./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor341966193 <...> Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts. execve("./syz-executor341966193", ["./syz-executor341966193"], 0x7ffefa8f5600 /* 10 vars */) = 0 brk(NULL) = 0x555555b19000 brk(0x555555b19c40) = 0x555555b19c40 arch_prctl(ARCH_SET_FS, 0x555555b19300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor341966193", 4096) = 27 brk(0x555555b3ac40) = 0x555555b3ac40 brk(0x555555b3b000) = 0x555555b3b000 mprotect(0x7fd5d4681000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd5cc1c3000 [ 68.252692][ T4994] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4994 'syz-executor341' write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7fd5cc1c3000, 16777216) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 68.416762][ T4994] loop0: detected capacity change from 0 to 32768 [ 68.429456][ T4994] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor341 (4994) [ 68.449208][ T4994] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 68.458125][ T4994] BTRFS info (device loop0): enabling ssd optimizations [ 68.465096][ T4994] BTRFS info (device loop0): using spread ssd allocation scheme [ 68.473173][ T4994] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 68.483841][ T4994] BTRFS info (device loop0): trying to use backup root at mount time [ 68.492020][ T4994] BTRFS info (device loop0): turning on sync discard [ 68.499309][ T4994] BTRFS info (device loop0): setting nodatasum [ 68.505800][ T4994] BTRFS info (device loop0): setting datasum [ 68.511824][ T4994] BTRFS info (device loop0): using free space tree [ 68.529155][ T2872] BTRFS warning (device loop0): checksum verify failed on logical 5341184 mirror 1 wanted 0xebbfe3e60c56c89ab38f06d7137729181e58e53867989d1e8dd3def0e72a57de found 0x6c870fe30afed947dcc4d9d910c5b222ad2b52783b0edeb866a5ca0f796c2cea level 0 [ 68.553004][ T4994] BTRFS error (device loop0): failed to load root free space [ 68.561249][ T2872] BTRFS warning (device loop0): checksum verify failed on logical 5316608 mirror 1 wanted 0x7d760c12e004a6c3586e5b1067641fb408159584fdbf71f071f40e27f3098915 found 0x3e46367750b5f825280d9ed8eec54328df9a52e1ccfb14b7ccb5791e93c42a4a level 0 [ 68.584394][ T4994] BTRFS error (device loop0): failed to load root extent [ 68.591916][ T2872] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 68.602536][ T4994] BTRFS warning (device loop0): couldn't read tree root [ 68.610364][ T4994] assertion failed: !tmp, in fs/btrfs/disk-io.c:1002 [ 68.617590][ T4994] ------------[ cut here ]------------ [ 68.623128][ T4994] kernel BUG at fs/btrfs/messages.c:259! [ 68.628863][ T4994] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 68.635017][ T4994] CPU: 1 PID: 4994 Comm: syz-executor341 Not tainted 6.4.0-rc4-syzkaller-00031-g8b817fded42d #0 [ 68.645432][ T4994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 68.655520][ T4994] RIP: 0010:btrfs_assertfail+0x18/0x20 [ 68.661036][ T4994] Code: df e8 fc b3 35 f7 e9 50 fb ff ff e8 b2 90 01 00 66 90 66 0f 1f 00 89 d1 48 89 f2 48 89 fe 48 c7 c7 40 35 2c 8b e8 c8 60 ff ff <0f> 0b 66 0f 1f 44 00 00 66 0f 1f 00 53 48 89 fb e8 b3 df dd f6 48 [ 68.680664][ T4994] RSP: 0018:ffffc90003a8f428 EFLAGS: 00010246 [ 68.687202][ T4994] RAX: 0000000000000032 RBX: 0000000000000000 RCX: 153e921030734800 [ 68.695267][ T4994] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 68.703243][ T4994] RBP: ffff88807cbdc0a0 R08: ffffffff816efe3c R09: fffff52000751dfd [ 68.712527][ T4994] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 68.720593][ T4994] R13: ffff88807cad61f7 R14: ffff88807cbdc060 R15: ffff88807c454000 [ 68.728578][ T4994] FS: 0000555555b19300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 68.737513][ T4994] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.744110][ T4994] CR2: 0000557e1532e4a0 CR3: 0000000073744000 CR4: 00000000003506e0 [ 68.752088][ T4994] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.760117][ T4994] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.768102][ T4994] Call Trace: [ 68.771388][ T4994] [ 68.774332][ T4994] ? __die_body+0x5e/0xa0 [ 68.778680][ T4994] ? die+0x87/0xb0 [ 68.782440][ T4994] ? do_trap+0x11e/0x350 [ 68.786869][ T4994] ? btrfs_assertfail+0x18/0x20 [ 68.791734][ T4994] ? btrfs_assertfail+0x18/0x20 [ 68.796595][ T4994] ? do_error_trap+0x141/0x1f0 [ 68.801376][ T4994] ? btrfs_assertfail+0x18/0x20 [ 68.806414][ T4994] ? do_int3+0x30/0x30 [ 68.810502][ T4994] ? handle_invalid_op+0x2c/0x40 [ 68.815801][ T4994] ? btrfs_assertfail+0x18/0x20 [ 68.820658][ T4994] ? exc_invalid_op+0x33/0x50 [ 68.825353][ T4994] ? asm_exc_invalid_op+0x1a/0x20 [ 68.830476][ T4994] ? __wake_up_klogd+0xcc/0x100 [ 68.835428][ T4994] ? btrfs_assertfail+0x18/0x20 [ 68.840294][ T4994] ? btrfs_assertfail+0x18/0x20 [ 68.845156][ T4994] btrfs_global_root_insert+0x1ac/0x1b0 [ 68.850762][ T4994] load_global_roots_objectid+0x469/0x8c0 [ 68.856502][ T4994] ? btree_migrate_folio+0x200/0x200 [ 68.861887][ T4994] ? rcu_is_watching+0x15/0xb0 [ 68.866660][ T4994] ? init_tree_roots+0xa0a/0x1f80 [ 68.871826][ T4994] init_tree_roots+0xa2e/0x1f80 [ 68.876721][ T4994] ? open_ctree+0x2fa0/0x2fa0 [ 68.881665][ T4994] ? free_fs_devices+0x270/0x270 [ 68.886798][ T4994] ? __asan_memcpy+0x40/0x70 [ 68.891408][ T4994] ? read_extent_buffer+0x1f0/0x2a0 [ 68.896889][ T4994] open_ctree+0x1b26/0x2fa0 [ 68.901399][ T4994] ? rcu_is_watching+0x15/0xb0 [ 68.906178][ T4994] ? btrfs_ctree_exit+0x20/0x20 [ 68.911067][ T4994] ? vscnprintf+0x80/0x80 [ 68.915501][ T4994] btrfs_fill_super+0x1c7/0x2f0 [ 68.920453][ T4994] btrfs_mount_root+0x807/0x940 [ 68.925327][ T4994] ? btrfs_control_open+0x40/0x40 [ 68.930364][ T4994] ? vfs_parse_fs_string+0x190/0x230 [ 68.935665][ T4994] ? rcu_is_watching+0x15/0xb0 [ 68.940521][ T4994] ? kfree+0x31/0x1a0 [ 68.944602][ T4994] ? vfs_parse_fs_string+0x190/0x230 [ 68.949990][ T4994] ? vfs_parse_fs_param+0x410/0x410 [ 68.955201][ T4994] legacy_get_tree+0xef/0x190 [ 68.959887][ T4994] ? btrfs_control_open+0x40/0x40 [ 68.964921][ T4994] vfs_get_tree+0x8c/0x270 [ 68.969442][ T4994] vfs_kern_mount+0xbc/0x150 [ 68.974041][ T4994] btrfs_mount+0x39f/0xb50 [ 68.978468][ T4994] ? btrfs_clear_sb_rdonly+0x70/0x70 [ 68.983766][ T4994] ? legacy_parse_param+0x3e8/0x8a0 [ 68.988990][ T4994] ? vfs_parse_fs_string+0x190/0x230 [ 68.994294][ T4994] ? rcu_is_watching+0x15/0xb0 [ 68.999076][ T4994] ? kfree+0x31/0x1a0 [ 69.003084][ T4994] ? vfs_parse_fs_string+0x190/0x230 [ 69.008385][ T4994] ? vfs_parse_fs_param+0x410/0x410 [ 69.013596][ T4994] ? cap_capable+0x1b4/0x240 [ 69.018203][ T4994] legacy_get_tree+0xef/0x190 [ 69.022976][ T4994] ? btrfs_clear_sb_rdonly+0x70/0x70 [ 69.028360][ T4994] vfs_get_tree+0x8c/0x270 [ 69.032795][ T4994] do_new_mount+0x28f/0xae0 [ 69.037397][ T4994] ? path_mount+0x5f2/0xf80 [ 69.041996][ T4994] ? do_move_mount_old+0x170/0x170 [ 69.047225][ T4994] ? user_path_at_empty+0x12f/0x180 [ 69.052544][ T4994] __se_sys_mount+0x2d9/0x3c0 [ 69.057247][ T4994] ? __x64_sys_mount+0xc0/0xc0 [ 69.062114][ T4994] ? syscall_enter_from_user_mode+0x32/0x230 [ 69.068123][ T4994] ? __x64_sys_mount+0x20/0xc0 [ 69.073912][ T4994] do_syscall_64+0x41/0xc0 [ 69.078355][ T4994] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.084261][ T4994] RIP: 0033:0x7fd5d4610c6a [ 69.088985][ T4994] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 69.115912][ T4994] RSP: 002b:00007fff0d4258e8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 69.124681][ T4994] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd5d4610c6a [ 69.132668][ T4994] RDX: 00000000200055c0 RSI: 0000000020005600 RDI: 00007fff0d425900 [ 69.140673][ T4994] RBP: 00007fff0d425900 R08: 00007fff0d425940 R09: 00000000000055bc [ 69.148657][ T4994] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000004 [ 69.156638][ T4994] R13: 0000555555b192c0 R14: 0000000000000000 R15: 00007fff0d425940 [ 69.164620][ T4994] [ 69.167652][ T4994] Modules linked in: [ 69.171799][ T4994] ---[ end trace 0000000000000000 ]--- [ 69.177360][ T4994] RIP: 0010:btrfs_assertfail+0x18/0x20 [ 69.182876][ T4994] Code: df e8 fc b3 35 f7 e9 50 fb ff ff e8 b2 90 01 00 66 90 66 0f 1f 00 89 d1 48 89 f2 48 89 fe 48 c7 c7 40 35 2c 8b e8 c8 60 ff ff <0f> 0b 66 0f 1f 44 00 00 66 0f 1f 00 53 48 89 fb e8 b3 df dd f6 48 [ 69.202756][ T4994] RSP: 0018:ffffc90003a8f428 EFLAGS: 00010246 [ 69.208910][ T4994] RAX: 0000000000000032 RBX: 0000000000000000 RCX: 153e921030734800 [ 69.216953][ T4994] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 69.224926][ T4994] RBP: ffff88807cbdc0a0 R08: ffffffff816efe3c R09: fffff52000751dfd [ 69.232952][ T4994] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 69.240970][ T4994] R13: ffff88807cad61f7 R14: ffff88807cbdc060 R15: ffff88807c454000 [ 69.248982][ T4994] FS: 0000555555b19300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 69.257960][ T4994] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.264542][ T4994] CR2: 0000557e1532e4a0 CR3: 0000000073744000 CR4: 00000000003506e0 [ 69.272560][ T4994] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.280580][ T4994] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.288594][ T4994] Kernel panic - not syncing: Fatal exception [ 69.294849][ T4994] Kernel Offset: disabled [ 69.299190][ T4994] Rebooting in 86400 seconds..