./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1590317412 <...> DUID 00:04:f8:b5:8a:47:ae:09:95:3a:43:2d:d7:42:86:31:94:89 forked to background, child pid 4659 [ 28.565013][ T4660] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.576126][ T4660] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. execve("./syz-executor1590317412", ["./syz-executor1590317412"], 0x7fff7d538250 /* 10 vars */) = 0 brk(NULL) = 0x555556bd0000 brk(0x555556bd0c40) = 0x555556bd0c40 arch_prctl(ARCH_SET_FS, 0x555556bd0300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1590317412", 4096) = 28 brk(0x555556bf1c40) = 0x555556bf1c40 brk(0x555556bf2000) = 0x555556bf2000 mprotect(0x7f2786a15000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f277e557000 syzkaller login: [ 55.193623][ T4991] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4991 'syz-executor159' write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7f277e557000, 16777216) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 55.323014][ T4991] loop0: detected capacity change from 0 to 32768 [ 55.334632][ T4991] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor159 (4991) [ 55.352494][ T4991] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 55.361611][ T4991] BTRFS info (device loop0): setting nodatacow, compression disabled [ 55.369971][ T4991] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 55.380750][ T4991] BTRFS info (device loop0): trying to use backup root at mount time [ 55.390458][ T4991] BTRFS info (device loop0): disabling tree log [ 55.396803][ T4991] BTRFS info (device loop0): enabling auto defrag [ 55.403234][ T4991] BTRFS info (device loop0): using free space tree [ 55.419147][ T62] BTRFS warning (device loop0): checksum verify failed on logical 5341184 mirror 1 wanted 0xe51addfa found 0x8d783d47 level 0 [ 55.432930][ T4991] BTRFS error (device loop0): failed to load root free space [ 55.441060][ T4991] assertion failed: !tmp, in fs/btrfs/disk-io.c:1002 [ 55.448085][ T4991] ------------[ cut here ]------------ [ 55.453548][ T4991] kernel BUG at fs/btrfs/messages.c:259! [ 55.459262][ T4991] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 55.465414][ T4991] CPU: 1 PID: 4991 Comm: syz-executor159 Not tainted 6.4.0-rc4-syzkaller-00265-g4ecd704a4c51 #0 [ 55.475895][ T4991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 55.485934][ T4991] RIP: 0010:btrfs_assertfail+0x18/0x20 [ 55.491405][ T4991] Code: df e8 0c 86 35 f7 e9 50 fb ff ff e8 b2 90 01 00 66 90 66 0f 1f 00 89 d1 48 89 f2 48 89 fe 48 c7 c7 00 35 2c 8b e8 c8 60 ff ff <0f> 0b 66 0f 1f 44 00 00 66 0f 1f 00 53 48 89 fb e8 c3 b1 dd f6 48 [ 55.510996][ T4991] RSP: 0018:ffffc9000393f428 EFLAGS: 00010246 [ 55.517054][ T4991] RAX: 0000000000000032 RBX: 0000000000000000 RCX: 2877211207295800 [ 55.525147][ T4991] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 55.533194][ T4991] RBP: ffff88807e0c80a0 R08: ffffffff816f004c R09: fffff52000727dfd [ 55.541154][ T4991] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 55.549212][ T4991] R13: ffff88807d13a1f7 R14: ffff88807e0c8060 R15: ffff88807c89c000 [ 55.557174][ T4991] FS: 0000555556bd0300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 55.566096][ T4991] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.572665][ T4991] CR2: 000055e70d0316f8 CR3: 000000007d44e000 CR4: 00000000003506e0 [ 55.580647][ T4991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.588605][ T4991] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.596562][ T4991] Call Trace: [ 55.599831][ T4991] [ 55.602758][ T4991] ? __die_body+0x5e/0xa0 [ 55.607084][ T4991] ? die+0x87/0xb0 [ 55.610792][ T4991] ? do_trap+0x11e/0x350 [ 55.615024][ T4991] ? btrfs_assertfail+0x18/0x20 [ 55.619862][ T4991] ? btrfs_assertfail+0x18/0x20 [ 55.624721][ T4991] ? do_error_trap+0x141/0x1f0 [ 55.629488][ T4991] ? btrfs_assertfail+0x18/0x20 [ 55.634345][ T4991] ? do_int3+0x30/0x30 [ 55.638420][ T4991] ? handle_invalid_op+0x2c/0x40 [ 55.643350][ T4991] ? btrfs_assertfail+0x18/0x20 [ 55.648191][ T4991] ? exc_invalid_op+0x33/0x50 [ 55.652858][ T4991] ? asm_exc_invalid_op+0x1a/0x20 [ 55.657876][ T4991] ? __wake_up_klogd+0xcc/0x100 [ 55.662725][ T4991] ? btrfs_assertfail+0x18/0x20 [ 55.667581][ T4991] ? btrfs_assertfail+0x18/0x20 [ 55.672423][ T4991] btrfs_global_root_insert+0x1ac/0x1b0 [ 55.677965][ T4991] load_global_roots_objectid+0x469/0x8c0 [ 