bit+0xbbb/0xc60 [ 54.292553][ T3632] Code: 1c 2f fe e9 cf fe ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 0e ff ff ff 48 89 ef e8 5f 1c 2f fe e9 01 ff ff ff e8 05 04 db fd <0f> 0b e8 fe 03 db fd 48 8b 44 24 08 48 83 c0 08 48 89 c5 48 c1 e8 [ 54.312170][ T3632] RSP: 0018:ffffc90003c7f7a8 EFLAGS: 00010293 [ 54.318250][ T3632] RAX: ffffffff83af946b RBX: 0000000000000000 RCX: ffff88807de80000 [ 54.326215][ T3632] RDX: 0000000000000000 RSI: ffffffff8aedc420 RDI: ffffffff8b4b3ae0 [ 54.334176][ T3632] RBP: 0000000000002fff R08: 00000000ffffffff R09: fffffbfff1a42e97 [ 54.342132][ T3632] R10: fffffbfff1a42e97 R11: 1ffffffff1a42e96 R12: 000000000004ffff [ 54.350090][ T3632] R13: ffff88807eb05b40 R14: 1ffff1100fd60b68 R15: 0000000000002000 [ 54.358057][ T3632] FS: 0000555557044300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 54.366969][ T3632] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.373625][ T3632] CR2: 0000000020002000 CR3: 000000007e9f2000 CR4: 00000000003506f0 [ 54.381580][ T3632] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.389532][ T3632] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.397486][ T3632] Call Trace: [ 54.400758][ T3632] [ 54.403675][ T3632] try_release_extent_mapping+0x4e5/0x560 [ 54.409383][ T3632] ? find_get_entries+0x630/0x630 [ 54.414392][ T3632] btrfs_release_folio+0x126/0x340 [ 54.419491][ T3632] mapping_evict_folio+0x24d/0x570 [ 54.424591][ T3632] invalidate_mapping_pagevec+0x37d/0x7c0 [ 54.430299][ T3632] ? truncate_inode_pages_final+0x90/0x90 [ 54.436006][ T3632] ? filemap_fdatawait_range+0x30/0x30 [ 54.441445][ T3632] ? filemap_fdatawrite_range+0x175/0x200 [ 54.447146][ T3632] ? filemap_fdatawrite+0x1d0/0x1d0 [ 54.452335][ T3632] ? up_read+0x20/0x20 [ 54.456395][ T3632] ? btrfs_write_check+0x4a9/0x540 [ 54.461495][ T3632] btrfs_do_write_iter+0x112e/0x1260 [ 54.466771][ T3632] ? btrfs_check_nocow_unlock+0x40/0x40 [ 54.472301][ T3632] vfs_write+0x7dc/0xc50 [ 54.476530][ T3632] ? file_end_write+0x230/0x230 [ 54.481364][ T3632] ? ptrace_stop+0x74d/0x970 [ 54.486635][ T3632] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.491826][ T3632] ? __fdget_pos+0x252/0x2e0 [ 54.496402][ T3632] ksys_write+0x177/0x2a0 [ 54.500715][ T3632] ? __ia32_sys_read+0x80/0x80 [ 54.505460][ T3632] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 54.511437][ T3632] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 54.517416][ T3632] do_syscall_64+0x3d/0xb0 [ 54.521815][ T3632] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.527690][ T3632] RIP: 0033:0x7fcc98e18a19 [ 54.532090][ T3632] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 54.551692][ T3632] RSP: 002b:00007fffcb04cad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 54.560099][ T3632] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcc98e18a19 [ 54.568062][ T3632] RDX: 0000000000000004 RSI: 0000000020000000 RDI: 0000000000000004 [ 54.576028][ T3632] RBP: 00007fffcb04cb00 R08: 0000000000000002 R09: 00007fffcb04cb10 [ 54.583988][ T3632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 54.591953][ T3632] R13: 00007fffcb04cb40 R14: 00007fffcb04cb20 R15: 0000000000000000 [ 54.599912][ T3632] [ 54.602921][ T3632] Modules linked in: [ 54.606951][ T3632] ---[ end trace 0000000000000000 ]--- [ 54.612440][ T3632] RIP: 0010:__clear_extent_bit+0xbbb/0xc60 [ 54.618262][ T3632] Code: 1c 2f fe e9 cf fe ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 0e ff ff ff 48 89 ef e8 5f 1c 2f fe e9 01 ff ff ff e8 05 04 db fd <0f> 0b e8 fe 03 db fd 48 8b 44 24 08 48 83 c0 08 48 89 c5 48 c1 e8 [ 54.637903][ T3632] RSP: 0018:ffffc90003c7f7a8 EFLAGS: 00010293 [ 54.644002][ T3632] RAX: ffffffff83af946b RBX: 0000000000000000 RCX: ffff88807de80000 [ 54.652019][ T3632] RDX: 0000000000000000 RSI: ffffffff8aedc420 RDI: ffffffff8b4b3ae0 [ 54.659990][ T3632] RBP: 0000000000002fff R08: 00000000ffffffff R09: fffffbfff1a42e97 [ 54.668006][ T3632] R10: fffffbfff1a42e97 R11: 1ffffffff1a42e96 R12: 000000000004ffff [ 54.676024][ T3632] R13: ffff88807eb05b40 R14: 1ffff1100fd60b68 R15: 0000000000002000 [ 54.684011][ T3632] FS: 0000555557044300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 54.692975][ T3632] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.699548][ T3632] CR2: 0000000020002000 CR3: 000000007e9f2000 CR4: 00000000003506f0 [ 54.707546][ T3632] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.715545][ T3632] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.723555][ T3632] Kernel panic - not syncing: Fatal exception [ 54.729786][ T3632] Kernel Offset: disabled [ 54.734101][ T3632] Rebooting in 86400 seconds..