./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2559821533 <...> DUID 00:04:b0:cd:33:f9:4f:8a:55:45:4d:7b:3b:ee:3a:71:f0:8b forked to background, child pid 4661 [ 29.480232][ T4662] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.494081][ T4662] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.19' (ECDSA) to the list of known hosts. execve("./syz-executor2559821533", ["./syz-executor2559821533"], 0x7ffe2500f6c0 /* 10 vars */) = 0 brk(NULL) = 0x555557299000 brk(0x555557299c40) = 0x555557299c40 arch_prctl(ARCH_SET_FS, 0x555557299300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2559821533", 4096) = 28 brk(0x5555572bac40) = 0x5555572bac40 brk(0x5555572bb000) = 0x5555572bb000 mprotect(0x7fd9d27be000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=784, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=4998}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x2e\x00\x00\x00\x98\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 784 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4998}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 access("/proc/net", R_OK) = 0 access("/proc/net/unix", R_OK) = 0 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4998}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4998}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4998}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4998}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4998}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd9ca2f7000 syzkaller login: [ 56.226534][ T4998] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4998 'syz-executor255' write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x00\x42\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x24\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432 munmap(0x7fd9ca2f7000, 33554432) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 mkdir("./file0", 0777) = 0 [ 56.503397][ T4998] loop0: detected capacity change from 0 to 65536 [ 56.517846][ T4998] XFS (loop0): Deprecated V4 format (crc=0) will not be supported after September 2030. [ 56.527718][ T4998] XFS (loop0): correcting sb_features alignment problem [ 56.535715][ T4998] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261 [ 56.546531][ T4998] XFS (loop0): totally zeroed log [ 56.553149][ T4998] XFS (loop0): Ending clean mount [ 56.561997][ T4998] XFS (loop0): Quotacheck needed: Please wait. [ 56.573073][ T900] XFS (loop0): Metadata corruption detected at xfs_agi_verify+0x46d/0x550, xfs_agi block 0x8002 [ 56.575607][ T46] XFS (loop0): WARNING: Reset corrupted AGFL on AG 0. 4 blocks leaked. Please unmount and run xfs_repair. [ 56.584233][ T900] XFS (loop0): Unmount and run xfs_repair [ 56.597560][ T46] XFS (loop0): Internal error !ino_ok at line 213 of file fs/xfs/libxfs/xfs_dir2.c. Caller xfs_dir_ino_validate+0x2c/0x90 [ 56.601033][ T900] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 56.613774][ T46] CPU: 1 PID: 46 Comm: kworker/u4:3 Not tainted 6.4.0-rc6-syzkaller-00195-g40f71e7cd3c6 #0 [ 56.621562][ T900] 00000000: 58 41 47 49 00 00 00 01 00 00 00 01 00 00 80 00 XAGI............ [ 56.631057][ T46] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 56.631070][ T46] Workqueue: xfs_iwalk-4998 xfs_pwork_work [ 56.631092][ T46] Call Trace: [ 56.631098][ T46] [ 56.631105][ T46] dump_stack_lvl+0x1e7/0x2d0 [ 56.631133][ T46] ? nf_tcp_handle_invalid+0x650/0x650 [ 56.631158][ T46] ? xfs_verify_dir_ino+0xa6/0x5b0 [ 56.631183][ T46] xfs_corruption_error+0x11d/0x170 [ 56.631204][ T46] ? xfs_dir_ino_validate+0x2c/0x90 [ 56.631225][ T46] xfs_dir_ino_validate+0x5f/0x90 [ 56.640921][ T900] 00000010: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 00 ................ [ 56.650080][ T46] ? xfs_dir_ino_validate+0x2c/0x90 [ 56.650102][ T46] xfs_dir2_sf_verify+0x487/0x990 [ 56.650141][ T46] xfs_iformat_data_fork+0x4bf/0x6d0 [ 56.656302][ T900] 00000020: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 56.659181][ T46] xfs_inode_from_disk+0xbbf/0x1070 [ 56.662099][ T900] 00000030: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 56.666756][ T46] xfs_iget+0xf08/0x3050 [ 56.666791][ T46] ? xfs_dquot_to_disk+0x600/0x600 [ 56.666811][ T46] ? xfs_qm_dqput+0x2fc/0x640 [ 56.666832][ T46] ? _atomic_dec_and_lock+0x9a/0x130 [ 56.666851][ T46] ? xfs_inode_free+0x220/0x220 [ 56.673297][ T900] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 56.677371][ T46] ? iput+0x388/0x8f0 [ 56.677396][ T46] ? rcu_is_watching+0x15/0xb0 [ 56.677412][ T46] ? xfs_qm_dqusage_adjust+0x5ea/0x670 [ 56.682770][ T900] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 56.687762][ T46] xfs_qm_dqusage_adjust+0x228/0x670 [ 56.687785][ T46] ? mark_lock+0x9a/0x340 [ 56.693045][ T900] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 56.701863][ T46] ? xfs_qm_reset_dqcounts_buf+0x930/0x930 [ 56.701882][ T46] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 56.708469][ T900] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 56.712070][ T46] ? print_irqtrace_events+0x220/0x220 [ 56.717821][ T10] XFS (loop0): metadata I/O error in "xfs_read_agi+0x2b6/0x610" at daddr 0x8002 len 1 error 117 [ 56.726232][ T46] ? xfs_qm_reset_dqcounts_buf+0x930/0x930 [ 56.726256][ T46] xfs_iwalk_ag_recs+0x486/0x7c0 [ 56.726293][ T46] xfs_iwalk_run_callbacks+0x25b/0x490 [ 56.868388][ T46] xfs_iwalk_ag+0xad6/0xbd0 [ 56.872907][ T46] ? xfs_iwalk_alloc+0xc0/0xc0 [ 56.877666][ T46] ? xfs_trans_alloc_empty+0x97/0xd0 [ 56.882938][ T46] ? xfs_trans_cancel+0x3f0/0x3f0 [ 56.887948][ T46] ? kmem_alloc+0x1fa/0x380 [ 56.892438][ T46] xfs_iwalk_ag_work+0xfb/0x1b0 [ 56.897277][ T46] ? xfs_iwalk_threaded+0x6e0/0x6e0 [ 56.902458][ T46] xfs_pwork_work+0x7c/0x190 [ 56.907031][ T46] process_one_work+0x8a0/0x10e0 [ 56.911964][ T46] ? worker_detach_from_pool+0x290/0x290 [ 56.917584][ T46] ? _raw_spin_lock_irqsave+0x120/0x120 [ 56.923113][ T46] ? kthread_data+0x52/0xc0 [ 56.927606][ T46] ? wq_worker_running+0x9b/0x1a0 [ 56.932701][ T46] worker_thread+0xa63/0x1210 [ 56.937381][ T46] kthread+0x2b8/0x350 [ 56.941442][ T46] ? pr_cont_work+0x5e0/0x5e0 [ 56.946103][ T46] ? kthread_blkcg+0xd0/0xd0 [ 56.950676][ T46] ret_from_fork+0x1f/0x30 [ 56.955090][ T46] [ 56.958343][ T46] XFS (loop0): Corruption detected. Unmount and run xfs_repair [ 56.965993][ T46] XFS (loop0): Invalid inode number 0x24 [ 56.971639][ T46] XFS (loop0): Metadata corruption detected at xfs_dir2_sf_verify+0x767/0x990, inode 0x23 data fork [ 56.982578][ T46] XFS (loop0): Unmount and run xfs_repair [ 56.988379][ T46] XFS (loop0): First 32 bytes of corrupted metadata buffer: [ 56.995793][ T46] 00000000: 02 00 00 00 00 20 05 00 30 66 69 6c 65 30 01 00 ..... ..0file0.. mount("/dev/loop0", "./file0", "xfs", MS_RDONLY|MS_NODEV|MS_LAZYTIME, "nolargeio,nolazytime,grpid,qnoenforce,quota,,nouuid") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 57.0046