55.683678][ T4991] ? btree_migrate_folio+0x200/0x200 [ 55.688953][ T4991] ? rcu_is_watching+0x15/0xb0 [ 55.693721][ T4991] ? init_tree_roots+0xa0a/0x1f80 [ 55.698737][ T4991] init_tree_roots+0xa2e/0x1f80 [ 55.703584][ T4991] ? open_ctree+0x2fa0/0x2fa0 [ 55.708508][ T4991] ? free_fs_devices+0x270/0x270 [ 55.713435][ T4991] ? __asan_memcpy+0x40/0x70 [ 55.718019][ T4991] ? read_extent_buffer+0x1f0/0x2a0 [ 55.723206][ T4991] open_ctree+0x1b26/0x2fa0 [ 55.727694][ T4991] ? rcu_is_watching+0x15/0xb0 [ 55.732451][ T4991] ? btrfs_ctree_exit+0x20/0x20 [ 55.737289][ T4991] ? vscnprintf+0x80/0x80 [ 55.741606][ T4991] btrfs_fill_super+0x1c7/0x2f0 [ 55.746448][ T4991] btrfs_mount_root+0x807/0x940 [ 55.751291][ T4991] ? btrfs_control_open+0x40/0x40 [ 55.756306][ T4991] ? vfs_parse_fs_string+0x190/0x230 [ 55.761581][ T4991] ? rcu_is_watching+0x15/0xb0 [ 55.766332][ T4991] ? kfree+0x31/0x1a0 [ 55.770306][ T4991] ? vfs_parse_fs_string+0x190/0x230 [ 55.775582][ T4991] ? vfs_parse_fs_param+0x410/0x410 [ 55.780772][ T4991] legacy_get_tree+0xef/0x190 [ 55.785442][ T4991] ? btrfs_control_open+0x40/0x40 [ 55.790456][ T4991] vfs_get_tree+0x8c/0x270 [ 55.794880][ T4991] vfs_kern_mount+0xbc/0x150 [ 55.799461][ T4991] btrfs_mount+0x39f/0xb50 [ 55.803870][ T4991] ? btrfs_clear_sb_rdonly+0x70/0x70 [ 55.809142][ T4991] ? legacy_parse_param+0x3e8/0x8a0 [ 55.814332][ T4991] ? vfs_parse_fs_string+0x190/0x230 [ 55.819608][ T4991] ? rcu_is_watching+0x15/0xb0 [ 55.824360][ T4991] ? kfree+0x31/0x1a0 [ 55.828329][ T4991] ? vfs_parse_fs_string+0x190/0x230 [ 55.833605][ T4991] ? vfs_parse_fs_param+0x410/0x410 [ 55.838792][ T4991] ? cap_capable+0x1b4/0x240 [ 55.843455][ T4991] legacy_get_tree+0xef/0x190 [ 55.848121][ T4991] ? btrfs_clear_sb_rdonly+0x70/0x70 [ 55.853394][ T4991] vfs_get_tree+0x8c/0x270 [ 55.857798][ T4991] do_new_mount+0x28f/0xae0 [ 55.862295][ T4991] ? path_mount+0x5f2/0xf80 [ 55.866786][ T4991] ? do_move_mount_old+0x170/0x170 [ 55.871889][ T4991] ? user_path_at_empty+0x12f/0x180 [ 55.877080][ T4991] __se_sys_mount+0x2d9/0x3c0 [ 55.881747][ T4991] ? __x64_sys_mount+0xc0/0xc0 [ 55.886499][ T4991] ? syscall_enter_from_user_mode+0x32/0x230 [ 55.892468][ T4991] ? __x64_sys_mount+0x20/0xc0 [ 55.897220][ T4991] do_syscall_64+0x41/0xc0 [ 55.901627][ T4991] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.907506][ T4991] RIP: 0033:0x7f27869a4c0a [ 55.911909][ T4991] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 55.931513][ T4991] RSP: 002b:00007ffc4d473c68 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 55.939915][ T4991] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f27869a4c0a [ 55.947878][ T4991] RDX: 0000000020005100 RSI: 0000000020005140 RDI: 00007ffc4d473c80 [ 55.955836][ T4991] RBP: 00007ffc4d473c80 R08: 00007ffc4d473cc0 R09: 0000000000005103 [ 55.963794][ T4991] R10: 0000000000000016 R11: 0000000000000282 R12: 0000000000000004 [ 55.971753][ T4991] R13: 0000555556bd02c0 R14: 0000000000000016 R15: 00007ffc4d473cc0 [ 55.979717][ T4991] [ 55.982745][ T4991] Modules linked in: [ 55.986805][ T4991] ---[ end trace 0000000000000000 ]--- [ 55.992274][ T4991] RIP: 0010:btrfs_assertfail+0x18/0x20 [ 55.997824][ T4991] Code: df e8 0c 86 35 f7 e9 50 fb ff ff e8 b2 90 01 00 66 90 66 0f 1f 00 89 d1 48 89 f2 48 89 fe 48 c7 c7 00 35 2c 8b e8 c8 60 ff ff <0f> 0b 66 0f 1f 44 00 00 66 0f 1f 00 53 48 89 fb e8 c3 b1 dd f6 48 [ 56.017838][ T4991] RSP: 0018:ffffc9000393f428 EFLAGS: 00010246 [ 56.023898][ T4991] RAX: 0000000000000032 RBX: 0000000000000000 RCX: 2877211207295800 [ 56.031890][ T4991] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 56.039900][ T4991] RBP: ffff88807e0c80a0 R08: ffffffff816f004c R09: fffff52000727dfd [ 56.047899][ T4991] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 56.055922][ T4991] R13: ffff88807d13a1f7 R14: ffff88807e0c8060 R15: ffff88807c89c000 [ 56.063881][ T4991] FS: 0000555556bd0300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 56.072855][ T4991] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.079459][ T4991] CR2: 000000000061cca0 CR3: 000000007d44e000 CR4: 00000000003506f0 [ 56.087446][ T4991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.095441][ T4991] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.103397][ T4991] Kernel panic - not syncing: Fatal exception [ 56.109618][ T4991] Kernel Offset: disabled [ 56.113948][ T4991] Rebooting in 86400 seconds..