./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor366987153 <...> DUID 00:04:d6:b0:09:ff:72:32:c6:5d:c0:56:b1:2d:70:06:fa:56 forked to background, child pid 4661 [ 29.812789][ T4662] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.828044][ T4662] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. execve("./syz-executor366987153", ["./syz-executor366987153"], 0x7fff61ae4e70 /* 10 vars */) = 0 brk(NULL) = 0x5555566df000 brk(0x5555566dfc40) = 0x5555566dfc40 arch_prctl(ARCH_SET_FS, 0x5555566df300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor366987153", 4096) = 27 brk(0x555556700c40) = 0x555556700c40 brk(0x555556701000) = 0x555556701000 mprotect(0x7f7e2c126000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7e23c68000 syzkaller login: [ 62.883141][ T4992] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4992 'syz-executor366' write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7f7e23c68000, 16777216) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 63.008485][ T4992] loop0: detected capacity change from 0 to 32768 [ 63.019666][ T4992] BTRFS: device fsid a830dcec-d20e-42dc-8160-bf13f3286f97 devid 1 transid 8 /dev/loop0 scanned by syz-executor366 (4992) [ 63.039636][ T4992] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 63.049263][ T4992] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 63.060164][ T4992] BTRFS info (device loop0): use no compression [ 63.066496][ T4992] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 63.077318][ T4992] BTRFS info (device loop0): turning off barriers [ 63.083807][ T4992] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 63.094593][ T4992] BTRFS info (device loop0): trying to use backup root at mount time [ 63.102780][ T4992] BTRFS info (device loop0): turning on barriers [ 63.109107][ T4992] BTRFS info (device loop0): using free space tree [ 63.125060][ T48] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x6f1c19d9e98527de found 0x1cab808c087e65ef level 0 [ 63.140189][ T4992] BTRFS warning (device loop0): couldn't read tree root [ 63.149766][ T62] BTRFS warning (device loop0): checksum verify failed on logical 5287936 mirror 1 wanted 0xfe866ff230ae427a found 0x46dd5ec3b2b5ffd5 level 0 [ 63.164341][ T4992] BTRFS warning (device loop0): failed to read root (objectid=4): -5 [ 63.173196][ T48] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 63.183703][ T4992] BTRFS warning (device loop0): couldn't read tree root [ 63.191178][ T4992] assertion failed: !tmp, in fs/btrfs/disk-io.c:1002 [ 63.198116][ T4992] ------------[ cut here ]------------ [ 63.203722][ T4992] kernel BUG at fs/btrfs/messages.c:259! [ 63.209367][ T4992] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 63.215420][ T4992] CPU: 1 PID: 4992 Comm: syz-executor366 Not tainted 6.4.0-rc4-syzkaller-00099-g1874a42a7d74 #0 [ 63.225814][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 63.235853][ T4992] RIP: 0010:btrfs_assertfail+0x18/0x20 [ 63.241324][ T4992] Code: df e8 fc a3 35 f7 e9 50 fb ff ff e8 b2 90 01 00 66 90 66 0f 1f 00 89 d1 48 89 f2 48 89 fe 48 c7 c7 80 35 2c 8b e8 c8 60 ff ff <0f> 0b 