INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.641540] sshd (4450) used greatest stack depth: 16936 bytes left Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. executing program [ 24.266165] XFS (loop0): correcting sb_features alignment problem [ 24.273087] XFS (loop0): Mounting V4 Filesystem [ 24.288869] XFS (loop0): Ending clean mount [ 24.294678] XFS (loop0): Quotacheck needed: Please wait. [ 24.300611] XFS (loop0): Metadata corruption detected at xfs_agf_verify+0x102/0x890, xfs_agf block 0x1 [ 24.310124] XFS (loop0): Unmount and run xfs_repair [ 24.315156] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 24.321824] 000000007ebbf89e: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 24.331144] 0000000018c0608a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 24.339979] 00000000da29efbd: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 24.348816] 0000000063895808: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 24.357664] 0000000038476c75: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 24.366505] 000000009e182a6b: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 24.375338] 000000005e445429: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 24.384175] 00000000c1c426da: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 24.393095] XFS (loop0): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x1 len 1 error 117 [ 24.402690] [ 24.404292] ===================================== [ 24.409099] WARNING: bad unlock balance detected! [ 24.413906] 4.16.0+ #11 Not tainted [ 24.417497] ------------------------------------- [ 24.422309] syzkaller109734/4463 is trying to release lock (&xfs_nondir_ilock_class) at: [ 24.430516] [] xfs_iunlock+0x36f/0x4a0 [ 24.435929] but there are no more locks to release! [ 24.440909] [ 24.440909] other info that might help us debug this: [ 24.447539] 2 locks held by syzkaller109734/4463: [ 24.452343] #0: 00000000b4cfce0b (&type->s_umount_key#36/1){+.+.}, at: sget_userns+0x3b2/0xe60 [ 24.461157] #1: 00000000d8e8aeed (sb_internal#2){.+.+}, at: xfs_trans_alloc+0x349/0x430 [ 24.469363] [ 24.469363] stack backtrace: [ 24.473843] CPU: 1 PID: 4463 Comm: syzkaller109734 Not tainted 4.16.0+ #11 [ 24.480820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.490140] Call Trace: [ 24.492702] dump_stack+0x1a7/0x27d [ 24.496296] ? arch_local_irq_restore+0x53/0x53 [ 24.500933] ? print_lock+0xd7/0xdc [ 24.504528] ? xfs_iunlock+0x36f/0x4a0 [ 24.508385] print_unlock_imbalance_bug+0x12f/0x140 [ 24.513370] lock_release+0x6fe/0xa40 [ 24.517139] ? xfs_iunlock+0x36f/0x4a0 [ 24.520995] ? lock_downgrade+0x980/0x980 [ 24.525110] ? __lock_is_held+0xb6/0x140 [ 24.529140] ? xfs_log_ticket_put+0x35/0x40 [ 24.533427] up_write+0x72/0x210 [ 24.536760] ? up_read+0x110/0x110 [ 24.540271] ? xfs_log_ticket_put+0x3a/0x40 [ 24.544561] ? xfs_log_done+0x281/0x9a0 [ 24.548506] xfs_iunlock+0x36f/0x4a0 [ 24.552188] ? xfs_ilock_nowait+0x570/0x570 [ 24.556486] ? trace_hardirqs_off+0x10/0x10 [ 24.560785] ? percpu_counter_add_batch+0xce/0x130 [ 24.565683] xfs_inode_item_unlock+0x82/0xa0 [ 24.570090] xfs_trans_free_items+0x176/0x230 [ 24.574559] xfs_trans_cancel+0x1bb/0x260 [ 24.578674] xfs_qm_dqread+0xc7c/0x13b0 [ 24.582614] ? xfs_dquot_set_prealloc_limits+0x210/0x210 [ 24.588033] ? __radix_tree_lookup+0x435/0x5e0 [ 24.592581] ? lock_release+0xa40/0xa40 [ 24.596525] ? __lock_is_held+0xb6/0x140 [ 24.600557] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.605542] ? xfs_iunlock+0x10a/0x4a0 [ 24.609395] ? xfs_qm_dqget+0x694/0x2060 [ 24.613424] ? xfs_ilock_nowait+0x570/0x570 [ 24.617712] xfs_qm_dqget+0x6b9/0x2060 [ 24.621567] ? xfs_qm_dqput+0x940/0x940 [ 24.625508] ? trace_hardirqs_off+0x10/0x10 [ 24.629798] ? find_held_lock+0x35/0x1d0 [ 24.633828] ? is_bpf_text_address+0x7b/0x120 [ 24.638292] ? find_held_lock+0x35/0x1d0 [ 24.642321] ? trace_hardirqs_off+0x10/0x10 [ 24.646612] ? lock_downgrade+0x980/0x980 [ 24.650725] ? lock_release+0xa40/0xa40 [ 24.654668] ? trace_hardirqs_off+0x10/0x10 [ 24.658962] ? find_held_lock+0x35/0x1d0 [ 24.662992] xfs_qm_quotacheck_dqadjust+0xe4/0x800 [ 24.667893] ? lock_downgrade+0x980/0x980 [ 24.672012] ? xfs_qm_flush_one+0x4b0/0x4b0 [ 24.676303] ? kasan_check_read+0x11/0x20 [ 24.680418] ? do_raw_spin_unlock+0x9e/0x310 [ 24.684791] ? do_raw_spin_trylock+0x1a0/0x1a0 [ 24.689338] ? kasan_check_write+0x14/0x20 [ 24.693539] ? do_raw_spin_lock+0xc1/0x230 [ 24.697744] ? _raw_spin_unlock+0x22/0x30 [ 24.701858] xfs_qm_dqusage_adjust+0x814/0x11c0 [ 24.706495] ? xfs_qm_destroy_quotainos+0xe30/0xe30 [ 24.711477] ? __lock_is_held+0xb6/0x140 [ 24.715510] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.720494] ? xfs_buf_unlock+0xb7/0x3a0 [ 24.724522] ? xfs_bulkstat+0x17a8/0x1cb0 [ 24.728636] ? xfs_buf_get_map+0xdd0/0xdd0 [ 24.732839] ? xfs_btree_del_cursor+0x119/0x160 [ 24.737474] ? rcu_read_lock_sched_held+0x108/0x120 [ 24.742461] ? kmem_cache_free+0x258/0x2a0 [ 24.746663] ? xfs_btree_del_cursor+0x119/0x160 [ 24.751299] xfs_bulkstat+0xc0a/0x1cb0 [ 24.755166] ? xfs_qm_destroy_quotainos+0xe30/0xe30 [ 24.760151] ? xfs_bulkstat_one+0x60/0x60 [ 24.764273] ? vprintk_func+0x5e/0xc0 [ 24.768039] ? printk+0xaa/0xca [ 24.771286] ? _kstrtol+0x100/0x100 [ 24.774879] ? xfs_qm_dqiterate+0xcb/0x8d0 [ 24.779080] ? lock_release+0xa40/0xa40 [ 24.783022] ? check_same_owner+0x320/0x320 [ 24.787309] ? xfs_qm_dqiter_bufs+0x860/0x860 [ 24.791770] ? up_write+0x72/0x210 [ 24.795277] ? xfs_qm_quotacheck+0x9e/0x800 [ 24.799565] xfs_qm_quotacheck+0x3cb/0x800 [ 24.803764] ? xfs_qm_unmount+0x60/0x60 [ 24.807705] ? kmem_alloc+0x136/0x190 [ 24.811477] ? xfs_qm_init_quotainfo+0x118/0xcd0 [ 24.816200] ? xfs_qm_init_quotainos+0x14c0/0x14c0 [ 24.821098] xfs_qm_mount_quotas+0x2c4/0x470 [ 24.825476] xfs_mountfs+0x22a1/0x2690 [ 24.829331] ? xfs_default_resblks+0x60/0x60 [ 24.833706] ? xfs_mru_cache_create+0x52c/0x6a0 [ 24.838347] ? xfs_filestream_put_ag+0x50/0x50 [ 24.842895] ? xfs_mru_cache_uninit+0x20/0x20 [ 24.847358] ? xfs_readsb+0x2ec/0x570 [ 24.851133] ? set_blocksize+0x1f1/0x260 [ 24.855162] ? xfs_setsize_buftarg+0x24f/0x370 [ 24.859712] xfs_fs_fill_super+0xc8d/0x1250 [ 24.864003] ? xfs_test_remount_options.isra.19+0x90/0x90 [ 24.869511] ? cap_capable+0x1b5/0x230 [ 24.873367] ? snprintf+0xc0/0xf0 [ 24.876789] ? vsprintf+0x40/0x40 [ 24.880210] ? ns_capable_common+0xcf/0x160 [ 24.884498] ? set_blocksize+0x1f1/0x260 [ 24.888528] mount_bdev+0x2b7/0x370 [ 24.892124] ? xfs_test_remount_options.isra.19+0x90/0x90 [ 24.897626] xfs_fs_mount+0x34/0x40 [ 24.901219] mount_fs+0x66/0x2d0 [ 24.904554] vfs_kern_mount.part.26+0xc6/0x4a0 [ 24.909105] ? may_umount+0xa0/0xa0 [ 24.912701] ? _raw_read_unlock+0x22/0x30 [ 24.916817] ? __get_fs_type+0x8a/0xc0 [ 24.920671] do_mount+0xea4/0x2bb0 [ 24.924180] ? copy_mount_string+0x40/0x40 [ 24.928385] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.933371] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.938094] ? retint_kernel+0x10/0x10 [ 24.941950] ? copy_mount_options+0x18b/0x2e0 [ 24.946415] ? copy_mount_options+0x191/0x2e0 [ 24.950877] ? copy_mount_options+0x1f7/0x2e0 [ 24.955340] SyS_mount+0xab/0x120 [ 24.958762] ? copy_mnt_ns+0xb40/0xb40 [ 24.962615] do_syscall_64+0x281/0x940 [ 24.966475] ? vmalloc_sync_all+0x30/0x30 [ 24.970589] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.975321] ? syscall_return_slowpath+0x550/0x550 [ 24.980217] ? syscall_return_slowpath+0x2ac/0x550 [ 24.985115] ? prepare_exit_to_usermode+0x350/0x350 [ 24.990107] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 24.995444] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.000260] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.005416] RIP: 0033:0x44488a [ 25.008573] RSP: 002b:00007fff118ea198 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 25.016246] RAX: ffffffffffffffda R