66 0f 1f 44 00 00 66 0f 1f 00 53 48 89 fb e8 b3 cf dd f6 48 [ 63.260934][ T4992] RSP: 0018:ffffc90003a7f428 EFLAGS: 00010246 [ 63.267011][ T4992] RAX: 0000000000000032 RBX: 0000000000000000 RCX: 4c845d2f60990c00 [ 63.275062][ T4992] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 63.283030][ T4992] RBP: ffff88802b4380a0 R08: ffffffff816efe3c R09: fffff5200074fe39 [ 63.290996][ T4992] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 63.299017][ T4992] R13: ffff88807803e1f7 R14: ffff88807e39a000 R15: ffff88807e39a000 [ 63.306981][ T4992] FS: 00005555566df300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 63.315910][ T4992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.322487][ T4992] CR2: 00005611de79e500 CR3: 000000007a72f000 CR4: 00000000003506e0 [ 63.330457][ T4992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.338418][ T4992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.346377][ T4992] Call Trace: [ 63.349654][ T4992] [ 63.352580][ T4992] ? __die_body+0x5e/0xa0 [ 63.356905][ T4992] ? die+0x87/0xb0 [ 63.360619][ T4992] ? do_trap+0x11e/0x350 [ 63.364859][ T4992] ? btrfs_assertfail+0x18/0x20 [ 63.369704][ T4992] ? btrfs_assertfail+0x18/0x20 [ 63.374549][ T4992] ? do_error_trap+0x141/0x1f0 [ 63.379310][ T4992] ? btrfs_assertfail+0x18/0x20 [ 63.384157][ T4992] ? do_int3+0x30/0x30 [ 63.388223][ T4992] ? report_bug+0x3e4/0x500 [ 63.392729][ T4992] ? handle_invalid_op+0x2c/0x40 [ 63.397662][ T4992] ? btrfs_assertfail+0x18/0x20 [ 63.402507][ T4992] ? exc_invalid_op+0x33/0x50 [ 63.407192][ T4992] ? asm_exc_invalid_op+0x1a/0x20 [ 63.412212][ T4992] ? __wake_up_klogd+0xcc/0x100 [ 63.417070][ T4992] ? btrfs_assertfail+0x18/0x20 [ 63.421914][ T4992] ? btrfs_assertfail+0x18/0x20 [ 63.426760][ T4992] btrfs_global_root_insert+0x1ac/0x1b0 [ 63.432316][ T4992] load_global_roots_objectid+0x469/0x8c0 [ 63.438037][ T4992] ? btree_migrate_folio+0x200/0x200 [ 63.443319][ T4992] ? rcu_is_watching+0x15/0xb0 [ 63.448078][ T4992] ? init_tree_roots+0xa0a/0x1f80 [ 63.453097][ T4992] init_tree_roots+0xa2e/0x1f80 [ 63.457946][ T4992] ? open_ctree+0x2fa0/0x2fa0 [ 63.462638][ T4992] ? free_fs_devices+0x260/0x270 [ 63.467573][ T4992] ? __asan_memcpy+0x40/0x70 [ 63.472159][ T4992] ? read_extent_buffer+0x1f0/0x2a0 [ 63.477449][ T4992] open_ctree+0x1b26/0x2fa0 [ 63.481948][ T4992] ? rcu_is_watching+0x15/0xb0 [ 63.486711][ T4992] ? btrfs_ctree_exit+0x20/0x20 [ 63.491558][ T4992] ? vscnprintf+0x80/0x80 [ 63.495895][ T4992] btrfs_fill_super+0x1c7/0x2f0 [ 63.500748][ T4992] btrfs_mount_root+0x807/0x940 [ 63.505598][ T4992] ? btrfs_control_open+0x40/0x40 [ 63.510709][ T4992] ? vfs_parse_fs_string+0x190/0x230 [ 63.515990][ T4992] ? rcu_is_watching+0x15/0xb0 [ 63.520750][ T4992] ? kfree+0x31/0x1a0 [ 63.524727][ T4992] ? vfs_parse_fs_string+0x190/0x230 [ 63.530013][ T4992] ? vfs_parse_fs_param+0x410/0x410 [ 63.535205][ T4992] legacy_get_tree+0xef/0x190 [ 63.539876][ T4992] ? btrfs_control_open+0x40/0x40 [ 63.544893][ T4992] vfs_get_tree+0x8c/0x270 [ 63.549301][ T4992] vfs_kern_mount+0xbc/0x150 [ 63.553881][ T4992] btrfs_mount+0x39f/0xb50 [ 63.558295][ T4992] ? btrfs_clear_sb_rdonly+0x70/0x70 [ 63.563593][ T4992] ? legacy_parse_param+0x3e8/0x8a0 [ 63.568808][ T4992] ? vfs_parse_fs_string+0x190/0x230 [ 63.574093][ T4992] ? rcu_is_watching+0x15/0xb0 [ 63.578847][ T4992] ? kfree+0x31/0x1a0 [ 63.582839][ T4992] ? vfs_parse_fs_string+0x190/0x230 [ 63.588117][ T4992] ? vfs_parse_fs_param+0x410/0x410 [ 63.593307][ T4992] ? cap_capable+0x1b4/0x240 [ 63.597910][ T4992] legacy_get_tree+0xef/0x190 [ 63.602603][ T4992] ? btrfs_clear_sb_rdonly+0x70/0x70 [ 63.607906][ T4992] vfs_get_tree+0x8c/0x270 [ 63.612327][ T4992] do_new_mount+0x28f/0xae0 [ 63.616839][ T4992] ? path_mount+0x5f2/0xf80 [ 63.621335][ T4992] ? do_move_mount_old+0x170/0x170 [ 63.626440][ T4992] ? user_path_at_empty+0x12f/0x180 [ 63.631634][ T4992] __se_sys_mount+0x2d9/0x3c0 [ 63.636306][ T4992] ? __x64_sys_mount+0xc0/0xc0 [ 63.641065][ T4992] ? syscall_enter_from_user_mode+0x32/0x230 [ 63.647046][ T4992] ? __x64_sys_mount+0x20/0xc0 [ 63.651803][ T4992] do_syscall_64+0x41/0xc0 [ 63.656216][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.662108][ T4992] RIP: 0033:0x7f7e2c0b5efa [ 63.666515][ T4992] Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 63.686116][ T4992] RSP: 002b:00007ffdaa55c078 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 63.694529][ T4992] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7e2c0b5efa [ 63.702494][ T4992] RDX: 0000000020000000 RSI: 0000000020005200 RDI: 00007ffdaa55c090 [ 63.710473][ T4992] RBP: 00007ffdaa55c090 R08: 00007ffdaa55c0d0 R09: 00000000000051ba [ 63.718439][ T4992] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000004 [ 63.726403][ T4992] R13: 00005555566df2c0 R14: 0000000000000000 R15: 00007ffdaa55c0d0 [ 63.734373][ T4992] [ 63.737378][ T4992] Modules linked in: [ 63.741409][ T4992] ---[ end trace 0000000000000000 ]--- [ 63.746872][ T4992] RIP: 0010:btrfs_assertfail+0x18/0x20 [ 63.752387][ T4992] Code: df e8 fc a3 35 f7 e9 50 fb ff ff e8 b2 90 01 00 66 90 66 0f 1f 00 89 d1 48 89 f2 48 89 fe 48 c7 c7 80 35 2c 8b e8 c8 60 ff ff <0f> 0b 66 0f 1f 44 00 00 66 0f 1f 00 53 48 89 fb e8 b3 cf dd f6 48 [ 63.772067][ T4992] RSP: 0018:ffffc90003a7f428 EFLAGS: 00010246 [ 63.778139][ T4992] RAX: 0000000000000032 RBX: 0000000000000000 RCX: 4c845d2f60990c00 [ 63.786139][ T4992] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 63.794185][ T4992] RBP: ffff88802b4380a0 R08: ffffffff816efe3c R09: fffff5200074fe39 [ 63.802200][ T4992] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 63.810177][ T4992] R13: ffff88807803e1f7 R14: ffff88807e39a000 R15: ffff88807e39a000 [ 63.818190][ T4992] FS: 00005555566df300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 63.827150][ T4992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.833760][ T4992] CR2: 00005611de79e500 CR3: 000000007a72f000 CR4: 00000000003506e0 [ 63.841760][ T4992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.849719][ T4992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.857737][ T4992] Kernel panic - not syncing: Fatal exception [ 63.863966][ T4992] Kernel Offset: disabled [ 63.868284][ T4992] Rebooting in 86400 seconds..